All In One WP Security & Firewall - Version 3.7.6

Version Description

  • Added ability to insert captcha in WordPress Multi Site registration form.
  • Added a condition around the management permission constant. This will allow users to define a custom capability for this plugin's admin side via the wp-config file. This was submitted by Samuel Aguilera.
  • Fixed a bug with the hidden login page feature.
  • Fixed a small settings bug with the "block fake google bot" feature.
Download this release

Release Info

Developer mra13
Plugin Icon 128x128 All In One WP Security & Firewall
Version 3.7.6
Comparing to
See all releases

Code changes from version 3.7.5 to 3.7.6

Files changed (6) hide show
  1. admin/wp-security-user-registration-menu.php +29 -17
  2. classes/wp-security-general-init-tasks.php +43 -4
  3. classes/wp-security-process-renamed-login-page.php +8 -1
  4. readme.txt +8 -2
  5. wp-security-core.php +4 -2
  6. wp-security.php +1 -1
admin/wp-security-user-registration-menu.php CHANGED
@@ -202,26 +202,38 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
202
  <h3><label for="title"><?php _e('Registration Page Captcha Settings', 'aiowpsecurity'); ?></label></h3>
203
  <div class="inside">
204
  <?php
205
- //Display security info badge
206
- global $aiowps_feature_mgr;
207
- $aiowps_feature_mgr->output_feature_details_badge("user-registration-captcha");
208
- ?>
 
 
 
 
 
 
 
 
 
 
 
209
 
210
- <form action="" method="POST">
211
  <?php wp_nonce_field('aiowpsec-registration-captcha-settings-nonce'); ?>
212
- <table class="form-table">
213
- <tr valign="top">
214
- <th scope="row"><?php _e('Enable Captcha On Registration Page', 'aiowpsecurity')?>:</th>
215
- <td>
216
- <input name="aiowps_enable_registration_page_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
217
- <span class="description"><?php _e('Check this if you want to insert a captcha form on the WordPress user registration page (if you allow user registration).', 'aiowpsecurity'); ?></span>
218
- </td>
219
- </tr>
220
- </table>
221
- <input type="submit" name="aiowpsec_save_registration_captcha_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
222
- </form>
223
- </div></div>
224
  <?php
 
225
  }
226
 
227
 
202
  <h3><label for="title"><?php _e('Registration Page Captcha Settings', 'aiowpsecurity'); ?></label></h3>
203
  <div class="inside">
204
  <?php
205
+ if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)
206
+ {
207
+ //Hide config settings if MS and not main site
208
+ $special_msg = '<div class="aio_yellow_box">';
209
+ $special_msg .= '<p>'.__('The core default behaviour for WordPress Multi Site regarding user registration is that all users are registered via the main site.','aiowpsecurity').'</p>';
210
+ $special_msg .= '<p>'.__('Therefore, if you would like to add a captcha form to the registration page for a Multi Site, please go to "Registration Captcha" settings on the main site.','aiowpsecurity').'</p>';
211
+ $special_msg .= '</div>';
212
+ echo $special_msg;
213
+ }
214
+ else
215
+ {
216
+ //Display security info badge
217
+ global $aiowps_feature_mgr;
218
+ $aiowps_feature_mgr->output_feature_details_badge("user-registration-captcha");
219
+ ?>
220
 
221
+ <form action="" method="POST">
222
  <?php wp_nonce_field('aiowpsec-registration-captcha-settings-nonce'); ?>
223
+ <table class="form-table">
224
+ <tr valign="top">
225
+ <th scope="row"><?php _e('Enable Captcha On Registration Page', 'aiowpsecurity')?>:</th>
226
+ <td>
227
+ <input name="aiowps_enable_registration_page_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
228
+ <span class="description"><?php _e('Check this if you want to insert a captcha form on the WordPress user registration page (if you allow user registration).', 'aiowpsecurity'); ?></span>
229
+ </td>
230
+ </tr>
231
+ </table>
232
+ <input type="submit" name="aiowpsec_save_registration_captcha_settings" value="<?php _e('Save Settings', 'aiowpsecurity')?>" class="button-primary" />
233
+ </form>
234
+ </div></div>
235
  <?php
236
+ }
237
  }
238
 
239
 
classes/wp-security-general-init-tasks.php CHANGED
@@ -54,11 +54,26 @@ class AIOWPSecurity_General_Init_Tasks
54
  }
55
 
56
  //For registration page captcha feature
57
- if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1'){
58
- if (!is_user_logged_in()) {
59
- add_action('register_form', array(&$this, 'insert_captcha_question_form'));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
60
  }
61
  }
 
62
 
63
  //For comment captcha feature
64
  if (AIOWPSecurity_Utility::is_multisite_install()){
@@ -82,7 +97,7 @@ class AIOWPSecurity_General_Init_Tasks
82
  $this->update_logged_in_user_transient();
83
 
84
  //For block fake googlebots feature
85
- if($aio_wp_security->configs->get_value('aiowps_enable_block_fake_googlebots') == '1'){
86
  include_once(AIO_WP_SECURITY_PATH.'/classes/wp-security-bot-protection.php');
87
  AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
88
  }
@@ -173,6 +188,30 @@ class AIOWPSecurity_General_Init_Tasks
173
  }
174
  }
175
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
176
  function insert_captcha_question_form(){
177
  global $aio_wp_security;
178
  $aio_wp_security->captcha_obj->display_captcha_form();
54
  }
55
 
56
  //For registration page captcha feature
57
+ if (AIOWPSecurity_Utility::is_multisite_install()){
58
+ $blog_id = get_current_blog_id();
59
+ switch_to_blog($blog_id);
60
+ if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1'){
61
+ if (!is_user_logged_in()) {
62
+ add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
63
+ //add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
64
+ add_filter( 'wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi') );
65
+
66
+ }
67
+ }
68
+ restore_current_blog();
69
+ }else{
70
+ if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1'){
71
+ if (!is_user_logged_in()) {
72
+ add_action('register_form', array(&$this, 'insert_captcha_question_form'));
73
+ }
74
  }
75
  }
76
+
77
 
78
  //For comment captcha feature
79
  if (AIOWPSecurity_Utility::is_multisite_install()){
97
  $this->update_logged_in_user_transient();
98
 
99
  //For block fake googlebots feature
100
+ if($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots') == '1'){
101
  include_once(AIO_WP_SECURITY_PATH.'/classes/wp-security-bot-protection.php');
102
  AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
103
  }
188
  }
189
  }
190
 
191
+ function insert_captcha_question_form_multi($error)
192
+ {
193
+ global $aio_wp_security;
194
+ $aio_wp_security->captcha_obj->display_captcha_form();
195
+ }
196
+
197
+ function process_signup_form_multi($result)
198
+ {
199
+ global $aio_wp_security;
200
+ //Check if captcha enabled
201
+ if (array_key_exists('aiowps-captcha-answer', $_POST)) //If the register form with captcha was submitted then do some processing
202
+ {
203
+ isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
204
+ $captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
205
+ $submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
206
+ if($submitted_encoded_string !== $_POST['aiowps-captcha-string-info'])
207
+ {
208
+ //This means a wrong answer was entered
209
+ $result['errors']->add('generic', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'aiowpsecurity'));
210
+ }
211
+ }
212
+ return $result;
213
+ }
214
+
215
  function insert_captcha_question_form(){
216
  global $aio_wp_security;
217
  $aio_wp_security->captcha_obj->display_captcha_form();
classes/wp-security-process-renamed-login-page.php CHANGED
@@ -65,11 +65,18 @@ class AIOWPSecurity_Process_Renamed_Login_Page
65
  {
66
  global $aio_wp_security;
67
  if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
68
- wp_die( __( 'Please log in to access the WordPress admin area.', 'aiowpsecurity') );
69
  }
70
 
71
  $parsed_url = parse_url($_SERVER['REQUEST_URI']);
 
 
 
 
 
 
72
  $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
 
73
  if(untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative')
74
  || (!get_option('permalink_structure') && isset($_GET[$login_slug]))){
75
  status_header( 200 );
65
  {
66
  global $aio_wp_security;
67
  if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
68
+ AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
69
  }
70
 
71
  $parsed_url = parse_url($_SERVER['REQUEST_URI']);
72
+
73
+ //Bug fix: It has been discovered that entering something like the following "http://yoursite.com//xyz/wp-login.php" was revealing the hidden login page
74
+ //Check if there are instances of 2 or more "//" in the REQUEST_URI path
75
+ if (preg_match('/(\/)\1{1,}/', $parsed_url['path'])) {
76
+ AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
77
+ }
78
  $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
79
+
80
  if(untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative')
81
  || (!get_option('permalink_structure') && isset($_GET[$login_slug]))){
82
  status_header( 200 );
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === All In One WP Security & Firewall ===
2
- Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin
3
  Donate link: http://www.tipsandtricks-hq.com
4
  Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner
5
  Requires at least: 3.5
6
  Tested up to: 3.9.1
7
- Stable tag: 3.7.5
8
  License: GPLv3
9
 
10
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -159,6 +159,12 @@ None
159
 
160
  == Changelog ==
161
 
 
 
 
 
 
 
162
  = 3.7.5 =
163
  - Added a new DB scan feature. Go to the "Scanner" menu to use this new feature.
164
  - Added new settings import/export feature.
1
  === All In One WP Security & Firewall ===
2
+ Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin, samuelaguilera
3
  Donate link: http://www.tipsandtricks-hq.com
4
  Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner
5
  Requires at least: 3.5
6
  Tested up to: 3.9.1
7
+ Stable tag: 3.7.6
8
  License: GPLv3
9
 
10
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
159
 
160
  == Changelog ==
161
 
162
+ = 3.7.6 =
163
+ - Added ability to insert captcha in WordPress Multi Site registration form.
164
+ - Added a condition around the management permission constant. This will allow users to define a custom capability for this plugin's admin side via the wp-config file. This was submitted by Samuel Aguilera.
165
+ - Fixed a bug with the hidden login page feature.
166
+ - Fixed a small settings bug with the "block fake google bot" feature.
167
+
168
  = 3.7.5 =
169
  - Added a new DB scan feature. Go to the "Scanner" menu to use this new feature.
170
  - Added new settings import/export feature.
wp-security-core.php CHANGED
@@ -3,7 +3,7 @@
3
  if (!class_exists('AIO_WP_Security')){
4
 
5
  class AIO_WP_Security{
6
- var $version = '3.7.5';
7
  var $db_version = '1.6';
8
  var $plugin_url;
9
  var $plugin_path;
@@ -57,7 +57,9 @@ class AIO_WP_Security{
57
  define('AIO_WP_SECURITY_BACKUPS_DIR_NAME', 'aiowps_backups');
58
  define('AIO_WP_SECURITY_BACKUPS_PATH', AIO_WP_SECURITY_PATH.'/backups');
59
  define('AIO_WP_SECURITY_LIB_PATH', AIO_WP_SECURITY_PATH.'/lib');
60
- define('AIOWPSEC_MANAGEMENT_PERMISSION', 'manage_options');
 
 
61
  define('AIOWPSEC_MENU_SLUG_PREFIX', 'aiowpsec');
62
  define('AIOWPSEC_MAIN_MENU_SLUG', 'aiowpsec');
63
  define('AIOWPSEC_SETTINGS_MENU_SLUG', 'aiowpsec_settings');
3
  if (!class_exists('AIO_WP_Security')){
4
 
5
  class AIO_WP_Security{
6
+ var $version = '3.7.6';
7
  var $db_version = '1.6';
8
  var $plugin_url;
9
  var $plugin_path;
57
  define('AIO_WP_SECURITY_BACKUPS_DIR_NAME', 'aiowps_backups');
58
  define('AIO_WP_SECURITY_BACKUPS_PATH', AIO_WP_SECURITY_PATH.'/backups');
59
  define('AIO_WP_SECURITY_LIB_PATH', AIO_WP_SECURITY_PATH.'/lib');
60
+ if (!defined('AIOWPSEC_MANAGEMENT_PERMISSION')){//This will allow the user to define custom capability for this constant in wp-config file
61
+ define('AIOWPSEC_MANAGEMENT_PERMISSION', 'manage_options');
62
+ }
63
  define('AIOWPSEC_MENU_SLUG_PREFIX', 'aiowpsec');
64
  define('AIOWPSEC_MAIN_MENU_SLUG', 'aiowpsec');
65
  define('AIOWPSEC_SETTINGS_MENU_SLUG', 'aiowpsec_settings');
wp-security.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
- Version: v3.7.5
5
  Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6
  Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7
  Author URI: http://www.tipsandtricks-hq.com/
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
+ Version: v3.7.6
5
  Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6
  Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7
  Author URI: http://www.tipsandtricks-hq.com/