Version Description
- Consolidated "Brute Force" features by moving all such features to the "Brute Force" menu.
- Improved the file change detection scan feature: Introduced a button allowing admin to view the file change results from the last scan and fixed small bug whereby the change detected flag was not being cleared for applicable cases.
- Fixed a small bug with "rename login page" feature.
- Made wp-config.php and .htaccess file backups more secure. Thanks to @wzp for the tip.
- Made the login code more robust by catering for cases where the "wp_login" action was not passing 2 parameters.
Download this release
Release Info
Developer | mra13 |
Plugin | All In One WP Security & Firewall |
Version | 3.4 |
Comparing to | |
See all releases |
Code changes from version 3.3 to 3.4
- admin/wp-security-admin-init.php +3 -3
- admin/wp-security-brute-force-menu.php +481 -4
- admin/wp-security-database-menu.php +1 -1
- admin/wp-security-filescan-menu.php +28 -7
- admin/wp-security-firewall-menu.php +0 -262
- admin/wp-security-settings-menu.php +1 -1
- admin/wp-security-user-login-menu.php +8 -229
- classes/wp-security-file-scan.php +4 -0
- classes/wp-security-process-renamed-login-page.php +1 -0
- classes/wp-security-user-login.php +10 -1
- classes/wp-security-utility-file.php +46 -0
- classes/wp-security-utility-htaccess.php +11 -19
- classes/wp-security-utility.php +1 -1
- other-includes/wp-security-rename-login-feature.php +1 -1
- readme.txt +8 -3
- wp-security-core.php +1 -1
- wp-security.php +1 -1
admin/wp-security-admin-init.php
CHANGED
@@ -103,12 +103,12 @@ class AIOWPSecurity_Admin_Init
|
|
103 |
|
104 |
function do_other_admin_side_init_tasks()
|
105 |
{
|
106 |
-
if (isset($_GET['page']) && $_GET['page'] ==
|
107 |
{
|
108 |
global $aio_wp_security;
|
109 |
if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
|
110 |
AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
|
111 |
-
$cur_url = "admin.php?page=".
|
112 |
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
|
113 |
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
|
114 |
}
|
@@ -146,7 +146,7 @@ class AIOWPSecurity_Admin_Init
|
|
146 |
die("Nonce check failed on wp_config file save!");
|
147 |
}
|
148 |
$wp_config_path = ABSPATH . 'wp-config.php';
|
149 |
-
$result = AIOWPSecurity_Utility_File::
|
150 |
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
|
151 |
}
|
152 |
}
|
103 |
|
104 |
function do_other_admin_side_init_tasks()
|
105 |
{
|
106 |
+
if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2')
|
107 |
{
|
108 |
global $aio_wp_security;
|
109 |
if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
|
110 |
AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
|
111 |
+
$cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
|
112 |
$redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
|
113 |
AIOWPSecurity_Utility::redirect_to_url($redirect_url);
|
114 |
}
|
146 |
die("Nonce check failed on wp_config file save!");
|
147 |
}
|
148 |
$wp_config_path = ABSPATH . 'wp-config.php';
|
149 |
+
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path); //Backup the wp_config.php file
|
150 |
AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
|
151 |
}
|
152 |
}
|
admin/wp-security-brute-force-menu.php
CHANGED
@@ -10,6 +10,8 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
|
|
10 |
var $menu_tabs_handler = array(
|
11 |
'tab1' => 'render_tab1',
|
12 |
'tab2' => 'render_tab2',
|
|
|
|
|
13 |
);
|
14 |
|
15 |
function __construct()
|
@@ -21,7 +23,10 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
|
|
21 |
{
|
22 |
$this->menu_tabs = array(
|
23 |
'tab1' => __('Rename Login Page','aiowpsecurity'),
|
24 |
-
|
|
|
|
|
|
|
25 |
);
|
26 |
}
|
27 |
|
@@ -113,12 +118,12 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
|
|
113 |
?>
|
114 |
<div class="aio_blue_box">
|
115 |
<?php
|
116 |
-
$cookie_based_feature_url = '<a href="admin.php?page='.
|
117 |
-
$white_list_feature_url = '<a href="admin.php?page='.
|
118 |
echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'aiowpsecurity').'</p>'.
|
119 |
'<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'aiowpsecurity').'</p>'.
|
120 |
'<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'aiowpsecurity').'</p>'.
|
121 |
-
'<p>'.__('By doing
|
122 |
'<div class="aio_section_separator_1"></div>'.
|
123 |
'<p>'.__('You may also be interested in the following alternative brute force prevention features:', 'aiowpsecurity').'</p>'.
|
124 |
'<p>'.$cookie_based_feature_url.'</p>'.
|
@@ -174,6 +179,478 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
|
|
174 |
|
175 |
function render_tab2()
|
176 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
177 |
}
|
178 |
|
179 |
} //end class
|
10 |
var $menu_tabs_handler = array(
|
11 |
'tab1' => 'render_tab1',
|
12 |
'tab2' => 'render_tab2',
|
13 |
+
'tab3' => 'render_tab3',
|
14 |
+
'tab4' => 'render_tab4',
|
15 |
);
|
16 |
|
17 |
function __construct()
|
23 |
{
|
24 |
$this->menu_tabs = array(
|
25 |
'tab1' => __('Rename Login Page','aiowpsecurity'),
|
26 |
+
'tab2' => __('Cookie Based Brute Force Prevention', 'aiowpsecurity'),
|
27 |
+
'tab3' => __('Login Captcha', 'aiowpsecurity'),
|
28 |
+
'tab4' => __('Login Whitelist', 'aiowpsecurity'),
|
29 |
+
|
30 |
);
|
31 |
}
|
32 |
|
118 |
?>
|
119 |
<div class="aio_blue_box">
|
120 |
<?php
|
121 |
+
$cookie_based_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">Cookie Based Brute Force Prevention</a>';
|
122 |
+
$white_list_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab4" target="_blank">Login Page White List</a>';
|
123 |
echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'aiowpsecurity').'</p>'.
|
124 |
'<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'aiowpsecurity').'</p>'.
|
125 |
'<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'aiowpsecurity').'</p>'.
|
126 |
+
'<p>'.__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'aiowpsecurity').'</p>'.
|
127 |
'<div class="aio_section_separator_1"></div>'.
|
128 |
'<p>'.__('You may also be interested in the following alternative brute force prevention features:', 'aiowpsecurity').'</p>'.
|
129 |
'<p>'.$cookie_based_feature_url.'</p>'.
|
179 |
|
180 |
function render_tab2()
|
181 |
{
|
182 |
+
global $aio_wp_security;
|
183 |
+
global $aiowps_feature_mgr;
|
184 |
+
$error = false;
|
185 |
+
|
186 |
+
//Save settings for brute force cookie method
|
187 |
+
if(isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall']))
|
188 |
+
{
|
189 |
+
$nonce=$_REQUEST['_wpnonce'];
|
190 |
+
if (!wp_verify_nonce($nonce, 'aiowpsec-enable-cookie-based-brute-force-prevention'))
|
191 |
+
{
|
192 |
+
$aio_wp_security->debug_logger->log_debug("Nonce check failed on enable cookie based brute force prevention feature!",4);
|
193 |
+
die("Nonce check failed on enable cookie based brute force prevention feature!");
|
194 |
+
}
|
195 |
+
|
196 |
+
if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))
|
197 |
+
{
|
198 |
+
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
|
199 |
+
if(empty($brute_force_feature_secret_word)){
|
200 |
+
$brute_force_feature_secret_word = "aiowps_secret";
|
201 |
+
}else if(!ctype_alnum($brute_force_feature_secret_word)){
|
202 |
+
$msg = '<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!', 'aiowpsecurity').'</p>';
|
203 |
+
$error = true;
|
204 |
+
}
|
205 |
+
|
206 |
+
if(filter_var($_POST['aiowps_cookie_based_brute_force_redirect_url'], FILTER_VALIDATE_URL))
|
207 |
+
{
|
208 |
+
$aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url',esc_url_raw($_POST['aiowps_cookie_based_brute_force_redirect_url']));
|
209 |
+
}
|
210 |
+
else
|
211 |
+
{
|
212 |
+
$aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
|
213 |
+
}
|
214 |
+
|
215 |
+
$aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','1');
|
216 |
+
|
217 |
+
if (!$error)
|
218 |
+
{
|
219 |
+
$aio_wp_security->configs->set_value('aiowps_brute_force_secret_word',$brute_force_feature_secret_word);
|
220 |
+
$msg = '<p>'.__('You have successfully enabled the cookie based brute force prevention feature', 'aiowpsecurity').'</p>';
|
221 |
+
$msg .= '<p>'.__('From now on you will need to log into your WP Admin using the following URL:', 'aiowpsecurity').'</p>';
|
222 |
+
$msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
|
223 |
+
$msg .= '<p>'.__('It is important that you save this URL value somewhere in case you forget it, OR,', 'aiowpsecurity').'</p>';
|
224 |
+
$msg .= '<p>'.sprintf( __('simply remember to add a "?%s=1" to your current site URL address.', 'aiowpsecurity'), $brute_force_feature_secret_word).'</p>';
|
225 |
+
}
|
226 |
+
}
|
227 |
+
else
|
228 |
+
{
|
229 |
+
$aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','');
|
230 |
+
$msg = __('You have successfully saved cookie based brute force prevention feature settings.', 'aiowpsecurity');
|
231 |
+
}
|
232 |
+
|
233 |
+
if(isset($_POST['aiowps_brute_force_attack_prevention_pw_protected_exception']))
|
234 |
+
{
|
235 |
+
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','1');
|
236 |
+
}
|
237 |
+
else
|
238 |
+
{
|
239 |
+
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');
|
240 |
+
}
|
241 |
+
|
242 |
+
if(isset($_POST['aiowps_brute_force_attack_prevention_ajax_exception']))
|
243 |
+
{
|
244 |
+
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','1');
|
245 |
+
}
|
246 |
+
else
|
247 |
+
{
|
248 |
+
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');
|
249 |
+
}
|
250 |
+
|
251 |
+
if (!$error)
|
252 |
+
{
|
253 |
+
$aio_wp_security->configs->save_config();//save the value
|
254 |
+
|
255 |
+
//Recalculate points after the feature status/options have been altered
|
256 |
+
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
|
257 |
+
|
258 |
+
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
|
259 |
+
if ($res){
|
260 |
+
echo '<div id="message" class="updated fade"><p>';
|
261 |
+
echo $msg;
|
262 |
+
echo '</p></div>';
|
263 |
+
}
|
264 |
+
else if($res == -1){
|
265 |
+
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
|
266 |
+
}
|
267 |
+
}
|
268 |
+
else
|
269 |
+
{
|
270 |
+
$this->show_msg_error($msg);
|
271 |
+
}
|
272 |
+
}
|
273 |
+
|
274 |
+
?>
|
275 |
+
<h2><?php _e('Brute Force Prevention Firewall Settings', 'aiowpsecurity')?></h2>
|
276 |
+
|
277 |
+
<div class="aio_blue_box">
|
278 |
+
<?php
|
279 |
+
//TODO - need to fix the following message
|
280 |
+
echo '<p>'.__('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'aiowpsecurity').
|
281 |
+
'<br />'.__('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'aiowpsecurity').
|
282 |
+
'<br />'.__('The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.', 'aiowpsecurity').'</p>';
|
283 |
+
?>
|
284 |
+
</div>
|
285 |
+
<div class="aio_yellow_box">
|
286 |
+
<?php
|
287 |
+
$backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
|
288 |
+
$video_link = '<a href="http://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994" target="_blank">video tutorial</a>';
|
289 |
+
$info_msg = sprintf( __('Even though this feature should not have any impact on your site\'s general functionality <strong>you are strongly encouraged to take a %s of your .htaccess file before proceeding</strong>.', 'aiowpsecurity'), $backup_tab_link);
|
290 |
+
$info_msg1 = __('If this feature is not used correctly, you can get locked out of your site. A backed up .htaccess file will come in handy if that happens.', 'aiowpsecurity');
|
291 |
+
$info_msg2 = sprintf( __('To learn more about how to use this feature please watch the following %s.', 'aiowpsecurity'), $video_link);
|
292 |
+
$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
|
293 |
+
echo '<p>'.$info_msg.
|
294 |
+
'<br />'.$info_msg1.
|
295 |
+
'<br />'.$info_msg2.'</p>';
|
296 |
+
?>
|
297 |
+
</div>
|
298 |
+
|
299 |
+
<div class="postbox">
|
300 |
+
<h3><label for="title"><?php _e('Cookie Based Brute Force Login Prevention', 'aiowpsecurity'); ?></label></h3>
|
301 |
+
<div class="inside">
|
302 |
+
<?php
|
303 |
+
//Display security info badge
|
304 |
+
global $aiowps_feature_mgr;
|
305 |
+
$aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
|
306 |
+
?>
|
307 |
+
<form action="" method="POST">
|
308 |
+
<?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
|
309 |
+
<table class="form-table">
|
310 |
+
<tr valign="top">
|
311 |
+
<th scope="row"><?php _e('Enable Brute Force Attack Prevention', 'aiowpsecurity')?>:</th>
|
312 |
+
<td>
|
313 |
+
<input name="aiowps_enable_brute_force_attack_prevention" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1') echo ' checked="checked"'; ?> value="1"/>
|
314 |
+
<span class="description"><?php _e('Check this if you want to protect your login page from Brute Force Attack.', 'aiowpsecurity'); ?></span>
|
315 |
+
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
316 |
+
<div class="aiowps_more_info_body">
|
317 |
+
<p class="description">
|
318 |
+
<?php
|
319 |
+
_e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'aiowpsecurity');
|
320 |
+
echo '<br />';
|
321 |
+
_e('To use this feature do the following:', 'aiowpsecurity');
|
322 |
+
echo '<br />';
|
323 |
+
_e('1) Enable the checkbox.', 'aiowpsecurity');
|
324 |
+
echo '<br />';
|
325 |
+
_e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'aiowpsecurity');
|
326 |
+
echo '<br />';
|
327 |
+
_e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'aiowpsecurity');
|
328 |
+
echo '<br />';
|
329 |
+
_e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'aiowpsecurity');
|
330 |
+
?>
|
331 |
+
</p>
|
332 |
+
</div>
|
333 |
+
</td>
|
334 |
+
</tr>
|
335 |
+
<tr valign="top">
|
336 |
+
<th scope="row"><?php _e('Secret Word', 'aiowpsecurity')?>:</th>
|
337 |
+
<td><input type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>" />
|
338 |
+
<span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'aiowpsecurity'); ?></span>
|
339 |
+
</td>
|
340 |
+
</tr>
|
341 |
+
<tr valign="top">
|
342 |
+
<th scope="row"><?php _e('Re-direct URL', 'aiowpsecurity')?>:</th>
|
343 |
+
<td><input type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" />
|
344 |
+
<span class="description">
|
345 |
+
<?php
|
346 |
+
_e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'aiowpsecurity');
|
347 |
+
?>
|
348 |
+
</span>
|
349 |
+
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
350 |
+
<div class="aiowps_more_info_body">
|
351 |
+
<p class="description">
|
352 |
+
<?php
|
353 |
+
_e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.', 'aiowpsecurity');
|
354 |
+
echo '<br />';
|
355 |
+
_e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'aiowpsecurity');
|
356 |
+
echo '<br />';
|
357 |
+
_e('Useful Tip:', 'aiowpsecurity');
|
358 |
+
echo '<br />';
|
359 |
+
_e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'aiowpsecurity');
|
360 |
+
echo '<br />';
|
361 |
+
_e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'aiowpsecurity');
|
362 |
+
?>
|
363 |
+
</p>
|
364 |
+
</div>
|
365 |
+
</td>
|
366 |
+
</tr>
|
367 |
+
<tr valign="top">
|
368 |
+
<th scope="row"><?php _e('My Site Has Posts Or Pages Which Are Password Protected', 'aiowpsecurity')?>:</th>
|
369 |
+
<td>
|
370 |
+
<input name="aiowps_brute_force_attack_prevention_pw_protected_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
|
371 |
+
<span class="description"><?php _e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'aiowpsecurity'); ?></span>
|
372 |
+
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
373 |
+
<div class="aiowps_more_info_body">
|
374 |
+
<p class="description">
|
375 |
+
<?php
|
376 |
+
_e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added to your .htacces file so that people trying to access pages are not automatically blocked.', 'aiowpsecurity');
|
377 |
+
echo '<br />';
|
378 |
+
_e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that people trying to access these pages are not automatically blocked.', 'aiowpsecurity');
|
379 |
+
echo '<br />';
|
380 |
+
echo "<strong>".__('Helpful Tip:', 'aiowpsecurity')."</strong>";
|
381 |
+
echo '<br />';
|
382 |
+
_e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'aiowpsecurity');
|
383 |
+
?>
|
384 |
+
</p>
|
385 |
+
</div>
|
386 |
+
</td>
|
387 |
+
</tr>
|
388 |
+
<tr valign="top">
|
389 |
+
<th scope="row"><?php _e('My Site Has a Theme or Plugins Which Use AJAX', 'aiowpsecurity')?>:</th>
|
390 |
+
<td>
|
391 |
+
<input name="aiowps_brute_force_attack_prevention_ajax_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
|
392 |
+
<span class="description"><?php _e('Check this if your site uses AJAX functionality.', 'aiowpsecurity'); ?></span>
|
393 |
+
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
394 |
+
<div class="aiowps_more_info_body">
|
395 |
+
<p class="description">
|
396 |
+
<?php
|
397 |
+
_e('In the cases where your WordPress installation has a theme or plugins which use AJAX, a few extra lines of directives and exceptions need to be added to your .htacces file to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'aiowpsecurity');
|
398 |
+
echo '<br />';
|
399 |
+
_e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that AJAX operations will work as expected.', 'aiowpsecurity');
|
400 |
+
?>
|
401 |
+
</p>
|
402 |
+
</div>
|
403 |
+
</td>
|
404 |
+
</tr>
|
405 |
+
</table>
|
406 |
+
<?php
|
407 |
+
$cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
|
408 |
+
$bfla_feature_enabled = $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
|
409 |
+
if($cookie_test_value == '1' || $bfla_feature_enabled == '1')//If the cookie test is successful or if the feature is already enabled then go ahead as normal
|
410 |
+
{
|
411 |
+
if (isset($_REQUEST['aiowps_cookie_test']))
|
412 |
+
{//Cookie test was just performed and the test succeded
|
413 |
+
echo '<div class="aio_green_box"><p>';
|
414 |
+
_e('The cookie test was successful. You can now enable this feature.', 'aiowpsecurity');
|
415 |
+
echo '</p></div>';
|
416 |
+
}
|
417 |
+
echo '<input type="submit" name="aiowps_apply_cookie_based_bruteforce_firewall" value="'.__('Save Feature Settings', 'aiowpsecurity').'" class="button-primary" />';
|
418 |
+
}
|
419 |
+
else
|
420 |
+
{
|
421 |
+
//Cookie test needs to be performed
|
422 |
+
if(isset($_REQUEST['aiowps_cookie_test']) && $cookie_test_value != '1'){//Test failed
|
423 |
+
echo '<div class="aio_red_box"><p>';
|
424 |
+
_e('The cookie test failed on this server. So this feature cannot be used on this site.', 'aiowpsecurity');
|
425 |
+
echo '</p></div>';
|
426 |
+
}
|
427 |
+
|
428 |
+
echo '<div class="aio_yellow_box"><p>';
|
429 |
+
_e("Before using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won't lock yourself out.", 'aiowpsecurity');
|
430 |
+
echo '</p></div>';
|
431 |
+
echo '<input type="submit" name="aiowps_do_cookie_test_for_bfla" value="'.__('Perform Cookie Test', 'aiowpsecurity').'" class="button-primary" />';
|
432 |
+
}
|
433 |
+
?>
|
434 |
+
</form>
|
435 |
+
</div></div>
|
436 |
+
<?php
|
437 |
+
}
|
438 |
+
|
439 |
+
function render_tab3()
|
440 |
+
{
|
441 |
+
global $aio_wp_security;
|
442 |
+
global $aiowps_feature_mgr;
|
443 |
+
|
444 |
+
if(isset($_POST['aiowpsec_save_captcha_settings']))//Do form submission tasks
|
445 |
+
{
|
446 |
+
$error = '';
|
447 |
+
$nonce=$_REQUEST['_wpnonce'];
|
448 |
+
if (!wp_verify_nonce($nonce, 'aiowpsec-captcha-settings-nonce'))
|
449 |
+
{
|
450 |
+
$aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!",4);
|
451 |
+
die("Nonce check failed on captcha settings save!");
|
452 |
+
}
|
453 |
+
|
454 |
+
|
455 |
+
//Save all the form values to the options
|
456 |
+
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
|
457 |
+
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
|
458 |
+
$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
|
459 |
+
$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
|
460 |
+
$aio_wp_security->configs->save_config();
|
461 |
+
|
462 |
+
//Recalculate points after the feature status/options have been altered
|
463 |
+
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
|
464 |
+
|
465 |
+
$this->show_msg_settings_updated();
|
466 |
+
}
|
467 |
+
?>
|
468 |
+
<div class="aio_blue_box">
|
469 |
+
<?php
|
470 |
+
echo '<p>'.__('This feature allows you to add a captcha form on the WordPress login page.', 'aiowpsecurity').'
|
471 |
+
<br />'.__('Users who attempt to login will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them login even if they entered the correct username and password.', 'aiowpsecurity').'
|
472 |
+
<br />'.__('Therefore, adding a captcha form on the login page is another effective yet simple "Brute Force" prevention technique.', 'aiowpsecurity').'
|
473 |
+
</p>';
|
474 |
+
?>
|
475 |
+
</div>
|
476 |
+
<form action="" method="POST">
|
477 |
+
<div class="postbox">
|
478 |
+
<h3><label for="title"><?php _e('Login Form Captcha Settings', 'aiowpsecurity'); ?></label></h3>
|
479 |
+
<div class="inside">
|
480 |
+
<?php
|
481 |
+
//Display security info badge
|
482 |
+
global $aiowps_feature_mgr;
|
483 |
+
$aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
|
484 |
+
?>
|
485 |
+
|
486 |
+
<?php wp_nonce_field('aiowpsec-captcha-settings-nonce'); ?>
|
487 |
+
<table class="form-table">
|
488 |
+
<tr valign="top">
|
489 |
+
<th scope="row"><?php _e('Enable Captcha On Login Page', 'aiowpsecurity')?>:</th>
|
490 |
+
<td>
|
491 |
+
<input name="aiowps_enable_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
|
492 |
+
<span class="description"><?php _e('Check this if you want to insert a captcha form on the login page', 'aiowpsecurity'); ?></span>
|
493 |
+
</td>
|
494 |
+
</tr>
|
495 |
+
</table>
|
496 |
+
</div></div>
|
497 |
+
<div class="postbox">
|
498 |
+
<h3><label for="title"><?php _e('Lost Password Form Captcha Settings', 'aiowpsecurity'); ?></label></h3>
|
499 |
+
<div class="inside">
|
500 |
+
<?php
|
501 |
+
//Display security info badge
|
502 |
+
global $aiowps_feature_mgr;
|
503 |
+
$aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
|
504 |
+
?>
|
505 |
+
|
506 |
+
<table class="form-table">
|
507 |
+
<tr valign="top">
|
508 |
+
<th scope="row"><?php _e('Enable Captcha On Lost Password Page', 'aiowpsecurity')?>:</th>
|
509 |
+
<td>
|
510 |
+
<input name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
|
511 |
+
<span class="description"><?php _e('Check this if you want to insert a captcha form on the lost password page', 'aiowpsecurity'); ?></span>
|
512 |
+
</td>
|
513 |
+
</tr>
|
514 |
+
</table>
|
515 |
+
</div></div>
|
516 |
+
<input type="submit" name="aiowpsec_save_captcha_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
|
517 |
+
</form>
|
518 |
+
<?php
|
519 |
+
}
|
520 |
+
|
521 |
+
function render_tab4()
|
522 |
+
{
|
523 |
+
global $aio_wp_security;
|
524 |
+
global $aiowps_feature_mgr;
|
525 |
+
$result = 1;
|
526 |
+
$your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
|
527 |
+
if (isset($_POST['aiowps_save_whitelist_settings']))
|
528 |
+
{
|
529 |
+
$nonce=$_REQUEST['_wpnonce'];
|
530 |
+
if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce'))
|
531 |
+
{
|
532 |
+
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings!",4);
|
533 |
+
die(__('Nonce check failed for save whitelist settings!','aiowpsecurity'));
|
534 |
+
}
|
535 |
+
|
536 |
+
if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses']))
|
537 |
+
{
|
538 |
+
$this->show_msg_error('You must submit at least one IP address!','aiowpsecurity');
|
539 |
+
}
|
540 |
+
else
|
541 |
+
{
|
542 |
+
if (!empty($_POST['aiowps_allowed_ip_addresses']))
|
543 |
+
{
|
544 |
+
$ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
|
545 |
+
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
|
546 |
+
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
|
547 |
+
if($payload[0] == 1){
|
548 |
+
//success case
|
549 |
+
$result = 1;
|
550 |
+
$list = $payload[1];
|
551 |
+
$banned_ip_data = implode(PHP_EOL, $list);
|
552 |
+
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$banned_ip_data);
|
553 |
+
$_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
|
554 |
+
}
|
555 |
+
else{
|
556 |
+
$result = -1;
|
557 |
+
$error_msg = $payload[1][0];
|
558 |
+
$this->show_msg_error($error_msg);
|
559 |
+
}
|
560 |
+
|
561 |
+
}
|
562 |
+
else
|
563 |
+
{
|
564 |
+
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',''); //Clear the IP address config value
|
565 |
+
}
|
566 |
+
|
567 |
+
if ($result == 1)
|
568 |
+
{
|
569 |
+
$aio_wp_security->configs->set_value('aiowps_enable_whitelisting',isset($_POST["aiowps_enable_whitelisting"])?'1':'');
|
570 |
+
$aio_wp_security->configs->save_config(); //Save the configuration
|
571 |
+
|
572 |
+
//Recalculate points after the feature status/options have been altered
|
573 |
+
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
|
574 |
+
|
575 |
+
$this->show_msg_settings_updated();
|
576 |
+
|
577 |
+
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
|
578 |
+
if ($write_result == -1)
|
579 |
+
{
|
580 |
+
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','aiowpsecurity'));
|
581 |
+
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
|
582 |
+
}
|
583 |
+
}
|
584 |
+
}
|
585 |
+
}
|
586 |
+
?>
|
587 |
+
<h2><?php _e('Login Whitelist', 'aiowpsecurity')?></h2>
|
588 |
+
<div class="aio_blue_box">
|
589 |
+
<?php
|
590 |
+
echo '<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'aiowpsecurity').'
|
591 |
+
<br />'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'aiowpsecurity').'
|
592 |
+
<br />'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'aiowpsecurity').'
|
593 |
+
<br />'.__('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'aiowpsecurity').'
|
594 |
+
</p>';
|
595 |
+
?>
|
596 |
+
</div>
|
597 |
+
<div class="aio_yellow_box">
|
598 |
+
<?php
|
599 |
+
$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
|
600 |
+
echo '<p>'.sprintf( __('Attention: If in addition to enabling the white list feature, you also have the %s feature enabled, <strong>you will still need to use your secret word in the URL when trying to access your WordPress login page</strong>.', 'aiowpsecurity'), $brute_force_login_feature_link).'</p>
|
601 |
+
<p>'.__('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'aiowpsecurity').'</p>';
|
602 |
+
?>
|
603 |
+
</div>
|
604 |
+
|
605 |
+
<div class="postbox">
|
606 |
+
<h3><label for="title"><?php _e('Login IP Whitelist Settings', 'aiowpsecurity'); ?></label></h3>
|
607 |
+
<div class="inside">
|
608 |
+
<?php
|
609 |
+
//Display security info badge
|
610 |
+
global $aiowps_feature_mgr;
|
611 |
+
$aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
|
612 |
+
?>
|
613 |
+
<form action="" method="POST">
|
614 |
+
<?php wp_nonce_field('aiowpsec-whitelist-settings-nonce'); ?>
|
615 |
+
<table class="form-table">
|
616 |
+
<tr valign="top">
|
617 |
+
<th scope="row"><?php _e('Enable IP Whitelisting', 'aiowpsecurity')?>:</th>
|
618 |
+
<td>
|
619 |
+
<input name="aiowps_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
|
620 |
+
<span class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'aiowpsecurity'); ?></span>
|
621 |
+
</td>
|
622 |
+
</tr>
|
623 |
+
<tr valign="top">
|
624 |
+
<th scope="row"><?php _e('Your Current IP Address', 'aiowpsecurity')?>:</th>
|
625 |
+
<td>
|
626 |
+
<input size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
|
627 |
+
<span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'aiowpsecurity'); ?></span>
|
628 |
+
</td>
|
629 |
+
</tr>
|
630 |
+
<tr valign="top">
|
631 |
+
<th scope="row"><?php _e('Enter Whitelisted IP Addresses:', 'aiowpsecurity')?></th>
|
632 |
+
<td>
|
633 |
+
<textarea name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?$_POST['aiowps_allowed_ip_addresses']:$aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'); ?></textarea>
|
634 |
+
<br />
|
635 |
+
<span class="description"><?php _e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.','aiowpsecurity');?></span>
|
636 |
+
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
637 |
+
<div class="aiowps_more_info_body">
|
638 |
+
<?php
|
639 |
+
echo '<p class="description">'.__('Each IP address must be on a new line.', 'aiowpsecurity').'</p>';
|
640 |
+
echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'aiowpsecurity').'</p>';
|
641 |
+
echo '<p class="description">'.__('Example 1: 195.47.89.*', 'aiowpsecurity').'</p>';
|
642 |
+
echo '<p class="description">'.__('Example 2: 195.47.*.*', 'aiowpsecurity').'</p>';
|
643 |
+
echo '<p class="description">'.__('Example 3: 195.*.*.*', 'aiowpsecurity').'</p>';
|
644 |
+
?>
|
645 |
+
</div>
|
646 |
+
|
647 |
+
</td>
|
648 |
+
</tr>
|
649 |
+
</table>
|
650 |
+
<input type="submit" name="aiowps_save_whitelist_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
|
651 |
+
</form>
|
652 |
+
</div></div>
|
653 |
+
<?php
|
654 |
}
|
655 |
|
656 |
} //end class
|
admin/wp-security-database-menu.php
CHANGED
@@ -382,7 +382,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
|
|
382 |
echo ($info_msg_string);
|
383 |
|
384 |
//Do a back of the config file
|
385 |
-
if(!AIOWPSecurity_Utility_File::
|
386 |
{
|
387 |
echo '<div class="aio_red_box"><p>'.__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity').'</p></div>';
|
388 |
return;
|
382 |
echo ($info_msg_string);
|
383 |
|
384 |
//Do a back of the config file
|
385 |
+
if(!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file))
|
386 |
{
|
387 |
echo '<div class="aio_red_box"><p>'.__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity').'</p></div>';
|
388 |
return;
|
admin/wp-security-filescan-menu.php
CHANGED
@@ -86,6 +86,14 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
86 |
$this->display_last_scan_results();
|
87 |
}
|
88 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
89 |
if (isset($_POST['aiowps_manual_fcd_scan']))
|
90 |
{
|
91 |
$nonce=$_REQUEST['_wpnonce'];
|
@@ -100,12 +108,9 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
100 |
if ($result['initial_scan'] == 1)
|
101 |
{
|
102 |
$this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans!','aiowpsecurity'));
|
|
|
|
|
103 |
}
|
104 |
-
// else
|
105 |
-
// {
|
106 |
-
// $aio_wp_security->debug_logger->log_debug("Manual File Change Detection scan operation failed!",4);
|
107 |
-
// $this->show_msg_error(__('Manual File Change Detection scan operation failed!','aiowpsecurity'));
|
108 |
-
// }
|
109 |
}
|
110 |
|
111 |
if(isset($_POST['aiowps_schedule_fcd_scan']))//Do form submission tasks
|
@@ -236,6 +241,19 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
236 |
</form>
|
237 |
</div></div>
|
238 |
<div class="postbox">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
239 |
<h3><label for="title"><?php _e('File Change Detection Settings', 'aiowpsecurity'); ?></label></h3>
|
240 |
<div class="inside">
|
241 |
<?php
|
@@ -348,12 +366,15 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
348 |
$scan_db_data = $wpdb->get_row($query, ARRAY_A);
|
349 |
if ($scan_db_data === NULL)
|
350 |
{
|
351 |
-
//TODO: Failure scenario
|
352 |
$aio_wp_security->debug_logger->log_debug("display_last_scan_results() - DB query for scan results data from global meta table returned NULL!",4);
|
353 |
-
return;
|
354 |
}
|
355 |
$date_last_scan = $scan_db_data['date_time'];
|
356 |
$scan_results_unserialized = maybe_unserialize($scan_db_data['meta_value5']);
|
|
|
|
|
|
|
|
|
357 |
?>
|
358 |
<div class="postbox">
|
359 |
<h3><label for="title"><?php _e('Latest File Change Scan Results', 'aiowpsecurity'); ?></label></h3>
|
86 |
$this->display_last_scan_results();
|
87 |
}
|
88 |
|
89 |
+
if (isset($_POST['aiowps_view_last_fcd_results']))
|
90 |
+
{
|
91 |
+
//Display the last scan results
|
92 |
+
if (!$this->display_last_scan_results()){
|
93 |
+
$this->show_msg_updated(__('There have been no file changes since the last scan.', 'aiowpsecurity'));
|
94 |
+
}
|
95 |
+
}
|
96 |
+
|
97 |
if (isset($_POST['aiowps_manual_fcd_scan']))
|
98 |
{
|
99 |
$nonce=$_REQUEST['_wpnonce'];
|
108 |
if ($result['initial_scan'] == 1)
|
109 |
{
|
110 |
$this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans!','aiowpsecurity'));
|
111 |
+
}else if(!$aio_wp_security->configs->get_value('aiowps_fcds_change_detected')){
|
112 |
+
$this->show_msg_updated(__('Scan Complete - There were no file changes detected!', 'aiowpsecurity'));
|
113 |
}
|
|
|
|
|
|
|
|
|
|
|
114 |
}
|
115 |
|
116 |
if(isset($_POST['aiowps_schedule_fcd_scan']))//Do form submission tasks
|
241 |
</form>
|
242 |
</div></div>
|
243 |
<div class="postbox">
|
244 |
+
<h3><label for="title"><?php _e('View Last Saved File Change Results', 'aiowpsecurity'); ?></label></h3>
|
245 |
+
<div class="inside">
|
246 |
+
<form action="" method="POST">
|
247 |
+
<?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>
|
248 |
+
<table class="form-table">
|
249 |
+
<tr valign="top">
|
250 |
+
<span class="description"><?php _e('Click the button below to view the saved file change results from the last scan.', 'aiowpsecurity'); ?></span>
|
251 |
+
</tr>
|
252 |
+
</table>
|
253 |
+
<input type="submit" name="aiowps_view_last_fcd_results" value="<?php _e('View Last File Change', 'aiowpsecurity')?>" class="button-primary" />
|
254 |
+
</form>
|
255 |
+
</div></div>
|
256 |
+
<div class="postbox">
|
257 |
<h3><label for="title"><?php _e('File Change Detection Settings', 'aiowpsecurity'); ?></label></h3>
|
258 |
<div class="inside">
|
259 |
<?php
|
366 |
$scan_db_data = $wpdb->get_row($query, ARRAY_A);
|
367 |
if ($scan_db_data === NULL)
|
368 |
{
|
|
|
369 |
$aio_wp_security->debug_logger->log_debug("display_last_scan_results() - DB query for scan results data from global meta table returned NULL!",4);
|
370 |
+
return FALSE;
|
371 |
}
|
372 |
$date_last_scan = $scan_db_data['date_time'];
|
373 |
$scan_results_unserialized = maybe_unserialize($scan_db_data['meta_value5']);
|
374 |
+
if (empty($scan_results_unserialized['files_added']) && empty($scan_results_unserialized['files_removed']) && empty($scan_results_unserialized['files_changed'])){
|
375 |
+
//No file change detected
|
376 |
+
return FALSE;
|
377 |
+
}
|
378 |
?>
|
379 |
<div class="postbox">
|
380 |
<h3><label for="title"><?php _e('Latest File Change Scan Results', 'aiowpsecurity'); ?></label></h3>
|
admin/wp-security-firewall-menu.php
CHANGED
@@ -11,7 +11,6 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
11 |
'tab1' => 'render_tab1',
|
12 |
'tab2' => 'render_tab2',
|
13 |
'tab3' => 'render_tab3',
|
14 |
-
'tab4' => 'render_tab4',
|
15 |
);
|
16 |
|
17 |
function __construct()
|
@@ -25,7 +24,6 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
25 |
'tab1' => __('Basic Firewall Rules', 'aiowpsecurity'),
|
26 |
'tab2' => __('Additional Firewall Rules', 'aiowpsecurity'),
|
27 |
'tab3' => __('5G Blacklist Firewall Rules', 'aiowpsecurity'),
|
28 |
-
'tab4' => __('Brute Force Prevention', 'aiowpsecurity'),
|
29 |
);
|
30 |
}
|
31 |
|
@@ -544,265 +542,5 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
544 |
</div></div>
|
545 |
<?php
|
546 |
}
|
547 |
-
|
548 |
-
function render_tab4()
|
549 |
-
{
|
550 |
-
global $aio_wp_security;
|
551 |
-
global $aiowps_feature_mgr;
|
552 |
-
$error = false;
|
553 |
-
|
554 |
-
//Save settings for brute force cookie method
|
555 |
-
if(isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall']))
|
556 |
-
{
|
557 |
-
$nonce=$_REQUEST['_wpnonce'];
|
558 |
-
if (!wp_verify_nonce($nonce, 'aiowpsec-enable-cookie-based-brute-force-prevention'))
|
559 |
-
{
|
560 |
-
$aio_wp_security->debug_logger->log_debug("Nonce check failed on enable cookie based brute force prevention feature!",4);
|
561 |
-
die("Nonce check failed on enable cookie based brute force prevention feature!");
|
562 |
-
}
|
563 |
-
|
564 |
-
if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))
|
565 |
-
{
|
566 |
-
$brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
|
567 |
-
if(empty($brute_force_feature_secret_word)){
|
568 |
-
$brute_force_feature_secret_word = "aiowps_secret";
|
569 |
-
}else if(!ctype_alnum($brute_force_feature_secret_word)){
|
570 |
-
$msg = '<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!', 'aiowpsecurity').'</p>';
|
571 |
-
$error = true;
|
572 |
-
}
|
573 |
-
|
574 |
-
if(filter_var($_POST['aiowps_cookie_based_brute_force_redirect_url'], FILTER_VALIDATE_URL))
|
575 |
-
{
|
576 |
-
$aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url',esc_url_raw($_POST['aiowps_cookie_based_brute_force_redirect_url']));
|
577 |
-
}
|
578 |
-
else
|
579 |
-
{
|
580 |
-
$aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
|
581 |
-
}
|
582 |
-
|
583 |
-
$aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','1');
|
584 |
-
|
585 |
-
if (!$error)
|
586 |
-
{
|
587 |
-
$aio_wp_security->configs->set_value('aiowps_brute_force_secret_word',$brute_force_feature_secret_word);
|
588 |
-
$msg = '<p>'.__('You have successfully enabled the cookie based brute force prevention feature', 'aiowpsecurity').'</p>';
|
589 |
-
$msg .= '<p>'.__('From now on you will need to log into your WP Admin using the following URL:', 'aiowpsecurity').'</p>';
|
590 |
-
$msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
|
591 |
-
$msg .= '<p>'.__('It is important that you save this URL value somewhere in case you forget it, OR,', 'aiowpsecurity').'</p>';
|
592 |
-
$msg .= '<p>'.sprintf( __('simply remember to add a "?%s=1" to your current site URL address.', 'aiowpsecurity'), $brute_force_feature_secret_word).'</p>';
|
593 |
-
}
|
594 |
-
}
|
595 |
-
else
|
596 |
-
{
|
597 |
-
$aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','');
|
598 |
-
$msg = __('You have successfully saved cookie based brute force prevention feature settings.', 'aiowpsecurity');
|
599 |
-
}
|
600 |
-
|
601 |
-
if(isset($_POST['aiowps_brute_force_attack_prevention_pw_protected_exception']))
|
602 |
-
{
|
603 |
-
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','1');
|
604 |
-
}
|
605 |
-
else
|
606 |
-
{
|
607 |
-
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');
|
608 |
-
}
|
609 |
-
|
610 |
-
if(isset($_POST['aiowps_brute_force_attack_prevention_ajax_exception']))
|
611 |
-
{
|
612 |
-
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','1');
|
613 |
-
}
|
614 |
-
else
|
615 |
-
{
|
616 |
-
$aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');
|
617 |
-
}
|
618 |
-
|
619 |
-
if (!$error)
|
620 |
-
{
|
621 |
-
$aio_wp_security->configs->save_config();//save the value
|
622 |
-
|
623 |
-
//Recalculate points after the feature status/options have been altered
|
624 |
-
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
|
625 |
-
|
626 |
-
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
|
627 |
-
if ($res){
|
628 |
-
echo '<div id="message" class="updated fade"><p>';
|
629 |
-
echo $msg;
|
630 |
-
echo '</p></div>';
|
631 |
-
}
|
632 |
-
else if($res == -1){
|
633 |
-
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'aiowpsecurity'));
|
634 |
-
}
|
635 |
-
}
|
636 |
-
else
|
637 |
-
{
|
638 |
-
$this->show_msg_error($msg);
|
639 |
-
}
|
640 |
-
}
|
641 |
-
|
642 |
-
?>
|
643 |
-
<h2><?php _e('Brute Force Prevention Firewall Settings', 'aiowpsecurity')?></h2>
|
644 |
-
|
645 |
-
<div class="aio_blue_box">
|
646 |
-
<?php
|
647 |
-
//TODO - need to fix the following message
|
648 |
-
echo '<p>'.__('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'aiowpsecurity').
|
649 |
-
'<br />'.__('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'aiowpsecurity').
|
650 |
-
'<br />'.__('The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.', 'aiowpsecurity').'</p>';
|
651 |
-
?>
|
652 |
-
</div>
|
653 |
-
<div class="aio_yellow_box">
|
654 |
-
<?php
|
655 |
-
$backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">backup</a>';
|
656 |
-
$video_link = '<a href="http://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994" target="_blank">video tutorial</a>';
|
657 |
-
$info_msg = sprintf( __('Even though this feature should not have any impact on your site\'s general functionality <strong>you are strongly encouraged to take a %s of your .htaccess file before proceeding</strong>.', 'aiowpsecurity'), $backup_tab_link);
|
658 |
-
$info_msg1 = __('If this feature is not used correctly, you can get locked out of your site. A backup file will come in handy if that happens.', 'aiowpsecurity');
|
659 |
-
$info_msg2 = sprintf( __('To learn more about how to use this feature please watch the following %s.', 'aiowpsecurity'), $video_link);
|
660 |
-
$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
|
661 |
-
echo '<p>'.$info_msg.
|
662 |
-
'<br />'.$info_msg1.
|
663 |
-
'<br />'.$info_msg2.'</p>';
|
664 |
-
?>
|
665 |
-
</div>
|
666 |
-
|
667 |
-
<div class="postbox">
|
668 |
-
<h3><label for="title"><?php _e('Cookie Based Brute Force Login Prevention', 'aiowpsecurity'); ?></label></h3>
|
669 |
-
<div class="inside">
|
670 |
-
<?php
|
671 |
-
//Display security info badge
|
672 |
-
global $aiowps_feature_mgr;
|
673 |
-
$aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
|
674 |
-
?>
|
675 |
-
<form action="" method="POST">
|
676 |
-
<?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
|
677 |
-
<table class="form-table">
|
678 |
-
<tr valign="top">
|
679 |
-
<th scope="row"><?php _e('Enable Brute Force Attack Prevention', 'aiowpsecurity')?>:</th>
|
680 |
-
<td>
|
681 |
-
<input name="aiowps_enable_brute_force_attack_prevention" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1') echo ' checked="checked"'; ?> value="1"/>
|
682 |
-
<span class="description"><?php _e('Check this if you want to protect your login page from Brute Force Attack.', 'aiowpsecurity'); ?></span>
|
683 |
-
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
684 |
-
<div class="aiowps_more_info_body">
|
685 |
-
<p class="description">
|
686 |
-
<?php
|
687 |
-
_e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'aiowpsecurity');
|
688 |
-
echo '<br />';
|
689 |
-
_e('To use this feature do the following:', 'aiowpsecurity');
|
690 |
-
echo '<br />';
|
691 |
-
_e('1) Enable the checkbox.', 'aiowpsecurity');
|
692 |
-
echo '<br />';
|
693 |
-
_e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'aiowpsecurity');
|
694 |
-
echo '<br />';
|
695 |
-
_e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'aiowpsecurity');
|
696 |
-
echo '<br />';
|
697 |
-
_e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'aiowpsecurity');
|
698 |
-
?>
|
699 |
-
</p>
|
700 |
-
</div>
|
701 |
-
</td>
|
702 |
-
</tr>
|
703 |
-
<tr valign="top">
|
704 |
-
<th scope="row"><?php _e('Secret Word', 'aiowpsecurity')?>:</th>
|
705 |
-
<td><input type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>" />
|
706 |
-
<span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'aiowpsecurity'); ?></span>
|
707 |
-
</td>
|
708 |
-
</tr>
|
709 |
-
<tr valign="top">
|
710 |
-
<th scope="row"><?php _e('Re-direct URL', 'aiowpsecurity')?>:</th>
|
711 |
-
<td><input type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" />
|
712 |
-
<span class="description">
|
713 |
-
<?php
|
714 |
-
_e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'aiowpsecurity');
|
715 |
-
?>
|
716 |
-
</span>
|
717 |
-
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
718 |
-
<div class="aiowps_more_info_body">
|
719 |
-
<p class="description">
|
720 |
-
<?php
|
721 |
-
_e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.', 'aiowpsecurity');
|
722 |
-
echo '<br />';
|
723 |
-
_e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'aiowpsecurity');
|
724 |
-
echo '<br />';
|
725 |
-
_e('Useful Tip:', 'aiowpsecurity');
|
726 |
-
echo '<br />';
|
727 |
-
_e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'aiowpsecurity');
|
728 |
-
echo '<br />';
|
729 |
-
_e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'aiowpsecurity');
|
730 |
-
?>
|
731 |
-
</p>
|
732 |
-
</div>
|
733 |
-
</td>
|
734 |
-
</tr>
|
735 |
-
<tr valign="top">
|
736 |
-
<th scope="row"><?php _e('My Site Has Posts Or Pages Which Are Password Protected', 'aiowpsecurity')?>:</th>
|
737 |
-
<td>
|
738 |
-
<input name="aiowps_brute_force_attack_prevention_pw_protected_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
|
739 |
-
<span class="description"><?php _e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'aiowpsecurity'); ?></span>
|
740 |
-
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
741 |
-
<div class="aiowps_more_info_body">
|
742 |
-
<p class="description">
|
743 |
-
<?php
|
744 |
-
_e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added to your .htacces file so that people trying to access pages are not automatically blocked.', 'aiowpsecurity');
|
745 |
-
echo '<br />';
|
746 |
-
_e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that people trying to access these pages are not automatically blocked.', 'aiowpsecurity');
|
747 |
-
echo '<br />';
|
748 |
-
echo "<strong>".__('Helpful Tip:', 'aiowpsecurity')."</strong>";
|
749 |
-
echo '<br />';
|
750 |
-
_e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'aiowpsecurity');
|
751 |
-
?>
|
752 |
-
</p>
|
753 |
-
</div>
|
754 |
-
</td>
|
755 |
-
</tr>
|
756 |
-
<tr valign="top">
|
757 |
-
<th scope="row"><?php _e('My Site Has a Theme or Plugins Which Use AJAX', 'aiowpsecurity')?>:</th>
|
758 |
-
<td>
|
759 |
-
<input name="aiowps_brute_force_attack_prevention_ajax_exception" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')=='1') echo ' checked="checked"'; ?> value="1"/>
|
760 |
-
<span class="description"><?php _e('Check this if your site uses AJAX functionality.', 'aiowpsecurity'); ?></span>
|
761 |
-
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
762 |
-
<div class="aiowps_more_info_body">
|
763 |
-
<p class="description">
|
764 |
-
<?php
|
765 |
-
_e('In the cases where your WordPress installation has a theme or plugins which use AJAX, a few extra lines of directives and exceptions need to be added to your .htacces file to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'aiowpsecurity');
|
766 |
-
echo '<br />';
|
767 |
-
_e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that AJAX operations will work as expected.', 'aiowpsecurity');
|
768 |
-
?>
|
769 |
-
</p>
|
770 |
-
</div>
|
771 |
-
</td>
|
772 |
-
</tr>
|
773 |
-
</table>
|
774 |
-
<?php
|
775 |
-
$cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
|
776 |
-
$bfla_feature_enabled = $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
|
777 |
-
if($cookie_test_value == '1' || $bfla_feature_enabled == '1')//If the cookie test is successful or if the feature is already enabled then go ahead as normal
|
778 |
-
{
|
779 |
-
if (isset($_REQUEST['aiowps_cookie_test']))
|
780 |
-
{//Cookie test was just performed and the test succeded
|
781 |
-
echo '<div class="aio_green_box"><p>';
|
782 |
-
_e('The cookie test was successful. You can now enable this feature.', 'aiowpsecurity');
|
783 |
-
echo '</p></div>';
|
784 |
-
}
|
785 |
-
echo '<input type="submit" name="aiowps_apply_cookie_based_bruteforce_firewall" value="'.__('Save Feature Settings', 'aiowpsecurity').'" class="button-primary" />';
|
786 |
-
}
|
787 |
-
else
|
788 |
-
{
|
789 |
-
//Cookie test needs to be performed
|
790 |
-
if(isset($_REQUEST['aiowps_cookie_test']) && $cookie_test_value != '1'){//Test failed
|
791 |
-
echo '<div class="aio_red_box"><p>';
|
792 |
-
_e('The cookie test failed on this server. So this feature cannot be used on this site.', 'aiowpsecurity');
|
793 |
-
echo '</p></div>';
|
794 |
-
}
|
795 |
-
|
796 |
-
//TODO - pretty up the message
|
797 |
-
echo '<div class="aio_yellow_box"><p>';
|
798 |
-
_e("Before using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won't lock yourself out.", 'aiowpsecurity');
|
799 |
-
echo '</p></div>';
|
800 |
-
echo '<input type="submit" name="aiowps_do_cookie_test_for_bfla" value="'.__('Perform Cookie Test', 'aiowpsecurity').'" class="button-primary" />';
|
801 |
-
}
|
802 |
-
?>
|
803 |
-
</form>
|
804 |
-
</div></div>
|
805 |
-
<?php
|
806 |
-
}
|
807 |
|
808 |
} //end class
|
11 |
'tab1' => 'render_tab1',
|
12 |
'tab2' => 'render_tab2',
|
13 |
'tab3' => 'render_tab3',
|
|
|
14 |
);
|
15 |
|
16 |
function __construct()
|
24 |
'tab1' => __('Basic Firewall Rules', 'aiowpsecurity'),
|
25 |
'tab2' => __('Additional Firewall Rules', 'aiowpsecurity'),
|
26 |
'tab3' => __('5G Blacklist Firewall Rules', 'aiowpsecurity'),
|
|
|
27 |
);
|
28 |
}
|
29 |
|
542 |
</div></div>
|
543 |
<?php
|
544 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
545 |
|
546 |
} //end class
|
admin/wp-security-settings-menu.php
CHANGED
@@ -194,7 +194,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
|
|
194 |
die("Nonce check failed on htaccess file save!");
|
195 |
}
|
196 |
$htaccess_path = ABSPATH . '.htaccess';
|
197 |
-
$result = AIOWPSecurity_Utility_File::
|
198 |
|
199 |
if ($result)
|
200 |
{
|
194 |
die("Nonce check failed on htaccess file save!");
|
195 |
}
|
196 |
$htaccess_path = ABSPATH . '.htaccess';
|
197 |
+
$result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($htaccess_path); //Backup the htaccess file
|
198 |
|
199 |
if ($result)
|
200 |
{
|
admin/wp-security-user-login-menu.php
CHANGED
@@ -12,8 +12,6 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
12 |
'tab3' => 'render_tab3',
|
13 |
'tab4' => 'render_tab4',
|
14 |
'tab5' => 'render_tab5',
|
15 |
-
'tab6' => 'render_tab6',
|
16 |
-
'tab7' => 'render_tab7',
|
17 |
);
|
18 |
|
19 |
function __construct()
|
@@ -25,12 +23,10 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
25 |
{
|
26 |
$this->menu_tabs = array(
|
27 |
'tab1' => __('Login Lockdown', 'aiowpsecurity'),
|
28 |
-
'tab2' => __('Login
|
29 |
-
'tab3' => __('
|
30 |
-
'tab4' => __('
|
31 |
-
'tab5' => __('
|
32 |
-
'tab6' => __('Account Activity Logs', 'aiowpsecurity'),
|
33 |
-
'tab7' => __('Logged In Users', 'aiowpsecurity'),
|
34 |
);
|
35 |
}
|
36 |
|
@@ -163,7 +159,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
163 |
<h2><?php _e('Login Lockdown Configuration', 'aiowpsecurity')?></h2>
|
164 |
<div class="aio_blue_box">
|
165 |
<?php
|
166 |
-
$brute_force_login_feature_link = '<a href="admin.php?page='.
|
167 |
echo '<p>'.__('One of the ways hackers try to compromise sites is via a ', 'aiowpsecurity').'<strong>'.__('Brute Force Login Attack', 'aiowpsecurity').'</strong>.
|
168 |
<br />'.__('This is where attackers use repeated login attempts until they guess the password.', 'aiowpsecurity').'
|
169 |
<br />'.__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'aiowpsecurity').
|
@@ -268,223 +264,6 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
268 |
}
|
269 |
|
270 |
function render_tab2()
|
271 |
-
{
|
272 |
-
global $aio_wp_security;
|
273 |
-
global $aiowps_feature_mgr;
|
274 |
-
|
275 |
-
if(isset($_POST['aiowpsec_save_captcha_settings']))//Do form submission tasks
|
276 |
-
{
|
277 |
-
$error = '';
|
278 |
-
$nonce=$_REQUEST['_wpnonce'];
|
279 |
-
if (!wp_verify_nonce($nonce, 'aiowpsec-captcha-settings-nonce'))
|
280 |
-
{
|
281 |
-
$aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!",4);
|
282 |
-
die("Nonce check failed on captcha settings save!");
|
283 |
-
}
|
284 |
-
|
285 |
-
|
286 |
-
//Save all the form values to the options
|
287 |
-
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
|
288 |
-
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
|
289 |
-
$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
|
290 |
-
$aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
|
291 |
-
$aio_wp_security->configs->save_config();
|
292 |
-
|
293 |
-
//Recalculate points after the feature status/options have been altered
|
294 |
-
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
|
295 |
-
|
296 |
-
$this->show_msg_settings_updated();
|
297 |
-
}
|
298 |
-
?>
|
299 |
-
<div class="aio_blue_box">
|
300 |
-
<?php
|
301 |
-
echo '<p>'.__('This feature allows you to add a captcha form on the WordPress login page.', 'aiowpsecurity').'
|
302 |
-
<br />'.__('Users who attempt to login will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them login even if they entered the correct username and password.', 'aiowpsecurity').'
|
303 |
-
<br />'.__('Therefore, adding a captcha form on the login page is another effective yet simple "Brute Force" prevention technique.', 'aiowpsecurity').'
|
304 |
-
</p>';
|
305 |
-
?>
|
306 |
-
</div>
|
307 |
-
<form action="" method="POST">
|
308 |
-
<div class="postbox">
|
309 |
-
<h3><label for="title"><?php _e('Login Form Captcha Settings', 'aiowpsecurity'); ?></label></h3>
|
310 |
-
<div class="inside">
|
311 |
-
<?php
|
312 |
-
//Display security info badge
|
313 |
-
global $aiowps_feature_mgr;
|
314 |
-
$aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
|
315 |
-
?>
|
316 |
-
|
317 |
-
<?php wp_nonce_field('aiowpsec-captcha-settings-nonce'); ?>
|
318 |
-
<table class="form-table">
|
319 |
-
<tr valign="top">
|
320 |
-
<th scope="row"><?php _e('Enable Captcha On Login Page', 'aiowpsecurity')?>:</th>
|
321 |
-
<td>
|
322 |
-
<input name="aiowps_enable_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
|
323 |
-
<span class="description"><?php _e('Check this if you want to insert a captcha form on the login page', 'aiowpsecurity'); ?></span>
|
324 |
-
</td>
|
325 |
-
</tr>
|
326 |
-
</table>
|
327 |
-
</div></div>
|
328 |
-
<div class="postbox">
|
329 |
-
<h3><label for="title"><?php _e('Lost Password Form Captcha Settings', 'aiowpsecurity'); ?></label></h3>
|
330 |
-
<div class="inside">
|
331 |
-
<?php
|
332 |
-
//Display security info badge
|
333 |
-
global $aiowps_feature_mgr;
|
334 |
-
$aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
|
335 |
-
?>
|
336 |
-
|
337 |
-
<table class="form-table">
|
338 |
-
<tr valign="top">
|
339 |
-
<th scope="row"><?php _e('Enable Captcha On Lost Password Page', 'aiowpsecurity')?>:</th>
|
340 |
-
<td>
|
341 |
-
<input name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
|
342 |
-
<span class="description"><?php _e('Check this if you want to insert a captcha form on the lost password page', 'aiowpsecurity'); ?></span>
|
343 |
-
</td>
|
344 |
-
</tr>
|
345 |
-
</table>
|
346 |
-
</div></div>
|
347 |
-
<input type="submit" name="aiowpsec_save_captcha_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
|
348 |
-
</form>
|
349 |
-
<?php
|
350 |
-
}
|
351 |
-
|
352 |
-
function render_tab3()
|
353 |
-
{
|
354 |
-
global $aio_wp_security;
|
355 |
-
global $aiowps_feature_mgr;
|
356 |
-
$result = 1;
|
357 |
-
$your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
|
358 |
-
if (isset($_POST['aiowps_save_whitelist_settings']))
|
359 |
-
{
|
360 |
-
$nonce=$_REQUEST['_wpnonce'];
|
361 |
-
if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce'))
|
362 |
-
{
|
363 |
-
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings!",4);
|
364 |
-
die(__('Nonce check failed for save whitelist settings!','aiowpsecurity'));
|
365 |
-
}
|
366 |
-
|
367 |
-
if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses']))
|
368 |
-
{
|
369 |
-
$this->show_msg_error('You must submit at least one IP address!','aiowpsecurity');
|
370 |
-
}
|
371 |
-
else
|
372 |
-
{
|
373 |
-
if (!empty($_POST['aiowps_allowed_ip_addresses']))
|
374 |
-
{
|
375 |
-
$ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
|
376 |
-
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
|
377 |
-
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
|
378 |
-
if($payload[0] == 1){
|
379 |
-
//success case
|
380 |
-
$result = 1;
|
381 |
-
$list = $payload[1];
|
382 |
-
$banned_ip_data = implode(PHP_EOL, $list);
|
383 |
-
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$banned_ip_data);
|
384 |
-
$_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
|
385 |
-
}
|
386 |
-
else{
|
387 |
-
$result = -1;
|
388 |
-
$error_msg = $payload[1][0];
|
389 |
-
$this->show_msg_error($error_msg);
|
390 |
-
}
|
391 |
-
|
392 |
-
}
|
393 |
-
else
|
394 |
-
{
|
395 |
-
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',''); //Clear the IP address config value
|
396 |
-
}
|
397 |
-
|
398 |
-
if ($result == 1)
|
399 |
-
{
|
400 |
-
$aio_wp_security->configs->set_value('aiowps_enable_whitelisting',isset($_POST["aiowps_enable_whitelisting"])?'1':'');
|
401 |
-
$aio_wp_security->configs->save_config(); //Save the configuration
|
402 |
-
|
403 |
-
//Recalculate points after the feature status/options have been altered
|
404 |
-
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
|
405 |
-
|
406 |
-
$this->show_msg_settings_updated();
|
407 |
-
|
408 |
-
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
|
409 |
-
if ($write_result == -1)
|
410 |
-
{
|
411 |
-
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','aiowpsecurity'));
|
412 |
-
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
|
413 |
-
}
|
414 |
-
}
|
415 |
-
}
|
416 |
-
}
|
417 |
-
?>
|
418 |
-
<h2><?php _e('Login Whitelist', 'aiowpsecurity')?></h2>
|
419 |
-
<div class="aio_blue_box">
|
420 |
-
<?php
|
421 |
-
echo '<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'aiowpsecurity').'
|
422 |
-
<br />'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'aiowpsecurity').'
|
423 |
-
<br />'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'aiowpsecurity').'
|
424 |
-
<br />'.__('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'aiowpsecurity').'
|
425 |
-
</p>';
|
426 |
-
?>
|
427 |
-
</div>
|
428 |
-
<div class="aio_yellow_box">
|
429 |
-
<?php
|
430 |
-
$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
|
431 |
-
echo '<p>'.sprintf( __('Attention: If in addition to enabling the white list feature, you also have the %s feature enabled, <strong>you will still need to use your secret word in the URL when trying to access your WordPress login page</strong>.', 'aiowpsecurity'), $brute_force_login_feature_link).'</p>
|
432 |
-
<p>'.__('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'aiowpsecurity').'</p>';
|
433 |
-
?>
|
434 |
-
</div>
|
435 |
-
|
436 |
-
<div class="postbox">
|
437 |
-
<h3><label for="title"><?php _e('Login IP Whitelist Settings', 'aiowpsecurity'); ?></label></h3>
|
438 |
-
<div class="inside">
|
439 |
-
<?php
|
440 |
-
//Display security info badge
|
441 |
-
global $aiowps_feature_mgr;
|
442 |
-
$aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
|
443 |
-
?>
|
444 |
-
<form action="" method="POST">
|
445 |
-
<?php wp_nonce_field('aiowpsec-whitelist-settings-nonce'); ?>
|
446 |
-
<table class="form-table">
|
447 |
-
<tr valign="top">
|
448 |
-
<th scope="row"><?php _e('Enable IP Whitelisting', 'aiowpsecurity')?>:</th>
|
449 |
-
<td>
|
450 |
-
<input name="aiowps_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
|
451 |
-
<span class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'aiowpsecurity'); ?></span>
|
452 |
-
</td>
|
453 |
-
</tr>
|
454 |
-
<tr valign="top">
|
455 |
-
<th scope="row"><?php _e('Your Current IP Address', 'aiowpsecurity')?>:</th>
|
456 |
-
<td>
|
457 |
-
<input size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
|
458 |
-
<span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'aiowpsecurity'); ?></span>
|
459 |
-
</td>
|
460 |
-
</tr>
|
461 |
-
<tr valign="top">
|
462 |
-
<th scope="row"><?php _e('Enter Whitelisted IP Addresses:', 'aiowpsecurity')?></th>
|
463 |
-
<td>
|
464 |
-
<textarea name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?$_POST['aiowps_allowed_ip_addresses']:$aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'); ?></textarea>
|
465 |
-
<br />
|
466 |
-
<span class="description"><?php _e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.','aiowpsecurity');?></span>
|
467 |
-
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'aiowpsecurity'); ?></span></span>
|
468 |
-
<div class="aiowps_more_info_body">
|
469 |
-
<?php
|
470 |
-
echo '<p class="description">'.__('Each IP address must be on a new line.', 'aiowpsecurity').'</p>';
|
471 |
-
echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'aiowpsecurity').'</p>';
|
472 |
-
echo '<p class="description">'.__('Example 1: 195.47.89.*', 'aiowpsecurity').'</p>';
|
473 |
-
echo '<p class="description">'.__('Example 2: 195.47.*.*', 'aiowpsecurity').'</p>';
|
474 |
-
echo '<p class="description">'.__('Example 3: 195.*.*.*', 'aiowpsecurity').'</p>';
|
475 |
-
?>
|
476 |
-
</div>
|
477 |
-
|
478 |
-
</td>
|
479 |
-
</tr>
|
480 |
-
</table>
|
481 |
-
<input type="submit" name="aiowps_save_whitelist_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
|
482 |
-
</form>
|
483 |
-
</div></div>
|
484 |
-
<?php
|
485 |
-
}
|
486 |
-
|
487 |
-
function render_tab4()
|
488 |
{
|
489 |
global $aio_wp_security, $wpdb;
|
490 |
if (isset($_POST['aiowps_delete_failed_login_records']))
|
@@ -559,7 +338,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
559 |
<?php
|
560 |
}
|
561 |
|
562 |
-
function
|
563 |
{
|
564 |
global $aio_wp_security;
|
565 |
global $aiowps_feature_mgr;
|
@@ -642,7 +421,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
642 |
<?php
|
643 |
}
|
644 |
|
645 |
-
function
|
646 |
{
|
647 |
include_once 'wp-security-list-acct-activity.php'; //For rendering the AIOWPSecurity_List_Table in tab4
|
648 |
$acct_activity_list = new AIOWPSecurity_List_Account_Activity(); //For rendering the AIOWPSecurity_List_Table in tab2
|
@@ -679,7 +458,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
|
|
679 |
<?php
|
680 |
}
|
681 |
|
682 |
-
function
|
683 |
{
|
684 |
$logged_in_users = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online'));
|
685 |
|
12 |
'tab3' => 'render_tab3',
|
13 |
'tab4' => 'render_tab4',
|
14 |
'tab5' => 'render_tab5',
|
|
|
|
|
15 |
);
|
16 |
|
17 |
function __construct()
|
23 |
{
|
24 |
$this->menu_tabs = array(
|
25 |
'tab1' => __('Login Lockdown', 'aiowpsecurity'),
|
26 |
+
'tab2' => __('Failed Login Records', 'aiowpsecurity'),
|
27 |
+
'tab3' => __('Force Logout', 'aiowpsecurity'),
|
28 |
+
'tab4' => __('Account Activity Logs', 'aiowpsecurity'),
|
29 |
+
'tab5' => __('Logged In Users', 'aiowpsecurity'),
|
|
|
|
|
30 |
);
|
31 |
}
|
32 |
|
159 |
<h2><?php _e('Login Lockdown Configuration', 'aiowpsecurity')?></h2>
|
160 |
<div class="aio_blue_box">
|
161 |
<?php
|
162 |
+
$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2">Cookie-Based Brute Force Login Prevention</a>';
|
163 |
echo '<p>'.__('One of the ways hackers try to compromise sites is via a ', 'aiowpsecurity').'<strong>'.__('Brute Force Login Attack', 'aiowpsecurity').'</strong>.
|
164 |
<br />'.__('This is where attackers use repeated login attempts until they guess the password.', 'aiowpsecurity').'
|
165 |
<br />'.__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'aiowpsecurity').
|
264 |
}
|
265 |
|
266 |
function render_tab2()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
267 |
{
|
268 |
global $aio_wp_security, $wpdb;
|
269 |
if (isset($_POST['aiowps_delete_failed_login_records']))
|
338 |
<?php
|
339 |
}
|
340 |
|
341 |
+
function render_tab3()
|
342 |
{
|
343 |
global $aio_wp_security;
|
344 |
global $aiowps_feature_mgr;
|
421 |
<?php
|
422 |
}
|
423 |
|
424 |
+
function render_tab4()
|
425 |
{
|
426 |
include_once 'wp-security-list-acct-activity.php'; //For rendering the AIOWPSecurity_List_Table in tab4
|
427 |
$acct_activity_list = new AIOWPSecurity_List_Account_Activity(); //For rendering the AIOWPSecurity_List_Table in tab2
|
458 |
<?php
|
459 |
}
|
460 |
|
461 |
+
function render_tab5()
|
462 |
{
|
463 |
$logged_in_users = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('users_online') : get_transient('users_online'));
|
464 |
|
classes/wp-security-file-scan.php
CHANGED
@@ -28,6 +28,10 @@ class AIOWPSecurity_Filescan
|
|
28 |
$aio_wp_security->debug_logger->log_debug("File Change Detection Feature: change to filesystem detected!");
|
29 |
|
30 |
$this->aiowps_send_file_change_alert_email(); //Send file change scan results via email if applicable
|
|
|
|
|
|
|
|
|
31 |
}
|
32 |
return $scan_result;
|
33 |
}
|
28 |
$aio_wp_security->debug_logger->log_debug("File Change Detection Feature: change to filesystem detected!");
|
29 |
|
30 |
$this->aiowps_send_file_change_alert_email(); //Send file change scan results via email if applicable
|
31 |
+
}else if(empty($scan_result['files_added']) && empty($scan_result['files_removed']) && empty($scan_result['files_changed'])){
|
32 |
+
//Reset the change flag
|
33 |
+
$aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
|
34 |
+
$aio_wp_security->configs->save_config();
|
35 |
}
|
36 |
return $scan_result;
|
37 |
}
|
classes/wp-security-process-renamed-login-page.php
CHANGED
@@ -9,6 +9,7 @@ class AIOWPSecurity_Process_Renamed_Login_Page
|
|
9 |
add_filter('site_url', array(&$this, 'aiowps_site_url'), 10, 2);
|
10 |
add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
|
11 |
add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);
|
|
|
12 |
|
13 |
}
|
14 |
|
9 |
add_filter('site_url', array(&$this, 'aiowps_site_url'), 10, 2);
|
10 |
add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
|
11 |
add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);
|
12 |
+
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL
|
13 |
|
14 |
}
|
15 |
|
classes/wp-security-user-login.php
CHANGED
@@ -382,10 +382,19 @@ class AIOWPSecurity_User_Login
|
|
382 |
return $last_login;
|
383 |
}
|
384 |
|
385 |
-
function wp_login_action_handler($user_login, $user)
|
386 |
{
|
387 |
global $wpdb, $aio_wp_security;
|
388 |
$login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
389 |
$login_date_time = current_time('mysql');
|
390 |
update_user_meta($user->ID, 'last_login_time', $login_date_time); //store last login time in meta table
|
391 |
$curr_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
|
382 |
return $last_login;
|
383 |
}
|
384 |
|
385 |
+
function wp_login_action_handler($user_login, $user='')
|
386 |
{
|
387 |
global $wpdb, $aio_wp_security;
|
388 |
$login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
|
389 |
+
|
390 |
+
if ($user == ''){
|
391 |
+
//Try and get user object
|
392 |
+
$user = get_user_by('login', $user_login); //This should return WP_User obj
|
393 |
+
if (!$user){
|
394 |
+
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_User_Login::wp_login_action_handler: Unable to get WP_User object for login ".$user_login,4);
|
395 |
+
return;
|
396 |
+
}
|
397 |
+
}
|
398 |
$login_date_time = current_time('mysql');
|
399 |
update_user_meta($user->ID, 'last_login_time', $login_date_time); //store last login time in meta table
|
400 |
$curr_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
|
classes/wp-security-utility-file.php
CHANGED
@@ -52,7 +52,53 @@ class AIOWPSecurity_Utility_File
|
|
52 |
}
|
53 |
return true;
|
54 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
55 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
56 |
//Function which reads entire contents of a file and stores serialized contents into our global_meta table
|
57 |
static function backup_file_contents_to_db($src_file_path, $key_description)
|
58 |
{
|
52 |
}
|
53 |
return true;
|
54 |
}
|
55 |
+
|
56 |
+
static function backup_and_rename_wp_config($src_file_path, $prefix = 'backup')
|
57 |
+
{
|
58 |
+
global $aio_wp_security;
|
59 |
+
|
60 |
+
//Check to see if the main "backups" directory exists - create it otherwise
|
61 |
+
$aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
|
62 |
+
if (!AIOWPSecurity_Utility_File::create_dir($aiowps_backup_dir))
|
63 |
+
{
|
64 |
+
$aio_wp_security->debug_logger->log_debug("backup_and_rename_wp_config - Creation of backup directory failed!",4);
|
65 |
+
return false;
|
66 |
+
}
|
67 |
+
|
68 |
+
$src_parts = pathinfo($src_file_path);
|
69 |
+
$backup_file_name = $prefix . '.' . $src_parts['basename'];
|
70 |
+
|
71 |
+
$backup_file_path = $aiowps_backup_dir . '/' . $backup_file_name;
|
72 |
+
if (!copy($src_file_path, $backup_file_path)) {
|
73 |
+
//Failed to make a backup copy
|
74 |
+
return false;
|
75 |
+
}
|
76 |
+
return true;
|
77 |
+
}
|
78 |
|
79 |
+
static function backup_and_rename_htaccess($src_file_path, $suffix = 'backup')
|
80 |
+
{
|
81 |
+
global $aio_wp_security;
|
82 |
+
|
83 |
+
//Check to see if the main "backups" directory exists - create it otherwise
|
84 |
+
$aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
|
85 |
+
if (!AIOWPSecurity_Utility_File::create_dir($aiowps_backup_dir))
|
86 |
+
{
|
87 |
+
$aio_wp_security->debug_logger->log_debug("backup_and_rename_htaccess - Creation of backup directory failed!",4);
|
88 |
+
return false;
|
89 |
+
}
|
90 |
+
|
91 |
+
$src_parts = pathinfo($src_file_path);
|
92 |
+
$backup_file_name = $src_parts['basename'] . '.' . $suffix;
|
93 |
+
|
94 |
+
$backup_file_path = $aiowps_backup_dir . '/' . $backup_file_name;
|
95 |
+
if (!copy($src_file_path, $backup_file_path)) {
|
96 |
+
//Failed to make a backup copy
|
97 |
+
return false;
|
98 |
+
}
|
99 |
+
return true;
|
100 |
+
}
|
101 |
+
|
102 |
//Function which reads entire contents of a file and stores serialized contents into our global_meta table
|
103 |
static function backup_file_contents_to_db($src_file_path, $key_description)
|
104 |
{
|
classes/wp-security-utility-htaccess.php
CHANGED
@@ -112,7 +112,7 @@ class AIOWPSecurity_Utility_Htaccess
|
|
112 |
return -1;
|
113 |
}
|
114 |
}
|
115 |
-
AIOWPSecurity_Utility_File::
|
116 |
@ini_set( 'auto_detect_line_endings', true );
|
117 |
$ht = explode( PHP_EOL, implode( '', file( $htaccess ) ) ); //parse each line of file into array
|
118 |
|
@@ -245,18 +245,18 @@ class AIOWPSecurity_Utility_Htaccess
|
|
245 |
if($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access')=='1')
|
246 |
{
|
247 |
$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_start . PHP_EOL; //Add feature marker start
|
248 |
-
$rules .= '<
|
249 |
order allow,deny
|
250 |
deny from all
|
251 |
</files>
|
252 |
-
<
|
253 |
order allow,deny
|
254 |
deny from all
|
255 |
-
</
|
256 |
-
<
|
257 |
order allow,deny
|
258 |
deny from all
|
259 |
-
</
|
260 |
$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_end . PHP_EOL; //Add feature marker end
|
261 |
}
|
262 |
|
@@ -409,10 +409,10 @@ class AIOWPSecurity_Utility_Htaccess
|
|
409 |
{
|
410 |
$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
|
411 |
//protect the htaccess file - this is done by default with apache config file but we are including it here for good measure
|
412 |
-
$rules .= '<
|
413 |
$rules .= 'order allow,deny' . PHP_EOL;
|
414 |
$rules .= 'deny from all' . PHP_EOL;
|
415 |
-
$rules .= '</
|
416 |
|
417 |
//disable the server signature
|
418 |
$rules .= 'ServerSignature Off' . PHP_EOL;
|
@@ -421,10 +421,10 @@ class AIOWPSecurity_Utility_Htaccess
|
|
421 |
$rules .= 'LimitRequestBody 10240000' . PHP_EOL;
|
422 |
|
423 |
// protect wpconfig.php.
|
424 |
-
$rules .= '<
|
425 |
$rules .= 'order allow,deny' . PHP_EOL;
|
426 |
$rules .= 'deny from all' . PHP_EOL;
|
427 |
-
$rules .= '</
|
428 |
|
429 |
$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
|
430 |
}
|
@@ -838,15 +838,7 @@ class AIOWPSecurity_Utility_Htaccess
|
|
838 |
<ifModule mod_rewrite.c>
|
839 |
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
840 |
RewriteRule .* - [F]
|
841 |
-
</IfModule>
|
842 |
-
|
843 |
-
# 5G:[BAD IPS]
|
844 |
-
<limit GET POST PUT>
|
845 |
-
Order Allow,Deny
|
846 |
-
Allow from all
|
847 |
-
# uncomment/edit/repeat next line to block IPs
|
848 |
-
# Deny from 123.456.789
|
849 |
-
</limit>' . PHP_EOL;
|
850 |
$rules .= AIOWPSecurity_Utility_Htaccess::$five_g_blacklist_marker_end . PHP_EOL; //Add feature marker end
|
851 |
}
|
852 |
|
112 |
return -1;
|
113 |
}
|
114 |
}
|
115 |
+
AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess); //TODO - we dont want to continually be backing up the htaccess file
|
116 |
@ini_set( 'auto_detect_line_endings', true );
|
117 |
$ht = explode( PHP_EOL, implode( '', file( $htaccess ) ) ); //parse each line of file into array
|
118 |
|
245 |
if($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access')=='1')
|
246 |
{
|
247 |
$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_start . PHP_EOL; //Add feature marker start
|
248 |
+
$rules .= '<Files license.txt>
|
249 |
order allow,deny
|
250 |
deny from all
|
251 |
</files>
|
252 |
+
<Files wp-config-sample.php>
|
253 |
order allow,deny
|
254 |
deny from all
|
255 |
+
</Files>
|
256 |
+
<Files readme.html>
|
257 |
order allow,deny
|
258 |
deny from all
|
259 |
+
</Files>' . PHP_EOL;
|
260 |
$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_end . PHP_EOL; //Add feature marker end
|
261 |
}
|
262 |
|
409 |
{
|
410 |
$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
|
411 |
//protect the htaccess file - this is done by default with apache config file but we are including it here for good measure
|
412 |
+
$rules .= '<Files .htaccess>' . PHP_EOL;
|
413 |
$rules .= 'order allow,deny' . PHP_EOL;
|
414 |
$rules .= 'deny from all' . PHP_EOL;
|
415 |
+
$rules .= '</Files>' . PHP_EOL;
|
416 |
|
417 |
//disable the server signature
|
418 |
$rules .= 'ServerSignature Off' . PHP_EOL;
|
421 |
$rules .= 'LimitRequestBody 10240000' . PHP_EOL;
|
422 |
|
423 |
// protect wpconfig.php.
|
424 |
+
$rules .= '<Files wp-config.php>' . PHP_EOL;
|
425 |
$rules .= 'order allow,deny' . PHP_EOL;
|
426 |
$rules .= 'deny from all' . PHP_EOL;
|
427 |
+
$rules .= '</Files>' . PHP_EOL;
|
428 |
|
429 |
$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
|
430 |
}
|
838 |
<ifModule mod_rewrite.c>
|
839 |
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
840 |
RewriteRule .* - [F]
|
841 |
+
</IfModule>' . PHP_EOL;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
842 |
$rules .= AIOWPSecurity_Utility_Htaccess::$five_g_blacklist_marker_end . PHP_EOL; //Add feature marker end
|
843 |
}
|
844 |
|
classes/wp-security-utility.php
CHANGED
@@ -201,7 +201,7 @@ class AIOWPSecurity_Utility
|
|
201 |
}
|
202 |
|
203 |
//Make a backup of the config file
|
204 |
-
if(!AIOWPSecurity_Utility_File::
|
205 |
{
|
206 |
$this->show_msg_error(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity'));
|
207 |
//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
|
201 |
}
|
202 |
|
203 |
//Make a backup of the config file
|
204 |
+
if(!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file))
|
205 |
{
|
206 |
$this->show_msg_error(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'aiowpsecurity'));
|
207 |
//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
|
other-includes/wp-security-rename-login-feature.php
CHANGED
@@ -902,7 +902,7 @@ d.select();
|
|
902 |
}, 200);
|
903 |
}
|
904 |
|
905 |
-
<?php if ( !$
|
906 |
wp_attempt_focus();
|
907 |
<?php } ?>
|
908 |
if(typeof wpOnload=='function')wpOnload();
|
902 |
}, 200);
|
903 |
}
|
904 |
|
905 |
+
<?php if ( !$errors ) { ?>
|
906 |
wp_attempt_focus();
|
907 |
<?php } ?>
|
908 |
if(typeof wpOnload=='function')wpOnload();
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.tipsandtricks-hq.com
|
|
4 |
Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha
|
5 |
Requires at least: 3.5
|
6 |
Tested up to: 3.8
|
7 |
-
Stable tag: 3.
|
8 |
License: GPLv3
|
9 |
|
10 |
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
|
@@ -39,9 +39,7 @@ you are making it 50% easier for hackers because they already know the login nam
|
|
39 |
via email whenever somebody gets locked out due to too many login attempts.
|
40 |
|
41 |
* As the administrator you can view a list of all locked out users which are displayed in an easily readable and navigable table which also allows you to unlock individual or bulk IP addresses at the click of a button.
|
42 |
-
|
43 |
* Force logout of all users after a configurable time period
|
44 |
-
|
45 |
* Monitor/View failed login attempts which show the user's IP address, User ID/Username and Date/Time of the failed login attempt
|
46 |
|
47 |
* Monitor/View the account activity of all user accounts on your system by keeping track of the username, IP address, login date/time, and logout date/time.
|
@@ -148,6 +146,13 @@ None
|
|
148 |
|
149 |
== Changelog ==
|
150 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
151 |
= 3.3 =
|
152 |
- Added a brand new brute force prevention feature - Rename Login Page. This feature can be found in the new menu item called "Brute Force".
|
153 |
- Modified the new unlock request feature so that the locked out user will only have to enter email address when they submit an unlock request.
|
4 |
Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha
|
5 |
Requires at least: 3.5
|
6 |
Tested up to: 3.8
|
7 |
+
Stable tag: 3.4
|
8 |
License: GPLv3
|
9 |
|
10 |
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
|
39 |
via email whenever somebody gets locked out due to too many login attempts.
|
40 |
|
41 |
* As the administrator you can view a list of all locked out users which are displayed in an easily readable and navigable table which also allows you to unlock individual or bulk IP addresses at the click of a button.
|
|
|
42 |
* Force logout of all users after a configurable time period
|
|
|
43 |
* Monitor/View failed login attempts which show the user's IP address, User ID/Username and Date/Time of the failed login attempt
|
44 |
|
45 |
* Monitor/View the account activity of all user accounts on your system by keeping track of the username, IP address, login date/time, and logout date/time.
|
146 |
|
147 |
== Changelog ==
|
148 |
|
149 |
+
= 3.4 =
|
150 |
+
- Consolidated "Brute Force" features by moving all such features to the "Brute Force" menu.
|
151 |
+
- Improved the file change detection scan feature: Introduced a button allowing admin to view the file change results from the last scan and fixed small bug whereby the change detected flag was not being cleared for applicable cases.
|
152 |
+
- Fixed a small bug with "rename login page" feature.
|
153 |
+
- Made wp-config.php and .htaccess file backups more secure. Thanks to @wzp for the tip.
|
154 |
+
- Made the login code more robust by catering for cases where the "wp_login" action was not passing 2 parameters.
|
155 |
+
|
156 |
= 3.3 =
|
157 |
- Added a brand new brute force prevention feature - Rename Login Page. This feature can be found in the new menu item called "Brute Force".
|
158 |
- Modified the new unlock request feature so that the locked out user will only have to enter email address when they submit an unlock request.
|
wp-security-core.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
if (!class_exists('AIO_WP_Security')){
|
4 |
|
5 |
class AIO_WP_Security{
|
6 |
-
var $version = '3.
|
7 |
var $db_version = '1.4';
|
8 |
var $plugin_url;
|
9 |
var $plugin_path;
|
3 |
if (!class_exists('AIO_WP_Security')){
|
4 |
|
5 |
class AIO_WP_Security{
|
6 |
+
var $version = '3.4';
|
7 |
var $db_version = '1.4';
|
8 |
var $plugin_url;
|
9 |
var $plugin_path;
|
wp-security.php
CHANGED
@@ -1,7 +1,7 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: All In One WP Security
|
4 |
-
Version: v3.
|
5 |
Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
6 |
Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
|
7 |
Author URI: http://www.tipsandtricks-hq.com/
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: All In One WP Security
|
4 |
+
Version: v3.4
|
5 |
Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
6 |
Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
|
7 |
Author URI: http://www.tipsandtricks-hq.com/
|