WordPress.org

Ready to get started?Download WordPress

Plugin Directory

BulletProof Security

WordPress Website Security Protection. Website security protection against: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking...

htaccess Core Website Security (Security/Firewalls)

WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection... hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging. Login Security/Login Monitoring: Log All Account Logins or Log Only Account Lockouts. Website FrontEnd/BackEnd Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check... System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload... Built-in .htaccess file Editor.

Login Security & Monitoring Website Security (Security/Monitoring)

Login Security & Login Monitoring: Log All User Account Logins or Log Only User Account Lockouts (see Screenshot). Brute Force Login Security Protection. Email alerting options allow you to choose 5 different email alerting options: Choose to have email alerts sent when a User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out or Do Not Send Email Alerts. Choose Standard WP Error Messages or Generic Error Messages for Login Security Stealth Mode. Choose to Enable or Disable Login Password Reset capability for Login Security Stealth Mode. See BulletProof Security Login Security & Monitoring Features for additional features and options.

BulletProof Security is Website Performance Optimized (Performance/Optimization)

Website performance is just as important as website security. BulletProof Security is website performance optimized with website owners best interests at heart. BulletProof Security does NOT abuse the WordPress Database by making excessive MySQL Queries. BulletProof Security does NOT store excessive & non-essential data in your WordPress Database. BulletProof Security does NOT use excessive Server Memory & Resources. BulletProof Security does NOT use gimmicks or bells & whistles that will cost website owners their website performance. The benefits of having website security protection are negated if your website is performing poorly/slowly, continually experiencing out of memory errors/running out of memory, database size growing exponentially with non-essential stored data, etc. BulletProof Security can actually speed up & improve your website performance by using the Speed Boost Cache Bonus Code. See the BulletProof Security Bonus Custom Code help section below.

FrontEnd/BackEnd Maintenance Mode (Security/Development)

Display a website under maintenance page with Countdown Timer to website visitors while the website displays and functions normally for you. When the
Countdown Timer has completed (reached 0) an email reminder is sent to you to remind you that the Countdown Timer has completed. The new BPS Maintenance Mode design includes 20 background images, 15 center images (text box image), allows you to embed image files and YouTube videos, FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes and most importantly is fast and simple to use so that you can switch in and out of Maintenance mode quickly and easily. FrontEnd Maintenance mode is primarily designed for development/maintenance purposes and BackEnd Maintenance Mode is technically a security feature since enabling BackEnd Maintenance Mode allows you to deny access to the /wp-admin folder/WP Dashboard by IP address. See BulletProof Security FrontEnd/BackEnd Maintenance Mode Features for additional features and options.

Why is .htaccess Website Security So Much Better Than Any Other Type of Website Security?

The answer is very simple - .htaccess files (distributed configuration files) are processed first before any other code on your website. In other words, hackers malicious scripts are stopped by BulletProof Security .htaccess files/Firewalls before those scripts even have a chance to reach the php code in WordPress. BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. Please read the FAQ page for Server compatibility questions.

Security Log File Automation - Automatically Zipped, Emailed and Replaced

Security Log files are automatically zipped, emailed and replaced with a new blank Security Log file when the log file reaches the maximum file size setting that you choose. By Default BulletProof Security sets this DB option to zip, email and replace the Security Log file when it reaches 500KB. The Security Log file is checked once per hour with a WordPress Cron. The optimum recommended file size setting is 500KB.

BulletProof Security Fast and Simple with No Manual Configuration Required

The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website. Activate .htaccess website security and .htaccess website under maintenance modes from within your WordPress Dashboard - no FTP required. The BulletProof Security WordPress plugin is a one click security solution that creates, copies, renames, moves or writes to the provided BulletProof Security .htaccess master files. BulletProof Security protects both your Root website folder and wp-admin folder with .htaccess website security protection, as well as providing additional website security protection.

BulletProof Security allows you to add .htaccess website security protection from within the WordPress Dashboard so that you do not have to access your website via FTP or your Web Host Control Panel in order to add website security protection for your WordPress site. BulletProof Security Modes: Root .htaccess security protection, wp-admin .htaccess security protection, Deny All .htaccess self protection, WordPress default .htaccess mode and .htaccess Maintenance Mode (503 Website Under Maintenance). In BulletProof Security Mode your WordPress website is protected from XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.

BulletProof Security Additional Website Security Protection

WordPress is already very secure, but every website, no matter what type of platform it is built on should have additional website security measures in place as a standard. BulletProof Security provides that additional website security protection that every website should have.

Translations

  • Lithuanian by Vincent G from Host1Free.com
  • Filipino/Tagalog by pointen.dk
  • Russian by EyeFinity
  • If you would like to translate the BPS plugin to your language see this BPS Plugin Language Translation Tutorial. Please include a link to your website so that we can add it here. Thank you.
  • Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to... To translate plugin text into your Language.

BulletProof Security Bonus Custom Code

BulletProof Security htaccess Core (Firewalls, etc.) Features

  • Root Folder BulletProof Mode/Firewall
  • wp-admin Folder BulletProof Mode/Firewall
  • Built-in .htaccess File Editor & File Manager
  • Built-in .htaccess Backup and Restore
  • One-click .htaccess website security protection from within the WP Dashboard
  • .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection.......... hacking attempts
  • TimThumb Vulnerability/Exploit .htaccess security protection (Firewall)
  • .htaccess Lock / Unlock (404 Read-Only)
  • .htaccess AutoLock On or Off
  • Security / HTTP Error Logging - Log 400, 403 and 404 Errors
  • Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
  • Security Log: Turn On / Turn Off / Delete Log
  • Security Log Automation: Automatically zipped, emailed and replaced based on file size
  • Automatic .htaccess file updating on BPS upgrade installation
  • New .htaccess security filters automatically added during upgrade
  • WP Dashboard Alerts / WP Dashboard Dismiss Notices
  • Anti Comment Spam .htaccess code - works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
  • Anti Comment Spambot .htaccess code - Forbid Empty Referrer Spambots
  • Author ID / User ID / Username Bot Probe Protection
  • Custom Code feature: Add, Edit, Modify, Save additional Bonus or personal custom .htaccess code
  • WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
  • wp-config.php and bb-config.php files protected with .htaccess security protection
  • php.ini and php5.ini files protected with .htaccess security protection
  • WordPress database errors turned off - Verification and function insurance
  • WordPress version is not displayed / not shown - WordPress version is removed
  • WP Generator Meta Tag filtered - not displayed / not shown
  • WP DB default admin username / account check
  • System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, WP Filesystem API Method, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache and Memcached
  • Security Status Page - Displays website security status information
  • File and Folder Permission Checking - CGI / DSO - SAPI check / display
  • Help & FAQ page - links to BPS Guide and other detailed Help & Info pages
  • Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
  • Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
  • Log in / out of your website while in Maintenance Mode
  • Customizable 503 Website Under Maintenance page
  • HUD Success / Error message display
  • i18n Language Translation coding

BulletProof Security Login Security & Monitoring Features

  • Brute Force Login Security Protection
  • Log All User Account Logins or Log Only User Account Lockouts
  • Logged DB Fields: User ID, Username, Display Name, Email, Role, Login Time, Lockout Expires, IP Address, Hostname, Request URI
  • Email Alerting Options: User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out, Do Not Send Email Alerts
  • Login Security Additional Options: Max Login Attempts, Automatic Lockout Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
  • Login Security Stealth Mode: Standard WP Error Messages or Generic Error Messages.
  • Login Security Stealth Mode: Enable or Disable Login Password Reset capability and links.
  • Dynamic DB Form: Lock, Unlock, Delete
  • Enhanced Search: Allows you to search all of the Login Security database rows/Fields
  • Stand-alone Unlock Form bpsunlock.php: Unlock User Accounts without having to be logged into the WP Dashboard
  • Click the Login Security Blue Read Me help button for full descriptions of all features and options.

BulletProof Security FrontEnd/BackEnd Maintenance Mode Features

  • FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes
  • Website displays & functions normally while visitors see a website under maintenance page
  • TinyMCE WYSIWYG Editor
  • Embed image files and YouTube videos
  • 20 background images, 15 center images (text box image)
  • Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image)
  • Enable Countdown Timer
  • Countdown Timer Text Color
  • Maintenance Mode Time in Minutes
  • Header Retry-After in Minutes ~ 503 HTTP Status Code
  • Enable FrontEnd Maintenance Mode ~ site development, maintenance, coming soon, under construction, etc.
  • Enable BackEnd Maintenance Mode ~ Deny All IP address .htaccess protection for the wp-admin folder / WP Dashboard
  • Maintenance Mode IP Address Whitelist Text Box: Enter The IP Addresses That Can View The Website Normally (not in Maintenance Mode)
  • Maintenance Mode Text, Images, Videos Displayed To Website Visitors
  • Background Images ~ 20 background images ~ mix and match with center images ~ see screenshot
  • Center Images ~ 15 center images ~ mix and match with background images ~ see screenshot
  • Background Colors (If not using a Background Image)
  • Display Visitor IP Address
  • Display Admin/Login Link
  • Display Dashboard Reminder Message when site is in Maintenance Mode
  • Send Email Reminder when Maintenance Mode Countdown Timer has completed
  • Email: To, From, cc, bcc
  • Network/Multisite Primary Site Options ONLY
  • Put The Primary Site And All Subsites In Maintenance Mode
  • Put All Subsites In Maintenance Mode, But Not The Primary Site
  • Click the Maintenance Mode Blue Read Me help button for full descriptions of all features and options.

Requires: 3.0 or higher
Compatible up to: 3.9
Last Updated: 2014-3-26
Downloads: 1,103,656

Ratings

4 stars
4.8 out of 5 stars

Support

41 of 44 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,3,3
86,7,6 100,3,3 100,11,11 100,1,1 100,4,4 92,13,12
100,1,1
100,2,2
100,1,1 100,1,1
100,4,4 100,2,2 67,3,2 63,8,5 100,2,2
100,1,1 75,4,3 100,1,1
100,2,2 100,1,1 100,1,1
100,3,3 90,10,9 100,2,2
100,3,3 100,1,1
100,2,2 100,9,9 100,5,5 100,6,6
89,9,8 100,1,1
83,6,5 95,20,19 100,12,12 100,1,1 100,2,2 100,1,1
100,6,6 86,7,6 100,1,1
100,7,7
67,6,4 83,6,5 89,27,24 100,2,2 100,1,1
100,3,3 93,15,14 78,18,14 100,4,4 100,1,1 100,1,1
0,1,0 100,14,14 100,2,2
100,7,7 67,3,2 90,10,9 100,5,5 88,8,7 100,2,2 100,1,1 100,2,2 100,4,4 100,2,2 100,1,1 100,1,1
100,1,1 50,2,1
100,7,7 100,1,1
100,4,4 100,3,3 100,2,2 100,1,1 100,2,2
100,1,1 100,2,2 100,1,1 100,2,2
100,2,2
100,1,1 100,2,2 100,3,3 100,2,2
100,1,1