WordPress.org

Forums

BulletProof Security
[resolved] BPS + Others?? (15 posts)

  1. ciaranm
    Member
    Posted 4 years ago #

    Hi There

    I had a site hacked a while ago which (I think and hope) has been fixed via some painstaking work and BPS... But this experience has made me super paranoid!

    So my question is what other plugins would you recommend (if any) to work alongside BPS to further enhance security?

    I am already using Login Lockdown and WP Security Scan and they seem to work fine with BPS.

    Thanks in advance!

  2. AITpro
    Member
    Plugin Author

    Posted 4 years ago #

    Hi,
    I'm sorry about your website hacking experience - it is never a pleasant one and can mess with your mind for quite awhile afterwards.

    When i first created BPS i was in a nightmare battle with some hackers (auto attacks and direct individual attacks simultaneously). Every move i made they just blew through it like it was nothing. This went on for about 5 days until I put together what is now the secure.htaccess file. This stopped them completely, but i was holding my breath for 3 weeks afterwards when i went to check that client's site every day to see if it had been hacked.

    The point I am trying to make is that when BPS is activated you can feel very confident that all attacks coming from outside of your web host will be blocked. You should still monitor your website for a week for internal or lateral attacks. If the web host has been compromised somehow then BPS will protect you from some lateral attacks, but cannot protect you from things like passwords being hacked, etc.

    I personally only use BPS for website security on my websites and client's sites so i can't recommend any other plugins to go with BPS, but Login Lockdown looks like a good plugin and WP Security Scan has some nice features. There are a couple of WordPress security plugins that you should avoid. I will not mention their names, but recommend that eveyone should read the "what others are saying comments" for any plugin that they plan on installing.

    Exploit Scanner is a great plugin for checking for malicious or suspicious code on your website.

    What you can do to increase your website security even further is to add additional hatccess filters and rules to the BPS master files and of course your active htaccess files. htaccess files can do all sorts of neat stuff besides just providing website security. So what i recommend is that you do some Googling on "htaccess" and "htaccess website security", etc. And that is what is so great about the built-in BPS htaccess File Editor - you can add things on the fly - test em in another browser window - if your site blows up - then just remove the edit in your other browser window - no harm no foul. ;) Of course you can put the site in Maintenance Mode too so if you screw up then only you know about it. LOL Thanks.
    Ed

  3. ciaranm
    Member
    Posted 4 years ago #

    Hi Ed

    Thanks for your comprehensive response!

    I will most certainly do some more Googling re: htaccess security...

    Any idea when your pro version will be released? And what features do you plan on adding?

    Cheers
    Ciaran

  4. AITpro
    Member
    Plugin Author

    Posted 4 years ago #

    Hi Ciaran,

    No definite date on BPS Pro. That project keeps getting pushed back so maybe by May. Monitoring and alerting are the most requested features so they are definites. We are still going back and forth on everything that should be in BPS Pro. Thanks.

    Regards,
    Ed

  5. ciaranm
    Member
    Posted 4 years ago #

    Awesome! Thanks Ed.

    You're doing a great job saving all of our as**es. Keep up the good work!

  6. marcos71
    Member
    Posted 4 years ago #

    Hello people.

    I am a bit of a newb at PHP... I am a Java man.
    But now I need to configure this WordPress site. So I am very proud to say I am getting my head round it. However I also seem to have been hacked. I have 95.000 comments in my comments.....? When I click on one to see where it was posted to the page doesn't seem to exits. Do any of you know this is a simply fixed issue?

    I have un -installed all geustbook plugins which I susspected but they keep coming...$#%$

    Any help is welcome. ^

    Kind regards
    Marco S

    Thanks in advance.

  7. ciaranm
    Member
    Posted 4 years ago #

    Hi Marco

    I'm definitely not the security expert, but if you are getting major comment spam, you could try Askimet if you haven't already. Not sure about he whole page not existing thing...

    But in regards to BPS, I have had good experiences with the plugin being able to prevent hacked sites from being rehacked. It might be worth installing BPS and see if it helps.

    Good luck

    Cheers
    Ciaran

  8. marcos71
    Member
    Posted 4 years ago #

    First tnx for the resonce,

    I dit activate it don't know if we actually pay for it at the moment...
    The key seems to work but I just activated the plugin.

    I will look into BPS right now.

    I also just today upgraded to 3.1.1 today... when did that become available?

    So seeing loads of viagra and porn messages can't really mean anything else.... Do they insert that into the DB??

    Thanks again for your help

    Cheers

  9. ciaranm
    Member
    Posted 4 years ago #

    Askimet is free... It comes standard with WordPress and is highly recommended...

    Hard to tell what you've got without a link to your site... Can you post a link?

    But if you are getting lots of viagra junk it could be a form of the pharma hack which also got me a while ago... Here are two recommended articles about the Pharma Hack.

    http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php
    http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html

    I have not been hit again with the pharma hack since installing BPS.

  10. marcos71
    Member
    Posted 4 years ago #

    Oh ok must have been something else I saw the 5$ bucks for
    Yes it is some swiss pharma site talking about all kinds of dope.

    The page not being there might have something to do with a messed up structure of page / templte / theme thing... I am still a little confused on that :-) So tomorrow I will get all passwords changed... 3 am now nobody at the office. I hate being hacked. Luckily I wasn't in command at the time :-) Only got this mission today.

    I will read everything carefully

    Thanks again.

  11. ciaranm
    Member
    Posted 4 years ago #

    Yes Askimet has paid versions... but is free for personal sites.. Depends on the type of site you have... It's a pretty good service so pay what you can...

    Cheers

  12. marcos71
    Member
    Posted 4 years ago #

    Oh right.... I will pass it on to the site owner.
    Youve been a great help

    Those hacked links damn. luckily don't have these on this site.

  13. ciaranm
    Member
    Posted 4 years ago #

    No worries... Good luck!

  14. Reza
    Member
    Posted 4 years ago #

    Hi Dude

    I don't know if I'm writing in right topic, just I wanted to say Thanks for your efforts for making wp and net secure.

    Wish to have a world without any anti hacking and anti virus programs.

    Thank You again Ed.
    You are helpful, supportive and nice person.

  15. AITpro
    Member
    Plugin Author

    Posted 4 years ago #

    Thanks! :)

    Why stop there? How about a world where politicians and governments tell the truth and have regular folks best interests in mind. You're not gonna find that on planet Earth. LOL LOL LOL

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic