WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Does BPS Pro have wp-content .htaccess (5 posts)

  1. Young Master
    Member
    Posted 1 year ago #

    I just finished installing BPS Pro and noticed that BPS Pro doesnt have wp-content .htaccess file protection. Wont this cause a hacker to use wp-content to hack my website?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. Young Master
    Member
    Posted 1 year ago #

    Also I would like to to password protect my wp-admin folder. I looked into wp-admin secure .htaccess file and found the following code:

    # EXAMPLE:
    #AuthType basic
    #AuthGroupFile /dev/null
    #AuthUserFile /path/to/protected/server/directory/.htpasswd
    #AuthName "Password Protected Area"
    #require user Zippy
    #require valid-user

    Is this where am supposed to ad my cpanel password protect directory codes for wp-admin? If yes then all I need is to replace the above code with my password protect code. Am i right?

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Please post any future BPS Pro questions in the BPS Pro Forum website here: http://forum.ait-pro.com/

    Hackers target the /wp-content/plugins folder and the /wp-content/uploads folder and do not target the wp-content folder itself in general.

    BPS Pro has the Plugin Firewall, which creates a true Firewall for the /wp-content/plugins folder. BPS Pro stores autorestore, quarantine and other sensitive files in this deny all .htaccess protected folder - /wp-content/bps-backup. The /wp-content/uploads folder is protected by the BPS Pro Uploads Anti-Exploit Guard.

    Password protecting the wp-admin folder is really not necessary. The primary reason for this is that the wp-admin folder already has password protection. When you login to your WordPress website you are authenticating/logging into the wp-admin folder area/WP Dashboard.

    If you would still like to add an additional login to your wp-admin folder then this means that visitors to your website will not be able to register to your website unless you give them the Directory Protection username and password for your wp-admin folder.

    wp-admin Directory Password Protection Steps

    1. Go to BPS Pro B-Core Security Modes page, click on the Delete wp-admin htaccess File radio button and click the Activate button to delete the wp-admin .htaccess file.

    2. In cPanel - setup Directory Password Protection for the wp-admin folder.

    3. Go to the BPS Pro B-Core Edit/Upload/Download tab page, click on "Your Current wp-admin htaccess File" tab, copy all of the .htaccess code in the window and go to the BPS Pro Custom Code tab page. Paste your cPanel Directory Password Protection .htaccess code to wp-admin htaccess File Custom Code - CUSTOM CODE WPADMIN TOP: Add miscellaneous custom code here text box and click the Save wp-admin Custom Code button.

    4. Go to B-Core Security Modes page and activate wp-admin BulletProof Mode again.

    You should now have a wp-admin .htaccess file that has both the standard BPS Pro security .htaccess code and also the cPanel Directory Password Protection code combined. You can check this by going to the B-Core Edit/Upload/Download page and looking at the "Your Current wp-admin htaccess File" tab page.

  4. Young Master
    Member
    Posted 1 year ago #

    Thank you for your marvelous explanation. I guess I dont need to put password protection on wp-admin since my site has got registration page. I still have more questions about this plugin but I will post them on the forum as you suggested. Thanks again.

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Great! What has happened in the past and continues to happen is that folks who have the regular BPS version get confused and ask where to find this or that in BPS and I then have to tell them that that feature is in the Pro version. ;)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.