anyone using the bulletproof security plugin on their WP site?

*artemis* · 06-29-2012, 08:07 PM

Hi,

Anyone using the bulletproof security plugin on their WP blog?
http://wordpress.org/extend/plugins/...roof-security/

Was it easy-breezy or did you have issues with it?

I'm using it on a blog that I support on another server and it works great -- but that is not the case for a wp installation here on FQ that I did last night at the request of a family who wants my now-deceased client's site to have a feature where people can leave comments... http://bdjdesigns.com/memorial/guestbook/ ... I recommended using one of the dedicated services that makes memorial books and even told them I'd set that up for free for them but they didn't want that.

The issue is that when I activate the bulletproof plugin and go set options, the bulletproof admin page won't load... so I'm wondering if it's because it doesn't work well on FQ or whether its because I didn't call this installation "blog". It's not a conflict with the guestbook plugin because I added the bulletproof plugin first and tried to make that work and then when it didn't I just deactivated it and went on and set up the guestbook.

On the other site I support on which it works, originally it wouldn't because of a server issue. The site owner is a political author so he attracts haters / periodically gets hacked, and one of the techs at his chosen hosting service (just host) recommended using bulletproof a while back but it wouldn't work because it wasn't compatible with the servers. Long story that would probably bore you but which was a nice little income stream for me... they just did a major upgrade and now it works fine...

I thought I'd ask here before asking on the bulletproof support forums. I don't do a lot of work with WP pretty much on purpose although that is going to change pretty quickly... probably within the next year or two I anticipate that a large percentage of my sites that I have here on FQ will include a blog component. I think that is a good combination.

Or if there is a different security package that you recommend that works well here, that would be great... any guidance will be greatly appreciated...

thanks!

Diane
the grasshopper

**Terra** · 06-30-2012, 02:51 PM

I looked at your 'logs_cgi/php_error' log and saw the following 2 entries:

Quote:

[30-Jun-2012 08:44:34] PHP Warning: require_once(WP_PLUGIN_DIR/bulletproof-security/includes/class.php): failed to open stream: No such file or directory in /big/dom/xxxxxxxxx/www/memorial/wp-content/plugins/bulletproof-security/bulletproof-security.php on line 33
[30-Jun-2012 08:44:34] PHP Fatal error: require_once(): Failed opening required 'WP_PLUGIN_DIR/bulletproof-security/includes/class.php' (include_path='.:/usr/local/lib/php5-pear-fq:/usr/local/lib/php5-pear') in /big/dom/xxxxxxxxx/www/memorial/wp-content/plugins/bulletproof-security/bulletproof-security.php on line 33

It appears that the 'WP_PLUGIN_DIR' define is not set properly, which in turn is causing the 'include' errors since PHP now has to search the include paths for the requested file...

As we are in process of deprecating the older server cores (your site is on RASMUS) please contact the Service Desk and request a Genesis Class upgrade for your site...

That will bump your PHP version to 5.3.10 as well as a lot of other core level upgrades... Your site's package allocations will also increase as well...

*artemis* · 07-01-2012, 03:05 PM

Thanks Terra,

I appreciate the hand holding... I need to learn to read the logs... I've ordered the upgrade and will look at everything again after that's done. This is a site that has been on FQ for a loooong time. I've only had it a couple years; I inherited it from a colleague who is slowly reducing her workload. I'm hoping that the person who will be carrying the designers business forward will let me redesign it, but I'm not going to hold my breath

.

Anyhow, so it looks like another lesson here is to request server upgrades on the other sites before installing WP so that we've got the most recent version of PhP installed... right?

thanks! Diane

**Terra** · 07-01-2012, 05:53 PM

The upgrade to PHP 5.3 would ensure that all the scripts that you run are on versions of PHP that are being actively supported... Scripts that don't run with the latest versions usually need to be upgraded and in turn that would catch you up with any needed security fixes... We have been trying to deprecate PHP 5.2 for a long time (no longer supported by upstream), and this is just one more step in the right direction...

*artemis* · 07-02-2012, 04:09 PM

For many of the older sites, it doesn't matter. It didn't matter for this one until very recently. Everything works now - and thank goodness too

the bulletproof plugin is installed and activated
the admin user name is cryptic and has a good strong password
ditto for the other non-admin user

there are no posts by the admin user which would give away that name

I do still need to get phpAdmin set up but have something else to do and don't think it's a rush because this isn't a traditional blog - I do not anticipate that they will be making any posts - the whole idea of it was to include her memorial book on her site

Is there anything else that you can think of that I should do to make sure this stays secure both for the benefit of my client's family and also to protect FQ so that ya'll still like me

?

thanks again Terra and all at FQ,

Diane

**Terra** · 07-02-2012, 04:52 PM

I'm happy to hear the plugin issue has been resolved...

As to what you can do - just take inventory of all the scripts you run and ensure they are all up to date... Also, use strong passwords *everywhere* and use something like KeePass to keep track of them...

Best of luck to you on your upcoming site upgrades... Just shoot us an email and we'll add you to the schedule...