Version Description
- Added Rename Login page feature from the "Brute Force" menu to multisite sub-sites.
- Removed invalid "length" attribute from input element in captcha code.
- Fixed reset password feature whereby the URL which is sent out in the email for cases when rename login feature is enabled was not decoded properly.
- Corrected the check for boolean false if returned from wpdb query result.
- Added media button for wp editor in maintenance settings page.
Download this release
Release Info
| Developer | mra13 |
| Plugin |  All In One WP Security & Firewall |
| Version | 3.9.6 |
| Comparing to | |
| See all releases | |
Code changes from version 3.9.5 to 3.9.6
- admin/wp-security-admin-init.php +1 -5
- admin/wp-security-brute-force-menu.php +6 -2
- admin/wp-security-maintenance-menu.php +1 -1
- classes/wp-security-captcha.php +1 -1
- classes/wp-security-cronjob-handler.php +1 -1
- classes/wp-security-general-init-tasks.php +9 -0
- classes/wp-security-user-login.php +4 -4
- classes/wp-security-utility.php +1 -1
- other-includes/wp-security-rename-login-feature.php +1 -2
- readme.txt +7 -1
- wp-security-core.php +1 -1
- wp-security.php +1 -1
admin/wp-security-admin-init.php
CHANGED
|
@@ -223,11 +223,7 @@ class AIOWPSecurity_Admin_Init
|
|
| 223 |
}else{
|
| 224 |
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'), __('Firewall', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
|
| 225 |
}
|
| 226 |
-
|
| 227 |
-
//Suppress the Brute Force menu if site is a multi site AND not the main site
|
| 228 |
-
}else{
|
| 229 |
-
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'), __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
|
| 230 |
-
}
|
| 231 |
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'), __('SPAM Prevention', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
|
| 232 |
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
|
| 233 |
//Suppress the filescan menu if site is a multi site AND not the main site
|
| 223 |
}else{
|
| 224 |
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'), __('Firewall', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
|
| 225 |
}
|
| 226 |
+
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'), __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
|
|
|
|
|
|
|
|
|
|
|
|
|
| 227 |
add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'), __('SPAM Prevention', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
|
| 228 |
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
|
| 229 |
//Suppress the filescan menu if site is a multi site AND not the main site
|
admin/wp-security-brute-force-menu.php
CHANGED
|
@@ -49,8 +49,12 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 49 |
echo '<h2 class="nav-tab-wrapper">';
|
| 50 |
foreach ( $this->menu_tabs as $tab_key => $tab_caption )
|
| 51 |
{
|
| 52 |
-
|
| 53 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 54 |
}
|
| 55 |
echo '</h2>';
|
| 56 |
}
|
| 49 |
echo '<h2 class="nav-tab-wrapper">';
|
| 50 |
foreach ( $this->menu_tabs as $tab_key => $tab_caption )
|
| 51 |
{
|
| 52 |
+
if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1 && stristr($tab_caption, "Rename Login Page") === false){
|
| 53 |
+
//Suppress the all Brute Force menu tabs except rename login if site is a multi site AND not the main site
|
| 54 |
+
}else{
|
| 55 |
+
$active = $current_tab == $tab_key ? 'nav-tab-active' : '';
|
| 56 |
+
echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
|
| 57 |
+
}
|
| 58 |
}
|
| 59 |
echo '</h2>';
|
| 60 |
}
|
admin/wp-security-maintenance-menu.php
CHANGED
|
@@ -117,7 +117,7 @@ class AIOWPSecurity_Maintenance_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 117 |
$aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
|
| 118 |
}
|
| 119 |
$aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
|
| 120 |
-
$aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg'
|
| 121 |
wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);
|
| 122 |
?>
|
| 123 |
<br />
|
| 117 |
$aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
|
| 118 |
}
|
| 119 |
$aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
|
| 120 |
+
$aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg');
|
| 121 |
wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);
|
| 122 |
?>
|
| 123 |
<br />
|
classes/wp-security-captcha.php
CHANGED
|
@@ -86,7 +86,7 @@ class AIOWPSecurity_Captcha
|
|
| 86 |
$enc_result = base64_encode($current_time.$captcha_secret_string.$result);
|
| 87 |
$equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="'.$enc_result.'" />';
|
| 88 |
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="'.$current_time.'" />';
|
| 89 |
-
$equation_string .= '<input type="text" size="2"
|
| 90 |
return $equation_string;
|
| 91 |
}
|
| 92 |
|
| 86 |
$enc_result = base64_encode($current_time.$captcha_secret_string.$result);
|
| 87 |
$equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="'.$enc_result.'" />';
|
| 88 |
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="'.$current_time.'" />';
|
| 89 |
+
$equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
|
| 90 |
return $equation_string;
|
| 91 |
}
|
| 92 |
|
classes/wp-security-cronjob-handler.php
CHANGED
|
@@ -11,7 +11,7 @@ class AIOWPSecurity_Cronjob_Handler {
|
|
| 11 |
{
|
| 12 |
//Do stuff that needs checking every hours
|
| 13 |
global $aio_wp_security;
|
| 14 |
-
|
| 15 |
|
| 16 |
//do_action('aiowps_force_logout_check');
|
| 17 |
//do_action('aiowps_check_password_stuff');
|
| 11 |
{
|
| 12 |
//Do stuff that needs checking every hours
|
| 13 |
global $aio_wp_security;
|
| 14 |
+
//$aio_wp_security->debug_logger->log_debug_cron("Cronjob_Handler - Hourly cron handler got fired.");
|
| 15 |
|
| 16 |
//do_action('aiowps_force_logout_check');
|
| 17 |
//do_action('aiowps_check_password_stuff');
|
classes/wp-security-general-init-tasks.php
CHANGED
|
@@ -7,6 +7,7 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 7 |
|
| 8 |
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
|
| 9 |
add_action( 'widgets_init', array(&$this, 'remove_standard_wp_meta_widget' ));
|
|
|
|
| 10 |
}
|
| 11 |
|
| 12 |
add_action('admin_notices', array(&$this,'reapply_htaccess_rules_notice'));
|
|
@@ -394,4 +395,12 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 394 |
echo '<div class="updated"><p>Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin? <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1" class="button-primary">Yes</a> <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2" class="button-primary">No</a></p></div>';
|
| 395 |
}
|
| 396 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 397 |
}
|
| 7 |
|
| 8 |
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
|
| 9 |
add_action( 'widgets_init', array(&$this, 'remove_standard_wp_meta_widget' ));
|
| 10 |
+
add_filter( 'aiowps_retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 2); //Fix for non decoded html entities in password reset link
|
| 11 |
}
|
| 12 |
|
| 13 |
add_action('admin_notices', array(&$this,'reapply_htaccess_rules_notice'));
|
| 395 |
echo '<div class="updated"><p>Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin? <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1" class="button-primary">Yes</a> <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2" class="button-primary">No</a></p></div>';
|
| 396 |
}
|
| 397 |
}
|
| 398 |
+
|
| 399 |
+
//This is a fix for cases when the password reset URL in the email was not decoding all html entities properly
|
| 400 |
+
function decode_reset_pw_msg($message, $key)
|
| 401 |
+
{
|
| 402 |
+
global $aio_wp_security;
|
| 403 |
+
$message = html_entity_decode($message);
|
| 404 |
+
return $message;
|
| 405 |
+
}
|
| 406 |
}
|
classes/wp-security-user-login.php
CHANGED
|
@@ -216,7 +216,7 @@ class AIOWPSecurity_User_Login
|
|
| 216 |
$this->send_ip_lock_notification_email($username, $ip_range, $ip);
|
| 217 |
$aio_wp_security->debug_logger->log_debug("The following IP address range has been locked out for exceeding the maximum login attempts: ".$ip_range,2);//Log the lockdown event
|
| 218 |
}
|
| 219 |
-
else if ($result
|
| 220 |
{
|
| 221 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error
|
| 222 |
}
|
|
@@ -248,7 +248,7 @@ class AIOWPSecurity_User_Login
|
|
| 248 |
$insert = "INSERT INTO " . $login_fails_table . " (user_id, user_login, failed_login_date, login_attempt_ip) " .
|
| 249 |
"VALUES ('" . $user_id . "', '" . $username . "', now(), '" . $ip_range_str . "')";
|
| 250 |
$result = $wpdb->query($insert);
|
| 251 |
-
if ($result
|
| 252 |
{
|
| 253 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_fails_table,4);//Log the highly unlikely event of DB error
|
| 254 |
}
|
|
@@ -415,7 +415,7 @@ class AIOWPSecurity_User_Login
|
|
| 415 |
$insert = "INSERT INTO " . $login_activity_table . " (user_id, user_login, login_date, login_ip) " .
|
| 416 |
"VALUES ('" . $user->ID . "', '" . $user_login . "', '" . $login_date_time . "', '" . $curr_ip_address . "')";
|
| 417 |
$result = $wpdb->query($insert);
|
| 418 |
-
if ($result
|
| 419 |
{
|
| 420 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error
|
| 421 |
}
|
|
@@ -457,7 +457,7 @@ class AIOWPSecurity_User_Login
|
|
| 457 |
'login_ip' => $ip_addr,
|
| 458 |
'logout_date' => '0000-00-00 00:00:00');
|
| 459 |
$result = $wpdb->update($login_activity_table, $data, $where);
|
| 460 |
-
if ($result
|
| 461 |
{
|
| 462 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error
|
| 463 |
}
|
| 216 |
$this->send_ip_lock_notification_email($username, $ip_range, $ip);
|
| 217 |
$aio_wp_security->debug_logger->log_debug("The following IP address range has been locked out for exceeding the maximum login attempts: ".$ip_range,2);//Log the lockdown event
|
| 218 |
}
|
| 219 |
+
else if ($result === FALSE)
|
| 220 |
{
|
| 221 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error
|
| 222 |
}
|
| 248 |
$insert = "INSERT INTO " . $login_fails_table . " (user_id, user_login, failed_login_date, login_attempt_ip) " .
|
| 249 |
"VALUES ('" . $user_id . "', '" . $username . "', now(), '" . $ip_range_str . "')";
|
| 250 |
$result = $wpdb->query($insert);
|
| 251 |
+
if ($result === FALSE)
|
| 252 |
{
|
| 253 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_fails_table,4);//Log the highly unlikely event of DB error
|
| 254 |
}
|
| 415 |
$insert = "INSERT INTO " . $login_activity_table . " (user_id, user_login, login_date, login_ip) " .
|
| 416 |
"VALUES ('" . $user->ID . "', '" . $user_login . "', '" . $login_date_time . "', '" . $curr_ip_address . "')";
|
| 417 |
$result = $wpdb->query($insert);
|
| 418 |
+
if ($result === FALSE)
|
| 419 |
{
|
| 420 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error
|
| 421 |
}
|
| 457 |
'login_ip' => $ip_addr,
|
| 458 |
'logout_date' => '0000-00-00 00:00:00');
|
| 459 |
$result = $wpdb->update($login_activity_table, $data, $where);
|
| 460 |
+
if ($result === FALSE)
|
| 461 |
{
|
| 462 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error
|
| 463 |
}
|
classes/wp-security-utility.php
CHANGED
|
@@ -424,7 +424,7 @@ class AIOWPSecurity_Utility
|
|
| 424 |
if ($result > 0)
|
| 425 |
{
|
| 426 |
}
|
| 427 |
-
else if ($result
|
| 428 |
{
|
| 429 |
$aio_wp_security->debug_logger->log_debug("lock_IP: Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error
|
| 430 |
}
|
| 424 |
if ($result > 0)
|
| 425 |
{
|
| 426 |
}
|
| 427 |
+
else if ($result === FALSE)
|
| 428 |
{
|
| 429 |
$aio_wp_security->debug_logger->log_debug("lock_IP: Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error
|
| 430 |
}
|
other-includes/wp-security-rename-login-feature.php
CHANGED
|
@@ -384,8 +384,7 @@ function retrieve_password() {
|
|
| 384 |
* @param string $message Default mail message.
|
| 385 |
* @param string $key The activation key.
|
| 386 |
*/
|
| 387 |
-
$message = apply_filters( '
|
| 388 |
-
|
| 389 |
if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
|
| 390 |
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
|
| 391 |
|
| 384 |
* @param string $message Default mail message.
|
| 385 |
* @param string $key The activation key.
|
| 386 |
*/
|
| 387 |
+
$message = apply_filters( 'aiowps_retrieve_password_message', $message, $key );
|
|
|
|
| 388 |
if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
|
| 389 |
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
|
| 390 |
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
|
|
| 4 |
Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
|
| 5 |
Requires at least: 3.5
|
| 6 |
Tested up to: 4.2
|
| 7 |
-
Stable tag: 3.9.
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
|
|
@@ -177,6 +177,12 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
|
| 177 |
None
|
| 178 |
|
| 179 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 |
|
| 181 |
= 3.9.5 =
|
| 182 |
- Fixed minor bug - IP addresses blocked due to '404' were not being listed in the display table.
|
| 4 |
Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
|
| 5 |
Requires at least: 3.5
|
| 6 |
Tested up to: 4.2
|
| 7 |
+
Stable tag: 3.9.6
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
|
| 177 |
None
|
| 178 |
|
| 179 |
== Changelog ==
|
| 180 |
+
= 3.9.6 =
|
| 181 |
+
- Added Rename Login page feature from the "Brute Force" menu to multisite sub-sites.
|
| 182 |
+
- Removed invalid "length" attribute from input element in captcha code.
|
| 183 |
+
- Fixed reset password feature whereby the URL which is sent out in the email for cases when rename login feature is enabled was not decoded properly.
|
| 184 |
+
- Corrected the check for boolean false if returned from wpdb query result.
|
| 185 |
+
- Added media button for wp editor in maintenance settings page.
|
| 186 |
|
| 187 |
= 3.9.5 =
|
| 188 |
- Fixed minor bug - IP addresses blocked due to '404' were not being listed in the display table.
|
wp-security-core.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
if (!class_exists('AIO_WP_Security')){
|
| 4 |
|
| 5 |
class AIO_WP_Security{
|
| 6 |
-
var $version = '3.9.
|
| 7 |
var $db_version = '1.6';
|
| 8 |
var $plugin_url;
|
| 9 |
var $plugin_path;
|
| 3 |
if (!class_exists('AIO_WP_Security')){
|
| 4 |
|
| 5 |
class AIO_WP_Security{
|
| 6 |
+
var $version = '3.9.6';
|
| 7 |
var $db_version = '1.6';
|
| 8 |
var $plugin_url;
|
| 9 |
var $plugin_path;
|
wp-security.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
Plugin Name: All In One WP Security
|
| 4 |
-
Version: v3.9.
|
| 5 |
Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
| 6 |
Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
|
| 7 |
Author URI: http://www.tipsandtricks-hq.com/
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
Plugin Name: All In One WP Security
|
| 4 |
+
Version: v3.9.6
|
| 5 |
Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
| 6 |
Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
|
| 7 |
Author URI: http://www.tipsandtricks-hq.com/
|
