BPS Pro Features
As of BPS Pro 5.6 – version release dates will be posted at the Forum link below.
http://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/
BPS Pro Version | Release Date | New Features Links | |
BPS Pro 5.6 | 2-11-2013 | >>> | Whats New |
BPS Pro 5.5 | 1-14-2013 | >>> | Whats New |
BPS Pro 5.4 Sub Release Versions: 5.4.1 | |||
BPS Pro 5.4 | 12-20-2012 | >>> | Whats New |
BPS Pro 5.3 Sub Release Versions: 5.3.1, 5.3.2, 5.3.3 | |||
BPS Pro 5.3 | 11-18-2012 | >>> | Whats New |
BPS Pro 5.2 Sub Release Versions: 5.2.1, 5.2.2 | |||
BPS Pro 5.2 | 10-18-2012 | >>> | Whats New |
BPS Pro 5.1.9 | 9-10-2012 | >>> | Whats New |
BPS Pro 5.1.8 Sub Release Versions: 5.1.8.1, 5.1.8.2, 5.1.8.3, 5.1.8.4 | |||
BPS Pro 5.1.8 | 7-04-2012 | >>> | Whats New |
BPS Pro 5.1.7 | 5-06-2012 | >>> | Whats New |
BPS Pro 5.1.6 | 4-01-2012 | >>> | Whats New |
BPS Pro 5.1.5 | 2-24-2012 | >>> | Whats New |
BPS Pro 5.1.4 | 1-23-2012 | >>> | Whats New |
BPS Pro 5.1.3 | 1-02-2012 | >>> | Whats New |
BPS Pro 5.1.2 | 12-15-2011 | >>> | Whats New |
BPS Pro 5.1.1 | 12-07-2011 | >>> | Whats New |
BPS Pro 5.1 | 11-18-2011 | >>> | Whats New |
BPS Pro 5.0 | 8-15-2011 | >>> | Whats New |
BulletProof Security Pro 5.0 Features Below (for features in Newer version releases of BPS Pro click the Whats New links above)
|
BulletProof Security Pro ~ Zip Installation & Backup – *NEW* One Click Upgrade Installation Coding Added as of BPS Pro 5.1.7 |
Built-in Zip Backup ~ Zip Upload ~ Zip Download ~ Zip Install |
BPS Pro has a built-in zip installer and zip backup. Backups are zipped and are stored in the /bps-backup folder. Zip Backups are renamed and not overwritten. Each time that you perform a zip backup the previous backup zip file that you created is renamed using a date and time file naming format. Example: August-31-2011–03:54:02–bulletproof-security.zip. Click on the Download Zip File button to download bulletproof-security.zip files to your computer as an additional backup. The built-in Upload Zip Installer allows you to upload and install new versions of BPS Pro quickly and easily. To upgrade from a free version of BPS to BPS Pro click here for upgrade installation instructions. |
B-Core ~ htaccess Core Security |
The core and most important security feature of BPS Pro is the htaccess core. Throughout the BPS Pro plugin other areas of the plugin are secured automatically with pre-made included htaccess files. The htaccess core is where you are going to secure your website with htaccess protection. Securing your website is essentially “one click” with some of those one clicks actually being a few clicks. The htaccess core is designed to be automated as well as to offer full manual control of your website’s htaccess security. The free version of BulletProof Security contains only the htaccess core and does not include P-Security, S-Monitor and Pro-Tools. |
BulletProof Security Modes |
If you have a single WordPress website (not Network or Multisite) you can click the AutoMagic buttons to create your BPS Master htaccess files and activate the following: Activate Website Root Folder .htaccess Security Mode, Activate Website wp-admin Folder .htaccess Security Mode and Activate Deny All htaccess Folder Protection For The BPS Backup Folder. If you have a Network or MU site you will see a notification with instructions that will inform you that you can also use AutoMagic to create your BPS Master htaccess files, but you will need to do a couple of simple and easy additional steps |
BulletProof Security Status |
Displays your website’s security status and informs you of any problems with your website’s security status. Errors or problems will displayed here as well as within BPS pages when an error or problem occurs and now with the BPS Pro S-Monitor added you have more control over how you would like to be alerted and how you would like alerts displayed to you. For more information see the S-Monitor ~ Monitoring & Alerting section. Additional htaccess website security measures are displayed on the Security Status page as well as File and Folder Permissions status and General BulletProof Security htaccess File Checks. These files are automatically protected by the BPS root .htaccess file: htaccess files, WordPress readme.html, /wp-admin/install.php and wp-config.php file, php.ini and php5.ini files and the BuddyPress bb-config.php file |
System Information |
Displays: Website / Server / IP Info, Website Root Folder, Document Root Path, WP ABSPATH, Server / Website IP Address, Public IP / Your Computer IP Address, Server Type, Operating System, Multisite, Browser Compression Supported, PHP Version Check, MySQL Database Version, MySQL Client Version, Database Host, Database Name, Database User, SQL Mode, WordPress Installation Folder, WordPress Installation Type, WP Permalink Structure, Permalinks Enabled. System Information also displays some PHP information. With the addition of P-Security in BPS Pro this info is only a small portion of the PHP Server configuration information you can access securely with the PHPINFO Viewer. The System Information page also contains BPS Pro Security Modules Info. This is an additional check to ensure that all BPS Pro modules are set up and working correctly. |
BulletProof Security Backup & Restore |
Allows you backup your existing htaccess files before activating BulletProof Modes. Allows you to restore your backed up htaccess files. Allows you to backup any new htaccess files that you have modified to your BPS Backup folder. Allows you to backup your BPS Master htaccess files. Displays the backup status of any files that are backed up or need to be backed up. |
BulletProof Security File Editing |
BPS and BPS Pro have a built-in htaccess file editor that allows you to edit all htaccess files online from within the WordPress Dashboard. You can edit the BPS Master htaccess files, your currently active root .htaccess file or your currently active /wp-admin htaccess file. You can also edit the BPS Master Maintenance Mode htaccess file. |
BulletProof Security Uploads – Downloads |
You can download your BPS Master htaccess files, your currently active htaccess files or your backed up htacess files. File uploading is designed to allow you to upload only Master BPS files to the BPS Master htaccess folder. |
BulletProof Security Maintenance Mode |
Fill out the Maintenance form with your information to create a Website Under Maintenance page: Your message to visitors, the start time for maintenance mode and the end time for maintenance mode and save your form. You can preview your Website Under Maintenance page before actually putting your website in Maintenance Mode. The Website Under Maintenance page contains a javascript countdown timer that displays the amount of time left before your website will be “open” again. |
My Notes |
Save any personal notes or htaccess code to your WordPress Database. If your htaccess files have customizations that you would like to keep then you can save them here or just jot down notes for yourself. If you use AutoMagic after you upgrade BPS or BPS Pro then those files that are created will not contain any of your htaccess code customizations. You can simply copy any custom htaccess code from My Notes to your new active htaccess files. |
B-Core Help & FAQ page (BPS Pro Only) |
Contains links to: BPS Pro Overview Video Tutorial, B-Core htaccess Video Tutorial, Hover Tooltips Posted as Text For Language Translation, Plugin Compatibility Testing – Recent New Permanent Fixes, BulletProof Security Error, Warning and HUD Messages, File Editing Within The Dashboard Help Info, BPS Pro Features, BPS Pro Screenshots and Post Questions and Comments For Assistance, WP Permalinks – Custom Permalink Structure Help Info, Adding a Custom 403 Forbidden Page For Your Website and File Uploading & Downloading Within The Dashboard Help Info. |
P-Security ~ php.ini Security & Performance |
Adding a custom php.ini file increases website security and improves website performance. |
Php.ini File Finder |
Searches and finds all existing php.ini files under your hosting account. Copy and save the php.ini file paths for existing php.ini files that you want to manage to the php.ini File Manager so that they can be opened and edited within your WordPress Dashboard with the php.ini File Editor. |
Php.ini File Creator |
Creates a custom php.ini file for your website. BPS Master php.ini files have been pre-made specifically by web host. Choose your web host from the dropdown select list or choose the standard php.ini file. Type in the folder path where you want your new php.ini file created and click Create php.ini File. Add the file path for your new custom php.ini file to the php.ini File Manager so that you can open and edit it within your WordPress Dashboard using the php.ini File Editor. |
Php.ini File Manager ~ All Purpose File Manager |
The php.ini File Manager and the php.ini File Editor allow you to add or edit php.ini files or any other type of file in any folder under your entire website domain and hosting account. Open and view protected Server files, such as your web host’s master php.ini file. Add and save the folder path(s) to your existing and newly created custom php.ini file(s) to the php.ini File Manager so that you can edit your php.ini file(s) with the php.ini File Editor from within your WordPress Dashboard. Add and save your personal label or description for each php.ini file that you add to the File Manager. Your personal label will be displayed in the php.ini File Editor dropdown list. You can add the path to a BPS Master php.ini file to the File Manager to view or edit BPS Master php.ini file before using the php.ini File Creator to create a new custom php.ini file from that Master php.ini file. If your host requires that you add multiple custom php.ini files to specific folders you can add and manage all of them with the php.ini File Manager. The File Manager extended capabilities: You can add the folder path to any type of file; .php, .htaccess, .txt, etc in the File Manager. The php.ini File Editor will open and allow you to edit any type of file located anywhere under your hosting account. |
Php.ini File Editor ~ All Purpose File Editor |
Select your php.ini file from the dropdown list, open it for editing and save your changes. The php.ini File Editor allows you to edit php.ini files in any folder under your entire website domain and hosting account. The php.ini File Editor extended capabilities: The php.ini File Editor will open and allow you to edit any type of file located anywhere under your hosting account. Add the folder path to any type of file; .php, .htaccess, .txt, etc in the File Manager and open it for editing in the File Editor. The php.ini File Editor page contains a php.ini file testing feature that will test to see if your php.ini file is set up and working correctly. Open and view protected Server files, such as your web Host’s master php.ini file. |
PHP Error Log ~ htaccess Protected |
View and edit your secure .htaccess protected php error log file from within the WordPress Dashboard. A php error log file is provided with BPS Pro. It is located in a secure .htaccess protected folder. The Error Log file path is shown for your site so that you can copy and paste that file path to set your Error Log location. You can of course choose another location for your php error log, but be sure to protect it with .htaccess protection if you decide to choose another folder location. The PHP Error Log page contains a php error log testing feature that will test to see if your php error log file is set up and working correctly. |
PHP Error Log Last Modified Time |
Displays the current last modified time for your php error log and a databases stored last modified time. When a new error is logged in your php error log the file last modified time will change. This feature is designed to work with BPS S-Monitor to alert you of new php errors in your error log. Alerts can be displayed in your WordPress Dashboard, in BPS pages only and / or email alerts will be emailed to you when a new php error is logged. When you are alerted about a new php error in your php error log you will click the Reset Last Modified Time in DB to reset / save the last modified file time in the database. The current and database last modified times will then match until a new php error occurs and you will alerted again of a new php error in your php error log. |
Phpinfo Viewer ~ htaccess Protected |
View PHP Server Configuration Information Safely And Securely With htaccess Protected phpinfo(). When you click to view your phpinfo information an htaccess file with your current public IP address is created at the same time. This ensures that only you can view your PHP Server configuration information. |
Phpinfo Multi Viewer ~ htaccess Protected |
View your PHP Server configuration information for specific folders. Some web hosts allow and require that you add multiple php.ini files to specific folders where you want PHP Server configuration changes to occur for each specific folder. The phpinfo multi viewer allows you to view the PHP Server configuration information for specific folders where a custom php.ini files have been created / added. The multi viewer allows you to create and save a phpinfo file anywhere under your hosting account. The phpinfo file is created with your current IP address so that only you can view your PHP Server configuration information. When you view the PHP Server configuration information for a specific folder the phpinfo file exists only long enough to output your PHP Server configuration information and is automatically deleted to avoid unnecessary file clutter. |
P-Security Help & FAQ Page |
Contains links to: BPS Pro Overview Video Tutorial, P-Security Video Tutorial, Hover Tooltips Posted as Text For Language Translation, General php.ini Info and Host Specific php.ini Information, BPS Pro Features, BPS Pro Screenshots and Post Questions and Comments For Assistance. |
S-Monitor ~ Security Monitoring & Alerting |
Choose how you want BPS Pro alerts, warnings, notifications and error messages displayed to you. You can choose to have Alerts displayed in BPS pages only, in your WordPress Dashboard or turn off alerts. The different types of BPS Alerts are: |
First Install / Launch S-Monitor Notification |
This notification is displayed in your WordPress Dashboard when you first install BPS Pro. It is designed to notify you to go to the S-Monitor page to choose and save your BPS Pro monitoring and alerting preferences and can then be turned off permanently. This notification contains a link to the S-Monitor Options page. |
BPS Pro Upgrade Notification |
Choose how you want BPS Pro upgrade notifications displayed. In your WordPress Dashboard, BPS Pro pages only or turned off. There is also an Email Alerting option if you would like an email sent to you when a new version of BPS Pro is available. |
BPS Security Status: Currently Active .htaccess File or Alert |
You can display which currently active root .htaccess file is active on your website in your WordPress Dashboard, BPS pages only or turned off. Your wp-admin htaccess file is monitored too, but you will only see a displayed alert about the status of your wp-admin htaccess file if there is a problem with it. |
HUD Alerts: BPS Error, Problem and Warning Alerts |
These Alerts are very important and it is recommended that you choose to display these alerts in your WordPress Dashboard. HUD alerts display any and all problems with BPS and other site problems that need to be corrected. |
PHP Error Log: Check if Folder Location Has Been Set |
This is a reminder alert to remind you to set your php error log location as soon as possible. A php error log is an important part of website security monitoring and error checking so you should leave the reminder alert on until you have set your php error log folder location. The alert will automatically go away once your php error log location has been set. |
PHP Error Log: New Errors in The PHP Error Log |
When new php errors occur on your website they are logged in your php error log and you are alerted that a new php error has occurred. Php errors are very important to monitor for two primary reasons. One, there is a problem with your site somewhere that needs to be fixed and two, php errors (typically on forms or form pages) will alert you that a hacker is trying to exploit a possible security vulnerability. It is recommended that you choose to have this alerting option set to display in your WordPress Dashboard. There is also an Email Alerting option if you would like an email sent to you when a new php error occurs on your website. It is also recommended that you choose to Send Email Alerts when new php occurs. |
Php.ini File: Check if php.ini File Has Been Created / Added |
This is a reminder alert to remind you to create or add a custom php.ini file for your website as soon as possible. A php.ini file is a very important part of website security and will improve your overall website performance so this is something you should add to your website as soon as possible. It is recommended that you leave this reminder alert displayed until you add a custom php.ini file. The alert will automatically go away once you have added a custom php.ini file to your site. |
S-Monitor Email Alerting |
Email alerting options work independently of BPS displayed alerts so that if you have a displayed alert turned off you will still receive an email alert if you prefer to be alerted only by email. You can add and save the email address you would like to have alerts sent to. The email address can be your WordPress Administrator email address, another email address for your hosting account or a 3rd party email address like yahoo, gmail, etc. |
PHP Error Log: New Errors in The PHP Error Log |
Choose whether or not to have email alerts sent to you when a new php error occurs on your website. It is recommended that you choose Send Email Alerts for this option and also choose to have php error alerts displayed in your WordPress Dashboard. If you are currently logged into your site and a php error alert is displayed in your Dashboard you can check the php error log and reset the last modified time in DB and you will not be sent an email alert. The php error log check is a scheduled cron job that will check your php error log for new errors at regular intervals instead of being an instant email alerting option for this main reason. Php errors are very important to monitor for two primary reasons. One, there is a problem with your site somewhere that needs to be fixed and two, php errors (typically on forms or form pages) will alert you that a hacker is trying to exploit a possible security vulnerability. |
BPS Pro Upgrade Notification |
Choose whether or not to have email alerts sent to you when a new version of BPS Pro is available. |
Simple Email Test for the PHP mail() Function |
This is a simple email test option to see if the php mail() function is set up, enabled and working correctly as your default php mailer for your website. This also serves as a test to check if you need to add any additional directive settings to your php.ini file. You should not have to add any mail directive settings to your php.ini file and this testing feature should confirm that. |
S-Monitor Whats New Page |
The Whats New page will contain information on what is new in each new version release of BPS Pro. |
S-Monitor Help & FAQ Page |
Contains links to: BPS Pro Overview Video Tutorial, S-Monitor Video Tutorial, Hover Tooltips Posted as Text For Language Translation, BPS Pro Features, BPS Pro Screenshots and Post Questions and Comments For Assistance. |
Possible Future Additions to the S-Monitor |
Adding an S-Monitor GUI visual graphic display of possible hacking attempts or malicious behavior has been abandoned for now. This is considered more of a novelty feature by us as any hacker worth worrying about is going to mask his trail in a way that it would be very difficult to do anything with the data that is collected from the hacking attempt. What is more likely is that we will develop a Honey Pot addition to BPS Pro that ties into the Project Honey Pot API. Monitoring your php error log will tell you what files and exact code lines in those files that hackers are targeting on your website. |
BulletProof Security Pro ~ Pro Tools |
A large majority of people only go looking for and find BPS after their websites have already been hacked. We have added several tools that can be used to aid in finding and removing hackers code. Unfortunately there is no magic solution, other than restoring your website from a backup, that can automatically find code that was added by a hacker and remove it. In order to remove the hackers code you will need to follow some clues in your Server log files and can use the BPS Pro Tools to make restoring your site a very quick and simple process. |
String / Function Finder |
This tool will search all files in a specific folder and the subfolders of that folder for a particular string. A string can be a word, phrase, code, a php function name or pattern in a file. The search results will display the total number of times the string was found, the full path and file name, the code line in the file where the string exists, the string itself highlighted in yellow and surrounding relevant file contents. You would type in the string you want to search for and type in the folder path where you want to search. If you start you search from the root folder of your hosting account then you will be searching all of the folders under your entire hosting account. This would mean that if you have several different websites hosted under one hosting account then you would be searching all the files in all of those websites. The String / Function finder can also be used to search for php function names. For example you could search your WordPress Plugins folder for a particular function name that is considered dangerous, such as a php function that performs remote execution. You could search for the base64_encode and base64_decode functions to check that there purpose is legitimate and if you find base64 code that you want to decode then you would decode it using the BPS Base64 Decoder tool. You can search your WordPress Plugins folder for php functions that you would like to add to your php.ini disable_functions directive in your php.ini file. If the php function that you searched for is in use by a particular plugin then you can decide whether or not to add it to your disable_functions directive to block the function from being allowed to run on your website. |
String Replacer / Remover ~ Preview Mode |
The String Replacer / Remover tool has a preview mode and a write mode. Since performing an incorrect string replacement could damage files or your website you would want to perform a string replacement in preview mode first. The results of the string replacement in preview mode are visual ONLY. You are not actually replacing the strings in files in preview mode. You enter the string (case sensitive – it must match exactly) you want to search for in files, the replacement string and the search path that you want to search in. The search results will display the total number of times the string was found and replaced (visual only), the full path and file name, the code line in the file where the replaced string exists, the replacement string itself highlighted in yellow and surrounding relevant file contents. |
String Replacer / Remover ~ Write Mode |
The search results will display the total number of times the string was found and replaced, the full path and file name, the code line in the file where the replaced string exists, the replacement string itself highlighted in yellow and surrounding relevant file contents. In write mode you are actually replacing the string that you searched for. If you make a mistake or just want to reverse the process you would perform the string replacement again just in reverse. The string replacement is permanent therefore we have created a String Replacer / Remover Log file. Each time you perform a string replacement or removal a log entry is made into the BPS Pro String Replacer Log file. The log file entry adds a timestamp, the Search Path, the Search String, the Replacement String, the Original Content before being modified and the File Path and Code Line that was modified. Bonus: You can add the path to the Replacer Log file to an available slot in the Php.ini File Manager and use the Php.ini Editor to view the Log file in your WordPress Dashboard. Adding the Log file path to the Php.ini File Manager will allow you to view the Replacer Log file at any time. The Log file is htaccess protected and cannot be viewed using a browser unless you open the file with your browser via FTP. If you perform a string removal by entering in nothing or blank for the replacement string then you will not be able to reverse the string replacement process because searching for nothing or blank for the search string will result in No Results Found message. As a safety measure you must enter a string to search for. Blank or nothing entered into the string search window will do nothing besides display the No Results Found message. |
DB String Finder |
The WordPress database string finder is not an attempt to replace the phpMyAdmin tool that your web host already provides. It is designed to be a quick way for you to search your entire WordPress database for a matching or similar string to eliminate that your database has been compromised or to find that your database has been compromised. The DB String Finder searches all database Tables, Columns and Rows for the string you enter. The search results will contain all or part of the search term / string you were searching for highlighted. An example use would be let’s say your site was hacked (BPS was obviously not already installed) and now contains Viagra links. You are not sure if the hack was done by SQL database injection or if your files contain the hacker’s code. To eliminate that your WordPress database has been compromised and that it contains the hacker’s code you could run a search for “Viagra”. If no search results are found then you know that the hacker’s code is not in your database and is only in your website’s files. You would then proceed to use the String Finder and Replacer tools. In this way you have quickly eliminated that your WordPress database has been compromised. On the other hand if you do find the hacker’s code in your WordPress Database you now have a guide to follow that will list the exact locations in your database that the hacker’s code exists. You would then use your web host phpMyAdmin tool and remove the hacker’s code by using the DB String Finder results as your guide. |
WordPress Database Table Cleaner / Remover |
Removes or empties top level tables from your WordPress database. |
Base64 Decode / Encode |
If you search your website using the BPS String / Function Finder tool and find base64 code that you would like to decode you can copy and paste the base64 code into the Base64 Decode window and decode it. The base64 decoder does not decode base64 encoded image files. If you would like to encode text or code then copy and paste it to the Base64 Encode window and encode it. The base64 encoder does not encode image files. |
Mycrypt ~ Decrypt / Encrypt |
This tool allows you to mcrypt_encrypt or mycrypt_decrypt text or code. To decrypt paste or type the salt into the salt window and paste mcrypt encrypted code into the Decrypt window and click the Decrypt button to decrypt it. To encrypt text or code paste or type the salt into the salt window and paste or type text or code into the Encrypt window and click the Encrypt button. Mcrypt Cipher: MCRYPT_RIJNDAEL_256 – Block Algorithm / Cipher Mode: MCRYPT_MODE_CBC – Salt and String: md5 hashed and base64 encoded / decoded. |
Crypt |
One way string hashing tool. This tool serves more as an example tool and could have practical uses, but typically you would use the crypt function in an actual function instead of manually using this tool. A practical usage could just be to test if the Encryption Algorithms in this tool are supported on your Server for use in functions you plan on creating or using. Encryption Algorithms to choose from / test: CRYPT_STD_DES, CRYPT_EXT_DES, CRYPT_MD5, CRYPT_BLOWFISH, CRYPT_SHA256 and CRYPT_SHA512. |
Scheduled Crons |
Displays all Cron jobs that are scheduled to run on your website. Displays Next Run Date, Frequency and Hook Name. |
Tags: BPS Pro Features, BulletProof Security Pro Features
Categories: BulletProof Security Pro