WordPress Security Plugin – BulletProof Security

If you use WordPress for your website, it is important to ensure that you protect your WordPress installation. BulletProof Security is a plugin which will help you do that.

It offers both .htaccess based and php based security components. It offers protection from XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.

It provides protection for wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection.

This plugin also checks for file and folder permission, DB errors etc. It also allows you to perform monitoring of logins including the failed logins.

Here is a list of features of BulletProof Security as listed in WordPress Plugin page. You can download the plugin from http://wordpress.org/plugins/bulletproof-security/

BulletProof Security htaccess Core Features

  • One-click .htaccess website security protection from within the WP Dashboard
  • .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts
  • .htaccess file backup and restore
  • .htaccess Lock / Unlock (404 Read-Only)
  • .htaccess AutoLock On or Off
  • Security / HTTP Error Logging – Log 400, 403 and 404 Errors
  • Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
  • Security Log: Turn On / Turn Off / Delete Log
  • Automatic .htaccess file updating on upgrade installation
  • New .htaccess security filters automatically added during upgrade
  • No need to reactivate BulletProof Modes when upgrading
  • WP Dashboard Alerts – Root and wp-admin .htaccess file checks
  • Anti Comment Spam .htaccess code – works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
  • Anti Comment Spambot .htaccess code – Forbid Empty Referrer Spambots
  • TimThumb Vulnerability/Exploit .htaccess coding
  • Built-in File Editing, File Downloading and File Uploading
  • Custom Code feature that permanently saves and writes your personal custom .htaccess code
  • WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
  • wp-config.php and bb-config.php files protected with .htaccess security protection
  • php.ini and php5.ini files protected with .htaccess security protection
  • WordPress database errors turned off – Verification and function insurance
  • WordPress version is not displayed / not shown – WordPress version is removed
  • WP Generator Meta Tag filtered – not displayed / not shown
  • WP DB default admin username / account check
  • System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache and Memcached
  • Security Status Page – Displays website security status information
  • File and Folder Permission Checking – CGI / DSO SAPI check / display
  • Help & FAQ page – links to BPS Guide and other detailed Help & Info pages
  • Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
  • Backup and Restore existing .htaccess files
  • Backup and Restore customized / modified .htaccess files
  • Add to, Edit, Modify the provided BulletProof Security .htaccess Master files
  • Create your own .htaccess Master files or code and use BulletProof Security as an .htaccess file manager
  • Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
  • Log in / out of your website while in Maintenance Mode
  • Customizable 503 Website Under Maintenance page
  • HUD Success / Error message display
  • i18n Language Translation coding

BulletProof Security Login Security & Monitoring Features

  • Log All User Account Logins or Log Only User Account Lockouts
  • Logged DB Fields: User ID, Username, Display Name, Email, Role, Login Time, Lockout Expires, IP Address, Hostname, Request URI
  • Email Alerting Options: User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in when a User Account is locked out, Do Not Send Email Alerts
  • Login Security Additional Options: Max Login Attempts, Automatic Lockout Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
  • Dynamic DB Form: Lock, Unlock, Delete
  • Enhanced Search: Allows you to search all of the Login Security database rows/Fields
  • Stand-alone Unlock Form bpsunlock.php: Unlock User Accounts without having to be logged into the WP Dashboard
  • Please click the Login Security Blue Read Me help button for full descriptions of all features and options.


Speak Your Mind