All In One WP Security & Firewall - Version 1.7

Version Description

  • Added a new feature which is a password strength tool which calculates how easy it is for your chosen password to be cracked using a desktop PC and the appropriate SW. This tool should help you create strong passwords.
  • Added a front-end general visitor lockout feature. This feature allows you to temporarily lock down the front end of your site while you do security investigation, site upgrades, tweaks etc.
Download this release

Release Info

Developer mra13
Plugin Icon 128x128 All In One WP Security & Firewall
Version 1.7
Comparing to
See all releases

Code changes from version 1.6 to 1.7

Files changed (15) hide show
  1. admin/wp-security-admin-init.php +1 -0
  2. admin/wp-security-settings-menu.php +43 -1
  3. admin/wp-security-user-accounts-menu.php +45 -1
  4. classes/wp-security-configure-settings.php +6 -0
  5. classes/wp-security-general-init-tasks.php +14 -0
  6. classes/wp-security-installer.php +1 -0
  7. css/wp-security-admin-styles.css +88 -0
  8. css/wp-security-site-lockout-page.css +31 -0
  9. images/arrow.png +0 -0
  10. images/form_bg.png +0 -0
  11. js/password-strength-tool.js +154 -0
  12. other-includes/wp-security-visitor-lockout-page.php +25 -0
  13. readme.txt +6 -1
  14. wp-security-core.php +1 -1
  15. wp-security.php +1 -1
admin/wp-security-admin-init.php CHANGED
@@ -44,6 +44,7 @@ class AIOWPSecurity_Admin_Init
44
  wp_enqueue_script('media-upload');
45
  wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'));
46
  wp_enqueue_script('aiowpsec-admin-js');
 
47
  }
48
 
49
  function admin_menu_page_styles()
44
  wp_enqueue_script('media-upload');
45
  wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'));
46
  wp_enqueue_script('aiowpsec-admin-js');
47
+ wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
48
  }
49
 
50
  function admin_menu_page_styles()
admin/wp-security-settings-menu.php CHANGED
@@ -81,7 +81,23 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
81
  $this->show_msg_updated(__('All the security features have been disabled successfully!', 'aiowpsecurity'));
82
  }
83
 
84
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
85
  ?>
86
  <div class="aio_grey_box">
87
  <p>For information, updates and documentation, please visit the <a href="http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> Page.</p>
@@ -118,6 +134,32 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
118
  </div>
119
  </form>
120
  </div></div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
121
  <?php
122
  }
123
 
81
  $this->show_msg_updated(__('All the security features have been disabled successfully!', 'aiowpsecurity'));
82
  }
83
 
84
+ //Site lockout feature submission tasks
85
+ if(isset($_POST['aiowpsec_save_site_lockout']))
86
+ {
87
+ $nonce=$_REQUEST['_wpnonce'];
88
+ if (!wp_verify_nonce($nonce, 'aiowpsec-site-lockout'))
89
+ {
90
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on site lockout feature settings save!",4);
91
+ die("Nonce check failed on site lockout feature settings save!");
92
+ }
93
+
94
+ //Save settings if no errors
95
+ $aio_wp_security->configs->set_value('aiowps_site_lockout',isset($_POST["aiowps_site_lockout"])?'1':'');
96
+ $aio_wp_security->configs->save_config();
97
+
98
+ $this->show_msg_updated(__('Site lockout feature settings saved!', 'aiowpsecurity'));
99
+
100
+ }
101
  ?>
102
  <div class="aio_grey_box">
103
  <p>For information, updates and documentation, please visit the <a href="http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> Page.</p>
134
  </div>
135
  </form>
136
  </div></div>
137
+ <div class="postbox">
138
+ <h3><label for="title"><?php _e('General Visitor Lockout', 'aiowpsecurity'); ?></label></h3>
139
+ <div class="inside">
140
+ <form action="" method="POST">
141
+ <?php wp_nonce_field('aiowpsec-site-lockout'); ?>
142
+ <div class="aio_blue_box">
143
+ <?php
144
+ echo '<p>'.__('This feature allows you to lockdown the front-end of your site to all visitors except user with super admin privileges.', 'aiowpsecurity').'</p>';
145
+ echo '<p>'.__('Locking your site down to general visitors can be useful if you are investigating some issues on your site or perhaps you might be doing some maintenance and wish to keep out all traffic for security reasons.', 'aiowpsecurity').'</p>';
146
+ ?>
147
+ </div>
148
+ <table class="form-table">
149
+ <tr valign="top">
150
+ <th scope="row"><?php _e('Enable Front-end Lockout', 'aiowpsecurity')?>:</th>
151
+ <td>
152
+ <input name="aiowps_site_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_site_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
153
+ <span class="description"><?php _e('Check this if you want all visitors except those who are logged in as administrator to be locked out of the front-end of your site.', 'aiowpsecurity'); ?></span>
154
+ </td>
155
+ </tr>
156
+ </table>
157
+
158
+ <div class="submit">
159
+ <input type="submit" name="aiowpsec_save_site_lockout" value="<?php _e('Save Site Lockout Settings'); ?>" />
160
+ </div>
161
+ </form>
162
+ </div></div>
163
  <?php
164
  }
165
 
admin/wp-security-user-accounts-menu.php CHANGED
@@ -7,15 +7,24 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
7
  /* Specify all the tabs of this menu in the following array */
8
  var $menu_tabs = array(
9
  'tab1' => 'WP Username',
10
- 'tab2' => 'Display Name'
 
11
  );
12
  var $menu_tabs_handler = array(
13
  'tab1' => 'render_tab1',
14
  'tab2' => 'render_tab2',
 
15
  );
16
  function __construct()
17
  {
18
  $this->render_user_account_menu_page();
 
 
 
 
 
 
 
19
  }
20
 
21
  function get_current_tab()
@@ -182,6 +191,41 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
182
  <?php
183
  }
184
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
185
  function validate_change_username_form()
186
  {
187
  global $wpdb;
7
  /* Specify all the tabs of this menu in the following array */
8
  var $menu_tabs = array(
9
  'tab1' => 'WP Username',
10
+ 'tab2' => 'Display Name',
11
+ 'tab3' => 'Password'
12
  );
13
  var $menu_tabs_handler = array(
14
  'tab1' => 'render_tab1',
15
  'tab2' => 'render_tab2',
16
+ 'tab3' => 'render_tab3',
17
  );
18
  function __construct()
19
  {
20
  $this->render_user_account_menu_page();
21
+
22
+ //Add the JS library for password tool - make sure we are on our password tab
23
+ if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_USER_ACCOUNTS_MENU_SLUG ) !== false) {
24
+ if (isset($_GET['tab']) && $_GET['tab'] == 'tab3'){
25
+ wp_enqueue_script('aiowpsec-pw-tool-js');
26
+ }
27
+ }
28
  }
29
 
30
  function get_current_tab()
191
  <?php
192
  }
193
 
194
+ function render_tab3()
195
+ {
196
+ ?>
197
+ <h2><?php _e('Password Tool', 'aiowpsecurity')?></h2>
198
+ <div class="aio_blue_box">
199
+ <?php
200
+ echo '<p>'.__('Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.', 'aiowpsecurity').'</p>'.
201
+ '<p>'.__('Many people fall into the trap of using a simple word or series of numbers as their password. Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.', 'aiowpsecurity').'</p>'.
202
+ '<p>'.__('The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.', 'aiowpsecurity').'</p>'.
203
+ '<p>'.__('This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.', 'aiowpsecurity').'</p>';
204
+ ?>
205
+ </div>
206
+
207
+ <div class="postbox">
208
+ <h3><label for="title"><?php _e('Password Strength Tool', 'aiowpsecurity')?></label></h3>
209
+ <div class="inside">
210
+ <div class="aio_grey_box aio_half_width"><p>This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.</p></div>
211
+ <div class="aiowps_password_tool_field">
212
+ <input size="40" id="aiowps_password_test" name="aiowps_password_test" type="text" />
213
+ <div class="description"><?php _e('Start typing a password.', 'aiowpsecurity'); ?></div>
214
+ </div>
215
+ <div id="aiowps_pw_tool_main">
216
+ <div class="aiowps_password_crack_info_text">It would take a desktop PC approximately
217
+ <div id="aiowps_password_crack_time_calculation">1 sec</div> to crack your password!</div>
218
+ <!-- The rotating arrow -->
219
+ <div class="arrowCap"></div>
220
+ <div class="arrow"></div>
221
+
222
+ <p class="meterText">Password Strength</p>
223
+ </div>
224
+ </div>
225
+ </div>
226
+ <?php
227
+ }
228
+
229
  function validate_change_username_form()
230
  {
231
  global $wpdb;
classes/wp-security-configure-settings.php CHANGED
@@ -14,6 +14,9 @@ class AIOWPSecurity_Configure_Settings
14
  //WP Generator Meta Tag feature
15
  $aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
16
 
 
 
 
17
  //User password feature
18
 
19
  //Lockdown feature
@@ -73,6 +76,9 @@ class AIOWPSecurity_Configure_Settings
73
  //WP Generator Meta Tag feature
74
  $aio_wp_security->configs->add_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
75
 
 
 
 
76
  //User password feature
77
 
78
  //Lockdown feature
14
  //WP Generator Meta Tag feature
15
  $aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
16
 
17
+ //General Settings Page
18
+ $aio_wp_security->configs->set_value('aiowps_site_lockout','');//Checkbox
19
+
20
  //User password feature
21
 
22
  //Lockdown feature
76
  //WP Generator Meta Tag feature
77
  $aio_wp_security->configs->add_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
78
 
79
+ //General Settings Page
80
+ $aio_wp_security->configs->add_value('aiowps_site_lockout','');//Checkbox
81
+
82
  //User password feature
83
 
84
  //Lockdown feature
classes/wp-security-general-init-tasks.php CHANGED
@@ -17,6 +17,13 @@ class AIOWPSecurity_General_Init_Tasks
17
  AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL."/wp-admin");
18
  }
19
 
 
 
 
 
 
 
 
20
  //Add more tasks that need to be executed at init time
21
  }
22
 
@@ -25,4 +32,11 @@ class AIOWPSecurity_General_Init_Tasks
25
  return '';
26
  }
27
 
 
 
 
 
 
 
 
28
  }
17
  AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL."/wp-admin");
18
  }
19
 
20
+ //For site lockout feature
21
+ if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
22
+ if (!is_user_logged_in() && !current_user_can('administrator')) {
23
+ $this->site_lockout_tasks();
24
+ }
25
+ }
26
+
27
  //Add more tasks that need to be executed at init time
28
  }
29
 
32
  return '';
33
  }
34
 
35
+ function site_lockout_tasks(){
36
+ nocache_headers();
37
+ header("HTTP/1.0 503 Service Unavailable");
38
+ remove_action('wp_head','head_addons',7);
39
+ include_once(AIO_WP_SECURITY_PATH.'/other-includes/wp-security-visitor-lockout-page.php');
40
+ exit();
41
+ }
42
  }
classes/wp-security-installer.php CHANGED
@@ -16,6 +16,7 @@ class AIOWPSecurity_Installer
16
  foreach ($blogids as $blog_id) {
17
  switch_to_blog($blog_id);
18
  AIOWPSecurity_Installer::create_db_tables();
 
19
  }
20
  switch_to_blog($old_blog);
21
  return;
16
  foreach ($blogids as $blog_id) {
17
  switch_to_blog($blog_id);
18
  AIOWPSecurity_Installer::create_db_tables();
19
+ AIOWPSecurity_Configure_Settings::add_option_values();
20
  }
21
  switch_to_blog($old_blog);
22
  return;
css/wp-security-admin-styles.css CHANGED
@@ -253,3 +253,91 @@
253
  text-align: center;
254
  padding-top:5px;
255
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
253
  text-align: center;
254
  padding-top:5px;
255
  }
256
+
257
+ #aiowps_pw_tool_main{
258
+ width:440px;
259
+ margin:40px auto 120px;
260
+ position:relative;
261
+ text-align:center;
262
+ background: url("../images/form_bg.png") no-repeat scroll 0 0 transparent;
263
+ height: 450px;
264
+ padding-top: 50px;
265
+ }
266
+
267
+ .aiowps_password_tool_field{
268
+ text-align:center;
269
+ padding-top: 40px;
270
+ }
271
+
272
+ #aiowps_pw_tool_main .meterText {
273
+ color: #575757;
274
+ font-size: 10px;
275
+ left: 189px;
276
+ line-height: 1.1;
277
+ position: absolute;
278
+ top: 485px;
279
+ width: 60px;
280
+ }
281
+
282
+
283
+ #aiowps_pw_tool_main .arrow{
284
+ background: url("../images/arrow.png") no-repeat -10px 0;
285
+ height: 120px;
286
+ left: 215px;
287
+ position: absolute;
288
+ top: 299px;
289
+ width: 11px;
290
+
291
+ /* Defining a smooth CSS3 animation for turning the arrow */
292
+
293
+ -moz-transition:0.3s;
294
+ -webkit-transition:0.3s;
295
+ -o-transition:0.3s;
296
+ -ms-transition:0.3s;
297
+ transition:0.3s;
298
+
299
+ /* Putting the arrow in its initial position */
300
+
301
+ -moz-transform: rotate(-134deg);
302
+ -webkit-transform: rotate(-134deg);
303
+ -o-transform: rotate(-134deg);
304
+ -ms-transform: rotate(-134deg);
305
+ transform: rotate(-134deg);
306
+ }
307
+
308
+ #aiowps_pw_tool_main .arrowCap{
309
+ background: url("../images/arrow.png") no-repeat -43px 0;
310
+ height: 20px;
311
+ left: 208px;
312
+ position: absolute;
313
+ top: 351px;
314
+ width: 20px;
315
+ z-index: 10;
316
+ }
317
+
318
+ #aiowps_pw_tool_main .meterText{
319
+ color: #575757;
320
+ font-size: 10px;
321
+ left: 189px;
322
+ line-height: 1.1;
323
+ position: absolute;
324
+ top: 385px;
325
+ width: 60px;
326
+ }
327
+
328
+ .aiowps_password_crack_info_text{
329
+ font-size: 2.125em;
330
+ line-height: 1.16667em;
331
+ padding-left: 6.25%;
332
+ padding-right: 6.25%;
333
+ text-align: center;
334
+ }
335
+
336
+ #aiowps_password_crack_time_calculation{
337
+ font-size: 1.125em;
338
+ line-height: 1.16667em;
339
+ padding-left: 6.25%;
340
+ padding-right: 6.25%;
341
+ text-align: center;
342
+ color: darkorange;
343
+ }
css/wp-security-site-lockout-page.css ADDED
@@ -0,0 +1,31 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ body{
2
+ background-color: #404040 !important;
3
+ }
4
+ .aiowps-site-lockout-body{
5
+
6
+ }
7
+
8
+ .aiowps-site-lockout-body-content{
9
+
10
+ }
11
+
12
+ .aiowps-site-lockout-box{
13
+ margin-right: auto;
14
+ margin-left: auto;
15
+ max-width: 800px;
16
+ margin-top: 100px;
17
+ padding: 30px;
18
+ border: 2px solid #FFE20A;
19
+ }
20
+
21
+ .aiowps-site-lockout-msg{
22
+ color: #FFE20A;
23
+ font-size: 48px;
24
+ font-weight: bold;
25
+ text-align: center;
26
+ }
27
+
28
+ .aiowps-site-lockout-text{
29
+ margin-bottom: 30px;
30
+ }
31
+
images/arrow.png ADDED
Binary file
images/form_bg.png ADDED
Binary file
js/password-strength-tool.js ADDED
@@ -0,0 +1,154 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ (function($){
2
+ $.fn.extend({
3
+ pwdstr: function(el) {
4
+ return this.each(function() {
5
+ $(this).keyup(function(){
6
+ $(el).html(getTime($(this).val()));
7
+ });
8
+
9
+ function getTime(str){
10
+
11
+ var chars = 0;
12
+ var rate = 2800000000;
13
+
14
+ if((/[a-z]/).test(str)) chars += 26;
15
+ if((/[A-Z]/).test(str)) chars += 26;
16
+ if((/[0-9]/).test(str)) chars += 10;
17
+ if((/[^a-zA-Z0-9]/).test(str)) chars += 32;
18
+
19
+ var pos = Math.pow(chars,str.length);
20
+ var s = pos/rate;
21
+ var decimalYears = s/(3600*24*365);
22
+ var years = Math.floor(decimalYears);
23
+
24
+ var decimalMonths =(decimalYears-years)*12;
25
+ var months = Math.floor(decimalMonths);
26
+
27
+ var decimalDays = (decimalMonths-months)*30;
28
+ var days = Math.floor(decimalDays);
29
+
30
+ var decimalHours = (decimalDays-days)*24;
31
+ var hours = Math.floor(decimalHours);
32
+
33
+ var decimalMinutes = (decimalHours-hours)*60;
34
+ var minutes = Math.floor(decimalMinutes);
35
+
36
+ var decimalSeconds = (decimalMinutes-minutes)*60;
37
+ var seconds = Math.floor(decimalSeconds);
38
+
39
+ var time = [];
40
+
41
+ if(years > 0){
42
+ if(years == 1)
43
+ time.push("1 year, ");
44
+ else
45
+ time.push(years + " years, ");
46
+ }
47
+ if(months > 0){
48
+ if(months == 1)
49
+ time.push("1 month, ");
50
+ else
51
+ time.push(months + " months, ");
52
+ }
53
+ if(days > 0){
54
+ if(days == 1)
55
+ time.push("1 day, ");
56
+ else
57
+ time.push(days + " days, ");
58
+ }
59
+ if(hours > 0){
60
+ if(hours == 1)
61
+ time.push("1 hour, ");
62
+ else
63
+ time.push(hours + " hours, ");
64
+ }
65
+ if(minutes > 0){
66
+ if(minutes == 1)
67
+ time.push("1 minute, ");
68
+ else
69
+ time.push(minutes + " minutes, ");
70
+ }
71
+ if(seconds > 0){
72
+ if(seconds == 1)
73
+ time.push("1 second, ");
74
+ else
75
+ time.push(seconds + " seconds, ");
76
+ }
77
+
78
+ if(time.length <= 0)
79
+ time = "less than one second, ";
80
+ else if(time.length == 1)
81
+ time = time[0];
82
+ else
83
+ time = time[0] + time[1];
84
+
85
+
86
+ var field = $('#aiowps_password_test');
87
+ if (s <= 1 || !field.val())
88
+ {
89
+ //Time to crack < 1 sec
90
+ complexity = 0;
91
+ }else if (s > 1 && s <= 43200)
92
+ {
93
+ //1 sec < Time to crack < 12hrs
94
+ complexity = 1;
95
+ }else if (s > 43200 && s <= 86400)
96
+ {
97
+ //12 hrs < Time to crack < 1day
98
+ complexity = 2;
99
+ }else if (s > 86400 && s <= 604800)
100
+ {
101
+ //1 day < Time to crack < 1wk
102
+ complexity = 3;
103
+ }else if (s > 604800 && s <= 2678400)
104
+ {
105
+ //1wk < Time to crack < 1mth
106
+ complexity = 4;
107
+ }else if (s > 2678400 && s <= 15552000)
108
+ {
109
+ //1mth < Time to crack < 6mths
110
+ complexity = 5;
111
+ }else if (s > 31536000 && s <= 31536000)
112
+ {
113
+ //6mths < Time to crack < 1yrs
114
+ complexity = 6;
115
+ }else if (s > 31536000 && s <= 315360000)
116
+ {
117
+ //1yrs < Time to crack < 10yrs
118
+ complexity = 7;
119
+ }else if (s > 315360000 && s <= 3153600000)
120
+ {
121
+ //10yrs < Time to crack < 100yrs
122
+ complexity = 8;
123
+ }else if (s > 3153600000 && s <= 31536000000)
124
+ {
125
+ //100yrs < Time to crack < 1000yrs
126
+ complexity = 9;
127
+ }else if (s > 31536000000)
128
+ {
129
+ //1000yrs < Time to crack
130
+ complexity = 10;
131
+ }
132
+ calculated = (complexity/10)*268 - 134;
133
+ prop = 'rotate('+(calculated)+'deg)';
134
+ // Rotate the arrow
135
+ $('.arrow').css({
136
+ '-moz-transform':prop,
137
+ '-webkit-transform':prop,
138
+ '-o-transform':prop,
139
+ '-ms-transform':prop,
140
+ 'transform':prop
141
+ });
142
+
143
+ return time.substring(0,time.length-2);
144
+ }
145
+
146
+ });
147
+ }
148
+
149
+ });
150
+ $(document).ready(function(){
151
+ $('#aiowps_password_test').pwdstr('#aiowps_password_crack_time_calculation');
152
+ });
153
+ })(jQuery);
154
+
other-includes/wp-security-visitor-lockout-page.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ ?>
3
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
5
+ <head profile="http://gmpg.org/xfn/11">
6
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7
+ <title><?php bloginfo('name'); ?></title>
8
+
9
+ <link rel="stylesheet" type="text/css" href="<?php echo AIO_WP_SECURITY_URL ; ?>/css/wp-security-site-lockout-page.css" />
10
+ <?php wp_head(); ?>
11
+ </head>
12
+
13
+ <body>
14
+ <div class="aiowps-site-lockout-body">
15
+ <div class="aiowps-site-lockout-body-content">
16
+ <div class="aiowps-site-lockout-box">
17
+ <div class="aiowps-site-lockout-msg">
18
+ <p class="aiowps-site-lockout-text"><?php _e('This site is currently not available', 'aiowpsecurity'); ?></p>
19
+ <p class="aiowps-site-lockout-text"><?php _e('Please try again later', 'aiowpsecurity'); ?></p>
20
+ </div>
21
+ </div> <!-- end .aiowps-site-lockout-box -->
22
+ </div> <!-- end .aiowps-site-lockout-body-content -->
23
+ </div> <!-- end .aiowps-site-lockout-body -->
24
+ </body>
25
+ </html>
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.tipsandtricks-hq.com
4
  Tags: security, secure, Anti Virus, antivirus, virus, firewall, login, lockdown, htaccess, hacking, ban hacker, malware, vulnerability, protect, phishing, database, backup, plugin, sql injection, ssl, restrict
5
  Requires at least: 3.5
6
  Tested up to: 3.6
7
- Stable tag: 1.6
8
  License: GPLv3
9
 
10
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -32,6 +32,7 @@ Below is a list of the security and firewall features offered in this plugin:
32
  * Detect if there is a user account which has the default "admin" username and easily change the username to a value of your choice.
33
  * The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account's where display name is identical to login name is bad security practice because
34
  you are making it 50% easier for hackers because they already know the login name.
 
35
 
36
  = User Login Security =
37
  * Protect against "Brute Force Login Attack" with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified
@@ -91,6 +92,7 @@ or malicious bots who do not have a special cookie in their browser. You (the si
91
  = Additional Features =
92
  * Ability to remove the WordPress Generator Meta information from the HTML source of your site.
93
  * Ability to prevent people from accessing the readme.html, license.txt and wp-config-sample.php files
 
94
 
95
  = Plugin Support =
96
  * If you have a question or problem with the All In One Security plugin, post it on the support forum and we will help you.
@@ -123,6 +125,9 @@ None
123
  None
124
 
125
  == Changelog ==
 
 
 
126
 
127
  = 1.6 =
128
  - Added a new option in the cookie-based Brute Force Login Attack prevention feature to allow users to use this feature together with the WordPress's post/page password protection feature.
4
  Tags: security, secure, Anti Virus, antivirus, virus, firewall, login, lockdown, htaccess, hacking, ban hacker, malware, vulnerability, protect, phishing, database, backup, plugin, sql injection, ssl, restrict
5
  Requires at least: 3.5
6
  Tested up to: 3.6
7
+ Stable tag: 1.7
8
  License: GPLv3
9
 
10
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
32
  * Detect if there is a user account which has the default "admin" username and easily change the username to a value of your choice.
33
  * The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account's where display name is identical to login name is bad security practice because
34
  you are making it 50% easier for hackers because they already know the login name.
35
+ * Password strength tool to allow you to create very strong passwords.
36
 
37
  = User Login Security =
38
  * Protect against "Brute Force Login Attack" with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified
92
  = Additional Features =
93
  * Ability to remove the WordPress Generator Meta information from the HTML source of your site.
94
  * Ability to prevent people from accessing the readme.html, license.txt and wp-config-sample.php files
95
+ * Ability to temporarily lock down the front end of your site from general visitors while you do various backend tasks (investigate security attacks, perform site upgrades, do maintenance work etc.)
96
 
97
  = Plugin Support =
98
  * If you have a question or problem with the All In One Security plugin, post it on the support forum and we will help you.
125
  None
126
 
127
  == Changelog ==
128
+ = 1.7 =
129
+ - Added a new feature which is a password strength tool which calculates how easy it is for your chosen password to be cracked using a desktop PC and the appropriate SW. This tool should help you create strong passwords.
130
+ - Added a front-end general visitor lockout feature. This feature allows you to temporarily lock down the front end of your site while you do security investigation, site upgrades, tweaks etc.
131
 
132
  = 1.6 =
133
  - Added a new option in the cookie-based Brute Force Login Attack prevention feature to allow users to use this feature together with the WordPress's post/page password protection feature.
wp-security-core.php CHANGED
@@ -3,7 +3,7 @@
3
  if (!class_exists('AIO_WP_Security')){
4
 
5
  class AIO_WP_Security{
6
- var $version = '1.6';
7
  var $db_version = '1.2';
8
  var $plugin_url;
9
  var $plugin_path;
3
  if (!class_exists('AIO_WP_Security')){
4
 
5
  class AIO_WP_Security{
6
+ var $version = '1.7';
7
  var $db_version = '1.2';
8
  var $plugin_url;
9
  var $plugin_path;
wp-security.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
- Version: v1.6
5
  Plugin URI: http://www.tipsandtricks-hq.com/
6
  Author: Tips and Tricks HQ, Peter, Ruhul Amin
7
  Author URI: http://www.tipsandtricks-hq.com/
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
+ Version: v1.7
5
  Plugin URI: http://www.tipsandtricks-hq.com/
6
  Author: Tips and Tricks HQ, Peter, Ruhul Amin
7
  Author URI: http://www.tipsandtricks-hq.com/