Follow @BPSPro

 

AutoRestore Generation 2 ~ BPS Pro 5.1.6

AutoRestore Menu: AutoRestore now has its own menu link under BPS Pro menus and its own designated options page. The AutoRestore Log now has its own designated page, which you can view by clicking on the AutoRestore menu link and clicking on the AutoRestore Log tab.

Description of how AutoRestore CM works

AutoRestore will compare your backed up AutoRestore files to your existing Root files.  If they do not match then AutoRestore will automatically restore your Root files with good backed up AutoRestore files.  Full site AutoRestore is coming in BPS Pro 5.1.8.  AutoRestore is not intended to replace your existing Backup and Restore plugin or your disaster recovery plan.  You should still implement a Backup and Recovery plan when using AutoRestore. 

The primary focus of BPS Pro 5.1.6 was to complete AutoRestore Generation 2. AutoRestore now contains several new features to ensure WP upgrades go perfectly without any problems, generates a WP Dashboard alert if another plugin has written to a WP Core Root file and any time a file has been autorestored, includes a last modified AutoRestore log file time reset button, includes several manual AutoRestore controls, real time file check displayed directly on the AutoRestore page –WARNING!!! WP Core Root files have been modified and / or do not match your backed up AutoRestore WP Core Root Files or AutoRestore File Status: Your backed up AutoRestore files match your WP Core Root Files and includes an Old WP Core Root file cleanup option to remove old WP Core Root files that are no longer being used as of WP 3.3.1. Please read the extensive help info contained in the Read Me help button on the AutoRestore page for specific details about all the new features in AutoRestore Generation 2.

AutoRestore Screenshots

AutoRestore RootAutoRestore Log

To allow another plugin to write to your protected files.

1. Unlock whichever files need to be unlocked to allow another plugin to write to them.
2. Turn off AutoRestore.
3. Perform the steps required by another plugin to write code to protected files.
4. After the plugin is done writing whatever code it needed to write to these files then…
5. Click the AutoRestore Backup Files Now button to save those newly updated files to the AutoRestore backup folder.
6. Turn AutoRestore back on.
7. Lock your files again with F-Lock.

Note:  As of BPS Pro 5.1.7 all future upgrades of BPS Pro are One Click and all files are automatically updated to the current version of BPS Pro, which means nothing else needs to be done to any files – they are updated automatically.

 

AutoRestore – WP Core Root Files Read Me

AutoRestore Quick Setup Steps

1. Click the Backup Files Now button to back up your WP Core Root files. If your website was previously hacked before installing BPS Pro then you want to make sure your WP Core Root files do NOT contain any hackers code in them before backing them up.

2. Select the Cron Check Frequency that you would like to use. It is recommended that you choose either Run Cron Check Every 5 Minutes or Run Cron Check Every 10 Minutes.

3. Select Turn On Cron and click the Save Cron Options button.

IMPORTANT NOTES:
1. When a new version of WordPress is available you will see this warning – WARNING!!!! AutoRestore Is On – AutoRestore MUST be turned Off before Upgrading WordPress. Click Here to go to AutoRestore and turn Off the Cron check before Upgrading WordPress. When you see this warning – Turn Off AutoRestore. After you have upgraded WordPress click the Delete Backup Files button and then click the Backup Files Now button to create new backed up AutoRestore files and then turn AutoRestore back On.
2. Every time a file has been autorestored you will see this AutoRestore Alert – AutoRestore Alert!!! A file has been restored with AutoRestore. Click Here to go to the AutoRestore page. You can then click on the View AutoRestore Log button to view which file has been restored.
3. If a plugin needs to write to one of your WP Core Root files temporarily or you are manually editing WP Core Root files then AutoRestore MUST be turned Off or AutoRestore will automatically replace the file. The entire contents of the file that was restored is logged in your AutoRestore Log.
4. If a plugin has written to a WP Core Root file and the file was autorestored then you will see this AutoRestore Alert – AutoRestore Alert!!! A file has been restored with AutoRestore. Click Here to go to the AutoRestore page. You can then click on the View AutoRestore Log button to view which file has been restored. The entire contents of the file that was restored is logged in your AutoRestore Log. To allow a plugin to write to a WP Core Root file – Turn Off AutoRestore and repeat whatever steps you were doing when the file was autorestored. In some cases you will need to deactivate and reactivate the plugin in order to allow it to write to your WP Core Root files again with AutoRestore turned Off. After the plugin has written to the WP Core Root file click the Backup Files Now button to create a new backup of that WP Core Root file.
5. AutoRestore MUST be turned Off when you put your website in Maintenance Mode or AutoRestore will automatically replace your maintenance mode .htaccess file.
6. Any time a WP Core Root file has been manually modified and you want to save those new changes you will need to click on the Backup Files Now button to create a new backed up AutoRestore file. This should be done while AutoRestore is turned Off. If you are manually modifying WP Core Root files while AutoRestore is turned On then the file will most likely be autorestored before you create a new backup of that file by clicking the Backup Files Now button.
7. NOTICE: Old WP Core Root Files Exist In Your Website Root Folder – this file check looks for old WP Core Root files that are no longer used in WP 3.3.1 and 3.4. You can safely delete these old files using the Delete Old WP Files button.

The Why and How About AutoRestore 
This new website security feature is a countermeasure security approach to Brute Force FTP Password Cracking attacks and other attacks directed at your Web Host Server directly that lead to code injection into the WP Core Root files. BPS already protects your website from direct hacking attempts against your website, but it is not possible for BPS Pro to protect your Web Host Server directly. AutoRestore is countermeasure website security that will automatically restore your WP Core Root Files if a hacker has compromised your Web Host Server and injected code into your WP Core Root files. The most vulnerable files in this type of direct attack on a Web Host Server are the WP Core Root files.

There are 4 monitoring and alerting options for AutoRestore.
1. Display the AutoRestore Status in your WP Dashboard or BPS pages Only.
2. Send an email alert if a file is restored.
3. AutoRestore Log – logs the file name, file path, date and time a file was automatically restored and the entire contents of the file that was restored.
4. WP Dashboard AutoRestore Alert – if a file is restored with AutoRestore you will see an AutoRestore Alert!!! warning alert in your WordPress Dashboard. To clear the AutoRestore Alert message click on the Click Here link contained in the AutoRestore Alert message, which will take you to AutoRestore page. Click on the Reset Last Modified Time in DB button to clear the AutoRestore Alert message.
NOTE: The BPS Root .htaccess file is also protected with AutoRestore and if you edit your Root .htaccess file while AutoRestore is on your new edited Root .htaccess file is automatically backed up to the AutoRestore folder so that it is current and identical.
NOTE: If a Host Server is compromised / hacked it is even possible to bypass F-Lock and still write to a file that is locked with Read-Only permissions. You may never need AutoRestore, but it is nice to know that if your Host Server is compromised and code is injected into your WP Core Root files they will be automatically restored with good backup files.

AutoRestore Log Last Modified Time:
When you see the WP Dashboard AutoRestore Alert message that a file has been restored you can clear that alert message by clicking the Reset Last Modified Time in DB button, which will synchronize the actual last modified time of the AutoRestore Log file with the last modified timestamp for the AutoRestore Log file that is saved in your WordPress Database.

Manual Controls Explained

Delete Backup Files – Has pop up confirm protection. When you click on the Delete Backup Files button you will be prompted to click OK or Cancel so that you do not accidentally delete your backed up files. The primary use for this button is to remove old backed up WP Core Root files that are no longer being used by WP when upgrading WP. There are 6 files in WP 3.3.1 that are no longer being used: wp-atom.php, wp-commentsrss2.php, wp-feed.php, wp-rdf.php, wp-rss.php and wp-rss2.php. Also wp-pass.php has been removed in WP 3.4. These old files were not automatically removed when you upgraded from WP 3.2.1 to 3.3.1 and may still be in your website Root folder. By deleting these old backed up AutoRestore files you will be removing those old WP files that are no longer being used by WP. After you have upgraded WP and deleted your old backed up files you would then create new backed up AutoRestore files by clicking the Backup Files Now button to create new backed up AutoRestore files. Any time you want to delete your backed up AutoRestore files you would use this button and then once you are done with whatever you were doing then you would click the Backup Files Now button to create new backed up AutoRestore files.

Show Modified Files – If any of your WP Core Root files do not match your backed up AutoRestore files you can display a list of files that have been modified and do not match identically. The list will display the File name the Filesize and the Last Modified Time. As shown in the Example 1 below. Show Modified Files will also display the status of old WP Core Root files that are no longer being used by WP. If you have deleted these old WP Core Root files with theDelete Old WP Files button then you will see a check that displays that the file does not exist. As shown in Example 2 below. This WP old file check will remain for troubleshooting purposes.

Example 1:
WP Core Root File: wp-app.php | Filesize: 40289 | Last Modified Time: Mar 26 2012 19:54:17
AutoRestore File: auto_wp-app.php | Filesize: 40243 | Last Modified Time: Mar 25 2012 22:59:11 

Example 2:
WP Core Root File: wp-pass.php does not exist. As of WP 3.4 wp-pass.php is no longer being used.
AutoRestore File: auto_wp-pass.php does not exist.

If your WP Core Root files match your backed up AutoRestore files then you will see this message displayed to you when you click the Show Modified Filesbutton. There are no modified file differences to display. Your WP Core Root Files match your backed up AutoRestore WP Core Root Files exactly.

Restore Files Now – Has pop up confirm protection. When you click on the Restore Files Now button you will be prompted to click OK or Cancel so that you do not accidentally restore / overwrite your WP Core Root files. The primary use for this button is to allow you to manually restore any modified WP Core Root files with backed up AutoRestore files while the AutoRestore Cron is turned Off. This button is for testing and troubleshooting. If you have manually made editing changes to your WP Core Root files that you want to keep then click Cancel so that you do not replace your manually edited WP Core Root files.

Delete Old WP Files – Has pop up confirm protection. When you click on the Delete Old WP Files button you will be prompted to click OK or Cancel so that you do not accidentally delete Old WP Core Root files that you may want to keep. The primary use for this button is to allow you to delete Old WP Core Root files in your website Root folder that are no longer being used or included in WP 3.3.1 or WP 3.4. You can safely delete these Old WP files by turning AutoRestore Off, then click the Delete Old WP Files button, then click the Delete Backup Files button, then click the Backup Files Now button and then turn AutoRestore back On. If you have customized any of these files or are still using them with a version of WP older then 3.3.1 you can leave these Old files. BPS will still continue to protect and autorestore these files if they exist.

BPS Pro 5.1.8 will have Full Site AutoRestore – All Files will be protected with AutoRestore

 

AutoRestore Generation 1 ~ BPS Pro 5.1.5

AutoRestore CM is a brand new feature and a brand new concept for restoring WordPress Files automatically introduced in BPS Pro 5.1.5.

Description of how AutoRestore CM works

AutoRestore will compare your backed up AutoRestore files to your existing Root files.  If they do not match then AutoRestore will automatically restore your Root files with good backed up AutoRestore files.  Full site AutoRestore is coming in BPS Pro 5.1.8.  AutoRestore is not intended to replace your existing Backup and Restore plugin or your disaster recovery plan.  You should still implement a Backup and Recovery plan when using AutoRestore. 

B-Core AutoRestore CM: This new website security feature is a countermeasure security approach to Brute Force FTP Password Cracking attacks against your Web Host Server directly that lead to code injection into the WP Core Root files. BPS already protects your website from direct hacking attempts against your website, but BPS cannot protect your Web Host Server directly. AutoRestore CM is countermeasure website security that will automatically restore your WP Core Root Files if a hacker has compromised your Web Host Server and injected code into your WP Core Root files. The most vulnerable files in this type of attack on a Web Host Server are the files in the root folder. There are 3 monitoring options for AutoRestore CM. 1. Display the AutoRestore Status in your WP Dashboard or BPS pages Only. 2. Send an email alert if a file is restored. 3. AutoRestore Log – logs the filename, date and time it was automatically restored and the contents of the file that was restored.  NOTE: The BPS Root .htaccess file is also protected with AutoRestore and if you edit your Root .htaccess file while AutoRestore is on your new edited Root .htaccess file is automatically backed up to the AutoRestore folder so that it is current and identical.

Troubleshooting

AutoRestore works perfectly (and a little too well right now), but there a few situations where you may end up in an “AutoRestore Loop”.  Since this is a brand new concept we will be perfecting this new feature so that it will perform in a way that it will not interfere with other plugins and also be more intuitive or display additional notifications as to the possible issue or problem.

Here are the problem scenarios at this point that are being worked on to better perfect AutoRestore CM.

W3TC is not able to write .htaccess code to the root .htaccess file

If you are using W3TC and you turn AutoRestore Off in order to redeploy W3TC.  Redeploying W3TC means that W3TC is writing .htaccess code to your Root .htaccess file.  So since your backed up autorestore .htaccess file will now be different from your Root .htaccess file, then if you turn on AutoRestore after redeploying W3TC, then the Root .htaccess file will be replaced with the autorestore backup file.  Currently the solution is to make another backup of your files in AutoRestore before turning it back On.

Note:  If you are unable to redeploy W3TC after doing the top 2 steps you will need to deactivate W3TC and reactivate it with both steps 1 and 2 done first.  I am working on a more streamlined method to handle this issue, but for now normally just 1 and 2 above need to be done first before redeploying / Enabling W3TC. 

Note:  There are actually 2 things in BPS Pro that will interfere with W3TC first time installations. F-Lock and AutoRestore. If you are installing W3TC after BPS Pro is installed then you would need to first turn off AutoRestore, then unlock both the wp-config.php and root .htaccess files with F-Lock before installing and activating the W3TC plugin. After W3TC has successfully written its .htaccess code to the Root .htaccess file you will then need to go to the AutoRestore page and click Backup Files Now. You can then lock the wp-config.php file and Root .htaccess files again. We are working on a better and more streamlined way to do this, but for now these are the necessary steps to ensure that W3TC is setup correctly.

The 2 Root files that plugins will typically write to are the Root .htaccess file and the wp-config.php file.  If a plugin is writing to these files then AutoRestore needs to be turned off first, then once the file has been written to by that plugin the Root files need to be backed up again in AutoRestore CM before turning it back On.

BPS .htaccess writing is directly tied into AutoRestore so that if you use the BPS Pro built-in .htaccess File Editor and edit your Root .htaccess file and save those changes your new .htaccess file is also copied to the autorestore backup folder at the same time – this ensures that both your autorestore backup file and your Root .htaccess file are identical and AutoRestore will not automatically restore the Root .htaccess file because they match.

These are the top 3 proposed solutions to streamline and perfect AutoRestore CM:

1.  Create pop up alerts when another plugin tries to / or does write to the .htaccess file.  Alerting you that you need to make another backup of the files in AutoRestore so that they match and AutoRestore will not automatically restore the file.

2.  Have a pop up message displayed any time your autorestore backed up file does not match your Root file.

3.  Add a pop up confirm message on a timer that prompts you if you want to allow AutoRestore to restore a particular file.  This will allow the user to stop the autorestore from occurring.  If no choice is made after 10 seconds then the file is automatically restored.

 

You will find this help information below by clicking the Read Me help button on the AutoRestore CM page in B-Core.

AutoRestore – WP Core Root Files Read Me

AutoRestore CM Setup Steps

1. Click the Backup Files Now button to back up your WP Core Root files. If your website is currently hacked then you want to make sure your WP Core Root files do NOT contain any hackers code in them before backing them up.

2. Select the Cron Check Frequency that you would like to use. It is recommended that you choose Run Cron Check Every 5 Minutes.

3. Select Turn On Cron and click the Save Cron Options button.

NOTE: AutoRestore CM must be turned Off when you put your website in Maintenance Mode or AutoRestore will automatically replace your maintenance mode .htaccess file.

The Why and How About AutoRestore CM
This new website security feature is a countermeasure security approach to Brute Force FTP Password Cracking attacks against your Web Host Server directly that lead to code injection into the WP Core Root files. BPS already protects your website from direct hacking attempts against your website, but BPS cannot protect your Web Host Server directly.

AutoRestore CM is countermeasure website security that will automatically restore your WP Core Root Files if a hacker has compromised your Web Host Server and injected code into your WP Core Root files. The most vulnerable files in this type of attack on a Web Host Server are the files in the Root folder.

There are 3 monitoring and alerting options for AutoRestore CM. 1. Display the AutoRestore Status in your WP Dashboard or BPS pages Only. 2. Send an email alert if a file is restored. 3. AutoRestore Log – logs the filename, date and time it was automatically restored and the contents of the file that was restored.  NOTE: The BPS Root .htaccess file is also protected with AutoRestore and if you edit your Root .htaccess file while AutoRestore is on your new edited Root .htaccess file is automatically backed up to the AutoRestore folder so that it is current and identical.  NOTE: If a Host Server is compromised / hacked it is even possible to bypass F-Lock and still write to a file that is locked with Read-Only permissions. You may never need AutoRestore, but it is nice to know that if your Host Server is compromised and code is injected into your WP Core Root files they will be automatically restored with good backup files.

AutoRestore CM For Your Entire Site / All Files
We are currently developing additional AutoRestore coding that will allow you to choose AutoRestore protection options for all of your files under your entire website with.

Skip to toolbar