Title: BPS compatibility/improving functionality. Last modified: August 22, 2016 --- # BPS compatibility/improving functionality. * Resolved [maliwoot](https://wordpress.org/support/users/maliwoot/) * (@maliwoot) * [11 years, 8 months ago](https://wordpress.org/support/topic/bps-compatibilityimproving-functionality/) * Hi BPS, * I am aware the only plugin you can be sure won’t conflict with BPS is wordfence, providing we are careful with the falcon engine etc. * However, there are some functions of the ithemes security plugin that appeal to me, though I note that everything else it does is not as good as BPS. But I’d like to know from you guys if you think it’s worth just using your plugin or to disable everything on ithemes except for these features they use which I believe won’t necessarily conflict and may further enhance security, these are: * 1. using a stealth wp-login page 2. Part of their system is to use network brute force protection by “banning users who have tried to break into other sites from breaking into yours.” – This seems like a good idea to me. 3. Disabling PHP in uploads (although code is available easily). 4. 404 detection to prevent scanning for vulnerabilities. 5. Using a comprehensive blacklist from hackrepair.com * If you already cover some of these features, they conflict or think they are simply ineffective/redundant, please let me know, and I’ll just use BPS for all of my sites instead of using ithemes for just those 5 features with BPS as the main security plugin. * I think this would be a good place to send people to regarding compatibility questions, since I think it’s just these 5 features on ithemes that BPS doesn’t do/do better. * Thank you so much. * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/) Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 8 months ago](https://wordpress.org/support/topic/bps-compatibilityimproving-functionality/#post-5324337) * Well it depends on how you use other security plugins that also use htaccess code rules/security filters/etc. I believe BPS covers all the bases as far as security rules go in the root and wp-admin htaccess files so I would say just to not use any redundant or conflicting htaccess code/security rules in other security plugin’s. * 1. Yep you can go that route or go this route and use this IP based protection: [http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/](http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/) * 2. I believe that when you start focusing on “individuals” doing bad actions vs focusing on bad actions themselves you are going to run into website performance problems or excessive server resource usage. Here is the logic: * > In general, BulletProof Security takes an “Action Approach” to website security. > Hacker X, Spammer X, Bad Bot X does bad Action Y = Forbidden/Blocked. An “Action > Approach” is a much more effective and performance optimized approach to website > security since the bad action itself is being blocked/forbidden instead of > attempting to block an individual hacker/spammer that performed a bad action. > Example: BulletProof Security blocks all SQL Injection hacking attempts/attacks > no matter who performed that SQL Injection hacking attempt/attack. * 3. I don’t understand what you mean? * 4. I think that is going to fall into the category of unnecessarily wasting website and server resources. Or in other words, I believe it is unnecessary to do something like that. Automated hacker and spammer probes and recons go on 24x7x365. If your website/server is trying to handle/manage this stuff then you are using up resources that in my opinion do not need to be wasted on this stuff. * 5. As long as you are avoiding trying to block anything that is an “individual” vs blocking by bad action then you are using htaccess code efficiently. If you try to block 5,000 individual bad bots or 5,000 individual IP addresses then your website and server are going to be significantly negatively impacted by that. * In summary, you can see that sticking to an “Action Approach” is the best way to go. It is efficient and ensures that your website and server are performing at their optimum best. Stay away from blocking anything that falls into the category of “individual”. * I rarely get any spare time to look at what other security plugins are doing these days, but I am very confident that BPS is covering all of the bases in the root and wp-admin htaccess files as far as htaccess security goes. I think trial and error is the only way to find out what does and does not work between BPS and other security plugins that use htaccess code/files. * Thread Starter [maliwoot](https://wordpress.org/support/users/maliwoot/) * (@maliwoot) * [11 years, 8 months ago](https://wordpress.org/support/topic/bps-compatibilityimproving-functionality/#post-5324386) * Thanks,I understand that. I guess 2 and 5 are pretty much the same, trying to come up with an endless list of bad IPs. * So BPS does actually block IPs performing bad actions, separate to it’s login security blocking? * In 3) I was referring to how one ithemes option is to disable php in uploads, but acknowledged it was a simple piece of htaccess code. * Thanks for your comprehensive reply as always. I’m certain I’ll be a BPS pro customer in the future. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 8 months ago](https://wordpress.org/support/topic/bps-compatibilityimproving-functionality/#post-5324404) * Yes, the root and wp-admin htaccess files block over 100,000 different bad actions/ attacks (100,000 is a very low estimate – it is probably more like 1,000,000). * BPS does not look at “individual” things like IP addresses and blocks by the bad action itself. ie IP addresses: 100.99.88.77, 99.88.77.66 and 88.77.66.55 try to hack your website using the same hacking method. The hacking method (bad action) is blocked which means that there is no need to block these IP addresses or any other IP addresses since the bad action itself is what is blocked. * 3. BPS Pro has the Uploads Anti-Exploit Guard (UAEG) security feature, which sounds like it may be in the same general security feature category. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘BPS compatibility/improving functionality.’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) ## Tags * [ithemes](https://wordpress.org/support/topic-tag/ithemes/) * 3 replies * 2 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [11 years, 8 months ago](https://wordpress.org/support/topic/bps-compatibilityimproving-functionality/#post-5324404) * Status: resolved