WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Installed while site had "issues" - need to setup again? (3 posts)

  1. KristenSRTS
    Member
    Posted 1 year ago #

    Hi,

    Maybe this is a dumb question, but I don't know enough about how BPS works or how sites get hacked to figure out the answer myself. If I installed and set up the BulletProof Security plugin while there were security issues on my site, do I need to "reset" it (for lack of a better term)?

    I installed both BPS and Wordfence on the same day, but wasn't able to run a Wordfence scan right away. A few days later, when I was able to scan the site, it found two backdoor access points and a modified file. Our site was recently completely replaced, and I think these were old errors from the previous version of our website (some of the files, in particular one theme that we'd had trouble with anyways, got carried over to the new site). I haven't found any other issues, but I'm still working on that. My concern is that I set up BPS while the site was vulnerable. Is it possible that what was set up is now vulnerable as well because of those issues, or is it separate enough that the security should be solid? Would creating and activating new Master files have any point?

    I hope that all makes sense. Thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    No you would not need to reset anything, but...
    If you are concerned about the integrity of BPS plugin files or the BPS .htaccess files then you can just do an uninstall and reinstall of the BPS plugin and delete the 2 BPS .htaccess files. BPS does all its magic with 2 .htaccess files. 1 in your website root folder and 1 in your /wp-admin folder.

    Wordfence is a good scanning plugin, but i need to warn you that scanners sometimes miss hacker's backdoor files. So maybe Wordfence found all the hackers code and maybe not. You should be prepared for the worst case scenario and that would of course be that you would need to restore your website from a known good backup or if you do not have a good backup then you would make a backup of all of your website files and your WordPress database and then you would delete your website and reinstall it clean and then only import clean files and clean database tables back to your new site.

    You will know if you need to do this by the end of a 2 week period. if your website has not be hacked again in the next 2 weeks then you are in the clear. if it gets hacked you have to do the things i mentioned above. If hacker files are on your website somewhere already then they are past the BPS website security protection and BPS can only provide some protection, but not completely block the hackers and hacker files if they already exist on your website. Thanks.

  3. KristenSRTS
    Member
    Posted 1 year ago #

    Thank you!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic