BulletProof Security Blog

Whats New In BulletProof Security Pro 11.8

Comments Off

Author: AITpro Admin
Published: May 15, 2016
Updated: May 15, 2016

New Setup Wizard Options Option: Enable|Disable htaccess Files:

Setup Wizard Enable|Disable htaccess Files Forum Topic
The BPS Apache Modules and Directives testing code checks if mod_access_compat and/or mod_authz_core or mod_rewrite are loaded or can be processed (converted/translated) by your server by using a testing htaccess file and then checking the responses from your server. If BPS detects that your website/server cannot use htaccess files/code based on the responses from your website/server then BPS will automatically save/set the Setup Wizard Option > Enable|Disable htaccess Files setting to > htaccess Files Disabled. Automation Compatibility: htaccess features and files are automatically disabled if the Apache server does not have the necessary/required Modules loaded to use htaccess code/files. If the server type is Windows, Nginx or LiteSpeed and the server does not have the necessary conversion/translation configuration to use htaccess code/files then htaccess features and files are automatically disabled. Manual Usage: The Enable|Disable htaccess Files Option can be used to manually override the automated BPS Apache Modules and Directives checking code to manually disable or enable all BPS htaccess features. See the Setup Wizard Enable|Disable htaccess Files Forum Topic link above for details.

New System Info Page Checks: Total Plugins Installed & Total Plugins Activated:

Displays Total Plugins Installed & Total Plugins Activated. Usage: Troubleshooting issues/problems where excessive plugins are installed and/or are out of memory issues/problems that appear to be plugin conflicts instead of out of memory problems.

New System Info Page Checks: GD Library Extension/Version – ImageMagick Extension/Version:

Checks if the GD Library extension is loaded and displays the version. Checks if the ImageMagick extension is loaded and displays the version.

New S-Monitor Simple Email Tests Option:

S-Monitor additional email test option added for the WordPress wp_mail() function/PHPMailer under Simple Email Tests Form.

New Dismiss Notice: Wordfence WAF Firewall HUD Dismiss Notice:

Detects Wordfence htaccess code problems and displays help info with a forum link for solutions.

Other|Misc:

• Compatibility|Enhancement|Improvement: Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): Additional checks for compatibility with server configurations that do not have the necessary standard modules or directives loaded/configured to use htaccess files. Improved test/checking results accuracy: expected: 99%|hopeful: 100%. Displays conclusive Modules and Directives status response results. Function called in: Pre-Installation Wizard, BPS Upgrade, System Info & Core In-page check. Creates|Updates new DB option for Enable|Disable htaccess Files Setup Wizard Option. Displays: mod_access_compat, mod_authz_core, mod_authz_host and mod_rewrite checking/testing status results.
• Enhancement: Delete and Run text added under individual DB Backup dynamic form checkboxes.
• Enhancement: View, Restore and Delete text added under individual Quarantine dynamic form checkboxes.
• Enhancement: Security Log sort Security Log Entry Types.
• Enhancement: Add list of Security Log Entry Types directly in the automated Security Log zip emails.
• Enhancement: XTF Form Dashboard Reminder Alert. If the XTF Form is not locked a Dashboard Reminder Alert will be displayed.
• Improvement: PHP Error Log in-page help text and link added to PHP Error Log troubleshooting forum topic.
• Improvement: Plugin Firewall Deactivation: Plugin Firewall AutoPilot Mode is now turned Off when the Plugin Firewall is deactivated. Plugin Firewall Activation: Additional checks and messaging when the Plugin Firewall is activated to check if AutoPilot Mode is turned On or Off.
• Improvement: System Info PHP Version Check displays PHP version.
• Improvement: System Info table title change from: SQL Database|Permalink Structure|WP Installation Folder|Site Type to: SQL Database Info|WordPress Site Info|Misc Checks.
• Improvement: System Info WordPress Site Info checks order changed.
• Improvement: Form option naming convention changes from Turn On|Turn Off to X On|X Off for: Login Security, JTC, ISL, ACE, UI|UX, DB Backup, Plugin Firewall AutoPilot Mode, AutoRestore, ini_set Options, DB Monitor, File Lock, Folder Lock and Setup Wizard Options form option names. Special thanks to Laughter On Water: http://low.li/ for this excellent idea.
• Improvement: Automated email alert: AutoRestore is turned Off help text improved. Additional help text info regarding WP Manual and Automatic updates.
• Improvement: Remove class update-nag for various Status Display error checking divs to output error messages inline/newline.
• AutoFix: Plugin Firewall|AutoPilot Mode: Automatically remove duplicate or invalid ADDITIONAL ROLES IP code.
• AutoFix: Plugin Firewall|AutoPilot Mode: Automatically remove duplicate BEGIN ADDITIONAL ALLOW FROM RULES blocks of code.
• AutoFix: Plugin Firewall|AutoPilot Mode: Automatically fix blank plugins.htaccess file problem.
• BugFix: Duplicate MIME-Version email headers sent in BPS automated emails. Using standard wp_mail headers array vs concatenation and duplicate MIME-Version header removed.
• BugFix|AutoFix: XTF Form 403 BugFix. The XTF folder htaccess file is obsolete and is automatically removed during BPS Pro upgrade. The Plugin Firewall protects the XTF Form. Note: The Xternal Tools page has 2 layers of protection: Password Protection and the BPS Pro Plugin Firewall.
• BugFix|AutoFix: DB Backup Zip Download 403 error. Overwrite/replace older htaccess file versions on page load.
• BugFix|Form Sanitization: Special thanks to Colette Chamberland: http://cjchamberland.com for finding and reporting a Form Sanitization bug in BPS DB Backup that needed to be corrected/fixed. We appreciate the time and effort Colette Chamberland put into finding this Form Sanitization bug in BPS and reporting it to us.
• BugFix|Form Sanitization: Special thanks to Kacper Szurek: http://security.szurek.pl/ for finding and reporting 2 Form Sanitization bugs in BPS DB Backup that needed to be corrected/fixed. We appreciate the time and effort Kacper Szurek put into finding these Form Sanitization bugs in BPS and reporting them to us.
• BugFix: Undefined variable: response in /wp-content/plugins/bulletproof-security/bulletproof-security.php
• BugFix: Security Log add backslashes to Regex match for Security Log Entry Type: Plugin Firewall AutoPilot Mode New Whitelist Rule$s$ Created.
• BugFix: Dashboard Status Display div broken when ISL and ACE are turned on in S-Monitor, but are not actually turned on in ISL or ACE. Error Check/Message: ISL: Settings have not been saved yet. ISL is not turned On and/or ACE: Settings have not been saved yet. ACE is not turned On.
• Obsolete Removal: Security Status: WordPress Meta Generator Tag Removed and WordPress Version Removed checks.
• Change|Update: Deprecated function get_currentuserinfo replaced with wp_get_current_user().
• Update|Correction: S-Monitor Read Me help text updated with Idle Session Logout (ISL) and Auth Cookie Expiration (ACE) help info.
• Update|Correction: Maintenance Mode Read Me help text formatting corrections.
• Dev Note: Scheduled Crons Pro-Tool improved in-page help text.
• Dev Note: Add isset condition for settings-updated checks. Fixes Undefined index: settings-updated error.
• Dev Note: API server test connection up/down checking code revised.
• Dev Note: Undefined variable: plugin_var variable name change and check: $plugin_var_w3tc and $plugin_var_wpsc.
• Dev Note: ARQ OBDF current to WP 4.5.

BulletProof Security Pro | Comments Off