WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Does this plugin really secure my website? (8 posts)

  1. Young Master
    Member
    Posted 1 year ago #

    The description of this plugin explains that this plugin protects against website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. Someone to successfully injects base64 codes into my website. Can you explain how does that happen of this plugin really protects against base64 injection?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    The only way that would possible is if your site was already hacked. Usually Code Injection is done after a hacker already controls your site. Code Injection is done with Shell Scripts or other custom hacker scripts.

    Here is a typical example:
    A hacker cracks your WordPress password or your FTP password. They then upload several payload scripts. Typically a Shell hacker script and several hidden backdoor hacker scripts in case you find the Shell script. Once the Shell script is uploaded the hacker then uses that Shell script to inject code into your files.

    In summary Code Injection is usually done after your website has already been successfully hacked.

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Also the code could have been added another way. Through an exploit or vulnerability in some code you have on your site either in a plugin, theme or custom script. The hacker could simply exploit that coding flaw and use it to add his code, which would technically not be code injection, but simply an exploitation of a flawed code on your website.

    BPS is designed to protect against a direct attack, but if you have some coding on your website that allows something that it should not be allowing then this is called an exploit or vulnerability. The hack is done by exploiting the existing flawed code. This would not be a direct attack so there would be nothing indicating a hack was taking place therefore nothing to trigger BPS to block it.

    BPS has blocked over 800,000+ hacking attempts on the AITpro websites in the last 3 years so BPS seems to be working pretty well. ;)

  4. Young Master
    Member
    Posted 1 year ago #

    Thank you for your explanations. I do understand now. And why your plugin doesnt provide .htaccess protection on wp-contents? I have found so many plugins code modified. I think you should consider putting this in your plugin

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    The Pro version does have this already - Plugin Firewall - but this is too complex to add to the free version. I already have my hands full with supporting the Pro version. ;)

  6. Young Master
    Member
    Posted 1 year ago #

    If I put my own .htaccess on wp-content will it cause interference with bullet proof security? I want to put my temporary .htaccess on wp-content while am planning to buy BPS Pro.

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yes, you can of course add your own .htaccess file to the wp-content folder. The tricky part is making sure that all of your plugins and other things in the wp-content folder still work correctly. In order to do this correctly without interfering with other things we had to create several whitelisting tools and automate the Plugin Firewall IP Address updating so that it automatically adds your new IP Address each time it changes. You can of course just do this manually.

  8. Young Master
    Member
    Posted 1 year ago #

    Thank you for your wonderful explanation.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.