How To Install WordPress Plugins - BulletProof Security

Discussion in 'WordPress' started by imuncutno1, Feb 20, 2014.

0
  1. #1
    If you have a paid hosting WordPress blog, I recommended this awesome plugin to be installed into your blog for maximizing full security. That one of the best things about this plugin is you can also block automated comment spambots.

    Follow These Simple Steps:
    First. Get to your domain, login to your WP-Dashboard, on the left menu, click “Installed Plugins”, place keywords – bullet proof security and click on “Search Plugins”.

    2. On the left menu – click on BPS Security.Next,
    -Select “Security Modes”
    -Click on “Created default.htaccess File

    3. Activate both Root Folder BulletProof Mode plus wp-admin Folder BulletProof Mode

    Next, activate Deny All htaccess:
    Master htaccess BulletProof Mode
    BPS Backup BulletProof Mode

    4. For website that installed “Broken Link Checker”.
    Before create secure.htaccess File, please add the code in Step 5 and 6.

    5. Protect Login Page from Brute Force Login Attacks
    Add the below code to block an automated comment spambots.

    
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol
# Block automated comment spambots using Server Protocol HTTP/1.0
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|/wp-comments-post\.php)$
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule ^(.*)$ – [F,L]
    Code (markup):
    Click on " Custom Code"

    Select “Root htaccess File Custom Code”
    Paste into “Custom Code Brute Force Login Page Protection”.
    Scroll down and “Save Root Custom Code”
    Now, check on "Security Status", if same like below, follow the next instructions.

    Upload 2 htaccess files into “master-backups” directory.
    1. root,htaccess File.

    
# BULLETPROOF .46.D >>>>>>> DEFAULT .HTACCESS# If you edit the line of code above you will see error messages on the BPS status page
# WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
# This is a standard generic htaccess file that does NOT provide any website security
# The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only# BEGIN WordPress
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ – [L]# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress
    Code (markup):
    2. wpadmin.htaccess File.


    
# BULLETPROOF .46.4 WP-ADMIN SECURE .HTACCESS# If you edit the line of code above you will see error messages on the BPS status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS functions.php file to match your changes
# For more info see the BPS Guide at AIT-pro.com# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ – [F,L]# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|drop|delete|create|alter|update|order|char|set|cast|convert|meta|script|truncate).* [NC]
RewriteRule ^(.*)$ – [F,L]
    Code (markup):
    Once you have completed upload the 2 files as shown above, select ” Security Modes”, click on “Create secure.htaccess File”. As usual, same as step 3 & 4, activate both once again;
    Root Folder .htaccess Security Mode
    wp-admin Folder .htaccess Security Mode
    You are good to go.

    Suggest to make a backup. The backup files are stored in this folder /wp-content/bps-backup

    To see all the images, visit the following;
    Presented by - seoblogbuzz.blogspot.com
     
    imuncutno1, Feb 20, 2014 IP