WordPress Website Security Protection. Website security protection against: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking...
The BulletProof Security Plugin allows you to instantly create and activate .htaccess website security with one click (ok maybe a few clicks) for your website without having to know anything about .htaccess files. The Master .htaccess files are pre-made and BPS writes .htaccess code that is customized for your website. There is nothing to figure out or to configure. Click the AutoMagic buttons (creates customized Master .htaccess files) and Activate BulletProof Modes (copies the customized Master .htaccess files to your root and wp-admin folders). BPS has built-in Backup and Restore and an .htaccess File Editor for full manual editing control as well. BulletProof Website Security fast and simple. Enjoy!
BulletProof Security Login Security & Monitoring allows you to choose whether you want to Log All User Account Logins or Log Only User Account Lockouts. The Dynamic DB Logging Form has 3 checkbox options: Lock, Unlock or Delete database rows. The Login Security database table is hooked into the WordPress Users database table, but they are 2 completely separate database tables. If you lock a User Account then BPS Pro will enforce that lock on that User Account and the User will not be able to log in. If you unlock a User Account then the User will be able to login. Deleting database rows in the Login Security database table does NOT delete the User Account from the WordPress Users database table. When you delete a User Account it is pretty much the same thing as unlocking a User Account. To delete actual User Accounts you would go to the WordPress Users page and delete that User Account.
FrontEnd Maintenance Mode creates template files based on the options you choose and save. When you Turn On Maintenance Mode those template files are copied to the root directory of your website. When you Turn Off Maintenance Mode those template files are deleted from the root directory of your website. Maintenance Mode works by allowing the IP addresses that you enter & save to view the site normally. All other IP addresses will see the Maintenance Mode template page. BackEnd Maintenance Mode writes directly to your wp-admin .htaccess file and adds a deny all block of .htaccess code with the IP addresses the you enter & save when you enable BackEnd Maintenance Mode. When you disable/uncheck BackEnd Maintenance Mode that deny all block of .htaccess code is removed/deleted from your wp-admin .htaccess file. For more extensive help info or CSS Code, Image & Video Embed examples to add in the Maintenance Mode Text, CSS Style Code, Images, Videos Displayed To Website Visitors text area click this Maintenance Mode Guide Forum Topic link: Maintenance Mode Guide.
You can either use FTP and rename the /bulletproof-security plugin folder to login to your site or a stand alone Login Security Unlock User Account Form has been created that allows you to Unlock locked User Accounts outside of your WordPress Dashboard. To use this stand alone script download it from this BulletProof Security Pro plugin folder - /wp-content/plugins/bulletproof-security/admin/htaccess/bpsunlock.php and then upload it to your website root folder. Then type in the path to the bpsunlock.php file in your Browser. Example: http://www.example.com/bpsunlock.php. The stand alone script displays step by step instructions on how to use it.
No, The .htaccess file creation is automated in BulletProof Security. Everything is automatically done for you. You do not need to know or understand anything about .htaccess website security files in order to use the BulletProof Security plugin. Extensive help information can be found in the Blue Read Me help buttons in BPS.
If you accidentally activated BulletProof Modes without first clicking the AutoMagic buttons and/or your IP address has been changed by your ISP and you cannot log back into your website then you will need to use FTP or your Web Host Control Panel File Manager and delete the .htaccess files that BPS creates in your website root folder and your wp-admin folder. BPS .htaccess website security is done purely with .htaccess website security files and nothing else is modified on your website. So simply deleting the .htaccess files in your website root folder & wp-admin folder removes BPS .htaccess website security and will allow you to log back in, use the AutoMagic buttons and activate BulletProof Modes again to protect your website again.
No, BulletProof Security will not cause a website to run slower. BulletProof Security is website performance optimized and uses very little/low website resources and very little Server memory. If you would like to check your plugins to check how much website resource and Server memory each of your plugins is using install the P3 (Plugin Performance Profiler) plugin. Both W3 Total Cache and WP Super Cache use .htaccess code to speed up your website.
Yes, BulletProof security can speed up your website and make it run faster if you use the Speed Boost Cache Bonus Code and add it to BPS Custom Code. See the BulletProof Security Bonus Custom Code section on the BulletProof Security plugin Description page for a link to the Speed Boost Cache Bonus Code.
When upgrading/updating the BulletProof Security plugin you may see this WP Dashboard Alert. BPS Alert! Your site does not appear to be protected by BulletProof Security. There are 2 very common issues/problems that can cause this. The cPanel HotLink Protection Tool issue or the WordPress flush_rewrite_rules function issue. Click this link Common BPS Issues Note: Any custom htaccess code or modifications that you have made to your htaccess files will not be altered, modified or changed during the auto-update. Activating BulletProof Modes again after upgrading BPS is no longer necessary.
Please see the BulletProof Security Forum.
BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. BPS is compatible with Apache Linux Servers, LiteSpeed Servers, Nginx Servers (if the Nginx Server is the frontend Server and Apache Linux Server is the backend Server). If you do not know what type of Server you have you can check your Server Type and Operating System on the BPS System Info page. You can install BulletProof Security if you have a Windows IIS hosted website to use the additional features in BPS, but may or may not be able to Activate BulletProof Modes depending on what your IIS Server does and does not have installed / configured. Please see this WordPress Codex Permalinks without mod_rewrite for additional information regarding IIS Servers and also the Helicon Tech website for additional information regarding ISAPI_Rewrite.
If you are using both Apache and Nginx together and Nginx is the frontend webserver and Apache is the backend Server used to process PHP then BulletProof Security will work on this type of combined Server Configuration. If you are only using Nginx then an .htaccess file will not work. Nginx has its own rewrite module - HttpRewriteModule and the mod_rewrite equivalent of an .htaccess file has similar, but different coding and is added to an Nginx Server config file. Note: If you are not familiar with Nginx, then it should be noted that Nginx does not have a PHP module like Apache's mod_php, instead you either need to build PHP with FPM (ie: php-fpm/fastcgi), or you need to pass the request to something that can handle PHP.
Occasionally issues or conflicts do occur with other plugins, but they are always quickly resolved. BPS is compatible with all other Plugins and Themes. An .htaccess bypass / skip rule is all that is required to allow a plugin or theme to do something that is blocked by BPS. Please check the BulletProof Security Plugin Compatibility Testing and Fixes page for the latest plugin bypass / skip rules. All new plugin skip / bypass rules are now being posted in the BulletProof Security Forum.
Your Security Log will log 400, 403 and 404 (requires copying the BPS 404 logging code to your Theme's 404.php Template) Errors. The Security Log logs 400 and 403 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening this BPS 404 Template file - /bulletproof-security/404.php and copying the logging code into your Theme's 404 Template file. When you open the BPS Pro 404.php file you will see simple instructions on how to add the 404 logging code to your Theme's 404 Template file.
Yes. BulletProof Security contains AutoMagic buttons for Network / Multisite websites. Both sub-directory and sub-domain Master .htaccess code is written / created for your specific Network / Multisite site based on your WordPress version. The BulletProof Security plugin can be Network Activated or you can allow BulletProof Security to be activated individually on each Network / Multisite subsite or of course you can choose not to Network Activate BulletProof Security or allow the BPS plugin on subsites. Only Login Security, System Info & Maintenance Mode menus are available on subsites. Super Admins will see BPS Dashboard Alerts and other Status displays on the Primary Site only. Administrators can activate or deactivate BulletProof Security on subsites if you allow this on your Network / Multisite website. The BPS Primary Site Menus will display all BPS menus. All other BulletProof Security features are not available on subsites since Network/Multisite subsites are virtual and do not have separate website files of their own. All of the other standard BulletProof Security features work sitewide and affect all other virtual subsites with the exception of Login Security which works individually for each specific website - Primary or virtual subsites and therefore should only be available to and controlled by the Super Admin with Network Admin capabilities for the Network/Multisite website. BulletProof Security also works with Network / Multisite Domain Mapping.
Yes. BulletProof Security works with all BuddyPress/bbPress site types.
Yes, BulletProof Security works on all types of WordPress installations including "Giving WordPress Its Own Directory" websites. Note: Maintenance Mode may not work correctly on Network/Multisite Subdomain site types. Pending additional testing.
Yes and No. You must be using a WordPress Custom Permalink structure for BPS to work correctly (every WordPress site should be anyway). If you are not using a custom Permalink structure then you will get a warning message that Custom Permalinks need to be enabled when you access the BulletProof Security Options page. BulletProof Security includes AutoMagic Master .htaccess file creation so that only one click is required to automatically create your Master .htaccess security files for your website, which you then Activate - BulletProof Mode. BulletProof Security also offers full manual control of editing the .htaccess files using the built-in File Editor. BulletProof Security is designed with everyone in mind: regular folks, Designers, Developers and Coders. BulletProof Security is designed to work with every type of WordPress installation: Single websites, subfolder websites, subdomain websites, "Giving WordPress its Own Directory" websites, Network / Multisite subdirectory websites and Network / Multisite subdomain websites. BulletProof Security will automatically create the correct Master .htaccess files for your website when you click the AutoMagic buttons. If you prefer to do everything manually then you would edit your .htaccess using the built-in .htaccess File Editor instead of using Automagic to automatically create your .htaccess files.
Yes. Of course. The secure.htaccess and wpadmin-secure.htaccess Master .htaccess files already contain .htaccess security code that protects your website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. Add any additional security filters or other .htaccess code to your Master .htaccess files or your currently active .htaccess files using the built-in .htaccess File Editor. The BulletProof Security Master .htaccess files contain help info and additional options within the .htaccess files themselves. htaccess files can do a lot of neat things besides just providing website security protection. As of version .46.9 you can now also add any custom code to the Custom Code feature. Your custom .htaccess code will be saved to your WP DB permanently until you delete it. Please view the Read Me Help button in Custom Code for specific details.
Yes, BulletProof Security creates customized .htaccess website security files with AutoMagic. BulletProof Security also offers full manual control of editing both the BPS Master .htaccess files and your currently active .htaccess files using the built-in .htaccess File Editor. The BPS Master .htaccess files have already been pre-made. When you click the AutoMagic buttons your .htaccess Master files are created with specific code for your specific website with the correct RewriteRule and RewriteBase automatically added to your .htaccess files. You can add additional code to the master .htaccess files, edit the .htaccess files or create completely new .htaccess master files from within the WordPress Dashboard using the built-in BPS File Editor - no FTP required - no Web Host Control Panel required. BPS could also just be used simply as an online .htaccess file editor and manager. AutoMagic is great, but having both AutoMagic and full manual editing control makes BulletProof Security a very versatile website security protection tool.
Yes, BulletProof Security works with Git, but does require some additional set up steps. Please see this thread for the setup steps Git distributed version control system setup steps
Requires: 3.0 or higher
Compatible up to: 3.8.1
Last Updated: 2014-3-3
45 of 46 support threads in the last two months have been resolved.
Got something to say? Need help?