Ready to get started?Download WordPress

Plugin Directory

BulletProof Security

WordPress Website Security Protection. Website security protection against: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking...


  • Security Logging major changes/improvements to logging template files/code & start of Phase 1 Security Log Solution Targeting: The Security Logging code has been significantly improved in BPS .50.1. Logging is more streamlined, performance optimized & faster than in previous BPS versions, even with the new general conditional pattern checking code added.
  • As of BPS .50.1 two new Security Log Fields have been added to Security Logging: Event Code and Solution. In Phase 1 of Security Log Solution Targeting the primary focus is on detecting possible Plugin Skip/Bypass rules & wp-admin Skip/Bypass Rules issues that need/require a one-time solution. Since 99.99% of the Security Log entries are blocked/forbidden hackers, spammers, scrapers, harvesters, miners, bad bots, etc. then the Security Log checking conditions can and should be streamlined/performance optimized by only looking at pattern matches in a broad scope.
  • Maintenance Mode Accordion: Maintenance Mode Accordion created for better functionality/usability. Code correction: Maintenance Mode website name not displayed in the reminder email. Code correction: Maintenance Mode Apostrophes/single quote code character displayed with an escape backslash.
  • New Bonus Custom Code/Dismiss Notice: WordPress XML-RPC DDoS Protection: Special Thanks goes to Gary Gordon for reporting the recent WordPress XML-RPC exploits/attacks. The XML-RPC DDoS PROTECTION Bonus Custom Code .htaccess code completely turns off/disables IXR-RPC Client/Server capabilities on a website by protecting the WordPress xmlrpc.php file from being publicly accessible, which prevents the IXR XML-RPC Client/Server connection. Using this Bonus Custom Code will turn off/disable remote posting capability from Weblog Clients (A Weblog Client is software you run on your local machine (desktop) that lets you post to your blog via XML-RPC), unless you add (whitelist) your IP address in the XML-RPC DDoS PROTECTION Bonus Code.
  • New Dismiss Notice Added: WordPress Firewall 2 plugin check The WordPress Firewall 2 plugin contains a coding mistake and has not been updated in over 3 years. The wp-admin area is supposed to be whitelisted by default, but that code is not working correctly, which breaks several things in the BPS plugin. The Dismiss Notice will alert users to this existing problem.
  • New/Updated Help & FAQ Help Links: Help & FAQ tab pages have updated links, old/outdated links removed, etc.
  • Enjoy!


  • Bugfix/Code Correction: Maintenance Mode str_replace has been changed to dirname for GWIOD site types to get the site root index.php file path
  • Special Thanks go to Eddy Estevez for reporting this bug.
  • Enjoy!


  • New Feature: Maintenance Mode - FrontEnd/BackEnd Maintenance Mode Maintenance Mode Guide The previous Maintenance Mode feature in BPS has been completely removed/replaced with the new Maintenance Mode feature in BPS .49.9. This is a completely new BPS feature. The new BPS Maintenance Mode design includes 20 background images, 15 center images (text box image), allows you to embed image files and YouTube videos, FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes and most importantly is fast and simple to use so that you can switch in and out of Maintenance mode quickly and easily. Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image).
  • New Headers check tool added to the System Info page: Check your website Headers or another website's Headers by making a GET Request. Both GET and HEAD Headers checking is now available on the System Info page.
  • New System Info checks: Standard/GWIOD Site Type, BuddyPress and bbPress. If GWIOD site type display WordPress Address (URL) and Site Address (URL).
  • BPS Plugin/Theme Script Dequeue function added: Dequeue any/all other plugin or theme scripts that attempt to load in BPS plugin pages: A new BPS function has been added that Dequeues any/all other plugin or theme scripts on/in BPS plugin pages ONLY, which causes a wide variety of problems for BPS , such as broken plugin functionality, broken menus and pages not displaying visually correct. This new BPS Dequeue function only runs on/in BPS plugin pages and does not run anywhere else or affect anything else on a website. The BPS Dequeue function is only designed to prevent any other plugins or themes from loading their scripts in BPS plugin pages and does not do or affect anything else on a website.
  • Security Log Code Correction/Enhancement: Security Log User Agent/Bot filter auto-updated during BPS upgrade: The BPS 403.php Security Log template file is replaced during BPS plugin updates/upgrades, which is normal WordPress plugin update/upgrade procedure. The BPS 403.php Security Logging template is now auto-updated during BPS plugin upgrades/updates and automatically adds any previously added/saved User Agent/Bot filters to the new 403.php template file if any User Agents/Bots to Ignore/Not Log were previously added/saved.
  • W3TC and WPSC Error checking/messages modified to reflect current version error checking: Several things have changed in BPS .49.9 relating to W3TC and WPSC and related error messages.
  • DB Table datatype Issue/problem affects SQL Server (not MySQL) only: CREATE TABLE Query id column datatype has been changed from mediumint(9) to bigint(20).
  • Backup & Restore page/other misc pages: Master File backups and checks are obsolete and have been removed from BPS .49.9.
  • htaccess Core Security Modes page: Descriptive titles added to Radio buttons for BulletProof Modes: Root Folder BulletProof Mode, wp-admin Folder BulletProof Mode, Master htaccess BulletProof Mode and BPS Backup BulletProof Mode.
  • Feature Request by Daedalon: Unused po & mo Language files automatically deleted: Unused po & mo Language files are automatically deleted on page access for these BPS pages: htaccess Core, Login Security, Security Log and Maintenance Mode.
  • Enjoy!


  • Custom Code Code Correction: ENT_QUOTES flag added to Custom Code AutoMagic variables to convert Single Quote HTML entities stored in the DB back to characters during AutoMagic File writing.
  • Enjoy!


  • Network / Multisite Plugin Network Activation or Single subsite Plugin Activation: As of BulletProof Security .49.7, the BPS plugin can be Network Activated or you can allow the BPS plugin to be activated individually on each Network / Multisite subsite or of course you can choose not to Network Activate BPS or allow the BPS plugin on subsites.
  • New AutoMagic WP 3.5+ Network / Multisite .htaccess code: BPS AutoMagic buttons automatically write the correct Network / Multisite root .htaccess code for your site based on your WordPress version.
  • Network / Multisite New Feature Notice: BPS can now be Network Activated on Multisite: This Network / Multisite New Feature Dismiss Notice displays on Network / Multisite only to alert Network / Multisite site owners about the new Network Activation capability in BPS.
  • CSS Visual Style Changes for WP 3.8+ MP6 & Pre 3.8 WP Versions: WordPress 3.8 is using the new MP6 GUI. A BPS 3.8 CSS stylesheet has been created to visually display things correctly in WordPress 3.8. BPS will automatically load the correct CSS stylesheet for your WordPress version. CSS visual enhancements were also created for pre WordPress 3.8 versions.
  • See the BPS Whats New page for more details
  • Enjoy!


  • Bonus Code Dismiss Notice Added: Author ID / User ID / Username BOT Probe Protection Code: Protects against hacker Bot Probes looking for WordPress author enumeration (a numbered list of Author ID's / User ID's) to exploit. Generates a standard WordPress 404 Error instead of displaying Author ID's / User ID's / Usernames.
  • Root .htaccess File code modifications/changes:
OLD: RedirectMatch 403 /\..*$
NEW: RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$

BPS Query String Exploits Code Changes
OLD: RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
NEW: RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]

OLD: RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
NEW: RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]

OLD: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
NEW: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]

OLD: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
NEW: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
  • See the BPS Whats New page for more details
  • Enjoy!


  • Reverting: Brute Force Login Protection code is now optional/Bonus Code again
  • BPS will not automatically add this code as standard code in the root .htaccess file
  • The Brute Force Login Protection Custom Code text box will remain for folks who can use this code on their websites.
  • See the BPS Whats New page for more details
  • Enjoy!


  • Code Mod to Brute Force Login Protection code to allow for the widest possible range of compatibility
  • This affected a small number of folks
  • MOD: RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR] to RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
  • Enjoy!


  • New Feature - Security Log zip, email and delete/replace option: Security Log files are automatically zipped, emailed and replaced with a new blank security log file when they reach the maximum file size setting on the Security Log page. During the BPS upgrade this is automatically set to zip and email log files when they reach 500KB in size.
  • Structural/Menu Changes: The Security Log & System Info tab pages have been moved out of htaccess Core and now have their own separate pages/menu links.
  • New standard root .htaccess code added: Server Protocol HTTP/1.0 and blank User Agent htaccess BRUTE FORCE LOGIN PAGE PROTECTION code is now standard .htaccess code in the BPS root .htaccess file.
  • New BPS Custom Code Text box added: A new Custom Code Text box has been added: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION.
  • Check Headers Tool added to the System Info page: This tool Allows you to check your website Headers or another website's Headers remotely.
  • New System Info page check - Public IP/X-Forwarded-For check: If you are using CloudFlare on your website then you will see Proxy X-Forwarded-For IP Address: instead of Public ISP IP / Your Computer IP Address: displayed to you. This additional check is for troubleshooting issues with CloudFlare, CDN, Proxy or VPN.
  • PHP mysqli_get_client_info function additional check Additional function checking code has been added in cases where the mysqli_get_client_info function is not available on a Host Server.
  • Enjoy!


  • Dismiss Notice text corrections: S-Monitor page text changed to Security Status page
  • W3TC & WPSC Alerts text corrections: Edit/Upload/Download page text changed to htaccess File Editor page
  • Several BPS functions renamed for uniqueness/no-conflict assurance
  • PHP 5.5.x Deprecated function replacement file options.php: mysql_get_client_info replaced with mysqli_get_client_info
  • PHP 5.5.x Deprecated function replacements file bpsunlock.php: New code using MySQLi instead of MySQL
  • Enjoy!


  • Backup folder path correction on Backup & Restore page
  • WP Filesystem API Method will display the WordPress Filesystem Method in use. For DSO Server troubleshooting additional fields will be displayed if the Script Owner and File Owner ID's do not match.
  • Custom Code help text changes
  • Custom Code additional error checking
  • htaccess auto-writing additions
  • Additional root htaccess file placeholders/markers added
  • New Dashboard Dismiss Notices: Sucuri 1-click Hardening, Broken Link Checker, phpini handler, Speed Boost Custom Code, Custom Permalinks check
  • Dashboard Alerts are now only displayed to Administrators. Editors, Authors, etc will no longer see Alerts
  • The htaccess Core Edit/Upload/Download tab page has been renamed to htaccess File Editor.
  • The File Upload & Download features have been removed from the new htaccess File Editor page since these features/options are obsolete.
  • Visual Enhancements: AutoMagic font size increased, etc.
  • Enjoy!


  • Security Vulnerability/Bug Fix/Patch: HTML rendered in Security Log file via Logged Header Fields
  • Special Thanks go to Jacek Sowinski via Secunia SVCRP for discovering this vulnerability.
  • Solution/Fix: Security Log logged Header Fields are now HTML escaped
  • Enjoy!


  • 2 New Login Security Options Added:
  • Error Messages: Choose to display Standard WP Login Error Messages or Generic Error Messages.
  • Password Reset: Enable or Disable Login Password Reset capability. This option also includes additionl Stealth Mode capabilities. Please read the Blue Read Me help button on the BPS Login Security page for a full description and additional help information.
  • Login Security Bug Fix/Code Correction: Using the /wp-login.php URL no longer generates an initial login error.
  • New Dismiss Notice - Brute Force Login Protection Code: At some point the Brute Force Login Protection code will be standard in BPS .htaccess files. For now a dismiss notice has been added with a link to the Brute Force Login Protection code.
  • Additional error checking & Overall Code Improvements: Really too many things to list so in general BPS .48.9 is more streamlined, has better/additional error checking and overall code improvements throughout BPS.
  • Enjoy!


  • Code / Help Text Corrections
  • Corrected Help Text typos in Custom Code. Code Correction for the Network/Multisite menus / pluggable.php issue
  • Enjoy!


  • Auto-update now displays ONLY - The BPS Automatic htaccess File Update Completed Successfully!
  • The old Dashboard Alert has caused a lot of confusion so it is now history
  • Enjoy!


  • Custom Code Additions: Custom Code now includes additional Text Areas/Text Boxes for every possible section of code in the Root and wp-admin .htaccess files
  • A jQuery Accordian has been added to Custom Code to ensure that the correct Custom Code Text Areas/Text Boxes are being used, better functionality and visual enhancement.
  • Windows IIS check/dismiss notice. Displays a dismissable alert for folks who have Windows IIS Servers that allow .htaccess rewriting or have ISAPI_Rewrite installed which allows/converts .htaccess rewriting.
  • Reset / Recheck Dismiss Notices added to Security Status page
  • Lots of other improvements
  • Enjoy!


  • Bug fix: Conditional wrap added to /includes/login-security.php
  • Enjoy!


  • Login Security & Monitoring
  • Log All User Account Logins or Log Only User Account Lockouts
  • Logged DB Fields: User ID, Username, Display Name, Email, Role, Login Time, Lockout Expires, IP Address, Hostname, Request URI
  • Email Alerting Options: User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in when a User Account is locked out, Do Not Send Email Alerts
  • Login Security Additional Options: Max Login Attempts, Automatic Lockout Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
  • Dynamic DB Form: Lock, Unlock, Delete
  • Enhanced Search: Allows you to search all of the Login Security database rows/Fields
  • Stand-alone Unlock Form bpsunlock.php: Unlock User Accounts without having to be logged into the WP Dashboard
  • Please click the Login Security Blue Read Me help button for full descriptions of all features and options.
  • Enjoy!


  • jQuery Code changes for the new jQuery version in WordPress 3.6
  • Enjoy!


  • Bug fix: Turn On/Off Error logging pattern match correction to include all possible scenarios
  • Bug fix: ErrorDocument 401 default added/removed on Turn Error Logging On/Off
  • Enjoy!


  • Security Log - Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
  • New htaccess code - ErrorDocument 401 default
  • General Coding Improvements & Enhancements
  • Enjoy!


  • facebook externalhit_uatext.php script/error log fix
  • 400, 403 and 404 Error Logging templates modified
  • General Coding Improvements & Enhancements
  • Enjoy!


  • Security Logging / HTTP Error Logging On / Off buttons added
  • Turn Security Logging / HTTP Error Logging On or Off on the Security Log page
  • Russian Translation by EyeFinity
  • General Coding Improvements & Enhancements
  • Enjoy!


  • Security Logging / HTTP Error Logging - Log 400, 403 and 404 Errors
  • Security Logging / HTTP Error Logging Dashboard Alert - log file size
  • IMPORTANT: NEW root .htacess file code automatically created/modified on upgrade
  • Additional System Info Check Added: cURL Extension
  • General Coding Improvements & Enhancements
  • Enjoy!


  • IMPORTANT UPDATE: .htaccess FILE UPDATE FOR WordPress 3.5
  • 3.5 BUG FIX: visual and text editor display blank boxes
  • Problem: Square Bracket filters are blocking the visual and text editor
  • Solution: Square Brackets are automatically removed from .htaccess files/filters on upgrade to .47.7
  • Enjoy!


  • BPS Master htaccess Folder Deny All .htaccess security protection automated
  • BPS Backup Folder Deny All .htaccess security protection automated
  • Turn On AutoLock / Turn Off AutoLock options/buttons added
  • General Coding Improvements & Enhancements
  • Visual Improvements/Enhancements
  • Enjoy!


  • General Coding Improvements & Enhancements:
  • WordPress 3.5 pre-release coding added
  • Visual Improvements/Enhancements
  • jQuery coding Improvements/Enhancements
  • .htaccess code Additions and Improvements
  • Anti-Comment Spam .htaccess coding added
  • DNS Host Name Check for htaccess file auto-lock
  • Screenshot image files moved to the assets folder to reduce plugin size = speedier upgrades
  • Enjoy!


  • Improved and Extended Automatic htaccess File Upgrading
  • No need to reactivate BulletProof Modes when upgrading
  • Automatic updating from .46.9 to the current version of BPS
  • Additional System Info Checks Added:
  • Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, Memcache and Memcached
  • System Info Checks: check if extensions are installed, loaded, enabled or disabled
  • Additional Memory Limit Checks: WordPress Admin Memory Limit, WordPress Base Memory Limit and PHP Actual Configuration Memory Limit
  • Enjoy!


  • .47.2 Automatic .htaccess file updating on upgrade installation added
  • No need to reactivate BulletProof Modes when upgrading
  • .47.2 New htaccess security filter added automatically during upgrade
  • .47.3 New htaccess security filter added automatically during upgrade
  • .47.3 Deny All protection automatically activated for BPS Master /htaccess folder
  • WP Dashboard Alerts - Root and wp-admin htaccess file checks
  • Enjoy!


  • Automatic .htaccess file updating on upgrade installation
  • No need to reactivate BulletProof Modes when upgrading
  • New htaccess security filter added automatically during upgrade
  • WP Dashboard Alerts - Root and wp-admin htaccess file checks
  • Lithuanian Language Translation by Vincent G from Host1Free.com
  • Enjoy!


  • A very minor coding mistake - A superglobal did not have html entities escaped
  • No reported problems or issues
  • Sincere thanks to SiNA Rabbani for discovering this coding mistake
  • Sincere thanks to Jon and Mark from WordPress.org as well for assistance


  • View the Whats New page in BPS for the latest changes to BPS
  • No changes have been made to either the Root or wp-admin .htaccess files
  • i18n Language Translation Coding Added
  • Language Translation Tutorial link added to the Whats New page in BPS
  • Coding improvements / enhancements
  • Enjoy!


  • Significant changes to both the Root and wp-admin .htaccess files Create new Master .htaccess files with AutoMagic and activate all BulletProof Modes.
  • NEW Custom Code feature added to BPS
  • Coding improvements / enhancements
  • Enjoy!


  • New TimThumb .htaccess code allows internal image requests but Forbids RFI hacking attempts
  • BPS is no longer Forbidding TimThumb thumbnailer scripts by default
  • DNS Name Server check on System Info page
  • Coding improvements / enhancements
  • WP Rating and Download Stats added to BPS
  • CSS nick nacks
  • Enjoy!


  • New jQuery Dialog Read Me Help buttons have been created to replace the old Hover ToolTips
  • WP_CONTENT_DIR replaces ABSPATH path for sites that have moved wp-content to another location
  • .htaccess Return Carriage filter modified
  • .htaccess Slash-Jack filter modified
  • Several new pop up confirm messages have been added throughout BPS for forms that perform critical operations
  • Several new SAPI types have been added to CGI and DSO checking
  • AutoMagic for Network / Multisite sub domain sites is no longer writing the wp-admin forbid coding
  • Link to Sucuri Malware Website Scanner added
  • BPS is Forbidding Thumbnailer Scripts by Default
  • To enable Thumbnailer Scritps see root .htaccess file
  • Enjoy!


  • Cookie filter removed from BPS QUERY STRING EXPLOITS
  • Explicit "exec" and "execute" filter removed from BPS QUERY STRING EXPLOITS
  • non-GPL Javascript Countdown Timer removed
  • BPS is Forbidding Thumbnailer Scripts by Default
  • To enable Thumbnailer Scritps see root .htaccess file
  • Enjoy!


  • Massive amount of new security filters
  • Complete restructuring of how .htaccess Rewriting is processed to work with WP
  • Network / Multisite AutoMagic buttons added
  • Network / Multisite code added for Super Admins - display BPS menus to Super Admins only
  • New System Info information added
  • File permission checking and recommendations for CGI or DSO - SAPI detection
  • File Lock / Unlock buttons - Read Only root .htaccess - CGI / DSO SAPI detection
  • Help info updated
  • Updated Whats New
  • Lots of other stuff
  • Enjoy!


  • Network / Multisite detect with additional help info
  • chmod 0644 added to copy function for default, secure and wp-admin htaccess files
  • Fixed CSS display issues for WP versions 3.2+
  • Replaced PP donate link with BPS Pro Upgrade link
  • Replaced BPS Pro Modules page with BPS Pro Features page
  • Security Status print output instead of var_dump
  • Help info updated
  • Other CSS changes
  • Updated Whats New


  • BPS Security Top Level Menu added
  • Whats New page was added - Read the new Whats New page for details about the latest changes to BPS
  • BPS Master htaccess file changes
  • Maintenance Mode page changes - Form settings saved to the WP DB
  • HUD, W3TC and WPSC - Heads Up Display checks / messages changes / additions
  • wp-admin htaccess file removal added
  • My Notes page was added


  • Additional new .htaccess security coding and modifications added to the BPS master .htaccess files
  • New plugin conflict permanent fixes added to the secure.htaccess Master file
  • BulletProof Security is now fully AutoMagic and still offers full manual control


  • Additional new .htaccess coding and modifications added to the BPS master .htaccess files
  • New plugin conflict permanent fixes added to the secure.htaccess Master file
  • Maintenance Mode is AutoMagic - Completed the Maintenance Mode page ...finally
  • Create the Maintenance Mode Under Maintenance page from within the Dashboard
  • Preview your Website Under Maintenance page from within the Dashboard
  • New System Information Displayed - WordPress Installation Folder, WordPress Installation Type and
  • WP Permalink Structure Checks and displayed info
  • Heads Up Display (HUD) created
  • Improved Error and Warning messages
  • Major Core code improvements
  • nick nack core code fixes and improvements
  • New Help and FAQ links - new help pages created on AIT-pro


  • New File Uploader code written - no longer using Uploadify code
  • New File Downloader code written - no longer using Zubrag code
  • File Uploader is AutoMagic - no setup required
  • File Downloader is one-click - no setup required
  • Major overhaul of the core BPS coding
  • !!! Special Thanks to Jon Cave!!!
  • for finding a CSRF security vulnerability in BPS .45.9
  • that has now been eliminated in BPS .46 with new coding
  • And also excellent coding advice to improve BPS even more
  • and making the e

Requires: 3.0 or higher
Compatible up to: 3.9
Last Updated: 2014-3-26
Downloads: 1,103,757


4 stars
4.8 out of 5 stars


42 of 44 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

86,7,6 100,3,3 100,11,11 100,1,1 100,4,4 92,13,12
100,1,1 100,1,1
100,4,4 100,2,2 67,3,2 63,8,5 100,2,2
100,1,1 75,4,3 100,1,1
100,2,2 100,1,1 100,1,1
100,3,3 90,10,9 100,2,2
100,3,3 100,1,1
100,2,2 100,9,9 100,5,5 100,6,6
89,9,8 100,1,1
83,6,5 95,20,19 100,12,12 100,1,1 100,2,2 100,1,1
100,6,6 86,7,6 100,1,1
67,6,4 83,6,5 89,27,24 100,2,2 100,1,1
100,3,3 93,15,14 78,18,14 100,4,4 100,1,1 100,1,1
0,1,0 100,14,14 100,2,2
100,7,7 67,3,2 90,10,9 100,5,5 88,8,7 100,2,2 100,1,1 100,2,2 100,4,4 100,2,2 100,1,1 100,1,1
100,1,1 50,2,1
100,7,7 100,1,1
100,4,4 100,3,3 100,2,2 100,1,1 100,2,2
100,1,1 100,2,2 100,1,1 100,2,2
100,1,1 100,2,2 100,3,3 100,2,2