Support » Plugin: BulletProof Security » Worfence Vs Bullet Proof

  • Resolved tigershroof

    (@tigershroof)


    I am Wordfence User and planning to shift over to BulletProof Security. I know the price advantage BPS has over Wordfence, but there are some technical questions which will help me take a quicker decision :

    a) Does BPS Pro has GEO IP Blocking ?

    b) Can we block IP and its Network and carry out a Who Is Search from within the widget ?

    c) Is there a Live Traffic Feed within the widget ?

    d) How effective is the firewall of BPS Pro Vs Wordfence and what are the major differences.

    Thanks in advance for answering.

    Mark

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author AITpro

    (@aitpro)

    a. Nope, BPS blocks by “bad action”. ie ip address x.x.x.x, bad bot X, spammer X, hacker X does a bad action and the bad action itself is blocked. So basically there is no need to block by country ip addresses.

    b. Nope, not really sure why you would want to do that. Seems like a waste of your time. BPS just blocks stuff and logs stuff.

    c. Nope, BPS focuses on website security only.

    d. The BPS firewall htacces code is very effective. I’m not sure what wordfence does with their firewall. So I can’t really compare the two.

    • This reply was modified 3 years, 1 month ago by AITpro.
    Plugin Author AITpro

    (@aitpro)

    My previous thread post comes off as negative instead of positive since there a comparison to Wordfence trying to be made. So here is a positive approach.

    This is our selling point for BPS Pro, which is 100% accurate and truthful:
    “BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.”

    This is a list of BPS Pro features: http://www.ait-pro.com/bps-features/

    Overall I believe Wordfence is a decent security plugin, but I believe BPS Pro is a better security plugin. 😉

    • This reply was modified 3 years, 1 month ago by AITpro.

    Thank you for responding. I am already using Wordfence on one website and want to use Bullet Proof on another site. My questioned are aimed at helping me buy BPS rather than eliminate BPS as a choice.

    a) Country Blocking – Some of us run local businesses that do not require web traffic from other countries. As such, country blocking is of great help. The top there countries where intrusion attempt s are launched from are China, Turkey and Russia (as per Succuri as well as personal experience). On this basis, it really helps to have country blocking with an accurate database. Wordfence database is super accurate but iQ Block Country is also very good in this respect and except few occasions, the accuracy rate of Country Block is pretty good. Country Blocking is something you may want to consider as some customers like me would be willing to pay for it.

    b) Live Traffic Feed has actually been of help to block visitors in real time (provided one is watching the feed). A “Who is” lookup embedded also helps to accurately search for Who is contacts. This is not a very important feature, but the Live Traffic Feed is pretty helpful based on what one wants to do with it.

    c) Firewall in Wordfence in real time updates security threats, though was not much help during a DDOS attack. Succuri was superb during DDOS attacks and Firewall but it 50 bucks more expensive for Year 1 and 100 bucks more expensive from Year 2 (considering the discount available through Yoast SEO). Succuri has Cloud based Firewall, stops DDOS attacks, has Country Blocking, Live Feed and was as good as Wordfence for Vulnerability and Malware Scanning. In addition, it cleans up hacked sites without any additional fee and also has an expanded reputation management (Yandex, Google, Bing etc.). Succuri is quite effective but the price may be high for some bloggers, considering the renewal fees. If Succuri comes down to 150 Buck per annum for its Total Security Package with Cloud Firewall and 100 Bucks without Cloud Firewall, it would beat Worfence hands down.
    As Wordfence moves closer to 99 Bucks for a single license, it is only a matter of time that they will increase prices and I am inclined to look for alternatives. The Wordfence firewall claims to stop these attacks except the DDOS attacks.It would be helpful to know if BPS blocks these attacks.

    Rules

    Enabled Category Description
    whitelist Whitelisted URL
    lfi Slider Revolution: Local File Inclusion
    sqli SQL Injection
    xss XSS: Cross Site Scripting
    file_upload Malicous File Upload
    lfi Directory Traversal
    lfi LFI: Local File Inclusion
    xxe XXE: External Entity Expansion
    xss dzs-videogallery 8.80 XSS HTML injection in inline JavaScript
    sqli Simple Ads Manager <= 2.9.4.116 – SQL Injection
    rfi Gwolle Guestbook <= 1.5.3 – Remote File Inclusion
    priv-esc User Roles Manager Privilege Escalation <= 4.24
    sde Yoast WordPress SEO <= 3.1.2 – Sensitive Data Exposure
    auth-bypass WordPress Core <= 4.5.0 – Authentication Bypass
    file_upload Ninja Forms <= 2.9.42 – Arbitrary File Upload
    auth-bypass Ninja Forms <= 2.9.42: Missing Authentication Check
    auth-bypass Ninja Forms <= 2.9.42: Missing Authentication Check
    sde Caldera Forms <= 1.3.5 – Sensitive Data Exposure
    auth-bypass WP Fastest Cache <= 0.8.5.6 – Authorization Bypass
    auth-bypass WP Fastest Cache <= 0.8.5.6 – Authorization Bypass
    xss HDW Player Plugin <= 3.4 – Reflected XSS
    sqli Google SEO Pressor Snippet Plugin <= 1.2.6 – SQL Injection
    xss WPMain Stored XSS <= 3.1.2
    file_upload EWWW Image Optimizer <= 2.8.0 [Remote Command Execution]
    xss Customize Admin Stored XSS <= 1.6.6
    sqli Kento Post View Counter SQLi <= 2.8
    xss Kento Post View Counter Reflected XSS <= 2.8
    xss Kento Post View Counter Stored XSS <= 2.8
    file_upload WP Mobile Detector <= 3.5 – Arbitrary File Upload
    sqli Double Opt-In for Download <= 2.0.9 – SQL Injection
    sde WP Maintenance Mode <= 2.0.3 – Sensitive Data Exposure
    sde WP Maintenance Mode <= 2.0.3 – Auth Bypass
    rce WP Maintenance Mode <= 2.0.3 – Remote Code Execution
    auth-bypass Robo Gallery <= 2.0.14 – Auth Bypass
    file-download Memphis Documents Library <= 3.4.5 – Unauthenticated Arbitrary File Download
    lfi SEO by SQUIRRLY <= 6.1.0 – Local File Inclusion
    auth-bypass SEO by SQUIRRLY <= 6.1.0 – Auth Bypass
    auth-bypass DELUCKS SEO <= 1.3.9 – Unauthorized Options Update
    auth-bypass WiziApp – All in One mobile suite <= 4.1.2 – Auth Bypass
    priv-esc Profile Builder <= 2.4.0 – Privilege Escalation
    xss All in One SEO Pack 2.3.6.1 – Persistent XSS
    xss All in One SEO Pack <= 2.3.7 – Unauthenticated Stored XSS
    auth-bypass Fluid Responsive Slideshow <= 2.2.26 – Unauthorized Content Modification
    sde WP Backup <= 1.2 – Sensitive Data Exposure
    file_upload File Manager <= 3.0.0 – Arbitrary File Upload/Download
    file_upload Levo Slideshow <= 2.3 – Arbitrary File Upload
    auth-bypass Form Lightbox <= 2.1 – Unauthenticated Options Update
    auth-bypass WordPress Social Stream <= 1.5.15 – Authenticated Unauthorized Options Update
    priv-esc Ultimate Product Catalogue <= 3.8.1 – Privilege Escalation
    file_upload 360 Product Rotation <= 1.2.1 – Arbitrary File Upload
    xss WordPress Activity Log <= 2.3.1 – Persistent XSS
    file_upload Slider Revolution: Arbitrary File Upload
    sqli User Meta Manager <= 3.4.6 – SQL Injection
    rfd TimThumb <= 1.33 – Remote File Download
    rce TimThumb <= 2.8.13 – Remote Code Execution
    file_upload MailPoet <= 2.6.7 – Arbitrary File Upload
    dos WordPress Core <= 4.5.3 – DoS
    lfi Directory Traversal – wp-config.php
    file_upload Malicious File Upload (Patterns)
    file_upload N-Media Post Front-end Form <= 1.0 – Unauthenticated Arbitrary File Upload
    file_upload CYSTEME Finder <= 1.3 – Multiple Unauthenticated Vulnerabilities
    file_upload Estatik <= 2.2.5 – Unauthenticated Arbitrary File Upload
    lfi Mail Masta <= 1.0 – Unauthenticated Local File Inclusion
    auth-bypass Total Security <= 3.3.8 – Unauthenticated Options Update
    obji Ecwid Ecommerce Shopping Cart <= 4.4.3 – Unauthenticated Object Injection
    file_upload Malicious File Upload (PHP)

    If we leave Country Blocking, Live Traffic Feed, I think BPS is a much better value for money, but wanted to compare the Firewall options in BPS vs Wordfence.

    Once again, thanks for taking the time to respond. The aim is to buy here verus not buy and I want to take an informed decision.

    • This reply was modified 3 years, 1 month ago by tigershroof.
    • This reply was modified 3 years, 1 month ago by tigershroof.
    Plugin Author AITpro

    (@aitpro)

    I’m not interested in trying to sell you anything. We simply do not do a hard sell or sales pitch of any kind. We want people to choose for themselves. In general, for what you are looking for and the sites that you have, I think you may want to stick with what you have found that you want and not worry about the cost now or in the future. If you have something already that you like then just stick with it. 😉

    a) Country Blocking – nope we will never add this for this #1 reason: doing this causes unnecessary memory and resource usage for your server/website. There are lots of other reasons why is a terrible approach. People tell us all the time that after removing country ip blocking their server/websites perform much better.

    b) Live Traffic Feed – yep I understand what appears to be a benefit, but if you have a site that has very high traffic and you are spending your time looking at this stuff instead of doing other more important things, than in my opinion that is a complete waste of your valuable time. Live Traffic is known to cause website performance problems for obvious reasons – your website/server has to process this data all day long/every day. There are plenty of folks that have reported this about Wordfence Live Traffic feed over the years. So check that/cross reference that information for yourself. 😉 On a low traffic site it is not going to probably cause a big performance problem, but if you have a high volume of traffic then there is going to be a noticeable performance cost/slowness/etc.

    c) All I can tell you is the BPS Pro Plugin Firewall works great/is very effective. I can’t really do any sort of comparison with anything else. 😉 I can’t make any sort of assesment based on the Wordfence rules that you posted, but what I can tell is the BPS Pro Plugin Firewall and other various security features will also block all of these things 100%.

    Thanks for taking the time to answer and specifically answering the last question. Will be in touch.

    Plugin Author AITpro

    (@aitpro)

    Another very important point about not trying to sell BPS Pro to you on the wordpress.org forum site is that it is specifically not allowed in the wp forum rules. 😉

    • This reply was modified 3 years, 1 month ago by AITpro.

    Noted and understood. Once I am ready to buy, I will contact you through the direct site. Thanks again.

    • This reply was modified 3 years, 1 month ago by tigershroof.
    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – the thread has been resolved. If you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

    @aitpro – I have removed the recent off-topic posts and am closing this topic since it’s marked as Resolved.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Worfence Vs Bullet Proof’ is closed to new replies.