[Plugin: BulletProof Security] Can this work on windows server

Yep the plugin itself will install and work on Windows IIS hosting for general things (system info, etc) that are included in the BPS plugin, but yes you are correct that .htaccess files are only used for Linux and not used on Windows. So activating BulletProof Modes would have absolutely no effect or break the WordPress site on an IIS server. Hopefully your server is an IIS7 server so that you can use some other possible options. If you have IIS6 you have absolutely zero options.

http://codex.wordpress.org/Using_Permalinks#Permalinks_without_mod_rewrite

If there were more people using IIS7 i would make the extra effort to add additional coding for IIS7, but what i am finding out is that most people who have chosen IIS hosting have no idea whether their servers are IIS6 or IIS7 and this then opens another can of worms that i defintely do not want to support so I just don’t have the extra time to include this at this time. thanks.

Well depending on how you are doing the rewriting and if you are willing to experiment you could most likely incorporate the exploit security filters in BPS. I have been wanting to experiment with this, but have just not found the time to be able to do this.
so you could in theory add the conditions to the web.config file or if you are using the URL Rewrite Module it looks like RewriteCond will work, but REQUEST_URI may not work correctly.

http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/

So logically you would take the Exploit filter code and incorporate it into whatever IIS7 URL rewriting method you are using. Thanks.

Well some day down the road i will get to this so when i do i will be sure to post back here. I would just slap the IIS7 URL rewrite module into a local XAMPP installation for testing, but I don’t want .net enabled on any of my systems right now so when i can designate a computer that is not connected to the Internet i will figure this one out for IIS peeps. Thanks.

Well IIS7 is very secure compared to IIS6 so at least you are not a sitting duck like IIS6 peeps are. 😉 I could not find any WordPress plugins that offer website security specifically for IIS so i think what you should do is look at the official Microsoft IIS site and also Stackoverflow for any additional security measures you can add for IIS7 servers. The earliest i could possibly get to testing adding IIS protection to BPS would be in January 2012. 🙁

One thing you can do that will add a lot more security for an IIS server is to create a custom php.ini file. Hosts that offer IIS hosting do not make this an easy or simple thing for you to add so it will probably take a fair amount of back and forth with your web host to be able to do this.

Thanks.

I am not really sure. It is not completely clear whether this product is Server based only. Logically it would have to be Server based and not installed at the end user level. My knowledge of Windows IIS used for Hosting Servers is very limited. I have been a Network Engineer and managed several in-house IIS Servers for Corporate Computer Networks, but that is a totally different thing because you “own” the Server as opposed to be given some space on a Server used for Hosting purposes. To tell you the truth I have no idea if this product will work or not. Sorry.