Bulletproof security plugin basically protects and backs up your .htaccess files.
You’ll notice alot of different tabs and screens displayed in the backend once you install the plugin however there’s only 2 which you need to configure.
They are:
- Security Modes
- Backup & Restore
The 3rd screen which you also need to take a look at in the Security Status tab, will also display whats done and what needs doing.
Create a full backup of your WordPress files and databases before configuring the settings for BulletProof Security.
The first step is to make sure your php.ini file has safe mode turned off so the plugin can do its job. Contact your host if you are not sure how to do this.
Add safe_mode=Off to the php.ini file in your public_html root directory.
Once you have installed and activated the plugin, navigate to the settings page where you’ll possibly become overwelmed with confusion! haha
Don’t worry, there’s only 2 pages you need to setup.
HTACCESS Files
- BulletProof Security basically protects your .htaccess files by renaming them and storing them in a different location.
- It also creates a backup of all your .htaccess files once you have clicked the backup buttons.
The first step is to create a secure .htaccess file.
You only need to use the buttons on the left for standard WordPress installations.
BulletProof Security Modes
In the Security Modes screen, click the create secure .htaccess file to start
Activate Security Modes
1) Activate Website Root Folder .htaccess Security Mode
Check the Bullerproof Mode radio button and click Activate.
This copies the file secure.htaccess to your root folder and renames the file name to just .htaccess
2) Activate Website wp-admin Folder .htaccess Security Mode
Check the Bullerproof Mode radio button and click Activate.
This copies the file wpadmin-secure.htaccess to your /wp-admin folder and renames the file name to just .htaccess
3) Activate Deny All htaccess Folder Protection For The BPS Master htaccess Folder
Check the Bullerproof Mode radio button and click Activate.
This copies the file deny-all.htaccess to the BPS Master htaccess folder and renames the file name to just .htaccess
4) Activate Deny All htaccess Folder Protection For The BPS Backup Folder
Check the Bullerproof Mode radio button and click Activate.
This copies and the file deny-all.htaccess to the BPS Backup folder and renames the file name to just .htaccess
Security Status
Here you’ll find 4 windows displaying your current security status.
There’s no settings to configure in this screen but you can see whats secure and whats not. Lets take a brief look at each window.
Activated BulletProof Security .htaccess Files
Everything in here should be displayed in green like in this screenshot
Additional Website Security Measures
Here you can view the other security measure which should all be displayed in green for maximum security
If you don’t understand what they mean, contact your host who should put you in the picture.
File and Folder Permissions – CGI or DSO
These permissions are easily changes using File Manager in cPanel. Contact your host if you need help or further clarification.
Changing these permissions can protect your files and folders from being read and written.
General BulletProof Security File Checks
As you can see from this screenshot, the .htaccess files have been protected but NOT yet backed up.
In the next sub heading, we’ll take a look at how to create a backup of the .htaccess files.
[box type=”info”]You should also take a full backup of your files after successfully configuring the BulletProof security settings[/box]
BulletProof Security Backup & Restore
Backup Your Currently Active .htaccess Files
- Backs up your currently active .htaccess files in your root and /wp-admin folders.
- Backup your htaccess files for first time installations of BPS or whenever new modifications have been made to your htaccess files. Read the
CAUTION: Click the Read Me button and read the warning. If you don’t understand, contact your host for clarification.
If you’re creating a full backup of your WordPress installation everyday, then you will already have a backup of your .htaccess files anyway.
There’s other settings on this page for restoration of your .htaccess files and to create a master backup.
More Security Tips
I use this plugin along with the Secure WordPress plugin by WebsiteDefender.
I also create full backup everyday and store it in multiple locations and update all my plugins, themes and scripts immediately a new version is released.
Protecting your .htaccess files is important otherwise you may suffer from an injection of malware which was the case on my other server as i didn’t update WordPress scripts or install any security plugins.
I also installed Microsoft Security Essentials which is a free security download for Windows users. This protects your local computer from malware and spyware so the backups of your WordPress site are secure from hackers.
Leave a Reply