WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Feature suggestion: Automated backups (4 posts)

  1. Daedalon
    Member
    Posted 3 years ago #

    Thanks for the great plugin. Here's a suggestion for saving time for BPS users and to make the installation and setup be more simple: Automated backups of .htaccess files.

    It can be done in several exact ways. Here's one:

    1. When BPS is installed, it makes backups of all .htaccess files automatically.
    2. When any .htaccess file is changed, BPS makes a backup of it automatically.
    3. The backups don't overwrite each other; instead, they are timestamped and file names are chosen for clarity. All of them can be seen in a list, and any of them can be selected for recovery.
    4. Expert users who would change their .htaccess files a lot could end up with lots of backup files. To overcome that rare case, an option for deleting selected backup files can be added.

    The aim is that the user never really has to backup .htaccess files automatically. The only manual thing user needs to do with backups is to download them for storing them elsewhere, if he wants, and restoring them, when needed.

    The chmod permissions for the files in the backup would stay untouched all the time. If they worked once, they'll work any time later on, as everything about them is precisely as it used to be.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Automated backups - But that takes the fun out of having buttons to click. LOL I like the timestamp idea, but i kind of started going in another direction with the My Notes thing. You can save and store anything you want with that new addition. The htmlspecialchars function is used so that data is safely stored to your DB. The other thing is that I prefer to do everything on the fly. Since you are working with an editor you can just copy and paste whatever you want directly from your site in the file editor to your computer. ;) The whole backup thing is kind of archaic, but some people prefer different working methods or like to work in different ways so i guess having one of everything is ok? One thing i have been very careful about not going overboard on is automation. Some people want everything automated, but i prefer full manual control. So if i did add more automated things i would still maintain the manual control aspects of BPS. Thanks for all your excellent suggestions. :)

  3. Daedalon
    Member
    Posted 3 years ago #

    I agree with your philosophy: even while making everything seamlessly automatic, maintain the possibility to do it manually. Deprecate functions only if at some point a certain one is not useful anymore.

    Personally I like everything as convenient as possible. If software requires me to do something manually, I feel that there needs to be a compelling reason for that. Like WordPress installation asking me the name of my blog, which it can't guess :) If there's no compelling need for a manual step, ie. it could be done automatically, I feel that it should.

    I've also thought about how BPS deployment could be more automatic. In any case it would follow basically the same idea as the automatic backup: simplify the steps as much as possible. If the functions of two clicks can be bundled into one, bundle. If an option is practically never used, remove it. If it is used but in a different context, double check if it would be more logical out of the way. For example if deploying default .htaccess files instead of the secure ones is mostly used when uninstalling BPS, the install and setup procedure is most clear and goes smoothest when this options isn't shown as a viable alternative for deploying the safe ones.

    The installation system is created with manual possibilities strongly in mind, and I agree with keeping them. However, I would put them a bit aside, as I suspect that something like 90 % of the users look for one-click-security. I imagine the future installation instructions of a secure WordPress to be:

    1. Install WordPress
    2. Install BPS
    3. Activate BPS
    4. In BPS settings, click Deploy Secure .htaccess Files
    Alternative 4: Click Edit .htaccess Files and after creating your own, click Deploy

    Here the default user clicks only once. In comparison, currently the steps are:

    4. Create backups of main .htaccess files
    5. Create backups of BPS .htaccess files
    6. Click to create secure .htaccess files (a separate step from deploying them)
    7. Click twice to deploy one of them (select BPS radiobutton instead of Default, then click Activate)
    8. Click twice to deploy the second one of them (same as above)
    9. Click twice deploy the third one of them (select BPS radiobutton, even while there are no alternatives, then click Activate)
    10. Click twice deploy the fourth one of them (same as above)
    11. Create backups of main .htaccess files
    12. Create backups of BPS .htaccess files

    These 9 steps of default setup include 16 clicks, 3 of them for switching tabs, 4 for creating backups, 1 for creating .htaccess files and 8 for deploying them. Automated backups would remove 7 of them and one-click-deployment would remove 7 more.

    Both automations will increase clarity of setup as well as convenience, and the one-click-deployment even more so. This is because deployment requires currently a bit more thinking before the user understands that the above steps are what he typically wants.

    There's an acronym for this, something like Convenience Over Configuration, but I prefer to use a full sentence to spell out the idea: "If something is the most popular option, make that as convenient as possible." It's like going to a Finnish McDonald's, where you can customize every burger you want, to have a rye bun instead of the wheat one, and so forth. You can, if you want, but because most don't, the employees don't bother you by telling about the option during a normal buying procedure.

    Thanks for your efforts in making BPS as good as it already is and for your continued efforts in making it always better. Hope my feedback helps you in this somehow.

  4. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Awesome feedback! Yep you make some excellent points. I have learned to be very cautious about implementing new changes. In the past when i have changed things thinking i would get rid of a particular headache i actually ended up creating 3 more. LOL What i have learned is that you actually put the new change into trials with actual users before rolling it out. Learned this the hard way of course. Right now i get very few questions about things i used to get a lot of questions about so right now i am pretty happy with the very low amount of problems that i have to address. I'm a firm believer in security over convenience, well actually security over anything and everything. LOL Convenience is huge so it is #2 next to security. One of the reasons i decided to offer one of everything at the risk of getting people confused is that over and over again in testing trials i noticed that everyone likes to work and set things up in a different way - some are linear thinkers, some are concept thinkers, some are just plain clicking freaks LOL, etc etc etc. So i was actually considering taking BPS to another level where right at the front door you get to pick how you want BPS to be displayed to you and your options - Totally automatic, totally manual or maybe a bit of both. I've been pondering this for a while now and after your excellent suggestions a couple of those ponderings have become visually much clearer in my mind. Much thanks! :)
    Possibility in the future
    When you first launch BPS you get a choice:
    BPS Easy Mode - completely one click and you never see anything
    BPS Manual Mode - complete manual control and see everything
    BPS Advanced Mode - the current features and include even more advanced options

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic