Follow @BPSPro

Whats New In BulletProof Security Pro 7.9

Comments Off RSS Site Feed Author: AITpro Admin
Published: November 11, 2013
Updated: November 11, 2013


BPS Pro 7.9 Primary Focus: 

Pre-Installation & Setup Wizard Plugin Firewall Scanning & Filtering


BPS Pro 7.9 Secondary Focus: 

Root .htaccess File Code Modifications/Changes


Pre-Installation & Setup Wizard Plugin Firewall Scanning & Filtering:

The Pre-Installation Wizard will now scan up to 250 Pages & Posts on your website to find plugin scripts that need to be whitelisted in your Plugin Firewall. The Setup Wizard will use those Plugin Firewall whitelist rules found during the Pre-Installation Wizard scan to create your Plugin Firewall .htaccess file. Additional filtering has been added to filter out source code that will generate invalid or incorrect Plugin Firewall whitelist rules.

 
Pro-Tools cURL Scan Tool Improvement/Enhancement: 
Scans up to 250 Pages & Post on your website by default. A new Form field has been created that allows you to add the total number of Pages & Posts to scan on your website. If you website has more than 250 Pages & Posts you can add the total number to the Limit Number Of Pages To Scan: Form field and click the Scan button. The scanner has been tested up to scanning 1500 pages and will scan up to 1500 Pages & Post simultaneously, but your WP Dashboard will temporarily display broken after the scan completes. If your WP Dashboard displays broken after running this scan then click your Browser’s Back button and click any link in your WP Dashboard and it will display normally again.
 
Pre-Installation Wizard Improvement/Enhancement: 
Additional WP Filesystem API Method checking conditions added for DSO Server types.
 
Ini_set Options Code Improvement/Enhancement: P-Security & Setup Wizard
In previous versions of BPS Pro prior to BPS Pro 7.9 an additional step was required before the BPS Pro ini_set Options code could be added to the wp-config.php file for WordPress versions in other languages. That additional step is no longer required in the BPS Pro 7.9 Setup Wizard or the ini_set Options page in P-Security.
 

Root .htaccess File code modifications/changes:

The new .htaccess code modifications/changes are done automatically during the BPS Pro upgrade. No further action is required by you, unless you have previously copied the BPS Query String Exploits code to BPS Custom Code then you will see a Dashboard Notice with instructions on copying the new Root .htaccess Query String Exploits code to the BPS Custom Code Query String Exploits text box.

OLD: RedirectMatch 403 /\..*$
NEW: RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$

BPS Query String Exploits Code Changes
OLD: RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
NEW: RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]

OLD: RewriteCond %{QUERY_STRING} (\./|\../|\…/)+(motd|etc|bin) [NC,OR]
NEW: RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]

OLD: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
NEW: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]

OLD: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
NEW: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]

 
Bonus Code Dismiss Notice Added: Author Enumeration BOT Probe Code: 
This WordPress Author Enumeration Bot Probe Protection Bonus Code protects against hacker Bot Probes looking for WordPress author enumeration (a numbered list of Author ID’s / User ID’s) to exploit. Generates a standard WordPress 404 Error instead of displaying Author ID’s / User ID’s. What is especially nice about this code is that to the hacker bot it appears that this Author ID / User ID does not exist on your website without giving any clues that the Author ID / User ID does actually exist on your website.
 
Activation page additional check for: WP_HTTP_BLOCK_EXTERNAL & WP_ACCESSIBLE_HOSTS Constants: 
The Activation page has additional checks for wp-config.php Constants which can prevent successful BPS Pro Activation Key Requests. The displayed message contains instructions on how to whitelist the AIT-pro.com API Server in the WP_ACCESSIBLE_HOSTS Constant.


Tags: ,

Categories: BulletProof Security Pro

Skip to toolbar