All In One WP Security & Firewall

Version Description

Changed the parameter in current_user_can function to use an administrator capability instead of the "administrator" role name.
Added some new hooks to the AIOWPSecurity_WP_Loaded_Tasks called aiowps_wp_loaded_tasks_start and aiowps_wp_loaded_tasks_end.
Improved get_locked_ips() function and added $wpdb->prepare statement.
Added more missing translation domain parameters for translatable strings in the rename login page.
Deleted local copy of the Persian and Italian language files. These translations are available on translate.wordpress.org.
Domain path and text domain added to plugin header.
Changed the get_user_ip_address functions so that $_SERVER['REMOTE_ADDR'] is the primary method used to obtain IP address.
Added enumeration block via REST API (wp >

Release Info

Developer	mra13
Plugin	All In One WP Security & Firewall
Version	4.2.9
Comparing to
See all releases

Code changes from version 4.2.8 to 4.2.9

Files changed (11) hide show

classes/grade-system/wp-security-feature-item-manager.php +1 -1
classes/wp-security-general-init-tasks.php +1 -1
classes/wp-security-utility-ip-address.php +4 -1
classes/wp-security-utility.php +6 -5
classes/wp-security-wp-loaded-tasks.php +9 -1
languages/all-in-one-wp-security-and-firewall.pot +1 -1
other-includes/wp-security-rename-login-feature.php +20 -20
other-includes/wp-security-stop-users-enumeration.php +6 -0
readme.txt +11 -1
wp-security-core.php +1 -1
wp-security.php +3 -1

classes/grade-system/wp-security-feature-item-manager.php CHANGED Viewed

	@@ -26,7 +26,7 @@ class AIOWPSecurity_Feature_Item_Manager
26	$this->feature_items = array();
27	//Settings Menu Features
28	//WP Generator Meta
29	- $this->feature_items[] = new AIOWPSecurity_Feature_Item("wp-generator-meta-tag", __("Remove WP ~~Generatore~~ Meta Tag", "all-in-one-wp-security-and-firewall"), $this->feature_point_1, $this->sec_level_basic);
30
31	//Prevent Image Hotlinks
32	$this->feature_items[] = new AIOWPSecurity_Feature_Item("prevent-hotlinking", __("Prevent Image Hotlinking", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);


26	$this->feature_items = array();
27	//Settings Menu Features
28	//WP Generator Meta
29	+ $this->feature_items[] = new AIOWPSecurity_Feature_Item("wp-generator-meta-tag", __("Remove WP Generator Meta Tag", "all-in-one-wp-security-and-firewall"), $this->feature_point_1, $this->sec_level_basic);
30
31	//Prevent Image Hotlinks
32	$this->feature_items[] = new AIOWPSecurity_Feature_Item("prevent-hotlinking", __("Prevent Image Hotlinking", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_basic);

classes/wp-security-general-init-tasks.php CHANGED Viewed

	@@ -521,7 +521,7 @@ class AIOWPSecurity_General_Init_Tasks
521	function reapply_htaccess_rules_notice()
522	{
523	if (get_option('aiowps_temp_configs') !== FALSE){
524	- echo '<div class="updated"><p>Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?  <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1" class="button-primary">Yes</a>  <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2" class="button-primary">No</a></p></div>';
525	}
526	}
527


521	function reapply_htaccess_rules_notice()
522	{
523	if (get_option('aiowps_temp_configs') !== FALSE){
524	+ echo '<div class="updated"><p>'.__('Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?', 'all-in-one-wp-security-and-firewall').'  <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1" class="button-primary">Yes</a>  <a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2" class="button-primary">No</a></p></div>';
525	}
526	}
527

classes/wp-security-utility-ip-address.php CHANGED Viewed

	@@ -8,7 +8,10 @@ class AIOWPSecurity_Utility_IP
8
9	static function get_user_ip_address()
10	{
11	- ~~foreach~~ ~~(array('HTTP_CF_CONNECTING_IP',~~ ~~'HTTP_CLIENT_IP',~~ ~~'HTTP_X_FORWARDED_FOR',~~ ~~'HTTP_X_FORWARDED',~~ ~~'HTTP_X_CLUSTER_CLIENT_IP',~~ ~~'HTTP_FORWARDED_FOR',~~ ~~'HTTP_FORWARDED',~~ 'REMOTE_ADDR') as ~~$key){~~



12	if (array_key_exists($key, $_SERVER) === true){
13	foreach (explode(',', $_SERVER[$key]) as $ip){
14	$userIP = trim($ip);


8
9	static function get_user_ip_address()
10	{
11	+ //I have modified this function slightly so that the $_SERVER['REMOTE_ADDR'] value is the first method checked and returned.
12	+ //This change was necessary because $_SERVER['REMOTE_ADDR'] is the most reliable and accurate way to get IP address because the other methods are easily spoofed.
13	+ //TODO - in a future release we can probably add a config item to allow admins to choose the other methods of finding IP address.
14	+ foreach (array('REMOTE_ADDR', 'HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key){
15	if (array_key_exists($key, $_SERVER) === true){
16	foreach (explode(',', $_SERVER[$key]) as $ip){
17	$userIP = trim($ip);

classes/wp-security-utility.php CHANGED Viewed

	@@ -432,12 +432,13 @@ class AIOWPSecurity_Utility
432	{
433	global $wpdb;
434	$login_lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
435	- $~~locked_ips~~ = ~~$wpdb->get_results~~(~~"SELECT~~ * ~~FROM $login_lockdown_table " .~~
436	- "WHERE release_date > now()", ARRAY_A);
437	- ~~if ($locked_ips != NULL) {~~
438	- ~~return~~ $locked_ips;
439	- } else {
440	return FALSE;


441	}
442	}
443


432	{
433	global $wpdb;
434	$login_lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
435	+ $now = current_time( 'mysql' );
436	+ $locked_ips = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_lockdown_table WHERE release_date > %s", $now), ARRAY_A);
437	+
438	+ if (empty($locked_ips)) {

439	return FALSE;
440	+ } else {
441	+ return $locked_ips;
442	}
443	}
444

classes/wp-security-wp-loaded-tasks.php CHANGED Viewed

	@@ -8,6 +8,7 @@ class AIOWPSecurity_WP_Loaded_Tasks {
8	//Add tasks that need to be executed at wp-loaded time
9
10	global $aio_wp_security;

11
12	//Handle the rename login page feature
13	if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
	@@ -20,10 +21,17 @@ class AIOWPSecurity_WP_Loaded_Tasks {
20
21	//For site lockout feature (ie, maintenance mode). It needs to be checked after the rename login page
22	if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
23	- if (!is_user_logged_in() ~~&& !current_user_can('administrator'~~) ~~&& !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php')))~~ {





24	self::site_lockout_tasks();
25	}
26	}


27	}
28
29	static function site_lockout_tasks() {


8	//Add tasks that need to be executed at wp-loaded time
9
10	global $aio_wp_security;
11	+ do_action( 'aiowps_wp_loaded_tasks_start', $this);
12
13	//Handle the rename login page feature
14	if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {

21
22	//For site lockout feature (ie, maintenance mode). It needs to be checked after the rename login page
23	if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') {
24	+ if (!is_user_logged_in()) {
25	+ //now check if user trying to reach login pages
26	+ if(!in_array($GLOBALS['pagenow'], array('wp-login.php'))){
27	+ self::site_lockout_tasks();
28	+ }
29	+ }else if(is_user_logged_in() && !current_user_can('manage_options') && !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php')) ){
30	self::site_lockout_tasks();
31	}
32	}
33	+ do_action( 'aiowps_wp_loaded_tasks_end', $this);
34	+
35	}
36
37	static function site_lockout_tasks() {

languages/all-in-one-wp-security-and-firewall.pot CHANGED Viewed

	@@ -5261,7 +5261,7 @@ msgid ""
5261	msgstr ""
5262
5263	#: classes/grade-system/wp-security-feature-item-manager.php:29
5264	- msgid "Remove WP ~~Generatore~~ Meta Tag"
5265	msgstr ""
5266
5267	#: classes/grade-system/wp-security-feature-item-manager.php:38


5261	msgstr ""
5262
5263	#: classes/grade-system/wp-security-feature-item-manager.php:29
5264	+ msgid "Remove WP Generator Meta Tag"
5265	msgstr ""
5266
5267	#: classes/grade-system/wp-security-feature-item-manager.php:38

other-includes/wp-security-rename-login-feature.php CHANGED Viewed

	@@ -214,7 +214,7 @@ if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->g
214
215	// Don't allow interim logins to navigate away from the page.
216	if ( ! $interim_login ): ?>
217	- <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s', 'all-in-one-wp-security-and-firewall' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
218	<?php endif; ?>
219
220	</div>
	@@ -558,7 +558,7 @@ switch ($action) {
558
559	<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
560	<p>
561	- <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
562	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
563	</p>
564	<?php
	@@ -569,11 +569,11 @@ switch ($action) {
569	*/
570	do_action( 'lostpassword_form' ); ?>
571	<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
572	- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
573	</form>
574
575	<p id="nav">
576	- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
577	<?php
578	if ( get_option( 'users_can_register' ) ) :
579	$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register', 'all-in-one-wp-security-and-firewall' ) );
	@@ -651,16 +651,16 @@ switch ($action) {
651	<input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
652
653	<p class="user-pass1-wrap">
654	- <label for="pass1"><?php _e('New password') ?></label><br />
655	<div class="wp-pwd">
656	<span class="password-input-wrapper">
657	<input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" />
658	</span>
659	- <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator' ); ?></div>
660	</div>
661	</p>
662	<p class="user-pass2-wrap">
663	- <label for="pass2"><?php _e('Confirm new password') ?></label><br />
664	<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
665	</p>
666
	@@ -678,11 +678,11 @@ switch ($action) {
678	do_action( 'resetpass_form', $user );
679	?>
680	<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
681	- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
682	</form>
683
684	<p id="nav">
685	- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
686	<?php
687	if ( get_option( 'users_can_register' ) ) :
688	$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register', 'all-in-one-wp-security-and-firewall' ) );
	@@ -742,11 +742,11 @@ switch ($action) {
742
743	<form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post" novalidate="novalidate">
744	<p>
745	- <label for="user_login"><?php _e('Username') ?><br />
746	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
747	</p>
748	<p>
749	- <label for="user_email"><?php _e('E-mail') ?><br />
750	<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label>
751	</p>
752	<?php
	@@ -757,15 +757,15 @@ switch ($action) {
757	*/
758	do_action( 'register_form' );
759	?>
760	- <p id="reg_passmail"><?php _e( 'Registration confirmation will be e-mailed to you.' ); ?></p>
761	<br class="clear" />
762	<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
763	- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p>
764	</form>
765
766	<p id="nav">
767	- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> \|
768	- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a>
769	</p>
770
771	<?php
	@@ -908,11 +908,11 @@ switch ($action) {
908
909	<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
910	<p>
911	- <label for="user_login"><?php _e('Username or Email') ?><br />
912	<input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
913	</p>
914	<p>
915	- <label for="user_pass"><?php _e('Password') ?><br />
916	<input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
917	</p>
918	<?php
	@@ -923,9 +923,9 @@ switch ($action) {
923	*/
924	do_action( 'login_form' );
925	?>
926	- <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
927	<p class="submit">
928	- <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
929	<?php if ( $interim_login ) { ?>
930	<input type="hidden" name="interim-login" value="1" />
931	<?php } else { ?>
	@@ -948,7 +948,7 @@ switch ($action) {
948	echo apply_filters( 'register', $registration_url ) . ' \| ';
949	endif;
950	?>
951	- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
952	<?php endif; ?>
953	</p>
954	<?php } ?>


214
215	// Don't allow interim logins to navigate away from the page.
216	if ( ! $interim_login ): ?>
217	+ <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?', 'all-in-one-wp-security-and-firewall' ); ?>"><?php printf( __( '← Back to %s', 'all-in-one-wp-security-and-firewall' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
218	<?php endif; ?>
219
220	</div>

558
559	<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
560	<p>
561	+ <label for="user_login" ><?php _e('Username or E-mail:', 'all-in-one-wp-security-and-firewall') ?><br />
562	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
563	</p>
564	<?php

569	*/
570	do_action( 'lostpassword_form' ); ?>
571	<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
572	+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password', 'all-in-one-wp-security-and-firewall'); ?>" /></p>
573	</form>
574
575	<p id="nav">
576	+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in', 'all-in-one-wp-security-and-firewall') ?></a>
577	<?php
578	if ( get_option( 'users_can_register' ) ) :
579	$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register', 'all-in-one-wp-security-and-firewall' ) );

651	<input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
652
653	<p class="user-pass1-wrap">
654	+ <label for="pass1"><?php _e('New password', 'all-in-one-wp-security-and-firewall') ?></label><br />
655	<div class="wp-pwd">
656	<span class="password-input-wrapper">
657	<input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" />
658	</span>
659	+ <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator', 'all-in-one-wp-security-and-firewall' ); ?></div>
660	</div>
661	</p>
662	<p class="user-pass2-wrap">
663	+ <label for="pass2"><?php _e('Confirm new password', 'all-in-one-wp-security-and-firewall') ?></label><br />
664	<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
665	</p>
666

678	do_action( 'resetpass_form', $user );
679	?>
680	<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
681	+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password', 'all-in-one-wp-security-and-firewall'); ?>" /></p>
682	</form>
683
684	<p id="nav">
685	+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in', 'all-in-one-wp-security-and-firewall' ); ?></a>
686	<?php
687	if ( get_option( 'users_can_register' ) ) :
688	$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register', 'all-in-one-wp-security-and-firewall' ) );

742
743	<form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post" novalidate="novalidate">
744	<p>
745	+ <label for="user_login"><?php _e('Username', 'all-in-one-wp-security-and-firewall') ?><br />
746	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
747	</p>
748	<p>
749	+ <label for="user_email"><?php _e('E-mail', 'all-in-one-wp-security-and-firewall') ?><br />
750	<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label>
751	</p>
752	<?php

757	*/
758	do_action( 'register_form' );
759	?>
760	+ <p id="reg_passmail"><?php _e( 'Registration confirmation will be e-mailed to you.', 'all-in-one-wp-security-and-firewall' ); ?></p>
761	<br class="clear" />
762	<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
763	+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register', 'all-in-one-wp-security-and-firewall'); ?>" /></p>
764	</form>
765
766	<p id="nav">
767	+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in', 'all-in-one-wp-security-and-firewall' ); ?></a> \|
768	+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found', 'all-in-one-wp-security-and-firewall' ) ?>"><?php _e( 'Lost your password?', 'all-in-one-wp-security-and-firewall' ); ?></a>
769	</p>
770
771	<?php

908
909	<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
910	<p>
911	+ <label for="user_login"><?php _e('Username or Email', 'all-in-one-wp-security-and-firewall') ?><br />
912	<input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
913	</p>
914	<p>
915	+ <label for="user_pass"><?php _e('Password', 'all-in-one-wp-security-and-firewall') ?><br />
916	<input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
917	</p>
918	<?php

923	*/
924	do_action( 'login_form' );
925	?>
926	+ <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me', 'all-in-one-wp-security-and-firewall'); ?></label></p>
927	<p class="submit">
928	+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In', 'all-in-one-wp-security-and-firewall'); ?>" />
929	<?php if ( $interim_login ) { ?>
930	<input type="hidden" name="interim-login" value="1" />
931	<?php } else { ?>

948	echo apply_filters( 'register', $registration_url ) . ' \| ';
949	endif;
950	?>
951	+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found', 'all-in-one-wp-security-and-firewall' ); ?>"><?php _e( 'Lost your password?', 'all-in-one-wp-security-and-firewall' ); ?></a>
952	<?php endif; ?>
953	</p>
954	<?php } ?>

other-includes/wp-security-stop-users-enumeration.php CHANGED Viewed

@@ -9,3 +9,9 @@ if (!is_admin() && isset($_SERVER['REQUEST_URI'])) {
                     wp_die('Accessing author info via link is forbidden');
+                }
+            }


9	wp_die('Accessing author info via link is forbidden');
10	}
11	}
12	+
13	+ if(( preg_match('/users/', $_SERVER['REQUEST_URI']) !== 0 ) \|\| ( isset($_REQUEST['rest_route']) && ( preg_match('/users/', $_REQUEST['rest_route']) !== 0 ))){
14	+ if( ! is_user_logged_in() ) {
15	+ wp_die('Accessing author info via REST API is forbidden');
16	+ }
17	+ }

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
5	Requires at least: 3.5
6	Tested up to: 4.8
7	- Stable tag: 4.2.8
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -184,6 +184,16 @@ None
184
185	== Changelog ==
186










187	= 4.2.8 =
188	- Improved "User Registration" feature to bypass the pending approval status for new users created in admin side.
189	- Fixed bug in whois library.


4	Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
5	Requires at least: 3.5
6	Tested up to: 4.8
7	+ Stable tag: 4.2.9
8	License: GPLv3
9
10	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

184
185	== Changelog ==
186
187	+ = 4.2.9 =
188	+ - Changed the parameter in current_user_can function to use an administrator capability instead of the "administrator" role name.
189	+ - Added some new hooks to the AIOWPSecurity_WP_Loaded_Tasks called aiowps_wp_loaded_tasks_start and aiowps_wp_loaded_tasks_end.
190	+ - Improved get_locked_ips() function and added $wpdb->prepare statement.
191	+ - Added more missing translation domain parameters for translatable strings in the rename login page.
192	+ - Deleted local copy of the Persian and Italian language files. These translations are available on translate.wordpress.org.
193	+ - Domain path and text domain added to plugin header.
194	+ - Changed the get_user_ip_address functions so that $_SERVER['REMOTE_ADDR'] is the primary method used to obtain IP address.
195	+ - Added enumeration block via REST API (wp >= 4.7)
196	+
197	= 4.2.8 =
198	- Improved "User Registration" feature to bypass the pending approval status for new users created in admin side.
199	- Fixed bug in whois library.

wp-security-core.php CHANGED Viewed

	@@ -7,7 +7,7 @@ if ( !defined('ABSPATH') ) {
7	if (!class_exists('AIO_WP_Security')){
8
9	class AIO_WP_Security{
10	- var $version = '4.2.8';
11	var $db_version = '1.9';
12	var $plugin_url;
13	var $plugin_path;


7	if (!class_exists('AIO_WP_Security')){
8
9	class AIO_WP_Security{
10	+ var $version = '4.2.9';
11	var $db_version = '1.9';
12	var $plugin_url;
13	var $plugin_path;

wp-security.php CHANGED Viewed

	@@ -1,11 +1,13 @@
1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	- Version: 4.2.8
5	Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: https://www.tipsandtricks-hq.com/
8	Description: All round best WordPress security plugin!


9	License: GPL3
10	*/
11


1	<?php
2	/*
3	Plugin Name: All In One WP Security
4	+ Version: 4.2.9
5	Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6	Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
7	Author URI: https://www.tipsandtricks-hq.com/
8	Description: All round best WordPress security plugin!
9	+ Text Domain: all-in-one-wp-security-and-firewall
10	+ Domain Path: /languages
11	License: GPL3
12	*/
13

All In One WP Security & Firewall - Version 4.2.9

Version Description

Release Info

Code changes from version 4.2.8 to 4.2.9