Good but only for specific use cases
-
The plugin has a very complicated admin panel, it’s very complicated to set up and configure correctly, throws back hundreds of notifications that are a nightmare to keep track of or even disable… but it is very powerful. If you need a top notch security for a big project than go with BPS. If you just want to secure a simple site than working with this plugin will be a pain and you will be far better off with any of the competitors.
-
Good but only for specific use cases
Yeah like the use case when you don’t want your website to get hacked. LOL π
In all seriousness, we are working on simplifying and automating BPS as much as possible, but what BPS is doing is very complex and sophisticated so “dumbing down” things for the average person has been quite a challenge for us. Getting there and hopefully in the next two version releases we will have everything so “dumbed down” that it will be easy for everyone no matter what level of expertise/experience they are at.
As Developers and Coders we want more manual control options, but end users just want the good old “one button click” automation thing so that is the direction we are headed in. π
I’m looking forward to that moment.
BTW. I said that this plugin is not suited for small projects because from what I experienced it requires constant attention of a dev. And I’m saying this after having spent two or three days on your forum trying to get to know the plugin and configure everything the right way. However, constant attention is something I cannot give the sites with this plugin.
The problem is that when I installed BPS PRO on three of my clients sites I kept getting complaints from them – things stopped working, conflicts, they started complaining on a bazilion of notices in admin, etc. Not to mention problems after updates. If I kept an eye on those sites all the time (and probably spent a few more days on your forum) it would be no problem. But I didn’t. My clients order a site and I deliver them a site. Once or twice a year I update it and that’s it. I don’t keep an eye on them all the time and thus I decided on moving to competition.
I do not think however that they are better options. They are simply less problematic and let me do my job rather than dealing with complaints.
hmm yeah thats is very unusual. Sorry that you ran into so many problems. That is definitely not a normal situation, but one thing we have noticed happening fairly often is the person who purchases BPS Pro and installs BPS Pro on their customer’s sites does not inform his/her customers about BPS Pro procedural basics. Things like AutoRestore needs to be turned Off when manually editing/modifying/uploading files via FTP or files will be quarantined. There are only a handful of things folks need to be aware of procedurally about BPS Pro that cannot be automated. ie AutoRestore is amazing, but AutoRestore cannot tell if you are a legitimate website owner or a hacker if you are uploading files to your website via FTP. π Recommendation: If you are going to install BPS Pro on your customer’s sites then have them look at the AutoRestore Guide forum topic: http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/ and the Security Log video tutorial: http://forum.ait-pro.com/video-tutorials/
And I want to word this very, very carefully and not point any fingers at anyone in particular, but this is a sad fact: We have seen competitors choose not to fully secure websites (using advanced, cutting edge or complex security systems) because doing that would potentially cause problems or complaints made to them. We will never do anything like that. We would rather create cutting edge security software and hear complaints then create or sell a product that does not secure a website 100%. π
Hi I think Setup Wizard is good thing but Iο½ would be better if you add simplified UI besides current UI.
I know you have strict policy about security, but need better presentation for beginners.
Then you’ll earn more reputation.for example,
Easy function switch panel like All In One WordPress Security / Wordfence have.
Sometimes people want to use/turn off only certain feature.Hide detail setting would be nice for beginners.
Since there is Setup Wizard, many user don’t need to see every settings.@ashf – yep we will be eliminating things like AutoMagic buttons so that someone only need to do a one button click instead of several button clicks. This is a horrible thing for Developers and Coders, but great for the average person so that is the direction we are going in – less manual controls|less choices – simply just one button clicks. π
We have looked at the Wordfence and AIO UI’s and we don’t like either of them visually or functionally and in general. BPS does have the capability to turn all features on and off individually. We intentionally did not go the route of breaking up each section of htaccess code into separate options since that is actually much more of a pain in the neck than using BPS Custom Code, which allows someone to customize their entire htaccess files in one shot. So what we think is the real problem is that we have not made things clear enough in regards to Custom Code and explained why BPS Custom Code is far superior to any other methods used in other plugins like AIO or Wordfence.
I think the biggest problem is that a lot of folks get intimidated by copying and pasting htaccess code into BPS Custom Code. ie fear of making a mistake, fear of something going wrong, etc. Clicking a button or option setting is/does the same thing, but the code fear/intimidation factor does not exist because someone is not directly copying and pasting code. The obvious difference between the average person and someone who is a coder is a coder would prefer to see and handle code directly and an average person would prefer not to see and handle code directly and just click a button instead.
So in summary, we understand where the problems are, but are not exactly sure how to make all of this work for both Developers|Coders and average folks. ie removing things that Developers|Coders want is not smart so we need to figure out how to have both. Working on that.
I think the winning idea is going to be this one.
Create an option for: Developer|Coder Mode or Simple Mode. Someone can then switch between these Modes either temporarily or permanently based on their preference.The Developer|Coder Mode would display everything as it is now currently in BPS.
Simple Mode would only display options|settings|buttons and no code or the ability to handle code. Everything would just be clicks.Another possible idea is to leave all the manual control tools as they are and instead display a message to re-run the Setup Wizard. ie BPS detects something that requires the Setup Wizard to be re-run, someone re-runs the Setup Wizard and the Setup Wizard would automatically add|fix|install, etc. whatever that is.
I would much more prefer to see the first option implemented ,i.e. with a simple mode. And I also think that the current panel suffers a lot from unnecessary wordosis – too much words used to express simple ideas, repeating itself, etc. .e.g. currently in the tab: Security Modes it says:
“Activate | Deactivate wp-admin folder BulletproofMode (WBM)
– Activate wp-admin folder Bulletproof mode
– Deactivate wp-admin folder Bulletproof mode (Default mode) Caution: Use default mode for testing, troubleshooting or BPS removal.”Whereas it would suffice to say:
“Protect wp-admin folder*”
[checkbox] yes
* disable for testing, troubleshooting or BPS removal”The thing is that when you look at BPS panel for the first time the amount of text is overwhelming. And most of this text is unnecessay. I would easily replace 60% of it with shorter equivalents. I would also try to move all the texts that are optional to read to modal windows shown after hovering over question marks icons. This would make the panel much more clear and easier to wrap ones head around. It would make people grasp the admin panel more easily rather than be put off by it.
Yeah that is what we were doing before and the complaint when we were doing that was “there is not enough help information directly on the page”. π I don’t think we will change the terminology and phrasing of things because that would cause a lot of confusion. So whether or not Activate and Deactivate are the best choice of words, they are words/terminology that have used for years now so it would not be smart to change that.
With that said, if we do create a Simple Mode then it will be very simple with very little explanation of what is going on directly inpage. The assumption would be that someone either does not care to know what is going on or would not understand the help text anyway. π
Another example:
“Enables | Disable Idle User Session for these user roles:
Check to enable. Uncheck to disable. See the readme help button for more details.
[checkbox] Role
[checkbox] Role
[checkbox] Role
[checkbox] Role
[checkbox] Role”Could be replaced by:
“Enable idle user session for:
[checkbox] Role
[checkbox] Role
[checkbox] Role
[checkbox] Role
[checkbox] Role”The text “Check to enable. Uncheck to disable. See the readme help button for” is unnecessary and offends peoples inteligence by stating the obvious.
I think the current admin would also improve greatly after visual differentiation between Option titles and descriptions. At the moment everything looks the same and makes people read everything because they don’t know if the text after headline is still a headline or not.
I think switching Coder/Simple mode would be nice.
But I would like you to implement central control panel.
Button switch turn on/off main function(at least htaccess core) at once.
That would be helpful for beginners.
If user gets some problem, they just need to turn off functions with the button.P.S.
iThemes Security also re-designed UI recently and they added central control panel like other two.I really like the option settings page that the Comet Cache plugin uses, but assume non-coders and non-Developers probably feel like there is too much help information under each option setting. Personally I like to know exactly what is going on so too much help info vs not enough help info is always better in my opinion. π Some people are very visually based and get easily distracted and confused by additional help text. I know a few of those types of people personally. π Anyway I think the Simple Mode idea is the best idea because it also offers the most flexibility. ie don’t show me something that I already know now, but leave me the option to see that later on if I want/need to see that.
@chrisplaneta – I think you are getting too much into personal preference with the Idle Session Logout settings vs overall best method to cover everyone’s preference/needs. If we did that then we would get lots of questions like “how do I disable X Role”. How do I know that? Because previously this help text did not exist: “Check to enable. Uncheck to disable. See the readme help button for more details” and we were asked that question over and over. π
@ashf – that already exist in BPS and I don’t think moving things to another location would make that any better. Personally I believe the best place for “on/off” controls is directly at the feature. ie turn Login Security On|Off on the Login Security page, etc.
- The topic ‘Good but only for specific use cases’ is closed to new replies.
