Testimonials, Feedback & Ideas

Home Forums BulletProof Security Pro Testimonials, Feedback & Ideas

This topic contains 58 replies, has 14 voices, and was last updated by  AITpro Admin 1 year, 4 months ago.

Viewing 15 posts - 16 through 30 (of 59 total)
  • Author
    Posts
  • #22136

    AITpro Admin
    Keymaster

    This is a good feature idea and will be added to BPS.  Thanks.

    #22146

    Krzysztof
    Participant

    Maybe those two would also be good:
    – Rename WordPress login page URL
    – verify checksum like here: https://wordpress.org/plugins/checksum-verifier/

    #22147

    AITpro Admin
    Keymaster

    “Rename WordPress login page URL” would be a novelty|gimmick feature if we added it to BPS Pro.  BPS Pro uses a Login Security approach like Google or PayPal uses – we do not “hide” the Login page and instead secure it.  The Login is secured using BPS Pro Login Security & Monitoring and JTC Anti-Spam|Anti-Hacker so there really isn’t any reason to also “hide” the Login page since it is already secured.  If we do add this feature it would only be a novelty|gimmick feature.  A lot of folks want this so we may just add it for that reason alone and not because it would add anymore security to the Login page.

    “verify checksum” is a weak and very limited method of checking files compared to BPS Pro AutoRestore|Quarantine.  BPS Pro AutoRestore|Quarantine is a File Monitor that is not limited to what files it can check and has the capability to automatically Quarantine and AutoRestore files.  😉

    #22153

    Krzysztof
    Participant

    Ahhh OK – the bottom line is – 1 good and 2 bad ideas 😉 I will dig the web further and maybe will come up with an other good one!

    #22154

    AITpro Admin
    Keymaster

    Yep keep the ideas coming!  Hopefully my explanation was not taken personally, like I was negating your ideas.  I like to fully explain things factually to avoid any confusion and to point out the important stuff.  😉

    #22164

    Chris Moon
    Participant

    Hi,

    I’ve been cleaning up my site and discovered 8 deleted plugins saved in bps-backup/autorestore/wp-content/plugins plus there were deleted themes saved in the themes folder and deleted copies of backups still saved.

    It looks like BPS’s autorestore backup is accumulative. Is it possible that could be changed and the autorestore backup folders were automatically first cleared/deleted and then backed up, so when we make a backup, folders and files are up to date and we can cut back on site bloat.

    regards,

    Chris

    #22169

    AITpro Admin
    Keymaster

    To remove old ARQ backup files:

    1. Go to AutoRestore and turn AutoRestore Off.
    2. Click the 4 Delete Backup Files buttons for: Root Files, wp-admin Files, wp-includes Files and wp-content Files.
    3. Either run the Wizards again or click the 4 Backup Files buttons for: Root Files, wp-admin Files, wp-includes Files and wp-content Files.
    4. Turn AutoRestore back On.

    We have tested automating old backup file deletion prior to file backups at the same time and the results are not desirable and cause excessive processing time. What we are going to do instead is add a check to alert folks that old files exist in ARQ backup. This is very generalized information at this point and will be refined once we have looked at the most efficient and automated way to do this. For example: ARQ Automation does new file backups with only 1 click of a link for new Theme installs or upgrades so using that same concept we can display a message with a link that will perform that old backup file deletion and new file backups with only 1 click. This is being worked on for inclusion in BPS Pro 10.3.

    #22205

    Chris Moon
    Participant

    For those of us who like to add the bonus scripts to our sites I’d like to see an option for adding them automatically.

    regards,
    Chris

    #22212

    AITpro Admin
    Keymaster

    @ Chris Moon – then the Bonus Custom Code would no longer be Bonus Custom Code and it would instead be Standard included code.  The reason all Bonus Custom Code is optional and not Standard is because it may or may not work on all websites.  In order for us to make code standard it MUST work on 100% of all websites.  99% is not good enough to make that code Standard code.  There are other reasons as well for creating Forum Topics for all Bonus Custom Code instead of creating options within BPS Pro that I will not go into.  If you want to speed up the process of adding Bonus Custom Code to multiple different websites then what I recommend is that you copy all of the Bonus Custom Code that you added to one of your sites and paste it into a text file on your computer so that it can used as a “master” file that you can copy and paste from to your other websites.

    #22222

    Chris Moon
    Participant

    I see your point, thanks.

    #23553

    AITpro Admin
    Keymaster

    @ Krzysztof – As it turned out after looking at every plugin that is doing some form of “Idle Session Logout”, (I use that phrase very loosely considering what I found in other plugins and most of them are really stretching the usage of that phrase) none of them were doing this very well or at all and none of them have all of the options that we added in BPS Idle Session Logout (ISL).  If someone is looking for the real deal then BPS ISL will be a nice surprise compared to any other plugins claiming to do this:  http://forum.ait-pro.com/forums/topic/idle-session-logout-isl-and-authentication-cookie-expiration-ace/ So thanks for the great idea since it is something that either did not exist before or was not being done well at all.

    @ Chris Moon – BPS Pro 10.4/10.5 includes:  ARQ Old Backup File Automatic Deletion: Automated Daily Cron Job that checks for and deletes old ARQ Backup Files in the /bps-backup/autorestore/ folder based on WordPress version currently installed. This is a seamless automated Cron Job and function that runs in the background once per day.  BPS Pro 10.6 will have Import/Export features for Custom Code, Login Security and maybe some other areas in BPS Pro.

    #24323

    Krzysztof
    Participant

    If we asume that old, not update plugins are a threat than maybe some sort a notification system that a plugin needs an update could boost the security of the site?

    #24333

    AITpro Admin
    Keymaster

    Just because a plugin has not been updated in the WordPress Plugin Repository for a long time does not necessarily mean that the plugin is a security threat/has security vulnerabilities/exploits/bugs.  What is more likely is that a plugin that has not been updated for a long time may not be compatible with the most current version of WordPress.  ie old WordPress Core functions have been deprecated or actually completely phased out or new WordPress Core functions functionality has changed significantly.

    There are 2 main general categories for Security Threats:  Known and Unknown
    Known Security Threats are of course security vulnerabilities/exploits/bugs that have been discovered and are publicly known.
    Unknown Security Threats are of course security vulnerabilities/exploits/bugs that have not been discovered yet.

    What would be extremely valuable and useful would be to create a Vulnerability Scanner that would scan plugin and theme code and search for exploit patterns to identify a possible vulnerability/exploit/bug.  ie:  https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools. This is something that we have been looking at for some time. Currently BPS Pro protects a website against vulnerabilities/exploits/bugs in other plugins and themes, but there are some cases/scenarios where BPS Pro would not be able to protect a website. ie an upload form in another plugin or theme that is not protected sufficiently or has bugs/vulnerabilities that can be exploited by a hacker. The tricky part of course is figuring out the parameters to scan for without creating a huge headache for the website owner with false alarms. ie a pattern match is made, but a vulnerability/exploit/bug does not actually really exist. Creating a Vulnerability Scanner is a huge task that could take a long time to develop and perfect, but it is definitely something that we are looking at creating in the future.

    #28028

    Andrew
    Participant

    [Topic has been merged into this relevant Topic]
    Hello, sorry for what I think may be a simple question but I cannot seem to find the answer – Can you tell me how to customize the message that appears when users reach the the 403 – Error page?  Thank you.

    #28031

    AITpro Admin
    Keymaster

    @ Andrew – this is actually something that has been planned for quite a while, but keeps getting pushed back due to higher priority tasks taking priority. At some point the 403 and other templates will be customizable from within BPS and we’ll probably do some badge stuff too at the same time.  For now unfortunately, you would need to manually download the /bulletproorf-security/403.php temlplate file and manually customize it.

     

Viewing 15 posts - 16 through 30 (of 59 total)

You must be logged in to reply to this topic.