Features
|
BPS Free |
BPS Pro |
BPS Free ~ .htaccess Core Security / BPS Pro ~ B-Core
|
|
|
htaccess Website Security – .htaccess Protection against XSS, RFI, CSRF, CRLF, Base64, Code Injection and SQL Injection hacking attempts… |
|
|
BulletProof Security Modes BPS Free– Automatic or Manual creation of custom .htaccess files based on BPS Free Security Optimized .htaccess files. Root .htaccess BulletProof Mode & wp-admin .htaccess BulletProof Mode. |
|
|
BulletProof Security Modes BPS Pro – Automatic or Manual creation of custom .htaccess files based on Pro Master Security Optimized .htaccess files. BPS Pro .htaccess files. Root .htaccess BulletProof Mode, wp-admin .htaccess BulletProof Mode, Plugin Firewall / Plugins Folder BulletProof Mode & Uploads Anti-Exploit Guard / Uploads Folder BulletProof Mode.
The Plugin Firewall / Plugins BulletProof Mode is designed specifically to prevent Remote Access to the plugins folder from external sources (remote script execution, hacker recon, remote scanning, remote accessibility, etc.) and only allows internal access to the plugins folder based on this criteria: Domain name, Server IP Address and Public IP / Your Computer IP Address. Whitelist Tools include Custom Scan Tool/Option, Additional Roles IP Address Whitelisting Tool/Option, Payment Provider Whitelisting Tool/Option and Plugin Firewall Test Mode to test your website and automatically get any plugin scripts that need to be Whitelisted in your Firewall.
The Uploads Anti-Exploit Guard / Uploads Folder BulletProof Mode is designed so that ONLY safe image files with valid image file extensions such as jpg, gif, png, etc. can be accessed, opened or viewed from the uploads folder. Uploads Anti-Exploit Guard blocks files by file extension names in the uploads folder from being accessed, opened, viewed, processed or executed.
|
|
|
File / Folder Permissions – File and Folder Permission Checking for DSO & CGI. |
|
|
Security Status – BPS Free – Checks the status of the BPS .htaccess files and site security in real time and displays a WP Dashboard alert. BPS Pro – WP Dashboard Security Status Display: BULLETPROOF PRO 5.7 SECURE .HTACCESS || AutoRestore/Quarantine Status: On – Check Files Every 15 Minutes || Firewall Status: On || UAEG Status: On Advanced WP Dashboard messaging/alerting/notifications/email/logging system. |
|
|
Additional Security Measures – Checks additional .htaccess security measures added by BPS. |
|
|
System Info – Website Info, Server Info, IP Info, MySQL Info, PHP Info, PHP Memory Usage, WordPress Admin Memory Limit, WordPress Base Memory Limit, PHP Actual Configuration Memory Limit, Opcode Cache, Accelerators, Permalink Structure, WP Installation Type, Hostname, DNS Name Server, Server OS, Server Type, Server API, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, Memcache, Memcached… |
|
|
Security Log BPS Free – Security Log entries are logged in descending order by Date and Time. Log file size, log file Status, turn Error logging On or Off, delete log file contents. Add or Remove User Agents/Bots to be logged or not logged (pending for .48.1). The Security Log logs 400 and 403 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening the BPS Pro 404 Template file – /bulletproof-security/404.php and copying the logging code into your Theme’s 404 Template file. |
|
|
Security Log BPS Pro – Security Log entries are logged in descending order by Date and Time. Log file size, log file Status, turn Error logging On or Off, delete log file contents, add or remove User Agents/Bots to be logged or not logged. You can setup S-Monitor Email Alerting & Log File Options to automatically email your Security Log file to you and delete it when it reaches a certain size (256KB, 500KB or 1MB). The Security Log logs 400 and 403 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening the BPS Pro 404 Template file – /bulletproof-security/404.php and copying the logging code into your Theme’s 404 Template file. |
|
|
Backup & Restore – Built-in Backup and Restore of .htaccess files. |
|
|
File Editing – Built-in File Editing of .htaccess files – Displays your .htaccess files within your WP Dashboard – no need for FTP or Control Panel editing. (BPS Pro ONLY – 2 additional .htaccess file editing windows for the Plugins BulletProof Mode .htaccess file & the Uploads BulletProof Mode .htaccess file). Note: Network/MU sites will also have a blogs.dir Uploads BulletProof Mode .htaccess file editing window. |
|
|
File Lock / Unlock – for root .htaccess file (BPS Pro – see F-Lock – Lock additional WordPress Mission Critical files – .htaccess, index.php, wp-config.php and wp-blog-header.php files). |
|
|
Turn On AutoLock / Turn Off AutoLock – AutoLock is designed to automatically lock your root .htaccess file to save you an additional step of locking your root .htaccess file when performing certain actions, tasks or functions and AutoLock also automatically locks your root .htaccess during BPS Pro upgrades. This can be a problem for some folks whose Web Hosts do not allow locking the root .htaccess file with 404 file permissions and can cause 403 errors and/or cause a website to crash. For 99.99% of folks leaving AutoLock turned On will work fine. If your Web Host ONLY allows 644 file permissions for your root .htaccess file then click the Turn Off AutoLock button. This turns Off AutoLocking for all BPS actions, tasks, functions and also for BPS Pro upgrades. (Pending for BPS Free .47.6) |
|
|
Upload / Download – Built-in File Uploading and Downloading of .htaccess files. |
|
|
Maintenance Mode – Website Under Maintenance 503 status form creator – Allows you to continue to Login / Logout and work on your website while visitors see a Website Under Maintenance page. |
|
|
My Notes – Save custom .htaccess code, personal notes, etc. to your WordPress DB. |
|
|
Custom Code – Add plugin fixes or other custom .htaccess code to the Root Custom Code text boxes to save the .htaccess code permanently. Click the AutoMagic buttons and activate Root folder BulletProof Mode to add your custom .htaccess code to your Root .htaccess file. Add wp-admin custom .htaccess code to the wp-admin Custom Code text boxes to save the .htaccess code permanently. Activate wp-admin BulletProof Mode to add your custom .htaccess code to your wp-admin .htaccess file. |
|
|
Advanced Messaging, Email Alerting & AutoZip – Advanced WP Dashboard Security Status Display & Alerts, Notifications, Error Messaging, Automated Email Alerting with AutoZipped Log Files. |
|
|
|
BPS Free |
BPS Pro |
Login Security – Login Security & Monitoring (LSM) – (BPS Pro additional S-Monitor options…)
|
|
|
Dynamic Login Security Database Form: – You have 3 options: Lock, Unlock or Delete database rows. The Login Security database table is hooked into the WordPress Users database table, but they are 2 completely separate database tables. If you lock a User Account then BPS Pro will enforce that lock on that User Account and the User will not be able to log in. If you unlock a User Account then the User will be able to login. Deleting database rows in the Login Security database table does NOT delete the User Account from the WordPress Users database table. When you delete a User Account it is pretty much the same thing as unlocking a User Account. To delete actual User Accounts you would go to the WordPress Users page and delete that User Account.
Max Login Attempts: Type in the maximum number of failed login attempts allowed before a User Account is automatically Locked out. After making any setting changes click the Save Options button to save your new option settings.
Automatic Lockout Time: Type in the number of minutes that you would like the User Account to be locked out for when the maximum number of failed login attempts have been made. After making any setting changes click the Save Options button to save your new option settings.
Manual Lockout Time: Type in the number of minutes that you would like the User Account to be locked out for when you manually lock a User Account using Lock checkbox options in the Dynamic Login Security form. After making any setting changes click the Save Options button to save your new option settings.
Max DB Rows To Show: Type in the maximum number of database rows that you would like to display in the Dynamic Login Security form. Leaving this text box blank means display all database rows. After making any setting changes click the Save Options button to save your new option settings.
Turn On/Turn Off: Turn On Login Security or Turn Off Login Security. After making any setting changes click the Save Options button to save your new option settings.
Logging Options: You can choose to Log All User Account Logins or Log Only User Account Lockouts. Recommended Setting: Log Only Account Lockouts. After making any setting changes click the Save Options button to save your new option settings.
Error Messages: (BPS Pro ONLY)
Standard WP Login Errors: will display the normal WP login errors. Example1: ERROR: The password you entered for the username X is incorrect. BPS Example2: ERROR: This user account has been locked until May 14, 2013 9:31 am due to too many failed login attempts. You can login again after the Lockout Time above has expired.
User/Pass Invalid Entry Error: will display a generic Invalid Entry error message instead of displaying normal WP login errors for incorrect username or incorrect password, but if a user account is locked out then the BPS timestamp and Lockout Time error message will be displayed. Example: ERROR: Invalid Entry for either incorrect username or incorrect password. BPS Example2: ERROR: This user account has been locked until May 14, 2013 9:31 am due to too many failed login attempts. You can login again after the Lockout Time above has expired.
User/Pass/Lock Invalid Entry Error: will display a generic Invalid Entry error message instead of displaying normal WP login errors for incorrect username, incorrect password and when the user account is locked out – the BPS Lockout Time error message will NOT be displayed. CAUTION: If the user account is locked out then no indication will be given that the user account is locked out and only a generic ERROR: Invalid Entry message will be displayed.
Password Reset: (BPS Pro ONLY) The Enable Password Reset option will allow the normal WP Lost Password link to be displayed and allow locked out users to reset their passwords. The Disable Password Reset option disables the WP Login reset password feature and displays this error message – Password reset is not allowed for this user. This error message is displayed for valid or invalid user accounts or email addresses. In other words, there is no indication of whether or not a valid username or email address is being entered. This of course disables a lot of cool WordPress login features, but if you want complete Login Stealth Mode then this is the option for you.
Reset / Clear Login Security Alerts: If you choose to have S-Monitor Login Security Alerts displayed to you in your WP Dashboard or BPS Pro pages then to clear the alert you will need to click this button.
Search feature: The search feature allows you to search all of the Login Security database rows. To search for a username enter that username, to search for an IP address enter that IP address, etc.
|
|
|
|
BPS Free |
BPS Pro |
P-Security – php.ini Security & Performance – BPS Pro ONLY
|
|
|
Website Security & Performance Boosting – php.ini Protection against hackers Shell scripts, remote script execution, dangerous php functions… Performance boosting with optimum php.ini directive settings. |
|
|
ini_set Options – 2 button click setup – no choices or decisions to make – just point and click – For first time installations of BPS Pro it is recommended that you use the ini_set Options to quickly setup your PHP Error Log file and location. The ini_set Options can be used as an alternative to creating a custom php.ini file or .user.ini file (if your PHP version is PHP5.3.x or above) or in addition to creating a custom php.ini file or .user.ini file (if your PHP version is PHP5.3.x or above). |
|
|
Diagnostic Checking Tool – Clicking the Run Check button on the PHP.ini Options page or ini_set Options page runs a Diagnostic Check for all settings that relate to php.ini files, .user.ini files, ini_set, php handlers, php error log paths and other related settings to quickly troubleshoot any issues or problems. Recommendations are also given based on your PHP version and your type of Hosting (Shared, VPS or Dedicated Hosting). |
|
|
Php.ini File Finder – find existing php.ini files on your website. |
|
|
Php.ini Master File Maker – Create a new Master php.ini file for your website quickly and easily with a couple of clicks. Once your Master php.ini file has been created you will use the Php.ini File Creator to create your custom php.ini file. |
|
|
Php.ini File Creator – Automatic or Manual creation of custom php.ini files based on BPS Pro Security and Performance optimized Master php.ini files – allows you to create a single custom php.ini file for your entire site or individual custom php.ini files in specific directories / folders / websites / Hosting Accounts. |
|
|
Php.ini File Manager / All Purpose File Manager – manage php.ini files or any type of files – Extended capability of opening and viewing Server Protected folders and files. |
|
|
PHP.ini Editor / All Purpose File Editor – Displays your custom php.ini file within your WP Dashboard – no need for FTP or Control Panel viewing or editing – All Purpose File Editor – open, view and edit php.ini files – open, view and edit any type of file – Extended capability of opening and viewing Server Protected files. |
|
|
PHP Error Log – View your .htaccess protected PHP error log within your WP Dashboard on the P-Security PHP Error Log page – choose to use the default BPS Pro PHP Error log location, ini_set PHP Error Log Location (Recommended) or set your own php error log location – PHP error log last modified time feature compares actual file last modified time with DB last modified time and has a reset button to reset and synchronize last modified time in DB. |
|
|
PHP Info Viewer – .htaccess protected phpinfo file – view your PHP Server Configuration file within your WP Dashboard. |
|
|
PHP Multi Viewer – .htaccess protected phpinfo file creator – Allows you to create and view your PHP Server Configuration file within your WP Dashboard for specific directories / folders on your site. |
|
|
Php.ini Security Status – Displays the primary security & performance features added by your BPS Pro custom php.ini file with full descriptions of what each php.ini directive does – Status Indicator displays your real-time php.ini security status at a glance. |
|
|
|
BPS Free |
BPS Pro |
S-Monitor – Security Monitoring and Alerting – BPS Pro ONLY
|
|
|
S-Monitor Options – Choose how you want BPS Pro alerts, warnings and error messages displayed to you – in BPS Pro pages only, WP Dashboard or turned off for each S-Monitor option. The recommended options settings are to display all alerts in your WP Dashboard with these exceptions: First Install / Launch S-Monitor Notification (Static Alert) – Should be set to Turned Off. PHP Error Log: New Errors in The PHP Error Log – recommended that you choose to set this to Display Alerts in BPS Only. |
|
|
First Install / Launch S-Monitor Notification (Static Alert) – This is a Static Alert that displays info for first time installations of BPS Pro. This option should be set to Turned Off when saving S-Monitor optons for first time installations of BPS Pro. |
|
|
Security Status: Currently Active htaccess File & Alerts – You can display which currently active BPS Pro htaccess file is active in BPS pages only, your WordPress Dashboard or turn this alert off. It is recommended that you choose to display the BPS Security Status in your WP Dashboard. |
|
|
Security Log: New Log Entry Has Been Logged – When new Security Log entries are logged in your Security Log file you are alerted by BPS that you have a new log entry. You can choose to have Security Log Alerts displayed in your WP Dashboard, in BPS pages Only or turn Alerts Off. You can also choose to have Security Log Alerts and log files emailed to you with Email Alerting & Log File Options. The Security Log Alert contains a link to the B-Core Security Log page. |
|
|
AutoRestore / Quarantine: AutoRestore / QuarantineStatus – Displays the status of ARQ in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the ARQ Status in your WP Dashboard. |
|
|
Plugin Firewall: Plugin FirewallStatus – Displays On or Off status of the Plugin Firewall in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the Plugin Firewall Status in your WP Dashboard. |
|
|
UAEG: Uploads Anti-Exploit Guard Status – Displays On or Off status of UAEG in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the Uploads Anti-Exploit Guard Status in your WP Dashboard. |
|
|
Login Security: Login Security Status & Alerts – Displays On or Off status of Login Security in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the Login Security Status in your WP Dashboard. NOTE: If you turn Login Security Status Off you will no longer see Alerts, but the actual Login Security Status depends on whether you have turned Login Security Off or On on the Login Security page. |
|
|
F-Lock: File Lock / Unlock Status – Real-time check that displays warning and alert messages when any of your WordPress Mission Critical files are unlocked. |
|
|
HUD Alerts: BPS Error, Problem and Warning Alerts – Primary Core messaging – Displays Heads Up warning, alerts and error messages regarding problems or issues detected with BPS Pro in your WP Dashboard, BPS Pro pages only or turned off. |
|
|
PHP Error Log: Check if Folder Location Has Been Set – Displays an alert if you have not set your PHP Error Log location yet. |
|
|
PHP Error Log: New Errors in the PHP Error Log – When new PHP errors occur on your website they are logged in your PHP Error Log and you are alerted by BPS that you have a new PHP error in your error log. You can choose to have PHP Error Log Alerts displayed in your WP Dashboard, in BPS pages Only or turn Alerts Off. You can also choose to have PHP Error Log Alerts and log files emailed to you with Email Alerting & Log File Options.The PHP Error Log Alert contains a link to the P-Security PHP Error Log page. |
|
|
Php.ini / ini_set: Various Error Checks & Alerts: – Various checks for possible issues or problems with php.ini files, ini_set options, Loaded Configuration file checks, PHP error log Set To Location matches the error log path seen by the Server, etc. For additional Status checking of individual directives see the Php.ini Security Status page. NOTE: As of PHP5.3.x adding a custom php.ini file for your website has become very complicated and problematic. It is recommended that you use the ini_set Options as an alternative to creating a custom php.ini file for your website if your PHP version is 5.3.x or greater. |
|
|
|
BPS Free |
BPS Pro |
S-Monitor – Email Alerting & Log File Options – BPS Pro Only
|
|
|
Login Security: Send Email Alert When… – There are 5 different email options. Choose to have email alerts sent when a User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in when a User Account is locked out or Do Not Send Email Alerts. Recommended setting is: A User Account Is Locked Out. The email alerts contain the action that occurred with Timestamp and these fields: Username, Status, Role, Email, Lockout Time, Lockout Time Expires, User IP Address, User Hostname, Request URI and URL link for the website where the action occurred. |
|
|
ARQ: When A File Has Been AutoRestored / Quarantined – Choose whether or not to have email alerts sent when a file has been AutoRestored or Quarantined. Recommended setting is: Send Email Alerts. |
|
|
AutoRestore / Quarantine Email / Delete Log File – Select the maximum Log File size that you want to allow for your Quarantine Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first. Recommended setting is: Email Log & Then Delete Log File. |
|
|
Security Log: New Log Entry Has Been Logged – Choose whether or not to have email alerts sent when a new security entry has been logged in your Security Log file. Recommended setting is: Do Not Send Email Alerts. |
|
|
Security Log File Email / Delete Log File – Select the maximum Log File size that you want to allow for your Security Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first. Recommended setting is: Email Log & Then Delete Log File. |
|
|
PHP Error Log: New Errors in The PHP Error Log – Choose whether or not to have email alerts sent when a new PHP Error has been logged in your PHP Error Log file. Recommended setting is: Do Not Send Email Alerts. |
|
|
PHP Error Log File Email / Delete Log File – Select the maximum Log File size that you want to allow for your PHP Error Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first. Recommended setting is: Email Log & Then Delete Log File. |
|
|
BPS Pro Upgrade Notification – Choose whether or not to have email alerts sent when a new version of BPS Pro is available. This option is currently disabled and will be re-enabled in a later version of BPS Pro. BPS Pro upgrade notifications are displayed just like any other plugin in your WP Dashboard. You can also manually check for a BPS Pro upgrade on the WordPress Plugins page by clicking the BulletProof Security Pro Manual Upgrade Check link. |
|
|
|
|
|
Pro-Tools – BPS Pro Only
|
|
|
BulletProof Security Pro ~ Pro Tools is a collection of versatile tools that allow you to do things like decode hackers base64 scripts, Encrypt and Decrypt text or code, search your entire site or sites for hackers code, text, code, functions, etc., search your entire DB for hackers code, text and code and other tools…so far. |
|
|
Online Base64 Decoder – This tool allows you to safely decode hackers base64 scripts on a Live website – the decoded code is outputted / written to a text file and is not outputted to your browser – the text file is then zipped and downloaded for safe viewing on your computer – 13 different option combinations of base64_decode and decompression are provided. |
|
|
Offline Base64 Decode/Encode – This tool allows you to safely decode hackers base64 scripts on an Offline website, such as an installation of XAMPP or MAMPP with WordPress on your computer – the decoded code is outputted directly to your browser – this is a quick, convenient and safe way to view hackers code – 13 different option combinations of base64_decode and decompression are provided as well as 13 matching option combinations of base64_encode and compression to encode code or text – this tool can be used Online safely if you are decoding known good base64 code or encoding known good code or text. |
|
|
Mcrypt ~ Decrypt / Encrypt – This tool allows you to Encrypt or Decrypt text or code using Mcrypt. |
|
|
Crypt Encryption – This tool allows you to test what Encryption Alogorithms are allowed on your Host Server – this tool is pending further development and is very limited at this point. |
|
|
Scheduled Crons – Simple display of the Cron jobs that are scheduled to run on your website – displays Next Run Date, Frequency and Hook / function name – this tool is pending further development to allow cancelling Cron jobs or forcing Cron jobs to run manually. |
|
|
String Finder – This is a very versatile tool that allows you to search your entire site, ALL files, for any string – you can search for text, code, a combination of text and code, php functions or any other strings – find hackers code anywhere throughout your entire site files in one search. |
|
|
String Replacer / Remover ~ Preview Mode & Write Mode – This tool is a very versatile tool that allows you to search your entire site, ALL files, for any string – this tool has 2 modes – Preview Mode to do a dry run and display the string replacement visually ONLY and Write Mode to actually replace or remove the srings that you have searched for – allows you to quickly remove any strings throughout ALL of the files on your website returned in your string search simultaneously – if you have 100’s of files that contain hackers code you can remove the hackers code in one shot in less than 2 minutes. |
|
|
DB String Finder – This Bonus tool allows you to search your entire WordPress Database in one search for any text or code – normally you are limited to searching within a specific Database Table and this Bonus tool will search your entire database, ALL Tables in one single search – displays the search results with surrounding Table data in expandable / collapsible windows – this Bonus tool is not intended to replace phpMyAdmin, but is intended as a quick way for you to search your entire WordPress Databse to find any strings – very handy in eliminating whether or not your WordPress Database has been compromised by a hacker – Credit to AnyWhereInDB – author Nafis Ahmad – adapted and modified for WordPress by AITpro – pending further development. |
|
|
DB Table Cleaner / Remover – This Bonus tool allows you to Empty or Drop Top level database Tables in your WordPress Database – Credit to Lester “GaMerZ” Chan – pending further development to include relational table Empty / Drop. |
|
|
DNS Finder – This tool allows you to find all DNS Records for websites by Domain Name. Get DNS Records for Domains with DNS_ALL or DNS_ANY. A, NS, CNAME, MX, SOA… |
|
|
Ping Website – This tool allows you to check if a website domain is Up/Down or Blocking your website/Server IP Address. |
|
|
cURL Scan/cURL Multi Page Scanner – This tool allows you to Scan up to 10 website pages Source Code simultaneously for any Text or Code. The search string can be plain text or code or a combination of both text and code. You can search outputted website pages Source code and internal js and php scripts. The Pro-Tools String Finder tool is better for searching internal scripts and will also show you the code line in the search results. Multi page cURL Scan for Plugin Firewall plugin script Whitelisting – Scans up to 5 of your website pages simultaneously for plugin scripts to add to the Plugin Firewall Whitelist. |
|
|
|
BPS Free |
BPS Pro |
AutoRestore – BPS Pro Only
|
|
|
AutoRestore/Quarantine Settings – Automatic File Restore for your entire website – If your Host Server is compromised / hacked or your FTP password is cracked or stolen (change your passwords immediately while AutoRestore/Quarantine is continuing to protect your website by autorestoring and quarantining files until your passwords is changed) your individual website will still be protected. This countermeasure website security approach to hacking attacks directed at your Web Host Server directly or your FTP account that lead to code injection into your website files or uploaded hacker files. BPS already protects your website from direct hacking attempts against your website, but it is not possible for BPS Pro to protect your Web Host Server directly. AutoRestore/Quarantine is countermeasure website security method that will automatically restore your website files if a hacker has compromised your Web Host Server and injected code into website files and quarantine uploaded hacker files if your FTP password has been cracked or stolen.
Monitoring, alerting and logging for AutoRestore 1. Display the AutoRestore/Quarantine Status in your WP Dashboard or BPS pages Only. 2. Send an email alert if a file is autorestored/quarantined. 3. Quarantine Log – logs all information about what action was taken by ARQ Infinity and all information about the file that was autorestored. 4. WP Dashboard AutoRestore Alert – if a file is restored or quarantined with AutoRestore/Quarantine you will see an AutoRestore/Quarantine Alert.
|
|
|
Exclude Dynamic Folders – Temp/Cache – Allows you to exclude Plugin’s or Theme’s dynamic temp and cache folders from being checked by the ARQ Cron. If cache or temp files are being sent to Quarantine you can add that temp or cache folder name using this tool/feature and that folder will no longer be checked by the ARQ Cron. Allows you to exclude other folders such as backup folders to tell AutoRestore/Quarantine not to check the files in these folders. |
|
|
Add / Exclude Static Files – On the main AutoRestore Settings page you have created backup copies of all of your WordPress folders and files. These folders and files will automatically be checked and protected by the ARQ Infinity Cron. To add additional non-WordPress folders and files ONLY that you would like checked and protected by the ARQ Infinity Cron you would add them by using the Add Folders & Files options form. To exclude any WordPress folders and files ONLY (this means any files that are related to WordPress: WP Core files, plugin files, theme files…) that you DO NOT want checked and protected by the ARQ Infinity Cron you would exclude them by using the Exclude Folders & Files options form. Both Added and Excluded folders and files can be removed at any time by using the Remove Folders & Files DB Search Tool. A Folder & File Search Tool is included to quickly find paths for: Top Level Folders ONLY, Top Level & Subfolders and All Files in a specific folder. |
|
|
|
BPS Free |
BPS Pro |
Quarantine – BPS Pro Only
|
|
|
Quarantine – The Quarantine folder is located in an isolated .htaccess protected directory that cannot be accessed by anyone other than you. When a file has been autorestored or quarantined by the ARQ Cron, a copy of that modified file that was autorestored is sent to Quarantine before it was autorestored. This allows you to restore the modified file that is in quarantine and overwrite the autorestored file. Or in other words restoring a file from Quarantine is an Undo. If a file (hacker file) is uploaded to your website and a copy of that uploaded file does not exist in backup then that file is sent to Quarantine. If there are no files in Quarantine the Quarantine Radio Button Form will display an empty table with this displayed message – No Files in Quarantine. If there are files in Quarantine the Dynamic Quarantine Radio Button Form will display the file name, the time the file was quarantined, the source path where the file was quarantined from and 3 Radio Button Form options: 1. View File, 2. Restore File or 3. Delete File. The Restore File option allows you to quickly and easily restore a file if it needs to be restored. |
|
|
Quarantine Log – The Quarantine Log logs specific information about what action was taken so that you can quickly visually identify exactly what action occurred. The Quarantine Log entries will tell you what Top Level folder the file was quarantined from, the original source path of where the quarantined file was quarantined from, the file name of the quarantined file, a timestamp, whether the file was AutoRestored or just Quarantined, the Quarantine folder location and if a file already exists in Quarantine then the file will be renamed using a Timestamp so that it does not overwrite the existing quarantined file. When a file has been quarantined you will see an AutoRestore/Quarantine Alert. To remove that alert from being displayed you will need to click the Reset Last Modified Time in DB button. This synchronizes the last modified time of the actual Quarantine Log file with the timestamp stored in your WordPress database for the last time the Quarantine Log file was modified. Every time a new log entry is made in the Quarantine Log the last modified time of the Quarantine Log file will change. |
|
|
|
BPS Free |
BPS Pro |
F-Lock – BPS Pro Only
|
|
|
F-Lock – File Locking / Unlocking of WordPress Mission Critical files from within the WP Dashboard – no need to change file permssions via FTP or your Control Panel – F-Lock detects your Server API (SAPI) and displays either a CGI Permissions & Status Table or a DSO Permissions & Status Table depending on what your Web Host’s SAPI is – Allows you to Lock or Unlock ALL of your mission critical files on the fly – Protects WordPress Mission Critical files from Mass Code Injection attacks on web hosts – F-Lock allows you to lock your WordPress Mission Critical files index.php, wp-config.php, wp-blog-header.php and all .htaccess files with 400 and 404 file permissions – there is a known vulnerability with Group Permissions Read file permissions where hackers can successfully Mass Code Inject these files – if your WordPress Mission Critical files are unlocked F-Lock will display a warning message either in your WP Dashboard or BPS Pro pages only depending on what S-Monitor option you choose for F-Lock displayed alerts – the F-Lock Permissions & Status Table displays your current file permssions in real time, the paths to your WP Mission Critical files and the Last Modified date of these files – allows you to also lock / unlock index.php and .htaccess files in your Document Root folder and Root folder for sites using “Giving WordPress Its Own Directory”. |
|
|
|
|
|
Activation – BPS Pro Only
|
|
|
Activation – Simple 3 step automated activation of BPS Pro that ensures that you BPS Pro Activation Key is unique to your specific website – Activation Keys are not re-usable or interchangeable with other WordPress sites and are site specific. When performing a Get Key Request to request and Activation Key for your website several connectivity/communcation checks are performed. If there is a connectivity/communication problem with sending an Activation Key request to the AITpro API Server you will see error messages displayed for the cause of the connectivity/communication problem from your website to the API Server. |
|
|
|
|
|
Zip Installation & Backup – BPS Pro Only – *NEW* As of BPS Pro 5.1.7 – One Click WordPress Dashboard Upgrade Installation (zip download and zip upload installation no longer required to upgrade BPS Pro)
|
|
|
Zip Installation & Backup – BPS Pro has built-in Zip Upload, Zip Installation and Zip Backup to upload, install and backup BPS Pro plugin files – Zip backups of BPS Pro are .htaccess protected and are automatically renamed by date – Example: August-31-2011–03:54:02–bulletproof-security.zip – built-in Zip download allows you to download your backed up BPS Pro zip file. Uses the ZipArchive Class with a PCLZip fallback to zip files. |
|
|
[…] There is also a pro version available for purchase from the developers with extra features, you can take a look at them HERE […]
[…] View All BulletProof Security Pro Feature Details […]
Hi Edward.
How is your other plugin coming along?
Please send me the link when it is ready.
John
I can see that BPS Pro will my solution – been deleting one hacked blog after another this year. At last I will be able to retain my blogs!
Just one question before I purchase: Does it come with a single or a multi-domain license?
Thanks and very best regards,
Dave
Ha! The answers right there on the sales page 🙂
Magnificent. Going to get my copy now!
Hi guys,
do you have someone who can set up resp. finalize the setting for BPS Pro for a fee?
Alternatively do you have a step-by-step video?
I have done the steps ‘above’ the actual pages but would like to know how to proceed with the rest of the tasks. e.g. do I have to set up the .htaccess file myself or does BPS Pro do that for me? There seem to be different .htaccess files (e.g. root and wp-content?) which ones do I need?
Can you help?
Karl
We offer to set up BPS Pro on 1 website for free. I have sent you an email directly requesting additional info.
You can find video tutorials by clicking this link >>> http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/
Each Read Me help button in each section / page of BPS Pro contains specific help information for that section / page.
Hi,
SO as I am an absolute beginner not even a novice I have a question. If there is malware, or other dodgy hacking etc of my site, presumable, the Pro version can clean it up with the a few clicks and I don’t have to worry about it???
Sorry for asking what may be an obvious question to the more technically learned individuals.
Terry.A
Hi,
after very recently being hacked by elcewad I would like to know the answer to Terry A’s question, fortunately we have daily backups so were able to get back on line quickly.
Thanks
Dave
Yep de-hacking a hacked website still requires human intervention and cannot be done automatically or magically. The coming future versions of BPS Pro will have Full Site AutoRestore and a new feature that we have not announced yet, but the same basic rule applies – the website must be clean / not hacked when BPS Pro is installed otherwise these new features will be negated. I think there is a common misunderstanding about what happens when a website is hacked. Typically a hacker wants to get files uploaded to your website that he can access over and over again remotely. They want control of your website for as long as they can have that control. I think a lot of people think that by cleaning up an obviously infected file that somehow the site is clean again. This is usually not the case. You will have files are injected with code and then you will have other hidden hacker files somewhere on your website that are allowing the hacker to inject your files using that hidden file. Typically backdoor hacker scripts are not detectable by scanners because they use all legitimate PHP coding that is not detected by any scanners – they are the delivery system file and the end result is a detectable file with malicious code in it. So cleaning up a hacked website completely means finding these files that are not detectable by any website scanners.
No, BPS Pro cannot automatically clean up a website that has already been hacked and neither can any other plugin. BPS Pro is designed to protect your website from being hacked in the first place. There are lots of plugins that claim they can automatically clean up a hacked website, but that is not true because that is just not possible. A human being would have to do the steps to clean the website. The reason for this is the plugins that claim they can automatically clean up a hacked website will find all the files that have malicious code in them that are very easy to detect and clean, but the hacker files that will not be found are the backdoor scripts and payload files that will continue to just put the malicious code back into the files that were already cleaned – a thorough and complete “real” website cleanup requires human intervention and that you find all hackers files or you just do a restore from a good backup. Since dehacking a website takes hours and is very time consuming it is always simpler and faster just to restore a website from backup, which only takes minutes. BPS Pro does have some website dehacking tools in Pro-Tools, but to use them you would have to know how to dehack a website and what to look for so the best, simplest and quickest method to fix a hacked website is to restore it from a good backup.
[…] BPS ProBPS Pro vs BPS Free Feature Comparison Built-in Zip Install, Zip Backup & Zip UpgradeVideo TutorialsBPS Pro ScreenshotsBPS Pro […]
Edward as far as i can see the Bulletproof Security Plugin is the best WordPress plugin in history and I am soooo looking forward to our webinar a week from Saturday. Don’t stop working to protect us but stop working so hard. I will be in touch at the first of next week.
Wait until you see BPS Pro 5.1.7. 🙂 Yep looking forward to the webinar. Thanks.
Is there, perhaps, a replay available of this webinar? I’d love to see it.
The video is here >>> http://sakuraprojectworldwide.com/training/2012/bulletproof-security-plugin/
This was a very informal webinar and it is very rough, but if you want to hear me ramble on for an hour be my guest.
[…] BPS Free vs BPS Pro Feature Comparison […]
[…] BPS Free vs BPS Pro Feature Comparison […]
[…] BPS Free vs BPS Pro Feature Comparison […]
[…] BPS Free vs BPS Pro Feature Comparison […]
[…] BPS Free vs BPS Pro Feature Comparison […]