WordPress.org

How does the BulletProof Security Plugin work?

The BulletProof Security Plugin allows you to instantly create and activate .htaccess website security with one click (ok maybe a few clicks) for your website without having to know anything about .htaccess files. The Master .htaccess files are pre-made and BPS writes .htaccess code that is customized for your website. There is nothing to figure out or to configure. Click the AutoMagic buttons (creates customized Master .htaccess files) and Activate BulletProof Modes (copies the customized Master .htaccess files to your root and wp-admin folders). BPS has built-in Backup and Restore and an .htaccess File Editor for full manual editing control as well. BulletProof Website Security fast and simple. Enjoy!

Do I need to understand .htaccess code in order to use the BulletProof Security Plugin?

No, The .htaccess file creation is automated in BulletProof Security. Everything is automatically done for you. You do not need to know or understand anything about .htaccess website security files in order to use the BulletProof Security plugin.

What do I do if I cannot log back into my website?

If you accidentally activated BulletProof Modes without first clicking the AutoMagic buttons or if you put your website in Maintenance Mode and your IP address has been changed by your ISP and you cannot log back into your website then you will need to use FTP or your Web Host Control Panel File Manager and delete the .htaccess file that BPS created in your website root folder. BPS website security is done purely with .htaccess website security and nothing else is modified on your website. So simply deleting the .htaccess file in your website root folder removes BPS website security and will allow you to log back in, use the AutoMagic buttons and activate BulletProof Mode again to protect your website again.

Does BulletProof Security work on every type of Server?

BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers.

Does BulletProof Security Work on Windows IIS Servers?

Yes and No. .htaccess files are only used on Linux based hosting. You can install BulletProof Security if you have a Windows IIS hosted website to use the additional features in BPS, but you cannot Activate BulletProof Modes and use .htaccess files on Windows Hosting. Please see this WordPress Codex Permalinks without mod_rewrite for more information.

Does BulletProof Security Work on Nginx Servers?

If you are using both Apache and Nginx together and Nginx is the frontend webserver and Apache is the backend Server used to process PHP then BulletProof Security will work on this type of combined Server Configuration. If you are only using Nginx then an .htaccess file will not work. Nginx has its own rewrite module - HttpRewriteModule and the mod_rewrite equivalent of an .htaccess file has similar, but different coding and is added to an Nginx Server config file. Note: If you are not familiar with Nginx, then it should be noted that Nginx does not have a PHP module like apache’s mod_php, instead you either need to build PHP with FPM (ie: php-fpm/fastcgi), or you need to pass the request to something that can handle PHP.

Are there any known issues or conflicts with other WordPress Plugins or Themes?

Occaisonally issues or conflicts do occur with other plugins, but they are always quickly resolved. BPS is compatible with all other Plugins and Themes. An .htaccess bypass / skip rule is all that is required to allow a plugin to do something that is blocked by BPS. Please check the BulletProof Security Plugin Compatibility Testing and Fixes page for the latest plugin bypass / skip rules.

What is the difference between BulletProof Security free and BulletProof Security Pro?

BulletProof Security free provides .htaccess website security protection against browser based hacking attempts: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. It is recommended that you additionally add a secure custom php.ini, log PHP errors, lock ALL WordPress Mission Critical files and add Security logging and HTTP error logging for your website. BulletProof Security Pro contains the same secure .htaccess website security files, includes a custom php.ini file maker / creator, includes AutoRestore - automatic file restoring, includes F-Lock - lock all WordPress Mission Critical files from within your WordPress Dashboard, includes a PHP Error Log and has built-in Security logging and HTTP 400, 403 and 404 error logging. BPS Pro files are automatically updated during the one click upgrade installation. When you perform the one click BPS Pro upgrade your currently active htaccess files will be automatically updated to your current new version of BPS Pro automatically. BPS Pro also has Advanced Real-Time Alerts - BPS Pro checks and displays error, warning, notifications and alert messages in real time. You can choose how you want these messages displayed to you with S-Monitor Monitoring & Alerting Options - Display in your WP Dashboard, BPS Pro pages only, Turned off, Email Alerts, Logging... BPS Pro also has Pro-Tools, which is a set of versatile website tools that perform tasks such as searching your entire website in one click for a particular string or code anywhere throughout all of your website files in one search, decoding or encoding base64 code, replacing or removing a particular string or code anywhere throughout all of your files simultaneously, searching your entire WordPress Database with one click for a particular string or code anywhere throughout all of database tables simultaneously, DNS Finder, DB Table Cleaner...

Is BulletProof Security Network / MU / Multisite Compatible?

Yes. BulletProof Security contains AutoMagic buttons for Network / MU / Multisite websites. Both sub-directory and sub-domain Master .htaccess code is written / created for your specific Network / MU site. BulletProof Modes should only be Activated on the Primary site. All sub sites are virtual and there is no need to Activate BulletProof Modes on sub sites. This will actually screw up your Primary site. BPS allows only Super Admins to see the BPS menus in sub sites. BPS also works with Network / MU Domain Mapping.

Is BulletProof Security Compatible with subdomain websites and subdirectory websites?

Yes, BulletProof Security works on all types of WordPress installations including "Giving WordPress Its Own Directory" websites.

Is BulletProof Security automatically setup already?

Yes and No. You must be using a WordPress Custom Permalink structure for BPS to work correctly (every WordPress site should be anyway). If you are not using a custom Permalink structure then you will get a warning message that Custom Permalinks need to be enabled when you access the BulletProof Security Options page. BulletProof Security includes AutoMagic Master .htaccess file creation so that only one click is required to automatically create your Master .htaccess security files for your website, which you then Activate - BulletProof Mode. BulletProof Security also offers full manual control of editing the .htaccess files using the built-in File Editor. BulletProof Security is designed with everyone in mind: regular folks, Designers, Developers and Coders. BulletProof Security is designed to work with every type of WordPress installation: Single websites, subfolder websites, subdomain websites, "Giving WordPress its Own Directory" websites, Network / MU subdirectory websites and Network / MU subdomain websites. BulletProof Security will automatically create the correct Master .htaccess files for your website when you click the AutoMagic buttons. If you prefer to do everything manually then you would edit your .htaccess using the built-in .htaccess File Editor instead of using Automagic to automatically create your .htaccess files.

Can I add my own .htaccess code to the BulletProof Security .htaccess files?

Yes. Of course. The secure.htaccess and wpadmin-secure.htaccess Master .htaccess files already contain .htaccess security code that protects your website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. Add any additional security filters or other .htaccess code to your Master .htaccess files or your currently active .htaccess files using the built-in .htaccess File Editor. The BulletProof Security Master .htaccess files contain help info and additional options within the .htaccess files themselves. htaccess files can do a lot of neat things besides just providing website security protection. As of version .46.9 you can now also add any custom code to the Custom Code feature. Your custom .htaccess code will be saved to your WP DB permanently until you delete it. Please view the Read Me Help button in Custom Code for specific details.

Does the BulletProof Security Plugin create or write the .htaccess files?

Yes, BulletProof Security creates customized .htaccess website security files with AutoMagic. BulletProof Security also offers full manual control of editing both the BPS Master .htaccess files and your currently active .htaccess files using the built-in .htaccess File Editor. The BPS Master .htaccess files have already been pre-made. When you click the AutoMagic buttons your .htaccess Master files are created with specific code for your specific website with the correct RewriteRule and RewriteBase automatically added to your .htaccess files. You can add additional code to the master .htaccess files, edit the .htaccess files or create completely new .htaccess master files from within the WordPress Dashboard using the built-in BPS File Editor - no FTP required - no Web Host Control Panel required. BPS could also just be used simply as an online .htaccess file editor and manager. AutoMagic is great, but having both AutoMagic and full manual editing control makes BulletProof Security a very versatile website security protection tool.