What could be added to BPS to complete wordpress security?

[Chris]

Hello !

I maintain several wordpress websites and some have been hacked, mabe due to my lack of awareness or because the other administrator has not much clue about security including on hie own computer.

Well.

What I’ve already done to my websites:

Changing the database prefixes
Using strong passwords
Restraining database rights to wordpress user
deleting readme file on root directory
Giving ‘admin’ user a strong password and the lowest rights
Changing the salt keys on wp-config (if this could be done in one click through BPS, that would be nice 🙂 )
Suppressing the possibility to edit PHP files directly from back-office
Setting up a database and file regular backup
Basic monitoring using jetpack
Setting up Akismet and not automatically allowed comments without registration and validation of at least 3 comments
And of curse starting to tweak BPS numerous features
…

What I plan to do:

Upgrading to BPS PRO! (yes I will)
informing the other administrator of his security duties
changing files/directories permissions. But I find that difficult and would love to be able to do it on one click whenever  Iwant to update themes, plugins or wordpress on ALL my websites. Maybe I will suggest that to InfiniteWP or MainWP. If you don’t d it !

Now what should I do?

My question is very open : if you know of any plugin, feature, good practice, option I should address, please let me know!

Another question is : OK let’s say I have a brand new website, with BPS PRO freshly installed, now what should I do to complete BPS setup?

Thanks for your answer and have a great end of year time !

[AITpro Admin]

The first thing you need to do is to make 100% sure that the hosting account is 100% clean of all hacker files and code.  I created a website/hosting account hack clean up help forum topic here > https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/.

Websites/hosting accounts are typically hacked for months or years before the website owner becomes aware that the websites/hosting account is hacked.

Changing file/folder permissions to more restrictive permissions is not necessary. As long as you are using the default standard file/folder permissions then you can consider the files/folders secure: 644/755. Hackers do not gain access to a hosting account via files or folders unless the file or folder accidently had 666/777 permissions. All FTP applications allow you to change file/folder permissions recursively with 1 click. I believe most web hosts also allow that these days using the web host control panel file manager tool.

BPS Pro setup only requires running the Setup Wizards to completely setup BPS Pro. All BPS Pro security options/features are setup automatically with default optimum settings when you run the Setup Wizards.

BPS Pro has a very impressive track record – BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 9+ years and is installed on over 50,000 websites worldwide. Not a single one of those 50,000+ websites in 9+ years has been hacked (This track record does not include: control panel, FTP or server cracks/hacks or installing Nulled plugins or themes that contain hacker code). Sound too good to be true? Click to see what people are saying in WordPress.org Reviews.

So to answer your question about what else could be added to the BPS Pro plugin to add more security there are lots of additional things that could be added. Is that necessary? Going by the BPS Pro 9+ year track record I would have to say BPS Pro is complete already and no additional new features are needed. 😉

[Author]

Posts