Plugin Directory

BulletProof Security

WordPress Website Security Protection: Firewall Security, Login Security, Database Security... Effective, Reliable, Easy to use...


  • Submenu Name Change|Addition:
  • BPS Main Menu > UI|UX Submenu name has been changed to:
  • UI|UX|Theme Skin
  • Processing Spinner
  • WP Toolbar|SLF
  • Feature Name Change: RSK naming convention changed to Script|Style Loader Filter (SLF)
  • RSK is a bit too aggressive and is a somewhat offensive naming convention. Cool, but not cool at the same time. Script|Style Loader Filter (SLF) is a logical naming convention and is non-offensive. See the SLF Mod|Description below for additional info.
  • SLF Mod|Description:
  • In some cases, filtering other plugin and theme scripts from loading in BPS plugin pages causes the BPS plugin pages to hang severely, which means that a new issue/problem is created that is worse than the original issue/problem that SLF was designed to fix/solve. Original problem: BPS plugin pages not displaying visually correct due to other plugin or theme scripts loading in BPS plugin pages. SLF is set to Off by default. SLF has an On|Off setting under the UI|UX menu/page. See the UI Theme Skin|Processing Spinner|WP Toolbar|SLF Read Me help button for additional information.
  • Bonus Custom Code Dismiss Notice Enhancement|Improvement:
  • An additional Dismiss All Notices link|feature has been added to dismiss all Bonus Custom Code notices at the same time. Displayed message: Click the links below to get Bonus Custom Code or click the Dismiss Notice links or click this Dismiss All Notices link. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the Security Status page.
  • BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
  • Cosmetic: Undefined index PHP error suppressed for ISL and ACE User Role checkboxes when WP_DEBUG is turned On.


  • New Menu|Page: Idle Session Logout|Auth Cookie Expiration
  • New Feature: Idle Session Logout (ISL)
  • ISL|ACE Forum Topic: Automatically logout idle/inactive Users. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. Option Settings: Turn On|Off, Idle Session Logout Time in Minutes, Idle Session Logout Page URL, User Account Exceptions, Enable|Disable Idle Session Logouts For These User Roles: Administrator, Editor, Author, Contributor, Subscriber and Enable|Disable Idle Session Logouts For TinyMCE Editors. Click the Idle Session Logout|Auth Cookie Expiration Read Me help button for full details.
  • New Feature: Auth Cookie Expiration (ACE)
  • ISL|ACE Forum Topic: Change the WordPress Authentication Cookie Expiration time. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. You can change the WordPress Authentication Cookie Expiration time to whatever expiration time setting that you choose. Option Settings: Turn On|Off, Auth Cookie Expiration Time in Minutes, Remember Me Auth Cookie Expiration Time in Minutes, User Account Exceptions, Enable|Disable Auth Cookie Expiration Time For These User Roles: Administrator, Editor, Author, Contributor, Subscriber. Click the Idle Session Logout|Auth Cookie Expiration Read Me help button for full details.
  • New Feature & Root htaccess File Addition: 410 ErrorDocument root htaccess code and template logging file
  • 410 Gone Usage Info: A 410.php template logging file has been created to handle 410 Gone Requests. 410 Gone Requests are logged in the BPS Security Log file. See the 410 Gone Usage Info link above for full details on usage.
  • BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
  • jQuery Custom Classes added to all BPS jQuery code.
  • CSS and js file name changes: -ui- used in naming convention.
  • jQuery UI Dialog Read Me Help button hide effect changed from explode to blind.


  • Login Security & Monitoring Automated Email Alert Enhancement|Improvement:
  • Special Thanks to: mewkazoid for pointing out this useful improvement to BPS Login Security & Monitoring automated email alerts.
  • The Login Security & Monitoring Automated Email Alert now contains additional help information about what to do if your User Account is being repeatedly locked.
  • Brute Force Attack General Info: Automated Brute Force Login attacks by spambots and hackerbots are a regular and ongoing type of website attack. The volume and frequency of Brute Force Login attacks are steadily increasing and will continue to increase. Brute Force attacks make up somewhere in the neighborhood of 85 percent (probably more like 90 percent to 95 percent) of the total of all types of ongoing website attacks these days. BPS Login Security & Monitoring protects the WordPress Login page from Brute Force attacks, but if your username is publicly known/displayed or can be harvested by automated bots then your user account may get locked very frequently. Check the BPS plugin Whats New page for some additional things you can do to prevent your user account from being locked repeatedly.
  • BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
  • BugFix: File Permissions cache issue: Root htaccess file not being re-locked when AutoLock is turned On. Special Thanks to: Mike Harrison for reporting this bug.


  • Summary Only: See the BPS plugin Whats New tab page for full descriptions and details
  • New Feature: Setup Wizard
  • The BPS plugin can be setup with literally only 1 click now on the new Setup Wizard page. Setup Wizard Pre-Installation Checks are automatically performed and displayed on the Setup Wizard page. You can re-run the Setup Wizard again at any time.
  • New Feature: jQuery UI Dialog Form BPS Uninstall Options
  • An Uninstall Options link has been created on the WordPress Plugins page under the BulletProof Security plugin. Clicking the Uninstall Options link loads a jQuery UI Dialog Form with 2 uninstall options: BPS Pro Upgrade Uninstall option - If you are upgrading to BPS Pro, select the BPS Pro Upgrade Uninstall option and click the Save Option button or just click the Close button below and do a normal plugin uninstall. Complete BPS Plugin Uninstall option - If you want to completely delete the BPS plugin, all files, Custom Code and BPS database settings, select the Complete BPS Plugin Uninstall option and click the Save Option button.
  • New Option: Login Security Attempts Remaining option and Core Functionality Improvements
  • New Option Attempts Remaining: You can choose to display a "Login Attempts Remaining X" message when an incorrect password is entered. This new option is enabled by default during BPS upgrades and new installations.
  • Core Functionality Improvements: When a User Account is locked out and previous User Account logins were logged|stored in the DB, those previously logged logins and data for those DB Rows is not changed|updated and instead a new DB Row is inserted. This allows for better chronological login tracking and monitoring. Affects both Logging Options - Log All Account Logins and Log Only Account Lockouts options and allows for switching between these Logging Options without affecting functionality or causing issues/problems.
  • New Bonus Custom Code|Bonus Custom Code Dismiss Notice function Consolidation
  • Bonus Custom Code Dismiss Notice Consolidation: Combined|consolidated all Bonus Custom Code Notices into 1 Bonus Custom Code Notice function with 1 displayed Notice message instead of having several different displayed Notices. Each Bonus Custom Code contains a link to the Bonus Custom Code and a Dismiss Notice link.
  • Referer Spammers|Phishing Protection
  • Mime Sniffing, Data Sniffing, Content Sniffing, Drive-by Download Attack Protection
  • External iFrame and Clickjacking Protection
  • BugFi

Requires: 3.0 or higher
Compatible up to: 4.2.4
Last Updated: 2015-7-17
Active Installs: 100,000+


4.8 out of 5 stars


32 of 34 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

86,7,6 100,3,3 100,11,11 100,1,1 100,4,4 92,13,12
100,1,1 100,1,1
100,4,4 100,2,2 67,3,2 63,8,5 100,2,2
100,1,1 75,4,3 100,1,1
100,2,2 100,1,1 100,1,1
100,3,3 90,10,9 100,2,2
100,3,3 100,1,1
100,2,2 100,9,9 100,5,5 100,6,6
89,9,8 100,1,1
83,6,5 95,20,19 100,12,12 100,1,1 100,2,2 100,1,1
100,6,6 86,7,6 100,1,1
67,6,4 83,6,5 89,27,24 100,2,2 100,1,1
100,3,3 93,15,14 78,18,14 100,4,4 100,1,1 100,1,1
0,1,0 100,14,14 100,2,2
100,7,7 67,3,2 90,10,9 100,5,5 88,8,7 100,2,2 100,1,1 100,2,2 100,4,4 100,2,2 100,1,1 100,1,1
100,1,1 50,2,1
100,7,7 100,1,1
100,4,4 100,3,3 100,2,2 100,1,1 100,2,2 100,1,1
100,1,1 100,2,2 100,1,1 100,2,2
100,1,1 100,2,2 100,3,3 100,2,2
100,4,4 0,1,0 100,4,4
100,1,1 100,1,1
100,2,2 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1
100,2,2 75,4,3
100,2,2 100,2,2 100,2,2