Install and manage BulletProof Security on various servers, BulletProof Security Remote management

Home Forums BulletProof Security Free Install and manage BulletProof Security on various servers, BulletProof Security Remote management

Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • June 11, 2013 at 8:29 am #6859
    AITpro Admin
    Keymaster

    Email Question:

    We have hosted hundreds of wordpress sites in various servers. We would like to protect all of them from all kind of hacking and virus threats with your plugin Bulletproof Security. Already we have installed your plugin in few sites and monitoring the performance.

    We need to guidance from you in strengthening the security using .htaccess, login limits, SQL injection and block etc.

    Is there any common settings/solution or API from where we can control all our sites? Or can we manage your plugin using third party tools like ManageWP where we will collectively apply some scripts and settings to all our sites?

    Also, our .htaccess files are already contain security codes like a big list of IPs with deny code. Will these retained and deployed on top of your extra security?

    I hope you got the idea. We need a workable solution to maintain many sites using your plugin.

    Please get back to me with the possibilities and your suggestions.

    Thanks,

    June 11, 2013 at 8:41 am #6861
    AITpro Admin
    Keymaster

    BulletProof Security includes SQL Injection .htaccess security filters as well as RFI, XSS, etc security filters so just activating BulletProof Modes applies SQL Injection protection and all other security protection to your websites.  No additional configuration is required.

    Regarding Login Security settings you can keep the default settings or change them for your personal needs/requirements.  There is no “best” settings recommendations since this is a personal preference thing.  Click on the Login Security & Monitoring blue Read Me help button for extensive help info about Login Security & Monitoring option settings.

    Regarding using ManageWP there is one security rule that needs to be commented out in the root .htaccess file in order to allow ManageWP to do what it does.  See the Forum link below.

    http://forum.ait-pro.com/forums/topic/managewp-and-bps/#post-6626

    Regarding adding your own custom code you would use the BPS Custom Code to permanently save and incorporate your custom code into BPS .htaccess files.  See the blue Read Me help button on the BPS Custom Code page for extensive help info.  Click the Custom Code Video Tutorial link on the Custom Code page to watch a video tutorial on how to add custom code to BPS Custom Code.

    June 14, 2013 at 8:46 am #6899
    AITpro Admin
    Keymaster

    Email Reply:

    Hi,

    Thank you for the information shared about your BPS Pro plugin. I have a question here.

    In one of our websites called [domain named removed for privacy] where we installed you BPS plugin. But we also have php.ini and robots.txt to protect our sites. The php.ini file contains the code which will protect the hackers to access wp-admin. When we need to login from our side for maintenance, we use to rename this file and rename it back once our job got over. However, sometimes we forget to rename it back and it helped the hackers to attack the site.

    In this website [domain named removed for privacy] also we forgot to keep the php.ini active but the BPS plugin is installed and configured with secured .htaccess at all levels as recommended. But the site got hacked 2 days before. When I check the files I came to know php.ini was not active. A week ago, I was the one who installed BPS plugin to this site and disabled the php.ini and forgot to enable it. So, the BPS plugin’s settings are not sufficient or the plugin’s performance is not as expected.

    Before 10 days we did not enter wp-admin of the site so the php.ini was intact. So, despite the site was keep on targeted by the hackers often, it could not be hacked. Firewall and Limit Login Attempts plugins are also protected the site.

    At this stage, our php.ini has got more powerful code than the .htaccess code written by BPS plugin.

    Please let us know how your BPS plugin should get configured and is there anything else needed to power up BPS plugin to protect our sites completely from the hackers.

    Hope you got the point. Please get back to me if you need any further information from me.

    Thanks,

    June 14, 2013 at 8:53 am #6900
    AITpro Admin
    Keymaster

    Most likely your website was hacked and is still hacked using one of the 3 primary hacking targets listed in this WordPress.org Forum post below.  If your website has been hacked at any time it is ALWAYS recommended that you either restore you site from a good backup or back your site or sites up and delete them, reinstall WordPress clean/new and then import ONLY your WordPress content Database tables.

    WordPress forum post regarding the 3 Primary hacking targets

    http://wordpress.org/support/topic/bulletproof-pro

    Website is already hacked – what to do next

    http://forum.ait-pro.com/forums/topic/website-is-already-hacked-will-bps-pro-automatically-fix-or-remove-the-hackers-files-and-code/

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.