Categories
WordPress

A WordPress Plugin “BulletProof Security”.

同一記事の日本語版
Update information      Edit(Dec.2)~~Edit4(2014.Jul.14)    Edit5(Jul.16)

   I installed the Plugin “BulletProof Security” for my WordPress security. It’s easy to install. But there is something you should consider in activating if you also use it.

  1. Though it is Network / Multisite Compatible, you should NOT make it Network Activated. Network Deactivate BulletProof Security and then activate BulletProof Security on your Primary site ONLY.
  2. BulletProof Security uses .htaccess files, so you should back up the otiginal files in your WordPress Root and wp-admin folders before its activating.
  3. BulletProof Security uses .htaccess files, so it depends on your server configuration if you can use it or not. In my case, I had an error, so I added Options=Indexes to my AllowOverride Directive in the <Directory> section of the httpd.conf.

   By the way, I found BulletProof Security introduced Sucuri SiteCheck Scanner on one of its pages. So I tried to scan my WordPress sites. On the sites, no threats were found, though they say “Sucuri SiteCheck is a free & remote scanner. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed”.

Edit(Dec.2):
   The plugin ‘Broken Link Checker’ gave me the message below:

   Broken Link Checker has detected 1 new broken link on your site.
   Here’s a list of the new broken links:
   Link text : Asus ,HCL X51C (T12C) Motherboard schematic
   Link URL : https://ja.o6asan.com/wp-content/uploads/sites/3/Asus_HCL_X51C_(T12C).pdf
   Source : ノートをWin8 Proにアップグレード。
   You can see all broken links here: http://My WP dashboard tool URL

   Why suddenly? This PDF file I uploaded on Oct.16 and have not made any changes to it. I got another message when I accessed the PDF by a browser. Like this:

   o6asan.com 403 Forbidden Error Page
   If you arrived here due to a search or clicking on a link click your Browser’s back button
   to return to the previous page. Thank you.

   I found out this message by the ‘BulletProof Security’ and also found ‘BulletProof Security’ not to allow accessing the file which has ( or ) in its filename. So, I changed from Asus_HCL_X51C_(T12C).pdf to Asus_HCL_X51C-T12C.pdf. Now I don’t have the errors. that’s.it.

Edit2(Dec.3):
   I got an update to version .49.7 today, and we can use “Network Activate” on Network / Multisite now, I just wrote that we were unable to use it though. Of course you can also use it by your old configuration.
   By the way, I’ll write an addition to Edit(Dec.2). BPS does not allow accessing the file which has a space in its file name, either.

Edit3(Dec.4):
   Lately, I edit this page everyday (^_^;). This time, Mr.’BulletProof Security’ blocked my flash movies. When I accessed 高住神社-video1, I got the you-know-message “Movie not loaded”. I directed a doubtful look at the Adobe Flash Player because this phenomenon is usually occurred by the player. But, it is not guilty this time-HaHa.
   I found out this as a solution. Flash swf 403 error – Flash slideshow blocked
   I added the next bold italic letters to the root .htaccess file. That’s it.
   RewriteRule .* index.php [F,L]
   RewriteCond %{REQUEST_URI} (flvplayer.swf|timthumb.php|~~|thumbs.php) [NC]

Edit4(2014.Jul.14):
   Recently, I had a lot of 500 Internal Server Error errors on my server log. First, it looked like related to the font-face decoration. But, I finally found that the .htaccesses of BPS gave them when a URI has a ? at its end. I went to the WordPress Japanese forum and the BulletProof Security Free forum. I got the solution from them. Now, the errors have gone. Happy!!

   If you need more information, please see the following topics.
   IE11(Win8.1),IE10(Win7)で,アクセスしたとき,font.eotについてエラーがでる。
   font-face 500 Internal Server Errors

Edit5(Jul.16):
   I had a lot of 403 Forbidden Errors related to my own site on my http_error_log.txt because of the plugin Broken Link Checker uses Head Method. I’ve known the Broken Link Checker uses Head Method since 2012.Dec.29. But I want to use these two plugins, so, I’ve accepted the situation because I don’t know how I can fix it.

   However, when I checked the .htaccess up for this 500 Internal Server Error, I found the following sentences. Wow!!
# REQUEST METHODS FILTERED
# This filter is for blocking junk bots and spam bots from making a HEAD request, but may also
# block some HEAD request from bots that you want to allow in certain cases. This is not a
# security filter and is just a nuisance filter. This filter will not block any important bots
# like the google bot. If you want to allow all bots to make a HEAD request then remove HEAD
# from the Request Method filter.
# The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against
# your website.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]

   This means I can remove HEAD from it? Immediately I removed HEAD from the .htaccess in my root folder. The .htaccess in my wp-admin folder I leave the default, because the Broken Link Checker doesn’t access to the wp-admin folder.

   It works very well as I expected (*´▽`*).

Leave a Reply

Your email address will not be published. Required fields are marked *