BulletProof Security
[resolved] Updating .htaccess Only (2 posts)

  1. Tranny
    Posted 5 years ago #

    Hello Ed,

    I've been looking at the plugin for a while but remain slightly apprehensive regarding its use. Not because of the plugin, but because of the type of site I have. I wanted to ask though:

    I would still like to strengthen my installation any way I can but do not wish to install entire plugin, would I be able to take the # FILTER REQUEST METHODS and the # QUERY STRING EXPLOITS codes from your .htaccess file and paste it into mine without compromising any functionality? I would just like to prevent SQL injection and keep the blog as impenetrable as possible without bloating it up too much. WOuld these two parts of your .htaccess file, when added to mine do me good without causing anything bad?


  2. AITpro
    Plugin Author

    Posted 5 years ago #

    Yep you can take the .htaccess filter code out and add it to your current .htaccess file(s). BulletProof is not doing anything new in website security that hasn't been around for years. It is just a compilation of the best most effective filters I could put together and to make it a no brainer for anyone who is not familiar with .htaccess, i just turned into a one click thing. When i first went looking for an .htaccess file and code for my websites years ago I was totally confused by the documentation I found on the Apache site and didn't really find a site with a ready made complete solution. So you can take or leave whatever filters you want to use. If you are worried about certain words being filtered out of a site search then remove the SQL syntax / words individually. Like "order" for example. The critical SQL commands to block are "insert" and some of the others. Personally I prefer to have any SQL commands blocked that could cause damage to my sites, but it is up to each person to decide what kind of risks they want to take.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic