Bit51 (part of the iThemes family)

As my plugin does a number of things in addition to what bulletproof does I do not use bullet proof and I’m afraid I can’t tell you if current versions would conflict. If you have any issues let us know.

Hard to say as I don’t know they’re setup. It does not support shared-ssl certificates if that helps.

Not ignored, just lost in my todo list (tis the life of a free plugin). Take a look at 3.4.6 as it addresses a lot of your issues.

Thanks for the heads up. I’ll take a look.

@nothin7 The button depends on, at least partially, on your configuration. If all the individual options that make up the basic security are already selected (these vary based on your configuration) then you won’t see the button. In addition, as of version 3.4.4, the option was moved to the install script only as it was causing some confusion when displayed later.

Some plugins hard-code the name of wp-content into their code (even though changing it has been an option since WordPress 2.6). You can search their code and replace all instances of wp-content with your new directory name or you can leave it as wp-content.

No, there is no direct way currently although I like the idea and have added it to the “dev” version. It will be in the next release.

I only use number 2 but of course I’m biased.

Number one tends to be problematic. First, it can block legitimate users thanks to certain plugins that access wp-admin. Second, assuming you’re only using HTTP BASIC Auth, it really isn’t all that secure as you only have a limited group of users, the credentials may not be encrypted, their is no session so credentials have to be retransmitted on every request, etc.

It’s not something I’ve ever tried to be honest. I’ll take a look for future versions.

Take a look at your wp-config file and verify all the paths are correct.

MonkeyKong are the IPs in question in your .htaccess file? (have they written to it successfully)

I’m running the plugin with mod_php on a number of sites. The error you’re getting here looks to be due to your wpjobboard plugin and not BWPS.

The issue your encountering is a theme issue and not caused by BWPS. Changes made by BWPS involve only the .htaccess file (you’ll see the included entries) and the wp-config file if you’ve moved your wp-content folder or activated a couple of other features.

There could have been an issue that, if you were logged in as an admin and could access the settings, you could have set the email or IP addresses in the option to a malicious script. In the wild, for an attacker to make use of this they would have had to already compromised your site. That said, it has been fixed in 3.4.4.

This depends a lot on the choices you select. For example, you can manually upload a favicon via ftp/sftp regardless of plugin settings. All other situations would depend entirely on how you’re trying to accomplish this functionality.

You can undo one-click protection by disabling all features activated in the plugin. As for protecting the site, turn on as many features as you can without conflicting with your other plugins.

The problem here is some plugins legitimately use techniques that are also common to hackers. Many features in this plugin block such techniques and then have to be turned off when they conflict with a legitimate plugin. Just turn on as much as you can. Every feature you use makes you that much more secure.