Bulletproof-security and other "security" plugins

Hi,

I was just wondering if any of you have an experience with this kind of plugins. Are they really useful? Would you use a plugin like http://wordpress.org/extend/plugins/bulletproof-security/ in a large network?

My first thought is that having up to date WP version and plugins + fully managed server is sufficient but I'm not a professional. What do you think?

Thank you for your feedbacks

Laurent

  • Mason

    I don't have any experience with this particular plugin, but there's several things you can do to really harden your WordPress security. #1 on my list is always a custom database prefix: http://digwp.com/2010/10/change-database-prefix/

    Here's a great article with some other security tips to help ya without any additional plugins: http://digwp.com/2010/07/wordpress-security-lockdown/

    Hope this helps!

  • Lorange

    Thank you for this article that provides some good advices. Sure it helps!

    I found the following page that has some useful info too:

    http://codex.wordpress.org/Hardening_WordPress (for example moving the wp-config.php file)

    I saw that it's possible to move/rename the wp-content folder. However it looks like several themes and plugins (even WPMU DEV ones) have this "standard" path hardcoded*

    Any other feedback/experience with "security" plugins or general recommendation?

    Laurent

    * Result of a quick search:

    C:\xampp\htdocs\*****\wp-content\mu-plugins\custom_anti_spam.php (2 hits)
    	Line 28: 	* Added self-checking of plugin location (placing the plugin inside a subfolder of wp-content/plugins is now suggested).
    	Line 107: $cas_fontpath = "wp-content/mu-plugins/custom-anti-spam/";
      C:\xampp\htdocs\*****\wp-content\mu-plugins\moderation_framework.php (1 hits)
    	Line 277: 	wp_register_script('moderation', get_option('siteurl') . '/wp-content/moderation.js', array('thickbox'), $moderation_current_version);
      C:\xampp\htdocs\*****\wp-content\plugins\anti-splog\anti-splog.php (1 hits)
    	Line 124:     ?><div class="error fade"><p><?php _e('Please move the blog-suspended.php file from the Anti-Splog plugin to the /wp-content/ directory.', 'ust'); ?></p></div><?php
      C:\xampp\htdocs\*****\wp-content\plugins\avatars\avatar-bbpress.php (3 hits)
    	Line 39: $user_avatars_path = '/path/to/wp-content/uploads/avatars/user/';
    	Line 58: 		$default = $wpmu_url . 'wp-content/mu-plugins/avatars-files/default-avatar-' . $size . '.png';
    	Line 68: 		$default = $wpmu_url . 'wp-content/mu-plugins/avatars-files/default-avatar-' . $size . '.png';
      C:\xampp\htdocs\*****\wp-content\plugins\avatars\avatars.php (4 hits)
    	Line 42: $avatars_path = 'wp-content/uploads/avatars/';
    	Line 121: 			if ( is_dir( ABSPATH . 'wp-content/avatars/' ) && !is_dir( ABSPATH . $avatars_path ) ) {
    	Line 139: 					if( copy_dir( ABSPATH . 'wp-content/avatars/', ABSPATH . $avatars_path ) ) { // copy files to new directory
    	Line 141: 						if( $wp_filesystem->delete( ABSPATH . 'wp-content/avatars/', true ) ) // attempt delete of old folder
      C:\xampp\htdocs\*****\wp-content\plugins\blog-types\blog-types\blog-types.php (1 hits)
    	Line 42: 	die( __('Blog Types configuration file "blog-types-config.php" not found. Please move it to /wp-content/ and edit it before activating.', 'blogtypes') );
      C:\xampp\htdocs\*****\wp-content\plugins\cms-tree-page-view\functions.php (1 hits)
    	Line 333: 		            [country_flag_url] => http://localhost/wordpress3/wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png
      C:\xampp\htdocs\*****\wp-content\plugins\google-translator\google_translator.php (1 hits)
    	Line 16: Place the widget_single_photo folder in your /wp-content/plugins/ directory
      C:\xampp\htdocs\*****\wp-content\plugins\grunion-contact-form\grunion-contact-form.php (1 hits)
    	Line 597: 	/* Can be dequeued by placing the following in wp-content/themes/yourtheme/functions.php
      C:\xampp\htdocs\*****\wp-content\plugins\login-image\login-image.php (12 hits)
    	Line 102: 		if ( file_exists( ABSPATH . 'wp-content/login-image/login-form-image.png' ) ) {
    	Line 106: 				background: url(<?php echo site_url( 'wp-content/login-image/login-form-image.png', '', 'login' ); ?>) no-repeat;
    	Line 130: 			$this->remove_file( ABSPATH . 'wp-content/login-image/login-form-image.png' );
    	Line 134: 			$this->remove_file( ABSPATH . 'wp-content/login-image/login-form-image.png' );
    	Line 136: 			if ( ! is_dir( ABSPATH . 'wp-content/login-image/' ) )
    	Line 137: 				wp_mkdir_p( ABSPATH . 'wp-content/login-image/' );
    	Line 139: 			$file = ABSPATH . 'wp-content/login-image/' . basename( $_FILES['login_form_image_file']['name'] );
    	Line 180: 			if ( ! imagepng( $newimage, ABSPATH . 'wp-content/login-image/login-form-image.png' ) )
    	Line 185: 			$stat = stat( ABSPATH . 'wp-content/login-image/' );
    	Line 187: 			@chmod( ABSPATH . 'wp-content/login-image/login-form-image.png', $perms );
    	Line 216: 				if ( file_exists( ABSPATH . 'wp-content/login-image/login-form-image.png' ) ) {
    	Line 217: 					echo '<img src="' . site_url( 'wp-content/login-image/login-form-image.png?' ) . md5( time() ) . '" />';
      C:\xampp\htdocs\*****\wp-content\plugins\wpmudev-updates\update-notifications.php (6 hits)
    	Line 180:     		$plugins_root = ABSPATH . 'wp-content/plugins';
    	Line 229:     		$mu_plugins_root = ABSPATH . 'wp-content/mu-plugins';
    	Line 293:     		$themes_root = ABSPATH . 'wp-content/themes';
    	Line 631:           echo "<p><a target='_blank' title='" . __('More Information &raquo;', 'wpmudev') . "' href='{$data['latest_release']['url']}'><img src='https://premium.wpmudev.org/wp-content/projects/{$data['latest_release']['id']}/listing-image-thumb.png' width='80' height='60' style='float:left; padding: 5px' /></a>";
    	Line 715:         $screenshot = "https://premium.wpmudev.org/wp-content/projects/$id/listing-image-thumb.png";
    	Line 973:           $screenshot = "https://premium.wpmudev.org/wp-content/projects/$project_id/listing-image-thumb.png";
      C:\xampp\htdocs\*****\wp-content\themes\anarchy\header.php (1 hits)
    	Line 32:   <img src="/wordpress/wp-content/themes/anarchy/logo.gif" alt="logo" align="left" style="margin:3px 5px 0 60px;" />
      C:\xampp\htdocs\*****\wp-content\themes\arclite\functions.php (3 hits)
    	Line 329: if ($uploadpath['baseurl']=='') $uploadpath['baseurl'] = get_bloginfo('siteurl').'/wp-content/uploads';
    	Line 471:   <style type="text/css"> @import "<?php print get_option('siteurl'). "/wp-content/themes/". get_option('template') ?>/js/colorpicker/colorpicker.css"; </style>
    	Line 473:   <script type="text/javascript" src="<?php print get_option('siteurl'). "/wp-content/themes/". get_option('template') ?>/js/colorpicker/colorpicker.js"></script>
      C:\xampp\htdocs\*****\wp-content\themes\blogtheme\thumb.php (1 hits)
    	Line 1039: 	// /wp-content/themes/mimbopro/scripts/timthumb.php
      C:\xampp\htdocs\*****\wp-content\themes\blue-zinfandel-enhanced\header.php (1 hits)
    	Line 8: <link rel="Shortcut Icon" href="<?php echo get_settings('home'); ?>/wp-content/themes/blue-zinfandel-enhanced-20/images/favicon.ico" type="image/x-icon" />
      C:\xampp\htdocs\*****\wp-content\themes\colorpaper\preview.php (1 hits)
    	Line 655: 	// /wp-content/themes/mimbopro/scripts/timthumb.php
      C:\xampp\htdocs\*****\wp-content\themes\commentpress\comments.php (2 hits)
    	Line 170: 					 <p>Click the <img src="<?php bloginfo('url'); ?>/wp-content/themes/commentpress/images/pararead.png"> icon to the right of a paragraph</p>
    	Line 176: 					 <p>Click the <img src="<?php bloginfo('url'); ?>/wp-content/themes/commentpress/images/pageread.png"> icon to the right of the page title (works the same as paragraphs)</p>
      C:\xampp\htdocs\*****\wp-content\themes\commentpress\functions.php (3 hits)
    	Line 21: define('COMMENTPRESS_IMAGE_PATH', get_bloginfo('wpurl')."/wp-content/themes/". get_template() . "/images/");
    	Line 360: 	$license_dir =  $wpurl.'/wp-content/themes/'.get_template().'/images/';
    	Line 361: 	$theme_dir =  $wpurl.'/wp-content/themes/'.get_template().'/themes/';
      C:\xampp\htdocs\*****\wp-content\themes\commentpress\header.php (10 hits)
    	Line 6: <base href="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?php echo get_template(); ?>" />
    	Line 9: <script type="text/javascript" src="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?php echo get_template(); ?>/javascript/utilities.js"></script>
    	Line 10: <script type="text/javascript" src="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?php echo get_template(); ?>/javascript/jquery.js"></script>
    	Line 11: <script type="text/javascript" src="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?php echo get_template(); ?>/javascript/frivolous.js"></script>
    	Line 12: <script type="text/javascript" src="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?php echo get_template(); ?>/javascript/threading.js"></script>
    	Line 16: <link rel="stylesheet" type="text/css" media="screen" href="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?= get_template(); ?>/reset.css" />
    	Line 17: <link rel="stylesheet" type="text/css" media="screen" href="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?= get_template(); ?>/master.css" />
    	Line 18: <link rel="stylesheet" type="text/css" media="screen" href="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?= get_template(); ?>/style.css" />
    	Line 19: <link rel="stylesheet" type="text/css" media="screen" href="<?php bloginfo('wpurl'); ?>/wp-content/themes/<?= get_template(); ?>/skins/<?= get_option('skin') ?>/style.css"  />
    	Line 21: <link rel="stylesheet" type="text/css" media="screen" href="<?php bloginfo('wpurl'); ?>/wp-content/themes/commentpress/style_ie.css" />
      C:\xampp\htdocs\*****\wp-content\themes\commentpress\plugins\buttonsnap.php (1 hits)
    	Line 392:                 return get_settings('siteurl') . '/wp-content/plugins/' . $this->basename($src);
      C:\xampp\htdocs\*****\wp-content\themes\commentpress\plugins\skinner\skinner.php (1 hits)
    	Line 108: 	// Files in wp-content/skins directory and one subdir down
      C:\xampp\htdocs\*****\wp-content\themes\cutline\functions.php (1 hits)
    	Line 189: 	if (file_exists(ABSPATH . 'wp-content/plugins/UltimateTagWarrior/ultimate-tag-warrior-core.php') && in_array('UltimateTagWarrior/ultimate-tag-warrior.php', get_option('active_plugins'))) {
      C:\xampp\htdocs\*****\wp-content\themes\daydream\functions.php (1 hits)
    	Line 137: 						<div class="hint" style="margin-left: 90px;">Read more about tags <a href="http://www.neato.co.nz/wp-content/plugins/UltimateTagWarrior/ultimate-tag-warrior-help.html">here</a>. Credit goes to <a href="http://www.neato.co.nz/">Christine Davis</a> for this plugin.</div></p>
      C:\xampp\htdocs\*****\wp-content\themes\daydream\searchtags.php (1 hits)
    	Line 34: 	var ajaxUrl = "/wp-content/plugins/UltimateTagWarrior/ultimate-tag-warrior-ajax.php";
      C:\xampp\htdocs\*****\wp-content\themes\envision\thumb.php (1 hits)
    	Line 716:     // /wp-content/themes/mimbopro/scripts/timthumb.php
      C:\xampp\htdocs\*****\wp-content\themes\fusion\functions.php (3 hits)
    	Line 259: if ($uploadpath['baseurl']=='') $uploadpath['baseurl'] = get_bloginfo('siteurl').'/wp-content/uploads';
    	Line 417:   <style type="text/css"> @import "<?php print get_option('siteurl'). "/wp-content/themes/". get_option('template') ?>/js/colorpicker/colorpicker.css"; </style>
    	Line 419:   <script type="text/javascript" src="<?php print get_option('siteurl'). "/wp-content/themes/". get_option('template') ?>/js/colorpicker/colorpicker.js"></script>
      C:\xampp\htdocs\*****\wp-content\themes\garland\functions.php (3 hits)
    	Line 134: 	echo "<link rel='stylesheet' href='/wp-content/themes/pub/garland/farbtastic.css' type='text/css' />";
    	Line 138: 	imgObj.src = "/wp-content/themes/pub/garland/image.php?src=preview.png&top=$_top&bottom=$_bottom&base=$_base";
    	Line 216: 		background: url("/wp-content/themes/pub/garland/image.php?src=preview.png&top=$_top&bottom=$_bottom&base=$_base");
      C:\xampp\htdocs\*****\wp-content\themes\hemingway\functions.php (1 hits)
    	Line 610: 		$blocks_dir = @ dir(ABSPATH . '/wp-content/themes/' . get_template() . '/blocks');
      C:\xampp\htdocs\*****\wp-content\themes\letoprime\searchtags.php (1 hits)
    	Line 34: var ajaxUrl = "../wp-content/plugins/UltimateTagWarrior/ultimate-tag-warrior-ajax.php";
      C:\xampp\htdocs\*****\wp-content\themes\magazeen\timthumb.php (1 hits)
    	Line 383: 	// /wp-content/themes/mimbopro/scripts/timthumb.php
      C:\xampp\htdocs\*****\wp-content\themes\mandigo\style.css.php (1 hits)
    	Line 66: 			$stylesheet_directory = $siteurl .'/wp-content/themes/'. $stylesheet;
      C:\xampp\htdocs\*****\wp-content\themes\mystique\admin\theme-settings.php (1 hits)
    	Line 15:   if ($uploadpath['baseurl']=='') $uploadpath['baseurl'] = get_bloginfo('siteurl').'/wp-content/uploads';
      C:\xampp\htdocs\*****\wp-content\themes\mystique\extensions\auto-thumb\timthumb.php (1 hits)
    	Line 677:     // /wp-content/themes/mimbopro/scripts/timthumb.php
      C:\xampp\htdocs\*****\wp-content\themes\oceanwide\functions.php (1 hits)
    	Line 172: 		load_template( ABSPATH . 'wp-content/themes/default/sidebar.php');
      C:\xampp\htdocs\*****\wp-content\themes\technical-speech\functions.php (1 hits)
    	Line 174: 				"desc" => "Check this to <strong>hide avatar</strong> (located inside images folder in the theme directory : '<strong><em>wordpess folder </em>/wp-content/themes/technicalspeech/images/about_avatar.jpg</strong>', replace this image with your image to show your avatar) in 'About Me' box.",
      C:\xampp\htdocs\*****\wp-content\themes\vertigo-3column\header.php (1 hits)
    	Line 21: <link rel="Shortcut Icon" href="<?php echo get_settings('home'); ?>/wp-content/themes/vertigo-3column/images/favicon.ico" type="image/x-icon" />

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.