WordPress Installation Files: A Glossary For Non-Techies

Need to know what WordPress installation folders and files in your server are used for? Here is a glossary of WordPress installation files for non-techies …

WordPress Installation Files: A Glossary For Non-TechiesWhen WordPress is installed on your domain, either by performing a manual WordPress installation or using a WordPress installation script like Softaculous or Fantastico, a number of folders and files get added to your server’s root directory.

Although these folders and files are mostly accessed by technical users like website developers, it’s good to know what these folders and files are used for, especially if you plan to build or manage your own WordPress site.

WordPress installation files

(WordPress installation files)

You can view these folders and files using an FTP application or cPanel’s File Manager. For help with this, see the tutorial below:

Knowing what WordPress installation folders and files do is also important for areas like:

WordPress Installation Files: A Glossary For Non-Techies

Your WordPress site is made up of your WordPress installation files and your WordPress database. These are responsible for creating, storing, and managing all of your site’s information, web pages, etc.

Below is a glossary of WordPress installation files for non-techies. The glossary includes non-technical explanations and descriptions with links to related tutorials.

If you need more technical information about the folders or files below, please refer to the official WordPress documentation here:

wp-admin

This folder contains all of the files that control your WordPress site’s installation, administration, and management functions …

WordPress wp-admin folder

(WordPress wp-admin folder)

wp-content

This folder holds all of the content supplied by users (e.g. images uploaded to the WordPress Media Library) and stores all of the WordPress Themes and WordPress Plugins installed on your site …

WordPress wp-content folder

(WordPress wp-content folder)

This folder is also used for things like:

wp-includes

This folder contains most of the technical files and instructions required for supporting WordPress functionality …

WordPress wp-includes folder

(WordPress wp-includes folder)

.htaccess

An .htaccess file is a configuration file used on web servers running the Apache Web Server software. It contains important server instructions …

WordPress .htaccess file

(WordPress .htaccess file)

The .htaccess file is used to enable/disable functionality, such as:

  • Enabling password protection on a directory
  • Enabling content protection
  • Denying visitors access to the website
  • Redirecting visitors to another page or a custom error or 404 page
  • Preventing images on your site from being hotlinked
  • Etc.

If you experience WordPress errors, it may be because your .htaccess file has become corrupted. If this happens, see this tutorial:

index.php

This is the core WordPress index file that instructs your WordPress theme and blog to load.

This file looks to see if you have set a home page in WordPress and displays that page to your visitors. If not, it displays a default blog page.

Basically, what the index.php file does, is show visitors a page like this when they visit your site …

This is what visitors see thanks to index.php

(This is what visitors see thanks to index.php)

Instead of a directory of internal files like this …

This is what visitors see if index.php file is removed

(This is what visitors see if index.php file is removed)

license.txt

This file contains the WordPress GPL license which states that WordPress is free software and can be redistributed and/or modified under the terms of the GNU General Public License.

readme.html

This file contains useful pre-installation information about WordPress …

WordPress ReadMe file

(WordPress ReadMe file)

wp-activate.php

This file confirms that the activation key sent in an email after a user signs up for a new site matches the key for that user and then displays confirmation.

wp-blog-header.php

This file decides what to display based on the parameters that are passed to the blog from any page that wants to display WordPress content and loads the WordPress environment and template.

wp-comments-post.php

This file receives posted comments and adds them to the WordPress database. It also prevents duplicate comment posting.

wp-config-sample.php

This is a sample of the wp-config.php file used to connect WordPress to your MySQL database. You can use this sample file to manually create the wp-config.php file (see below).

wp-config.php

The wp-config.php file is one of your most important WordPress installation files. The wp-config.php file is located in the root of your WordPress file directory and contains your website’s base configuration details, such as your database connection information (e.g. Database Name,  Database Username, Database Password, Database Host, etc.)

Here is some useful information about wp-config.php file:

  • The wp-config.php file isn’t included in the WordPress download files. It is created during the WordPress setup process based either on the information you provide during the manual installation process, or automatically, if you use a WordPress installation script (e.g. Softaculous, Fantastico, etc.)
  • A wp-config.php file can be created manually by editing the sample file (“wp-config-sample.php”), resaving it as wp-config.php and uploading this file to the root install directory.
  • The content of the wp-config.php file follow a specific order. Rearranging the order of this content may create errors on your website.
  • Editing WordPress files like wp-config.php should always be done using a plain text editor. Never use a word processor like Microsoft Word or Google Docs to edit WordPress files.

Many important modifications to WordPress can be done manually by adding lines of code to the wp-config.php file. Some of the features and functionality affected by the wp-config.php file, for example, include:

  • Adding WordPress Security Keys
  • WordPress Autosave And Post Revision (including changing the Autosave interval and disabling Post revisions)
  • Increasing PHP Memory Limit
  • Defining the ‘home’ address of your WordPress site (i.e. the URL people type in to visit your site).
  • Moving folders (e.g. content, plugins, themes, uploads folder, etc.) to directories in your server other than their default location.
  • Enabling WordPress Multisite
  • Using WordPress In Other Languages
  • Disabling plugin and theme installation, updates, and edits
  • Disabling WordPress automatic and core updates
  • Blocking external URL requests
  • Forcing Admins and Logins to use SSL
  • Overriding default WordPress File Permissions
  • Changing WordPress Cron settings
  • Emptying the trash
  • Debugging WordPress (troubleshooting errors and making repairs)
  • Allowing WordPress users to optimize and repair the WordPress database
  • And so much more …

wp-cron.php

A CRON job is essentially an automated scheduled task. It’s like someone programming a robot to do XYZ at a specific time. If someone asks the robot “is it time to do XYZ yet?” the robot can then either say “no, it’s not time yet” or “yes, it’s time” and then automatically perform the task.

By default, WordPress calls up wp-cron.php whenever someone visits your WordPress site and a scheduled task is present. Also, web hosts normally offer CRON. The wp-cron.php file provides a CRON function for hosts that do not offer CRON or where a CRON job has not been set up by software installed on your site.

The wp-cron.php file is used to perform virtual cron jobs (i.e. scheduled tasks) to automate things like publish scheduled posts, check for plugin or theme updates, send email notifications, etc.

wp-links-opml.php

This file converts links added to your site via the WordPress admin menu into a format called OPML (Outline Processor Markup Language).

OPML allows outlines and lists to be exchanged between different platforms, such as exchanging lists of RSS feeds between different feed aggregators.

Essentially, this file allows links to be exported from one WordPress site to another.

wp-load.php

In computing terms, bootstrapping is a technique for loading a program by means of a few initial instructions which then enable the rest of the program to be loaded from somewhere else.

The wp-load.php file is a bootstrap file that loads the wp-config.php file. The wp-config.php file then loads the wp-settings.php file, which then sets up the WordPress environment.

wp-login.php

This is the file that handles the WordPress login page for registered users, including user authentication, user registration, and resetting passwords.

wp-mail.php

WordPress uses this file to obtain blog posts submitted via email. The URL of this file is usually added to a CRON job so that it is regularly retrieved, enabling new email posts to be accepted.

wp-settings.php

This file performs various pre-execution routines and procedures, including checking for correct installation, including auxiliary functions, applying user plugins, initializing execution timers, etc.

wp-signup.php

WordPress uses this file to set up the area where users can sign up to your website or blog.

wp-trackback.php

This file handles incoming trackback requests to WordPress.

xmlrpc.php

This file provides XML-RPC protocol support for WordPress. This allows you to do things like post content to your site using programs and applications other than the built-in web-based administrative interface and for WordPress developers to extend WordPress functionality using plugins.

Additional Files

The additional files below aren’t part of the default WordPress installation but may be found in your server’s WordPress directory:

php.ini

A php.ini file is the default file for configuring and running applications that require PHP. The server looks for this file when PHP starts up for instructions on how to control variables such as upload sizes, file timeouts, and resource limits.

Server & Webhosting

Below are some useful terms to know when installing WordPress on your server:

DKIM

DKIM (DomainKeys Identified Email) lets a domain associate its name with an email message by affixing a digital signature to it.

Verification is carried out using the signer’s public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.

Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than message’s authors and recipients.

(Source: Wikipedia)

SPF

SPF (Sender Policy Framework) is an email validation protocol designed to detect and block email spoofing by providing a mechanism to allow receiving mail exchangers to verify that incoming mail from a domain comes from an IP Address authorized by that domain’s administrators.

The list of authorized sending hosts and IP addresses for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged “from” addresses and domains, so publishing and checking SPF records is considered to be one of the most reliable and simple to use anti-spam techniques.

(Source: Wikipedia)

***

We hope that you have found the above information useful.

WordPress Installation Files: A Glossary For Non-Techies

***

"I love the way your email series "Infinite Web Content Creation Training Series" is documented and presented. It is very absorbing and captivating. The links and tutorials are interesting and educational. This has motivated me to rewrite my content following the concepts I am learning from the email series." - Mani Raju, www.fortuneinewaste.com

***

How To Fix A Corrupted .htaccess File

Are your experiencing an internal server error or Forbidden 403 error on your WordPress site? You may need to fix a corrupt .htaccess file. This tutorial shows you how …

How To Fix A Corrupted .htaccess FileThis tutorial is part of our FREE WordPress Management training and WordPress Troubleshooting tutorial series.

In this series of step-by-step tutorials, we show you how to troubleshoot and fix common WordPress errors.

Info

Important: Always back up your WordPress site (files and data) before modifying any files or performing any upgrades or installations! 

If you don’t want to back up your files manually, then consider using professional help services, or use a WordPress backup plugin.

How To Fix A Corrupted .htaccess File

As WPCompendium.org is a resource for non-technical WordPress users, we have kept the information below as simple as possible. For technical tutorials on .htacess files, search online, or go here: .htaccess Guide

What Is An .htaccess File?

An .htaccess file is a configuration file used on web servers running the Apache Web Server software. It’s a text file that contains important server instructions …

WordPress .htaccess file

(WordPress .htaccess file)

What Does An .htaccess File Do?

An .htaccess file is used to enable/disable functionality and features in the Apache Web Server software. This includes things like:

  • Enable password protection on a directory
  • Enable content protection
  • Deny visitors access to the website
  • Redirect visitors to another page or a custom error or 404 page
  • Prevent images on your site from being hotlinked
  • Etc.

The .htaccess file can include additional information and instructions depending on the applications installed on your server …

An .htaccess file contains server instructions

(An .htaccess file contains server instructions)

How Do You Access The .htacces File?

The .htaccess file is normally found in the root directory of your domain alongside WordPress folders like wp-admin, wp-content, and wp-includes

.htaccess file

(.htaccess file)

You can access your .htaccess file inside your server using cPanel or an FTP program. If you need help with this, see the tutorial below:

Useful Information

Depending on your FTP software settings, files like .htaccess may be hidden. To display hidden files, click on ‘Tools’ (or ‘Settings’) …

Sometimes .htaccess files are hidden

(Sometimes .htaccess files are hidden)

Select Tools > Options

FTP Tools > Options

(FTP Tools > Options)

Enable the ‘Show hidden files’ checkbox and click ‘Save’ to update your settings …

Enable 'show hidden files' option

(Enable ‘show hidden files’ option)

Your .htaccess file should now be visible …

.htaccess file

(.htaccess file)

Fixing A Corrupted .htaccess File

Sometimes, the .htaccess file can become corrupted. There are many reasons why an .htaccess file can become corrupted and this can happen while a plugin is being installed, or if the file has not been configured properly, or even if an internet connection drops out while things are being written to your server.

When the .htaccess file becomes corrupted, it can lead to errors such as:

If your .htaccess file has become corrupted, here’s a simple way to fix it.

First, access your WordPress installation via cPanel or FTP (go here if you need help with this step) …

Access your WordPress installation files using cPanel or FTP

(Access your WordPress installation files using cPanel or FTP)

Next, locate the .htaccess file. You can simply delete this file or rename it to something else (e.g. “.htaccess_old”).

To rename the file, right-click on the file and select ‘Rename’ …

Select .htaccess and click Rename

(Select .htaccess and click Rename)

Rename the file to something like .htaccess_old

Rename .htaccess file

(Rename .htaccess file)

Next, log into your WordPress site, then go to Settings > Permalinks and click ‘Save Changes’  …

(Resave your WordPress Permalinks settings

(Resave your WordPress Permalinks settings)

You don’t need to change any Permalink settings. Resaving your settings will generate a new .htaccess file on your server automatically.

To check this, go back to your server and refresh the screen …

Refresh FTP screen

(Refresh FTP screen)

You should see the new .htaccess file in your server directory …

New .htaccess file

(New .htaccess file)

Remember to delete the old .htaccess file from your server before closing your FTP or cPanel application …

Delete the old .htaccess file

(Delete the old .htaccess file)

Return to your WordPress site and check to see if this has fixed the problem. If the problem has not been fixed, refer to other tutorials on our WordPress Troubleshooting Guide, or contact your webhosting provider.

More WordPress Troubleshooting Tutorials

If you experience any other issues with WordPress, check out the tutorials in the section below:

How To Fix A Corrupted .htaccess File

(Source: Pixabay)

***

"I was absolutely amazed at the scope and breadth of these tutorials! The most in-depth training I have ever received on any subject!" - Myke O'Neill, DailyGreenPost.com

***

WordPress Security Plugin – BulletProof Security

In this tutorial, we show you how to install, configure, and use the BulletProof Security plugin for WordPress.

WordPress Security Plugin - BulletProof SecurityThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, you will learn how to install, configure, and use the BulletProof Security plugin for WordPress.

***

WordPress Security Plugin – BulletProof Security

BulletProof Security

BulletProof Security Plugin

(BulletProof Security Plugin)

Plugin URL

https://wordpress.org/extend/plugins/bulletproof-security

Plugin Description

BulletProof Security is designed to be a fast, simple and one-click security plugin that adds .htaccess website security protection for your WordPress site.

Some of the main features of this plugin include:

  • Activate .htaccess website security and .htaccess website ‘under maintenance’ modes from within your WordPress Dashboard – No FTP or Web Hosting Control Panel access required.
  • One-click security solution that creates, copies, renames, moves or writes to the provided BulletProof Security .htaccess master files.
  • Protects both your root website folder and wp-admin folder with .htaccess website security protection, as well as providing additional website security protection.
  • Protects your WordPress site against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
  • Performs one-click essential operations (like create, copy, rename, move, write, etc.) to protect files such as wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection.
  • Allows you to activate .htaccess website security and .htaccess website “under maintenance modes” from within your WordPress Dashboard with no FTP required.
  • Protects both your root website folder and wp-admin folder.
  • One-click Website Maintenance Mode (HTTP 503) for the front and back end. Maintenance Mode also allows you to create and activate your custom “Under Maintenance” web page using various templates provided.
  • Performs additional website security checks (e.g: DB errors off, file and folder permissions check, System Info: PHP, MySQL, OS, Server, Memory Usage, etc.)
  • Automatic .htaccess file updating on upgrade installation and new .htaccess security filters automatically added during the upgrade.
  • Security Status Page – Displays website security status information.

Best of all, you don’t need to know or understand anything about .htaccess website security files in order to use the BulletProof Security plugin. The plugin provides “AutoMagic” buttons that let you set everything up with nothing to configure or set up.

Tip

BulletProof Security also has a PRO version that offers significant additional security features, including:

  • 1-Click Setup Wizard: Fast, Simple, One-Click Installation
  • AutoRestore: Automatic File Restore
  • Quarantine: Automatic File Quarantine
  • Real-time File Monitor: Email & Dashboard Alerts
  • Plugin Firewall (True IP Firewall): Protects the WP Plugins Folder, IP Address Updated in Real Time
  • Uploads Anti-Exploit Guard (UAEG): Protects the WP Uploads Folder
  • Login Security & Monitoring: Advanced Login Security & Monitoring
  • JTC Anti-Spam / Anti-Hacker: Hacker Protection, Spammer Protection, DoS/DDoS Attack Protection, Brute Force Login Attack Protection, User-Friendly CAPTCHA
  • .htaccess Website Security: Firewalls
  • Custom php.ini Website Security
  • F-Lock – Read Only File Locking
  • Security Logging
  • HTTP Error Logging
  • PHP Error Logging
  • Email Alerts
  • Versatile Set of Pro-Tools
  • and more …

To learn more about the PRO features of this plugin, visit the site below:

Useful Info

Remember to back up all files and data on your site before installing and configuring this plugin, as the plugin performs a number of modifications to important files on your site.

If you need help setting up this plugin, please ask a professional WordPress service provider for assistance.

To learn how to perform WordPress file and data backups, see the tutorials in the module below:

Plugin Installation

From your WordPress administration area, select Plugins > Add New

BulletProof Security Plugin

Select the Install Plugins > Search tab, then type in “bulletproof” into the search field and click on the Search Plugins button …

BulletProof Security Plugin

Activate plugin after uploading, or locate the plugin in the search results area and click Install Now

BulletProof Security Plugin

Activate the plugin after installing it …

BulletProof Security Plugin

When the BulletProof Security plugin is first activated, a warning message displays at the top of your admin screen …

BulletProof Security Plugin

See the ‘Plugin Configuration’ section below to learn how to complete the steps indicated in the warning message and configure your .htaccess file in security mode.

Once the plugin has been activated, click on Settings

BulletProof Security Plugin

You can also access the plugin’s settings and options area by selecting BPS Security from your WP dashboard menu …

BulletProof Security Plugin

Plugin Configuration

The BulletProof Security configuration and settings area is divided into the following sections:

  • htaccess Core
  • Login Security
  • Security Log
  • Maintenance Mode
  • System Info

Note: We’ll go over each of these sections briefly below, as the developers of BulletProof Security plugin already provide video tutorials on their site covering installation and setup, and a users forum where you can get help, support and further instructions on using some of the plugin’s more advanced features.

htaccess Core

Select ‘BPS Security > htaccess Core‘ from your WP-admin menu …

BulletProof Security Plugin

This section allows you to configure .htaccess file security options for your site …

BulletProof Security Plugin

Basically, BulletProof Security will take your default .htaccess file, which looks like this …

BulletProof Security Plugin

And modify the information by automatically adding security commands and instructions to your files like this …

BulletProof Security Plugin

This section includes a number of tabs …

BulletProof Security Plugin

We strongly recommend clicking on the ‘Read Me’ buttons before performing any kind of operation with this plugin …

BulletProof Security Plugin

The plugin modifies important files on your site and the ‘Read Me’ sections contain important information and additional instructions for getting help …

BulletProof Security Plugin

Security Modes Tab

If you have already backed up your site, then use the recommended options for your installation and click on ‘Create secure.htaccess file’ in the ‘Security Modes’ tab …

BulletProof Security Plugin

A message will pop up letting you know that clicking the ‘OK’ button will create the secure.htaccess file for your site, but it will not activate the file (this will be done in the next step below).

Click ‘OK’ to proceed …

BulletProof Security Plugin

Your security root master .htaccess file will be created …

BulletProof Security Plugin

Important Info

We recommend making a backup of your WordPress .htaccess file at this point, especially if you have made any prior modifications to your .htaccess file. As .htaccess is a file located on your server, making backups of your WordPress database won’t back this file up (because it’s not in your database).

To backup your htaccess file, you will need to FTP into your server and download the file to your hard drive.

Backup your .htaccess file

(Backup your .htaccess file)

The next step is to activate BulletProof mode for your root folder by selecting the ‘Root Folder BulletProof Mode’ radio button in the ‘Activate Security Modes’ section and clicking the ‘Activate’ button …

BulletProof Security Plugin

A message will appear asking you to confirm if you have created the master .htaccess files using the ‘AutoMagic’ buttons, and if you have taken steps to back up your existing .htaccess files (this is especially important if you have made any custom modifications to your .htaccess file). The message will also remind you that you will overwrite your existing root .htaccess file by clicking the OK button.

Click ‘OK’ to proceed or ‘Cancel’ to abort …

BulletProof Security Plugin

A message will display on your screen confirming that your site’s root folder protection has been successfully activated, and reminding you that if you have root folder security activated, you will also need to activate wp-admin folder security protection …

BulletProof Security Plugin

To activate wp-admin folder security protection, scroll down the ‘Activate Security Modes’ screen until you come to the ‘Activate Website wp-admin Folder .htaccess Security Mode’ section, then select the ‘wp-admin Folder BulletProof Mode’ radio button and click the ‘Activate’ button …

BulletProof Security Plugin

A message will display on your screen confirming that BulletProff Security wp-admin Folder Protection has been activated and that your wp-admin folder is now protected …

BulletProof Security Plugin

The other security options in the ‘Activate Security Modes’ section are automatically set up when you activate the plugin itself:

Activate Deny All htaccess Folder Protection For The BPS Master htaccess Folder

Activating BulletProof Mode for Deny All htaccess Folder Protection copies and renames the deny-all.htaccess file located in the /plugins/bulletproof-security/admin/htaccess/ folder and renames it to just .htaccess. The Deny All htaccess file blocks everyone, except for you, from accessing and viewing the BPS Master htaccess files.

Activate Deny All htaccess Folder Protection For The BPS Backup Folder

Activating BulletProof Mode for Deny All BPS Backup Folder Protection copies and renames the deny-all.htaccess file located in the /bulletproof-security/admin/htaccess/ folder to the BPS Backup folder /wp-content/bps-backup and renames it to just .htaccess. The Deny All htaccess file blocks everyone, except for you, from accessing and viewing your backed up htaccess files.

If your server does not allow these options to be automatically created and activated, then you will need to manually activate these yourself by selecting the radio buttons and clicking ‘Activate’ …

BulletProof Security Plugin

Security Status

After configuring the plugin’s .htaccess file security modes, click on the Security Status tab to view your security and protection status …

BulletProof Security Plugin

This section shows the status of your activated BulletProof Security .htaccess files, file and folder permissions, additional security measures that the plugin has implemented on your site (you can reset and recheck these), and general security file check results.

We recommend going through the accompanying ‘Read Me’ notes for each of these sections for more information on what the data means and further instructions.

Backup & Restore Tab

Use this section to create and restore backups of your .htaccess files …

BulletProof Security Plugin

The first time you install the plugin, you may see warnings in this section about your .htaccess files …

BulletProof Security Plugin

Select the ‘Backup .htaccess Files’ radio button and click ‘Backup Files’ …

BulletProof Security Plugin

BulletProof Security will create backups of your .htaccess files and notify you that these files now exist and have been backed up successfully …

BulletProof Security Plugin

You can also use this section to restore your last .htaccess file backups.

Notes:

  • The backup can be restored should the .htaccess file become corrupted as a result of a hacking attempt.
  • In cases where you install a plugin that writes to your htaccess files you will want to perform another backup of your htaccess files. Each time you perform a backup you are overwriting older backed up htaccess files.
htaccess File Editor Tab

This section lets you lock/unlock files for editing and modify the content of your htaccess files without having to access these via FTP or your webhosting control panel …

BulletProof Security Plugin

Notes:

  • The File Editor is designed to open all of your .htaccess files simultaneously and allow you to copy and paste from one window (file) to another window (file), but you can only save your edits for one file at a time. Whichever file you currently have opened (the tab that you are currently viewing) when you click the ‘Update File’ button is the file that will be updated / saved.
  • Keeping the .htaccess file locked prevents anyone writing to it. Unlocking it lets you edit the code directly. You can edit the files directly through the plugin edit interface in this section.
Custom Code Tab

This section lets you add custom code to your .htaccess files …

BulletProof Security Plugin

warning

Important: Before adding any custom codes to your .htaccess files, please go through the ‘Read Me’ notes, watch the video tutorials and visit the BulletProof Security Forum. If you don’t know what you are doing, then ask a professional to help you, as entering the wrong information in this section could crash your site!

Help & FAQ Tab

This section provides links to help and resources …

BulletProof Security Plugin

The other tabs in this section are used for providing plugin users with additional information and marketing-related information.

Login Security

To access the plugin’s ‘Login Security’ section, select ‘BPS Security > Login Security‘ from your WP-admin menu …

BulletProof Security Plugin

This section lets you configure settings that will help to protect your WordPress site from brute-force attacks

BulletProof Security Plugin

You can specify the maximum number of login attempts, lockout times, set alerts and notifications and configure a number of additional login security and monitoring options in this section.

If you make any changes to the settings in this section, remember to click on the ‘Save Options’ buttons and the ‘Submit’ button when finished to update and save your new settings …

BulletProof Security Plugin

For more information on protecting your WordPress site from brute-force attacks, see the tutorial below:

Security Log

To access the plugin’s ‘Security Log’ section, select ‘BPS Security > Security Log‘ from your WP-admin menu …

BulletProof Security Plugin

This section lets you view logs of all blocked attempts by hackers, spammers, scrapers, bots, etc., specify settings for sending email alerts, add exceptions, and set the maximum database size for keeping and purging stored log data …

BulletProof Security Plugin

Notes:

  • Beware of using the Security Log error logging feature as the error log will continually fill up and create a very large file, which can cause your server to crash. We recommend using this feature only to diagnose security issues.
  • View the ‘Help & FAQ’ tab and click on the ‘Read Me’ buttons for additional information related to this section of the plugin.
  • Remember to click on the ‘Save Options’ buttons if you make any changes to the settings in this section, and click on the ‘Update File’ button at the bottom of the screen when finished to update and save your new settings.
Maintenance Mode

BulletProof Security views “maintenance mode” web pages as part of WordPress security, as these can be compromised by hackers and give access to the WP-admin area if not properly secured.

For this reason, BulletProof Security incorporates a complete Maintenance Mode feature within the plugin itself.

To access the plugin’s ‘Maintenance Mode’ section, select ‘BPS Security > Maintenance Mode‘ from your WP-admin menu …

BulletProof Security Plugin

The BulletProof Maintenance Mode feature:

  • Includes various background and center images (text box image),
  • Allows you to embed image files and YouTube videos,
  • Offers ‘FrontEnd’ Maintenance Mode, ‘BackEnd’ Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes,
  • Is fast and simple to use so that you can switch in and out of Maintenance mode quickly and easily.

BulletProof Security Plugin

For instructions on how to set up a maintenance mode page using the BulletProof Maintenance Mode feature, see ‘Plugin Usage’ section below.

System Info

To access the plugin’s ‘System Info’ section, select ‘BPS Security > System Info‘ from your WP-admin menu …

BulletProof Security Plugin

This section provides detailed information about your system, SQL database, and PHP server, and lets you check your website headers …

BulletProof Security Plugin

Note: System info data can be used to analyze security risks.

Plugin Usage

Once the BulletProof Security plugin has been installed and configured, there is really nothing else to do as far as securing and protecting your site is concerned. The plugin will block attempts by hackers and notify you of these as specified in the plugin settings and options.

One of the features of this plugin that is worth learning how to use is the BulletProof Maintenance Mode feature.

Maintenance Mode

To set ‘Maintenance Mode’ for your website on and off, select ‘BPS Security > Maintenance Mode‘ from your WP-admin menu …

BulletProof Security Plugin

If you want to display a countdown timer letting your visitors know how long your site is going to be down for, then tick the ‘Enable Countdown Timer’ checkbox, and specify a maintenance mode duration (in minutes), in the ‘Maintenance Mode Time’ and ‘Header Retry-After’ fields as shown in the screenshot below …

BulletProof Security Plugin

You can also choose a color for your countdown timer from the ‘Countdown Timer text Color’ drop-down menu …

BulletProof Security Plugin

Next, decide whether you want to enable FrontEnd maintenance, BackEnd maintenance, or both FrontEnd and BackEnd maintenance modes …

BulletProof Security Plugin

  • FrontEnd Maintenance Mode means that your website Maintenance Mode page displays to website visitors instead of your website.
  • BackEnd Maintenance Mode refers to allowing access to the WordPress Administration area (back-end).

warning

Important: If you plan to enable BackEnd maintenance mode for your site, you must enter your IP address into the ‘Maintenance Mode IP Address Whitelist Text Box’, or you will be locked out of your own site!

***

Below the FrontEnd/BackEnd activation options, is the editor section where you can add the Maintenance Mode “message” that you want your visitors to see when maintenance mode is activated.

BulletProof Security Plugin

You can add text, images, styling options and even videos to your Maintenance Mode Text Box. For more details, make sure to click on the link to the plugin’s ‘Maintenance Mode Guide’ …

BulletProof Security Plugin

You can add background and center images, or a background color to your Maintenance Mode message box …

BulletProof Security Plugin

BulletProof Maintenance Mode lets you select your background and box image options from drop-down menus …

BulletProof Security Plugin

Background image files/options and center images (text box image) are independent of each other, so you can mix and match different background images with different center images (text box image), and even different countdown timer colors …

BulletProof Security Plugin

After selecting your Maintenance Mode page design options, the next step is to specify some additional options …

BulletProof Security Plugin

By selecting/deselecting the checkboxes, you can decide whether or not to:

  • Display your visitor’s IP address
  • Display Admin/Login Link (this allows the administrator to log in from the home page)
  • Display a dashboard reminder notice when your site is in Maintenance Mode.

Below are some examples of dashboard reminder notices.

When FrontEnd Maintenance Mode only is turned “on”, this reminder notice displays …

BulletProof Security Plugin

In the example below, both FrontEnd and BackEnd Maintenance Modes are turned “on” …

BulletProof Security Plugin

  • Send email reminders when Maintenance Mode countdown timers have completed. This is useful for reminding you, your webmaster, or a staff member assigned to managing your site to turn off Maintenance Mode and reactivate your site to visitors …

BulletProof Security Plugin

After configuring all of the Maintenance Mode options, click on the ‘Save Options’ button …

BulletProof Security Plugin

You will be asked to confirm. Click ‘OK’ to proceed …

BulletProof Security Plugin

A confirmation message informing you that your Maintenance Mode form has been created successfully will display on your screen …

BulletProof Security Plugin

You can now preview your form by clicking on the ‘Preview’ button …

BulletProof Security Plugin

Your form will open up in a new browser window …

BulletProof Security Plugin

Repeat the save and preview process to configure your form options until you are happy with the design for your Maintenance Mode page …

BulletProof Security Plugin

Once you are happy with your choices, click on the ‘Turn On’ button to activate this feature and put your site in Maintenance Mode …

BulletProof Security Plugin

A message will display informing you that Maintenance Mode has been turned on for your site …

BulletProof Security Plugin

Log out of your site and check how your Maintenance Mode page looks …

BulletProof Security Plugin

The plugin remembers your settings, so you can turn Maintenance Mode on or off anytime you like simply by clicking on the ‘Turn On’ and ‘Turn Off’ buttons …

BulletProof Security Plugin

Remember to turn Maintenance Mode “off” to make your site visible again to visitors …

BulletProof Security Plugin

Tip

BulletProof security offers a convenient way to put your WordPress site into maintenance mode by integrating the Maintenance Mode feature with its Security application.

If you find the BulletProof Maintenance Mode options limited, however, there are other options.

To learn more about putting your WordPress site into Maintenance Mode, see the tutorial below:

Uninstalling BulletProof Security

When you configured the BulletProof Security plugin as shown in earlier steps above, you will remember that the plugin modified important .htaccess files on your site.

If you decide to remove the BulletProof Security plugin from your site, you must first restore these files to their original default before deactivating and deleting the plugin.

To restore your original .htaccess files, select ‘BPS Security > htaccess Core‘ from your WP-admin menu …

BulletProof Security Plugin

Scroll down to the ‘Activate Security Modes’ section, then select the ‘Default Mode WP Default htaccess file’ radio button and click ‘Activate’ …

BulletProof Security Plugin

The plugin will restore the original htaccess file for your site …

BulletProof Security Plugin

You are not quite done yet … just one more step!

Next, select ‘Delete wp-admin htaccess File’ radio button and click on ‘Activate’ …

BulletProof Security Plugin

You should now see messages displayed at the top of your screen informing you that your site is no longer protected by BulletProof Security …

BulletProof Security Plugin

You can now safely deactivate and/or remove the BulletProof Security plugin from your site.

Congratulations! Now you know how to protect and secure your WordPress site with the BulletProof Security plugin.

For more details, go here}:

BulletProof Security Plugin

(Source: BulletProof Security Website)

***

"These tutorials have so much information and are easy to understand. If you use WordPress or plan to in the future these will help you with everything you need to know." - Valisa (Mesa, Arizona)

***