Plugin Directory

Test out the new Plugin Directory and let us know what you think.

BulletProof Security

Secure WordPress Website Security Protection: Firewall Security, Login Security, Database Security & Backup...

Help Info

Extensive Help Info can be found on the AIT-pro.com Forum website and by clicking the Read Me Help buttons on BulletProof Security pages themselves. The BPS Help and FAQ tab pages contain additional help links.

BulletProof Security htaccess Core (Firewalls, etc.) Features

  • Root Folder BulletProof Mode|Firewall
  • wp-admin Folder BulletProof Mode|Firewall
  • Built-in .htaccess File Editor & File Manager
  • Built-in .htaccess Backup and Restore
  • One-click .htaccess website security protection from within the WP Dashboard
  • .htaccess security protection against hacking attempts: XSS|RFI|CRLF|CSRF|Base64|Code Injection|SQL Injection
  • TimThumb Vulnerability|Exploit .htaccess security protection (Firewall)
  • .htaccess Lock|Unlock (404 Read-Only)
  • .htaccess AutoLock On|Off
  • Security|HTTP Error Logging: 400|403|404|405|410 HTTP Status Codes
  • Security Log: Add|Remove User Agents|Bots to Ignore|Not Log or Allow|Log
  • Security Log: Turn On|Turn Off|Delete Log
  • Security Log Automation: Automatically zipped, emailed and replaced based on file size
  • Automatic .htaccess file updating on BPS upgrade installation
  • New .htaccess security filters automatically added during upgrade
  • WP Dashboard Alerts|WP Dashboard Dismiss Notices
  • Anti Comment Spam .htaccess code - works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
  • Anti Comment Spambot .htaccess code - Forbid Empty Referrer Spambots
  • Author ID|User ID|Username Bot Probe Protection
  • Custom Code feature: Add|Edit|Modify|Save|Export|Import additional Bonus or personal custom .htaccess code
  • WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
  • wp-config.php and bb-config.php files protected with .htaccess security protection
  • php.ini and php5.ini files protected with .htaccess security protection
  • WordPress database errors turned off - Verification and function insurance
  • WordPress version is not displayed/not shown - WordPress version is removed
  • WP Generator Meta Tag filtered|not displayed|not shown
  • WP DB default admin username|account check
  • System Info: PHP|MySQL|OS|Server|Memory Usage|IP|SAPI|WP Filesystem API Method|DNS|Apache Modules|Directives Compatibility Checks|Max Upload|Zend Engine Version|Zend Guard|Loader|Optimizer|ionCube Loader|Suhosin|APC|eAccelerator|XCache|Varnish|cURL|Memcache|Memcached|Plugins|Versions Installed|Activated|Get Plugins List|Browser Compression|GD Library|ImageMagick|OpenSSL
  • File and Folder Permission Checking: CGI|DSO|SAPI check|display
  • Help & FAQ page: links to BPS Guide and other detailed Help & Info pages
  • Extensive jQuery Dialog Read Me Help buttons throughout the BulletProof Security plugin pages
  • HUD Success|Error message display
  • i18n Language Translation coding

BulletProof Security Hidden Plugin Folders|Files Cron (HPF)

  • A hidden or empty plugin folder is a plugin the exists in your /plugins/ folder, but is not displayed on the WordPress Plugins page. A hidden plugin can be used as a hacker backdoor to gain access to your WP Dashboard, hosting account, create user accounts, completely control your website and hosting account, etc. A non-standard WP file or modified/altered file in your /plugins/ folder can also do all of the things a hidden plugin can do.
  • Automated Cron check that checks the WordPress /plugins folder for hidden plugins or non-standard WP file
  • Displays Dashboard Alerts
  • Sends Email Alerts
  • HPF Cron Check Frequency settings: 1, 5, 10, 15, 30 or 60 minutes
  • HPF Cron On|Off: Turn the HPF Cron On or Off
  • Ignore Hidden Plugin Folders & Files: Whitelisting tool to ignore plugin folders or non-standard WP files
  • HPF is automatically setup during BPS Upgrades or when running the BPS Setup Wizard

BulletProof Security Login Security & Monitoring Features

  • Brute Force Login Security Protection
  • Log All User Account Logins or Log Only User Account Lockouts
  • Logged DB Fields: User ID|Username|Display Name|Email|Role|Login Time|Lockout Expires|IP Address|Hostname|Request URI
  • Email Alerting Options: User Account is locked out|An Administrator Logs in|An Administrator Logs in and when a User Account is locked out|Any User logs in and when a User Account is locked out|Do Not Send Email Alerts
  • Login Security Additional Options: Max Login Attempts|Automatic Lockout Time|Manual Lockout Time|Max DB Rows To Show|Turn On|Turn Off
  • Login Security Stealth Mode: Standard WP Error Messages or Generic Error Messages.
  • Login Security Attempts Remaining: Display a "Login Attempts Remaining X" message when an incorrect password is entered.
  • Login Security Stealth Mode: Enable or Disable Login Password Reset capability and links.
  • Dynamic DB Form: Lock|Unlock|Delete
  • Enhanced Search: Allows you to search all of the Login Security database rows/Fields
  • Click the Login Security Read Me help button for full descriptions of all features and options.

BulletProof Security Idle Session Logout (ISL) Features

  • Turn On|Turn Off: ISL is Turned Off by default. Select Turn On ISL to turn ISL On.
  • Idle Session Logout Time in Minutes: Time in minutes for when an idle/inactive User should be logged out of your site.
  • Idle Session Logout Page URL: Defaults to BPS ISL Logout page URL or choose to redirect logged out users to any URL that you want to redirect them to.
  • Idle Session Logout Page Login URL: Displays a clickable Login URL/link to your WP Login page or you can choose not to display a Login URL/link.
  • Idle Session Logout Exclude URLs|URIs: This option allows you to exclude any pages or posts that you do not want ISL to check/monitor.
  • Idle Session Logout Page Custom Message: Use the default BPS ISL message/text or you can create your own custom ISL message/text.
  • Idle Session Logout Page Custom CSS Style: Use the default BPS CSS Style code or enter your own custom CSS Style customizations.
  • User Account Exceptions: Disable ISL by User Account names. User Account Exceptions override the User Roles option setting.
  • Enable|Disable Idle Session Logouts For These User Roles: Enable ISL for Users by User Role: Administrator, Editor, Author, Contributor, Subscriber & Custom User Roles.
  • Enable|Disable Idle Session Logouts For TinyMCE Editors: Disable ISL for any/all pages that have a TinyMCE Editor on them.

BulletProof Security Auth Cookie Expiration (ACE) Features

  • Turn On|Turn Off: ACE is Turned Off by default. Select Turn On ACE to turn ACE On.
  • Auth Cookie Expiration Time in Minutes: Time in minutes for when a User should be logged out of your site.
  • Remember Me Auth Cookie Expiration Time in Minutes: Time in minutes for when a User should be logged out of your site when the User has checked the Remember Me checkbox.
  • Enable|Disable Remember Me Checkbox: Disable and do not display the Remember Me checkbox on your login page.
  • User Account Exceptions: Disable ACE by User Account names. User Account Exceptions override the User Roles option setting.
  • Enable|Disable Auth Cookie Expiration Time For These User Roles: Enable ACE for Users by User Role: Administrator, Editor, Author, Contributor, Subscriber & Custom User Roles.

BulletProof Security DB Backup|Database Backup Features

  • Manual or scheduled database backups
  • Scheduled backup job options: Hourly, Daily, Weekly and Monthly
  • Send scheduled backup zip file via email or just send email only
  • Selective database table backup and full database backup
  • Automatically deletion of old backup files after a certain period of time
  • Backup Jobs - Manual|Scheduled Accordion Tab
  • Displays the Description|Job Name, Delete and Run Checkboxes, Job Type, Frequency, Last Backup, Next Backup, Email Backup and Job Created table columns.
  • Backup Files - Download|Delete Accordion Tab
  • Displays the Backup Filename, Delete Checkbox, Download Links, Backup Folder, Size and Date|Time table columns.
  • Create Backup Jobs Accordion Tab
  • Displays a dynamic DB Table Name checkbox form, Description|Backup Job Name, DB Backup Folder Location (default Obfuscated & Secure BPS Backup Folder location), DB Backup File Download Link|URL, Backup Job Type: Manual or Scheduled, Frequency of Scheduled Backup Job (recurring - Hourly, Daily, Weekly or Monthly), Hour When Scheduled Backup is Run (recurring - start time for a scheduled backup job), Day of Week When Scheduled Backup is Run (recurring - weekday day), Day of Month When Scheduled Backup is Run (recurring - day of the month), Send Scheduled Backup Zip File Via Email or Just Email Only - email zip backup file, do not email backup zip file, email and delete zip backup file or just send an email, Automatically Delete Old Backup Files (Never delete old backup files, delete backup files older than 1 day, 5 days, 10 days, 15 days, 30 days, 60 days, 90 days or 180 days), - Turn On|Off All Scheduled Backups (override - turn on all scheduled backups or turn off all scheduled backups).
  • Rename|Create|Reset Tool: Rename|Create|Reset DB Backup Folder Name
  • DB Backup Logging
  • Depending on your DB Backup settings, log entries will be logged anytime you run a Manual Backup Job or whenever a Scheduled Cron Backup Job is run. The Backup Job Completion Time, Zip Backup File Name, timestamp and other information is logged. If you have chosen the option to automatically delete old zip backup files then the zip backup file name and timestamp will be logged when old zip backup files are automatically deleted. When you create a new Backup Job your Backup Job Settings are logged/saved in the DB Backup Log.
  • DB Backup Log Automation: Automatically zipped, emailed and replaced based on file size
  • Click the DB Backup Read Me help button for full descriptions of all features and options.

BulletProof Security FrontEnd|BackEnd Maintenance Mode Features

  • FrontEnd Maintenance Mode|BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes
  • Website displays & functions normally while visitors see a website under maintenance page
  • TinyMCE WYSIWYG Editor - Create Customizable Website Under Maintenance page
  • Embed image files and YouTube videos
  • 20 background images|15 center images (text box image)|Roll Your Own Design|Under Maintenance Page
  • Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image)
  • Enable Countdown Timer
  • Countdown Timer Text Color
  • Maintenance Mode Time in Minutes
  • Header Retry-After in Minutes ~ 503 HTTP Status Code
  • Enable FrontEnd Maintenance Mode ~ site development, maintenance, coming soon, under construction, etc.
  • Enable BackEnd Maintenance Mode ~ Deny All IP address .htaccess protection for the wp-admin folder/WP Dashboard
  • Maintenance Mode IP Address Whitelist Text Box: Enter The IP Addresses That Can View The Website Normally (not in Maintenance Mode)
  • Maintenance Mode Text|Images|Videos Displayed To Website Visitors
  • Background Images: 20 background images ~ mix and match with center images ~ see screenshot
  • Center Images: 15 center images ~ mix and match with background images ~ see screenshot
  • Background Colors (If not using a Background Image)
  • Display Visitor IP Address
  • Display Admin|Login Link
  • Enable Visitor Logging
  • Display Dashboard Reminder Message when site is in Maintenance Mode
  • Send Email Reminder when Maintenance Mode Countdown Timer has completed
  • Email: To|From|cc|bcc
  • Network|Multisite Primary Site Options ONLY
  • Put The Primary Site And All Subsites In Maintenance Mode
  • Put All Subsites In Maintenance Mode, But Not The Primary Site
  • Click the Maintenance Mode Read Me help button for full descriptions of all features and options.

Requires: 3.7 or higher
Compatible up to: 4.7.1
Last Updated: 1 month ago
Active Installs: 100,000+


4.7 out of 5 stars


17 of 20 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

86,7,6 100,3,3 100,11,11 100,1,1 100,4,4 92,13,12
100,1,1 100,1,1
100,4,4 100,2,2 67,3,2 63,8,5 100,2,2
100,1,1 75,4,3 100,1,1
100,2,2 100,1,1 100,1,1
100,3,3 90,10,9 100,2,2
100,3,3 100,1,1
100,2,2 100,9,9 100,5,5 100,6,6
89,9,8 100,1,1
83,6,5 95,20,19 100,12,12 100,1,1 100,2,2 100,1,1
100,6,6 86,7,6 100,1,1
67,6,4 83,6,5 89,27,24 100,2,2 100,1,1
100,3,3 93,15,14 78,18,14 100,4,4 100,1,1 100,1,1
0,1,0 100,14,14 100,2,2
100,7,7 67,3,2 90,10,9 100,5,5 88,8,7 100,2,2 100,1,1 100,2,2 100,4,4 100,2,2 100,1,1 100,1,1
100,1,1 50,2,1
100,7,7 100,1,1
100,4,4 100,3,3 100,2,2 100,1,1 100,2,2 100,1,1
100,1,1 100,2,2 100,1,1 100,2,2
100,1,1 100,2,2 100,3,3 100,2,2
100,4,4 0,1,0 100,4,4
100,1,1 100,1,1
100,2,2 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1
100,2,2 75,4,3
100,2,2 100,2,2 100,2,2
100,1,1 100,2,2
100,3,3 100,1,1 100,2,2 100,2,2
67,3,2 100,2,2 100,2,2
100,2,2 0,1,0 100,2,2