All In One WP Security & Firewall

Version Description

Added a brand new brute force prevention feature - Rename Login Page. This feature can be found in the new menu item called "Brute Force".
Modified the new unlock request feature so that the locked out user will only have to enter email address when they submit an unlock request.
Replaced the deprecated PHP function "mysql_list_tables" with alternative code.
Added warning message regarding WordPress iOS app when pingback protection feature in the firewall settings is active.
Added Malware scan tab and information.
Some minor html form and CSS corrections.

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	3.3
Comparing to
See all releases

Code changes from version 3.2 to 3.3

Files changed (22) hide show

admin/wp-security-admin-init.php +14 -2
admin/wp-security-brute-force-menu.php +179 -0
admin/wp-security-dashboard-menu.php +1 -1
admin/wp-security-database-menu.php +36 -12
admin/wp-security-filescan-menu.php +28 -4
admin/wp-security-filesystem-menu.php +1 -1
admin/wp-security-firewall-menu.php +16 -2
admin/wp-security-spam-menu.php +1 -1
admin/wp-security-user-accounts-menu.php +1 -1
admin/wp-security-user-login-menu.php +6 -6
admin/wp-security-whois-menu.php +1 -1
classes/grade-system/wp-security-feature-item-manager.php +22 -1
classes/wp-security-configure-settings.php +5 -0
classes/wp-security-general-init-tasks.php +9 -2
classes/wp-security-process-renamed-login-page.php +103 -0
classes/wp-security-user-login.php +5 -5
css/wp-security-admin-styles.css +3 -2
other-includes/wp-security-rename-login-feature.php +925 -0
other-includes/wp-security-unlock-request.php +15 -23
readme.txt +10 -1
wp-security-core.php +2 -1
wp-security.php +2 -2

admin/wp-security-admin-init.php CHANGED Viewed

	@@ -16,6 +16,7 @@ class AIOWPSecurity_Admin_Init
16	var $whois_menu;
17	var $blacklist_menu;
18	var $firewall_menu;

19	var $maintenance_menu;
20	var $spam_menu;
21	var $filescan_menu;
	@@ -161,13 +162,13 @@ class AIOWPSecurity_Admin_Init
161	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'aiowpsecurity'), __('User Registration', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array(&$this, 'handle_user_registration_menu_rendering'));
162	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'aiowpsecurity'), __('Database Security', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array(&$this, 'handle_database_menu_rendering'));
163	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
164	- //Suppress the ~~firewall~~ menu if site is a multi site AND not the main site
165	}else{
166	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'aiowpsecurity'), __('Filesystem Security', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESYSTEM_MENU_SLUG, array(&$this, 'handle_filesystem_menu_rendering'));
167	}
168	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('WHOIS Lookup', 'aiowpsecurity'), __('WHOIS Lookup', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_WHOIS_MENU_SLUG, array(&$this, 'handle_whois_menu_rendering'));
169	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
170	- //Suppress the ~~firewall~~ menu if site is a multi site AND not the main site
171	}else{
172	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'aiowpsecurity'), __('Blacklist Manager', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BLACKLIST_MENU_SLUG, array(&$this, 'handle_blacklist_menu_rendering'));
173	}
	@@ -176,6 +177,11 @@ class AIOWPSecurity_Admin_Init
176	}else{
177	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'), __('Firewall', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
178	}





179	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'), __('SPAM Prevention', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
180	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
181	//Suppress the filescan menu if site is a multi site AND not the main site
	@@ -247,6 +253,12 @@ class AIOWPSecurity_Admin_Init
247	$this->firewall_menu = new AIOWPSecurity_Firewall_Menu();
248	}
249






250	function handle_maintenance_menu_rendering()
251	{
252	include_once('wp-security-maintenance-menu.php');


16	var $whois_menu;
17	var $blacklist_menu;
18	var $firewall_menu;
19	+ var $brute_force_menu;
20	var $maintenance_menu;
21	var $spam_menu;
22	var $filescan_menu;

162	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'aiowpsecurity'), __('User Registration', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array(&$this, 'handle_user_registration_menu_rendering'));
163	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'aiowpsecurity'), __('Database Security', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array(&$this, 'handle_database_menu_rendering'));
164	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
165	+ //Suppress the Filesystem Security menu if site is a multi site AND not the main site
166	}else{
167	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'aiowpsecurity'), __('Filesystem Security', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESYSTEM_MENU_SLUG, array(&$this, 'handle_filesystem_menu_rendering'));
168	}
169	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('WHOIS Lookup', 'aiowpsecurity'), __('WHOIS Lookup', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_WHOIS_MENU_SLUG, array(&$this, 'handle_whois_menu_rendering'));
170	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
171	+ //Suppress the Blacklist Manager menu if site is a multi site AND not the main site
172	}else{
173	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'aiowpsecurity'), __('Blacklist Manager', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BLACKLIST_MENU_SLUG, array(&$this, 'handle_blacklist_menu_rendering'));
174	}

177	}else{
178	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'), __('Firewall', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
179	}
180	+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
181	+ //Suppress the Brute Force menu if site is a multi site AND not the main site
182	+ }else{
183	+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'), __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
184	+ }
185	add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'), __('SPAM Prevention', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
186	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
187	//Suppress the filescan menu if site is a multi site AND not the main site

253	$this->firewall_menu = new AIOWPSecurity_Firewall_Menu();
254	}
255
256	+ function handle_brute_force_menu_rendering()
257	+ {
258	+ include_once('wp-security-brute-force-menu.php');
259	+ $this->brute_force_menu = new AIOWPSecurity_Brute_Force_Menu();
260	+ }
261	+
262	function handle_maintenance_menu_rendering()
263	{
264	include_once('wp-security-maintenance-menu.php');

admin/wp-security-brute-force-menu.php ADDED Viewed

	@@ -0,0 +1,179 @@


1	+ <?php
2	+
3	+ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
4	+ {
5	+ var $menu_page_slug = AIOWPSEC_BRUTE_FORCE_MENU_SLUG;
6	+
7	+ /* Specify all the tabs of this menu in the following array */
8	+ var $menu_tabs;
9	+
10	+ var $menu_tabs_handler = array(
11	+ 'tab1' => 'render_tab1',
12	+ 'tab2' => 'render_tab2',
13	+ );
14	+
15	+ function __construct()
16	+ {
17	+ $this->render_menu_page();
18	+ }
19	+
20	+ function set_menu_tabs()
21	+ {
22	+ $this->menu_tabs = array(
23	+ 'tab1' => __('Rename Login Page','aiowpsecurity'),
24	+ //'tab2' => __('TODO','aiowpsecurity'),
25	+ );
26	+ }
27	+
28	+ function get_current_tab()
29	+ {
30	+ $tab_keys = array_keys($this->menu_tabs);
31	+ $tab = isset( $_GET['tab'] ) ? $_GET['tab'] : $tab_keys[0];
32	+ return $tab;
33	+ }
34	+
35	+ /*
36	+ * Renders our tabs of this menu as nav items
37	+ */
38	+ function render_menu_tabs()
39	+ {
40	+ $current_tab = $this->get_current_tab();
41	+
42	+ echo '<h2 class="nav-tab-wrapper">';
43	+ foreach ( $this->menu_tabs as $tab_key => $tab_caption )
44	+ {
45	+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
46	+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
47	+ }
48	+ echo '</h2>';
49	+ }
50	+
51	+ /*
52	+ * The menu rendering goes here
53	+ */
54	+ function render_menu_page()
55	+ {
56	+ $this->set_menu_tabs();
57	+ $tab = $this->get_current_tab();
58	+ ?>
59	+ <div class="wrap">
60	+ <div id="poststuff"><div id="post-body">
61	+ <?php
62	+ $this->render_menu_tabs();
63	+ //$tab_keys = array_keys($this->menu_tabs);
64	+ call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
65	+ ?>
66	+ </div></div>
67	+ </div><!-- end of wrap -->
68	+ <?php
69	+ }
70	+
71	+ function render_tab1()
72	+ {
73	+ global $wpdb, $aio_wp_security;
74	+ global $aiowps_feature_mgr;
75	+ $aiowps_login_page_slug = '';
76	+
77	+ if (get_option('permalink_structure')){
78	+ $home_url = trailingslashit(home_url());
79	+ }else{
80	+ $home_url = trailingslashit(home_url()) . '?';
81	+ }
82	+
83	+ if(isset($_POST['aiowps_save_rename_login_page_settings']))//Do form submission tasks
84	+ {
85	+ $error = '';
86	+ $nonce=$_REQUEST['_wpnonce'];
87	+ if (!wp_verify_nonce($nonce, 'aiowpsec-rename-login-page-nonce'))
88	+ {
89	+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for rename login page save!",4);
90	+ die("Nonce check failed for rename login page save!");
91	+ }
92	+
93	+ if (empty($_POST['aiowps_login_page_slug']) && isset($_POST["aiowps_enable_rename_login_page"])){
94	+ $error .= '<br />'.__('Please enter a value for your login page slug.','aiowpsecurity');
95	+ }else if (!empty($_POST['aiowps_login_page_slug'])){
96	+ $aiowps_login_page_slug = sanitize_text_field($_POST['aiowps_login_page_slug']);
97	+ }
98	+
99	+ if($error){
100	+ $this->show_msg_error(__('Attention!','aiowpsecurity').$error);
101	+ }else{
102	+ //Save all the form values to the options
103	+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page',isset($_POST["aiowps_enable_rename_login_page"])?'1':'');
104	+ $aio_wp_security->configs->set_value('aiowps_login_page_slug',$aiowps_login_page_slug);
105	+ $aio_wp_security->configs->save_config();
106	+
107	+ //Recalculate points after the feature status/options have been altered
108	+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
109	+ $this->show_msg_settings_updated();
110	+ }
111	+ }
112	+
113	+ ?>
114	+ <div class="aio_blue_box">
115	+ <?php
116	+ $cookie_based_feature_url = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">Cookie Based Brute Force Prevention</a>';
117	+ $white_list_feature_url = '<a href="admin.php?page='.AIOWPSEC_USER_LOGIN_MENU_SLUG.'&tab=tab3" target="_blank">Login Page White List</a>';
118	+ echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'aiowpsecurity').'</p>'.
119	+ '<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'aiowpsecurity').'</p>'.
120	+ '<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'aiowpsecurity').'</p>'.
121	+ '<p>'.__('By doing doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'aiowpsecurity').'</p>'.
122	+ '<div class="aio_section_separator_1"></div>'.
123	+ '<p>'.__('You may also be interested in the following alternative brute force prevention features:', 'aiowpsecurity').'</p>'.
124	+ '<p>'.$cookie_based_feature_url.'</p>'.
125	+ '<p>'.$white_list_feature_url.'</p>';
126	+ ?>
127	+ </div>
128	+ <?php
129	+ //Show the user the new login URL if this feature is active
130	+ if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1')
131	+ {
132	+ ?>
133	+ <div class="aio_yellow_box">
134	+ <p><?php _e('Your WordPress login page URL has been renamed.', 'aiowpsecurity'); ?></p>
135	+ <p><?php _e('Your current login URL is:', 'aiowpsecurity'); ?></p>
136	+ <p><strong><?php echo $home_url.$aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?></strong></p>
137	+ </div>
138	+
139	+ <?php
140	+ }
141	+ ?>
142	+ <div class="postbox">
143	+ <h3><label for="title"><?php _e('Rename Login Page Settings', 'aiowpsecurity'); ?></label></h3>
144	+ <div class="inside">
145	+ <?php
146	+ //Display security info badge
147	+ global $aiowps_feature_mgr;
148	+ $aiowps_feature_mgr->output_feature_details_badge("bf-rename-login-page");
149	+ ?>
150	+
151	+ <form action="" method="POST">
152	+ <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
153	+ <table class="form-table">
154	+ <tr valign="top">
155	+ <th scope="row"><?php _e('Enable Rename Login Page Feature', 'aiowpsecurity')?>:</th>
156	+ <td>
157	+ <input name="aiowps_enable_rename_login_page" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1') echo ' checked="checked"'; ?> value="1"/>
158	+ <span class="description"><?php _e('Check this if you want to enable the rename login page feature', 'aiowpsecurity'); ?></span>
159	+ </td>
160	+ </tr>
161	+ <tr valign="top">
162	+ <th scope="row"><?php _e('Login Page URL', 'aiowpsecurity')?>:</th>
163	+ <td><code><?php echo $home_url; ?></code><input type="text" size="5" name="aiowps_login_page_slug" value="<?php echo $aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?>" />
164	+ <span class="description"><?php _e('Enter a string which will represent your secure login page slug. You are enouraged to choose something which is hard to guess and only you will remember.', 'aiowpsecurity'); ?></span>
165	+ </td>
166	+ </tr>
167	+ </table>
168	+ <input type="submit" name="aiowps_save_rename_login_page_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
169	+ </form>
170	+ </div></div>
171	+
172	+ <?php
173	+ }
174	+
175	+ function render_tab2()
176	+ {
177	+ }
178	+
179	+ } //end class

admin/wp-security-dashboard-menu.php CHANGED Viewed

	@@ -320,7 +320,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
320	}
321	if($num_users > 1)
322	{
323	- echo '<div class="aio_red_box"><p>'.__('Number of users currently logged into your site is:','aiowpsecurity').' <strong>'.$num_users.'</strong></p>';
324	$info_msg = '<p>'.sprintf( __('Go to the %s menu to see more details', 'aiowpsecurity'), $users_online_link).'</p>';
325	echo $info_msg.'</div>';
326	}


320	}
321	if($num_users > 1)
322	{
323	+ echo '<div class="aio_red_box"><p>'.__('Number of users currently logged into your site (including you) is:','aiowpsecurity').' <strong>'.$num_users.'</strong></p>';
324	$info_msg = '<p>'.sprintf( __('Go to the %s menu to see more details', 'aiowpsecurity'), $users_online_link).'</p>';
325	echo $info_msg.'</div>';
326	}

admin/wp-security-database-menu.php CHANGED Viewed

	@@ -169,7 +169,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
169	<input name="aiowps_enable_random_prefix" type="checkbox" <?php if($aio_wp_security->configs->get_value('aiowps_enable_random_prefix')=='1') echo ' checked="checked"'; ?> value="1"/>
170	<span class="description"><?php _e('Check this if you want the plugin to generate a random 6 character string for the table prefix', 'aiowpsecurity'); ?></span>
171	<br /><?php _e('OR', 'aiowpsecurity'); ?>
172	- <br /><input size="10" name="aiowps_new_manual_db_prefix" value="<?php //echo $aio_wp_security->configs->get_value('aiowps_new_manual_db_prefix'); ?>" />
173	<span class="description"><?php _e('Choose your own DB prefix by specifying a string which contains letters and/or numbers and/or underscores. Example: xyz_', 'aiowpsecurity'); ?></span>
174	</td>
175	</tr>
	@@ -319,7 +319,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
319	</tr>
320	<tr valign="top">
321	<th scope="row"><?php _e('Backup Time Interval', 'aiowpsecurity')?>:</th>
322	- <td><input size="5" name="aiowps_db_backup_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_db_backup_frequency'); ?>" />
323	<select id="backup_interval" name="aiowps_db_backup_interval">
324	<option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '0' ); ?>><?php _e( 'Hours', 'aiowpsecurity' ); ?></option>
325	<option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '1' ); ?>><?php _e( 'Days', 'aiowpsecurity' ); ?></option>
	@@ -330,7 +330,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
330	</tr>
331	<tr valign="top">
332	<th scope="row"><?php _e('Number of Backup Files To Keep', 'aiowpsecurity')?>:</th>
333	- <td><input size="5" name="aiowps_backup_files_stored" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_files_stored'); ?>" />
334	<span class="description"><?php _e('Thie field allows you to choose the number of backup files you would like to keep in the backup directory', 'aiowpsecurity'); ?></span>
335	</td>
336	</tr>
	@@ -339,7 +339,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
339	<td>
340	<input name="aiowps_send_backup_email_address" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_backup_email_address')=='1') echo ' checked="checked"'; ?> value="1"/>
341	<span class="description"><?php _e('Check this if you want the system to email you the backup file after a DB backup has been performed', 'aiowpsecurity'); ?></span>
342	- <br /><input size="30" name="aiowps_backup_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_email_address'); ?>" />
343	<span class="description"><?php _e('Enter an email address', 'aiowpsecurity'); ?></span>
344	</td>
345	</tr>
	@@ -363,12 +363,18 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
363	$config_file = ABSPATH.'wp-config.php';
364
365	//Get the table resource
366	- $result = mysql_list_tables(DB_NAME);

367
368	//Count the number of tables
369	- $num_rows = mysql_num_rows( $result );






370	$table_count = 0;
371	-
372	//TODO - after reading up on internationalization mixed with html code I found that the WP experts say to do it as below. We will need to clean up other areas where we haven't used the following convention
373	$info_msg_string = '<p class="aio_info_with_icon">'.__('Starting DB prefix change operations.....', 'aiowpsecurity').'</p>';
374
	@@ -385,11 +391,11 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
385	echo '<p class="aio_success_with_icon">'.__('A backup copy of your wp-config.php file was created successfully!', 'aiowpsecurity').'</p>';
386	}
387
388	- //Rename all the ~~tables~~ ~~name~~
389	- ~~for~~ ($i = 0; $~~i < $num_rows; $i++~~)
390	{
391	//Get table name with old prefix
392	- $table_old_name = ~~mysql_tablename(~~$~~result, $i)~~;
393
394	if ( strpos( $table_old_name, $table_old_prefix ) === 0 )
395	{
	@@ -401,7 +407,6 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
401	//$sql = "RENAME TABLE %s TO %s";
402
403	//Execute the query
404	- //if ( false === $wpdb->query($wpdb->prepare($sql, $table_old_name, $table_new_name)) ) //$wpdb->prepare is adding single quotes instead of backticks and hence causing the query to fail
405	if ( false === $wpdb->query($sql) )
406	{
407	$error = 1;
	@@ -498,5 +503,24 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
498	//Display tasks finished message
499	$tasks_finished_msg_string = '<p class="aio_info_with_icon">'. __('DB prefix change tasks have been completed.', 'aiowpsecurity').'</p>';
500	echo ($tasks_finished_msg_string);
501	- }



















502	} //end class


169	<input name="aiowps_enable_random_prefix" type="checkbox" <?php if($aio_wp_security->configs->get_value('aiowps_enable_random_prefix')=='1') echo ' checked="checked"'; ?> value="1"/>
170	<span class="description"><?php _e('Check this if you want the plugin to generate a random 6 character string for the table prefix', 'aiowpsecurity'); ?></span>
171	<br /><?php _e('OR', 'aiowpsecurity'); ?>
172	+ <br /><input type="text" size="10" name="aiowps_new_manual_db_prefix" value="<?php //echo $aio_wp_security->configs->get_value('aiowps_new_manual_db_prefix'); ?>" />
173	<span class="description"><?php _e('Choose your own DB prefix by specifying a string which contains letters and/or numbers and/or underscores. Example: xyz_', 'aiowpsecurity'); ?></span>
174	</td>
175	</tr>

319	</tr>
320	<tr valign="top">
321	<th scope="row"><?php _e('Backup Time Interval', 'aiowpsecurity')?>:</th>
322	+ <td><input type="text" size="5" name="aiowps_db_backup_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_db_backup_frequency'); ?>" />
323	<select id="backup_interval" name="aiowps_db_backup_interval">
324	<option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '0' ); ?>><?php _e( 'Hours', 'aiowpsecurity' ); ?></option>
325	<option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_db_backup_interval'), '1' ); ?>><?php _e( 'Days', 'aiowpsecurity' ); ?></option>

330	</tr>
331	<tr valign="top">
332	<th scope="row"><?php _e('Number of Backup Files To Keep', 'aiowpsecurity')?>:</th>
333	+ <td><input type="text" size="5" name="aiowps_backup_files_stored" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_files_stored'); ?>" />
334	<span class="description"><?php _e('Thie field allows you to choose the number of backup files you would like to keep in the backup directory', 'aiowpsecurity'); ?></span>
335	</td>
336	</tr>

339	<td>
340	<input name="aiowps_send_backup_email_address" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_backup_email_address')=='1') echo ' checked="checked"'; ?> value="1"/>
341	<span class="description"><?php _e('Check this if you want the system to email you the backup file after a DB backup has been performed', 'aiowpsecurity'); ?></span>
342	+ <br /><input type="text" size="30" name="aiowps_backup_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_backup_email_address'); ?>" />
343	<span class="description"><?php _e('Enter an email address', 'aiowpsecurity'); ?></span>
344	</td>
345	</tr>

363	$config_file = ABSPATH.'wp-config.php';
364
365	//Get the table resource
366	+ //$result = mysql_list_tables(DB_NAME);
367	+ $result = $this->get_mysql_tables(DB_NAME); //Fix for deprecated php mysql_list_tables function
368
369	//Count the number of tables
370	+ //$num_rows = mysql_num_rows( $result );
371	+ if (is_array($result) && count($result) > 0){
372	+ $num_rows = count($result);
373	+ }else{
374	+ echo '<div class="aio_red_box"><p>'.__('Error - Could not get tables or no tables found!', 'aiowpsecurity').'</p></div>';
375	+ return;
376	+ }
377	$table_count = 0;

378	//TODO - after reading up on internationalization mixed with html code I found that the WP experts say to do it as below. We will need to clean up other areas where we haven't used the following convention
379	$info_msg_string = '<p class="aio_info_with_icon">'.__('Starting DB prefix change operations.....', 'aiowpsecurity').'</p>';
380

391	echo '<p class="aio_success_with_icon">'.__('A backup copy of your wp-config.php file was created successfully!', 'aiowpsecurity').'</p>';
392	}
393
394	+ //Rename all the table names
395	+ foreach ($result as $db_table)
396	{
397	//Get table name with old prefix
398	+ $table_old_name = $db_table;
399
400	if ( strpos( $table_old_name, $table_old_prefix ) === 0 )
401	{

407	//$sql = "RENAME TABLE %s TO %s";
408
409	//Execute the query

410	if ( false === $wpdb->query($sql) )
411	{
412	$error = 1;

503	//Display tasks finished message
504	$tasks_finished_msg_string = '<p class="aio_info_with_icon">'. __('DB prefix change tasks have been completed.', 'aiowpsecurity').'</p>';
505	echo ($tasks_finished_msg_string);
506	+ }
507	+
508	+ /**
509	+ * This is an alternative to the deprecated "mysql_list_tables"
510	+ */
511	+ function get_mysql_tables($database='')
512	+ {
513	+ $tables = array();
514	+ $list_tables_sql = "SHOW TABLES FROM {$database};";
515	+ $result = mysql_query($list_tables_sql);
516	+ if($result)
517	+ {
518	+ while($table = mysql_fetch_row($result))
519	+ {
520	+ $tables[] = $table[0];
521	+ }
522	+ }
523	+ return $tables;
524	+ }
525	+
526	} //end class

admin/wp-security-filescan-menu.php CHANGED Viewed

	@@ -8,7 +8,8 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
8	var $menu_tabs;
9
10	var $menu_tabs_handler = array(
11	- 'tab1' => 'render_tab1',

12	);
13
14	function __construct()
	@@ -19,7 +20,8 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
19	function set_menu_tabs()
20	{
21	$this->menu_tabs = array(
22	- 'tab1' => __('File Change Detection','aiowpsecurity'),

23	);
24	}
25
	@@ -254,7 +256,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
254	</tr>
255	<tr valign="top">
256	<th scope="row"><?php _e('Scan Time Interval', 'aiowpsecurity')?>:</th>
257	- <td><input size="5" name="aiowps_fcd_scan_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); ?>" />
258	<select id="backup_interval" name="aiowps_fcd_scan_interval">
259	<option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '0' ); ?>><?php _e( 'Hours', 'aiowpsecurity' ); ?></option>
260	<option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '1' ); ?>><?php _e( 'Days', 'aiowpsecurity' ); ?></option>
	@@ -301,7 +303,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
301	<td>
302	<input name="aiowps_send_fcd_scan_email" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email')=='1') echo ' checked="checked"'; ?> value="1"/>
303	<span class="description"><?php _e('Check this if you want the system to email you if a file change was detected', 'aiowpsecurity'); ?></span>
304	- <br /><input size="40" name="aiowps_fcd_scan_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address'); ?>" />
305	<span class="description"><?php _e('Enter an email address', 'aiowpsecurity'); ?></span>
306	</td>
307	</tr>
	@@ -313,6 +315,28 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
313	<?php
314	}
315






















316	/*
317	* Outputs the last scan results in a postbox
318	*/


8	var $menu_tabs;
9
10	var $menu_tabs_handler = array(
11	+ 'tab1' => 'render_tab1',
12	+ 'tab2' => 'render_tab2',
13	);
14
15	function __construct()

20	function set_menu_tabs()
21	{
22	$this->menu_tabs = array(
23	+ 'tab1' => __('File Change Detection','aiowpsecurity'),
24	+ 'tab2' => __('Malware Scan','aiowpsecurity'),
25	);
26	}
27

256	</tr>
257	<tr valign="top">
258	<th scope="row"><?php _e('Scan Time Interval', 'aiowpsecurity')?>:</th>
259	+ <td><input type="text" size="5" name="aiowps_fcd_scan_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); ?>" />
260	<select id="backup_interval" name="aiowps_fcd_scan_interval">
261	<option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '0' ); ?>><?php _e( 'Hours', 'aiowpsecurity' ); ?></option>
262	<option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '1' ); ?>><?php _e( 'Days', 'aiowpsecurity' ); ?></option>

303	<td>
304	<input name="aiowps_send_fcd_scan_email" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email')=='1') echo ' checked="checked"'; ?> value="1"/>
305	<span class="description"><?php _e('Check this if you want the system to email you if a file change was detected', 'aiowpsecurity'); ?></span>
306	+ <br /><input type="text" size="40" name="aiowps_fcd_scan_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address'); ?>" />
307	<span class="description"><?php _e('Enter an email address', 'aiowpsecurity'); ?></span>
308	</td>
309	</tr>

315	<?php
316	}
317
318	+ function render_tab2()
319	+ {
320	+ ?>
321	+ <div class="aio_blue_box">
322	+ <?php
323	+ echo '<h2>'.__('What is Malware?', 'aiowpsecurity').'</h2>';
324	+ echo '<p>'.__('The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'aiowpsecurity').'</p>'.
325	+ '<p>'.__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site’s search ranking.', 'aiowpsecurity').'</p>'.
326	+ '<p>'.__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'aiowpsecurity').'</p>';
327	+
328	+ $site_scanners_link = '<a href="http://www.site-scanners.com" target="_blank">CLICK HERE</a>';
329	+
330	+ echo '<h2>'.__('Scanning For Malware', 'aiowpsecurity').'</h2>';
331	+ echo '<p>'.__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.', 'aiowpsecurity').'</p>'.
332	+ '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'aiowpsecurity').'</p>'.
333	+ '<p>'.sprintf(__('To learn more please %s.', 'aiowpsecurity'), $site_scanners_link).'</p>';
334	+ ?>
335	+ </div>
336	+
337	+ <?php
338	+ }
339	+
340	/*
341	* Outputs the last scan results in a postbox
342	*/

admin/wp-security-filesystem-menu.php CHANGED Viewed

	@@ -345,7 +345,7 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
345	<form action="" method="POST">
346	<?php wp_nonce_field('aiowpsec-view-system-logs-nonce'); ?>
347	<div><?php _e('Enter System Log File Name', 'aiowpsecurity')?>:
348	- <input size="25" name="aiowps_system_log_file" value="<?php echo $sys_log_file; ?>" />
349	<span class="description"><?php _e('Enter your system log file name. (Defaults to error_log)', 'aiowpsecurity'); ?></span>
350	</div>
351	<div class="aio_spacer_15"></div>


345	<form action="" method="POST">
346	<?php wp_nonce_field('aiowpsec-view-system-logs-nonce'); ?>
347	<div><?php _e('Enter System Log File Name', 'aiowpsecurity')?>:
348	+ <input type="text" size="25" name="aiowps_system_log_file" value="<?php echo $sys_log_file; ?>" />
349	<span class="description"><?php _e('Enter your system log file name. (Defaults to error_log)', 'aiowpsecurity'); ?></span>
350	</div>
351	<div class="aio_spacer_15"></div>

admin/wp-security-firewall-menu.php CHANGED Viewed

	@@ -130,6 +130,20 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
130	'<br />'.$info_msg.'</p>';
131	?>
132	</div>














133
134	<div class="postbox">
135	<h3><label for="title"><?php _e('Basic Firewall Settings', 'aiowpsecurity'); ?></label></h3>
	@@ -688,13 +702,13 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
688	</tr>
689	<tr valign="top">
690	<th scope="row"><?php _e('Secret Word', 'aiowpsecurity')?>:</th>
691	- <td><input size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>" />
692	<span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'aiowpsecurity'); ?></span>
693	</td>
694	</tr>
695	<tr valign="top">
696	<th scope="row"><?php _e('Re-direct URL', 'aiowpsecurity')?>:</th>
697	- <td><input size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" />
698	<span class="description">
699	<?php
700	_e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'aiowpsecurity');


130	'<br />'.$info_msg.'</p>';
131	?>
132	</div>
133	+ <?php
134	+ //Show the message if pingback rule is active
135	+ if ($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1')
136	+ {
137	+ ?>
138	+ <div class="aio_yellow_box">
139	+ <p><?php _e('Attention:', 'aiowpsecurity'); ?>
140	+ <br /><?php _e('Currently the ', 'aiowpsecurity'); ?><strong><?php _e('Enable Pingback Protection', 'aiowpsecurity'); ?></strong><?php _e(' is active.', 'aiowpsecurity'); ?></p>
141	+ <p><strong><?php _e('Please beware that if you are using the WordPress iOS App, then you will need to deactivate this feature in order for the app to work properly.', 'aiowpsecurity'); ?></strong></p>
142	+ </div>
143	+
144	+ <?php
145	+ }
146	+ ?>
147
148	<div class="postbox">
149	<h3><label for="title"><?php _e('Basic Firewall Settings', 'aiowpsecurity'); ?></label></h3>

702	</tr>
703	<tr valign="top">
704	<th scope="row"><?php _e('Secret Word', 'aiowpsecurity')?>:</th>
705	+ <td><input type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>" />
706	<span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'aiowpsecurity'); ?></span>
707	</td>
708	</tr>
709	<tr valign="top">
710	<th scope="row"><?php _e('Re-direct URL', 'aiowpsecurity')?>:</th>
711	+ <td><input type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" />
712	<span class="description">
713	<?php
714	_e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'aiowpsecurity');

admin/wp-security-spam-menu.php CHANGED Viewed

	@@ -254,7 +254,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
254	<table class="form-table">
255	<tr valign="top">
256	<th scope="row"><?php _e('Minimum number of SPAM comments per IP', 'aiowpsecurity')?>:</th>
257	- <td><input size="5" name="aiowps_spam_ip_min_comments" value="<?php echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments'); ?>" />
258	<span class="description"><?php _e('This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.', 'aiowpsecurity');?></span>
259	<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
260	<div class="aiowps_more_info_body">


254	<table class="form-table">
255	<tr valign="top">
256	<th scope="row"><?php _e('Minimum number of SPAM comments per IP', 'aiowpsecurity')?>:</th>
257	+ <td><input type="text" size="5" name="aiowps_spam_ip_min_comments" value="<?php echo $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments'); ?>" />
258	<span class="description"><?php _e('This field allows you to list only those IP addresses which have been used to post X or more SPAM comments.', 'aiowpsecurity');?></span>
259	<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
260	<div class="aiowps_more_info_body">

admin/wp-security-user-accounts-menu.php CHANGED Viewed

	@@ -121,7 +121,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
121	<table class="form-table">
122	<tr valign="top">
123	<th scope="row"><label for="NewUserName"> <?php _e('New Admin Username', 'aiowpsecurity')?>:</label></th>
124	- <td><input size="16" name="aiowps_new_user_name" />
125	<p class="description"><?php _e('Choose a new username for admin.', 'aiowpsecurity'); ?></p>
126	</td>
127	</tr>


121	<table class="form-table">
122	<tr valign="top">
123	<th scope="row"><label for="NewUserName"> <?php _e('New Admin Username', 'aiowpsecurity')?>:</label></th>
124	+ <td><input type="text" size="16" name="aiowps_new_user_name" />
125	<p class="description"><?php _e('Choose a new username for admin.', 'aiowpsecurity'); ?></p>
126	</td>
127	</tr>

admin/wp-security-user-login-menu.php CHANGED Viewed

	@@ -199,19 +199,19 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
199	</tr>
200	<tr valign="top">
201	<th scope="row"><?php _e('Max Login Attempts', 'aiowpsecurity')?>:</th>
202	- <td><input size="5" name="aiowps_max_login_attempts" value="<?php echo $aio_wp_security->configs->get_value('aiowps_max_login_attempts'); ?>" />
203	<span class="description"><?php _e('Set the value for the maximum login retries before IP address is locked out', 'aiowpsecurity'); ?></span>
204	</td>
205	</tr>
206	<tr valign="top">
207	<th scope="row"><?php _e('Login Retry Time Period (min)', 'aiowpsecurity')?>:</th>
208	- <td><input size="5" name="aiowps_retry_time_period" value="<?php echo $aio_wp_security->configs->get_value('aiowps_retry_time_period'); ?>" />
209	<span class="description"><?php _e('If the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that address', 'aiowpsecurity'); ?></span>
210	</td>
211	</tr>
212	<tr valign="top">
213	<th scope="row"><?php _e('Time Length of Lockout (min)', 'aiowpsecurity')?>:</th>
214	- <td><input size="5" name="aiowps_lockout_time_length" value="<?php echo $aio_wp_security->configs->get_value('aiowps_lockout_time_length'); ?>" />
215	<span class="description"><?php _e('Set the length of time for which a particular IP address will be prevented from logging in', 'aiowpsecurity'); ?></span>
216	</td>
217	</tr>
	@@ -235,7 +235,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
235	<td>
236	<input name="aiowps_enable_email_notify" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_email_notify')=='1') echo ' checked="checked"'; ?> value="1"/>
237	<span class="description"><?php _e('Check this if you want to receive an email when someone has been locked out due to maximum failed login attempts', 'aiowpsecurity'); ?></span>
238	- <br /><input size="30" name="aiowps_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_email_address'); ?>" />
239	<span class="description"><?php _e('Enter an email address', 'aiowpsecurity'); ?></span>
240	</td>
241	</tr>
	@@ -454,7 +454,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
454	<tr valign="top">
455	<th scope="row"><?php _e('Your Current IP Address', 'aiowpsecurity')?>:</th>
456	<td>
457	- <input size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" ~~disabled~~/>
458	<span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'aiowpsecurity'); ?></span>
459	</td>
460	</tr>
	@@ -631,7 +631,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
631	</tr>
632	<tr valign="top">
633	<th scope="row"><?php _e('Logout the WP User After XX Minutes', 'aiowpsecurity')?>:</th>
634	- <td><input size="5" name="aiowps_logout_time_period" value="<?php echo $aio_wp_security->configs->get_value('aiowps_logout_time_period'); ?>" />
635	<span class="description"><?php _e('(Minutes) The user will be forced to log back in after this time period has elapased.', 'aiowpsecurity'); ?></span>
636	</td>
637	</tr>


199	</tr>
200	<tr valign="top">
201	<th scope="row"><?php _e('Max Login Attempts', 'aiowpsecurity')?>:</th>
202	+ <td><input type="text" size="5" name="aiowps_max_login_attempts" value="<?php echo $aio_wp_security->configs->get_value('aiowps_max_login_attempts'); ?>" />
203	<span class="description"><?php _e('Set the value for the maximum login retries before IP address is locked out', 'aiowpsecurity'); ?></span>
204	</td>
205	</tr>
206	<tr valign="top">
207	<th scope="row"><?php _e('Login Retry Time Period (min)', 'aiowpsecurity')?>:</th>
208	+ <td><input type="text" size="5" name="aiowps_retry_time_period" value="<?php echo $aio_wp_security->configs->get_value('aiowps_retry_time_period'); ?>" />
209	<span class="description"><?php _e('If the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that address', 'aiowpsecurity'); ?></span>
210	</td>
211	</tr>
212	<tr valign="top">
213	<th scope="row"><?php _e('Time Length of Lockout (min)', 'aiowpsecurity')?>:</th>
214	+ <td><input type="text" size="5" name="aiowps_lockout_time_length" value="<?php echo $aio_wp_security->configs->get_value('aiowps_lockout_time_length'); ?>" />
215	<span class="description"><?php _e('Set the length of time for which a particular IP address will be prevented from logging in', 'aiowpsecurity'); ?></span>
216	</td>
217	</tr>

235	<td>
236	<input name="aiowps_enable_email_notify" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_email_notify')=='1') echo ' checked="checked"'; ?> value="1"/>
237	<span class="description"><?php _e('Check this if you want to receive an email when someone has been locked out due to maximum failed login attempts', 'aiowpsecurity'); ?></span>
238	+ <br /><input type="text" size="30" name="aiowps_email_address" value="<?php echo $aio_wp_security->configs->get_value('aiowps_email_address'); ?>" />
239	<span class="description"><?php _e('Enter an email address', 'aiowpsecurity'); ?></span>
240	</td>
241	</tr>

454	<tr valign="top">
455	<th scope="row"><?php _e('Your Current IP Address', 'aiowpsecurity')?>:</th>
456	<td>
457	+ <input size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
458	<span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'aiowpsecurity'); ?></span>
459	</td>
460	</tr>

631	</tr>
632	<tr valign="top">
633	<th scope="row"><?php _e('Logout the WP User After XX Minutes', 'aiowpsecurity')?>:</th>
634	+ <td><input type="text" size="5" name="aiowps_logout_time_period" value="<?php echo $aio_wp_security->configs->get_value('aiowps_logout_time_period'); ?>" />
635	<span class="description"><?php _e('(Minutes) The user will be forced to log back in after this time period has elapased.', 'aiowpsecurity'); ?></span>
636	</td>
637	</tr>

admin/wp-security-whois-menu.php CHANGED Viewed

	@@ -87,7 +87,7 @@ class AIOWPSecurity_WhoIs_Menu extends AIOWPSecurity_Admin_Menu
87	<table class="form-table">
88	<tr valign="top">
89	<th scope="row"><?php _e('Enter IP Address or Domain Name', 'aiowpsecurity')?>:</th>
90	- <td><input size="20" name="aiowps_whois_lookup_field" value="<?php //echo $aio_wp_security->configs->get_value('aiowps_whois_lookup_field'); ?>" />
91	<span class="description"><?php _e('Enter an IP address or domain name. Example: 111.11.12.13 OR some-domain-name.com', 'aiowpsecurity'); ?></span>
92	</td>
93	</tr>


87	<table class="form-table">
88	<tr valign="top">
89	<th scope="row"><?php _e('Enter IP Address or Domain Name', 'aiowpsecurity')?>:</th>
90	+ <td><input type="text" size="20" name="aiowps_whois_lookup_field" value="<?php //echo $aio_wp_security->configs->get_value('aiowps_whois_lookup_field'); ?>" />
91	<span class="description"><?php _e('Enter an IP address or domain name. Example: 111.11.12.13 OR some-domain-name.com', 'aiowpsecurity'); ?></span>
92	</td>
93	</tr>

classes/grade-system/wp-security-feature-item-manager.php CHANGED Viewed

	@@ -74,9 +74,13 @@ class AIOWPSecurity_Feature_Item_Manager
74	//Basic firewall
75	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-basic-rules", __("Enable Basic Firewall", "aiowpsecurity"), $this->feature_point_3, $this->sec_level_basic);
76	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-pingback-rules", __("Enable Pingback Vulnerability Protection", "aiowpsecurity"), $this->feature_point_3, $this->sec_level_basic);




77
78	//Additional and Advanced firewall
79	- $this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-enable-brute-force-attack-prevention", __("Enable Brute Force Attack Prevention", "aiowpsecurity"), $this->feature_point_4, $this->~~sec_level_advanced~~);
80	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-disable-index-views", __("Disable Index Views", "aiowpsecurity"), $this->feature_point_1, $this->sec_level_inter);
81	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-disable-trace-track", __("Disable Trace and Track", "aiowpsecurity"), $this->feature_point_2, $this->sec_level_advanced);
82	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-forbid-proxy-comments", __("Forbid Proxy Comments", "aiowpsecurity"), $this->feature_point_2, $this->sec_level_advanced);
	@@ -255,6 +259,11 @@ class AIOWPSecurity_Feature_Item_Manager
255	$this->check_enable_5G_blacklist_firewall_feature($item);
256	}
257





258	if($item->feature_id == "block-spambots")
259	{
260	$this->check_enable_block_spambots_feature($item);
	@@ -616,6 +625,18 @@ class AIOWPSecurity_Feature_Item_Manager
616	}
617	}
618












619	function check_enable_block_spambots_feature($item)
620	{
621	global $aio_wp_security;


74	//Basic firewall
75	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-basic-rules", __("Enable Basic Firewall", "aiowpsecurity"), $this->feature_point_3, $this->sec_level_basic);
76	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-pingback-rules", __("Enable Pingback Vulnerability Protection", "aiowpsecurity"), $this->feature_point_3, $this->sec_level_basic);
77	+
78	+ //Brute Force Menu Features
79	+ //Rename Login page
80	+ $this->feature_items[] = new AIOWPSecurity_Feature_Item("bf-rename-login-page", __("Enable Rename Login Page", "aiowpsecurity"), $this->feature_point_2, $this->sec_level_inter);
81
82	//Additional and Advanced firewall
83	+ $this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-enable-brute-force-attack-prevention", __("Enable Brute Force Attack Prevention", "aiowpsecurity"), $this->feature_point_4, $this->sec_level_inter);
84	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-disable-index-views", __("Disable Index Views", "aiowpsecurity"), $this->feature_point_1, $this->sec_level_inter);
85	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-disable-trace-track", __("Disable Trace and Track", "aiowpsecurity"), $this->feature_point_2, $this->sec_level_advanced);
86	$this->feature_items[] = new AIOWPSecurity_Feature_Item("firewall-forbid-proxy-comments", __("Forbid Proxy Comments", "aiowpsecurity"), $this->feature_point_2, $this->sec_level_advanced);

259	$this->check_enable_5G_blacklist_firewall_feature($item);
260	}
261
262	+ if($item->feature_id == "bf-rename-login-page")
263	+ {
264	+ $this->check_enable_rename_login_page_feature($item);
265	+ }
266	+
267	if($item->feature_id == "block-spambots")
268	{
269	$this->check_enable_block_spambots_feature($item);

625	}
626	}
627
628	+ function check_enable_rename_login_page_feature($item)
629	+ {
630	+ global $aio_wp_security;
631	+ if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
632	+ $item->set_feature_status($this->feature_active);
633	+ }
634	+ else
635	+ {
636	+ $item->set_feature_status($this->feature_inactive);
637	+ }
638	+ }
639	+
640	function check_enable_block_spambots_feature($item)
641	{
642	global $aio_wp_security;

classes/wp-security-configure-settings.php CHANGED Viewed

	@@ -79,6 +79,9 @@ class AIOWPSecurity_Configure_Settings
79	$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
80	$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
81



82	//Maintenance menu - Visitor lockout feature
83	$aio_wp_security->configs->set_value('aiowps_site_lockout','');//Checkbox
84	$aio_wp_security->configs->set_value('aiowps_site_lockout_msg','');//Text area/msg box
	@@ -177,6 +180,8 @@ class AIOWPSecurity_Configure_Settings
177	$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
178	$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
179


180
181	//Maintenance menu - Visitor lockout feature
182	$aio_wp_security->configs->add_value('aiowps_site_lockout','');//Checkbox


79	$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
80	$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
81
82	+ //Brute Force features
83	+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page','');//Checkbox
84	+
85	//Maintenance menu - Visitor lockout feature
86	$aio_wp_security->configs->set_value('aiowps_site_lockout','');//Checkbox
87	$aio_wp_security->configs->set_value('aiowps_site_lockout_msg','');//Text area/msg box

180	$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
181	$aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
182
183	+ //Brute Force features
184	+ $aio_wp_security->configs->add_value('aiowps_enable_rename_login_page','');//Checkbox
185
186	//Maintenance menu - Visitor lockout feature
187	$aio_wp_security->configs->add_value('aiowps_site_lockout','');//Checkbox

classes/wp-security-general-init-tasks.php CHANGED Viewed

	@@ -19,8 +19,7 @@ class AIOWPSecurity_General_Init_Tasks
19
20	//For user unlock request feature
21	if(isset($_POST['aiowps_unlock_request']) \|\| isset($_POST['aiowps_wp_submit_unlock_request'])){
22	- nocache_headers();
23	- header("HTTP/1.0 503 Service Unavailable");
24	remove_action('wp_head','head_addons',7);
25	include_once(AIO_WP_SECURITY_PATH.'/other-includes/wp-security-unlock-request.php');
26	exit();
	@@ -68,6 +67,14 @@ class AIOWPSecurity_General_Init_Tasks
68	add_action( 'comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1 );
69	add_filter( 'preprocess_comment', array(&$this, 'process_comment_post') );
70	}








71
72	//For feature which displays logged in users
73	$this->update_logged_in_user_transient();


19
20	//For user unlock request feature
21	if(isset($_POST['aiowps_unlock_request']) \|\| isset($_POST['aiowps_wp_submit_unlock_request'])){
22	+ nocache_headers();

23	remove_action('wp_head','head_addons',7);
24	include_once(AIO_WP_SECURITY_PATH.'/other-includes/wp-security-unlock-request.php');
25	exit();

67	add_action( 'comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1 );
68	add_filter( 'preprocess_comment', array(&$this, 'process_comment_post') );
69	}
70	+
71	+ //For rename login page feature
72	+ if($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1'){
73	+ include_once(AIO_WP_SECURITY_PATH.'/classes/wp-security-process-renamed-login-page.php');
74	+ $login_object = new AIOWPSecurity_Process_Renamed_Login_Page();
75	+ AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks();
76	+ }
77	+
78
79	//For feature which displays logged in users
80	$this->update_logged_in_user_transient();

classes/wp-security-process-renamed-login-page.php ADDED Viewed

	@@ -0,0 +1,103 @@


1	+ <?php
2	+
3	+ class AIOWPSecurity_Process_Renamed_Login_Page
4	+ {
5	+
6	+ function __construct()
7	+ {
8	+ add_action('login_init', array(&$this, 'aiowps_login_init'));
9	+ add_filter('site_url', array(&$this, 'aiowps_site_url'), 10, 2);
10	+ add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
11	+ add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);
12	+
13	+ }
14	+
15	+ function aiowps_login_init()
16	+ {
17	+ if (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false){
18	+ $referer = wp_get_referer();
19	+ if($referer && strpos($referer, 'wp-activate.php') !== false){
20	+ $parsed_referer = parse_url($referer);
21	+ if($parsed_referer && !empty($parsed_referer['query'])){
22	+ parse_str($parsed_referer['query'], $referer);
23	+ if (!empty($parsed_referer['key'])){
24	+ $result = wpmu_activate_signup($parsed_referer['key']); //MS site creation
25	+ if($result && is_wp_error($result) && ($result->get_error_code() === 'already_active' \|\| $result->get_error_code() === 'blog_taken')){
26	+ $aiowps_new_login_url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
27	+ wp_safe_redirect($aiowps_new_login_url . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''));
28	+ die;
29	+ }
30	+ }
31	+ }
32	+ }
33	+ AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
34	+ }
35	+
36	+ }
37	+
38	+ function aiowps_site_url($url, $path)
39	+ {
40	+ return $this->aiowps_filter_wp_login_file($url);
41	+ }
42	+
43	+ function aiowps_wp_redirect($location, $status)
44	+ {
45	+ return $this->aiowps_filter_wp_login_file($location);
46	+ }
47	+
48	+ //Filter all login url strings on the login page
49	+ function aiowps_filter_wp_login_file($url)
50	+ {
51	+ if (strpos($url, 'wp-login.php') !== false){
52	+ $args = explode( '?', $url );
53	+ if (isset($args[1])){
54	+ parse_str($args[1], $args);
55	+ $url = add_query_arg($args, AIOWPSecurity_Process_Renamed_Login_Page::new_login_url());
56	+ }else{
57	+ $url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
58	+ }
59	+ }
60	+ return $url;
61	+ }
62	+
63	+ static function renamed_login_init_tasks()
64	+ {
65	+ global $aio_wp_security;
66	+ if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
67	+ wp_die( __( 'Please log in to access the WordPress admin area.', 'aiowpsecurity') );
68	+ }
69	+
70	+ $parsed_url = parse_url($_SERVER['REQUEST_URI']);
71	+ $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
72	+ if(untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative')
73	+ \|\| (!get_option('permalink_structure') && isset($_GET[$login_slug]))){
74	+ status_header( 200 );
75	+ require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php' );
76	+ die;
77	+ }
78	+ }
79	+
80	+ static function new_login_url()
81	+ {
82	+ global $aio_wp_security;
83	+ $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
84	+ if(get_option('permalink_structure')){
85	+ return trailingslashit(trailingslashit(home_url()) . $login_slug);
86	+ }else{
87	+ return trailingslashit(home_url()) . '?' . $login_slug;
88	+ }
89	+ }
90	+
91	+ static function aiowps_set_404()
92	+ {
93	+ global $wp_query;
94	+ status_header(404);
95	+ $wp_query->set_404();
96	+ if ((($template = get_404_template()) \|\| ($template = get_index_template()))
97	+ && ($template = apply_filters('template_include', $template))){
98	+ include($template);
99	+ }
100	+ die;
101	+ }
102	+
103	+ }

classes/wp-security-user-login.php CHANGED Viewed

	@@ -283,18 +283,18 @@ class AIOWPSecurity_User_Login
283	* This function generates a special random string and inserts into the lockdown table for the relevant user
284	* It then generates an unlock request link which will be used to send to the user
285	*/
286	- static function generate_unlock_request_link($~~username~~)
287	{
288	//Get the locked user row from lockdown table
289	global $wpdb, $aio_wp_security;
290	$unlock_link = '';
291	$lockdown_table_name = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
292	$secret_rand_key = (md5(uniqid(rand(), true)));
293	- $sql = "UPDATE $lockdown_table_name SET unlock_key = '$secret_rand_key' WHERE release_date > now() AND ~~user_login~~ = '$~~username~~'";
294	//$res = $wpdb->get_results("SELECT * FROM $lockdown_table_name WHERE release_date > now() AND user_login = '$username'", ARRAY_A);
295	$res = $wpdb->query($sql);
296	if($res == NULL){
297	- $aio_wp_security->debug_logger->log_debug("No locked user found with ~~username~~ ".$~~username~~,4);
298	return false;
299	}else{
300	$query_param = array('aiowps_auth_key'=>$secret_rand_key);
	@@ -329,13 +329,13 @@ class AIOWPSecurity_User_Login
329	/*
330	* This function sends an unlock request email to a locked out user
331	*/
332	- static function send_unlock_request_email($~~username, $~~email, $unlock_link)
333	{
334	global $aio_wp_security;
335	$to_email_address = $email;
336	$email_msg = '';
337	$subject = '['.get_option('siteurl').'] '. __('Unlock Request Notification','aiowpsecurity');
338	- $email_msg .= __('You have requested for the account with ~~username~~ '.$~~username~~.' to be unlocked. Please click the link below to unlock your account:','aiowpsecurity')."\n";
339	$email_msg .= __('Unlock link: '.$unlock_link,'aiowpsecurity')."\n\n";
340	$email_msg .= __('After clicking the above link you will be able to login to the WordPress administration panel.','aiowpsecurity')."\n";
341	$email_header = 'From: '.get_bloginfo( 'name' ).' <'.get_bloginfo('admin_email').'>' . "\r\n\\";


283	* This function generates a special random string and inserts into the lockdown table for the relevant user
284	* It then generates an unlock request link which will be used to send to the user
285	*/
286	+ static function generate_unlock_request_link($ip_range)
287	{
288	//Get the locked user row from lockdown table
289	global $wpdb, $aio_wp_security;
290	$unlock_link = '';
291	$lockdown_table_name = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
292	$secret_rand_key = (md5(uniqid(rand(), true)));
293	+ $sql = "UPDATE $lockdown_table_name SET unlock_key = '$secret_rand_key' WHERE release_date > now() AND failed_login_ip LIKE '%".esc_sql($ip_range)."%'";
294	//$res = $wpdb->get_results("SELECT * FROM $lockdown_table_name WHERE release_date > now() AND user_login = '$username'", ARRAY_A);
295	$res = $wpdb->query($sql);
296	if($res == NULL){
297	+ $aio_wp_security->debug_logger->log_debug("No locked user found with IP range ".$ip_range,4);
298	return false;
299	}else{
300	$query_param = array('aiowps_auth_key'=>$secret_rand_key);

329	/*
330	* This function sends an unlock request email to a locked out user
331	*/
332	+ static function send_unlock_request_email($email, $unlock_link)
333	{
334	global $aio_wp_security;
335	$to_email_address = $email;
336	$email_msg = '';
337	$subject = '['.get_option('siteurl').'] '. __('Unlock Request Notification','aiowpsecurity');
338	+ $email_msg .= __('You have requested for the account with email address '.$email.' to be unlocked. Please click the link below to unlock your account:','aiowpsecurity')."\n";
339	$email_msg .= __('Unlock link: '.$unlock_link,'aiowpsecurity')."\n\n";
340	$email_msg .= __('After clicking the above link you will be able to login to the WordPress administration panel.','aiowpsecurity')."\n";
341	$email_header = 'From: '.get_bloginfo( 'name' ).' <'.get_bloginfo('admin_email').'>' . "\r\n\\";

css/wp-security-admin-styles.css CHANGED Viewed

	@@ -8,6 +8,7 @@
8	.aio_clear_float{clear: both;}
9	.aio_float_left{float: left;}
10	.aio_padding_10{padding: 10px !important;}

11
12	.aiowps_admin_ul_grp1{
13	list-style: circle;
	@@ -287,9 +288,9 @@
287	#aiowps_pw_tool_main .arrow{
288	background: url("../images/arrow.png") no-repeat -10px 0;
289	height: 120px;
290	- left: ~~215px~~;
291	position: absolute;
292	- top: ~~299px~~;
293	width: 11px;
294
295	/* Defining a smooth CSS3 animation for turning the arrow */


8	.aio_clear_float{clear: both;}
9	.aio_float_left{float: left;}
10	.aio_padding_10{padding: 10px !important;}
11	+ .aio_section_separator_1{border-bottom: 1px solid #dedede; height: 10px;}
12
13	.aiowps_admin_ul_grp1{
14	list-style: circle;

288	#aiowps_pw_tool_main .arrow{
289	background: url("../images/arrow.png") no-repeat -10px 0;
290	height: 120px;
291	+ left: 249px;
292	position: absolute;
293	+ top: 301px;
294	width: 11px;
295
296	/* Defining a smooth CSS3 animation for turning the arrow */

other-includes/wp-security-rename-login-feature.php ADDED Viewed

	@@ -0,0 +1,925 @@


1	+ <?php
2	+ /**
3	+ * WordPress User Page
4	+ *
5	+ * Handles authentication, registering, resetting passwords, forgot password,
6	+ * and other user handling.
7	+ *
8	+ * @package WordPress
9	+ */
10	+
11	+ // Redirect to https login if forced to use SSL
12	+ if ( force_ssl_admin() && ! is_ssl() ) {
13	+ if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
14	+ wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
15	+ exit();
16	+ } else {
17	+ wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
18	+ exit();
19	+ }
20	+ }
21	+
22	+ /**
23	+ * Output the login page header.
24	+ *
25	+ * @param string $title Optional. WordPress Log In Page title to display in <title/> element. Default 'Log In'.
26	+ * @param string $message Optional. Message to display in header. Default empty.
27	+ * @param string $wp_error Optional. The error to pass. Default empty.
28	+ * @param WP_Error $wp_error Optional. WordPress Error Object
29	+ */
30	+ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
31	+ global $error, $interim_login, $action;
32	+
33	+ // Don't index any of these forms
34	+ add_action( 'login_head', 'wp_no_robots' );
35	+
36	+ if ( wp_is_mobile() )
37	+ add_action( 'login_head', 'wp_login_viewport_meta' );
38	+
39	+ if ( empty($wp_error) )
40	+ $wp_error = new WP_Error();
41	+
42	+ // Shake it!
43	+ $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
44	+ /**
45	+ * Filter the error codes array for shaking the login form.
46	+ *
47	+ * @since 3.0.0
48	+ *
49	+ * @param array $shake_error_codes Error codes that shake the login form.
50	+ */
51	+ $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
52	+
53	+ if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
54	+ add_action( 'login_head', 'wp_shake_js', 12 );
55	+
56	+ ?><!DOCTYPE html>
57	+ <!--[if IE 8]>
58	+ <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
59	+ <![endif]-->
60	+ <!--[if !(IE 8) ]><!-->
61	+ <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
62	+ <!--<![endif]-->
63	+ <head>
64	+ <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
65	+ <title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
66	+ <?php
67	+
68	+ wp_admin_css( 'wp-admin', true );
69	+ wp_admin_css( 'colors-fresh', true );
70	+ wp_admin_css( 'ie', true );
71	+
72	+ // Remove all stored post data on logging out.
73	+ // This could be added by add_action('login_head'...) like wp_shake_js()
74	+ // but maybe better if it's not removable by plugins
75	+ if ( 'loggedout' == $wp_error->get_error_code() ) {
76	+ ?>
77	+ <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
78	+ <?php
79	+ }
80	+
81	+ /**
82	+ * Enqueue scripts and styles for the login page.
83	+ *
84	+ * @since 3.1.0
85	+ */
86	+ do_action( 'login_enqueue_scripts' );
87	+ /**
88	+ * Fires in the login page header after scripts are enqueued.
89	+ *
90	+ * @since 2.1.0
91	+ */
92	+ do_action( 'login_head' );
93	+
94	+ if ( is_multisite() ) {
95	+ $login_header_url = network_home_url();
96	+ $login_header_title = get_current_site()->site_name;
97	+ } else {
98	+ $login_header_url = __( 'http://wordpress.org/' );
99	+ $login_header_title = __( 'Powered by WordPress' );
100	+ }
101	+
102	+ /**
103	+ * Filter link URL of the header logo above login form.
104	+ *
105	+ * @since 2.1.0
106	+ *
107	+ * @param string $login_header_url Login header logo URL.
108	+ */
109	+ $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
110	+ /**
111	+ * Filter the title attribute of the header logo above login form.
112	+ *
113	+ * @since 2.1.0
114	+ *
115	+ * @param string $login_header_title Login header logo title attribute.
116	+ */
117	+ $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
118	+
119	+ $classes = array( 'login-action-' . $action, 'wp-core-ui' );
120	+ if ( wp_is_mobile() )
121	+ $classes[] = 'mobile';
122	+ if ( is_rtl() )
123	+ $classes[] = 'rtl';
124	+ if ( $interim_login ) {
125	+ $classes[] = 'interim-login';
126	+ ?>
127	+ <style type="text/css">html{background-color: transparent;}</style>
128	+ <?php
129	+
130	+ if ( 'success' === $interim_login )
131	+ $classes[] = 'interim-login-success';
132	+ }
133	+
134	+ /**
135	+ * Filter the login page body classes.
136	+ *
137	+ * @since 3.5.0
138	+ *
139	+ * @param array $classes An array of body classes.
140	+ * @param string $action The action that brought the visitor to the login page.
141	+ */
142	+ $classes = apply_filters( 'login_body_class', $classes, $action );
143	+
144	+ ?>
145	+ </head>
146	+ <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
147	+ <div id="login">
148	+ <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
149	+ <?php
150	+
151	+ unset( $login_header_url, $login_header_title );
152	+
153	+ /**
154	+ * Filter the message to display above the login form.
155	+ *
156	+ * @since 2.1.0
157	+ *
158	+ * @param string $message Login message text.
159	+ */
160	+ $message = apply_filters( 'login_message', $message );
161	+ if ( !empty( $message ) )
162	+ echo $message . "\n";
163	+
164	+ // In case a plugin uses $error rather than the $wp_errors object
165	+ if ( !empty( $error ) ) {
166	+ $wp_error->add('error', $error);
167	+ unset($error);
168	+ }
169	+
170	+ if ( $wp_error->get_error_code() ) {
171	+ $errors = '';
172	+ $messages = '';
173	+ foreach ( $wp_error->get_error_codes() as $code ) {
174	+ $severity = $wp_error->get_error_data($code);
175	+ foreach ( $wp_error->get_error_messages($code) as $error ) {
176	+ if ( 'message' == $severity )
177	+ $messages .= ' ' . $error . "<br />\n";
178	+ else
179	+ $errors .= ' ' . $error . "<br />\n";
180	+ }
181	+ }
182	+ if ( ! empty( $errors ) ) {
183	+ /**
184	+ * Filter the error messages displayed above the login form.
185	+ *
186	+ * @since 2.1.0
187	+ *
188	+ * @param string $errors Login error message.
189	+ */
190	+ echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
191	+ }
192	+ if ( ! empty( $messages ) ) {
193	+ /**
194	+ * Filter instructional messages displayed above the login form.
195	+ *
196	+ * @since 2.5.0
197	+ *
198	+ * @param string $messages Login messages.
199	+ */
200	+ echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
201	+ }
202	+ }
203	+ } // End of login_header()
204	+
205	+ /**
206	+ * Outputs the footer for the login page.
207	+ *
208	+ * @param string $input_id Which input to auto-focus
209	+ */
210	+ function login_footer($input_id = '') {
211	+ global $interim_login;
212	+
213	+ // Don't allow interim logins to navigate away from the page.
214	+ if ( ! $interim_login ): ?>
215	+ <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
216	+ <?php endif; ?>
217	+
218	+ </div>
219	+
220	+ <?php if ( !empty($input_id) ) : ?>
221	+ <script type="text/javascript">
222	+ try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
223	+ if(typeof wpOnload=='function')wpOnload();
224	+ </script>
225	+ <?php endif; ?>
226	+
227	+ <?php
228	+ /**
229	+ * Fires in the login page footer.
230	+ *
231	+ * @since 3.1.0
232	+ */
233	+ do_action( 'login_footer' ); ?>
234	+ <div class="clear"></div>
235	+ </body>
236	+ </html>
237	+ <?php
238	+ }
239	+
240	+ function wp_shake_js() {
241	+ if ( wp_is_mobile() )
242	+ return;
243	+ ?>
244	+ <script type="text/javascript">
245	+ addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
246	+ function s(id,pos){g(id).left=pos+'px';}
247	+ function g(id){return document.getElementById(id).style;}
248	+ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
249	+ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
250	+ </script>
251	+ <?php
252	+ }
253	+
254	+ function wp_login_viewport_meta() {
255	+ ?>
256	+ <meta name="viewport" content="width=device-width" />
257	+ <?php
258	+ }
259	+
260	+ /**
261	+ * Handles sending password retrieval email to user.
262	+ *
263	+ * @uses $wpdb WordPress Database object
264	+ *
265	+ * @return bool\|WP_Error True: when finish. WP_Error on error
266	+ */
267	+ function retrieve_password() {
268	+ global $wpdb, $wp_hasher;
269	+
270	+ $errors = new WP_Error();
271	+
272	+ if ( empty( $_POST['user_login'] ) ) {
273	+ $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
274	+ } else if ( strpos( $_POST['user_login'], '@' ) ) {
275	+ $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
276	+ if ( empty( $user_data ) )
277	+ $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
278	+ } else {
279	+ $login = trim($_POST['user_login']);
280	+ $user_data = get_user_by('login', $login);
281	+ }
282	+
283	+ /**
284	+ * Fires before errors are returned from a password reset request.
285	+ *
286	+ * @since 2.1.0
287	+ */
288	+ do_action( 'lostpassword_post' );
289	+
290	+ if ( $errors->get_error_code() )
291	+ return $errors;
292	+
293	+ if ( !$user_data ) {
294	+ $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
295	+ return $errors;
296	+ }
297	+
298	+ // redefining user_login ensures we return the right case in the email
299	+ $user_login = $user_data->user_login;
300	+ $user_email = $user_data->user_email;
301	+
302	+ /**
303	+ * Fires before a new password is retrieved.
304	+ *
305	+ * @since 1.5.0
306	+ * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead.
307	+ *
308	+ * @param string $user_login The user login name.
309	+ */
310	+ do_action( 'retreive_password', $user_login );
311	+ /**
312	+ * Fires before a new password is retrieved.
313	+ *
314	+ * @since 1.5.1
315	+ *
316	+ * @param string $user_login The user login name.
317	+ */
318	+ do_action( 'retrieve_password', $user_login );
319	+
320	+ /**
321	+ * Filter whether to allow a password to be reset.
322	+ *
323	+ * @since 2.7.0
324	+ *
325	+ * @param bool true Whether to allow the password to be reset. Default true.
326	+ * @param int $user_data->ID The ID of the user attempting to reset a password.
327	+ */
328	+ $allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
329	+
330	+ if ( ! $allow )
331	+ return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
332	+ else if ( is_wp_error($allow) )
333	+ return $allow;
334	+
335	+ // Generate something random for a password reset key.
336	+ $key = wp_generate_password( 20, false );
337	+
338	+ /**
339	+ * Fires when a password reset key is generated.
340	+ *
341	+ * @since 2.5.0
342	+ *
343	+ * @param string $user_login The username for the user.
344	+ * @param string $key The generated password reset key.
345	+ */
346	+ do_action( 'retrieve_password_key', $user_login, $key );
347	+
348	+ // Now insert the key, hashed, into the DB.
349	+ if ( empty( $wp_hasher ) ) {
350	+ require_once ABSPATH . 'wp-includes/class-phpass.php';
351	+ $wp_hasher = new PasswordHash( 8, true );
352	+ }
353	+ $hashed = $wp_hasher->HashPassword( $key );
354	+ $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
355	+
356	+ $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
357	+ $message .= network_home_url( '/' ) . "\r\n\r\n";
358	+ $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
359	+ $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
360	+ $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
361	+ $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
362	+
363	+ if ( is_multisite() )
364	+ $blogname = $GLOBALS['current_site']->site_name;
365	+ else
366	+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
367	+ // we want to reverse this for the plain text arena of emails.
368	+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
369	+
370	+ $title = sprintf( __('[%s] Password Reset'), $blogname );
371	+
372	+ /**
373	+ * Filter the subject of the password reset email.
374	+ *
375	+ * @since 2.8.0
376	+ *
377	+ * @param string $title Default email title.
378	+ */
379	+ $title = apply_filters( 'retrieve_password_title', $title );
380	+ /**
381	+ * Filter the message body of the password reset mail.
382	+ *
383	+ * @since 2.8.0
384	+ *
385	+ * @param string $message Default mail message.
386	+ * @param string $key The activation key.
387	+ */
388	+ $message = apply_filters( 'retrieve_password_message', $message, $key );
389	+
390	+ if ( $message && !wp_mail($user_email, $title, $message) )
391	+ wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
392	+
393	+ return true;
394	+ }
395	+
396	+ //
397	+ // Main
398	+ //
399	+
400	+ $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
401	+ $errors = new WP_Error();
402	+
403	+ if ( isset($_GET['key']) )
404	+ $action = 'resetpass';
405	+
406	+ // validate action so as to default to the login screen
407	+ if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
408	+ $action = 'login';
409	+
410	+ nocache_headers();
411	+
412	+ header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
413	+
414	+ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
415	+ if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
416	+ $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
417	+
418	+ $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
419	+ if ( $url != get_option( 'siteurl' ) )
420	+ update_option( 'siteurl', $url );
421	+ }
422	+
423	+ //Set a cookie now to see if they are supported by the browser.
424	+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
425	+ if ( SITECOOKIEPATH != COOKIEPATH )
426	+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
427	+
428	+ /**
429	+ * Fires when the login form is initialized.
430	+ *
431	+ * @since 3.2.0
432	+ */
433	+ do_action( 'login_init' );
434	+ /**
435	+ * Fires before a specified login form action.
436	+ *
437	+ * The dynamic portion of the hook name, $action, refers to the action
438	+ * that brought the visitor to the login form. Actions include 'postpass',
439	+ * 'logout', 'lostpassword', etc.
440	+ *
441	+ * @since 2.8.0
442	+ */
443	+ do_action( 'login_form_' . $action );
444	+
445	+ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
446	+ $interim_login = isset($_REQUEST['interim-login']);
447	+
448	+ switch ($action) {
449	+
450	+ case 'postpass' :
451	+ require_once ABSPATH . 'wp-includes/class-phpass.php';
452	+ $hasher = new PasswordHash( 8, true );
453	+
454	+ /**
455	+ * Filter the life span of the post password cookie.
456	+ *
457	+ * By default, the cookie expires 10 days from creation. To turn this
458	+ * into a session cookie, return 0.
459	+ *
460	+ * @since 3.7.0
461	+ *
462	+ * @param int $expires The expiry time, as passed to setcookie().
463	+ */
464	+ $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
465	+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
466	+
467	+ wp_safe_redirect( wp_get_referer() );
468	+ exit();
469	+
470	+ break;
471	+
472	+ case 'logout' :
473	+ check_admin_referer('log-out');
474	+ wp_logout();
475	+
476	+ $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
477	+ wp_safe_redirect( $redirect_to );
478	+ exit();
479	+
480	+ break;
481	+
482	+ case 'lostpassword' :
483	+ case 'retrievepassword' :
484	+
485	+ if ( $http_post ) {
486	+ $errors = retrieve_password();
487	+ if ( !is_wp_error($errors) ) {
488	+ $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
489	+ wp_safe_redirect( $redirect_to );
490	+ exit();
491	+ }
492	+ }
493	+
494	+ if ( isset( $_GET['error'] ) ) {
495	+ if ( 'invalidkey' == $_GET['error'] )
496	+ $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
497	+ elseif ( 'expiredkey' == $_GET['error'] )
498	+ $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
499	+ }
500	+
501	+ $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
502	+ /**
503	+ * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
504	+ *
505	+ * @since 3.0.0
506	+ *
507	+ * @param string $lostpassword_redirect The redirect destination URL.
508	+ */
509	+ $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
510	+
511	+ /**
512	+ * Fires before the lost password form.
513	+ *
514	+ * @since 1.5.1
515	+ */
516	+ do_action( 'lost_password' );
517	+
518	+ login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
519	+
520	+ $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
521	+
522	+ ?>
523	+
524	+ <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
525	+ <p>
526	+ <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
527	+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
528	+ </p>
529	+ <?php
530	+ /**
531	+ * Fires inside the lostpassword <form> tags, before the hidden fields.
532	+ *
533	+ * @since 2.1.0
534	+ */
535	+ do_action( 'lostpassword_form' ); ?>
536	+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
537	+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
538	+ </form>
539	+
540	+ <p id="nav">
541	+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
542	+ <?php
543	+ if ( get_option( 'users_can_register' ) ) :
544	+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
545	+ /**
546	+ * Filter the registration URL below the login form.
547	+ *
548	+ * @since 1.5.0
549	+ *
550	+ * @param string $registration_url Registration URL.
551	+ */
552	+ echo ' \| ' . apply_filters( 'register', $registration_url );
553	+ endif;
554	+ ?>
555	+ </p>
556	+
557	+ <?php
558	+ login_footer('user_login');
559	+ break;
560	+
561	+ case 'resetpass' :
562	+ case 'rp' :
563	+ $user = check_password_reset_key($_GET['key'], $_GET['login']);
564	+
565	+ if ( is_wp_error($user) ) {
566	+ if ( $user->get_error_code() === 'expired_key' )
567	+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
568	+ else
569	+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
570	+ exit;
571	+ }
572	+
573	+ $errors = new WP_Error();
574	+
575	+ if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
576	+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
577	+
578	+ /**
579	+ * Fires before the password reset procedure is validated.
580	+ *
581	+ * @since 3.5.0
582	+ *
583	+ * @param object $errors WP Error object.
584	+ * @param WP_User\|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
585	+ */
586	+ do_action( 'validate_password_reset', $errors, $user );
587	+
588	+ if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
589	+ reset_password($user, $_POST['pass1']);
590	+ login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
591	+ login_footer();
592	+ exit;
593	+ }
594	+
595	+ wp_enqueue_script('utils');
596	+ wp_enqueue_script('user-profile');
597	+
598	+ login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
599	+
600	+ ?>
601	+ <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
602	+ <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
603	+
604	+ <p>
605	+ <label for="pass1"><?php _e('New password') ?><br />
606	+ <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
607	+ </p>
608	+ <p>
609	+ <label for="pass2"><?php _e('Confirm new password') ?><br />
610	+ <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
611	+ </p>
612	+
613	+ <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
614	+ <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
615	+
616	+ <br class="clear" />
617	+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
618	+ </form>
619	+
620	+ <p id="nav">
621	+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
622	+ <?php
623	+ if ( get_option( 'users_can_register' ) ) :
624	+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
625	+ /** This filter is documented in wp-login.php */
626	+ echo ' \| ' . apply_filters( 'register', $registration_url );
627	+ endif;
628	+ ?>
629	+ </p>
630	+
631	+ <?php
632	+ login_footer('user_pass');
633	+ break;
634	+
635	+ case 'register' :
636	+ if ( is_multisite() ) {
637	+ $sign_up_url = network_site_url( 'wp-signup.php' );
638	+ /**
639	+ * Filter the Multisite sign up URL.
640	+ *
641	+ * @since 3.0.0
642	+ *
643	+ * @param string $sign_up_url The sign up URL.
644	+ */
645	+ wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
646	+ exit;
647	+ }
648	+
649	+ if ( !get_option('users_can_register') ) {
650	+ wp_redirect( site_url('wp-login.php?registration=disabled') );
651	+ exit();
652	+ }
653	+
654	+ $user_login = '';
655	+ $user_email = '';
656	+ if ( $http_post ) {
657	+ $user_login = $_POST['user_login'];
658	+ $user_email = $_POST['user_email'];
659	+ $errors = register_new_user($user_login, $user_email);
660	+ if ( !is_wp_error($errors) ) {
661	+ $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
662	+ wp_safe_redirect( $redirect_to );
663	+ exit();
664	+ }
665	+ }
666	+
667	+ $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
668	+ /**
669	+ * Filter the registration redirect URL.
670	+ *
671	+ * @since 3.0.0
672	+ *
673	+ * @param string $registration_redirect The redirect destination URL.
674	+ */
675	+ $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
676	+ login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
677	+ ?>
678	+
679	+ <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
680	+ <p>
681	+ <label for="user_login"><?php _e('Username') ?><br />
682	+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
683	+ </p>
684	+ <p>
685	+ <label for="user_email"><?php _e('E-mail') ?><br />
686	+ <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
687	+ </p>
688	+ <?php
689	+ /**
690	+ * Fires following the 'E-mail' field in the user registration form.
691	+ *
692	+ * @since 2.1.0
693	+ */
694	+ do_action( 'register_form' );
695	+ ?>
696	+ <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
697	+ <br class="clear" />
698	+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
699	+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p>
700	+ </form>
701	+
702	+ <p id="nav">
703	+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> \|
704	+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a>
705	+ </p>
706	+
707	+ <?php
708	+ login_footer('user_login');
709	+ break;
710	+
711	+ case 'login' :
712	+ default:
713	+ $secure_cookie = '';
714	+ $customize_login = isset( $_REQUEST['customize-login'] );
715	+ if ( $customize_login )
716	+ wp_enqueue_script( 'customize-base' );
717	+
718	+ // If the user wants ssl but the session is not ssl, force a secure cookie.
719	+ if ( !empty($_POST['log']) && !force_ssl_admin() ) {
720	+ $user_name = sanitize_user($_POST['log']);
721	+ if ( $user = get_user_by('login', $user_name) ) {
722	+ if ( get_user_option('use_ssl', $user->ID) ) {
723	+ $secure_cookie = true;
724	+ force_ssl_admin(true);
725	+ }
726	+ }
727	+ }
728	+
729	+ if ( isset( $_REQUEST['redirect_to'] ) ) {
730	+ $redirect_to = $_REQUEST['redirect_to'];
731	+ // Redirect to https if user wants ssl
732	+ if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
733	+ $redirect_to = preg_replace('\|^http://\|', 'https://', $redirect_to);
734	+ } else {
735	+ $redirect_to = admin_url();
736	+ }
737	+
738	+ $reauth = empty($_REQUEST['reauth']) ? false : true;
739	+
740	+ // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
741	+ // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
742	+ // the admin via http or https.
743	+ if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
744	+ $secure_cookie = false;
745	+
746	+ // If cookies are disabled we can't log in even with a valid user+pass
747	+ if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
748	+ $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
749	+ else
750	+ $user = wp_signon('', $secure_cookie);
751	+
752	+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
753	+ /**
754	+ * Filter the login redirect URL.
755	+ *
756	+ * @since 3.0.0
757	+ *
758	+ * @param string $redirect_to The redirect destination URL.
759	+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
760	+ * @param WP_User\|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
761	+ */
762	+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
763	+
764	+ if ( !is_wp_error($user) && !$reauth ) {
765	+ if ( $interim_login ) {
766	+ $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
767	+ $interim_login = 'success';
768	+ login_header( '', $message ); ?>
769	+ </div>
770	+ <?php
771	+ /** This action is documented in wp-login.php */
772	+ do_action( 'login_footer' ); ?>
773	+ <?php if ( $customize_login ) : ?>
774	+ <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
775	+ <?php endif; ?>
776	+ </body></html>
777	+ <?php exit;
778	+ }
779	+
780	+ if ( ( empty( $redirect_to ) \|\| $redirect_to == 'wp-admin/' \|\| $redirect_to == admin_url() ) ) {
781	+ // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
782	+ if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
783	+ $redirect_to = user_admin_url();
784	+ elseif ( is_multisite() && !$user->has_cap('read') )
785	+ $redirect_to = get_dashboard_url( $user->ID );
786	+ elseif ( !$user->has_cap('edit_posts') )
787	+ $redirect_to = admin_url('profile.php');
788	+ }
789	+ wp_safe_redirect($redirect_to);
790	+ exit();
791	+ }
792	+
793	+ $errors = $user;
794	+ // Clear errors if loggedout is set.
795	+ if ( !empty($_GET['loggedout']) \|\| $reauth )
796	+ $errors = new WP_Error();
797	+
798	+ if ( $interim_login ) {
799	+ if ( ! $errors->get_error_code() )
800	+ $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
801	+ } else {
802	+ // Some parts of this script use the main login form to display a message
803	+ if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] )
804	+ $errors->add('loggedout', __('You are now logged out.'), 'message');
805	+ elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
806	+ $errors->add('registerdisabled', __('User registration is currently not allowed.'));
807	+ elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
808	+ $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
809	+ elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
810	+ $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
811	+ elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
812	+ $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
813	+ elseif ( strpos( $redirect_to, 'about.php?updated' ) )
814	+ $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
815	+ }
816	+
817	+ /**
818	+ * Filter the login page errors.
819	+ *
820	+ * @since 3.6.0
821	+ *
822	+ * @param object $errors WP Error object.
823	+ * @param string $redirect_to Redirect destination URL.
824	+ */
825	+ $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
826	+
827	+ // Clear any stale cookies.
828	+ if ( $reauth )
829	+ wp_clear_auth_cookie();
830	+
831	+ login_header(__('Log In'), '', $errors);
832	+
833	+ $user_login = '';
834	+ if ( isset($_POST['log']) )
835	+ $user_login = ( 'incorrect_password' == $errors->get_error_code() \|\| 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
836	+ $rememberme = ! empty( $_POST['rememberme'] );
837	+ ?>
838	+
839	+ <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
840	+ <p>
841	+ <label for="user_login"><?php _e('Username') ?><br />
842	+ <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
843	+ </p>
844	+ <p>
845	+ <label for="user_pass"><?php _e('Password') ?><br />
846	+ <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
847	+ </p>
848	+ <?php
849	+ /**
850	+ * Fires following the 'Password' field in the login form.
851	+ *
852	+ * @since 2.1.0
853	+ */
854	+ do_action( 'login_form' );
855	+ ?>
856	+ <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
857	+ <p class="submit">
858	+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
859	+ <?php if ( $interim_login ) { ?>
860	+ <input type="hidden" name="interim-login" value="1" />
861	+ <?php } else { ?>
862	+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
863	+ <?php } ?>
864	+ <?php if ( $customize_login ) : ?>
865	+ <input type="hidden" name="customize-login" value="1" />
866	+ <?php endif; ?>
867	+ <input type="hidden" name="testcookie" value="1" />
868	+ </p>
869	+ </form>
870	+
871	+ <?php if ( ! $interim_login ) { ?>
872	+ <p id="nav">
873	+ <?php if ( ! isset( $_GET['checkemail'] ) \|\| ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
874	+ if ( get_option( 'users_can_register' ) ) :
875	+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
876	+ /** This filter is documented in wp-login.php */
877	+ echo apply_filters( 'register', $registration_url ) . ' \| ';
878	+ endif;
879	+ ?>
880	+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
881	+ <?php endif; ?>
882	+ </p>
883	+ <?php } ?>
884	+
885	+ <script type="text/javascript">
886	+ function wp_attempt_focus(){
887	+ setTimeout( function(){ try{
888	+ <?php if ( $user_login \|\| $interim_login ) { ?>
889	+ d = document.getElementById('user_pass');
890	+ d.value = '';
891	+ <?php } else { ?>
892	+ d = document.getElementById('user_login');
893	+ <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
894	+ if( d.value != '' )
895	+ d.value = '';
896	+ <?php
897	+ }
898	+ }?>
899	+ d.focus();
900	+ d.select();
901	+ } catch(e){}
902	+ }, 200);
903	+ }
904	+
905	+ <?php if ( !$error ) { ?>
906	+ wp_attempt_focus();
907	+ <?php } ?>
908	+ if(typeof wpOnload=='function')wpOnload();
909	+ <?php if ( $interim_login ) { ?>
910	+ (function(){
911	+ try {
912	+ var i, links = document.getElementsByTagName('a');
913	+ for ( i in links ) {
914	+ if ( links[i].href )
915	+ links[i].target = '_blank';
916	+ }
917	+ } catch(e){}
918	+ }());
919	+ <?php } ?>
920	+ </script>
921	+
922	+ <?php
923	+ login_footer();
924	+ break;
925	+ } // end action switch

other-includes/wp-security-unlock-request.php CHANGED Viewed

	@@ -39,13 +39,8 @@ if (isset($_POST['aiowps_unlock_request']))
39
40	if (isset($_POST['aiowps_wp_submit_unlock_request']))
41	{
42	- //This catches the $_POST when someone submits the form from our special unlock request page where visitor enters ~~username and~~ email address
43	$errors = '';
44	- $username = trim($_POST['aiowps_unlock_request_username']);
45	- if (empty($username))
46	- {
47	- $errors .= '<p>'.__('Please enter your username','aiowpsecurity').'</p>';
48	- }
49
50	$email = trim($_POST['aiowps_unlock_request_email']);
51	if (empty($email) \|\| !is_email($email))
	@@ -56,7 +51,7 @@ if (isset($_POST['aiowps_wp_submit_unlock_request']))
56	if($errors){
57	$display_form = true;
58	echo '<div id="login_error">'.$errors.'</div>';
59	- echo display_unlock_form($~~username, $~~email);
60	}else{
61	$locked_user = get_user_by('email', $email);
62	if(!$locked_user){
	@@ -64,19 +59,20 @@ if (isset($_POST['aiowps_wp_submit_unlock_request']))
64	$errors .= '<p>'.__('User account not found!','aiowpsecurity').'</p>';
65	echo '<div id="login_error">'.$errors.'</div>';
66	}else{
67	- //~~Check~~ ~~that~~ ~~the user name and email address are a legitimate match~~
68	- ~~if($locked_user->data->user_login~~ != ~~$username){~~
69	- ~~//user~~ ~~with~~ ~~this~~ ~~email/login~~ ~~name~~ ~~combination~~ ~~does~~ ~~not~~ ~~exist in the system~~
70	- $~~errors~~ .= ~~'<p>'.__~~(~~'User~~ ~~account~~ ~~not~~ ~~found!','aiowpsecurity').'</p>';~~
71	- ~~echo '<div id="login_error">'.$errors.'</div>';~~





72	}else{
73	- //Process unlock request
74	- //Generate a special code and unlock url
75	- $unlock_url = AIOWPSecurity_User_Login::generate_unlock_request_link($username);
76	//Send an email to the user
77	- AIOWPSecurity_User_Login::send_unlock_request_email($~~username, $~~email, $unlock_url);
78	echo '<p class="message">An email has been sent to you with the unlock instructions.</p>';
79	-
80	}
81	}
82	$display_form = false;
	@@ -89,19 +85,15 @@ if (isset($_POST['aiowps_wp_submit_unlock_request']))
89	</html>
90	<?php
91
92	- function display_unlock_form($~~user='', $~~email='')
93	{
94	ob_start();
95	//Display the unlock request form
96	$unlock_form_msg = '<p>You are here because you have been locked out due to too many incorrect login attempts.</p>
97	- <p>Please enter your ~~username and~~ email address and you will receive an email with instructions on how to unlock yourself.</p>'
98	?>
99	<div class="message"><?php echo $unlock_form_msg; ?></div>
100	<form name="loginform" id="loginform" action="<?php echo wp_login_url(); ?>" method="post">
101	- <p>
102	- <label for="aiowps_unlock_request_username"><?php _e('Username', 'aiowpsecurity'); ?><br>
103	- <input type="text" name="aiowps_unlock_request_username" id="aiowps_unlock_request_username" class="input" value="<?php echo $user; ?>" size="20"></label>
104	- </p>
105	<p>
106	<label for="aiowps_unlock_request_email"><?php _e('Email Address', 'aiowpsecurity'); ?><br>
107	<input type="text" name="aiowps_unlock_request_email" id="aiowps_unlock_request_email" class="input" value="<?php echo $email; ?>" size="20"></label>


39
40	if (isset($_POST['aiowps_wp_submit_unlock_request']))
41	{
42	+ //This catches the $_POST when someone submits the form from our special unlock request page where visitor enters email address
43	$errors = '';





44
45	$email = trim($_POST['aiowps_unlock_request_email']);
46	if (empty($email) \|\| !is_email($email))

51	if($errors){
52	$display_form = true;
53	echo '<div id="login_error">'.$errors.'</div>';
54	+ echo display_unlock_form($email);
55	}else{
56	$locked_user = get_user_by('email', $email);
57	if(!$locked_user){

59	$errors .= '<p>'.__('User account not found!','aiowpsecurity').'</p>';
60	echo '<div id="login_error">'.$errors.'</div>';
61	}else{
62	+ //Process unlock request
63	+ //Generate a special code and unlock url
64	+ $ip = AIOWPSecurity_Utility_IP::get_user_ip_address(); //Get the IP address of user
65	+ $ip_range = AIOWPSecurity_Utility_IP::get_sanitized_ip_range($ip); //Get the IP range of the current user
66	+
67	+ $unlock_url = AIOWPSecurity_User_Login::generate_unlock_request_link($ip_range);
68	+ if (!$unlock_url){
69	+ //No entry found in lockdown table with this IP range
70	+ $error_msg = '<p>'.__('Error: No locked entry was found in the DB with your IP address range!','aiowpsecurity').'</p>';
71	+ echo '<div id="login_error">'.$error_msg.'</div>';
72	}else{



73	//Send an email to the user
74	+ AIOWPSecurity_User_Login::send_unlock_request_email($email, $unlock_url);
75	echo '<p class="message">An email has been sent to you with the unlock instructions.</p>';

76	}
77	}
78	$display_form = false;

85	</html>
86	<?php
87
88	+ function display_unlock_form($email='')
89	{
90	ob_start();
91	//Display the unlock request form
92	$unlock_form_msg = '<p>You are here because you have been locked out due to too many incorrect login attempts.</p>
93	+ <p>Please enter your email address and you will receive an email with instructions on how to unlock yourself.</p>'
94	?>
95	<div class="message"><?php echo $unlock_form_msg; ?></div>
96	<form name="loginform" id="loginform" action="<?php echo wp_login_url(); ?>" method="post">




97	<p>
98	<label for="aiowps_unlock_request_email"><?php _e('Email Address', 'aiowpsecurity'); ?><br>
99	<input type="text" name="aiowps_unlock_request_email" id="aiowps_unlock_request_email" class="input" value="<?php echo $email; ?>" size="20"></label>

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha
5	Requires at least: 3.5
6	Tested up to: 3.8
7	- Stable tag: 3.2
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -91,6 +91,7 @@ or malicious bots who do not have a special cookie in their browser. You (the si
91	= Brute force login attack prevention =
92	* Instantly block Brute Force Login Attacks via our special Cookie-Based Brute Force Login Prevention feature. This firewall functionality will block all login attempts from people and bots.
93	* Ability to add a simple math captcha to the WordPress login form to fight against brute force login attacks.

94
95	= WhoIs Lookup =
96	* Perform a WhoIs lookup of a suspicious host or IP address and get full details.
	@@ -147,6 +148,14 @@ None
147
148	== Changelog ==
149








150	= 3.2 =
151	- Added new feature which allows users to generate an automated unlock request link via email when they get locked out because of the login lockdown feature.
152	- Added a check to ensure that user cannot enter 0 minutes in the Force Logout feature.


4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha
5	Requires at least: 3.5
6	Tested up to: 3.8
7	+ Stable tag: 3.3
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

91	= Brute force login attack prevention =
92	* Instantly block Brute Force Login Attacks via our special Cookie-Based Brute Force Login Prevention feature. This firewall functionality will block all login attempts from people and bots.
93	* Ability to add a simple math captcha to the WordPress login form to fight against brute force login attacks.
94	+ * Rename your WordPress login page URL so that bots and hackers cannot access your real WordPress login URL. This feature allows you to change the default login page (wp-login.php) to something you configure.
95
96	= WhoIs Lookup =
97	* Perform a WhoIs lookup of a suspicious host or IP address and get full details.

148
149	== Changelog ==
150
151	+ = 3.3 =
152	+ - Added a brand new brute force prevention feature - Rename Login Page. This feature can be found in the new menu item called "Brute Force".
153	+ - Modified the new unlock request feature so that the locked out user will only have to enter email address when they submit an unlock request.
154	+ - Replaced the deprecated PHP function "mysql_list_tables" with alternative code.
155	+ - Added warning message regarding WordPress iOS app when pingback protection feature in the firewall settings is active.
156	+ - Added Malware scan tab and information.
157	+ - Some minor html form and CSS corrections.
158	+
159	= 3.2 =
160	- Added new feature which allows users to generate an automated unlock request link via email when they get locked out because of the login lockdown feature.
161	- Added a check to ensure that user cannot enter 0 minutes in the Force Logout feature.

wp-security-core.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	- var $version = '3.2';
7	var $db_version = '1.4';
8	var $plugin_url;
9	var $plugin_path;
	@@ -71,6 +71,7 @@ class AIO_WP_Security{
71	define('AIOWPSEC_MAINTENANCE_MENU_SLUG', 'aiowpsec_maintenance');
72	define('AIOWPSEC_SPAM_MENU_SLUG', 'aiowpsec_spam');
73	define('AIOWPSEC_FILESCAN_MENU_SLUG', 'aiowpsec_filescan');

74
75	global $wpdb;
76	define('AIOWPSEC_TBL_LOGIN_LOCKDOWN', $wpdb->prefix . 'aiowps_login_lockdown');


3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	+ var $version = '3.3';
7	var $db_version = '1.4';
8	var $plugin_url;
9	var $plugin_path;

71	define('AIOWPSEC_MAINTENANCE_MENU_SLUG', 'aiowpsec_maintenance');
72	define('AIOWPSEC_SPAM_MENU_SLUG', 'aiowpsec_spam');
73	define('AIOWPSEC_FILESCAN_MENU_SLUG', 'aiowpsec_filescan');
74	+ define('AIOWPSEC_BRUTE_FORCE_MENU_SLUG', 'aiowpsec_brute_force');
75
76	global $wpdb;
77	define('AIOWPSEC_TBL_LOGIN_LOCKDOWN', $wpdb->prefix . 'aiowps_login_lockdown');

wp-security.php CHANGED Viewed

	@@ -1,9 +1,9 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: v3.2
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	- Author: Tips and Tricks HQ, Peter, Ruhul ~~Amin~~
7	Author URI: http://www.tipsandtricks-hq.com/
8	Description: All round best WordPress security plugin!
9	License: GPL3


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: v3.3
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	+ Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: http://www.tipsandtricks-hq.com/
8	Description: All round best WordPress security plugin!
9	License: GPL3

All In One WP Security & Firewall - Version 3.3

Version Description

Release Info

Code changes from version 3.2 to 3.3