Iron Security – WordPress Security Plugin

FAQ

What makes Iron Security different from other WordPress security plugins?

Iron Security is designed to be lightweight, fast, and focused on practical features that matter most for securing your WordPress site.

Is Iron Security suitable for beginners?

Yes! Iron Security comes with an intuitive dashboard and clear explanations for each option. Whether you’re a WordPress beginner or an experienced developer, you’ll find it easy to use and configure.

How does the custom login URL help protect my site?

Changing the default /wp-admin or /wp-login.php URL makes it harder for bots and attackers to find your login page, reducing brute force attempts. You can set your own unique login slug in a few clicks from the plugin settings.

What happens when a user exceeds the allowed login attempts?

If a user exceeds the allowed number of login attempts, their IP will be temporarily blocked based on your configured lockout settings. You can customize the number of allowed attempts, lockout duration, and view attempt logs.

How does the Admin ID protection work?

By default, WordPress assigns user ID 1 to the first admin account — a known vulnerability targeted by bots. Iron Security lets you assign a different ID to your admin account, making it harder to guess and exploit.

Does Iron Security block XML-RPC and REST API? Why?

Yes, you can optionally disable XML-RPC and REST API — two common attack vectors. XML-RPC is often used in DDoS and brute force attacks, while REST API may expose user data. Disabling them improves security, especially if you don’t use them.

What are HTTP security headers and why should I enable them?

HTTP security headers like X-Frame-Options, Content-Security-Policy, and Strict-Transport-Security provide an extra layer of browser-based protection. They help prevent XSS, clickjacking, and other code injection attacks. Iron Security lets you enable them easily from the dashboard.

Will Iron Security slow down my website?

Not at all. The plugin is built to be lightweight and uses efficient code practices. It doesn’t run background scans or heavy processes, so your site’s performance remains unaffected.

Can I use Iron Security on WooCommerce stores?

Absolutely. Iron Security is fully compatible with WooCommerce and protects your login area, admin panel, and core files without affecting your store’s functionality.

Where can I get support or report a bug?

You can submit issues or ask for help via the support forum on WordPress.org or by contacting us directly at https://wpiron.com.

How often is Iron Security updated?

We actively maintain and improve Iron Security. You can expect regular updates for new features, security patches, and WordPress compatibility improvements.