COMPARAR LOS ANTIVIRUS PARA WORDPRESS SITES A CONTINUACIN:

some forums discussions:

Web Host recommended Bulletproof security plugin.
Yes, BPS Pro is the only security plugin that we use, but you can of course choose to install other
security plugins. ;)
2. I believe Wordfence and BPS are compatible and the only area where there might be an issue
would be with Falcon since it is doing something with .htaccess code. So if you are going to use that
feature then check for any issues or problems. Yes, iThemes Security/Better WP Security is no
longer compatible with BPS or BPS Pro.
Sacar W3 TOTAL cache plugin: no es necesario si pongo algn antivirus como el Wordfence ya que
tiene Falcon caches

Update Everything. Deactivated themes and plugins should also be kept up to

date their mere presence on your site makes them a potential security risk.
choose a hosting provider that includes automatic backups within their service .
If you are victim to a hacking attempt that damages your site then you should find that your
provider is quick to restore the site to its previous glory.

Change the Default Profile

If youre still using the default admin profile that came packaged with your WordPress
installation, now is the time to change.

Why? Because step one for any brute force login attempt is to
attempt to login with the admin username then run through an
enormous number of password attempts in to gain entry. If you create
a more unique username then you stop this hacking attempt in its tracks.

Create a Truly Unique Password (and Change it

Regularly)

Most people are savvy enough these days to know that their password shouldnt be
password. What they may not know is that brute force hacking attempts
will try an astonishing number of password combinations in an
attempt to access websites. If your password makes sense or is in any way
predictable (e.g. is made up of recognizable words or number patterns) then your site
is at risk.
In reality, there are three golden rules for best practice password generation:

1. It must be truly random and unique

2. It must be used only once (i.e. not across multiple sites)
3. It must be changed periodically (e.g. once per month)
If you follow these three rules then your site will be a whole lot more secure. In terms
of generating truly random passwords, I recommend that you sign up for a free
account withLastPass and use that service to (a) generate and (b) store all your
passwords.

2. BACKUPS, people. I have said this a million times but its worth saying again. I
have backups scheduled to run on my own server every Sunday night. That means
if my site is hacked late Saturday night and I have to restore from my backups, Im
going to lose a week of posts and comments. Get a backup plugin, preferably one
with a restore feature, and set it to create a new backup every day.
Wordfence also gives you tons of options for locking down your site you can block
IPs that try to break in, hide your WordPress version to make it harder for hackers to
know what to exploit, scan your comments for known phishing URLs (it found a ton of
spam trackbacks on my personal blog), and even see a view of live traffic on your
site. While Ive been writing this post, a fake Googlebot tried to access this site and
Wordfence blocked it.
TimThumb Vulnerability Scanner Youd be surprised how many themes and
plugins use an outdated version of TimThumb (a common script that helps
WordPress render thumbnail images). This leaves your site vulnerable for exploits,
but luckily theres a plugin that will fix it. The TimThumb Scanner quickly evaluates
your themes and plugins, notifies you of any issues, and allows you to update
TimThumb with one click.

WP Notifier If you dont log into your dashboard on a regular basis, this plugin
will notify you via email when your themes, plugins, and/or WordPress core need to
be updated. Simple yet effective, especially if you own static or niche sites that
dont need to be updated very often.
Better WP Security This one is a serious contender with Wordfence. It hides
various parts of your WordPress site that are common targets for hackers. It also
makes backups and emails them to you an awesome feature for those of you
who dont want to spend time creating them manually.
Pros and cons ver en http://www.limeplugins.com/best-wordpress-security-plugin/
BulletProof Security (BPS)

The plugin has mainly focuses on .htaccess protection and login security.
.htaccess protection

Backed up the current .htaccess files using Backup & Restore

Activated the .htaccess files in root and admin folders

Login security
Went with the defaults, didnt change any setting here.

Wordfence Security

The plugin provides support for caching, cell-phone sign-in (two factor
authentication), malware scanning, IP/ country blocking, and a host of
firewall options.

Caching Enabled Wordfence Falcon Engine

Two Factor Authentication Enabled cell-phone sign-in

Malware Scanning Went with the default i.e. Wordfences automatic

scheduled scans
Firewall Options Went with the defaults, didnt change any setting

here.

iThemes Security

Apart from the default options, we enabled the following in

the Settings section

404 detection

File change detection

Hide backend feature

Malware scanning

Protect system files

Disable directory browsing

Filter request methods

Filter long URL strings

Remove file writing permissions

Disable PHP in uploads

Display random WordPress version

Completely disable XMLRPC

All In One WP Security

The plugin classifies its features into different sections and each section has
a score associated. We have enabled features such that the maximum score
is hit for a given section.

User Accounts No change was needed here as we didnt use the

default adminusername

User Login Went with the defaults, no changes here

User Registration Enabled CAPTCHA on the registration page

Filesystem Security Set recommended permissions for all folders

Firewall Enabled basic firewall and pingback protection

SPAM Prevention Enabled CAPTCHA on comment forms and block

spambots from posting comments

Copy Protection Enable copy protection

PUSE WORDFENCE SECURITY EN LQUEELE DOWNLOADED_ 4,485,991 times

5 STARS BASED ON 2.86 RATINGS
Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your
source code comparing it to the Official WordPress repository for core, themes and plugins. Then
Wordfence secures your site and makes it up to 50 times faster.
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our
premium support ticketing system at support.wordfence.com along with two factor authentication via
SMS, country blocking and the ability to schedule scans for specific times.
You can find our official documentation at docs.wordfence.com and our Frequently Asked Questions
on our support portal at support.wordfence.com. We are also active in our community support
forums on wordpress.org if you are one of our free users.
This is a brief introductory video for Wordfence:
The following video is an introduction to Falcon Engine, the new caching engine included in
Wordfence 5 which will make your site up to 50 times faster than a standard WordPress installation.
Wordfence Security is now Multi-Site compatible and includes Cellphone Sign-in which permanently
secures your website from brute force hacks.
Wordfence Security:
Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster
because it reduces your web server disk and database activity to a minimum.
Includes support for other major plugins and themes like WooCommerce.
Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the
attacker, your site is automatically protected.
Sign-in using your password and your cellphone to vastly improve login security. This is called Two
Factor Authentication and is used by banks, government agencies and military world-wide for
highest security authentication.
Includes two-factor authentication, also referred to as cellphone sign-in.
Scans for the HeartBleed vulnerability - included in the free scan for all users.
Wordfence includes two caching modes for compatability and has cache management features like
the ability to clear the cache and monitor cache usage.
Enforce strong passwords among your administrators, publishers and users. Improve login security.
Scans core files, themes and plugins against WordPress.org repository versions to check their
integrity. Verify security of your source.
Includes a firewall to block common security threats like fake Googlebots, malicious scans from
hackers and botnets.
Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP's
or networks and block entire networks using the firewall. Report security threats to network owner.
See how files have changed. Optionally repair changed files that are security threats.
Scans for signatures of over 44,000 known malware variants that are known security threats.
Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal
Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and
many many more.
Continuously scans for malware and phishing URL's including all URL's on the Google Safe
Browsing List in all your comments, posts and files that are security threats.
Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
Checks the strength of all user and admin passwords to enhance login security.

Monitor your DNS security for unauthorized DNS changes.

Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans
for vulnerabilities in your site.
Choose whether you want to block or throttle users and robots who break your security rules.
Includes login security to lock out brute force hacks and to stop WordPress from revealing info that
will compromise security.
See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is
consuming most of your content. Enhances your situational awareness of which security threats
your site is facing.
A real-time view of all traffic including automated bots that often constitute security threats that
Javascript analytics packages never show you.
Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area
security threats originate from.
Monitors disk space which is related to security because many DDoS attacks attempt to consume
all disk space to create denial of service.
Wordfence Security for multi-site also scans all posts and comments across all blogs from one
admin panel.
WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
Premium users can also block countries and schedule scans for specific times and a higher
frequency.
Wordfence Security is full-featured and constantly updated by our team to incorporate the latest
security features and to hunt for the newest security threats to your WordPress website.
MMMMMMMMMMMMMMMMMMMMMMMMM

PUSE ALL IN ONE EN VITRALES 5 STARS BASED ON 255 RATINGS

A COMPREHENSIVE, EASY TO USE, STABLE AND WELL SUPPORTED
WORDPRESS SECURITY PLUGIN 678,713 downloads TIENE ADEMS

Backup your database

DETAILS:

Backup .htaccess file

Backup wp-config.php file

WordPress itself is a very secure platform. However, it helps to add some extra security and
firewall to your site by using a security plugin that enforces a lot of good security practices.

The All In One WordPress Security plugin will take your website security to a whole
new level.
This plugin is designed and written by experts and is easy to use and understand.
It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the
latest recommended WordPress security practices and techniques.
All In One WP Security also uses an unprecedented security points grading system to measure
how well you are protecting your site based on the security features you have activated.
Our security and firewall rules are categorized into "basic", "intermediate" and "advanced". This
way you can apply the firewall rules progressively without breaking your site's functionality.
The All In One WordPress Security plugin doesn't slow down your site and it is 100% free.
Visit the WordPress Security Plugin page for more details.

Below is a list of the security and firewall features offered in this plugin:

User Accounts Security

Detect if there is a user account which has the default "admin" username and
easily change the username to a value of your choice.

The plugin will also detect if you have any WordPress user accounts which
have identical login and display names. Having account's where display name is identical
to login name is bad security practice because you are making it 50% easier for hackers
because they already know the login name.
Password strength tool to allow you to create very strong passwords.

User Login Security

Protect against "Brute Force Login Attack" with the Login Lockdown feature.
Users with a certain IP address or range will be locked out of the system for a
predetermined amount of time based on the configuration settings and you can also
choose to be notified via email whenever somebody gets locked out due to too many login
attempts.

As the administrator you can view a list of all locked out users which are
displayed in an easily readable and navigable table which also allows you to unlock
individual or bulk IP addresses at the click of a button.

Force logout of all users after a configurable time period

Monitor/View failed login attempts which show the user's IP address, User
ID/Username and Date/Time of the failed login attempt

Monitor/View the account activity of all user accounts on your system by

keeping track of the username, IP address, login date/time, and logout date/time.

Ability to automatically lockout IP address ranges which attempt to login with an

invalid username.
Ability to see a list of all the users who are currently logged into your site.
Allows you to specify one or more IP addresses in a special whitelist. The
whitelisted IP addresses will have access to your WP login page.
Add captcha to WordPress Login form.
Add captcha to the forgot password form of your WP Login system.

User Registration Security

Enable manual approval of WordPress user accounts. If your site allows people
to create their own accounts via the WordPress registration form, then you can minimize
SPAM or bogus registrations by manually approving each registration.

Ability to add captcha to the WordPress user registration page to protect you
from spam user registration.

Database Security

Easily the default WP prefix to a value of your choice with the click of a button.
Schedule automatic backups and email notifications or make an instant DB
backup whenever you want with one click.

File System Security

Identify files or folders which have permission settings which are not secure
and set the permissions to the recommend secure values with click of a button.

Protect your PHP code by disabling file editing from the WordPress
administration area.
Easily view and monitor all host system logs from a single menu page and stay
informed of any issues or problems occurring on your server so you can address them
quickly.
Prevent people from accessing the readme.html, license.txt and wp-configsample.php files of your WordPress site.

htaccess and wp-config.php File Backup and Restore

Easily backup your original .htaccess and wp-config.php files in case you will
need to use them to restore broken functionality.

Modify the contents of the currently active .htaccess or wp-config.php files from
the admin dashboard with only a few clicks

Blacklist Functionality

Ban users by specifying IP addresses or use a wild card to specify IP ranges.

Ban users by specifying user agents.

Firewall Functionality
This plugin allows you to easily add a lot of firewall protection to your site via htaccess file. An
htaccess file is processed by your web server before any other code on your site. So these
firewall rules will stop malicious script(s) before it gets a chance to reach the WordPress code
on your site.

Access control facility

Instantly activate a selection of firewall settings ranging from basic,

intermediate and advanced
Enable the famous "5G Blacklist" Firewall rules courtesy of Perishable Press
Forbid proxy comment posting
Disable trace and track
Deny bad or malicious query strings
Protect against Cross Site Scripting (XSS) by activating the comprehensive
advanced character string filter. or malicious bots who do not have a special cookie in their
browser. You (the site admin) will know how to set this special cookie and be able to log
into your site.
WordPress PingBack Vulnerability Protection feature. This firewall feature
allows the user to prohibit access to the xmlrpc.php file in order to protect against certain
vulnerabilities in the pingback functionality. This is also helpful to block bots from constantly
accessing the xmlrpc.php file and wasting your server resource.
Ability to block fake Googlebots from crawling your site.
Ability to prevent image hotlinking. Use this to prevent others from hotlinking
your images.
Ability to log all 404 events on your site. You can also choose to automatically
block IP addresses that are hitting too many 404s.

Brute force login attack prevention

Instantly block Brute Force Login Attacks via our special Cookie-Based Brute
Force Login Prevention feature. This firewall functionality will block all login attempts from
people and bots.

Ability to add a simple math captcha to the WordPress login form to fight
against brute force login attacks.
Ability to hide admin login page. Rename your WordPress login page URL so
that bots and hackers cannot access your real WordPress login URL. This feature allows
you to change the default login page (wp-login.php) to something you configure.
Ability to use Login Honeypot which will helps reduce brute force login attempts
by robots.

WhoIs Lookup

Perform a WhoIs lookup of a suspicious host or IP address and get full details.

Security Scanner

The file change detection scanner can alert you if any files have changed in
your WordPress system. You can then investigate and see if that was a legitimate change
or some bad code was injected.

Database scanner feature can be used to scan your database tables. It will look
for any common suspicious-looking strings, javascript and html code in some of the
WordPress core tables.

Comment SPAM Security

Monitor the most active IP addresses which persistently produce the most
SPAM comments and instantly block them with the click of a button.

Prevent comments from being submitted if it doesn't originate from your domain
(this should reduce some SPAM bot comment posting on your site).
Add a captcha to your wordpress comment form to add security against
comment spam.

Front-end Text Copy Protection

Ability to disable the right click, text selection and copy option for your frontend.

Regular updates and additions of new security features

WordPress Security is something that evolves over time. We will be updating

the All In One WP Security plugin with new security features (and fixes if required) on a
regular basis so you can rest assured that your site will be on the cutting edge of security
protection techniques.

Works with Most Popular WordPress Plugins

It should work smoothly with most popular WordPress plugins.

Additional Features

Ability to remove the WordPress Generator Meta information from the HTML
source of your site.

Ability to prevent people from accessing the readme.html, license.txt and wpconfig-sample.php files
Ability to temporarily lock down the front end of your site from general visitors
while you do various backend tasks (investigate security attacks, perform site upgrades, do
maintenance work etc.)
Ability to export/import the security settings.
Prevent other sites from displaying your content via a frame or iframe.

Plugin Support

If you have a question or problem with the All In One Security plugin, post it on
the support forum and we will help you.

Developers

If you are a developer and you need some extra hooks or filters for this plugin
then let us know.

Github repository - https://github.com/Arsenal21/all-in-one-wordpress-security

Translations

All In One WP Security plugin can be translated to any language.

Currently available translations:

English

German
Spanish
French
Hungarian
Italian
Swedish
Russian
Chinese
Portuguese (Brazil)
MMMMMMMMMMMMMMMMMMMMMM

BulletProof Security

1,424,250 DOWNLOADS

5 STARS SEGN 602 RATINGS

BulletProof Security Feature Highlights (tiene ADE+ readnly feature)

.htaccess Website Security Protection (Firewalls)

Login Security & Monitoring
DB Backup - Manual and Scheduled
DB Backup Logging
DB Table Prefix Changer
Security Logging
HTTP Error Logging
FrontEnd/BackEnd Maintenance Mode
UI Theme Skin Changer

BulletProof Security Pro Feature Highlights

1 Click Setup Wizard

AutoRestore Intrusion Detection & Prevention System (IDPS)

Quarantine Intrusion Detection & Prevention System (IDPS)
Real-time File Monitor (IDPS)
DB Monitor Intrusion Detection System (IDS)
DB Diff Tool - data comparison tool
DB Backup - Manual and Scheduled
DB Status & Info - extensive database status & info
Plugin Firewall (True IP Based Firewall)
JTC Anti-Spam / Anti-Hacker
Uploads Folder Anti-Exploit Guard (UAEG)
.htaccess Website Security Protection (Firewalls)
Custom php.ini Website Security
Login Security & Monitoring w/Dashboard Alerting / Status Display & additional
options/features
F-Lock - Read Only File Locking
FrontEnd/BackEnd Maintenance Mode
Security Logging
HTTP Error Logging
PHP Error Logging
DB Monitor Logging
DB Backup Logging
DB Table Prefix Changer
AutoRestore/Quarantine Logging
S-Monitor - Monitoring & Alerting Core
Pro Tools - 16 mini-plugins
Heads Up Dashboard Status Display
UI Theme Skin Changer
View All BulletProof Security Pro Feature Details

BulletProof Security One-Click Method vs Multiple Separate Option Settings

BulletProof Security uses a one-click setup method vs breaking up options and settings into
multiple separate different options and settings. One-click is used figuratively and not literally.
One-click is the concept where several tasks are performed with one-click of a button. BPS
BulletProof Modes setup actually takes 4 clicks, but with those 4 clicks BPS BulletProof Modes
are setup and the website has maximum security enabled with all BPS security features and
code enabled instead of having to choose multiple separate options and settings.
Customization, whitelisting, adding BPS Bonus Custom Code or adding other personal
custom .htaccess code is done with the BPS Custom Code feature.

htaccess Core Website Security (Security/Firewalls)

WordPress Website Security Protection: BulletProof Security protects your website against
100,000's of different hacking attempts/attacks. The .htaccess security filters in BulletProof
Security are designed to match malicious and nuisance attack patterns. The most important
benefits of using a finite pattern matching method vs infinite banning/blocking individual IP's,
Host's, Referer's, etc. is that your website performance and Server resources are not
negatively impacted. In general, BulletProof Security takes an "Action Approach" to website

security. Hacker X, Spammer X, Bad Bot X does bad Action Y = Forbidden/Blocked. An "Action
Approach" is a much more effective and performance optimized approach to website security
since the bad action itself is being blocked/forbidden instead of attempting to block an
individual hacker/spammer that performed a bad action. Example: BulletProof Security blocks
all SQL Injection hacking attempts/attacks no matter who performed that SQL Injection hacking
attempt/attack.

Login Security & Monitoring Website Security (Security/Monitoring)

Login Security & Login Monitoring: Log All User Account Logins or Log Only User Account
Lockouts (see Screenshot). Brute Force Login Security Protection. Email alerting options allow
you to choose 5 different email alerting options: Choose to have email alerts sent when a User
Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User
Account is locked out, Any User logs in and when a User Account is locked out or Do Not Send
Email Alerts. Choose Standard WP Error Messages or Generic Error Messages for Login
Security Stealth Mode. Choose to Enable or Disable Login Password Reset capability for Login
Security Stealth Mode. See BulletProof Security Login Security & Monitoring Features for
additional features and options.

DB Backup: Database Backup Website Security (Security/Backup)

DB Backup: Create manual and scheduled Backup Jobs. Selective database table backup and
full database backup. Scheduled backup job options: Hourly, Daily, Weekly and Monthly. Send
scheduled backup zip file via email or just send email only, automatically delete old backup
files after a certain period of time, etc., etc., etc. All DB Backup options/settings and default
setup is done automatically during upgrades and new installations.

BulletProof Security is Website Performance Optimized (Performance/Optimization)

Website performance is just as important as website security. BulletProof Security is website
performance optimized with website owners best interests at heart. BulletProof Security does
NOT abuse the WordPress Database by making excessive MySQL Queries. BulletProof
Security does NOT store excessive & non-essential data in your WordPress Database.
BulletProof Security does NOT use excessive Server Memory & Resources. BulletProof
Security does NOT use any gimmicks or bells & whistles that will cost website owners their
website performance. The benefits of having website security protection are negated if your
website is performing poorly/slowly, continually experiencing out of memory errors/running out
of memory, database size growing exponentially with non-essential stored data, etc.
BulletProof Security can actually speed up & improve your website performance by using the
Speed Boost Cache Bonus Code. See the BulletProof Security Bonus Custom Code help
section below.

FrontEnd/BackEnd Maintenance Mode (Security/Development)

Display a website under maintenance page with Countdown Timer to website visitors while the
website displays and functions normally for you. When the Countdown Timer has completed
(reached 0) an email reminder is sent to you to remind you that the Countdown Timer has

completed. The new BPS Maintenance Mode design includes 20 background images, 15
center images (text box image), allows you to embed image files and YouTube videos,
FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd
Maintenance Modes and most importantly is fast and simple to use so that you can switch in
and out of Maintenance mode quickly and easily. FrontEnd Maintenance mode is primarily
designed for development/maintenance purposes and BackEnd Maintenance Mode is
technically a security feature since enabling BackEnd Maintenance Mode allows you to deny
access to the /wp-admin folder/WP Dashboard by IP address. See BulletProof Security
FrontEnd/BackEnd Maintenance Mode Features for additional features and options.

Why .htaccess Website Security So Much Better Than Other Types of Website Security
The answer is very simple - .htaccess files (distributed Server configuration files) are
processed first before any other code on your website. In other words, hackers malicious
scripts are stopped by BulletProof Security .htaccess files/Firewalls before those scripts even
have a chance to reach the php code in WordPress. BulletProof Security uses .htaccess
website security files, which are specific to Apache Linux Servers. Please read the FAQ page
for Server compatibility questions.

BulletProof Security Additional Website Security Protection

WordPress is already very secure, but every website, no matter what type of platform it is built
on should have additional website security measures in place as a standard. BulletProof
Security provides that additional website security protection that every website should have.

Translations

Lithuanian by Vincent G from Host1Free.com Filipino/Tagalog by pointen.dk

Russian by EyeFinity
If you would like to translate the BPS plugin to your language see this BPS
Plugin Language Translation Tutorial. Please include a link to your website so that we can
add it here. Thank you.
Tip: If you use the Google Chrome Browser you can right mouse click in plugin
pages and then click on Translate to... To translate plugin text into your Language.

BulletProof Security Bonus Custom Code

Brute Force Login Protection .htaccess Code

Speed Boost Cache .htaccess Code
HotLink Protection .htaccess Code - Google, Yahoo, Bing safe
Author ID / Username Bot Probe Protection .htaccess Code
XML-RPC DDoS Protection .htaccess Code (Double Bonus:
Trackback/Pingback Protection)

BulletProof Security htaccess Core (Firewalls, etc.) Features

Root Folder BulletProof Mode/Firewall

wp-admin Folder BulletProof Mode/Firewall
Built-in .htaccess File Editor & File Manager
Built-in .htaccess Backup and Restore
One-click .htaccess website security protection from within the WP Dashboard
.htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code
Injection and SQL Injection.......... hacking attempts
TimThumb Vulnerability/Exploit .htaccess security protection (Firewall)
.htaccess Lock / Unlock (404 Read-Only)
.htaccess AutoLock On or Off
Security / HTTP Error Logging - Log 400, 403 and 404 Errors
Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
Security Log: Turn On / Turn Off / Delete Log
Security Log Automation: Automatically zipped, emailed and replaced based on
file size
Automatic .htaccess file updating on BPS upgrade installation
New .htaccess security filters automatically added during upgrade
WP Dashboard Alerts / WP Dashboard Dismiss Notices
Anti Comment Spam .htaccess code - works together with Akismet or other
Spam plugins to keep Comment Spam at a minimum
Anti Comment Spambot .htaccess code - Forbid Empty Referrer Spambots
Author ID / User ID / Username Bot Probe Protection
Custom Code feature: Add, Edit, Modify, Save additional Bonus or personal
custom .htaccess code
WordPress readme.html and /wp-admin/install.php protected with .htaccess
security protection
wp-config.php and bb-config.php files protected with .htaccess security
protection
php.ini and php5.ini files protected with .htaccess security protection
WordPress database errors turned off - Verification and function insurance
WordPress version is not displayed / not shown - WordPress version is
removed
WP Generator Meta Tag filtered - not displayed / not shown
WP DB default admin username / account check
System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, WP
Filesystem API Method, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer,
ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache,
Memcached...
Security Status Page - Displays website security status information
File and Folder Permission Checking - CGI / DSO - SAPI check / display
Help & FAQ page - links to BPS Guide and other detailed Help & Info pages
Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof
Security plugin pages
Website Developer Maintenance Mode (503 website open to Developer / Site
Owner ONLY)
Log in / out of your website while in Maintenance Mode
Customizable 503 Website Under Maintenance page
HUD Success / Error message display

i18n Language Translation coding

BulletProof Security Login Security & Monitoring Features

Brute Force Login Security Protection

Log All User Account Logins or Log Only User Account Lockouts
Logged DB Fields: User ID, Username, Display Name, Email, Role, Login
Time, Lockout Expires, IP Address, Hostname, Request URI
Email Alerting Options: User Account is locked out, An Administrator Logs in,
An Administrator Logs in and when a User Account is locked out, Any User logs in and
when a User Account is locked out, Do Not Send Email Alerts
Login Security Additional Options: Max Login Attempts, Automatic Lockout
Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
Login Security Stealth Mode: Standard WP Error Messages or Generic Error
Messages.
Login Security Stealth Mode: Enable or Disable Login Password Reset
capability and links.
Dynamic DB Form: Lock, Unlock, Delete
Enhanced Search: Allows you to search all of the Login Security database
rows/Fields
Click the Login Security Read Me help button for full descriptions of all features
and options.

BulletProof Security DB Backup/Database Backup Features

Manual or scheduled database backups

Scheduled backup job options: Hourly, Daily, Weekly and Monthly
Send scheduled backup zip file via email or just send email only
Selective database table backup and full database backup
Automatically deletion of old backup files after a certain period of time
Backup Jobs - Manual/Scheduled Accordion Tab
Displays the Description/Job Name, Delete and Run Checkboxes, Job Type,
Frequency, Last Backup, Next Backup, Email Backup and Job Created table columns.
Backup Files - Download/Delete Accordion Tab
Displays the Backup Filename, Delete Checkbox, Download Links, Backup
Folder, Size and Date/Time table columns.
Create Backup Jobs Accordion Tab
Displays a dynamic DB Table Name checkbox form, Description/Backup Job
Name, DB Backup Folder Location (default Obfuscated & Secure BPS Backup Folder
location), DB Backup File Download Link/URL, Backup Job Type: Manual or Scheduled,
Frequency of Scheduled Backup Job (recurring - Hourly, Daily, Weekly or Monthly), Hour
When Scheduled Backup is Run (recurring - start time for a scheduled backup job), Day of
Week When Scheduled Backup is Run (recurring - weekday day), Day of Month When
Scheduled Backup is Run (recurring - day of the month), Send Scheduled Backup Zip File
Via Email or Just Email Only - email zip backup file, do not email backup zip file, email and
delete zip backup file or just send an email, Automatically Delete Old Backup Files (Never
delete old backup files, delete backup files older than 1 day, 5 days, 10 days, 15 days, 30

days, 60 days, 90 days or 180 days), - Turn On/Off All Scheduled Backups (override - turn
on all scheduled backups or turn off all scheduled backups).
DB Backup Logging
Depending on your DB Backup settings, log entries will be logged anytime you
run a Manual Backup Job or whenever a Scheduled Cron Backup Job is run. The Backup
Job Completion Time, Zip Backup File Name, timestamp and other information is logged. If
you have chosen the option to automatically delete old zip backup files then the zip backup
file name and timestamp will be logged when old zip backup files are automatically deleted.
When you create a new Backup Job your Backup Job Settings are logged/saved in the DB
Backup Log.
DB Backup Log Automation: Automatically zipped, emailed and replaced based
on file size
Click the DB Backup Read Me help button for full descriptions of all features
and options.

BulletProof Security FrontEnd/BackEnd Maintenance Mode Features

FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd &

BackEnd Maintenance Modes

Website displays & functions normally while visitors see a website under
maintenance page
TinyMCE WYSIWYG Editor
Embed image files and YouTube videos
20 background images, 15 center images (text box image)
Background image files/options and Center images (text box image) are
independent of each other so that you can mix and match different background images
with different Center images (text box image)
Enable Countdown Timer
Countdown Timer Text Color
Maintenance Mode Time in Minutes
Header Retry-After in Minutes ~ 503 HTTP Status Code
Enable FrontEnd Maintenance Mode ~ site development, maintenance, coming
soon, under construction, etc.
Enable BackEnd Maintenance Mode ~ Deny All IP address .htaccess protection
for the wp-admin folder / WP Dashboard
Maintenance Mode IP Address Whitelist Text Box: Enter The IP Addresses That
Can View The Website Normally (not in Maintenance Mode)
Maintenance Mode Text, Images, Videos Displayed To Website Visitors
Background Images ~ 20 background images ~ mix and match with center
images ~ see screenshot
Center Images ~ 15 center images ~ mix and match with background images ~
see screenshot
Background Colors (If not using a Background Image)
Display Visitor IP Address
Display Admin/Login Link
Display Dashboard Reminder Message when site is in Maintenance Mode
Send Email Reminder when Maintenance Mode Countdown Timer has
completed
Email: To, From, cc, bcc

Network/Multisite Primary Site Options ONLY

Put The Primary Site And All Subsites In Maintenance Mode
Put All Subsites In Maintenance Mode, But Not The Primary Site
Click the Maintenance Mode Read Me help button for full descriptions of all
features and options.

MMMMMMMMMMMMMMMMMMMMMMM

iThemes Security (formerly Better WP Security)

The easiest, most effective way to secure WordPress in seconds. By iThemes.com
4.5 rating based on 3,707 ratings(3,707) 3,966,682 download
Compatible up to: 4.1

Warning

Please read the installation instructions and FAQ before installing this plugin. iThemes Security
makes significant changes to your database and other site files which can be problematic, so a
backup is strongly recommended before making any changes to your site with this plugin.
While problems are rare, most support requests involve the failure to make a proper backup
before installation.

iThemes Security (formerly Better WP Security), #1 WordPress Security Plugin

iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect
your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites
can be an easy target for attacks because of plugin vulnerabilities, weak passwords and
obsolete software.
Most WordPress admins don't even know theyre vulnerable, but iThemes Security works to fix
common holes, stop automated attacks and strengthen user credentials. With one-click
activation for most features, as well as advanced features for experienced users, iThemes
Security can help protect any WordPress site.

Maintained and Supported by iThemes

iThemes has been building and supporting WordPress tools since 2008. With our full range of
WordPress plugins, themes and training, WordPress security is the next step in providing you
with everything you need to build the WordPress web.

Get Support and Pro Features

Get added peace of mind with professional support from our expert team and pro features to
take your site's security to the next level with iThemes Security Pro.
Pro Features:

User action logging - track when user's edit content, login or logout

2-factor authentication - Use Google Authenticator or Authy to send a custom

code to your phone when you log in

Import/export settings - saves time setting up multiple WordPress sites

Malware scanning - Automatically check any URL or individual file on a

specified schedule and scan your whole site automatically as users browse through it

Password Expiration - Set a maximum password age and force users to

choose a new password. You can also force all users to choose a new password
immediately (if needed)

Generate Strong Passwords - Generate strong passwords right from your

profile screen

Dashboard Widget - manage important tasks such as user banning and system
scans right from the WordPress dashboard.

GeoIP banning - coming soon

Online file comparison - When a file change is detected it will scan the origin of
the files to determine if the change was malicious or not. Currently works only in
WordPress core but plugins and themes are coming.

Temporary privilege escalation - give a contractor or someone else temporary

admin or editor access to your site that will automatically reset itself.

wp-cli integration - Manage your site's security from the command line.

Google reCAPTCHA - Protect your site against spammers

iThemes Sync Integration

Manage more than one site? Manage away mode, handle malware scanning, release lockouts
and make sure your WordPress site is up to date withiThemes Sync.

New! iThemes Brute Force Protection Network

Network Brute Force Protection takes brute force protection to the next level by further banning
users who have tried to break into other sites from breaking into yours. The iThemes Brute
Force Protection Network will automatically report IP addresses of failed login attempts to
iThemes and will block them for a length of time necessary to protect your site based on the
number of sites that have seen a similar attack.

Obscure
iThemes Security hides common WordPress security vulnerabilities, preventing attackers from
learning too much about your site and away from sensitive areas like your site's login, admin,
etc.

Changes the URLs for WordPress dashboard areas including login, admin and
more

Completely turns off the ability to login for a given time period (away mode)

Removes the meta "Generator" tag

Removes theme, plugin, and core update notifications from users who do not
have permission to update them

Removes Windows Live Write header information

Removes RSD header information

Renames "admin" account

Changes the ID on the user with ID 1

Changes the Wordpress database table prefix

Changes wp-content path

Removes login error messages

Displays a random version number to non administrative users

Protect
Hiding parts of your site is helpful, but won't prevent all attacks. In addition to obscuring
sensitive areas of your WordPress site, iThemes Security works to protect it by blocking bad
users and increasing the security of passwords and other vital information.

Scans your site to instantly report where vulnerabilities exist and fixes them in
seconds

Bans troublesome user agents, bots and other hosts

Prevents brute force attacks by banning hosts and users with too many invalid
login attempts

Strengthens server security

Enforces strong passwords for all accounts of a configurable minimum role

Forces SSL for admin pages (on supporting servers)

Forces SSL for any page or post (on supporting servers)

Turns off file editing from within Wordpress admin area

Detects and blocks numerous attacks to your filesystem and database

Detect
iThemes Security monitors your site and reports changes to the filesystem and database that
might indicate a compromise. iThemes Security also works to detect bots and other attempts to
search vulnerabilities.

Detects bots and other attempts to search for vulnerabilities

Monitors filesystem for unauthorized changes

Run a scan for malware and blacklists on the homepage of your site

Receive email notifications when someone gets locked out after too many
failed login attempts or when a file on your site has been changed.

Recover
iThemes Security makes regular backups of your WordPress database, allowing you to get
back online quickly in the event of an attack. Use iThemes Security to create and email
database backups on a customizable schedule.
For complete site backups and the ability to restore or move WordPress easily, check
out BackupBuddy by iThemes.

Other Benefits

Makes it easier for users not accustomed to WordPress to remember login and
admin URLs by customizing default admin URLs

Detects hidden 404 errors on your site that can affect your SEO such as bad
links and missing images

Removes the existing jQuery version used and replaces it with a safe version
(the version that comes default with WordPress).

Tutorials
Learn how to use iThemes Security with our series of in-depth tutorial videostaught by lead
developer Chris Wiegman:

Getting Started

Global Settings

404 Detection

Away Mode

Banned Users

Brute Force Protection

Many more to come!

Compatibility

Works on multi-site (network) and single site installations

Works with Apache, LiteSpeed or NGINX (Note: NGINX will require you to
manually edit your virtual host configuration)

Features like database backups and file checks can be problematic on servers
without a minimum of 64MB of RAM. All testing servers allocate 128MB to WordPress and
usually don't have any other plugins installed.

Translations

Spanish by Andrew Kurtis

Please let us know if you would like to contribute a translation.

Warning
Please read the installation instructions and FAQ before installing this plugin. iThemes Security
makes significant changes to your database and other site files which can be problematic, so a
backup is strongly recommended before making any changes to your site with this plugin.
While problems are rare, most support requests involve the failure to make a proper backup
before installation.

---------------------------------------------