BulletProof Security – WordPress Web Security Protection
WordPress is an open source CMS and its code is maintained by a vast community. Bug fixes and security loopholes are continuously fixed by developers to protect users from possible hacker attacks. Nevertheless, this does not mean that WordPress users can take web security for granted. Hackers will always find a way to crack open websites and take advantage of other peoples online properties. Luckily, there are plugins to help you strengthen your security, aside from the default security measures implemented by WordPress.
One of the best ways to implement website security for WordPress website is to make use of the .htaccess file. .htaccess files are important for securing PHP websites because they are executed before PHP and therefore able to prevent malicious code fire up and do damage. BulletProof Security Plugin works with .htaccess master files that contain code to prevent well-known security attacks. The plugin provides a simple one-click solution that set up the provided BulletProof Security .htaccess master files for you.
The plugin protects both your root website folder and wp-admin folder. The plugin can prevent a long list of known attacks such as XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
In addition, BulletProof Security offers login and website monitoring security. You can set an email alert option for the following actions: user account lock out, administrator log in, administrator login + user lockout and any user login when an account is locked out. You can also turn off the email alerts if you wish.
The free version of the plugin is available at the WordPress Codex. Just download and upload the .zip file into your wp-content/plugins folder an activate inside the WordPress dashboard. Here is how the plugin Admin looks like:
BulletProof Security Plugin allows you to instantly create and activate .htaccess website security with just a few clicks without having to know anything about .htaccess files. The Master .htaccess files are pre-made and BPS writes .htaccess code that is customized for your website. Click the AutoMagic buttons (creates customized Master .htaccess files) and Activate BulletProof Modes (copies the customized Master .htaccess files to your root and wp-admin folders). The plugin has built-in Backup and Restore and an .htaccess File Editor for full manual editing control as well.
You can activate security modes in the root folder and wp-admin folder. Clicking the AutoMagic buttons would automatically create separate .htaccess files for the root and wp-admin folder.
The Deny All htaccess BulletProof Modes/files are activated/created automatically. If your Server does not allow, you can deny all access .htaccess in the configuration.
BulletProof Security Login Security & Monitoring allows you to choose whether you want to Log All User Account Logins or Log Only User Account Lockouts.
Advanced users can implement their own custom code to control .htaccess. file. There’s an available video tutorial to guide you in the process.
One good feature of BulletProof Security is to put the website in maintenance mode and still protect the .htaccess file at the same time. It also allows you to create a custom Maintenance page.
WordPress is a very secure and well maintained open source platform. However, it is still worth considering added protection as new exploits are being released from time to time that could compromise all the hard work you have invested. You can see the full features of this awesome plugin here.