WordPress For Non-Techies: Free WordPress Tutorials – WPCompendium.org

WordPress Security Plugin – BulletProof Security

This tutorial is part of our tutorial series on WordPress Security. In this tutorial, you will learn how to install, configure, and use the BulletProof Security plugin for WordPress.

***

WordPress Security Plugin – BulletProof Security

BulletProof Security

(BulletProof Security WP Plugin)

Plugin URL

https://wordpress.org/extend/plugins/bulletproof-security

Plugin Description

BulletProof Security is designed to be a fast, simple and one-click security plugin that adds .htaccess website security protection for your WordPress site.

Some of the main features of this plugin include:

Best of all, you don’t need to know or understand anything about .htaccess website security files in order to use the BulletProof Security plugin. The plugin provides “AutoMagic” buttons that let you set everything up with nothing to configure or set up.

BulletProof Security also has a PRO version that offers significant additional security features, including:

To learn more about the PRO features of this plugin, visit the site below:

Remember to back up all files and data on your site before installing and configuring this plugin, as the plugin performs a number of modifications to important files on your site.

If you need help setting up this plugin, please ask a professional WordPress service provider for assistance.

To learn how to perform WordPress file and data backups, see the tutorials in the module below:

Plugin Installation

From your WordPress administration area, select Plugins > Add New

Select the Install Plugins > Search tab, then type in “bulletproof” into the search field and click on the Search Plugins button …

Activate plugin after uploading, or locate the plugin in the search results area and click Install Now

Activate the plugin after installing it …

When the BulletProof Security plugin is first activated, a warning message displays at the top of your admin screen …

See the ‘Plugin Configuration’ section below to learn how to complete the steps indicated in the warning message and configure your .htaccess file in security mode.

Once the plugin has been activated, click on Settings

You can also access the plugin’s settings and options area by selecting BPS Security from your WP dashboard menu …

Plugin Configuration

The BulletProof Security configuration and settings area is divided into the following sections:

Note: We’ll go over each of these sections briefly below, as the developers of BulletProof Security plugin already provide video tutorials on their site covering installation and setup, and a users forum where you can get help, support and further instructions on using some of the plugin’s more advanced features.

htaccess Core

Select ‘BPS Security > htaccess Core‘ from your WP-admin menu …

This section allows you to configure .htaccess file security options for your site …

Basically, BulletProof Security will take your default .htaccess file, which looks like this …

And modify the information by automatically adding security commands and instructions to your files like this …

This section includes a number of tabs …

We strongly recommend clicking on the ‘Read Me’ buttons before performing any kind of operation with this plugin …

The plugin modifies important files on your site and the ‘Read Me’ sections contain important information and additional instructions for getting help …

Security Modes Tab

If you have already backed up your site, then use the recommended options for your installation and click on ‘Create secure.htaccess file’ in the ‘Security Modes’ tab …

A message will pop up letting you know that clicking the ‘OK’ button will create the secure.htaccess file for your site, but it will not activate the file (this will be done in the next step below).

Click ‘OK’ to proceed …

Your security root master .htaccess file will be created …

We recommend making a backup of your WordPress .htaccess file at this point, especially if you have made any prior modifications to your .htaccess file. As .htaccess is a file located on your server, making backups of your WordPress database won’t back this file up (because it’s not in your database).

To backup your htaccess file, you will need to FTP into your server and download the file to your hard drive.

(Backup your .htaccess file)

The next step is to activate BulletProof mode for your root folder by selecting the ‘Root Folder BulletProof Mode’ radio button in the ‘Activate Security Modes’ section and clicking the ‘Activate’ button …

A message will appear asking you to confirm if you have created the master .htaccess files using the ‘AutoMagic’ buttons, and if you have taken steps to back up your existing .htaccess files (this is especially important if you have made any custom modifications to your .htaccess file). The message will also remind you that you will overwrite your existing root .htaccess file by clicking the OK button.

Click ‘OK’ to proceed or ‘Cancel’ to abort …

A message will display on your screen confirming that your site’s root folder protection has been successfully activated, and reminding you that if you have root folder security activated, you will also need to activate wp-admin folder security protection …

To activate wp-admin folder security protection, scroll down the ‘Activate Security Modes’ screen until you come to the ‘Activate Website wp-admin Folder .htaccess Security Mode’ section, then select the ‘wp-admin Folder BulletProof Mode’ radio button and click the ‘Activate’ button …

A message will display on your screen confirming that BulletProff Security wp-admin Folder Protection has been activated and that your wp-admin folder is now protected …

The other security options in the ‘Activate Security Modes’ section are automatically set up when you activate the plugin itself:

Activate Deny All htaccess Folder Protection For The BPS Master htaccess Folder

Activating BulletProof Mode for Deny All htaccess Folder Protection copies and renames the deny-all.htaccess file located in the /plugins/bulletproof-security/admin/htaccess/ folder and renames it to just .htaccess. The Deny All htaccess file blocks everyone, except for you, from accessing and viewing the BPS Master htaccess files.

Activate Deny All htaccess Folder Protection For The BPS Backup Folder

Activating BulletProof Mode for Deny All BPS Backup Folder Protection copies and renames the deny-all.htaccess file located in the /bulletproof-security/admin/htaccess/ folder to the BPS Backup folder /wp-content/bps-backup and renames it to just .htaccess. The Deny All htaccess file blocks everyone, except for you, from accessing and viewing your backed up htaccess files.

If your server does not allow these options to be automatically created and activated, then you will need to manually activate these yourself by selecting the radio buttons and clicking ‘Activate’ …

Security Status

After configuring the plugin’s .htaccess file security modes, click on the Security Status tab to view your security and protection status …

This section shows the status of your activated BulletProof Security .htaccess files, file and folder permissions, additional security measures that the plugin has implemented on your site (you can reset and recheck these), and general security file check results.

We recommend going through the accompanying ‘Read Me’ notes for each of these sections for more information on what the data means and further instructions.

Backup & Restore Tab

Use this section to create and restore backups of your .htaccess files …

The first time you install the plugin, you may see warnings in this section about your .htaccess files …

Select the ‘Backup .htaccess Files’ radio button and click ‘Backup Files’ …

BulletProof Security will create backups of your .htaccess files and notify you that these files now exist and have been backed up successfully …

You can also use this section to restore your last .htaccess file backups.

Notes:

htaccess File Editor Tab

This section lets you lock/unlock files for editing and modify the content of your htaccess files without having to access these via FTP or your webhosting control panel …

Notes:

Custom Code Tab

This section lets you add custom code to your .htaccess files …

Important: Before adding any custom codes to your .htaccess files, please go through the ‘Read Me’ notes, watch the video tutorials and visit the BulletProof Security Forum. If you don’t know what you are doing, then ask a professional to help you, as entering the wrong information in this section could crash your site!

Help & FAQ Tab

This section provides links to help and resources …

The other tabs in this section are used for providing plugin users with additional information and marketing-related information.

Login Security

To access the plugin’s ‘Login Security’ section, select ‘BPS Security > Login Security‘ from your WP-admin menu …

This section lets you configure settings that will help to protect your WordPress site from brute-force attacks

You can specify the maximum number of login attempts, lockout times, set alerts and notifications and configure a number of additional login security and monitoring options in this section.

If you make any changes to the settings in this section, remember to click on the ‘Save Options’ buttons and the ‘Submit’ button when finished to update and save your new settings …

For more information on protecting your WordPress site from brute-force attacks, see the tutorial below:

Security Log

To access the plugin’s ‘Security Log’ section, select ‘BPS Security > Security Log‘ from your WP-admin menu …

This section lets you view logs of all blocked attempts by hackers, spammers, scrapers, bots, etc., specify settings for sending email alerts, add exceptions, and set the maximum database size for keeping and purging stored log data …

Notes:

Maintenance Mode

BulletProof Security views “maintenance mode” web pages as part of WordPress security, as these can be compromised by hackers and give access to the WP-admin area if not properly secured.

For this reason, BulletProof Security incorporates a complete Maintenance Mode feature within the plugin itself.

To access the plugin’s ‘Maintenance Mode’ section, select ‘BPS Security > Maintenance Mode‘ from your WP-admin menu …

The BulletProof Maintenance Mode feature:

For instructions on how to set up a maintenance mode page using the BulletProof Maintenance Mode feature, see ‘Plugin Usage’ section below.

System Info

To access the plugin’s ‘System Info’ section, select ‘BPS Security > System Info‘ from your WP-admin menu …

This section provides detailed information about your system, SQL database, and PHP server, and lets you check your website headers …

Note: System info data can be used to analyze security risks.

Plugin Usage

Once the BulletProof Security plugin has been installed and configured, there is really nothing else to do as far as securing and protecting your site is concerned. The plugin will block attempts by hackers and notify you of these as specified in the plugin settings and options.

One of the features of this plugin that is worth learning how to use is the BulletProof Maintenance Mode feature.

Maintenance Mode

To set ‘Maintenance Mode’ for your website on and off, select ‘BPS Security > Maintenance Mode‘ from your WP-admin menu …

If you want to display a countdown timer letting your visitors know how long your site is going to be down for, then tick the ‘Enable Countdown Timer’ checkbox, and specify a maintenance mode duration (in minutes), in the ‘Maintenance Mode Time’ and ‘Header Retry-After’ fields as shown in the screenshot below …

You can also choose a color for your countdown timer from the ‘Countdown Timer text Color’ drop-down menu …

Next, decide whether you want to enable FrontEnd maintenance, BackEnd maintenance, or both FrontEnd and BackEnd maintenance modes …

Important: If you plan to enable BackEnd maintenance mode for your site, you must enter your IP address into the ‘Maintenance Mode IP Address Whitelist Text Box’, or you will be locked out of your own site!

***

Below the FrontEnd/BackEnd activation options, is the editor section where you can add the Maintenance Mode “message” that you want your visitors to see when maintenance mode is activated.

You can add text, images, styling options and even videos to your Maintenance Mode Text Box. For more details, make sure to click on the link to the plugin’s ‘Maintenance Mode Guide’ …

You can add background and center images, or a background color to your Maintenance Mode message box …

BulletProof Maintenance Mode lets you select your background and box image options from drop-down menus …

Background image files/options and center images (text box image) are independent of each other, so you can mix and match different background images with different center images (text box image), and even different countdown timer colors …

After selecting your Maintenance Mode page design options, the next step is to specify some additional options …

By selecting/deselecting the checkboxes, you can decide whether or not to:

Below are some examples of dashboard reminder notices.

When FrontEnd Maintenance Mode only is turned “on”, this reminder notice displays …

In the example below, both FrontEnd and BackEnd Maintenance Modes are turned “on” …

After configuring all of the Maintenance Mode options, click on the ‘Save Options’ button …

You will be asked to confirm. Click ‘OK’ to proceed …

A confirmation message informing you that your Maintenance Mode form has been created successfully will display on your screen …

You can now preview your form by clicking on the ‘Preview’ button …

Your form will open up in a new browser window …

Repeat the save and preview process to configure your form options until you are happy with the design for your Maintenance Mode page …

Once you are happy with your choices, click on the ‘Turn On’ button to activate this feature and put your site in Maintenance Mode …

A message will display informing you that Maintenance Mode has been turned on for your site …

Log out of your site and check how your Maintenance Mode page looks …

The plugin remembers your settings, so you can turn Maintenance Mode on or off anytime you like simply by clicking on the ‘Turn On’ and ‘Turn Off’ buttons …

Remember to turn Maintenance Mode “off” to make your site visible again to visitors …

BulletProof security offers a convenient way to put your WordPress site into maintenance mode by integrating the Maintenance Mode feature with its Security application.

If you find the BulletProof Maintenance Mode options limited, however, there are other options.

To learn more about putting your WordPress site into Maintenance Mode, see the tutorial below:

Uninstalling BulletProof Security

When you configured the BulletProof Security plugin as shown in earlier steps above, you will remember that the plugin modified important .htaccess files on your site.

If you decide to remove the BulletProof Security plugin from your site, you must first restore these files to their original default before deactivating and deleting the plugin.

To restore your original .htaccess files, select ‘BPS Security > htaccess Core‘ from your WP-admin menu …

Scroll down to the ‘Activate Security Modes’ section, then select the ‘Default Mode WP Default htaccess file’ radio button and click ‘Activate’ …

The plugin will restore the original htaccess file for your site …

You are not quite done yet … just one more step!

Next, select ‘Delete wp-admin htaccess File’ radio button and click on ‘Activate’ …

You should now see messages displayed at the top of your screen informing you that your site is no longer protected by BulletProof Security …

You can now safely deactivate and/or remove the BulletProof Security plugin from your site.

Congratulations! Now you know how to protect and secure your WordPress site with the BulletProof Security plugin.

For more details, go here}:

(Source: BulletProof Security Website)

***

"These tutorials have so much information and are easy to understand. If you use WordPress or plan to in the future these will help you with everything you need to know." - Valisa (Mesa, Arizona)

***

Recommended Video Courses For WordPress Users

WordPress 101: How To Use WordPress

Learn how to unlock the power of the WordPress content management system (CMS) using the many powerful features inside your WordPress administration area.

More info: WordPress 101: How To Use WordPress

Recommended Video Courses For WordPress Users

Keyword Research Tools

This video course shows you how to do keyword research using tools like the Google Keyword Planner.

More info: Keyword Research Tools

Recommended Video Courses For WordPress Users

Build A WordPress Site ... Fast!

Need a new website or blog in a hurry?

This video course shows you how to quickly install and configure a WordPress website or blog on your own domain name and be up and running in no time!

More info: Build A WordPress Site ... Fast!

Recommended Video Courses For WordPress Users

Why Your Business Needs WordPress

Learn about the unique features, benefits, and advantages of using WordPress to start or grow your business online.

More info: Why Your Business Needs WordPress

Recommended Video Courses For WordPress Users

Google Tools

This video course will help you learn the basics of using Google Tools like Google Analytics and Gmail.

More info: Google Tools

Recommended Video Courses For WordPress Users

WordPress Traffic & User Engagement

Learn how to drive more targeted traffic to your website and discover ways to improve user engagement with your business online.

More info: WordPress Traffic & User Engagement