All In One WP Security & Firewall

Version Description

Improved DB prefix change code to make it more robust.
Fixed a minor bug for the Rename Login page feature.
Added check when processing rename login page to see if maintenance (lockout) mode enabled. Plugin will now display lockout message instead of 404 page if site lockout enabled.
Made the Cookie Based Brute Force Prevention feature more secure by introducing a 10 digit random suffix to the test cookie name.

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	3.7.7
Comparing to
See all releases

Code changes from version 3.7.6 to 3.7.7

Files changed (10) hide show

admin/wp-security-admin-init.php +31 -2
admin/wp-security-database-menu.php +6 -5
classes/wp-security-configure-settings.php +14 -10
classes/wp-security-process-renamed-login-page.php +36 -7
classes/wp-security-user-login.php +1 -2
classes/wp-security-utility-htaccess.php +2 -1
classes/wp-security-wp-loaded-tasks.php +3 -4
readme.txt +7 -1
wp-security-core.php +1 -1
wp-security.php +1 -1

admin/wp-security-admin-init.php CHANGED Viewed

@@ -104,13 +104,42 @@ class AIOWPSecurity_Admin_Init
                 function do_other_admin_side_init_tasks()
+                {
                     if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2')
+                    {
                         global $aio_wp_security;
                         if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
-            -
                            AIOWPSecurity_Utility::set_cookie_value("aiowps_cookie_test", "1");
                             $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
-            -
                            $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, "aiowps_cookie_test", "1");
                             AIOWPSecurity_Utility::redirect_to_url($redirect_url);
+                        }


104
105	function do_other_admin_side_init_tasks()
106	{
107	+ global $aio_wp_security;
108	+
109	+ //*New Feature improvement for Cookie Based Brute Force Protection*//
110	+ //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
111	+ //So now we will drop a more secure test cookie using a 10 digit random string
112	+
113	+ if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1'){
114	+ // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser and will write it to the .htaccess file too
115	+ $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
116	+ if(empty($test_cookie)){
117	+ $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
118	+ $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
119	+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
120	+ $aio_wp_security->configs->save_config();//save the value
121	+ AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
122	+
123	+ //Write this new cookie to the .htaccess file
124	+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
125	+ if($res == -1){
126	+ $aio_wp_security->debug_logger->log_debug("Error writing new test cookie with random suffix to .htaccess file!",4);
127	+ }
128	+
129	+ }
130	+ }
131	+ //For cookie test form submission case
132	if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2')
133	{
134	global $aio_wp_security;
135	if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
136	+ $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
137	+ $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
138	+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
139	+ $aio_wp_security->configs->save_config();//save the value
140	+ AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, "1");
141	$cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
142	+ $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
143	AIOWPSecurity_Utility::redirect_to_url($redirect_url);
144	}
145

admin/wp-security-database-menu.php CHANGED Viewed

	@@ -96,7 +96,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
96	//Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change.
97	$config_file = ABSPATH.'wp-config.php';
98	$file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file);
99	- if ($file_write ~~== false~~)
100	{
101	$this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'aiowpsecurity'));
102	}
	@@ -439,11 +439,12 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
439
440	//Get wp-config.php file contents and modify it with new info
441	$config_contents = file($config_file);

442	foreach ($config_contents as $line_num => $line) {
443	- ~~switch~~ (~~substr(~~$line~~,0,16~~)) {
444	- ~~case~~ '$~~table_prefix =':~~
445	- $config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line);
446	- break;
447	}
448	}
449	//Now let's modify the wp-config.php file


96	//Let's first check if user's system allows writing to wp-config.php file. If plugin cannot write to wp-config we will not do the prefix change.
97	$config_file = ABSPATH.'wp-config.php';
98	$file_write = AIOWPSecurity_Utility_File::is_file_writable($config_file);
99	+ if (!$file_write)
100	{
101	$this->show_msg_error(__('The plugin has detected that it cannot write to the wp-config.php file. This feature can only be used if the plugin can successfully write to the wp-config.php file.', 'aiowpsecurity'));
102	}

439
440	//Get wp-config.php file contents and modify it with new info
441	$config_contents = file($config_file);
442	+ $prefix_match_string = '$table_prefix='; //this is our search string for the wp-config.php file
443	foreach ($config_contents as $line_num => $line) {
444	+ $no_ws_line = preg_replace( '/\s+/', '', $line ); //Strip white spaces
445	+ if(strpos($no_ws_line, $prefix_match_string) !== FALSE){
446	+ $config_contents[$line_num] = str_replace($table_old_prefix, $table_new_prefix, $line);
447	+ break;
448	}
449	}
450	//Now let's modify the wp-config.php file

classes/wp-security-configure-settings.php CHANGED Viewed

	@@ -75,11 +75,6 @@ class AIOWPSecurity_Configure_Settings
75	$aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','');//Checkbox
76	$aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','');//Checkbox
77	$aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','');//Checkbox
78	- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','');//Checkbox
79	- $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word','');
80	- $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
81	- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
82	- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
83
84	//404 detection
85	$aio_wp_security->configs->set_value('aiowps_enable_404_logging','');//Checkbox
	@@ -90,6 +85,13 @@ class AIOWPSecurity_Configure_Settings
90	//Brute Force features
91	$aio_wp_security->configs->set_value('aiowps_enable_rename_login_page','');//Checkbox
92







93	//Maintenance menu - Visitor lockout feature
94	$aio_wp_security->configs->set_value('aiowps_site_lockout','');//Checkbox
95	$aio_wp_security->configs->set_value('aiowps_site_lockout_msg','');//Text area/msg box
	@@ -188,11 +190,6 @@ class AIOWPSecurity_Configure_Settings
188	$aio_wp_security->configs->add_value('aiowps_deny_bad_query_strings','');//Checkbox
189	$aio_wp_security->configs->add_value('aiowps_advanced_char_string_filter','');//Checkbox
190	$aio_wp_security->configs->add_value('aiowps_enable_5g_firewall','');//Checkbox
191	- $aio_wp_security->configs->add_value('aiowps_enable_brute_force_attack_prevention','');//Checkbox
192	- $aio_wp_security->configs->add_value('aiowps_brute_force_secret_word','');
193	- $aio_wp_security->configs->add_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
194	- $aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
195	- $aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
196
197	//404 detection
198	$aio_wp_security->configs->add_value('aiowps_enable_404_logging','');//Checkbox
	@@ -203,6 +200,13 @@ class AIOWPSecurity_Configure_Settings
203	//Brute Force features
204	$aio_wp_security->configs->add_value('aiowps_enable_rename_login_page','');//Checkbox
205







206	//Maintenance menu - Visitor lockout feature
207	$aio_wp_security->configs->add_value('aiowps_site_lockout','');//Checkbox
208	$aio_wp_security->configs->add_value('aiowps_site_lockout_msg','');//Text area/msg box


75	$aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','');//Checkbox
76	$aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','');//Checkbox
77	$aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','');//Checkbox





78
79	//404 detection
80	$aio_wp_security->configs->set_value('aiowps_enable_404_logging','');//Checkbox

85	//Brute Force features
86	$aio_wp_security->configs->set_value('aiowps_enable_rename_login_page','');//Checkbox
87
88	+ $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention','');//Checkbox
89	+ $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word','');
90	+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test','');
91	+ $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
92	+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
93	+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
94	+
95	//Maintenance menu - Visitor lockout feature
96	$aio_wp_security->configs->set_value('aiowps_site_lockout','');//Checkbox
97	$aio_wp_security->configs->set_value('aiowps_site_lockout_msg','');//Text area/msg box

190	$aio_wp_security->configs->add_value('aiowps_deny_bad_query_strings','');//Checkbox
191	$aio_wp_security->configs->add_value('aiowps_advanced_char_string_filter','');//Checkbox
192	$aio_wp_security->configs->add_value('aiowps_enable_5g_firewall','');//Checkbox





193
194	//404 detection
195	$aio_wp_security->configs->add_value('aiowps_enable_404_logging','');//Checkbox

200	//Brute Force features
201	$aio_wp_security->configs->add_value('aiowps_enable_rename_login_page','');//Checkbox
202
203	+ $aio_wp_security->configs->add_value('aiowps_enable_brute_force_attack_prevention','');//Checkbox
204	+ $aio_wp_security->configs->add_value('aiowps_brute_force_secret_word','');
205	+ $aio_wp_security->configs->add_value('aiowps_cookie_brute_test','');
206	+ $aio_wp_security->configs->add_value('aiowps_cookie_based_brute_force_redirect_url','http://127.0.0.1');
207	+ $aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_pw_protected_exception','');//Checkbox
208	+ $aio_wp_security->configs->add_value('aiowps_brute_force_attack_prevention_ajax_exception','');//Checkbox
209	+
210	//Maintenance menu - Visitor lockout feature
211	$aio_wp_security->configs->add_value('aiowps_site_lockout','');//Checkbox
212	$aio_wp_security->configs->add_value('aiowps_site_lockout_msg','');//Text area/msg box

classes/wp-security-process-renamed-login-page.php CHANGED Viewed

	@@ -9,6 +9,7 @@ class AIOWPSecurity_Process_Renamed_Login_Page
9	add_filter('site_url', array(&$this, 'aiowps_site_url'), 10, 2);
10	add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
11	add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);

12	remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL
13
14	}
	@@ -46,6 +47,12 @@ class AIOWPSecurity_Process_Renamed_Login_Page
46	return $this->aiowps_filter_wp_login_file($location);
47	}
48






49	//Filter all login url strings on the login page
50	function aiowps_filter_wp_login_file($url)
51	{
	@@ -60,21 +67,43 @@ class AIOWPSecurity_Process_Renamed_Login_Page
60	}
61	return $url;
62	}
63	-
64	static function renamed_login_init_tasks()
65	{
66	global $aio_wp_security;

67	if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
68	- ~~AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404~~();















69	}
70











71	$parsed_url = parse_url($_SERVER['REQUEST_URI']);
72
73	- //Bug fix: It has been discovered that entering something like the following "http://yoursite.com//xyz/wp-login.php" was revealing the hidden login page
74	- //Check if there are instances of 2 or more "//" in the REQUEST_URI path
75	- if (preg_match('/(\/)\1{1,}/', $parsed_url['path'])) {
76	- AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
77	- }
78	$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
79
80	if(untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative')


9	add_filter('site_url', array(&$this, 'aiowps_site_url'), 10, 2);
10	add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
11	add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);
12	+ add_filter('register', array(&$this, 'register_link'));
13	remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL
14
15	}

47	return $this->aiowps_filter_wp_login_file($location);
48	}
49
50	+ //Filter register link on the login page
51	+ function register_link($registration_url)
52	+ {
53	+ return $this->aiowps_filter_wp_login_file($registration_url);
54	+ }
55	+
56	//Filter all login url strings on the login page
57	function aiowps_filter_wp_login_file($url)
58	{

67	}
68	return $url;
69	}
70	+
71	static function renamed_login_init_tasks()
72	{
73	global $aio_wp_security;
74	+ //case where someone attempting to reach wp-admin
75	if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
76	+ //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
77	+ if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
78	+ AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
79	+ }else{
80	+ AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
81	+ }
82	+ }
83	+
84	+ //case where someone attempting to reach wp-login
85	+ if(isset($_SERVER['REQUEST_URI']) && strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && !is_user_logged_in()){
86	+ //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
87	+ if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
88	+ AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
89	+ }else{
90	+ AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
91	+ }
92	}
93
94	+ //case where someone attempting to reach the standard register or signup pages
95	+ if(isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], 'wp-register.php' ) \|\|
96	+ isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], 'wp-signup.php' )){
97	+ //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
98	+ if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
99	+ AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
100	+ }else{
101	+ AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
102	+ }
103	+ }
104	+
105	$parsed_url = parse_url($_SERVER['REQUEST_URI']);
106





107	$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
108
109	if(untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative')

classes/wp-security-user-login.php CHANGED Viewed

	@@ -40,8 +40,7 @@ class AIOWPSecurity_User_Login
40	add_action('login_form', array(&$this, 'insert_unlock_request_form'));
41	}
42	$aio_wp_security->debug_logger->log_debug("Login attempt from blocked IP range - ".$user_locked['failed_login_ip'],2);
43	- return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Login failed because your IP address has been blocked.
44	- Please contact the administrator.', 'aiowpsecurity'));
45	//$unlock_msg_form = $this->user_unlock_message();
46	//return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Login failed because your IP address has been blocked.
47	// Please contact the administrator.', 'aiowpsecurity').$unlock_msg_form);


40	add_action('login_form', array(&$this, 'insert_unlock_request_form'));
41	}
42	$aio_wp_security->debug_logger->log_debug("Login attempt from blocked IP range - ".$user_locked['failed_login_ip'],2);
43	+ return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Login failed because your IP address has been blocked. Please contact the administrator.', 'aiowpsecurity'));

44	//$unlock_msg_form = $this->user_unlock_message();
45	//return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Login failed because your IP address has been blocked.
46	// Please contact the administrator.', 'aiowpsecurity').$unlock_msg_form);

classes/wp-security-utility-htaccess.php CHANGED Viewed

	@@ -466,6 +466,7 @@ class AIOWPSecurity_Utility_Htaccess
466	if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1')
467	{
468	$cookie_name = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');

469	$redirect_url = $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url');
470	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_start . PHP_EOL; //Add feature marker start
471	$rules .= 'RewriteEngine On' . PHP_EOL;
	@@ -479,7 +480,7 @@ class AIOWPSecurity_Utility_Htaccess
479	$rules .= 'RewriteCond %{QUERY_STRING} !(action\=postpass)' . PHP_EOL; // Possible workaround for people usign the password protected page/post feature
480	}
481	$rules .= 'RewriteCond %{HTTP_COOKIE} !'.$cookie_name.'= [NC]' . PHP_EOL;
482	- $rules .= 'RewriteCond %{HTTP_COOKIE} !~~aiowps_cookie_test~~= [NC]' . PHP_EOL;
483	$rules .= 'RewriteRule .* '.$redirect_url.' [L]' . PHP_EOL;
484	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_end . PHP_EOL; //Add feature marker end
485	}


466	if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1')
467	{
468	$cookie_name = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
469	+ $test_cookie_name = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
470	$redirect_url = $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url');
471	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_start . PHP_EOL; //Add feature marker start
472	$rules .= 'RewriteEngine On' . PHP_EOL;

480	$rules .= 'RewriteCond %{QUERY_STRING} !(action\=postpass)' . PHP_EOL; // Possible workaround for people usign the password protected page/post feature
481	}
482	$rules .= 'RewriteCond %{HTTP_COOKIE} !'.$cookie_name.'= [NC]' . PHP_EOL;
483	+ $rules .= 'RewriteCond %{HTTP_COOKIE} !'.$test_cookie_name.'= [NC]' . PHP_EOL;
484	$rules .= 'RewriteRule .* '.$redirect_url.' [L]' . PHP_EOL;
485	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_end . PHP_EOL; //Add feature marker end
486	}

classes/wp-security-wp-loaded-tasks.php CHANGED Viewed

	@@ -17,14 +17,13 @@ class AIOWPSecurity_WP_Loaded_Tasks {
17
18	//For site lockout feature (ie, maintenance mode). It needs to be checked after the rename login page
19	if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
20	- if (!is_user_logged_in() && !current_user_can('administrator') && !is_admin() && !in_array( $GLOBALS['pagenow'], array( 'wp-login.php'~~, 'wp-register.php'~~ ))) {
21	- ~~$this->~~site_lockout_tasks();
22	}
23	}
24	-
25	}
26
27	- function site_lockout_tasks(){
28	nocache_headers();
29	header("HTTP/1.0 503 Service Unavailable");
30	remove_action('wp_head','head_addons',7);


17
18	//For site lockout feature (ie, maintenance mode). It needs to be checked after the rename login page
19	if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
20	+ if (!is_user_logged_in() && !current_user_can('administrator') && !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php'))) {
21	+ self::site_lockout_tasks();
22	}
23	}

24	}
25
26	+ static function site_lockout_tasks(){
27	nocache_headers();
28	header("HTTP/1.0 503 Service Unavailable");
29	remove_action('wp_head','head_addons',7);

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner
5	Requires at least: 3.5
6	Tested up to: 3.9.1
7	- Stable tag: 3.7.6
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -159,6 +159,12 @@ None
159
160	== Changelog ==
161






162	= 3.7.6 =
163	- Added ability to insert captcha in WordPress Multi Site registration form.
164	- Added a condition around the management permission constant. This will allow users to define a custom capability for this plugin's admin side via the wp-config file. This was submitted by Samuel Aguilera.


4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner
5	Requires at least: 3.5
6	Tested up to: 3.9.1
7	+ Stable tag: 3.7.7
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

159
160	== Changelog ==
161
162	+ = 3.7.7 =
163	+ - Improved DB prefix change code to make it more robust.
164	+ - Fixed a minor bug for the Rename Login page feature.
165	+ - Added check when processing rename login page to see if maintenance (lockout) mode enabled. Plugin will now display lockout message instead of 404 page if site lockout enabled.
166	+ - Made the Cookie Based Brute Force Prevention feature more secure by introducing a 10 digit random suffix to the test cookie name.
167	+
168	= 3.7.6 =
169	- Added ability to insert captcha in WordPress Multi Site registration form.
170	- Added a condition around the management permission constant. This will allow users to define a custom capability for this plugin's admin side via the wp-config file. This was submitted by Samuel Aguilera.

wp-security-core.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	- var $version = '3.7.6';
7	var $db_version = '1.6';
8	var $plugin_url;
9	var $plugin_path;


3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	+ var $version = '3.7.7';
7	var $db_version = '1.6';
8	var $plugin_url;
9	var $plugin_path;

wp-security.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: v3.7.6
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: http://www.tipsandtricks-hq.com/


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: v3.7.7
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: http://www.tipsandtricks-hq.com/

All In One WP Security & Firewall - Version 3.7.7

Version Description

Release Info

Code changes from version 3.7.6 to 3.7.7