WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] add data to htaccess file instead of overwriting it ? (6 posts)

  1. gdeschep
    Member
    Posted 1 year ago #

    I just installed bulletproof security on my blog (in addition to Better WP Security) and it seems to be a very nice plugin.

    But would it be possible to change it or at least add an option to let BPS add to the .htaccess file rather than completely replacing it ?

    Right now there is no "interaction" between the data being added by other plugins and the settings in BPS.
    In other words, if some other plugin updates its rules in .htaccess, those changes are not reflected in BPS.

    E.g. Each time I want to change one setting in Better WP Security after I activated BPS I'll have to manually look for that change in .htaccess and update/activate the BPS master file accordingly

    Most if not all other plugins add/update their own section to the .htaccess file so that they don't interfere with other plugins accessing that same file.
    E.g. Better WP Security adds its rules between "# BEGIN Better WP Security" and "# END Better WP Security".

    So I repeat my question: Would it be possible to add an option to BPS to put all its rules between custom tags, e.g. "# BEGIN BulletProof Security" and "# END BulletProof Security" and only update everything between those tags upon activation ?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    BPS .htaccess code would not work correctly as stand alone .htaccess code and must be integrated into the WordPress rewrite loop in order to add security protection beyond the website root directory. ie rewriting levels above the root such as categories, posts, pages, etc.

    BPS is integrated into the WordPress rewrite loop and does utilize/incorporate the same default/base WordPress .htaccess code that WordPress uses.

    It would be possible to splice the BPS .htaccess code into the default/base WordPress .htaccess code, but this would actually be very impractical to do.

    Then you have to factor in things like AutoMagic. AutoMagic needs to create new .htaccess code based on each website's specific type, installation paths, RewriteBase, etc. and that .htaccess code is the same .htaccess code that WordPress uses in its default/base .htaccess code.

    Since BPS is an advanced .htaccess file editing plugin that comes with its own advanced .htaccess code/security filters and built-in .htaccess editing tools/features you can quickly, easily and permanently save customizations or add additional .htaccess code such as the Better WP Security .htaccess code.

    We added the BPS Custom Code feature for exactly this reason - to accomodate adding additional custom htaccess code permanently. I have heard from several folks that they cut and paste the Better WP Security .htaccess code into the BPS Custom Code feature and everything works fine.

    Note: I do not recommend that you use the Server Tweaks feature in WP Better Security because that .htaccess code is redundant with BPS .htaccess code and is actually much less sophisticated/advanced.

  3. gdeschep
    Member
    Posted 1 year ago #

    Ok, thanks for the clarification.

    I'm also pasting the Better WP Security code in the custom code box and it indeed works fine.

    The problem starts however when I want/need to change some settings in other plugins (either Better WP Security or others) afterwards.
    But with the details you just provided I understand my proposal wouldn't work.

    Thanks for the fast response and pointing out that I shouldn't use the Server Tweaks feature in Better WP Security. I wasn't aware of that.

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Update: Things have changed with the Better WP Security plugin so I no longer know if this information is valid. I believe the .htaccess code section has now been moved to the Better WP Security Menu link/page and Server Tweaks now does something else. Or maybe they have been split up? The general idea is that you can use the BPS Custom Code feature to create your own combined custom master .htaccess files.

  5. Grant Palin
    Member
    Posted 1 year ago #

    I'm on a security kick lately, and have been taking steps to tighten up my WordPress site, so advice like this is welcome to see for making plugins work together. Thanks to the custom code section of the BPS settings, I've kept custom rules such as the 5G blacklist (http://perishablepress.com/5g-blacklist/), the Better WP Security rules, and some miscellaneous items (should probably review and prune those). So thanks for accommodating other plugins!

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep I think the best feature about BPS is the Custom Code feature since it gives you the ability to mix and match/roll your own. This was a brilliant feature suggested/requested a long while back by someone. I use Custom Code myself all the time for creating RedirectMatch 301 redirect code to handle 404's and several other things as well. I am always open to new ideas/suggestions/requests/feedback since they can lead to very useful features/tools/etc. Thanks for your feedback.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic