This is a free tutorial for installing "Bullet Proof Security" into your WordPress.
The developer website - Effective Business Website Design
1. Login to your WP-Dashboard, on your left, click “Installed Plugins”, place keywords – bullet proof security and click on “Search Plugins”.
2. On the left menu – click on BPS Security.Next,
Master htaccess created successfully.
3. Activate both Root Folder BulletProof Mode plus wp-admin Folder BulletProof Mode
4. For website that installed “Broken Link Checker”. Visit here to learn more!
Before create secure.htaccess File, please add the code in Step 5 and 6.
5. Protect Login Page from Brute Force Login Attacks - Learn more!
Add the below code to block an automated comment spambots.
Start here---
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol
# Block automated comment spambots using Server Protocol HTTP/1.0
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|/wp-comments-post\.php)$
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule ^(.*)$ – [F,L]
End here---
Click on " Custom Code"
Now, check on "Security Status", if same like below, follow the next instructions.
Start copy below this line ----
# BULLETPROOF .46.D >>>>>>> DEFAULT .HTACCESS# If you edit the line of code above you will see error messages on the BPS status page
# WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
# This is a standard generic htaccess file that does NOT provide any website security
# The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only# BEGIN WordPress
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ – [L]# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
2.wpadmin.htaccess File.
Start copy below this line----
# BULLETPROOF .46.4 WP-ADMIN SECURE .HTACCESS# If you edit the line of code above you will see error messages on the BPS status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS functions.php file to match your changes
# For more info see the BPS Guide at AIT-pro.com# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ – [F,L]# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|drop|delete|create|alter|update|order|char|set|cast|convert|meta|script|truncate).* [NC]
RewriteRule ^(.*)$ – [F,L]
End copy----
Once you have completed upload the 2 files as shown above, select ” Security Modes”, click on “Create secure.htaccess File”. As usual, same as step 3 & 4, activate both once again;
The installation process is completed.
The developer website - Effective Business Website Design
1. Login to your WP-Dashboard, on your left, click “Installed Plugins”, place keywords – bullet proof security and click on “Search Plugins”.
2. On the left menu – click on BPS Security.Next,
- -Select “Security Modes”
- -Click on “Created default.htaccess File
Master htaccess created successfully.
3. Activate both Root Folder BulletProof Mode plus wp-admin Folder BulletProof Mode
Next, activate Deny All htaccess:
- Master htaccess BulletProof Mode
- BPS Backup BulletProof Mode
4. For website that installed “Broken Link Checker”. Visit here to learn more!
Before create secure.htaccess File, please add the code in Step 5 and 6.
5. Protect Login Page from Brute Force Login Attacks - Learn more!
Add the below code to block an automated comment spambots.
Start here---
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol
# Block automated comment spambots using Server Protocol HTTP/1.0
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|/wp-comments-post\.php)$
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule ^(.*)$ – [F,L]
End here---
Click on " Custom Code"
- Select “Root htaccess File Custom Code”
- Paste into “Custom Code Brute Force Login Page Protection”.
- Scroll down and “Save Root Custom Code”
Now, check on "Security Status", if same like below, follow the next instructions.
Upload 2 htaccess files into “master-backups” directory.
1. root,htaccess File.
Start copy below this line ----
# BULLETPROOF .46.D >>>>>>> DEFAULT .HTACCESS# If you edit the line of code above you will see error messages on the BPS status page
# WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
# This is a standard generic htaccess file that does NOT provide any website security
# The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only# BEGIN WordPress
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ – [L]# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress
End copy----
Start copy below this line----
# BULLETPROOF .46.4 WP-ADMIN SECURE .HTACCESS# If you edit the line of code above you will see error messages on the BPS status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS functions.php file to match your changes
# For more info see the BPS Guide at AIT-pro.com# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ – [F,L]# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|drop|delete|create|alter|update|order|char|set|cast|convert|meta|script|truncate).* [NC]
RewriteRule ^(.*)$ – [F,L]
End copy----
Once you have completed upload the 2 files as shown above, select ” Security Modes”, click on “Create secure.htaccess File”. As usual, same as step 3 & 4, activate both once again;
- Root Folder .htaccess Security Mode
- wp-admin Folder .htaccess Security Mode
The installation process is completed.
To play safe, suggest to make a backup.
For your convenience, you can download both .htaccess files
https://www.virustotal.com/en/file/76809f3f98da8410fdf02e2014820f49c673bbbbbf423247d6faec1ec474f21b/analysis/1392946924/
SHA256: 76809f3f98da8410fdf02e2014820f49c673bbbbbf423247d6faec1ec474f21b
File name: masterbackupshtaccessfiles.zip
Detection ratio: 0 / 50
