MScan Malware Scanner BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
Scheduling automated MScan scans is only available in BPS Pro.
MScan Malware Scanner General Info: MScan is a malware scanner that scans website files for hacker files or code and scans the WP database for hacker code. If you are looking for something that is much more advanced, automated and superior to all/any malware scanners including MScan then we have already created that in BPS Pro > AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS), which is also a file scanner, but ARQ IDPS does not scan for malicious hacker code and instead uses an unbeatable method to protect website files in real-time.
Malware scanners are an "after the fact" security detection feature vs the ARQ IDPS scanner, which is a real-time security prevention feature. If your website is already hacked then a malware scanner will find hacker code and files and make website hack cleanup much easier and quicker to do. If your website is clean of any hacker files or code and you are using BPS Pro ARQ IDPS then your website will always remain clean of any hacker files or code since ARQ IDPS is a real-time security prevention feature that automatically autorestores files that have been tampered with and quarantines any malicious files that are uploaded to a website.
- MScan Malware Scanner Guide
- MScan Troubleshooting & Code Posting
- Start Scan Clicking the Start Scan button starts a scan.
- Stop Scan Clicking the Stop Scan button stops a scan.
- Hosting Account Root Folders All of your hosting account folders are checked/selected by default and will be scanned. Checking a checkbox means scan that folder. Unchecking a checkbox means do not scan that folder.
- Max File Size Limit to Scan Files that are larger than 400KB will be skipped by default in a regular scan and can be scanned using a Skipped File scan.
- Max Time Limit to Scan The default time limit for script execution on most web hosts is 300 seconds. The default time limit setting for MScan scanning is also set to 300 seconds. It is not recommended that you increase the time limit higher than 300 seconds.
- Scan Database When Database scan is turned on your WordPress database will be scanned for suspicious code.
- Scan Image Files (Stegosploit|Exif Hack) WARNING: Scanning image files may cause scanning to stop or fail. Most web hosts already have security protection against Stegosploit and Exif image hacks. It is recommended that you do not scan image files.
- Scan Skipped Files Only When Skipped File Scan is On only skipped files will be scanned. Note: The only MScan option setting that has any effect while Skipped File Scan is On is Image File Scan On or Off. You do not need to change any of your other MScan option settings when running a Skipped File scan.
- Automatically Delete /tmp Files When Delete Tmp Files is On, all temporary files will be deleted. Hackers commonly hide hacker files in the /tmp folder.
- Scheduled Scan Frequency (BPS Pro only) You can choose to schedule ongoing automated scans. Note: The BPS Pro ARQ IDPS scanner is far superior to any/all Malware scanners including BPS Pro MScan. Click the MScan Malware Scanner Guide link above for more information regarding using ARQ IDPS and MScan together.
- Scan Time Estimate Tool This tool allows you to check the estimated total scan time of a scan based on your MScan option settings without actually performing/running a scan. Note: This tool does not affect or change any previous scan results except for the Total Scan Time, which will be changed to the estimated scan time. You can stop the scan time estimate if it hangs or is taking too long by clicking the Stop Scan button. Example Usage: You can check or uncheck Hosting Account Root Folders checkboxes and change any other MScan option settings, save your MScan option settings and then run the Scan Time Estimate Tool to get the total estimated time that the actual scan will take.
- Delete Scan Status Tool This tool allows you to delete all of the MScan Status option values. The Scan Completed timestamp, Total Scan Time, Total Files Scanned, Skipped Files, Suspicious Files and Suspicious DB Entries status values will be deleted and will either display blank or 0.
- Delete DB Scan Data Tool This tool allows you to delete/reset all of the database scan data in the View|Ignore|Delete Suspicious Files and View|Ignore Suspicious DB Entries Forms. Note: Any/all changes you have made and saved in these Forms will be deleted. You may want to use BPS DB Backup and do a database backup before using this tool.
- View|Ignore|Delete Suspicious Files This form allows you to view, ignore, unignore or delete suspicious and skipped files. If you are not sure if code is malicious or safe you can copy the code and post the code in the MScan Troubleshooting & Code Posting form topic. See the link above. If you are unsure if a file is a hacker file or not then download a copy of that file before deleting it. When you ignore a file it will no longer be scanned in any future scans. When you unignore an ignored file it will be scanned in future scans.
- View|Ignore Suspicious DB Entries This form allows you to view, ignore or unignore suspicious DB Entries. Note: The view option displays the DB Table, Column, Row ID and the MScan Pattern Match that was detected by the MScan scan. Use phpMyAdmin or a similar tool to check your database Row where the suspicious code was found. When you ignore a DB Entry it will no longer be scanned in any future scans. When you unignore an ignored DB Entry it will be scanned in future scans.
htaccess Core (B-Core) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- htaccess Website Security: .htaccess Firewall Protection against XSS, RFI, LFI, CSRF, CRLF, Base64, Code Injection, SQL Injection..
- Security Modes BPS Free: Root Folder BulletProof Mode, wp-admin Folder BulletProof Mode, Master htaccess Folder BulletProof Mode and BPS Backup Folder BulletProof Mode.
- Security Modes BPS Pro: Root Folder BulletProof Mode, wp-admin Folder BulletProof Mode, Plugin Firewall BulletProof Mode, Uploads Anti-Exploit Guard (UAEG) BulletProof Mode, Master htaccess Folder BulletProof Mode and BPS Backup Folder BulletProof Mode.
BPS Free Inpage Status Display (Displayed in BPS plugin pages only):
- Display Options: Display Status in BPS Only or Turn Off Displayed Status. The Inpage Status Display displays clickable links to BPS Free plugin pages. The BPS Free Inpage Status Display option setting is located on the UI|UX Settings page.
- BPS .xx.x: Displays BPS Version.
- RBM: Root Folder BulletProof Mode. Displays Status On, Error or nothing.
- WBM: wp-admin Folder BulletProof Mode. Displays Status On, Error or nothing.
- LSM: Login Security & Monitoring. Displays Status On|Off.
- MSCAN: Malware Scanner. Displays last scan timestamp (manual scan) or nothing.
- DBB: DB Backup. Displays either No DB Backups, Backup Job Created or the last DB Backup timestamp.
- ISL: Idle Session Logout. Displays Status On|Off or nothing.
- ACE: Auth Cookie Expiration. Displays Status On|Off or nothing.
BPS Pro Dashboard Status Display:
- Display Options: Display Status in WP Dashboard, Display Status in BPS Only or Turn Off Displayed Status. Each Displayed Status option can be turned On or Off individually to display only the BPS Pro Dashboard Status Display items that you want to display/view. The Dashboard Status Display displays clickable links to BPS Pro plugin pages. The BPS Pro Dashboard Status Display options are located in S-Monitor - the Monitoring and Alerting Control Core for BPS Pro.
- BPS Pro xx.x: Displays BPS Pro Version or nothing (turned Off).
- RBM: Root Folder BulletProof Mode. Displays Status On, Error or nothing (turned Off).
- WBM: wp-admin Folder BulletProof Mode. Displays Status On, Error or nothing (turned Off).
- ARQ: AutoRestore|Quarantine. Displays Status On|Off, ARQ Cron Frequency & next check or nothing (turned Off).
- MSCAN: Malware Scanner. Displays last scan timestamp (manual scan), Scan Frequency & next scan (BPS Pro only) or nothing (turned Off).
- DBM: DB Monitor. Displays Status On|Off, DBM Cron Frequency & next check or nothing (turned Off).
- DBB: DB Backup. Displays either No DB Backups, Backup Job Created or the last DB Backup timestamp or nothing (turned Off).
- PFW: Plugin Firewall|AutoPilot Mode. Displays Status On|Off or AutoPilot, Cron Frequency & next check or nothing (turned Off).
- UAEG: Uploads Anti-Exploit Guard. Displays Status On|Off, Error or nothing (turned Off).
- LSM: Login Security & Monitoring. Displays Status On|Off, Error or nothing (turned Off).
- JTC: JTC Anti-Spam|Anti-Hacker. Displays Status On|Off, Error or nothing (turned Off).
- ISL: Idle Session Logout. Displays Status On|Off or nothing (turned Off).
- ACE: Auth Cookie Expiration. Displays Status On|Off or nothing (turned Off).
- Backup & Restore: Backup and Restore .htaccess files.
- htaccess File Editor BPS Free: View and Edit Master .htaccess Files (secure.htaccess, default.htaccess and wpadmin-secure.htaccess) and Current|Active .htaccess files (Your Current Root htaccess File and Your Current wp-admin htaccess File).
- htaccess File Editor BPS Pro: View and Edit Master .htaccess Files (secure.htaccess, default.htaccess and wpadmin-secure.htaccess) and Current|Active .htaccess files (Your Current Root htaccess File, Your Current wp-admin htaccess File, Your Current Plugins htaccess File and Your Current Uploads htaccess File).
- Lock|Unlock Root htaccess File: Lock the Root .htaccess file with 404 Read-Only file permissions. BPS Pro Note: See BPS Pro F-Lock - Lock additional WordPress Mission Critical files - .htaccess, index.php, wp-config.php and wp-blog-header.php files.
- Turn On|Off AutoLock: AutoLock is designed to automatically lock your root .htaccess file to save you an additional step of locking your root .htaccess file when performing certain actions, tasks or functions and AutoLock also automatically locks your root .htaccess during BPS upgrades. This can be a problem for some folks whose Web Hosts do not allow locking the root .htaccess file with 404 file permissions and can cause 403 errors and/or cause a website to crash. For 99.99% of folks leaving AutoLock turned On will work fine. If your Web Host ONLY allows 644 file permissions for your root .htaccess file then click the Turn Off AutoLock button. This turns Off AutoLocking for all BPS actions, tasks, functions and plugin upgrades.
- Custom Code: Add custom .htaccess code, BPS Bonus Custom Code or plugin/theme fixes code to the Root Custom Code or wp-admin Custom Code text boxes to save the .htaccess code permanently so that it will alway be included in your .htaccess files when clicking the AutoMagic buttons and activating BulletProof Modes. BPS Pro Note: BPS Pro has an additional Custom Code text box to save and customize the Uploads Anti-Exploit Guard (UAEG) htaccess file. BPS Free Note: A Reset|Recheck Dismiss Notices button to reset all BPS Dismiss Notices is on the Custom Code page. The Reset|Recheck Dismiss Notices button is on the S-Monitor page in BPS Pro.
- Custom Code Export|Import|Delete Tools: Export, Import and Delete custom htaccess code.
- My Notes: Save custom .htaccess code, personal notes, etc. to your WordPress DB.
Login Security & Monitoring (LSM) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Login Security Email Alerting and Log file options: Choose where you want Login Security email alerts and zipped log files to be sent. Select the maximum Log File size that you want to allow for your Log Files and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the zipped Log file to you and delete it or just delete it without emailing the zipped log file to you first. The Email Alerting & Log File Options Form is identical on the Login Security, Security Log & DB Backup Log pages in BPS free. You can change and save your email alerting and log file options on any of these pages. BPS Pro Note: Login Security Email Alerting and Log file options are on the S-Monitor page in BPS Pro.
- Dynamic Login Security Database Form: You have 3 options: Lock, Unlock or Delete database rows. The Login Security database table is hooked into the WordPress Users database table, but they are 2 completely separate database tables. If you lock a User Account then BPS Pro will enforce that lock on that User Account and the User will not be able to login. If you unlock a User Account then the User will be able to login. Deleting database rows in the Login Security database table does NOT delete the User Account from the WordPress Users database table. When you delete a User Account it is the same thing as unlocking a User Account. To delete actual User Accounts you would go to the WordPress Users page and delete that User Account.
- Max Login Attempts: Type in the maximum number of failed login attempts allowed before a User Account is automatically Locked out. After making any setting changes click the Save Options button to save your new option settings.
- Automatic Lockout Time: Type in the number of minutes that you would like the User Account to be locked out for when the maximum number of failed login attempts have been made. After making any setting changes click the Save Options button to save your new option settings.
- Manual Lockout Time: Type in the number of minutes that you would like the User Account to be locked out for when you manually lock a User Account using Lock checkbox options in the Dynamic Login Security form. After making any setting changes click the Save Options button to save your new option settings.
- Max DB Rows To Show: Type in the maximum number of database rows that you would like to display in the Dynamic Login Security form. Leaving this text box blank means display all database rows. After making any setting changes click the Save Options button to save your new option settings.
- Enable Login Security for WooCommerce: Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS Login Security on the WooCommerce custom login and registration pages.
- Turn On|Turn Off: Turn On Login Security, Turn Off Login Security or Turn Off Login Security|Use Password Reset Option ONLY. This option setting means that all Login Security features are turned Off except for the Password Reset Option, which can be used independently by itself. After making any setting changes click the Save Options button to save your new option settings.
- Logging Options: You can choose to Log All User Account Logins or Log Only User Account Lockouts. After making any setting changes click the Save Options button to save your new option settings.
- Error Messages:
- Standard WP Login Errors: Will display the normal WP login errors. Example1: ERROR: The password you entered for the username X is incorrect. BPS Example2: ERROR: This user account has been locked until August 21, 2016 9:31 am due to too many failed login attempts. You can login again after the Lockout Time above has expired.
- User|Pass Invalid Entry Error: Will display a generic Invalid Entry error message instead of displaying normal WP login errors for incorrect username or incorrect password, but if a user account is locked out then the BPS timestamp and Lockout Time error message will be displayed. Example: ERROR: Invalid Entry for either incorrect username or incorrect password. BPS Example2: ERROR: This user account has been locked until August 21, 2016 9:31 am due to too many failed login attempts. You can login again after the Lockout Time above has expired.
- User|Pass|Lock Invalid Entry Error: Will display a generic Invalid Entry error message instead of displaying normal WP login errors for incorrect username, incorrect password and when the user account is locked out – the BPS Lockout Time error message will NOT be displayed. CAUTION: If the user account is locked out then no indication will be given that the user account is locked out and only a generic ERROR: Invalid Entry message will be displayed.
- Attempts Remaining: Display a "Login Attempts Remaining X" message when an incorrect password is entered. X is the number of login attempts left/remaining before the User Account is locked.
- Password Reset: The Enable Password Reset option will allow the normal WP Lost Password link to be displayed and allow locked out users to reset their passwords. The Disable Password Reset Frontend Only option disables the WP Login reset password feature and displays this error message - Password reset is not allowed for this user. This error message is displayed for valid or invalid user accounts or email addresses. In other words, there is no indication of whether or not a valid username or email address is being entered. This of course disables a lot of cool WordPress login features, but if you want complete Login Stealth Mode then this is the option for you. Disable Password Reset Frontend & Backend disables password reset on the frontend and backend (WP Dashboard) of your website.
- Export|Download Login Security Table Tool: The Export|Download Login Security Table tool exports (copies) the Login Security Table into the lsm-master.zip file, which you can then download to your computer by clicking the Download Zip Export button displayed in the Login Security Table Export success message.
- BPS Pro Only Reset|Clear Login Security Alerts: If you choose to have S-Monitor Login Security Alerts displayed to you in your WP Dashboard or BPS Pro pages then to clear the Dashboard alert you will need to click the Reset|Clear Login Security Alerts button.
- Login Security DB Search: The search feature allows you to search all of the Login Security database rows. To search for a username enter that username, to search for an IP address enter that IP address, etc.
JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
99% of all hacking and spamming is automated with HackerBots and SpamBots (auto-registering, auto-logins, auto-posting, auto-commenting). JTC-Lite protects your Login page Form from HackerBots and SpamBots. BPS Pro JTC Anti-Spam|Anti-Hacker protects all of your WordPress Forms from HackerBots and SpamBots. JTC is 100% effective at stopping all HackerBots and SpamBots.
- BPS Pro JTC Anti-Spam|Anti-Hacker Forum Topic
- JTC-Lite: BPS free JTC-Lite is a limited version of BPS Pro JTC Anti-Spam|Anti-Hacker. JTC-Lite prevents repeated User Account lockouts caused by HackerBots and SpamBots attempting to repeatedly Brute Force Login to your Login page.
- JTC-Lite Options:
- JTC CAPTCHA: This is the CAPTCHA that users will enter to Login on your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > ' " &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.
- JTC ToolTip: This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx.
- JTC Title|Text: This is the text that is displayed to users above the CAPTCHA text box/Form Field.
- JTC Logging: BPS Pro only - See the JTC Anti-Spam|Anti-Hacker BPS Pro Only accordion tab to see all JTC options and features.
- Enable JTC for WooCommerce: Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login page form. Note: JTC-Lite only protects the WooCommerce custom login page. BPS Pro JTC Anti-Spam|Anti-Hacker protects the WooCommerce custom login and registration page forms.
- Enable|Disable JTC For These Forms: Only the Login Form option is available in BPS free - See the JTC Anti-Spam|Anti-Hacker BPS Pro Only accordion tab to see all JTC options and features. Checking the Login Form checkbox will display a CAPTCHA on the Login Form to all users. Unchecking the Login Form checkbox will remove the CAPTCHA on the Login Form for all users.
- Comment Form Enable|Disable JTC For These Registered/Logged In User Roles: BPS Pro only - See the JTC Anti-Spam|Anti-Hacker BPS Pro Only accordion tab to see all JTC options and features.
- Comment Form: CAPTCHA Error message: BPS Pro only - See the JTC Anti-Spam|Anti-Hacker BPS Pro Only accordion tab to see all JTC options and features.
- Comment Form: CSS Styling: BPS Pro only - See the JTC Anti-Spam|Anti-Hacker BPS Pro Only accordion tab to see all JTC options and features.
DB Backup|DB Backup Log BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- DB Backup Security Forum Topic
- DB Backup Log: Depending on your DB Backup settings, log entries will be logged anytime you run a Manual Backup Job or whenever a Scheduled Cron Backup Job is run. Logs Backup Job Settings, Completion Time, Memory Usage, Zip Backup File Name, Timestamp and other DB Backup information. If you have chosen the option to automatically delete old zip backup files then the zip backup file name and timestamp will be logged when old zip backup files are automatically deleted. When you create a new Backup Job your Backup Job Settings are logged/saved in the DB Backup Log. Your DB Backup Log file is a plain text static file and not a dynamic file or dynamic display or stored in your WordPress Database to keep your website resource usage at a bare minimum and keep your website performance at a maximum. DB Backup Log files are automatically zipped and emailed to you based on the size setting that you choose.
- DB Backup: Full|Partial DB Backups, Manual|Scheduled DB Backups, Email Zip Backups, Download Zip Backup files, Automatically Delete Old Backup files. Scheduled backup job options: Hourly, Daily, Weekly and Monthly. Send scheduled backup zip file via email or just send email only, automatically delete old backup files after a certain period of time, Override Scheduled Backup Jobs (turn off all Scheduled Backup Jobs). Recommended: Use the default obfuscated & secure BPS Backup folder that is created automatically on plugin installation.
- Backup Jobs ~ Manual|Scheduled (Accordion Tab):
- Displays the Description|Job Name, Delete and Run Checkboxes, Job Type, Frequency, Last Backup, Next Backup, Email Backup and Job Created table columns.
- Backup Files ~ Download|Delete (Accordion Tab):
- Displays Backup Filename, Delete checkbox, Download button, Backup Folder path, Size of zip backup file and Date|Time.
- Create Backup Jobs (Accordion Tab):
- Displays a dynamic DB Table Name checkbox form used to select the database tables that you want to backup.
- Description|Backup Job Name: Enter a description for your Backup Job.
- DB Backup Folder Location: Use the default Obfuscated & Secure BPS Backup Folder location or create your own Backup folder location.
- DB Backup File Download Link|URL: Use the default download URL path or create your own download URL path.
- Backup Job Type: Manual or Scheduled: Select a dropdown option to choose either a Manual or Scheduled Backup job type.
- Frequency of Scheduled Backup Job (recurring): Select a dropdown option to choose either N/A, Hourly, Daily, Weekly or Monthly backup job frequency.
- Hour When Scheduled Backup is Run (recurring): Select a dropdown option to choose a start time for a scheduled backup job: N/A and 12AM through 11PM.
- Day of Week When Scheduled Backup is Run (recurring): Select a dropdown option to choose a weekday day when a scheduled backup job is run: N/A and Sunday through Monday.
- Day of Month When Scheduled Backup is Run (recurring): Select a dropdown option to choose a day of the month for a start time when a backup job is run: N/A and 1st through 30th.
- Send Scheduled Backup Zip File Via Email or Just Email Only: Select a dropdown option to choose either to email a zip backup file, do not email backup zip file, email and delete zip backup file or just send an email that backup job has completed/been run. Note: This option is ONLY for Scheduled backup jobs and is NOT for Manual backup jobs.
- Automatically Delete Old Backup Files: Select a dropdown option to choose Never delete old backup files, delete backup files older than 1 day, 5 days, 10 days, 15 days, 30 days, 60 days, 90 days or 180 days. This is an independent option meaning that it can be set/changed/saved independently and is not specific to any created Backup Jobs.
- Turn On|Off All Scheduled Backups (Override): Select a dropdown option to choose either turn on all scheduled backups or turn off all scheduled backups. This an override option that prevent any/all scheduled backup jobs from being run. This is an independent option meaning that it can be set/changed/saved independently and is not specific to any created Backup Jobs.
- Rename|Create|Reset Tool: Tool for changing the default BPS DB Backup folder name and DB Backup File Download Link|URL path. The Rename|Create|Reset Tool will automatically fix common problems and can also be used for troubleshooting uncommon/unique problems.
DB Table Prefix Changer BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- DB Table Prefix Changer: Changing your Database Table Prefix name will probably stop a lot of random Bot probes from doing any further reconnaissance against your website and causing unnecessary slowness from those random Bot probes. The Anti-nuisance benefits alone are worth changing your DB Table Prefix name. BPS has many layers of security protection that protect your Database against SQL Injection attacks and other types of attacks. Note: Changing the DB Table Prefix name is not really considered a security measure since if a hacker wants to find/get your DB Table Prefix name he/she will be able to find/get that information.
- DB Table Names & Character Length Table: Displays your Current DB Table Names & Length Including The DB Table Prefix. In your WordPress xxxxxx_options DB Table there is one value that will be changed in the option_name Column: xxxxxx_user_roles. Note: Network|Multisite sites will have additional xxxxxx_[Site ID]_user_roles Columns for each subsite options DB Table. In your WordPress xxxxxx_usermeta DB Table there are several values that will be changed in the meta_key Column. These are user/user ID specific values based on individual user's Metadata stored in the xxxxxx_usermeta DB Table. Metadata is user specific saved settings, such as individual user's capabilities, permissions, saved screen options settings, etc.
Idle Session Logout (ISL) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- ISL|ACE Forum Topic
- Idle Session Logout (ISL): Automatically logout idle/inactive Users. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen.
- If you set the Idle Session Logout Time to 60 minutes and the User is idle/inactive for 10 minutes and becomes active again then the Idle Session Logout Time starts all over again/is reset to 60 minutes. If a User is idle/inactive for 60 continuous minutes then that User will be automatically logged out of the site and redirected to the BPS Idle Session Logout Page.
- When an idle/inactive User is logged out of the site they are redirected to the BPS Idle Session Logout Page if their Browser is still open. If the User's Browser is still open and the User is on another Browser tab window then the Browser tab window where they are logged into your site will be redirected to the BPS Idle Session Logout Page. Idle Session Logouts are logged in the BPS Security Log file. To force logout users who have closed their Browser without logging out of your website use WordPress Authentication Cookie Expiration (ACE).
- Turn On|Turn Off: Turn Idle Session Logout On or Off.
- Idle Session Logout Time in Minutes: Enter the time in minutes for when an idle/inactive User should be logged out of your site.
- Idle Session Logout Page URL: When an idle/inactive User is logged out of your site they are redirected to the BPS Idle Session Logout Page URL by default. You can choose to redirect logged out users to any URL that you want to redirect them to by entering the URL in this text box.
- Idle Session Logout Page Login URL: This option displays a clickable Login URL/link to your WP Login page. If your Login page URL is different than the default URL that you see displayed in the Idle Session Logout Page Login URL text box then change the URL to the URL for your site's Login page. You can choose not to display a Login URL/link by entering "No" (without quotes) if you do not want a Login URL/link displayed.
- Idle Session Logout Exclude URLs|URIs: This option allows you to exclude any pages or posts that you do not want ISL to check/monitor.
- Idle Session Logout Page Custom Message: You can either use the default BPS ISL message/text by leaving the textarea box blank or you can enter your own custom ISL message/text in this textarea box that you want displayed to logged out users. Your custom message will be displayed on the default BPS ISL Logout page unless you choose to redirect users to a different URL/link using the Idle Session Logout Page URL option setting.
- Idle Session Logout Page Custom CSS Style: You can either use the default BPS CSS Style code or enter your own custom CSS Style customizations.
- User Account Exceptions: To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. ISL will be turned Off/disabled for any User Account names that you add in this text box. User Account Exceptions override the User Roles option setting.
- Enable|Disable Idle Session Logouts For These User Roles: Checking a User Role checkbox will enable ISL for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will disable ISL for all Users with that User Role. Displays standard WordPress User Roles & any Custom User Roles.
- Enable|Disable Idle Session Logouts For TinyMCE Editors: Checking the Enable|Disable ISL For TinyMCE Editor checkbox will disable ISL for any/all pages that have a TinyMCE Editor on them.
Auth Cookie Expiration (ACE) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- ISL|ACE Forum Topic
- Auth Cookie Expiration (ACE): Change the WordPress Authentication Cookie Expiration time. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. You can change the WordPress Authentication Cookie Expiration time to whatever expiration time setting that you choose.
- The WordPress Authentication Cookie Expiration (ACE) time can be considered a "hard" setting vs ISL being a "soft" setting. If you set the Cookie Expiration to 60 minutes then 60 consecutive minutes after a User has logged in, that user will be logged out automatically whether that User is idle/inactive or not.
- The WordPress Authentication Cookie Expiration (ACE) time is set/reset each time a User logs in. If a User logs out and then logs back into the site the Authentication Cookie Expiration time for that User is set again to whatever Auth Cookie Expiration Time that you choose or the WordPress default Cookie Expiration time if you do not use or turn On ACE.
- Turn On|Turn Off: Turn Auth Cookie Expiration On or Off.
- Auth Cookie Expiration Time in Minutes: Enter the time in minutes for when a User should be logged out of your site.
- Remember Me Auth Cookie Expiration Time in Minutes: Enter the time in minutes for when a User should be logged out of your site when the User has checked the Remember Me checkbox on the WordPress Login page.
- Enable|Disable Remember Me Checkbox: Checking the Disable & do not display the Remember Me checkbox option will disable and not display the Remember Me checkbox on the WordPress Login page for everyone including you.
- User Account Exceptions: To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. Auth Cookie Expiration Time settings will not be applied to any User Account names that you add in this text box and these User Accounts will instead use the default WordPress Authentication Cookie Expiration time. User Account Exceptions override the User Roles option setting.
- Enable|Disable Auth Cookie Expiration Time For These User Roles: Checking a User Role checkbox will apply the Auth Cookie Expiration Time that you choose for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will apply the default WordPress Authentication Cookie Expiration time for all Users with that User Role. Displays standard WordPress User Roles & any Custom User Roles.
Security Log BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Security Log: The Security Log logs blocked hackers, spammers, scrapers, miners, bad bots, etc. and is also a troubleshooting tool to check if BPS is blocking something legitimate in another plugin. The Security Log file is a plain text static file and not a dynamic file or dynamic display or stored in your database to in order to keep your website resource usage at a bare minimum and keep your website performance at a maximum. Log entries are logged in descending order by Date and Time. You can copy, edit and delete the Security Log file. The Security Log file is automatically zipped and emailed to you when it reaches the size limit setting you have chosen (256KB, 500KB or 1MB). The Security Log logs 400, 403, 405 and 410 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening this BPS Pro 404 Template file - /bulletproof-security/404.php and copying the logging code into your Theme's 404 Template file. When you open the BPS Pro 404.php file you will see simple instructions on how to add the 404 logging code to your Theme's 404 Template file. The Security Log also logs other events. See Total # of Security Log Entries by Type below for a complete list of all BPS Free and BPS Pro Security Log Entry Types. Displays: Security Log File Size, Security Log Status and Security Log Last Modified Time. You can turn Security Logging On or Off. You can use the Limit POST Request Body Data option to capture hacker's scripts - See the Security Log Read Me help button for more information. You can add or remove User Agent|Bot names you would like to Ignore|Not Log in your Security Log.
- BPS Pro: Total # of Security Log Entries by Type (32 Total): Displays the total number of each type of Security Log Entry in your Security Log file. There are 32 different Security Log entry types that are displayed in the Total # of Security Log Entries by Type list. There are several other types of Security Log Entries that are not displayed in the Total # of Security Log Entries by Type list. The Total # of Security Log Entries by Type is also added to each Security Log file when it is zipped and emailed to you and also added directly in the automated Security Log email. Complete list of BPS Pro Security Log Entry Types: 400 POST Bad Request, 400 GET Bad Request, 403 GET Request, 403 POST Request, 404 GET Not Found Request, 404 POST Not Found Request, 405 HEAD Request, 410 Gone POST Request, 410 Gone GET Request, Idle Session Logout, Maintenance Mode - Visitor Logged, Login Form - POST Request Logged, Login Form - GET, HEAD, OTHER Request Logged, WP Register Form - POST Request Logged, WP Register Form - GET, HEAD, OTHER Request Logged, Lost Password Form - POST Request Logged, Lost Password Form - GET, HEAD, OTHER Request Logged, Comment Form User Is Logged In - POST Request Logged, Comment Form User Is Logged In - GET, HEAD, OTHER Request Logged, Comment Form User NOT Logged In - POST Request Logged, Comment Form User NOT Logged In - GET, HEAD, OTHER Request Logged, BuddyPress Register Form - POST Request Logged, BuddyPress Register Form - GET, HEAD, OTHER Request Logged, AutoRestore Turned Off Cron Check, WP Automatic Update: ARQ was turned Off, WP Automatic Update: ARQ was turned back On, WP Automatic|Shiny Update Plugin|Theme: ARQ was turned Off, WP Automatic|Shiny Update Plugin|Theme: ARQ was turned back On, WP Automatic|Shiny Update Plugin|Theme: ARQ was Not turned back On, upgrader_post_install Filter failed: AFS Cron FailSafe successful, Manual|Shiny Update Core|Plugin|Theme: ARQ was turned back On, Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created.
- BPS Free: Total # of Security Log Entries by Type (11 Total): Displays the total number of each type of Security Log Entry in your Security Log file. The Total # of Security Log Entries by Type is also added to each Security Log file when it is zipped and emailed to you and also added directly in the automated Security Log email. Complete list of BPS Security Log Entry Types: 400 POST Bad Request, 400 GET Bad Request, 403 GET Request, 403 POST Request, 404 GET Not Found Request, 404 POST Not Found Request, 405 HEAD Request, 410 Gone POST Request, 410 Gone GET Request, Idle Session Logout, Maintenance Mode - Visitor Logged.
Hidden Plugin Folders|Files Cron (HPF) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Hidden Plugin Folders|Files Cron (HPF): The HPF Cron checks the WordPress /plugins/ folder for hidden or empty plugin folders and any non-standard WP files or altered files in the /plugins/ folder. A hidden or empty plugin folder is a plugin the exists in your /plugins/ folder, but is not displayed on the WordPress Plugins page. A hidden plugin can be used as a hacker backdoor to gain access to your WP Dashboard, hosting account, create user accounts, completely control your website and hosting account, etc. A non-standard WP file or modified/altered file in your /plugins/ folder can also do all of the things a hidden plugin can do.
- Dashboard Alerts & Email Alerts: If a hidden or empty plugin folder is detected or a non-standard WP file is detected then a BPS Dashboard Alert will be displayed and Email Alert will be sent to you. BPS Pro Only: The HPF Email Alert setting is in S-Monitor: HPF: Hidden Plugin Folders|Files (HPF) Cron and the option settings are: Send Email Alerts or Do Not Send Email Alerts.
- HPF Cron Check Frequency: Available Cron Check Frequency Settings are: 1, 5, 10, 15, 30 or 60 minutes. The default HPF Cron Frequency is: Run Check Every 15 Minutes, which is setup automatically by running the Setup Wizard.
- HPF Cron On|Off: Turn the HPF Cron On or Off.
- Ignore Hidden Plugin Folders & Files: This option is for adding ignore rules for Hidden or Empty Plugin Folders Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ folder. This is an independent option setting that does not require clicking any other buttons. Example Usage: If you intentionally have an empty plugin folder in your /plugins/ folder or you have a custom file in your /plugins/ folder then you can add the plugin folder or custom file name in the Ignore Hidden Plugin Folders & Files textarea box so that the HPF Cron check will ignore any folder or file names that you add.
Maintenance Mode (MMode) BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Maintenance Mode Forum Topic
- Maintenance Mode: Create a custom unique Website Under Maintenance or Coming Soon page or use the pre-made images that come with Maintenance Mode. Allows you to continue to Login|Logout and work on your website while visitors see a Website Under Maintenance page. Maintenance Mode includes 20 background images, 15 center images (text box image), allows you to embed image files and YouTube videos, FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes. Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image).
- MMode Editor (Accordion Tab):
- This is a standard WordPress TinyMCE WYSIWYG editor that has a Visual Editor and a Text Editor for adding CSS or HTML code. Enter plain text, CSS, HTML code, insert images, videos, etc. For examples/example code of embedding images or YouTube videos using CSS and HTML code, which you can copy and paste into the Text editor, go to the Maintenance Mode Guide link above.
- MMode Option Settings (Accordion Tab):
- Enable Countdown Timer: Check this checkbox to enable a javascript Countdown Timer that will be displayed to visitors.
- Maintenance Mode Time (in Minutes): Enter the amount of time that you want to put your site into Maintenance Mode in minutes.
- Header Retry-After (enter the same time as Maintenance Mode Time above): This is the amount of time that you are telling Search Engines to wait before visiting your website again.
- Enable FrontEnd Maintenance Mode: Check this checkbox to enable FrontEnd Maintenance Mode.
- Enable BackEnd Maintenance Mode: Check this checkbox to enable BackEnd Maintenance Mode.
- Maintenance Mode IP Address Whitelist Text Box: Enter The IP Address or Addresses that can view the website normally (not in Maintenance Mode).
- Background Images: Select a background image that you want to use or choose No Background Image.
- Center Images: Select a center image that you want to use or choose No Center Image.
- Background Colors (If not using a Background Image): Select a background color that you want to use or choose No Background Color.
- Display Visitor IP Address: Check this checkbox to display the website visitor's IP addresses.
- Display Admin|Login Link: Check this checkbox to display a Login link that points to your wp-admin folder/Login page.
- Display Dashboard Reminder Message when site is in Maintenance Mode: Check this checkbox to display a WordPress Dashboard Reminder Notice that your website is in Maintenance Mode.
- Enable Visitor Logging: Check this checkbox to enable visitor logging. Logs all visitors to your site while your site is in Maintenance Mode. Log entries are created in the BPS Security Log file.
- Send Email Reminder when Maintenance Mode Countdown Timer has completed: Check this checkbox to enable the javascript Countdown Timer to send you an email reminder when the Countdown Timer reaches 0/is completed. More importantly when this option is selected you will receive another email reminder each time a visitor visits your website in Maintenance Mode. When the Countdown Timer reaches 0/has completed your website will still be in Maintenance Mode until you turn Off Maintenance Mode. An additional option will be added in the future to automatically turn off Maintenance Mode when the Countdown Timer reaches 0/has completed.
- Send Countdown Timer Email: Enter the email addresses that you would like the Countdown Timer reminder email sent to, from, cc or bcc.
- MMode Network|Multisite Options (Accordion Tab):
- Network|Multisite Primary Site Options ONLY: These options/settings are for Network/Multisite ONLY and are ONLY displayed on the Primary Network/Multisite site. Checking these options on a Single/Standard WordPress installation have no effect since these options are ONLY for Network/Multisite WordPress installations.
System Info BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Extensive System Info: File|Folder|UID Permissions & Ownership checks and recommendations. Website Info, Server Info, IP Info, MySQL Info, PHP Info, PHP Configuration File (php.ini) path, PHP Memory Usage, WordPress Admin Memory Limit, WordPress Base Memory Limit, PHP Actual Configuration Memory Limit, Opcode Cache, Accelerators, Permalink Structure, WP Installation Type, Total Plugins Installed, Total Plugins Activated, List of Plugins installed, Hostname, DNS Name Server, Server OS, Server Type, Server API, WP Filesystem API Method, Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No), Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, Memcache, Memcached...
UI|UX Settings BPS Pro & BPS Free
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- UI Theme Skins: 3 UI Theme Skins: Blue|Grey|Black UI Theme Skins. Note: Requires WordPress 3.8 or higher to switch to the Light Grey or Dark UI Theme Skins. If you have an older version of WordPress (3.7 and below) installed then ONLY the Blue UI Theme Skin is available.
- Turn On|Off The Inpage Status Display (BPS free only): Displays the status of BPS features, options and your site security in real-time at the top of BPS plugin pages. Note: The BPS Pro Dashboard Status Display option is located on the S-Monitor page.
- Processing Spinner: The Processing Spinner includes a Cancel button. The Processing Spinner can be turned On or Off.
- Turn On|Off jQuery ScrollTop Animation: The jQuery ScrollTop Animation is the scrolling animation that you see after submitting BPS Forms, which automatically scrolls to the top of BPS plugin pages to display success or error messages. The jQuery ScrollTop animation code is conditional based on your Browser User Agent or Rendering Engine.
- WP Toolbar Functionality In BPS Plugin Pages: Display only the default WordPress Toolbar in BPS plugin page or display the Toolbar with all menu items (nodes) added by other plugins and themes. This option affects the WP Toolbar in BPS plugin pages ONLY and does not affect the WP Toolbar anywhere else on your site.
- Script|Style Loader Filter (SLF) In BPS Plugin Pages: SLF is set to Off by default. If BPS plugin pages are not displaying visually correct then select the Turn On SLF option and click the Save Option button. This option prevents other plugin and theme scripts, which break BPS plugin pages visually, from loading in BPS plugin pages.
- BPS UI|UX|AutoFix Debug:
- BPS UI|UX Debug: Displays plugin or theme Scripts that were Dequeued (prevented) from loading in BPS plugin pages, plugin or theme Scripts that were Nulled (prevented) from loading in BPS plugin pages by the Script|Style Loader Filter (SLF) In BPS Plugin Pages option and WP Toolbar nodes|menu items that were Removed in BPS plugin pages by the WP Toolbar Functionality In BPS Plugin Pages option. The Debugger will also display any SLF js or css Scripts that were Not Nulled|Allowed to load in BPS plugin pages.
- BPS AutoFix Debug: Displays plugin or theme names and the BPS Custom Code text box where plugins or themes should be creating Custom Code whitelist rules. Usage: If the BPS Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Notice is still being displayed after running the Pre-Installation Wizard and Setup Wizard then the BPS UI|UX|AutoFix Debug option should be turned On to find the exact plugin or theme and the Custom Code text box where the problem is occurring.
Setup Wizard BPS Pro & BPS Free
- BPS Free One-Click Setup Wizard: The BPS Free Setup Wizard is a one-click setup that takes 10 to 30 seconds to complete. Displays Green (success), Red (error) and Blue (notice) messages and verification checks. BPS is completely setup with optimum default option settings. You can of course change any BPS option settings that you would like to change.
- BPS Free Setup Wizard Pre-Installation Checks: On page load check that checks for any possible issues or problems.
- BPS Pro Pre-Installation Wizard: Performs checks to ensure there are no pre-existing issues that need to taken care of first before clicking the Setup Wizard. If anything needs to be taken care of first a detailed explanation with a link to a forum topic will be included in the displayed check message. The Pre-Installation Wizard also performs some preliminary BPS Pro setup steps. Displays Green (success), Red (error) and Blue (notice) messages and verification checks.
- BPS Pro One-Click Setup Wizard: The BPS Pro Setup Wizard is a one-click setup that takes 10 seconds to 1 minute to complete. Displays Green (success), Red (error) and Blue (notice) messages and verification checks. One-click is used figuratively and not literally - BPS Pro Setup requires clicking the Pre-Installation Wizard button and the Setup Wizard button. BPS Pro is completely setup with optimum default option settings. You can of course change any BPS Pro option settings that you would like to change.
- Setup Wizard Options Tab:
- BPS Pro and Free: AutoFix (AutoWhitelist|AutoSetup|AutoCleanup): Setup Wizard AutoFix will automatically create htaccess whitelist rules in BPS Custom Code and your Live htaccess files for other plugins and themes that you have installed that require htaccess code whitelist rules. Setup Wizard AutoFix will also automatically setup or cleanup htaccess code in BPS Custom Code for these caching plugins: WP Super Cache, W3 Total Cache, Comet Cache Plugin (free & Pro), WP Fastest Cache Plugin (free & Premium), Endurance Page Cache and WP Rocket.
- BPS Pro: cURL Scan Option: Turn On|Off cURL Scan: The cURL Scan Option is set to On by default. If the Pre-Installation Wizard is crashing/hanging/not completing then select and save the "Turn Off cURL Scan" option and run the Pre-Installation Wizard again. If you have a VPS or Dedicated Server you may need to reboot your server if the Pre-Installation Wizard cURL Scanner causes your website/server to crash. Plugin Firewall AutoPilot Mode will automatically create any Plugin Firewall whitelist rules in real-time that are needed for your website so cURL scanning is not necessary during Setup Wizard setup.
- BPS Pro: DB Monitor: Use Default or Keep Existing Settings: If you are re-running the Pre-Installation Wizard and Setup Wizard and you have setup the DB Monitor to monitor additional DB Tables then choose the "Keep Existing DB Monitor Settings" option.
- BPS Pro and Free: Go Daddy Managed WordPress Hosting (GDMW): This option is ONLY for a special type of Go Daddy Hosting account called "Managed WordPress Hosting" and is NOT for regular/standard Go Daddy Hosting account types. Leave the default setting set to No, unless you have a Go Daddy Managed WordPress Hosting account. View this Forum link for more information: https://forum.ait-pro.com/forums/topic/gdmw/
- BPS Pro and Free: Enable|Disable htaccess Files: This option disables all BPS htaccess features and files.
- BPS Pro and Free: Enable|Disable wp-admin BulletProof Mode: This option disables wp-admin BulletProof Mode.
- BPS Pro and Free: Zip File Download Fix (Incapsula, Proxy, Other Cause): This option allows these Zip files to be downloaded: Custom Code Export Zip file, Login Security Table Export Zip file or the Setup Wizard Root htaccess file backup Zip file if 403 errors are occurring when trying to download zip files due to an IP address problem with Incapsula, other Proxies or some other cause
- BPS Pro and Free: Network|Multisite Sitewide Login Security Settings: This option is for Network|Multisite sites ONLY. This is an independent option Form that creates and saves Login Security DB option settings for all Network sites when you click the Save Network LSM Options Sitewide button.
- BPS Pro: Network|Multisite Sitewide JTC Anti-Spam|Anti-Hacker Settings: This option is for Network|Multisite sites ONLY. This is an independent option Form that creates and saves JTC Anti-Spam|Anti-Hacker DB option settings for all Network sites when you click the Save Network JTC Options Sitewide button.
AutoRestore|Quarantine (ARQ IDPS) BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- AutoRestore|Quarantine Guide Forum Topic
- ARQ IDPS: AutoRestore|Quarantine is an automated Intrusion Detection and Prevention System (IDPS) File Monitor that monitors all of your website files for any changes to those files. If file changes are detected or files are uploaded to your website then those files are either autorestored or quarantined.
- FTP password hacked, cracked or cross-site infection/injection protection or Host Server compromised: ARQ IDPS automatically quarantines malicious hacker files and autorestores legitimate website files if they have been altered or tampered with. Quarantined files can be viewed, restored or deleted. ARQ IDPS can monitor and protect any/all website files under your entire Hosting Account. If your Web Host Server is compromised/hacked or your FTP password is cracked or stolen change your passwords immediately while AutoRestore|Quarantine is continuing to protect your website by autorestoring and quarantining files until your passwords are changed.
- AutoRestore|Quarantine IDPS Monitoring, Alerting and Logging options:
- Display AutoRestore|Quarantine Status in your WP Dashboard or BPS pages Only.
- Send an email alert if a file is autorestored/quarantined.
- Send an email alert when AutoRestore is turned Off (Cron with email frequency settings).
- Quarantine Log: logs information about what action was taken by ARQ IDPS, source path, restore path, time stamp, etc.
- WP Dashboard AutoRestore|Quarantine Alert: Displays and AutoRestore|Quarantine Dashboard Alert if a file is autorestored or quarantined.
- AutoRestore|Quarantine Controls & Backup Status: AutoRestore|Quarantine is setup automatically by the BPS Pro Setup Wizard. The manual controls allow you to perform these actions manually in cases where you need to manually modify or upload files or for troubleshooting purposes: Backup Files, Delete Backup Files, Restore Backup Files, Show Backup Files and Show Website Files.
- AutoRestore|Quarantine Options: Recommended Settings: Run ARQ Cron check every 2 minutes, Standard WP Cron and Turn Off Backup File Status Check. These settings have been extensively tested and do not cause any website performance or Server resource usage issues/problems.
- ARQ Cron Check Frequency: Choose how often the ARQ Cron should check website files.
- Standard WP Cron or WP Cron with Time Restriction: hoose either a standard WP Cron job or a WP Cron job with an additional time restriction.
- ARQ Cron Override On|Off: Default Setting is Off: Forces an ARQ Off override setting if ARQ is turned On or Off. Can be used to ensure that ARQ Automation is not automatically turned back On during WordPress Automatic updates or WordPress Shiny Updates.
- ARQ Backup File Status Check: Turn Backup file checks On|Off.
- AutoRestore On|Off (ARQ Cron Check On|Off): Turn AutoRestore On|Off.
- AutoRestore|Quarantine Tools:
- Exclude wp-content Folders Tool: Add or remove any folders under the wp-content folder that you do or do not want ARQ IDPS to monitor.
- Add|Exclude Other Folders & Files Tools: Various tools that allow you to add additional folders and files to be monitored by ARQ IDPS. Various tools to exclude folders and files from being monitored by ARQ IDPS. Various tools to perform folder and file searches.
Quarantine BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Quarantine: The BPS Pro Quarantine folder is located in an isolated .htaccess protected directory that cannot be accessed by anyone other than you. When a file has been autorestored or quarantined by the ARQ Cron, a copy of that modified file that was autorestored is sent to Quarantine before it was autorestored. This allows you to restore the modified file that is in quarantine and overwrite the autorestored file. Or in other words restoring a file from Quarantine is an Undo. If a file (hacker file) is uploaded to your website and a copy of that uploaded file does not exist in backup then that file is sent to Quarantine. If there are no files in Quarantine the Quarantine Form will display an empty table with this displayed message - No Files in Quarantine. If there are files in Quarantine the Dynamic Quarantine Form will display the file name, the time the file was quarantined, the source path where the file was quarantined from and 3 Quarantine Form options.
- Quarantine Form options:
- View File: Selecting the View File Checkbox Form option will display the contents of the quarantined file that you have selected to view.
- Restore File: Selecting the Restore File Checkbox Form option does 3 things: 1. Copies the quarantined file to the autorestore backup folder and overwrites the backed up copy of the file. 2. Moves the file out of quarantine to the original source path where the file was quarantined from and overwrites the file that was autorestored. 3. Deletes the database entry for the quarantined file. You can restore multiple files by using the Select All checkbox.
- Delete File: Selecting the Delete File Checkbox Form option does 2 things: 1. Deletes the file permanently from the Quarantine folder. 2. Deletes the database entry for the quarantined file.
- Quarantine Sort|Search Tool: The Quarantine Sort|Search feature allows you to sort files by plugin folder name or theme folder name or other folder name and either restore or delete all of these files. If the total number of files in Quarantine exceeds 200, an error message will be displayed with a link to forum topic with additional help information.
- Quarantine Log: The Quarantine Log logs specific information about what action was taken so that you can quickly visually identify exactly what action occurred. The Quarantine Log entries will tell you what Top Level folder the file was quarantined from, the original source path of where the quarantined file was quarantined from, the file name of the quarantined file, a timestamp, whether the file was AutoRestored or just Quarantined, the Quarantine folder location and if a file already exists in Quarantine then the file will be renamed using a Timestamp so that it does not overwrite the existing quarantined file. When a file has been quarantined you will see an AutoRestore|Quarantine Alert. To remove that alert from being displayed you will need to click the Reset Last Modified Time in DB button. This synchronizes the last modified time of the actual Quarantine Log file with the timestamp stored in your WordPress database for the last time the Quarantine Log file was modified.
DB Monitor (DBM IDS) BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- DB Monitor IDS Guide Forum Topic
- DB Monitor (DBM IDS): DB Monitor (DBM IDS) is an automated Intrusion Detection System (IDS) that alerts you via email anytime a change/modification occurs in your WordPress database or a new database table is created in your WordPress database. The DB Monitor email alert contains information about what database change/modification occurred and other relevant help info. Your DB Monitor Log also logs any changes/modifications to your WordPress database and other relevant help info.
- DBM IDS is similar to the ARQ IDPS where it is the most powerful last line of website security protection defense. If all other outer and inner layers of security protection are penetrated then the most powerful DBM IDS and ARQ IDPS systems kick in and protect your website from attacks/hackers. Even if these powerful security measures are never utilized the most significant benefit is that you know for sure that neither your website files or your WordPress database have been tampered with.
- DB Monitor Log: Depending on your DB Monitor settings, log entries will be logged anytime the DB Monitor Cron sees a change or modification to any of your database tables or a new database table is created in your database. The name of the database table, a timestamp and what changed are logged. When you submit the Dynamic DB Form your DB Monitor settings are logged/saved. The DB Monitor Log file is automatically zipped and emailed to you when it reaches the size limit setting you have chosen (256KB, 500KB or 1MB).
DB Diff Tool BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- DB Diff Tool Guide Forum Topic
- DB Diff Tool: The DB Diff Tool compares old database tables from DB backups to current database tables and displays any differences in the data/content of those 2 database tables. The DB Diff Tool can also be used to compare any data and not only just DB data. The DB Diff Tool allows you to check your WordPress Database if you receive a DB Monitor email alert and do not recognize the database table name change/modification. The DB Monitor email alert contains an attached zip file of your DB Monitor Log file. In that attached log file you will see the database name that was changed/modified. Example: DB Table Name: xxxxxx_usermeta. You would enter a DB Backup file name and the DB Table name in the DB Diff Tool Form to compare/check exactly what was changed/modified and click the Run Diff Comparison button to get search comparison results for exactly what was changed/modified in that particular database table. You can of course check your DB Monitor Log file directly by going to the DB Monitor Log tab page.
DB Status & Info BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- DB Status & Info: General DB Info is displayed directly on the DB Status & Info page in 3 columns: General DB Info, SHOW GLOBAL DB Status and SHOW SESSION DB Status and shows commonly checked DB status and info about your WordPress database at a glance. Extensive DB Info can be displayed by clicking DB Status Form buttons to display extensive DB status information for: SHOW PRIVILEGES, SHOW TABLE STATUS|SIZE, SHOW STORAGE ENGINES, SHOW FULL PROCESSLIST, SHOW GLOBAL STATUS, SHOW SESSION STATUS, SHOW GLOBAL VARIABLES and SHOW SESSION VARIABLES.
General DB Info
DB Total Size is: 53.78 MB / 55,073 KB
MySQL DB Server Version: 5.0.96-log
MySQL DB Server: aitxxxxx.db.xxxxx.hostedresource.com
Your MySQL Database: aitxxxxx
DB hostname: xxxxx.shr.prod.xxx.secureserver.net
DB hostname IP Address: xxx.xxx.xxx.xxx
DB port: 3306
max_user_connections (Your Account): 200
max_connections (Server): 1000
connect_timeout: 60
storage_engine: MyISAM
MySQL Extension: Installed/Enabled
MySQLi Extension: Installed/Enabled
|
SHOW GLOBAL DB Status
Uptime: 11:30:32
Queries: 1030654774
Queries per Second: 150.09
Queries per Minute: 9005.4
Slow_queries: 0
Questions (clients): 1030653732
Flush_commands: 1
Threads_connected: 14
Threads_running: 5
Threads_created: 71
Threads_cached: 57
Open_tables: 6268
Opened_tables: 80942 |
SHOW SESSION DB Status
Uptime: 11:30:32
Queries: 1030654775
Queries per Second: 150.09
Queries per Minute: 9005.4
Slow_queries: 0
Questions (clients): 56
Flush_commands: 1
Threads_connected: 14
Threads_running: 5
Threads_created: 71
Threads_cached: 57
Open_tables: 6268
Opened_tables: 0 |
Plugin Firewall|AutoPilot Mode (PFW) BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Plugin Firewall Forum Topic
- Plugin Firewall BulletProof Mode: The Plugin Firewall is an IP Firewall that protects the WordPress Plugins folder (all plugin files and folders) from external access and only allows internal access to the Plugins folder (plugin files and folders) based on this criteria: Domain name, Server IP Address and Public IP|Your Computer IP Address. Your IP address is updated automatically in real-time when your IP address changes. Frontloading plugin scripts are allowed to load normally on the frontside of your website by whitelisting those frontloading plugin scripts. Whitelist rules are automatically detected and created when using Plugin Firewall AutoPilot Mode. When a new Plugin Firewall whitelist rule is detected and created in your Plugin Firewall htaccess file it is logged in your BPS Pro Security Log. Manual whitelisting tools are also provided.
- Plugin Firewall Whitelist Tools (Accordion Tab):
- Plugins Script|File Whitelist Text Area: This textarea box is where you can manually add any frontloading plugin scripts that need to be whitelisted.
- Payment Providers: Payment provider checkboxes (obsolete since the addition of AutoPilot Mode).
- Plugin Firewall AutoPilot Mode (Accordion Tab):
- Plugin Firewall AutoPilot Mode: Automatically detects and creates Plugin Firewall whitelist rules for frontloading plugin scripts. The BPS Pro Dashboard Status Display will display: PFW: AutoPilot : 00 Min : 00:00 AM when AutoPilot Mode is turned On. When a new Plugin Firewall whitelist rule is detected and created in your Plugin Firewall htaccess file it is logged in your BPS Pro Security Log.
- AutoPilot Mode Cron Check Frequency: Change the frequency of the AutoPilot Mode Cron Check.
- Turn On|Off AutoPilot Mode: Turn Plugin Firewall AutoPilot Mode On or Off.
- Plugin Firewall Test Mode: Clicking the Test Mode button will allow you to check the frontend of your website as if you are visitor to your website to check for any problems or errors. AutoPilot Mode is also enabled when you are in Test Mode. Plugin Firewall AutoPilot Mode will automatically create any new Plugin Firewall whitelist rules (once every 1 minute in Test Mode) for frontloading plugin scripts on the frontend of your website while Test Mode is turned On. Clicking the Plugin Firewall Activate or Deactivate button turns Off Plugin Firewall Test Mode. The BPS Pro Dashboard Status Display will display: PFW: Test Mode : 1 Min : 00:00 AM when Test Mode is turned On.
- Plugin Firewall Additional Whitelist Tools (Accordion Tab):
- Whitelist by Hostname (domain name) and IP Address: This option is for adding additional whitelist rules to whitelist additional Hostnames (domain names) or IP addresses in your Plugin Firewall .htaccess file.
- Additional Roles IP Whitelist: This option is for folks who have additional Administrators, Editors, Authors and Contributors who log into the website to create Posts or perform other website tasks. When you select and save additional Roles this means that any person with the Role capabilities that you have selected will have their IP addresses automatically whitelisted when they log into the website. Displays standard WordPress User Roles & any Custom User Roles with the exception of the standard WP Subscriber Role and Custom User Roles with 0 capability permissions.
Uploads Anti-Exploit Guard (UAEG) BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Uploads Anti-Exploit Guard Forum Topic
- Uploads Anti-Exploit Guard (UAEG) BulletProof Mode: Protects the WordPress Uploads folder. ONLY safe image files with valid image file extensions such as jpg, gif, png, etc. can be accessed, opened or viewed from the uploads folder. UAEG blocks files by file extension names in the uploads folder from being accessed, opened, viewed, processed or executed. Malicious files cannot be accessed, opened, viewed, processed or executed in the WordPress Uploads folder. To customize your UAEG htaccess file use the CUSTOM CODE UAEG text box in BPS Pro Custom Code.
JTC Anti-Spam|Anti-Hacker (JTC) BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
99% of all hacking and spamming is automated with HackerBots and SpamBots (auto-registering, auto-logins, auto-posting, auto-commenting). JTC protects all of your WordPress Forms from HackerBots and SpamBots. JTC is 100% effective at stopping all HackerBots and SpamBots.
- JTC Anti-Spam|Anti-Hacker Forum Topic
- JTC Anti-Spam|Anti-Hacker: JTC Anti-Spam|Anti-Hacker provides website security protection as well as website Anti-Spam protection. JTC Anti-Spam|Anti-Hacker is user friendly Anti-Spam/Anti-Hacker Protection. You can customize and personalize your JTC ToolTip message and CAPTCHA to match your website concept. JTC Anti-Spam|Anti-Hacker protects these website pages/Forms: Login page/Form, Registration page/Form, Lost Password page/Form, Comment page/Form, BuddyPress Register page/Form and the BuddyPress Sidebar Login Form with a user friendly & customizable jQuery ToolTip CAPTCHA. JTC Anti-Spam|Anti-Hacker is designed to stop all Form processing if an invalid CAPTCHA is entered or the SpamBot Trap is triggered. What this means is that auto-posting HackerBots and SpamBots cannot auto-register, auto-login, auto-post, auto-comment or overload your website with Brute Force Login attacks, DoS/DDoS attacks or other auto-posting Form Request attacks. All SpamBot & HackerBot Form Requests are stopped before Form processing is allowed to continue to connect to your WordPress Database to process the Form Request.
- Hacker Protection
- Spammer Protection
- Brute Force Login Attack Protection
- DoS/DDoS Attack Protection
- SpamBot Trap
- JTC Anti-Spam|Anti-Hacker Options:
- JTC CAPTCHA: This is the CAPTCHA that users will enter to Register, Login or post Comments on your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > ' " &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.
- JTC ToolTip: This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx or you can get as creative as you want to get with your jQuery ToolTip. Randomness is what makes a CAPTCHA very effective. JTC is designed with CAPTCHA randomness capability as one of its primary features.
- JTC Title|Text: This is the text that is displayed to users above the CAPTCHA text box/Form Field.
- JTC Logging: Turn JTC logging On or Off. JTC log entries are logged in the BPS Pro Security Log file. The JTC log entries include the Form name for whichever Form the CAPTCHA was not successfully entered, CAPTCHA value that was entered, BOT/HUMAN value, Username/Display Name (Comment Form only) and all the other standard Security Log entry values/fields.
- Enable JTC for WooCommerce: Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login and registration page forms.
- Enable|Disable JTC For These Forms: Login page/Form, Registration page/Form, Lost Password page/Form, Comment page/Form, BuddyPress Register page/Form and the BuddyPress Sidebar Login Form. Checking a Form checkbox will display a CAPTCHA on that Form to all users. Unchecking a Form checkbox will remove the CAPTCHA on that Form for all users. The Comment Form is a special case and the CAPTCHA can be displayed based on the User Roles that you choose. See the Comment Form help section below.
- Comment Form Enable|Disable JTC For These Registered/Logged In User Roles: Administrator, Editor, Author, Contributor, Subscriber & any Custom User Roles. Users must be logged into your website for the Comment Form User Roles to work. If you do not require that users are registered and logged in to post comments on your website then these JTC options will not have any effect. These options are ONLY for registered and logged in users and ONLY for your Comment Form if you are using this WordPress Discussion setting: Users must be registered and logged in to comment.
- Comment Form: CAPTCHA Error message: The Default JTC Comment Form CAPTCHA error message is: ERROR: Incorrect JTC CAPTCHA Entered. Click your Browser's back button and re-enter the JTC CAPTCHA. You can change or add to the default error message. This error message only applies to the Comment Form CAPTCHA error message and does not affect or change any of the other Form CAPTCHA error messages.
- Comment Form: CSS Styling: You can position the JTC Title|Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes.
P-Security php.ini Security & Performance BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Website Security & Performance Boosting: php.ini Security Protection against hackers Shell scripts, remote script execution, dangerous php functions... Performance boosting with optimum php.ini settings.
- ini_set Options: The BPS Pro Setup Wizard automatically creates default PHP ini_set functions code/settings in your wp-config.php file. The manual controls can be used to change any of the default ini_set Option settings: Error Reporting Level, PHP Error Logging On|Off, PHP Error Log Location, Log Errors Max Length, Memory Limit, HttpOnly, Session Use Only Cookies, Session Cookie Secure, Ignore Repeated Errors, Ignore Repeated Source, Allow URL Include, Define Syslog Variables, Display PHP Errors, Display PHP Startup Errors, Implicit Flush, Magic Quotes Runtime, Max Script Execution Time, MySQL Connect Timeout, MySQL Trace Mode and Report Memleaks. Status and descriptions are displayed for each directive setting.
- Diagnostic Checking Tool: Performs a Diagnostic Check for all settings that relate to php.ini files, .user.ini files, php handlers, php error log paths and other php/php.ini settings for diagnostic and troubleshooting issues or problems. Recommendations are also given based on your PHP version and your type of Hosting (Shared, VPS or Dedicated Hosting).
- Php.ini File Finder: Search and find any existing php.ini files in your hosting account.
- Php.ini Master File Maker: Create a Master custom php.ini file.
- Php.ini File Creator: Create a custom php.ini file.
- All Purpose File Manager: Add files/file paths to the File Manager. You can open, view, edit and delete any type of file located anywhere under your hosting account. The File Manager and the File Editor work together. Labels/Descriptions for files/file paths that you add in the File Manager are dynamically added to the File Editor dropdown select list. You can also open and view Server protected files.
- All Purpose File Editor: The All Purpose File Editor will allow you to open and edit any type of file under your entire hosting account. You can even open and view your Web Host's Master default php.ini file and other Server configuration files. Protected Server files are ONLY viewable and are NOT editable because they are in Protected Server folders.
- PHP Error Log: View your .htaccess protected PHP error log within your WP Dashboard on the P-Security PHP Error Log page - choose to use the default BPS Pro PHP Error log location, ini_set PHP Error Log Location (Recommended) or set your own php error log location - PHP error log last modified time feature compares actual file last modified time with DB last modified time and has a reset button to reset and synchronize last modified time in DB.
- PHP Info Viewer: .htaccess protected phpinfo file - view your PHP Server Configuration information within your WP Dashboard.
- PHP Multi Viewer: .htaccess protected phpinfo file creator - Allows you to create and view your PHP Server Configuration file within your WP Dashboard for specific directories/folders.
- Php.ini Security Status: Displays the status & descriptions of the Primary Security & Performance Directive Settings: disable_functions, asp_tags, allow_call_time_pass_reference, allow_url_fopen, allow_url_include, define_syslog_variables, display_errors, display_startup_errors, expose_php, implicit_flush, magic_quotes_gpc, magic_quotes_runtime, mysql.allow_persistent, output_buffering, register_globals, register_long_arrays, register_argc_argv, report_memleaks, safe_mode, sql.safe_mode and variables_order.
S-Monitor Monitoring and Alerting BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Reset|Recheck Dismiss Notices: Clicking this button resets ALL Dismiss Notices such as Bonus Code Dismiss Notices and ALL other Dismiss Notices. If you previously dismissed a Dismiss Notice and want to display it again at a later time click this button.
- S-Monitor Options: Choose how you want BPS Pro alerts, warnings, error messages and the Dashboard Status Display displayed to you: Displayed in your WP Dashboard, BPS Pages Only or Turned Off for each individual S-Monitor option.
- Dashboard Status Display: The Heads Up Dashboard Status Display displays at the top of all WordPress pages by default and displays the current BPS Pro version installed & clickable links to pages: Root Folder BulletProof Mode (RBM), wp-admin Folder BulletProof Mode (WBM), AutoRestore (ARQ), MScan Malware Scanner (MSCAN), Database Monitor (DBM), Database Backup (DBB), Plugin Firewall (PFW), Uploads Anti-Exploit Guard (UAEG), Login Security & Monitoring (LSM), JTC Anti-Spam|Anti-Hacker (JTC), Idle Session Logout (ISL) and Auth Cookie Expiration (ACE). It is recommended that you choose Display Status in WP Dashboard for all of these mission critical BPS Pro security features.
- Security Status: BPS Pro Version, RBM, WBM & Alerts: Displays the currently installed BPS Pro version, RBM, WBM & more importantly critical security alerts in your WP Dashboard. It is recommended that you choose: Display Status & Alerts in WP Dashboard. RBM stands for Root BulletProof Mode & displays On or Off, WBM stands for wp-admin BulletProof Mode & displays On or Off.
- Security Log: New Log Entry Has Been Logged Alerts: When new Security Log entries are logged in your Security Log file you are alerted by BPS that you have a new log entry. You can choose to have Security Log Alerts displayed in your WP Dashboard, in BPS pages Only or turn Alerts Off. You can also choose to have Security Log Alerts and log files emailed to you with Email Alerting & Log File Options. Security Log Alerts can be turned On or Off as needed. Recommended setting: Turn Off. The Security Log is a primary troubleshooting tool in BPS Pro, but Security Log alerts will occur all day, every day and can be irritating.
- AutoRestore|Quarantine: ARQ Status: The ARQ Status Display displays whether AutoRestore is On or Off, the ARQ Cron Frequency & the time the next ARQ Cron job will be run. Display options: in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the ARQ Status in your WP Dashboard.
- MScan Malware Scanner: MSCAN Status The MSCAN Status Display displays either a question mark hover icon indicating an MScan scan has not been run yet or the Delete Scan Status Tool has been used, the last successful scan timestamp (manual scans) or the MScan Cron Frequency & the time the next MScan Cron job will be run (BPS Pro only scheduled scans). Display options: Display last or next scan time in your WP Dashboard, BPS Pages Only or turn this status display Off.
- Database Monitor: DBM Status: The DBM Status Display displays whether the Database Monitor is On or Off, the DBM Cron Frequency & the time the next DBM Cron job will be run. Display options: in your WP Dashboard, BPS Pages Only or turn this status display Off.
- Database Monitor: DBM Alerts: The DB Monitor alerts you via email anytime a change/modification occurs in your WordPress database or a new database table is created in your WordPress database based on your DBM Email Alerting & Log file options for DBM. Your DB Monitor Log also logs any changes/modifications to your WordPress database and other relevant help info.
- Database Backup: DBB Status: The DBB Status Display displays either No DB Backups, Backup Job Created or the last successful Database Backup timestamp. Display options: Last Backup time in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the DBB Status in your WP Dashboard.
- Plugin Firewall: Firewall Status: Displays On or Off status of the Plugin Firewall in your WP Dashboard, BPS Pages Only or turn this status display Off. If you have AutoPilot Mode turned On, AutoPilot and the next scheduled Cron timestamp and frequency will be displayed. It is recommended that you choose to display the PFW Status in your WP Dashboard.
- Uploads Anti-Exploit Guard: UAEG Status: Displays On or Off status of UAEG in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the UAEG Status in your WP Dashboard.
- Login Security: Login Security Status: Displays On or Off status of Login Security in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the LSM Status in your WP Dashboard.
- Login Security: Login Security Alerts: Displays Login Security Alerts in your WP Dashboard, BPS Pages Only or turn this status display Off. Choosing Turn Off Displayed Alerts turns Off Login Security Alerts. You can choose email alerting options instead if you do not want to see the WP Dashboard or BPS Pages Only Alerts.
- JTC Anti-Spam|Anti-Hacker: JTC Status: Displays On or Off status of JTC Anti-Spam|Anti-Hacker in your WP Dashboard, BPS Pages Only or turn this status display Off. It is recommended that you choose to display the JTC Status in your WP Dashboard.
- Idle Session Logout: ISL Status: Displays On or Off status of Idle Session Logout in your WP Dashboard, BPS Pages Only or turn this status display Off.
- Auth Cookie Expiration: ACE Status: Displays On or Off status of Auth Cookie Expiration in your WP Dashboard, BPS Pages Only or turn this status display Off.
- F-Lock: File Lock|Unlock Alerts: Checks file permissions for WordPress Mission Critical files in real time. Displays warning and alert messages when any of your WordPress Mission Critical files are unlocked.
- F-Lock: Folder Lock|Unlock Alerts: Cron based scheduled check that checks your Hosting Account Root folder for any new folders that are created. If a new folder is found it is automatically locked with 400 permissions.
- HUD Alerts: BPS Error, Problem and Warning Alerts: Heads Up Display (HUD) Alerts are important and it is recommended that you choose to display these Alerts in your WordPress Dashboard. HUD Alerts will alert you to any serious problems with BPS or any other problem or issues that need to be corrected right away.
- PHP Error Log: Check Folder Path Location Alert: Checks if your php error log file path has been set and that the path is correct. A php error log is a good thing to have in general to check for website problems and it is important in website security monitoring as well.
- PHP Error Log: New Errors in The PHP Error Log Alerts: When new PHP errors occur on your website they are logged in your PHP Error Log and you are alerted by BPS that you have a new PHP error in your error log. You can choose to have PHP Error Log Alerts displayed in your WP Dashboard, in BPS pages Only or turn Alerts Off. You can also choose to have PHP Error Log Alerts and log files emailed to you with Email Alerting & Log File Options. The PHP Error Log Alert contains a link to the P-Security PHP Error Log page.
- Php.ini|ini_set: Error Checks & Alerts: Various checks for possible issues or problems with php.ini files, ini_set options, Loaded Configuration file checks, PHP error log Set To Location matches the error log path seen by the Server, etc.
S-Monitor Email Alerting & Log File Options BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Login Security: Send Email Alert When...: There are 5 different email options. Choose to have email alerts sent when a User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out or Do Not Send Email Alerts. The email alerts contain the action that occurred with Timestamp and these fields: Username, Status, Role, Email, Lockout Time, Lockout Time Expires, User IP Address, User Hostname, Request URI and URL link for the website where the action occurred.
- DBM: When A Database Change|Modification Occurs...: Choose whether or not to have email alerts sent when the Database Monitor has detected a change/modification to any of your database tables.
- DB Monitor Email|Delete Log File: Select the maximum Log File size that you want to allow for your DB Monitor Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first.
- ARQ: When A File Has Been AutoRestored|Quarantined: Choose whether or not to have email alerts sent when a file has been AutoRestored or Quarantined.
- ARQ: When AutoRestore|Quarantine is Turned Off: Choose the frequency (5, 10, 15, 30, 60 minute intervals) of email alerts sent when AutoRestore is turned Off or choose Do Not Send Email Alerts when AutoRestore has been turned Off.
- AutoRestore|Quarantine Email|Delete Log File: Select the maximum Log File size that you want to allow for your Quarantine Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first.
- MSCAN: When A Suspicious File Has Been Detected Choose whether or not to have email alerts sent when a suspicious file or DB Entry has been detected. Note: Email alerts are only sent for scheduled MScan scans and not for manual scans unless you run a manual scan and you have saved a scan frequency option setting.
- MScan Malware Scanner Email|Delete Log File: Select the maximum Log File size that you want to allow for your MScan Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first.
- Security Log: New Log Entry Has Been Logged: Choose whether or not to have email alerts sent when a new security entry has been logged in your Security Log file.
- Security Log File Email|Delete Log File: Select the maximum Log File size that you want to allow for your Security Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first.
- PHP Error Log: New Errors in The PHP Error Log: Choose whether or not to have email alerts sent when a new PHP Error has been logged in your PHP Error Log file.
- PHP Error Log File Email|Delete Log File: Select the maximum Log File size that you want to allow for your PHP Error Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first.
- DB Backup Log File Email|Delete Log File: Select the maximum Log File size that you want to allow for your DB Backup Log File and then select the option that you want when your log file reaches that maximum size. Choose to either automatically Email the Log file to you and delete it or just delete it without emailing the log file to you first.
- F-Lock Folder Lock: When A Folder Has Been Locked: Choose whether or not to have email alerts sent when a folder is locked.
- HPF: Hidden Plugin Folders|Files (HPF) Cron: Choose whether or not to have email alerts sent when a hidden or empty plugin folder is detected or a non-standard WP file is detected in the WordPress /plugins/ folder.
- BPS Pro Upgrade Notification: Choose whether or not to have email alerts sent when a new version of BPS Pro is available. BPS Pro upgrade notifications are displayed just like any other plugin upgrade notification in your WP Dashboard. You can also manually check for a BPS Pro upgrade on the WordPress Plugins page by clicking the BulletProof Security Pro Manual Upgrade Check link.
Pro-Tools BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- BulletProof Security Pro ~ Pro-Tools: 16 mini-plugins that do various useful things.
- Online Base64 Decoder: The Online base64 decoder can be used for safely decoding hackers base64 scripts on a Live website - the decoded code is outputted/written to a text file and is not outputted to your browser - the text file is then zipped and downloaded for safe viewing on your computer.
- Offline Base64 Decode|Encode: The Offline base64 decoder can be used safely for decoding hackers base64 code if you have XAMPP or MAMPP installed on your computer and have a local installation of WordPress on your computer. If you are decoding and encoding known good scripts, text or code then the the Offline Base64 Decoder/Encoder is quick, easy and handy tool to decode and encode base64 code.
- Mcrypt ~ Decrypt|Encrypt: This tool allows you to Encrypt or Decrypt text or code using Mcrypt.
- Crypt Encryption: This tool allows you to test what Encryption Alogorithms are allowed on your Host Server - this tool is pending further development and is very limited at this point.
- Scheduled Crons: This tool checks for and displays all of the Cron jobs that are currently scheduled to run on your website. Displays Last|Next Run Date, Frequency and Hook name. This tool has 2 Option buttons: Reset|Clear All BPS Cron Jobs and Reset|Clear All Cron Jobs. Clearing|Resetting Cron Jobs means unscheduling a Cron Job. When you clear|reset a Cron Job it will be automatically rescheduled with a new run time. You can either clear|reset all BPS Pro Cron Jobs or clear|reset all Cron Jobs that are scheduled (WordPress, other plugins, themes, etc.). This does not delete Cron Jobs and is just resetting|rescheduling them. Note: Resetting BPS Pro Cron Jobs can be used for testing to make sure BPS Pro Cron Jobs are working correctly.
- String|Function Finder: The String|Function Finder can find any string (name of a function, code, text, etc) in any files anywhere within your hosting account. The Finder will search starting from the folder path you enter and search all files in that folder and all subfolders of that folder path. You can search for PHP function names or any string pattern. The Finder is not searching your WordPress Database. Use the DB String Finder if you want to search your database instead of your files.
- String Replacer|Remover: The String Replacer|Remover Preview Mode allows you to preview the string replacement or string removal you want to perform before you use the Replacer|Remover ~ Write Mode to actually write the new string or remove the string. The string replacement that is performed in Preview Mode is only visually replacing the string and is not actually changing or writing a new string.
- DB String Finder: This tool allows you to search your entire database for a string (text or code). The DB String Finder searches your entire WordPress Database (all Database Tables) for the string search term you enter in the DB Search String: window. The string search is not case sensitive. The string search will return search results for all or part of the search term you enter.
- DB Table Cleaner|Remover: This tool allows you to Empty or Drop Top level database Tables in your WordPress Database.
- DNS Finder: This tool allows you to find all DNS Records for websites by Domain Name. Get DNS Records for Domains with DNS_ALL or DNS_ANY. A, NS, CNAME, MX, SOA...
- Ping Website|Server: This tool allows you to check if a website domain is Up/Down or Blocking your website/Server IP Address. Enter Website Domain Name to check - Example: example.com, Enter A Server|Website IP Address to check - Example: 127.0.0.1 or Enter A Hostname to check - Example: example.host.server.net
- cURL Scan: This tool allows you to Scan multiple website pages Source Code simultaneously for any Text or Code. The search string can be plain text or code or a combination of both text and code. You can search outputted website pages Source code and internal js and php scripts. The Pro-Tools String|Function Finder tool is better for searching internal scripts and files and will also show you the code line in the search results. Multi page cURL Scan for Plugin Firewall plugin script Whitelisting scans multiple website pages simultaneously for plugin scripts to add to the Plugin Firewall Whitelist.
- Website Headers: This tool checks and displays your website Headers using either GET or HEAD Requests or can be used to check another website's Headers remotely.
- WP Automatic Update: This Pro-Tool allows you to Turn WP Automatic Updates On or Off. This tool gives you every possible option setting regarding WordPress Automatic Updates. Disable all core updates: Development, minor and major automatic updates are all disabled. Enable all core updates: Development, minor and major automatic updates are all enabled. Enable core updates for minor releases: minor automatic updates are enabled. Development and major automatic updates are disabled.
- Plugin Update Check: This tool is used to check for new Plugin updates from WordPress.org and new BPS Pro versions from the AITpro.com API Server. Can also fix _site_transient_update_plugins corrupted/invalid transient data problems.
- XML-RPC Exploit Checker: This tool checks your website or a remote website to see if the website is protected against or vulnerable to an XML-RPC exploit.
F-Lock BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- File Locking| Unlocking WordPress Mission Critical files from within your WP Dashboard: No need to change file permssions via FTP or your Control Panel - F-Lock detects your Server API (SAPI) and displays either a CGI Permissions & Status Table or a DSO Permissions & Status Table depending on what your Web Host's SAPI is - Allows you to Lock or Unlock ALL of your mission critical files on the fly - Protects WordPress Mission Critical files from Mass Code Injection attacks on web hosts - F-Lock allows you to lock your WordPress Mission Critical files index.php, wp-config.php, wp-blog-header.php and all .htaccess files with 400 and 404 file permissions - there is a known vulnerability with Group Permissions Read file permissions where hackers can successfully Mass Code Inject these files - if your WordPress Mission Critical files are unlocked F-Lock will display a warning message either in your WP Dashboard or BPS Pro pages only depending on what S-Monitor option you choose for F-Lock displayed alerts - the F-Lock Permissions & Status Table displays your current file permssions in real time, the paths to your WP Mission Critical files and the Last Modified date of these files - allows you to also lock / unlock index.php and .htaccess files in your Document Root folder and Root folder for sites using "Giving WordPress Its Own Directory".
- Folder Lock: Folder Lock monitors your Hosting Account Root folder and checks for any new folders that are created. If a new folder is found in your Hosting Account Root folder that is not listed in the Folder Lock Table it is automatically locked with 400 folder permissions.
- Folder Lock Cron Check Frequency: Choose how often the Folder Lock Cron Check should be performed. Every 1, 2, 3, 4, 5, 10, 15, 30 or 60 minutes.
- Folder Lock Cron Check On|Off (Folder Lock On|Off): Turn Folder Lock On or Off. Important Note: Folder Lock should ONLY be turned On, on 1 of your websites under your Hosting Account.
- Rescan|Add Hosting Account Root Folders: Clicking the Rescan|Add Hosting Account Root Folders button deletes all existing DB rows displayed in the Folder Lock Table and creates new DB Rows that will be displayed in the Folder Lock Table.
- Folder Lock Lock & Unlock Form options: Lock or Unlock folders.
Activation BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- BPS Pro Activation: BPS Pro Activation Keys are unique for each website to prevent and protect your Activation Key from being used on another website.
- BPS Pro Plugin Activation Steps:
- Enter the BPS Pro Download-Request Key that was emailed to you when you purchased BPS Pro into the Save Download-Request Key text box and click the Save Download-Request Key button.
- Click the Get Activation Key button to get your BPS Pro Activation Key. Your Activation Key will be emailed to your PayPal email address that you used to purchase BPS Pro with.
- Copy and Paste the BPS Pro Activation Key that was emailed to your PayPal email address into the Save Activation Key text box and click the Save Activation Key button.
Upload Zip Install BPS Pro Only
Setup Wizard Note: The BPS Setup Wizard sets up all BPS plugin options automatically with optimum default settings. You can of course change any BPS plugin option settings to your personal preferences.
- Upload Zip Install: BPS Pro has built-in upload zip installer to install BPS Pro zip files. Click on the Choose File or Browse button. Navigate/browse/go to the folder on your computer where the bulletproof-security.zip file is located and select it and then click the Open button. You should now see the bulletproof-security.zip file name displayed in the page/form. Click the Install Zip Now button to upload and install the BPS Pro zip file. The BPS Pro upload zip installer is designed to overwrite existing BPS Pro plugin files instead of deleting the old BPS Pro plugin files and folder.
|