AutoRestore Quarantine Exclude Plugins Folder and Themes Folder

Home Forums BulletProof Security Pro AutoRestore Quarantine Exclude Plugins Folder and Themes Folder

This topic contains 2 replies, has 2 voices, and was last updated by  AITpro Admin 5 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #576

    AITpro Admin
    Keymaster

    Email Question:

    How do I tell Autorestore not to check Plugins folder files and also Themes folder files?  I want Autorestore and Quarantine to only check WordPress Core files and not the Plugins folder or the Themes folder so that I do not have to turn Off Autorestore and do the Autorestore Backup Files step when installing or updating plugins or themes.

    Answer:

    UPDATE:  As of BulletProof Security Pro 5.4 the new Plugin Firewall completely protects the plugins folder so there is no need to have ARQ monitor the plugins folder anymore.

    Some folks choose not to have the plugins and themes folders monitored by AutoRestore / Quarantine to avoid having to do the standard ARQ Procedural steps when installing, upgrading, updating plugins or themes.  The simplest and quickest method to exclude plugins and themes folders and files from being checked by AutoRestore / Quarantine is to use the Exclude Dynamic Folders – Temp/Cache tool.  You can exclude individual plugins folders and themes folders or you can exclude the entire plugins and/or themes folder from being checked by AutoRestore / Quarantine.

    To exclude a specific plugin folder or theme folder from being checked by ARQ you would do these steps:

    For this example I will exclude a plugin named “foo” and a theme named “foo” from being checked by ARQ.  Screenshots are also provided below.

    1.  Go to the AutoRestore page and click on the Exclude Dynamic Folders – Temp/Cache tab page.
    2.  Enter the folder path that you want to exclude in one of the Excluded Temp/Cache Folder Path empty text boxes.  For this example that plugin folder path is plugins/foo.  For this example that theme folder path is themes/foo.  Do Not add any slashes ( / ) before or after the folder paths exactly as shown in the screenshot below.
    3.  Enter a personal Label or Description.
    4.  Scroll down using the scroll bar and click the 1. Save To DB button.
    5.  Click the 2. Create Filter button.
    6.  Click the 3. Exclude Folders Now button.

    Excluding Specific Plugins or Themes Folder Screenshot
    Exclude a specific Plugin or Theme from being checked by AutoRestore

    To exclude the entire Plugins folder or Themes folder from being checked by ARQ you would do these steps:

    1.  Go to the AutoRestore page and click on the Exclude Dynamic Folders – Temp/Cache tab page.
    2.  Enter ONLY the “plugins” and “themes” folder names.  Do Not add any slashes ( / ) before or after the folder paths exactly as shown in the screenshot below.
    3.  Enter a personal Label or Description.
    4.  Scroll down using the scroll bar and click the 1. Save To DB button.
    5.  Click the 2. Create Filter button.
    6.  Click the 3. Exclude Folders Now button.

    NOTE:  To remove wp-content backup files (plugin files or theme files) that are no longer being checked by ARQ:  Turn Off ARQ, click the wp-content Files Delete Backup Files button, click the Backup Files button to create new backup files and then turn ARQ back On.

    Excluding The Entire Plugins or Themes Folder Screenshot
    Exclude the entire Plugins or Themes folders from being checked by AutoRestore

    Clicking The 3 Buttons To Save and Create Your New Exclude Filters (The buttons MUST be clicked in order:  1, 2 and 3).
    AutoRestore - Exclude Dynamic Folders Form buttons

    #4418

    Deb
    Participant

    Is it really a smart idea to Exclude either or both the Plugins and Themes (or specific subfolders) from being checked by ARQ?

    It seems that either of these active areas would be good points to execute takeover / infection attacks if they could be gotten into by, say,  upload.

    I am not a php programmer or wordpress expert – my first install was done in late 2004.

    #4419

    AITpro Admin
    Keymaster

    The Plugin Firewall completely protects the plugins folder.  No one is getting into the plugins folder except for you.  The themes folder is another case, but it is protected by several htaccess security rules already and then there is the Uploads Anti-Exploit Guard which protects the uploads folder if the theme is using the uploads folder.  If the theme is using its own image upload folder then that is another case entirely.

    I recommend excluding the plugins folder.  I do not recommend excluding the themes folder – I leave that choice up to each person to decide for themselves on that.  Some folks want more convenience and other folks want maximum security over convenience.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.