WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Does BulletProof provide complete security protection? (18 posts)

  1. christopheran
    Member
    Posted 1 year ago #

    Hi,

    I'm looking at different firewall solutions and ran across BP here.

    Is this a pretty complete firewall protection plugin or do I need to add other plugins, such as something for brute force attacks, as well?

    Any other security related plugins that you would suggest adding on with it?

    Other things I do are move the wp-config.php up a level, require https on the backend, and run wp firewall 2 (though that is outdated and I am looking for a replacement.

    Thanks -

    PS: just downloaded it and it won't activate....

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. christopheran
    Member
    Posted 1 year ago #

    I click on 'activate' and the message I get from wp at the top of the plugins page says 'Plugin activated' but the 'activate' not 'deactivate' link still shows for the plugin and I don't see any settings.

  3. christopheran
    Member
    Posted 1 year ago #

    I think my server meets the requirements, here's a temporary link to my phpinfo: http://shoutkey.com/furor

  4. leejosepho
    Member
    Posted 1 year ago #

    Alongside BulletProof, Wordfence Security does for me the things you are asking about:
    http://wordpress.org/extend/plugins/kwayy-html-sitemap/

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep, your Server appears to be compatible. Did you rename the zip file to something other than bulletproof-security.zip or was it already named bulletproof-security.zip? You can unzip the zip file on your computer and upload the entire bulletproof-security plugin folder to your /plugins folder.

    I recommend using an anti-spam CAPTCHA plugin and a login protection plugin, but you can install as many other security plugins as you want of course.

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    If you do not have at least 256M of server memory then I would be very cautious about installing Wordfence or just don't turn on some of the features that use a lot of memory. ;)

  7. christopheran
    Member
    Posted 1 year ago #

    No unzipping required, I downloaded it through the plugin page.

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Well then maybe your Server is not compatible. No one has ever had this problem before so the only thing I can think of is to deactivate all of your plugins and then try and activate BPS.

  9. leejosepho
    Member
    Posted 1 year ago #

    I click on 'activate' and the message I get from wp at the top of the plugins page says 'Plugin activated' but the 'activate' not 'deactivate' link still shows for the plugin and I don't see any settings.

    I think you have the plugin activated, but you have yet to "activate" the actual security. Is the message you are talking about bright yellow?

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    If you are still seeing the Activate link then the plugin is not activated. You should see the Deactivate link when a plugin is activated.

  11. christopheran
    Member
    Posted 1 year ago #

    Yeh, just the regular activate link is showing - I will deactivate the other plugins and see if that changes anything, then report back,

    Chris

  12. christopheran
    Member
    Posted 1 year ago #

    Thank you both.

    Ends up the activation issue was not related to BP. When I went to deactivate some of my current plugins I found I couldn't do that either, they just stayed activated....

    Ends up, after some investigation, I found there was a damaged table in the mysql db. PHPMyAdmin fixed it and then I was able to activate it ok.

    Going through now and setting it up.

    Thank you both for the feedback about other security programs as well.

  13. christopheran
    Member
    Posted 1 year ago #

    Ugh, been battling file permission errors. Had to change a lot of them to 666 and create some directories.

    Still I get:

    ----------
    Cannot write to the secure.htaccess file. Minimum file permission required is 600.
    Cannot write to the default.htaccess file. Minimum file permission required is 600.
    Cannot write to the maintenance.htaccess file. Minimum file permission required is 600.
    Cannot write to the wpadmin-secure.htaccess file. Minimum file permission required is 600.
    ------------

    even though they are named correctly and now set to 777, can't grant more than that :)

    I've got about 8 sites to secure, this is going to take some time if I am going to set this plugin up on each one. Am I doing something wrong or is this normal?

    Chris

  14. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Most folks have CGI configured Servers 99% and obviously you have a DSO configured Server so unfortunately you have to jump through hoops that other folks do not have to do. At some point I will figure out how to compensate for DSO configured Servers and have this process completely automated like it is for CGI folks/99%.

  15. christopheran
    Member
    Posted 1 year ago #

    Ah, is that what it is... I am unfamiliar with DSO, but am reading up on it now,

    Thank you

  16. christopheran
    Member
    Posted 1 year ago #

    Though phpinfo reports: Server API CGI/FastCGI

    Am I still using DSO?

    Thanks, I know we got way off track here, appreciate the info -

  17. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I assumed you had a DSO configured Server since you have to change file permssions to 666/777, but if you have CGI then the issue is file and folder Ownership. Whatever your Server configuration is it is definitely not suPHP. ;)

    http://boomshadow.net/tech/php-handlers/

    Special Note for WordPress Users
    If you are using WordPress to run your site, please consider the following:

    Functions that require uploading files to the server (such as Auto-updates or Plug-in/Theme installation) will NOT work unless PHP is loaded as a CGI module. This means they will ONLY work with suPHP or FastCGI. This will ensure they are uploaded with the correct ownership & permissions.

  18. christopheran
    Member
    Posted 1 year ago #

    ah, ok, found out I have FCGID.

    Apparently that is the default PHP Execution Mode with Virtualmin.

    'course, I don't know much about that, but I am looking it up. The folks on the Virtualmin forum say "FCGID is quite similar to FastCGI in function"

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.