Follow @BPSPro

BPS Pro 5.1 New Features – Whats New In BulletProof Security Pro 5.1

2 Comments RSS Site Feed Author: AITpro Admin
Published: November 18, 2011
Updated: December 8, 2011

 

BPS Pro 5.1 released on 11-18

Only the Beginning ~ Lots More To Come! 

If BPS Pro seems intimidating to you do not worry – BPS Pro is a “Smart Plugin”.  What is a Smart Plugin?  BPS Pro is designed to check everything in real time.  If something is not done that needs to be done BPS Pro alerts you about it.  If something is set up incorrectly BPS Pro displays alerting and warning messages and provides Help info and links on what needs to be corrected.  BPS Pro also contains extensive Help Hover Tooltips throughout all the Plugin pages. 

At this point in the evolution of BPS Pro it is safe to say that BPS Pro 5.1 is by far the most comprehensive, effective and complete Website Security Solution for WordPress websites.  The BPS Pro 5.1 .htaccess files contain a massive amount of new Security Exploits Filters to block browser based hacking attempts, the php.ini files contain optimum Security and Performance settings for maximum security and performance boosts for WordPress websites, file locking on the fly for WordPress Mission Critical files to protect against Mass Code Injection attacks on Web Hosts, PHP Error logging, automatic HTTP 403 Error Logging to log and track hacking attempts against your website, built-in Monitoring and Alerting, extensive System Info and lots more.  We are not stopping here – Lots More To Come! 

General BPS Pro Info:
 
BPS Pro checks everything in real time so there is no need to worry about forgetting to set something up or setting something up incorrectly. If something is not set up or is set up incorrectly you will see an alert or warning about what needs to be done to correct the problem.
 
Upgrading BPS Pro: When upgrading BPS Pro you will see alerts and warnings that your site is not protected. Unfortunately, this is necessary thing in order to ensure that you are using the latest BPS Pro Master .htaccess files on your website. Your website is ALWAYS protected with BPS Pro security no matter what unless you actually do something to unprotect your website, such as putting your website in Default Mode. When upgrading BPS Pro, ONLY the BPS Pro plugin files are updated / upgraded. This means that all of your settings and security files (.htaccess and php.ini) remain unchanged and are not affected by upgrading BPS Pro. If you have created additional files within the BPS Pro plugin folders they are NOT affected by upgrading BPS Pro and will NOT be removed, deleted or overwritten. The upgrade will ONLY overwrite BPS Pro plugin files so if you have added additional custom coding to any BPS Pro plugin files then be sure to back them up first before upgrading. BPS Pro Log files WILL be overwritten so if you want to keep your old php error log and http error log (403 error log) files then be sure to use BPS Pro Zip backup to backup your current version of BPS Pro first before upgrading to a new version. When Activating new Master .htaccess files for your website (Activating BulletProof Mode) be sure to back up your old .htaccess files first using the BPS built-in Backup and Restore feature. Another very handy options is to save any custom .htaccess code inbetween upgrades to the My Notes page. This allows you to copy and permanently save any custom .htaccess code or .htaccess code modifications that you have added to your .htaccess files so that you can quickly copy that custom .htaccess code back to your new Master .htaccess files before activating them. You could copy your entire Root .htaccess file to the My Notes page if you want as well.
 
IMPORTANT CORRECTIONS!!!
A custom php.ini file output_buffering directive change needs to be made to the custom php.ini file for your website if you see that the Status is displaying blank. This is because output_buffering = Off is being used. The information on the Internet (even PHP.net) about the output_buffering setting is incorrect and we used Off in the BPS Pro 5.0 Master php.ini files. Please correct this by changing Off to 0 in your custom php.ini file. EGPCS should be changed to GPCS in your custom php.ini file (With the exception of MediaTemple sites – MediaTemple sites MUST use EGPCS). This will boost the performance of your website.
 
New Enhancements / Improvements / Additions / Features:
 
BPS Master .htaccess Files: The new BPS Pro Master .htaccess files contain a massive amount of new thoroughly tested Security Exploit Filters, Error Logging code and many other new .htaccess code additions. IMPORTANT NOTE: Thumbnailer scripts are Forbidden by default in the Root .htaccess file. If your Theme or Plugins are using a thumbnailer script (TimThumb.php, Thumb.php, Thumbs.php or phpThumb.php) then please ensure that those scripts are the latest security patched versions of the thumbnailer script before changing the Thumbnailer Scripts Forbidden Rule to a Skip Rule. Please take a minute to look at the new Root .htaccess file using with the built-in File Editor on the B-Core Edit/Upload/Download page.
 
BPS Pro Error Logging and Tracking: HTTP Error Logging .htaccess code and files have been added to BPS Pro 5.1 to automatically log 403, 400 and 404 (404 error logging requires a quick additional set up step) HTTP errors. As soon as you create your new BPS Pro 5.1 Master .htaccess files with the AutoMagic buttons and Activate your new Master .htaccess files (Activate BulletProof Mode), BPS starts logging 400 and 403 errors that occur on your website. 403 Forbidden Errors that are logged are typically hackers trying to run hacking scripts on your website. When a hacker attempts to hack your website the hackers IP address, Host name, Request Method, Referering link, the file name or requested resource, the user agent of the hacker and the query string used in the hack attempt are logged. To view your HTTP error log file, copy the path to your HTTP Error Log shown on the P-Security Php.ini Options page to any available empty slot in the File Manager and open it with Php.ini File Editor. NOTE: If you want to download, collect and decode hackers scripts then in your HTTP error log file you would use the REQUEST_URI: URL path shown to download the hackers script. CAUTION: To do this safely you should use FireFox with the NoScript Add-on installed and have Anti-virus software installed on your computer. Also if your Anti-virus software does not have Internet Security bundled with it then I recommend getting additional Internet Security software to protect your computer before collecting hackers scripts. After you have downloaded the hackers script you can decode it with the BPS Pro Base64 decoder. We have quite a large collection of Hackers Shell scripts like c99, r57, AluCar using this script collecting method.
 
Activation
Activation is now required for BPS Pro. BPS Pro Activation Keys are website specific. This BPS Pro Activation Key will only activate BPS Pro on the website specified below. If you have several websites use the Get Key button on each website to get your Activation Key for each website. This ensures that your Activation Key is unique to your website and cannot be used on another website, as well as preventing piracy.
 
B-Core
Security Modes Page: Additional AutoMagic buttons and coding have been created for Network / Multisite WordPress websites.
 
Security Status Page: File and Folder permission checking for CGI or DSO and file and folder permission checking changes and recommendations.
 
System Info Page: Additional Website / Server / IP info added – Parent Directory, Host by Address and Server API info checks added.
 
Edit/Upload/Download Page: File Permission check for the Root .htaccess file. Lock and Unlock Root .htaccess file buttons added for CGI. If DSO is detected the Lock and Unlock buttons are not displayed. Currently Active file downloads has been removed.
 
P-Security
Coding improvements and enhancements throughout P-Security.
 
New Page – Php.ini Security Status Page: Displays the primary Security & Performance Features added by your BPS Pro Custom php.ini file. This page also allows you to see at a glance any corrections that may need to be done to your custom php.ini file and explains what the primary security features in a BPS Pro custom php.ini file do for your website. IMPORTANT CORRECTIONS!!! A custom php.ini file output_buffering directive change needs to be made to the custom php.ini file for your website if you see that the Status is displaying blank. This is because output_buffering = Off is being used. The information on the Internet (even PHP.net) about the output_buffering setting is incorrect and we used Off in the BPS Pro 5.0 Master php.ini files. Please correct this by changing Off to 0 in your custom php.ini file. EGPCS should be changed to GPCS in your custom php.ini file. This will boost performance of your website.
 
S-Monitor
Php.ini File: Has Been Created, Valid and Error Checks: BPS now performs several additional checks to ensure that your custom php.ini file is set up correctly and will display several different possible warning or error messages depending on the problem if one is found. For more info check the Read Me hover Tooltip on the S-Monitor page.
 
F-Lock: Check File Lock / Unlock Status: This is a new displayed warning and alerting option for F-Lock. You will see warning or error messages displayed if your Mission Critical files are Unlocked. For more info check the Read Me hover Tooltip on the S-Monitor page.
 
Pro-Tools
New Page – Online Base64 Decoder: Allows you to safely and securely decode hackers scripts or other base64 code on your website. Decodes 13 of the most common decoding and decompressing base64 methods. Code is written to a text file, not outputted to your browser, and then zipped for safe downloading and unzipping. For more info check the Read Me Hover Tooltip on the new Online Base64 Decoder page.
 
New Page – Offline Base64 Decoder: Allows you to safely and securely decode hackers scripts or other base64 code on your website. This is intended for Offline use ONLY, such as decoding base64 code on an installation of XAMPP or MAMPP. Base64 code is outputted to the browser as Raw Code Output. The Offline Base64 Decoder decodes 13 of the most common decoding and decompressing base64 methods. It also allows you to base64_encode with 13 different encoding and compression function combinations.
 
New BPS Core Module:
F-Lock: The primary purpose for locking Mission Critical files is to protect them against Mass Code Injection attacks on Web Hosts. Mass Code Injection attacks specifically target the files listed in F-Lock and if Group Permissions file permissions Read (not even Write, just Read alone) is allowed then these files can be written to by exploiting Group Permissions on Shared Web Hosting. F-Lock checks if your Host is using CGI or DSO and displays the appropriate Permissions and Status table by checking your Host�s SAPI. F-Lock allows you to quickly and easily Lock or Unlock your Mission Critical files without having to use FTP or your Host Control Panel. For more information please check the Read Me Hover Tooltip on the F-Lock page.
 
And of course lots more coding improvements and enhancements. These are some of the more significant BPS Pro core improvements.

 

Skip to toolbar