Major Version Release: Whats New in BPS Pro 5.3
Release Date: 11-18-2012
Sub-release BPS Pro 5.3.1
Sub-release BPS Pro 5.3.2
Sub-release BPS Pro 5.3.3
New Security Features Without Adding Additional Setup Steps For You
Plugin Firewall / Plugins Folder BulletProof Mode
The new Plugin Firewall / Plugins BulletProof Mode is designed specifically to prevent Remote Access to the plugins folder from external sources (remote script execution, hacker recon, remote scanning, remote accessibility, etc.) and only allows internal access to the plugins folder based on this criteria: Domain name, Server IP Address and Public IP / Your Computer IP Address.
BPS Pro automatically creates the Plugins BulletProof Mode .htaccess file and this .htaccess file is also automatically updated by BPS Pro when your Public IP / Computer IP Address changes. The Plugin Firewall / Plugin BulletProof Mode is completely automated and hands off, but manual controls for the Plugin BulletProof Mode have also been created on the BPS Pro Security Modes page for turning this feature On or Off for troubleshooting possible issues or problems. The plugins .htaccess file can be viewed and edited by going to the BPS Pro Edit/Upload/Download page.
Uploads Anti-Exploit Guard / Uploads Folder BulletProof Mode
The new Uploads Anti-Exploit Guard / Uploads Folder BulletProof Mode is designed so that ONLY safe image files with valid image file extensions such as jpg, gif, png, etc. can be accessed, opened or viewed from the uploads folder. Uploads Anti-Exploit Guard blocks files by file extension names in the uploads folder from being accessed, opened, viewed, processed or executed.
If a malicious hacker file with a .php file extension or other file extension name that is blocked by the uploads folder .htaccess file exists in your uploads folder then that file cannot be accessed, opened, viewed, processed or executed, which would render the file completely harmless. All attempts to access, open, view, process or execute a file in the uploads folder with a blocked file extension will result in the file being completely blocked. Additionally a 403 Forbidden error will be logged.
If a .php file is disguised as a .jpg file – example.php.jpg – then it is also blocked from being accessed, opened, viewed, processed or executed, which would render the file completely harmless.
BPS Pro automatically creates the Uploads BulletProof Mode .htaccess file. Uploads BulletProof Mode is completely automated and hands off, but manual controls for the Uploads BulletProof Mode have also been created on the BPS Pro Security Modes page for turning this feature On or Off or for troubleshooting possible issues or problems. The uploads .htaccess file can be viewed and edited by going to the BPS Pro Edit/Upload/Download page. If you have a Network/Multisite installation then you will see an additional .htaccess file editing window for your blogs.dir uploads folder.
Edit/Upload/Download Page: Turn On AutoLock / Turn Off AutoLock
AutoLock is designed to automatically lock your root .htaccess file to save you an additional step of locking your root .htaccess file when performing certain actions, tasks or functions and AutoLock also automatically locks your root .htaccess during BPS Pro upgrades. This can be a problem for some folks whose Web Hosts do not allow locking the root .htaccess file with 404 file permissions and can cause 403 errors and/or cause a website to crash. For 99.99% of folks leaving AutoLock turned On will work fine. If your Web Host ONLY allows 644 file permissions for your root .htaccess file then click the Turn Off AutoLock button. This turns Off AutoLocking for all BPS actions, tasks, functions and also for BPS Pro upgrades.
Edit/Upload/Download Page: Plugins & Uploads .htaccess File Editing:
The plugins folder .htaccess file can be viewed and edited by going to the BPS Pro Edit/Upload/Download page. The uploads .htaccess file can be viewed and edited by going to the BPS Pro Edit/Upload/Download page. If you have a Network/Multisite installation then you will see an additional .htaccess file editing window for your blogs.dir uploads folder.
Security Status Page: Additional File and Folder Permissions Checks:
Several new file and folder permissions checks are now performed and displayed on the Security Status Page.
Visual & Coding Enhancements / Improvements:
Of course, but why not mention it. With each new version release of BPS Pro we review old code and visual appearances for possible improvements and enhancements.