{"id":5221,"date":"2015-12-03T11:23:27","date_gmt":"2015-12-03T19:23:27","guid":{"rendered":"http:\/\/www.ait-pro.com\/aitpro-blog\/?p=5221"},"modified":"2015-12-03T11:23:27","modified_gmt":"2015-12-03T19:23:27","slug":"whats-new-in-bulletproof-security-pro-11-5","status":"publish","type":"post","link":"https:\/\/www.ait-pro.com\/aitpro-blog\/5221\/bulletproof-security-pro\/whats-new-in-bulletproof-security-pro-11-5\/","title":{"rendered":"Whats New In BulletProof Security Pro 11.5"},"content":{"rendered":"\n\n\n\n\n\n\n
\n


\nNew Feature: Folder Lock<\/strong><\/span><\/h3>\n

Folder Lock uses an automated Cron check that monitors your Hosting Account Root folder and checks for any new folders that are created. If a new folder is found in your Hosting Account Root folder that is not already listed in the Folder Lock Table it is automatically locked with 400 folder permissions. BPS Pro upgrades and Setup Wizard setup automatically setup Folder Lock, but Folder Lock is turned Off by default since it is an optional security feature. Folder Lock should only be turned On, on 1 of your websites under a Hosting Account. For your other websites under the same Hosting Account, click the Folder Lock Dismiss Notice and do not turn Folder Lock On, on any of your other websites under the same Hosting Account. The Folder Lock Tools allow you to unlock folders that have been automatically locked. Folder Lock has email alert and Dashboard alert option settings in S-Monitor. For more information about Folder Lock and Folder Lock Tools go to the BPS Pro F-Lock page > Folder Lock tab page > click the Folder Lock Help Info Read Me button.<\/td>\n<\/tr>\n

\n

New Feature: 405 Method Not Allowed Security Logging Template<\/strong><\/span><\/h3>\n

A new 405.php Security Logging template has been created to specifically handle and log HEAD Request errors as HTTP 405 Method Not Allowed Security Log entries. Previously HEAD Request errors were logged as 403 Security Log entries. Note: If HEAD Requests are currently being allowed with customized htaccess code on a website then HEAD Requests will still continue to be allowed and will not be blocked or logged by BPS.<\/td>\n<\/tr>\n

\n

New Root htaccess Code: ERROR LOGGING AND TRACKING & REQUEST METHODS FILTERED<\/strong><\/span><\/h3>\n

ErrorDocument 405 \/wp-content\/plugins\/bulletproof-security\/405.php code is created automatically in the root htaccess file during BPS upgrades. The new ErrorDocument 405 directive htaccess code logs HEAD Requests as HTTP 405 Method Not Allowed Security Log entries. The root htaccess file Request Methods Filtered code has been changed so that HEAD Requests checking has its own individual condition and RewriteRule to handle HEAD Requests specifically and redirect them as 405 Method Not Allowed Requests, which in turn is handled by the ErrorDocument 405 redirect to redirect 405 HEAD Request to the Security Logging template. Note: If HEAD Requests are currently being allowed with customized htaccess code on a website then HEAD Requests will still continue to be allowed and will not be blocked or logged by BPS.<\/td>\n<\/tr>\n

\n

New Plugin Firewall Default Whitelist Rule:<\/strong><\/span><\/h3>\n

A 405.php Security Logging template whitelist rule is automatically created for the Plugin Firewall file during BPS upgrades: RewriteRule ^bulletproof-security\/405.php – [L]. This Plugin Firewall whitelist rule allows\/whitelists 405 Security Logging.<\/td>\n<\/tr>\n

\n

BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:<\/strong><\/span><\/h3>\n

\u2022 Visual CSS Change:<\/strong><\/span> New CSS code changes for visual compatibility with WP 4.4.
\n\u2022 Sanitization|Validation Audit:<\/strong><\/span> Sanitization and Validation coding work performed throughout all BPS.
\n\u2022 Change:<\/strong><\/span> Setup Wizard DBM default S-Monitor email alert option changed to Do not send email alerts.
\n\u2022 Visual Change:<\/strong><\/span> Login Security, Quarantine and S-Monitor display loop messages on single lines with single Refresh button.
\n\u2022 Correction|Enhancement:<\/strong><\/span> XML-RPC Exploit Checker Pro-Tool new individual conditional checks for HTTP Status Codes: 401, 403, 404, 405 or 500.
\n\u2022 Enhancement:<\/strong><\/span> Automatically unlock, delete invalid standard WP Rewrite code and relock root htaccess file.
\n\u2022 Correction:<\/strong><\/span> Prevent creating duplicate or new POST Request Attack Protection code correction during BPS upgrades if someone has commented out the wp-admin Request URI whitelist rule.
\n\u2022 Correction:<\/strong><\/span> htmlspecialchars added to Custom Code error checks for invalid BPS Query String Exploits code and invalid standard WP Rewrite code.
\n\u2022 Correction|BugFix:<\/strong><\/span> ob_end_flush(); added to 403.php logging template.
\n\u2022 Correction|BugFix:<\/strong><\/span> ob_start(); and ob_end_flush(); added to the 400.php and 410.php logging templates.
\n\u2022 Enhancement:<\/strong><\/span> $_SERVER[‘SERVER_PROTOCOL’] condition added to header functions in Security Logging templates.
\n\u2022 Improvement:<\/strong><\/span> The Setup Wizard no longer has a 15 minute Apache Module ifModule check time restriction so that new BPS Core folder self-protection htaccess files are created if needed in real-time.
\n\u2022 Change:<\/strong><\/span> Security Logging check for On|Off. Only checks if 403 Logging is On or Off and no longer checks if other ErrorDocument directives are On|Off.
\n\u2022 Change:<\/strong><\/span> Plugin Firewall AutoPilot Mode check for Security Logging On|Off. Checks if 403 Logging is On or Off and no longer checks if other ErrorDocument directives are On|Off.
\n\u2022 Correction:<\/strong> <\/span>UAEG Read Me help text updated to include help info about UAEG Custom Code feature.
\n\u2022 Enhancement:<\/strong><\/span> Security Log Alert message additional help info and link to S-Monitor created.
\n\u2022 BugFix:<\/strong><\/span> Suppress various insignificant php errors when WP_DEBUG is enabled.
\n\u2022 BugFix:<\/strong><\/span> Plugin Firewall Whitelist by Hostname (domain name) and IP Address automation and manual tools preg_match conditional check error correction. Features affected\/corrected: PFW manual tools, PFW AutoPilot Mode and Setup Wizard.
\n\u2022 Correction:<\/strong><\/span> Pre-Installation Wizard help text regarding handling of blue and red font error messages.
\n\u2022 Enhancement:<\/strong><\/span> Pre-Installation Wizard cURL scan automatically filter out invalid whitelist rules. Plugin Firewall AutoPilot Mode will automatically add any additional whitelist rules that could not be stripped\/cleaned up and validated in the Wizard.
\n\u2022 Procedural:<\/strong><\/span> Dismiss Notice created for Folder Lock optional security feature.
\n\u2022 Procedural:<\/strong><\/span> Automated Folder Lock setup on BPS Pro upgrade and Setup Wizard run.
\n\u2022 Obsolete|Removal:<\/strong><\/span> Publicly displayed Usernames\/User Accounts Dismiss Notice removed.
\n\u2022 Dev Note:<\/strong><\/span> Core upgrade autoupdate function does literal DB option checks and saves default pre-set value or resave existing value. Resolves an issue with BPS Pro upgrades from very old versions to newest version without having to re-run Wizards.
\n\u2022 Dev Note:<\/strong><\/span> Security Log Read Me help text update. 410 Gone and 405 Method Not Allowed help text created.
\n\u2022 Dev Note:<\/strong><\/span> API Server automated email text update to include newer non-email based systems information.
\n\u2022 Dev Note:<\/strong><\/span> Forum Topics pending update:
\n\u2022 http:\/\/forum.ait-pro.com\/forums\/topic\/security-log-event-codes\/
\n\u2022 http:\/\/forum.ait-pro.com\/forums\/topic\/pre-installation-wizard-and-setup-wizard-read-me-first\/
\n\u2022 http:\/\/forum.ait-pro.com\/forums\/topic\/siteground-supercacher-cannot-modify-header-information-php-error\/#post-26354
\n\u2022 http:\/\/forum.ait-pro.com\/forums\/topic\/incapsula-cdn-401-error-authorization-required\/
\n\u2022 http:\/\/forum.ait-pro.com\/forums\/topic\/root-and-wp-admin-htaccess-file-significant-changes\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

New Feature: Folder Lock Folder Lock uses an automated Cron check that monitors your Hosting Account Root folder and checks for any new folders that are created. If a new folder is found in your Hosting Account Root folder that is not already listed in the Folder Lock Table it is automatically locked with 400 […]<\/p>\n","protected":false},"author":167,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[393],"tags":[621,622],"class_list":["post-5221","post","type-post","status-publish","format-standard","hentry","category-bulletproof-security-pro","tag-bps-pro-11-5-whats-new","tag-bulletproof-security-pro-11-5-whats-new"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/5221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/users\/167"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/comments?post=5221"}],"version-history":[{"count":0,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/5221\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/media?parent=5221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/categories?post=5221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/tags?post=5221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}