BulletProof Security compatibility with other WordPress Security plugins

Home Forums BulletProof Security Pro BulletProof Security compatibility with other WordPress Security plugins

Viewing 15 posts - 1 through 15 (of 25 total)
  • Author
    Posts
  • #126
    AITpro Admin
    Keymaster

    Email Question:
    Hello,
    I’m NOT currently using BPS Free, but I’m interested in BPS Pro. However, it seems to be a pretty serious plugin that could be time-intensive to configure and operate successfully, and could possibly screw up a WP installation or functionality if not set up correctly.
    So far, I have a few questions:
    1. I’m using WP Twin to back up and clone WP blogs to other URLs. Should I (or can I) back up and clone a blog to another URL with BPS installed or uninstalled? Should it be installed clean to a cloned blog?
    2. Is it okay to use BPS with other WP security plugins?
    3. Do you have the Quick Setup Video Tutorial steps in print form for easy reference?
    Thanks,
    Steve

    Answers:
    To ensure that BPS Pro is compatible with your Host/Server/PHP Configuration/Website you should install BPS free first to check compatibility before purchasing BPS Pro.  If BPS free works fine without any problems on your website then BPS Pro will also work fine on your website.

    BPS Pro takes 5 minutes to install and setup.  Everything in BPS Pro is set and forget with the exception of AutoRestore and Quarantine and upgrades automatically update all of your BPS Pro plugin files and .htaccess files, etc.

    The BPS Pro AutoRestore and Quarantine components of BPS Pro are the only features in BPS Pro that will require ongoing actions by you.
    AutoRestore|Quarantine (ARQ IDPS) is a real time file monitor with automatic file restoring and quarantining capabilities.

    When updating plugins, installing new plugins, deleting plugins or updating, installing and deleting Themes or updating/upgrading WordPress itself you need to follow these simple procedural steps for ARQ.

    1. Turn off ARQ.
    2. Install/update plugins or Themes or WordPress.
    3. Click the 4 Backup Files buttons in ARQ.
    4. Turn ARQ back On.

    Explanation of how ARQ works:
    Everything about BPS Pro does its own thing without any additional steps required by you except for ARQ Infinity. ARQ Infinity is a real time file monitor that monitors all of your website files for any changes and will automatically autorestore and quarantine files if any file changes are made so if you are going to install a new plugin or remove a plugin from your website then ARQ needs to be turned off, then before you turn it back on you will need to click the 4 Backup Files buttons on the AutoRestore page. A good analogy is that ARQ is the lock on your car door – when you want to go somewhere you unlock your car door and when you arrive at your destination you are going to lock your car door again. ARQ is basically a lock for your entire website. So just remember to always click the Backup Files buttons before turning ARQ back on and you will not have to restore files that are sent to Quarantine if you accidentally forget to do this. But if you forget then just click the Restore File option in Quarantine to restore files.

    Link to the ARQ IDPS Guide >>> http://www.ait-pro.com/aitpro-blog/4204/bulletproof-security-pro/arq-infinity-guide-full-website-autorestore-and-full-website-quarantine/

    1. When cloning Blogs with WP Twin or any other cloning plugin you should follow these procedural steps below.

    Migrating, Moving or Cloning websites best procedural steps:
    1. Turn off ARQ
    2. Click all 4 Delete Files buttons in AutoRestore.
    3. Use the BPS Backup feature in B-Core and backup your .htaccess files.
    4. Deactivate Root and wp-admin Folder BulletProof Modes.
    5. Unlock all your files in F-Lock.
    6. Perform your Clone, Website Backup or Migration.
    7. On the new Cloned, Migrated or Moved site.
    8. Go to AutoRestore and click the 4 Backup Files buttons and turn ARQ back on.
    9. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button and click the wp-admin BulletProof Mode button.
    10. Go to F-Lock and lock all your files.

    NOTE:  If you have created a custom php.ini file and are migrating, moving or cloning a site to a new Server then you will need to create a new php.ini file on your new Server.

    2.  BPS and BPS Pro are compatible with all other WordPress Security plugins.

    BPS is the dominant WordPress Security plugin when it comes to .htaccess file security so if you are using another WordPress security plugin that creates .htaccess code then you would want to cut that other plugins .htaccess code out of your root .htaccess file and paste it into the BPS Custom Code text boxes.

    3.  BPS Pro Installation & Setup help and Video Tutorials can be found in the link below.

    BPS Pro takes 5 minutes to install and setup.

    http://www.ait-pro.com/aitpro-blog/3139/bulletproof-security-pro/bulletproof-security-pro-zip-installation-zip-backup-and-download/

    #460
    apparence
    Member

    Have you test BPS PRO with Wordfence plugin ? seem to be in conflict with new udpate of BPS PRO, causing many php error logs :

    [21-Nov-2012 17:44:18] PHP Warning:  mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 57
    [21-Nov-2012 17:44:18] PHP Warning:  mysql_ping() expects parameter 1 to be resource, boolean given in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 48
    [21-Nov-2012 17:44:18] PHP Warning:  mysql_ping() expects parameter 1 to be resource, boolean given in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 52
    [21-Nov-2012 17:44:18] PHP Warning:  mysql_connect() [function.mysql-connect]: User XXXXXXXXXX already has more than 'max_user_connections' active connections in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 56
    [21-Nov-2012 17:44:18] PHP Warning:  mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 57
    [21-Nov-2012 17:44:18] PHP Warning:  mysql_ping() expects parameter 1 to be resource, boolean given in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 48
    [21-Nov-2012 17:44:18] PHP Warning:  mysql_ping() expects parameter 1 to be resource, boolean given in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/wordfence/lib/wfDB.php on line 52
    [21-Nov-2012 17:46:18] PHP Fatal error:  Out of memory (allocated 30932992) (tried to allocate 141860368 bytes) in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 340
    after new udpate of BPS PRO 5.3.1.
    [22-Nov-2012 10:52:33] PHP Fatal error:  Out of memory (allocated 30932992) (tried to allocate 141861573 bytes) in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 340
    [22-Nov-2012 10:54:00] PHP Fatal error:  Out of memory (allocated 30932992) (tried to allocate 141861814 bytes) in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 340
    [22-Nov-2012 10:54:03] PHP Fatal error:  Out of memory (allocated 30932992) (tried to allocate 141862055 bytes) in /homepages/35/XXXXXXXXXX/htdocs/cartes-de-voeux/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 340
    #464
    AITpro Admin
    Keymaster

    I have tested previous versions of Wordfence, but have not tested the latest version.  I will test the latest version of Wordfence and post the results of that testing.

    The php errors you are seeing are not caused because of BPS Pro.  These are very common php errors that I see for websites that are running Wordfence with less than a 256M maximum memory limit.

    First off, I think Wordfence is a good scanning plugin, but Wordfence requires a lot of Server memory, Server resources and website resources to run smoothly without causing Out of memory errors, causing website slowness and other website performance issues/problems for your website.  In testing previous versions of Wordfence I found that running Wordfence on memory limit settings below 256M caused website performance problems and I was also seeing Out of memory php errors.  When setting the PHP Configuration maximum memory limit to 256M I was no longer seeing Out of memory errors, but when checking the website performance, resource usage, etc. with the P3 (Plugin Performance Profiler) plugin I was seeing resource usages as high as 48% by Wordfence.  This does not of course mean that the Wordfence plugin is using/requires 48% of your website’s total resources, but it does indicate that Wordfence does require a very significant amount of your website/Server resources.  I ran performance profiling tests without turning anything on like scanning in Wordfence and the range of test results produced 38% – 48% website/Server resource usage.

    P3 (Plugin Performance Profiler) plugin:  http://wordpress.org/extend/plugins/p3-profiler/

    If your Web Host does not allow you to increase your maximum memory limit to at least 256M then you will probably experience intermittent or regular memory and/or website performance problems with Wordfence.  The obvious solution is to increase your maximum memory limit for your website to 256M if your Hosting plan/package allows this or you can upgrade to a Hosting plan/package that does allow you to increase your maximum memory limit to at least 256M.

    #490
    AITpro Admin
    Keymaster

    Ok I just tested the most recent version of Wordfence – 3.4.4 and I am seeing the same memory/resource issues that I have seen in all previous versions of Wordfence.

    I ran a series of 20 P3 plugin scans with Wordfence installed and BPS Pro installed on a website.  With BPS Pro ARQ turned Off and turned On.  With Wordfence not scanning and just installed.

    BPS Pro with AutoRestore/Quarantine turned Off consistently uses between 7% to 8% of your website’s resources/memory.

    BPS Pro with AutoRestore/Quarantine turned On consistently uses between 17% to 18% of your website’s resources/memory.

    Wordfence with no scanning occurring fluctuates drastically in test results and uses between 41% to 62% of your website’s resources/memory.

    In testing I tried several different scenarios to see if BPS Pro AutoRestore/Quarantine was somehow conflicting with Wordfence.  I turned ARQ off and ran P3 scans, I turned ARQ On and ran P3 scans.  What I saw was the BPS Pro resource/memory usage was always consistent between the ranges of 7% to 8% with ARQ Off and always consistently between 17% to 18% with ARQ turned On.  I looked at if turning ARQ On or Off effected the memory/resource usage that Wordfence was displaying in the P3 scans.  BPS Pro with ARQ On or Off has no effect on Wordfence and Wordfence memory/resource usages randomly fluctuates drastically on its own.

    Summary/Conclusion

    I have no idea why Wordfence resource/memory usage fluctuates so drastically and maybe some scanning is actually occurring even though I was not manually running a scan.  BPS Pro in general and the BPS Pro AutoRestore/Quarantine feature specifically do not seem to have any effect or impact on Wordfence in the P3 scan results.  The Wordfence P3 scan results drastically fluctuate on their own.  You can clearly see that BPS Pro does not effect or impact the Wordfence scan results by looking at the two screenshots below.

    Screenshots of P3 Profiler Scan Results

    Wordfence P3 Profiler Scan Results

    Wordfence P3 Profiler Scan Results

    Update:

    I just thought of something in Wordfence that might be causing the high memory/resource usages and could also explain the drastic flucuation in P3 Profiler Scan results.  Wordfence has an “always on” visitor traffic feature that is tracking visitors to a website continuously.  Live visitor tracking can be very expensive/costly to website resources when displaying the results in a way such as Wordfence is doing this.  I personally choose to use text log files because these do not cause any unnecessary resource drain for a website.  Using a text log file is nowhere near as fancy as what Wordfence is doing with logging events, but trading website performance for impressing folks with Bells and Whistles is probably not a good thing in general.  I could of course be completely wrong that the visitor tracking feature is causing this issue, but it seems like the best logical explanation for this issue.

    #500
    AITpro Admin
    Keymaster

    And the specific reason you are getting these particular Out of Memory php errors in your php error log is because your php error log is huge/gigantic due to having excessive php errors being logged in your php error log.  In your other Topic post here – http://forum.ait-pro.com/forums/topic/bps-logs-file-size/ – you state that your php error log file is 141,9M – that is gigantic.  This is of course a symptom of a real problem.  The real problem is what is causing so many php errors to be generated/created in your php error log.

    #522
    AITpro Admin
    Keymaster

    Topic Reply was Split into a separate Topic:  http://forum.ait-pro.com/forums/topic/security-log-and-http-error-log-facebook-403-errors/

    Thanks for this really pro and great support !!!!I’d delete my logs file, and instal new BPS Pro 531… work fine now. Wordfence author don’t give me some news… i’m waiting again….new log file is now light with 541 octet contain just test log  (clicking the Test Error Log button to generate a test php error in the php error log):

    [BPS Pro htaccess Protected Secure PHP Error Log]
    [22-Nov-2012 11:25:24] PHP Warning: copy() [function.copy]: Filename cannot be empty in /homepages/35/XXXXXXXXXX/htdocs/myfolderwebsite/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 2440
    [22-Nov-2012 11:25:53] PHP Warning: copy() [function.copy]: Filename cannot be empty in /homepages/35/XXXXXXXXXX/htdocs/myfolderwebsite/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 2440
    #535
    apparence
    Member

    how to use redirection plugin ?
    i’d download it and active make a 301 redirection but sem to not operate…

    #536
    AITpro Admin
    Keymaster
    #2850
    No Signal
    Member

    I think I have found another incompatibility with WordFence. The error only happened afetr I upgraded to the latest versions of WP, WF and BPS Free. Wordfence has a script on the home page that calls wp-admin/admin-ajax.php which triggers “Authentication Required”. If I disable Wordfence “Enable Live Traffic View”, the problem disappears.

    I tried tips in http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#Full-Screen-Background-Images-Pro
    On /wp-admin/.htaccss:

    # BEGIN CUSTOM CODE WPADMIN PLUGIN FIXES" (but they did nothing):
    # Wordfence has a script on the home page that calls wp-admin/admin-ajax.php which triggers "Authentication Required".
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{QUERY_STRING} action=wordfence_logHuman&hid=(.*) [NC]
    RewriteRule ^(.*)$ - [F,L]

    Should I fix this another way, or wait for a BPS update?

    #2854
    AITpro Admin
    Keymaster

    This was reported in this Forum Topic and answered here:  http://forum.ait-pro.com/forums/topic/wordfence-admin-ajax-php-authentication-required/

     

    #2858
    No Signal
    Member

    Great. Thanks for the link – I couldn’t find it.

    #18667
    Aaron Taylor
    Participant

    [Topic merged into this relevant Topic]
    Just wondering if BPS Pro has any known conflicts with Wordfence?

    #18675
    AITpro Admin
    Keymaster

    Wordfence is compatible with both BPS and BPS Pro.

    #30307
    Mike
    Participant

    [Topic has been merged into this relevant Topic]
    Hi everyone,

    I am new here and I have some questions:

    as .htaccess-stuff is appearing much to complicated for me, I am looking for someone who would be able (for some $) to tell me which offered security fixes I could add to custom code boxes of BPS, which parts of my manual secured .htaccess I could drop then and where I would have to enter the other parts into custom code fields as best.

    Also I have installed “Wordfence Security”-, “Bad Behavior”- and “All in One SEO (BotBlocker AddOn)”-Plugins, which may are not needed any more then?

    Here I need some experienced support who could harden this wordpress just to help to ensure to do the best what´s actual possible…

    Let me know, if someone is intrested in assisting me.

    Thanks,
    Kind regards,
    Mike

    #30309
    AITpro Admin
    Keymaster

    @ Mike – This forum topic is very old, but generally the information in this forum topic is still valid.

    BPS and BPS Pro are compatible with all other WordPress security plugins, but you would not want to use the same or very similar security features in more than 1 plugin that you have installed.  Example:  If you are using BPS Login Security then you would turn off Login Security in any/all other security plugins that you have installed.

    Post your current root htaccess file code so I can tell you where to put your existing htaccess code in BPS Custom Code or whether or not it is redundant htaccess code that BPS already has.

    Bonus Custom Code Recommendations:
    These 3 Bonus Custom Codes are the most beneficial.  Each Bonus Custom Code forum topic has a description/explanation of what the Bonus Custom Code does and where to add it in BPS Custom Code.

    Speed Boost Cache Code
    http://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/

    MIME sniffing|Drive-by Download Attack Bonus Custom Code and the External iFrame|Clickjacking Bonus Custom Code combined
    http://forum.ait-pro.com/forums/topic/mime-sniffing-data-sniffing-content-sniffing-drive-by-download-attack-protection/

    POST Attack Protection
    http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/

Viewing 15 posts - 1 through 15 (of 25 total)
  • You must be logged in to reply to this topic.