BulletProof Security and Better WP Security both wordpress plugins are used for wordpress security purpose. Both have some nice and unique features. There are wordpress hackers and they are looking to hack your wordpress sites. You should protect your wordpress sites.
Better WP Security features:
Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.
As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.
- Remove the meta “Generator” tag
- Change the urls for WordPress dashboard including login, admin, and more
- Completely turn off the ability to login for a given time period (away mode)
- Remove theme, plugin, and core update notifications from users who do not have permission to update them
- Remove Windows Live Write header information
- Remove RSD header information
- Rename “admin” account
- Change the ID on the user with ID 1
- Change the WordPress database table prefix
- Change wp-content path
- Removes login error messages
- Display a random version number to non administrative users anywhere version is used
Just hiding parts of your site is helpful but won’t stop everything. After we hide sensitive areas of the sites we’ll protect it by blocking users that shouldn’t be there and increasing the security of passwords and other vital information.
- Scan your site to instantly tell where vulnerabilities are and fix them in seconds
- Ban troublesome bots and other hosts
- Ban troublesome user agents
- Prevent brute force attacks by banning hosts and users with too many invalid login attempts
- Strengthen server security
- Enforce strong passwords for all accounts of a configurable minimum role
- Force SSL for admin pages (on supporting servers)
- Force SSL for any page or post (on supporting servers)
- Turn off file editing from within WordPress admin area
- Detect and block numerous attacks to your filesystem and database
Should all the protection fail Better WP Security will still monitor your site and report attempts to scan it (automatically blocking suspicious users) as well as any changes to the filesystem that might indicate a compromise.
- Detect bots and other attempts to search for vulnerabilities
- Monitor filesystem for unauthorized changes
Finally, should the worst happen Better WP Security will make regular backups of your WordPress database (should you choose to do so) allowing you to get back online quickly in the event someone should compromise your site.
- Create and email database backups on a customizable schedule
- Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
- Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.
- Works on multi-site (network) and single site installations
- Works with Apache, LiteSpeed or NGINX (NGINX will require you to manually edit your virtual host configuration)
- Some features can be problematic if you don’t have enough RAM to support them. All my testing servers allocate 128MB to WordPress and usually don’t have any other plugins installed. I have seen issues with file check and database backups failing on servers with 64MB or less of RAM, particularly if there are many other plugins being used.
- French by SCUDELLER Eric
- Hindi by Outshine Solutions
- Lithuanian by Vincent G
- Slovak by Erich Szabó
- Spanish by Pablo Romero
- Tagalog by Hanne
- Turkish by Hakan Er
Please let us know if you would like to contribute a translation.
Please read the installation instructions and FAQ before installing this plugin. It makes some significant changes to your database and other site files which, without a proper backup, can cause problems if something goes wrong. While problems are rare, most (not all) support requests I get for this plugin involve the users failure to make a proper backup before installing.
BulletProof Security features:
htaccess Core Website Security
WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check… System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload… Built-in .htaccess file editing, uploading and downloading.
Login Security & Monitoring Website Security
Login Security & Login Monitoring: Log All User Account Logins or Log Only User Account Lockouts (see Screenshot). Email alerting options allow you to choose 5 different email alerting options: Choose to have email alerts sent when a User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in when a User Account is locked out or Do Not Send Email Alerts. See BulletProof Security Login Security & Monitoring Features for additional features and options.
Why is .htaccess Website Security So Much Better Than Any Other Type of Website Security?
The answer is very simple – .htaccess files (distributed configuration files) are processed first before any other code on your website. In other words, hackers malicious scripts are stopped by BulletProof Security .htaccess files before those scripts even have a chance to reach the php coding in WordPress. BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. Please read the FAQ page for Server compatibility questions.
BulletProof Security Fast and Simple with No Manual Configuration Required
The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website. Activate .htaccess website security and .htaccess website under maintenance modes from within your WordPress Dashboard – no FTP required. The BulletProof Security WordPress plugin is a one click security solution that creates, copies, renames, moves or writes to the provided BulletProof Security .htaccess master files. BulletProof Security protects both your Root website folder and wp-admin folder with .htaccess website security protection, as well as providing additional website security protection.
BulletProof Security allows you to add .htaccess website security protection from within the WordPress Dashboard so that you do not have to access your website via FTP or your Web Host Control Panel in order to add website security protection for your WordPress site. BulletProof Security Modes: Root .htaccess security protection, wp-admin .htaccess security protection, Deny All .htaccess self protection, WordPress default .htaccess mode and .htaccess Maintenance Mode (503 Website Under Maintenance). In BulletProof Security Mode your WordPress website is protected from XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
BulletProof Security Maintenance Mode
BulletProof Security Maintenance Mode allows you to create your custom website under maintenance page within BulletProof Security and activate Maintenance Mode to put your website in maintenance mode. Maintenance Mode allows website developers or website owners to access and work on a website while a 503 Website Under Maintenance page is displayed to all other visitors to the website. Allow access to your WordPress Dashboard for only yourself or add additional IP addresses to allow mulitple IP addresses access to your WP Dashboard while in maintenance mode.
BulletProof Security Additional Website Security Protection
WordPress is already very secure, but every website, no matter what type of platform it is built on should have additional website security measures in place as a standard. BulletProof Security provides that additional website security protection that every website should have.
- Lithuanian by Vincent G from Host1Free.com
- Filipino/Tagalog by pointen.dk
- Russian by EyeFinity
- If you would like to translate the BPS plugin to your language see this BPS Plugin Language Translation Tutorial. Please include a link to your website so that we can add it here. Thank you.
- Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to… To translate plugin text into your Language.
BulletProof Security htaccess Core Features
- One-click .htaccess website security protection from within the WP Dashboard
- .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts
- .htaccess file backup and restore
- .htaccess Lock / Unlock (404 Read-Only)
- .htaccess AutoLock On or Off
- Security / HTTP Error Logging – Log 400, 403 and 404 Errors
- Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
- Security Log: Turn On / Turn Off / Delete Log
- Automatic .htaccess file updating on upgrade installation
- New .htaccess security filters automatically added during upgrade
- No need to reactivate BulletProof Modes when upgrading
- WP Dashboard Alerts – Root and wp-admin .htaccess file checks
- Anti Comment Spam .htaccess code – works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
- Anti Comment Spambot .htaccess code – Forbid Empty Referrer Spambots
- TimThumb Vulnerability/Exploit .htaccess coding
- Built-in File Editing, File Downloading and File Uploading
- Custom Code feature that permanently saves and writes your personal custom .htaccess code
- WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
- wp-config.php and bb-config.php files protected with .htaccess security protection
- php.ini and php5.ini files protected with .htaccess security protection
- WordPress database errors turned off – Verification and function insurance
- WordPress version is not displayed / not shown – WordPress version is removed
- WP Generator Meta Tag filtered – not displayed / not shown
- WP DB default admin username / account check
- System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache and Memcached
- Security Status Page – Displays website security status information
- File and Folder Permission Checking – CGI / DSO SAPI check / display
- Help & FAQ page – links to BPS Guide and other detailed Help & Info pages
- Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
- Backup and Restore existing .htaccess files
- Backup and Restore customized / modified .htaccess files
- Add to, Edit, Modify the provided BulletProof Security .htaccess Master files
- Create your own .htaccess Master files or code and use BulletProof Security as an .htaccess file manager
- Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
- Log in / out of your website while in Maintenance Mode
- Customizable 503 Website Under Maintenance page
- HUD Success / Error message display
- i18n Language Translation coding
BulletProof Security Login Security & Monitoring Features
- Log All User Account Logins or Log Only User Account Lockouts
- Logged DB Fields: User ID, Username, Display Name, Email, Role, Login Time, Lockout Expires, IP Address, Hostname, Request URI
- Email Alerting Options: User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in when a User Account is locked out, Do Not Send Email Alerts
- Login Security Additional Options: Max Login Attempts, Automatic Lockout Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
- Dynamic DB Form: Lock, Unlock, Delete
- Enhanced Search: Allows you to search all of the Login Security database rows/Fields
- Stand-alone Unlock Form bpsunlock.php: Unlock User Accounts without having to be logged into the WP Dashboard
- Please click the Login Security Blue Read Me help button for full descriptions of all features and options.
Conclusion: I used both the plugins for some time. I recommend to use the Better WP security plugin which 100% free and it has very great features.