Plugin Directory

BulletProof Security

WordPress Website Security Protection: Firewall Security, Login Security, Database Security... Effective, Reliable, Easy to use...


  • New Menu|Page: Idle Session Logout|Auth Cookie Expiration
  • New Feature: Idle Session Logout (ISL)
  • ISL|ACE Forum Topic: Automatically logout idle/inactive Users. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. Option Settings: Turn On|Off, Idle Session Logout Time in Minutes, Idle Session Logout Page URL, User Account Exceptions, Enable|Disable Idle Session Logouts For These User Roles: Administrator, Editor, Author, Contributor, Subscriber and Enable|Disable Idle Session Logouts For TinyMCE Editors. Click the Idle Session Logout|Auth Cookie Expiration Read Me help button for full details.
  • New Feature: Auth Cookie Expiration (ACE)
  • ISL|ACE Forum Topic: Change the WordPress Authentication Cookie Expiration time. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. You can change the WordPress Authentication Cookie Expiration time to whatever expiration time setting that you choose. Option Settings: Turn On|Off, Auth Cookie Expiration Time in Minutes, Remember Me Auth Cookie Expiration Time in Minutes, User Account Exceptions, Enable|Disable Auth Cookie Expiration Time For These User Roles: Administrator, Editor, Author, Contributor, Subscriber. Click the Idle Session Logout|Auth Cookie Expiration Read Me help button for full details.
  • New Feature & Root htaccess File Addition: 410 ErrorDocument root htaccess code and template logging file
  • 410 Gone Usage Info: A 410.php template logging file has been created to handle 410 Gone Requests. 410 Gone Requests are logged in the BPS Security Log file. See the 410 Gone Usage Info link above for full details on usage.
  • New Core Enhancement|Improvement: Rogue Script Killer
  • Roque Script Killer Info: Additional filters added to kill/null Roque scripts and styles in other plugins and themes from loading in BPS plugin pages and breaking BPS plugin js and css scripts. Nulls/Kills Rogue Scripts from loading in BPS plugin pages. Nulls/Kills Rogue Styles from loading in BPS plugin pages. Note: If you are seeing 404 errors in your Security log like this: jquery-ui.piklist.css-roque-script-nulled then see the link above for how to prevent these 404 errors from being logged in your Security Log.
  • BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
  • jQuery Custom Classes added to all BPS jQuery code.
  • CSS and js file name changes: -ui- used in naming convention.
  • jQuery UI Dialog Read Me Help button hide effect changed from explode to blind.


  • Login Security & Monitoring Automated Email Alert Enhancement|Improvement:
  • Special Thanks to: mewkazoid for pointing out this useful improvement to BPS Login Security & Monitoring automated email alerts.
  • The Login Security & Monitoring Automated Email Alert now contains additional help information about what to do if your User Account is being repeatedly locked.
  • Brute Force Attack General Info: Automated Brute Force Login attacks by spambots and hackerbots are a regular and ongoing type of website attack. The volume and frequency of Brute Force Login attacks are steadily increasing and will continue to increase. Brute Force attacks make up somewhere in the neighborhood of 85 percent (probably more like 90 percent to 95 percent) of the total of all types of ongoing website attacks these days. BPS Login Security & Monitoring protects the WordPress Login page from Brute Force attacks, but if your username is publicly known/displayed or can be harvested by automated bots then your user account may get locked very frequently. Check the BPS plugin Whats New page for some additional things you can do to prevent your user account from being locked repeatedly.
  • BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
  • BugFix: File Permissions cache issue: Root htaccess file not being re-locked when AutoLock is turned On. Special Thanks to: Mike Harrison for reporting this bug.


  • Summary Only: See the BPS plugin Whats New tab page for full descriptions and details
  • New Feature: Setup Wizard
  • The BPS plugin can be setup with literally only 1 click now on the new Setup Wizard page. Setup Wizard Pre-Installation Checks are automatically performed and displayed on the Setup Wizard page. You can re-run the Setup Wizard again at any time.
  • New Feature: jQuery UI Dialog Form BPS Uninstall Options
  • An Uninstall Options link has been created on the WordPress Plugins page under the BulletProof Security plugin. Clicking the Uninstall Options link loads a jQuery UI Dialog Form with 2 uninstall options: BPS Pro Upgrade Uninstall option - If you are upgrading to BPS Pro, select the BPS Pro Upgrade Uninstall option and click the Save Option button or just click the Close button below and do a normal plugin uninstall. Complete BPS Plugin Uninstall option - If you want to completely delete the BPS plugin, all files, Custom Code and BPS database settings, select the Complete BPS Plugin Uninstall option and click the Save Option button.
  • New Option: Login Security Attempts Remaining option and Core Functionality Improvements
  • New Option Attempts Remaining: You can choose to display a "Login Attempts Remaining X" message when an incorrect password is entered. This new option is enabled by default during BPS upgrades and new installations.
  • Core Functionality Improvements: When a User Account is locked out and previous User Account logins were logged|stored in the DB, those previously logged logins and data for those DB Rows is not changed|updated and instead a new DB Row is inserted. This allows for better chronological login tracking and monitoring. Affects both Logging Options - Log All Account Logins and Log Only Account Lockouts options and allows for switching between these Logging Options without affecting functionality or causing issues/problems.
  • New Bonus Custom Code|Bonus Custom Code Dismiss Notice function Consolidation
  • Bonus Custom Code Dismiss Notice Consolidation: Combined|consolidated all Bonus Custom Code Notices into 1 Bonus Custom Code Notice function with 1 displayed Notice message instead of having several different displayed Notices. Each Bonus Custom Code contains a link to the Bonus Custom Code and a Dismiss Notice link.
  • Referer Spammers|Phishing Protection
  • Mime Sniffing, Data Sniffing, Content Sniffing, Drive-by Download Attack Protection
  • External iFrame and Clickjacking Protection
  • BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
  • New BPS Setup & Overview Video tutorial created: BPS Setup

Requires: 3.0 or higher
Compatible up to: 4.2.2
Last Updated: 2015-6-24
Active Installs: 100,000+


4.8 out of 5 stars


48 of 51 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

86,7,6 100,3,3 100,11,11 100,1,1 100,4,4 92,13,12
100,1,1 100,1,1
100,4,4 100,2,2 67,3,2 63,8,5 100,2,2
100,1,1 75,4,3 100,1,1
100,2,2 100,1,1 100,1,1
100,3,3 90,10,9 100,2,2
100,3,3 100,1,1
100,2,2 100,9,9 100,5,5 100,6,6
89,9,8 100,1,1
83,6,5 95,20,19 100,12,12 100,1,1 100,2,2 100,1,1
100,6,6 86,7,6 100,1,1
67,6,4 83,6,5 89,27,24 100,2,2 100,1,1
100,3,3 93,15,14 78,18,14 100,4,4 100,1,1 100,1,1
0,1,0 100,14,14 100,2,2
100,7,7 67,3,2 90,10,9 100,5,5 88,8,7 100,2,2 100,1,1 100,2,2 100,4,4 100,2,2 100,1,1 100,1,1
100,1,1 50,2,1
100,7,7 100,1,1
100,4,4 100,3,3 100,2,2 100,1,1 100,2,2 100,1,1
100,1,1 100,2,2 100,1,1 100,2,2
100,1,1 100,2,2 100,3,3 100,2,2
100,4,4 0,1,0 100,4,4
100,1,1 100,1,1
100,2,2 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1
100,2,2 75,4,3
100,2,2 100,2,2