WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] Plugin interactions - Bulletproof Security & Better WordPress Security (20 posts)

  1. kmexpert
    Member
    Posted 1 year ago #

    Hi Everyone,
    I'm using Better WP Security with Bulletproof Security and they seem to overlap. Bullet Proof Security scatters .htaccess files all over the WordPress core files etc, but doesn't deal with other aspects of security - login, backup, file permissions, and all the good things that BWPS does.
    What I'd like to understand is whether I'm better off using BWPs on its own - does it provide the protection to .htaccess that Bullet Proof Security does or am i destined to have a dashboard of blue (not green) ink ? I am nervous about having both plugins changing .htaccess !

    This may be a question, that only the plugin author can answer !
    BWs
    James

    http://wordpress.org/extend/plugins/better-wp-security/

  2. AITpro
    Member
    Posted 1 year ago #

    There is only one area where BPS and Better WP Security slightly overlap. Server Tweaks in Better WP Security uses a very simple bit of .htaccess code where BPS actually uses much more advanced and sophisticated .htaccess code.

    And that is actually where these 2 plugins primarily differ. BPS is primarily an .htaccess security based plugin that focuses on advanced .htaccess security protection whereas Better WP Security is doing other things and does use a little bit of .htaccess code here and there. Mostly it appears that Better WP Security is disabling WordPress features that some would consider risky to have enabled and of course Better WP Security has some additional features that the free version of BPS does not have.

    Bullet Proof Security scatters .htaccess files all over the WordPress core files

    This statement you made above is incorrect. BPS ONLY creates 2 .htaccess files - 1 in the website Root folder and 1 in the wp-admin folder.

    You can use these 2 plugins together without any problems as long as you do not use the Server Tweaks settings in Better WP Security. BPS already does this and in a much more comprehensive and advanced way since BPS is primarily an .htaccess based security plugin. BPS does things that Better WP Security does not do and visa versa so probably having both plugins is the best solution to cover all bases.

  3. leejosepho
    Member
    Posted 1 year ago #

    You can use these 2 plugins together without any problems as long as you do not use the Server Tweaks settings in Better WP Security. BPS already does this and in a much more comprehensive and advanced way since BPS is primarily an .htaccess based security plugin. BPS does things that Better WP Security does not do and visa versa so probably having both plugins is the best solution to cover all bases.

    Many thanks! I had just been working to get things set before adding BPS, and you have confirmed what I had been hoping.

    @kmexpert: The FAQs for Better WP Security showed me about going into .htaccess and deleting its entries.

  4. kmexpert
    Member
    Posted 1 year ago #

    Thanks AITpro and leejosepho,

    That is reassuring to know and I shall leave the "server tweaks" alone.
    I'm sorry if my flippant use of the term "scatters" offended anyone ! I have also added Login Lockdown to the mix, because you can never take anything for granted can you ?

    BWs
    James

  5. leejosepho
    Member
    Posted 1 year ago #

    What I'd like to understand is whether I'm better off using BWPs on its own...

    Update: That is actually what I ended up doing, but I cannot now remember where I had read something somewhere about BulletProof and WordPress 3.5 not being well-suited for each other. However, I do know (from at least my own experience) you can either tell BulletProof to restore the default files or else just do that manually (FTP, like I did) and then BulletProof will be back at Step One...and you can decide from there.

  6. AITpro
    Member
    Posted 1 year ago #

    @kmexpert - nope did not offend me, but I wanted to get the facts on the page. I try to catch these ASAP and get facts on the page otherwise these things snowball. ;)

    A perfect example is what leejosepho is saying. LOL

    I cannot now remember where I had read something somewhere about BulletProof and WordPress 3.5 not being well-suited for each other.

    @leejosepho - Just want to get facts on the page so that anyone who sees this thread will not think there is a conflict/issue/problem with BPS and WP 3.5. What happened was WP 3.5 made a significant change to jQuery and we got caught off guard and had to scramble to get a new version of BPS out ASAP. BPS .47.7 was released in 4 hours after the WP 3.5 release and the one jQuery issue was fixed. No issues/problems exist between WP 3.5 and BPS .47.7.

  7. leejosepho
    Member
    Posted 1 year ago #

    Cool beans, AITpro, and BPS had not actually caused me any trouble. As a rookie, I was doing my own stumbling around and BPS actually bailed me out at least once!

    Good Plugin.

  8. AITpro
    Member
    Posted 1 year ago #

    Cool! :)

  9. dslyoga
    Member
    Posted 1 year ago #

    Hello! It was good to find this thread, linked to by the creator of Better WP Security. I have a few questions, though. And maybe the answer is to upgrade to Pro version of BPS? ... But I was reading the Pro page last night at AITpro website, and frankly, I could not understand nearly ANY of the pro features. So if I cannot even understand them, do I really need them?

    Anyway, I had already set up BWPS. Then last night, I ran into Bulletproof Security, I checked around, came here, then went back to my Dashboard. I UN-checked all Server Tweaks at BWPS. I then set up and ran Bulletproof. Everything was running well.

    Then, I ran Ultimate Security Checker (USC) today, and saw these messages:

    Your server shows the PHP version in response.
    Your server shows too much information about installed software.
    <END QUOTE>

    So, I went back to BWPS and looked at all those orange and blue items (I had all but two of them green before experimenting with BPS) which REALLY bothers me, because it makes me think things are not as secure as they could be. And I'm only at 96 out of 115 points with USC, which maybe that's pretty good. (Some of that is from what they way is suspicious code, but they are Aweber Auto-responder scripts, and are not a problem, I hope. ... It's nice that they actually show you the potentially bad code, though.)

    So, taking a BIG risk, I tried checking one of the server tweaks in BWPS to hide the header stuff. I logged out and back in, back out again and then checked some front end pages, and everything seems to work fine. But I chickened out and more tweaks. And I did UN-check the one tweak I had experimented with.

    So, here's my Question, if BWPS is showing vulnerabilities, and USC shows a few, but BWPS appears in it's Dashboard to have a fix for it, what's the solution? Is BPS handling those things, but neither BWPS nor USC cannot see the modifications?

    How risky is it for me to try, one at at time to check the boxes in Server Tweaks and test it all out? (BWPS tells you which tweaks don't seem to play well with others.)

    Bottom Line, is it seems that if I can check a few of the System Tweaks in BWPS, and keep BPS running, I have a pretty good set up??? ... And I've already donated twice to BWPS, and will be happy to do so here.

    Thank You Very Much & Thanks for Reading,
    David Scott Lynn

  10. AITpro
    Member
    Posted 1 year ago #

    Here is the simple answer - BPS is an .htaccess plugin that primarily focuses on .htaccess security. BPS already does what the BWPS Server Tweaks option does, but just a whole lot more of it and in a much more sophisticated and comprehensive way since BPS is primarily an .htaccess security plugin. So using the BWPS Server Tweaks option would not add any more security than BPS is already doing in that particular area and would only add less comprehensive redundant .htaccess code. Hope that clears it up for you.

  11. BULLSH.com
    Member
    Posted 1 year ago #

    This Thread is a VERY Good Read and quite informational. Glad I found it.

    Now, let's throw in a THIRD plugin that is gaining a lot of traction: OSE Firewall.

    My question is between the aforementioned plugins, BPS and BWPS, is there any overlap or duplication of effort/resources/overhead/etc. if OSE Firewall is also installed? Or is it minimal and adding the OSE Firewall plugin would add another beneficial layer of protection and security?

    Would like to hear thoughts and experiences from others, especially AITpro! lol

    Chris

  12. AITpro
    Member
    Posted 1 year ago #

    Actually I believe the info I posted is no longer correct and pertained only to older versions of BWPS. From what folks are telling me BWPS has 2 different pages/areas now. A Server Tweaks page/area and a htaccess page/area. And it sounds like things have been moved around/split up/reorganized so I have no idea what is what now with BWPS these days. I have scheduled retesting of BWPS for May or June of this year.

    So to answer all of your questions in one shot - I no longer have the time to look at or test other plugins. First priority is to fix any direct conflicts with BPS ASAP so I only look at the error/conflict itself and not the actual plugins anymore. Never even heard of OSE Firewall so can't offer anything there. ;)

    I guess what you could do is install the P3 Profiler plugin to check resource usage?

  13. Trian3
    Member
    Posted 1 year ago #

    AITPro...

    In one of your posts above, you recommend disabling the "Server Tweaks" feature in BWPS. I don't actually see a Server Tweaks section, but there is one named System Tweaks which contains 19 (just counted) different items you can enable/disable, 12 of which contain warnings about possible conflicts with other plugins. In your experience, is it just those 12 options which need to be disabled or does BPS make that entire section unnecessary?

    Thanks,

    Trian3

  14. AITpro
    Member
    Posted 1 year ago #

    I have no idea what the current version of Better WP Security is doing anymore. I have scheduled retesting in May or June. Thanks.

  15. Trian3
    Member
    Posted 1 year ago #

    It appears I was using an outdated version of BWPS. For an, as of yet, unknown reason, I was unable to update directly from my site. I had to uninstall/reinstall. Upon doing so, I discovered that there now exists a Server Tweaks section that appears at the top of the Tweaks tab.

    Apologies for the confusion.

    Trian3

  16. NightZambri
    Member
    Posted 1 year ago #

    Hello everyonye,

    I have been using Bulletproof since november 2012 and was rally happy with it, even thinking to upgrade to pro version.

    But I have had this issue since yesterday and I am going to tell the full story, just in case there can be some useful information:

    Yesterday a section of our site, was blacklisted by google. http://www.inforc.net/foro/forum was our forum and it suddenly got blacklisted, so visitors received a big red screen. After contacting the server company, they told us their "sub domain" http://www.xxxxxxx.mialojamiento.es, was getting blacklist red screen and maybe our forum had some redirection to that subdomain.

    They were right, there were some redirections from our SMF forum to that sub-domain, so we just changed http://www.xxxxxxxxx.mialojamiento.es and placed instead http://www.inforc.net/..... and then everything worked fine again in the forum.

    And now a different story, but I tell both of them because are maybe related.

    Meanwhile, our main page (wordpress) http://www.inforc.net was working without issues but then since yesterday at 4am it started sending a server error when trying to access it:

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    This was affecting the two websites hosted in that server, being different domains. Then I contacted back the server administrator and told me:

    inforc.net is having problems because of the .httacess, the other website in the server we don't know why is it having problems.

    So I changed the name to BPS's htaccess and everything worked fine again in inforc.net AND IN THE OTHER SITE!! BPS's httaccess was affecting both sites. Tried creating with BPS different httaccess files, normal, security...but them all made the server crash and only worked every 3 o 10 attempts.

    As we have many daily visits, I decided to uninstall BPS and install BWPS and it works quite nice, and its easy to use...but I would love to have BPS installed and working again, httaccess makes me feel more secure.

    Could you give me a hand?

    Thanks and regards, sorry for such a long text.

  17. NightZambri
    Member
    Posted 1 year ago #

    I have to add, we changed NOTHING in the website or server and BPS's htaccess was the same as always.

  18. AITpro
    Member
    Posted 1 year ago #

    Please post BPS questions in the BPS plugin forum: http://wordpress.org/support/plugin/bulletproof-security. Thanks.

  19. AITpro
    Member
    Posted 1 year ago #

    oops never mind I see you already did that. Thanks.

  20. NightZambri
    Member
    Posted 1 year ago #

    See you there then :D

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic