|
|
|
New Concept in Website Security: DB MonitorDB Monitor IDS (DBM) Guide: http://forum.ait-pro.com/forums/topic/database-monitor-dbm-guide/ The DB Monitor (DBM) is an Intrusion Detection System (IDS) that alerts you via email anytime a change/modification occurs in your WordPress database or a new database table is created in your WordPress database. The DB Monitor email alert contains information about what database change/modification occurred and other relevant help info. Your DB Monitor Log also logs any changes/modifications to your WordPress database and other relevant help info. The DBM IDS is similar to the ARQ IDPS where it is the most powerful last line of website security protection defense. If all other outer and inner layers of security protection are penetrated then the most powerful DBM IDS and ARQ IDPS systems kick in and protect your website from attacks/hackers. Even if these powerful security measures are never utilized the most significant benefit is that you know for sure that neither your website files or your WordPress database have been tampered with. |
New Feature: DB Diff ToolDB Diff Tool Guide & Troubleshooting: http://forum.ait-pro.com/forums/topic/db-diff-tool/ The DB Diff Tool compares old database tables from DB backups to current database tables and displays any differences in the data/content of those 2 database tables. The DB Diff Tool allows you to check your WordPress Database if you receive a DB Monitor email alert and do not recognize the database table name change/modification. The DB Monitor email alert contains an attached zip file of your DB Monitor Log file. In that attached log file you will see the database name that was changed/modified. Example: DB Table Name: xxxxxx_usermeta. You would enter a DB Backup file name and the DB Table name in the DB Diff Tool Form to compare/check exactly what was changed/modified and click the Run Diff Comparison button to get search comparison results for exactly what was changed/modified in that particular database table. You can of course check your DB Monitor Log file directly by going to the DB Monitor Log tab page. |
New Feature: DB Monitor LogDB Monitor Log General Information Your DB Monitor Log file is a plain text static file and not a dynamic file or dynamic display to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete this plain text file. You can choose S-Monitor Email Alerting & Log File Options to automatically email your DB Monitor Log file to you and delete it when it reaches a certain size (256KB, 500KB or 1MB). What is Logged in The DB Monitor Log? Depending on your DB Monitor settings, log entries will be logged anytime the DB Monitor Cron sees a change or modification to any of your database tables or a new database table is created in your database. The name of the database table, a timestamp and what changed are logged. When you submit the Dynamic DB Form your DB Monitor settings are logged/saved. |
New Feature: DB Status & InfoGeneral DB Info Shows general help info and status info about your WordPress database at a glance. DB Total Size, DB hostname, DB hostname IP Address, DB port, max_user_connections (Your Account), max_connections (Server), connect_timeout, storage_engine, etc. Extensive DB Info Clicking each of the Extensive DB buttons will display extensive information about your WordPress Database. |
New Feature: DB BackupDB Backup & Security Guide & Troubleshooting: http://forum.ait-pro.com/forums/topic/database-backup-security-guide/ Create manual and scheduled Backup Jobs. Choose which database tables to backup. Scheduled backup job options: Hourly, Daily, Weekly and Monthly. Send scheduled backup zip file via email or just send email only, automatically delete old backup files after a certain period of time, etc., etc., etc. On BPS Pro 9.0 upgrades and new installations a default obfuscated & secure BPS Backup folder is created and all DB Backup options are saved with default settings. Backup Jobs – Manual/Scheduled Accordion Tab – Displays the Description/Job Name, Delete and Run Checkboxes, Job Type, Frequency, Last Backup, Next Backup, Email Backup and Job Created table columns. Backup Files – Download/Delete Accordion Tab – Displays the Backup Filename, Delete Checkbox, Download Links, Backup Folder, Size and Date/Time table columns. Create Backup Jobs Accordion Tab – Displays a dynamic DB Table Name checkbox form, Description/Backup Job Name textbox, DB Backup Folder Location textbox, DB Backup File Download Link/URL textbox, Backup Job Type: Manual or Scheduled select dropdown option, Frequency of Scheduled Backup Job (recurring) select dropdown option, Hour When Scheduled Backup is Run (recurring) select dropdown option, Day of Week When Scheduled Backup is Run (recurring) select dropdown option, Day of Month When Scheduled Backup is Run (recurring) select dropdown option, Send Scheduled Backup Zip File Via Email or Just Email Only select dropdown option, Automatically Delete Old Backup Files select dropdown option, Turn On/Off All Scheduled Backups (override) select dropdown option. |
New Feature: DB Backup LogDB Backup Log General Information Your DB Backup Log file is a plain text static file and not a dynamic file or dynamic display to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete this plain text file. You can choose S-Monitor Email Alerting & Log File Options to automatically email your DB Backup Log file to you and delete it when it reaches a certain size (256KB, 500KB or 1MB). What is Logged in The DB Backup Log? Depending on your DB Backup settings, log entries will be logged anytime you run a Manual Backup Job or whenever a Scheduled Cron Backup Job is run. The Backup Job Completion Time, Zip Backup File Name, timestamp and other information is logged. If you have chosen the option to automatically delete old zip backup files then the zip backup file name and timestamp will be logged when old zip backup files are automatically deleted. When you create a new Backup Job your Backup Job Settings are logged/saved in the DB Backup Log. |
New Feature: DB Table Prefix ChangerBy changing your Database Table Prefix name you will probably stop a lot of random Bot probes from doing any further reconnaissance against your website and causing unnecessary slowness from those random Bot probes. Changing the DB Table Prefix name is not really a security measure since if a hacker wants to find/get your DB Table Prefix name he/she will be able to find/get that information. The Anti-nuisance benefits alone are worth changing your DB Table Prefix name. BPS has many layers of security protection that protect your Database against SQL Injection attacks and the DB Monitor will alert you if somehow a hacker has made it past all the outer layers of BPS Database security protection and changed or modified your Database in any way. |
New Feature: UI Theme SkinYou can choose between 3 UI Theme Skins for BPS Pro: Blue Gel Classic UI Theme, Light Grey jQuery UI Theme, Dark Black WP UI Theme. Requires WordPress 3.8 or higher to switch to the Light Grey jQuery UI Theme or Dark Black WP UI Theme Skins. If you have an older version of WordPress (3.7 and below) installed then ONLY the Blue Gel Classic UI Theme Skin is available. |
Dashboard Status Display: Enhancements/AdditionsThe Heads Up Dashboard Status Display displays at the top of all WordPress pages by default and displays the current BPS Pro version installed & clickable links to pages: Root Folder BulletProof Mode (RBM), wp-admin Folder BulletProof Mode (WBM), AutoRestore (ARQ), Database Monitor (DBM), Database Backup (DBB), Plugin Firewall (PFW), Uploads Anti-Exploit Guard (UAEG), Login Security & Monitoring (LSM) and JTC Anti-Spam / Anti-Hacker (JTC). It is recommended that you choose Display Status in WP Dashboard for all of these mission critical BPS Pro security features. ARQ Status: Displays whether AutoRestore is On or Off, the ARQ Cron Frequency & the time the next ARQ Cron job will be run. DBM Status: Displays whether the Database Monitor is On or Off, the DBM Cron Frequency & the time the next DBM Cron job will be run. DBB Status: Displays either No DB Backups, Backup Job Created or the last successful Database Backup timestamp. |
New Menu Structure / New Menu Items / Menu Item Name ChangesNew Menu Items: DB Backup, DB Monitor, UI Theme Skin, DB Backup Log, DB Monitor Log, DB Status & Info Menu Item Changes: Install / Backup menu name changed to Upload Zip Install, JTC Anti-Spam menu name changed to JTC Anti-Spam / Anti-Hacker The BPS Pro Main menu has been split into 3 Main menus for easier/better navigation/usability/functionality. |
Main Menu: BPS Pro: 16 SubmenusSubmenus: B-Core, P-Security, S-Monitor, Pro-Tools, AutoRestore, Quarantine, Plugin Firewall, Uploads Anti-Exploit Guard (UAEG), Login Security, JTC Anti-Spam / Anti-Hacker, DB Backup, DB Monitor, htaccess File Editor, Custom Code, F-Lock, Maintenance Mode. |
Main Menu: Logs & Info 10 SubmenusSubmenus: Security Log, PHP Error Log, Quarantine Log, DB Backup Log, DB Monitor Log, System Info, PHP Info, DB Status & Info, Security Status, Whats New. |
Main Menu: Setup 4 SubmenusSubmenus: Setup Wizard, Activation, Upload Zip Install, UI Theme Skin. |
Root .htaccess Security Filters Change:Old security filters RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR] RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR] New security filters RewriteCond %{THE_REQUEST} \?+%20{1,}|[^\s])+HTTP+(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} \/+(\*|%2a)+(%20|\s){1,}+HTTP+(:/|/) [NC,OR] |
AutoRestore Major Changes:New Options, Cron code enhancements (internal processing), Visual, Structural, Help Info & Error Checking Recommended AutoRestore Setting Changes: Run ARQ Cron check every 2 minutes, Standard WP Cron and Turn Off Backup File Status Check. These settings have been extensively tested and do not cause any website performance or Server resource usage issues/problems. The ARQ Cron Checking code has been enhanced in BPS Pro 9.0 and performs much faster. New Option: ARQ Backup File Status Check: Turn backup files checks on or off. When this is set to off the page loads very quickly since ARQ backup files are not being checked. New Option: Additional ARQ Cron Check frequencies added: 1, 2, 3, 4, 5, 10, 15, 30, 60 minutes Structural/Visual: Tab Menu and page name change – Exclude Dynamic Folders – Temp/Cache changed to Exclude wp-content Folders. Structural/Visual: Tab Menu and page name change: Add / Exclude Static Files changed to Add / Exclude Other Folders & Files. Misc/Other: Enhancements/clarity added to ARQ Automation displayed message for WordPress automatic updates. Several error checking improvements. Read Me help text updated to reflect all new changes in AutoRestore. |
New Setup Wizard Options:cURL Scan Option: Turn On/Off cURL Scan: You can use the cURL Scan Option below to turn Off cURL scans when running the Wizards. If the Pre-Installation Wizard is crashing/not completing then select & save the Turn Off cURL Scan option and run the Pre-Installation Wizard again. The cURL Scan Option is set to On by default. The Plugin Firewall will need to be setup manually if the Wizards are unable to complete this automatically. DB Monitor: Use Default or Keep Existing Settings: If you are re-running the Setup Wizard and you have setup the DB Monitor to monitor additional DB Tables then choose the “Keep Existing DB Monitor Settings” option. |
Login Security New Option/Option Change & Misc:New Option/Option Change: Disable Password Reset Frontend Only, Disable Password Reset Frontend & Backend. Displayed message: BPS Login Security Disable Password Reset Frontend & Backend is turned On. Backend Password Reset has been disabled. To enable Backend Password Reset click here. Displayed on Pages: profile.php, user-edit.php, user-new.php. Login Security Dynamic DB table Auto-scroll added. |
S-Monitor New Options/Option Name Changes:New Monitoring and Alerting Options: Database Monitor: DBM Status, Database Monitor: DBM Alerts, Database Backup: DBB Status. Several option name changes for naming convention uniformity. New Email Alerting & Log File Options: DBM: When A Database Change/Modification Occurs…, DB Monitor Email/Delete Log File, DB Backup Log File Email/Delete Log File. |
ini_set Options New Options:3 New ini_set Options automatically added to the wp-config.php file during upgrade and Setup Wizard: session.cookie_httponly, session.cookie_secure & session.use_only_cookies. |
New Dismiss Notice: BPS Pro 9.0 Major Version Release New Feature NotificationsSince BPS Pro 9.0 is a major version release with a lot of major changes to BPS Pro a dismiss notice was created so that folks take a look at the Whats New page for information on what has changed, new optional settings and recommended settings. |
New Dismiss Notice: Plugin Firewall Notice: A plugin has been installed or deletedDismiss Notice Text: “If you deleted a plugin then click the Dismiss Notice link below to Dismiss this Notice. If you installed a plugin then Click Here to go to the Pro-Tools cURL scanner and rescan your website for any new Plugin Firewall whitelist rules that need to be added to the Plugin Firewall Whitelist text area for this plugin. Or you can run the Pre-Installation and Setup Wizards again.” |
BugFixes/Code Corrections/Misc/Other:php warning error if wp_bpspro_arq_add DB Table does not exist: 4-9-2014 |
Tags: BPS Pro 9.0 Whats New, BulletProof Security Pro 9.0 Whats New
Categories: BulletProof Security Pro