What happened?

One more question. When hacker I injected his shell, can he deactivate BPS Pro, without receiving any notice via e-mail?

In config php there is the database access code. Which feature of BPS Pro protect this against hackers?

Pretty much all BPS Pro security features protect wp-config.php.

If google search includes hacker codes, it should be somewhere in the HTML code. Therefore browser or other program can recognize it.

Yes, hackers intentionally put a searchable tag/signature in hacker Shell scripts so that they are indexed and can be found in Google searches. The new trend is to lock Shell scripts with password protection so it is much harder now to find the hacker Shell script login page in Google searches and you have to know the password to login to the Shell.

When hacker I injected his shell, can he deactivate BPS Pro, without receiving any notice via e-mail?

No, because when the hacker Shell script is uploaded to the site it will be quarantined and you will receive an email alert that the Shell script has been quarantined.

Although if a hacker knew you had BPS Pro installed and knew about ARQ IDPS and has cracked your FTP password then he/she could rename or delete the /bulletproof-security/ plugin folder. The only indication you would have in this case is the BPS Pro plugin would be deactivated or deleted from the site. If the hacker renames the /bulletproof-security/ plugin folder back to its folder name then the hacker Shell script will be quarantined immediately. So the hacker can only delete the /bulletproof-security/ plugin folder or leave BPS Pro deactivated in order for the hacker Shell script not to be quarantined.

put a searchable tag/signature

Can you tell me an example? If Google sees, I can see also. There are also free website analyzer tool or browser extension, which recognize hacker codes?

here’s a few search strings. To find more search strings use this google search term: “dorks for finding shells”
o—[ r57shell – http-shell
o—[ Xgr0upVN – shell
intext:o–{ UnKn0wN Shell }–o
inurl:c99 intitle:\”-n3t\”

I had to create a whitelist rule in my computer security protection app to be able to view this post

Is there any browser extension or security app which indicate the that the webpage is hacked or contains malware?

I use Avast Internet Security (paid version), which comes with Web Shield to protect my computers/browsers. It alerts me that a webpage has something malicious on it and stops/kills all malicious scripts from loading/running.

Back to the essential security:
With BPS pro is there a chance to hack with brute force?
I think it also depends on the strength of the password. Do you have any recommendation to the strong password?

If hacked, and the hacked password is not admin, is there any chance to put hacker shell to the website?

All Brute force attack methods are protected against. So no there is not a chance of a Brute force attack being successful against your website. Brute force attacks are done in volume: ie 1,000,000 attempted logins per X amount of time using password lists and/or algorithms to crack/guess a password. If Login Security is set to max 5 login attempts then only 5 login attempts can be made. WordPress now automatically creates very strong/secure passwords for you. Do a Lost Password form request.

Only a WordPress Administrator can install plugins.

Hacker Shells can be uploaded via cracked FTP accounts, WordPress Administrator user accounts, Cross Site Infection (a website is compromised on the same server that your website is on and a Symlink or other vulnerability/flaw exists on the server, which allows the Cross Site Infection to be successful) or a flaw/vunerability in an upload form or other flawed/vulnerable code in a plugin or theme (BPS protects against most flawed/vulnerable code, but cannot protect against an upload form that is flawed/vulnerable because that upload form is seen as being allowed to do that intentionally). ARQ IDPS will quarantine hacker Shell scripts/files in all the scenarios above to prevent the hack (Shell upload) from being successful.

Assuming all questions have been answered – thread has been resolved. If you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Thread Start Date: 8-26-2015 to 8-27-2015
Thread Resolved/Current Date: 8-29-2015