Version Description
- Improved and tweaked the login captcha feature to avoid some issues people had with the last modification.
- Deleted reference to ini_get('safe_mode') to avoid fatal errors for newer versions of PHP where that setting has been totally removed.
Download this release
Release Info
| Developer | mra13 |
| Plugin |  All In One WP Security & Firewall |
| Version | 4.1.4 |
| Comparing to | |
| See all releases | |
Code changes from version 4.1.0 to 4.1.4
- admin/wp-security-blacklist-menu.php +4 -1
- admin/wp-security-brute-force-menu.php +5 -3
- admin/wp-security-dashboard-menu.php +0 -9
- admin/wp-security-filescan-menu.php +9 -80
- admin/wp-security-firewall-menu.php +38 -18
- admin/wp-security-spam-menu.php +1 -1
- admin/wp-security-user-accounts-menu.php +3 -3
- classes/wp-security-backup.php +4 -3
- classes/wp-security-blocking.php +2 -1
- classes/wp-security-captcha.php +3 -1
- classes/wp-security-configure-settings.php +7 -4
- classes/wp-security-file-scan.php +119 -122
- classes/wp-security-general-init-tasks.php +50 -5
- classes/wp-security-process-renamed-login-page.php +2 -6
- classes/wp-security-user-login.php +19 -8
- classes/wp-security-user-registration.php +4 -1
- classes/wp-security-utility-file.php +7 -7
- classes/wp-security-utility.php +22 -21
- languages/all-in-one-wp-security-and-firewall-fr_FR.po +1 -1
- other-includes/wp-security-rename-login-feature.php +2 -2
- other-includes/wp-security-stop-users-enumeration.php +3 -36
- readme.txt +28 -2
- wp-security-core.php +1 -1
- wp-security.php +1 -1
admin/wp-security-blacklist-menu.php
CHANGED
|
@@ -173,7 +173,10 @@ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 173 |
<?php wp_nonce_field('aiowpsec-blacklist-settings-nonce'); ?>
|
| 174 |
<div class="aio_orange_box">
|
| 175 |
<p>
|
| 176 |
-
<?php
|
|
|
|
|
|
|
|
|
|
| 177 |
</p>
|
| 178 |
</div>
|
| 179 |
<table class="form-table">
|
| 173 |
<?php wp_nonce_field('aiowpsec-blacklist-settings-nonce'); ?>
|
| 174 |
<div class="aio_orange_box">
|
| 175 |
<p>
|
| 176 |
+
<?php
|
| 177 |
+
$read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">must read this message</a>';
|
| 178 |
+
echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
|
| 179 |
+
?>
|
| 180 |
</p>
|
| 181 |
</div>
|
| 182 |
<table class="form-table">
|
admin/wp-security-brute-force-menu.php
CHANGED
|
@@ -181,9 +181,11 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 181 |
<form action="" method="POST">
|
| 182 |
<?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
|
| 183 |
<div class="aio_orange_box">
|
| 184 |
-
|
| 185 |
-
|
| 186 |
-
</p>
|
|
|
|
|
|
|
| 187 |
</div>
|
| 188 |
<table class="form-table">
|
| 189 |
<tr valign="top">
|
| 181 |
<form action="" method="POST">
|
| 182 |
<?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
|
| 183 |
<div class="aio_orange_box">
|
| 184 |
+
<?php
|
| 185 |
+
$read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">must read this message</a>';
|
| 186 |
+
echo '<p>'.sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link).'</p>';
|
| 187 |
+
echo '<p>'.__("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall").'</p>';
|
| 188 |
+
?>
|
| 189 |
</div>
|
| 190 |
<table class="form-table">
|
| 191 |
<tr valign="top">
|
admin/wp-security-dashboard-menu.php
CHANGED
|
@@ -641,15 +641,6 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 641 |
<strong><?php _e('PHP Max Post Size', 'all-in-one-wp-security-and-firewall'); ?>
|
| 642 |
: </strong><code><?php echo $post_max; ?></code><br/>
|
| 643 |
<?php
|
| 644 |
-
if (ini_get('safe_mode')) {
|
| 645 |
-
$safe_mode = __('On', 'all-in-one-wp-security-and-firewall');
|
| 646 |
-
} else {
|
| 647 |
-
$safe_mode = __('Off', 'all-in-one-wp-security-and-firewall');
|
| 648 |
-
}
|
| 649 |
-
?>
|
| 650 |
-
<strong><?php _e('PHP Safe Mode', 'all-in-one-wp-security-and-firewall'); ?>
|
| 651 |
-
: </strong><code><?php echo $safe_mode; ?></code><br/>
|
| 652 |
-
<?php
|
| 653 |
if (ini_get('allow_url_fopen')) {
|
| 654 |
$allow_url_fopen = __('On', 'all-in-one-wp-security-and-firewall');
|
| 655 |
} else {
|
| 641 |
<strong><?php _e('PHP Max Post Size', 'all-in-one-wp-security-and-firewall'); ?>
|
| 642 |
: </strong><code><?php echo $post_max; ?></code><br/>
|
| 643 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 644 |
if (ini_get('allow_url_fopen')) {
|
| 645 |
$allow_url_fopen = __('On', 'all-in-one-wp-security-and-firewall');
|
| 646 |
} else {
|
admin/wp-security-filescan-menu.php
CHANGED
|
@@ -10,7 +10,6 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 10 |
var $menu_tabs_handler = array(
|
| 11 |
'tab1' => 'render_tab1',
|
| 12 |
'tab2' => 'render_tab2',
|
| 13 |
-
'tab3' => 'render_tab3',
|
| 14 |
);
|
| 15 |
|
| 16 |
function __construct()
|
|
@@ -23,7 +22,6 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 23 |
$this->menu_tabs = array(
|
| 24 |
'tab1' => __('File Change Detection','all-in-one-wp-security-and-firewall'),
|
| 25 |
'tab2' => __('Malware Scan','all-in-one-wp-security-and-firewall'),
|
| 26 |
-
'tab3' => __('DB Scan','all-in-one-wp-security-and-firewall'),
|
| 27 |
);
|
| 28 |
}
|
| 29 |
|
|
@@ -156,26 +154,25 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 156 |
{
|
| 157 |
$reset_scan_data = TRUE;
|
| 158 |
}
|
| 159 |
-
|
| 160 |
}
|
| 161 |
|
| 162 |
-
|
| 163 |
-
$
|
| 164 |
-
$
|
| 165 |
foreach($email_list_array as $key=>$value){
|
| 166 |
$email_sane = sanitize_email($value);
|
| 167 |
if(!is_email($email_sane))
|
| 168 |
{
|
| 169 |
-
$
|
| 170 |
-
|
| 171 |
unset($email_list_array[$key]);
|
| 172 |
}
|
| 173 |
-
|
| 174 |
}
|
| 175 |
$email_address = implode(PHP_EOL, $email_list_array);
|
| 176 |
-
if($
|
| 177 |
{
|
| 178 |
-
$this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall')
|
| 179 |
}
|
| 180 |
|
| 181 |
//Save all the form values to the options
|
|
@@ -366,7 +363,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 366 |
<li>'.__('Automatic Email Alerting','all-in-one-wp-security-and-firewall').'</li>
|
| 367 |
<li>'.__('Site uptime monitoring','all-in-one-wp-security-and-firewall').'</li>
|
| 368 |
<li>'.__('Site response time monitoring','all-in-one-wp-security-and-firewall').'</li>
|
| 369 |
-
<li>'.__('
|
| 370 |
<li>'.__('Blacklist Removal','all-in-one-wp-security-and-firewall').'</li>
|
| 371 |
<li>'.__('No Contract (Cancel Anytime)','all-in-one-wp-security-and-firewall').'</li>
|
| 372 |
</ul>';
|
|
@@ -377,74 +374,6 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 377 |
<?php
|
| 378 |
}
|
| 379 |
|
| 380 |
-
function render_tab3()
|
| 381 |
-
{
|
| 382 |
-
echo '<div class="aio_blue_box">';
|
| 383 |
-
echo '<p>'.__('This feature performs a basic database scan which will look for any common suspicious-looking strings and javascript and html code in some of the Wordpress core tables.', 'all-in-one-wp-security-and-firewall');
|
| 384 |
-
echo '</div>';
|
| 385 |
-
|
| 386 |
-
echo '<div class="aio_yellow_box">';
|
| 387 |
-
echo '<p>This feature can give you false positive result. We have temporarily deactivated this feature to make sure you don\'t lose some data on a false positive. We will re-introduced this feature after we rework it.</p>';
|
| 388 |
-
echo '</div>';
|
| 389 |
-
|
| 390 |
-
return;//This feature is temporarily deactivated while we re-work the interface
|
| 391 |
-
|
| 392 |
-
global $wpdb, $aio_wp_security;
|
| 393 |
-
$perform_db_scan = false;
|
| 394 |
-
if (isset($_POST['aiowps_manual_db_scan']))
|
| 395 |
-
{
|
| 396 |
-
$nonce=$_REQUEST['_wpnonce'];
|
| 397 |
-
if (!wp_verify_nonce($nonce, 'aiowpsec-manual-db-scan-nonce'))
|
| 398 |
-
{
|
| 399 |
-
$aio_wp_security->debug_logger->log_debug("Nonce check failed for manual db scan operation!",4);
|
| 400 |
-
die(__('Nonce check failed for manual db scan operation!','all-in-one-wp-security-and-firewall'));
|
| 401 |
-
}
|
| 402 |
-
|
| 403 |
-
$perform_db_scan = true;
|
| 404 |
-
}
|
| 405 |
-
|
| 406 |
-
|
| 407 |
-
?>
|
| 408 |
-
<div class="aio_blue_box">
|
| 409 |
-
<?php
|
| 410 |
-
$malware_scan = '<a href="admin.php?page='.AIOWPSEC_FILESCAN_MENU_SLUG.'&tab=tab2">Malware Scan</a>';
|
| 411 |
-
echo '<p>'.__('This feature will perform a basic database scan which will look for any common suspicious-looking strings and javascript and html code in some of the Wordpress core tables.', 'all-in-one-wp-security-and-firewall').
|
| 412 |
-
'<br />'.__('If the scan finds anything it will list all "potentially" malicious results but it is up to you to verify whether a result is a genuine example of a hacking attack or a false positive.', 'all-in-one-wp-security-and-firewall').
|
| 413 |
-
'<br />'.__('As well as scanning for generic strings commonly used in malicious cases, this feature will also scan for some of the known "pharma" hack entries and if it finds any it will automatically delete them.', 'all-in-one-wp-security-and-firewall').
|
| 414 |
-
'<br />'.__('The WordPress core tables scanned by this feature include: posts, postmeta, comments, links, users, usermeta, and options tables.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 415 |
-
?>
|
| 416 |
-
</div>
|
| 417 |
-
|
| 418 |
-
<div class="postbox">
|
| 419 |
-
<h3 class="hndle"><label for="title"><?php _e('Database Scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
|
| 420 |
-
<div class="inside">
|
| 421 |
-
<form action="" method="POST">
|
| 422 |
-
<?php wp_nonce_field('aiowpsec-manual-db-scan-nonce'); ?>
|
| 423 |
-
<table class="form-table">
|
| 424 |
-
<tr valign="top">
|
| 425 |
-
<span class="description"><?php _e('To perform a database scan click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
|
| 426 |
-
</tr>
|
| 427 |
-
</table>
|
| 428 |
-
<input type="submit" name="aiowps_manual_db_scan" value="<?php _e('Perform DB Scan', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
|
| 429 |
-
</form>
|
| 430 |
-
</div></div>
|
| 431 |
-
<?php
|
| 432 |
-
if ($perform_db_scan)
|
| 433 |
-
{
|
| 434 |
-
|
| 435 |
-
$result = $aio_wp_security->scan_obj->execute_db_scan();
|
| 436 |
-
echo $result;
|
| 437 |
-
// if ($result == 1)
|
| 438 |
-
// {
|
| 439 |
-
// $error_msg = '<p>'.__('The plugin has detected that there are some potentially suspicious entries in your database.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 440 |
-
// $error_msg .= '<p>'.__('Please verify the results listed below to confirm whether the entries detected are genuinely suspicious or if they are false positives.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 441 |
-
// $this->show_msg_error($error_msg);
|
| 442 |
-
// }else{
|
| 443 |
-
// $this->show_msg_updated(__('The basic database scan was completed and no suspicious entries were detected.', 'all-in-one-wp-security-and-firewall'));
|
| 444 |
-
// }
|
| 445 |
-
}
|
| 446 |
-
}
|
| 447 |
-
|
| 448 |
|
| 449 |
/*
|
| 450 |
* Outputs the last scan results in a postbox
|
| 10 |
var $menu_tabs_handler = array(
|
| 11 |
'tab1' => 'render_tab1',
|
| 12 |
'tab2' => 'render_tab2',
|
|
|
|
| 13 |
);
|
| 14 |
|
| 15 |
function __construct()
|
| 22 |
$this->menu_tabs = array(
|
| 23 |
'tab1' => __('File Change Detection','all-in-one-wp-security-and-firewall'),
|
| 24 |
'tab2' => __('Malware Scan','all-in-one-wp-security-and-firewall'),
|
|
|
|
| 25 |
);
|
| 26 |
}
|
| 27 |
|
| 154 |
{
|
| 155 |
$reset_scan_data = TRUE;
|
| 156 |
}
|
| 157 |
+
|
| 158 |
}
|
| 159 |
|
| 160 |
+
// Explode by end-of-line character, then trim and filter empty lines
|
| 161 |
+
$email_list_array = array_filter(array_map('trim', explode(PHP_EOL, $_POST['aiowps_fcd_scan_email_address'])), 'strlen');
|
| 162 |
+
$errors = array();
|
| 163 |
foreach($email_list_array as $key=>$value){
|
| 164 |
$email_sane = sanitize_email($value);
|
| 165 |
if(!is_email($email_sane))
|
| 166 |
{
|
| 167 |
+
$errors[] = __('The following address was removed because it is not a valid email address: ', 'all-in-one-wp-security-and-firewall')
|
| 168 |
+
. htmlspecialchars($value);
|
| 169 |
unset($email_list_array[$key]);
|
| 170 |
}
|
|
|
|
| 171 |
}
|
| 172 |
$email_address = implode(PHP_EOL, $email_list_array);
|
| 173 |
+
if ( !empty($errors) )
|
| 174 |
{
|
| 175 |
+
$this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall') . '<br/>' . implode('<br />', $errors));
|
| 176 |
}
|
| 177 |
|
| 178 |
//Save all the form values to the options
|
| 363 |
<li>'.__('Automatic Email Alerting','all-in-one-wp-security-and-firewall').'</li>
|
| 364 |
<li>'.__('Site uptime monitoring','all-in-one-wp-security-and-firewall').'</li>
|
| 365 |
<li>'.__('Site response time monitoring','all-in-one-wp-security-and-firewall').'</li>
|
| 366 |
+
<li>'.__('We provide advice for malware cleanup','all-in-one-wp-security-and-firewall').'</li>
|
| 367 |
<li>'.__('Blacklist Removal','all-in-one-wp-security-and-firewall').'</li>
|
| 368 |
<li>'.__('No Contract (Cancel Anytime)','all-in-one-wp-security-and-firewall').'</li>
|
| 369 |
</ul>';
|
| 374 |
<?php
|
| 375 |
}
|
| 376 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 377 |
|
| 378 |
/*
|
| 379 |
* Outputs the last scan results in a postbox
|
admin/wp-security-firewall-menu.php
CHANGED
|
@@ -102,7 +102,8 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 102 |
$aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');
|
| 103 |
}
|
| 104 |
|
| 105 |
-
$aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall',isset($_POST["aiowps_enable_pingback_firewall"])?'1':'');
|
|
|
|
| 106 |
$aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access',isset($_POST["aiowps_block_debug_log_file_access"])?'1':'');
|
| 107 |
|
| 108 |
//Commit the config settings
|
|
@@ -138,19 +139,22 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 138 |
'<br />'.$info_msg.'</p>';
|
| 139 |
?>
|
| 140 |
</div>
|
| 141 |
-
|
| 142 |
-
|
| 143 |
-
|
| 144 |
-
|
| 145 |
-
|
| 146 |
-
<
|
| 147 |
-
|
| 148 |
-
|
| 149 |
-
|
| 150 |
-
</
|
|
|
|
|
|
|
|
|
|
| 151 |
|
| 152 |
-
|
| 153 |
-
|
| 154 |
?>
|
| 155 |
|
| 156 |
<div class="postbox">
|
|
@@ -184,7 +188,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 184 |
</div></div>
|
| 185 |
|
| 186 |
<div class="postbox">
|
| 187 |
-
<h3 class="hndle"><label for="title"><?php _e('WordPress Pingback Vulnerability Protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
|
| 188 |
<div class="inside">
|
| 189 |
<?php
|
| 190 |
//Display security info badge
|
|
@@ -192,20 +196,36 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 192 |
?>
|
| 193 |
<table class="form-table">
|
| 194 |
<tr valign="top">
|
| 195 |
-
<th scope="row"><?php _e('
|
| 196 |
<td>
|
| 197 |
<input name="aiowps_enable_pingback_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
|
| 198 |
-
<span class="description"><?php _e('Check this if you are not using the WP XML-RPC functionality and you want to
|
| 199 |
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
|
| 200 |
<div class="aiowps_more_info_body">
|
| 201 |
<?php
|
| 202 |
-
echo '<p class="description">'.__('This setting will add a directive in your .htaccess to disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality
|
| 203 |
-
echo '<p class="description">'.__('Hackers can exploit various
|
| 204 |
echo '<p class="description">'.__('1) Denial of Service (DoS) attacks', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 205 |
echo '<p class="description">'.__('2) Hacking internal routers.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 206 |
echo '<p class="description">'.__('3) Scanning ports in internal networks to get info from various hosts.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 207 |
echo '<p class="description">'.__('Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 208 |
echo '<p class="description">'.__('NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 209 |
?>
|
| 210 |
</div>
|
| 211 |
</td>
|
| 102 |
$aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');
|
| 103 |
}
|
| 104 |
|
| 105 |
+
$aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall',isset($_POST["aiowps_enable_pingback_firewall"])?'1':''); //this disables all xmlrpc functionality
|
| 106 |
+
$aio_wp_security->configs->set_value('aiowps_disable_xmlrpc_pingback_methods',isset($_POST["aiowps_disable_xmlrpc_pingback_methods"])?'1':''); //this disables only pingback methods of xmlrpc but leaves other methods so that Jetpack and other apps will still work
|
| 107 |
$aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access',isset($_POST["aiowps_block_debug_log_file_access"])?'1':'');
|
| 108 |
|
| 109 |
//Commit the config settings
|
| 139 |
'<br />'.$info_msg.'</p>';
|
| 140 |
?>
|
| 141 |
</div>
|
| 142 |
+
<?php
|
| 143 |
+
//show a warning message if xmlrpc has been completely disabled
|
| 144 |
+
if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1'){
|
| 145 |
+
?>
|
| 146 |
+
<div class="aio_orange_box">
|
| 147 |
+
<p>
|
| 148 |
+
<?php
|
| 149 |
+
echo '<p>'.__('Attention: You have enabled the "Completely Block Access To XMLRPC" checkbox which means all XMLRPC functionality will be blocked.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 150 |
+
echo '<p>'.__('By leaving this feature enabled you will prevent Jetpack or Wordpress iOS or other apps which need XMLRPC from working correctly on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 151 |
+
echo '<p>'.__('If you still need XMLRPC then uncheck the "Completely Block Access To XMLRPC" checkbox and enable only the "Disable Pingback Functionality From XMLRPC" checkbox.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 152 |
+
?>
|
| 153 |
+
</p>
|
| 154 |
+
</div>
|
| 155 |
|
| 156 |
+
<?php
|
| 157 |
+
}
|
| 158 |
?>
|
| 159 |
|
| 160 |
<div class="postbox">
|
| 188 |
</div></div>
|
| 189 |
|
| 190 |
<div class="postbox">
|
| 191 |
+
<h3 class="hndle"><label for="title"><?php _e('WordPress XMLRPC & Pingback Vulnerability Protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
|
| 192 |
<div class="inside">
|
| 193 |
<?php
|
| 194 |
//Display security info badge
|
| 196 |
?>
|
| 197 |
<table class="form-table">
|
| 198 |
<tr valign="top">
|
| 199 |
+
<th scope="row"><?php _e('Completely Block Access To XMLRPC', 'all-in-one-wp-security-and-firewall')?>:</th>
|
| 200 |
<td>
|
| 201 |
<input name="aiowps_enable_pingback_firewall" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall')=='1') echo ' checked="checked"'; ?> value="1"/>
|
| 202 |
+
<span class="description"><?php _e('Check this if you are not using the WP XML-RPC functionality and you want to completely block external access to XMLRPC.', 'all-in-one-wp-security-and-firewall'); ?></span>
|
| 203 |
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
|
| 204 |
<div class="aiowps_more_info_body">
|
| 205 |
<?php
|
| 206 |
+
echo '<p class="description">'.__('This setting will add a directive in your .htaccess to disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality in WordPress.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 207 |
+
echo '<p class="description">'.__('Hackers can exploit various vulnerabilities in the WordPress XML-RPC API in a number of ways such as:', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 208 |
echo '<p class="description">'.__('1) Denial of Service (DoS) attacks', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 209 |
echo '<p class="description">'.__('2) Hacking internal routers.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 210 |
echo '<p class="description">'.__('3) Scanning ports in internal networks to get info from various hosts.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 211 |
echo '<p class="description">'.__('Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 212 |
echo '<p class="description">'.__('NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 213 |
+
echo '<p class="description">'.__('Leave this feature disabled and use the feature below if you want pingback protection but you still need XMLRPC.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 214 |
+
?>
|
| 215 |
+
</div>
|
| 216 |
+
</td>
|
| 217 |
+
</tr>
|
| 218 |
+
<tr valign="top">
|
| 219 |
+
<th scope="row"><?php _e('Disable Pingback Functionality From XMLRPC', 'all-in-one-wp-security-and-firewall')?>:</th>
|
| 220 |
+
<td>
|
| 221 |
+
<input name="aiowps_disable_xmlrpc_pingback_methods" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_disable_xmlrpc_pingback_methods')=='1') echo ' checked="checked"'; ?> value="1"/>
|
| 222 |
+
<span class="description"><?php _e('If you use Jetpack or WP iOS or other apps which need WP XML-RPC functionality then check this. This will enable protection against WordPress pingback vulnerabilities.', 'all-in-one-wp-security-and-firewall'); ?></span>
|
| 223 |
+
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
|
| 224 |
+
<div class="aiowps_more_info_body">
|
| 225 |
+
<?php
|
| 226 |
+
echo '<p class="description">'.__('NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the "Completely Block Access To XMLRPC" checkbox unchecked.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 227 |
+
echo '<p class="description">'.__('The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 228 |
+
echo '<p class="description">'.__('This feature will also remove the "X-Pingback" header if it is present.', 'all-in-one-wp-security-and-firewall').'</p>';
|
| 229 |
?>
|
| 230 |
</div>
|
| 231 |
</td>
|
admin/wp-security-spam-menu.php
CHANGED
|
@@ -306,7 +306,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 306 |
$total_count = count($total_res);
|
| 307 |
$todays_blocked_count = 0;
|
| 308 |
foreach($total_res as $blocked_item){
|
| 309 |
-
$now =
|
| 310 |
$now_date_time = new DateTime($now);
|
| 311 |
$blocked_date = new DateTime($blocked_item->blocked_date);
|
| 312 |
if($blocked_date->format('Y-m-d') == $now_date_time->format('Y-m-d')) {
|
| 306 |
$total_count = count($total_res);
|
| 307 |
$todays_blocked_count = 0;
|
| 308 |
foreach($total_res as $blocked_item){
|
| 309 |
+
$now = date_i18n( 'Y-m-d H:i:s' );
|
| 310 |
$now_date_time = new DateTime($now);
|
| 311 |
$blocked_date = new DateTime($blocked_item->blocked_date);
|
| 312 |
if($blocked_date->format('Y-m-d') == $now_date_time->format('Y-m-d')) {
|
admin/wp-security-user-accounts-menu.php
CHANGED
|
@@ -317,7 +317,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 317 |
function get_all_admin_accounts($blog_id='') {
|
| 318 |
//TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site)
|
| 319 |
if ($blog_id) {
|
| 320 |
-
$admin_users = get_users('blog_id='.$blog_id.'orderby=login&role=administrator');
|
| 321 |
} else {
|
| 322 |
$admin_users = get_users('orderby=login&role=administrator');
|
| 323 |
}
|
|
@@ -333,8 +333,8 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
|
|
| 333 |
}else {
|
| 334 |
$account_output .= '<td>'.$entry->user_login.'</td>';
|
| 335 |
}
|
| 336 |
-
$user_acct_edit_link =
|
| 337 |
-
$account_output .= '<td><a href="'.$user_acct_edit_link
|
| 338 |
$account_output .= '</tr>';
|
| 339 |
}
|
| 340 |
$account_output .= '</table>';
|
| 317 |
function get_all_admin_accounts($blog_id='') {
|
| 318 |
//TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site)
|
| 319 |
if ($blog_id) {
|
| 320 |
+
$admin_users = get_users('blog_id='.$blog_id.'&orderby=login&role=administrator');
|
| 321 |
} else {
|
| 322 |
$admin_users = get_users('orderby=login&role=administrator');
|
| 323 |
}
|
| 333 |
}else {
|
| 334 |
$account_output .= '<td>'.$entry->user_login.'</td>';
|
| 335 |
}
|
| 336 |
+
$user_acct_edit_link = admin_url('user-edit.php?user_id=' . $entry->ID);
|
| 337 |
+
$account_output .= '<td><a href="'.$user_acct_edit_link.'" target="_blank">Edit User</a></td>';
|
| 338 |
$account_output .= '</tr>';
|
| 339 |
}
|
| 340 |
$account_output .= '</table>';
|
classes/wp-security-backup.php
CHANGED
|
@@ -227,7 +227,8 @@ class AIOWPSecurity_Backup
|
|
| 227 |
if($aio_wp_security->configs->get_value('aiowps_enable_automated_backups')=='1')
|
| 228 |
{
|
| 229 |
$aio_wp_security->debug_logger->log_debug_cron("DB Backup - Scheduled backup is enabled. Checking if a backup needs to be done now...");
|
| 230 |
-
$
|
|
|
|
| 231 |
$backup_frequency = $aio_wp_security->configs->get_value('aiowps_db_backup_frequency'); //Number of hours or days or months interval per backup
|
| 232 |
$interval_setting = $aio_wp_security->configs->get_value('aiowps_db_backup_interval'); //Hours/Days/Months
|
| 233 |
switch($interval_setting)
|
|
@@ -253,7 +254,7 @@ class AIOWPSecurity_Backup
|
|
| 253 |
$result = $this->execute_backup();
|
| 254 |
if ($result)
|
| 255 |
{
|
| 256 |
-
$aio_wp_security->configs->set_value('aiowps_last_backup_time',
|
| 257 |
$aio_wp_security->configs->save_config();
|
| 258 |
$aio_wp_security->debug_logger->log_debug_cron("DB Backup - Scheduled backup was successfully completed.");
|
| 259 |
}
|
|
@@ -266,7 +267,7 @@ class AIOWPSecurity_Backup
|
|
| 266 |
else
|
| 267 |
{
|
| 268 |
//Set the last backup time to now so it can trigger for the next scheduled period
|
| 269 |
-
$aio_wp_security->configs->set_value('aiowps_last_backup_time',
|
| 270 |
$aio_wp_security->configs->save_config();
|
| 271 |
}
|
| 272 |
}
|
| 227 |
if($aio_wp_security->configs->get_value('aiowps_enable_automated_backups')=='1')
|
| 228 |
{
|
| 229 |
$aio_wp_security->debug_logger->log_debug_cron("DB Backup - Scheduled backup is enabled. Checking if a backup needs to be done now...");
|
| 230 |
+
$time_now = date_i18n( 'Y-m-d H:i:s' );
|
| 231 |
+
$current_time = strtotime($time_now);
|
| 232 |
$backup_frequency = $aio_wp_security->configs->get_value('aiowps_db_backup_frequency'); //Number of hours or days or months interval per backup
|
| 233 |
$interval_setting = $aio_wp_security->configs->get_value('aiowps_db_backup_interval'); //Hours/Days/Months
|
| 234 |
switch($interval_setting)
|
| 254 |
$result = $this->execute_backup();
|
| 255 |
if ($result)
|
| 256 |
{
|
| 257 |
+
$aio_wp_security->configs->set_value('aiowps_last_backup_time', $time_now);
|
| 258 |
$aio_wp_security->configs->save_config();
|
| 259 |
$aio_wp_security->debug_logger->log_debug_cron("DB Backup - Scheduled backup was successfully completed.");
|
| 260 |
}
|
| 267 |
else
|
| 268 |
{
|
| 269 |
//Set the last backup time to now so it can trigger for the next scheduled period
|
| 270 |
+
$aio_wp_security->configs->set_value('aiowps_last_backup_time', $time_now);
|
| 271 |
$aio_wp_security->configs->save_config();
|
| 272 |
}
|
| 273 |
}
|
classes/wp-security-blocking.php
CHANGED
|
@@ -59,12 +59,13 @@ class AIOWPSecurity_Blocking
|
|
| 59 |
global $wpdb, $aio_wp_security;
|
| 60 |
//Check if this IP address is already in the block list
|
| 61 |
$blocked = AIOWPSecurity_Blocking::is_ip_blocked($ip_address);
|
|
|
|
| 62 |
if(empty($blocked)){
|
| 63 |
//Add this IP to the blocked table
|
| 64 |
$data = array(
|
| 65 |
'blocked_ip'=>$ip_address,
|
| 66 |
'block_reason'=>$reason,
|
| 67 |
-
'blocked_date'
|
| 68 |
);
|
| 69 |
$data = apply_filters('pre_add_to_permanent_block', $data);
|
| 70 |
$res = $wpdb->insert(AIOWPSEC_TBL_PERM_BLOCK, $data);
|
| 59 |
global $wpdb, $aio_wp_security;
|
| 60 |
//Check if this IP address is already in the block list
|
| 61 |
$blocked = AIOWPSecurity_Blocking::is_ip_blocked($ip_address);
|
| 62 |
+
$time_now = date_i18n( 'Y-m-d H:i:s' );
|
| 63 |
if(empty($blocked)){
|
| 64 |
//Add this IP to the blocked table
|
| 65 |
$data = array(
|
| 66 |
'blocked_ip'=>$ip_address,
|
| 67 |
'block_reason'=>$reason,
|
| 68 |
+
'blocked_date'=>$time_now
|
| 69 |
);
|
| 70 |
$data = apply_filters('pre_add_to_permanent_block', $data);
|
| 71 |
$res = $wpdb->insert(AIOWPSEC_TBL_PERM_BLOCK, $data);
|
classes/wp-security-captcha.php
CHANGED
|
@@ -84,7 +84,9 @@ class AIOWPSecurity_Captcha
|
|
| 84 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 85 |
$current_time = time();
|
| 86 |
$enc_result = base64_encode($current_time.$captcha_secret_string.$result);
|
| 87 |
-
$
|
|
|
|
|
|
|
| 88 |
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="'.$current_time.'" />';
|
| 89 |
$equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
|
| 90 |
return $equation_string;
|
| 84 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 85 |
$current_time = time();
|
| 86 |
$enc_result = base64_encode($current_time.$captcha_secret_string.$result);
|
| 87 |
+
$random_str = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
|
| 88 |
+
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_captcha_string_info_'.$random_str, $enc_result, 30 * 60) : set_transient('aiowps_captcha_string_info_'.$random_str, $enc_result, 30 * 60);
|
| 89 |
+
$equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="'.$random_str.'" />';
|
| 90 |
$equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="'.$current_time.'" />';
|
| 91 |
$equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
|
| 92 |
return $equation_string;
|
classes/wp-security-configure-settings.php
CHANGED
|
@@ -72,7 +72,8 @@ class AIOWPSecurity_Configure_Settings
|
|
| 72 |
|
| 73 |
//Firewall features
|
| 74 |
$aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');//Checkbox
|
| 75 |
-
$aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall','');//Checkbox
|
|
|
|
| 76 |
$aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access','');//Checkbox
|
| 77 |
$aio_wp_security->configs->set_value('aiowps_disable_index_views','');//Checkbox
|
| 78 |
$aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','');//Checkbox
|
|
@@ -203,8 +204,9 @@ class AIOWPSecurity_Configure_Settings
|
|
| 203 |
|
| 204 |
//Firewall features
|
| 205 |
$aio_wp_security->configs->add_value('aiowps_enable_basic_firewall','');//Checkbox
|
| 206 |
-
$aio_wp_security->configs->add_value('aiowps_enable_pingback_firewall','');//Checkbox
|
| 207 |
-
$aio_wp_security->configs->
|
|
|
|
| 208 |
$aio_wp_security->configs->add_value('aiowps_disable_index_views','');//Checkbox
|
| 209 |
$aio_wp_security->configs->add_value('aiowps_disable_trace_and_track','');//Checkbox
|
| 210 |
$aio_wp_security->configs->add_value('aiowps_forbid_proxy_comments','');//Checkbox
|
|
@@ -289,7 +291,8 @@ class AIOWPSecurity_Configure_Settings
|
|
| 289 |
$aio_wp_security->configs->set_value('aiowps_enable_whitelisting','');//Checkbox
|
| 290 |
|
| 291 |
$aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');//Checkbox
|
| 292 |
-
$aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall','');//Checkbox
|
|
|
|
| 293 |
$aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access','');//Checkbox
|
| 294 |
$aio_wp_security->configs->set_value('aiowps_disable_index_views','');//Checkbox
|
| 295 |
$aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','');//Checkbox
|
| 72 |
|
| 73 |
//Firewall features
|
| 74 |
$aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');//Checkbox
|
| 75 |
+
$aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall','');//Checkbox - blocks all access to XMLRPC
|
| 76 |
+
$aio_wp_security->configs->set_value('aiowps_disable_xmlrpc_pingback_methods','');//Checkbox - Disables only pingback methods in XMLRPC functionality
|
| 77 |
$aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access','');//Checkbox
|
| 78 |
$aio_wp_security->configs->set_value('aiowps_disable_index_views','');//Checkbox
|
| 79 |
$aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','');//Checkbox
|
| 204 |
|
| 205 |
//Firewall features
|
| 206 |
$aio_wp_security->configs->add_value('aiowps_enable_basic_firewall','');//Checkbox
|
| 207 |
+
$aio_wp_security->configs->add_value('aiowps_enable_pingback_firewall','');//Checkbox - blocks all access to XMLRPC
|
| 208 |
+
$aio_wp_security->configs->add_value('aiowps_disable_xmlrpc_pingback_methods','');//Checkbox - Disables only pingback methods in XMLRPC functionality
|
| 209 |
+
$aio_wp_security->configs->add_value('aiowps_block_debug_log_file_access','');//Checkbox
|
| 210 |
$aio_wp_security->configs->add_value('aiowps_disable_index_views','');//Checkbox
|
| 211 |
$aio_wp_security->configs->add_value('aiowps_disable_trace_and_track','');//Checkbox
|
| 212 |
$aio_wp_security->configs->add_value('aiowps_forbid_proxy_comments','');//Checkbox
|
| 291 |
$aio_wp_security->configs->set_value('aiowps_enable_whitelisting','');//Checkbox
|
| 292 |
|
| 293 |
$aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');//Checkbox
|
| 294 |
+
$aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall','');//Checkbox - blocks all access to XMLRPC
|
| 295 |
+
$aio_wp_security->configs->set_value('aiowps_disable_xmlrpc_pingback_methods','');//Checkbox - Disables only pingback methods in XMLRPC functionality
|
| 296 |
$aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access','');//Checkbox
|
| 297 |
$aio_wp_security->configs->set_value('aiowps_disable_index_views','');//Checkbox
|
| 298 |
$aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','');//Checkbox
|
classes/wp-security-file-scan.php
CHANGED
|
@@ -26,9 +26,9 @@ class AIOWPSecurity_Scan
|
|
| 26 |
$aio_wp_security->configs->set_value('aiowps_fcds_change_detected', TRUE);
|
| 27 |
$aio_wp_security->configs->save_config();
|
| 28 |
$aio_wp_security->debug_logger->log_debug("File Change Detection Feature: change to filesystem detected!");
|
| 29 |
-
|
| 30 |
-
$this->aiowps_send_file_change_alert_email(); //Send file change scan results via email if applicable
|
| 31 |
-
}else
|
| 32 |
//Reset the change flag
|
| 33 |
$aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
|
| 34 |
$aio_wp_security->configs->save_config();
|
|
@@ -42,8 +42,13 @@ class AIOWPSecurity_Scan
|
|
| 42 |
return $scan_result;
|
| 43 |
}
|
| 44 |
}
|
| 45 |
-
|
| 46 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47 |
{
|
| 48 |
global $aio_wp_security;
|
| 49 |
if ( $aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email') == '1' )
|
|
@@ -56,36 +61,16 @@ class AIOWPSecurity_Scan
|
|
| 56 |
//$attachment = array();
|
| 57 |
$message = __( 'A file change was detected on your system for site URL', 'all-in-one-wp-security-and-firewall' ) . ' ' . get_option( 'siteurl' ) . __( '. Scan was generated on', 'all-in-one-wp-security-and-firewall' ) . ' ' . date( 'l, F jS, Y \a\\t g:i a', current_time( 'timestamp' ) );
|
| 58 |
$message .= "\r\n\r\n".__( 'A summary of the scan results is shown below:', 'all-in-one-wp-security-and-firewall' );
|
| 59 |
-
$scan_res_unserialized = self::get_file_change_data();
|
| 60 |
-
$scan_results_message = '';
|
| 61 |
-
if($scan_res_unserialized !== false){
|
| 62 |
-
$scan_results_message = self::get_file_change_summary($scan_res_unserialized);
|
| 63 |
-
}
|
| 64 |
-
|
| 65 |
$message .= "\r\n\r\n";
|
| 66 |
-
$message .= $
|
| 67 |
$message .= "\r\n".__( 'Login to your site to view the scan details.', 'all-in-one-wp-security-and-firewall' );
|
| 68 |
|
| 69 |
-
//Get the email address(es).
|
| 70 |
$addresses = $aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address');
|
| 71 |
-
|
| 72 |
-
|
| 73 |
-
|
| 74 |
-
$
|
| 75 |
-
if(FALSE === $sendMail){
|
| 76 |
-
$aio_wp_security->debug_logger->log_debug("File change notification email failed to send to ".$toaddress,4);
|
| 77 |
-
}
|
| 78 |
-
|
| 79 |
-
} else
|
| 80 |
-
{
|
| 81 |
-
$email_list_array = explode(PHP_EOL, $addresses);
|
| 82 |
-
foreach($email_list_array as $key=>$value){
|
| 83 |
-
$toaddress = $value;
|
| 84 |
-
$sendMail = wp_mail( $toaddress, $subject, $message, $headers );
|
| 85 |
-
if(FALSE === $sendMail){
|
| 86 |
-
$aio_wp_security->debug_logger->log_debug("File change notification email failed to send to ".$toaddress,4);
|
| 87 |
-
}
|
| 88 |
-
}
|
| 89 |
}
|
| 90 |
|
| 91 |
}
|
|
@@ -97,7 +82,8 @@ class AIOWPSecurity_Scan
|
|
| 97 |
if($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan')=='1')
|
| 98 |
{
|
| 99 |
$aio_wp_security->debug_logger->log_debug_cron("Filescan - Scheduled fcd_scan is enabled. Checking now to see if scan needs to be done...");
|
| 100 |
-
$
|
|
|
|
| 101 |
$fcd_scan_frequency = $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); //Number of hours or days or months interval
|
| 102 |
$interval_setting = $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'); //Hours/Days/Months
|
| 103 |
switch($interval_setting)
|
|
@@ -123,7 +109,7 @@ class AIOWPSecurity_Scan
|
|
| 123 |
$result = $this->execute_file_change_detection_scan(ABSPATH);
|
| 124 |
// if ($result)
|
| 125 |
// {
|
| 126 |
-
$aio_wp_security->configs->set_value('aiowps_last_fcd_scan_time',
|
| 127 |
$aio_wp_security->configs->save_config();
|
| 128 |
$aio_wp_security->debug_logger->log_debug_cron("Filescan - Scheduled filescan was successfully completed.");
|
| 129 |
// }
|
|
@@ -136,7 +122,7 @@ class AIOWPSecurity_Scan
|
|
| 136 |
else
|
| 137 |
{
|
| 138 |
//Set the last scan time to now so it can trigger for the next scheduled period
|
| 139 |
-
$aio_wp_security->configs->set_value('aiowps_last_fcd_scan_time',
|
| 140 |
$aio_wp_security->configs->save_config();
|
| 141 |
}
|
| 142 |
}
|
|
@@ -181,7 +167,7 @@ class AIOWPSecurity_Scan
|
|
| 181 |
$aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
|
| 182 |
$payload = maybe_serialize($scanned_data);
|
| 183 |
$scan_result = maybe_serialize($scan_result);
|
| 184 |
-
$date_time =
|
| 185 |
$data = array('date_time' => $date_time, 'meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data', 'meta_value4' => $payload, 'meta_key5' => 'last_scan_result', 'meta_value5' => $scan_result);
|
| 186 |
if($save_type == 'insert'){
|
| 187 |
$result = $wpdb->insert($aiowps_global_meta_tbl_name, $data);
|
|
@@ -198,52 +184,71 @@ class AIOWPSecurity_Scan
|
|
| 198 |
return true;
|
| 199 |
}
|
| 200 |
}
|
| 201 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 202 |
function do_file_change_scan($start_dir=ABSPATH)
|
| 203 |
{
|
| 204 |
global $aio_wp_security;
|
| 205 |
$filescan_data = array();
|
| 206 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 207 |
$rit = new RecursiveIteratorIterator(
|
| 208 |
-
$dit, RecursiveIteratorIterator::SELF_FIRST, RecursiveIteratorIterator::CATCH_GET_CHILD
|
| 209 |
-
|
| 210 |
-
|
| 211 |
-
|
| 212 |
-
|
| 213 |
-
|
| 214 |
-
|
| 215 |
-
|
| 216 |
-
|
| 217 |
-
|
| 218 |
-
|
| 219 |
-
|
| 220 |
-
|
| 221 |
-
|
| 222 |
-
if (!empty($current_file_ext)){
|
| 223 |
-
if (strpos($file_types_to_skip, $current_file_ext) !== FALSE) continue;
|
| 224 |
-
}
|
| 225 |
}
|
| 226 |
-
|
| 227 |
-
$
|
| 228 |
-
|
| 229 |
-
continue; //if file doesn't exist move on to next iteration
|
| 230 |
}
|
| 231 |
-
|
| 232 |
-
if
|
| 233 |
-
{
|
| 234 |
-
|
| 235 |
-
$
|
| 236 |
-
|
| 237 |
-
|
| 238 |
-
|
| 239 |
-
|
| 240 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 241 |
}
|
| 242 |
-
if ($skip_this) continue;
|
| 243 |
}
|
| 244 |
-
|
| 245 |
-
$filescan_data[$filename]
|
| 246 |
-
|
|
|
|
|
|
|
| 247 |
|
| 248 |
}
|
| 249 |
return $filescan_data;
|
|
@@ -251,38 +256,34 @@ class AIOWPSecurity_Scan
|
|
| 251 |
|
| 252 |
function compare_scan_data($last_scan_data, $new_scanned_data)
|
| 253 |
{
|
| 254 |
-
|
| 255 |
-
$
|
| 256 |
-
|
| 257 |
-
$
|
| 258 |
-
|
| 259 |
-
|
| 260 |
-
|
| 261 |
-
|
| 262 |
-
foreach ( $new_scan_minus_added as $entry => $key) {
|
| 263 |
-
if ( array_key_exists( $entry, $old_scan_minus_deleted ) )
|
| 264 |
-
{
|
| 265 |
-
//check filesize and last_modified values
|
| 266 |
-
if (strcmp($key['last_modified'], $old_scan_minus_deleted[$entry]['last_modified']) != 0 ||
|
| 267 |
-
strcmp($key['filesize'], $old_scan_minus_deleted[$entry]['filesize']) != 0)
|
| 268 |
-
{
|
| 269 |
-
$file_changes_detected[$entry]['filesize'] = $key['filesize'];
|
| 270 |
-
$file_changes_detected[$entry]['last_modified'] = $key['last_modified'];
|
| 271 |
-
}
|
| 272 |
-
}
|
| 273 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 274 |
}
|
| 275 |
}
|
| 276 |
|
| 277 |
-
//
|
| 278 |
-
|
| 279 |
-
|
| 280 |
-
|
| 281 |
-
|
| 282 |
);
|
| 283 |
-
return $results;
|
| 284 |
}
|
| 285 |
-
|
| 286 |
function execute_db_scan()
|
| 287 |
{
|
| 288 |
global $aio_wp_security;
|
|
@@ -712,46 +713,42 @@ class AIOWPSecurity_Scan
|
|
| 712 |
}else{
|
| 713 |
return $scan_results_unserialized;
|
| 714 |
}
|
| 715 |
-
|
| 716 |
}
|
| 717 |
-
|
| 718 |
-
static function get_file_change_summary($
|
| 719 |
{
|
| 720 |
$scan_summary = "";
|
| 721 |
-
$
|
| 722 |
-
$files_removed_output = "";
|
| 723 |
-
$files_changed_output = "";
|
| 724 |
-
if (!empty($scan_results_unserialized['files_added']))
|
| 725 |
{
|
| 726 |
//Output of files added
|
| 727 |
-
$
|
| 728 |
-
foreach ($
|
| 729 |
-
$
|
| 730 |
}
|
| 731 |
-
$
|
| 732 |
}
|
| 733 |
-
if (!empty($
|
| 734 |
{
|
| 735 |
//Output of files removed
|
| 736 |
-
$
|
| 737 |
-
foreach ($
|
| 738 |
-
$
|
| 739 |
}
|
| 740 |
-
$
|
| 741 |
}
|
| 742 |
|
| 743 |
-
if (!empty($
|
| 744 |
{
|
| 745 |
//Output of files changed
|
| 746 |
-
$
|
| 747 |
-
foreach ($
|
| 748 |
-
$
|
| 749 |
}
|
| 750 |
-
$
|
| 751 |
}
|
| 752 |
-
|
| 753 |
-
$scan_summary .= $files_added_output . $files_removed_output . $files_changed_output;
|
| 754 |
return $scan_summary;
|
| 755 |
}
|
| 756 |
-
|
| 757 |
}
|
| 26 |
$aio_wp_security->configs->set_value('aiowps_fcds_change_detected', TRUE);
|
| 27 |
$aio_wp_security->configs->save_config();
|
| 28 |
$aio_wp_security->debug_logger->log_debug("File Change Detection Feature: change to filesystem detected!");
|
| 29 |
+
|
| 30 |
+
$this->aiowps_send_file_change_alert_email($scan_result); //Send file change scan results via email if applicable
|
| 31 |
+
} else {
|
| 32 |
//Reset the change flag
|
| 33 |
$aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
|
| 34 |
$aio_wp_security->configs->save_config();
|
| 42 |
return $scan_result;
|
| 43 |
}
|
| 44 |
}
|
| 45 |
+
|
| 46 |
+
/**
|
| 47 |
+
* Send email with notification about file changes detected by last scan.
|
| 48 |
+
* @global AIO_WP_Security $aio_wp_security
|
| 49 |
+
* @param array $scan_result Array with scan result returned by compare_scan_data() method.
|
| 50 |
+
*/
|
| 51 |
+
function aiowps_send_file_change_alert_email($scan_result)
|
| 52 |
{
|
| 53 |
global $aio_wp_security;
|
| 54 |
if ( $aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email') == '1' )
|
| 61 |
//$attachment = array();
|
| 62 |
$message = __( 'A file change was detected on your system for site URL', 'all-in-one-wp-security-and-firewall' ) . ' ' . get_option( 'siteurl' ) . __( '. Scan was generated on', 'all-in-one-wp-security-and-firewall' ) . ' ' . date( 'l, F jS, Y \a\\t g:i a', current_time( 'timestamp' ) );
|
| 63 |
$message .= "\r\n\r\n".__( 'A summary of the scan results is shown below:', 'all-in-one-wp-security-and-firewall' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 64 |
$message .= "\r\n\r\n";
|
| 65 |
+
$message .= self::get_file_change_summary($scan_result);
|
| 66 |
$message .= "\r\n".__( 'Login to your site to view the scan details.', 'all-in-one-wp-security-and-firewall' );
|
| 67 |
|
| 68 |
+
// Get the email address(es).
|
| 69 |
$addresses = $aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address');
|
| 70 |
+
// If no explicit email address(es) are given, send email to site admin.
|
| 71 |
+
$to = empty( $addresses ) ? array( get_site_option('admin_email') ) : explode(PHP_EOL, $addresses);
|
| 72 |
+
if ( !wp_mail( $to, $subject, $message, $headers ) ) {
|
| 73 |
+
$aio_wp_security->debug_logger->log_debug("File change notification email failed to send.",4);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 74 |
}
|
| 75 |
|
| 76 |
}
|
| 82 |
if($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan')=='1')
|
| 83 |
{
|
| 84 |
$aio_wp_security->debug_logger->log_debug_cron("Filescan - Scheduled fcd_scan is enabled. Checking now to see if scan needs to be done...");
|
| 85 |
+
$time_now = date_i18n( 'Y-m-d H:i:s' );
|
| 86 |
+
$current_time = strtotime($time_now);
|
| 87 |
$fcd_scan_frequency = $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); //Number of hours or days or months interval
|
| 88 |
$interval_setting = $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'); //Hours/Days/Months
|
| 89 |
switch($interval_setting)
|
| 109 |
$result = $this->execute_file_change_detection_scan(ABSPATH);
|
| 110 |
// if ($result)
|
| 111 |
// {
|
| 112 |
+
$aio_wp_security->configs->set_value('aiowps_last_fcd_scan_time', $time_now);
|
| 113 |
$aio_wp_security->configs->save_config();
|
| 114 |
$aio_wp_security->debug_logger->log_debug_cron("Filescan - Scheduled filescan was successfully completed.");
|
| 115 |
// }
|
| 122 |
else
|
| 123 |
{
|
| 124 |
//Set the last scan time to now so it can trigger for the next scheduled period
|
| 125 |
+
$aio_wp_security->configs->set_value('aiowps_last_fcd_scan_time', $time_now);
|
| 126 |
$aio_wp_security->configs->save_config();
|
| 127 |
}
|
| 128 |
}
|
| 167 |
$aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
|
| 168 |
$payload = maybe_serialize($scanned_data);
|
| 169 |
$scan_result = maybe_serialize($scan_result);
|
| 170 |
+
$date_time = date_i18n( 'Y-m-d H:i:s' );
|
| 171 |
$data = array('date_time' => $date_time, 'meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data', 'meta_value4' => $payload, 'meta_key5' => 'last_scan_result', 'meta_value5' => $scan_result);
|
| 172 |
if($save_type == 'insert'){
|
| 173 |
$result = $wpdb->insert($aiowps_global_meta_tbl_name, $data);
|
| 184 |
return true;
|
| 185 |
}
|
| 186 |
}
|
| 187 |
+
|
| 188 |
+
/**
|
| 189 |
+
* Recursively scan the entire $start_dir directory and return file size
|
| 190 |
+
* and last modified date of every regular file. Ignore files and file
|
| 191 |
+
* types specified in file scanner settings.
|
| 192 |
+
* @global AIO_WP_Security $aio_wp_security
|
| 193 |
+
* @param string $start_dir
|
| 194 |
+
* @return array
|
| 195 |
+
*/
|
| 196 |
function do_file_change_scan($start_dir=ABSPATH)
|
| 197 |
{
|
| 198 |
global $aio_wp_security;
|
| 199 |
$filescan_data = array();
|
| 200 |
+
// Iterator key is absolute file path, iterator value is SplFileInfo object,
|
| 201 |
+
// iteration skips '..' and '.' records, because we're not interested in directories.
|
| 202 |
+
$dit = new RecursiveDirectoryIterator(
|
| 203 |
+
$start_dir, FilesystemIterator::KEY_AS_PATHNAME | FilesystemIterator::CURRENT_AS_FILEINFO | FilesystemIterator::SKIP_DOTS
|
| 204 |
+
);
|
| 205 |
$rit = new RecursiveIteratorIterator(
|
| 206 |
+
$dit, RecursiveIteratorIterator::SELF_FIRST, RecursiveIteratorIterator::CATCH_GET_CHILD
|
| 207 |
+
);
|
| 208 |
+
|
| 209 |
+
// Grab files/directories to skip
|
| 210 |
+
$files_to_skip = AIOWPSecurity_Utility::explode_trim_filter_empty($aio_wp_security->configs->get_value('aiowps_fcd_exclude_files'));
|
| 211 |
+
// Grab (lowercased) file types to skip
|
| 212 |
+
$file_types_to_skip = AIOWPSecurity_Utility::explode_trim_filter_empty(strtolower($aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')));
|
| 213 |
+
|
| 214 |
+
$start_dir_length = strlen($start_dir);
|
| 215 |
+
|
| 216 |
+
foreach ($rit as $filename => $fileinfo) {
|
| 217 |
+
|
| 218 |
+
if ( !file_exists($filename) || is_dir($filename) ) {
|
| 219 |
+
continue; // if file doesn't exist or is a directory move on to next iteration
|
|
|
|
|
|
|
|
|
|
| 220 |
}
|
| 221 |
+
|
| 222 |
+
if ( $fileinfo->getFilename() == 'wp-security-log-cron-job.txt' || $fileinfo->getFilename() == 'wp-security-log.txt' ) {
|
| 223 |
+
continue; // skip aiowps log files
|
|
|
|
| 224 |
}
|
| 225 |
+
|
| 226 |
+
// Let's omit any file types from the scan which were specified in the settings if necessary
|
| 227 |
+
if ( !empty($file_types_to_skip) ) {
|
| 228 |
+
//$current_file_ext = strtolower($fileinfo->getExtension()); //getExtension() only available on PHP 5.3.6 or higher
|
| 229 |
+
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
| 230 |
+
if (in_array($ext, $file_types_to_skip) ) { continue; }
|
| 231 |
+
}
|
| 232 |
+
|
| 233 |
+
// Let's omit specific files or directories from the scan which were specified in the settings
|
| 234 |
+
if ( !empty($files_to_skip) ) {
|
| 235 |
+
|
| 236 |
+
$skip_this = false;
|
| 237 |
+
foreach ($files_to_skip as $f_or_dir) {
|
| 238 |
+
// Expect files/dirs to be specified relatively to $start_dir,
|
| 239 |
+
// so start searching at $start_dir_length offset.
|
| 240 |
+
if (strpos($filename, $f_or_dir, $start_dir_length) !== false) {
|
| 241 |
+
$skip_this = true;
|
| 242 |
+
break; // !
|
| 243 |
+
}
|
| 244 |
}
|
| 245 |
+
if ($skip_this) { continue; }
|
| 246 |
}
|
| 247 |
+
|
| 248 |
+
$filescan_data[$filename] = array(
|
| 249 |
+
'last_modified' => $fileinfo->getMTime(),
|
| 250 |
+
'filesize' => $fileinfo->getSize(),
|
| 251 |
+
);
|
| 252 |
|
| 253 |
}
|
| 254 |
return $filescan_data;
|
| 256 |
|
| 257 |
function compare_scan_data($last_scan_data, $new_scanned_data)
|
| 258 |
{
|
| 259 |
+
// Identify new files added: get all files which are in the new scan but not present in the old scan
|
| 260 |
+
$files_added = @array_diff_key( $new_scanned_data, $last_scan_data );
|
| 261 |
+
// Identify files deleted: get all files which are in the old scan but not present in the new scan
|
| 262 |
+
$files_removed = @array_diff_key( $last_scan_data, $new_scanned_data );
|
| 263 |
+
// Identify existing files: get all files which are in new scan, but were not added
|
| 264 |
+
$files_kept = @array_diff_key( $new_scanned_data, $files_added );
|
| 265 |
+
|
| 266 |
+
$files_changed = array();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 267 |
|
| 268 |
+
// Loop through existing files and determine, if they have been changed
|
| 269 |
+
foreach ( $files_kept as $filename => $new_scan_meta ) {
|
| 270 |
+
$last_scan_meta = $last_scan_data[$filename];
|
| 271 |
+
// Check filesize and last_modified values
|
| 272 |
+
if ( ($new_scan_meta['last_modified'] !== $last_scan_meta['last_modified'])
|
| 273 |
+
|| ($new_scan_meta['filesize'] !== $last_scan_meta['filesize']) )
|
| 274 |
+
{
|
| 275 |
+
$files_changed[$filename] = $new_scan_meta;
|
| 276 |
}
|
| 277 |
}
|
| 278 |
|
| 279 |
+
// Create single array of all changes
|
| 280 |
+
return array(
|
| 281 |
+
'files_added' => $files_added,
|
| 282 |
+
'files_removed' => $files_removed,
|
| 283 |
+
'files_changed' => $files_changed,
|
| 284 |
);
|
|
|
|
| 285 |
}
|
| 286 |
+
|
| 287 |
function execute_db_scan()
|
| 288 |
{
|
| 289 |
global $aio_wp_security;
|
| 713 |
}else{
|
| 714 |
return $scan_results_unserialized;
|
| 715 |
}
|
| 716 |
+
|
| 717 |
}
|
| 718 |
+
|
| 719 |
+
static function get_file_change_summary($scan_result)
|
| 720 |
{
|
| 721 |
$scan_summary = "";
|
| 722 |
+
if (!empty($scan_result['files_added']))
|
|
|
|
|
|
|
|
|
|
| 723 |
{
|
| 724 |
//Output of files added
|
| 725 |
+
$scan_summary .= "\r\n".__('The following files were added to your host', 'all-in-one-wp-security-and-firewall').":\r\n";
|
| 726 |
+
foreach ($scan_result['files_added'] as $key=>$value) {
|
| 727 |
+
$scan_summary .= "\r\n".$key.' ('.__('modified on: ', 'all-in-one-wp-security-and-firewall').date('Y-m-d H:i:s',$value['last_modified']).')';
|
| 728 |
}
|
| 729 |
+
$scan_summary .= "\r\n======================================\r\n";
|
| 730 |
}
|
| 731 |
+
if (!empty($scan_result['files_removed']))
|
| 732 |
{
|
| 733 |
//Output of files removed
|
| 734 |
+
$scan_summary .= "\r\n".__('The following files were removed from your host', 'all-in-one-wp-security-and-firewall').":\r\n";
|
| 735 |
+
foreach ($scan_result['files_removed'] as $key=>$value) {
|
| 736 |
+
$scan_summary .= "\r\n".$key.' ('.__('modified on: ', 'all-in-one-wp-security-and-firewall').date('Y-m-d H:i:s',$value['last_modified']).')';
|
| 737 |
}
|
| 738 |
+
$scan_summary .= "\r\n======================================\r\n";
|
| 739 |
}
|
| 740 |
|
| 741 |
+
if (!empty($scan_result['files_changed']))
|
| 742 |
{
|
| 743 |
//Output of files changed
|
| 744 |
+
$scan_summary .= "\r\n".__('The following files were changed on your host', 'all-in-one-wp-security-and-firewall').":\r\n";
|
| 745 |
+
foreach ($scan_result['files_changed'] as $key=>$value) {
|
| 746 |
+
$scan_summary .= "\r\n".$key.' ('.__('modified on: ', 'all-in-one-wp-security-and-firewall').date('Y-m-d H:i:s',$value['last_modified']).')';
|
| 747 |
}
|
| 748 |
+
$scan_summary .= "\r\n======================================\r\n";
|
| 749 |
}
|
| 750 |
+
|
|
|
|
| 751 |
return $scan_summary;
|
| 752 |
}
|
| 753 |
+
|
| 754 |
}
|
classes/wp-security-general-init-tasks.php
CHANGED
|
@@ -4,6 +4,11 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 4 |
{
|
| 5 |
function __construct(){
|
| 6 |
global $aio_wp_security;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
|
| 8 |
add_action( 'permalink_structure_changed', array(&$this, 'refresh_firewall_rules' ), 10, 2);
|
| 9 |
|
|
@@ -123,6 +128,11 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 123 |
}
|
| 124 |
}
|
| 125 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 126 |
//For registration page captcha feature
|
| 127 |
if (AIOWPSecurity_Utility::is_multisite_install()){
|
| 128 |
$blog_id = get_current_blog_id();
|
|
@@ -186,6 +196,17 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 186 |
//Add more tasks that need to be executed at init time
|
| 187 |
|
| 188 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 189 |
|
| 190 |
/**
|
| 191 |
* Refreshes the firewall rules in .htaccess file
|
|
@@ -208,7 +229,7 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 208 |
|
| 209 |
function spam_detect_process_comment_post($comment_id, $comment_approved)
|
| 210 |
{
|
| 211 |
-
if($comment_approved
|
| 212 |
$this->block_comment_ip($comment_id);
|
| 213 |
}
|
| 214 |
|
|
@@ -358,7 +379,9 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 358 |
isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
|
| 359 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 360 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 361 |
-
|
|
|
|
|
|
|
| 362 |
{
|
| 363 |
//This means a wrong answer was entered
|
| 364 |
$result['errors']->add('generic', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
|
@@ -405,7 +428,10 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 405 |
$captcha_answer = trim($_REQUEST['aiowps-captcha-answer']);
|
| 406 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 407 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 408 |
-
|
|
|
|
|
|
|
|
|
|
| 409 |
//Correct answer given
|
| 410 |
return($comment);
|
| 411 |
}else{
|
|
@@ -426,7 +452,10 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 426 |
isset($_POST['aiowps-captcha-answer'])?($captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer']))):($captcha_answer = '');
|
| 427 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 428 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 429 |
-
|
|
|
|
|
|
|
|
|
|
| 430 |
{
|
| 431 |
add_filter('allow_password_reset', array(&$this, 'add_lostpassword_captcha_error_msg'));
|
| 432 |
}
|
|
@@ -459,7 +488,10 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 459 |
isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
|
| 460 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 461 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 462 |
-
|
|
|
|
|
|
|
|
|
|
| 463 |
{
|
| 464 |
//This means a wrong answer was entered
|
| 465 |
$bp->signup->errors['aiowps-captcha-answer'] = __('Your CAPTCHA answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall');
|
|
@@ -485,4 +517,17 @@ class AIOWPSecurity_General_Init_Tasks
|
|
| 485 |
$message = html_entity_decode($message);
|
| 486 |
return $message;
|
| 487 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 488 |
}
|
| 4 |
{
|
| 5 |
function __construct(){
|
| 6 |
global $aio_wp_security;
|
| 7 |
+
|
| 8 |
+
if ($aio_wp_security->configs->get_value('aiowps_disable_xmlrpc_pingback_methods') == '1') {
|
| 9 |
+
add_filter( 'xmlrpc_methods', array(&$this, 'aiowps_disable_xmlrpc_pingback_methods') );
|
| 10 |
+
add_filter( 'wp_headers', array(&$this, 'aiowps_remove_x_pingback_header') );
|
| 11 |
+
}
|
| 12 |
|
| 13 |
add_action( 'permalink_structure_changed', array(&$this, 'refresh_firewall_rules' ), 10, 2);
|
| 14 |
|
| 128 |
}
|
| 129 |
}
|
| 130 |
|
| 131 |
+
//For registration manual approval feature
|
| 132 |
+
if($aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval') == '1'){
|
| 133 |
+
add_filter('wp_login_errors', array(&$this, 'modify_registration_page_messages'),10, 2);
|
| 134 |
+
}
|
| 135 |
+
|
| 136 |
//For registration page captcha feature
|
| 137 |
if (AIOWPSecurity_Utility::is_multisite_install()){
|
| 138 |
$blog_id = get_current_blog_id();
|
| 196 |
//Add more tasks that need to be executed at init time
|
| 197 |
|
| 198 |
}
|
| 199 |
+
|
| 200 |
+
function aiowps_disable_xmlrpc_pingback_methods( $methods ) {
|
| 201 |
+
unset( $methods['pingback.ping'] );
|
| 202 |
+
unset( $methods['pingback.extensions.getPingbacks'] );
|
| 203 |
+
return $methods;
|
| 204 |
+
}
|
| 205 |
+
|
| 206 |
+
function aiowps_remove_x_pingback_header( $headers ) {
|
| 207 |
+
unset( $headers['X-Pingback'] );
|
| 208 |
+
return $headers;
|
| 209 |
+
}
|
| 210 |
|
| 211 |
/**
|
| 212 |
* Refreshes the firewall rules in .htaccess file
|
| 229 |
|
| 230 |
function spam_detect_process_comment_post($comment_id, $comment_approved)
|
| 231 |
{
|
| 232 |
+
if($comment_approved === "spam"){
|
| 233 |
$this->block_comment_ip($comment_id);
|
| 234 |
}
|
| 235 |
|
| 379 |
isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
|
| 380 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 381 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 382 |
+
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
|
| 383 |
+
$captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
|
| 384 |
+
if($submitted_encoded_string !== $captcha_string_info_trans)
|
| 385 |
{
|
| 386 |
//This means a wrong answer was entered
|
| 387 |
$result['errors']->add('generic', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
| 428 |
$captcha_answer = trim($_REQUEST['aiowps-captcha-answer']);
|
| 429 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 430 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 431 |
+
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
|
| 432 |
+
$captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
|
| 433 |
+
|
| 434 |
+
if ($captcha_string_info_trans === $submitted_encoded_string){
|
| 435 |
//Correct answer given
|
| 436 |
return($comment);
|
| 437 |
}else{
|
| 452 |
isset($_POST['aiowps-captcha-answer'])?($captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer']))):($captcha_answer = '');
|
| 453 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 454 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 455 |
+
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
|
| 456 |
+
$captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
|
| 457 |
+
|
| 458 |
+
if($submitted_encoded_string !== $captcha_string_info_trans)
|
| 459 |
{
|
| 460 |
add_filter('allow_password_reset', array(&$this, 'add_lostpassword_captcha_error_msg'));
|
| 461 |
}
|
| 488 |
isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
|
| 489 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 490 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 491 |
+
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
|
| 492 |
+
$captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
|
| 493 |
+
|
| 494 |
+
if($submitted_encoded_string !== $captcha_string_info_trans)
|
| 495 |
{
|
| 496 |
//This means a wrong answer was entered
|
| 497 |
$bp->signup->errors['aiowps-captcha-answer'] = __('Your CAPTCHA answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall');
|
| 517 |
$message = html_entity_decode($message);
|
| 518 |
return $message;
|
| 519 |
}
|
| 520 |
+
|
| 521 |
+
function modify_registration_page_messages($errors, $redirect_to)
|
| 522 |
+
{
|
| 523 |
+
if( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ){
|
| 524 |
+
if(is_wp_error($errors)){
|
| 525 |
+
$errors->remove('registered');
|
| 526 |
+
$pending_approval_msg = __('Your registration is pending approval.', 'all-in-one-wp-security-and-firewall');
|
| 527 |
+
$pending_approval_msg = apply_filters('aiowps_pending_registration_message', $pending_approval_msg);
|
| 528 |
+
$errors->add('registered', $pending_approval_msg, array('registered'=>'message'));
|
| 529 |
+
}
|
| 530 |
+
}
|
| 531 |
+
return $errors;
|
| 532 |
+
}
|
| 533 |
}
|
classes/wp-security-process-renamed-login-page.php
CHANGED
|
@@ -102,12 +102,8 @@ class AIOWPSecurity_Process_Renamed_Login_Page
|
|
| 102 |
|
| 103 |
//case where someone attempting to reach wp-admin
|
| 104 |
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
|
| 105 |
-
//
|
| 106 |
-
|
| 107 |
-
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
|
| 108 |
-
}else{
|
| 109 |
-
AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404();
|
| 110 |
-
}
|
| 111 |
}
|
| 112 |
|
| 113 |
//case where someone attempting to reach wp-login
|
| 102 |
|
| 103 |
//case where someone attempting to reach wp-admin
|
| 104 |
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')){
|
| 105 |
+
//Fix to prevent fatal error caused by some themes and Yoast SEO
|
| 106 |
+
wp_die( __( 'Not available.', 'all-in-one-wp-security-and-firewall' ), 403 );
|
|
|
|
|
|
|
|
|
|
|
|
|
| 107 |
}
|
| 108 |
|
| 109 |
//case where someone attempting to reach wp-login
|
classes/wp-security-user-login.php
CHANGED
|
@@ -54,10 +54,18 @@ class AIOWPSecurity_User_Login
|
|
| 54 |
{
|
| 55 |
if (array_key_exists('aiowps-captcha-answer', $_POST)) //If the login form with captcha was submitted then do some processing
|
| 56 |
{
|
| 57 |
-
isset($_POST['aiowps-captcha-answer'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 58 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 59 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 60 |
-
|
|
|
|
|
|
|
|
|
|
| 61 |
{
|
| 62 |
//This means a wrong answer was entered
|
| 63 |
$this->increment_failed_logins($username);
|
|
@@ -74,6 +82,9 @@ class AIOWPSecurity_User_Login
|
|
| 74 |
}
|
| 75 |
return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
| 76 |
}
|
|
|
|
|
|
|
|
|
|
| 77 |
}
|
| 78 |
}
|
| 79 |
|
|
@@ -254,9 +265,9 @@ class AIOWPSecurity_User_Login
|
|
| 254 |
$user_id = 0;
|
| 255 |
}
|
| 256 |
$ip_range_str = esc_sql($ip_range).'.*';
|
| 257 |
-
$
|
| 258 |
-
|
| 259 |
-
$result = $wpdb->
|
| 260 |
if ($result === FALSE)
|
| 261 |
{
|
| 262 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_fails_table,4);//Log the highly unlikely event of DB error
|
|
@@ -382,7 +393,7 @@ class AIOWPSecurity_User_Login
|
|
| 382 |
{
|
| 383 |
$current_user = wp_get_current_user();
|
| 384 |
$user_id = $current_user->ID;
|
| 385 |
-
$current_time =
|
| 386 |
$login_time = $this->get_wp_user_last_login_time($user_id);
|
| 387 |
$diff = strtotime($current_time) - strtotime($login_time);
|
| 388 |
$logout_time_interval_value = $aio_wp_security->configs->get_value('aiowps_logout_time_period');
|
|
@@ -423,7 +434,7 @@ class AIOWPSecurity_User_Login
|
|
| 423 |
return;
|
| 424 |
}
|
| 425 |
}
|
| 426 |
-
$login_date_time =
|
| 427 |
update_user_meta($user->ID, 'last_login_time', $login_date_time); //store last login time in meta table
|
| 428 |
$curr_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
|
| 429 |
$insert = "INSERT INTO " . $login_activity_table . " (user_id, user_login, login_date, login_ip) " .
|
|
@@ -455,7 +466,7 @@ class AIOWPSecurity_User_Login
|
|
| 455 |
$this->update_user_online_transient($user_id, $ip_addr);
|
| 456 |
|
| 457 |
$login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
|
| 458 |
-
$logout_date_time =
|
| 459 |
$data = array('logout_date' => $logout_date_time);
|
| 460 |
$where = array('user_id' => $user_id,
|
| 461 |
'login_ip' => $ip_addr,
|
| 54 |
{
|
| 55 |
if (array_key_exists('aiowps-captcha-answer', $_POST)) //If the login form with captcha was submitted then do some processing
|
| 56 |
{
|
| 57 |
+
if(isset($_POST['aiowps-captcha-answer'])){
|
| 58 |
+
$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer']));
|
| 59 |
+
}else{
|
| 60 |
+
$captcha_answer = '';
|
| 61 |
+
}
|
| 62 |
+
//isset($_POST['aiowps-captcha-answer'])?($captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer']))):($captcha_answer = '');
|
| 63 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 64 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 65 |
+
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
|
| 66 |
+
$captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
|
| 67 |
+
|
| 68 |
+
if($submitted_encoded_string !== $captcha_string_info_trans)
|
| 69 |
{
|
| 70 |
//This means a wrong answer was entered
|
| 71 |
$this->increment_failed_logins($username);
|
| 82 |
}
|
| 83 |
return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
| 84 |
}
|
| 85 |
+
}else if(isset($_POST['wp-submit']) && !isset($_POST['aiowps-captcha-answer'])){
|
| 86 |
+
//Return an error if login form submitted but without captcha field
|
| 87 |
+
return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
| 88 |
}
|
| 89 |
}
|
| 90 |
|
| 265 |
$user_id = 0;
|
| 266 |
}
|
| 267 |
$ip_range_str = esc_sql($ip_range).'.*';
|
| 268 |
+
$now = date_i18n( 'Y-m-d H:i:s' );
|
| 269 |
+
$data = array('user_id' => $user_id, 'user_login' => $username, 'failed_login_date' => $now, 'login_attempt_ip' => $ip_range_str);
|
| 270 |
+
$result = $wpdb->insert($login_fails_table, $data);
|
| 271 |
if ($result === FALSE)
|
| 272 |
{
|
| 273 |
$aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_fails_table,4);//Log the highly unlikely event of DB error
|
| 393 |
{
|
| 394 |
$current_user = wp_get_current_user();
|
| 395 |
$user_id = $current_user->ID;
|
| 396 |
+
$current_time = date_i18n( 'Y-m-d H:i:s' );
|
| 397 |
$login_time = $this->get_wp_user_last_login_time($user_id);
|
| 398 |
$diff = strtotime($current_time) - strtotime($login_time);
|
| 399 |
$logout_time_interval_value = $aio_wp_security->configs->get_value('aiowps_logout_time_period');
|
| 434 |
return;
|
| 435 |
}
|
| 436 |
}
|
| 437 |
+
$login_date_time = date_i18n( 'Y-m-d H:i:s' );
|
| 438 |
update_user_meta($user->ID, 'last_login_time', $login_date_time); //store last login time in meta table
|
| 439 |
$curr_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
|
| 440 |
$insert = "INSERT INTO " . $login_activity_table . " (user_id, user_login, login_date, login_ip) " .
|
| 466 |
$this->update_user_online_transient($user_id, $ip_addr);
|
| 467 |
|
| 468 |
$login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
|
| 469 |
+
$logout_date_time = date_i18n( 'Y-m-d H:i:s' );
|
| 470 |
$data = array('logout_date' => $logout_date_time);
|
| 471 |
$where = array('user_id' => $user_id,
|
| 472 |
'login_ip' => $ip_addr,
|
classes/wp-security-user-registration.php
CHANGED
|
@@ -67,7 +67,10 @@ class AIOWPSecurity_User_Registration
|
|
| 67 |
isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
|
| 68 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 69 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 70 |
-
|
|
|
|
|
|
|
|
|
|
| 71 |
{
|
| 72 |
//This means a wrong answer was entered
|
| 73 |
//return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
| 67 |
isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
|
| 68 |
$captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
|
| 69 |
$submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
|
| 70 |
+
$trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
|
| 71 |
+
$captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
|
| 72 |
+
|
| 73 |
+
if($submitted_encoded_string !== $captcha_string_info_trans)
|
| 74 |
{
|
| 75 |
//This means a wrong answer was entered
|
| 76 |
//return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
|
classes/wp-security-utility-file.php
CHANGED
|
@@ -122,7 +122,7 @@ class AIOWPSecurity_Utility_File
|
|
| 122 |
$file_contents = AIOWPSecurity_Utility_File::get_file_contents($src_file_path);
|
| 123 |
|
| 124 |
$payload = serialize($file_contents);
|
| 125 |
-
$date_time =
|
| 126 |
$data = array('date_time' => $date_time, 'meta_key1' => $key_description, 'meta_value2' => $payload);
|
| 127 |
|
| 128 |
//First check if a backup entry already exists in the global_meta table
|
|
@@ -258,8 +258,8 @@ class AIOWPSecurity_Utility_File
|
|
| 258 |
$public_value_actual = substr($actual,-1,1); //get dec value for actual public permission
|
| 259 |
$public_value_rec = substr($recommended,-1,1); //get dec value for recommended public permission
|
| 260 |
|
| 261 |
-
$pva_bin =
|
| 262 |
-
$pvr_bin =
|
| 263 |
//Compare the "executable" bit values for the public actual versus the recommended
|
| 264 |
if (substr($pva_bin,-1,1)<=substr($pvr_bin,-1,1))
|
| 265 |
{
|
|
@@ -296,8 +296,8 @@ class AIOWPSecurity_Utility_File
|
|
| 296 |
//Check "group" permissions
|
| 297 |
$group_value_actual = substr($actual,-2,1);
|
| 298 |
$group_value_rec = substr($recommended,-2,1);
|
| 299 |
-
$gva_bin =
|
| 300 |
-
$gvr_bin =
|
| 301 |
|
| 302 |
//Compare the "executable" bit values for the group actual versus the recommended
|
| 303 |
if (substr($gva_bin,-1,1)<=substr($gvr_bin,-1,1))
|
|
@@ -335,8 +335,8 @@ class AIOWPSecurity_Utility_File
|
|
| 335 |
//Check "owner" permissions
|
| 336 |
$owner_value_actual = substr($actual,-3,1);
|
| 337 |
$owner_value_rec = substr($recommended,-3,1);
|
| 338 |
-
$ova_bin =
|
| 339 |
-
$ovr_bin =
|
| 340 |
|
| 341 |
//Compare the "executable" bit values for the group actual versus the recommended
|
| 342 |
if (substr($ova_bin,-1,1)<=substr($ovr_bin,-1,1))
|
| 122 |
$file_contents = AIOWPSecurity_Utility_File::get_file_contents($src_file_path);
|
| 123 |
|
| 124 |
$payload = serialize($file_contents);
|
| 125 |
+
$date_time = date_i18n( 'Y-m-d H:i:s' );
|
| 126 |
$data = array('date_time' => $date_time, 'meta_key1' => $key_description, 'meta_value2' => $payload);
|
| 127 |
|
| 128 |
//First check if a backup entry already exists in the global_meta table
|
| 258 |
$public_value_actual = substr($actual,-1,1); //get dec value for actual public permission
|
| 259 |
$public_value_rec = substr($recommended,-1,1); //get dec value for recommended public permission
|
| 260 |
|
| 261 |
+
$pva_bin = sprintf('%04b', $public_value_actual); //Convert value to binary
|
| 262 |
+
$pvr_bin = sprintf('%04b', $public_value_rec); //Convert value to binary
|
| 263 |
//Compare the "executable" bit values for the public actual versus the recommended
|
| 264 |
if (substr($pva_bin,-1,1)<=substr($pvr_bin,-1,1))
|
| 265 |
{
|
| 296 |
//Check "group" permissions
|
| 297 |
$group_value_actual = substr($actual,-2,1);
|
| 298 |
$group_value_rec = substr($recommended,-2,1);
|
| 299 |
+
$gva_bin = sprintf('%04b', $group_value_actual); //Convert value to binary
|
| 300 |
+
$gvr_bin = sprintf('%04b', $group_value_rec); //Convert value to binary
|
| 301 |
|
| 302 |
//Compare the "executable" bit values for the group actual versus the recommended
|
| 303 |
if (substr($gva_bin,-1,1)<=substr($gvr_bin,-1,1))
|
| 335 |
//Check "owner" permissions
|
| 336 |
$owner_value_actual = substr($actual,-3,1);
|
| 337 |
$owner_value_rec = substr($recommended,-3,1);
|
| 338 |
+
$ova_bin = sprintf('%04b', $owner_value_actual); //Convert value to binary
|
| 339 |
+
$ovr_bin = sprintf('%04b', $owner_value_rec); //Convert value to binary
|
| 340 |
|
| 341 |
//Compare the "executable" bit values for the group actual versus the recommended
|
| 342 |
if (substr($ova_bin,-1,1)<=substr($ovr_bin,-1,1))
|
classes/wp-security-utility.php
CHANGED
|
@@ -7,6 +7,16 @@ class AIOWPSecurity_Utility
|
|
| 7 |
//NOP
|
| 8 |
}
|
| 9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
static function get_current_page_url()
|
| 11 |
{
|
| 12 |
$pageURL = 'http';
|
|
@@ -58,15 +68,13 @@ class AIOWPSecurity_Utility
|
|
| 58 |
//If multisite
|
| 59 |
if (AIOWPSecurity_Utility::is_multisite_install()) {
|
| 60 |
$blog_id = get_current_blog_id();
|
| 61 |
-
$admin_users = get_users('blog_id=' . $blog_id . 'orderby=login&role=administrator');
|
| 62 |
-
$acct_name_exists = false;
|
| 63 |
foreach ($admin_users as $user) {
|
| 64 |
if ($user->user_login == $username) {
|
| 65 |
-
|
| 66 |
-
break;
|
| 67 |
}
|
| 68 |
}
|
| 69 |
-
return
|
| 70 |
}
|
| 71 |
|
| 72 |
//check users table
|
|
@@ -74,20 +82,18 @@ class AIOWPSecurity_Utility
|
|
| 74 |
$sql_1 = $wpdb->prepare("SELECT user_login FROM $wpdb->users WHERE user_login=%s", $sanitized_username);
|
| 75 |
$user_login = $wpdb->get_var($sql_1);
|
| 76 |
if ($user_login == $sanitized_username) {
|
| 77 |
-
|
| 78 |
} else {
|
| 79 |
//make sure that the sanitized username is an integer before comparing it to the users table's ID column
|
| 80 |
-
$sanitized_username_is_an_integer = (1 === preg_match('/^\d+$/', $sanitized_username))
|
| 81 |
if ($sanitized_username_is_an_integer) {
|
| 82 |
$sql_2 = $wpdb->prepare("SELECT ID FROM $wpdb->users WHERE ID=%d", intval($sanitized_username));
|
| 83 |
$userid = $wpdb->get_var($sql_2);
|
| 84 |
-
|
| 85 |
} else {
|
| 86 |
-
|
| 87 |
}
|
| 88 |
}
|
| 89 |
-
return $users_table_value_exists;
|
| 90 |
-
|
| 91 |
}
|
| 92 |
|
| 93 |
/*
|
|
@@ -163,11 +169,7 @@ class AIOWPSecurity_Utility
|
|
| 163 |
|
| 164 |
static function is_multisite_install()
|
| 165 |
{
|
| 166 |
-
|
| 167 |
-
return true;
|
| 168 |
-
} else {
|
| 169 |
-
return false;
|
| 170 |
-
}
|
| 171 |
}
|
| 172 |
|
| 173 |
//This is a general yellow box message for when we want to suppress a feature's config items because site is subsite of multi-site
|
|
@@ -305,9 +307,7 @@ class AIOWPSecurity_Utility
|
|
| 305 |
|
| 306 |
//Some initialising
|
| 307 |
$url = '';
|
| 308 |
-
$ip_or_host = '';
|
| 309 |
$referer_info = '';
|
| 310 |
-
$event_data = '';
|
| 311 |
|
| 312 |
$events_table_name = AIOWPSEC_TBL_EVENTS;
|
| 313 |
|
|
@@ -328,11 +328,12 @@ class AIOWPSecurity_Utility
|
|
| 328 |
$referer_info = isset($_SERVER['HTTP_REFERER']) ? esc_attr($_SERVER['HTTP_REFERER']) : '';
|
| 329 |
}
|
| 330 |
|
|
|
|
| 331 |
$data = array(
|
| 332 |
'event_type' => $event_type,
|
| 333 |
'username' => $username,
|
| 334 |
'user_id' => $user_id,
|
| 335 |
-
'event_date' => current_time
|
| 336 |
'ip_or_host' => $ip_or_host,
|
| 337 |
'referer_info' => $referer_info,
|
| 338 |
'url' => $url,
|
|
@@ -428,7 +429,7 @@ class AIOWPSecurity_Utility
|
|
| 428 |
*/
|
| 429 |
static function get_blog_ids()
|
| 430 |
{
|
| 431 |
-
global $wpdb
|
| 432 |
if (AIOWPSecurity_Utility::is_multisite_install()) {
|
| 433 |
global $wpdb;
|
| 434 |
$blog_ids = $wpdb->get_col("SELECT blog_id FROM " . $wpdb->prefix . "blogs");
|
|
@@ -491,7 +492,7 @@ class AIOWPSecurity_Utility
|
|
| 491 |
{
|
| 492 |
$keys = array_keys($valid_values);
|
| 493 |
$keys = array_map('strtolower', $keys);
|
| 494 |
-
if (in_array($to_check, $keys)) {
|
| 495 |
return $to_check;
|
| 496 |
}
|
| 497 |
return reset($keys);//Return he first element from the valid values
|
| 7 |
//NOP
|
| 8 |
}
|
| 9 |
|
| 10 |
+
/**
|
| 11 |
+
* Explode $string with $delimiter, trim all lines and filter out empty ones.
|
| 12 |
+
* @param string $string
|
| 13 |
+
* @param string $delimiter
|
| 14 |
+
* @return array
|
| 15 |
+
*/
|
| 16 |
+
static function explode_trim_filter_empty($string, $delimiter = PHP_EOL) {
|
| 17 |
+
return array_filter(array_map('trim', explode($delimiter, $string)), 'strlen');
|
| 18 |
+
}
|
| 19 |
+
|
| 20 |
static function get_current_page_url()
|
| 21 |
{
|
| 22 |
$pageURL = 'http';
|
| 68 |
//If multisite
|
| 69 |
if (AIOWPSecurity_Utility::is_multisite_install()) {
|
| 70 |
$blog_id = get_current_blog_id();
|
| 71 |
+
$admin_users = get_users('blog_id=' . $blog_id . '&orderby=login&role=administrator');
|
|
|
|
| 72 |
foreach ($admin_users as $user) {
|
| 73 |
if ($user->user_login == $username) {
|
| 74 |
+
return true;
|
|
|
|
| 75 |
}
|
| 76 |
}
|
| 77 |
+
return false;
|
| 78 |
}
|
| 79 |
|
| 80 |
//check users table
|
| 82 |
$sql_1 = $wpdb->prepare("SELECT user_login FROM $wpdb->users WHERE user_login=%s", $sanitized_username);
|
| 83 |
$user_login = $wpdb->get_var($sql_1);
|
| 84 |
if ($user_login == $sanitized_username) {
|
| 85 |
+
return true;
|
| 86 |
} else {
|
| 87 |
//make sure that the sanitized username is an integer before comparing it to the users table's ID column
|
| 88 |
+
$sanitized_username_is_an_integer = (1 === preg_match('/^\d+$/', $sanitized_username));
|
| 89 |
if ($sanitized_username_is_an_integer) {
|
| 90 |
$sql_2 = $wpdb->prepare("SELECT ID FROM $wpdb->users WHERE ID=%d", intval($sanitized_username));
|
| 91 |
$userid = $wpdb->get_var($sql_2);
|
| 92 |
+
return ($userid == $sanitized_username);
|
| 93 |
} else {
|
| 94 |
+
return false;
|
| 95 |
}
|
| 96 |
}
|
|
|
|
|
|
|
| 97 |
}
|
| 98 |
|
| 99 |
/*
|
| 169 |
|
| 170 |
static function is_multisite_install()
|
| 171 |
{
|
| 172 |
+
return function_exists('is_multisite') && is_multisite();
|
|
|
|
|
|
|
|
|
|
|
|
|
| 173 |
}
|
| 174 |
|
| 175 |
//This is a general yellow box message for when we want to suppress a feature's config items because site is subsite of multi-site
|
| 307 |
|
| 308 |
//Some initialising
|
| 309 |
$url = '';
|
|
|
|
| 310 |
$referer_info = '';
|
|
|
|
| 311 |
|
| 312 |
$events_table_name = AIOWPSEC_TBL_EVENTS;
|
| 313 |
|
| 328 |
$referer_info = isset($_SERVER['HTTP_REFERER']) ? esc_attr($_SERVER['HTTP_REFERER']) : '';
|
| 329 |
}
|
| 330 |
|
| 331 |
+
$current_time = date_i18n( 'Y-m-d H:i:s' );
|
| 332 |
$data = array(
|
| 333 |
'event_type' => $event_type,
|
| 334 |
'username' => $username,
|
| 335 |
'user_id' => $user_id,
|
| 336 |
+
'event_date' => $current_time,
|
| 337 |
'ip_or_host' => $ip_or_host,
|
| 338 |
'referer_info' => $referer_info,
|
| 339 |
'url' => $url,
|
| 429 |
*/
|
| 430 |
static function get_blog_ids()
|
| 431 |
{
|
| 432 |
+
global $wpdb;
|
| 433 |
if (AIOWPSecurity_Utility::is_multisite_install()) {
|
| 434 |
global $wpdb;
|
| 435 |
$blog_ids = $wpdb->get_col("SELECT blog_id FROM " . $wpdb->prefix . "blogs");
|
| 492 |
{
|
| 493 |
$keys = array_keys($valid_values);
|
| 494 |
$keys = array_map('strtolower', $keys);
|
| 495 |
+
if (in_array(strtolower($to_check), $keys)) {
|
| 496 |
return $to_check;
|
| 497 |
}
|
| 498 |
return reset($keys);//Return he first element from the valid values
|
languages/all-in-one-wp-security-and-firewall-fr_FR.po
CHANGED
|
@@ -5257,7 +5257,7 @@ msgstr "Votre dernier fichier de sauvegarde BdD pour l’URL du site est attach
|
|
| 5257 |
|
| 5258 |
#: all-in-one-wp-security/classes/wp-security-backup.php:190
|
| 5259 |
msgid " generated on"
|
| 5260 |
-
msgstr "généré le"
|
| 5261 |
|
| 5262 |
#: all-in-one-wp-security/classes/wp-security-captcha.php:17
|
| 5263 |
#: all-in-one-wp-security/classes/wp-security-general-init-tasks.php:254
|
| 5257 |
|
| 5258 |
#: all-in-one-wp-security/classes/wp-security-backup.php:190
|
| 5259 |
msgid " generated on"
|
| 5260 |
+
msgstr " généré le"
|
| 5261 |
|
| 5262 |
#: all-in-one-wp-security/classes/wp-security-captcha.php:17
|
| 5263 |
#: all-in-one-wp-security/classes/wp-security-general-init-tasks.php:254
|
other-includes/wp-security-rename-login-feature.php
CHANGED
|
@@ -142,7 +142,6 @@ if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->g
|
|
| 142 |
* @param string $action The action that brought the visitor to the login page.
|
| 143 |
*/
|
| 144 |
$classes = apply_filters( 'login_body_class', $classes, $action );
|
| 145 |
-
|
| 146 |
?>
|
| 147 |
</head>
|
| 148 |
<body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
|
|
@@ -159,6 +158,7 @@ if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->g
|
|
| 159 |
*
|
| 160 |
* @param string $message Login message text.
|
| 161 |
*/
|
|
|
|
| 162 |
$message = apply_filters( 'login_message', $message );
|
| 163 |
if ( !empty( $message ) )
|
| 164 |
echo $message . "\n";
|
|
@@ -180,7 +180,7 @@ if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->g
|
|
| 180 |
else
|
| 181 |
$errors .= ' ' . $error_message . "<br />\n";
|
| 182 |
}
|
| 183 |
-
|
| 184 |
if ( ! empty( $errors ) ) {
|
| 185 |
/**
|
| 186 |
* Filter the error messages displayed above the login form.
|
| 142 |
* @param string $action The action that brought the visitor to the login page.
|
| 143 |
*/
|
| 144 |
$classes = apply_filters( 'login_body_class', $classes, $action );
|
|
|
|
| 145 |
?>
|
| 146 |
</head>
|
| 147 |
<body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
|
| 158 |
*
|
| 159 |
* @param string $message Login message text.
|
| 160 |
*/
|
| 161 |
+
|
| 162 |
$message = apply_filters( 'login_message', $message );
|
| 163 |
if ( !empty( $message ) )
|
| 164 |
echo $message . "\n";
|
| 180 |
else
|
| 181 |
$errors .= ' ' . $error_message . "<br />\n";
|
| 182 |
}
|
| 183 |
+
}
|
| 184 |
if ( ! empty( $errors ) ) {
|
| 185 |
/**
|
| 186 |
* Filter the error messages displayed above the login form.
|
other-includes/wp-security-stop-users-enumeration.php
CHANGED
|
@@ -1,44 +1,11 @@
|
|
| 1 |
<?php
|
| 2 |
|
| 3 |
/*
|
| 4 |
-
|
| 5 |
*/
|
| 6 |
|
| 7 |
-
|
| 8 |
-
|
| 9 |
-
modify it under the terms of the GNU General Public License
|
| 10 |
-
as published by the Free Software Foundation; either version 2
|
| 11 |
-
of the License, or (at your option) any later version.
|
| 12 |
-
|
| 13 |
-
This program is distributed in the hope that it will be useful,
|
| 14 |
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 15 |
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 16 |
-
GNU General Public License for more details.
|
| 17 |
-
|
| 18 |
-
You should have received a copy of the GNU General Public License
|
| 19 |
-
along with this program; if not, write to the Free Software
|
| 20 |
-
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
| 21 |
-
*/
|
| 22 |
-
|
| 23 |
-
if (!is_admin()) {
|
| 24 |
-
if (preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0) {
|
| 25 |
-
if (!empty($_POST['author'])) {
|
| 26 |
-
wp_die('Accessing author info via link is forbidden');
|
| 27 |
-
}
|
| 28 |
-
}
|
| 29 |
-
|
| 30 |
-
if (preg_match('/author=([0-9]*)/', $_SERVER['QUERY_STRING']) === 1)
|
| 31 |
-
wp_die('Accessing author info via link is forbidden');
|
| 32 |
-
|
| 33 |
-
add_filter('redirect_canonical', 'll_detect_enumeration', 10, 2);
|
| 34 |
-
}
|
| 35 |
-
|
| 36 |
-
add_filter('redirect_canonical', 'll_detect_enumeration', 10, 2);
|
| 37 |
-
|
| 38 |
-
function ll_detect_enumeration($redirect_url, $requested_url) {
|
| 39 |
-
if (preg_match('/\?author(%00[0%]*)?=([0-9]*)(\/*)/', $requested_url) === 1 | isset($_POST['author'])) {
|
| 40 |
wp_die('Accessing author info via link is forbidden');
|
| 41 |
-
} else {
|
| 42 |
-
return $redirect_url;
|
| 43 |
}
|
| 44 |
}
|
| 1 |
<?php
|
| 2 |
|
| 3 |
/*
|
| 4 |
+
* Merged by Davide Giunchi, from plugin "Stop User Enumeration" url "http://locally.uk/wordpress-plugins/stop-user-enumeration/" by "Locally Digital Ltd"
|
| 5 |
*/
|
| 6 |
|
| 7 |
+
if (!is_admin() && isset($_SERVER['REQUEST_URI'])) {
|
| 8 |
+
if (preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0 && !empty($_REQUEST['author'])) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
wp_die('Accessing author info via link is forbidden');
|
|
|
|
|
|
|
| 10 |
}
|
| 11 |
}
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin, mbrso
|
|
| 3 |
Donate link: https://www.tipsandtricks-hq.com
|
| 4 |
Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
|
| 5 |
Requires at least: 3.5
|
| 6 |
-
Tested up to: 4.
|
| 7 |
-
Stable tag: 4.1.
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
|
|
@@ -183,6 +183,32 @@ None
|
|
| 183 |
|
| 184 |
== Changelog ==
|
| 185 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 186 |
= 4.1.0 =
|
| 187 |
- Fixed bug in Maintenance menu page when trying to attach a media file to the message text box.
|
| 188 |
- Added a new filter (called "aiowps_ip_blocked_error_msg") which allows the modification of the error message displayed on the login page when an IP address has been blocked by the login lockdown feature.
|
| 3 |
Donate link: https://www.tipsandtricks-hq.com
|
| 4 |
Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
|
| 5 |
Requires at least: 3.5
|
| 6 |
+
Tested up to: 4.6
|
| 7 |
+
Stable tag: 4.1.4
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
|
| 183 |
|
| 184 |
== Changelog ==
|
| 185 |
|
| 186 |
+
= 4.1.4 =
|
| 187 |
+
- Improved and tweaked the login captcha feature to avoid some issues people had with the last modification.
|
| 188 |
+
- Deleted reference to ini_get('safe_mode') to avoid fatal errors for newer versions of PHP where that setting has been totally removed.
|
| 189 |
+
|
| 190 |
+
= 4.1.3 =
|
| 191 |
+
- Added new checkbox for XMLRPC to disable only pingback methods but leave other XMLRPC functionality accessible. This will be useful for people who use Jetpack or Wordpress iOS or other apps.
|
| 192 |
+
- Updated the French language file.
|
| 193 |
+
- Fix: decbin doesn't add leading zero. Comparing empty strings return bad results.
|
| 194 |
+
- Fix: bugfix in the login captcha. Thanks to Sipke Mellema for pointing it out.
|
| 195 |
+
|
| 196 |
+
= 4.1.2 =
|
| 197 |
+
- Fixed bug introduced by last file change scanner code changes.
|
| 198 |
+
- Fixed bug in SPAM comment blocking functionality.
|
| 199 |
+
- Fixed fatal error case when Divi theme and front end lockout is enabled.
|
| 200 |
+
|
| 201 |
+
= 4.1.1 =
|
| 202 |
+
- Fixed Fatal error conflict between Rename Login feature and Yoast SEO and some themes when attempting to access wp-admin page directly.
|
| 203 |
+
- Added "Pending Approval" message when manual registration approval feature is enabled and a user registers.
|
| 204 |
+
- Fix (minor): No need to use strcmp to compare integer values.
|
| 205 |
+
- Updated and simplified wp-security-stop-users-enumeration.php for bug (thanks to @davidegiunchidiennea)
|
| 206 |
+
- Minor code cleanup (Thanks to @chesio for the following changes).
|
| 207 |
+
- File scanner codebase cleanup.
|
| 208 |
+
- Fix: properly report invalid email addresses in file scanner configuration.
|
| 209 |
+
- Code clean-up in AIOWPSecurity_Scan::do_file_change_scan() method.
|
| 210 |
+
- Tweak: Compare file scan data faster.
|
| 211 |
+
|
| 212 |
= 4.1.0 =
|
| 213 |
- Fixed bug in Maintenance menu page when trying to attach a media file to the message text box.
|
| 214 |
- Added a new filter (called "aiowps_ip_blocked_error_msg") which allows the modification of the error message displayed on the login page when an IP address has been blocked by the login lockdown feature.
|
wp-security-core.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
if (!class_exists('AIO_WP_Security')){
|
| 4 |
|
| 5 |
class AIO_WP_Security{
|
| 6 |
-
var $version = '4.1.
|
| 7 |
var $db_version = '1.8';
|
| 8 |
var $plugin_url;
|
| 9 |
var $plugin_path;
|
| 3 |
if (!class_exists('AIO_WP_Security')){
|
| 4 |
|
| 5 |
class AIO_WP_Security{
|
| 6 |
+
var $version = '4.1.4';
|
| 7 |
var $db_version = '1.8';
|
| 8 |
var $plugin_url;
|
| 9 |
var $plugin_path;
|
wp-security.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
Plugin Name: All In One WP Security
|
| 4 |
-
Version: 4.1.
|
| 5 |
Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
| 6 |
Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
|
| 7 |
Author URI: https://www.tipsandtricks-hq.com/
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
Plugin Name: All In One WP Security
|
| 4 |
+
Version: 4.1.4
|
| 5 |
Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
|
| 6 |
Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
|
| 7 |
Author URI: https://www.tipsandtricks-hq.com/
|
