All In One WP Security & Firewall - Version 5.0.5

Version Description

  • 05/September/2022 =

  • FIX: Cookie based brute force etc rules to be removed from .htaccess if set in older version 4.4.12.

  • FIX: The IP lock notification mail was sent out for the 404 lockdown event.

  • TWEAK: Resolve a PHP-firewall 'Unable to locate workspace' log message.

Download this release

Release Info

Developer DavidAnderson
Plugin Icon 128x128 All In One WP Security & Firewall
Version 5.0.5
Comparing to
See all releases

Code changes from version 5.0.4 to 5.0.5

Files changed (5) hide show
  1. classes/firewall/wp-security-firewall-loader.php +17 -0
  2. readme.txt +8 -2
  3. vendor/composer/installed.php +2 -2
  4. wp-security-core.php +3 -72
  5. wp-security.php +1 -1
classes/firewall/wp-security-firewall-loader.php CHANGED
@@ -27,6 +27,13 @@ class Loader {
27
 
28
  try {
29
 
 
 
 
 
 
 
 
30
  $this->init_includes();
31
  $this->init_services();
32
 
@@ -48,6 +55,16 @@ class Loader {
48
 
49
  }
50
 
 
 
 
 
 
 
 
 
 
 
51
  /**
52
  * Log our error messages
53
  *
27
 
28
  try {
29
 
30
+ /**
31
+ * The preloader file should not be directly accessed.
32
+ * It should only be loaded via the bootstrap file or in a WordPress context
33
+ */
34
+ if ($this->is_preloader_directly_accessed()) return;
35
+
36
+
37
  $this->init_includes();
38
  $this->init_services();
39
 
55
 
56
  }
57
 
58
+
59
+ /**
60
+ * Detects whether the preloader file (wp-security-firewall.php) was directly accessed
61
+ *
62
+ * @return boolean
63
+ */
64
+ public function is_preloader_directly_accessed() {
65
+ return (1 === preg_match('/wp-security-firewall\.php$/', get_included_files()[0]));
66
+ }
67
+
68
  /**
69
  * Log our error messages
70
  *
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall,
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.0
8
- Stable tag: 5.0.4
9
  License: GPLv3 or later
10
 
11
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -179,6 +179,12 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
179
 
180
  == Changelog ==
181
 
 
 
 
 
 
 
182
  = 5.0.4 - 03/September/2022 =
183
 
184
  * FIX: PHP coding warning in latest PHP version when handling email address parameter.
@@ -1032,4 +1038,4 @@ those who want to enable the basic firewall but do not have "AllowOverride" opti
1032
 
1033
 
1034
  == Upgrade Notice ==
1035
- * 5.0.2: New features such as a PHP-based firewall, Two Factor Authentication, and WHOIS lookup have been added. It contains various fixes and tweaks. A recommended update for all.
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.0
8
+ Stable tag: 5.0.5
9
  License: GPLv3 or later
10
 
11
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
179
 
180
  == Changelog ==
181
 
182
+ = 5.0.5 - 05/September/2022 =
183
+
184
+ * FIX: Cookie based brute force etc rules to be removed from .htaccess if set in older version 4.4.12.
185
+ * FIX: The IP lock notification mail was sent out for the 404 lockdown event.
186
+ * TWEAK: Resolve a PHP-firewall 'Unable to locate workspace' log message.
187
+
188
  = 5.0.4 - 03/September/2022 =
189
 
190
  * FIX: PHP coding warning in latest PHP version when handling email address parameter.
1038
 
1039
 
1040
  == Upgrade Notice ==
1041
+ * 5.0.5: The 5.0 series has various new features such as a PHP-based firewall, Two Factor Authentication, and WHOIS lookup have been added. It contains various fixes and tweaks. 5.0.X releases are fixing issues discovered in the 5.0 branch. A recommended update for all.
vendor/composer/installed.php CHANGED
@@ -5,7 +5,7 @@
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
- 'reference' => '7b30d406824e47bd613a5be289d39e9b24b4c0fd',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
@@ -34,7 +34,7 @@
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
- 'reference' => '7b30d406824e47bd613a5be289d39e9b24b4c0fd',
38
  'dev_requirement' => false,
39
  ),
40
  ),
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
+ 'reference' => '817e5e256b1aaafaa99cf07bea6a461ce15c0706',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
+ 'reference' => '817e5e256b1aaafaa99cf07bea6a461ce15c0706',
38
  'dev_requirement' => false,
39
  ),
40
  ),
wp-security-core.php CHANGED
@@ -8,9 +8,9 @@ if (!class_exists('AIO_WP_Security')) {
8
 
9
  class AIO_WP_Security {
10
 
11
- public $version = '5.0.4';
12
 
13
- public $db_version = '1.9.2';
14
 
15
  public $plugin_url;
16
 
@@ -416,82 +416,13 @@ if (!class_exists('AIO_WP_Security')) {
416
  if (get_option('aiowpsec_db_version') != AIO_WP_SECURITY_DB_VERSION) {
417
  require_once(AIO_WP_SECURITY_PATH.'/classes/wp-security-installer.php');
418
  AIOWPSecurity_Installer::run_installer();
419
- $this->upgrade_aio_firewall();
420
  AIOWPSecurity_Installer::set_cron_tasks_upon_activation();
 
421
  }
422
  }
423
  }
424
 
425
 
426
- /**
427
- * Upgrades .htaccess firewall to PHP firewall
428
- *
429
- * @return void
430
- */
431
- public function upgrade_aio_firewall() {
432
-
433
- $htpath = path_join(get_home_path(), '.htaccess');
434
-
435
- clearstatcache();
436
- if (!file_exists($htpath)) {
437
- return;
438
- }
439
-
440
- $contents = file_get_contents($htpath);
441
-
442
- if (false === $contents) {
443
- return;
444
- }
445
-
446
- //Blacklist IPs get merged with 6G firewall directives if enabled together, we need to separate them (if present) for the upgrade.
447
- $replacement_content = "";
448
- $is_blacklist_merged = false;
449
- if (preg_match('/#AIOWPS_IP_BLACKLIST_2_3_START(.*?)#AIOWPS_IP_BLACKLIST_2_3_END/sm', $contents, $matches23)) {
450
- $is_blacklist_merged = true;
451
- $replacement_content .= "<IfModule !mod_authz_core.c>\n";
452
- $replacement_content .= "Order allow,deny\n";
453
- $replacement_content .= "Allow from all\n";
454
- $replacement_content .= trim($matches23[1])."\n";
455
- $replacement_content .= "</IfModule>\n";
456
- }
457
- if (preg_match('/#AIOWPS_IP_BLACKLIST_2_4_START(.*?)#AIOWPS_IP_BLACKLIST_2_4_END/sm', $contents, $matches24)) {
458
- $is_blacklist_merged = true;
459
- $replacement_content .= "<IfModule mod_authz_core.c>\n";
460
- $replacement_content .= "<RequireAll>\n";
461
- $replacement_content .= "Require all granted\n";
462
- $replacement_content .= trim($matches24[1])."\n";
463
- $replacement_content .= "</RequireAll>\n";
464
- $replacement_content .= "</IfModule>\n";
465
- }
466
- //Encapsulate the separated blacklist in its header and footer
467
- if ($is_blacklist_merged) {
468
- $replacement_content = "#AIOWPS_IP_BLACKLIST_START\n".$replacement_content."#AIOWPS_IP_BLACKLIST_END";
469
- }
470
-
471
- $removed = 0;
472
- $contents = preg_replace('/#AIOWPS_SIX_G_BLACKLIST_START(.*?)#AIOWPS_SIX_G_BLACKLIST_END/ms', $replacement_content, $contents, -1, $removed);
473
-
474
- if ($removed > 0) {
475
-
476
- include_once(AIO_WP_SECURITY_PATH.'/classes/firewall/libs/wp-security-firewall-config.php');
477
- $rules_path = AIOWPSecurity_Utility_Firewall::get_firewall_rules_path();
478
-
479
- if (false !== file_put_contents($htpath, $contents, LOCK_EX)) {
480
-
481
- $config = new \AIOWPS\Firewall\Config($rules_path . 'settings');
482
-
483
- //Enable all the 6G firewall settings
484
- $config->set_value('aiowps_6g_block_request_methods', AIOS_Abstracted_Ids::get_firewall_block_request_methods());
485
- $config->set_value('aiowps_6g_block_referrers', true);
486
- $config->set_value('aiowps_6g_block_query', true);
487
- $config->set_value('aiowps_6g_block_request', true);
488
- $config->set_value('aiowps_6g_block_agents', true);
489
-
490
- }
491
-
492
- }
493
- }
494
-
495
  /**
496
  * Loads our firewall
497
  *
8
 
9
  class AIO_WP_Security {
10
 
11
+ public $version = '5.0.5';
12
 
13
+ public $db_version = '1.9.3';
14
 
15
  public $plugin_url;
16
 
416
  if (get_option('aiowpsec_db_version') != AIO_WP_SECURITY_DB_VERSION) {
417
  require_once(AIO_WP_SECURITY_PATH.'/classes/wp-security-installer.php');
418
  AIOWPSecurity_Installer::run_installer();
 
419
  AIOWPSecurity_Installer::set_cron_tasks_upon_activation();
420
+ AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
421
  }
422
  }
423
  }
424
 
425
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
426
  /**
427
  * Loads our firewall
428
  *
wp-security.php CHANGED
@@ -2,7 +2,7 @@
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
- Version: 5.0.4
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
+ Version: 5.0.5
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team