All In One WP Security & Firewall

Version Description

Tweaked the "Deny Bad Query Strings" firewall rules so that plugin deletion and update operations from the WordPress plugins menu are not affected.
Fixed a minor bug related to scheduled database backups.
Added some extra default settings to be applied to the plugin's configuration pages upon activation for the first time.
Plugin will now display a recommendation message if user sets scheduled backup frequency to less than 24 hours.

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	1.4
Comparing to
See all releases

Code changes from version 1.3 to 1.4

Files changed (8) hide show

admin/wp-security-dashboard-menu.php +1 -1
admin/wp-security-database-menu.php +8 -0
classes/wp-security-backup.php +1 -0
classes/wp-security-configure-settings.php +5 -3
classes/wp-security-utility-htaccess.php +2 -2
readme.txt +13 -2
wp-security-core.php +1 -1
wp-security.php +1 -1

admin/wp-security-dashboard-menu.php CHANGED Viewed

	@@ -239,7 +239,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
239	<a href="http://twitter.com/intent/tweet?url=http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin&text=I love the All In One WP Security and Firewall plugin!" target="_blank" class="aio_tweet_link">Post to Twitter</a>
240	</p>
241	<p>
242	- <a href="http://wordpress.org/~~plugins~~/all-in-one-wp-security-and-firewall/" target="_blank" class="aio_rate_us_link">Vote & Rate Now</a>
243	</p>
244
245	</div></div>


239	<a href="http://twitter.com/intent/tweet?url=http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin&text=I love the All In One WP Security and Firewall plugin!" target="_blank" class="aio_tweet_link">Post to Twitter</a>
240	</p>
241	<p>
242	+ <a href="http://wordpress.org/support/view/plugin-reviews/all-in-one-wp-security-and-firewall/" target="_blank" class="aio_rate_us_link">Vote & Rate Now</a>
243	</p>
244
245	</div></div>

admin/wp-security-database-menu.php CHANGED Viewed

	@@ -245,6 +245,14 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
245	$aio_wp_security->configs->set_value('aiowps_backup_email_address',$email_address);
246	$aio_wp_security->configs->save_config();
247	$this->show_msg_settings_updated();








248	}
249
250	?>


245	$aio_wp_security->configs->set_value('aiowps_backup_email_address',$email_address);
246	$aio_wp_security->configs->save_config();
247	$this->show_msg_settings_updated();
248	+
249	+ //Let's check if backup interval was set to less than 24 hours
250	+ if (isset($_POST["aiowps_enable_automated_backups"]) && ($backup_frequency < 24) && $_POST["aiowps_db_backup_interval"]==0)
251	+ {
252	+ $alert_user_msg = 'ATTENTION: You have configured your backups to occur at least once daily. For most websites we recommended that you choose a less frequent backup
253	+ schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
254	+ $this->show_msg_updated_st(__($alert_user_msg, 'aiowpsecurity'));
255	+ }
256	}
257
258	?>

classes/wp-security-backup.php CHANGED Viewed

	@@ -172,6 +172,7 @@ class AIOWPSecurity_Backup
172	if ($result)
173	{
174	$aio_wp_security->configs->set_value('aiowps_last_backup_time', current_time('mysql'));

175	$aio_wp_security->debug_logger->log_debug_cron("DB Backup - Scheduled backup was successfully completed.");
176	}
177	else


172	if ($result)
173	{
174	$aio_wp_security->configs->set_value('aiowps_last_backup_time', current_time('mysql'));
175	+ $aio_wp_security->configs->save_config();
176	$aio_wp_security->debug_logger->log_debug_cron("DB Backup - Scheduled backup was successfully completed.");
177	}
178	else

classes/wp-security-configure-settings.php CHANGED Viewed

	@@ -9,6 +9,8 @@ class AIOWPSecurity_Configure_Settings
9	static function set_default_settings()
10	{
11	global $aio_wp_security;


12	//WP Generator Meta Tag feature
13	$aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
14
	@@ -21,7 +23,7 @@ class AIOWPSecurity_Configure_Settings
21	$aio_wp_security->configs->set_value('aiowps_lockout_time_length','60');
22	$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg','');//Checkbox
23	$aio_wp_security->configs->set_value('aiowps_enable_email_notify','');//Checkbox
24	- ~~//$~~aio_wp_security->configs->set_value('aiowps_email_address'~~,''~~);//text field
25	$aio_wp_security->configs->set_value('aiowps_enable_forced_logout','');//Checkbox
26	$aio_wp_security->configs->set_value('aiowps_logout_time_period','60');
27
	@@ -33,7 +35,7 @@ class AIOWPSecurity_Configure_Settings
33	$aio_wp_security->configs->set_value('aiowps_db_backup_interval','2'); //Dropdown box where (0,1,2) => (hours,days,weeks)
34	$aio_wp_security->configs->set_value('aiowps_backup_files_stored','2');
35	$aio_wp_security->configs->set_value('aiowps_send_backup_email_address','');//Checkbox
36	- $aio_wp_security->configs->set_value('aiowps_backup_email_address'~~,''~~);
37
38	//Filesystem Security feature
39	$aio_wp_security->configs->set_value('aiowps_disable_file_editing','');//Checkbox
	@@ -52,7 +54,7 @@ class AIOWPSecurity_Configure_Settings
52	$aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','');//Checkbox
53	$aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','');//Checkbox
54
55	- //TODO - keep adding default ~~opitons~~ for any fields that require it
56
57	//Save it
58	$aio_wp_security->configs->save_config();


9	static function set_default_settings()
10	{
11	global $aio_wp_security;
12	+ $blog_email_address = get_bloginfo('admin_email'); //Get the blog admin email address - we will use as the default value
13	+
14	//WP Generator Meta Tag feature
15	$aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
16

23	$aio_wp_security->configs->set_value('aiowps_lockout_time_length','60');
24	$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg','');//Checkbox
25	$aio_wp_security->configs->set_value('aiowps_enable_email_notify','');//Checkbox
26	+ $aio_wp_security->configs->set_value('aiowps_email_address',$blog_email_address);//text field
27	$aio_wp_security->configs->set_value('aiowps_enable_forced_logout','');//Checkbox
28	$aio_wp_security->configs->set_value('aiowps_logout_time_period','60');
29

35	$aio_wp_security->configs->set_value('aiowps_db_backup_interval','2'); //Dropdown box where (0,1,2) => (hours,days,weeks)
36	$aio_wp_security->configs->set_value('aiowps_backup_files_stored','2');
37	$aio_wp_security->configs->set_value('aiowps_send_backup_email_address','');//Checkbox
38	+ $aio_wp_security->configs->set_value('aiowps_backup_email_address',$blog_email_address);
39
40	//Filesystem Security feature
41	$aio_wp_security->configs->set_value('aiowps_disable_file_editing','');//Checkbox

54	$aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','');//Checkbox
55	$aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','');//Checkbox
56
57	+ //TODO - keep adding default options for any fields that require it
58
59	//Save it
60	$aio_wp_security->configs->save_config();

classes/wp-security-utility-htaccess.php CHANGED Viewed

	@@ -484,7 +484,7 @@ class AIOWPSecurity_Utility_Htaccess
484	if($aio_wp_security->configs->get_value('aiowps_deny_bad_query_strings')=='1')
485	{
486	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_start . PHP_EOL; //Add feature marker start
487	- $rules .= 'RewriteCond %{QUERY_STRING} ../ [NC,OR]' . PHP_EOL;
488	//$rules .= 'RewriteCond %{QUERY_STRING} boot.ini [NC,OR]' . PHP_EOL;
489	$rules .= 'RewriteCond %{QUERY_STRING} tag= [NC,OR]' . PHP_EOL;
490	$rules .= 'RewriteCond %{QUERY_STRING} ftp: [NC,OR]' . PHP_EOL;
	@@ -495,7 +495,7 @@ class AIOWPSecurity_Utility_Htaccess
495	//$rules .= 'RewriteCond %{QUERY_STRING} ^.(%22\|%27\|%3C\|%3E\|%5C\|%7B\|%7C). [NC,OR]' . PHP_EOL;
496	//$rules .= 'RewriteCond %{QUERY_STRING} ^.(%0\|%A\|%B\|%C\|%D\|%E\|%F\|127.0). [NC,OR]' . PHP_EOL;
497	$rules .= 'RewriteCond %{QUERY_STRING} ^.(globals\|encode\|config\|localhost\|loopback). [NC,OR]' . PHP_EOL;
498	- $rules .= 'RewriteCond %{QUERY_STRING} ^.(request\|~~select\|~~insert\|union\|declare\|drop). [NC]' . PHP_EOL;
499	$rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
500	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_end . PHP_EOL; //Add feature marker end
501	}


484	if($aio_wp_security->configs->get_value('aiowps_deny_bad_query_strings')=='1')
485	{
486	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_start . PHP_EOL; //Add feature marker start
487	+ //$rules .= 'RewriteCond %{QUERY_STRING} ../ [NC,OR]' . PHP_EOL;
488	//$rules .= 'RewriteCond %{QUERY_STRING} boot.ini [NC,OR]' . PHP_EOL;
489	$rules .= 'RewriteCond %{QUERY_STRING} tag= [NC,OR]' . PHP_EOL;
490	$rules .= 'RewriteCond %{QUERY_STRING} ftp: [NC,OR]' . PHP_EOL;

495	//$rules .= 'RewriteCond %{QUERY_STRING} ^.(%22\|%27\|%3C\|%3E\|%5C\|%7B\|%7C). [NC,OR]' . PHP_EOL;
496	//$rules .= 'RewriteCond %{QUERY_STRING} ^.(%0\|%A\|%B\|%C\|%D\|%E\|%F\|127.0). [NC,OR]' . PHP_EOL;
497	$rules .= 'RewriteCond %{QUERY_STRING} ^.(globals\|encode\|config\|localhost\|loopback). [NC,OR]' . PHP_EOL;
498	+ $rules .= 'RewriteCond %{QUERY_STRING} ^.(request\|insert\|union\|declare\|drop). [NC]' . PHP_EOL;
499	$rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
500	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_end . PHP_EOL; //Add feature marker end
501	}

readme.txt CHANGED Viewed

	@@ -1,10 +1,10 @@
1	=== All In One WP Security & Firewall ===
2	Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin
3	Donate link: http://www.tipsandtricks-hq.com
4	- Tags: security, secure, Anti Virus, antivirus, virus, firewall, login, lockdown, htaccess, hacking, ban hacker, malware, vulnerability, protect, phishing, database, backup, plugin, sql injection
5	Requires at least: 3.5
6	Tested up to: 3.6
7	- Stable tag: 1.3
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -86,6 +86,10 @@ So these firewall rules will stop malicious script(s) before it gets a chance to
86	= Works with Most Popular WordPress Plugins =
87	* It should work smoothly with most popular WordPress plugins.
88




89	= Plugin Support =
90	* If you have a question or problem with the All In One Security plugin, post it on the support forum and we will help you.
91
	@@ -117,6 +121,13 @@ None
117	None
118
119	== Changelog ==







120	= 1.3 =
121	- Added a new feature to remove the WordPress Generator Meta information from the HTML source of your site.
122	- Tweaked the "Advanced Character String Filter" to fix issue which was affecting plugins such as "Admin Management Xtended" and also pages with keywords such as "password" in the URL.


1	=== All In One WP Security & Firewall ===
2	Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin
3	Donate link: http://www.tipsandtricks-hq.com
4	+ Tags: security, secure, Anti Virus, antivirus, virus, firewall, login, lockdown, htaccess, hacking, ban hacker, malware, vulnerability, protect, phishing, database, backup, plugin, sql injection, ssl, restrict
5	Requires at least: 3.5
6	Tested up to: 3.6
7	+ Stable tag: 1.4
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

86	= Works with Most Popular WordPress Plugins =
87	* It should work smoothly with most popular WordPress plugins.
88
89	+ = Additional Features =
90	+ * Ability to remove the WordPress Generator Meta information from the HTML source of your site.
91	+ * Ability to prevent people from accessing the readme.html, license.txt and wp-config-sample.php files
92	+
93	= Plugin Support =
94	* If you have a question or problem with the All In One Security plugin, post it on the support forum and we will help you.
95

121	None
122
123	== Changelog ==
124	+
125	+ = 1.4 =
126	+ - Tweaked the "Deny Bad Query Strings" firewall rules so that plugin deletion and update operations from the WordPress plugins menu are not affected.
127	+ - Fixed a minor bug related to scheduled database backups.
128	+ - Added some extra default settings to be applied to the plugin's configuration pages upon activation for the first time.
129	+ - Plugin will now display a recommendation message if user sets scheduled backup frequency to less than 24 hours.
130	+
131	= 1.3 =
132	- Added a new feature to remove the WordPress Generator Meta information from the HTML source of your site.
133	- Tweaked the "Advanced Character String Filter" to fix issue which was affecting plugins such as "Admin Management Xtended" and also pages with keywords such as "password" in the URL.

wp-security-core.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	- var $version = '1.3';
7	var $db_version = '1.2';
8	var $plugin_url;
9	var $plugin_path;


3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	+ var $version = '1.4';
7	var $db_version = '1.2';
8	var $plugin_url;
9	var $plugin_path;

wp-security.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: v1.3
5	Plugin URI: http://www.tipsandtricks-hq.com/
6	Author: Tips and Tricks HQ, Peter, Ruhul Amin
7	Author URI: http://www.tipsandtricks-hq.com/


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: v1.4
5	Plugin URI: http://www.tipsandtricks-hq.com/
6	Author: Tips and Tricks HQ, Peter, Ruhul Amin
7	Author URI: http://www.tipsandtricks-hq.com/

All In One WP Security & Firewall - Version 1.4

Version Description

Release Info

Code changes from version 1.3 to 1.4