Title: Does this plugin really secure my website? Last modified: August 20, 2016 --- # Does this plugin really secure my website? * Resolved [Young Master](https://wordpress.org/support/users/young-master/) * (@young-master) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/) * The description of this plugin explains that this plugin protects against website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. Someone to successfully injects base64 codes into my website. Can you explain how does that happen of this plugin really protects against base64 injection? * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467524) * The only way that would possible is if your site was already hacked. Usually Code Injection is done after a hacker already controls your site. Code Injection is done with Shell Scripts or other custom hacker scripts. * Here is a typical example: A hacker cracks your WordPress password or your FTP password. They then upload several payload scripts. Typically a Shell hacker script and several hidden backdoor hacker scripts in case you find the Shell script. Once the Shell script is uploaded the hacker then uses that Shell script to inject code into your files. * In summary Code Injection is usually done after your website has already been successfully hacked. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467525) * Also the code could have been added another way. Through an exploit or vulnerability in some code you have on your site either in a plugin, theme or custom script. The hacker could simply exploit that coding flaw and use it to add his code, which would technically not be code injection, but simply an exploitation of a flawed code on your website. * BPS is designed to protect against a direct attack, but if you have some coding on your website that allows something that it should not be allowing then this is called an exploit or vulnerability. The hack is done by exploiting the existing flawed code. This would not be a direct attack so there would be nothing indicating a hack was taking place therefore nothing to trigger BPS to block it. * BPS has blocked over 800,000+ hacking attempts on the AITpro websites in the last 3 years so BPS seems to be working pretty well. πŸ˜‰ * Thread Starter [Young Master](https://wordpress.org/support/users/young-master/) * (@young-master) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467637) * Thank you for your explanations. I do understand now. And why your plugin doesnt provide .htaccess protection on wp-contents? I have found so many plugins code modified. I think you should consider putting this in your plugin * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467638) * The Pro version does have this already – Plugin Firewall – but this is too complex to add to the free version. I already have my hands full with supporting the Pro version. πŸ˜‰ * Thread Starter [Young Master](https://wordpress.org/support/users/young-master/) * (@young-master) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467641) * If I put my own .htaccess on wp-content will it cause interference with bullet proof security? I want to put my temporary .htaccess on wp-content while am planning to buy BPS Pro. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467679) * Yes, you can of course add your own .htaccess file to the wp-content folder. The tricky part is making sure that all of your plugins and other things in the wp-content folder still work correctly. In order to do this correctly without interfering with other things we had to create several whitelisting tools and automate the Plugin Firewall IP Address updating so that it automatically adds your new IP Address each time it changes. You can of course just do this manually. * Thread Starter [Young Master](https://wordpress.org/support/users/young-master/) * (@young-master) * [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467751) * Thank you for your wonderful explanation. Viewing 7 replies - 1 through 7 (of 7 total) The topic β€˜Does this plugin really secure my website?’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 7 replies * 2 participants * Last reply from: [Young Master](https://wordpress.org/support/users/young-master/) * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/does-this-plugin-really-secure-my-website/#post-3467751) * Status: resolved