iThemes Security stopped working

With the latest version 7.9.0 iThemes Security stopped working on ClassicPress.

This is a showstopper for me, as I rely heavily on this plugin and cannot run any site without it.

Since there is no way to run the site without this I am in the process of backing up the site and database to remigrate to Wordpress. I would rather not do that, but without iThemes Security I have no choice.

Not sure what their WP version requirement was previously, but, it’s 5.4 now – so, it won’t work with ClassicPress going forward. If you’re unable to switch to a different security plugin that does support WP 4.9 (such as Shield Security, Bulletproof Security, or WordFence) there’s really no other option other than to migrate back to WP.

Thanks for reporting your findings…and for giving ClassicPress a go!


1 Like

Have you contacted the author of the plugin? Perhaps they can either fix the problem or make a version that specifically supports ClassicPress. Especially if you pay for it, your voice as a paying customer should carry some weight. You might want to pass along this resource to them, hoping that will help in fixing the problem: Are WordPress Plugins and Themes Compatible with ClassicPress? - Code Potent.

However, the latest plugin release lists WP 5.4 as the minimum version supported, but maybe they’re willing to make a fork of their own plugin for classicPress.

1 Like

iThemes made it clear they wouldn’t be supporting ClassicPress when they said:

Hi Erin,

Thank you for the offer and for bringing this to our attention! Currently, we do not plan to develop anything for ClassicPress. You should still be able to use Security, for now, however we can’t guarantee that it will continue to update as both Security and ClassicPress continue to update.



This really is a pity, since I run ClassicPress for years, after the forced switch to Gutenberg and I was quite happy with it so far. I feared that something like this would happen.

There are other security options if you want to remain on ClassicPress. You only have to migrate back if you’re dead-set on sticking with iThemes.

1 Like

I researched this extensively and iThemes/Titan Security is the only plugin giving me all the options I need. Aside from that I would have to not only use multiple security plugins for all the functionality, but also I would again have to set all parameters, black- and whitelists and so on new. That is so much work (on multiple sites), that migrating back to WP most probably is the way smaller problem.

In addition: And if I switch to another plugin I probably will have the same problem again soon, when the other plugin also drops support for ClassicPress. So unfortunately that is too uncertain for me.

I defended the switch to ClassicPress to coworkers when they warned that there will be incompatibilities in the near future and I said it will be a long time until that happens, but I fear it looks like I was wrong.

Shield has pledged and maintained support for ClassicPress. It’s definitely a pain to setup a security plugin all over again – most of us have done this over time after switching to ClassicPress. :slight_smile:

At any rate, if you want to remain with iThemes, migrating back to WP will be your best option.


1 Like

Be aware that right now you can use the Classic Editor in WP, but it was only promised to be supported until the end of 2021.

1 Like

When they forced Gutenberg there were almost immediatley plugins to switch back to Classic, even before the official one. I am quite sure that a plugin will resolve the problem, and fast, when that happens. A lot of people still are very unhappy with that Gutenberg abomination. If Automattic wants to lose a lot of users and customers they should go that path.

Yeah, true. On the other hand, when you control a third of the web, losing a few million end-users doesn’t even make a small dent. I wouldn’t doubt that Automattic is fine seeing those users go simply because they didn’t fall in line.

When the pressure on and frustration of the users becomes too high something new emerges, that is almost always the case. I already see numerous promising alternatives that leave behind Wordpress completely and go other, new ways. Basically Wordpress became a monolithic code moloch that needs myriads of plugins to do the things one needs to do and the plugin maintenance became a nightmare. You do not even get support from Automattic as a paying customer. When and if they go too far they will lose millions of users and it definitely will make a dent. In the last few decades of the web I saw this multiple times and it will happen again. Sometimes one blatant error is enough and removing support for Classic Editor may be this error.

I would rather switch today than tomorrow to something less bloated, but migrating a blog that runs for 12 years (with multiple daily posts) with gigabytes of content and database to another system while maintaining visibility also is a nightmare.

@Xanathon, can you please list all security features you need from a security plugin?

1 Like

I suspect you’re overthinking it. Security plugins are great at blacklisting without intervention (if anyone attacks one of my sites, Wordfence simply blocks them for 2 months, which is fine - if the same attacker comes back in 2 months, they’ll simply get blocked again - job done). And if someone can’t view without being whitelisted, they’re doing something wrong and that’s on them.

I have a client who obsesses over security and as a result they waste huge amounts of time achieving nothing when the plugin does it far better on its own.

I just install the security plugin, set the settings to reasonably strict, and get on with my life. Never been hacked (100+ sites, 15 years with WP).


Well, we don’t know what kind of sites they need to secure.
I think the main issue here is not the plugin per se, but the fact that @Xanathon has many sites using iThemes and being accustomed to it he is not willing to change plugin for that many sites, so the easiest solution is rolling back to WP.
I can understand that level of frustration.
That said, there are two solutions…

  • forking iThemes and having a community lead project to develop a security plugin specific to CP as we did with other plugins (I think CP can totally have a set of standard plugins like Classic SEO, ClassicCommerce, ClassicSecurity, ClassicForms etc)
  • he changes from iThemes to something else equally satisfying the sites’ security needs to remain with CP since they aren’t satisfied with GB
    On the first option, forking iThemes, I can only suggest it since I don’t have the expertise needed to do this, however I think it could be the way to go for CP (having a basic plugin ecosystem to offer).

This isn’t really an option. The project is already very shorthanded and forking a(nother) huge plugin probably won’t happen until there are more contributors on board. At this point, the Classic Commerce and CP SEO plugins have lost their maintainers, so, getting hands on those projects should take precedence over creating another huge fork, IMO.


I can understand that. And I agree.
What I mean is that in time CP can become that.
Our priority however is bringing over devs.
What about targeting those devs that aren’t happy with GB asking their support in building a standard ecosystem for CP?
I think that CP has the same usebase that WP (I mean that aside GB the same kind of user can chose one or the other) that means plugin and core devs do have interest in supporting and contributing to CP to keep those of their customers who want to use the plugin and go with CP.
I see now forking something else is not a viable option, but I am not giving up on the idea that CP can thrive in the future.

Really?! When did that happen?