All In One WP Security & Firewall

Version Description

Added urlencode to query strings in URLs to prevent unexpected behaviour. Thanks to @chesio for spotting the issue.
Added new feature to stop users enumeration. Thanks to @davidegiunchidiennea for adding this.
Added a more robust code for check_user_exists function. Thanks to Christian Carey.
Added cron cleanup of the global meta table.
Added a title in each of the admin interface menu.

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	4.0.3
Comparing to
See all releases

Code changes from version 4.0.1 to 4.0.3

Files changed (33) hide show

admin/wp-security-admin-menu.php +1 -1
admin/wp-security-blacklist-menu.php +5 -4
admin/wp-security-brute-force-menu.php +18 -14
admin/wp-security-dashboard-menu.php +22 -21
admin/wp-security-database-menu.php +7 -6
admin/wp-security-filescan-menu.php +9 -8
admin/wp-security-filesystem-menu.php +8 -7
admin/wp-security-firewall-menu.php +22 -21
admin/wp-security-list-comment-spammer-ip.php +18 -17
admin/wp-security-list-registered-users.php +8 -0
admin/wp-security-maintenance-menu.php +5 -4
admin/wp-security-misc-options-menu.php +61 -6
admin/wp-security-settings-menu.php +62 -18
admin/wp-security-spam-menu.php +9 -8
admin/wp-security-user-accounts-menu.php +10 -9
admin/wp-security-user-login-menu.php +15 -14
admin/wp-security-user-registration-menu.php +7 -6
admin/wp-security-whois-menu.php +6 -4
classes/wp-security-backup.php +25 -4
classes/wp-security-configure-settings.php +10 -0
classes/wp-security-debug-logger.php +8 -2
classes/wp-security-file-scan.php +4 -1
classes/wp-security-general-init-tasks.php +28 -2
classes/wp-security-user-login.php +6 -0
classes/wp-security-utility-file.php +31 -4
classes/wp-security-utility-htaccess.php +279 -340
classes/wp-security-utility-ip-address.php +12 -0
classes/wp-security-utility.php +22 -13
lib/whois/whois.gtld.php +1 -1
other-includes/wp-security-stop-users-enumeration.php +46 -0
readme.txt +23 -3
wp-security-core.php +1 -1
wp-security.php +1 -1

admin/wp-security-admin-menu.php CHANGED Viewed

	@@ -29,7 +29,7 @@ abstract class AIOWPSecurity_Admin_Menu
29	//Always send string with translation markers in it
30	?>
31	<div class="postbox">
32	- <h3><label for="title"><?php echo $title; ?></label></h3>
33	<div class="inside">
34	<?php echo $content; ?>
35	</div>


29	//Always send string with translation markers in it
30	?>
31	<div class="postbox">
32	+ <h3 class="hndle"><label for="title"><?php echo $title; ?></label></h3>
33	<div class="inside">
34	<?php echo $content; ?>
35	</div>

admin/wp-security-blacklist-menu.php CHANGED Viewed

	@@ -51,13 +51,14 @@ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
51	*/
52	function render_menu_page()
53	{


54	$this->set_menu_tabs();
55	$tab = $this->get_current_tab();
56	- ?>
57	- ~~<div class="wrap">~~
58	<div id="poststuff"><div id="post-body">
59	<?php
60	- $this->render_menu_tabs();
61	//$tab_keys = array_keys($this->menu_tabs);
62	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
63	?>
	@@ -151,7 +152,7 @@ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
151	</div>
152
153	<div class="postbox">
154	- <h3><label for="title"><?php _e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
155	<div class="inside">
156	<?php
157	//Display security info badge


51	*/
52	function render_menu_page()
53	{
54	+ echo '<div class="wrap">';
55	+ echo '<h2>'.__('Blacklist Manager','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
56	$this->set_menu_tabs();
57	$tab = $this->get_current_tab();
58	+ $this->render_menu_tabs();
59	+ ?>
60	<div id="poststuff"><div id="post-body">
61	<?php

62	//$tab_keys = array_keys($this->menu_tabs);
63	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
64	?>

152	</div>
153
154	<div class="postbox">
155	+ <h3 class="hndle"><label for="title"><?php _e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
156	<div class="inside">
157	<?php
158	//Display security info badge

admin/wp-security-brute-force-menu.php CHANGED Viewed

	@@ -64,13 +64,14 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
64	*/
65	function render_menu_page()
66	{


67	$this->set_menu_tabs();
68	$tab = $this->get_current_tab();
69	- ?>
70	- ~~<div class="wrap">~~
71	<div id="poststuff"><div id="post-body">
72	<?php
73	- $this->render_menu_tabs();
74	//$tab_keys = array_keys($this->menu_tabs);
75	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
76	?>
	@@ -168,7 +169,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
168	}
169	?>
170	<div class="postbox">
171	- <h3><label for="title"><?php _e('Rename Login Page Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
172	<div class="inside">
173	<?php
174	//Display security info badge
	@@ -333,7 +334,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
333	?>
334
335	<div class="postbox">
336	- <h3><label for="title"><?php _e('Cookie Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
337	<div class="inside">
338	<?php
339	//Display security info badge
	@@ -512,7 +513,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
512	</div>
513	<form action="" method="POST">
514	<div class="postbox">
515	- <h3><label for="title"><?php _e('Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
516	<div class="inside">
517	<?php
518	//Display security info badge
	@@ -532,7 +533,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
532	</table>
533	</div></div>
534	<div class="postbox">
535	- <h3><label for="title"><?php _e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
536	<div class="inside">
537	<?php
538	//Display security info badge
	@@ -550,7 +551,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
550	</table>
551	</div></div>
552	<div class="postbox">
553	- <h3><label for="title"><?php _e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
554	<div class="inside">
555	<?php
556	//Display security info badge
	@@ -603,8 +604,8 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
603	//success case
604	$result = 1;
605	$list = $payload[1];
606	- $~~banned_ip_data~~ = implode(PHP_EOL, $list);
607	- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$~~banned_ip_data~~);
608	$_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
609	}
610	else{
	@@ -659,7 +660,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
659	</div>
660
661	<div class="postbox">
662	- <h3><label for="title"><?php _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
663	<div class="inside">
664	<?php
665	//Display security info badge
	@@ -692,11 +693,14 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
692	<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
693	<div class="aiowps_more_info_body">
694	<?php
695	- echo '<p class="description">'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
696	- echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
697	echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
698	echo '<p class="description">'.__('Example 2: 195.47..', 'all-in-one-wp-security-and-firewall').'</p>';
699	echo '<p class="description">'.__('Example 3: 195...*', 'all-in-one-wp-security-and-firewall').'</p>';



700	?>
701	</div>
702
	@@ -745,7 +749,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
745	</div>
746	<form action="" method="POST">
747	<div class="postbox">
748	- <h3><label for="title"><?php _e('Login Form Honeypot Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
749	<div class="inside">
750	<?php
751	//Display security info badge


64	*/
65	function render_menu_page()
66	{
67	+ echo '<div class="wrap">';
68	+ echo '<h2>'.__('Brute Force','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
69	$this->set_menu_tabs();
70	$tab = $this->get_current_tab();
71	+ $this->render_menu_tabs();
72	+ ?>
73	<div id="poststuff"><div id="post-body">
74	<?php

75	//$tab_keys = array_keys($this->menu_tabs);
76	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
77	?>

169	}
170	?>
171	<div class="postbox">
172	+ <h3 class="hndle"><label for="title"><?php _e('Rename Login Page Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
173	<div class="inside">
174	<?php
175	//Display security info badge

334	?>
335
336	<div class="postbox">
337	+ <h3 class="hndle"><label for="title"><?php _e('Cookie Based Brute Force Login Prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
338	<div class="inside">
339	<?php
340	//Display security info badge

513	</div>
514	<form action="" method="POST">
515	<div class="postbox">
516	+ <h3 class="hndle"><label for="title"><?php _e('Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
517	<div class="inside">
518	<?php
519	//Display security info badge

533	</table>
534	</div></div>
535	<div class="postbox">
536	+ <h3 class="hndle"><label for="title"><?php _e('Custom Login Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
537	<div class="inside">
538	<?php
539	//Display security info badge

551	</table>
552	</div></div>
553	<div class="postbox">
554	+ <h3 class="hndle"><label for="title"><?php _e('Lost Password Form Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
555	<div class="inside">
556	<?php
557	//Display security info badge

604	//success case
605	$result = 1;
606	$list = $payload[1];
607	+ $whitelist_ip_data = implode(PHP_EOL, $list);
608	+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$whitelist_ip_data);
609	$_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
610	}
611	else{

660	</div>
661
662	<div class="postbox">
663	+ <h3 class="hndle"><label for="title"><?php _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
664	<div class="inside">
665	<?php
666	//Display security info badge

693	<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
694	<div class="aiowps_more_info_body">
695	<?php
696	+ echo '<p class="description"><strong>'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</strong></p>';
697	+ echo '<p class="description">'.__('To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
698	echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
699	echo '<p class="description">'.__('Example 2: 195.47..', 'all-in-one-wp-security-and-firewall').'</p>';
700	echo '<p class="description">'.__('Example 3: 195...*', 'all-in-one-wp-security-and-firewall').'</p>';
701	+ echo '<p class="description">'.__('Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)', 'all-in-one-wp-security-and-firewall').'</p>';
702	+ echo '<p class="description">'.__('Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05', 'all-in-one-wp-security-and-firewall').'</p>';
703	+ echo '<p class="description">'.__('Example 5: 2205:0:1ca2:810d::', 'all-in-one-wp-security-and-firewall').'</p>';
704	?>
705	</div>
706

749	</div>
750	<form action="" method="POST">
751	<div class="postbox">
752	+ <h3 class="hndle"><label for="title"><?php _e('Login Form Honeypot Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
753	<div class="inside">
754	<?php
755	//Display security info badge

admin/wp-security-dashboard-menu.php CHANGED Viewed

	@@ -56,13 +56,14 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
56	*/
57	function render_menu_page()
58	{


59	$this->set_menu_tabs();
60	$tab = $this->get_current_tab();
61	- ?>
62	- <div class="wrap">
63	- <div id="poststuff"><div id="post-body">
64	- <?php
65	$this->render_menu_tabs();



66	//$tab_keys = array_keys($this->menu_tabs);
67	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
68	?>
	@@ -91,7 +92,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
91
92	<div class="aiowps_dashboard_box_small">
93	<div class="postbox">
94	- <h3><label for="title"><?php _e('Security Strength Meter', 'all-in-one-wp-security-and-firewall');?></label></h3>
95	<div class="inside">
96
97	<script type='text/javascript'>
	@@ -132,7 +133,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
132
133	<div class="aiowps_dashboard_box_small">
134	<div class="postbox">
135	- <h3><label for="title"><?php _e('Security Points Breakdown', 'all-in-one-wp-security-and-firewall');?></label></h3>
136	<div class="inside">
137
138	<?php
	@@ -173,7 +174,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
173
174	<div class="aiowps_dashboard_box_small aiowps_spread_the_word_widget">
175	<div class="postbox">
176	- <h3><label for="title"><?php _e('Spread the Word', 'all-in-one-wp-security-and-firewall');?></label></h3>
177	<div class="inside">
178
179	<p><?php _e('We are working hard to make your WordPress site more secure. Please support us, here is how:', 'all-in-one-wp-security-and-firewall');?></p>
	@@ -192,7 +193,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
192
193	<div class="aiowps_dashboard_box_small">
194	<div class="postbox">
195	- <h3><label for="title"><?php _e('Critical Feature Status', 'all-in-one-wp-security-and-firewall');?></label></h3>
196	<div class="inside">
197
198	<?php
	@@ -263,7 +264,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
263
264	<div class="aiowps_dashboard_box_small">
265	<div class="postbox">
266	- <h3><label for="title"><?php _e('Last 5 Logins', 'all-in-one-wp-security-and-firewall');?></label></h3>
267	<div class="inside">
268	<?php
269	global $wpdb;
	@@ -311,7 +312,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
311
312	<div class="aiowps_dashboard_box_small">
313	<div class="postbox">
314	- <h3><label for="title"><?php _e('Maintenance Mode Status', 'all-in-one-wp-security-and-firewall');?></label></h3>
315	<div class="inside">
316	<?php
317	if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
	@@ -344,7 +345,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
344	?>
345	<div class="aiowps_dashboard_box_small">
346	<div class="postbox">
347	- <h3><label for="title"><?php _e('Cookie Based Brute Prevention', 'all-in-one-wp-security-and-firewall');?></label></h3>
348	<div class="inside">
349	<?php
350	$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">'.__('Cookie-Based Brute Force','all-in-one-wp-security-and-firewall').'</a>';
	@@ -367,7 +368,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
367	?>
368	<div class="aiowps_dashboard_box_small">
369	<div class="postbox">
370	- <h3><label for="title"><?php _e('Rename Login Page', 'all-in-one-wp-security-and-firewall');?></label></h3>
371	<div class="inside">
372	<?php
373	if (get_option('permalink_structure')){
	@@ -394,7 +395,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
394
395	echo '<div class="aiowps_dashboard_box_small">';
396	echo '<div class="postbox">';
397	- echo '<h3><label for="title">File Change Detection</label></h3>';
398	echo '<div class="inside">';
399
400	if($aio_wp_security->configs->get_value('aiowps_fcds_change_detected')){
	@@ -412,7 +413,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
412
413	<div class="aiowps_dashboard_box_small">
414	<div class="postbox">
415	- <h3><label for="title"><?php _e('Logged In Users', 'all-in-one-wp-security-and-firewall');?></label></h3>
416	<div class="inside">
417	<?php
418	$users_online_link = '<a href="admin.php?page='.AIOWPSEC_USER_LOGIN_MENU_SLUG.'&tab=tab5">Logged In Users</a>';
	@@ -459,7 +460,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
459
460	<div class="aiowps_dashboard_box_small">
461	<div class="postbox">
462	- <h3><label for="title"><?php _e('Locked IP Addresses', 'all-in-one-wp-security-and-firewall');?></label></h3>
463	<div class="inside">
464	<?php
465	$locked_ips_link = '<a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab3">Locked IP Addresses</a>';
	@@ -515,7 +516,7 @@ var msnry = new Masonry( container, {
515	global $wpdb;
516	?>
517	<div class="postbox">
518	- <h3><label for="title"><?php _e('Site Info', 'all-in-one-wp-security-and-firewall');?></label></h3>
519	<div class="inside">
520	<strong><?php _e('Plugin Version', 'all-in-one-wp-security-and-firewall');?>: </strong><code><?php echo AIO_WP_SECURITY_VERSION;?></code><br />
521	<strong><?php _e('WP Version', 'all-in-one-wp-security-and-firewall');?>: </strong><code><?php echo get_bloginfo("version"); ?></code><br />
	@@ -532,7 +533,7 @@ var msnry = new Masonry( container, {
532	</div></div><!-- End of Site Info -->
533
534	<div class="postbox">
535	- <h3><label for="title"><?php _e('PHP Info', 'all-in-one-wp-security-and-firewall');?></label></h3>
536	<div class="inside">
537	<strong><?php _e('PHP Version', 'all-in-one-wp-security-and-firewall'); ?>: </strong><code><?php echo PHP_VERSION; ?></code><br />
538	<strong><?php _e('PHP Memory Usage', 'all-in-one-wp-security-and-firewall'); ?>:
	@@ -607,7 +608,7 @@ var msnry = new Masonry( container, {
607	</div></div><!-- End of PHP Info -->
608
609	<div class="postbox">
610	- <h3><label for="title"><?php _e('Active Plugins', 'all-in-one-wp-security-and-firewall');?></label></h3>
611	<div class="inside">
612	<?php
613	$all_plugins = get_plugins();
	@@ -655,7 +656,7 @@ var msnry = new Masonry( container, {
655
656	?>
657	<div class="postbox">
658	- <h3><label for="title"><?php _e('Currently Locked Out IP Addresses and Ranges', 'all-in-one-wp-security-and-firewall');?></label></h3>
659	<div class="inside">
660	<?php
661	//Fetch, prepare, sort, and filter our data...
	@@ -685,7 +686,7 @@ var msnry = new Masonry( container, {
685	$file_selected = isset($_POST["aiowps_log_file"])?$_POST["aiowps_log_file"]:'';
686	?>
687	<div class="postbox">
688	- <h3><label for="title"><?php _e('View Logs for All In WP Security & Firewall Plugin', 'all-in-one-wp-security-and-firewall');?></label></h3>
689	<div class="inside">
690	<form action="" method="POST">
691	<?php wp_nonce_field('aiowpsec-dashboard-logs-nonce'); ?>
	@@ -720,7 +721,7 @@ var msnry = new Masonry( container, {
720	if(!empty($file_selected)){
721	?>
722	<div class="postbox">
723	- <h3><label for="title"><?php echo __('Log File Contents For', 'all-in-one-wp-security-and-firewall').': '.$file_selected;?></label></h3>
724	<div class="inside">
725	<?php
726	$aiowps_log_dir = AIO_WP_SECURITY_PATH.'/logs';


56	*/
57	function render_menu_page()
58	{
59	+ echo '<div class="wrap">';
60	+ echo '<h2>'.__('Dashboard','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
61	$this->set_menu_tabs();
62	$tab = $this->get_current_tab();




63	$this->render_menu_tabs();
64	+ ?>
65	+ <div id="poststuff"><div id="post-body">
66	+ <?php
67	//$tab_keys = array_keys($this->menu_tabs);
68	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
69	?>

92
93	<div class="aiowps_dashboard_box_small">
94	<div class="postbox">
95	+ <h3 class="hndle"><label for="title"><?php _e('Security Strength Meter', 'all-in-one-wp-security-and-firewall');?></label></h3>
96	<div class="inside">
97
98	<script type='text/javascript'>

133
134	<div class="aiowps_dashboard_box_small">
135	<div class="postbox">
136	+ <h3 class="hndle"><label for="title"><?php _e('Security Points Breakdown', 'all-in-one-wp-security-and-firewall');?></label></h3>
137	<div class="inside">
138
139	<?php

174
175	<div class="aiowps_dashboard_box_small aiowps_spread_the_word_widget">
176	<div class="postbox">
177	+ <h3 class="hndle"><label for="title"><?php _e('Spread the Word', 'all-in-one-wp-security-and-firewall');?></label></h3>
178	<div class="inside">
179
180	<p><?php _e('We are working hard to make your WordPress site more secure. Please support us, here is how:', 'all-in-one-wp-security-and-firewall');?></p>

193
194	<div class="aiowps_dashboard_box_small">
195	<div class="postbox">
196	+ <h3 class="hndle"><label for="title"><?php _e('Critical Feature Status', 'all-in-one-wp-security-and-firewall');?></label></h3>
197	<div class="inside">
198
199	<?php

264
265	<div class="aiowps_dashboard_box_small">
266	<div class="postbox">
267	+ <h3 class="hndle"><label for="title"><?php _e('Last 5 Logins', 'all-in-one-wp-security-and-firewall');?></label></h3>
268	<div class="inside">
269	<?php
270	global $wpdb;

312
313	<div class="aiowps_dashboard_box_small">
314	<div class="postbox">
315	+ <h3 class="hndle"><label for="title"><?php _e('Maintenance Mode Status', 'all-in-one-wp-security-and-firewall');?></label></h3>
316	<div class="inside">
317	<?php
318	if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){

345	?>
346	<div class="aiowps_dashboard_box_small">
347	<div class="postbox">
348	+ <h3 class="hndle"><label for="title"><?php _e('Cookie Based Brute Prevention', 'all-in-one-wp-security-and-firewall');?></label></h3>
349	<div class="inside">
350	<?php
351	$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">'.__('Cookie-Based Brute Force','all-in-one-wp-security-and-firewall').'</a>';

368	?>
369	<div class="aiowps_dashboard_box_small">
370	<div class="postbox">
371	+ <h3 class="hndle"><label for="title"><?php _e('Rename Login Page', 'all-in-one-wp-security-and-firewall');?></label></h3>
372	<div class="inside">
373	<?php
374	if (get_option('permalink_structure')){

395
396	echo '<div class="aiowps_dashboard_box_small">';
397	echo '<div class="postbox">';
398	+ echo '<h3 class="hndle"><label for="title">File Change Detection</label></h3>';
399	echo '<div class="inside">';
400
401	if($aio_wp_security->configs->get_value('aiowps_fcds_change_detected')){

413
414	<div class="aiowps_dashboard_box_small">
415	<div class="postbox">
416	+ <h3 class="hndle"><label for="title"><?php _e('Logged In Users', 'all-in-one-wp-security-and-firewall');?></label></h3>
417	<div class="inside">
418	<?php
419	$users_online_link = '<a href="admin.php?page='.AIOWPSEC_USER_LOGIN_MENU_SLUG.'&tab=tab5">Logged In Users</a>';

460
461	<div class="aiowps_dashboard_box_small">
462	<div class="postbox">
463	+ <h3 class="hndle"><label for="title"><?php _e('Locked IP Addresses', 'all-in-one-wp-security-and-firewall');?></label></h3>
464	<div class="inside">
465	<?php
466	$locked_ips_link = '<a href="admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=tab3">Locked IP Addresses</a>';

516	global $wpdb;
517	?>
518	<div class="postbox">
519	+ <h3 class="hndle"><label for="title"><?php _e('Site Info', 'all-in-one-wp-security-and-firewall');?></label></h3>
520	<div class="inside">
521	<strong><?php _e('Plugin Version', 'all-in-one-wp-security-and-firewall');?>: </strong><code><?php echo AIO_WP_SECURITY_VERSION;?></code><br />
522	<strong><?php _e('WP Version', 'all-in-one-wp-security-and-firewall');?>: </strong><code><?php echo get_bloginfo("version"); ?></code><br />

533	</div></div><!-- End of Site Info -->
534
535	<div class="postbox">
536	+ <h3 class="hndle"><label for="title"><?php _e('PHP Info', 'all-in-one-wp-security-and-firewall');?></label></h3>
537	<div class="inside">
538	<strong><?php _e('PHP Version', 'all-in-one-wp-security-and-firewall'); ?>: </strong><code><?php echo PHP_VERSION; ?></code><br />
539	<strong><?php _e('PHP Memory Usage', 'all-in-one-wp-security-and-firewall'); ?>:

608	</div></div><!-- End of PHP Info -->
609
610	<div class="postbox">
611	+ <h3 class="hndle"><label for="title"><?php _e('Active Plugins', 'all-in-one-wp-security-and-firewall');?></label></h3>
612	<div class="inside">
613	<?php
614	$all_plugins = get_plugins();

656
657	?>
658	<div class="postbox">
659	+ <h3 class="hndle"><label for="title"><?php _e('Currently Locked Out IP Addresses and Ranges', 'all-in-one-wp-security-and-firewall');?></label></h3>
660	<div class="inside">
661	<?php
662	//Fetch, prepare, sort, and filter our data...

686	$file_selected = isset($_POST["aiowps_log_file"])?$_POST["aiowps_log_file"]:'';
687	?>
688	<div class="postbox">
689	+ <h3 class="hndle"><label for="title"><?php _e('View Logs for All In WP Security & Firewall Plugin', 'all-in-one-wp-security-and-firewall');?></label></h3>
690	<div class="inside">
691	<form action="" method="POST">
692	<?php wp_nonce_field('aiowpsec-dashboard-logs-nonce'); ?>

721	if(!empty($file_selected)){
722	?>
723	<div class="postbox">
724	+ <h3 class="hndle"><label for="title"><?php echo __('Log File Contents For', 'all-in-one-wp-security-and-firewall').': '.$file_selected;?></label></h3>
725	<div class="inside">
726	<?php
727	$aiowps_log_dir = AIO_WP_SECURITY_PATH.'/logs';

admin/wp-security-database-menu.php CHANGED Viewed

	@@ -62,13 +62,14 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
62	*/
63	function render_menu_page()
64	{


65	$this->set_menu_tabs();
66	$tab = $this->get_current_tab();
67	- ?>
68	- ~~<div class="wrap">~~
69	<div id="poststuff"><div id="post-body">
70	<?php
71	- $this->render_menu_tabs();
72	//$tab_keys = array_keys($this->menu_tabs);
73	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
74	?>
	@@ -140,7 +141,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
140	</div>
141
142	<div class="postbox">
143	- <h3><label for="title"><?php _e('DB Prefix Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
144	<div class="inside">
145	<?php
146	//Display security info badge
	@@ -295,7 +296,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
295
296	?>
297	<div class="postbox">
298	- <h3><label for="title"><?php _e('Manual Backup', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
299	<div class="inside">
300	<form action="" method="POST">
301	<?php wp_nonce_field('aiowpsec-db-manual-change-nonce'); ?>
	@@ -308,7 +309,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
308	</form>
309	</div></div>
310	<div class="postbox">
311	- <h3><label for="title"><?php _e('Automated Scheduled Backups', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
312	<div class="inside">
313	<?php
314	//Display security info badge


62	*/
63	function render_menu_page()
64	{
65	+ echo '<div class="wrap">';
66	+ echo '<h2>'.__('Database Security','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
67	$this->set_menu_tabs();
68	$tab = $this->get_current_tab();
69	+ $this->render_menu_tabs();
70	+ ?>
71	<div id="poststuff"><div id="post-body">
72	<?php

73	//$tab_keys = array_keys($this->menu_tabs);
74	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
75	?>

141	</div>
142
143	<div class="postbox">
144	+ <h3 class="hndle"><label for="title"><?php _e('DB Prefix Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
145	<div class="inside">
146	<?php
147	//Display security info badge

296
297	?>
298	<div class="postbox">
299	+ <h3 class="hndle"><label for="title"><?php _e('Manual Backup', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
300	<div class="inside">
301	<form action="" method="POST">
302	<?php wp_nonce_field('aiowpsec-db-manual-change-nonce'); ?>

309	</form>
310	</div></div>
311	<div class="postbox">
312	+ <h3 class="hndle"><label for="title"><?php _e('Automated Scheduled Backups', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
313	<div class="inside">
314	<?php
315	//Display security info badge

admin/wp-security-filescan-menu.php CHANGED Viewed

	@@ -55,13 +55,14 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
55	*/
56	function render_menu_page()
57	{


58	$this->set_menu_tabs();
59	$tab = $this->get_current_tab();
60	- ?>
61	- ~~<div class="wrap">~~
62	<div id="poststuff"><div id="post-body">
63	<?php
64	- $this->render_menu_tabs();
65	//$tab_keys = array_keys($this->menu_tabs);
66	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
67	?>
	@@ -230,7 +231,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
230	</div>
231
232	<div class="postbox">
233	- <h3><label for="title"><?php _e('Manual File Change Detection Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
234	<div class="inside">
235	<form action="" method="POST">
236	<?php wp_nonce_field('aiowpsec-fcd-manual-scan-nonce'); ?>
	@@ -243,7 +244,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
243	</form>
244	</div></div>
245	<div class="postbox">
246	- <h3><label for="title"><?php _e('View Last Saved File Change Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
247	<div class="inside">
248	<form action="" method="POST">
249	<?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>
	@@ -256,7 +257,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
256	</form>
257	</div></div>
258	<div class="postbox">
259	- <h3><label for="title"><?php _e('File Change Detection Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
260	<div class="inside">
261	<?php
262	//Display security info badge
	@@ -407,7 +408,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
407	</div>
408
409	<div class="postbox">
410	- <h3><label for="title"><?php _e('Database Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
411	<div class="inside">
412	<form action="" method="POST">
413	<?php wp_nonce_field('aiowpsec-manual-db-scan-nonce'); ?>
	@@ -449,7 +450,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
449	}
450	?>
451	<div class="postbox">
452	- <h3><label for="title"><?php _e('Latest File Change Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
453	<div class="inside">
454	<?php
455	$files_added_output = "";


55	*/
56	function render_menu_page()
57	{
58	+ echo '<div class="wrap">';
59	+ echo '<h2>'.__('Scanner','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
60	$this->set_menu_tabs();
61	$tab = $this->get_current_tab();
62	+ $this->render_menu_tabs();
63	+ ?>
64	<div id="poststuff"><div id="post-body">
65	<?php

66	//$tab_keys = array_keys($this->menu_tabs);
67	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
68	?>

231	</div>
232
233	<div class="postbox">
234	+ <h3 class="hndle"><label for="title"><?php _e('Manual File Change Detection Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
235	<div class="inside">
236	<form action="" method="POST">
237	<?php wp_nonce_field('aiowpsec-fcd-manual-scan-nonce'); ?>

244	</form>
245	</div></div>
246	<div class="postbox">
247	+ <h3 class="hndle"><label for="title"><?php _e('View Last Saved File Change Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
248	<div class="inside">
249	<form action="" method="POST">
250	<?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>

257	</form>
258	</div></div>
259	<div class="postbox">
260	+ <h3 class="hndle"><label for="title"><?php _e('File Change Detection Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
261	<div class="inside">
262	<?php
263	//Display security info badge

408	</div>
409
410	<div class="postbox">
411	+ <h3 class="hndle"><label for="title"><?php _e('Database Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
412	<div class="inside">
413	<form action="" method="POST">
414	<?php wp_nonce_field('aiowpsec-manual-db-scan-nonce'); ?>

450	}
451	?>
452	<div class="postbox">
453	+ <h3 class="hndle"><label for="title"><?php _e('Latest File Change Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
454	<div class="inside">
455	<?php
456	$files_added_output = "";

admin/wp-security-filesystem-menu.php CHANGED Viewed

	@@ -58,13 +58,14 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
58	*/
59	function render_menu_page()
60	{


61	$this->set_menu_tabs();
62	$tab = $this->get_current_tab();
63	- ?>
64	- ~~<div class="wrap">~~
65	<div id="poststuff"><div id="post-body">
66	<?php
67	- $this->render_menu_tabs();
68	//$tab_keys = array_keys($this->menu_tabs);
69	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
70	?>
	@@ -115,7 +116,7 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
115	</div>
116
117	<div class="postbox">
118	- <h3><label for="title"><?php _e('WP Directory and File Permissions Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
119	<div class="inside">
120	<?php
121	//Display security info badge
	@@ -209,7 +210,7 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
209	</div>
210
211	<div class="postbox">
212	- <h3><label for="title"><?php _e('Disable PHP File Editing', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
213	<div class="inside">
214	<?php
215	//Display security info badge
	@@ -286,7 +287,7 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
286	</div>
287
288	<div class="postbox">
289	- <h3><label for="title"><?php _e('Prevent Access to Default WP Files', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
290	<div class="inside">
291	<?php
292	//Display security info badge
	@@ -339,7 +340,7 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
339	</div>
340
341	<div class="postbox">
342	- <h3><label for="title"><?php _e('View System Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
343	<div class="inside">
344	<p>Please click the button below to view the latest system logs:</p>
345	<form action="" method="POST">


58	*/
59	function render_menu_page()
60	{
61	+ echo '<div class="wrap">';
62	+ echo '<h2>'.__('Filesystem Security','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
63	$this->set_menu_tabs();
64	$tab = $this->get_current_tab();
65	+ $this->render_menu_tabs();
66	+ ?>
67	<div id="poststuff"><div id="post-body">
68	<?php

69	//$tab_keys = array_keys($this->menu_tabs);
70	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
71	?>

116	</div>
117
118	<div class="postbox">
119	+ <h3 class="hndle"><label for="title"><?php _e('WP Directory and File Permissions Scan Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
120	<div class="inside">
121	<?php
122	//Display security info badge

210	</div>
211
212	<div class="postbox">
213	+ <h3 class="hndle"><label for="title"><?php _e('Disable PHP File Editing', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
214	<div class="inside">
215	<?php
216	//Display security info badge

287	</div>
288
289	<div class="postbox">
290	+ <h3 class="hndle"><label for="title"><?php _e('Prevent Access to Default WP Files', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
291	<div class="inside">
292	<?php
293	//Display security info badge

340	</div>
341
342	<div class="postbox">
343	+ <h3 class="hndle"><label for="title"><?php _e('View System Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
344	<div class="inside">
345	<p>Please click the button below to view the latest system logs:</p>
346	<form action="" method="POST">

admin/wp-security-firewall-menu.php CHANGED Viewed

	@@ -63,13 +63,14 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
63	*/
64	function render_menu_page()
65	{


66	$this->set_menu_tabs();
67	$tab = $this->get_current_tab();
68	- ?>
69	- ~~<div class="wrap">~~
70	<div id="poststuff"><div id="post-body">
71	<?php
72	- $this->render_menu_tabs();
73	//$tab_keys = array_keys($this->menu_tabs);
74	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
75	?>
	@@ -153,7 +154,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
153	?>
154
155	<div class="postbox">
156	- <h3><label for="title"><?php _e('Basic Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
157	<div class="inside">
158	<?php
159	//Display security info badge
	@@ -183,7 +184,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
183	</div></div>
184
185	<div class="postbox">
186	- <h3><label for="title"><?php _e('WordPress Pingback Vulnerability Protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
187	<div class="inside">
188	<?php
189	//Display security info badge
	@@ -213,7 +214,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
213	</div></div>
214
215	<div class="postbox">
216	- <h3><label for="title"><?php _e('Block Accesss to Debug Log File', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
217	<div class="inside">
218	<?php
219	//Display security info badge
	@@ -339,7 +340,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
339	<?php wp_nonce_field('aiowpsec-enable-additional-firewall-nonce'); ?>
340
341	<div class="postbox">
342	- <h3><label for="title"><?php _e('Listing of Directory Contents', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
343	<div class="inside">
344	<?php
345	//Display security info badge
	@@ -369,7 +370,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
369	</table>
370	</div></div>
371	<div class="postbox">
372	- <h3><label for="title"><?php _e('Trace and Track', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
373	<div class="inside">
374	<?php
375	//Display security info badge
	@@ -399,7 +400,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
399	</table>
400	</div></div>
401	<div class="postbox">
402	- <h3><label for="title"><?php _e('Proxy Comment Posting', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
403	<div class="inside">
404	<?php
405	//Display security info badge
	@@ -427,7 +428,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
427	</table>
428	</div></div>
429	<div class="postbox">
430	- <h3><label for="title"><?php _e('Bad Query Strings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
431	<div class="inside">
432	<?php
433	//Display security info badge
	@@ -456,7 +457,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
456	</table>
457	</div></div>
458	<div class="postbox">
459	- <h3><label for="title"><?php _e('Advanced Character String Filter', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
460	<div class="inside">
461	<?php
462	//Display security info badge
	@@ -542,7 +543,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
542	</div>
543
544	<div class="postbox">
545	- <h3><label for="title"><?php _e('5G Blacklist/Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
546	<div class="inside">
547	<?php
548	//Display security info badge
	@@ -634,7 +635,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
634	</div>
635
636	<div class="postbox">
637	- <h3><label for="title"><?php _e('Block Fake Googlebots', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
638	<div class="inside">
639	<?php
640	//Display security info badge
	@@ -707,7 +708,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
707	</div>
708
709	<div class="postbox">
710	- <h3><label for="title"><?php _e('Prevent Hotlinking', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
711	<div class="inside">
712	<?php
713	//Display security info badge
	@@ -835,7 +836,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
835	</div>
836
837	<div class="postbox">
838	- <h3><label for="title"><?php _e('404 Detection Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
839	<div class="inside">
840	<?php
841	//Display security info badge
	@@ -847,7 +848,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
847	<?php wp_nonce_field('aiowpsec-404-detection-nonce'); ?>
848	<table class="form-table">
849	<tr valign="top">
850	- <th scope="row"><?php _e('Enable IP ~~Lockout~~ ~~For~~ ~~404 Events~~', 'all-in-one-wp-security-and-firewall')?>:</th>
851	<td>
852	<input name="aiowps_enable_404_IP_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
853	<span class="description"><?php _e('Check this if you want to enable the lockout of selected IP addresses.', 'all-in-one-wp-security-and-firewall'); ?></span>
	@@ -855,13 +856,13 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
855	<div class="aiowps_more_info_body">
856	<p class="description">
857	<?php
858	- _e('When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses to ~~be blocked~~ in the table. All IP addresses you select to be blocked from the "404 Event Logs" table section will be unable to access your site.', 'all-in-one-wp-security-and-firewall');
859	?>
860	</p>
861	</div>
862	</td>
863	</tr>
864	- <!-- ~~currenty~~ this option is automatically set when the aiowps_enable_404_IP_lockout feature is turned on
865	<tr valign="top">
866	<th scope="row"><?php _e('Enable 404 Event Logging', 'all-in-one-wp-security-and-firewall')?>:</th>
867	<td>
	@@ -898,7 +899,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
898	</form>
899	</div></div>
900	<div class="postbox">
901	- <h3><label for="title"><?php _e('404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
902	<div class="inside">
903	<?php
904	//Fetch, prepare, sort, and filter our data...
	@@ -920,7 +921,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
920	</form>
921	</div></div>
922	<div class="postbox">
923	- <h3><label for="title"><?php _e('Delete All 404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
924	<div class="inside">
925	<form action="" method="POST">
926	<?php wp_nonce_field('aiowpsec-delete-404-event-records-nonce'); ?>
	@@ -1006,7 +1007,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
1006	</div>
1007
1008	<div class="postbox">
1009	- <h3><label for="title"><?php _e('Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
1010	<div class="inside">
1011	<table class="form-table">
1012	<tr valign="top">


63	*/
64	function render_menu_page()
65	{
66	+ echo '<div class="wrap">';
67	+ echo '<h2>'.__('Firewall','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
68	$this->set_menu_tabs();
69	$tab = $this->get_current_tab();
70	+ $this->render_menu_tabs();
71	+ ?>
72	<div id="poststuff"><div id="post-body">
73	<?php

74	//$tab_keys = array_keys($this->menu_tabs);
75	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
76	?>

154	?>
155
156	<div class="postbox">
157	+ <h3 class="hndle"><label for="title"><?php _e('Basic Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
158	<div class="inside">
159	<?php
160	//Display security info badge

184	</div></div>
185
186	<div class="postbox">
187	+ <h3 class="hndle"><label for="title"><?php _e('WordPress Pingback Vulnerability Protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
188	<div class="inside">
189	<?php
190	//Display security info badge

214	</div></div>
215
216	<div class="postbox">
217	+ <h3 class="hndle"><label for="title"><?php _e('Block Accesss to Debug Log File', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
218	<div class="inside">
219	<?php
220	//Display security info badge

340	<?php wp_nonce_field('aiowpsec-enable-additional-firewall-nonce'); ?>
341
342	<div class="postbox">
343	+ <h3 class="hndle"><label for="title"><?php _e('Listing of Directory Contents', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
344	<div class="inside">
345	<?php
346	//Display security info badge

370	</table>
371	</div></div>
372	<div class="postbox">
373	+ <h3 class="hndle"><label for="title"><?php _e('Trace and Track', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
374	<div class="inside">
375	<?php
376	//Display security info badge

400	</table>
401	</div></div>
402	<div class="postbox">
403	+ <h3 class="hndle"><label for="title"><?php _e('Proxy Comment Posting', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
404	<div class="inside">
405	<?php
406	//Display security info badge

428	</table>
429	</div></div>
430	<div class="postbox">
431	+ <h3 class="hndle"><label for="title"><?php _e('Bad Query Strings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
432	<div class="inside">
433	<?php
434	//Display security info badge

457	</table>
458	</div></div>
459	<div class="postbox">
460	+ <h3 class="hndle"><label for="title"><?php _e('Advanced Character String Filter', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
461	<div class="inside">
462	<?php
463	//Display security info badge

543	</div>
544
545	<div class="postbox">
546	+ <h3 class="hndle"><label for="title"><?php _e('5G Blacklist/Firewall Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
547	<div class="inside">
548	<?php
549	//Display security info badge

635	</div>
636
637	<div class="postbox">
638	+ <h3 class="hndle"><label for="title"><?php _e('Block Fake Googlebots', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
639	<div class="inside">
640	<?php
641	//Display security info badge

708	</div>
709
710	<div class="postbox">
711	+ <h3 class="hndle"><label for="title"><?php _e('Prevent Hotlinking', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
712	<div class="inside">
713	<?php
714	//Display security info badge

836	</div>
837
838	<div class="postbox">
839	+ <h3 class="hndle"><label for="title"><?php _e('404 Detection Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
840	<div class="inside">
841	<?php
842	//Display security info badge

848	<?php wp_nonce_field('aiowpsec-404-detection-nonce'); ?>
849	<table class="form-table">
850	<tr valign="top">
851	+ <th scope="row"><?php _e('Enable 404 IP Detection and Lockout', 'all-in-one-wp-security-and-firewall')?>:</th>
852	<td>
853	<input name="aiowps_enable_404_IP_lockout" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout')=='1') echo ' checked="checked"'; ?> value="1"/>
854	<span class="description"><?php _e('Check this if you want to enable the lockout of selected IP addresses.', 'all-in-one-wp-security-and-firewall'); ?></span>

856	<div class="aiowps_more_info_body">
857	<p class="description">
858	<?php
859	+ _e('When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the "404 Event Logs" table section will be unable to access your site during the time specified.', 'all-in-one-wp-security-and-firewall');
860	?>
861	</p>
862	</div>
863	</td>
864	</tr>
865	+ <!-- currently this option is automatically set when the aiowps_enable_404_IP_lockout feature is turned on
866	<tr valign="top">
867	<th scope="row"><?php _e('Enable 404 Event Logging', 'all-in-one-wp-security-and-firewall')?>:</th>
868	<td>

899	</form>
900	</div></div>
901	<div class="postbox">
902	+ <h3 class="hndle"><label for="title"><?php _e('404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
903	<div class="inside">
904	<?php
905	//Fetch, prepare, sort, and filter our data...

921	</form>
922	</div></div>
923	<div class="postbox">
924	+ <h3 class="hndle"><label for="title"><?php _e('Delete All 404 Event Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
925	<div class="inside">
926	<form action="" method="POST">
927	<?php wp_nonce_field('aiowpsec-delete-404-event-records-nonce'); ?>

1007	</div>
1008
1009	<div class="postbox">
1010	+ <h3 class="hndle"><label for="title"><?php _e('Custom .htaccess Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
1011	<div class="inside">
1012	<table class="form-table">
1013	<tr valign="top">

admin/wp-security-list-comment-spammer-ip.php CHANGED Viewed

	@@ -175,8 +175,9 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
175	AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
176	}
177	}
178	-
179	- function prepare_items() {

180	//First, lets decide how many records per page to show
181	$per_page = 20;
182	$columns = $this->get_columns();
	@@ -184,26 +185,26 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
184	$sortable = $this->get_sortable_columns();
185
186	$this->_column_headers = array($columns, $hidden, $sortable);
187	-
188	$this->process_bulk_action();
189	-
190	- global $wpdb;
191	global $aio_wp_security;
192	$minimum_comments_per_ip = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
193	- if(empty($minimum_comments_per_ip)){
194	$minimum_comments_per_ip = 5;
195	}
196	/* -- Ordering parameters -- */
197	- //Parameters that are going to be used to order the result
198	- isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]): $orderby = '';
199	- isset($_GET["order"]) ? $order = strip_tags($_GET["order"]): $order = '';
200	-
201	- $orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
202	- $order = !empty($order) ? esc_sql($order) : 'DESC';
203
204	$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
205	$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
206	-
207	$sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
208	FROM $wpdb->comments
209	WHERE comment_approved = 'spam'
	@@ -214,12 +215,12 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
214	$data = $wpdb->get_results($sql, ARRAY_A);
215	$current_page = $this->get_pagenum();
216	$total_items = count($data);
217	- $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
218	$this->items = $data;
219	- $this->set_pagination_args( array(
220	'total_items' => $total_items, //WE have to calculate the total number of items
221	- 'per_page' => $per_page, //WE have to determine how many items to show on a page
222	- 'total_pages' => ceil($total_items/$per_page) //WE have to calculate the total number of pages
223	));
224	}
225	}


175	AIOWPSecurity_Admin_Menu::show_msg_updated_st($info_msg);
176	}
177	}
178	+
179	+ function prepare_items()
180	+ {
181	//First, lets decide how many records per page to show
182	$per_page = 20;
183	$columns = $this->get_columns();

185	$sortable = $this->get_sortable_columns();
186
187	$this->_column_headers = array($columns, $hidden, $sortable);
188	+
189	$this->process_bulk_action();
190	+
191	+ global $wpdb;
192	global $aio_wp_security;
193	$minimum_comments_per_ip = $aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments');
194	+ if (empty($minimum_comments_per_ip)) {
195	$minimum_comments_per_ip = 5;
196	}
197	/* -- Ordering parameters -- */
198	+ //Parameters that are going to be used to order the result
199	+ isset($_GET["orderby"]) ? $orderby = strip_tags($_GET["orderby"]) : $orderby = '';
200	+ isset($_GET["order"]) ? $order = strip_tags($_GET["order"]) : $order = '';
201	+
202	+ $orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
203	+ $order = !empty($order) ? esc_sql($order) : 'DESC';
204
205	$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
206	$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
207	+
208	$sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
209	FROM $wpdb->comments
210	WHERE comment_approved = 'spam'

215	$data = $wpdb->get_results($sql, ARRAY_A);
216	$current_page = $this->get_pagenum();
217	$total_items = count($data);
218	+ $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
219	$this->items = $data;
220	+ $this->set_pagination_args(array(
221	'total_items' => $total_items, //WE have to calculate the total number of items
222	+ 'per_page' => $per_page, //WE have to determine how many items to show on a page
223	+ 'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
224	));
225	}
226	}

admin/wp-security-list-registered-users.php CHANGED Viewed

	@@ -135,6 +135,10 @@ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
135	$from_name = empty($site_title)?'WordPress':$site_title;
136	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
137	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);




138	}
139	}
140	}
	@@ -161,6 +165,10 @@ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
161	$from_name = empty($site_title)?'WordPress':$site_title;
162	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
163	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);




164
165	}else if($result === false){
166	$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);


135	$from_name = empty($site_title)?'WordPress':$site_title;
136	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
137	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
138	+ if(FALSE === $sendMail){
139	+ $aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to ".$to_email_address,4);
140	+ }
141	+
142	}
143	}
144	}

165	$from_name = empty($site_title)?'WordPress':$site_title;
166	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
167	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
168	+ if(FALSE === $sendMail){
169	+ $aio_wp_security->debug_logger->log_debug("Manual account approval notification email failed to send to ".$to_email_address,4);
170	+ }
171	+
172
173	}else if($result === false){
174	$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_List_Registered_Users::approve_selected_accounts() - could not approve account ID: $user_id",4);

admin/wp-security-maintenance-menu.php CHANGED Viewed

	@@ -51,13 +51,14 @@ class AIOWPSecurity_Maintenance_Menu extends AIOWPSecurity_Admin_Menu
51	*/
52	function render_menu_page()
53	{


54	$this->set_menu_tabs();
55	$tab = $this->get_current_tab();
56	- ?>
57	- ~~<div class="wrap">~~
58	<div id="poststuff"><div id="post-body">
59	<?php
60	- $this->render_menu_tabs();
61	//$tab_keys = array_keys($this->menu_tabs);
62	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
63	?>
	@@ -90,7 +91,7 @@ class AIOWPSecurity_Maintenance_Menu extends AIOWPSecurity_Admin_Menu
90	}
91	?>
92	<div class="postbox">
93	- <h3><label for="title"><?php _e('General Visitor Lockout', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
94	<div class="inside">
95	<form action="" method="POST">
96	<?php wp_nonce_field('aiowpsec-site-lockout'); ?>


51	*/
52	function render_menu_page()
53	{
54	+ echo '<div class="wrap">';
55	+ echo '<h2>'.__('Maintenance','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
56	$this->set_menu_tabs();
57	$tab = $this->get_current_tab();
58	+ $this->render_menu_tabs();
59	+ ?>
60	<div id="poststuff"><div id="post-body">
61	<?php

62	//$tab_keys = array_keys($this->menu_tabs);
63	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
64	?>

91	}
92	?>
93	<div class="postbox">
94	+ <h3 class="hndle"><label for="title"><?php _e('General Visitor Lockout', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
95	<div class="inside">
96	<form action="" method="POST">
97	<?php wp_nonce_field('aiowpsec-site-lockout'); ?>

admin/wp-security-misc-options-menu.php CHANGED Viewed

	@@ -10,6 +10,7 @@ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
10	var $menu_tabs_handler = array(
11	'tab1' => 'render_tab1',
12	'tab2' => 'render_tab2',

13	);
14
15	function __construct()
	@@ -22,6 +23,7 @@ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
22	$this->menu_tabs = array(
23	'tab1' => __('Copy Protection', 'all-in-one-wp-security-and-firewall'),
24	'tab2' => __('Frames', 'all-in-one-wp-security-and-firewall'),

25	);
26	}
27
	@@ -53,13 +55,14 @@ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
53	*/
54	function render_menu_page()
55	{


56	$this->set_menu_tabs();
57	$tab = $this->get_current_tab();
58	- ?>
59	- ~~<div class="wrap">~~
60	<div id="poststuff"><div id="post-body">
61	<?php
62	- $this->render_menu_tabs();
63	//$tab_keys = array_keys($this->menu_tabs);
64	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
65	?>
	@@ -90,7 +93,7 @@ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
90	}
91	?>
92	<div class="postbox">
93	- <h3><label for="title"><?php _e('Disable The Ability To Copy Text', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
94	<div class="inside">
95	<form action="" method="POST">
96	<?php wp_nonce_field('aiowpsec-copy-protection'); ?>
	@@ -140,7 +143,7 @@ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
140	}
141	?>
142	<div class="postbox">
143	- <h3><label for="title"><?php _e('Prevent Your Site From Being Displayed In a Frame', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
144	<div class="inside">
145	<form action="" method="POST">
146	<?php wp_nonce_field('aiowpsec-prevent-display-frame'); ?>
	@@ -169,4 +172,56 @@ class AIOWPSecurity_Misc_Options_Menu extends AIOWPSecurity_Admin_Menu
169	<?php
170	}
171
172	- } ~~//end class~~


10	var $menu_tabs_handler = array(
11	'tab1' => 'render_tab1',
12	'tab2' => 'render_tab2',
13	+ 'tab3' => 'render_tab3',
14	);
15
16	function __construct()

23	$this->menu_tabs = array(
24	'tab1' => __('Copy Protection', 'all-in-one-wp-security-and-firewall'),
25	'tab2' => __('Frames', 'all-in-one-wp-security-and-firewall'),
26	+ 'tab3' => __('Users Enumeration', 'all-in-one-wp-security-and-firewall'),
27	);
28	}
29

55	*/
56	function render_menu_page()
57	{
58	+ echo '<div class="wrap">';
59	+ echo '<h2>'.__('Miscellaneous','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
60	$this->set_menu_tabs();
61	$tab = $this->get_current_tab();
62	+ $this->render_menu_tabs();
63	+ ?>
64	<div id="poststuff"><div id="post-body">
65	<?php

66	//$tab_keys = array_keys($this->menu_tabs);
67	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
68	?>

93	}
94	?>
95	<div class="postbox">
96	+ <h3 class="hndle"><label for="title"><?php _e('Disable The Ability To Copy Text', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
97	<div class="inside">
98	<form action="" method="POST">
99	<?php wp_nonce_field('aiowpsec-copy-protection'); ?>

143	}
144	?>
145	<div class="postbox">
146	+ <h3 class="hndle"><label for="title"><?php _e('Prevent Your Site From Being Displayed In a Frame', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
147	<div class="inside">
148	<form action="" method="POST">
149	<?php wp_nonce_field('aiowpsec-prevent-display-frame'); ?>

172	<?php
173	}
174
175	+ function render_tab3()
176	+ {
177	+ global $aio_wp_security;
178	+ $maint_msg = '';
179	+ if(isset($_POST['aiowpsec_save_users_enumeration']))
180	+ {
181	+ $nonce=$_REQUEST['_wpnonce'];
182	+ if (!wp_verify_nonce($nonce, 'aiowpsec-users-enumeration'))
183	+ {
184	+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on prevent users enumeration feature settings save!",4);
185	+ die("Nonce check failed on prevent users enumeration frame feature settings save!");
186	+ }
187	+
188	+ //Save settings
189	+ $aio_wp_security->configs->set_value('aiowps_prevent_users_enumeration',isset($_POST["aiowps_prevent_users_enumeration"])?'1':'');
190	+ $aio_wp_security->configs->save_config();
191	+
192	+ $this->show_msg_updated(__('Users Enumeration Prevention feature settings saved!', 'all-in-one-wp-security-and-firewall'));
193	+
194	+ }
195	+ ?>
196	+ <div class="postbox">
197	+ <h3 class="hndle"><label for="title"><?php _e('Prevent Users Enumeration', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
198	+ <div class="inside">
199	+ <form action="" method="POST">
200	+ <?php wp_nonce_field('aiowpsec-users-enumeration'); ?>
201	+ <div class="aio_blue_box">
202	+ <?php
203	+ echo '<p>'.__('This feature allows you to prevent external users/bots from fetching the user info with urls like "/?author=1".', 'all-in-one-wp-security-and-firewall').'</p>';
204	+ echo '<p>'.__('When enabled, this feature will print a "forbidden" error rather than the user information.', 'all-in-one-wp-security-and-firewall').'</p>';
205	+ ?>
206	+ </div>
207	+ <table class="form-table">
208	+ <tr valign="top">
209	+ <th scope="row"><?php _e('Disable Users Enumeration', 'all-in-one-wp-security-and-firewall')?>:</th>
210	+ <td>
211	+ <input name="aiowps_prevent_users_enumeration" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_prevent_users_enumeration')=='1') echo ' checked="checked"'; ?> value="1"/>
212	+ <span class="description"><?php _e('Check this if you want to stop users enumeration.', 'all-in-one-wp-security-and-firewall'); ?></span>
213	+ </td>
214	+ </tr>
215	+
216	+ </table>
217	+
218	+ <div class="submit">
219	+ <input type="submit" class="button-primary" name="aiowpsec_save_users_enumeration" value="<?php _e('Save Settings'); ?>" />
220	+ </div>
221	+ </form>
222	+ </div></div>
223	+ <?php
224	+ }
225	+
226	+
227	+ } //end class

admin/wp-security-settings-menu.php CHANGED Viewed

	@@ -59,13 +59,14 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
59	*/
60	function render_menu_page()
61	{


62	$this->set_menu_tabs();
63	$tab = $this->get_current_tab();
64	- ?>
65	- ~~<div class="wrap">~~
66	<div id="poststuff"><div id="post-body">
67	<?php
68	- $this->render_menu_tabs();
69	//$tab_keys = array_keys($this->menu_tabs);
70	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
71	?>
	@@ -128,6 +129,21 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
128	$this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
129	}
130	}















131	?>
132	<div class="aio_grey_box">
133	<p>For information, updates and documentation, please visit the <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> Page.</p>
	@@ -135,7 +151,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
135	</div>
136
137	<div class="postbox">
138	- <h3><label for="title"><?php _e('WP Security Plugin', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
139	<div class="inside">
140	<p><?php _e('Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
141	<p><?php _e('Go through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.', 'all-in-one-wp-security-and-firewall'); ?></p>
	@@ -147,10 +163,11 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
147	<li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
148	</ul>
149	</p>
150	- </div~~></div~~>

151
152	<div class="postbox">
153	- <h3><label for="title"><?php _e('Disable Security Features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
154	<div class="inside">
155	<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">
156	<?php wp_nonce_field('aiowpsec-disable-all-features'); ?>
	@@ -163,10 +180,11 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
163	<input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable All Security Features'); ?>" />
164	</div>
165	</form>
166	- </div~~></div~~>

167
168	<div class="postbox">
169	- <h3><label for="title"><?php _e('Disable All Firewall Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
170	<div class="inside">
171	<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">
172	<?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?>
	@@ -179,7 +197,33 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
179	<input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable All Firewall Rules'); ?>" />
180	</div>
181	</form>
182	- </div~~></div~~>


























183	<?php
184	}
185
	@@ -283,7 +327,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
283	{
284	?>
285	<div class="postbox">
286	- <h3><label for="title"><?php _e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
287	<div class="inside">
288	<form action="" method="POST">
289	<?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?>
	@@ -292,7 +336,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
292	</form>
293	</div></div>
294	<div class="postbox">
295	- <h3><label for="title"><?php _e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
296	<div class="inside">
297	<form action="" method="POST">
298	<?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?>
	@@ -314,7 +358,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
314	</form>
315	</div></div>
316	<div class="postbox">
317	- <h3><label for="title"><?php _e('View Contents of the currently active .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
318	<div class="inside">
319	<?php
320	$ht_file = ABSPATH . '.htaccess';
	@@ -394,7 +438,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
394	{
395	?>
396	<div class="postbox">
397	- <h3><label for="title"><?php _e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
398	<div class="inside">
399	<form action="" method="POST">
400	<?php wp_nonce_field('aiowpsec-save-wp-config-nonce'); ?>
	@@ -404,7 +448,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
404	</form>
405	</div></div>
406	<div class="postbox">
407	- <h3><label for="title"><?php _e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
408	<div class="inside">
409	<form action="" method="POST">
410	<?php wp_nonce_field('aiowpsec-restore-wp-config-nonce'); ?>
	@@ -426,7 +470,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
426	</form>
427	</div></div>
428	<div class="postbox">
429	- <h3><label for="title"><?php _e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
430	<div class="inside">
431	<?php
432	$wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
	@@ -473,7 +517,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
473	</div>
474
475	<div class="postbox">
476	- <h3><label for="title"><?php _e('WP Generator Meta Info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
477	<div class="inside">
478	<?php
479	//Display security info badge
	@@ -623,7 +667,7 @@ function render_tab5()
623	</div>
624
625	<div class="postbox">
626	- <h3><label for="title"><?php _e('Export AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
627	<div class="inside">
628	<form action="" method="POST">
629	<?php wp_nonce_field('aiowpsec-export-settings-nonce'); ?>
	@@ -636,7 +680,7 @@ function render_tab5()
636	</form>
637	</div></div>
638	<div class="postbox">
639	- <h3><label for="title"><?php _e('Import AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
640	<div class="inside">
641	<form action="" method="POST">
642	<?php wp_nonce_field('aiowpsec-import-settings-nonce'); ?>


59	*/
60	function render_menu_page()
61	{
62	+ echo '<div class="wrap">';
63	+ echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
64	$this->set_menu_tabs();
65	$tab = $this->get_current_tab();
66	+ $this->render_menu_tabs();
67	+ ?>
68	<div id="poststuff"><div id="post-body">
69	<?php

70	//$tab_keys = array_keys($this->menu_tabs);
71	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
72	?>

129	$this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
130	}
131	}
132	+
133	+ if(isset($_POST['aiowps_save_debug_settings']))//Do form submission tasks
134	+ {
135	+ $nonce=$_REQUEST['_wpnonce'];
136	+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-debug-settings'))
137	+ {
138	+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save debug settings!",4);
139	+ die("Nonce check failed on save debug settings!");
140	+ }
141	+
142	+ $aio_wp_security->configs->set_value('aiowps_enable_debug',isset($_POST["aiowps_enable_debug"])?'1':'');
143	+ $aio_wp_security->configs->save_config();
144	+ $this->show_msg_settings_updated();
145	+ }
146	+
147	?>
148	<div class="aio_grey_box">
149	<p>For information, updates and documentation, please visit the <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> Page.</p>

151	</div>
152
153	<div class="postbox">
154	+ <h3 class="hndle"><label for="title"><?php _e('WP Security Plugin', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
155	<div class="inside">
156	<p><?php _e('Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
157	<p><?php _e('Go through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.', 'all-in-one-wp-security-and-firewall'); ?></p>

163	<li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
164	</ul>
165	</p>
166	+ </div>
167	+ </div> <!-- end postbox-->
168
169	<div class="postbox">
170	+ <h3 class="hndle"><label for="title"><?php _e('Disable Security Features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
171	<div class="inside">
172	<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">
173	<?php wp_nonce_field('aiowpsec-disable-all-features'); ?>

180	<input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable All Security Features'); ?>" />
181	</div>
182	</form>
183	+ </div>
184	+ </div> <!-- end postbox-->
185
186	<div class="postbox">
187	+ <h3 class="hndle"><label for="title"><?php _e('Disable All Firewall Rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
188	<div class="inside">
189	<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">
190	<?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?>

197	<input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable All Firewall Rules'); ?>" />
198	</div>
199	</form>
200	+ </div>
201	+ </div> <!-- end postbox-->
202	+
203	+ <div class="postbox">
204	+ <h3 class="hndle"><label for="title"><?php _e('Debug Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
205	+ <div class="inside">
206	+ <form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">
207	+ <?php wp_nonce_field('aiowpsec-save-debug-settings'); ?>
208	+ <div class="aio_blue_box">
209	+ <?php
210	+ echo '<p>'.__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
211	+ ?>
212	+ </div>
213	+
214	+ <table class="form-table">
215	+ <tr valign="top">
216	+ <th scope="row"><?php _e('Enable Debug', 'all-in-one-wp-security-and-firewall')?>:</th>
217	+ <td>
218	+ <input name="aiowps_enable_debug" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_debug')=='1') echo ' checked="checked"'; ?> value="1"/>
219	+ <span class="description"><?php _e('Check this if you want to enable debug', 'all-in-one-wp-security-and-firewall'); ?></span>
220	+ </td>
221	+ </tr>
222	+ </table>
223	+ <input type="submit" name="aiowps_save_debug_settings" value="<?php _e('Save Debug Settings', 'all-in-one-wp-security-and-firewall')?>" class="button" />
224	+ </form>
225	+ </div>
226	+ </div> <!-- end postbox-->
227	<?php
228	}
229

327	{
328	?>
329	<div class="postbox">
330	+ <h3 class="hndle"><label for="title"><?php _e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
331	<div class="inside">
332	<form action="" method="POST">
333	<?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?>

336	</form>
337	</div></div>
338	<div class="postbox">
339	+ <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
340	<div class="inside">
341	<form action="" method="POST">
342	<?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?>

358	</form>
359	</div></div>
360	<div class="postbox">
361	+ <h3 class="hndle"><label for="title"><?php _e('View Contents of the currently active .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
362	<div class="inside">
363	<?php
364	$ht_file = ABSPATH . '.htaccess';

438	{
439	?>
440	<div class="postbox">
441	+ <h3 class="hndle"><label for="title"><?php _e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
442	<div class="inside">
443	<form action="" method="POST">
444	<?php wp_nonce_field('aiowpsec-save-wp-config-nonce'); ?>

448	</form>
449	</div></div>
450	<div class="postbox">
451	+ <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
452	<div class="inside">
453	<form action="" method="POST">
454	<?php wp_nonce_field('aiowpsec-restore-wp-config-nonce'); ?>

470	</form>
471	</div></div>
472	<div class="postbox">
473	+ <h3 class="hndle"><label for="title"><?php _e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
474	<div class="inside">
475	<?php
476	$wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();

517	</div>
518
519	<div class="postbox">
520	+ <h3 class="hndle"><label for="title"><?php _e('WP Generator Meta Info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
521	<div class="inside">
522	<?php
523	//Display security info badge

667	</div>
668
669	<div class="postbox">
670	+ <h3 class="hndle"><label for="title"><?php _e('Export AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
671	<div class="inside">
672	<form action="" method="POST">
673	<?php wp_nonce_field('aiowpsec-export-settings-nonce'); ?>

680	</form>
681	</div></div>
682	<div class="postbox">
683	+ <h3 class="hndle"><label for="title"><?php _e('Import AIOWPS Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
684	<div class="inside">
685	<form action="" method="POST">
686	<?php wp_nonce_field('aiowpsec-import-settings-nonce'); ?>

admin/wp-security-spam-menu.php CHANGED Viewed

	@@ -55,13 +55,14 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
55	*/
56	function render_menu_page()
57	{


58	$this->set_menu_tabs();
59	$tab = $this->get_current_tab();
60	- ?>
61	- ~~<div class="wrap">~~
62	<div id="poststuff"><div id="post-body">
63	<?php
64	- $this->render_menu_tabs();
65	//$tab_keys = array_keys($this->menu_tabs);
66	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
67	?>
	@@ -115,7 +116,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
115	<?php wp_nonce_field('aiowpsec-comment-spam-settings-nonce'); ?>
116
117	<div class="postbox">
118	- <h3><label for="title"><?php _e('Add Captcha To Comments Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
119	<div class="inside">
120	<div class="aio_blue_box">
121	<?php
	@@ -139,7 +140,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
139	</div></div>
140
141	<div class="postbox">
142	- <h3><label for="title"><?php _e('Block Spambot Comments', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
143	<div class="inside">
144	<div class="aio_blue_box">
145	<?php
	@@ -241,7 +242,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
241	?>
242	</div>
243	<div class="postbox">
244	- <h3><label for="title"><?php _e('List SPAMMER IP Addresses', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
245	<div class="inside">
246	<form action="" method="POST">
247	<?php wp_nonce_field('aiowpsec-spammer-ip-list-nonce'); ?>
	@@ -265,7 +266,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
265	</form>
266	</div></div>
267	<div class="postbox">
268	- <h3><label for="title"><?php _e('SPAMMER IP Address Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
269	<div class="inside">
270	<?php
271	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)
	@@ -323,7 +324,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
323	<?php wp_nonce_field('aiowpsec-bp-spam-settings-nonce'); ?>
324
325	<div class="postbox">
326	- <h3><label for="title"><?php _e('Add Captcha To BuddyPress Registration Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
327	<div class="inside">
328	<div class="aio_blue_box">
329	<?php


55	*/
56	function render_menu_page()
57	{
58	+ echo '<div class="wrap">';
59	+ echo '<h2>'.__('SPAM Prevention','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
60	$this->set_menu_tabs();
61	$tab = $this->get_current_tab();
62	+ $this->render_menu_tabs();
63	+ ?>
64	<div id="poststuff"><div id="post-body">
65	<?php

66	//$tab_keys = array_keys($this->menu_tabs);
67	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
68	?>

116	<?php wp_nonce_field('aiowpsec-comment-spam-settings-nonce'); ?>
117
118	<div class="postbox">
119	+ <h3 class="hndle"><label for="title"><?php _e('Add Captcha To Comments Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
120	<div class="inside">
121	<div class="aio_blue_box">
122	<?php

140	</div></div>
141
142	<div class="postbox">
143	+ <h3 class="hndle"><label for="title"><?php _e('Block Spambot Comments', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
144	<div class="inside">
145	<div class="aio_blue_box">
146	<?php

242	?>
243	</div>
244	<div class="postbox">
245	+ <h3 class="hndle"><label for="title"><?php _e('List SPAMMER IP Addresses', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
246	<div class="inside">
247	<form action="" method="POST">
248	<?php wp_nonce_field('aiowpsec-spammer-ip-list-nonce'); ?>

266	</form>
267	</div></div>
268	<div class="postbox">
269	+ <h3 class="hndle"><label for="title"><?php _e('SPAMMER IP Address Results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
270	<div class="inside">
271	<?php
272	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)

324	<?php wp_nonce_field('aiowpsec-bp-spam-settings-nonce'); ?>
325
326	<div class="postbox">
327	+ <h3 class="hndle"><label for="title"><?php _e('Add Captcha To BuddyPress Registration Form', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
328	<div class="inside">
329	<div class="aio_blue_box">
330	<?php

admin/wp-security-user-accounts-menu.php CHANGED Viewed

	@@ -13,7 +13,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
13	);
14	function __construct()
15	{
16	- $this->~~render_user_account_menu_page~~();
17
18	//Add the JS library for password tool - make sure we are on our password tab
19	if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_USER_ACCOUNTS_MENU_SLUG ) !== false) {
	@@ -58,15 +58,16 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
58	/*
59	* The menu rendering goes here
60	*/
61	- function ~~render_user_account_menu_page~~()
62	{


63	$this->set_menu_tabs();
64	$tab = $this->get_current_tab();
65	- ?>
66	- <div class="wrap">
67	- <div id="poststuff"><div id="post-body">
68	- <?php
69	$this->render_menu_tabs();



70	//$tab_keys = array_keys($this->menu_tabs);
71	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
72	?>
	@@ -104,7 +105,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
104	}
105	?>
106	<div class="postbox">
107	- <h3><label for="title"><?php _e('Change Admin Username', 'all-in-one-wp-security-and-firewall')?></label></h3>
108	<div class="inside">
109	<?php
110	global $aiowps_feature_mgr;
	@@ -162,7 +163,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
162	</div>
163
164	<div class="postbox">
165	- <h3><label for="title"><?php _e('Modify Accounts With Identical Login Name & Display Name', 'all-in-one-wp-security-and-firewall')?></label></h3>
166	<div class="inside">
167	<?php
168	global $aiowps_feature_mgr;
	@@ -210,7 +211,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
210	</div>
211
212	<div class="postbox">
213	- <h3><label for="title"><?php _e('Password Strength Tool', 'all-in-one-wp-security-and-firewall')?></label></h3>
214	<div class="inside">
215	<div class="aio_grey_box aio_half_width"><p>This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.</p></div>
216	<div class="aiowps_password_tool_field">


13	);
14	function __construct()
15	{
16	+ $this->render_menu_page();
17
18	//Add the JS library for password tool - make sure we are on our password tab
19	if (isset($_GET['page']) && strpos($_GET['page'], AIOWPSEC_USER_ACCOUNTS_MENU_SLUG ) !== false) {

58	/*
59	* The menu rendering goes here
60	*/
61	+ function render_menu_page()
62	{
63	+ echo '<div class="wrap">';
64	+ echo '<h2>'.__('User Accounts','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
65	$this->set_menu_tabs();
66	$tab = $this->get_current_tab();




67	$this->render_menu_tabs();
68	+ ?>
69	+ <div id="poststuff"><div id="post-body">
70	+ <?php
71	//$tab_keys = array_keys($this->menu_tabs);
72	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
73	?>

105	}
106	?>
107	<div class="postbox">
108	+ <h3 class="hndle"><label for="title"><?php _e('Change Admin Username', 'all-in-one-wp-security-and-firewall')?></label></h3>
109	<div class="inside">
110	<?php
111	global $aiowps_feature_mgr;

163	</div>
164
165	<div class="postbox">
166	+ <h3 class="hndle"><label for="title"><?php _e('Modify Accounts With Identical Login Name & Display Name', 'all-in-one-wp-security-and-firewall')?></label></h3>
167	<div class="inside">
168	<?php
169	global $aiowps_feature_mgr;

211	</div>
212
213	<div class="postbox">
214	+ <h3 class="hndle"><label for="title"><?php _e('Password Strength Tool', 'all-in-one-wp-security-and-firewall')?></label></h3>
215	<div class="inside">
216	<div class="aio_grey_box aio_half_width"><p>This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.</p></div>
217	<div class="aiowps_password_tool_field">

admin/wp-security-user-login-menu.php CHANGED Viewed

	@@ -16,7 +16,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
16
17	function __construct()
18	{
19	- $this->~~render_user_login_menu_page~~();
20	}
21
22	function set_menu_tabs()
	@@ -56,15 +56,16 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
56	/*
57	* The menu rendering goes here
58	*/
59	- function ~~render_user_login_menu_page~~()
60	{


61	$this->set_menu_tabs();
62	$tab = $this->get_current_tab();
63	- ?>
64	- <div class="wrap">
65	- <div id="poststuff"><div id="post-body">
66	- <?php
67	$this->render_menu_tabs();



68	//$tab_keys = array_keys($this->menu_tabs);
69	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
70	?>
	@@ -168,7 +169,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
168	</div>
169
170	<div class="postbox">
171	- <h3><label for="title"><?php _e('Login Lockdown Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
172	<div class="inside">
173	<?php
174	//Display security info badge
	@@ -240,7 +241,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
240	</form>
241	</div></div>
242	<div class="postbox">
243	- <h3><label for="title"><?php _e('Currently Locked Out IP Address Ranges', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
244	<div class="inside">
245	<div class="aio_blue_box aio_width_80">
246	<?php
	@@ -295,7 +296,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
295	?>
296	</div>
297	<div class="postbox">
298	- <h3><label for="title"><?php _e('Failed Login Records', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
299	<div class="inside">
300	<?php
301	//Fetch, prepare, sort, and filter our data...
	@@ -311,7 +312,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
311	</form>
312	</div></div>
313	<div class="postbox">
314	- <h3><label for="title"><?php _e('Delete All Failed Login Records', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
315	<div class="inside">
316	<form action="" method="POST">
317	<?php wp_nonce_field('aiowpsec-delete-failed-login-records-nonce'); ?>
	@@ -379,7 +380,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
379	?>
380	</div>
381	<div class="postbox">
382	- <h3><label for="title"><?php _e('Force User Logout Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
383	<div class="inside">
384	<?php
385	//Display security info badge
	@@ -429,7 +430,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
429	?>
430	</div>
431	<div class="postbox">
432	- <h3><label for="title"><?php _e('Account Activity Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
433	<div class="inside">
434	<?php
435	//Fetch, prepare, sort, and filter our data...
	@@ -475,7 +476,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
475
476	?>
477	<div class="postbox">
478	- <h3><label for="title"><?php _e('Refresh Logged In User Data', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
479	<div class="inside">
480	<form action="" method="POST">
481	<?php wp_nonce_field('aiowpsec-logged-in-users-nonce'); ?>
	@@ -492,7 +493,7 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
492	?>
493	</div>
494	<div class="postbox">
495	- <h3><label for="title"><?php _e('Currently Logged In Users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
496	<div class="inside">
497	<?php
498	//Fetch, prepare, sort, and filter our data...


16
17	function __construct()
18	{
19	+ $this->render_menu_page();
20	}
21
22	function set_menu_tabs()

56	/*
57	* The menu rendering goes here
58	*/
59	+ function render_menu_page()
60	{
61	+ echo '<div class="wrap">';
62	+ echo '<h2>'.__('User Login','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
63	$this->set_menu_tabs();
64	$tab = $this->get_current_tab();




65	$this->render_menu_tabs();
66	+ ?>
67	+ <div id="poststuff"><div id="post-body">
68	+ <?php
69	//$tab_keys = array_keys($this->menu_tabs);
70	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
71	?>

169	</div>
170
171	<div class="postbox">
172	+ <h3 class="hndle"><label for="title"><?php _e('Login Lockdown Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
173	<div class="inside">
174	<?php
175	//Display security info badge

241	</form>
242	</div></div>
243	<div class="postbox">
244	+ <h3 class="hndle"><label for="title"><?php _e('Currently Locked Out IP Address Ranges', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
245	<div class="inside">
246	<div class="aio_blue_box aio_width_80">
247	<?php

296	?>
297	</div>
298	<div class="postbox">
299	+ <h3 class="hndle"><label for="title"><?php _e('Failed Login Records', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
300	<div class="inside">
301	<?php
302	//Fetch, prepare, sort, and filter our data...

312	</form>
313	</div></div>
314	<div class="postbox">
315	+ <h3 class="hndle"><label for="title"><?php _e('Delete All Failed Login Records', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
316	<div class="inside">
317	<form action="" method="POST">
318	<?php wp_nonce_field('aiowpsec-delete-failed-login-records-nonce'); ?>

380	?>
381	</div>
382	<div class="postbox">
383	+ <h3 class="hndle"><label for="title"><?php _e('Force User Logout Options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
384	<div class="inside">
385	<?php
386	//Display security info badge

430	?>
431	</div>
432	<div class="postbox">
433	+ <h3 class="hndle"><label for="title"><?php _e('Account Activity Logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
434	<div class="inside">
435	<?php
436	//Fetch, prepare, sort, and filter our data...

476
477	?>
478	<div class="postbox">
479	+ <h3 class="hndle"><label for="title"><?php _e('Refresh Logged In User Data', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
480	<div class="inside">
481	<form action="" method="POST">
482	<?php wp_nonce_field('aiowpsec-logged-in-users-nonce'); ?>

493	?>
494	</div>
495	<div class="postbox">
496	+ <h3 class="hndle"><label for="title"><?php _e('Currently Logged In Users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
497	<div class="inside">
498	<?php
499	//Fetch, prepare, sort, and filter our data...

admin/wp-security-user-registration-menu.php CHANGED Viewed

	@@ -53,13 +53,14 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
53	*/
54	function render_menu_page()
55	{


56	$this->set_menu_tabs();
57	$tab = $this->get_current_tab();
58	- ?>
59	- ~~<div class="wrap">~~
60	<div id="poststuff"><div id="post-body">
61	<?php
62	- $this->render_menu_tabs();
63	//$tab_keys = array_keys($this->menu_tabs);
64	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
65	?>
	@@ -113,7 +114,7 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
113	<form action="" method="POST">
114	<?php wp_nonce_field('aiowpsec-user-registration-settings-nonce'); ?>
115	<div class="postbox">
116	- <h3><label for="title"><?php _e('Manually Approve New Registrations', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
117	<div class="inside">
118	<div class="aio_blue_box">
119	<?php
	@@ -147,7 +148,7 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
147	</div></div>
148	</form>
149	<div class="postbox">
150	- <h3><label for="title"><?php _e('Approve Registered Users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
151	<div class="inside">
152	<?php
153	//Fetch, prepare, sort, and filter our data...
	@@ -199,7 +200,7 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
199	?>
200	</div>
201	<div class="postbox">
202	- <h3><label for="title"><?php _e('Registration Page Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
203	<div class="inside">
204	<?php
205	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)


53	*/
54	function render_menu_page()
55	{
56	+ echo '<div class="wrap">';
57	+ echo '<h2>'.__('User Registration','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
58	$this->set_menu_tabs();
59	$tab = $this->get_current_tab();
60	+ $this->render_menu_tabs();
61	+ ?>
62	<div id="poststuff"><div id="post-body">
63	<?php

64	//$tab_keys = array_keys($this->menu_tabs);
65	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
66	?>

114	<form action="" method="POST">
115	<?php wp_nonce_field('aiowpsec-user-registration-settings-nonce'); ?>
116	<div class="postbox">
117	+ <h3 class="hndle"><label for="title"><?php _e('Manually Approve New Registrations', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
118	<div class="inside">
119	<div class="aio_blue_box">
120	<?php

148	</div></div>
149	</form>
150	<div class="postbox">
151	+ <h3 class="hndle"><label for="title"><?php _e('Approve Registered Users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
152	<div class="inside">
153	<?php
154	//Fetch, prepare, sort, and filter our data...

200	?>
201	</div>
202	<div class="postbox">
203	+ <h3 class="hndle"><label for="title"><?php _e('Registration Page Captcha Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204	<div class="inside">
205	<?php
206	if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1)

admin/wp-security-whois-menu.php CHANGED Viewed

	@@ -51,13 +51,14 @@ class AIOWPSecurity_WhoIs_Menu extends AIOWPSecurity_Admin_Menu
51	*/
52	function render_menu_page()
53	{


54	$this->set_menu_tabs();
55	$tab = $this->get_current_tab();
56	- ?>
57	- ~~<div class="wrap">~~
58	<div id="poststuff"><div id="post-body">
59	<?php
60	- $this->render_menu_tabs();
61	//$tab_keys = array_keys($this->menu_tabs);
62	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
63	?>
	@@ -80,7 +81,7 @@ class AIOWPSecurity_WhoIs_Menu extends AIOWPSecurity_Admin_Menu
80	</div>
81
82	<div class="postbox">
83	- <h3><label for="title"><?php _e('Perform a WHOIS Lookup for an IP or Domain Name', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
84	<div class="inside">
85	<form action="" method="POST">
86	<?php wp_nonce_field('aiowpsec-whois-lookup-nonce'); ?>
	@@ -108,6 +109,7 @@ class AIOWPSecurity_WhoIs_Menu extends AIOWPSecurity_Admin_Menu
108	require_once(AIO_WP_SECURITY_LIB_PATH.'/whois/whois.main.php');
109	require_once(AIO_WP_SECURITY_LIB_PATH.'/whois/whois.utils.php');
110	$input_val = trim($_POST['aiowps_whois_lookup_field']);

111	if (filter_var($input_val, FILTER_VALIDATE_IP) \|\| filter_var(gethostbyname($input_val), FILTER_VALIDATE_IP))
112	{
113	//$info_msg_string = '<p class="aio_info_with_icon">'.sprintf( __('WHOIS lookup successfully completed. Please see the results below:', 'all-in-one-wp-security-and-firewall')).'</p>';


51	*/
52	function render_menu_page()
53	{
54	+ echo '<div class="wrap">';
55	+ echo '<h2>'.__('WHOIS Lookup','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
56	$this->set_menu_tabs();
57	$tab = $this->get_current_tab();
58	+ $this->render_menu_tabs();
59	+ ?>
60	<div id="poststuff"><div id="post-body">
61	<?php

62	//$tab_keys = array_keys($this->menu_tabs);
63	call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
64	?>

81	</div>
82
83	<div class="postbox">
84	+ <h3 class="hndle"><label for="title"><?php _e('Perform a WHOIS Lookup for an IP or Domain Name', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
85	<div class="inside">
86	<form action="" method="POST">
87	<?php wp_nonce_field('aiowpsec-whois-lookup-nonce'); ?>

109	require_once(AIO_WP_SECURITY_LIB_PATH.'/whois/whois.main.php');
110	require_once(AIO_WP_SECURITY_LIB_PATH.'/whois/whois.utils.php');
111	$input_val = trim($_POST['aiowps_whois_lookup_field']);
112	+ $input_val = preg_replace('#^https?://#', '', $input_val);
113	if (filter_var($input_val, FILTER_VALIDATE_IP) \|\| filter_var(gethostbyname($input_val), FILTER_VALIDATE_IP))
114	{
115	//$info_msg_string = '<p class="aio_info_with_icon">'.sprintf( __('WHOIS lookup successfully completed. Please see the results below:', 'all-in-one-wp-security-and-firewall')).'</p>';

classes/wp-security-backup.php CHANGED Viewed

	@@ -190,7 +190,10 @@ class AIOWPSecurity_Backup
190	$attachment = array( $this->last_backup_file_path );
191	$message = __( 'Attached is your latest DB backup file for site URL', 'all-in-one-wp-security-and-firewall' ) . ' ' . get_option( 'siteurl' ) . __( ' generated on', 'all-in-one-wp-security-and-firewall' ) . ' ' . date( 'l, F jS, Y \a\\t g:i a', current_time( 'timestamp' ) );
192
193	- wp_mail( $to, $subject, $message, $headers, $attachment );



194	}
195	}
196
	@@ -201,8 +204,7 @@ class AIOWPSecurity_Backup
201	{
202	$path_parts = pathinfo($this->last_backup_file_path);
203	$backups_path = $path_parts['dirname'];
204	- $files = ~~scandir~~( $backups_path ~~. '/', 1~~ );
205	-
206	$count = 0;
207
208	foreach ( $files as $file )
	@@ -282,7 +284,26 @@ class AIOWPSecurity_Backup
282	$max_rows_event_table = '5000'; //Keep a max of 5000 rows in the events table
283	$max_rows_event_table = apply_filters( 'aiowps_max_rows_event_table', $max_rows_event_table );
284	AIOWPSecurity_Utility::cleanup_table($events_table_name, $max_rows_event_table);
285	-



















286	//Keep adding other DB cleanup tasks as they arise...
287	}
288	}


190	$attachment = array( $this->last_backup_file_path );
191	$message = __( 'Attached is your latest DB backup file for site URL', 'all-in-one-wp-security-and-firewall' ) . ' ' . get_option( 'siteurl' ) . __( ' generated on', 'all-in-one-wp-security-and-firewall' ) . ' ' . date( 'l, F jS, Y \a\\t g:i a', current_time( 'timestamp' ) );
192
193	+ $sendMail = wp_mail( $to, $subject, $message, $headers, $attachment );
194	+ if(FALSE === $sendMail){
195	+ $aio_wp_security->debug_logger->log_debug("Backup notification email failed to send to ".$to,4);
196	+ }
197	}
198	}
199

204	{
205	$path_parts = pathinfo($this->last_backup_file_path);
206	$backups_path = $path_parts['dirname'];
207	+ $files = AIOWPSecurity_Utility_File::scan_dir_sort_date( $backups_path );

208	$count = 0;
209
210	foreach ( $files as $file )

284	$max_rows_event_table = '5000'; //Keep a max of 5000 rows in the events table
285	$max_rows_event_table = apply_filters( 'aiowps_max_rows_event_table', $max_rows_event_table );
286	AIOWPSecurity_Utility::cleanup_table($events_table_name, $max_rows_event_table);
287	+
288	+ //Check the failed logins table
289	+ $failed_logins_table_name = AIOWPSEC_TBL_FAILED_LOGINS;
290	+ $max_rows_failed_logins_table = '5000'; //Keep a max of 5000 rows in the events table
291	+ $max_rows_failed_logins_table = apply_filters( 'aiowps_max_rows_failed_logins_table', $max_rows_failed_logins_table );
292	+ AIOWPSecurity_Utility::cleanup_table($failed_logins_table_name, $max_rows_failed_logins_table);
293	+
294	+ //Check the login activity table
295	+ $login_activity_table_name = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
296	+ $max_rows_login_activity_table = '5000'; //Keep a max of 5000 rows in the events table
297	+ $max_rows_login_activity_table = apply_filters( 'aiowps_max_rows_login_attempts_table', $max_rows_login_activity_table );
298	+ AIOWPSecurity_Utility::cleanup_table($login_activity_table_name, $max_rows_login_activity_table);
299	+
300	+ //Check the global meta table
301	+ $global_meta_table_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
302	+ $max_rows_global_meta_table = '5000'; //Keep a max of 5000 rows in this table
303	+ $max_rows_global_meta_table = apply_filters( 'aiowps_max_rows_global_meta_table', $global_meta_table_name );
304	+ AIOWPSecurity_Utility::cleanup_table($global_meta_table_name, $max_rows_global_meta_table);
305	+
306	+
307	//Keep adding other DB cleanup tasks as they arise...
308	}
309	}

classes/wp-security-configure-settings.php CHANGED Viewed

	@@ -11,6 +11,9 @@ class AIOWPSecurity_Configure_Settings
11	global $aio_wp_security;
12	$blog_email_address = get_bloginfo('admin_email'); //Get the blog admin email address - we will use as the default value
13



14	//WP Generator Meta Tag feature
15	$aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
16
	@@ -121,6 +124,8 @@ class AIOWPSecurity_Configure_Settings
121	$aio_wp_security->configs->set_value('aiowps_copy_protection','');//Checkbox
122	//Prevent others from dislaying your site in iframe
123	$aio_wp_security->configs->set_value('aiowps_prevent_site_display_inside_frame','');//Checkbox


124
125
126	//TODO - keep adding default options for any fields that require it
	@@ -134,6 +139,9 @@ class AIOWPSecurity_Configure_Settings
134	global $aio_wp_security;
135	$blog_email_address = get_bloginfo('admin_email'); //Get the blog admin email address - we will use as the default value
136



137	//WP Generator Meta Tag feature
138	$aio_wp_security->configs->add_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
139
	@@ -244,6 +252,8 @@ class AIOWPSecurity_Configure_Settings
244	$aio_wp_security->configs->add_value('aiowps_copy_protection','');//Checkbox
245	//Prevent others from dislaying your site in iframe
246	$aio_wp_security->configs->add_value('aiowps_prevent_site_display_inside_frame','');//Checkbox


247
248
249	//TODO - keep adding default options for any fields that require it


11	global $aio_wp_security;
12	$blog_email_address = get_bloginfo('admin_email'); //Get the blog admin email address - we will use as the default value
13
14	+ //Debug
15	+ $aio_wp_security->configs->set_value('aiowps_enable_debug','');//Checkbox
16	+
17	//WP Generator Meta Tag feature
18	$aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
19

124	$aio_wp_security->configs->set_value('aiowps_copy_protection','');//Checkbox
125	//Prevent others from dislaying your site in iframe
126	$aio_wp_security->configs->set_value('aiowps_prevent_site_display_inside_frame','');//Checkbox
127	+ //Prevent users enumeration
128	+ $aio_wp_security->configs->set_value('aiowps_prevent_users_enumeration','');//Checkbox
129
130
131	//TODO - keep adding default options for any fields that require it

139	global $aio_wp_security;
140	$blog_email_address = get_bloginfo('admin_email'); //Get the blog admin email address - we will use as the default value
141
142	+ //Debug
143	+ $aio_wp_security->configs->add_value('aiowps_enable_debug','');//Checkbox
144	+
145	//WP Generator Meta Tag feature
146	$aio_wp_security->configs->add_value('aiowps_remove_wp_generator_meta_info','');//Checkbox
147

252	$aio_wp_security->configs->add_value('aiowps_copy_protection','');//Checkbox
253	//Prevent others from dislaying your site in iframe
254	$aio_wp_security->configs->add_value('aiowps_prevent_site_display_inside_frame','');//Checkbox
255	+ //Prevent users enumeration
256	+ $aio_wp_security->configs->add_value('aiowps_prevent_users_enumeration','');//Checkbox
257
258
259	//TODO - keep adding default options for any fields that require it

classes/wp-security-debug-logger.php CHANGED Viewed

	@@ -17,8 +17,6 @@ class AIOWPSecurity_Logger
17	function __construct()
18	{
19	$this->log_folder_path = AIO_WP_SECURITY_PATH . '/logs';
20	- //TODO - check config and if debug is enabled then set the enabled flag to true
21	- $this->debug_enabled = true;
22	}
23
24	function get_debug_timestamp()
	@@ -66,6 +64,10 @@ class AIOWPSecurity_Logger
66
67	function log_debug($message,$level=0,$section_break=false,$file_name='')
68	{




69	if (!$this->debug_enabled) return;
70	$content = $this->get_debug_timestamp();//Timestamp
71	$content .= $this->get_debug_status($level);//Debug status
	@@ -77,6 +79,10 @@ class AIOWPSecurity_Logger
77
78	function log_debug_cron($message,$level=0,$section_break=false)
79	{




80	if (!$this->debug_enabled) return;
81	$content = $this->get_debug_timestamp();//Timestamp
82	$content .= $this->get_debug_status($level);//Debug status


17	function __construct()
18	{
19	$this->log_folder_path = AIO_WP_SECURITY_PATH . '/logs';


20	}
21
22	function get_debug_timestamp()

64
65	function log_debug($message,$level=0,$section_break=false,$file_name='')
66	{
67	+ global $aio_wp_security;
68	+ $debug_config = $aio_wp_security->configs->get_value('aiowps_enable_debug');
69	+ $this->debug_enabled = empty($debug_config)?false:true;
70	+
71	if (!$this->debug_enabled) return;
72	$content = $this->get_debug_timestamp();//Timestamp
73	$content .= $this->get_debug_status($level);//Debug status

79
80	function log_debug_cron($message,$level=0,$section_break=false)
81	{
82	+ global $aio_wp_security;
83	+ $debug_config = $aio_wp_security->configs->get_value('aiowps_enable_debug');
84	+ $this->debug_enabled = empty($debug_config)?false:true;
85	+
86	if (!$this->debug_enabled) return;
87	$content = $this->get_debug_timestamp();//Timestamp
88	$content .= $this->get_debug_status($level);//Debug status

classes/wp-security-file-scan.php CHANGED Viewed

	@@ -76,7 +76,10 @@ class AIOWPSecurity_Scan
76	$message .= $scan_results_message;
77	$message .= "\r\n".__( 'Login to your site to view the scan details.', 'all-in-one-wp-security-and-firewall' );
78
79	- wp_mail( $to, $subject, $message, $headers );



80	}
81	}
82


76	$message .= $scan_results_message;
77	$message .= "\r\n".__( 'Login to your site to view the scan details.', 'all-in-one-wp-security-and-firewall' );
78
79	+ $sendMail = wp_mail( $to, $subject, $message, $headers );
80	+ if(FALSE === $sendMail){
81	+ $aio_wp_security->debug_logger->log_debug("File change notification email failed to send to ".$to,4);
82	+ }
83	}
84	}
85

classes/wp-security-general-init-tasks.php CHANGED Viewed

	@@ -4,7 +4,9 @@ class AIOWPSecurity_General_Init_Tasks
4	{
5	function __construct(){
6	global $aio_wp_security;
7	-


8	if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
9	add_action( 'widgets_init', array(&$this, 'remove_standard_wp_meta_widget' ));
10	add_filter( 'retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 4); //Fix for non decoded html entities in password reset link
	@@ -44,6 +46,11 @@ class AIOWPSecurity_General_Init_Tasks
44	}
45	}
46





47	//For user unlock request feature
48	if(isset($_POST['aiowps_unlock_request']) \|\| isset($_POST['aiowps_wp_submit_unlock_request'])){
49	nocache_headers();
	@@ -164,10 +171,29 @@ class AIOWPSecurity_General_Init_Tasks
164	if($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1'){
165	add_action('wp_head', array(&$this, 'check_404_event'));
166	}
167	-
168	//Add more tasks that need to be executed at init time
169
170	}



















171
172	function remove_standard_wp_meta_widget()
173	{


4	{
5	function __construct(){
6	global $aio_wp_security;
7	+
8	+ add_action( 'permalink_structure_changed', array(&$this, 'refresh_firewall_rules' ), 10, 2);
9	+
10	if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
11	add_action( 'widgets_init', array(&$this, 'remove_standard_wp_meta_widget' ));
12	add_filter( 'retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 4); //Fix for non decoded html entities in password reset link

46	}
47	}
48
49	+ //Stop users enumeration feature
50	+ if( $aio_wp_security->configs->get_value('aiowps_prevent_users_enumeration') == 1) {
51	+ include_once(AIO_WP_SECURITY_PATH.'/other-includes/wp-security-stop-users-enumeration.php');
52	+ }
53	+
54	//For user unlock request feature
55	if(isset($_POST['aiowps_unlock_request']) \|\| isset($_POST['aiowps_wp_submit_unlock_request'])){
56	nocache_headers();

171	if($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1'){
172	add_action('wp_head', array(&$this, 'check_404_event'));
173	}
174	+
175	//Add more tasks that need to be executed at init time
176
177	}
178	+
179	+ /**
180	+ * Refreshes the firewall rules in .htaccess file
181	+ * eg: if permalink settings changed and white list enabled
182	+ * @param $old_permalink_structure
183	+ * @param $permalink_structure
184	+ */
185	+ function refresh_firewall_rules($old_permalink_structure, $permalink_structure){
186	+ global $aio_wp_security;
187	+ //If white list enabled need to re-adjust the .htaccess rules
188	+ if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
189	+ $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
190	+ if ($write_result == -1)
191	+ {
192	+ $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
193	+ $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
194	+ }
195	+ }
196	+ }
197
198	function remove_standard_wp_meta_widget()
199	{

classes/wp-security-user-login.php CHANGED Viewed

	@@ -276,6 +276,9 @@ class AIOWPSecurity_User_Login
276	$from_name = empty($site_title)?'WordPress':$site_title;
277	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
278	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);



279	}
280	}
281
	@@ -353,6 +356,9 @@ class AIOWPSecurity_User_Login
353	$from_name = empty($site_title)?'WordPress':$site_title;
354	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
355	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);



356	}
357
358	/*


276	$from_name = empty($site_title)?'WordPress':$site_title;
277	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
278	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
279	+ if(FALSE === $sendMail){
280	+ $aio_wp_security->debug_logger->log_debug("Lockout notification email failed to send to ".$to_email_address." for IP ".$ip,4);
281	+ }
282	}
283	}
284

356	$from_name = empty($site_title)?'WordPress':$site_title;
357	$email_header = 'From: '.$from_name.' <'.get_bloginfo('admin_email').'>' . "\r\n\\";
358	$sendMail = wp_mail($to_email_address, $subject, $email_msg, $email_header);
359	+ if(FALSE === $sendMail){
360	+ $aio_wp_security->debug_logger->log_debug("Unlock Request Notification email failed to send to ".$email,4);
361	+ }
362	}
363
364	/*

classes/wp-security-utility-file.php CHANGED Viewed

@@ -10,7 +10,11 @@ class AIOWPSecurity_Utility_File
                      /* Let's initiliaze our class variable array with all of the files and/or directories we wish to check permissions for.
                      * NOTE: we can add to this list in future if we wish
                      */
-            -
                     $this->files_and_dirs_to_check = array(
                         array('name'=>'root directory','path'=>ABSPATH,'permissions'=>'0755'),
                         array('name'=>'wp-includes/','path'=>ABSPATH."wp-includes",'permissions'=>'0755'),
                         array('name'=>'.htaccess','path'=>ABSPATH.".htaccess",'permissions'=>'0644'),
@@ -20,7 +24,7 @@ class AIOWPSecurity_Utility_File
                         array('name'=>'wp-content/plugins/','path'=>ABSPATH."wp-content/plugins",'permissions'=>'0755'),
                         array('name'=>'wp-admin/','path'=>ABSPATH."wp-admin",'permissions'=>'0755'),
                         array('name'=>'wp-content/','path'=>ABSPATH."wp-content",'permissions'=>'0755'),
-            -
                        array('name'=>'wp-config.php','path'=>ABSPATH."wp-config.php",'permissions'=>'0644')
                         //Add as many files or dirs as needed by following the convention above
                     );
@@ -408,6 +412,29 @@ class AIOWPSecurity_Utility_File
                         $attachment_id = $wpdb->get_var( $wpdb->prepare( "SELECT wposts.ID FROM $wpdb->posts wposts, $wpdb->postmeta wpostmeta WHERE wposts.ID = wpostmeta.post_id AND wpostmeta.meta_key = '_wp_attached_file' AND wpostmeta.meta_value = '%s' AND wposts.post_type = 'attachment'", $attachment_url ) );
+                    }
                     return $attachment_id;
-            -
                }
-            -
+            }


10	/* Let's initiliaze our class variable array with all of the files and/or directories we wish to check permissions for.
11	* NOTE: we can add to this list in future if we wish
12	*/
13	+
14	+ //Get wp-config.php file path
15	+ $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
16	+
17	+ $this->files_and_dirs_to_check = array(
18	array('name'=>'root directory','path'=>ABSPATH,'permissions'=>'0755'),
19	array('name'=>'wp-includes/','path'=>ABSPATH."wp-includes",'permissions'=>'0755'),
20	array('name'=>'.htaccess','path'=>ABSPATH.".htaccess",'permissions'=>'0644'),

24	array('name'=>'wp-content/plugins/','path'=>ABSPATH."wp-content/plugins",'permissions'=>'0755'),
25	array('name'=>'wp-admin/','path'=>ABSPATH."wp-admin",'permissions'=>'0755'),
26	array('name'=>'wp-content/','path'=>ABSPATH."wp-content",'permissions'=>'0755'),
27	+ array('name'=>'wp-config.php','path'=>$wp_config_path,'permissions'=>'0644')
28	//Add as many files or dirs as needed by following the convention above
29	);
30

412	$attachment_id = $wpdb->get_var( $wpdb->prepare( "SELECT wposts.ID FROM $wpdb->posts wposts, $wpdb->postmeta wpostmeta WHERE wposts.ID = wpostmeta.post_id AND wpostmeta.meta_key = '_wp_attached_file' AND wpostmeta.meta_value = '%s' AND wposts.post_type = 'attachment'", $attachment_url ) );
413	}
414	return $attachment_id;
415	+ }
416	+
417	+
418	+ /**
419	+ * Will return an indexed array of files sorted by last modified timestamp
420	+ * @param $dir
421	+ * @param string $sort (ASC, DESC)
422	+ * @return array\|bool
423	+ */
424	+ static function scan_dir_sort_date($dir, $sort='DESC') {
425	+ $files = array();
426	+ foreach (scandir($dir) as $file) {
427	+ $files[$file] = filemtime($dir . '/' . $file);
428	+ }
429	+
430	+ arsort($files);
431	+ $files = array_keys($files);
432	+ if($sort == 'ASC'){
433	+ $files = array_reverse($files);
434	+ }
435	+ return ($files) ? $files : false;
436	+ }
437	+
438	+
439	+
440	}

classes/wp-security-utility-htaccess.php CHANGED Viewed

	@@ -9,7 +9,7 @@ class AIOWPSecurity_Utility_Htaccess
9
10	public static $prevent_wp_file_access_marker_start = '#AIOWPS_BLOCK_WP_FILE_ACCESS_START';
11	public static $prevent_wp_file_access_marker_end = '#AIOWPS_BLOCK_WP_FILE_ACCESS_END';
12	-
13	public static $basic_htaccess_rules_marker_start = '#AIOWPS_BASIC_HTACCESS_RULES_START';
14	public static $basic_htaccess_rules_marker_end = '#AIOWPS_BASIC_HTACCESS_RULES_END';
15
	@@ -18,16 +18,16 @@ class AIOWPSecurity_Utility_Htaccess
18
19	public static $debug_log_block_htaccess_rules_marker_start = '#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START';
20	public static $debug_log_block_htaccess_rules_marker_end = '#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END';
21	-
22	public static $user_agent_blacklist_marker_start = '#AIOWPS_USER_AGENT_BLACKLIST_START';
23	public static $user_agent_blacklist_marker_end = '#AIOWPS_USER_AGENT_BLACKLIST_END';
24	-
25	public static $enable_brute_force_attack_prevention_marker_start = '#AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_START';
26	public static $enable_brute_force_attack_prevention_marker_end = '#AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_END';
27
28	public static $disable_index_views_marker_start = '#AIOWPS_DISABLE_INDEX_VIEWS_START';
29	public static $disable_index_views_marker_end = '#AIOWPS_DISABLE_INDEX_VIEWS_END';
30	-
31	public static $disable_trace_track_marker_start = '#AIOWPS_DISABLE_TRACE_TRACK_START';
32	public static $disable_trace_track_marker_end = '#AIOWPS_DISABLE_TRACE_TRACK_END';
33
	@@ -42,13 +42,13 @@ class AIOWPSecurity_Utility_Htaccess
42
43	public static $five_g_blacklist_marker_start = '#AIOWPS_FIVE_G_BLACKLIST_START';
44	public static $five_g_blacklist_marker_end = '#AIOWPS_FIVE_G_BLACKLIST_END';
45	-
46	public static $block_spambots_marker_start = '#AIOWPS_BLOCK_SPAMBOTS_START';
47	public static $block_spambots_marker_end = '#AIOWPS_BLOCK_SPAMBOTS_END';
48
49	public static $enable_login_whitelist_marker_start = '#AIOWPS_LOGIN_WHITELIST_START';
50	public static $enable_login_whitelist_marker_end = '#AIOWPS_LOGIN_WHITELIST_END';
51	-
52	public static $prevent_image_hotlinks_marker_start = '#AIOWPS_PREVENT_IMAGE_HOTLINKS_START';
53	public static $prevent_image_hotlinks_marker_end = '#AIOWPS_PREVENT_IMAGE_HOTLINKS_END';
54
	@@ -56,94 +56,81 @@ class AIOWPSecurity_Utility_Htaccess
56	public static $custom_rules_marker_end = '#AIOWPS_CUSTOM_RULES_END';
57
58	// TODO - enter more markers as new .htaccess features are added
59	-
60	- function __construct(){

61	//NOP
62	}
63	-
64	-
65	static function write_to_htaccess()
66	{
67	- global $aio_wp_security;
68	//figure out what server is being used
69	- if (AIOWPSecurity_Utility::get_server_type() == -1)
70	- {
71	- $aio_wp_security->debug_logger->log_debug("Unable to write to .htaccess - server type not supported!",4);
72	return -1; //unable to write to the file
73	}
74
75	//clean up old rules first
76	- if (AIOWPSecurity_Utility_Htaccess::delete_from_htaccess() == -1)
77	- {
78	- $aio_wp_security->debug_logger->log_debug("Delete operation of .htaccess file failed!",4);
79	return -1; //unable to write to the file
80	}
81
82	$htaccess = ABSPATH . '.htaccess';
83	//get the subdirectory if it is installed in one
84	- $siteurl = explode( '/', get_option( 'siteurl' ) );
85	- if (isset($siteurl[3]))
86	- {
87	$dir = '/' . $siteurl[3] . '/';
88	- }
89	- else
90	- {
91	$dir = '/';
92	- }
93	-
94	- if (!$f = @fopen($htaccess, 'a+'))
95	- {
96	- @~~chmod~~( $htaccess, ~~0644~~ );
97	- if (~~!$f~~ = ~~@fopen(~~ $htaccess, ~~'a+'~~))
98	- {
99	- $aio_wp_security->debug_logger->log_debug("chmod operation on .htaccess failed!",4);
100	return -1;
101	- }
102	}
103	AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess); //TODO - we dont want to continually be backing up the htaccess file
104	- @ini_set( 'auto_detect_line_endings', true );
105	- $ht = explode( PHP_EOL, implode( '', file( $htaccess ) ) ); //parse each line of file into array
106	-
107	$rules = AIOWPSecurity_Utility_Htaccess::getrules();
108	- if ($rules == -1)
109	- {
110	- $aio_wp_security->debug_logger->log_debug("Unable to retrieve rules in .htaccess file!",4);
111	return -1;
112	}
113	-
114	- $rulesarray = explode( PHP_EOL, $rules );
115	$rulesarray = apply_filters('aiowps_htaccess_rules_before_writing', $rulesarray);
116	- $contents = array_merge( $rulesarray, $ht );
117	-
118	- if (!$f = @fopen($htaccess, 'w+'))
119	- {
120	- $aio_wp_security->debug_logger->log_debug("Write operation on .htaccess failed!",4);
121	return -1; //we can't write to the file
122	}
123	-
124	$blank = false;
125	-
126	//write each line to file
127	- foreach ( $contents as $insertline )
128	- {
129	- if ( ~~trim(~~ $~~insertline~~ ) == '' )
130	- {
131	- if ( $blank == false )
132	- {
133	- fwrite( $f, PHP_EOL . trim( $insertline ) );
134	}
135	- $blank = true;
136	- }
137	- else
138	- {
139	$blank = false;
140	- fwrite( $f, PHP_EOL . trim( $insertline ) );
141	}
142	}
143	- @fclose( $f );
144	- return 1; //success
145	}
146	-
147	/*
148	* This function will delete the code which has been added to the .htaccess file by this plugin
149	* It will try to find the comment markers "# BEGIN All In One WP Security" and "# END All In One WP Security" and delete contents in between
	@@ -152,38 +139,30 @@ class AIOWPSecurity_Utility_Htaccess
152	{
153	//TODO
154	$htaccess = ABSPATH . '.htaccess';
155	-
156	- @ini_set('auto_detect_line_endings', true);
157	- if (!file_exists($htaccess))
158	- {
159	$ht = @fopen($htaccess, 'a+');
160	@fclose($ht);
161	- }
162	$ht_contents = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array
163	- if ($ht_contents)
164	- { //as long as there are lines in the file
165	$state = true;
166	- if (!$f = @fopen($htaccess, 'w+'))
167	- {
168	- @~~chmod~~( $htaccess, ~~0644~~ );
169	- if (!$f = @fopen( $htaccess, 'w+'))
170	- {
171	return -1;
172	}
173	}
174	-
175	- foreach ( $ht_contents as $n => $markerline )
176	- { //~~for~~ ~~each~~ ~~line~~ in the ~~file~~
177	- if (strpos($markerline, '# BEGIN ' . $section) !== false)
178	- { //if we're at the beginning of the section
179	$state = false;
180	}
181	- if ($state == true)
182	- { //as long as we're not in the section keep writing
183	fwrite($f, trim($markerline) . PHP_EOL);
184	- }
185	- if (strpos($markerline, '# END ' . $section) !== false)
186	- { //see if we're at the end of the section
187	$state = true;
188	}
189	}
	@@ -192,7 +171,7 @@ class AIOWPSecurity_Utility_Htaccess
192	}
193	return 1;
194	}
195	-
196	static function getrules()
197	{
198	$rules = "";
	@@ -216,26 +195,24 @@ class AIOWPSecurity_Utility_Htaccess
216
217	//Add more functions for features as needed
218	//$rules .= AIOWPSecurity_Utility_Htaccess::getrules_somefeature();
219	-
220	//Add outer markers if we have rules
221	- if ($rules != '')
222	- {
223	$rules = "# BEGIN All In One WP Security" . PHP_EOL . $rules . "# END All In One WP Security" . PHP_EOL;
224	- }
225	-
226	return $rules;
227	}
228	-
229	/*
230	* This function will write rules to prevent people from accessing the following files:
231	* readme.html, license.txt and wp-config-sample.php.
232	- */
233	static function getrules_block_wp_file_access()
234	{
235	global $aio_wp_security;
236	$rules = '';
237	- if($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access')=='1')
238	- {
239	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_start . PHP_EOL; //Add feature marker start
240	$rules .= '<Files license.txt>
241	order allow,deny
	@@ -251,75 +228,56 @@ class AIOWPSecurity_Utility_Htaccess
251	</Files>' . PHP_EOL;
252	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_end . PHP_EOL; //Add feature marker end
253	}
254	-
255	- return $rules;
256	}
257
258	static function getrules_blacklist()
259	{
260	global $aio_wp_security;
261	- $aiowps_server = AIOWPSecurity_Utility::get_server_type();
262	$rules = '';
263	- if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1')
264	- {
265	//Let's do the list of blacklisted IPs first
266	$hosts = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
267	- if (!empty($hosts) && !(sizeof($hosts) == 1 && trim($hosts[0]) == ''))
268	- {
269	- if ( $aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed' )
270	- {
271	$rules .= AIOWPSecurity_Utility_Htaccess::$ip_blacklist_marker_start . PHP_EOL; //Add feature marker start
272	$rules .= "Order allow,deny" . PHP_EOL .
273	- "Allow from all" . PHP_EOL;
274	}
275	$phosts = array();
276	- foreach ($hosts as $host)
277	- {
278	$host = trim($host);
279	- if (!in_array($host, $phosts))
280	- {
281	- if (~~strstr~~($host~~, '*'~~))
282	- {
283	- $parts = array_reverse (explode('.', $host));
284	$netmask = 32;
285	- foreach ($parts as $part)
286	- {
287	- if (strstr(trim($part), '*'))
288	- {
289	$netmask = $netmask - 8;
290	-
291	}
292	}
293	- $dhost = trim( str_replace('*', '0', implode( '.', array_reverse( $parts ) ) ) . '/' . $netmask );
294	- if (strlen($dhost) > 4)
295	- {
296	- if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed')
297	- {
298	$trule = "Deny from " . $dhost . PHP_EOL;
299	- if (trim($trule) != 'Deny From')
300	- {
301	$rules .= $trule;
302	}
303	- }
304	- else
305	- {
306	$rules .= "\tdeny " . $dhost . ';' . PHP_EOL;
307	- }
308	}
309	- }
310	- ~~else~~
311	- {
312	- $~~dhost~~ = ~~trim(~~ $~~host~~ );
313	- if (strlen($dhost) > 4)
314	- {
315	- if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed' )
316	- {
317	$rules .= "Deny from " . $dhost . PHP_EOL;
318	- }
319	- ~~else~~
320	- {
321	- $rules .= "\tdeny " . $dhost. ";" . PHP_EOL;
322	- }
323	}
324	}
325	}
	@@ -329,76 +287,63 @@ class AIOWPSecurity_Utility_Htaccess
329	}
330	//Now let's do the user agent list
331	$user_agents = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_user_agents'));
332	- if (!empty($user_agents) && !(sizeof($user_agents) == 1 && trim($user_agents[0]) == ''))
333	- {
334	- if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed')
335	- {
336	$rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_start . PHP_EOL; //Add feature marker start
337	//Start mod_rewrite rules
338	$rules .= "<IfModule mod_rewrite.c>" . PHP_EOL . "RewriteEngine On" . PHP_EOL . PHP_EOL;
339	$count = 1;
340	- foreach ( $user_agents as $agent )
341	- {
342	$agent_escaped = quotemeta($agent);
343	$pattern = '/\s/'; //Find spaces in the string
344	$replacement = '\s'; //Replace spaces with \s so apache can understand
345	$agent_sanitized = preg_replace($pattern, $replacement, $agent_escaped);
346	-
347	- $rules .= "RewriteCond %{HTTP_USER_AGENT} ^" . trim( $agent_sanitized );
348	- if ( $count < sizeof( $user_agents ) )
349	- {
350	$rules .= " [NC,OR]" . PHP_EOL;
351	$count++;
352	- }
353	- else
354	- {
355	$rules .= " [NC]" . PHP_EOL;
356	- }
357	-
358	}
359	$rules .= "RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
360	- }
361	- else
362	- {
363	$count = 1;
364	$alist = '';
365	- foreach ( $user_agents as $agent )
366	- {
367	- $~~alist~~ .= ~~trim~~( $~~agent~~ );
368	- if ( $count < sizeof( $user_agents ) )
369	- {
370	$alist .= '\|';
371	$count++;
372	- }
373	}
374	$rules .= "\tif (\$http_user_agent ~* " . $alist . ") { return 403; }" . PHP_EOL;
375	}
376	}
377	-
378	//close mod_rewrite
379	- if (strlen($aio_wp_security->configs->get_value('aiowps_banned_user_agents')) > 0)
380	- {
381	- if (($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed'))
382	- {
383	$rules .= "</IfModule>" . PHP_EOL;
384	$rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_end . PHP_EOL; //Add feature marker end
385	}
386	}
387	}
388	-
389	- return implode( PHP_EOL, array_diff( explode( PHP_EOL, $rules ), array( 'Deny from ', 'Deny from' ) ) );
390	}
391	-
392	/*
393	* TODO - info
394	- */
395	static function getrules_basic_htaccess()
396	{
397	global $aio_wp_security;
398	-
399	$rules = '';
400	- if($aio_wp_security->configs->get_value('aiowps_enable_basic_firewall')=='1')
401	- {
402	$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
403	//protect the htaccess file - this is done by default with apache config file but we are including it here for good measure
404	$rules .= '<Files .htaccess>' . PHP_EOL;
	@@ -408,46 +353,44 @@ class AIOWPSecurity_Utility_Htaccess
408
409	//disable the server signature
410	$rules .= 'ServerSignature Off' . PHP_EOL;
411	-
412	//limit file uploads to 10mb
413	$rules .= 'LimitRequestBody 10240000' . PHP_EOL;
414	-
415	// protect wpconfig.php.
416	$rules .= '<Files wp-config.php>' . PHP_EOL;
417	$rules .= 'order allow,deny' . PHP_EOL;
418	$rules .= 'deny from all' . PHP_EOL;
419	$rules .= '</Files>' . PHP_EOL;
420	-
421	$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
422	}
423	- return $rules;
424	}
425	-
426	static function getrules_pingback_htaccess()
427	{
428	global $aio_wp_security;
429	-
430	$rules = '';
431	- if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1')
432	- {
433	$rules .= AIOWPSecurity_Utility_Htaccess::$pingback_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
434	$rules .= '<Files xmlrpc.php>' . PHP_EOL;
435	$rules .= 'order deny,allow' . PHP_EOL;
436	$rules .= 'deny from all' . PHP_EOL;
437	$rules .= '</Files>' . PHP_EOL;
438	-
439	$rules .= AIOWPSecurity_Utility_Htaccess::$pingback_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
440	}
441	- return $rules;
442	}
443
444	static function getrules_block_debug_log_access_htaccess()
445	{
446	global $aio_wp_security;
447	-
448	$rules = '';
449	- if($aio_wp_security->configs->get_value('aiowps_block_debug_log_file_access')=='1')
450	- {
451	$rules .= AIOWPSecurity_Utility_Htaccess::$debug_log_block_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
452	$rules .= '<Files debug.log>' . PHP_EOL;
453	$rules .= 'order deny,allow' . PHP_EOL;
	@@ -455,40 +398,37 @@ class AIOWPSecurity_Utility_Htaccess
455	$rules .= '</Files>' . PHP_EOL;
456	$rules .= AIOWPSecurity_Utility_Htaccess::$debug_log_block_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
457	}
458	- return $rules;
459	}
460	-
461	/*
462	* This function will write some drectives to block all people who do not have a cookie
463	* when trying to access the WP login page
464	*/
465	- static function getrules_enable_brute_force_prevention()
466	{
467	global $aio_wp_security;
468	$rules = '';
469	- if($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')=='1')
470	- {
471	$cookie_name = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
472	$test_cookie_name = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
473	$redirect_url = $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url');
474	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_start . PHP_EOL; //Add feature marker start
475	$rules .= 'RewriteEngine On' . PHP_EOL;
476	- $rules .= 'RewriteCond %{REQUEST_URI} (wp-admin\|wp-login)'. PHP_EOL;// If URI contains wp-admin or wp-login
477	- if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')=='1')
478	- {
479	$rules .= 'RewriteCond %{REQUEST_URI} !(wp-admin/admin-ajax.php)' . PHP_EOL; // To allow ajax requests through
480	}
481	- if($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')=='1')
482	- {
483	$rules .= 'RewriteCond %{QUERY_STRING} !(action\=postpass)' . PHP_EOL; // Possible workaround for people usign the password protected page/post feature
484	}
485	- $rules .= 'RewriteCond %{HTTP_COOKIE} !'.$cookie_name.'= [NC]' . PHP_EOL;
486	- $rules .= 'RewriteCond %{HTTP_COOKIE} !'.$test_cookie_name.'= [NC]' . PHP_EOL;
487	- $rules .= 'RewriteRule .* '.$redirect_url.' [L]' . PHP_EOL;
488	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_end . PHP_EOL; //Add feature marker end
489	}
490	-
491	- return $rules;
492	}
493
494
	@@ -498,13 +438,12 @@ class AIOWPSecurity_Utility_Htaccess
498	* 1) If the rename login feature is being used: for this scenario instead of protecting wp-login.php we must protect the special page slug
499	* 2) If the rename login feature is being used AND non permalink URL structure: for this case need to use mod_rewrite because we must check QUERY_STRING
500	*/
501	- static function getrules_enable_login_whitelist()
502	{
503	global $aio_wp_security;
504	$rules = '';
505	-
506	- if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1')
507	- {
508	$site_url = AIOWPSEC_WP_URL;
509	$parse_url = parse_url($site_url);
510	$hostname = $parse_url['host'];
	@@ -512,85 +451,97 @@ class AIOWPSecurity_Utility_Htaccess
512	$special_case = false;
513	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_start . PHP_EOL; //Add feature marker start
514	//If the rename login page feature is active, we will need to adjust the directives
515	- if($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')=='1'){
516	$secret_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
517	- if(!get_option('permalink_structure')){
518	//standard url structure is being used - ie, non permalinks
519	$special_case = true;
520	$rules .= '<IfModule mod_rewrite.c>' . PHP_EOL;
521	$rules .= 'RewriteEngine on' . PHP_EOL;
522	- $rules .= 'RewriteCond %{QUERY_STRING} ^'.$secret_slug.'$' . PHP_EOL;
523	- $rules .= 'RewriteCond %{REMOTE_ADDR} !^'. preg_quote($host_ip) . '[OR]' . PHP_EOL;
524	- }else{
525	$slug = preg_quote($secret_slug); //escape any applicable chars
526	- $rules .= '<FilesMatch "^('.$slug.')">' . PHP_EOL;
527	}
528	- }else{
529	$rules .= '<FilesMatch "^(wp-login\.php)">' . PHP_EOL;
530	}
531	- if(!$special_case){
532	- $rules .= 'Order Allow,Deny'. PHP_EOL;
533	- $rules .= 'Allow from '.$hostname.PHP_EOL;
534	- $rules .= 'Allow from '.$host_ip. PHP_EOL;
535	}
536	-
537	//Let's get list of whitelisted IPs
538	$hosts = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'));
539	- if (!empty($hosts) && !(sizeof($hosts) == 1 && trim($hosts[0]) == ''))
540	- {
541	$phosts = array();
542	$num_hosts = count($hosts);
543	$i = 0;
544	- foreach ($hosts as $host)
545	- {
546	$host = trim($host);
547	- $or_string = ($i == $num_hosts-1)?'':'[OR]'; //Add an [OR] clause for all except the last condition
548
549	- if (!in_array($host, $phosts))
550	- {
551	- if (~~strstr~~($host~~, '*'~~))
552	- {
553	- $parts = array_reverse (explode('.', $host));
554	$netmask = 32;
555	- foreach ($parts as $part)
556	- {
557	- if (strstr(trim($part), '*'))
558	- {
559	$netmask = $netmask - 8;
560	-
561	}
562	}
563	- ~~$dhost~~ = ~~trim( str_replace('*', '0', implode( '.', array_reverse( $parts ) ) ) . '/' . $netmask );~~
564	- if ~~(strlen($dhost)~~ > 4)
565	- {
566	- ~~if($special_case){~~















567	$dhost = preg_quote($dhost); //escape any applicable chars
568	- $trule = 'RewriteCond %{REMOTE_ADDR} !^'. $dhost . $or_string . PHP_EOL;
569	- if (trim($trule) != 'RewriteCond %{REMOTE_ADDR}!=')
570	- {
571	$rules .= $trule;
572	}
573	- }else{
574	$trule = 'Allow from ' . $dhost . PHP_EOL;
575	- if (trim($trule) != 'Allow from')
576	- {
577	$rules .= $trule;
578	}
579	}
580	}
581	- }
582	- ~~else~~
583	- {
584	- $dhost = ~~trim(~~ ~~$host~~ );
585	- if ~~(strlen($dhost)~~ ~~> 4)~~
586	- {
587	- if($~~special_case~~){





588	$dhost = preg_quote($dhost); //escape any applicable chars
589	- $rules .= 'RewriteCond %{REMOTE_ADDR} !^'. $dhost . $or_string . PHP_EOL;
590	- }else{
591	$rules .= 'Allow from ' . $dhost . PHP_EOL;
592	}
593	-
594	}
595	}
596	}
	@@ -598,17 +549,17 @@ class AIOWPSecurity_Utility_Htaccess
598	$i++;
599	}
600	}
601	-
602	- if($special_case){
603	$rules .= 'RewriteRule .* http://127.0.0.1 [L]' . PHP_EOL;
604	$rules .= '</IfModule>' . PHP_EOL;
605	- }else{
606	$rules .= '</FilesMatch>' . PHP_EOL;
607	}
608	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_end . PHP_EOL; //Add feature marker end
609	}
610	-
611	- return $rules;
612	}
613
614	/*
	@@ -616,18 +567,17 @@ class AIOWPSecurity_Utility_Htaccess
616	* site’s root .htaccess file.
617	* NOTE: AllowOverride must be enabled in the httpd.conf file for this to work!
618	*/
619	- static function getrules_disable_index_views()
620	{
621	global $aio_wp_security;
622	$rules = '';
623	- if($aio_wp_security->configs->get_value('aiowps_disable_index_views')=='1')
624	- {
625	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_index_views_marker_start . PHP_EOL; //Add feature marker start
626	$rules .= 'Options -Indexes' . PHP_EOL;
627	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_index_views_marker_end . PHP_EOL; //Add feature marker end
628	}
629	-
630	- return $rules;
631	}
632
633	/*
	@@ -635,45 +585,49 @@ class AIOWPSecurity_Utility_Htaccess
635	* HTTP Trace attack (XST) can be used to return header requests
636	* and grab cookies and other information and is used along with
637	* a cross site scripting attacks (XSS)
638	- */
639	static function getrules_disable_trace_and_track()
640	{
641	global $aio_wp_security;
642	$rules = '';
643	- if($aio_wp_security->configs->get_value('aiowps_disable_trace_and_track')=='1')
644	- {
645	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_trace_track_marker_start . PHP_EOL; //Add feature marker start
646	$rules .= 'RewriteEngine On' . PHP_EOL;
647	$rules .= 'RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK)' . PHP_EOL;
648	$rules .= 'RewriteRule .* - [F]' . PHP_EOL;
649	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_trace_track_marker_end . PHP_EOL; //Add feature marker end
650	}
651	-
652	- return $rules;
653	}
654
655	/*
656	* This function will write rules to prevent proxy comment posting.
657	* This will deny any requests that use a proxy server when posting
658	- * to comments eliminating some spam and proxy requests~~, script~~
659	- * ~~courtesy~~ of perishablepress.com
660	- */
661	static function getrules_forbid_proxy_comment_posting()
662	{
663	global $aio_wp_security;
664	$rules = '';
665	- if($aio_wp_security->configs->get_value('aiowps_forbid_proxy_comments')=='1')
666	- {
667	$rules .= AIOWPSecurity_Utility_Htaccess::$forbid_proxy_comments_marker_start . PHP_EOL; //Add feature marker start
668	- $rules .= 'RewriteCond %{REQUEST_METHOD} =POST' . PHP_EOL;
669	- $rules .= 'RewriteCond %{HTTP:VIA}~~%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION}~~ !^$ [OR]' . PHP_EOL;
670	- $rules .= 'RewriteCond %{HTTP:~~XPROXY_CONNECTION~~}~~%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP}~~ !^$' . PHP_EOL;
671	- $rules .= 'RewriteCond %{~~REQUEST_URI~~} !^/(wp-login.php\|wp-admin/\|wp-content/plugins/\|wp-includes/).* [NC]' . PHP_EOL;
672	- $rules .= '~~RewriteRule~~ .* - [~~F,NS,L~~]' . PHP_EOL;






673	$rules .= AIOWPSecurity_Utility_Htaccess::$forbid_proxy_comments_marker_end . PHP_EOL; //Add feature marker end
674	}
675	-
676	- return $rules;
677	}
678
679	/*
	@@ -686,8 +640,7 @@ class AIOWPSecurity_Utility_Htaccess
686	{
687	global $aio_wp_security;
688	$rules = '';
689	- if($aio_wp_security->configs->get_value('aiowps_deny_bad_query_strings')=='1')
690	- {
691	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_start . PHP_EOL; //Add feature marker start
692	//$rules .= 'RewriteCond %{QUERY_STRING} ../ [NC,OR]' . PHP_EOL;
693	//$rules .= 'RewriteCond %{QUERY_STRING} boot.ini [NC,OR]' . PHP_EOL;
	@@ -704,8 +657,8 @@ class AIOWPSecurity_Utility_Htaccess
704	$rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
705	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_end . PHP_EOL; //Add feature marker end
706	}
707	-
708	- return $rules;
709	}
710
711	/*
	@@ -724,16 +677,13 @@ class AIOWPSecurity_Utility_Htaccess
724	//RedirectMatch 403 include.
725
726
727	-
728	-
729	static function getrules_advanced_character_string_filter()
730	{
731	global $aio_wp_security;
732	$rules = '';
733	- if($aio_wp_security->configs->get_value('aiowps_advanced_char_string_filter')=='1')
734	- {
735	$rules .= AIOWPSecurity_Utility_Htaccess::$advanced_char_string_filter_marker_start . PHP_EOL; //Add feature marker start
736	-
737	$rules .= '<IfModule mod_alias.c>
738	RedirectMatch 403 \,
739	RedirectMatch 403 \:
	@@ -817,8 +767,8 @@ class AIOWPSecurity_Utility_Htaccess
817	</IfModule>' . PHP_EOL;
818	$rules .= AIOWPSecurity_Utility_Htaccess::$advanced_char_string_filter_marker_end . PHP_EOL; //Add feature marker end
819	}
820	-
821	- return $rules;
822	}
823
824	/*
	@@ -831,10 +781,9 @@ class AIOWPSecurity_Utility_Htaccess
831	{
832	global $aio_wp_security;
833	$rules = '';
834	- if($aio_wp_security->configs->get_value('aiowps_enable_5g_firewall')=='1')
835	- {
836	$rules .= AIOWPSecurity_Utility_Htaccess::$five_g_blacklist_marker_start . PHP_EOL; //Add feature marker start
837	-
838	$rules .= '# 5G BLACKLIST/FIREWALL (2013)
839	# @ http://perishablepress.com/5g-blacklist-2013/
840
	@@ -897,49 +846,47 @@ class AIOWPSecurity_Utility_Htaccess
897	</IfModule>' . PHP_EOL;
898	$rules .= AIOWPSecurity_Utility_Htaccess::$five_g_blacklist_marker_end . PHP_EOL; //Add feature marker end
899	}
900	-
901	- return $rules;
902	}
903	-
904	/*
905	* This function will write some directives to block all comments which do not originate from the blog's domain
906	* OR if the user agent is empty. All blocked requests will be redirected to 127.0.0.1
907	*/
908	- static function getrules_block_spambots()
909	{
910	global $aio_wp_security;
911	$rules = '';
912	- if($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking')=='1')
913	- {
914	$url_string = AIOWPSecurity_Utility_Htaccess::return_regularized_url(AIOWPSEC_WP_URL);
915	- if ($url_string == FALSE){
916	$url_string = AIOWPSEC_WP_URL;
917	}
918	$rules .= AIOWPSecurity_Utility_Htaccess::$block_spambots_marker_start . PHP_EOL; //Add feature marker start
919	$rules .= '<IfModule mod_rewrite.c>
920	RewriteCond %{REQUEST_METHOD} POST
921	RewriteCond %{REQUEST_URI} ^(.)?wp-comments-post\.php(.)$' . PHP_EOL;
922	- $rules .= ' RewriteCond %{HTTP_REFERER} !^'.$url_string.' [NC,OR]' . PHP_EOL;
923	$rules .= ' RewriteCond %{HTTP_USER_AGENT} ^$
924	RewriteRule .* http://127.0.0.1 [L]
925	</IfModule>' . PHP_EOL;
926	$rules .= AIOWPSecurity_Utility_Htaccess::$block_spambots_marker_end . PHP_EOL; //Add feature marker end
927	}
928	-
929	- return $rules;
930	}
931	-
932	/*
933	* This function will write some directives to prevent image hotlinking
934	*/
935	- static function prevent_image_hotlinks()
936	{
937	global $aio_wp_security;
938	$rules = '';
939	- if($aio_wp_security->configs->get_value('aiowps_prevent_hotlinking')=='1')
940	- {
941	$url_string = AIOWPSecurity_Utility_Htaccess::return_regularized_url(AIOWPSEC_WP_URL);
942	- if ($url_string == FALSE){
943	$url_string = AIOWPSEC_WP_URL;
944	}
945	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_image_hotlinks_marker_start . PHP_EOL; //Add feature marker start
	@@ -948,13 +895,13 @@ class AIOWPSecurity_Utility_Htaccess
948	RewriteCond %{HTTP_REFERER} !^$' . PHP_EOL;
949	$rules .= ' RewriteCond %{REQUEST_FILENAME} -f' . PHP_EOL;
950	$rules .= ' RewriteCond %{REQUEST_FILENAME} \.(gif\|jpe?g?\|png)$ [NC]' . PHP_EOL;
951	- $rules .= ' RewriteCond %{HTTP_REFERER} !^'.$url_string.' [NC]' . PHP_EOL;
952	$rules .= ' RewriteRule \.(gif\|jpe?g?\|png)$ - [F,NC,L]
953	</IfModule>' . PHP_EOL;
954	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_image_hotlinks_marker_end . PHP_EOL; //Add feature marker end
955	}
956	-
957	- return $rules;
958	}
959
960	/**
	@@ -965,8 +912,7 @@ class AIOWPSecurity_Utility_Htaccess
965	{
966	global $aio_wp_security;
967	$rules = '';
968	- if($aio_wp_security->configs->get_value('aiowps_enable_custom_rules')=='1')
969	- {
970	$custom_rules = $aio_wp_security->configs->get_value('aiowps_custom_rules');
971	$rules .= AIOWPSecurity_Utility_Htaccess::$custom_rules_marker_start . PHP_EOL; //Add feature marker start
972	$rules .= $custom_rules . PHP_EOL;
	@@ -983,36 +929,29 @@ class AIOWPSecurity_Utility_Htaccess
983	* If it finds the tag it will deem the file as being .htaccess specific.
984	* This was written to supplement the .htaccess restore functionality
985	*/
986	-
987	static function check_if_htaccess_contents($file)
988	{
989	$is_htaccess = false;
990	$file_contents = file_get_contents($file);
991	- if ($file_contents === FALSE \|\| strlen($file_contents) == 0)
992	- {
993	return -1;
994	}
995
996	- if ((strpos($file_contents, '# BEGIN WordPress') !== false) \|\| (strpos($file_contents, '# BEGIN') !== false))
997	- {
998	$is_htaccess = true; //It appears that we have some sort of .htacces file
999	- }
1000	- else
1001	- {
1002	//see if we're at the end of the section
1003	$is_htaccess = false;
1004	}
1005
1006	- if ($is_htaccess)
1007	- {
1008	return 1;
1009	- }
1010	- else
1011	- {
1012	return -1;
1013	}
1014	}
1015	-
1016	/*
1017	* This function will take a URL string and convert it to a form useful for using in htaccess rules.
1018	* Example: If URL passed to function = "http://www.mysite.com"
	@@ -1021,30 +960,30 @@ class AIOWPSecurity_Utility_Htaccess
1021
1022	static function return_regularized_url($url)
1023	{
1024	- if(filter_var($url, FILTER_VALIDATE_URL)){
1025	$xyz = explode('.', $url);
1026	$y = '';
1027	- if (count($xyz) > 1){
1028	$j = 1;
1029	- foreach ($xyz as $x){
1030	- if (strpos($x,'www') !== false) {
1031	$y .= str_replace('www', '(.*)?', $x);
1032	- } else if($j==1){
1033	$y .= $x;
1034	- } else if($j>1){
1035	- $y .= '\.'.$x;
1036	}
1037	$j++;
1038	}
1039	//Now replace the "http" with "http(s)?" to cover both secure and non-secure
1040	- if(strpos($y,'http') !== false) {
1041	$y = str_replace('http', 'http(s)?', $y);
1042	}
1043	return $y;
1044	- }else {
1045	return $url;
1046	}
1047	- } else{
1048	return FALSE;
1049	}
1050	}


9
10	public static $prevent_wp_file_access_marker_start = '#AIOWPS_BLOCK_WP_FILE_ACCESS_START';
11	public static $prevent_wp_file_access_marker_end = '#AIOWPS_BLOCK_WP_FILE_ACCESS_END';
12	+
13	public static $basic_htaccess_rules_marker_start = '#AIOWPS_BASIC_HTACCESS_RULES_START';
14	public static $basic_htaccess_rules_marker_end = '#AIOWPS_BASIC_HTACCESS_RULES_END';
15

18
19	public static $debug_log_block_htaccess_rules_marker_start = '#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START';
20	public static $debug_log_block_htaccess_rules_marker_end = '#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END';
21	+
22	public static $user_agent_blacklist_marker_start = '#AIOWPS_USER_AGENT_BLACKLIST_START';
23	public static $user_agent_blacklist_marker_end = '#AIOWPS_USER_AGENT_BLACKLIST_END';
24	+
25	public static $enable_brute_force_attack_prevention_marker_start = '#AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_START';
26	public static $enable_brute_force_attack_prevention_marker_end = '#AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_END';
27
28	public static $disable_index_views_marker_start = '#AIOWPS_DISABLE_INDEX_VIEWS_START';
29	public static $disable_index_views_marker_end = '#AIOWPS_DISABLE_INDEX_VIEWS_END';
30	+
31	public static $disable_trace_track_marker_start = '#AIOWPS_DISABLE_TRACE_TRACK_START';
32	public static $disable_trace_track_marker_end = '#AIOWPS_DISABLE_TRACE_TRACK_END';
33

42
43	public static $five_g_blacklist_marker_start = '#AIOWPS_FIVE_G_BLACKLIST_START';
44	public static $five_g_blacklist_marker_end = '#AIOWPS_FIVE_G_BLACKLIST_END';
45	+
46	public static $block_spambots_marker_start = '#AIOWPS_BLOCK_SPAMBOTS_START';
47	public static $block_spambots_marker_end = '#AIOWPS_BLOCK_SPAMBOTS_END';
48
49	public static $enable_login_whitelist_marker_start = '#AIOWPS_LOGIN_WHITELIST_START';
50	public static $enable_login_whitelist_marker_end = '#AIOWPS_LOGIN_WHITELIST_END';
51	+
52	public static $prevent_image_hotlinks_marker_start = '#AIOWPS_PREVENT_IMAGE_HOTLINKS_START';
53	public static $prevent_image_hotlinks_marker_end = '#AIOWPS_PREVENT_IMAGE_HOTLINKS_END';
54

56	public static $custom_rules_marker_end = '#AIOWPS_CUSTOM_RULES_END';
57
58	// TODO - enter more markers as new .htaccess features are added
59	+
60	+ function __construct()
61	+ {
62	//NOP
63	}
64	+
65	+
66	static function write_to_htaccess()
67	{
68	+ global $aio_wp_security;
69	//figure out what server is being used
70	+ if (AIOWPSecurity_Utility::get_server_type() == -1) {
71	+ $aio_wp_security->debug_logger->log_debug("Unable to write to .htaccess - server type not supported!", 4);

72	return -1; //unable to write to the file
73	}
74
75	//clean up old rules first
76	+ if (AIOWPSecurity_Utility_Htaccess::delete_from_htaccess() == -1) {
77	+ $aio_wp_security->debug_logger->log_debug("Delete operation of .htaccess file failed!", 4);

78	return -1; //unable to write to the file
79	}
80
81	$htaccess = ABSPATH . '.htaccess';
82	//get the subdirectory if it is installed in one
83	+ $siteurl = explode('/', get_option('siteurl'));
84	+ if (isset($siteurl[3])) {

85	$dir = '/' . $siteurl[3] . '/';
86	+ } else {


87	$dir = '/';
88	+ }
89	+
90	+ if (!$f = @fopen($htaccess, 'a+')) {
91	+ @chmod($htaccess, 0644);
92	+ if (!$f = @fopen($htaccess, 'a+')) {
93	+ $aio_wp_security->debug_logger->log_debug("chmod operation on .htaccess failed!", 4);


94	return -1;
95	+ }
96	}
97	AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess); //TODO - we dont want to continually be backing up the htaccess file
98	+ @ini_set('auto_detect_line_endings', true);
99	+ $ht = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array
100	+
101	$rules = AIOWPSecurity_Utility_Htaccess::getrules();
102	+ if ($rules == -1) {
103	+ $aio_wp_security->debug_logger->log_debug("Unable to retrieve rules in .htaccess file!", 4);

104	return -1;
105	}
106	+
107	+ $rulesarray = explode(PHP_EOL, $rules);
108	$rulesarray = apply_filters('aiowps_htaccess_rules_before_writing', $rulesarray);
109	+ $contents = array_merge($rulesarray, $ht);
110	+
111	+ if (!$f = @fopen($htaccess, 'w+')) {
112	+ $aio_wp_security->debug_logger->log_debug("Write operation on .htaccess failed!", 4);

113	return -1; //we can't write to the file
114	}
115	+
116	$blank = false;
117	+
118	//write each line to file
119	+ foreach ($contents as $insertline) {
120	+ if (trim($insertline) == '') {
121	+ if ($blank == false) {
122	+ fwrite($f, PHP_EOL . trim($insertline));



123	}
124	+ $blank = true;
125	+ } else {


126	$blank = false;
127	+ fwrite($f, PHP_EOL . trim($insertline));
128	}
129	}
130	+ @fclose($f);
131	+ return 1; //success
132	}
133	+
134	/*
135	* This function will delete the code which has been added to the .htaccess file by this plugin
136	* It will try to find the comment markers "# BEGIN All In One WP Security" and "# END All In One WP Security" and delete contents in between

139	{
140	//TODO
141	$htaccess = ABSPATH . '.htaccess';
142	+
143	+ @ini_set('auto_detect_line_endings', true);
144	+ if (!file_exists($htaccess)) {

145	$ht = @fopen($htaccess, 'a+');
146	@fclose($ht);
147	+ }
148	$ht_contents = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array
149	+ if ($ht_contents) { //as long as there are lines in the file

150	$state = true;
151	+ if (!$f = @fopen($htaccess, 'w+')) {
152	+ @chmod($htaccess, 0644);
153	+ if (!$f = @fopen($htaccess, 'w+')) {


154	return -1;
155	}
156	}
157	+
158	+ foreach ($ht_contents as $n => $markerline) { //for each line in the file
159	+ if (strpos($markerline, '# BEGIN ' . $section) !== false) { //if we're at the beginning of the section


160	$state = false;
161	}
162	+ if ($state == true) { //as long as we're not in the section keep writing

163	fwrite($f, trim($markerline) . PHP_EOL);
164	+ }
165	+ if (strpos($markerline, '# END ' . $section) !== false) { //see if we're at the end of the section

166	$state = true;
167	}
168	}

171	}
172	return 1;
173	}
174	+
175	static function getrules()
176	{
177	$rules = "";

195
196	//Add more functions for features as needed
197	//$rules .= AIOWPSecurity_Utility_Htaccess::getrules_somefeature();
198	+
199	//Add outer markers if we have rules
200	+ if ($rules != '') {

201	$rules = "# BEGIN All In One WP Security" . PHP_EOL . $rules . "# END All In One WP Security" . PHP_EOL;
202	+ }
203	+
204	return $rules;
205	}
206	+
207	/*
208	* This function will write rules to prevent people from accessing the following files:
209	* readme.html, license.txt and wp-config-sample.php.
210	+ */
211	static function getrules_block_wp_file_access()
212	{
213	global $aio_wp_security;
214	$rules = '';
215	+ if ($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access') == '1') {

216	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_start . PHP_EOL; //Add feature marker start
217	$rules .= '<Files license.txt>
218	order allow,deny

228	</Files>' . PHP_EOL;
229	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_end . PHP_EOL; //Add feature marker end
230	}
231	+
232	+ return $rules;
233	}
234
235	static function getrules_blacklist()
236	{
237	global $aio_wp_security;
238	+ $aiowps_server = AIOWPSecurity_Utility::get_server_type();
239	$rules = '';
240	+ if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {

241	//Let's do the list of blacklisted IPs first
242	$hosts = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
243	+ if (!empty($hosts) && !(sizeof($hosts) == 1 && trim($hosts[0]) == '')) {
244	+ if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed') {


245	$rules .= AIOWPSecurity_Utility_Htaccess::$ip_blacklist_marker_start . PHP_EOL; //Add feature marker start
246	$rules .= "Order allow,deny" . PHP_EOL .
247	+ "Allow from all" . PHP_EOL;
248	}
249	$phosts = array();
250	+ foreach ($hosts as $host) {

251	$host = trim($host);
252	+ if (!in_array($host, $phosts)) {
253	+ if (strstr($host, '*')) {
254	+ $parts = array_reverse(explode('.', $host));


255	$netmask = 32;
256	+ foreach ($parts as $part) {
257	+ if (strstr(trim($part), '*')) {


258	$netmask = $netmask - 8;
259	+
260	}
261	}
262	+ $dhost = trim(str_replace('*', '0', implode('.', array_reverse($parts))) . '/' . $netmask);
263	+ if (strlen($dhost) > 4) {
264	+ if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed') {


265	$trule = "Deny from " . $dhost . PHP_EOL;
266	+ if (trim($trule) != 'Deny From') {

267	$rules .= $trule;
268	}
269	+ } else {


270	$rules .= "\tdeny " . $dhost . ';' . PHP_EOL;
271	+ }
272	}
273	+ } else {
274	+ $dhost = trim($host);
275	+ if (strlen($dhost) > 4) {
276	+ if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed') {




277	$rules .= "Deny from " . $dhost . PHP_EOL;
278	+ } else {
279	+ $rules .= "\tdeny " . $dhost . ";" . PHP_EOL;
280	+ }


281	}
282	}
283	}

287	}
288	//Now let's do the user agent list
289	$user_agents = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_user_agents'));
290	+ if (!empty($user_agents) && !(sizeof($user_agents) == 1 && trim($user_agents[0]) == '')) {
291	+ if ($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed') {


292	$rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_start . PHP_EOL; //Add feature marker start
293	//Start mod_rewrite rules
294	$rules .= "<IfModule mod_rewrite.c>" . PHP_EOL . "RewriteEngine On" . PHP_EOL . PHP_EOL;
295	$count = 1;
296	+ foreach ($user_agents as $agent) {

297	$agent_escaped = quotemeta($agent);
298	$pattern = '/\s/'; //Find spaces in the string
299	$replacement = '\s'; //Replace spaces with \s so apache can understand
300	$agent_sanitized = preg_replace($pattern, $replacement, $agent_escaped);
301	+
302	+ $rules .= "RewriteCond %{HTTP_USER_AGENT} ^" . trim($agent_sanitized);
303	+ if ($count < sizeof($user_agents)) {

304	$rules .= " [NC,OR]" . PHP_EOL;
305	$count++;
306	+ } else {


307	$rules .= " [NC]" . PHP_EOL;
308	+ }
309	+
310	}
311	$rules .= "RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
312	+ } else {


313	$count = 1;
314	$alist = '';
315	+ foreach ($user_agents as $agent) {
316	+ $alist .= trim($agent);
317	+ if ($count < sizeof($user_agents)) {


318	$alist .= '\|';
319	$count++;
320	+ }
321	}
322	$rules .= "\tif (\$http_user_agent ~* " . $alist . ") { return 403; }" . PHP_EOL;
323	}
324	}
325	+
326	//close mod_rewrite
327	+ if (strlen($aio_wp_security->configs->get_value('aiowps_banned_user_agents')) > 0) {
328	+ if (($aiowps_server == 'apache' \|\| $aiowps_server == 'litespeed')) {


329	$rules .= "</IfModule>" . PHP_EOL;
330	$rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_end . PHP_EOL; //Add feature marker end
331	}
332	}
333	}
334	+
335	+ return implode(PHP_EOL, array_diff(explode(PHP_EOL, $rules), array('Deny from ', 'Deny from')));
336	}
337	+
338	/*
339	* TODO - info
340	+ */
341	static function getrules_basic_htaccess()
342	{
343	global $aio_wp_security;
344	+
345	$rules = '';
346	+ if ($aio_wp_security->configs->get_value('aiowps_enable_basic_firewall') == '1') {

347	$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
348	//protect the htaccess file - this is done by default with apache config file but we are including it here for good measure
349	$rules .= '<Files .htaccess>' . PHP_EOL;

353
354	//disable the server signature
355	$rules .= 'ServerSignature Off' . PHP_EOL;
356	+
357	//limit file uploads to 10mb
358	$rules .= 'LimitRequestBody 10240000' . PHP_EOL;
359	+
360	// protect wpconfig.php.
361	$rules .= '<Files wp-config.php>' . PHP_EOL;
362	$rules .= 'order allow,deny' . PHP_EOL;
363	$rules .= 'deny from all' . PHP_EOL;
364	$rules .= '</Files>' . PHP_EOL;
365	+
366	$rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
367	}
368	+ return $rules;
369	}
370	+
371	static function getrules_pingback_htaccess()
372	{
373	global $aio_wp_security;
374	+
375	$rules = '';
376	+ if ($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall') == '1') {

377	$rules .= AIOWPSecurity_Utility_Htaccess::$pingback_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
378	$rules .= '<Files xmlrpc.php>' . PHP_EOL;
379	$rules .= 'order deny,allow' . PHP_EOL;
380	$rules .= 'deny from all' . PHP_EOL;
381	$rules .= '</Files>' . PHP_EOL;
382	+
383	$rules .= AIOWPSecurity_Utility_Htaccess::$pingback_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
384	}
385	+ return $rules;
386	}
387
388	static function getrules_block_debug_log_access_htaccess()
389	{
390	global $aio_wp_security;
391	+
392	$rules = '';
393	+ if ($aio_wp_security->configs->get_value('aiowps_block_debug_log_file_access') == '1') {

394	$rules .= AIOWPSecurity_Utility_Htaccess::$debug_log_block_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
395	$rules .= '<Files debug.log>' . PHP_EOL;
396	$rules .= 'order deny,allow' . PHP_EOL;

398	$rules .= '</Files>' . PHP_EOL;
399	$rules .= AIOWPSecurity_Utility_Htaccess::$debug_log_block_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
400	}
401	+ return $rules;
402	}
403	+
404	/*
405	* This function will write some drectives to block all people who do not have a cookie
406	* when trying to access the WP login page
407	*/
408	+ static function getrules_enable_brute_force_prevention()
409	{
410	global $aio_wp_security;
411	$rules = '';
412	+ if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1') {

413	$cookie_name = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
414	$test_cookie_name = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
415	$redirect_url = $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url');
416	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_start . PHP_EOL; //Add feature marker start
417	$rules .= 'RewriteEngine On' . PHP_EOL;
418	+ $rules .= 'RewriteCond %{REQUEST_URI} (wp-admin\|wp-login)' . PHP_EOL;// If URI contains wp-admin or wp-login
419	+ if ($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception') == '1') {

420	$rules .= 'RewriteCond %{REQUEST_URI} !(wp-admin/admin-ajax.php)' . PHP_EOL; // To allow ajax requests through
421	}
422	+ if ($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception') == '1') {

423	$rules .= 'RewriteCond %{QUERY_STRING} !(action\=postpass)' . PHP_EOL; // Possible workaround for people usign the password protected page/post feature
424	}
425	+ $rules .= 'RewriteCond %{HTTP_COOKIE} !' . $cookie_name . '= [NC]' . PHP_EOL;
426	+ $rules .= 'RewriteCond %{HTTP_COOKIE} !' . $test_cookie_name . '= [NC]' . PHP_EOL;
427	+ $rules .= 'RewriteRule .* ' . $redirect_url . ' [L]' . PHP_EOL;
428	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_brute_force_attack_prevention_marker_end . PHP_EOL; //Add feature marker end
429	}
430	+
431	+ return $rules;
432	}
433
434

438	* 1) If the rename login feature is being used: for this scenario instead of protecting wp-login.php we must protect the special page slug
439	* 2) If the rename login feature is being used AND non permalink URL structure: for this case need to use mod_rewrite because we must check QUERY_STRING
440	*/
441	+ static function getrules_enable_login_whitelist()
442	{
443	global $aio_wp_security;
444	$rules = '';
445	+
446	+ if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {

447	$site_url = AIOWPSEC_WP_URL;
448	$parse_url = parse_url($site_url);
449	$hostname = $parse_url['host'];

451	$special_case = false;
452	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_start . PHP_EOL; //Add feature marker start
453	//If the rename login page feature is active, we will need to adjust the directives
454	+ if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
455	$secret_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
456	+ if (!get_option('permalink_structure')) {
457	//standard url structure is being used - ie, non permalinks
458	$special_case = true;
459	$rules .= '<IfModule mod_rewrite.c>' . PHP_EOL;
460	$rules .= 'RewriteEngine on' . PHP_EOL;
461	+ $rules .= 'RewriteCond %{QUERY_STRING} ^' . $secret_slug . '$' . PHP_EOL;
462	+ $rules .= 'RewriteCond %{REMOTE_ADDR} !^' . preg_quote($host_ip) . '[OR]' . PHP_EOL;
463	+ } else {
464	$slug = preg_quote($secret_slug); //escape any applicable chars
465	+ $rules .= '<FilesMatch "^(' . $slug . ')">' . PHP_EOL;
466	}
467	+ } else {
468	$rules .= '<FilesMatch "^(wp-login\.php)">' . PHP_EOL;
469	}
470	+ if (!$special_case) {
471	+ $rules .= 'Order Allow,Deny' . PHP_EOL;
472	+ $rules .= 'Allow from ' . $hostname . PHP_EOL;
473	+ $rules .= 'Allow from ' . $host_ip . PHP_EOL;
474	}
475	+
476	//Let's get list of whitelisted IPs
477	$hosts = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'));
478	+ if (!empty($hosts) && !(sizeof($hosts) == 1 && trim($hosts[0]) == '')) {

479	$phosts = array();
480	$num_hosts = count($hosts);
481	$i = 0;
482	+ foreach ($hosts as $host) {

483	$host = trim($host);
484	+ $or_string = ($i == $num_hosts - 1) ? '' : '[OR]'; //Add an [OR] clause for all except the last condition
485
486	+ if (!in_array($host, $phosts)) {
487	+ if (strstr($host, '*')) {
488	+ $parts = array_reverse(explode('.', $host));


489	$netmask = 32;
490	+ foreach ($parts as $part) {
491	+ if (strstr(trim($part), '*')) {


492	$netmask = $netmask - 8;
493	+
494	}
495	}
496	+ //***Bug Fix ****
497	+ //Seems that netmask does not work when using the following type of directive, ie,
498	+ //RewriteCond %{REMOTE_ADDR} !^203\.87\.121\.0/24
499	+
500	+ //The following works:
501	+ //RewriteCond %{REMOTE_ADDR} !^203\.87\.121\.
502	+
503	+ if($special_case){
504	+ $dhost = trim(str_replace('*', '', implode('.', array_reverse($parts)),$count));
505	+ if($count > 1){
506	+ //means that we will have consecutive periods in the string and we must remove all except one - eg: 45.12..
507	+ $dhost = rtrim($dhost, '.');
508	+ $dhost = $dhost . '.';
509	+ }
510	+ }else{
511	+ $dhost = trim( str_replace('*', '0', implode( '.', array_reverse( $parts ) ) ) . '/' . $netmask );
512	+ }
513	+ if (strlen($dhost) > 4) {
514	+ if ($special_case) {
515	$dhost = preg_quote($dhost); //escape any applicable chars
516	+ $trule = 'RewriteCond %{REMOTE_ADDR} !^' . $dhost . $or_string . PHP_EOL;
517	+ if (trim($trule) != 'RewriteCond %{REMOTE_ADDR}!=') {

518	$rules .= $trule;
519	}
520	+ } else {
521	$trule = 'Allow from ' . $dhost . PHP_EOL;
522	+ if (trim($trule) != 'Allow from') {

523	$rules .= $trule;
524	}
525	}
526	}
527	+ } else {
528	+ $dhost = trim($host);
529	+ //ipv6 - for now we will support only whole ipv6 addresses, NOT ranges
530	+ if (strpos($dhost, ':') !== false) {
531	+ //possible ipv6 addr
532	+ $res = WP_Http::is_ip_address($dhost);
533	+ if (FALSE === $res) {
534	+ continue;
535	+ }
536	+ }
537	+ if (strlen($dhost) > 4 \|\| $res == '6') {
538	+ if ($special_case) {
539	$dhost = preg_quote($dhost); //escape any applicable chars
540	+ $rules .= 'RewriteCond %{REMOTE_ADDR} !^' . $dhost . $or_string . PHP_EOL;
541	+ } else {
542	$rules .= 'Allow from ' . $dhost . PHP_EOL;
543	}
544	+
545	}
546	}
547	}

549	$i++;
550	}
551	}
552	+
553	+ if ($special_case) {
554	$rules .= 'RewriteRule .* http://127.0.0.1 [L]' . PHP_EOL;
555	$rules .= '</IfModule>' . PHP_EOL;
556	+ } else {
557	$rules .= '</FilesMatch>' . PHP_EOL;
558	}
559	$rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_end . PHP_EOL; //Add feature marker end
560	}
561	+
562	+ return $rules;
563	}
564
565	/*

567	* site’s root .htaccess file.
568	* NOTE: AllowOverride must be enabled in the httpd.conf file for this to work!
569	*/
570	+ static function getrules_disable_index_views()
571	{
572	global $aio_wp_security;
573	$rules = '';
574	+ if ($aio_wp_security->configs->get_value('aiowps_disable_index_views') == '1') {

575	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_index_views_marker_start . PHP_EOL; //Add feature marker start
576	$rules .= 'Options -Indexes' . PHP_EOL;
577	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_index_views_marker_end . PHP_EOL; //Add feature marker end
578	}
579	+
580	+ return $rules;
581	}
582
583	/*

585	* HTTP Trace attack (XST) can be used to return header requests
586	* and grab cookies and other information and is used along with
587	* a cross site scripting attacks (XSS)
588	+ */
589	static function getrules_disable_trace_and_track()
590	{
591	global $aio_wp_security;
592	$rules = '';
593	+ if ($aio_wp_security->configs->get_value('aiowps_disable_trace_and_track') == '1') {

594	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_trace_track_marker_start . PHP_EOL; //Add feature marker start
595	$rules .= 'RewriteEngine On' . PHP_EOL;
596	$rules .= 'RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK)' . PHP_EOL;
597	$rules .= 'RewriteRule .* - [F]' . PHP_EOL;
598	$rules .= AIOWPSecurity_Utility_Htaccess::$disable_trace_track_marker_end . PHP_EOL; //Add feature marker end
599	}
600	+
601	+ return $rules;
602	}
603
604	/*
605	* This function will write rules to prevent proxy comment posting.
606	* This will deny any requests that use a proxy server when posting
607	+ * to comments eliminating some spam and proxy requests.
608	+ * Thanks go to the helpful info and suggestions from perishablepress.com and Thomas O. (https://wordpress.org/support/topic/high-server-cpu-with-proxy-login)
609	+ */
610	static function getrules_forbid_proxy_comment_posting()
611	{
612	global $aio_wp_security;
613	$rules = '';
614	+ if ($aio_wp_security->configs->get_value('aiowps_forbid_proxy_comments') == '1') {

615	$rules .= AIOWPSecurity_Utility_Htaccess::$forbid_proxy_comments_marker_start . PHP_EOL; //Add feature marker start
616	+ $rules .= 'RewriteCond %{REQUEST_METHOD} ^POST' . PHP_EOL;
617	+ $rules .= 'RewriteCond %{HTTP:VIA} !^$ [OR]' . PHP_EOL;
618	+ $rules .= 'RewriteCond %{HTTP:FORWARDED} !^$ [OR]' . PHP_EOL;
619	+ $rules .= 'RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]' . PHP_EOL;
620	+ $rules .= 'RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]' . PHP_EOL;
621	+ $rules .= 'RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR]' . PHP_EOL;
622	+ $rules .= 'RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]' . PHP_EOL;
623	+ $rules .= 'RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]' . PHP_EOL;
624	+ $rules .= 'RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]' . PHP_EOL;
625	+ $rules .= 'RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$' . PHP_EOL;
626	+ $rules .= 'RewriteRule wp-comments-post\.php - [F]' . PHP_EOL;
627	$rules .= AIOWPSecurity_Utility_Htaccess::$forbid_proxy_comments_marker_end . PHP_EOL; //Add feature marker end
628	}
629	+
630	+ return $rules;
631	}
632
633	/*

640	{
641	global $aio_wp_security;
642	$rules = '';
643	+ if ($aio_wp_security->configs->get_value('aiowps_deny_bad_query_strings') == '1') {

644	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_start . PHP_EOL; //Add feature marker start
645	//$rules .= 'RewriteCond %{QUERY_STRING} ../ [NC,OR]' . PHP_EOL;
646	//$rules .= 'RewriteCond %{QUERY_STRING} boot.ini [NC,OR]' . PHP_EOL;

657	$rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
658	$rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_end . PHP_EOL; //Add feature marker end
659	}
660	+
661	+ return $rules;
662	}
663
664	/*

677	//RedirectMatch 403 include.
678
679


680	static function getrules_advanced_character_string_filter()
681	{
682	global $aio_wp_security;
683	$rules = '';
684	+ if ($aio_wp_security->configs->get_value('aiowps_advanced_char_string_filter') == '1') {

685	$rules .= AIOWPSecurity_Utility_Htaccess::$advanced_char_string_filter_marker_start . PHP_EOL; //Add feature marker start
686	+
687	$rules .= '<IfModule mod_alias.c>
688	RedirectMatch 403 \,
689	RedirectMatch 403 \:

767	</IfModule>' . PHP_EOL;
768	$rules .= AIOWPSecurity_Utility_Htaccess::$advanced_char_string_filter_marker_end . PHP_EOL; //Add feature marker end
769	}
770	+
771	+ return $rules;
772	}
773
774	/*

781	{
782	global $aio_wp_security;
783	$rules = '';
784	+ if ($aio_wp_security->configs->get_value('aiowps_enable_5g_firewall') == '1') {

785	$rules .= AIOWPSecurity_Utility_Htaccess::$five_g_blacklist_marker_start . PHP_EOL; //Add feature marker start
786	+
787	$rules .= '# 5G BLACKLIST/FIREWALL (2013)
788	# @ http://perishablepress.com/5g-blacklist-2013/
789

846	</IfModule>' . PHP_EOL;
847	$rules .= AIOWPSecurity_Utility_Htaccess::$five_g_blacklist_marker_end . PHP_EOL; //Add feature marker end
848	}
849	+
850	+ return $rules;
851	}
852	+
853	/*
854	* This function will write some directives to block all comments which do not originate from the blog's domain
855	* OR if the user agent is empty. All blocked requests will be redirected to 127.0.0.1
856	*/
857	+ static function getrules_block_spambots()
858	{
859	global $aio_wp_security;
860	$rules = '';
861	+ if ($aio_wp_security->configs->get_value('aiowps_enable_spambot_blocking') == '1') {

862	$url_string = AIOWPSecurity_Utility_Htaccess::return_regularized_url(AIOWPSEC_WP_URL);
863	+ if ($url_string == FALSE) {
864	$url_string = AIOWPSEC_WP_URL;
865	}
866	$rules .= AIOWPSecurity_Utility_Htaccess::$block_spambots_marker_start . PHP_EOL; //Add feature marker start
867	$rules .= '<IfModule mod_rewrite.c>
868	RewriteCond %{REQUEST_METHOD} POST
869	RewriteCond %{REQUEST_URI} ^(.)?wp-comments-post\.php(.)$' . PHP_EOL;
870	+ $rules .= ' RewriteCond %{HTTP_REFERER} !^' . $url_string . ' [NC,OR]' . PHP_EOL;
871	$rules .= ' RewriteCond %{HTTP_USER_AGENT} ^$
872	RewriteRule .* http://127.0.0.1 [L]
873	</IfModule>' . PHP_EOL;
874	$rules .= AIOWPSecurity_Utility_Htaccess::$block_spambots_marker_end . PHP_EOL; //Add feature marker end
875	}
876	+
877	+ return $rules;
878	}
879	+
880	/*
881	* This function will write some directives to prevent image hotlinking
882	*/
883	+ static function prevent_image_hotlinks()
884	{
885	global $aio_wp_security;
886	$rules = '';
887	+ if ($aio_wp_security->configs->get_value('aiowps_prevent_hotlinking') == '1') {

888	$url_string = AIOWPSecurity_Utility_Htaccess::return_regularized_url(AIOWPSEC_WP_URL);
889	+ if ($url_string == FALSE) {
890	$url_string = AIOWPSEC_WP_URL;
891	}
892	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_image_hotlinks_marker_start . PHP_EOL; //Add feature marker start

895	RewriteCond %{HTTP_REFERER} !^$' . PHP_EOL;
896	$rules .= ' RewriteCond %{REQUEST_FILENAME} -f' . PHP_EOL;
897	$rules .= ' RewriteCond %{REQUEST_FILENAME} \.(gif\|jpe?g?\|png)$ [NC]' . PHP_EOL;
898	+ $rules .= ' RewriteCond %{HTTP_REFERER} !^' . $url_string . ' [NC]' . PHP_EOL;
899	$rules .= ' RewriteRule \.(gif\|jpe?g?\|png)$ - [F,NC,L]
900	</IfModule>' . PHP_EOL;
901	$rules .= AIOWPSecurity_Utility_Htaccess::$prevent_image_hotlinks_marker_end . PHP_EOL; //Add feature marker end
902	}
903	+
904	+ return $rules;
905	}
906
907	/**

912	{
913	global $aio_wp_security;
914	$rules = '';
915	+ if ($aio_wp_security->configs->get_value('aiowps_enable_custom_rules') == '1') {

916	$custom_rules = $aio_wp_security->configs->get_value('aiowps_custom_rules');
917	$rules .= AIOWPSecurity_Utility_Htaccess::$custom_rules_marker_start . PHP_EOL; //Add feature marker start
918	$rules .= $custom_rules . PHP_EOL;

929	* If it finds the tag it will deem the file as being .htaccess specific.
930	* This was written to supplement the .htaccess restore functionality
931	*/
932	+
933	static function check_if_htaccess_contents($file)
934	{
935	$is_htaccess = false;
936	$file_contents = file_get_contents($file);
937	+ if ($file_contents === FALSE \|\| strlen($file_contents) == 0) {

938	return -1;
939	}
940
941	+ if ((strpos($file_contents, '# BEGIN WordPress') !== false) \|\| (strpos($file_contents, '# BEGIN') !== false)) {

942	$is_htaccess = true; //It appears that we have some sort of .htacces file
943	+ } else {


944	//see if we're at the end of the section
945	$is_htaccess = false;
946	}
947
948	+ if ($is_htaccess) {

949	return 1;
950	+ } else {


951	return -1;
952	}
953	}
954	+
955	/*
956	* This function will take a URL string and convert it to a form useful for using in htaccess rules.
957	* Example: If URL passed to function = "http://www.mysite.com"

960
961	static function return_regularized_url($url)
962	{
963	+ if (filter_var($url, FILTER_VALIDATE_URL)) {
964	$xyz = explode('.', $url);
965	$y = '';
966	+ if (count($xyz) > 1) {
967	$j = 1;
968	+ foreach ($xyz as $x) {
969	+ if (strpos($x, 'www') !== false) {
970	$y .= str_replace('www', '(.*)?', $x);
971	+ } else if ($j == 1) {
972	$y .= $x;
973	+ } else if ($j > 1) {
974	+ $y .= '\.' . $x;
975	}
976	$j++;
977	}
978	//Now replace the "http" with "http(s)?" to cover both secure and non-secure
979	+ if (strpos($y, 'http') !== false) {
980	$y = str_replace('http', 'http(s)?', $y);
981	}
982	return $y;
983	+ } else {
984	return $url;
985	}
986	+ } else {
987	return FALSE;
988	}
989	}

classes/wp-security-utility-ip-address.php CHANGED Viewed

@@ -65,6 +65,18 @@ class AIOWPSecurity_Utility_IP
                             $item = filter_var($item, FILTER_SANITIZE_STRING);
                             if (strlen( $item ) > 0)
+                            {
                                 $ipParts = explode('.', $item);
                                 $isIP = 0;
                                 $partcount = 1;


65	$item = filter_var($item, FILTER_SANITIZE_STRING);
66	if (strlen( $item ) > 0)
67	{
68	+ //ipv6 - for now we will support only whole ipv6 addresses, NOT ranges
69	+ if(strpos($item, ':') !== false){
70	+ //possible ipv6 addr
71	+ $res = WP_Http::is_ip_address($item);
72	+ if(FALSE === $res){
73	+ $errors .= '<p>'.$item.__(' is not a valid ip address format.', 'all-in-one-wp-security-and-firewall').'</p>';
74	+ }else if($res == '6'){
75	+ $list[] = trim($item);
76	+ }
77	+ continue;
78	+ }
79	+
80	$ipParts = explode('.', $item);
81	$isIP = 0;
82	$partcount = 1;

classes/wp-security-utility.php CHANGED Viewed

	@@ -70,17 +70,26 @@ class AIOWPSecurity_Utility
70	}
71
72	//check users table
73	- ~~//$user =~~ $~~wpdb->get_var(~~ ~~"SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login~~='" . sanitize_text_field( $username ) ~~. "'~~;~~" );~~
74	- $sql_1 = $wpdb->prepare("SELECT user_login FROM $wpdb->users WHERE user_login=%s", ~~sanitize_text_field(~~ $~~username~~ ));
75	- $~~user~~ = $wpdb->get_var( $sql_1 );
76	- ~~$sql_2~~ ~~= $wpdb->prepare~~(~~"SELECT~~ ~~ID FROM~~ $~~wpdb->users~~ ~~WHERE~~ ~~ID=%s", sanitize_text_field(~~ $~~username~~ ));
77	- $~~userid~~ = ~~$wpdb->get_var( $sql_2 )~~;
78	-
79	- if ( $user == $username \|\| $userid == $username ) {
80	- return true;
81	- } else {
82	- return false;
83	}














84	}
85
86	/*
	@@ -100,7 +109,7 @@ class AIOWPSecurity_Utility
100	} else {
101	$url .= '&';
102	}
103	- $url .= $name . '='. $value;
104	return $url;
105	}
106
	@@ -222,7 +231,7 @@ class AIOWPSecurity_Utility
222	//Make a backup of the config file
223	if(!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file))
224	{
225	- ~~$this->show_msg_error~~(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall'));
226	//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
227	return false;
228	}
	@@ -348,7 +357,7 @@ class AIOWPSecurity_Utility
348
349	//log to database
350	$result = $wpdb->insert($events_table_name, $data);
351	- if ($result == FALSE)
352	{
353	$aio_wp_security->debug_logger->log_debug("event_logger: Error inserting record into ".$events_table_name,4);//Log the highly unlikely event of DB error
354	}


70	}
71
72	//check users table
73	+ $sanitized_username = sanitize_text_field( $username );
74	+ $sql_1 = $wpdb->prepare( "SELECT user_login FROM $wpdb->users WHERE user_login=%s", $sanitized_username );
75	+ $user_login = $wpdb->get_var( $sql_1 );
76	+ if ( $user_login == $sanitized_username ) {
77	+ $users_table_value_exists = true;





78	}
79	+ else {
80	+ //make sure that the sanitized username is an integer before comparing it to the users table's ID column
81	+ $sanitized_username_is_an_integer = ( 1 === preg_match( '/^\d+$/', $sanitized_username ) ) ? true : false;
82	+ if ( $sanitized_username_is_an_integer ) {
83	+ $sql_2 = $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE ID=%d", intval($sanitized_username) );
84	+ $userid = $wpdb->get_var( $sql_2 );
85	+ $users_table_value_exists = ( $userid == $sanitized_username ) ? true : false;
86	+ }
87	+ else {
88	+ $users_table_value_exists = false;
89	+ }
90	+ }
91	+ return $users_table_value_exists;
92	+
93	}
94
95	/*

109	} else {
110	$url .= '&';
111	}
112	+ $url .= $name . '='. urlencode($value);
113	return $url;
114	}
115

231	//Make a backup of the config file
232	if(!AIOWPSecurity_Utility_File::backup_and_rename_wp_config($config_file))
233	{
234	+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Failed to make a backup of the wp-config.php file. This operation will not go ahead.', 'all-in-one-wp-security-and-firewall'));
235	//$aio_wp_security->debug_logger->log_debug("Disable PHP File Edit - Failed to make a backup of the wp-config.php file.",4);
236	return false;
237	}

357
358	//log to database
359	$result = $wpdb->insert($events_table_name, $data);
360	+ if ($result === FALSE)
361	{
362	$aio_wp_security->debug_logger->log_debug("event_logger: Error inserting record into ".$events_table_name,4);//Log the highly unlikely event of DB error
363	}

lib/whois/whois.gtld.php CHANGED Viewed

	@@ -54,7 +54,7 @@ class gtld_handler extends WhoisClient
54	function parse($data, $query)
55	{
56	$this->Query = array();
57	- $this->SUBVERSION = sprintf('%s-%s', $query['handler'], $this->HANDLER_VERSION);
58	$this->result = generic_parser_b($data['rawdata'], $this->REG_FIELDS, 'dmy');
59
60	unset($this->result['registered']);


54	function parse($data, $query)
55	{
56	$this->Query = array();
57	+ //$this->SUBVERSION = sprintf('%s-%s', $query['handler'], $this->HANDLER_VERSION);
58	$this->result = generic_parser_b($data['rawdata'], $this->REG_FIELDS, 'dmy');
59
60	unset($this->result['registered']);

other-includes/wp-security-stop-users-enumeration.php ADDED Viewed

	@@ -0,0 +1,46 @@


1	+ <?php
2	+
3	+ /*
4	+ Merged by Davide Giunchi, from plugin "Stop User Enumeration" url "http://locally.uk/wordpress-plugins/stop-user-enumeration/" by "Locally Digital Ltd"
5	+ */
6	+
7	+ /*
8	+ This program is free software; you can redistribute it and/or
9	+ modify it under the terms of the GNU General Public License
10	+ as published by the Free Software Foundation; either version 2
11	+ of the License, or (at your option) any later version.
12	+
13	+ This program is distributed in the hope that it will be useful,
14	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
15	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	+ GNU General Public License for more details.
17	+
18	+ You should have received a copy of the GNU General Public License
19	+ along with this program; if not, write to the Free Software
20	+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21	+ */
22	+
23	+ if (!is_admin()) {
24	+ if (!is_admin()) {
25	+ if (preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0) {
26	+ if (!empty($_POST['author'])) {
27	+ wp_die('Accessing author info via link is forbidden');
28	+ }
29	+ }
30	+
31	+ if (preg_match('/author=([0-9]*)/', $_SERVER['QUERY_STRING']) === 1)
32	+ wp_die('Accessing author info via link is forbidden');
33	+
34	+ add_filter('redirect_canonical', 'll_detect_enumeration', 10, 2);
35	+ }
36	+ }
37	+
38	+ add_filter('redirect_canonical', 'll_detect_enumeration', 10, 2);
39	+
40	+ function ll_detect_enumeration($redirect_url, $requested_url) {
41	+ if (preg_match('/\?author(%00[0%])?=([0-9])(\/*)/', $requested_url) === 1 \| isset($_POST['author'])) {
42	+ wp_die('Accessing author info via link is forbidden');
43	+ } else {
44	+ return $redirect_url;
45	+ }
46	+ }

readme.txt CHANGED Viewed

	@@ -1,10 +1,10 @@
1	=== All In One WP Security & Firewall ===
2	- Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin, mbrsolution, samuelaguilera
3	Donate link: https://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
5	Requires at least: 3.5
6	- Tested up to: 4.~~3.1~~
7	- Stable tag: 4.0.1
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -37,6 +37,7 @@ Below is a list of the security and firewall features offered in this plugin:
37	* The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account's where display name is identical to login name is bad security practice because
38	you are making it 50% easier for hackers because they already know the login name.
39	* Password strength tool to allow you to create very strong passwords.

40
41	= User Login Security =
42	* Protect against "Brute Force Login Attack" with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified
	@@ -179,9 +180,28 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
179	None
180
181	== Changelog ==

















182	= 4.0.1 =
183	- Renamed the language files to match the new textdomain slug to fix the language translation bug.
184	- Fixed bug related to the rename login feature and force logout or logout expiry events.


185
186	= 4.0.0 =
187	- Updated text domain to match expected value for translate.wordpress.org translation system.


1	=== All In One WP Security & Firewall ===
2	+ Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin, mbrsolution, gdavide, samuelaguilera
3	Donate link: https://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
5	Requires at least: 3.5
6	+ Tested up to: 4.4
7	+ Stable tag: 4.0.3
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

37	* The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account's where display name is identical to login name is bad security practice because
38	you are making it 50% easier for hackers because they already know the login name.
39	* Password strength tool to allow you to create very strong passwords.
40	+ * Stop user enumeration. So users/bots cannot discover user info via author permalink.
41
42	= User Login Security =
43	* Protect against "Brute Force Login Attack" with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified

180	None
181
182	== Changelog ==
183	+
184	+ = 4.0.3 =
185	+ - Added urlencode to query strings in URLs to prevent unexpected behaviour. Thanks to @chesio for spotting the issue.
186	+ - Added new feature to stop users enumeration. Thanks to @davidegiunchidiennea for adding this.
187	+ - Added a more robust code for check_user_exists function. Thanks to Christian Carey.
188	+ - Added cron cleanup of the global meta table.
189	+ - Added a title in each of the admin interface menu.
190	+
191	+ = 4.0.2 =
192	+ - Added ability to enable/disable debug from the settings menu.
193	+ - Fixed bug related to using IP ranges in the whitelist settings.
194	+ - Added IPv6 support for the whitelist feature.
195	+ - Added check in file permissions feature for cases where wp-config.php may be located outside of root.
196	+ - Added wp cron DB cleanup events for various tables which may grow large over time.
197	+ - Changed firewall rule for proxy comment prevention to reflect suggestion made by Thomas O. in forum (https://wordpress.org/support/topic/high-server-cpu-with-proxy-login)
198	+ - Fixed CSS styling issue in admin pages for WordPrss 4.4
199	+
200	= 4.0.1 =
201	- Renamed the language files to match the new textdomain slug to fix the language translation bug.
202	- Fixed bug related to the rename login feature and force logout or logout expiry events.
203	+ - Applied fix for log being generated by events table DB insert.
204	+ - Corrected a function call to static version of display error msg.
205
206	= 4.0.0 =
207	- Updated text domain to match expected value for translate.wordpress.org translation system.

wp-security-core.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	- var $version = '4.0.1';
7	var $db_version = '1.6';
8	var $plugin_url;
9	var $plugin_path;


3	if (!class_exists('AIO_WP_Security')){
4
5	class AIO_WP_Security{
6	+ var $version = '4.0.3';
7	var $db_version = '1.6';
8	var $plugin_url;
9	var $plugin_path;

wp-security.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: 4.0.1
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: http://www.tipsandtricks-hq.com/


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: 4.0.3
5	Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: http://www.tipsandtricks-hq.com/

All In One WP Security & Firewall - Version 4.0.3

Version Description

Release Info

Code changes from version 4.0.1 to 4.0.3