10 {{ upvoteCount | shortNum }}
10 {{ upvoteCount | shortNum }}

Need some help with bulletproof security plugin

by BenQ
8 replies
This plugin is well regarded, but has probably the worst instructions I've ever seen.

Can anyone using this at hostgator lend a hand?

1. It says to copy your current root htaccess into the secure.htaccess only after saving your permalink structure. Saving permalink has no effect on the root htaccess that it displays, so not sure about that.
2. Do I then copy my root access into the secure, default, maintenace, wp-admin secure and wp-admin htaccess tabs?
3.Then do a backup.
4. Then activate security modes. Do you activate all 4?

After doing all that, everything is green in the status tab, except "A BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Security for your Root folder yet " ... even though it has been activated.

I am running super cache, and this site is in the public/html folder -- Not an addon domain or a subdomain.

And then what would be different about installing in both addon and subdomains?

Any help is appreciated.
#bulletproof #plugin #security
  • Profile picture of the author fscobie
    You'd probably get better answers on Yahoo answers than here.
    {{ DiscussionBoard.errors[3529474].message }}
  • Profile picture of the author WPpro
    Originally Posted by BenQ View Post

    This plugin is well regarded, but has probably the worst instructions I've ever seen.
    Delete it. Stay away from it. The developer is clueless when it comes to security and WordPress development. Read why here:

    BulletProof Security (WordPress Plugin) – Serious vulnerability / backdoor | Sucuri
    {{ DiscussionBoard.errors[3714550].message }}
  • Profile picture of the author AITpro
    Originally Posted by BenQ View Post

    This plugin is well regarded, but has probably the worst instructions I've ever seen.

    Can anyone using this at hostgator lend a hand?

    1. It says to copy your current root htaccess into the secure.htaccess only after saving your permalink structure. Saving permalink has no effect on the root htaccess that it displays, so not sure about that.
    2. Do I then copy my root access into the secure, default, maintenace, wp-admin secure and wp-admin htaccess tabs?
    3.Then do a backup.
    4. Then activate security modes. Do you activate all 4?

    After doing all that, everything is green in the status tab, except “A BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Security for your Root folder yet " ... even though it has been activated.

    I am running super cache, and this site is in the public/html folder -- Not an addon domain or a subdomain.

    And then what would be different about installing in both addon and subdomains?

    Any help is appreciated.
    @ BenQ yep i have added way to much information in regards to help. This is technically an advanced plugin that I have tried to make simple for regular folks to use. Maybe the Video tutorial i put together will make it easier for you to understand what needs to be done. The plugin itself is very simple, but i have over explained things to death. Any way if you need assistance you can post a comment on the AITpro website and i will answer it there. Thanks.
    PS If you update your permalinks and you are not using a custom structure then of course you will not see any new htaccess rules in the root htaccess file because only a custom structure will write htaccess rules. The default WordPress permalink structure does not use htaccess rewriting.

    @ WPpro No reason to be a foolish jerk here. You should go back and reread that post by Sucuri and also read the thank you post that we created to Sucuri on the AITpro website. Yes we made a temporary mistake by using some code that was not secure, but that mistake was fixed months ago. As far as website security goes BulletProof Security has now surpassed 600,000 unsuccessful hacking attempts to penetrate BPS. So i think we are doing something right. Besides that, several of our clients who bring in $500,000 to $1,000,000 per year in revenue from their websites rely on BPS because it is essential to their businesses. If a couple of folks don't choose to use BPS then they should at least use the tried and true security filters manually in an htaccess file that they should create for themselves. If someone did not choose to use BPS and they lost $1,000's or $10,000's in business revenue because their websites got hacked i bet you would feel pretty bad about that... or maybe not. Thanks.
    Ed
    {{ DiscussionBoard.errors[3742417].message }}
    • Profile picture of the author WPpro
      Originally Posted by AITpro View Post

      @ WPpro No reason to be a foolish jerk here.
      Ed
      Ed, I've been writing code since the Apple II was released. I've been writing code for WordPress for about 8 years. In that time I've seen the same mistake over and over: the programmer isn't aware of how to write a secure plugin for WordPress and thus doesn't write a secure plugin.

      No offense intended here - just saying right now that if you know how to do it then do it and if you don't then don't mess around in that arena, because people are relying on you. You can't blame other coders either, if you're gonna integrate their code then it's your responsibility to review every line of it first.

      The best advice I have to offer is this: Think like an intruder, otherwise you wind up helping them, as was shown to the be case.
      {{ DiscussionBoard.errors[3742753].message }}
      • Profile picture of the author AITpro
        Ok now that is a much more civilized response. Well what happened was the classic mistake - i took my eye off the ball for a minute because i was spread too thin and yes something did get by me so it is 100% my fault for not catching a mistake that i was ultimately responsible for. The comments i have made publicly about the mistake were meant to throw any hackers off the scent. At this point i still do not want to disclose exactly the nature of the mistake, even though it was resolved almost 2 months ago. it is never a good idea to give ammunition to hackers. Any way the version of BPS that included the security vulnerability was many generations into BPS and like i said i took my eye off the ball for a minute and that's all it takes.

        One thing i want to point out is a year ago i was in a losing battle against hackers and lost several clients. I tried every single WordPress security plugin that there was and still the hackers went through every one of those plugins like they didn't even exist. BulletProof Security came out of my desperation to stop these hackers at any cost so i was forced to create BPS. When the hacks stopped penetrating the clients websites that was the moment i said to myself i must share this with the community - any community. yes it has been a bit of a learning curve with understanding WP completely, but thanks to assistance from Jon Cave the Core WordPress Developer that just released the security patches for WordPress 3.1.1 i can now confidently say that i know the security end of WordPress 100%. Thanks.
        PS do you have any WP plugins out there?
        {{ DiscussionBoard.errors[3743997].message }}
        • Profile picture of the author AITpro
          And now I see your motive and angle from your recent ads that you have posted on the Warrior Forum. Too funny. LOL
          {{ DiscussionBoard.errors[3847701].message }}
          • Profile picture of the author celente
            Originally Posted by AITpro View Post

            And now I see your motive and angle from your recent ads that you have posted on the Warrior Forum. Too funny. LOL
            ha ha i thought I was the only one. LOL.
            Signature
            Create a $5000 USD a month Business. 1-on-1 Coaching. By 6 figure marketer! - CLICK HERE
            {{ DiscussionBoard.errors[3848178].message }}
          • Profile picture of the author Teez
            Originally Posted by AITpro View Post

            And now I see your motive and angle from your recent ads that you have posted on the Warrior Forum. Too funny. LOL
            AIT oh wow you created BPS ok I have some questions or more like requests

            where can I find a guide or walkthrough to use the plug in

            Cos its kinda like this analogy

            I want to get to the mall and I've been given a fighter jet to get there but I dont know how to fly it
            Signature

            My first stab at success is the Nike Air Yeezys this is what made me believe.

            You can't be scared of rejection on the quest to perfection.

            {{ DiscussionBoard.errors[5944930].message }}

Trending Topics