Worfence Vs Bullet Proof

a. Nope, BPS blocks by “bad action”. ie ip address x.x.x.x, bad bot X, spammer X, hacker X does a bad action and the bad action itself is blocked. So basically there is no need to block by country ip addresses.

b. Nope, not really sure why you would want to do that. Seems like a waste of your time. BPS just blocks stuff and logs stuff.

c. Nope, BPS focuses on website security only.

d. The BPS firewall htacces code is very effective. I’m not sure what wordfence does with their firewall. So I can’t really compare the two.

• This reply was modified 7 years, 12 months ago by AITpro.

My previous thread post comes off as negative instead of positive since there a comparison to Wordfence trying to be made. So here is a positive approach.

This is our selling point for BPS Pro, which is 100% accurate and truthful:
“BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.”

This is a list of BPS Pro features: https://www.ait-pro.com/bps-features/

Overall I believe Wordfence is a decent security plugin, but I believe BPS Pro is a better security plugin. ??

• This reply was modified 7 years, 11 months ago by AITpro.

Thank you for responding. I am already using Wordfence on one website and want to use Bullet Proof on another site. My questioned are aimed at helping me buy BPS rather than eliminate BPS as a choice.

a) Country Blocking – Some of us run local businesses that do not require web traffic from other countries. As such, country blocking is of great help. The top there countries where intrusion attempt s are launched from are China, Turkey and Russia (as per Succuri as well as personal experience). On this basis, it really helps to have country blocking with an accurate database. Wordfence database is super accurate but iQ Block Country is also very good in this respect and except few occasions, the accuracy rate of Country Block is pretty good. Country Blocking is something you may want to consider as some customers like me would be willing to pay for it.

b) Live Traffic Feed has actually been of help to block visitors in real time (provided one is watching the feed). A “Who is” lookup embedded also helps to accurately search for Who is contacts. This is not a very important feature, but the Live Traffic Feed is pretty helpful based on what one wants to do with it.

c) Firewall in Wordfence in real time updates security threats, though was not much help during a DDOS attack. Succuri was superb during DDOS attacks and Firewall but it 50 bucks more expensive for Year 1 and 100 bucks more expensive from Year 2 (considering the discount available through Yoast SEO). Succuri has Cloud based Firewall, stops DDOS attacks, has Country Blocking, Live Feed and was as good as Wordfence for Vulnerability and Malware Scanning. In addition, it cleans up hacked sites without any additional fee and also has an expanded reputation management (Yandex, Google, Bing etc.). Succuri is quite effective but the price may be high for some bloggers, considering the renewal fees. If Succuri comes down to 150 Buck per annum for its Total Security Package with Cloud Firewall and 100 Bucks without Cloud Firewall, it would beat Worfence hands down.
As Wordfence moves closer to 99 Bucks for a single license, it is only a matter of time that they will increase prices and I am inclined to look for alternatives. The Wordfence firewall claims to stop these attacks except the DDOS attacks.It would be helpful to know if BPS blocks these attacks.

Rules

Enabled Category Description
whitelist Whitelisted URL
lfi Slider Revolution: Local File Inclusion
sqli SQL Injection
xss XSS: Cross Site Scripting
file_upload Malicous File Upload
lfi Directory Traversal
lfi LFI: Local File Inclusion
xxe XXE: External Entity Expansion
xss dzs-videogallery 8.80 XSS HTML injection in inline JavaScript
sqli Simple Ads Manager <= 2.9.4.116 – SQL Injection
rfi Gwolle Guestbook <= 1.5.3 – Remote File Inclusion
priv-esc User Roles Manager Privilege Escalation <= 4.24
sde Yoast WordPress SEO <= 3.1.2 – Sensitive Data Exposure
auth-bypass WordPress Core <= 4.5.0 – Authentication Bypass
file_upload Ninja Forms <= 2.9.42 – Arbitrary File Upload
auth-bypass Ninja Forms <= 2.9.42: Missing Authentication Check
auth-bypass Ninja Forms <= 2.9.42: Missing Authentication Check
sde Caldera Forms <= 1.3.5 – Sensitive Data Exposure
auth-bypass WP Fastest Cache <= 0.8.5.6 – Authorization Bypass
auth-bypass WP Fastest Cache <= 0.8.5.6 – Authorization Bypass
xss HDW Player Plugin <= 3.4 – Reflected XSS
sqli Google SEO Pressor Snippet Plugin <= 1.2.6 – SQL Injection
xss WPMain Stored XSS <= 3.1.2
file_upload EWWW Image Optimizer <= 2.8.0 [Remote Command Execution]
xss Customize Admin Stored XSS <= 1.6.6
sqli Kento Post View Counter SQLi <= 2.8
xss Kento Post View Counter Reflected XSS <= 2.8
xss Kento Post View Counter Stored XSS <= 2.8
file_upload WP Mobile Detector <= 3.5 – Arbitrary File Upload
sqli Double Opt-In for Download <= 2.0.9 – SQL Injection
sde WP Maintenance Mode <= 2.0.3 – Sensitive Data Exposure
sde WP Maintenance Mode <= 2.0.3 – Auth Bypass
rce WP Maintenance Mode <= 2.0.3 – Remote Code Execution
auth-bypass Robo Gallery <= 2.0.14 – Auth Bypass
file-download Memphis Documents Library <= 3.4.5 – Unauthenticated Arbitrary File Download
lfi SEO by SQUIRRLY <= 6.1.0 – Local File Inclusion
auth-bypass SEO by SQUIRRLY <= 6.1.0 – Auth Bypass
auth-bypass DELUCKS SEO <= 1.3.9 – Unauthorized Options Update
auth-bypass WiziApp – All in One mobile suite <= 4.1.2 – Auth Bypass
priv-esc Profile Builder <= 2.4.0 – Privilege Escalation
xss All in One SEO Pack 2.3.6.1 – Persistent XSS
xss All in One SEO Pack <= 2.3.7 – Unauthenticated Stored XSS
auth-bypass Fluid Responsive Slideshow <= 2.2.26 – Unauthorized Content Modification
sde WP Backup <= 1.2 – Sensitive Data Exposure
file_upload File Manager <= 3.0.0 – Arbitrary File Upload/Download
file_upload Levo Slideshow <= 2.3 – Arbitrary File Upload
auth-bypass Form Lightbox <= 2.1 – Unauthenticated Options Update
auth-bypass WordPress Social Stream <= 1.5.15 – Authenticated Unauthorized Options Update
priv-esc Ultimate Product Catalogue <= 3.8.1 – Privilege Escalation
file_upload 360 Product Rotation <= 1.2.1 – Arbitrary File Upload
xss WordPress Activity Log <= 2.3.1 – Persistent XSS
file_upload Slider Revolution: Arbitrary File Upload
sqli User Meta Manager <= 3.4.6 – SQL Injection
rfd TimThumb <= 1.33 – Remote File Download
rce TimThumb <= 2.8.13 – Remote Code Execution
file_upload MailPoet <= 2.6.7 – Arbitrary File Upload
dos WordPress Core <= 4.5.3 – DoS
lfi Directory Traversal – wp-config.php
file_upload Malicious File Upload (Patterns)
file_upload N-Media Post Front-end Form <= 1.0 – Unauthenticated Arbitrary File Upload
file_upload CYSTEME Finder <= 1.3 – Multiple Unauthenticated Vulnerabilities
file_upload Estatik <= 2.2.5 – Unauthenticated Arbitrary File Upload
lfi Mail Masta <= 1.0 – Unauthenticated Local File Inclusion
auth-bypass Total Security <= 3.3.8 – Unauthenticated Options Update
obji Ecwid Ecommerce Shopping Cart <= 4.4.3 – Unauthenticated Object Injection
file_upload Malicious File Upload (PHP)

If we leave Country Blocking, Live Traffic Feed, I think BPS is a much better value for money, but wanted to compare the Firewall options in BPS vs Wordfence.

Once again, thanks for taking the time to respond. The aim is to buy here verus not buy and I want to take an informed decision.

• This reply was modified 7 years, 11 months ago by tigershroof.
• This reply was modified 7 years, 11 months ago by tigershroof.

I’m not interested in trying to sell you anything. We simply do not do a hard sell or sales pitch of any kind. We want people to choose for themselves. In general, for what you are looking for and the sites that you have, I think you may want to stick with what you have found that you want and not worry about the cost now or in the future. If you have something already that you like then just stick with it. ??

a) Country Blocking – nope we will never add this for this #1 reason: doing this causes unnecessary memory and resource usage for your server/website. There are lots of other reasons why is a terrible approach. People tell us all the time that after removing country ip blocking their server/websites perform much better.

b) Live Traffic Feed – yep I understand what appears to be a benefit, but if you have a site that has very high traffic and you are spending your time looking at this stuff instead of doing other more important things, than in my opinion that is a complete waste of your valuable time. Live Traffic is known to cause website performance problems for obvious reasons – your website/server has to process this data all day long/every day. There are plenty of folks that have reported this about Wordfence Live Traffic feed over the years. So check that/cross reference that information for yourself. ?? On a low traffic site it is not going to probably cause a big performance problem, but if you have a high volume of traffic then there is going to be a noticeable performance cost/slowness/etc.

c) All I can tell you is the BPS Pro Plugin Firewall works great/is very effective. I can’t really do any sort of comparison with anything else. ?? I can’t make any sort of assesment based on the Wordfence rules that you posted, but what I can tell is the BPS Pro Plugin Firewall and other various security features will also block all of these things 100%.

Thanks for taking the time to answer and specifically answering the last question. Will be in touch.

Another very important point about not trying to sell BPS Pro to you on the www.remarpro.com forum site is that it is specifically not allowed in the wp forum rules. ??

• This reply was modified 7 years, 11 months ago by AITpro.

Noted and understood. Once I am ready to buy, I will contact you through the direct site. Thanks again.

• This reply was modified 7 years, 11 months ago by tigershroof.

Assuming all questions have been answered – the thread has been resolved. If you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

@aitpro – I have removed the recent off-topic posts and am closing this topic since it’s marked as Resolved.