BPS Pro and Sucuri

[Krzysztof]

As I hear often that Wordfence is resource hungry I started to search for a replacement and found this:
http://sucuri.net/wordpress-security-monitoring

Now the question is if anyone has tested it and considers it a valuable addition to BPS PRO? 89$ per year is not a small ammount of money for me so I’m looking for someone who as tested this plugin and security system. There is also 6scan but their prices are way to big for me.

[AITpro Admin]

Are you asking if BPS Pro already does all these things, if purchasing an additional security plugin is necessary or are you asking about a feature you found in the Sucuri plugin that is not already in the BPS Pro plugin that you would like to recommend be added?

Note:  I see similarities and I see differences in security methods/security approaches, but the end result is the same in the different approaches between these 2 plugins.

[Krzysztof]

Well as I’m not a techie you can consider that I’m asking all the questions mentioned 😉 The thing is that I do not like plugins and like to keep them as low as possible so adding more stem into BPS PRO would be good. But hey – maybe it has all the bells and whistles like Sucur or Wordfence and I do not even know about them. As I see it 6scan, Wordfence, Sucuri have something like an firewall which thing I know from PC, there is also a plugin in wordpress repository named firewall 2 so I was thinking that maybe here and there those 3 are a bit better.

[AITpro Admin]

BPS Pro has the Plugin Firewall, which is a true IP based Firewall by the definition of a Firewall with a ruleset of only allowing your IP, hostname, Server and domain access to the plugins folder.  The plugins folder is the most targeted folder on a WordPress site to exploit vulnerabilities in plugins.

Without saying anything negative about any other plugins, the term/word “Firewall” is used very loosely in a lot of plugins to describe “firewall-like” characteristics.

BPS Pro .htaccess files can be considered “firewall-like” because they perform the same task of blocking/filtering bad traffic/malicious code patterns that a WAF does.

One of the major differences between computer/Network Firewalls and website Firewalls is this.  Computer/Network Firewalls are IP based and are designed to look at incoming and outgoing network traffic by analyzing data packets.  WAF website application Firewalls are designed to scan website traffic for malicious code patterns.

The BPS Pro Plugin Firewall is 100% effective and is not beatable because it only allows you/your website access to the plugins folder and does not need to do any scanning because there is no incoming external website traffic allowed into the plugins folder period.  Don’t get me wrong here, I think that WAF’s have value, but they are beatable by a determined hacker.  😉

Interesting doc about how to beat WAF’s

http://www.nethemba.com/bypassing-waf.pdf

We decided to take another different website security approach with AutoRestore/Quarantine, which is countermeasure website security that better suits a website environment vs a computer/Network environment for the many technical environmental differences between the different environments.   Since website scanners can be beaten fairly easily by determined hackers, we decided to focus on what could not be beaten – comparing actual website files with backups of those actual website files.  This removes the need for scanning, reduces the load on website performance, cannot be “tricked/fooled/etc.” and is 100% accurate and effective in detecting a malicious file being added to a website or malicious code being added to an existing website file.

AutoRestore/Quarantine is similar to computer virus scanners in that if a hackers malicious file or code gets past all the other BPS Pro security measures then it will be automatically autorestored and/or quarantined (similar to virus chests that some computer security applications/software uses/has) and the website hack is successfully stopped/prevented.

Another nice bonus of AutoRestore/Quarantine it is also an Intrusion Detection & Prevention System (IDPS).  If the scenario ever arises where a hacker has been able to upload a malicious hacker file to your website then the malicious file is quarantined (or autorestored if malicious code is injected/added to a website file) and you are alerted immediately that the hack has been successfully stopped/prevented so that you can then take further action.

Example:  Your FTP password was cracked and a hacker uploads a malicious file to your website.  ARQ Infinity Quarantines the hackers malicious file and immediately sends you an email that a file has been Quarantined.  You would then take the action of changing your FTP password as soon as possible.  During the time it takes you to change your FTP password, your website is still 100% protected by ARQ IDPS until your FTP password has been changed.

“…an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system….”

ARQ IDPS is actually an Intrusion Detection & Prevention System (IDPS) since it takes action to prevent an attack from being successful.

“…In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and/or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IPS auto-responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. The term IDPS is commonly used where this can happen automatically or at the command of an operator; systems that both “detect (alert)” and “prevent”….”

Source:  http://en.wikipedia.org/wiki/Intrusion_detection_system

UPDATE: BPS Pro 13.3+ and BPS free 2.4+ versions have a malware scanner > BPS MScan Malware Scanner
You can use the BPS MScan Malware Scanner to detect hacker files or code anywhere under your Hosting Account or database.

[Krzysztof]

If  I undesrstand you corectly I should be removing: http://wordpress.org/extend/plugins/websitedefender-wordpress-security/ and http://wordpress.org/extend/plugins/wordfence/ as they are useless compared to BPS PRO and don’t have features that could be a nice addition to wha BPS PRO already gives me out of the box?

[AITpro Admin]

That decision is entirely up to you.  We only use BPS Pro on all our websites.  😉

[Krzysztof]

Now this is a hard one to decide 😉

[Krzysztof]

And just one testimonial to you and other users about ARQ – I had some problems with expire headers and settings of those in htaccess (eventually the thing was with file permisions which i have discovered myself) and asked my admins for assistance and they got cought by ARQ. I have forgoten to turn it off and havn’t told them about such thing as BPS PRO and ARQ and they only could quarantine a ton of htaccess edits 😉 I have removed both plugins and left BPS PRO only. 20 mysql queries less 😉

[Author]

Posts