WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[closed] How is this better than WP Padlock? (15 posts)

  1. EagleArts
    Member
    Posted 1 year ago #

    How is this better than WP Padlock? I just need something quick but reliaable..even willing to pay a little for ease of use..I need something to protect my customers sites.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    WP Padlock is not a plugin. it is a report or list of security tips you would apply to your website. I did a Google search using WP Padlock and i found a classic cookie cutter one page scam looking site. The price is cheap so if you feel like checking it out then $12 bucks is not that much to lose, but that is probably what the person selling these tips is thinking and hoping for. ha ha ha.

    It is not appropriate to do sales pitches in the WordPress Forums. There is a Pro version of BPS and Googling "bps pro comparison" will display a link result to a feature comparison page.

  3. The Hack Repair Guy
    Member
    Posted 1 year ago #

    Very funny. Just about knocked over my coffee cup on reading this one. :)

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    What is even funnier is that the scammer is trying to cover all the bases to get as many sales as possible.

    Quote from the scam site below. LOL

    Sounds too good to be true?

    These types of cookie cutter sites remind me of the old snail mail scam about getting an exciting Cruise Ship job just by sending in your $$$. What they send you back for your $$$ is list of addresses where you can send your resume and application. ha ha ha.

    So maybe for your $12 bucks they send you a link to >>> http://codex.wordpress.org/Hardening_WordPress ha ha ha

  5. EagleArts
    Member
    Posted 1 year ago #

    Thanks for the answers...Just honestly trying to find the best solution. I just got word that "wordpress.org/extend/plugins/bulletproof-security/" will fail at install if you use WP-Twin or BackUp Buddy but WP Padlock will not..supposedly you have to do MANUAL intalls with bulletproof-security/ sites? What do you think.is there something better to secure WordPress sites?

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Nope wherever you heard that info it is bad information or maybe just wrong information.

    This is correct information
    Source: http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/

    There are 21,618 plugins in the WordPress Plugin Repository as of 10/4/2012 and that number grows everyday. There are probably 1,000′s of Premium WordPress Plugins available around the Internet.
    The reason this is worth pointing out is that there are only around 30-40 Plugin issues that require a simple skip/bypass rule, which is a relatively low number considering the total number of Plugins available.

    BPS is a Security Plugin – The standard WP term “Plugin Conflict” is Equal to “Actively Blocking” When “Fixing” Plugin Issues

    WP-Twin - this only applies to people who have BPS Pro
    http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#WP-Twin-Clone

    BackupBuddy - this only applies to people who have BPS Pro
    http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#BackupBuddy

  7. secconsult
    Member
    Posted 1 year ago #

    Hello EagleArts,

    I haven't heard about WP Padlock before, and from my first research I have to agree with AITpro, it does look quite dubious. I'm almost willing to pay the $$$ USD and download just to see what it really does :)

    As to BulletProof Security, it is a solid security plugin that aims at preventing certain attacks by providing a strict set of .htaccess files, which can be quite restrictive. These strict settings may interfere with some plugins and need tweaking to become compatible.

    As with all security plugins it is crucial to understand exactly what they do well and what they don't do well in order to avoid a false sense of security which can be very dangerous.

    For example BPS is good at preventing some forms of hacking attacks, but only if the attack is made over a GET request, so attacks that come over POST requests will be successful.

    You can install BPS to add additional security to your websites, but I would not rely on it as the one-stop solution that protects you from everything.

    Unfortunately, if you are looking for a plugin that keeps you protected after you install it, without any manual effort, you will be disappointed, because there is no such thing. Honestly, every plugin that claims that it provides 100% security by just installing it, should not be taken seriously.

    Most of the successful attacks against WordPress are a result of:
    1.) Insecure configuration of WordPress, the web server or PHP settings, and/or
    2.) An outdated WordPress or outdated plugins and themes that contain publicly disclosed vulnerabilities.
    For more information on point 2 see page 76 and 77 of the IBM X-Force Report.

    Our company has just released a plugin this week called MVIS Security Center that addresses both points.

    1.) It has been designed to clearly show any security problems in your website and provide you with all the information you need to eliminate the identified weaknesses.

    The plugin identifies most of the problems as described in the WordPress Security Codex and has many additional checks for your web server and PHP settings. For example it tells you if you are not using HTTPs to login to your WordPress backend or if you are use common usernames and weak passwords.

    The plugin does not automatically eliminate the identified problems for you, but it really helps you in securing your websites according to recognised security best practices, by showing you what the problems for your specific website are and how to get rid of them.
    You can use BPS to address some of the identified problems.

    2.) This is truly unique, from within the plugin you can subscribe to MVIS PROtection, which is a service that monitors your WordPress version and which plugins and themes are installed and sends alerts to your e-mail address as soon as vulnerabilities have been publicly disclosed that affect one of your installed components. This is especially good if you are responsible for more than one website, because you don't even have to login to the admin interface, but conveniently receive the alerts in your inbox and are able to take the required actions immediately.

    The plugin is free and because we are currently in the beta phase, the subscription is free for the next three months.

    Give it a try and let me know how you like it and if there is anything else you would like to see covered by it.

    Cheers,
    Stefan

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    *******************************************************************
    WARNING!!! FALSE AND INACCURATE STATEMENTS WERE MADE BY secconsult
    PLEASE DISREGARD THIS INFORMATION AS IT IS NOT VALID OR CORRECT
    ALSO THIS IS A BLATANT SALES PITCH
    *******************************************************************

    WP Moderators please nuke this entire thread as it has absolutely no value. Thank you.

    @secconsult - Very uncool. You are actually violating the WordPress rules of the road regarding posting and general Forum standards. Also you are making false statements or incorrect statements about what BPS does and how it does it either intentionally or unintentionally.

    Please only do sales pitches or sneaky tactics in your own plugin forum area and do not post them in the BPS plugin forum area.

    The idea here is to help folks and stay on task not pitch your product or services - especially not in other plugin's forum areas. It is rude, not following the WordPress rules of the road and just plain embarrassing. Plus this ends up confusing people when you spread bad information or the wrong information either intentionally or unintentionally.

    *******************************************************************
    WARNING!!! FALSE AND INACCURATE STATEMENTS WERE MADE BY secconsult
    PLEASE DISREGARD THIS INFORMATION AS IT IS NOT VALID OR CORRECT
    ALSO THIS IS A BLATANT SALES PITCH
    *******************************************************************

  9. EagleArts
    Member
    Posted 1 year ago #

    Thanks Stefan..what is it going to cost after 3 months? MVIS Security Center? Thanks

  10. EagleArts
    Member
    Posted 1 year ago #

    oops..did not know something was wrong here. sorry

  11. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    @EagleArts - This post will be deleted shortly by a WP Moderator. Please do your sales deal in private with secconsult. You are violating the WordPress Forum rules.

  12. EagleArts
    Member
    Posted 1 year ago #

    To: AITpro..so how do I protect myselt against POST hacks..or was this false info?

  13. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Most if not all of the information posted was either unintentionally or intentionally misleading and blatantly wrong. This is a very cliche sales tactic obviously.

  14. EagleArts
    Member
    Posted 1 year ago #

    OM..but not buying anything just yet, still looking at all the security options for WordPress

  15. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    BPS protects against all malicious Request Methods - POST, GET etc. Blocks malicious Query Strings and too many other attack methods to list. This thread will be nuked so i am not going to waste time on explaining BPS fully. This thread is completely TOXIC at this point.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.