WordPress.org

Secure WordPress Website Security Protection: Firewall Security, Login Security, Database Security & Backup... View Security feature highlights below. View BulletProof Security feature details for specific details about security features. Secure your WordPress website even further by adding additional BulletProof Security Bonus Custom Code (See the BulletProof Security Bonus Custom Code help section). Effective, Reliable & Easy to use WordPress Security Plugin.

BulletProof Security Feature Highlights

• One-Click Setup Wizard
• .htaccess Website Security Protection (Firewalls)
• Hidden Plugin Folders|Files Cron (HPF)
• Login Security & Monitoring
• Idle Session Logout (ISL)
• Auth Cookie Expiration (ACE)
• DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups
• DB Backup Logging
• DB Table Prefix Changer
• Security Logging
• HTTP Error Logging
• FrontEnd|BackEnd Maintenance Mode
• UI Theme Skin Changer (3 Theme Skins)
• Extensive System Info

BulletProof Security Pro Feature Highlights

• One-Click Setup Wizard
• AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)
• Quarantine Intrusion Detection & Prevention System (ARQ IDPS)
• Real-time File Monitor (IDPS)
• DB Monitor Intrusion Detection System (IDS)
• DB Diff Tool: data comparison tool
• DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups
• DB Status & Info: extensive database status & info
• Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updating in Real Time
• JTC Anti-Spam|Anti-Hacker
• Uploads Folder Anti-Exploit Guard (UAEG)
• .htaccess Website Security Protection (Firewalls)
• Hidden Plugin Folders|Files Cron (HPF)
• Custom php.ini Website Security
• Login Security & Monitoring w/Dashboard Alerting|Status Display & additional options/features
• Idle Session Logout (ISL)
• Auth Cookie Expiration (ACE)
• F-Lock: Read Only File Locking
• FrontEnd|BackEnd Maintenance Mode
• Security Logging
• HTTP Error Logging
• PHP Error Logging
• DB Monitor Logging
• DB Backup Logging
• DB Table Prefix Changer
• AutoRestore|Quarantine Logging
• S-Monitor: Monitoring & Alerting Core
• Pro Tools: 16 mini-plugins
• Heads Up Dashboard Status Display
• UI Theme Skin Changer (3 Theme Skins)
• Extensive System Info
• View All BulletProof Security Pro Feature Details

BulletProof Security Installation and Setup Video Tutorial

BulletProof Security Recommended Video Tutorials

• BulletProof Security Custom Code Video Tutorial
• BulletProof Security Security Log Video Tutorial

Why .htaccess Website Security So Much Better Than Other Types of Website Security

The answer is very simple - .htaccess files (distributed Server configuration files) are processed by your server first before any other code on your website. In other words, hackers malicious scripts are stopped by BulletProof Security .htaccess files/Firewalls before those scripts even have a chance to reach the php code in WordPress.

BulletProof Security Additional Website Security Protection

WordPress is already very secure, but every website, no matter what type of platform it is built on should have additional website security measures in place as a standard.

BulletProof Security is Website Performance Optimized (Performance|Optimization)

Website performance is just as important as website security. BulletProof Security is website performance optimized with website owners best interests at heart. BulletProof Security does NOT abuse the WordPress Database by making excessive MySQL Queries. BulletProof Security does NOT store excessive & non-essential data in your WordPress Database. BulletProof Security does NOT use excessive Server Memory & Resources. BulletProof Security does NOT use any gimmicks or bells & whistles that will cost website owners their website performance. The benefits of having website security protection are negated if your website is performing poorly/slowly, continually experiencing out of memory errors/running out of memory, database size growing exponentially with non-essential stored data, etc. BulletProof Security can actually speed up & improve your website performance by using the Speed Boost Cache Bonus Code. See the BulletProof Security Bonus Custom Code help section below.

htaccess Core Website Security (Security|Firewalls)

View BulletProof Security Feature Details

WordPress Website Security Protection: BulletProof Security protects your website against 100,000's of different hacking attempts/attacks. The .htaccess security filters in BulletProof Security are designed to match malicious and nuisance attack patterns. The most important benefits of using a finite pattern matching method vs infinite banning/blocking individual IP's, Host's, Referer's, etc. is that your website performance and Server resources are not negatively impacted. In general, BulletProof Security takes an "Action Approach" to website security. Hacker X, Spammer X, Bad Bot X does bad Action Y = Forbidden/Blocked. An "Action Approach" is a much more effective and performance optimized approach to website security since the bad action itself is being blocked/forbidden instead of attempting to block an individual hacker/spammer that performed a bad action. Example: BulletProof Security blocks all SQL Injection hacking attempts/attacks no matter who (IP Address, hostname, Bot name, etc.) performed the SQL Injection hacking attempt/attack. See the BulletProof Security Login Security & Monitoring Features section for additional features and options. See the BulletProof Security htaccess Core (Firewalls, etc.) Features section for additional features and options.

Hidden Plugin Folders|Files Cron (HPF) (Security|Monitoring)

View BulletProof Security Feature Details

The HPF Cron checks the WordPress /plugins/ folder for hidden or empty plugin folders and any non-standard WP files or altered files in the /plugins/ folder. If a hidden or empty plugin folder or non-standard WP file is found in the WordPress /plugins/ folder, BPS displays a Dashboard Alert and sends an Email Alert. A hidden or empty plugin folder is a plugin the exists in your /plugins/ folder, but is not displayed on the WordPress Plugins page. A hidden plugin can be used as a hacker backdoor to gain access to your WP Dashboard, hosting account, create user accounts, completely control your website and hosting account, etc. A non-standard WP file or modified/altered file in your /plugins/ folder can also do all of the things a hidden plugin can do.

Login Security & Monitoring Website Security (Security|Monitoring)

View BulletProof Security Feature Details

Login Security & Login Monitoring: Log All User Account Logins or Log Only User Account Lockouts (see Screenshot). Brute Force Login Security Protection. Email alerting options allow you to choose 5 different email alerting options: Choose to have email alerts sent when a User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out or Do Not Send Email Alerts. Choose Standard WP Error Messages or Generic Error Messages for Login Security Stealth Mode. Choose to Enable or Disable Login Password Reset capability for Login Security Stealth Mode. See the BulletProof Security Login Security & Monitoring Features section for additional features and options.

Idle Session Logout (ISL) (Security|Performance|Optimization)

View BulletProof Security Feature Details

Automatically logout idle/inactive Users. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. Option Settings: Turn On|Off, Idle Session Logout Time in Minutes, Idle Session Logout Page URL, Idle Session Logout Page Login URL, Idle Session Logout Page Custom Message, Idle Session Logout Page Custom CSS Style, User Account Exceptions, Enable|Disable Idle Session Logouts For These User Roles: Administrator, Editor, Author, Contributor, Subscriber & Custom User Roles, Enable|Disable Idle Session Logouts For TinyMCE Editors. See the BulletProof Security Idle Session Logout (ISL) Features section for additional features and options info.

Auth Cookie Expiration (ACE) (Security|Performance|Optimization)

View BulletProof Security Feature Details

Change the WordPress Authentication Cookie Expiration time. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. You can change the WordPress Authentication Cookie Expiration time to whatever expiration time setting that you choose. Option Settings: Turn On|Off, Auth Cookie Expiration Time in Minutes, Remember Me Auth Cookie Expiration Time in Minutes, User Account Exceptions, Enable|Disable Auth Cookie Expiration Time For These User Roles: Administrator, Editor, Author, Contributor, Subscriber & Custom User Roles. See the BulletProof Security Auth Cookie Expiration (ACE) Features section for additional features and options info.

DB Backup: Database Backup Website Security (Security|Backup)

View BulletProof Security Feature Details

DB Backup: Create manual and scheduled Backup Jobs. Selective database table backup and full database backup. Scheduled backup job options: Hourly, Daily, Weekly and Monthly. Send scheduled backup zip file via email or just send email only, automatically delete old backup files after a certain period of time, etc., etc., etc. All DB Backup options/settings and default setup is done automatically during upgrades and new installations. See the BulletProof Security DB Backup|Database Backup Features section for additional features and options.

FrontEnd|BackEnd Maintenance Mode (Security|Development)

View BulletProof Security Feature Details

Display a website under maintenance page with Countdown Timer to website visitors while the website displays and functions normally for you. When the Countdown Timer has completed (reached 0) an email reminder is sent to you to remind you that the Countdown Timer has completed. The new BPS Maintenance Mode design includes 20 background images, 15 center images (text box image), allows you to embed image files and YouTube videos, FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes and most importantly is fast and simple to use so that you can switch in and out of Maintenance mode quickly and easily. FrontEnd Maintenance mode is primarily designed for development/maintenance purposes and BackEnd Maintenance Mode is technically a security feature since enabling BackEnd Maintenance Mode allows you to deny access to the /wp-admin folder/WP Dashboard by IP address. See the BulletProof Security FrontEnd|BackEnd Maintenance Mode Features section for additional features and options.

Translations

• Language Packs: Translate BulletProof Security
• Bonus Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to... To translate plugin text into your Language.

BulletProof Security Bonus Custom Code

• Brute Force Login Protection .htaccess Code
• Speed Boost Cache .htaccess Code
• HotLink Protection .htaccess Code - Google, Yahoo, Bing safe
• Author ID|Username Bot Probe Protection .htaccess Code
• XML-RPC DDoS Protection .htaccess Code (Double Bonus: Trackback|Pingback Protection)
• Referer Spammers|Phishing Protection .htaccess Code
• Mime Sniffing|Drive-by Download Attack Protection .htaccess Code
• External iFrame and Clickjacking Protection .htaccess Code
• POST Request Attack Protection .htaccess Code