All In One WP Security & Firewall - Version 5.0.8

Version Description

  • 29/September/2022 =

  • SECURITY/FEATURE: Fix IP address detection, and give IP address detection settings in the Admin Dashboard > WP Security > Settings > Advanced Settings, provide user guidance on how to use them, and notify the user if there any problem is apparent. Versions from 5.0.0 to 5.0.7 had a defect allowing an attacker to spoof their IP address, aiding them to avoid detection or locking out legitimate users. Thanks to Calvin Alkan for the responsible disclosure.

  • FIX: The 403 forbidden error was shown on the wp login screen if the login url contains the redirect_to parameter and the deny bad query strings firewall feature is enabled on localhost.

  • FIX: The PUT request method was blocked when the user enabled the 6G firewall.

  • FIX: The login whitelisting didn't work on servers not supporting .htaccess files, without this information being dislayed in the user interface. The feature is now ported to PHP so that it works on all servers. Thanks to Calvin Alkan for identifying this issue.

  • TWEAK: Add index keys to the login lockdown, failed_logins and the permanent block tables to prevent poor database reading performance in the event of vast numbers of rows being stored in these tables (see the "SECURITY" item above, since the defect described there can allow this). Thanks to Calvin Alkan for identifying this issue.

  • TWEAK: Resolve a PHP-firewall 'Unable to locate workspace' log message.

  • TWEAK: Added a constant AIOS_DISABLE_GET_EXTERNAL_IP. Define this in your wp-config.php to disable getting the IP address via an external API when the IP retrieval method fail to get a valid IP address.

  • TWEAK: Replace deprecated jQuery(document).ready() calls.

  • TWEAK: Disable cookie access via JS and HTTP for cookie-based brute force prevention.

  • TWEAK: Enhanced cookie storage mechanism for cookie-based brute force prevention. Thanks to Calvin Alkan for identifying this improvement.

  • TWEAK: Display notice alerting the user that the block spam comment doesn't work on non-apache servers in the block spam comment section. Thanks to Calvin Alkan for identifying this omission.

  • TWEAK: Added a constant AIOS_DISABLE_LOGIN_WHITELIST. Define this in your wp-config.php to disable login IP whitelist.

Download this release

Release Info

Developer DavidAnderson
Plugin Icon 128x128 All In One WP Security & Firewall
Version 5.0.8
Comparing to
See all releases

Code changes from version 5.0.7 to 5.0.8

Files changed (49) hide show
  1. admin/wp-security-admin-init.php +49 -39
  2. admin/wp-security-blacklist-menu.php +1 -1
  3. admin/wp-security-brute-force-menu.php +40 -44
  4. admin/wp-security-filesystem-menu.php +2 -2
  5. admin/wp-security-firewall-menu.php +20 -1
  6. admin/wp-security-settings-menu.php +120 -52
  7. admin/wp-security-spam-menu.php +1 -0
  8. classes/aios-ajax.php +265 -0
  9. classes/firewall/wp-security-firewall-loader.php +1 -1
  10. classes/wp-security-abstract-ids.php +30 -0
  11. classes/wp-security-block-bootstrap.php +36 -15
  12. classes/wp-security-configure-settings.php +27 -0
  13. classes/wp-security-general-init-tasks.php +8 -23
  14. classes/wp-security-installer.php +10 -5
  15. classes/wp-security-notices.php +180 -6
  16. classes/wp-security-process-renamed-login-page.php +3 -1
  17. classes/wp-security-utility-htaccess.php +2 -234
  18. classes/wp-security-utility-ip-address.php +112 -13
  19. classes/wp-security-utility.php +57 -1
  20. classes/wp-security-wp-loaded-tasks.php +2 -0
  21. includes/simba-tfa/includes/login-form-integrations.php +1 -1
  22. includes/simba-tfa/includes/tfa.js +1 -0
  23. includes/simba-tfa/includes/tfa_frontend.php +1 -1
  24. includes/simba-tfa/providers/totp-hotp/loader.php +68 -15
  25. includes/simba-tfa/simba-tfa.php +30 -5
  26. includes/simba-tfa/templates/settings-intro-notices.php +1 -1
  27. js/wp-security-admin-script.js +172 -1
  28. languages/all-in-one-wp-security-and-firewall-de_DE.po +3 -3
  29. languages/all-in-one-wp-security-and-firewall-fr_FR.po +1 -1
  30. languages/all-in-one-wp-security-and-firewall-hu_HU.po +1 -1
  31. languages/all-in-one-wp-security-and-firewall-ko_KR.po +1 -1
  32. languages/all-in-one-wp-security-and-firewall-nl_NL.po +6 -6
  33. languages/all-in-one-wp-security-and-firewall-pl_PL.po +3 -3
  34. languages/all-in-one-wp-security-and-firewall-pt_BR.po +4 -4
  35. languages/all-in-one-wp-security-and-firewall-ru_RU.po +1 -1
  36. languages/all-in-one-wp-security-and-firewall-sv_SE.po +1 -1
  37. languages/all-in-one-wp-security-and-firewall-zh_CN.po +1 -1
  38. languages/all-in-one-wp-security-and-firewall.pot +657 -469
  39. other-includes/wp-security-rename-login-feature-pre-5-2.php +305 -312
  40. other-includes/wp-security-rename-login-feature-pre-5-7.php +4 -13
  41. other-includes/wp-security-rename-login-feature.php +4 -13
  42. readme.txt +17 -3
  43. templates/menus/settings/advanced-settings.php +220 -0
  44. templates/notices/{automated-database-backup-notice.php → custom-notice.php} +3 -3
  45. templates/notices/disable-login-whitelist.php +8 -0
  46. templates/partials/non-apache-feature-notice.php +15 -0
  47. vendor/composer/installed.php +2 -2
  48. wp-security-core.php +19 -4
  49. wp-security.php +1 -1
admin/wp-security-admin-init.php CHANGED
@@ -203,7 +203,14 @@ class AIOWPSecurity_Admin_Init {
203
  public function render_admin_notices() {
204
  global $aio_wp_security;
205
 
206
- $aio_wp_security->notices->do_notice('automated-database-backup', 'automated-database-backup');
 
 
 
 
 
 
 
207
 
208
  $installed_at = $aio_wp_security->notices->get_aiowps_plugin_installed_timestamp();
209
  $time_now = $aio_wp_security->notices->get_time_now();
@@ -211,7 +218,7 @@ class AIOWPSecurity_Admin_Init {
211
 
212
  $dismissed_dash_notice_until = (int) $aio_wp_security->configs->get_value('dismissdashnotice');
213
 
214
- if ($this->is_admin_dashboard_page() && ($installed_at && $time_now > $dismissed_dash_notice_until && $installed_for > (14 * 86400) && !defined('AIOWPSECURITY_NOADS_B')) || (defined('AIOWPSECURITY_FORCE_DASHNOTICE') && AIOWPSECURITY_FORCE_DASHNOTICE)) {
215
  $aio_wp_security->include_template('notices/thanks-for-using-main-dash.php');
216
  } elseif ($this->is_aiowps_admin_page() && $installed_at && $installed_for > 14*86400) {
217
  $aio_wp_security->notices->do_notice(false, 'top');
@@ -240,6 +247,16 @@ class AIOWPSecurity_Admin_Init {
240
  wp_enqueue_script('media-upload');
241
  wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'), AIO_WP_SECURITY_VERSION, true);
242
  wp_enqueue_script('aiowpsec-admin-js');
 
 
 
 
 
 
 
 
 
 
243
  wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
244
  }
245
 
@@ -307,9 +324,13 @@ class AIOWPSecurity_Admin_Init {
307
  $aiowps_feature_mgr->calculate_total_points();
308
  $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr;
309
  }
310
-
311
- function do_other_admin_side_init_tasks()
312
- {
 
 
 
 
313
  global $aio_wp_security;
314
 
315
  //***New Feature improvement for Cookie Based Brute Force Protection***//
@@ -322,56 +343,48 @@ class AIOWPSecurity_Admin_Init {
322
  if (empty($test_cookie_name_saved)) {
323
  $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
324
  $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
325
- $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
326
  $aio_wp_security->configs->save_config();//save the value
327
  AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
328
  }
329
  }
330
  //For cookie test form submission case
331
- if (isset($_GET['page']) && $_GET['page'] == AIOWPSEC_BRUTE_FORCE_MENU_SLUG && isset($_GET['tab']) && $_GET['tab'] == 'tab2')
332
- {
333
  global $aio_wp_security;
334
- if(isset($_POST['aiowps_do_cookie_test_for_bfla'])){
335
  $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
336
  $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
337
- $aio_wp_security->configs->set_value('aiowps_cookie_brute_test',$test_cookie_name);
338
  $aio_wp_security->configs->save_config();//save the value
339
  AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
340
  $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
341
  $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
342
  AIOWPSecurity_Utility::redirect_to_url($redirect_url);
343
  }
344
-
345
- if(isset($_POST['aiowps_enable_brute_force_attack_prevention']))//Enabling the BFLA feature so drop the cookie again
346
- {
347
- $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
348
- if(empty($brute_force_feature_secret_word)){
349
- $brute_force_feature_secret_word = "aiowpssecret";
350
- }
351
- AIOWPSecurity_Utility::set_cookie_value($brute_force_feature_secret_word, "1");
352
- }
353
 
354
- if(isset($_REQUEST['aiowps_cookie_test']))
355
- {
 
 
 
 
 
 
 
356
  $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
357
  $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
358
- if(empty($cookie_val))
359
- {
360
  $aio_wp_security->configs->set_value('aiowps_cookie_test_success','');
361
- }
362
- else
363
- {
364
  $aio_wp_security->configs->set_value('aiowps_cookie_test_success','1');
365
  }
366
  $aio_wp_security->configs->save_config();//save the value
367
  }
368
  }
369
 
370
- if(isset($_POST['aiowps_save_wp_config']))//the wp-config backup operation
371
- {
372
- $nonce=$_REQUEST['_wpnonce'];
373
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce'))
374
- {
375
  $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!",4);
376
  die("Nonce check failed on wp_config file save!");
377
  }
@@ -381,19 +394,16 @@ class AIOWPSecurity_Admin_Init {
381
  }
382
 
383
  //Handle export settings
384
- if(isset($_POST['aiowps_export_settings']))//Do form submission tasks
385
- {
386
- $nonce=$_REQUEST['_wpnonce'];
387
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce'))
388
- {
389
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings!",4);
390
- die("Nonce check failed on export AIOWPS settings!");
391
  }
392
  $config_data = get_option('aio_wp_security_configs');
393
  $output = json_encode($config_data);
394
  AIOWPSecurity_Utility_File::download_content_to_a_file($output);
395
  }
396
-
397
  }
398
 
399
  function create_admin_menus()
203
  public function render_admin_notices() {
204
  global $aio_wp_security;
205
 
206
+ foreach (AIOS_Abstracted_Ids::custom_admin_notice_ids() as $custom_admin_notice_id) {
207
+ $aio_wp_security->notices->do_notice($custom_admin_notice_id, $custom_admin_notice_id);
208
+ }
209
+
210
+ // Bail if the premium plugin is active and does not show ads.
211
+ if (defined('AIOWPSECURITY_NOADS_B') && AIOWPSECURITY_NOADS_B) {
212
+ return;
213
+ }
214
 
215
  $installed_at = $aio_wp_security->notices->get_aiowps_plugin_installed_timestamp();
216
  $time_now = $aio_wp_security->notices->get_time_now();
218
 
219
  $dismissed_dash_notice_until = (int) $aio_wp_security->configs->get_value('dismissdashnotice');
220
 
221
+ if ($this->is_admin_dashboard_page() && ($installed_at && $time_now > $dismissed_dash_notice_until && $installed_for > (14 * 86400)) || (defined('AIOWPSECURITY_FORCE_DASHNOTICE') && AIOWPSECURITY_FORCE_DASHNOTICE)) {
222
  $aio_wp_security->include_template('notices/thanks-for-using-main-dash.php');
223
  } elseif ($this->is_aiowps_admin_page() && $installed_at && $installed_for > 14*86400) {
224
  $aio_wp_security->notices->do_notice(false, 'top');
247
  wp_enqueue_script('media-upload');
248
  wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'), AIO_WP_SECURITY_VERSION, true);
249
  wp_enqueue_script('aiowpsec-admin-js');
250
+ wp_localize_script('aiowpsec-admin-js', 'aios_data',
251
+ array(
252
+ 'ajax_nonce' => wp_create_nonce('aios-ajax-nonce'),
253
+ )
254
+ );
255
+ wp_localize_script('aiowpsec-admin-js', 'aios_trans',
256
+ array(
257
+ 'unexpected_response' => __('Unexpected response:', 'all-in-one-wp-security-and-firewall'),
258
+ )
259
+ );
260
  wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
261
  }
262
 
324
  $aiowps_feature_mgr->calculate_total_points();
325
  $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr;
326
  }
327
+
328
+ /**
329
+ * Other admin side init tasks.
330
+ *
331
+ * @return void
332
+ */
333
+ private function do_other_admin_side_init_tasks() {
334
  global $aio_wp_security;
335
 
336
  //***New Feature improvement for Cookie Based Brute Force Protection***//
343
  if (empty($test_cookie_name_saved)) {
344
  $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
345
  $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
346
+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
347
  $aio_wp_security->configs->save_config();//save the value
348
  AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
349
  }
350
  }
351
  //For cookie test form submission case
352
+ if (isset($_GET['page']) && AIOWPSEC_BRUTE_FORCE_MENU_SLUG == $_GET['page'] && isset($_GET['tab']) && 'tab2' == $_GET['tab']) {
 
353
  global $aio_wp_security;
354
+ if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
355
  $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
356
  $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
357
+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
358
  $aio_wp_security->configs->save_config();//save the value
359
  AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
360
  $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=tab2";
361
  $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
362
  AIOWPSecurity_Utility::redirect_to_url($redirect_url);
363
  }
 
 
 
 
 
 
 
 
 
364
 
365
+ if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) { // Enabling the BFLA feature so drop the cookie again
366
+ $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
367
+ if(empty($brute_force_feature_secret_word)){
368
+ $brute_force_feature_secret_word = "aiowpssecret";
369
+ }
370
+ AIOWPSecurity_Utility::set_cookie_value(AIOWPSecurity_Utility::get_brute_force_secret_cookie_name(), wp_hash($brute_force_feature_secret_word));
371
+ }
372
+
373
+ if (isset($_REQUEST['aiowps_cookie_test'])) {
374
  $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
375
  $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
376
+ if (empty($cookie_val)) {
 
377
  $aio_wp_security->configs->set_value('aiowps_cookie_test_success','');
378
+ } else {
 
 
379
  $aio_wp_security->configs->set_value('aiowps_cookie_test_success','1');
380
  }
381
  $aio_wp_security->configs->save_config();//save the value
382
  }
383
  }
384
 
385
+ if (isset($_POST['aiowps_save_wp_config'])) { // the wp-config backup operation
386
+ $nonce = $_REQUEST['_wpnonce'];
387
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
 
 
388
  $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!",4);
389
  die("Nonce check failed on wp_config file save!");
390
  }
394
  }
395
 
396
  //Handle export settings
397
+ if (isset($_POST['aiowps_export_settings'])) {
398
+ $nonce = $_REQUEST['_wpnonce'];
399
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
400
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on export AIOWPS settings.", 4);
401
+ die("Nonce check failed on export AIOWPS settings.");
 
 
402
  }
403
  $config_data = get_option('aio_wp_security_configs');
404
  $output = json_encode($config_data);
405
  AIOWPSecurity_Utility_File::download_content_to_a_file($output);
406
  }
 
407
  }
408
 
409
  function create_admin_menus()
admin/wp-security-blacklist-menu.php CHANGED
@@ -142,7 +142,7 @@ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
142
  echo '<p>'.__('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
143
  <br />'.__('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
144
  <br />'.__('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
145
- <br />'.__('By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall').'
146
  </p>';
147
  ?>
148
  </div>
142
  echo '<p>'.__('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
143
  <br />'.__('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
144
  <br />'.__('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
145
+ <br />'.__('By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall').'
146
  </p>';
147
  ?>
148
  </div>
admin/wp-security-brute-force-menu.php CHANGED
@@ -231,17 +231,17 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
231
 
232
  //Save settings for brute force cookie method
233
  if (isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall'])) {
234
- if (!wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-enable-cookie-based-brute-force-prevention')) {
235
- $aio_wp_security->debug_logger->log_debug('Nonce check failed on enable cookie based brute force prevention feature.',4);
236
  die('Nonce check failed on enable cookie based brute force prevention feature.');
237
  }
238
 
239
  if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
240
  $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
241
  if (empty($brute_force_feature_secret_word)) {
242
- $brute_force_feature_secret_word = "aiossecret";
243
  } elseif (!ctype_alnum($brute_force_feature_secret_word)) {
244
- $msg = '<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!', 'all-in-one-wp-security-and-firewall').'</p>';
245
  $error = true;
246
  }
247
 
@@ -250,10 +250,11 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
250
  } else {
251
  $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url', 'http://127.0.0.1');
252
  }
253
- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '1');
254
 
255
  if (!$error) {
256
- $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word', $brute_force_feature_secret_word);
 
 
257
  $msg = '<p>'.__('You have successfully enabled the cookie based brute force prevention feature', 'all-in-one-wp-security-and-firewall').'</p>';
258
  $msg .= '<p>'.__('From now on you will need to log into your WP Admin using the following URL:', 'all-in-one-wp-security-and-firewall').'</p>';
259
  $msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
@@ -686,68 +687,57 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
686
  <?php
687
  }
688
 
689
- function render_tab4()
690
- {
 
 
 
 
691
  global $aio_wp_security;
692
  global $aiowps_feature_mgr;
693
- $result = 1;
694
  $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
695
- if (isset($_POST['aiowps_save_whitelist_settings']))
696
- {
697
- $nonce=$_REQUEST['_wpnonce'];
698
- if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce'))
699
- {
700
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings.",4);
701
- die(__('Nonce check failed for save whitelist settings.','all-in-one-wp-security-and-firewall'));
702
  }
703
 
704
- if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses']))
705
- {
706
  $this->show_msg_error('You must submit at least one IP address!','all-in-one-wp-security-and-firewall');
707
- }
708
- else
709
- {
710
- if (!empty($_POST['aiowps_allowed_ip_addresses']))
711
- {
712
  $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
713
  $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
714
  $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
715
- if($payload[0] == 1){
716
  //success case
717
  $result = 1;
718
  $list = $payload[1];
719
  $whitelist_ip_data = implode(PHP_EOL, $list);
720
- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$whitelist_ip_data);
721
  $_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
722
- }
723
- else{
724
  $result = -1;
725
  $error_msg = htmlspecialchars($payload[1][0]);
726
  $this->show_msg_error($error_msg);
727
  }
728
-
729
- }
730
- else
731
- {
732
- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',''); //Clear the IP address config value
733
  }
734
 
735
- if ($result == 1)
736
- {
737
- $aio_wp_security->configs->set_value('aiowps_enable_whitelisting',isset($_POST["aiowps_enable_whitelisting"])?'1':'');
 
 
738
  $aio_wp_security->configs->save_config(); //Save the configuration
739
 
740
  //Recalculate points after the feature status/options have been altered
741
  $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
742
 
743
  $this->show_msg_settings_updated();
744
-
745
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
746
- if ( !$write_result )
747
- {
748
- $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
749
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
750
- }
751
  }
752
  }
753
  }
@@ -758,7 +748,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
758
  echo '<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall').'
759
  <br />'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
760
  <br />'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
761
- <br />'.__('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall').'
762
  </p>';
763
  ?>
764
  </div>
@@ -771,6 +761,12 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
771
  ?>
772
  </div>
773
 
 
 
 
 
 
 
774
  <div class="postbox">
775
  <h3 class="hndle"><label for="title"><?php _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
776
  <div class="inside">
@@ -792,7 +788,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu
792
  <tr valign="top">
793
  <th scope="row"><label for="aiowps_user_ip"><?php _e('Your Current IP Address', 'all-in-one-wp-security-and-firewall')?>:</label></th>
794
  <td>
795
- <input id="aiowps_user_ip" size="20" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
796
  <span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
797
  </td>
798
  </tr>
231
 
232
  //Save settings for brute force cookie method
233
  if (isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall'])) {
234
+ if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-enable-cookie-based-brute-force-prevention')) {
235
+ $aio_wp_security->debug_logger->log_debug('Nonce check failed on enable cookie based brute force prevention feature.', 4);
236
  die('Nonce check failed on enable cookie based brute force prevention feature.');
237
  }
238
 
239
  if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
240
  $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
241
  if (empty($brute_force_feature_secret_word)) {
242
+ $brute_force_feature_secret_word = AIOS_DEFAULT_BRUTE_FORCE_FEATURE_SECRET_WORD;
243
  } elseif (!ctype_alnum($brute_force_feature_secret_word)) {
244
+ $msg = '<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only.', 'all-in-one-wp-security-and-firewall').'</p>';
245
  $error = true;
246
  }
247
 
250
  } else {
251
  $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url', 'http://127.0.0.1');
252
  }
 
253
 
254
  if (!$error) {
255
+ $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '1');
256
+ $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word', $brute_force_feature_secret_word);
257
+
258
  $msg = '<p>'.__('You have successfully enabled the cookie based brute force prevention feature', 'all-in-one-wp-security-and-firewall').'</p>';
259
  $msg .= '<p>'.__('From now on you will need to log into your WP Admin using the following URL:', 'all-in-one-wp-security-and-firewall').'</p>';
260
  $msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
687
  <?php
688
  }
689
 
690
+ /**
691
+ * Render login whitelist tab.
692
+ *
693
+ * @return Void
694
+ */
695
+ private function render_tab4() {
696
  global $aio_wp_security;
697
  global $aiowps_feature_mgr;
698
+ $result = 0;
699
  $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
700
+ if (isset($_POST['aiowps_save_whitelist_settings'])) {
701
+ $nonce = $_REQUEST['_wpnonce'];
702
+ if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce')) {
703
+ $aio_wp_security->debug_logger->log_debug('Nonce check failed for save whitelist settings.', 4);
704
+ die('Nonce check failed for save whitelist settings.');
 
 
705
  }
706
 
707
+ if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses'])) {
 
708
  $this->show_msg_error('You must submit at least one IP address!','all-in-one-wp-security-and-firewall');
709
+ } else {
710
+ if (!empty($_POST['aiowps_allowed_ip_addresses'])) {
 
 
 
711
  $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
712
  $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
713
  $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
714
+ if (1 == $payload[0]) {
715
  //success case
716
  $result = 1;
717
  $list = $payload[1];
718
  $whitelist_ip_data = implode(PHP_EOL, $list);
719
+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', $whitelist_ip_data);
720
  $_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
721
+ } else {
 
722
  $result = -1;
723
  $error_msg = htmlspecialchars($payload[1][0]);
724
  $this->show_msg_error($error_msg);
725
  }
726
+ } else {
727
+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', ''); //Clear the IP address config value
 
 
 
728
  }
729
 
730
+ if (1 == $result) {
731
+ $aio_wp_security->configs->set_value('aiowps_enable_whitelisting', isset($_POST["aiowps_enable_whitelisting"]) ? '1' : '');
732
+ if ('1' == $aio_wp_security->configs->get_value('aiowps_is_login_whitelist_disabled_on_upgrade')) {
733
+ $aio_wp_security->configs->delete_value('aiowps_is_login_whitelist_disabled_on_upgrade');
734
+ }
735
  $aio_wp_security->configs->save_config(); //Save the configuration
736
 
737
  //Recalculate points after the feature status/options have been altered
738
  $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
739
 
740
  $this->show_msg_settings_updated();
 
 
 
 
 
 
 
741
  }
742
  }
743
  }
748
  echo '<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall').'
749
  <br />'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
750
  <br />'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
751
+ <br />'.__('By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall').'
752
  </p>';
753
  ?>
754
  </div>
761
  ?>
762
  </div>
763
 
764
+ <?php
765
+ if (defined('AIOS_DISABLE_LOGIN_WHITELIST') && AIOS_DISABLE_LOGIN_WHITELIST) {
766
+ $aio_wp_security->include_template('notices/disable-login-whitelist.php');
767
+ }
768
+ ?>
769
+
770
  <div class="postbox">
771
  <h3 class="hndle"><label for="title"><?php _e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
772
  <div class="inside">
788
  <tr valign="top">
789
  <th scope="row"><label for="aiowps_user_ip"><?php _e('Your Current IP Address', 'all-in-one-wp-security-and-firewall')?>:</label></th>
790
  <td>
791
+ <input id="aiowps_user_ip" size="40" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
792
  <span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
793
  </td>
794
  </tr>
admin/wp-security-filesystem-menu.php CHANGED
@@ -450,7 +450,7 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
450
  ?>
451
  <script type="text/javascript">
452
  /* <![CDATA[ */
453
- jQuery(document).ready(function($) {
454
  loading_span = $('.aiowps_loading_1');
455
  loading_span.hide(); //hide the spinner gif after page has successfully loaded
456
  $('.search-error-files').on("click",function(){
@@ -495,4 +495,4 @@ class AIOWPSecurity_Filesystem_Menu extends AIOWPSecurity_Admin_Menu
495
  <?php
496
 
497
  }
498
- } //end class
450
  ?>
451
  <script type="text/javascript">
452
  /* <![CDATA[ */
453
+ jQuery(function($) {
454
  loading_span = $('.aiowps_loading_1');
455
  loading_span.hide(); //hide the spinner gif after page has successfully loaded
456
  $('.search-error-files').on("click",function(){
495
  <?php
496
 
497
  }
498
+ } //end class
admin/wp-security-firewall-menu.php CHANGED
@@ -585,7 +585,11 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
585
  }
586
 
587
  if (isset($_POST['aiowps_enable_6g_firewall'])) {
588
- $aiowps_firewall_config->set_value('aiowps_6g_block_request_methods', AIOS_Abstracted_Ids::get_firewall_block_request_methods());
 
 
 
 
589
  $aiowps_firewall_config->set_value('aiowps_6g_block_query', true);
590
  $aiowps_firewall_config->set_value('aiowps_6g_block_request', true);
591
  $aiowps_firewall_config->set_value('aiowps_6g_block_referrers', true);
@@ -720,6 +724,12 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
720
  <div class="postbox">
721
  <h3 class="hndle"><label for="title"><?php _e('6G block request methods', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
722
  <div class="inside">
 
 
 
 
 
 
723
  <table class="form-table">
724
  <?php foreach ($block_request_methods as $block_request_method) {?>
725
  <tr>
@@ -727,6 +737,15 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
727
  <td>
728
  <input id="<?php echo esc_attr("aiowps_block_request_method_{$block_request_method}");?>" name="<?php echo esc_attr("aiowps_block_request_method_{$block_request_method}");?>" type="checkbox"<?php checked(in_array(strtoupper($block_request_method), $methods));?>>
729
  <label for="<?php echo esc_attr("aiowps_block_request_method_{$block_request_method}");?>" class="description"><?php printf(__('Check this to block the %s request method', 'all-in-one-wp-security-and-firewall'), strtoupper($block_request_method));?></label>
 
 
 
 
 
 
 
 
 
730
  </td>
731
  </tr>
732
  <?php } ?>
585
  }
586
 
587
  if (isset($_POST['aiowps_enable_6g_firewall'])) {
588
+ $aiowps_6g_block_request_methods = array_filter(AIOS_Abstracted_Ids::get_firewall_block_request_methods(), function($block_request_method) {
589
+ return ('PUT' != $block_request_method);
590
+ });
591
+
592
+ $aiowps_firewall_config->set_value('aiowps_6g_block_request_methods', $aiowps_6g_block_request_methods);
593
  $aiowps_firewall_config->set_value('aiowps_6g_block_query', true);
594
  $aiowps_firewall_config->set_value('aiowps_6g_block_request', true);
595
  $aiowps_firewall_config->set_value('aiowps_6g_block_referrers', true);
724
  <div class="postbox">
725
  <h3 class="hndle"><label for="title"><?php _e('6G block request methods', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
726
  <div class="inside">
727
+ <div class="aio_blue_box">
728
+ <?php
729
+ echo '<p>' . __('HTTP Request methods are used by browsers and clients to communicate with servers to get responses.' , 'all-in-one-wp-security-and-firewall') . '</p>';
730
+ echo '<p>' . __('GET and POST are the most commonly used methods to request and submit data for specified resources of the server.' , 'all-in-one-wp-security-and-firewall') . '</p>';
731
+ ?>
732
+ </div>
733
  <table class="form-table">
734
  <?php foreach ($block_request_methods as $block_request_method) {?>
735
  <tr>
737
  <td>
738
  <input id="<?php echo esc_attr("aiowps_block_request_method_{$block_request_method}");?>" name="<?php echo esc_attr("aiowps_block_request_method_{$block_request_method}");?>" type="checkbox"<?php checked(in_array(strtoupper($block_request_method), $methods));?>>
739
  <label for="<?php echo esc_attr("aiowps_block_request_method_{$block_request_method}");?>" class="description"><?php printf(__('Check this to block the %s request method', 'all-in-one-wp-security-and-firewall'), strtoupper($block_request_method));?></label>
740
+ <?php if('put' == $block_request_method) { ?>
741
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
742
+ <div class="aiowps_more_info_body">
743
+ <?php
744
+ echo '<p class="description">' . __('Some WooCommerce extensions use the PUT request method in addition to GET and POST.', 'all-in-one-wp-security-and-firewall') . ' ' . __("This means WooCommerce users shouldn't block the PUT request method." , 'all-in-one-wp-security-and-firewall') . '</p>';
745
+ echo '<p class="description">' . __('A few REST requests use the PUT request method.', 'all-in-one-wp-security-and-firewall') . ' ' . __('If your site is communicated by the WP REST API, you should not block the PUT request method.' , 'all-in-one-wp-security-and-firewall') . '</p>';
746
+ ?>
747
+ </div>
748
+ <?php } ?>
749
  </td>
750
  </tr>
751
  <?php } ?>
admin/wp-security-settings-menu.php CHANGED
@@ -1,48 +1,61 @@
1
  <?php
2
- if(!defined('ABSPATH')){
3
- exit;//Exit if accessed directly
4
- }
5
 
6
- class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
7
- {
 
 
8
  private $menu_page_slug = AIOWPSEC_SETTINGS_MENU_SLUG;
9
 
10
  /* Specify all the tabs of this menu in the following array */
11
  public $menu_tabs;
12
 
 
 
 
13
  public function __construct() {
14
  $this->render_menu_page();
15
  }
16
 
 
 
 
17
  public function set_menu_tabs() {
18
- $menu_tabs = apply_filters('aiowpsecurity_setting_tabs',
19
- array(
20
- 'tab1' => array(
21
- 'title' => __('General Settings', 'all-in-one-wp-security-and-firewall'),
22
- 'render_callback' => array($this, 'render_tab1'),
23
- ),
24
- 'tab2' => array(
25
- 'title' => '.htaccess '.__('File', 'all-in-one-wp-security-and-firewall'),
26
- 'render_callback' => array($this, 'render_tab2'),
27
- ),
28
- 'tab3' => array(
29
- 'title' => 'wp-config.php '.__('File', 'all-in-one-wp-security-and-firewall'),
30
- 'render_callback' => array($this, 'render_tab3'),
31
- ),
32
- 'delete-plugin-settings' => array(
33
- 'title' => __('Delete Plugin Settings', 'all-in-one-wp-security-and-firewall'),
34
- 'render_callback' => array($this, 'render_delete_plugin_settings_tab'),
35
- ),
36
- 'tab4' => array(
37
- 'title' => __('WP Version Info', 'all-in-one-wp-security-and-firewall'),
38
- 'render_callback' => array($this, 'render_tab4'),
39
- ),
40
- 'tab5' => array(
41
- 'title' => __('Import/Export', 'all-in-one-wp-security-and-firewall'),
42
- 'render_callback' => array($this, 'render_tab5'),
43
- ),
44
- )
45
- );
 
 
 
 
 
 
 
 
46
  $this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab'));
47
  }
48
 
@@ -77,8 +90,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
77
  /*
78
  * The menu rendering goes here
79
  */
80
- function render_menu_page()
81
- {
82
  echo '<div class="wrap">';
83
  echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
84
  $this->set_menu_tabs();
@@ -94,8 +106,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
94
  <?php
95
  }
96
 
97
- function render_tab1()
98
- {
99
  global $aio_wp_security;
100
  if(isset($_POST['aiowpsec_disable_all_features']))//Do form submission tasks
101
  {
@@ -845,7 +856,71 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
845
  <?php
846
  }
847
 
848
- function check_if_wp_config_contents($wp_file)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
849
  {
850
  $is_wp_config = false;
851
 
@@ -868,14 +943,8 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
868
  $is_wp_config = false;
869
  }
870
  }
871
- if ($is_wp_config)
872
- {
873
- return 1;
874
- }
875
- else
876
- {
877
- return -1;
878
- }
879
 
880
  }
881
 
@@ -887,17 +956,16 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu
887
  }
888
  }
889
 
890
- function check_is_aiopws_settings($strText) {
891
- if(strpos($strText, 'aiowps_enable_login_lockdown') === FALSE){
892
  return false;
893
- } else {
894
- return true;
895
  }
 
 
896
  }
897
 
898
  //Checks if valid aiowps settings file and returns contents as string
899
- function check_if_valid_aiowps_settings_file($wp_file)
900
- {
901
  $is_aiopws_settings = false;
902
 
903
  $file_contents = file_get_contents($wp_file);
1
  <?php
 
 
 
2
 
3
+ if (!defined('ABSPATH')) die('No direct access.');
4
+
5
+ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
6
+
7
  private $menu_page_slug = AIOWPSEC_SETTINGS_MENU_SLUG;
8
 
9
  /* Specify all the tabs of this menu in the following array */
10
  public $menu_tabs;
11
 
12
+ /**
13
+ * Class constructor
14
+ */
15
  public function __construct() {
16
  $this->render_menu_page();
17
  }
18
 
19
+ /**
20
+ * Sets the menu_tabs class variable
21
+ */
22
  public function set_menu_tabs() {
23
+ $menu_tabs = array(
24
+ 'tab1' => array(
25
+ 'title' => __('General Settings', 'all-in-one-wp-security-and-firewall'),
26
+ 'render_callback' => array($this, 'render_tab1'),
27
+ ),
28
+ 'tab2' => array(
29
+ 'title' => '.htaccess '.__('File', 'all-in-one-wp-security-and-firewall'),
30
+ 'render_callback' => array($this, 'render_tab2'),
31
+ ),
32
+ 'tab3' => array(
33
+ 'title' => 'wp-config.php '.__('File', 'all-in-one-wp-security-and-firewall'),
34
+ 'render_callback' => array($this, 'render_tab3'),
35
+ ),
36
+ 'delete-plugin-settings' => array(
37
+ 'title' => __('Delete Plugin Settings', 'all-in-one-wp-security-and-firewall'),
38
+ 'render_callback' => array($this, 'render_delete_plugin_settings_tab'),
39
+ ),
40
+ 'tab4' => array(
41
+ 'title' => __('WP Version Info', 'all-in-one-wp-security-and-firewall'),
42
+ 'render_callback' => array($this, 'render_tab4'),
43
+ ),
44
+ 'tab5' => array(
45
+ 'title' => __('Import/Export', 'all-in-one-wp-security-and-firewall'),
46
+ 'render_callback' => array($this, 'render_tab5'),
47
+ ),
48
+ );
49
+
50
+ if (is_main_site()) {
51
+ $menu_tabs['advanced-settings'] = array(
52
+ 'title' => __('Advanced settings', 'all-in-one-wp-security-and-firewall'),
53
+ 'render_callback' => array($this, 'render_advanced_settings'),
54
+ );
55
+ }
56
+
57
+
58
+ $menu_tabs = apply_filters('aiowpsecurity_setting_tabs', $menu_tabs);
59
  $this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab'));
60
  }
61
 
90
  /*
91
  * The menu rendering goes here
92
  */
93
+ public function render_menu_page() {
 
94
  echo '<div class="wrap">';
95
  echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
96
  $this->set_menu_tabs();
106
  <?php
107
  }
108
 
109
+ public function render_tab1() {
 
110
  global $aio_wp_security;
111
  if(isset($_POST['aiowpsec_disable_all_features']))//Do form submission tasks
112
  {
856
  <?php
857
  }
858
 
859
+ /**
860
+ * Renders advanced settings tab.
861
+ *
862
+ * @return void
863
+ */
864
+ public function render_advanced_settings() {
865
+ if (!is_main_site()) {
866
+ return;
867
+ }
868
+
869
+ global $aio_wp_security;
870
+
871
+ if (isset($_POST['aiowps_save_advanced_settings'])) {
872
+ if (empty($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-ip-settings-nonce')) {
873
+ $aio_wp_security->debug_logger->log_debug('Nonce check failed for save advanced settings.', 4);
874
+ die('Nonce check failed for save advanced settings.');
875
+ }
876
+
877
+ $ip_retrieve_method_id = sanitize_text_field($_POST["aiowps_ip_retrieve_method"]);
878
+
879
+ if (in_array($ip_retrieve_method_id, array_keys(AIOS_Abstracted_Ids::get_ip_retrieve_methods()))) {
880
+ $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', $ip_retrieve_method_id);
881
+ $aio_wp_security->configs->save_config(); //Save the configuration
882
+
883
+ //Clear logged in list because it might be showing wrong addresses
884
+ if (AIOWPSecurity_Utility::is_multisite_install()) {
885
+ delete_site_transient('users_online');
886
+ } else {
887
+ delete_transient('users_online');
888
+ }
889
+
890
+ $this->show_msg_settings_updated();
891
+ }
892
+ }
893
+
894
+ $ip_retrieve_methods_postfixes = array(
895
+ 'REMOTE_ADDR' => __('Default - if correct, then this is the best option', 'all-in-one-wp-security-and-firewall'),
896
+ 'HTTP_CF_CONNECTING_IP' => __("Only use if you're using Cloudflare.", 'all-in-one-wp-security-and-firewall'),
897
+ );
898
+
899
+ $ip_retrieve_methods = array();
900
+ foreach (AIOS_Abstracted_Ids::get_ip_retrieve_methods() as $id => $ip_method) {
901
+ $ip_retrieve_methods[$id]['ip_method'] = $ip_method;
902
+
903
+ if (isset($_SERVER[$ip_method])) {
904
+ $ip_retrieve_methods[$id]['ip_method'] .= ' '.sprintf(__('(current value: %s)', 'all-in-one-wp-security-and-firewall'), $_SERVER[$ip_method]);
905
+ $ip_retrieve_methods[$id]['is_enabled'] = true;
906
+ } else {
907
+ $ip_retrieve_methods[$id]['ip_method'] .= ' (' . __('no value (i.e. empty) on your server', 'all-in-one-wp-security-and-firewall') . ')';
908
+ $ip_retrieve_methods[$id]['is_enabled'] = false;
909
+ }
910
+
911
+ if (!empty($ip_retrieve_methods_postfixes[$ip_method])) {
912
+ $ip_retrieve_methods[$id]['ip_method'] .= ' (' . $ip_retrieve_methods_postfixes[$ip_method] . ')';
913
+ }
914
+ }
915
+
916
+ $aio_wp_security->include_template('menus/settings/advanced-settings.php', false, array(
917
+ 'is_localhost' => AIOWPSecurity_Utility::is_localhost(),
918
+ 'ip_retrieve_methods' => $ip_retrieve_methods,
919
+ 'server_suitable_ip_methods' => AIOWPSecurity_Utility_IP::get_server_suitable_ip_methods(),
920
+ ));
921
+ }
922
+
923
+ private function check_if_wp_config_contents($wp_file)
924
  {
925
  $is_wp_config = false;
926
 
943
  $is_wp_config = false;
944
  }
945
  }
946
+
947
+ return $is_wp_config ? 1 : -1;
 
 
 
 
 
 
948
 
949
  }
950
 
956
  }
957
  }
958
 
959
+ private function check_is_aiopws_settings($strText) {
960
+ if (false === strpos($strText, 'aiowps_enable_login_lockdown')) {
961
  return false;
 
 
962
  }
963
+
964
+ return true;
965
  }
966
 
967
  //Checks if valid aiowps settings file and returns contents as string
968
+ private function check_if_valid_aiowps_settings_file($wp_file) {
 
969
  $is_aiopws_settings = false;
970
 
971
  $file_contents = file_get_contents($wp_file);
admin/wp-security-spam-menu.php CHANGED
@@ -165,6 +165,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
165
  ?>
166
  </div>
167
  <?php
 
168
  //Display security info badge
169
  $aiowps_feature_mgr->output_feature_details_badge("block-spambots");
170
  $blog_id = get_current_blog_id();
165
  ?>
166
  </div>
167
  <?php
168
+ $aio_wp_security->include_template('partials/non-apache-feature-notice.php');
169
  //Display security info badge
170
  $aiowps_feature_mgr->output_feature_details_badge("block-spambots");
171
  $blog_id = get_current_blog_id();
classes/aios-ajax.php ADDED
@@ -0,0 +1,265 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) die('Access denied.');
4
+
5
+ if (!class_exists('AIOS_Ajax')) :
6
+
7
+ class AIOS_Ajax {
8
+
9
+ private $nonce;
10
+
11
+ private $subaction;
12
+
13
+ private $data;
14
+
15
+ private $results;
16
+
17
+ /**
18
+ * Constructor
19
+ */
20
+ private function __construct() {
21
+ add_action('wp_ajax_aios_ajax', array($this, 'handle_ajax_requests'));
22
+ }
23
+
24
+ /**
25
+ * Return singleton instance
26
+ *
27
+ * @return AIOS_Ajax Returns AIOS_Ajax object
28
+ */
29
+ public static function get_instance() {
30
+ static $instance = null;
31
+ if (null === $instance) {
32
+ $instance = new self();
33
+ }
34
+ return $instance;
35
+ }
36
+
37
+ /**
38
+ * Handles ajax requests
39
+ *
40
+ * @return void
41
+ */
42
+ public function handle_ajax_requests() {
43
+ $this->set_nonce();
44
+ $this->set_subaction();
45
+ $this->set_data();
46
+
47
+ if ($this->is_invalid_request()) {
48
+ $this->send_security_check_failed_error_response();
49
+ }
50
+
51
+ if (!$this->is_user_capable()) {
52
+ $this->send_user_capability_error_response();
53
+ }
54
+
55
+ if (is_multisite() && !current_user_can('manage_network_options')) {
56
+ if (!$this->is_valid_multisite_command()) {
57
+ $this->send_invalid_multisite_command_error_response();
58
+ }
59
+ }
60
+
61
+ $this->execute_command();
62
+ $this->set_error_response_on_wp_error();
63
+ $this->maybe_set_results_as_null();
64
+
65
+ $this->json_encode_results();
66
+
67
+ $json_last_error = json_last_error();
68
+ if ($json_last_error) {
69
+ $this->set_error_response_on_json_encode_error($json_last_error);
70
+ }
71
+
72
+ echo $this->results;
73
+ die;
74
+ }
75
+
76
+ /**
77
+ * Get IP address of given method.
78
+ *
79
+ * @return array
80
+ */
81
+ public function get_ip_address_of_given_method() {
82
+ $ip_method_id = $this->data['ip_retrieve_method'];
83
+ $ip_retrieve_methods = AIOS_Abstracted_Ids::get_ip_retrieve_methods();
84
+ if (isset($ip_retrieve_methods[$ip_method_id])) {
85
+ return array(
86
+ 'ip_address' => isset($_SERVER[$ip_retrieve_methods[$ip_method_id]]) ? $_SERVER[$ip_retrieve_methods[$ip_method_id]] : '',
87
+ );
88
+ } else {
89
+ return new WP_Error('aios-invalid-ip-retrieve-method', __('Invalid IP retrieve method.', 'all-in-one-wp-security-and-firewall'));
90
+ }
91
+ die;
92
+ }
93
+
94
+ /**
95
+ * Sets nonce property value
96
+ */
97
+ private function set_nonce() {
98
+ $this->nonce = empty($_POST['nonce']) ? '' : $_POST['nonce'];
99
+ }
100
+
101
+ /**
102
+ * Sets subaction property value
103
+ */
104
+ private function set_subaction() {
105
+ $this->subaction = empty($_POST['subaction']) ? '' : sanitize_text_field(wp_unslash($_POST['subaction']));
106
+ }
107
+
108
+ /**
109
+ * Sets data property value
110
+ */
111
+ private function set_data() {
112
+ $this->data = isset($_POST['data']) ? wp_unslash($_POST['data']) : null;
113
+ }
114
+
115
+ /**
116
+ * Checks whether the request is valid or not
117
+ *
118
+ * @return bool
119
+ */
120
+ private function is_invalid_request() {
121
+ return !wp_verify_nonce($this->nonce, 'aios-ajax-nonce') || empty($this->subaction);
122
+ }
123
+
124
+ /**
125
+ * Send security check failed error response to browser
126
+ */
127
+ private function send_security_check_failed_error_response() {
128
+ wp_send_json(array(
129
+ 'result' => false,
130
+ 'error_code' => 'security_check',
131
+ 'error_message' => __('The security check failed; try refreshing the page.', 'all-in-one-wp-security-and-firewall'),
132
+ ));
133
+ }
134
+
135
+
136
+ /**
137
+ * Checks whether current user capable of doing this action or not
138
+ *
139
+ * @return bool
140
+ */
141
+ private function is_user_capable() {
142
+ return current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION);
143
+ }
144
+
145
+ /**
146
+ * Send user capability check failed error response to browser.
147
+ */
148
+ private function send_user_capability_error_response() {
149
+ wp_send_json(array(
150
+ 'result' => false,
151
+ 'error_code' => 'security_check',
152
+ 'error_message' => __('You are not allowed to run this command.', 'all-in-one-wp-security-and-firewall'),
153
+ ));
154
+ }
155
+
156
+ /**
157
+ * Checks whether it is multisite setup and command is valid multisite command
158
+ *
159
+ * @return bool
160
+ */
161
+ private function is_valid_multisite_command() {
162
+ /**
163
+ * Filters the commands allowed to the sub site admins. Other commands are only available to network admin. Only used in a multisite context.
164
+ */
165
+ $allowed_commands = apply_filters('aios_multisite_allowed_commands', array('get_ip_address_of_given_method'));
166
+ return !in_array($this->subaction, $allowed_commands);
167
+ }
168
+
169
+ private function send_invalid_multisite_command_error_response() {
170
+ wp_send_json(array(
171
+ 'result' => false,
172
+ 'error_code' => 'update_failed',
173
+ 'error_message' => __('Options can only be saved by network admin', 'all-in-one-wp-security-and-firewall')
174
+ ));
175
+ }
176
+
177
+ /**
178
+ * Checks if applied ajax command is an invalid command or not
179
+ *
180
+ * @return bool Returns true if ajax command is an invalid command, false otherwise
181
+ */
182
+ private function is_invalid_command() {
183
+ return !is_callable(array($this, $this->subaction));
184
+ }
185
+
186
+ /**
187
+ * Log an error message for invalid ajax command
188
+ */
189
+ private function add_invalid_command_error_log_entry() {
190
+ error_log("AIOS: ajax_handler: no such command (" . $this->subaction . ")");
191
+ }
192
+
193
+ /**
194
+ * Set `results` property with error response array for invalid ajax command
195
+ *
196
+ * @return void
197
+ */
198
+ private function set_invalid_command_error_response() {
199
+ $this->results = array(
200
+ 'result' => false,
201
+ 'error_code' => 'command_not_found',
202
+ 'error_message' => sprintf(__('The command "%s" was not found', 'all-in-one-wp-security-and-firewall'), $this->subaction)
203
+ );
204
+ }
205
+
206
+ /**
207
+ * Execute the ajax command
208
+ */
209
+ private function execute_command() {
210
+ $this->results = call_user_func(array($this, $this->subaction));
211
+ }
212
+
213
+ /**
214
+ * Set `results` property with error message
215
+ */
216
+ private function set_error_response_on_wp_error() {
217
+ if (is_wp_error($this->results)) {
218
+ $this->results = array(
219
+ 'result' => false,
220
+ 'error_code' => $this->results->get_error_code(),
221
+ 'error_message' => $this->results->get_error_message(),
222
+ 'error_data' => $this->results->get_error_data(),
223
+ );
224
+ }
225
+ }
226
+
227
+ /**
228
+ * Set `results` property to null, if it is not yet set
229
+ */
230
+ private function maybe_set_results_as_null() {
231
+ // if nothing was returned for some reason, set as result null.
232
+ if (empty($this->results)) {
233
+ $this->results = array(
234
+ 'result' => null
235
+ );
236
+ }
237
+ }
238
+
239
+ /**
240
+ * Sets `results` property with json encode error
241
+ *
242
+ * @param int $json_last_error
243
+ *
244
+ * @return void
245
+ */
246
+ private function set_error_response_on_json_encode_error($json_last_error) {
247
+ $this->results = array(
248
+ 'result' => false,
249
+ 'error_code' => $json_last_error,
250
+ 'error_message' => 'json_encode error : ' . $json_last_error,
251
+ 'error_data' => '',
252
+ );
253
+
254
+ $this->results = json_encode($this->results);
255
+ }
256
+
257
+ /**
258
+ * Json encode the `results` property value
259
+ */
260
+ private function json_encode_results() {
261
+ $this->results = json_encode($this->results);
262
+ }
263
+ }
264
+
265
+ endif;
classes/firewall/wp-security-firewall-loader.php CHANGED
@@ -104,7 +104,7 @@ class Loader {
104
  private function get_firewall_workspace() {
105
  global $aiowps_firewall_rules_path;
106
  $workspace = '';
107
-
108
  if (!empty($aiowps_firewall_rules_path)) {
109
  $workspace = $aiowps_firewall_rules_path;
110
  } else {
104
  private function get_firewall_workspace() {
105
  global $aiowps_firewall_rules_path;
106
  $workspace = '';
107
+
108
  if (!empty($aiowps_firewall_rules_path)) {
109
  $workspace = $aiowps_firewall_rules_path;
110
  } else {
classes/wp-security-abstract-ids.php CHANGED
@@ -17,4 +17,34 @@ class AIOS_Abstracted_Ids {
17
  return array('DEBUG','MOVE', 'PUT', 'TRACK');
18
  }
19
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
20
  }
17
  return array('DEBUG','MOVE', 'PUT', 'TRACK');
18
  }
19
 
20
+ /**
21
+ * Get IP retrieve methods.
22
+ *
23
+ * @return array
24
+ */
25
+ public static function get_ip_retrieve_methods() {
26
+ // The keys are merely for maintaining backward compatibility.
27
+ return array(
28
+ '0' => 'REMOTE_ADDR',
29
+ '1' => 'HTTP_CF_CONNECTING_IP',
30
+ '2' => 'HTTP_X_FORWARDED_FOR',
31
+ '3' => 'HTTP_X_FORWARDED',
32
+ '4' => 'HTTP_CLIENT_IP',
33
+ '5' => 'HTTP_X_REAL_IP',
34
+ '6' => 'HTTP_X_CLUSTER_CLIENT_IP',
35
+ );
36
+ }
37
+
38
+ /**
39
+ * Get AIOS custom admin notice ids.
40
+ *
41
+ * @return array
42
+ */
43
+ public static function custom_admin_notice_ids() {
44
+ return array(
45
+ 'automated-database-backup',
46
+ 'ip-retrieval-settings',
47
+ 'login-whitelist-disabled-on-upgrade',
48
+ );
49
+ }
50
  }
classes/wp-security-block-bootstrap.php CHANGED
@@ -13,7 +13,7 @@ class AIOWPSecurity_Block_Bootstrap extends AIOWPSecurity_Block_File {
13
  *
14
  * @var string
15
  */
16
- protected $version = '1.0.0';
17
 
18
  /**
19
  * Inserts our code into our bootstrap file.
@@ -50,27 +50,47 @@ class AIOWPSecurity_Block_Bootstrap extends AIOWPSecurity_Block_File {
50
  */
51
  protected function is_content_valid($contents) {
52
 
53
- //The regexes we extract the paths from
54
- $regexes = array('/file_exists\(\'?(.*)\'?\)/isU', '/include_once\(\'?(.*)\'?\)/isU');
 
 
 
 
 
 
 
55
  $firewall_path_str = $this->get_firewall_path_str();
56
 
57
  foreach ($regexes as $regex) {
58
- $matches = array();
59
- $result = preg_match($regex, $contents, $matches);
60
-
61
- if (empty($matches[1]) || false === $result) {
62
- continue;
63
- }
64
-
65
- if ($firewall_path_str !== $matches[1]) {
66
- return false;
67
  }
68
-
69
  }
70
-
71
  return true;
72
  }
73
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
74
  /**
75
  * Get the firewall path string that contains "__DIR__" for home dir, if plugin dir isn't a symbolic link..
76
  *
@@ -136,7 +156,8 @@ class AIOWPSecurity_Block_Bootstrap extends AIOWPSecurity_Block_File {
136
  $code .= "}\n";
137
  }
138
 
139
- $code .= "\$aiowps_firewall_rules_path = {$firewall_rules_path_str};\n\n";
 
140
  $code .= "// Begin AIOWPSEC Firewall\n";
141
  $code .= "if (file_exists({$firewall_path_str})) {\n";
142
  $code .= "\tinclude_once({$firewall_path_str});\n";
13
  *
14
  * @var string
15
  */
16
+ protected $version = '1.0.1';
17
 
18
  /**
19
  * Inserts our code into our bootstrap file.
50
  */
51
  protected function is_content_valid($contents) {
52
 
53
+ //Ensure we're using the correct version of the file
54
+ $version = $this->get_bootstrap_version();
55
+
56
+ if (false === $version) return false;
57
+
58
+ if ($version['full_version'] !== $this->version) return false;
59
+
60
+ //Ensure the required paths are valid
61
+ $regexes = array('/file_exists\((?<file_path>\'.*\')\)/isU', '/include_once\((?<file_path>\'.*\')\)/isU');
62
  $firewall_path_str = $this->get_firewall_path_str();
63
 
64
  foreach ($regexes as $regex) {
65
+
66
+ if (preg_match($regex, $contents, $matches)) {
67
+
68
+ if ($firewall_path_str !== $matches['file_path']) return false;
69
+
 
 
 
 
70
  }
 
71
  }
72
+
73
  return true;
74
  }
75
 
76
+ /**
77
+ * Returns the bootstrap version from file
78
+ *
79
+ * @return array|boolean Array with the version information; false otherwise.
80
+ */
81
+ protected function get_bootstrap_version() {
82
+
83
+ $contents = @file_get_contents($this->file_path); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged -- ignore this
84
+
85
+ if (false === $contents) return false;
86
+
87
+ if (preg_match('/@version (?<full_version>(?<major>\d{1,})\.(?<minor>\d{1,})\.(?<patch>\d{1,}))$/m', $contents, $matches)) {
88
+ return $matches;
89
+ }
90
+
91
+ return false;
92
+ }
93
+
94
  /**
95
  * Get the firewall path string that contains "__DIR__" for home dir, if plugin dir isn't a symbolic link..
96
  *
156
  $code .= "}\n";
157
  }
158
 
159
+
160
+ $code .= '$GLOBALS[\'aiowps_firewall_rules_path\'] = '.$firewall_rules_path_str.";\n\n";
161
  $code .= "// Begin AIOWPSEC Firewall\n";
162
  $code .= "if (file_exists({$firewall_path_str})) {\n";
163
  $code .= "\tinclude_once({$firewall_path_str});\n";
classes/wp-security-configure-settings.php CHANGED
@@ -159,6 +159,9 @@ class AIOWPSecurity_Configure_Settings {
159
  //REST API Security
160
  $aio_wp_security->configs->set_value('aiowps_disallow_unauthorized_rest_requests', '');//Checkbox
161
 
 
 
 
162
  // Google reCaptcha
163
  $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key', '');
164
  $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key', '');
@@ -320,6 +323,10 @@ class AIOWPSecurity_Configure_Settings {
320
  //REST API Security
321
  $aio_wp_security->configs->add_value('aiowps_disallow_unauthorized_rest_requests', '');//Checkbox
322
 
 
 
 
 
323
  // Google reCaptcha
324
  $aio_wp_security->configs->add_value('aiowps_recaptcha_site_key', '');
325
  $aio_wp_security->configs->add_value('aiowps_recaptcha_secret_key', '');
@@ -329,10 +336,30 @@ class AIOWPSecurity_Configure_Settings {
329
  $aio_wp_security->configs->add_value('aiowps_on_uninstall_delete_db_tables', '1'); //Checkbox
330
  $aio_wp_security->configs->add_value('aiowps_on_uninstall_delete_configs', '1'); //Checkbox
331
 
 
 
332
  //TODO - keep adding default options for any fields that require it
333
 
334
  //Save it
335
  $aio_wp_security->configs->save_config();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
336
  }
337
 
338
  public static function turn_off_all_security_features() {
159
  //REST API Security
160
  $aio_wp_security->configs->set_value('aiowps_disallow_unauthorized_rest_requests', '');//Checkbox
161
 
162
+ //IP retrieval setting
163
+ $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', '0');//default is $_SERVER['REMOTE_ADDR']
164
+
165
  // Google reCaptcha
166
  $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key', '');
167
  $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key', '');
323
  //REST API Security
324
  $aio_wp_security->configs->add_value('aiowps_disallow_unauthorized_rest_requests', '');//Checkbox
325
 
326
+ //IP retrieval setting
327
+ // Commented the below code line because the IP retrieve method will be configured when the AIOS plugin is activated for the first time.
328
+ // $aio_wp_security->configs->add_value('aiowps_ip_retrieve_method', '0');//default is $_SERVER['REMOTE_ADDR']
329
+
330
  // Google reCaptcha
331
  $aio_wp_security->configs->add_value('aiowps_recaptcha_site_key', '');
332
  $aio_wp_security->configs->add_value('aiowps_recaptcha_secret_key', '');
336
  $aio_wp_security->configs->add_value('aiowps_on_uninstall_delete_db_tables', '1'); //Checkbox
337
  $aio_wp_security->configs->add_value('aiowps_on_uninstall_delete_configs', '1'); //Checkbox
338
 
339
+ $aio_wp_security->configs->add_value('installed-at', current_time('timestamp', true));
340
+
341
  //TODO - keep adding default options for any fields that require it
342
 
343
  //Save it
344
  $aio_wp_security->configs->save_config();
345
+
346
+ // For Cookie based brute force prevention backward compatibility
347
+ if ($aio_wp_security->should_cookie_based_brute_force_prvent()) {
348
+ $brute_force_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
349
+ if (empty($brute_force_secret_word)) {
350
+ $brute_force_secret_word = AIOS_DEFAULT_BRUTE_FORCE_FEATURE_SECRET_WORD;
351
+ }
352
+ AIOWPSecurity_Utility::set_cookie_value(AIOWPSecurity_Utility::get_brute_force_secret_cookie_name(), wp_hash($brute_force_secret_word));
353
+ }
354
+
355
+ // Login whitelisting started to work on non-apache server from db_version 1.9.5
356
+ if (is_main_site() && !AIOWPSecurity_Utility::is_apache_server() && version_compare(get_option('aiowpsec_db_version'), '1.9.5', '<') && '1' == $aio_wp_security->configs->get_value('aiowps_enable_whitelisting') && !empty($aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'))) {
357
+ $aio_wp_security->configs->set_value('aiowps_enable_whitelisting', '0');
358
+ $aio_wp_security->configs->set_value('aiowps_is_login_whitelist_disabled_on_upgrade', '1');
359
+ $aio_wp_security->configs->save_config();
360
+ }
361
+
362
+ update_option('aiowpsec_db_version', AIO_WP_SECURITY_DB_VERSION);
363
  }
364
 
365
  public static function turn_off_all_security_features() {
classes/wp-security-general-init-tasks.php CHANGED
@@ -13,8 +13,6 @@ class AIOWPSecurity_General_Init_Tasks {
13
  add_filter('wp_headers', array($this, 'aiowps_remove_x_pingback_header'));
14
  }
15
 
16
- add_action('permalink_structure_changed', array($this, 'refresh_firewall_rules'), 10, 2);
17
-
18
  // Check permanent block list and block if applicable (ie, do PHP blocking)
19
  AIOWPSecurity_Blocking::check_visitor_ip_and_perform_blocking();
20
 
@@ -55,12 +53,15 @@ class AIOWPSecurity_General_Init_Tasks {
55
  }
56
 
57
  // For the cookie based brute force prevention feature
58
- if ($aio_wp_security->should_cookie_based_brute_force_prvent()) {
 
59
  $bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
60
  $login_page_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
61
  if (isset($_GET[$bfcf_secret_word])) {
 
 
62
  // If URL contains secret word in query param then set cookie and then redirect to the login page
63
- AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, '1');
64
  if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') && !is_user_logged_in()) {
65
  $login_url = home_url((get_option('permalink_structure') ? '' : '?') . $aio_wp_security->configs->get_value('aiowps_login_page_slug'));
66
  AIOWPSecurity_Utility::redirect_to_url($login_url);
@@ -68,11 +69,11 @@ class AIOWPSecurity_General_Init_Tasks {
68
  AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL.'/wp-admin');
69
  }
70
  } else {
71
- $secret_word_cookie_val = AIOWPSecurity_Utility::get_cookie_value($bfcf_secret_word);
72
  $pw_protected_exception = $aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception');
73
  $prevent_ajax_exception = $aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception');
74
-
75
- if ('' != $_SERVER['REQUEST_URI'] && 1 != $secret_word_cookie_val) {
76
  // admin section or login page or login custom slug called
77
  $is_admin_or_login = (false != strpos($_SERVER['REQUEST_URI'], 'wp-admin') || false != strpos($_SERVER['REQUEST_URI'], 'wp-login') || ('' != $login_page_slug && false != strpos($_SERVER['REQUEST_URI'], $login_page_slug))) ? 1 : 0;
78
 
@@ -310,22 +311,6 @@ class AIOWPSecurity_General_Init_Tasks {
310
  return $headers;
311
  }
312
 
313
- /**
314
- * Refreshes the firewall rules in .htaccess file
315
- * eg: if permalink settings changed and white list enabled
316
- */
317
- public function refresh_firewall_rules() {
318
- global $aio_wp_security;
319
- //If white list enabled need to re-adjust the .htaccess rules
320
- if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
321
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
322
- if (!$write_result) {
323
- $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
324
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
325
- }
326
- }
327
- }
328
-
329
  public function spam_detect_process_comment_post($comment_id, $comment_approved) {
330
  if ("spam" === $comment_approved) {
331
  $this->block_comment_ip($comment_id);
13
  add_filter('wp_headers', array($this, 'aiowps_remove_x_pingback_header'));
14
  }
15
 
 
 
16
  // Check permanent block list and block if applicable (ie, do PHP blocking)
17
  AIOWPSecurity_Blocking::check_visitor_ip_and_perform_blocking();
18
 
53
  }
54
 
55
  // For the cookie based brute force prevention feature
56
+ // Already logged in user should not redirected to brute_force_redirect_url in any case so added condition !is_user_logged_in()
57
+ if ($aio_wp_security->should_cookie_based_brute_force_prvent() && !is_user_logged_in()) {
58
  $bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
59
  $login_page_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
60
  if (isset($_GET[$bfcf_secret_word])) {
61
+ AIOWPSecurity_Utility_IP::check_login_whitelist_and_forbid();
62
+
63
  // If URL contains secret word in query param then set cookie and then redirect to the login page
64
+ AIOWPSecurity_Utility::set_cookie_value(AIOWPSecurity_Utility::get_brute_force_secret_cookie_name(), wp_hash($bfcf_secret_word));
65
  if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') && !is_user_logged_in()) {
66
  $login_url = home_url((get_option('permalink_structure') ? '' : '?') . $aio_wp_security->configs->get_value('aiowps_login_page_slug'));
67
  AIOWPSecurity_Utility::redirect_to_url($login_url);
69
  AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL.'/wp-admin');
70
  }
71
  } else {
72
+ $secret_word_cookie_val = AIOWPSecurity_Utility::get_cookie_value(AIOWPSecurity_Utility::get_brute_force_secret_cookie_name());
73
  $pw_protected_exception = $aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception');
74
  $prevent_ajax_exception = $aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception');
75
+
76
+ if ('' != $_SERVER['REQUEST_URI'] && !hash_equals($secret_word_cookie_val, wp_hash($bfcf_secret_word))) {
77
  // admin section or login page or login custom slug called
78
  $is_admin_or_login = (false != strpos($_SERVER['REQUEST_URI'], 'wp-admin') || false != strpos($_SERVER['REQUEST_URI'], 'wp-login') || ('' != $login_page_slug && false != strpos($_SERVER['REQUEST_URI'], $login_page_slug))) ? 1 : 0;
79
 
311
  return $headers;
312
  }
313
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
314
  public function spam_detect_process_comment_post($comment_id, $comment_approved) {
315
  if ("spam" === $comment_approved) {
316
  $this->block_comment_ip($comment_id);
classes/wp-security-installer.php CHANGED
@@ -84,7 +84,10 @@ class AIOWPSecurity_Installer {
84
  unlock_key varchar(128) NOT NULL DEFAULT '',
85
  is_lockout_email_sent tinyint(1) NOT NULL DEFAULT '1',
86
  backtrace_log text NOT NULL DEFAULT '',
87
- PRIMARY KEY (id)
 
 
 
88
  )" . $charset_collate . ";";
89
  dbDelta($ld_tbl_sql);
90
 
@@ -94,7 +97,10 @@ class AIOWPSecurity_Installer {
94
  user_login VARCHAR(150) NOT NULL,
95
  failed_login_date datetime NOT NULL DEFAULT '1000-10-10 10:00:00',
96
  login_attempt_ip varchar(100) NOT NULL DEFAULT '',
97
- PRIMARY KEY (id)
 
 
 
98
  )" . $charset_collate . ";";
99
  dbDelta($fl_tbl_sql);
100
 
@@ -150,7 +156,8 @@ class AIOWPSecurity_Installer {
150
  country_origin varchar(50) NOT NULL DEFAULT '',
151
  blocked_date datetime NOT NULL DEFAULT '1000-10-10 10:00:00',
152
  unblock tinyint(1) NOT NULL DEFAULT '0',
153
- PRIMARY KEY (id)
 
154
  )" . $charset_collate . ";";
155
  dbDelta($pb_tbl_sql);
156
 
@@ -163,8 +170,6 @@ class AIOWPSecurity_Installer {
163
  PRIMARY KEY (id)
164
  )" . $charset_collate . ";";
165
  dbDelta($debug_log_tbl_sql);
166
-
167
- update_option("aiowpsec_db_version", AIO_WP_SECURITY_DB_VERSION);
168
  }
169
 
170
  public static function create_db_backup_dir() {
84
  unlock_key varchar(128) NOT NULL DEFAULT '',
85
  is_lockout_email_sent tinyint(1) NOT NULL DEFAULT '1',
86
  backtrace_log text NOT NULL DEFAULT '',
87
+ PRIMARY KEY (id),
88
+ KEY failed_login_ip (failed_login_ip),
89
+ KEY is_lockout_email_sent (is_lockout_email_sent),
90
+ KEY unlock_key (unlock_key)
91
  )" . $charset_collate . ";";
92
  dbDelta($ld_tbl_sql);
93
 
97
  user_login VARCHAR(150) NOT NULL,
98
  failed_login_date datetime NOT NULL DEFAULT '1000-10-10 10:00:00',
99
  login_attempt_ip varchar(100) NOT NULL DEFAULT '',
100
+ PRIMARY KEY (id),
101
+ KEY failed_login_date (failed_login_date),
102
+ KEY login_attempt_ip (login_attempt_ip),
103
+ KEY failed_login_date_and_login_attempt_ip (failed_login_date, login_attempt_ip)
104
  )" . $charset_collate . ";";
105
  dbDelta($fl_tbl_sql);
106
 
156
  country_origin varchar(50) NOT NULL DEFAULT '',
157
  blocked_date datetime NOT NULL DEFAULT '1000-10-10 10:00:00',
158
  unblock tinyint(1) NOT NULL DEFAULT '0',
159
+ PRIMARY KEY (id),
160
+ KEY blocked_ip (blocked_ip)
161
  )" . $charset_collate . ";";
162
  dbDelta($pb_tbl_sql);
163
 
170
  PRIMARY KEY (id)
171
  )" . $charset_collate . ";";
172
  dbDelta($debug_log_tbl_sql);
 
 
173
  }
174
 
175
  public static function create_db_backup_dir() {
classes/wp-security-notices.php CHANGED
@@ -42,6 +42,45 @@ class AIOWPSecurity_Notices extends Updraft_Notices_1_2 {
42
  'supported_positions' => array('automated-database-backup'),
43
  'validity_function' => 'should_show_automated_database_backup_notice',
44
  ),
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
45
  'rate_plugin' => array(
46
  'text' => sprintf(htmlspecialchars(__('Hey - We noticed All In One WP Security & Firewall has kept your site safe for a while. If you like us, please consider leaving a positive review to spread the word. Or if you have any issues or questions please leave us a support message %s.', 'all-in-one-wp-security-and-firewall')), '<a href="https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/" target="_blank">'.__('here', 'all-in-one-wp-security-and-firewall').'</a>').'<br>'.__('Thank you so much!', 'all-in-one-wp-security-and-firewall').'<br><br>- <b>'.__('Team All In One WP Security & Firewall', 'all-in-one-wp-security-and-firewall').'</b>',
47
  'image' => 'notices/aiowps-logo.png',
@@ -79,15 +118,19 @@ class AIOWPSecurity_Notices extends Updraft_Notices_1_2 {
79
  }
80
 
81
  /**
82
- * Decides whether to show an automated database backup notice.
83
  *
84
- * @return Boolean True if an automated database notice should be shown, otherwise false.
85
  */
86
  protected function should_show_automated_database_backup_notice() {
87
  if ($this->is_database_backup_admin_page_tab()) {
88
  return false;
89
  }
90
 
 
 
 
 
91
  if ($this->is_updraftplus_plugin_active() && $this->is_schedule_database_backup_set_in_updraftplus()) {
92
  return false;
93
  }
@@ -127,6 +170,83 @@ class AIOWPSecurity_Notices extends Updraft_Notices_1_2 {
127
  return (isset($_GET['tab']) && 'tab2' == $_GET['tab']);
128
  }
129
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
130
  /**
131
  * Check whether the UpdraftPlus plugin is active or not.
132
  *
@@ -149,14 +269,68 @@ class AIOWPSecurity_Notices extends Updraft_Notices_1_2 {
149
 
150
  return true;
151
  }
152
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
153
  /**
154
  * Call this method to setup the notices
155
  */
156
  public function notices_init() {
157
  if ($this->initialized) return;
158
  $this->initialized = true;
159
- $this->notices_content = (defined('AIOWPSECURITY_NOADS_B') && AIOWPSECURITY_NOADS_B) ? array() : $this->populate_notices_content();
160
 
161
  $enqueue_version = (defined('WP_DEBUG') && WP_DEBUG) ? AIO_WP_SECURITY_VERSION.'.'.time() : AIO_WP_SECURITY_VERSION;
162
  wp_enqueue_style('aiowpsec-admin-notices-css', AIO_WP_SECURITY_URL.'/css/wp-security-notices.css', array(), $enqueue_version);
@@ -291,8 +465,8 @@ class AIOWPSecurity_Notices extends Updraft_Notices_1_2 {
291
  $template_file = 'report.php';
292
  } elseif ('report-plain' == $position) {
293
  $template_file = 'report-plain.php';
294
- } elseif ('automated-database-backup' == $position) {
295
- $template_file = 'automated-database-backup-notice.php';
296
  } else {
297
  $template_file = 'horizontal-notice.php';
298
  }
42
  'supported_positions' => array('automated-database-backup'),
43
  'validity_function' => 'should_show_automated_database_backup_notice',
44
  ),
45
+ 'ip-retrieval-settings' => array(
46
+ 'title' => htmlspecialchars(__('Important: set up your IP address detection settings', 'all-in-one-wp-security-and-firewall')),
47
+ 'text' => '<p>' .
48
+ __("The All in One Security plugin couldn't be certain about the correct method to detect the IP address for your site visitors with your currently-configured IP address detection settings.", 'all-in-one-wp-security-and-firewall') . ' '.
49
+ __('It is important for your security to set the IP address detection settings properly.', 'all-in-one-wp-security-and-firewall') .
50
+ '</p>' .
51
+ '<p>' .
52
+ __('Please go to the settings and set them now.', 'all-in-one-wp-security-and-firewall') .
53
+ '</p>',
54
+ 'button_link' => add_query_arg(array(
55
+ 'page' => 'aiowpsec_settings',
56
+ 'tab' => 'advanced-settings',
57
+ ), admin_url('admin.php')) . '#automated-scheduled-backups-heading',
58
+ 'button_meta' => __('Setup IP address detection settings', 'all-in-one-wp-security-and-firewall'),
59
+ 'dismiss_time' => 'dismiss_ip_retrieval_settings_notice',
60
+ 'supported_positions' => array('ip-retrieval-settings'),
61
+ 'validity_function' => 'should_show_ip_retrieval_settings_notice',
62
+ ),
63
+ 'login-whitelist-disabled-on-upgrade' => array(
64
+ 'title' => htmlspecialchars(__('Important: Disabled login whitelist setting', 'all-in-one-wp-security-and-firewall')),
65
+ 'text' => '<p>' .
66
+ __('The All in One Security plugin has disabled the login whitelist setting that you have enabled in the past.', 'all-in-one-wp-security-and-firewall') .
67
+ '</p>' .
68
+ '<p>' .
69
+ __('Your website is running on a non-Apache webserver, so the login whitelisting was not functional until the recent update of AIOS (because it relied upon Apache-specific features). It began working with AIOS version 5.0.8.', 'all-in-one-wp-security-and-firewall') . ' ' .
70
+ __('We have disabled it so that your login page will not be blocked unexpectedly.', 'all-in-one-wp-security-and-firewall') .
71
+ '</p>' .
72
+ '<p>' .
73
+ __('Would you like to re-enable login whitelisting?', 'all-in-one-wp-security-and-firewall') .
74
+ '</p>',
75
+ 'button_link' => add_query_arg(array(
76
+ 'page' => AIOWPSEC_BRUTE_FORCE_MENU_SLUG,
77
+ 'tab' => 'tab4',
78
+ ), admin_url('admin.php')) . '#aiowps_enable_whitelisting',
79
+ 'button_meta' => __('Setup login whitelist setting', 'all-in-one-wp-security-and-firewall'),
80
+ 'dismiss_time' => 'dismiss_login_whitelist_disabled_on_upgrade_notice',
81
+ 'supported_positions' => array('login-whitelist-disabled-on-upgrade'),
82
+ 'validity_function' => 'should_show_login_whitelist_disabled_on_upgrade_notice',
83
+ ),
84
  'rate_plugin' => array(
85
  'text' => sprintf(htmlspecialchars(__('Hey - We noticed All In One WP Security & Firewall has kept your site safe for a while. If you like us, please consider leaving a positive review to spread the word. Or if you have any issues or questions please leave us a support message %s.', 'all-in-one-wp-security-and-firewall')), '<a href="https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/" target="_blank">'.__('here', 'all-in-one-wp-security-and-firewall').'</a>').'<br>'.__('Thank you so much!', 'all-in-one-wp-security-and-firewall').'<br><br>- <b>'.__('Team All In One WP Security & Firewall', 'all-in-one-wp-security-and-firewall').'</b>',
86
  'image' => 'notices/aiowps-logo.png',
118
  }
119
 
120
  /**
121
+ * Decides whether to show the automated database backup notice.
122
  *
123
+ * @return Boolean True if the automated database notice should be shown, otherwise false.
124
  */
125
  protected function should_show_automated_database_backup_notice() {
126
  if ($this->is_database_backup_admin_page_tab()) {
127
  return false;
128
  }
129
 
130
+ if (defined('AIOS_FORCE_AUTOMATED_DATABASE_BACKUP_NOTICE') && AIOS_FORCE_AUTOMATED_DATABASE_BACKUP_NOTICE) {
131
+ return true;
132
+ }
133
+
134
  if ($this->is_updraftplus_plugin_active() && $this->is_schedule_database_backup_set_in_updraftplus()) {
135
  return false;
136
  }
170
  return (isset($_GET['tab']) && 'tab2' == $_GET['tab']);
171
  }
172
 
173
+ /**
174
+ * Decides whether to show the IP address detection settings notice.
175
+ *
176
+ * @return Boolean True if the IP address detection settings notice should be shown, otherwise false.
177
+ */
178
+ protected function should_show_ip_retrieval_settings_notice() {
179
+ if (!is_main_site()) {
180
+ return false;
181
+ }
182
+
183
+ if ($this->is_ip_settings_admin_page_tab()) {
184
+ return false;
185
+ }
186
+
187
+ if (defined('AIOS_FORCE_IP_RETRIEVAL_SETTINGS_NOTICE') && AIOS_FORCE_IP_RETRIEVAL_SETTINGS_NOTICE) {
188
+ return true;
189
+ }
190
+
191
+ global $aio_wp_security;
192
+
193
+ // Is notice dismissed.
194
+ if ('1' == $aio_wp_security->configs->get_value('dismiss_ip_retrieval_settings_notice')) {
195
+ return false;
196
+ }
197
+
198
+ $configured_ip_method_id = $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method');
199
+
200
+ if (AIOWPSecurity_Utility_IP::is_server_suitable_ip_methods_give_same_ip_address()) {
201
+ if ('' === $configured_ip_method_id) {
202
+ $most_suitable_ip_method = reset(AIOWPSecurity_Utility_IP::get_server_suitable_ip_methods());
203
+ if (!empty($most_suitable_ip_method)) {
204
+ $most_suitable_ip_method_id = array_search($most_suitable_ip_method, AIOS_Abstracted_Ids::get_ip_retrieve_methods());
205
+ $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', $most_suitable_ip_method_id);
206
+ $aio_wp_security->configs->save_config();//save the value
207
+ }
208
+ }
209
+
210
+ return false;
211
+ }
212
+
213
+ // If the IP retrieval method is not set.
214
+ $configured_ip_method_id = $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method');
215
+ if ('' === $configured_ip_method_id) {
216
+ return true;
217
+ }
218
+
219
+ $server_user_ip_address = AIOWPSecurity_Utility_IP::get_server_detected_user_ip_address();
220
+ return empty($server_user_ip_address);
221
+ }
222
+
223
+ /**
224
+ * Whether the current page is the AIOS IP retrieval admin page
225
+ *
226
+ * @return Boolean True if the current page is the AIOS database backup admin page, otherwise false.
227
+ */
228
+ private function is_ip_settings_admin_page_tab() {
229
+ return $this->is_settings_admin_page() && $this->is_advanced_settings_tab();
230
+ }
231
+
232
+ /**
233
+ * Whether the current page is the AIOS settings admin page
234
+ *
235
+ * @return Boolean True if the current page is the AIOS settings admin page, otherwise false.
236
+ */
237
+ private function is_settings_admin_page() {
238
+ return ('admin.php' == $GLOBALS['pagenow'] && isset($_GET['page']) && 'aiowpsec_settings' == $_GET['page']);
239
+ }
240
+
241
+ /**
242
+ * Whether the current tab is the advanced settings tab.
243
+ *
244
+ * @return Boolean True if the current tab is the advanced settings tab, otherwise false.
245
+ */
246
+ private function is_advanced_settings_tab() {
247
+ return (isset($_GET['tab']) && 'advanced-settings' == $_GET['tab']);
248
+ }
249
+
250
  /**
251
  * Check whether the UpdraftPlus plugin is active or not.
252
  *
269
 
270
  return true;
271
  }
272
+
273
+ /**
274
+ * Decides whether to show the IP address detection settings notice.
275
+ *
276
+ * @return Boolean True if the IP address detection settings notice should be shown, otherwise false.
277
+ */
278
+ protected function should_show_login_whitelist_disabled_on_upgrade_notice() {
279
+ if (!is_main_site()) {
280
+ return false;
281
+ }
282
+
283
+ if ($this->is_login_whitelist_admin_page_tab()) {
284
+ return false;
285
+ }
286
+
287
+ if (defined('AIOS_FORCE_LOGIN_WHITELIST_DISABLED_ON_UPGRADE_NOTICE') && AIOS_FORCE_LOGIN_WHITELIST_DISABLED_ON_UPGRADE_NOTICE) {
288
+ return true;
289
+ }
290
+
291
+ global $aio_wp_security;
292
+
293
+ if ('1' == $aio_wp_security->configs->get_value('aiowps_is_login_whitelist_disabled_on_upgrade') && '1' != $aio_wp_security->configs->get_value('aiowps_enable_whitelisting')) {
294
+ return true;
295
+ }
296
+
297
+ return false;
298
+ }
299
+
300
+ /**
301
+ * Whether the current page is the AIOS IP retrieval admin page
302
+ *
303
+ * @return Boolean True if the current page is the AIOS database backup admin page, otherwise false.
304
+ */
305
+ private function is_login_whitelist_admin_page_tab() {
306
+ return $this->is_brute_force_admin_page() && $this->is_login_whitelist_tab();
307
+ }
308
+
309
+ /**
310
+ * Whether the current page is the AIOS settings admin page
311
+ *
312
+ * @return Boolean True if the current page is the AIOS settings admin page, otherwise false.
313
+ */
314
+ private function is_brute_force_admin_page() {
315
+ return ('admin.php' == $GLOBALS['pagenow'] && isset($_GET['page']) && AIOWPSEC_BRUTE_FORCE_MENU_SLUG == $_GET['page']);
316
+ }
317
+
318
+ /**
319
+ * Whether the current tab is the advanced settings tab.
320
+ *
321
+ * @return Boolean True if the current tab is the advanced settings tab, otherwise false.
322
+ */
323
+ private function is_login_whitelist_tab() {
324
+ return (isset($_GET['tab']) && 'tab4' == $_GET['tab']);
325
+ }
326
+
327
  /**
328
  * Call this method to setup the notices
329
  */
330
  public function notices_init() {
331
  if ($this->initialized) return;
332
  $this->initialized = true;
333
+ $this->notices_content = $this->populate_notices_content();
334
 
335
  $enqueue_version = (defined('WP_DEBUG') && WP_DEBUG) ? AIO_WP_SECURITY_VERSION.'.'.time() : AIO_WP_SECURITY_VERSION;
336
  wp_enqueue_style('aiowpsec-admin-notices-css', AIO_WP_SECURITY_URL.'/css/wp-security-notices.css', array(), $enqueue_version);
465
  $template_file = 'report.php';
466
  } elseif ('report-plain' == $position) {
467
  $template_file = 'report-plain.php';
468
+ } elseif (in_array($position, AIOS_Abstracted_Ids::custom_admin_notice_ids())) {
469
+ $template_file = 'custom-notice.php';
470
  } else {
471
  $template_file = 'horizontal-notice.php';
472
  }
classes/wp-security-process-renamed-login-page.php CHANGED
@@ -139,7 +139,7 @@ class AIOWPSecurity_Process_Renamed_Login_Page {
139
  * @param int $expires The expiry time, as passed to setcookie().
140
  */
141
  $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
142
- setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH);
143
 
144
  wp_safe_redirect(wp_get_referer());
145
  exit();
@@ -236,6 +236,8 @@ class AIOWPSecurity_Process_Renamed_Login_Page {
236
  } else {
237
  global $wp_version;
238
  do_action('aiowps_rename_login_load');
 
 
239
  status_header(200);
240
  if (version_compare($wp_version, '5.7', '>=')) {
241
  require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php');
139
  * @param int $expires The expiry time, as passed to setcookie().
140
  */
141
  $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
142
+ setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
143
 
144
  wp_safe_redirect(wp_get_referer());
145
  exit();
236
  } else {
237
  global $wp_version;
238
  do_action('aiowps_rename_login_load');
239
+ AIOWPSecurity_Utility_IP::check_login_whitelist_and_forbid();
240
+
241
  status_header(200);
242
  if (version_compare($wp_version, '5.7', '>=')) {
243
  require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php');
classes/wp-security-utility-htaccess.php CHANGED
@@ -223,7 +223,6 @@ class AIOWPSecurity_Utility_Htaccess {
223
  $rules .= AIOWPSecurity_Utility_Htaccess::getrules_advanced_character_string_filter();
224
  $rules .= AIOWPSecurity_Utility_Htaccess::getrules_5g_blacklist();
225
  $rules .= AIOWPSecurity_Utility_Htaccess::getrules_block_spambots();
226
- $rules .= AIOWPSecurity_Utility_Htaccess::getrules_enable_login_whitelist_v2();
227
  $rules .= AIOWPSecurity_Utility_Htaccess::prevent_image_hotlinks();
228
  $custom_rules = AIOWPSecurity_Utility_Htaccess::getrules_custom_rules();
229
  if ($aio_wp_security->configs->get_value('aiowps_place_custom_rules_at_top')=='1') {
@@ -406,238 +405,6 @@ class AIOWPSecurity_Utility_Htaccess {
406
  return $rules;
407
  }
408
 
409
- /**
410
- * This function will write some directives to allow IPs in the whitelist to access wp-login.php or wp-admin
411
- * The function also handles the following special cases:
412
- * 1) If the rename login feature is being used: for this scenario instead of protecting wp-login.php we must protect the special page slug
413
- * 2) If the rename login feature is being used AND non permalink URL structure: for this case need to use mod_rewrite because we must check QUERY_STRING
414
- */
415
- public static function getrules_enable_login_whitelist() {
416
- global $aio_wp_security;
417
- $rules = '';
418
-
419
- if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
420
- $site_url = AIOWPSEC_WP_URL;
421
- $parse_url = parse_url($site_url);
422
- $hostname = $parse_url['host'];
423
- $host_ip = gethostbyname($hostname);
424
- $special_case = false;
425
- $rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_start . PHP_EOL; //Add feature marker start
426
- //If the rename login page feature is active, we will need to adjust the directives
427
- if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
428
- $secret_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
429
- if (!get_option('permalink_structure')) {
430
- //standard url structure is being used - ie, non permalinks
431
- $special_case = true;
432
- $rules .= '<IfModule mod_rewrite.c>' . PHP_EOL;
433
- $rules .= 'RewriteEngine on' . PHP_EOL;
434
- $rules .= 'RewriteCond %{QUERY_STRING} ^' . $secret_slug . '=1.*$' . PHP_EOL;
435
- $rules .= 'RewriteCond %{REMOTE_ADDR} !^' . preg_quote($host_ip) . '[OR]' . PHP_EOL;
436
- } else {
437
- $slug = preg_quote($secret_slug); //escape any applicable chars
438
- $rules .= '<FilesMatch "^(' . $slug . ')">' . PHP_EOL;
439
- }
440
- } else {
441
- $rules .= '<FilesMatch "^(wp-login\.php)">' . PHP_EOL;
442
- }
443
- if (!$special_case) {
444
- $rules .= 'Order Allow,Deny' . PHP_EOL;
445
- $rules .= 'Allow from ' . $hostname . PHP_EOL;
446
- $rules .= 'Allow from ' . $host_ip . PHP_EOL;
447
- }
448
-
449
- //Let's get list of whitelisted IPs
450
- $hosts = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'));
451
- if (!empty($hosts) && !(sizeof($hosts) == 1 && trim($hosts[0]) == '')) {
452
- $phosts = array();
453
- $num_hosts = count($hosts);
454
- $i = 0;
455
- foreach ($hosts as $host) {
456
- $host = trim($host);
457
- $or_string = ($i == $num_hosts - 1) ? '' : '[OR]'; //Add an [OR] clause for all except the last condition
458
-
459
- if (!in_array($host, $phosts)) {
460
- if (strstr($host, '*')) {
461
- $parts = array_reverse(explode('.', $host));
462
- $netmask = 32;
463
- foreach ($parts as $part) {
464
- if (strstr(trim($part), '*')) {
465
- $netmask = $netmask - 8;
466
-
467
- }
468
- }
469
- //*****Bug Fix ******
470
- //Seems that netmask does not work when using the following type of directive, ie,
471
- //RewriteCond %{REMOTE_ADDR} !^203\.87\.121\.0/24
472
-
473
- //The following works:
474
- //RewriteCond %{REMOTE_ADDR} !^203\.87\.121\.
475
-
476
- if ($special_case) {
477
- $dhost = trim(str_replace('*', '', implode('.', array_reverse($parts)), $count));
478
- if ($count > 1) {
479
- //means that we will have consecutive periods in the string and we must remove all except one - eg: 45.12..
480
- $dhost = rtrim($dhost, '.');
481
- $dhost = $dhost . '.';
482
- }
483
- } else {
484
- $dhost = trim(str_replace('*', '0', implode('.', array_reverse($parts))) . '/' . $netmask);
485
- }
486
- if (strlen($dhost) > 4) {
487
- if ($special_case) {
488
- $dhost = preg_quote($dhost); //escape any applicable chars
489
- $trule = 'RewriteCond %{REMOTE_ADDR} !^' . $dhost . $or_string . PHP_EOL;
490
- if (trim($trule) != 'RewriteCond %{REMOTE_ADDR}!=') {
491
- $rules .= $trule;
492
- }
493
- } else {
494
- $trule = 'Allow from ' . $dhost . PHP_EOL;
495
- if (trim($trule) != 'Allow from') {
496
- $rules .= $trule;
497
- }
498
- }
499
- }
500
- } else {
501
- $dhost = trim($host);
502
- //ipv6 - for now we will support only whole ipv6 addresses, NOT ranges
503
- if (strpos($dhost, ':') !== false) {
504
- //possible ipv6 addr
505
- $res = WP_Http::is_ip_address($dhost);
506
- if (false === $res) {
507
- continue;
508
- }
509
- }
510
- if (strlen($dhost) > 4 || '6' == $res) {
511
- if ($special_case) {
512
- $dhost = preg_quote($dhost); //escape any applicable chars
513
- $rules .= 'RewriteCond %{REMOTE_ADDR} !^' . $dhost . $or_string . PHP_EOL;
514
- } else {
515
- $rules .= 'Allow from ' . $dhost . PHP_EOL;
516
- }
517
-
518
- }
519
- }
520
- }
521
- $phosts[] = $host;
522
- $i++;
523
- }
524
- }
525
-
526
- if ($special_case) {
527
- $rules .= 'RewriteRule .* http://127.0.0.1 [L]' . PHP_EOL;
528
- $rules .= '</IfModule>' . PHP_EOL;
529
- } else {
530
- $rules .= '</FilesMatch>' . PHP_EOL;
531
- }
532
- $rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_end . PHP_EOL; //Add feature marker end
533
- }
534
-
535
- return $rules;
536
- }
537
-
538
- /**
539
- * (This is an updated and improved version of getrules_enable_login_whitelist())
540
- * This function will write some directives to allow IPs in the whitelist to access wp-login.php or wp-admin
541
- * The function also handles the following special cases:
542
- * 1) If the rename login feature is being used: for this scenario instead of protecting wp-login.php we must protect the special page slug
543
- * 2) If the rename login feature is being used AND non permalink URL structure: for this case need to use mod_rewrite because we must check QUERY_STRING
544
- */
545
- public static function getrules_enable_login_whitelist_v2() {
546
- global $aio_wp_security;
547
- $rules = '';
548
-
549
- if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
550
- $site_url = AIOWPSEC_WP_URL;
551
- $parse_url = parse_url($site_url);
552
- $hostname = $parse_url['host'];
553
- $host_ip = gethostbyname($hostname);
554
- $hidden_login_pretty_perms = false;
555
- $rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_start . PHP_EOL; //Add feature marker start
556
- //If the rename login page feature is active, we will need to adjust the directives
557
- if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
558
- $secret_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
559
- if (get_option('permalink_structure')) {
560
- $slug = preg_quote($secret_slug); //escape any applicable chars
561
- $rules .= '<FilesMatch "^(' . $slug . ')">' . PHP_EOL;
562
- } else {
563
- //standard url structure is being used - ie, non permalinks
564
- $hidden_login_pretty_perms = true;
565
- $rules .= '<IfModule mod_rewrite.c>' . PHP_EOL;
566
- $rules .= 'RewriteEngine on' . PHP_EOL;
567
- $rules .= 'RewriteCond %{QUERY_STRING} ^' . $secret_slug . '=1.*$' . PHP_EOL;
568
- $rules .= 'RewriteCond %{REMOTE_ADDR} !^' . preg_quote($host_ip) . PHP_EOL;
569
- }
570
- } else {
571
- $rules .= '<FilesMatch "^(wp-login\.php)">' . PHP_EOL;
572
- }
573
- $rules_apache_pre_24 = '';
574
- $rules_apache_24 = '';
575
- if (!$hidden_login_pretty_perms) {
576
- //start writing rules for versions of apache < 2.4
577
- $rules_apache_pre_24 .= '<IfModule !mod_authz_core.c>' . PHP_EOL;
578
- $rules_apache_pre_24 .= 'Order Allow,Deny' . PHP_EOL;
579
- $rules_apache_pre_24 .= 'Allow from ' . $hostname . PHP_EOL;
580
- $rules_apache_pre_24 .= 'Allow from ' . $host_ip . PHP_EOL;
581
-
582
- //start writing rules for versions of apache >=2.4
583
- $rules_apache_24 .= '<IfModule mod_authz_core.c>' . PHP_EOL;
584
- $rules_apache_24 .= 'Require all denied' . PHP_EOL;
585
- $rules_apache_24 .= 'Require local' . PHP_EOL;
586
- $rules_apache_24 .= 'Require ip 127.0.0.1' . PHP_EOL;
587
- $rules_apache_24 .= 'Require host ' . $hostname . PHP_EOL;
588
- }
589
-
590
- //Let's get list of whitelisted IPs
591
- $hosts = AIOWPSecurity_Utility::explode_trim_filter_empty($aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'));
592
- // Filter out duplicate lines, add netmask to IP addresses
593
- $ips_with_netmask = self::add_netmask(array_unique($hosts));
594
- if (!empty($ips_with_netmask)) {
595
- foreach ($ips_with_netmask as $xhost) {
596
- $ipv6 = false;
597
- if (false !== strpos($xhost, ':')) {
598
- //possible ipv6 addr or range
599
- $checked_ip = AIOWPSecurity_Utility_IP::is_ipv6_address_or_ipv6_range($xhost);
600
- if (false == $checked_ip) {
601
- continue;
602
- }
603
- }
604
- $ip_range = substr($xhost, 0, strpos($xhost, "/")); //check if address range
605
- if ($hidden_login_pretty_perms) {
606
- if (!empty($ip_range)) {
607
- $xhost = $ip_range; //get the IP minus the slash with netmask bits
608
- }
609
- if (!$ipv6) {
610
- $xhost = preg_replace("/[\.0]+$/", ".", $xhost);
611
- $xhost = preg_quote($xhost);
612
- }
613
- $rules .= 'RewriteCond %{REMOTE_ADDR} !^' . $xhost . PHP_EOL;
614
- } else {
615
- //write rules for both apache 2.2 and 2.4+
616
- $rules_apache_pre_24 .= 'Allow from ' . $xhost . PHP_EOL;
617
- $rules_apache_24 .= 'Require ip '. $xhost . PHP_EOL;
618
- }
619
- }
620
-
621
- }
622
- if (!empty($rules_apache_pre_24)) {
623
- $rules_apache_pre_24 .= '</IfModule>' . PHP_EOL;
624
- }
625
- if (!empty($rules_apache_24)) {
626
- $rules_apache_24 .= '</IfModule>' . PHP_EOL;
627
- }
628
- $rules .= $rules_apache_pre_24 . $rules_apache_24;
629
- if ($hidden_login_pretty_perms) {
630
- $rules .= 'RewriteRule .* http://127.0.0.1 [L]' . PHP_EOL;
631
- $rules .= '</IfModule>' . PHP_EOL;
632
- } else {
633
- $rules .= '</FilesMatch>' . PHP_EOL;
634
- }
635
- $rules .= AIOWPSecurity_Utility_Htaccess::$enable_login_whitelist_marker_end . PHP_EOL; //Add feature marker end
636
- }
637
-
638
- return $rules;
639
- }
640
-
641
  /**
642
  * This function will disable directory listings for all directories, add this line to the
643
  * site’s root .htaccess file.
@@ -731,7 +498,8 @@ class AIOWPSecurity_Utility_Htaccess {
731
  //$rules .= 'RewriteCond %{QUERY_STRING} ^.*([|]|(|)||\'|"|;|?|*).* [NC,OR]' . PHP_EOL;
732
  //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]' . PHP_EOL;
733
  //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]' . PHP_EOL;
734
- $rules .= 'RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]' . PHP_EOL;
 
735
  $rules .= 'RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(request|insert|union|declare|drop) [NC]' . PHP_EOL;
736
  $rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
737
  $rules .= '</IfModule>' . PHP_EOL;
223
  $rules .= AIOWPSecurity_Utility_Htaccess::getrules_advanced_character_string_filter();
224
  $rules .= AIOWPSecurity_Utility_Htaccess::getrules_5g_blacklist();
225
  $rules .= AIOWPSecurity_Utility_Htaccess::getrules_block_spambots();
 
226
  $rules .= AIOWPSecurity_Utility_Htaccess::prevent_image_hotlinks();
227
  $custom_rules = AIOWPSecurity_Utility_Htaccess::getrules_custom_rules();
228
  if ($aio_wp_security->configs->get_value('aiowps_place_custom_rules_at_top')=='1') {
405
  return $rules;
406
  }
407
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
408
  /**
409
  * This function will disable directory listings for all directories, add this line to the
410
  * site’s root .htaccess file.
498
  //$rules .= 'RewriteCond %{QUERY_STRING} ^.*([|]|(|)||\'|"|;|?|*).* [NC,OR]' . PHP_EOL;
499
  //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]' . PHP_EOL;
500
  //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]' . PHP_EOL;
501
+ // removed localhost because It was giving 403 error while browsing the URL http://localhost/aios2/wp-login.php?redirect_to=http%3A%2F%2Flocalhost%2Faios2%2Fwp-admin%2F&reauth=1
502
+ $rules .= 'RewriteCond %{QUERY_STRING} ^.*(globals|encode|loopback).* [NC,OR]' . PHP_EOL;
503
  $rules .= 'RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(request|insert|union|declare|drop) [NC]' . PHP_EOL;
504
  $rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
505
  $rules .= '</IfModule>' . PHP_EOL;
classes/wp-security-utility-ip-address.php CHANGED
@@ -8,28 +8,58 @@ class AIOWPSecurity_Utility_IP {
8
  //NOP
9
  }
10
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
11
  /**
12
  * Get user IP Address.
13
  *
14
  * @return string User IP Address.
15
  */
16
  public static function get_user_ip_address() {
17
- $user_ip = '';
18
- if (isset($_SERVER['HTTP_X_REAL_IP'])) {
19
- $user_ip = sanitize_text_field(wp_unslash($_SERVER['HTTP_X_REAL_IP']));
20
- } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
21
- // Proxy servers can send through this header like this: X-Forwarded-For: client1, proxy1, proxy2
22
- // Make sure we always only send through the first IP in the list which should always be the client IP.
23
- $user_ip = (string) rest_is_ip_address(trim(current(preg_split('/,/', sanitize_text_field(wp_unslash($_SERVER['HTTP_X_FORWARDED_FOR']))))));
24
- } elseif (isset($_SERVER['REMOTE_ADDR'])) {
25
- $user_ip = sanitize_text_field(wp_unslash($_SERVER['REMOTE_ADDR']));
26
- }
27
 
28
- if (in_array($user_ip, array('', '127.0.0.1', '::1'))) {
29
- $user_ip = self::get_external_ip_address();
30
  }
31
 
32
- return $user_ip;
33
  }
34
 
35
  /**
@@ -62,6 +92,48 @@ class AIOWPSecurity_Utility_IP {
62
 
63
  return $external_ip_address;
64
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
65
 
66
  /**
67
  * Returns the first three octets of a sanitized IP address so it can used as an IP address range
@@ -255,4 +327,31 @@ class AIOWPSecurity_Utility_IP {
255
  return false;
256
  }
257
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
258
  }
8
  //NOP
9
  }
10
 
11
+ /**
12
+ * Get sever detected visitor IP Address.
13
+ *
14
+ * @return String visitor IP Address.
15
+ */
16
+ public static function get_server_detected_user_ip_address() {
17
+ global $aio_wp_security;
18
+
19
+ // check if user configured custom IP retrieval method
20
+ $ip_method_id = $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method');
21
+
22
+ $visitor_ip = '';
23
+ $ip_retrieve_methods = AIOS_Abstracted_Ids::get_ip_retrieve_methods();
24
+
25
+ if (empty($ip_method_id) || !isset($ip_retrieve_methods[$ip_method_id])) {
26
+ $ip_method_id = 0;
27
+ }
28
+
29
+ $visitor_ip = isset($_SERVER[$ip_retrieve_methods[$ip_method_id]]) ? $_SERVER[$ip_retrieve_methods[$ip_method_id]] : '';
30
+
31
+ // Check if multiple IPs were given - these will be present as comma-separated list
32
+ if (stristr($visitor_ip, ',')) {
33
+ $temp = explode(',', $visitor_ip);
34
+ $visitor_ip = trim(reset($temp)); //get first address because this will likely be the original connecting IP
35
+ }
36
+
37
+ // Now remove port portion if applicable
38
+ if (false !== strpos($visitor_ip, '.') && false !== strpos($visitor_ip, ':')) {
39
+ // likely ipv4 address with port
40
+ $visitor_ip = preg_replace('/:\d+$/', '', $visitor_ip); //Strip off port
41
+ }
42
+
43
+ if (!filter_var($visitor_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && !filter_var($visitor_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
44
+ $visitor_ip = empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR'];
45
+ }
46
+
47
+ return $visitor_ip;
48
+ }
49
+
50
  /**
51
  * Get user IP Address.
52
  *
53
  * @return string User IP Address.
54
  */
55
  public static function get_user_ip_address() {
56
+ $visitor_ip = self::get_server_detected_user_ip_address();
 
 
 
 
 
 
 
 
 
57
 
58
+ if ((!defined('AIOS_DISABLE_GET_EXTERNAL_IP') || !AIOS_DISABLE_GET_EXTERNAL_IP) && in_array($visitor_ip, array('', '127.0.0.1', '::1'))) {
59
+ $visitor_ip = self::get_external_ip_address();
60
  }
61
 
62
+ return $visitor_ip;
63
  }
64
 
65
  /**
92
 
93
  return $external_ip_address;
94
  }
95
+
96
+ /**
97
+ * Get server suitable IP methods.
98
+ *
99
+ * @return Array array of IP methods.
100
+ */
101
+ public static function get_server_suitable_ip_methods() {
102
+ static $server_suitable_ip_methods;
103
+ if (!isset($server_suitable_ip_methods)) {
104
+ $server_suitable_ip_methods = array();
105
+ foreach (AIOS_Abstracted_Ids::get_ip_retrieve_methods() as $ip_method) {
106
+ if (isset($_SERVER[$ip_method])) {
107
+ $server_suitable_ip_methods[] = $ip_method;
108
+ }
109
+ }
110
+ }
111
+ return $server_suitable_ip_methods;
112
+ }
113
+
114
+ /**
115
+ * Check whether all sever suitable IP address is giving same IP address or not.
116
+ *
117
+ * @return Boolean True if all server suitable IP methods gives same IP address, otherwise false.
118
+ */
119
+ public static function is_server_suitable_ip_methods_give_same_ip_address() {
120
+ $server_suitable_ip_methods = self::get_server_suitable_ip_methods();
121
+
122
+ if (empty($server_suitable_ip_methods)) {
123
+ return false;
124
+ }
125
+
126
+ if (1 === count($server_suitable_ip_methods)) {
127
+ return true;
128
+ }
129
+
130
+ $ip_addresses = array();
131
+ foreach ($server_suitable_ip_methods as $server_suitable_ip_method) {
132
+ $ip_addresses[] = $_SERVER[$server_suitable_ip_method];
133
+ }
134
+
135
+ return (1 === count(array_unique($ip_addresses)));
136
+ }
137
 
138
  /**
139
  * Returns the first three octets of a sanitized IP address so it can used as an IP address range
327
  return false;
328
  }
329
 
330
+ /**
331
+ * If login whitelist enabled and the user IP is not whitelisted, Then forbid access.
332
+ *
333
+ * @return void
334
+ */
335
+ public static function check_login_whitelist_and_forbid() {
336
+ if (defined('AIOS_DISABLE_LOGIN_WHITELIST') && AIOS_DISABLE_LOGIN_WHITELIST) {
337
+ return;
338
+ }
339
+
340
+ global $aio_wp_security;
341
+
342
+ if ('1' != $aio_wp_security->configs->get_value('aiowps_enable_whitelisting')) {
343
+ return;
344
+ }
345
+
346
+ $ip = AIOWPSecurity_Utility_IP::get_user_ip_address(); //Get the IP address of user
347
+ $whitelisted_ips = $aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses');
348
+ $is_whitelisted = AIOWPSecurity_Utility_IP::is_ip_whitelisted($ip, $whitelisted_ips);
349
+
350
+ if ($is_whitelisted) {
351
+ return;
352
+ }
353
+
354
+ header('HTTP/1.1 403 Forbidden');
355
+ exit();
356
+ }
357
  }
classes/wp-security-utility.php CHANGED
@@ -211,7 +211,16 @@ class AIOWPSecurity_Utility {
211
  if (empty($cookie_domain)) {
212
  $cookie_domain = COOKIE_DOMAIN;
213
  }
214
- setcookie($cookie_name, $cookie_value, $expiry_time, $path, $cookie_domain);
 
 
 
 
 
 
 
 
 
215
  }
216
 
217
  /**
@@ -227,6 +236,15 @@ class AIOWPSecurity_Utility {
227
  return "";
228
  }
229
 
 
 
 
 
 
 
 
 
 
230
  /**
231
  * This is a general yellow box message for when we want to suppress a feature's config items because site is subsite of multi-site
232
  */
@@ -779,4 +797,42 @@ class AIOWPSecurity_Utility {
779
  return is_admin() &&
780
  preg_match('#/wp-admin/plugins.php$#i', $_SERVER['PHP_SELF']) && isset($_GET['plugin']) && (preg_match("/\/two-factor-login.php/", $_GET['plugin']) || preg_match("/all-in-one-wp-security-and-firewall/", $_GET['plugin']));
781
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
782
  }
211
  if (empty($cookie_domain)) {
212
  $cookie_domain = COOKIE_DOMAIN;
213
  }
214
+ setcookie($cookie_name, $cookie_value, $expiry_time, $path, $cookie_domain, is_ssl(), true);
215
+ }
216
+
217
+ /**
218
+ * Get brute force secret cookie name.
219
+ *
220
+ * @return String Brute force secret cookie name.
221
+ */
222
+ public static function get_brute_force_secret_cookie_name() {
223
+ return 'aios_brute_force_secret_' . COOKIEHASH;
224
  }
225
 
226
  /**
236
  return "";
237
  }
238
 
239
+ /**
240
+ * Checks if installation is multisite or not.
241
+ *
242
+ * @return Boolean True if the site is network multisite, false otherwise.
243
+ */
244
+ public static function is_multisite_install() {
245
+ return function_exists('is_multisite') && is_multisite();
246
+ }
247
+
248
  /**
249
  * This is a general yellow box message for when we want to suppress a feature's config items because site is subsite of multi-site
250
  */
797
  return is_admin() &&
798
  preg_match('#/wp-admin/plugins.php$#i', $_SERVER['PHP_SELF']) && isset($_GET['plugin']) && (preg_match("/\/two-factor-login.php/", $_GET['plugin']) || preg_match("/all-in-one-wp-security-and-firewall/", $_GET['plugin']));
799
  }
800
+
801
+ /**
802
+ * Check whether the site is running on localhost or not.
803
+ *
804
+ * @return Boolean True if the site is on localhost, otherwise false.
805
+ */
806
+ public static function is_localhost() {
807
+ if (defined('AIOS_IS_LOCALHOST')) {
808
+ return AIOS_IS_LOCALHOST;
809
+ }
810
+
811
+ if (empty($_SERVER['REMOTE_ADDR'])) {
812
+ return false;
813
+ }
814
+ return in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')) ? true : false;
815
+ }
816
+
817
+ /**
818
+ * Get server software.
819
+ *
820
+ * @return string Server software or empty.
821
+ */
822
+ public static function get_server_software() {
823
+ static $server_software;
824
+ if (!isset($server_software)) {
825
+ $server_software = (isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '');
826
+ }
827
+ return $server_software;
828
+ }
829
+
830
+ /**
831
+ * Check whether the server is apache or not.
832
+ *
833
+ * @return Boolean True the server is apache, otherwise false.
834
+ */
835
+ public static function is_apache_server() {
836
+ return (false !== strpos(self::get_server_software(), 'Apache'));
837
+ }
838
  }
classes/wp-security-wp-loaded-tasks.php CHANGED
@@ -59,6 +59,8 @@ class AIOWPSecurity_WP_Loaded_Tasks {
59
  //https://wordpress.org/support/topic/already-logged-in-no-captcha
60
  if (is_user_logged_in()) {
61
  wp_redirect(admin_url());
 
 
62
  }
63
  }
64
 
59
  //https://wordpress.org/support/topic/already-logged-in-no-captcha
60
  if (is_user_logged_in()) {
61
  wp_redirect(admin_url());
62
+ } else {
63
+ AIOWPSecurity_Utility_IP::check_login_whitelist_and_forbid();
64
  }
65
  }
66
 
includes/simba-tfa/includes/login-form-integrations.php CHANGED
@@ -108,7 +108,7 @@ class Simba_TFA_Login_Form_Integrations {
108
  if (is_wp_error($code_ok)) {
109
  $login->add_error($code_ok->get_error_code, $code_ok->get_error_message());
110
  } elseif (!$code_ok) {
111
- $login->add_error('authentication_failed', __('Error:', 'all-in-one-wp-security-and-firewall').' '.__('The one-time password (TFA code) you entered was incorrect.', 'all-in-one-wp-security-and-firewall'));
112
  }
113
 
114
  }
108
  if (is_wp_error($code_ok)) {
109
  $login->add_error($code_ok->get_error_code, $code_ok->get_error_message());
110
  } elseif (!$code_ok) {
111
+ $login->add_error('authentication_failed', __('Error:', 'all-in-one-wp-security-and-firewall').' '.apply_filters('simba_tfa_message_code_incorrect', __('The one-time password (TFA code) you entered was incorrect.', 'all-in-one-wp-security-and-firewall')));
112
  }
113
 
114
  }
includes/simba-tfa/includes/tfa.js CHANGED
@@ -94,6 +94,7 @@ jQuery(function($) {
94
  console.log(jq_xhr);
95
  if (jq_xhr.hasOwnProperty('responseText')) {
96
  console.log(jq_xhr.responseText);
 
97
  }
98
  }
99
  });
94
  console.log(jq_xhr);
95
  if (jq_xhr.hasOwnProperty('responseText')) {
96
  console.log(jq_xhr.responseText);
97
+ $(form).append('<p class="error" style="clear:left;">'+simba_tfasettings.error+'</p>');
98
  }
99
  }
100
  });
includes/simba-tfa/includes/tfa_frontend.php CHANGED
@@ -65,7 +65,7 @@ class Simba_TFA_Frontend {
65
  $allow_enable_or_disable = true;
66
  } else {
67
  $return_array['error'] = 'code_wrong';
68
- $return_array['message'] = __('The TFA code you entered was incorrect.', 'all-in-one-wp-security-and-firewall');
69
  }
70
  }
71
 
65
  $allow_enable_or_disable = true;
66
  } else {
67
  $return_array['error'] = 'code_wrong';
68
+ $return_array['message'] = apply_filters('simba_tfa_message_code_incorrect', __('The TFA code you entered was incorrect.', 'all-in-one-wp-security-and-firewall'));
69
  }
70
  }
71
 
includes/simba-tfa/providers/totp-hotp/loader.php CHANGED
@@ -6,35 +6,89 @@ if (!class_exists('HOTP')) require_once(__DIR__.'/hotp-php-master/hotp.php');
6
  if (!class_exists('Base32')) require_once(__DIR__.'/Base32/Base32.php');
7
 
8
  class Simba_TFA_Provider_TOTP {
9
-
10
- // @var Simba_Two_Factor_Authentication
 
 
 
 
11
  private $tfa;
12
 
13
- // @var String
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
14
  private $salt_prefix;
15
 
16
- // @var String
 
 
 
 
17
  private $pw_prefix;
18
 
19
- // @var Integer
 
 
 
 
20
  private $time_window_size;
21
 
22
- // @var Integer
 
 
 
 
23
  private $check_back_time_windows;
24
 
25
- // @var Integer
 
 
 
 
26
  private $check_forward_time_windows;
27
 
28
- // @var Integer
 
 
 
 
29
  private $otp_length = 6;
30
 
31
- // @var Integer
 
 
 
 
32
  private $emergency_codes_length = 8;
33
 
34
- // @var String
 
 
 
 
35
  public $default_hmac = 'totp';
36
 
37
- // @var Boolean
 
 
 
 
38
  private $settings_saved = false;
39
 
40
  /**
@@ -507,13 +561,12 @@ class Simba_TFA_Provider_TOTP {
507
 
508
  $tfa_priv_key_32 = Base32::encode($tfa_priv_key);
509
 
 
 
510
  if ('full' == $type) {
511
  ?>
512
- <strong><?php echo __('Private key (base 32 - used by Google Authenticator and Authy):', 'all-in-one-wp-security-and-firewall');?></strong>
513
  <?php echo htmlspecialchars($tfa_priv_key_32); ?><br>
514
-
515
- <strong><?php echo __('Private key:', 'all-in-one-wp-security-and-firewall');?></strong>
516
- <?php echo htmlspecialchars($tfa_priv_key); ?><br>
517
  <?php
518
  } elseif ('plain' == $type) {
519
  echo htmlspecialchars($tfa_priv_key);
6
  if (!class_exists('Base32')) require_once(__DIR__.'/Base32/Base32.php');
7
 
8
  class Simba_TFA_Provider_TOTP {
9
+
10
+ /**
11
+ * Simba 2FA object
12
+ *
13
+ * @var object instance of Simba_Two_Factor_Authentication
14
+ */
15
  private $tfa;
16
 
17
+ /**
18
+ * OTP helper object
19
+ *
20
+ * @var object instance of HOTP
21
+ */
22
+ private $otp_helper;
23
+
24
+ /**
25
+ * Forward counter window to check number of times
26
+ *
27
+ * @var int
28
+ */
29
+ private $check_forward_counter_window;
30
+
31
+ /**
32
+ * Salt prefix
33
+ *
34
+ * @var string
35
+ */
36
  private $salt_prefix;
37
 
38
+ /**
39
+ * Password prefix
40
+ *
41
+ * @var string
42
+ */
43
  private $pw_prefix;
44
 
45
+ /**
46
+ * Time window size
47
+ *
48
+ * @var int
49
+ */
50
  private $time_window_size;
51
 
52
+ /**
53
+ * Check back time window
54
+ *
55
+ * @var int
56
+ */
57
  private $check_back_time_windows;
58
 
59
+ /**
60
+ * Check forward time windows
61
+ *
62
+ * @var int
63
+ */
64
  private $check_forward_time_windows;
65
 
66
+ /**
67
+ * OTP length
68
+ *
69
+ * @var int
70
+ */
71
  private $otp_length = 6;
72
 
73
+ /**
74
+ * Emergency codes length
75
+ *
76
+ * @var int
77
+ */
78
  private $emergency_codes_length = 8;
79
 
80
+ /**
81
+ * Default HMAC type
82
+ *
83
+ * @var string
84
+ */
85
  public $default_hmac = 'totp';
86
 
87
+ /**
88
+ * Settings saved flag
89
+ *
90
+ * @var boolean
91
+ */
92
  private $settings_saved = false;
93
 
94
  /**
561
 
562
  $tfa_priv_key_32 = Base32::encode($tfa_priv_key);
563
 
564
+ // The first (base32) private key used to have the description "base 32 - used by Google Authenticator and Authy", and the base64 version was just described as "private key". But basically the former is what everything uses.
565
+ //<strong>Private key:</strong> htmlspecialchars($tfa_priv_key)
566
  if ('full' == $type) {
567
  ?>
568
+ <strong><?php _e('Private key:', 'two-factor-authentication');?></strong>
569
  <?php echo htmlspecialchars($tfa_priv_key_32); ?><br>
 
 
 
570
  <?php
571
  } elseif ('plain' == $type) {
572
  echo htmlspecialchars($tfa_priv_key);
includes/simba-tfa/simba-tfa.php CHANGED
@@ -3,10 +3,34 @@
3
  if (!defined('ABSPATH')) die('Access denied.');
4
 
5
  class Simba_Two_Factor_Authentication {
6
-
 
 
 
 
 
7
  protected $frontend;
8
-
 
 
 
 
 
9
  protected $totp_controller;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
10
 
11
  /**
12
  * URL slug for the plugin's option page
@@ -766,7 +790,7 @@ class Simba_Two_Factor_Authentication {
766
  }
767
 
768
  /**
769
- * Here's where the login action happens. Called on the WP 'authenticate' action.
770
  *
771
  * @param WP_Error|WP_User $user
772
  * @param String $username - this is not necessarily the WP username; it is whatever was typed in the form, so can be an email address
@@ -775,7 +799,7 @@ class Simba_Two_Factor_Authentication {
775
  * @return WP_Error|WP_User
776
  */
777
  public function tfaVerifyCodeAndUser($user, $username, $password) {
778
- // When both AIOWPS and Two Factor Authentication plugins are active, this function called more than once, To prevent it, this code is written.
779
  if (isset(self::$is_authenticated[$this->authentication_slug]) && self::$is_authenticated[$this->authentication_slug]) {
780
  return $user;
781
  }
@@ -816,7 +840,7 @@ class Simba_Two_Factor_Authentication {
816
  if (is_wp_error($code_ok)) {
817
  $ret = $code_ok;
818
  } elseif (!$code_ok) {
819
- $ret = new WP_Error('authentication_failed', '<strong>'.__('Error:', 'all-in-one-wp-security-and-firewall').'</strong> '.__('The one-time password (TFA code) you entered was incorrect.', 'all-in-one-wp-security-and-firewall'));
820
  } elseif ($user) {
821
  $ret = $user;
822
  } else {
@@ -1177,6 +1201,7 @@ class Simba_Two_Factor_Authentication {
1177
  'nonce' => wp_create_nonce('simba_tfa_loginform_nonce'),
1178
  'login_form_selectors' => '',
1179
  'login_form_off_selectors' => '',
 
1180
  );
1181
 
1182
  // Spinner exists since WC 3.8. Use the proper functions to avoid SSL warnings.
3
  if (!defined('ABSPATH')) die('Access denied.');
4
 
5
  class Simba_Two_Factor_Authentication {
6
+
7
+ /**
8
+ * Simba 2FA frontend object
9
+ *
10
+ * @var Object
11
+ */
12
  protected $frontend;
13
+
14
+ /**
15
+ * Simba 2FA totp object
16
+ *
17
+ * @var Object
18
+ */
19
  protected $totp_controller;
20
+
21
+ /**
22
+ * Flag for prevent PHP notices in AJAX
23
+ *
24
+ * @var Boolean
25
+ */
26
+ private $output_buffering;
27
+
28
+ /**
29
+ * Logged error lines array
30
+ *
31
+ * @var Array
32
+ */
33
+ private $logged;
34
 
35
  /**
36
  * URL slug for the plugin's option page
790
  }
791
 
792
  /**
793
+ * Here's where the login action happens. Called on the WP 'authenticate' action (which also happens when wp-login.php loads, so parameters need checking).
794
  *
795
  * @param WP_Error|WP_User $user
796
  * @param String $username - this is not necessarily the WP username; it is whatever was typed in the form, so can be an email address
799
  * @return WP_Error|WP_User
800
  */
801
  public function tfaVerifyCodeAndUser($user, $username, $password) {
802
+ // When both the AIOWPS and Two Factor Authentication plugins are active, this function is called more than once; that should be short-circuited.
803
  if (isset(self::$is_authenticated[$this->authentication_slug]) && self::$is_authenticated[$this->authentication_slug]) {
804
  return $user;
805
  }
840
  if (is_wp_error($code_ok)) {
841
  $ret = $code_ok;
842
  } elseif (!$code_ok) {
843
+ $ret = new WP_Error('authentication_failed', '<strong>'.__('Error:', 'all-in-one-wp-security-and-firewall').'</strong> '.apply_filters('simba_tfa_message_code_incorrect', __('The one-time password (TFA code) you entered was incorrect.', 'all-in-one-wp-security-and-firewall')));
844
  } elseif ($user) {
845
  $ret = $user;
846
  } else {
1201
  'nonce' => wp_create_nonce('simba_tfa_loginform_nonce'),
1202
  'login_form_selectors' => '',
1203
  'login_form_off_selectors' => '',
1204
+ 'error' => __('An error has occurred. Site owners can check the JavaScript console for more details.', 'all-in-one-wp-security-and-firewall'),
1205
  );
1206
 
1207
  // Spinner exists since WC 3.8. Use the proper functions to avoid SSL warnings.
includes/simba-tfa/templates/settings-intro-notices.php CHANGED
@@ -1,7 +1,7 @@
1
  <p class="simba_tfa_personal_settings_notice simba_tfa_intro_notice">
2
  <?php
3
 
4
- echo __('These are your personal settings.', 'all-in-one-wp-security-and-firewall').' '.__('Nothing you change here will have any effect on other users.', 'all-in-one-wp-security-and-firewall');
5
 
6
  if (is_multisite()) {
7
  if (is_super_admin()) {
1
  <p class="simba_tfa_personal_settings_notice simba_tfa_intro_notice">
2
  <?php
3
 
4
+ echo apply_filters('simba_tfa_message_personal_settings', __('These are your personal settings.', 'all-in-one-wp-security-and-firewall').' '.__('Nothing you change here will have any effect on other users.', 'all-in-one-wp-security-and-firewall'));
5
 
6
  if (is_multisite()) {
7
  if (is_super_admin()) {
js/wp-security-admin-script.js CHANGED
@@ -1,4 +1,175 @@
1
- jQuery(document).ready(function($){
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
  //Add Generic Admin Dashboard JS Code in this file
3
 
4
  //Media Uploader - start
1
+ /**
2
+ * Send an action over AJAX. A wrapper around jQuery.ajax. In future, all consumers can be reviewed to simplify some of the options, where there is historical cruft.
3
+ *
4
+ * @param {string} action - the action to send
5
+ * @param {*} data - data to send
6
+ * @param {Function} callback - will be called with the results
7
+ * @param {object} options -further options. Relevant properties include:
8
+ * - [json_parse=true] - whether to JSON parse the results
9
+ * - [alert_on_error=true] - whether to show an alert box if there was a problem (otherwise, suppress it)
10
+ * - [action='aios_ajax'] - what to send as the action parameter on the AJAX request (N.B. action parameter to this function goes as the 'subaction' parameter on the AJAX request)
11
+ * - [nonce=aios_ajax_nonce] - the nonce value to send.
12
+ * - [nonce_key='nonce'] - the key value for the nonce field
13
+ * - [timeout=null] - set a timeout after this number of seconds (or if null, none is set)
14
+ * - [async=true] - control whether the request is asynchronous (almost always wanted) or blocking (would need to have a specific reason)
15
+ * - [type='POST'] - GET or POST
16
+ */
17
+ function aios_send_command(action, data, callback, options) {
18
+
19
+ default_options = {
20
+ json_parse: true,
21
+ alert_on_error: true,
22
+ action: 'aios_ajax',
23
+ nonce: aios_data.ajax_nonce,
24
+ nonce_key: 'nonce',
25
+ timeout: null,
26
+ async: true,
27
+ type: 'POST'
28
+ };
29
+
30
+ if ('undefined' === typeof options) options = {};
31
+
32
+ for (var opt in default_options) {
33
+ if (!options.hasOwnProperty(opt)) { options[opt] = default_options[opt]; }
34
+ }
35
+
36
+ var ajax_data = {
37
+ action: options.action,
38
+ subaction: action,
39
+ };
40
+
41
+ ajax_data[options.nonce_key] = options.nonce;
42
+ ajax_data.data = data;
43
+
44
+ var ajax_opts = {
45
+ type: options.type,
46
+ url: ajaxurl,
47
+ data: ajax_data,
48
+ success: function(response, status) {
49
+ if (options.json_parse) {
50
+ try {
51
+ var resp = aios_parse_json(response);
52
+ } catch (e) {
53
+ if ('function' == typeof options.error_callback) {
54
+ return options.error_callback(response, e, 502, resp);
55
+ } else {
56
+ console.log(e);
57
+ console.log(response);
58
+ if (options.alert_on_error) { alert(aios_trans.unexpected_response+' '+response); }
59
+ return;
60
+ }
61
+ }
62
+ if (resp.hasOwnProperty('fatal_error')) {
63
+ if ('function' == typeof options.error_callback) {
64
+ // 500 is internal server error code
65
+ return options.error_callback(response, status, 500, resp);
66
+ } else {
67
+ console.error(resp.fatal_error_message);
68
+ if (options.alert_on_error) { alert(resp.fatal_error_message); }
69
+ return false;
70
+ }
71
+ }
72
+ if ('function' == typeof callback) callback(resp, status, response);
73
+ } else {
74
+ if ('function' == typeof callback) callback(response, status);
75
+ }
76
+ },
77
+ error: function(response, status, error_code) {
78
+ if ('function' == typeof options.error_callback) {
79
+ options.error_callback(response, status, error_code);
80
+ } else {
81
+ console.log("aios_send_command: error: "+status+" ("+error_code+")");
82
+ console.log(response);
83
+ }
84
+ },
85
+ dataType: 'text',
86
+ async: options.async
87
+ };
88
+
89
+ if (null != options.timeout) { ajax_opts.timeout = options.timeout; }
90
+
91
+ jQuery.ajax(ajax_opts);
92
+
93
+ }
94
+
95
+ /**
96
+ * Parse JSON string, including automatically detecting unwanted extra input and skipping it
97
+ *
98
+ * @param {string} json_mix_str - JSON string which need to parse and convert to object
99
+ * @param {boolean} analyse - if true, then the return format will contain information on the parsing, and parsing will skip attempting to JSON.parse() the entire string (will begin with trying to locate the actual JSON)
100
+ *
101
+ * @throws SyntaxError|String (including passing on what JSON.parse may throw) if a parsing error occurs.
102
+ *
103
+ * @returns Mixed parsed JSON object. Will only return if parsing is successful (otherwise, will throw). If analyse is true, then will rather return an object with properties (mixed)parsed, (integer)json_start_pos and (integer)json_end_pos
104
+ */
105
+ function aios_parse_json(json_mix_str, analyse) {
106
+
107
+ analyse = ('undefined' === typeof analyse) ? false : true;
108
+
109
+ // Just try it - i.e. the 'default' case where things work (which can include extra whitespace/line-feeds, and simple strings, etc.).
110
+ if (!analyse) {
111
+ try {
112
+ var result = JSON.parse(json_mix_str);
113
+ return result;
114
+ } catch (e) {
115
+ console.log('AIOS: Exception when trying to parse JSON (1) - will attempt to fix/re-parse based upon first/last curly brackets');
116
+ console.log(json_mix_str);
117
+ }
118
+ }
119
+
120
+ var json_start_pos = json_mix_str.indexOf('{');
121
+ var json_last_pos = json_mix_str.lastIndexOf('}');
122
+
123
+ // Case where some php notice may be added after or before json string
124
+ if (json_start_pos > -1 && json_last_pos > -1) {
125
+ var json_str = json_mix_str.slice(json_start_pos, json_last_pos + 1);
126
+ try {
127
+ var parsed = JSON.parse(json_str);
128
+ if (!analyse) { console.log('AIOS: JSON re-parse successful'); }
129
+ return analyse ? { parsed: parsed, json_start_pos: json_start_pos, json_last_pos: json_last_pos + 1 } : parsed;
130
+ } catch (e) {
131
+ console.log('AIOS: Exception when trying to parse JSON (2) - will attempt to fix/re-parse based upon bracket counting');
132
+
133
+ var cursor = json_start_pos;
134
+ var open_count = 0;
135
+ var last_character = '';
136
+ var inside_string = false;
137
+
138
+ // Don't mistake this for a real JSON parser. Its aim is to improve the odds in real-world cases seen, not to arrive at universal perfection.
139
+ while ((open_count > 0 || cursor == json_start_pos) && cursor <= json_last_pos) {
140
+
141
+ var current_character = json_mix_str.charAt(cursor);
142
+
143
+ if (!inside_string && '{' == current_character) {
144
+ open_count++;
145
+ } else if (!inside_string && '}' == current_character) {
146
+ open_count--;
147
+ } else if ('"' == current_character && '\\' != last_character) {
148
+ inside_string = inside_string ? false : true;
149
+ }
150
+
151
+ last_character = current_character;
152
+ cursor++;
153
+ }
154
+ console.log("Started at cursor="+json_start_pos+", ended at cursor="+cursor+" with result following:");
155
+ console.log(json_mix_str.substring(json_start_pos, cursor));
156
+
157
+ try {
158
+ var parsed = JSON.parse(json_mix_str.substring(json_start_pos, cursor));
159
+ console.log('AIOS: JSON re-parse successful');
160
+ return analyse ? { parsed: parsed, json_start_pos: json_start_pos, json_last_pos: cursor } : parsed;
161
+ } catch (e) {
162
+ // Throw it again, so that our function works just like JSON.parse() in its behaviour.
163
+ throw e;
164
+ }
165
+ }
166
+ }
167
+
168
+ throw "AIOS: could not parse the JSON";
169
+
170
+ }
171
+
172
+ jQuery(function($) {
173
  //Add Generic Admin Dashboard JS Code in this file
174
 
175
  //Media Uploader - start
languages/all-in-one-wp-security-and-firewall-de_DE.po CHANGED
@@ -234,7 +234,7 @@ msgstr ""
234
 
235
  #: admin/wp-security-blacklist-menu.php:145
236
  #@ all-in-one-wp-security-and-firewall
237
- msgid "By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server."
238
  msgstr ""
239
 
240
  #: admin/wp-security-blacklist-menu.php:151
@@ -479,7 +479,7 @@ msgstr ""
479
 
480
  #: admin/wp-security-brute-force-menu.php:217
481
  #@ all-in-one-wp-security-and-firewall
482
- msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!"
483
  msgstr ""
484
 
485
  #: admin/wp-security-brute-force-menu.php:236
@@ -794,7 +794,7 @@ msgstr ""
794
 
795
  #: admin/wp-security-brute-force-menu.php:621
796
  #@ all-in-one-wp-security-and-firewall
797
- msgid "By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
798
  msgstr ""
799
 
800
  #: admin/wp-security-brute-force-menu.php:628
234
 
235
  #: admin/wp-security-blacklist-menu.php:145
236
  #@ all-in-one-wp-security-and-firewall
237
+ msgid "By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server."
238
  msgstr ""
239
 
240
  #: admin/wp-security-blacklist-menu.php:151
479
 
480
  #: admin/wp-security-brute-force-menu.php:217
481
  #@ all-in-one-wp-security-and-firewall
482
+ msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only."
483
  msgstr ""
484
 
485
  #: admin/wp-security-brute-force-menu.php:236
794
 
795
  #: admin/wp-security-brute-force-menu.php:621
796
  #@ all-in-one-wp-security-and-firewall
797
+ msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
798
  msgstr ""
799
 
800
  #: admin/wp-security-brute-force-menu.php:628
languages/all-in-one-wp-security-and-firewall-fr_FR.po CHANGED
@@ -139,7 +139,7 @@ msgstr ""
139
 
140
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
141
  msgid ""
142
- "By blocking people via the .htaccess file your are using the most secure "
143
  "first line of defence which denies all access to blacklisted visitors as "
144
  "soon as they hit your hosting server."
145
  msgstr ""
139
 
140
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
141
  msgid ""
142
+ "By blocking people your are using the most secure "
143
  "first line of defence which denies all access to blacklisted visitors as "
144
  "soon as they hit your hosting server."
145
  msgstr ""
languages/all-in-one-wp-security-and-firewall-hu_HU.po CHANGED
@@ -121,7 +121,7 @@ msgstr ""
121
 
122
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
123
  msgid ""
124
- "By blocking people via the .htaccess file your are using the most secure "
125
  "first line of defence which denies all access to blacklisted visitors as "
126
  "soon as they hit your hosting server."
127
  msgstr ""
121
 
122
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
123
  msgid ""
124
+ "By blocking people your are using the most secure "
125
  "first line of defence which denies all access to blacklisted visitors as "
126
  "soon as they hit your hosting server."
127
  msgstr ""
languages/all-in-one-wp-security-and-firewall-ko_KR.po CHANGED
@@ -169,7 +169,7 @@ msgstr "플러그인은 .htaccess 파일을 적절하게 수정하여 이를 달
169
  # @ all-in-one-wp-security-and-firewall
170
  #: admin/wp-security-blacklist-menu.php:149
171
  msgid ""
172
- "By blocking people via the .htaccess file your are using the most secure "
173
  "first line of defence which denies all access to blacklisted visitors as "
174
  "soon as they hit your hosting server."
175
  msgstr ""
169
  # @ all-in-one-wp-security-and-firewall
170
  #: admin/wp-security-blacklist-menu.php:149
171
  msgid ""
172
+ "By blocking people your are using the most secure "
173
  "first line of defence which denies all access to blacklisted visitors as "
174
  "soon as they hit your hosting server."
175
  msgstr ""
languages/all-in-one-wp-security-and-firewall-nl_NL.po CHANGED
@@ -250,8 +250,8 @@ msgid "IP Retrieval Settings"
250
  msgstr "IP informatie-instellingen"
251
 
252
  #: admin/wp-security-settings-menu.php:728
253
- msgid "Nonce check failed for save advanced settings!"
254
- msgstr "Nonce check mislukt voor het opslaan van geavanceerde instellingen!"
255
 
256
  #: admin/wp-security-spam-menu.php:543
257
  msgid "Check this if you want to insert a captcha field on the BBPress new topic forms"
@@ -4522,7 +4522,7 @@ msgid "Attention: If in addition to enabling the white list feature, you also ha
4522
  msgstr "Attentie: Als je naast het gebruiken van de white-list optie je ook %s of %s gebruikt, <strong>zal je nog steeds je geheime woord of eigen slug moeten gebruiken om je WordPress inlogpagina te bezoeken</strong>."
4523
 
4524
  #: admin/wp-security-brute-force-menu.php:762
4525
- msgid "By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
4526
  msgstr "Door IP-adressen toe te staan of te blokkeren via het .htaccess-bestand maak je gebruik van de beste beschermingsmogelijkheid omdat inloggen alleen toegestaan is voor toegestane IP-adressen en andere adressen geblokkeerd worden zodra ze jouw loginpagina proberen te bereiken."
4527
 
4528
  #: admin/wp-security-brute-force-menu.php:761
@@ -4652,7 +4652,7 @@ msgid "The plugin achieves this by making appropriate modifications to your .hta
4652
  msgstr "De plugin bereikt dit door het maken van passende wijzigingen aan uw .htaccess-bestand."
4653
 
4654
  #: admin/wp-security-blacklist-menu.php:152
4655
- msgid "By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server."
4656
  msgstr "Door mensen via het. htaccess-bestand te blokkeren gebruikt u de veiligste eerste lijn van defensie, die alle toegang voor bezoekers die op de zwarte lijst staan blokkeert zodra zij uw server benaderen."
4657
 
4658
  #: admin/wp-security-blacklist-menu.php:190
@@ -4697,8 +4697,8 @@ msgid "Enter a string which will represent your secure login page slug. You are
4697
  msgstr "Voer een string in die je beveiligde loginpagina slug zal representeren. U wordt aangeraden iets te kiezen wat moeilijk te raden is en alleen u zich zult herinneren."
4698
 
4699
  #: admin/wp-security-brute-force-menu.php:257
4700
- msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!"
4701
- msgstr "Instellingen niet opgeslagen - uw geheime woord mag alleen bestaan uit alfanumerieke tekens, dat wil zeggen, letters en/of cijfers!"
4702
 
4703
  #: admin/wp-security-brute-force-menu.php:277
4704
  msgid "From now on you will need to log into your WP Admin using the following URL:"
250
  msgstr "IP informatie-instellingen"
251
 
252
  #: admin/wp-security-settings-menu.php:728
253
+ msgid "Nonce check failed for save advanced settings."
254
+ msgstr "Nonce check mislukt voor het opslaan van geavanceerde instellingen."
255
 
256
  #: admin/wp-security-spam-menu.php:543
257
  msgid "Check this if you want to insert a captcha field on the BBPress new topic forms"
4522
  msgstr "Attentie: Als je naast het gebruiken van de white-list optie je ook %s of %s gebruikt, <strong>zal je nog steeds je geheime woord of eigen slug moeten gebruiken om je WordPress inlogpagina te bezoeken</strong>."
4523
 
4524
  #: admin/wp-security-brute-force-menu.php:762
4525
+ msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
4526
  msgstr "Door IP-adressen toe te staan of te blokkeren via het .htaccess-bestand maak je gebruik van de beste beschermingsmogelijkheid omdat inloggen alleen toegestaan is voor toegestane IP-adressen en andere adressen geblokkeerd worden zodra ze jouw loginpagina proberen te bereiken."
4527
 
4528
  #: admin/wp-security-brute-force-menu.php:761
4652
  msgstr "De plugin bereikt dit door het maken van passende wijzigingen aan uw .htaccess-bestand."
4653
 
4654
  #: admin/wp-security-blacklist-menu.php:152
4655
+ msgid "By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server."
4656
  msgstr "Door mensen via het. htaccess-bestand te blokkeren gebruikt u de veiligste eerste lijn van defensie, die alle toegang voor bezoekers die op de zwarte lijst staan blokkeert zodra zij uw server benaderen."
4657
 
4658
  #: admin/wp-security-blacklist-menu.php:190
4697
  msgstr "Voer een string in die je beveiligde loginpagina slug zal representeren. U wordt aangeraden iets te kiezen wat moeilijk te raden is en alleen u zich zult herinneren."
4698
 
4699
  #: admin/wp-security-brute-force-menu.php:257
4700
+ msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only."
4701
+ msgstr "Instellingen niet opgeslagen - uw geheime woord mag alleen bestaan uit alfanumerieke tekens, dat wil zeggen, letters en/of cijfers."
4702
 
4703
  #: admin/wp-security-brute-force-menu.php:277
4704
  msgid "From now on you will need to log into your WP Admin using the following URL:"
languages/all-in-one-wp-security-and-firewall-pl_PL.po CHANGED
@@ -231,7 +231,7 @@ msgstr ""
231
 
232
  # @ all-in-one-wp-security-and-firewall
233
  #: admin/wp-security-blacklist-menu.php:145
234
- msgid "By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server."
235
  msgstr ""
236
 
237
  # @ all-in-one-wp-security-and-firewall
@@ -473,7 +473,7 @@ msgstr ""
473
 
474
  # @ all-in-one-wp-security-and-firewall
475
  #: admin/wp-security-brute-force-menu.php:217
476
- msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!"
477
  msgstr ""
478
 
479
  # @ all-in-one-wp-security-and-firewall
@@ -787,7 +787,7 @@ msgstr ""
787
 
788
  # @ all-in-one-wp-security-and-firewall
789
  #: admin/wp-security-brute-force-menu.php:621
790
- msgid "By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
791
  msgstr ""
792
 
793
  # @ all-in-one-wp-security-and-firewall
231
 
232
  # @ all-in-one-wp-security-and-firewall
233
  #: admin/wp-security-blacklist-menu.php:145
234
+ msgid "By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server."
235
  msgstr ""
236
 
237
  # @ all-in-one-wp-security-and-firewall
473
 
474
  # @ all-in-one-wp-security-and-firewall
475
  #: admin/wp-security-brute-force-menu.php:217
476
+ msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only."
477
  msgstr ""
478
 
479
  # @ all-in-one-wp-security-and-firewall
787
 
788
  # @ all-in-one-wp-security-and-firewall
789
  #: admin/wp-security-brute-force-menu.php:621
790
+ msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
791
  msgstr ""
792
 
793
  # @ all-in-one-wp-security-and-firewall
languages/all-in-one-wp-security-and-firewall-pt_BR.po CHANGED
@@ -177,7 +177,7 @@ msgid "The plugin achieves this by making appropriate modifications to your .hta
177
  msgstr "O plugin consegue isso fazendo modificações apropriadas ao seu arquivo .htaccess."
178
 
179
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-blacklist-menu.php:149
180
- msgid "By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server."
181
  msgstr "Ao bloquear as pessoas através do arquivo .htaccess você está usando a primeira linha mais seguro de defesa que nega todo o acesso a visitantes na lista negra, assim que atingirem o seu servidor de hospedagem."
182
 
183
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-blacklist-menu.php:155
@@ -399,8 +399,8 @@ msgid "Enter a string which will represent your secure login page slug. You are
399
  msgstr "Digite uma sequência de caracteres que irá representar sua lesma/apelido da página de login seguro. Você é incentivado a escolher algo que é difícil de adivinhar e só você vai se lembrar."
400
 
401
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:226
402
- msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!"
403
- msgstr "Configurações não foram salvas - sua palavra secreta deve consistir apenas de caracteres alfanuméricos, ou seja, letras e/ou números apenas!"
404
 
405
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:245
406
  msgid "You have successfully enabled the cookie based brute force prevention feature"
@@ -666,7 +666,7 @@ msgid "The plugin achieves this by writing the appropriate directives to your .h
666
  msgstr "O plugin consegue isso por escrito as diretivas apropriadas para o seu arquivo .htaccess."
667
 
668
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:649
669
- msgid "By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
670
  msgstr "Ao permitir / bloquear endereços IP via arquivo .htaccess você está usando a primeira linha mais seguro de defesa porque o acesso de login será concedido somente a endereços IP autorizados na lista branca e outros endereços serão bloqueadas assim que eles tentam acessar a página de login."
671
 
672
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:657
177
  msgstr "O plugin consegue isso fazendo modificações apropriadas ao seu arquivo .htaccess."
178
 
179
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-blacklist-menu.php:149
180
+ msgid "By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server."
181
  msgstr "Ao bloquear as pessoas através do arquivo .htaccess você está usando a primeira linha mais seguro de defesa que nega todo o acesso a visitantes na lista negra, assim que atingirem o seu servidor de hospedagem."
182
 
183
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-blacklist-menu.php:155
399
  msgstr "Digite uma sequência de caracteres que irá representar sua lesma/apelido da página de login seguro. Você é incentivado a escolher algo que é difícil de adivinhar e só você vai se lembrar."
400
 
401
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:226
402
+ msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only."
403
+ msgstr "Configurações não foram salvas - sua palavra secreta deve consistir apenas de caracteres alfanuméricos, ou seja, letras e/ou números apenas."
404
 
405
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:245
406
  msgid "You have successfully enabled the cookie based brute force prevention feature"
666
  msgstr "O plugin consegue isso por escrito as diretivas apropriadas para o seu arquivo .htaccess."
667
 
668
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:649
669
+ msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
670
  msgstr "Ao permitir / bloquear endereços IP via arquivo .htaccess você está usando a primeira linha mais seguro de defesa porque o acesso de login será concedido somente a endereços IP autorizados na lista branca e outros endereços serão bloqueadas assim que eles tentam acessar a página de login."
671
 
672
  #: ../../plugins/all-in-one-wp-security-and-firewall/admin/wp-security-brute-force-menu.php:657
languages/all-in-one-wp-security-and-firewall-ru_RU.po CHANGED
@@ -138,7 +138,7 @@ msgstr ""
138
 
139
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
140
  msgid ""
141
- "By blocking people via the .htaccess file your are using the most secure "
142
  "first line of defence which denies all access to blacklisted visitors as "
143
  "soon as they hit your hosting server."
144
  msgstr ""
138
 
139
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
140
  msgid ""
141
+ "By blocking people your are using the most secure "
142
  "first line of defence which denies all access to blacklisted visitors as "
143
  "soon as they hit your hosting server."
144
  msgstr ""
languages/all-in-one-wp-security-and-firewall-sv_SE.po CHANGED
@@ -130,7 +130,7 @@ msgstr ""
130
 
131
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
132
  msgid ""
133
- "By blocking people via the .htaccess file your are using the most secure "
134
  "first line of defence which denies all access to blacklisted visitors as "
135
  "soon as they hit your hosting server."
136
  msgstr ""
130
 
131
  #: all-in-one-wp-security/admin/wp-security-blacklist-menu.php:145
132
  msgid ""
133
+ "By blocking people your are using the most secure "
134
  "first line of defence which denies all access to blacklisted visitors as "
135
  "soon as they hit your hosting server."
136
  msgstr ""
languages/all-in-one-wp-security-and-firewall-zh_CN.po CHANGED
@@ -166,7 +166,7 @@ msgstr ""
166
  # @ all-in-one-wp-security-and-firewall
167
  #: admin/wp-security-blacklist-menu.php:149
168
  msgid ""
169
- "By blocking people via the .htaccess file your are using the most secure "
170
  "first line of defence which denies all access to blacklisted visitors as "
171
  "soon as they hit your hosting server."
172
  msgstr ""
166
  # @ all-in-one-wp-security-and-firewall
167
  #: admin/wp-security-blacklist-menu.php:149
168
  msgid ""
169
+ "By blocking people your are using the most secure "
170
  "first line of defence which denies all access to blacklisted visitors as "
171
  "soon as they hit your hosting server."
172
  msgstr ""
languages/all-in-one-wp-security-and-firewall.pot CHANGED
@@ -32,71 +32,75 @@ msgstr ""
32
  msgid "Nonce check failed for export 404 event logs to CSV!"
33
  msgstr ""
34
 
35
- #: src/admin/wp-security-admin-init.php:271
 
 
 
 
36
  msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
37
  msgstr ""
38
 
39
- #: src/admin/wp-security-admin-init.php:402, src/admin/wp-security-admin-init.php:402, src/classes/wp-security-two-factor-login.php:96, src/classes/wp-security-two-factor-login.php:96
40
  msgid "WP Security"
41
  msgstr ""
42
 
43
- #: src/admin/wp-security-admin-init.php:403, src/admin/wp-security-admin-init.php:403, src/admin/wp-security-dashboard-menu.php:27, src/admin/wp-security-dashboard-menu.php:55
44
  msgid "Dashboard"
45
  msgstr ""
46
 
47
- #: src/admin/wp-security-admin-init.php:404, src/admin/wp-security-admin-init.php:404, src/admin/wp-security-settings-menu.php:83
48
  msgid "Settings"
49
  msgstr ""
50
 
51
- #: src/admin/wp-security-admin-init.php:405, src/admin/wp-security-admin-init.php:405, src/admin/wp-security-user-accounts-menu.php:60
52
  msgid "User Accounts"
53
  msgstr ""
54
 
55
- #: src/admin/wp-security-admin-init.php:406, src/admin/wp-security-admin-init.php:406, src/admin/wp-security-user-login-menu.php:59
56
  msgid "User Login"
57
  msgstr ""
58
 
59
- #: src/admin/wp-security-admin-init.php:407, src/admin/wp-security-admin-init.php:407, src/admin/wp-security-user-registration-menu.php:55
60
  msgid "User Registration"
61
  msgstr ""
62
 
63
- #: src/admin/wp-security-admin-init.php:408, src/admin/wp-security-admin-init.php:408, src/admin/wp-security-database-menu.php:119
64
  msgid "Database Security"
65
  msgstr ""
66
 
67
- #: src/admin/wp-security-admin-init.php:412, src/admin/wp-security-admin-init.php:412, src/admin/wp-security-filesystem-menu.php:55
68
  msgid "Filesystem Security"
69
  msgstr ""
70
 
71
- #: src/admin/wp-security-admin-init.php:417, src/admin/wp-security-admin-init.php:417, src/admin/wp-security-blacklist-menu.php:51
72
  msgid "Blacklist Manager"
73
  msgstr ""
74
 
75
- #: src/admin/wp-security-admin-init.php:422, src/admin/wp-security-admin-init.php:422, src/admin/wp-security-firewall-menu.php:60
76
  msgid "Firewall"
77
  msgstr ""
78
 
79
- #: src/admin/wp-security-admin-init.php:424, src/admin/wp-security-admin-init.php:424, src/admin/wp-security-brute-force-menu.php:68
80
  msgid "Brute Force"
81
  msgstr ""
82
 
83
- #: src/admin/wp-security-admin-init.php:425, src/admin/wp-security-admin-init.php:425, src/admin/wp-security-spam-menu.php:57
84
  msgid "SPAM Prevention"
85
  msgstr ""
86
 
87
- #: src/admin/wp-security-admin-init.php:429, src/admin/wp-security-admin-init.php:429, src/admin/wp-security-filescan-menu.php:53
88
  msgid "Scanner"
89
  msgstr ""
90
 
91
- #: src/admin/wp-security-admin-init.php:431, src/admin/wp-security-admin-init.php:431, src/admin/wp-security-maintenance-menu.php:51
92
  msgid "Maintenance"
93
  msgstr ""
94
 
95
- #: src/admin/wp-security-admin-init.php:432, src/admin/wp-security-admin-init.php:432, src/admin/wp-security-misc-options-menu.php:57
96
  msgid "Miscellaneous"
97
  msgstr ""
98
 
99
- #: src/admin/wp-security-admin-init.php:433, src/admin/wp-security-admin-init.php:433, src/admin/wp-security-tools-menu.php:64
100
  msgid "Tools"
101
  msgstr ""
102
 
@@ -120,7 +124,7 @@ msgstr ""
120
  msgid "Nonce check failed for save blacklist settings!"
121
  msgstr ""
122
 
123
- #: src/admin/wp-security-blacklist-menu.php:132, src/admin/wp-security-brute-force-menu.php:748, src/admin/wp-security-firewall-menu.php:1210, src/admin/wp-security-list-404.php:234, src/admin/wp-security-list-comment-spammer-ip.php:205, src/classes/wp-security-general-init-tasks.php:323
124
  msgid "The plugin was unable to write to the .htaccess file. Please edit file manually."
125
  msgstr ""
126
 
@@ -141,26 +145,26 @@ msgid "The plugin achieves this by making appropriate modifications to your .hta
141
  msgstr ""
142
 
143
  #: src/admin/wp-security-blacklist-menu.php:145
144
- msgid "By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server."
145
  msgstr ""
146
 
147
- #: src/admin/wp-security-blacklist-menu.php:154, src/admin/wp-security-firewall-menu.php:1042
148
  msgid "All In One WP Security & Firewall Premium"
149
  msgstr ""
150
 
151
- #: src/admin/wp-security-blacklist-menu.php:155, src/admin/wp-security-firewall-menu.php:1043
152
  msgid "You may also be interested in %s."
153
  msgstr ""
154
 
155
- #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1044
156
  msgid "This plugin adds a number of extra features including %s and %s."
157
  msgstr ""
158
 
159
- #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1044
160
  msgid "smart 404 blocking"
161
  msgstr ""
162
 
163
- #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1044
164
  msgid "country IP blocking"
165
  msgstr ""
166
 
@@ -168,7 +172,7 @@ msgstr ""
168
  msgid "IP Hosts and User Agent Blacklist Settings"
169
  msgstr ""
170
 
171
- #: src/admin/wp-security-blacklist-menu.php:179, src/admin/wp-security-brute-force-menu.php:194, src/admin/wp-security-brute-force-menu.php:331
172
  msgid "must read this message"
173
  msgstr ""
174
 
@@ -200,7 +204,7 @@ msgstr ""
200
  msgid "Enter one or more user agent strings."
201
  msgstr ""
202
 
203
- #: src/admin/wp-security-blacklist-menu.php:208, src/admin/wp-security-brute-force-menu.php:374, src/admin/wp-security-brute-force-menu.php:408, src/admin/wp-security-brute-force-menu.php:431, src/admin/wp-security-brute-force-menu.php:452, src/admin/wp-security-filescan-menu.php:311, src/admin/wp-security-filescan-menu.php:328, src/admin/wp-security-firewall-menu.php:175, src/admin/wp-security-firewall-menu.php:212, src/admin/wp-security-firewall-menu.php:232, src/admin/wp-security-firewall-menu.php:258, src/admin/wp-security-firewall-menu.php:385, src/admin/wp-security-firewall-menu.php:415, src/admin/wp-security-firewall-menu.php:446, src/admin/wp-security-firewall-menu.php:474, src/admin/wp-security-firewall-menu.php:503, src/admin/wp-security-firewall-menu.php:681, src/admin/wp-security-firewall-menu.php:699, src/admin/wp-security-firewall-menu.php:853, src/admin/wp-security-firewall-menu.php:1071, src/admin/wp-security-firewall-menu.php:1094, src/admin/wp-security-spam-menu.php:185, src/admin/wp-security-spam-menu.php:396, src/admin/wp-security-spam-menu.php:438, src/admin/wp-security-user-login-menu.php:358, src/templates/info/ip-address-ip-range-info.php:2
204
  msgid "More Info"
205
  msgstr ""
206
 
@@ -216,11 +220,11 @@ msgstr ""
216
  msgid "Example 2 - A list of more than 1 user agent strings to block"
217
  msgstr ""
218
 
219
- #: src/admin/wp-security-blacklist-menu.php:222, src/admin/wp-security-brute-force-menu.php:214, src/admin/wp-security-brute-force-menu.php:684, src/admin/wp-security-brute-force-menu.php:810, src/admin/wp-security-brute-force-menu.php:872, src/admin/wp-security-filescan-menu.php:355, src/admin/wp-security-filesystem-menu.php:242, src/admin/wp-security-firewall-menu.php:930, src/admin/wp-security-firewall-menu.php:1113, src/admin/wp-security-misc-options-menu.php:167, src/admin/wp-security-misc-options-menu.php:218, src/admin/wp-security-misc-options-menu.php:278, src/admin/wp-security-settings-menu.php:608, src/admin/wp-security-settings-menu.php:669, src/admin/wp-security-spam-menu.php:234, src/admin/wp-security-spam-menu.php:413, src/admin/wp-security-spam-menu.php:534, src/admin/wp-security-spam-menu.php:596, src/admin/wp-security-user-login-menu.php:379, src/admin/wp-security-user-login-menu.php:415, src/admin/wp-security-user-login-menu.php:598, src/admin/wp-security-user-login-menu.php:786, src/admin/wp-security-user-registration-menu.php:150, src/admin/wp-security-user-registration-menu.php:243, src/admin/wp-security-user-registration-menu.php:306
220
  msgid "Save Settings"
221
  msgstr ""
222
 
223
- #: src/admin/wp-security-brute-force-menu.php:33, src/admin/wp-security-brute-force-menu.php:768, src/admin/wp-security-dashboard-menu.php:617
224
  msgid "Rename Login Page"
225
  msgstr ""
226
 
@@ -232,7 +236,7 @@ msgstr ""
232
  msgid "Login Captcha"
233
  msgstr ""
234
 
235
- #: src/admin/wp-security-brute-force-menu.php:36, src/admin/wp-security-brute-force-menu.php:755
236
  msgid "Login Whitelist"
237
  msgstr ""
238
 
@@ -252,7 +256,7 @@ msgstr ""
252
  msgid "You must use alpha numeric characters for your login page slug."
253
  msgstr ""
254
 
255
- #: src/admin/wp-security-brute-force-menu.php:117, src/admin/wp-security-filescan-menu.php:175, src/admin/wp-security-firewall-menu.php:997, src/admin/wp-security-spam-menu.php:101, src/admin/wp-security-spam-menu.php:274, src/admin/wp-security-spam-menu.php:308, src/admin/wp-security-user-login-menu.php:161, src/admin/wp-security-user-login-menu.php:551
256
  msgid "Attention!"
257
  msgstr ""
258
 
@@ -317,402 +321,398 @@ msgid "Enter a string which will represent your secure login page slug. You are
317
  msgstr ""
318
 
319
  #: src/admin/wp-security-brute-force-menu.php:244
320
- msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!"
321
  msgstr ""
322
 
323
- #: src/admin/wp-security-brute-force-menu.php:257
324
  msgid "You have successfully enabled the cookie based brute force prevention feature"
325
  msgstr ""
326
 
327
- #: src/admin/wp-security-brute-force-menu.php:258
328
  msgid "From now on you will need to log into your WP Admin using the following URL:"
329
  msgstr ""
330
 
331
- #: src/admin/wp-security-brute-force-menu.php:260
332
  msgid "It is important that you save this URL value somewhere in case you forget it, OR,"
333
  msgstr ""
334
 
335
- #: src/admin/wp-security-brute-force-menu.php:261
336
  msgid "simply remember to add a \"?%s=1\" to your current site URL address."
337
  msgstr ""
338
 
339
- #: src/admin/wp-security-brute-force-menu.php:265
340
  msgid "You have successfully saved cookie based brute force prevention feature settings."
341
  msgstr ""
342
 
343
- #: src/admin/wp-security-brute-force-menu.php:295
344
  msgid "Brute Force Prevention Firewall Settings"
345
  msgstr ""
346
 
347
- #: src/admin/wp-security-brute-force-menu.php:300
348
  msgid "A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination."
349
  msgstr ""
350
 
351
- #: src/admin/wp-security-brute-force-menu.php:301
352
  msgid "Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server's memory and performance."
353
  msgstr ""
354
 
355
- #: src/admin/wp-security-brute-force-menu.php:302
356
  msgid "The features in this tab will stop the majority of brute force login attacks thus providing even better protection for your WP login page."
357
  msgstr ""
358
 
359
- #: src/admin/wp-security-brute-force-menu.php:307, src/admin/wp-security-firewall-menu.php:654
360
  msgid "backup"
361
  msgstr ""
362
 
363
- #: src/admin/wp-security-brute-force-menu.php:308
364
  msgid "video tutorial"
365
  msgstr ""
366
 
367
- #: src/admin/wp-security-brute-force-menu.php:309
368
  msgid "To learn more about how to use this feature, please watch the following %s."
369
  msgstr ""
370
 
371
- #: src/admin/wp-security-brute-force-menu.php:310, src/admin/wp-security-brute-force-menu.php:767, src/admin/wp-security-user-login-menu.php:242
372
  msgid "Cookie-Based Brute Force Login Prevention"
373
  msgstr ""
374
 
375
- #: src/admin/wp-security-brute-force-menu.php:320
376
  msgid "Cookie Based Brute Force Login Prevention"
377
  msgstr ""
378
 
379
- #: src/admin/wp-security-brute-force-menu.php:331
380
  msgid "This feature can lock you out of admin if it doesn't work correctly on your site. You <a href=\"https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note\" target=\"_blank\">.__must read this message"
381
  msgstr ""
382
 
383
- #: src/admin/wp-security-brute-force-menu.php:342
384
  msgid "The cookie test was successful. You can now enable this feature."
385
  msgstr ""
386
 
387
- #: src/admin/wp-security-brute-force-menu.php:350
388
  msgid "The cookie test failed on this server. Consequently, this feature cannot be used on this site."
389
  msgstr ""
390
 
391
- #: src/admin/wp-security-brute-force-menu.php:357
392
  msgid "Before using this feature, you must perform a cookie test first."
393
  msgstr ""
394
 
395
- #: src/admin/wp-security-brute-force-menu.php:359
396
  msgid "This ensures that your browser cookie is working correctly and that you won't lock yourself out."
397
  msgstr ""
398
 
399
- #: src/admin/wp-security-brute-force-menu.php:364
400
  msgid "Perform cookie test"
401
  msgstr ""
402
 
403
- #: src/admin/wp-security-brute-force-menu.php:370
404
  msgid "Enable brute force attack prevention"
405
  msgstr ""
406
 
407
- #: src/admin/wp-security-brute-force-menu.php:373
408
  msgid "Check this if you want to protect your login page from Brute Force Attack."
409
  msgstr ""
410
 
411
- #: src/admin/wp-security-brute-force-menu.php:378
412
  msgid "This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser."
413
  msgstr ""
414
 
415
- #: src/admin/wp-security-brute-force-menu.php:380
416
  msgid "To use this feature do the following:"
417
  msgstr ""
418
 
419
- #: src/admin/wp-security-brute-force-menu.php:382
420
  msgid "1) Enable the checkbox."
421
  msgstr ""
422
 
423
- #: src/admin/wp-security-brute-force-menu.php:384
424
  msgid "2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below)."
425
  msgstr ""
426
 
427
- #: src/admin/wp-security-brute-force-menu.php:386
428
  msgid "3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page."
429
  msgstr ""
430
 
431
- #: src/admin/wp-security-brute-force-menu.php:388
432
  msgid "Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked."
433
  msgstr ""
434
 
435
- #: src/admin/wp-security-brute-force-menu.php:395
436
  msgid "Secret Word"
437
  msgstr ""
438
 
439
- #: src/admin/wp-security-brute-force-menu.php:397
440
  msgid "Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess."
441
  msgstr ""
442
 
443
- #: src/admin/wp-security-brute-force-menu.php:401
444
  msgid "Re-direct URL"
445
  msgstr ""
446
 
447
- #: src/admin/wp-security-brute-force-menu.php:405
448
  msgid "Specify a URL to redirect a hacker to when they try to access your WordPress login page."
449
  msgstr ""
450
 
451
- #: src/admin/wp-security-brute-force-menu.php:412
452
  msgid "The URL specified here can be any site's URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page."
453
  msgstr ""
454
 
455
- #: src/admin/wp-security-brute-force-menu.php:414
456
  msgid "This field will default to: http://127.0.0.1 if you do not enter a value."
457
  msgstr ""
458
 
459
- #: src/admin/wp-security-brute-force-menu.php:416
460
  msgid "Useful Tip:"
461
  msgstr ""
462
 
463
- #: src/admin/wp-security-brute-force-menu.php:418
464
  msgid "It's a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server."
465
  msgstr ""
466
 
467
- #: src/admin/wp-security-brute-force-menu.php:420
468
  msgid "Redirecting a hacker or malicious bot back to \"http://127.0.0.1\" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours."
469
  msgstr ""
470
 
471
- #: src/admin/wp-security-brute-force-menu.php:427
472
  msgid "My site has posts or pages which are password protected"
473
  msgstr ""
474
 
475
- #: src/admin/wp-security-brute-force-menu.php:430
476
  msgid "Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages."
477
  msgstr ""
478
 
479
- #: src/admin/wp-security-brute-force-menu.php:435
480
  msgid "In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added so that people trying to access pages are not automatically blocked."
481
  msgstr ""
482
 
483
- #: src/admin/wp-security-brute-force-menu.php:437
484
  msgid "By enabling this checkbox, the plugin will add the necessary rules and exceptions so that people trying to access these pages are not automatically blocked."
485
  msgstr ""
486
 
487
- #: src/admin/wp-security-brute-force-menu.php:439
488
  msgid "Helpful Tip:"
489
  msgstr ""
490
 
491
- #: src/admin/wp-security-brute-force-menu.php:441
492
  msgid "If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled."
493
  msgstr ""
494
 
495
- #: src/admin/wp-security-brute-force-menu.php:448
496
  msgid "My site has a theme or plugins which use AJAX"
497
  msgstr ""
498
 
499
- #: src/admin/wp-security-brute-force-menu.php:451
500
  msgid "Check this if your site uses AJAX functionality."
501
  msgstr ""
502
 
503
- #: src/admin/wp-security-brute-force-menu.php:456
504
  msgid "In the cases where your WordPress installation has a theme or plugin that uses AJAX, a few extra lines of directives and exceptions need to be added to prevent AJAX requests from being automatically blocked by the brute force prevention feature."
505
  msgstr ""
506
 
507
- #: src/admin/wp-security-brute-force-menu.php:458
508
  msgid "By enabling this checkbox, the plugin will add the necessary rules and exceptions so that AJAX operations will work as expected."
509
  msgstr ""
510
 
511
- #: src/admin/wp-security-brute-force-menu.php:467
512
  msgid "Save feature settings"
513
  msgstr ""
514
 
515
- #: src/admin/wp-security-brute-force-menu.php:525
516
  msgid "This feature allows you to add a captcha form on various WordPress login pages and forms."
517
  msgstr ""
518
 
519
- #: src/admin/wp-security-brute-force-menu.php:526
520
  msgid "Adding a captcha form on a login page or form is another effective yet simple \"Brute Force\" prevention technique."
521
  msgstr ""
522
 
523
- #: src/admin/wp-security-brute-force-menu.php:527
524
  msgid "You have the option of using either %s or a plain maths captcha form."
525
  msgstr ""
526
 
527
- #: src/admin/wp-security-brute-force-menu.php:528
528
  msgid "If you enable Google reCAPTCHA the reCAPTCHA widget will be displayed for all forms the captcha settings below."
529
  msgstr ""
530
 
531
- #: src/admin/wp-security-brute-force-menu.php:529
532
  msgid "If Google reCAPTCHA is disabled the simple maths captcha form will apply and users will need to enter the answer to a simple mathematical question."
533
  msgstr ""
534
 
535
- #: src/admin/wp-security-brute-force-menu.php:536
536
  msgid "Google reCAPTCHA Settings"
537
  msgstr ""
538
 
539
- #: src/admin/wp-security-brute-force-menu.php:541
540
  msgid "By enabling these settings the Google reCAPTCHA v2 widget will be applied by default for all forms with captcha enabled."
541
  msgstr ""
542
 
543
- #: src/admin/wp-security-brute-force-menu.php:550
544
  msgid "Recaptcha will not work because you have disabled login lockdown by acitvating the AIOWPS_DISABLE_LOGIN_LOCKDOWN constant value in a configuration file."
545
  msgstr ""
546
 
547
- #: src/admin/wp-security-brute-force-menu.php:551
548
  msgid "To enable it, define AIOWPS_DISABLE_LOGIN_LOCKDOWN constant value as false, or remove it."
549
  msgstr ""
550
 
551
- #: src/admin/wp-security-brute-force-menu.php:559
552
  msgid "Use Google reCAPTCHA as default"
553
  msgstr ""
554
 
555
- #: src/admin/wp-security-brute-force-menu.php:562
556
  msgid "Check this if you want to default to Google reCAPTCHA for all settings below. (If this is left unchecked, all captcha forms will revert to the plain maths captcha)"
557
  msgstr ""
558
 
559
- #: src/admin/wp-security-brute-force-menu.php:566
560
  msgid "Site Key"
561
  msgstr ""
562
 
563
- #: src/admin/wp-security-brute-force-menu.php:571
564
  msgid "Secret Key"
565
  msgstr ""
566
 
567
- #: src/admin/wp-security-brute-force-menu.php:578
568
  msgid "Login Form Captcha Settings"
569
  msgstr ""
570
 
571
- #: src/admin/wp-security-brute-force-menu.php:587
572
  msgid "Enable Captcha On Login Page"
573
  msgstr ""
574
 
575
- #: src/admin/wp-security-brute-force-menu.php:590
576
  msgid "Check this if you want to insert a captcha form on the login page"
577
  msgstr ""
578
 
579
- #: src/admin/wp-security-brute-force-menu.php:596
580
  msgid "Lost Password Form Captcha Settings"
581
  msgstr ""
582
 
583
- #: src/admin/wp-security-brute-force-menu.php:606
584
  msgid "Enable Captcha On Lost Password Page"
585
  msgstr ""
586
 
587
- #: src/admin/wp-security-brute-force-menu.php:609
588
  msgid "Check this if you want to insert a captcha form on the lost password page"
589
  msgstr ""
590
 
591
- #: src/admin/wp-security-brute-force-menu.php:615
592
  msgid "Custom Login Form Captcha Settings"
593
  msgstr ""
594
 
595
- #: src/admin/wp-security-brute-force-menu.php:624
596
  msgid "Enable Captcha On Custom Login Form"
597
  msgstr ""
598
 
599
- #: src/admin/wp-security-brute-force-menu.php:627
600
  msgid "Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()"
601
  msgstr ""
602
 
603
- #: src/admin/wp-security-brute-force-menu.php:637
604
  msgid "Woocommerce Forms Captcha Settings"
605
  msgstr ""
606
 
607
- #: src/admin/wp-security-brute-force-menu.php:646
608
  msgid "Enable Captcha On Woocommerce Login Form"
609
  msgstr ""
610
 
611
- #: src/admin/wp-security-brute-force-menu.php:649
612
  msgid "Check this if you want to insert captcha on a Woocommerce login form"
613
  msgstr ""
614
 
615
- #: src/admin/wp-security-brute-force-menu.php:659
616
  msgid "Enable Captcha On Woocommerce Lost Password Form"
617
  msgstr ""
618
 
619
- #: src/admin/wp-security-brute-force-menu.php:662
620
  msgid "Check this if you want to insert captcha on a Woocommerce lost password form"
621
  msgstr ""
622
 
623
- #: src/admin/wp-security-brute-force-menu.php:672
624
  msgid "Enable Captcha On Woocommerce Registration Form"
625
  msgstr ""
626
 
627
- #: src/admin/wp-security-brute-force-menu.php:675
628
  msgid "Check this if you want to insert captcha on a Woocommerce registration form"
629
  msgstr ""
630
 
631
- #: src/admin/wp-security-brute-force-menu.php:701
632
- msgid "Nonce check failed for save whitelist settings."
633
- msgstr ""
634
-
635
- #: src/admin/wp-security-brute-force-menu.php:758
636
  msgid "The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page."
637
  msgstr ""
638
 
639
- #: src/admin/wp-security-brute-force-menu.php:759
640
  msgid "This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below."
641
  msgstr ""
642
 
643
- #: src/admin/wp-security-brute-force-menu.php:760
644
  msgid "The plugin achieves this by writing the appropriate directives to your .htaccess file."
645
  msgstr ""
646
 
647
- #: src/admin/wp-security-brute-force-menu.php:761
648
- msgid "By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
649
  msgstr ""
650
 
651
- #: src/admin/wp-security-brute-force-menu.php:769
652
  msgid "Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>."
653
  msgstr ""
654
 
655
- #: src/admin/wp-security-brute-force-menu.php:770
656
  msgid "These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security."
657
  msgstr ""
658
 
659
- #: src/admin/wp-security-brute-force-menu.php:775
660
  msgid "Login IP Whitelist Settings"
661
  msgstr ""
662
 
663
- #: src/admin/wp-security-brute-force-menu.php:786
664
  msgid "Enable IP Whitelisting"
665
  msgstr ""
666
 
667
- #: src/admin/wp-security-brute-force-menu.php:789, src/admin/wp-security-user-login-menu.php:402
668
  msgid "Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below"
669
  msgstr ""
670
 
671
- #: src/admin/wp-security-brute-force-menu.php:793
672
  msgid "Your Current IP Address"
673
  msgstr ""
674
 
675
- #: src/admin/wp-security-brute-force-menu.php:796
676
  msgid "You can copy and paste this address in the text box below if you want to include it in your login whitelist."
677
  msgstr ""
678
 
679
- #: src/admin/wp-security-brute-force-menu.php:800, src/admin/wp-security-user-login-menu.php:406
680
  msgid "Enter Whitelisted IP Addresses:"
681
  msgstr ""
682
 
683
- #: src/admin/wp-security-brute-force-menu.php:804, src/admin/wp-security-user-login-menu.php:410
684
  msgid "Enter one or more IP addresses or IP ranges you wish to include in your whitelist."
685
  msgstr ""
686
 
687
- #: src/admin/wp-security-brute-force-menu.php:804
688
  msgid "Only the addresses specified here will have access to the WordPress login page."
689
  msgstr ""
690
 
691
- #: src/admin/wp-security-brute-force-menu.php:843
692
  msgid "This feature allows you to add a special hidden \"honeypot\" field on the WordPress login page. This will only be visible to robots and not humans."
693
  msgstr ""
694
 
695
- #: src/admin/wp-security-brute-force-menu.php:844
696
  msgid "Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field."
697
  msgstr ""
698
 
699
- #: src/admin/wp-security-brute-force-menu.php:845, src/admin/wp-security-user-registration-menu.php:279
700
  msgid "The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with."
701
  msgstr ""
702
 
703
- #: src/admin/wp-security-brute-force-menu.php:846
704
  msgid "Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1."
705
  msgstr ""
706
 
707
- #: src/admin/wp-security-brute-force-menu.php:852
708
  msgid "Login Form Honeypot Settings"
709
  msgstr ""
710
 
711
- #: src/admin/wp-security-brute-force-menu.php:863
712
  msgid "Enable Honeypot On Login Page"
713
  msgstr ""
714
 
715
- #: src/admin/wp-security-brute-force-menu.php:866
716
  msgid "Check this if you want to enable the honeypot feature for the login page"
717
  msgstr ""
718
 
@@ -744,7 +744,7 @@ msgstr ""
744
  msgid "This tab displays the list of all permanently blocked IP addresses."
745
  msgstr ""
746
 
747
- #: src/admin/wp-security-dashboard-menu.php:165, src/admin/wp-security-spam-menu.php:345
748
  msgid "NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress."
749
  msgstr ""
750
 
@@ -752,7 +752,7 @@ msgstr ""
752
  msgid "Permanently Blocked IP Addresses"
753
  msgstr ""
754
 
755
- #: src/admin/wp-security-dashboard-menu.php:183, src/admin/wp-security-firewall-menu.php:1128, src/admin/wp-security-user-login-menu.php:482, src/admin/wp-security-user-login-menu.php:639, src/admin/wp-security-user-registration-menu.php:164
756
  msgid "Search"
757
  msgstr ""
758
 
@@ -1054,7 +1054,7 @@ msgstr ""
1054
  msgid "Your WordPress system has a total of %s tables and your new DB prefix will be: %s"
1055
  msgstr ""
1056
 
1057
- #: src/admin/wp-security-database-menu.php:324, src/classes/wp-security-utility.php:288
1058
  msgid "Failed to make a backup of the wp-config.php file. This operation will not go ahead."
1059
  msgstr ""
1060
 
@@ -1398,7 +1398,7 @@ msgstr ""
1398
  msgid "The following files were added to your host."
1399
  msgstr ""
1400
 
1401
- #: src/admin/wp-security-filescan-menu.php:423, src/admin/wp-security-filescan-menu.php:444, src/admin/wp-security-filescan-menu.php:468, src/admin/wp-security-settings-menu.php:25, src/admin/wp-security-settings-menu.php:29
1402
  msgid "File"
1403
  msgstr ""
1404
 
@@ -1538,7 +1538,7 @@ msgstr ""
1538
  msgid "You have successfully saved the Prevent Access to Default WP Files configuration."
1539
  msgstr ""
1540
 
1541
- #: src/admin/wp-security-filesystem-menu.php:286, src/admin/wp-security-firewall-menu.php:126, src/admin/wp-security-firewall-menu.php:346, src/admin/wp-security-firewall-menu.php:613, src/admin/wp-security-firewall-menu.php:897, src/admin/wp-security-settings-menu.php:761, src/admin/wp-security-spam-menu.php:124
1542
  msgid "Could not write to the .htaccess file. Please check the file permissions."
1543
  msgstr ""
1544
 
@@ -1654,11 +1654,11 @@ msgstr ""
1654
  msgid "Custom Rules"
1655
  msgstr ""
1656
 
1657
- #: src/admin/wp-security-firewall-menu.php:122, src/admin/wp-security-firewall-menu.php:893, src/admin/wp-security-spam-menu.php:120, src/admin/wp-security-spam-menu.php:502, src/admin/wp-security-spam-menu.php:564, src/admin/wp-security-user-registration-menu.php:95
1658
  msgid "Settings were successfully saved"
1659
  msgstr ""
1660
 
1661
- #: src/admin/wp-security-firewall-menu.php:131, src/admin/wp-security-firewall-menu.php:651
1662
  msgid "Firewall Settings"
1663
  msgstr ""
1664
 
@@ -1966,431 +1966,455 @@ msgstr ""
1966
  msgid "Save Additional Firewall Settings"
1967
  msgstr ""
1968
 
1969
- #: src/admin/wp-security-firewall-menu.php:609
1970
  msgid "You have successfully saved the 5G/6G Firewall Protection configuration"
1971
  msgstr ""
1972
 
1973
- #: src/admin/wp-security-firewall-menu.php:633
1974
  msgid "All in One WP Security and Firewall"
1975
  msgstr ""
1976
 
1977
- #: src/admin/wp-security-firewall-menu.php:634
1978
  msgid "We were unable to access the firewall's configuration file:"
1979
  msgstr ""
1980
 
1981
- #: src/admin/wp-security-firewall-menu.php:636
1982
  msgid "As a result, the firewall will be unavailable."
1983
  msgstr ""
1984
 
1985
- #: src/admin/wp-security-firewall-menu.php:637
1986
  msgid "Please check your PHP error log for further information."
1987
  msgstr ""
1988
 
1989
- #: src/admin/wp-security-firewall-menu.php:638
1990
  msgid "If you're unable to locate your PHP log file, please contact your web hosting company to ask them where it can be found on their setup."
1991
  msgstr ""
1992
 
1993
- #: src/admin/wp-security-firewall-menu.php:655
1994
  msgid "This feature allows you to activate the %s (or legacy %s) firewall security protection rules designed and produced by %s."
1995
  msgstr ""
1996
 
1997
- #: src/admin/wp-security-firewall-menu.php:656
1998
  msgid "The 6G Blacklist is updated and improved version of 5G Blacklist. If you have 5G Blacklist active, you might consider activating 6G Blacklist instead."
1999
  msgstr ""
2000
 
2001
- #: src/admin/wp-security-firewall-menu.php:657
2002
  msgid "The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website."
2003
  msgstr ""
2004
 
2005
- #: src/admin/wp-security-firewall-menu.php:658
2006
  msgid "The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar."
2007
  msgstr ""
2008
 
2009
- #: src/admin/wp-security-firewall-menu.php:659
2010
  msgid "Therefore the 6G firewall rules should not have any impact on your site's general functionality but if you wish you can take a %s of your .htaccess file before proceeding."
2011
  msgstr ""
2012
 
2013
- #: src/admin/wp-security-firewall-menu.php:665
2014
  msgid "6G Blacklist/Firewall Settings"
2015
  msgstr ""
2016
 
2017
- #: src/admin/wp-security-firewall-menu.php:677
2018
  msgid "Enable 6G Firewall Protection"
2019
  msgstr ""
2020
 
2021
- #: src/admin/wp-security-firewall-menu.php:680
2022
  msgid "Check this if you want to apply the 6G Blacklist firewall protection from perishablepress.com to your site."
2023
  msgstr ""
2024
 
2025
- #: src/admin/wp-security-firewall-menu.php:684
2026
  msgid "This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:"
2027
  msgstr ""
2028
 
2029
- #: src/admin/wp-security-firewall-menu.php:685, src/admin/wp-security-firewall-menu.php:703
2030
  msgid "1) Block forbidden characters commonly used in exploitative attacks."
2031
  msgstr ""
2032
 
2033
- #: src/admin/wp-security-firewall-menu.php:686, src/admin/wp-security-firewall-menu.php:704
2034
  msgid "2) Block malicious encoded URL characters such as the \".css(\" string."
2035
  msgstr ""
2036
 
2037
- #: src/admin/wp-security-firewall-menu.php:687, src/admin/wp-security-firewall-menu.php:705
2038
  msgid "3) Guard against the common patterns and specific exploits in the root portion of targeted URLs."
2039
  msgstr ""
2040
 
2041
- #: src/admin/wp-security-firewall-menu.php:688, src/admin/wp-security-firewall-menu.php:706
2042
  msgid "4) Stop attackers from manipulating query strings by disallowing illicit characters."
2043
  msgstr ""
2044
 
2045
- #: src/admin/wp-security-firewall-menu.php:689, src/admin/wp-security-firewall-menu.php:707
2046
  msgid "....and much more."
2047
  msgstr ""
2048
 
2049
- #: src/admin/wp-security-firewall-menu.php:695
2050
  msgid "Enable legacy 5G Firewall Protection"
2051
  msgstr ""
2052
 
2053
- #: src/admin/wp-security-firewall-menu.php:698
2054
  msgid "Check this if you want to apply the 5G Blacklist firewall protection from perishablepress.com to your site."
2055
  msgstr ""
2056
 
2057
- #: src/admin/wp-security-firewall-menu.php:702
2058
  msgid "This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:"
2059
  msgstr ""
2060
 
2061
- #: src/admin/wp-security-firewall-menu.php:713
2062
  msgid "Save 5G/6G Firewall Settings"
2063
  msgstr ""
2064
 
2065
- #: src/admin/wp-security-firewall-menu.php:721
2066
  msgid "6G block request methods"
2067
  msgstr ""
2068
 
2069
- #: src/admin/wp-security-firewall-menu.php:726
 
 
 
 
 
 
 
 
2070
  msgid "Block %s method"
2071
  msgstr ""
2072
 
2073
- #: src/admin/wp-security-firewall-menu.php:729
2074
  msgid "Check this to block the %s request method"
2075
  msgstr ""
2076
 
2077
- #: src/admin/wp-security-firewall-menu.php:734
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2078
  msgid "Save request methods settings"
2079
  msgstr ""
2080
 
2081
- #: src/admin/wp-security-firewall-menu.php:742
2082
  msgid "6G other settings"
2083
  msgstr ""
2084
 
2085
- #: src/admin/wp-security-firewall-menu.php:746
2086
  msgid "Block query strings"
2087
  msgstr ""
2088
 
2089
- #: src/admin/wp-security-firewall-menu.php:749
2090
  msgid "Check this to block all query strings recommended by 6G"
2091
  msgstr ""
2092
 
2093
- #: src/admin/wp-security-firewall-menu.php:753
2094
  msgid "Block request strings"
2095
  msgstr ""
2096
 
2097
- #: src/admin/wp-security-firewall-menu.php:756
2098
  msgid "Check this to block all request strings recommended by 6G"
2099
  msgstr ""
2100
 
2101
- #: src/admin/wp-security-firewall-menu.php:760
2102
  msgid "Block referrers"
2103
  msgstr ""
2104
 
2105
- #: src/admin/wp-security-firewall-menu.php:763
2106
  msgid "Check this to block all referrers recommended by 6G"
2107
  msgstr ""
2108
 
2109
- #: src/admin/wp-security-firewall-menu.php:767
2110
  msgid "Block user-agents"
2111
  msgstr ""
2112
 
2113
- #: src/admin/wp-security-firewall-menu.php:770
2114
  msgid "Check this to block all user-agents recommended by 6G"
2115
  msgstr ""
2116
 
2117
- #: src/admin/wp-security-firewall-menu.php:774
2118
  msgid "Save other settings"
2119
  msgstr ""
2120
 
2121
- #: src/admin/wp-security-firewall-menu.php:808
2122
  msgid "The Internet bot settings were successfully saved"
2123
  msgstr ""
2124
 
2125
- #: src/admin/wp-security-firewall-menu.php:812
2126
  msgid "Internet Bot Settings"
2127
  msgstr ""
2128
 
2129
- #: src/admin/wp-security-firewall-menu.php:818
2130
  msgid "What is an Internet Bot"
2131
  msgstr ""
2132
 
2133
- #: src/admin/wp-security-firewall-menu.php:819
2134
  msgid "%s?"
2135
  msgstr ""
2136
 
2137
- #: src/admin/wp-security-firewall-menu.php:821
2138
  msgid "A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task."
2139
  msgstr ""
2140
 
2141
- #: src/admin/wp-security-firewall-menu.php:822
2142
  msgid "A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as \"Googlebot\" but in reality they have nohing to do with Google at all."
2143
  msgstr ""
2144
 
2145
- #: src/admin/wp-security-firewall-menu.php:823
2146
  msgid "Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site."
2147
  msgstr ""
2148
 
2149
- #: src/admin/wp-security-firewall-menu.php:824
2150
  msgid "This feature allows you to block bots which are impersonating as a Googlebot but actually aren't. (In other words they are fake Google bots)"
2151
  msgstr ""
2152
 
2153
- #: src/admin/wp-security-firewall-menu.php:825
2154
  msgid "Googlebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site's pages."
2155
  msgstr ""
2156
 
2157
- #: src/admin/wp-security-firewall-menu.php:831
2158
  msgid "<strong>Attention</strong>: Sometimes non-malicious Internet organizations might have bots which impersonate as a \"Googlebot\"."
2159
  msgstr ""
2160
 
2161
- #: src/admin/wp-security-firewall-menu.php:832
2162
  msgid "Just be aware that if you activate this feature the plugin will block all bots which use the \"Googlebot\" string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not)."
2163
  msgstr ""
2164
 
2165
- #: src/admin/wp-security-firewall-menu.php:833
2166
  msgid "All other bots from other organizations such as \"Yahoo\", \"Bing\" etc will not be affected by this feature."
2167
  msgstr ""
2168
 
2169
- #: src/admin/wp-security-firewall-menu.php:839, src/admin/wp-security-firewall-menu.php:849, src/classes/grade-system/wp-security-feature-item-manager.php:116
2170
  msgid "Block Fake Googlebots"
2171
  msgstr ""
2172
 
2173
- #: src/admin/wp-security-firewall-menu.php:852
2174
  msgid "Check this if you want to block all fake Googlebots."
2175
  msgstr ""
2176
 
2177
- #: src/admin/wp-security-firewall-menu.php:856
2178
  msgid "This feature will check if the User Agent information of a bot contains the string \"Googlebot\"."
2179
  msgstr ""
2180
 
2181
- #: src/admin/wp-security-firewall-menu.php:857
2182
  msgid "It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed."
2183
  msgstr ""
2184
 
2185
- #: src/admin/wp-security-firewall-menu.php:858
2186
  msgid "If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it"
2187
  msgstr ""
2188
 
2189
- #: src/admin/wp-security-firewall-menu.php:865
2190
  msgid "Save Internet Bot Settings"
2191
  msgstr ""
2192
 
2193
- #: src/admin/wp-security-firewall-menu.php:901, src/admin/wp-security-firewall-menu.php:923, src/classes/grade-system/wp-security-feature-item-manager.php:42
2194
  msgid "Prevent Image Hotlinking"
2195
  msgstr ""
2196
 
2197
- #: src/admin/wp-security-firewall-menu.php:904
2198
  msgid "A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server."
2199
  msgstr ""
2200
 
2201
- #: src/admin/wp-security-firewall-menu.php:905
2202
  msgid "Due to the fact that the image being displayed on the other person's site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses's site."
2203
  msgstr ""
2204
 
2205
- #: src/admin/wp-security-firewall-menu.php:906
2206
  msgid "This feature will prevent people from directly hotlinking images from your site's pages by writing some directives in your .htaccess file."
2207
  msgstr ""
2208
 
2209
- #: src/admin/wp-security-firewall-menu.php:911
2210
  msgid "Prevent Hotlinking"
2211
  msgstr ""
2212
 
2213
- #: src/admin/wp-security-firewall-menu.php:926
2214
  msgid "Check this if you want to prevent hotlinking to images on your site."
2215
  msgstr ""
2216
 
2217
- #: src/admin/wp-security-firewall-menu.php:946
2218
  msgid "Nonce check failed for delete all 404 event logs operation!"
2219
  msgstr ""
2220
 
2221
- #: src/admin/wp-security-firewall-menu.php:957
2222
  msgid "404 Detection Feature - Delete all 404 event logs operation failed!"
2223
  msgstr ""
2224
 
2225
- #: src/admin/wp-security-firewall-menu.php:961
2226
  msgid "All 404 event logs were deleted from the DB successfully!"
2227
  msgstr ""
2228
 
2229
- #: src/admin/wp-security-firewall-menu.php:985, src/admin/wp-security-user-login-menu.php:111
2230
  msgid "You entered a non numeric value for the lockout time length field. It has been set to the default value."
2231
  msgstr ""
2232
 
2233
- #: src/admin/wp-security-firewall-menu.php:991
2234
  msgid "You entered an incorrect format for the \"Redirect URL\" field. It has been set to the default value."
2235
  msgstr ""
2236
 
2237
- #: src/admin/wp-security-firewall-menu.php:1026
2238
  msgid "404 Detection Configuration"
2239
  msgstr ""
2240
 
2241
- #: src/admin/wp-security-firewall-menu.php:1029
2242
  msgid "A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website."
2243
  msgstr ""
2244
 
2245
- #: src/admin/wp-security-firewall-menu.php:1030
2246
  msgid "Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn't exist anymore."
2247
  msgstr ""
2248
 
2249
- #: src/admin/wp-security-firewall-menu.php:1031
2250
  msgid "However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs."
2251
  msgstr ""
2252
 
2253
- #: src/admin/wp-security-firewall-menu.php:1032
2254
  msgid "Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons."
2255
  msgstr ""
2256
 
2257
- #: src/admin/wp-security-firewall-menu.php:1033
2258
  msgid "This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time."
2259
  msgstr ""
2260
 
2261
- #: src/admin/wp-security-firewall-menu.php:1034
2262
  msgid "If you want to temporarily block or blacklist an IP address, simply click the \"Temp Block\" or \"Blacklist IP\" link for the applicable IP entry in the \"404 Event Logs\" table below."
2263
  msgstr ""
2264
 
2265
- #: src/admin/wp-security-firewall-menu.php:1055
2266
  msgid "404 Detection Options"
2267
  msgstr ""
2268
 
2269
- #: src/admin/wp-security-firewall-menu.php:1067
2270
  msgid "Enable 404 IP Detection and Lockout"
2271
  msgstr ""
2272
 
2273
- #: src/admin/wp-security-firewall-menu.php:1070
2274
  msgid "Check this if you want to enable the lockout of selected IP addresses."
2275
  msgstr ""
2276
 
2277
- #: src/admin/wp-security-firewall-menu.php:1075
2278
  msgid "When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the \"404 Event Logs\" table section will be unable to access your site during the time specified."
2279
  msgstr ""
2280
 
2281
- #: src/admin/wp-security-firewall-menu.php:1083
2282
  msgid "Enable 404 Event Logging"
2283
  msgstr ""
2284
 
2285
- #: src/admin/wp-security-firewall-menu.php:1086
2286
  msgid "Check this if you want to enable the logging of 404 events"
2287
  msgstr ""
2288
 
2289
- #: src/admin/wp-security-firewall-menu.php:1091
2290
  msgid "Time Length of 404 Lockout (min)"
2291
  msgstr ""
2292
 
2293
- #: src/admin/wp-security-firewall-menu.php:1093
2294
  msgid "Set the length of time for which a blocked IP address will be prevented from visiting your site"
2295
  msgstr ""
2296
 
2297
- #: src/admin/wp-security-firewall-menu.php:1098
2298
  msgid "You can lock any IP address which is recorded in the \"404 Event Logs\" table section below."
2299
  msgstr ""
2300
 
2301
- #: src/admin/wp-security-firewall-menu.php:1100
2302
  msgid "To temporarily lock an IP address, hover over the ID column and click the \"Temp Block\" link for the applicable IP entry."
2303
  msgstr ""
2304
 
2305
- #: src/admin/wp-security-firewall-menu.php:1107
2306
  msgid "404 Lockout Redirect URL"
2307
  msgstr ""
2308
 
2309
- #: src/admin/wp-security-firewall-menu.php:1109
2310
  msgid "A blocked visitor will be automatically redirected to this URL."
2311
  msgstr ""
2312
 
2313
- #: src/admin/wp-security-firewall-menu.php:1118
2314
  msgid "404 Event Logs"
2315
  msgstr ""
2316
 
2317
- #: src/admin/wp-security-firewall-menu.php:1140, src/admin/wp-security-firewall-menu.php:1149, src/admin/wp-security-user-login-menu.php:492, src/admin/wp-security-user-login-menu.php:501, src/admin/wp-security-user-login-menu.php:649, src/admin/wp-security-user-login-menu.php:658
2318
  msgid "Export to CSV"
2319
  msgstr ""
2320
 
2321
- #: src/admin/wp-security-firewall-menu.php:1146, src/admin/wp-security-user-login-menu.php:498, src/admin/wp-security-user-login-menu.php:655
2322
  msgid "Click this button if you wish to download this log in CSV format."
2323
  msgstr ""
2324
 
2325
- #: src/admin/wp-security-firewall-menu.php:1153, src/admin/wp-security-firewall-menu.php:1162
2326
  msgid "Delete All 404 Event Logs"
2327
  msgstr ""
2328
 
2329
- #: src/admin/wp-security-firewall-menu.php:1159
2330
  msgid "Click this button if you wish to purge all 404 event logs from the DB."
2331
  msgstr ""
2332
 
2333
- #: src/admin/wp-security-firewall-menu.php:1218
2334
  msgid "Custom .htaccess Rules Settings"
2335
  msgstr ""
2336
 
2337
- #: src/admin/wp-security-firewall-menu.php:1225
2338
  msgid "This feature can be used to apply your own custom .htaccess rules and directives."
2339
  msgstr ""
2340
 
2341
- #: src/admin/wp-security-firewall-menu.php:1226
2342
  msgid "It is useful for when you want to tweak our existing firewall rules or when you want to add your own."
2343
  msgstr ""
2344
 
2345
- #: src/admin/wp-security-firewall-menu.php:1227
2346
  msgid "NOTE: This feature can only be used if your site is hosted in an apache or similar web server."
2347
  msgstr ""
2348
 
2349
- #: src/admin/wp-security-firewall-menu.php:1233
2350
  msgid "<strong>Warning</strong>: Only use this feature if you know what you are doing."
2351
  msgstr ""
2352
 
2353
- #: src/admin/wp-security-firewall-menu.php:1234
2354
  msgid "Incorrect .htaccess rules or directives can break or prevent access to your site."
2355
  msgstr ""
2356
 
2357
- #: src/admin/wp-security-firewall-menu.php:1235
2358
  msgid "It is your responsibility to ensure that you are entering the correct code!"
2359
  msgstr ""
2360
 
2361
- #: src/admin/wp-security-firewall-menu.php:1236
2362
  msgid "If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made."
2363
  msgstr ""
2364
 
2365
- #: src/admin/wp-security-firewall-menu.php:1242
2366
  msgid "Custom .htaccess Rules"
2367
  msgstr ""
2368
 
2369
- #: src/admin/wp-security-firewall-menu.php:1246
2370
  msgid "Enable Custom .htaccess Rules"
2371
  msgstr ""
2372
 
2373
- #: src/admin/wp-security-firewall-menu.php:1249
2374
  msgid "Check this if you want to enable custom rules entered in the text box below"
2375
  msgstr ""
2376
 
2377
- #: src/admin/wp-security-firewall-menu.php:1253
2378
  msgid "Place custom rules at the top"
2379
  msgstr ""
2380
 
2381
- #: src/admin/wp-security-firewall-menu.php:1256
2382
  msgid "Check this if you want to place your custom rules at the beginning of all the rules applied by this plugin"
2383
  msgstr ""
2384
 
2385
- #: src/admin/wp-security-firewall-menu.php:1260
2386
  msgid "Enter Custom .htaccess Rules:"
2387
  msgstr ""
2388
 
2389
- #: src/admin/wp-security-firewall-menu.php:1264
2390
  msgid "Enter your custom .htaccess rules/directives."
2391
  msgstr ""
2392
 
2393
- #: src/admin/wp-security-firewall-menu.php:1269
2394
  msgid "Save Custom Rules"
2395
  msgstr ""
2396
 
@@ -2518,7 +2542,7 @@ msgstr ""
2518
  msgid "Set up now"
2519
  msgstr ""
2520
 
2521
- #: src/admin/wp-security-firewall-setup-notice.php:614, src/templates/notices/automated-database-backup-notice.php:10, src/templates/notices/automated-database-backup-notice.php:12, src/templates/notices/horizontal-notice.php:50, src/templates/notices/horizontal-notice.php:52
2522
  msgid "Dismiss"
2523
  msgstr ""
2524
 
@@ -2762,7 +2786,7 @@ msgstr ""
2762
  msgid "The selected IP addresses were successfully added to the permanent block list!"
2763
  msgstr ""
2764
 
2765
- #: src/admin/wp-security-list-registered-users.php:269, src/admin/wp-security-list-registered-users.php:286, src/admin/wp-security-spam-menu.php:373
2766
  msgid "View Blocked IPs"
2767
  msgstr ""
2768
 
@@ -2934,462 +2958,482 @@ msgstr ""
2934
  msgid "Check this if you want to stop REST API access for non-logged in requests."
2935
  msgstr ""
2936
 
2937
- #: src/admin/wp-security-settings-menu.php:21
2938
  msgid "General Settings"
2939
  msgstr ""
2940
 
2941
- #: src/admin/wp-security-settings-menu.php:33
2942
  msgid "Delete Plugin Settings"
2943
  msgstr ""
2944
 
2945
- #: src/admin/wp-security-settings-menu.php:37
2946
  msgid "WP Version Info"
2947
  msgstr ""
2948
 
2949
- #: src/admin/wp-security-settings-menu.php:41
2950
  msgid "Import/Export"
2951
  msgstr ""
2952
 
2953
- #: src/admin/wp-security-settings-menu.php:117
 
 
 
 
2954
  msgid "All the security features have been disabled successfully!"
2955
  msgstr ""
2956
 
2957
- #: src/admin/wp-security-settings-menu.php:121, src/admin/wp-security-settings-menu.php:148
2958
  msgid "Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the \".htaccess File\"."
2959
  msgstr ""
2960
 
2961
- #: src/admin/wp-security-settings-menu.php:126
2962
  msgid "Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the \"wp-config.php File\"."
2963
  msgstr ""
2964
 
2965
- #: src/admin/wp-security-settings-menu.php:144
2966
  msgid "All firewall rules have been disabled successfully!"
2967
  msgstr ""
2968
 
2969
- #: src/admin/wp-security-settings-menu.php:166
2970
  msgid "Deletion of aio_wp_security_configs option and .htaccess directives failed."
2971
  msgstr ""
2972
 
2973
- #: src/admin/wp-security-settings-menu.php:168
2974
  msgid "Reset of aio_wp_security_configs option failed."
2975
  msgstr ""
2976
 
2977
- #: src/admin/wp-security-settings-menu.php:170
2978
  msgid "Deletion of .htaccess directives failed."
2979
  msgstr ""
2980
 
2981
- #: src/admin/wp-security-settings-menu.php:172
2982
  msgid "All settings have been successfully reset."
2983
  msgstr ""
2984
 
2985
- #: src/admin/wp-security-settings-menu.php:192
2986
  msgid "For information, updates and documentation, please visit the"
2987
  msgstr ""
2988
 
2989
- #: src/admin/wp-security-settings-menu.php:192
2990
  msgid "Page"
2991
  msgstr ""
2992
 
2993
- #: src/admin/wp-security-settings-menu.php:193
2994
  msgid "Follow us"
2995
  msgstr ""
2996
 
2997
- #: src/admin/wp-security-settings-menu.php:193
2998
  msgid "on Twitter, Google+ or via Email to stay up to date about the new security features of this plugin."
2999
  msgstr ""
3000
 
3001
- #: src/admin/wp-security-settings-menu.php:197
3002
  msgid "WP Security Plugin"
3003
  msgstr ""
3004
 
3005
- #: src/admin/wp-security-settings-menu.php:201
3006
  msgid "Thank you for using the AIOWPS security plugin."
3007
  msgstr ""
3008
 
3009
- #: src/admin/wp-security-settings-menu.php:205
3010
  msgid "There are a lot of security features in this plugin."
3011
  msgstr ""
3012
 
3013
- #: src/admin/wp-security-settings-menu.php:210
3014
  msgid "To start, go through each security option and enable the \"basic\" options."
3015
  msgstr ""
3016
 
3017
- #: src/admin/wp-security-settings-menu.php:214
3018
  msgid "The more features you enable, the more security points you will achieve."
3019
  msgstr ""
3020
 
3021
- #: src/admin/wp-security-settings-menu.php:217
3022
  msgid "Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php."
3023
  msgstr ""
3024
 
3025
- #: src/admin/wp-security-settings-menu.php:220
3026
  msgid "Backup your database"
3027
  msgstr ""
3028
 
3029
- #: src/admin/wp-security-settings-menu.php:221
3030
  msgid "Backup .htaccess file"
3031
  msgstr ""
3032
 
3033
- #: src/admin/wp-security-settings-menu.php:222
3034
  msgid "Backup wp-config.php file"
3035
  msgstr ""
3036
 
3037
- #: src/admin/wp-security-settings-menu.php:229
3038
  msgid "Disable Security Features"
3039
  msgstr ""
3040
 
3041
- #: src/admin/wp-security-settings-menu.php:235
3042
  msgid "If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin."
3043
  msgstr ""
3044
 
3045
- #: src/admin/wp-security-settings-menu.php:239
3046
  msgid "Disable All Security Features"
3047
  msgstr ""
3048
 
3049
- #: src/admin/wp-security-settings-menu.php:246, src/admin/wp-security-settings-menu.php:256
3050
  msgid "Disable All Firewall Rules"
3051
  msgstr ""
3052
 
3053
- #: src/admin/wp-security-settings-menu.php:252
3054
  msgid "This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site."
3055
  msgstr ""
3056
 
3057
- #: src/admin/wp-security-settings-menu.php:263, src/admin/wp-security-settings-menu.php:276
3058
  msgid "Reset Settings"
3059
  msgstr ""
3060
 
3061
- #: src/admin/wp-security-settings-menu.php:268
3062
  msgid "This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin."
3063
  msgstr ""
3064
 
3065
- #: src/admin/wp-security-settings-menu.php:269
3066
  msgid "This button click will reset/empty all the database tables of the security plugin also."
3067
  msgstr ""
3068
 
3069
- #: src/admin/wp-security-settings-menu.php:270
3070
  msgid "Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated."
3071
  msgstr ""
3072
 
3073
- #: src/admin/wp-security-settings-menu.php:271
3074
  msgid "In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin."
3075
  msgstr ""
3076
 
3077
- #: src/admin/wp-security-settings-menu.php:272
3078
  msgid "%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall plugin."
3079
  msgstr ""
3080
 
3081
- #: src/admin/wp-security-settings-menu.php:284
3082
  msgid "Debug Settings"
3083
  msgstr ""
3084
 
3085
- #: src/admin/wp-security-settings-menu.php:290
3086
  msgid "This setting allows you to enable/disable debug for this plugin."
3087
  msgstr ""
3088
 
3089
- #: src/admin/wp-security-settings-menu.php:296
3090
  msgid "Enable Debug"
3091
  msgstr ""
3092
 
3093
- #: src/admin/wp-security-settings-menu.php:299
3094
  msgid "Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue."
3095
  msgstr ""
3096
 
3097
- #: src/admin/wp-security-settings-menu.php:303
3098
  msgid "Save Debug Settings"
3099
  msgstr ""
3100
 
3101
- #: src/admin/wp-security-settings-menu.php:339
3102
  msgid "Your .htaccess file was successfully backed up! Using an FTP program go to the \"/wp-content/aiowps_backups\" directory to save a copy of the file to your computer."
3103
  msgstr ""
3104
 
3105
- #: src/admin/wp-security-settings-menu.php:345
3106
  msgid "htaccess file rename failed during backup. Please check your root directory for the backup file using FTP."
3107
  msgstr ""
3108
 
3109
- #: src/admin/wp-security-settings-menu.php:351
3110
  msgid "htaccess backup failed."
3111
  msgstr ""
3112
 
3113
- #: src/admin/wp-security-settings-menu.php:366
3114
  msgid "Please choose a .htaccess to restore from."
3115
  msgstr ""
3116
 
3117
- #: src/admin/wp-security-settings-menu.php:381
3118
  msgid "htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP."
3119
  msgstr ""
3120
 
3121
- #: src/admin/wp-security-settings-menu.php:385
3122
  msgid "Your .htaccess file has successfully been restored!"
3123
  msgstr ""
3124
 
3125
- #: src/admin/wp-security-settings-menu.php:391
3126
  msgid "htaccess Restore operation failed! Please check the contents of the file you are trying to restore from."
3127
  msgstr ""
3128
 
3129
- #: src/admin/wp-security-settings-menu.php:397
3130
  msgid ".htaccess File Operations"
3131
  msgstr ""
3132
 
3133
- #: src/admin/wp-security-settings-menu.php:400
3134
  msgid "Your \".htaccess\" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms."
3135
  msgstr ""
3136
 
3137
- #: src/admin/wp-security-settings-menu.php:401
3138
  msgid "This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future."
3139
  msgstr ""
3140
 
3141
- #: src/admin/wp-security-settings-menu.php:402
3142
  msgid "You can also restore your site's .htaccess settings using a backed up .htaccess file."
3143
  msgstr ""
3144
 
3145
- #: src/admin/wp-security-settings-menu.php:417
3146
  msgid "Save the current .htaccess file"
3147
  msgstr ""
3148
 
3149
- #: src/admin/wp-security-settings-menu.php:421
3150
  msgid "Click the button below to backup and save the currently active .htaccess file."
3151
  msgstr ""
3152
 
3153
- #: src/admin/wp-security-settings-menu.php:422
3154
  msgid "Backup .htaccess File"
3155
  msgstr ""
3156
 
3157
- #: src/admin/wp-security-settings-menu.php:426
3158
  msgid "Restore from a backed up .htaccess file"
3159
  msgstr ""
3160
 
3161
- #: src/admin/wp-security-settings-menu.php:432
3162
  msgid ".htaccess file to restore from"
3163
  msgstr ""
3164
 
3165
- #: src/admin/wp-security-settings-menu.php:434
3166
  msgid "Select Your htaccess File"
3167
  msgstr ""
3168
 
3169
- #: src/admin/wp-security-settings-menu.php:438
3170
  msgid "After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt)."
3171
  msgstr ""
3172
 
3173
- #: src/admin/wp-security-settings-menu.php:444
3174
  msgid "Restore .htaccess File"
3175
  msgstr ""
3176
 
3177
- #: src/admin/wp-security-settings-menu.php:466
3178
  msgid "Please choose a wp-config.php file to restore from."
3179
  msgstr ""
3180
 
3181
- #: src/admin/wp-security-settings-menu.php:482
3182
  msgid "wp-config.php file restore failed. Please attempt to restore this file manually using FTP."
3183
  msgstr ""
3184
 
3185
- #: src/admin/wp-security-settings-menu.php:486
3186
  msgid "Your wp-config.php file has successfully been restored!"
3187
  msgstr ""
3188
 
3189
- #: src/admin/wp-security-settings-menu.php:492
3190
  msgid "wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from."
3191
  msgstr ""
3192
 
3193
- #: src/admin/wp-security-settings-menu.php:498
3194
  msgid "wp-config.php File Operations"
3195
  msgstr ""
3196
 
3197
- #: src/admin/wp-security-settings-menu.php:501
3198
  msgid "Your \"wp-config.php\" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components."
3199
  msgstr ""
3200
 
3201
- #: src/admin/wp-security-settings-menu.php:502
3202
  msgid "This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future."
3203
  msgstr ""
3204
 
3205
- #: src/admin/wp-security-settings-menu.php:503
3206
  msgid "You can also restore your site's wp-config.php settings using a backed up wp-config.php file."
3207
  msgstr ""
3208
 
3209
- #: src/admin/wp-security-settings-menu.php:518
3210
  msgid "Save the current wp-config.php file"
3211
  msgstr ""
3212
 
3213
- #: src/admin/wp-security-settings-menu.php:522
3214
  msgid "Click the button below to backup and download the contents of the currently active wp-config.php file."
3215
  msgstr ""
3216
 
3217
- #: src/admin/wp-security-settings-menu.php:523
3218
  msgid "Backup wp-config.php File"
3219
  msgstr ""
3220
 
3221
- #: src/admin/wp-security-settings-menu.php:528
3222
  msgid "Restore from a backed up wp-config file"
3223
  msgstr ""
3224
 
3225
- #: src/admin/wp-security-settings-menu.php:534
3226
  msgid "wp-config file to restore from"
3227
  msgstr ""
3228
 
3229
- #: src/admin/wp-security-settings-menu.php:536
3230
  msgid "Select Your wp-config File"
3231
  msgstr ""
3232
 
3233
- #: src/admin/wp-security-settings-menu.php:540
3234
  msgid "After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt)."
3235
  msgstr ""
3236
 
3237
- #: src/admin/wp-security-settings-menu.php:546
3238
  msgid "Restore wp-config File"
3239
  msgstr ""
3240
 
3241
- #: src/admin/wp-security-settings-menu.php:550
3242
  msgid "View Contents of the currently active wp-config.php file"
3243
  msgstr ""
3244
 
3245
- #: src/admin/wp-security-settings-menu.php:580
3246
  msgid "Manage delete plugin settings saved."
3247
  msgstr ""
3248
 
3249
- #: src/admin/wp-security-settings-menu.php:585
3250
  msgid "Manage delete plugin tasks"
3251
  msgstr ""
3252
 
3253
- #: src/admin/wp-security-settings-menu.php:592
3254
  msgid "Delete database tables"
3255
  msgstr ""
3256
 
3257
- #: src/admin/wp-security-settings-menu.php:595
3258
  msgid "Check this if you want to remove database tables when the plugin is uninstalled."
3259
  msgstr ""
3260
 
3261
- #: src/admin/wp-security-settings-menu.php:599
3262
  msgid "Delete settings"
3263
  msgstr ""
3264
 
3265
- #: src/admin/wp-security-settings-menu.php:602
3266
  msgid "Check this if you want to remove all plugin settings when uninstalling the plugin."
3267
  msgstr ""
3268
 
3269
- #: src/admin/wp-security-settings-menu.php:602
3270
  msgid "It will also remove all custom htaccess rules that were added by this plugin."
3271
  msgstr ""
3272
 
3273
- #: src/admin/wp-security-settings-menu.php:636
3274
  msgid "WP Generator Meta Tag & Version Info"
3275
  msgstr ""
3276
 
3277
- #: src/admin/wp-security-settings-menu.php:639
3278
  msgid "Wordpress generator automatically adds some meta information inside the \"head\" tags of every page on your site's front end. Below is an example of this:"
3279
  msgstr ""
3280
 
3281
- #: src/admin/wp-security-settings-menu.php:641
3282
  msgid "The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit."
3283
  msgstr ""
3284
 
3285
- #: src/admin/wp-security-settings-menu.php:642
3286
  msgid "There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:"
3287
  msgstr ""
3288
 
3289
- #: src/admin/wp-security-settings-menu.php:644
3290
  msgid "This feature will allow you to remove the WP generator meta info and other version info from your site's pages."
3291
  msgstr ""
3292
 
3293
- #: src/admin/wp-security-settings-menu.php:650
3294
  msgid "WP Generator Meta Info"
3295
  msgstr ""
3296
 
3297
- #: src/admin/wp-security-settings-menu.php:662
3298
  msgid "Remove WP Generator Meta Info"
3299
  msgstr ""
3300
 
3301
- #: src/admin/wp-security-settings-menu.php:665
3302
  msgid "Check this if you want to remove the version and meta info produced by WP from all pages"
3303
  msgstr ""
3304
 
3305
- #: src/admin/wp-security-settings-menu.php:693
3306
  msgid "Please choose a file to import your settings from."
3307
  msgstr ""
3308
 
3309
- #: src/admin/wp-security-settings-menu.php:725
3310
  msgid "Import AIOWPS settings from .$import_from. operation failed!"
3311
  msgstr ""
3312
 
3313
- #: src/admin/wp-security-settings-menu.php:731, src/admin/wp-security-settings-menu.php:775
3314
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes."
3315
  msgstr ""
3316
 
3317
- #: src/admin/wp-security-settings-menu.php:733, src/admin/wp-security-settings-menu.php:777
3318
  msgid "The file you uploaded was also deleted for security purposes because it contains security settings details."
3319
  msgstr ""
3320
 
3321
- #: src/admin/wp-security-settings-menu.php:748
3322
  msgid "Your AIOWPS settings were successfully imported via file input."
3323
  msgstr ""
3324
 
3325
- #: src/admin/wp-security-settings-menu.php:749
3326
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details."
3327
  msgstr ""
3328
 
3329
- #: src/admin/wp-security-settings-menu.php:751
3330
  msgid "Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details."
3331
  msgstr ""
3332
 
3333
- #: src/admin/wp-security-settings-menu.php:754
3334
  msgid "Your AIOWPS settings were successfully imported via text entry."
3335
  msgstr ""
3336
 
3337
- #: src/admin/wp-security-settings-menu.php:769
3338
  msgid "The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from."
3339
  msgstr ""
3340
 
3341
- #: src/admin/wp-security-settings-menu.php:786
3342
  msgid "Export or Import Your AIOWPS Settings"
3343
  msgstr ""
3344
 
3345
- #: src/admin/wp-security-settings-menu.php:789
3346
  msgid "This section allows you to export or import your All In One WP Security & Firewall settings."
3347
  msgstr ""
3348
 
3349
- #: src/admin/wp-security-settings-menu.php:790
3350
  msgid "This can be handy if you wanted to save time by applying the settings from one site to another site."
3351
  msgstr ""
3352
 
3353
- #: src/admin/wp-security-settings-menu.php:791
3354
  msgid "NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site."
3355
  msgstr ""
3356
 
3357
- #: src/admin/wp-security-settings-menu.php:792
3358
  msgid "For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain."
3359
  msgstr ""
3360
 
3361
- #: src/admin/wp-security-settings-menu.php:798, src/admin/wp-security-settings-menu.php:807
3362
  msgid "Export AIOWPS Settings"
3363
  msgstr ""
3364
 
3365
- #: src/admin/wp-security-settings-menu.php:804
3366
  msgid "To export your All In One WP Security & Firewall settings click the button below."
3367
  msgstr ""
3368
 
3369
- #: src/admin/wp-security-settings-menu.php:811, src/admin/wp-security-settings-menu.php:842
3370
  msgid "Import AIOWPS Settings"
3371
  msgstr ""
3372
 
3373
- #: src/admin/wp-security-settings-menu.php:817
3374
  msgid "Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below."
3375
  msgstr ""
3376
 
3377
- #: src/admin/wp-security-settings-menu.php:820
3378
  msgid "Import File"
3379
  msgstr ""
3380
 
3381
- #: src/admin/wp-security-settings-menu.php:824
3382
  msgid "Select Your Import Settings File"
3383
  msgstr ""
3384
 
3385
- #: src/admin/wp-security-settings-menu.php:828
3386
  msgid "After selecting your file, click the button below to apply the settings to your site."
3387
  msgstr ""
3388
 
3389
- #: src/admin/wp-security-settings-menu.php:835
3390
  msgid "Copy/Paste Import Data"
3391
  msgstr ""
3392
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3393
  #: src/admin/wp-security-spam-menu.php:28
3394
  msgid "Comment SPAM"
3395
  msgstr ""
@@ -3454,245 +3498,245 @@ msgstr ""
3454
  msgid "In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked."
3455
  msgstr ""
3456
 
3457
- #: src/admin/wp-security-spam-menu.php:181
3458
  msgid "Block Spambots From Posting Comments"
3459
  msgstr ""
3460
 
3461
- #: src/admin/wp-security-spam-menu.php:184
3462
  msgid "Check this if you want to apply a firewall rule which will block comments originating from spambots."
3463
  msgstr ""
3464
 
3465
- #: src/admin/wp-security-spam-menu.php:188
3466
  msgid "This feature will implement a firewall rule to block all comment attempts which do not originate from your domain."
3467
  msgstr ""
3468
 
3469
- #: src/admin/wp-security-spam-menu.php:189
3470
  msgid "A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain."
3471
  msgstr ""
3472
 
3473
- #: src/admin/wp-security-spam-menu.php:190
3474
  msgid "A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty."
3475
  msgstr ""
3476
 
3477
- #: src/admin/wp-security-spam-menu.php:191
3478
  msgid "This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments."
3479
  msgstr ""
3480
 
3481
- #: src/admin/wp-security-spam-menu.php:201
3482
  msgid "Comment Processing"
3483
  msgstr ""
3484
 
3485
- #: src/admin/wp-security-spam-menu.php:207
3486
  msgid "Trash spam comments"
3487
  msgstr ""
3488
 
3489
- #: src/admin/wp-security-spam-menu.php:217
3490
  msgid "Move spam comments to trash after %s days."
3491
  msgstr ""
3492
 
3493
- #: src/admin/wp-security-spam-menu.php:222
3494
  msgid "More info"
3495
  msgstr ""
3496
 
3497
- #: src/admin/wp-security-spam-menu.php:225
3498
  msgid "Enble this feature in order to move the spam comments to trash after given number of days."
3499
  msgstr ""
3500
 
3501
- #: src/admin/wp-security-spam-menu.php:264
3502
  msgid "You entered a non numeric value for the minimum number of spam comments field. It has been set to the default value."
3503
  msgstr ""
3504
 
3505
- #: src/admin/wp-security-spam-menu.php:267
3506
  msgid "You must enter an integer greater than zero for minimum number of spam comments field. It has been set to the default value."
3507
  msgstr ""
3508
 
3509
- #: src/admin/wp-security-spam-menu.php:296
3510
  msgid "Nonce check failed for list SPAM comment IPs!"
3511
  msgstr ""
3512
 
3513
- #: src/admin/wp-security-spam-menu.php:302
3514
  msgid "You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value."
3515
  msgstr ""
3516
 
3517
- #: src/admin/wp-security-spam-menu.php:314
3518
  msgid "Displaying results for IP addresses which have posted a minimum of %s SPAM comments"
3519
  msgstr ""
3520
 
3521
- #: src/admin/wp-security-spam-menu.php:329
3522
  msgid "Auto Block SPAMMER IPs"
3523
  msgstr ""
3524
 
3525
- #: src/admin/wp-security-spam-menu.php:334
3526
  msgid "This feature has detected that %s is not active. It is highly recommended that you activate the Akismet plugin to make the most of this feature."
3527
  msgstr ""
3528
 
3529
- #: src/admin/wp-security-spam-menu.php:343
3530
  msgid "This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM."
3531
  msgstr ""
3532
 
3533
- #: src/admin/wp-security-spam-menu.php:344
3534
  msgid "Comments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as \"spam\" from the WordPress Comments menu."
3535
  msgstr ""
3536
 
3537
- #: src/admin/wp-security-spam-menu.php:358
3538
  msgid "You currently have no IP addresses permanently blocked due to SPAM."
3539
  msgstr ""
3540
 
3541
- #: src/admin/wp-security-spam-menu.php:371
3542
  msgid "Spammer IPs Added To Permanent Block List Today: "
3543
  msgstr ""
3544
 
3545
- #: src/admin/wp-security-spam-menu.php:372
3546
  msgid "All Time Total: "
3547
  msgstr ""
3548
 
3549
- #: src/admin/wp-security-spam-menu.php:386
3550
  msgid "Enable Auto Block of SPAM Comment IPs"
3551
  msgstr ""
3552
 
3553
- #: src/admin/wp-security-spam-menu.php:389
3554
  msgid "Check this box if you want this plugin to automatically block IP addresses which submit SPAM comments."
3555
  msgstr ""
3556
 
3557
- #: src/admin/wp-security-spam-menu.php:393
3558
  msgid "Minimum number of SPAM comments"
3559
  msgstr ""
3560
 
3561
- #: src/admin/wp-security-spam-menu.php:395
3562
  msgid "Specify the minimum number of SPAM comments for an IP address before it is permanently blocked."
3563
  msgstr ""
3564
 
3565
- #: src/admin/wp-security-spam-menu.php:399
3566
  msgid "Example 1: Setting this value to \"1\" will block ALL IP addresses which were used to submit at least one SPAM comment."
3567
  msgstr ""
3568
 
3569
- #: src/admin/wp-security-spam-menu.php:400
3570
  msgid "Example 2: Setting this value to \"5\" will block only those IP addresses which were used to submit 5 SPAM comments or more on your site."
3571
  msgstr ""
3572
 
3573
- #: src/admin/wp-security-spam-menu.php:406
3574
  msgid "Run Now"
3575
  msgstr ""
3576
 
3577
- #: src/admin/wp-security-spam-menu.php:407
3578
  msgid "Run SPAM IP Blocking Now"
3579
  msgstr ""
3580
 
3581
- #: src/admin/wp-security-spam-menu.php:408
3582
  msgid "This feature normally runs automatically whenever a comment is submitted but you can run it manually by clicking this button. (useful for older comments)"
3583
  msgstr ""
3584
 
3585
- #: src/admin/wp-security-spam-menu.php:418
3586
  msgid "List SPAMMER IP Addresses"
3587
  msgstr ""
3588
 
3589
- #: src/admin/wp-security-spam-menu.php:422
3590
  msgid "This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site."
3591
  msgstr ""
3592
 
3593
- #: src/admin/wp-security-spam-menu.php:423
3594
  msgid "This information can be handy for identifying the most persistent IP addresses or ranges used by spammers."
3595
  msgstr ""
3596
 
3597
- #: src/admin/wp-security-spam-menu.php:424
3598
  msgid "By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list."
3599
  msgstr ""
3600
 
3601
- #: src/admin/wp-security-spam-menu.php:425
3602
  msgid ""
3603
  "To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the \"Block\" link for the individual row or select more than one address\n"
3604
  " using the checkboxes and then choose the \"block\" option from the Bulk Actions dropdown list and click the \"Apply\" button."
3605
  msgstr ""
3606
 
3607
- #: src/admin/wp-security-spam-menu.php:435
3608
  msgid "Minimum number of SPAM comments per IP"
3609
  msgstr ""
3610
 
3611
- #: src/admin/wp-security-spam-menu.php:437
3612
  msgid "This field allows you to list only those IP addresses which have been used to post X or more SPAM comments."
3613
  msgstr ""
3614
 
3615
- #: src/admin/wp-security-spam-menu.php:441
3616
  msgid "Example 1: Setting this value to \"0\" or \"1\" will list ALL IP addresses which were used to submit SPAM comments."
3617
  msgstr ""
3618
 
3619
- #: src/admin/wp-security-spam-menu.php:442
3620
  msgid "Example 2: Setting this value to \"5\" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site."
3621
  msgstr ""
3622
 
3623
- #: src/admin/wp-security-spam-menu.php:449
3624
  msgid "Find IP Addresses"
3625
  msgstr ""
3626
 
3627
- #: src/admin/wp-security-spam-menu.php:453
3628
  msgid "SPAMMER IP Address Results"
3629
  msgstr ""
3630
 
3631
- #: src/admin/wp-security-spam-menu.php:459, src/classes/wp-security-utility.php:235
3632
  msgid "The plugin has detected that you are using a Multi-Site WordPress installation."
3633
  msgstr ""
3634
 
3635
- #: src/admin/wp-security-spam-menu.php:460
3636
  msgid "Only the \"superadmin\" can block IP addresses from the main site."
3637
  msgstr ""
3638
 
3639
- #: src/admin/wp-security-spam-menu.php:461
3640
  msgid "Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the \"Blacklist Manager\" on the main site."
3641
  msgstr ""
3642
 
3643
- #: src/admin/wp-security-spam-menu.php:506
3644
  msgid "BuddyPress SPAM Settings"
3645
  msgstr ""
3646
 
3647
- #: src/admin/wp-security-spam-menu.php:511
3648
  msgid "Add Captcha To BuddyPress Registration Form"
3649
  msgstr ""
3650
 
3651
- #: src/admin/wp-security-spam-menu.php:515
3652
  msgid "This feature will add a simple math captcha field in the BuddyPress registration form."
3653
  msgstr ""
3654
 
3655
- #: src/admin/wp-security-spam-menu.php:516
3656
  msgid "Adding a captcha field in the registration form is a simple way of greatly reducing SPAM signups from bots without using .htaccess rules."
3657
  msgstr ""
3658
 
3659
- #: src/admin/wp-security-spam-menu.php:526
3660
  msgid "Enable Captcha On BuddyPress Registration Form"
3661
  msgstr ""
3662
 
3663
- #: src/admin/wp-security-spam-menu.php:529
3664
  msgid "Check this if you want to insert a captcha field on the BuddyPress registration forms"
3665
  msgstr ""
3666
 
3667
- #: src/admin/wp-security-spam-menu.php:538
3668
  msgid "BuddyPress is not active! In order to use this feature you will need to have BuddyPress installed and activated."
3669
  msgstr ""
3670
 
3671
- #: src/admin/wp-security-spam-menu.php:568
3672
  msgid "BBPress SPAM Settings"
3673
  msgstr ""
3674
 
3675
- #: src/admin/wp-security-spam-menu.php:573
3676
  msgid "Add Captcha To BBPress New Topic Form"
3677
  msgstr ""
3678
 
3679
- #: src/admin/wp-security-spam-menu.php:577
3680
  msgid "This feature will add a simple math captcha field in the BBPress new topic form."
3681
  msgstr ""
3682
 
3683
- #: src/admin/wp-security-spam-menu.php:578
3684
  msgid "Adding a captcha field in this form is a simple way of greatly reducing SPAM submitted from bots."
3685
  msgstr ""
3686
 
3687
- #: src/admin/wp-security-spam-menu.php:588
3688
  msgid "Enable Captcha On BBPress New Topic Form"
3689
  msgstr ""
3690
 
3691
- #: src/admin/wp-security-spam-menu.php:591
3692
  msgid "Check this if you want to insert a captcha field on the BBPress new topic forms"
3693
  msgstr ""
3694
 
3695
- #: src/admin/wp-security-spam-menu.php:600
3696
  msgid "BBPress is not active! In order to use this feature you will need to have BBPress installed and activated."
3697
  msgstr ""
3698
 
@@ -4364,6 +4408,26 @@ msgstr ""
4364
  msgid "Check this if you want to enable the honeypot feature for the registration page"
4365
  msgstr ""
4366
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4367
  #: src/classes/grade-system/wp-security-feature-item-manager.php:39
4368
  msgid "Remove WP Generator Meta Tag"
4369
  msgstr ""
@@ -4484,7 +4548,7 @@ msgstr ""
4484
  msgid "Advanced"
4485
  msgstr ""
4486
 
4487
- #: src/classes/wp-security-captcha.php:47, src/classes/wp-security-general-init-tasks.php:423
4488
  msgid "Please enter an answer in digits:"
4489
  msgstr ""
4490
 
@@ -4616,63 +4680,63 @@ msgstr ""
4616
  msgid "The following files were changed on your host"
4617
  msgstr ""
4618
 
4619
- #: src/classes/wp-security-general-init-tasks.php:209, src/classes/wp-security-general-init-tasks.php:497
4620
  msgid "Application passwords have been disabled by All In One WP Security & Firewall plugin."
4621
  msgstr ""
4622
 
4623
- #: src/classes/wp-security-general-init-tasks.php:444, src/classes/wp-security-general-init-tasks.php:557, src/classes/wp-security-general-init-tasks.php:590, src/classes/wp-security-user-login.php:137, src/classes/wp-security-user-registration.php:74
4624
  msgid "<strong>ERROR</strong>: Your answer was incorrect - please try again."
4625
  msgstr ""
4626
 
4627
- #: src/classes/wp-security-general-init-tasks.php:479
4628
  msgid "Enter something special:"
4629
  msgstr ""
4630
 
4631
- #: src/classes/wp-security-general-init-tasks.php:492
4632
  msgid "Application Passwords"
4633
  msgstr ""
4634
 
4635
- #: src/classes/wp-security-general-init-tasks.php:501
4636
  msgid "Change Setting"
4637
  msgstr ""
4638
 
4639
- #: src/classes/wp-security-general-init-tasks.php:503
4640
  msgid "Site admin can only change this setting."
4641
  msgstr ""
4642
 
4643
- #: src/classes/wp-security-general-init-tasks.php:532
4644
  msgid "Error: You entered an incorrect CAPTCHA answer. Please go back and try again."
4645
  msgstr ""
4646
 
4647
- #: src/classes/wp-security-general-init-tasks.php:574
4648
  msgid "Your CAPTCHA answer was incorrect - please try again."
4649
  msgstr ""
4650
 
4651
- #: src/classes/wp-security-general-init-tasks.php:583
4652
  msgid "<strong>ERROR</strong>: Your IP address is currently locked please contact the administrator!"
4653
  msgstr ""
4654
 
4655
- #: src/classes/wp-security-general-init-tasks.php:658
4656
  msgid "Your Google reCAPTCHA site key is wrong. Please fill the correct reCAPTCHA keys %s to use the Google reCAPTCHA feature."
4657
  msgstr ""
4658
 
4659
- #: src/classes/wp-security-general-init-tasks.php:658, src/classes/wp-security-notices.php:46
4660
  msgid "here"
4661
  msgstr ""
4662
 
4663
- #: src/classes/wp-security-general-init-tasks.php:671
4664
  msgid "Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?"
4665
  msgstr ""
4666
 
4667
- #: src/classes/wp-security-general-init-tasks.php:671
4668
  msgid "Yes"
4669
  msgstr ""
4670
 
4671
- #: src/classes/wp-security-general-init-tasks.php:671, src/templates/notices/automated-database-backup-notice.php:27
4672
  msgid "No"
4673
  msgstr ""
4674
 
4675
- #: src/classes/wp-security-general-init-tasks.php:690
4676
  msgid "Your registration is pending approval."
4677
  msgstr ""
4678
 
@@ -4701,26 +4765,70 @@ msgid "Setup UpdraftPlus backup plugin"
4701
  msgstr ""
4702
 
4703
  #: src/classes/wp-security-notices.php:46
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4704
  msgid "Hey - We noticed All In One WP Security & Firewall has kept your site safe for a while. If you like us, please consider leaving a positive review to spread the word. Or if you have any issues or questions please leave us a support message %s."
4705
  msgstr ""
4706
 
4707
- #: src/classes/wp-security-notices.php:46
4708
  msgid "Thank you so much!"
4709
  msgstr ""
4710
 
4711
- #: src/classes/wp-security-notices.php:46
4712
  msgid "Team All In One WP Security & Firewall"
4713
  msgstr ""
4714
 
4715
- #: src/classes/wp-security-notices.php:56
4716
  msgid "Enhance your security even more by backing up your site"
4717
  msgstr ""
4718
 
4719
- #: src/classes/wp-security-notices.php:57
4720
  msgid "UpdraftPlus is the world's most trusted backup plugin from the owners of All In One WP Security & Firewall"
4721
  msgstr ""
4722
 
4723
- #: src/classes/wp-security-notices.php:68
4724
  msgid "After you've secured your site, we recommend you install our WP-Optimize plugin to streamline it for better website performance."
4725
  msgstr ""
4726
 
@@ -4828,43 +4936,43 @@ msgstr ""
4828
  msgid "<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!"
4829
  msgstr ""
4830
 
4831
- #: src/classes/wp-security-utility-ip-address.php:139, src/classes/wp-security-utility-ip-address.php:153, src/classes/wp-security-utility-ip-address.php:167, src/classes/wp-security-utility-ip-address.php:179, src/classes/wp-security-utility-ip-address.php:191
4832
  msgid " is not a valid ip address format."
4833
  msgstr ""
4834
 
4835
- #: src/classes/wp-security-utility-ip-address.php:196
4836
  msgid "You cannot ban your own IP address: "
4837
  msgstr ""
4838
 
4839
- #: src/classes/wp-security-utility.php:236
4840
  msgid "This feature can only be configured by the \"superadmin\" on the main site."
4841
  msgstr ""
4842
 
4843
- #: src/classes/wp-security-utility.php:265
4844
  msgid "Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED."
4845
  msgstr ""
4846
 
4847
- #: src/classes/wp-security-utility.php:268
4848
  msgid "Your system config file is already configured to disallow PHP file editing."
4849
  msgstr ""
4850
 
4851
- #: src/classes/wp-security-utility.php:292
4852
  msgid "A backup copy of your wp-config.php file was created successfully...."
4853
  msgstr ""
4854
 
4855
- #: src/classes/wp-security-utility.php:297
4856
  msgid "Settings Saved - Your system is now configured to not allow PHP file editing."
4857
  msgstr ""
4858
 
4859
- #: src/classes/wp-security-utility.php:300, src/classes/wp-security-utility.php:343
4860
  msgid "Operation failed! Unable to modify wp-config.php file!"
4861
  msgstr ""
4862
 
4863
- #: src/classes/wp-security-utility.php:328, src/classes/wp-security-utility.php:335
4864
  msgid "Your system config file is already configured to allow PHP file editing."
4865
  msgstr ""
4866
 
4867
- #: src/classes/wp-security-utility.php:340
4868
  msgid "Settings Saved - Your system is now configured to allow PHP file editing."
4869
  msgstr ""
4870
 
@@ -4968,6 +5076,78 @@ msgstr ""
4968
  msgid "Example 5: 2001:db8:1263::/48"
4969
  msgstr ""
4970
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4971
  #: src/templates/notices/cookie-based-brute-force-prevention-disabled.php:4
4972
  msgid "Cookie based brute force login prevention currently disabled"
4973
  msgstr ""
@@ -4976,6 +5156,14 @@ msgstr ""
4976
  msgid "Cookie based brute force login prevention is currently disabled via the AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION constant (which is mostly likely to be defined in your wp-config.php)"
4977
  msgstr ""
4978
 
 
 
 
 
 
 
 
 
4979
  #: src/templates/notices/horizontal-notice.php:8, src/templates/notices/horizontal-notice.php:40
4980
  msgid "notice image"
4981
  msgstr ""
@@ -5056,35 +5244,35 @@ msgstr ""
5056
  msgid "Free two-factor security plugin"
5057
  msgstr ""
5058
 
5059
- #: src/wp-security-core.php:227, src/wp-security.php:45
5060
- msgid "This plugin requires PHP version %s."
5061
  msgstr ""
5062
 
5063
- #: src/wp-security-core.php:228
5064
- msgid "Current site PHP version is %s."
5065
  msgstr ""
5066
 
5067
- #: src/wp-security-core.php:229, src/wp-security.php:47
5068
- msgid "You will need to ask your web hosting company to upgrade."
5069
  msgstr ""
5070
 
5071
- #: src/wp-security-core.php:249
5072
- msgid "The security check failed; try refreshing the page."
5073
  msgstr ""
5074
 
5075
- #: src/wp-security-core.php:259
5076
- msgid "You are not allowed to run this command."
5077
  msgstr ""
5078
 
5079
- #: src/wp-security-core.php:273
5080
- msgid "Options can only be saved by network admin"
5081
  msgstr ""
5082
 
5083
- #: src/wp-security-core.php:379
5084
  msgid "Error:"
5085
  msgstr ""
5086
 
5087
- #: src/wp-security-core.php:379
5088
  msgid "template not found"
5089
  msgstr ""
5090
 
32
  msgid "Nonce check failed for export 404 event logs to CSV!"
33
  msgstr ""
34
 
35
+ #: src/admin/wp-security-admin-init.php:257
36
+ msgid "Unexpected response:"
37
+ msgstr ""
38
+
39
+ #: src/admin/wp-security-admin-init.php:288
40
  msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
41
  msgstr ""
42
 
43
+ #: src/admin/wp-security-admin-init.php:412, src/admin/wp-security-admin-init.php:412, src/classes/wp-security-two-factor-login.php:96, src/classes/wp-security-two-factor-login.php:96
44
  msgid "WP Security"
45
  msgstr ""
46
 
47
+ #: src/admin/wp-security-admin-init.php:413, src/admin/wp-security-admin-init.php:413, src/admin/wp-security-dashboard-menu.php:27, src/admin/wp-security-dashboard-menu.php:55
48
  msgid "Dashboard"
49
  msgstr ""
50
 
51
+ #: src/admin/wp-security-admin-init.php:414, src/admin/wp-security-admin-init.php:414, src/admin/wp-security-settings-menu.php:95
52
  msgid "Settings"
53
  msgstr ""
54
 
55
+ #: src/admin/wp-security-admin-init.php:415, src/admin/wp-security-admin-init.php:415, src/admin/wp-security-user-accounts-menu.php:60
56
  msgid "User Accounts"
57
  msgstr ""
58
 
59
+ #: src/admin/wp-security-admin-init.php:416, src/admin/wp-security-admin-init.php:416, src/admin/wp-security-user-login-menu.php:59
60
  msgid "User Login"
61
  msgstr ""
62
 
63
+ #: src/admin/wp-security-admin-init.php:417, src/admin/wp-security-admin-init.php:417, src/admin/wp-security-user-registration-menu.php:55
64
  msgid "User Registration"
65
  msgstr ""
66
 
67
+ #: src/admin/wp-security-admin-init.php:418, src/admin/wp-security-admin-init.php:418, src/admin/wp-security-database-menu.php:119
68
  msgid "Database Security"
69
  msgstr ""
70
 
71
+ #: src/admin/wp-security-admin-init.php:422, src/admin/wp-security-admin-init.php:422, src/admin/wp-security-filesystem-menu.php:55
72
  msgid "Filesystem Security"
73
  msgstr ""
74
 
75
+ #: src/admin/wp-security-admin-init.php:427, src/admin/wp-security-admin-init.php:427, src/admin/wp-security-blacklist-menu.php:51
76
  msgid "Blacklist Manager"
77
  msgstr ""
78
 
79
+ #: src/admin/wp-security-admin-init.php:432, src/admin/wp-security-admin-init.php:432, src/admin/wp-security-firewall-menu.php:60
80
  msgid "Firewall"
81
  msgstr ""
82
 
83
+ #: src/admin/wp-security-admin-init.php:434, src/admin/wp-security-admin-init.php:434, src/admin/wp-security-brute-force-menu.php:68
84
  msgid "Brute Force"
85
  msgstr ""
86
 
87
+ #: src/admin/wp-security-admin-init.php:435, src/admin/wp-security-admin-init.php:435, src/admin/wp-security-spam-menu.php:57
88
  msgid "SPAM Prevention"
89
  msgstr ""
90
 
91
+ #: src/admin/wp-security-admin-init.php:439, src/admin/wp-security-admin-init.php:439, src/admin/wp-security-filescan-menu.php:53
92
  msgid "Scanner"
93
  msgstr ""
94
 
95
+ #: src/admin/wp-security-admin-init.php:441, src/admin/wp-security-admin-init.php:441, src/admin/wp-security-maintenance-menu.php:51
96
  msgid "Maintenance"
97
  msgstr ""
98
 
99
+ #: src/admin/wp-security-admin-init.php:442, src/admin/wp-security-admin-init.php:442, src/admin/wp-security-misc-options-menu.php:57
100
  msgid "Miscellaneous"
101
  msgstr ""
102
 
103
+ #: src/admin/wp-security-admin-init.php:443, src/admin/wp-security-admin-init.php:443, src/admin/wp-security-tools-menu.php:64
104
  msgid "Tools"
105
  msgstr ""
106
 
124
  msgid "Nonce check failed for save blacklist settings!"
125
  msgstr ""
126
 
127
+ #: src/admin/wp-security-blacklist-menu.php:132, src/admin/wp-security-firewall-menu.php:1229, src/admin/wp-security-list-404.php:234, src/admin/wp-security-list-comment-spammer-ip.php:205
128
  msgid "The plugin was unable to write to the .htaccess file. Please edit file manually."
129
  msgstr ""
130
 
145
  msgstr ""
146
 
147
  #: src/admin/wp-security-blacklist-menu.php:145
148
+ msgid "By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server."
149
  msgstr ""
150
 
151
+ #: src/admin/wp-security-blacklist-menu.php:154, src/admin/wp-security-firewall-menu.php:1061
152
  msgid "All In One WP Security & Firewall Premium"
153
  msgstr ""
154
 
155
+ #: src/admin/wp-security-blacklist-menu.php:155, src/admin/wp-security-firewall-menu.php:1062
156
  msgid "You may also be interested in %s."
157
  msgstr ""
158
 
159
+ #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1063
160
  msgid "This plugin adds a number of extra features including %s and %s."
161
  msgstr ""
162
 
163
+ #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1063
164
  msgid "smart 404 blocking"
165
  msgstr ""
166
 
167
+ #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1063
168
  msgid "country IP blocking"
169
  msgstr ""
170
 
172
  msgid "IP Hosts and User Agent Blacklist Settings"
173
  msgstr ""
174
 
175
+ #: src/admin/wp-security-blacklist-menu.php:179, src/admin/wp-security-brute-force-menu.php:194, src/admin/wp-security-brute-force-menu.php:332
176
  msgid "must read this message"
177
  msgstr ""
178
 
204
  msgid "Enter one or more user agent strings."
205
  msgstr ""
206
 
207
+ #: src/admin/wp-security-blacklist-menu.php:208, src/admin/wp-security-brute-force-menu.php:375, src/admin/wp-security-brute-force-menu.php:409, src/admin/wp-security-brute-force-menu.php:432, src/admin/wp-security-brute-force-menu.php:453, src/admin/wp-security-filescan-menu.php:311, src/admin/wp-security-filescan-menu.php:328, src/admin/wp-security-firewall-menu.php:175, src/admin/wp-security-firewall-menu.php:212, src/admin/wp-security-firewall-menu.php:232, src/admin/wp-security-firewall-menu.php:258, src/admin/wp-security-firewall-menu.php:385, src/admin/wp-security-firewall-menu.php:415, src/admin/wp-security-firewall-menu.php:446, src/admin/wp-security-firewall-menu.php:474, src/admin/wp-security-firewall-menu.php:503, src/admin/wp-security-firewall-menu.php:685, src/admin/wp-security-firewall-menu.php:703, src/admin/wp-security-firewall-menu.php:741, src/admin/wp-security-firewall-menu.php:872, src/admin/wp-security-firewall-menu.php:1090, src/admin/wp-security-firewall-menu.php:1113, src/admin/wp-security-spam-menu.php:186, src/admin/wp-security-spam-menu.php:397, src/admin/wp-security-spam-menu.php:439, src/admin/wp-security-user-login-menu.php:358, src/templates/info/ip-address-ip-range-info.php:2, src/templates/menus/settings/advanced-settings.php:63
208
  msgid "More Info"
209
  msgstr ""
210
 
220
  msgid "Example 2 - A list of more than 1 user agent strings to block"
221
  msgstr ""
222
 
223
+ #: src/admin/wp-security-blacklist-menu.php:222, src/admin/wp-security-brute-force-menu.php:214, src/admin/wp-security-brute-force-menu.php:685, src/admin/wp-security-brute-force-menu.php:806, src/admin/wp-security-brute-force-menu.php:868, src/admin/wp-security-filescan-menu.php:355, src/admin/wp-security-filesystem-menu.php:242, src/admin/wp-security-firewall-menu.php:949, src/admin/wp-security-firewall-menu.php:1132, src/admin/wp-security-misc-options-menu.php:167, src/admin/wp-security-misc-options-menu.php:218, src/admin/wp-security-misc-options-menu.php:278, src/admin/wp-security-settings-menu.php:619, src/admin/wp-security-settings-menu.php:680, src/admin/wp-security-spam-menu.php:235, src/admin/wp-security-spam-menu.php:414, src/admin/wp-security-spam-menu.php:535, src/admin/wp-security-spam-menu.php:597, src/admin/wp-security-user-login-menu.php:379, src/admin/wp-security-user-login-menu.php:415, src/admin/wp-security-user-login-menu.php:598, src/admin/wp-security-user-login-menu.php:786, src/admin/wp-security-user-registration-menu.php:150, src/admin/wp-security-user-registration-menu.php:243, src/admin/wp-security-user-registration-menu.php:306
224
  msgid "Save Settings"
225
  msgstr ""
226
 
227
+ #: src/admin/wp-security-brute-force-menu.php:33, src/admin/wp-security-brute-force-menu.php:758, src/admin/wp-security-dashboard-menu.php:617
228
  msgid "Rename Login Page"
229
  msgstr ""
230
 
236
  msgid "Login Captcha"
237
  msgstr ""
238
 
239
+ #: src/admin/wp-security-brute-force-menu.php:36, src/admin/wp-security-brute-force-menu.php:745
240
  msgid "Login Whitelist"
241
  msgstr ""
242
 
256
  msgid "You must use alpha numeric characters for your login page slug."
257
  msgstr ""
258
 
259
+ #: src/admin/wp-security-brute-force-menu.php:117, src/admin/wp-security-filescan-menu.php:175, src/admin/wp-security-firewall-menu.php:1016, src/admin/wp-security-spam-menu.php:101, src/admin/wp-security-spam-menu.php:275, src/admin/wp-security-spam-menu.php:309, src/admin/wp-security-user-login-menu.php:161, src/admin/wp-security-user-login-menu.php:551
260
  msgid "Attention!"
261
  msgstr ""
262
 
321
  msgstr ""
322
 
323
  #: src/admin/wp-security-brute-force-menu.php:244
324
+ msgid "Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only."
325
  msgstr ""
326
 
327
+ #: src/admin/wp-security-brute-force-menu.php:258
328
  msgid "You have successfully enabled the cookie based brute force prevention feature"
329
  msgstr ""
330
 
331
+ #: src/admin/wp-security-brute-force-menu.php:259
332
  msgid "From now on you will need to log into your WP Admin using the following URL:"
333
  msgstr ""
334
 
335
+ #: src/admin/wp-security-brute-force-menu.php:261
336
  msgid "It is important that you save this URL value somewhere in case you forget it, OR,"
337
  msgstr ""
338
 
339
+ #: src/admin/wp-security-brute-force-menu.php:262
340
  msgid "simply remember to add a \"?%s=1\" to your current site URL address."
341
  msgstr ""
342
 
343
+ #: src/admin/wp-security-brute-force-menu.php:266
344
  msgid "You have successfully saved cookie based brute force prevention feature settings."
345
  msgstr ""
346
 
347
+ #: src/admin/wp-security-brute-force-menu.php:296
348
  msgid "Brute Force Prevention Firewall Settings"
349
  msgstr ""
350
 
351
+ #: src/admin/wp-security-brute-force-menu.php:301
352
  msgid "A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination."
353
  msgstr ""
354
 
355
+ #: src/admin/wp-security-brute-force-menu.php:302
356
  msgid "Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server's memory and performance."
357
  msgstr ""
358
 
359
+ #: src/admin/wp-security-brute-force-menu.php:303
360
  msgid "The features in this tab will stop the majority of brute force login attacks thus providing even better protection for your WP login page."
361
  msgstr ""
362
 
363
+ #: src/admin/wp-security-brute-force-menu.php:308, src/admin/wp-security-firewall-menu.php:658
364
  msgid "backup"
365
  msgstr ""
366
 
367
+ #: src/admin/wp-security-brute-force-menu.php:309
368
  msgid "video tutorial"
369
  msgstr ""
370
 
371
+ #: src/admin/wp-security-brute-force-menu.php:310
372
  msgid "To learn more about how to use this feature, please watch the following %s."
373
  msgstr ""
374
 
375
+ #: src/admin/wp-security-brute-force-menu.php:311, src/admin/wp-security-brute-force-menu.php:757, src/admin/wp-security-user-login-menu.php:242
376
  msgid "Cookie-Based Brute Force Login Prevention"
377
  msgstr ""
378
 
379
+ #: src/admin/wp-security-brute-force-menu.php:321
380
  msgid "Cookie Based Brute Force Login Prevention"
381
  msgstr ""
382
 
383
+ #: src/admin/wp-security-brute-force-menu.php:332
384
  msgid "This feature can lock you out of admin if it doesn't work correctly on your site. You <a href=\"https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note\" target=\"_blank\">.__must read this message"
385
  msgstr ""
386
 
387
+ #: src/admin/wp-security-brute-force-menu.php:343
388
  msgid "The cookie test was successful. You can now enable this feature."
389
  msgstr ""
390
 
391
+ #: src/admin/wp-security-brute-force-menu.php:351
392
  msgid "The cookie test failed on this server. Consequently, this feature cannot be used on this site."
393
  msgstr ""
394
 
395
+ #: src/admin/wp-security-brute-force-menu.php:358
396
  msgid "Before using this feature, you must perform a cookie test first."
397
  msgstr ""
398
 
399
+ #: src/admin/wp-security-brute-force-menu.php:360
400
  msgid "This ensures that your browser cookie is working correctly and that you won't lock yourself out."
401
  msgstr ""
402
 
403
+ #: src/admin/wp-security-brute-force-menu.php:365
404
  msgid "Perform cookie test"
405
  msgstr ""
406
 
407
+ #: src/admin/wp-security-brute-force-menu.php:371
408
  msgid "Enable brute force attack prevention"
409
  msgstr ""
410
 
411
+ #: src/admin/wp-security-brute-force-menu.php:374
412
  msgid "Check this if you want to protect your login page from Brute Force Attack."
413
  msgstr ""
414
 
415
+ #: src/admin/wp-security-brute-force-menu.php:379
416
  msgid "This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser."
417
  msgstr ""
418
 
419
+ #: src/admin/wp-security-brute-force-menu.php:381
420
  msgid "To use this feature do the following:"
421
  msgstr ""
422
 
423
+ #: src/admin/wp-security-brute-force-menu.php:383
424
  msgid "1) Enable the checkbox."
425
  msgstr ""
426
 
427
+ #: src/admin/wp-security-brute-force-menu.php:385
428
  msgid "2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below)."
429
  msgstr ""
430
 
431
+ #: src/admin/wp-security-brute-force-menu.php:387
432
  msgid "3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page."
433
  msgstr ""
434
 
435
+ #: src/admin/wp-security-brute-force-menu.php:389
436
  msgid "Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked."
437
  msgstr ""
438
 
439
+ #: src/admin/wp-security-brute-force-menu.php:396
440
  msgid "Secret Word"
441
  msgstr ""
442
 
443
+ #: src/admin/wp-security-brute-force-menu.php:398
444
  msgid "Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess."
445
  msgstr ""
446
 
447
+ #: src/admin/wp-security-brute-force-menu.php:402
448
  msgid "Re-direct URL"
449
  msgstr ""
450
 
451
+ #: src/admin/wp-security-brute-force-menu.php:406
452
  msgid "Specify a URL to redirect a hacker to when they try to access your WordPress login page."
453
  msgstr ""
454
 
455
+ #: src/admin/wp-security-brute-force-menu.php:413
456
  msgid "The URL specified here can be any site's URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page."
457
  msgstr ""
458
 
459
+ #: src/admin/wp-security-brute-force-menu.php:415
460
  msgid "This field will default to: http://127.0.0.1 if you do not enter a value."
461
  msgstr ""
462
 
463
+ #: src/admin/wp-security-brute-force-menu.php:417
464
  msgid "Useful Tip:"
465
  msgstr ""
466
 
467
+ #: src/admin/wp-security-brute-force-menu.php:419
468
  msgid "It's a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server."
469
  msgstr ""
470
 
471
+ #: src/admin/wp-security-brute-force-menu.php:421
472
  msgid "Redirecting a hacker or malicious bot back to \"http://127.0.0.1\" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours."
473
  msgstr ""
474
 
475
+ #: src/admin/wp-security-brute-force-menu.php:428
476
  msgid "My site has posts or pages which are password protected"
477
  msgstr ""
478
 
479
+ #: src/admin/wp-security-brute-force-menu.php:431
480
  msgid "Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages."
481
  msgstr ""
482
 
483
+ #: src/admin/wp-security-brute-force-menu.php:436
484
  msgid "In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added so that people trying to access pages are not automatically blocked."
485
  msgstr ""
486
 
487
+ #: src/admin/wp-security-brute-force-menu.php:438
488
  msgid "By enabling this checkbox, the plugin will add the necessary rules and exceptions so that people trying to access these pages are not automatically blocked."
489
  msgstr ""
490
 
491
+ #: src/admin/wp-security-brute-force-menu.php:440
492
  msgid "Helpful Tip:"
493
  msgstr ""
494
 
495
+ #: src/admin/wp-security-brute-force-menu.php:442
496
  msgid "If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled."
497
  msgstr ""
498
 
499
+ #: src/admin/wp-security-brute-force-menu.php:449
500
  msgid "My site has a theme or plugins which use AJAX"
501
  msgstr ""
502
 
503
+ #: src/admin/wp-security-brute-force-menu.php:452
504
  msgid "Check this if your site uses AJAX functionality."
505
  msgstr ""
506
 
507
+ #: src/admin/wp-security-brute-force-menu.php:457
508
  msgid "In the cases where your WordPress installation has a theme or plugin that uses AJAX, a few extra lines of directives and exceptions need to be added to prevent AJAX requests from being automatically blocked by the brute force prevention feature."
509
  msgstr ""
510
 
511
+ #: src/admin/wp-security-brute-force-menu.php:459
512
  msgid "By enabling this checkbox, the plugin will add the necessary rules and exceptions so that AJAX operations will work as expected."
513
  msgstr ""
514
 
515
+ #: src/admin/wp-security-brute-force-menu.php:468
516
  msgid "Save feature settings"
517
  msgstr ""
518
 
519
+ #: src/admin/wp-security-brute-force-menu.php:526
520
  msgid "This feature allows you to add a captcha form on various WordPress login pages and forms."
521
  msgstr ""
522
 
523
+ #: src/admin/wp-security-brute-force-menu.php:527
524
  msgid "Adding a captcha form on a login page or form is another effective yet simple \"Brute Force\" prevention technique."
525
  msgstr ""
526
 
527
+ #: src/admin/wp-security-brute-force-menu.php:528
528
  msgid "You have the option of using either %s or a plain maths captcha form."
529
  msgstr ""
530
 
531
+ #: src/admin/wp-security-brute-force-menu.php:529
532
  msgid "If you enable Google reCAPTCHA the reCAPTCHA widget will be displayed for all forms the captcha settings below."
533
  msgstr ""
534
 
535
+ #: src/admin/wp-security-brute-force-menu.php:530
536
  msgid "If Google reCAPTCHA is disabled the simple maths captcha form will apply and users will need to enter the answer to a simple mathematical question."
537
  msgstr ""
538
 
539
+ #: src/admin/wp-security-brute-force-menu.php:537
540
  msgid "Google reCAPTCHA Settings"
541
  msgstr ""
542
 
543
+ #: src/admin/wp-security-brute-force-menu.php:542
544
  msgid "By enabling these settings the Google reCAPTCHA v2 widget will be applied by default for all forms with captcha enabled."
545
  msgstr ""
546
 
547
+ #: src/admin/wp-security-brute-force-menu.php:551
548
  msgid "Recaptcha will not work because you have disabled login lockdown by acitvating the AIOWPS_DISABLE_LOGIN_LOCKDOWN constant value in a configuration file."
549
  msgstr ""
550
 
551
+ #: src/admin/wp-security-brute-force-menu.php:552
552
  msgid "To enable it, define AIOWPS_DISABLE_LOGIN_LOCKDOWN constant value as false, or remove it."
553
  msgstr ""
554
 
555
+ #: src/admin/wp-security-brute-force-menu.php:560
556
  msgid "Use Google reCAPTCHA as default"
557
  msgstr ""
558
 
559
+ #: src/admin/wp-security-brute-force-menu.php:563
560
  msgid "Check this if you want to default to Google reCAPTCHA for all settings below. (If this is left unchecked, all captcha forms will revert to the plain maths captcha)"
561
  msgstr ""
562
 
563
+ #: src/admin/wp-security-brute-force-menu.php:567
564
  msgid "Site Key"
565
  msgstr ""
566
 
567
+ #: src/admin/wp-security-brute-force-menu.php:572
568
  msgid "Secret Key"
569
  msgstr ""
570
 
571
+ #: src/admin/wp-security-brute-force-menu.php:579
572
  msgid "Login Form Captcha Settings"
573
  msgstr ""
574
 
575
+ #: src/admin/wp-security-brute-force-menu.php:588
576
  msgid "Enable Captcha On Login Page"
577
  msgstr ""
578
 
579
+ #: src/admin/wp-security-brute-force-menu.php:591
580
  msgid "Check this if you want to insert a captcha form on the login page"
581
  msgstr ""
582
 
583
+ #: src/admin/wp-security-brute-force-menu.php:597
584
  msgid "Lost Password Form Captcha Settings"
585
  msgstr ""
586
 
587
+ #: src/admin/wp-security-brute-force-menu.php:607
588
  msgid "Enable Captcha On Lost Password Page"
589
  msgstr ""
590
 
591
+ #: src/admin/wp-security-brute-force-menu.php:610
592
  msgid "Check this if you want to insert a captcha form on the lost password page"
593
  msgstr ""
594
 
595
+ #: src/admin/wp-security-brute-force-menu.php:616
596
  msgid "Custom Login Form Captcha Settings"
597
  msgstr ""
598
 
599
+ #: src/admin/wp-security-brute-force-menu.php:625
600
  msgid "Enable Captcha On Custom Login Form"
601
  msgstr ""
602
 
603
+ #: src/admin/wp-security-brute-force-menu.php:628
604
  msgid "Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()"
605
  msgstr ""
606
 
607
+ #: src/admin/wp-security-brute-force-menu.php:638
608
  msgid "Woocommerce Forms Captcha Settings"
609
  msgstr ""
610
 
611
+ #: src/admin/wp-security-brute-force-menu.php:647
612
  msgid "Enable Captcha On Woocommerce Login Form"
613
  msgstr ""
614
 
615
+ #: src/admin/wp-security-brute-force-menu.php:650
616
  msgid "Check this if you want to insert captcha on a Woocommerce login form"
617
  msgstr ""
618
 
619
+ #: src/admin/wp-security-brute-force-menu.php:660
620
  msgid "Enable Captcha On Woocommerce Lost Password Form"
621
  msgstr ""
622
 
623
+ #: src/admin/wp-security-brute-force-menu.php:663
624
  msgid "Check this if you want to insert captcha on a Woocommerce lost password form"
625
  msgstr ""
626
 
627
+ #: src/admin/wp-security-brute-force-menu.php:673
628
  msgid "Enable Captcha On Woocommerce Registration Form"
629
  msgstr ""
630
 
631
+ #: src/admin/wp-security-brute-force-menu.php:676
632
  msgid "Check this if you want to insert captcha on a Woocommerce registration form"
633
  msgstr ""
634
 
635
+ #: src/admin/wp-security-brute-force-menu.php:748
 
 
 
 
636
  msgid "The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page."
637
  msgstr ""
638
 
639
+ #: src/admin/wp-security-brute-force-menu.php:749
640
  msgid "This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below."
641
  msgstr ""
642
 
643
+ #: src/admin/wp-security-brute-force-menu.php:750
644
  msgid "The plugin achieves this by writing the appropriate directives to your .htaccess file."
645
  msgstr ""
646
 
647
+ #: src/admin/wp-security-brute-force-menu.php:751
648
+ msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
649
  msgstr ""
650
 
651
+ #: src/admin/wp-security-brute-force-menu.php:759
652
  msgid "Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>."
653
  msgstr ""
654
 
655
+ #: src/admin/wp-security-brute-force-menu.php:760
656
  msgid "These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security."
657
  msgstr ""
658
 
659
+ #: src/admin/wp-security-brute-force-menu.php:771
660
  msgid "Login IP Whitelist Settings"
661
  msgstr ""
662
 
663
+ #: src/admin/wp-security-brute-force-menu.php:782
664
  msgid "Enable IP Whitelisting"
665
  msgstr ""
666
 
667
+ #: src/admin/wp-security-brute-force-menu.php:785, src/admin/wp-security-user-login-menu.php:402
668
  msgid "Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below"
669
  msgstr ""
670
 
671
+ #: src/admin/wp-security-brute-force-menu.php:789
672
  msgid "Your Current IP Address"
673
  msgstr ""
674
 
675
+ #: src/admin/wp-security-brute-force-menu.php:792
676
  msgid "You can copy and paste this address in the text box below if you want to include it in your login whitelist."
677
  msgstr ""
678
 
679
+ #: src/admin/wp-security-brute-force-menu.php:796, src/admin/wp-security-user-login-menu.php:406
680
  msgid "Enter Whitelisted IP Addresses:"
681
  msgstr ""
682
 
683
+ #: src/admin/wp-security-brute-force-menu.php:800, src/admin/wp-security-user-login-menu.php:410
684
  msgid "Enter one or more IP addresses or IP ranges you wish to include in your whitelist."
685
  msgstr ""
686
 
687
+ #: src/admin/wp-security-brute-force-menu.php:800
688
  msgid "Only the addresses specified here will have access to the WordPress login page."
689
  msgstr ""
690
 
691
+ #: src/admin/wp-security-brute-force-menu.php:839
692
  msgid "This feature allows you to add a special hidden \"honeypot\" field on the WordPress login page. This will only be visible to robots and not humans."
693
  msgstr ""
694
 
695
+ #: src/admin/wp-security-brute-force-menu.php:840
696
  msgid "Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field."
697
  msgstr ""
698
 
699
+ #: src/admin/wp-security-brute-force-menu.php:841, src/admin/wp-security-user-registration-menu.php:279
700
  msgid "The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with."
701
  msgstr ""
702
 
703
+ #: src/admin/wp-security-brute-force-menu.php:842
704
  msgid "Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1."
705
  msgstr ""
706
 
707
+ #: src/admin/wp-security-brute-force-menu.php:848
708
  msgid "Login Form Honeypot Settings"
709
  msgstr ""
710
 
711
+ #: src/admin/wp-security-brute-force-menu.php:859
712
  msgid "Enable Honeypot On Login Page"
713
  msgstr ""
714
 
715
+ #: src/admin/wp-security-brute-force-menu.php:862
716
  msgid "Check this if you want to enable the honeypot feature for the login page"
717
  msgstr ""
718
 
744
  msgid "This tab displays the list of all permanently blocked IP addresses."
745
  msgstr ""
746
 
747
+ #: src/admin/wp-security-dashboard-menu.php:165, src/admin/wp-security-spam-menu.php:346
748
  msgid "NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress."
749
  msgstr ""
750
 
752
  msgid "Permanently Blocked IP Addresses"
753
  msgstr ""
754
 
755
+ #: src/admin/wp-security-dashboard-menu.php:183, src/admin/wp-security-firewall-menu.php:1147, src/admin/wp-security-user-login-menu.php:482, src/admin/wp-security-user-login-menu.php:639, src/admin/wp-security-user-registration-menu.php:164
756
  msgid "Search"
757
  msgstr ""
758
 
1054
  msgid "Your WordPress system has a total of %s tables and your new DB prefix will be: %s"
1055
  msgstr ""
1056
 
1057
+ #: src/admin/wp-security-database-menu.php:324, src/classes/wp-security-utility.php:306
1058
  msgid "Failed to make a backup of the wp-config.php file. This operation will not go ahead."
1059
  msgstr ""
1060
 
1398
  msgid "The following files were added to your host."
1399
  msgstr ""
1400
 
1401
+ #: src/admin/wp-security-filescan-menu.php:423, src/admin/wp-security-filescan-menu.php:444, src/admin/wp-security-filescan-menu.php:468, src/admin/wp-security-settings-menu.php:29, src/admin/wp-security-settings-menu.php:33
1402
  msgid "File"
1403
  msgstr ""
1404
 
1538
  msgid "You have successfully saved the Prevent Access to Default WP Files configuration."
1539
  msgstr ""
1540
 
1541
+ #: src/admin/wp-security-filesystem-menu.php:286, src/admin/wp-security-firewall-menu.php:126, src/admin/wp-security-firewall-menu.php:346, src/admin/wp-security-firewall-menu.php:617, src/admin/wp-security-firewall-menu.php:916, src/admin/wp-security-settings-menu.php:772, src/admin/wp-security-spam-menu.php:124
1542
  msgid "Could not write to the .htaccess file. Please check the file permissions."
1543
  msgstr ""
1544
 
1654
  msgid "Custom Rules"
1655
  msgstr ""
1656
 
1657
+ #: src/admin/wp-security-firewall-menu.php:122, src/admin/wp-security-firewall-menu.php:912, src/admin/wp-security-spam-menu.php:120, src/admin/wp-security-spam-menu.php:503, src/admin/wp-security-spam-menu.php:565, src/admin/wp-security-user-registration-menu.php:95
1658
  msgid "Settings were successfully saved"
1659
  msgstr ""
1660
 
1661
+ #: src/admin/wp-security-firewall-menu.php:131, src/admin/wp-security-firewall-menu.php:655
1662
  msgid "Firewall Settings"
1663
  msgstr ""
1664
 
1966
  msgid "Save Additional Firewall Settings"
1967
  msgstr ""
1968
 
1969
+ #: src/admin/wp-security-firewall-menu.php:613
1970
  msgid "You have successfully saved the 5G/6G Firewall Protection configuration"
1971
  msgstr ""
1972
 
1973
+ #: src/admin/wp-security-firewall-menu.php:637
1974
  msgid "All in One WP Security and Firewall"
1975
  msgstr ""
1976
 
1977
+ #: src/admin/wp-security-firewall-menu.php:638
1978
  msgid "We were unable to access the firewall's configuration file:"
1979
  msgstr ""
1980
 
1981
+ #: src/admin/wp-security-firewall-menu.php:640
1982
  msgid "As a result, the firewall will be unavailable."
1983
  msgstr ""
1984
 
1985
+ #: src/admin/wp-security-firewall-menu.php:641
1986
  msgid "Please check your PHP error log for further information."
1987
  msgstr ""
1988
 
1989
+ #: src/admin/wp-security-firewall-menu.php:642
1990
  msgid "If you're unable to locate your PHP log file, please contact your web hosting company to ask them where it can be found on their setup."
1991
  msgstr ""
1992
 
1993
+ #: src/admin/wp-security-firewall-menu.php:659
1994
  msgid "This feature allows you to activate the %s (or legacy %s) firewall security protection rules designed and produced by %s."
1995
  msgstr ""
1996
 
1997
+ #: src/admin/wp-security-firewall-menu.php:660
1998
  msgid "The 6G Blacklist is updated and improved version of 5G Blacklist. If you have 5G Blacklist active, you might consider activating 6G Blacklist instead."
1999
  msgstr ""
2000
 
2001
+ #: src/admin/wp-security-firewall-menu.php:661
2002
  msgid "The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website."
2003
  msgstr ""
2004
 
2005
+ #: src/admin/wp-security-firewall-menu.php:662
2006
  msgid "The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar."
2007
  msgstr ""
2008
 
2009
+ #: src/admin/wp-security-firewall-menu.php:663
2010
  msgid "Therefore the 6G firewall rules should not have any impact on your site's general functionality but if you wish you can take a %s of your .htaccess file before proceeding."
2011
  msgstr ""
2012
 
2013
+ #: src/admin/wp-security-firewall-menu.php:669
2014
  msgid "6G Blacklist/Firewall Settings"
2015
  msgstr ""
2016
 
2017
+ #: src/admin/wp-security-firewall-menu.php:681
2018
  msgid "Enable 6G Firewall Protection"
2019
  msgstr ""
2020
 
2021
+ #: src/admin/wp-security-firewall-menu.php:684
2022
  msgid "Check this if you want to apply the 6G Blacklist firewall protection from perishablepress.com to your site."
2023
  msgstr ""
2024
 
2025
+ #: src/admin/wp-security-firewall-menu.php:688
2026
  msgid "This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:"
2027
  msgstr ""
2028
 
2029
+ #: src/admin/wp-security-firewall-menu.php:689, src/admin/wp-security-firewall-menu.php:707
2030
  msgid "1) Block forbidden characters commonly used in exploitative attacks."
2031
  msgstr ""
2032
 
2033
+ #: src/admin/wp-security-firewall-menu.php:690, src/admin/wp-security-firewall-menu.php:708
2034
  msgid "2) Block malicious encoded URL characters such as the \".css(\" string."
2035
  msgstr ""
2036
 
2037
+ #: src/admin/wp-security-firewall-menu.php:691, src/admin/wp-security-firewall-menu.php:709
2038
  msgid "3) Guard against the common patterns and specific exploits in the root portion of targeted URLs."
2039
  msgstr ""
2040
 
2041
+ #: src/admin/wp-security-firewall-menu.php:692, src/admin/wp-security-firewall-menu.php:710
2042
  msgid "4) Stop attackers from manipulating query strings by disallowing illicit characters."
2043
  msgstr ""
2044
 
2045
+ #: src/admin/wp-security-firewall-menu.php:693, src/admin/wp-security-firewall-menu.php:711
2046
  msgid "....and much more."
2047
  msgstr ""
2048
 
2049
+ #: src/admin/wp-security-firewall-menu.php:699
2050
  msgid "Enable legacy 5G Firewall Protection"
2051
  msgstr ""
2052
 
2053
+ #: src/admin/wp-security-firewall-menu.php:702
2054
  msgid "Check this if you want to apply the 5G Blacklist firewall protection from perishablepress.com to your site."
2055
  msgstr ""
2056
 
2057
+ #: src/admin/wp-security-firewall-menu.php:706
2058
  msgid "This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:"
2059
  msgstr ""
2060
 
2061
+ #: src/admin/wp-security-firewall-menu.php:717
2062
  msgid "Save 5G/6G Firewall Settings"
2063
  msgstr ""
2064
 
2065
+ #: src/admin/wp-security-firewall-menu.php:725
2066
  msgid "6G block request methods"
2067
  msgstr ""
2068
 
2069
+ #: src/admin/wp-security-firewall-menu.php:729
2070
+ msgid "HTTP Request methods are used by browsers and clients to communicate with servers to get responses."
2071
+ msgstr ""
2072
+
2073
+ #: src/admin/wp-security-firewall-menu.php:730
2074
+ msgid "GET and POST are the most commonly used methods to request and submit data for specified resources of the server."
2075
+ msgstr ""
2076
+
2077
+ #: src/admin/wp-security-firewall-menu.php:736
2078
  msgid "Block %s method"
2079
  msgstr ""
2080
 
2081
+ #: src/admin/wp-security-firewall-menu.php:739
2082
  msgid "Check this to block the %s request method"
2083
  msgstr ""
2084
 
2085
+ #: src/admin/wp-security-firewall-menu.php:744
2086
+ msgid "Some WooCommerce extensions use the PUT request method in addition to GET and POST."
2087
+ msgstr ""
2088
+
2089
+ #: src/admin/wp-security-firewall-menu.php:744
2090
+ msgid "This means WooCommerce users shouldn't block the PUT request method."
2091
+ msgstr ""
2092
+
2093
+ #: src/admin/wp-security-firewall-menu.php:745
2094
+ msgid "A few REST requests use the PUT request method."
2095
+ msgstr ""
2096
+
2097
+ #: src/admin/wp-security-firewall-menu.php:745
2098
+ msgid "If your site is communicated by the WP REST API, you should not block the PUT request method."
2099
+ msgstr ""
2100
+
2101
+ #: src/admin/wp-security-firewall-menu.php:753
2102
  msgid "Save request methods settings"
2103
  msgstr ""
2104
 
2105
+ #: src/admin/wp-security-firewall-menu.php:761
2106
  msgid "6G other settings"
2107
  msgstr ""
2108
 
2109
+ #: src/admin/wp-security-firewall-menu.php:765
2110
  msgid "Block query strings"
2111
  msgstr ""
2112
 
2113
+ #: src/admin/wp-security-firewall-menu.php:768
2114
  msgid "Check this to block all query strings recommended by 6G"
2115
  msgstr ""
2116
 
2117
+ #: src/admin/wp-security-firewall-menu.php:772
2118
  msgid "Block request strings"
2119
  msgstr ""
2120
 
2121
+ #: src/admin/wp-security-firewall-menu.php:775
2122
  msgid "Check this to block all request strings recommended by 6G"
2123
  msgstr ""
2124
 
2125
+ #: src/admin/wp-security-firewall-menu.php:779
2126
  msgid "Block referrers"
2127
  msgstr ""
2128
 
2129
+ #: src/admin/wp-security-firewall-menu.php:782
2130
  msgid "Check this to block all referrers recommended by 6G"
2131
  msgstr ""
2132
 
2133
+ #: src/admin/wp-security-firewall-menu.php:786
2134
  msgid "Block user-agents"
2135
  msgstr ""
2136
 
2137
+ #: src/admin/wp-security-firewall-menu.php:789
2138
  msgid "Check this to block all user-agents recommended by 6G"
2139
  msgstr ""
2140
 
2141
+ #: src/admin/wp-security-firewall-menu.php:793
2142
  msgid "Save other settings"
2143
  msgstr ""
2144
 
2145
+ #: src/admin/wp-security-firewall-menu.php:827
2146
  msgid "The Internet bot settings were successfully saved"
2147
  msgstr ""
2148
 
2149
+ #: src/admin/wp-security-firewall-menu.php:831
2150
  msgid "Internet Bot Settings"
2151
  msgstr ""
2152
 
2153
+ #: src/admin/wp-security-firewall-menu.php:837
2154
  msgid "What is an Internet Bot"
2155
  msgstr ""
2156
 
2157
+ #: src/admin/wp-security-firewall-menu.php:838
2158
  msgid "%s?"
2159
  msgstr ""
2160
 
2161
+ #: src/admin/wp-security-firewall-menu.php:840
2162
  msgid "A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task."
2163
  msgstr ""
2164
 
2165
+ #: src/admin/wp-security-firewall-menu.php:841
2166
  msgid "A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as \"Googlebot\" but in reality they have nohing to do with Google at all."
2167
  msgstr ""
2168
 
2169
+ #: src/admin/wp-security-firewall-menu.php:842
2170
  msgid "Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site."
2171
  msgstr ""
2172
 
2173
+ #: src/admin/wp-security-firewall-menu.php:843
2174
  msgid "This feature allows you to block bots which are impersonating as a Googlebot but actually aren't. (In other words they are fake Google bots)"
2175
  msgstr ""
2176
 
2177
+ #: src/admin/wp-security-firewall-menu.php:844
2178
  msgid "Googlebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site's pages."
2179
  msgstr ""
2180
 
2181
+ #: src/admin/wp-security-firewall-menu.php:850
2182
  msgid "<strong>Attention</strong>: Sometimes non-malicious Internet organizations might have bots which impersonate as a \"Googlebot\"."
2183
  msgstr ""
2184
 
2185
+ #: src/admin/wp-security-firewall-menu.php:851
2186
  msgid "Just be aware that if you activate this feature the plugin will block all bots which use the \"Googlebot\" string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not)."
2187
  msgstr ""
2188
 
2189
+ #: src/admin/wp-security-firewall-menu.php:852
2190
  msgid "All other bots from other organizations such as \"Yahoo\", \"Bing\" etc will not be affected by this feature."
2191
  msgstr ""
2192
 
2193
+ #: src/admin/wp-security-firewall-menu.php:858, src/admin/wp-security-firewall-menu.php:868, src/classes/grade-system/wp-security-feature-item-manager.php:116
2194
  msgid "Block Fake Googlebots"
2195
  msgstr ""
2196
 
2197
+ #: src/admin/wp-security-firewall-menu.php:871
2198
  msgid "Check this if you want to block all fake Googlebots."
2199
  msgstr ""
2200
 
2201
+ #: src/admin/wp-security-firewall-menu.php:875
2202
  msgid "This feature will check if the User Agent information of a bot contains the string \"Googlebot\"."
2203
  msgstr ""
2204
 
2205
+ #: src/admin/wp-security-firewall-menu.php:876
2206
  msgid "It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed."
2207
  msgstr ""
2208
 
2209
+ #: src/admin/wp-security-firewall-menu.php:877
2210
  msgid "If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it"
2211
  msgstr ""
2212
 
2213
+ #: src/admin/wp-security-firewall-menu.php:884
2214
  msgid "Save Internet Bot Settings"
2215
  msgstr ""
2216
 
2217
+ #: src/admin/wp-security-firewall-menu.php:920, src/admin/wp-security-firewall-menu.php:942, src/classes/grade-system/wp-security-feature-item-manager.php:42
2218
  msgid "Prevent Image Hotlinking"
2219
  msgstr ""
2220
 
2221
+ #: src/admin/wp-security-firewall-menu.php:923
2222
  msgid "A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server."
2223
  msgstr ""
2224
 
2225
+ #: src/admin/wp-security-firewall-menu.php:924
2226
  msgid "Due to the fact that the image being displayed on the other person's site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses's site."
2227
  msgstr ""
2228
 
2229
+ #: src/admin/wp-security-firewall-menu.php:925
2230
  msgid "This feature will prevent people from directly hotlinking images from your site's pages by writing some directives in your .htaccess file."
2231
  msgstr ""
2232
 
2233
+ #: src/admin/wp-security-firewall-menu.php:930
2234
  msgid "Prevent Hotlinking"
2235
  msgstr ""
2236
 
2237
+ #: src/admin/wp-security-firewall-menu.php:945
2238
  msgid "Check this if you want to prevent hotlinking to images on your site."
2239
  msgstr ""
2240
 
2241
+ #: src/admin/wp-security-firewall-menu.php:965
2242
  msgid "Nonce check failed for delete all 404 event logs operation!"
2243
  msgstr ""
2244
 
2245
+ #: src/admin/wp-security-firewall-menu.php:976
2246
  msgid "404 Detection Feature - Delete all 404 event logs operation failed!"
2247
  msgstr ""
2248
 
2249
+ #: src/admin/wp-security-firewall-menu.php:980
2250
  msgid "All 404 event logs were deleted from the DB successfully!"
2251
  msgstr ""
2252
 
2253
+ #: src/admin/wp-security-firewall-menu.php:1004, src/admin/wp-security-user-login-menu.php:111
2254
  msgid "You entered a non numeric value for the lockout time length field. It has been set to the default value."
2255
  msgstr ""
2256
 
2257
+ #: src/admin/wp-security-firewall-menu.php:1010
2258
  msgid "You entered an incorrect format for the \"Redirect URL\" field. It has been set to the default value."
2259
  msgstr ""
2260
 
2261
+ #: src/admin/wp-security-firewall-menu.php:1045
2262
  msgid "404 Detection Configuration"
2263
  msgstr ""
2264
 
2265
+ #: src/admin/wp-security-firewall-menu.php:1048
2266
  msgid "A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website."
2267
  msgstr ""
2268
 
2269
+ #: src/admin/wp-security-firewall-menu.php:1049
2270
  msgid "Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn't exist anymore."
2271
  msgstr ""
2272
 
2273
+ #: src/admin/wp-security-firewall-menu.php:1050
2274
  msgid "However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs."
2275
  msgstr ""
2276
 
2277
+ #: src/admin/wp-security-firewall-menu.php:1051
2278
  msgid "Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons."
2279
  msgstr ""
2280
 
2281
+ #: src/admin/wp-security-firewall-menu.php:1052
2282
  msgid "This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time."
2283
  msgstr ""
2284
 
2285
+ #: src/admin/wp-security-firewall-menu.php:1053
2286
  msgid "If you want to temporarily block or blacklist an IP address, simply click the \"Temp Block\" or \"Blacklist IP\" link for the applicable IP entry in the \"404 Event Logs\" table below."
2287
  msgstr ""
2288
 
2289
+ #: src/admin/wp-security-firewall-menu.php:1074
2290
  msgid "404 Detection Options"
2291
  msgstr ""
2292
 
2293
+ #: src/admin/wp-security-firewall-menu.php:1086
2294
  msgid "Enable 404 IP Detection and Lockout"
2295
  msgstr ""
2296
 
2297
+ #: src/admin/wp-security-firewall-menu.php:1089
2298
  msgid "Check this if you want to enable the lockout of selected IP addresses."
2299
  msgstr ""
2300
 
2301
+ #: src/admin/wp-security-firewall-menu.php:1094
2302
  msgid "When you enable this checkbox, all 404 events on your site will be logged in the table below. You can monitor these events and select some IP addresses listed in the table below and block them for a specified amount of time. All IP addresses you select to be blocked from the \"404 Event Logs\" table section will be unable to access your site during the time specified."
2303
  msgstr ""
2304
 
2305
+ #: src/admin/wp-security-firewall-menu.php:1102
2306
  msgid "Enable 404 Event Logging"
2307
  msgstr ""
2308
 
2309
+ #: src/admin/wp-security-firewall-menu.php:1105
2310
  msgid "Check this if you want to enable the logging of 404 events"
2311
  msgstr ""
2312
 
2313
+ #: src/admin/wp-security-firewall-menu.php:1110
2314
  msgid "Time Length of 404 Lockout (min)"
2315
  msgstr ""
2316
 
2317
+ #: src/admin/wp-security-firewall-menu.php:1112
2318
  msgid "Set the length of time for which a blocked IP address will be prevented from visiting your site"
2319
  msgstr ""
2320
 
2321
+ #: src/admin/wp-security-firewall-menu.php:1117
2322
  msgid "You can lock any IP address which is recorded in the \"404 Event Logs\" table section below."
2323
  msgstr ""
2324
 
2325
+ #: src/admin/wp-security-firewall-menu.php:1119
2326
  msgid "To temporarily lock an IP address, hover over the ID column and click the \"Temp Block\" link for the applicable IP entry."
2327
  msgstr ""
2328
 
2329
+ #: src/admin/wp-security-firewall-menu.php:1126
2330
  msgid "404 Lockout Redirect URL"
2331
  msgstr ""
2332
 
2333
+ #: src/admin/wp-security-firewall-menu.php:1128
2334
  msgid "A blocked visitor will be automatically redirected to this URL."
2335
  msgstr ""
2336
 
2337
+ #: src/admin/wp-security-firewall-menu.php:1137
2338
  msgid "404 Event Logs"
2339
  msgstr ""
2340
 
2341
+ #: src/admin/wp-security-firewall-menu.php:1159, src/admin/wp-security-firewall-menu.php:1168, src/admin/wp-security-user-login-menu.php:492, src/admin/wp-security-user-login-menu.php:501, src/admin/wp-security-user-login-menu.php:649, src/admin/wp-security-user-login-menu.php:658
2342
  msgid "Export to CSV"
2343
  msgstr ""
2344
 
2345
+ #: src/admin/wp-security-firewall-menu.php:1165, src/admin/wp-security-user-login-menu.php:498, src/admin/wp-security-user-login-menu.php:655
2346
  msgid "Click this button if you wish to download this log in CSV format."
2347
  msgstr ""
2348
 
2349
+ #: src/admin/wp-security-firewall-menu.php:1172, src/admin/wp-security-firewall-menu.php:1181
2350
  msgid "Delete All 404 Event Logs"
2351
  msgstr ""
2352
 
2353
+ #: src/admin/wp-security-firewall-menu.php:1178
2354
  msgid "Click this button if you wish to purge all 404 event logs from the DB."
2355
  msgstr ""
2356
 
2357
+ #: src/admin/wp-security-firewall-menu.php:1237
2358
  msgid "Custom .htaccess Rules Settings"
2359
  msgstr ""
2360
 
2361
+ #: src/admin/wp-security-firewall-menu.php:1244
2362
  msgid "This feature can be used to apply your own custom .htaccess rules and directives."
2363
  msgstr ""
2364
 
2365
+ #: src/admin/wp-security-firewall-menu.php:1245
2366
  msgid "It is useful for when you want to tweak our existing firewall rules or when you want to add your own."
2367
  msgstr ""
2368
 
2369
+ #: src/admin/wp-security-firewall-menu.php:1246
2370
  msgid "NOTE: This feature can only be used if your site is hosted in an apache or similar web server."
2371
  msgstr ""
2372
 
2373
+ #: src/admin/wp-security-firewall-menu.php:1252
2374
  msgid "<strong>Warning</strong>: Only use this feature if you know what you are doing."
2375
  msgstr ""
2376
 
2377
+ #: src/admin/wp-security-firewall-menu.php:1253
2378
  msgid "Incorrect .htaccess rules or directives can break or prevent access to your site."
2379
  msgstr ""
2380
 
2381
+ #: src/admin/wp-security-firewall-menu.php:1254
2382
  msgid "It is your responsibility to ensure that you are entering the correct code!"
2383
  msgstr ""
2384
 
2385
+ #: src/admin/wp-security-firewall-menu.php:1255
2386
  msgid "If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made."
2387
  msgstr ""
2388
 
2389
+ #: src/admin/wp-security-firewall-menu.php:1261
2390
  msgid "Custom .htaccess Rules"
2391
  msgstr ""
2392
 
2393
+ #: src/admin/wp-security-firewall-menu.php:1265
2394
  msgid "Enable Custom .htaccess Rules"
2395
  msgstr ""
2396
 
2397
+ #: src/admin/wp-security-firewall-menu.php:1268
2398
  msgid "Check this if you want to enable custom rules entered in the text box below"
2399
  msgstr ""
2400
 
2401
+ #: src/admin/wp-security-firewall-menu.php:1272
2402
  msgid "Place custom rules at the top"
2403
  msgstr ""
2404
 
2405
+ #: src/admin/wp-security-firewall-menu.php:1275
2406
  msgid "Check this if you want to place your custom rules at the beginning of all the rules applied by this plugin"
2407
  msgstr ""
2408
 
2409
+ #: src/admin/wp-security-firewall-menu.php:1279
2410
  msgid "Enter Custom .htaccess Rules:"
2411
  msgstr ""
2412
 
2413
+ #: src/admin/wp-security-firewall-menu.php:1283
2414
  msgid "Enter your custom .htaccess rules/directives."
2415
  msgstr ""
2416
 
2417
+ #: src/admin/wp-security-firewall-menu.php:1288
2418
  msgid "Save Custom Rules"
2419
  msgstr ""
2420
 
2542
  msgid "Set up now"
2543
  msgstr ""
2544
 
2545
+ #: src/admin/wp-security-firewall-setup-notice.php:614, src/templates/notices/custom-notice.php:10, src/templates/notices/custom-notice.php:12, src/templates/notices/horizontal-notice.php:50, src/templates/notices/horizontal-notice.php:52
2546
  msgid "Dismiss"
2547
  msgstr ""
2548
 
2786
  msgid "The selected IP addresses were successfully added to the permanent block list!"
2787
  msgstr ""
2788
 
2789
+ #: src/admin/wp-security-list-registered-users.php:269, src/admin/wp-security-list-registered-users.php:286, src/admin/wp-security-spam-menu.php:374
2790
  msgid "View Blocked IPs"
2791
  msgstr ""
2792
 
2958
  msgid "Check this if you want to stop REST API access for non-logged in requests."
2959
  msgstr ""
2960
 
2961
+ #: src/admin/wp-security-settings-menu.php:25
2962
  msgid "General Settings"
2963
  msgstr ""
2964
 
2965
+ #: src/admin/wp-security-settings-menu.php:37
2966
  msgid "Delete Plugin Settings"
2967
  msgstr ""
2968
 
2969
+ #: src/admin/wp-security-settings-menu.php:41
2970
  msgid "WP Version Info"
2971
  msgstr ""
2972
 
2973
+ #: src/admin/wp-security-settings-menu.php:45
2974
  msgid "Import/Export"
2975
  msgstr ""
2976
 
2977
+ #: src/admin/wp-security-settings-menu.php:52
2978
+ msgid "Advanced settings"
2979
+ msgstr ""
2980
+
2981
+ #: src/admin/wp-security-settings-menu.php:128
2982
  msgid "All the security features have been disabled successfully!"
2983
  msgstr ""
2984
 
2985
+ #: src/admin/wp-security-settings-menu.php:132, src/admin/wp-security-settings-menu.php:159
2986
  msgid "Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the \".htaccess File\"."
2987
  msgstr ""
2988
 
2989
+ #: src/admin/wp-security-settings-menu.php:137
2990
  msgid "Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the \"wp-config.php File\"."
2991
  msgstr ""
2992
 
2993
+ #: src/admin/wp-security-settings-menu.php:155
2994
  msgid "All firewall rules have been disabled successfully!"
2995
  msgstr ""
2996
 
2997
+ #: src/admin/wp-security-settings-menu.php:177
2998
  msgid "Deletion of aio_wp_security_configs option and .htaccess directives failed."
2999
  msgstr ""
3000
 
3001
+ #: src/admin/wp-security-settings-menu.php:179
3002
  msgid "Reset of aio_wp_security_configs option failed."
3003
  msgstr ""
3004
 
3005
+ #: src/admin/wp-security-settings-menu.php:181
3006
  msgid "Deletion of .htaccess directives failed."
3007
  msgstr ""
3008
 
3009
+ #: src/admin/wp-security-settings-menu.php:183
3010
  msgid "All settings have been successfully reset."
3011
  msgstr ""
3012
 
3013
+ #: src/admin/wp-security-settings-menu.php:203
3014
  msgid "For information, updates and documentation, please visit the"
3015
  msgstr ""
3016
 
3017
+ #: src/admin/wp-security-settings-menu.php:203
3018
  msgid "Page"
3019
  msgstr ""
3020
 
3021
+ #: src/admin/wp-security-settings-menu.php:204
3022
  msgid "Follow us"
3023
  msgstr ""
3024
 
3025
+ #: src/admin/wp-security-settings-menu.php:204
3026
  msgid "on Twitter, Google+ or via Email to stay up to date about the new security features of this plugin."
3027
  msgstr ""
3028
 
3029
+ #: src/admin/wp-security-settings-menu.php:208
3030
  msgid "WP Security Plugin"
3031
  msgstr ""
3032
 
3033
+ #: src/admin/wp-security-settings-menu.php:212
3034
  msgid "Thank you for using the AIOWPS security plugin."
3035
  msgstr ""
3036
 
3037
+ #: src/admin/wp-security-settings-menu.php:216
3038
  msgid "There are a lot of security features in this plugin."
3039
  msgstr ""
3040
 
3041
+ #: src/admin/wp-security-settings-menu.php:221
3042
  msgid "To start, go through each security option and enable the \"basic\" options."
3043
  msgstr ""
3044
 
3045
+ #: src/admin/wp-security-settings-menu.php:225
3046
  msgid "The more features you enable, the more security points you will achieve."
3047
  msgstr ""
3048
 
3049
+ #: src/admin/wp-security-settings-menu.php:228
3050
  msgid "Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php."
3051
  msgstr ""
3052
 
3053
+ #: src/admin/wp-security-settings-menu.php:231
3054
  msgid "Backup your database"
3055
  msgstr ""
3056
 
3057
+ #: src/admin/wp-security-settings-menu.php:232
3058
  msgid "Backup .htaccess file"
3059
  msgstr ""
3060
 
3061
+ #: src/admin/wp-security-settings-menu.php:233
3062
  msgid "Backup wp-config.php file"
3063
  msgstr ""
3064
 
3065
+ #: src/admin/wp-security-settings-menu.php:240
3066
  msgid "Disable Security Features"
3067
  msgstr ""
3068
 
3069
+ #: src/admin/wp-security-settings-menu.php:246
3070
  msgid "If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin."
3071
  msgstr ""
3072
 
3073
+ #: src/admin/wp-security-settings-menu.php:250
3074
  msgid "Disable All Security Features"
3075
  msgstr ""
3076
 
3077
+ #: src/admin/wp-security-settings-menu.php:257, src/admin/wp-security-settings-menu.php:267
3078
  msgid "Disable All Firewall Rules"
3079
  msgstr ""
3080
 
3081
+ #: src/admin/wp-security-settings-menu.php:263
3082
  msgid "This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site."
3083
  msgstr ""
3084
 
3085
+ #: src/admin/wp-security-settings-menu.php:274, src/admin/wp-security-settings-menu.php:287
3086
  msgid "Reset Settings"
3087
  msgstr ""
3088
 
3089
+ #: src/admin/wp-security-settings-menu.php:279
3090
  msgid "This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin."
3091
  msgstr ""
3092
 
3093
+ #: src/admin/wp-security-settings-menu.php:280
3094
  msgid "This button click will reset/empty all the database tables of the security plugin also."
3095
  msgstr ""
3096
 
3097
+ #: src/admin/wp-security-settings-menu.php:281
3098
  msgid "Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated."
3099
  msgstr ""
3100
 
3101
+ #: src/admin/wp-security-settings-menu.php:282
3102
  msgid "In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin."
3103
  msgstr ""
3104
 
3105
+ #: src/admin/wp-security-settings-menu.php:283
3106
  msgid "%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall plugin."
3107
  msgstr ""
3108
 
3109
+ #: src/admin/wp-security-settings-menu.php:295
3110
  msgid "Debug Settings"
3111
  msgstr ""
3112
 
3113
+ #: src/admin/wp-security-settings-menu.php:301
3114
  msgid "This setting allows you to enable/disable debug for this plugin."
3115
  msgstr ""
3116
 
3117
+ #: src/admin/wp-security-settings-menu.php:307
3118
  msgid "Enable Debug"
3119
  msgstr ""
3120
 
3121
+ #: src/admin/wp-security-settings-menu.php:310
3122
  msgid "Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue."
3123
  msgstr ""
3124
 
3125
+ #: src/admin/wp-security-settings-menu.php:314
3126
  msgid "Save Debug Settings"
3127
  msgstr ""
3128
 
3129
+ #: src/admin/wp-security-settings-menu.php:350
3130
  msgid "Your .htaccess file was successfully backed up! Using an FTP program go to the \"/wp-content/aiowps_backups\" directory to save a copy of the file to your computer."
3131
  msgstr ""
3132
 
3133
+ #: src/admin/wp-security-settings-menu.php:356
3134
  msgid "htaccess file rename failed during backup. Please check your root directory for the backup file using FTP."
3135
  msgstr ""
3136
 
3137
+ #: src/admin/wp-security-settings-menu.php:362
3138
  msgid "htaccess backup failed."
3139
  msgstr ""
3140
 
3141
+ #: src/admin/wp-security-settings-menu.php:377
3142
  msgid "Please choose a .htaccess to restore from."
3143
  msgstr ""
3144
 
3145
+ #: src/admin/wp-security-settings-menu.php:392
3146
  msgid "htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP."
3147
  msgstr ""
3148
 
3149
+ #: src/admin/wp-security-settings-menu.php:396
3150
  msgid "Your .htaccess file has successfully been restored!"
3151
  msgstr ""
3152
 
3153
+ #: src/admin/wp-security-settings-menu.php:402
3154
  msgid "htaccess Restore operation failed! Please check the contents of the file you are trying to restore from."
3155
  msgstr ""
3156
 
3157
+ #: src/admin/wp-security-settings-menu.php:408
3158
  msgid ".htaccess File Operations"
3159
  msgstr ""
3160
 
3161
+ #: src/admin/wp-security-settings-menu.php:411
3162
  msgid "Your \".htaccess\" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms."
3163
  msgstr ""
3164
 
3165
+ #: src/admin/wp-security-settings-menu.php:412
3166
  msgid "This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future."
3167
  msgstr ""
3168
 
3169
+ #: src/admin/wp-security-settings-menu.php:413
3170
  msgid "You can also restore your site's .htaccess settings using a backed up .htaccess file."
3171
  msgstr ""
3172
 
3173
+ #: src/admin/wp-security-settings-menu.php:428
3174
  msgid "Save the current .htaccess file"
3175
  msgstr ""
3176
 
3177
+ #: src/admin/wp-security-settings-menu.php:432
3178
  msgid "Click the button below to backup and save the currently active .htaccess file."
3179
  msgstr ""
3180
 
3181
+ #: src/admin/wp-security-settings-menu.php:433
3182
  msgid "Backup .htaccess File"
3183
  msgstr ""
3184
 
3185
+ #: src/admin/wp-security-settings-menu.php:437
3186
  msgid "Restore from a backed up .htaccess file"
3187
  msgstr ""
3188
 
3189
+ #: src/admin/wp-security-settings-menu.php:443
3190
  msgid ".htaccess file to restore from"
3191
  msgstr ""
3192
 
3193
+ #: src/admin/wp-security-settings-menu.php:445
3194
  msgid "Select Your htaccess File"
3195
  msgstr ""
3196
 
3197
+ #: src/admin/wp-security-settings-menu.php:449
3198
  msgid "After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt)."
3199
  msgstr ""
3200
 
3201
+ #: src/admin/wp-security-settings-menu.php:455
3202
  msgid "Restore .htaccess File"
3203
  msgstr ""
3204
 
3205
+ #: src/admin/wp-security-settings-menu.php:477
3206
  msgid "Please choose a wp-config.php file to restore from."
3207
  msgstr ""
3208
 
3209
+ #: src/admin/wp-security-settings-menu.php:493
3210
  msgid "wp-config.php file restore failed. Please attempt to restore this file manually using FTP."
3211
  msgstr ""
3212
 
3213
+ #: src/admin/wp-security-settings-menu.php:497
3214
  msgid "Your wp-config.php file has successfully been restored!"
3215
  msgstr ""
3216
 
3217
+ #: src/admin/wp-security-settings-menu.php:503
3218
  msgid "wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from."
3219
  msgstr ""
3220
 
3221
+ #: src/admin/wp-security-settings-menu.php:509
3222
  msgid "wp-config.php File Operations"
3223
  msgstr ""
3224
 
3225
+ #: src/admin/wp-security-settings-menu.php:512
3226
  msgid "Your \"wp-config.php\" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components."
3227
  msgstr ""
3228
 
3229
+ #: src/admin/wp-security-settings-menu.php:513
3230
  msgid "This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future."
3231
  msgstr ""
3232
 
3233
+ #: src/admin/wp-security-settings-menu.php:514
3234
  msgid "You can also restore your site's wp-config.php settings using a backed up wp-config.php file."
3235
  msgstr ""
3236
 
3237
+ #: src/admin/wp-security-settings-menu.php:529
3238
  msgid "Save the current wp-config.php file"
3239
  msgstr ""
3240
 
3241
+ #: src/admin/wp-security-settings-menu.php:533
3242
  msgid "Click the button below to backup and download the contents of the currently active wp-config.php file."
3243
  msgstr ""
3244
 
3245
+ #: src/admin/wp-security-settings-menu.php:534
3246
  msgid "Backup wp-config.php File"
3247
  msgstr ""
3248
 
3249
+ #: src/admin/wp-security-settings-menu.php:539
3250
  msgid "Restore from a backed up wp-config file"
3251
  msgstr ""
3252
 
3253
+ #: src/admin/wp-security-settings-menu.php:545
3254
  msgid "wp-config file to restore from"
3255
  msgstr ""
3256
 
3257
+ #: src/admin/wp-security-settings-menu.php:547
3258
  msgid "Select Your wp-config File"
3259
  msgstr ""
3260
 
3261
+ #: src/admin/wp-security-settings-menu.php:551
3262
  msgid "After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt)."
3263
  msgstr ""
3264
 
3265
+ #: src/admin/wp-security-settings-menu.php:557
3266
  msgid "Restore wp-config File"
3267
  msgstr ""
3268
 
3269
+ #: src/admin/wp-security-settings-menu.php:561
3270
  msgid "View Contents of the currently active wp-config.php file"
3271
  msgstr ""
3272
 
3273
+ #: src/admin/wp-security-settings-menu.php:591
3274
  msgid "Manage delete plugin settings saved."
3275
  msgstr ""
3276
 
3277
+ #: src/admin/wp-security-settings-menu.php:596
3278
  msgid "Manage delete plugin tasks"
3279
  msgstr ""
3280
 
3281
+ #: src/admin/wp-security-settings-menu.php:603
3282
  msgid "Delete database tables"
3283
  msgstr ""
3284
 
3285
+ #: src/admin/wp-security-settings-menu.php:606
3286
  msgid "Check this if you want to remove database tables when the plugin is uninstalled."
3287
  msgstr ""
3288
 
3289
+ #: src/admin/wp-security-settings-menu.php:610
3290
  msgid "Delete settings"
3291
  msgstr ""
3292
 
3293
+ #: src/admin/wp-security-settings-menu.php:613
3294
  msgid "Check this if you want to remove all plugin settings when uninstalling the plugin."
3295
  msgstr ""
3296
 
3297
+ #: src/admin/wp-security-settings-menu.php:613
3298
  msgid "It will also remove all custom htaccess rules that were added by this plugin."
3299
  msgstr ""
3300
 
3301
+ #: src/admin/wp-security-settings-menu.php:647
3302
  msgid "WP Generator Meta Tag & Version Info"
3303
  msgstr ""
3304
 
3305
+ #: src/admin/wp-security-settings-menu.php:650
3306
  msgid "Wordpress generator automatically adds some meta information inside the \"head\" tags of every page on your site's front end. Below is an example of this:"
3307
  msgstr ""
3308
 
3309
+ #: src/admin/wp-security-settings-menu.php:652
3310
  msgid "The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit."
3311
  msgstr ""
3312
 
3313
+ #: src/admin/wp-security-settings-menu.php:653
3314
  msgid "There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:"
3315
  msgstr ""
3316
 
3317
+ #: src/admin/wp-security-settings-menu.php:655
3318
  msgid "This feature will allow you to remove the WP generator meta info and other version info from your site's pages."
3319
  msgstr ""
3320
 
3321
+ #: src/admin/wp-security-settings-menu.php:661
3322
  msgid "WP Generator Meta Info"
3323
  msgstr ""
3324
 
3325
+ #: src/admin/wp-security-settings-menu.php:673
3326
  msgid "Remove WP Generator Meta Info"
3327
  msgstr ""
3328
 
3329
+ #: src/admin/wp-security-settings-menu.php:676
3330
  msgid "Check this if you want to remove the version and meta info produced by WP from all pages"
3331
  msgstr ""
3332
 
3333
+ #: src/admin/wp-security-settings-menu.php:704
3334
  msgid "Please choose a file to import your settings from."
3335
  msgstr ""
3336
 
3337
+ #: src/admin/wp-security-settings-menu.php:736
3338
  msgid "Import AIOWPS settings from .$import_from. operation failed!"
3339
  msgstr ""
3340
 
3341
+ #: src/admin/wp-security-settings-menu.php:742, src/admin/wp-security-settings-menu.php:786
3342
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes."
3343
  msgstr ""
3344
 
3345
+ #: src/admin/wp-security-settings-menu.php:744, src/admin/wp-security-settings-menu.php:788
3346
  msgid "The file you uploaded was also deleted for security purposes because it contains security settings details."
3347
  msgstr ""
3348
 
3349
+ #: src/admin/wp-security-settings-menu.php:759
3350
  msgid "Your AIOWPS settings were successfully imported via file input."
3351
  msgstr ""
3352
 
3353
+ #: src/admin/wp-security-settings-menu.php:760
3354
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details."
3355
  msgstr ""
3356
 
3357
+ #: src/admin/wp-security-settings-menu.php:762
3358
  msgid "Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details."
3359
  msgstr ""
3360
 
3361
+ #: src/admin/wp-security-settings-menu.php:765
3362
  msgid "Your AIOWPS settings were successfully imported via text entry."
3363
  msgstr ""
3364
 
3365
+ #: src/admin/wp-security-settings-menu.php:780
3366
  msgid "The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from."
3367
  msgstr ""
3368
 
3369
+ #: src/admin/wp-security-settings-menu.php:797
3370
  msgid "Export or Import Your AIOWPS Settings"
3371
  msgstr ""
3372
 
3373
+ #: src/admin/wp-security-settings-menu.php:800
3374
  msgid "This section allows you to export or import your All In One WP Security & Firewall settings."
3375
  msgstr ""
3376
 
3377
+ #: src/admin/wp-security-settings-menu.php:801
3378
  msgid "This can be handy if you wanted to save time by applying the settings from one site to another site."
3379
  msgstr ""
3380
 
3381
+ #: src/admin/wp-security-settings-menu.php:802
3382
  msgid "NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site."
3383
  msgstr ""
3384
 
3385
+ #: src/admin/wp-security-settings-menu.php:803
3386
  msgid "For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain."
3387
  msgstr ""
3388
 
3389
+ #: src/admin/wp-security-settings-menu.php:809, src/admin/wp-security-settings-menu.php:818
3390
  msgid "Export AIOWPS Settings"
3391
  msgstr ""
3392
 
3393
+ #: src/admin/wp-security-settings-menu.php:815
3394
  msgid "To export your All In One WP Security & Firewall settings click the button below."
3395
  msgstr ""
3396
 
3397
+ #: src/admin/wp-security-settings-menu.php:822, src/admin/wp-security-settings-menu.php:853
3398
  msgid "Import AIOWPS Settings"
3399
  msgstr ""
3400
 
3401
+ #: src/admin/wp-security-settings-menu.php:828
3402
  msgid "Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below."
3403
  msgstr ""
3404
 
3405
+ #: src/admin/wp-security-settings-menu.php:831
3406
  msgid "Import File"
3407
  msgstr ""
3408
 
3409
+ #: src/admin/wp-security-settings-menu.php:835
3410
  msgid "Select Your Import Settings File"
3411
  msgstr ""
3412
 
3413
+ #: src/admin/wp-security-settings-menu.php:839
3414
  msgid "After selecting your file, click the button below to apply the settings to your site."
3415
  msgstr ""
3416
 
3417
+ #: src/admin/wp-security-settings-menu.php:846
3418
  msgid "Copy/Paste Import Data"
3419
  msgstr ""
3420
 
3421
+ #: src/admin/wp-security-settings-menu.php:895
3422
+ msgid "Default - if correct, then this is the best option"
3423
+ msgstr ""
3424
+
3425
+ #: src/admin/wp-security-settings-menu.php:896
3426
+ msgid "Only use if you're using Cloudflare."
3427
+ msgstr ""
3428
+
3429
+ #: src/admin/wp-security-settings-menu.php:904
3430
+ msgid "(current value: %s)"
3431
+ msgstr ""
3432
+
3433
+ #: src/admin/wp-security-settings-menu.php:907
3434
+ msgid "no value (i.e. empty) on your server"
3435
+ msgstr ""
3436
+
3437
  #: src/admin/wp-security-spam-menu.php:28
3438
  msgid "Comment SPAM"
3439
  msgstr ""
3498
  msgid "In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked."
3499
  msgstr ""
3500
 
3501
+ #: src/admin/wp-security-spam-menu.php:182
3502
  msgid "Block Spambots From Posting Comments"
3503
  msgstr ""
3504
 
3505
+ #: src/admin/wp-security-spam-menu.php:185
3506
  msgid "Check this if you want to apply a firewall rule which will block comments originating from spambots."
3507
  msgstr ""
3508
 
3509
+ #: src/admin/wp-security-spam-menu.php:189
3510
  msgid "This feature will implement a firewall rule to block all comment attempts which do not originate from your domain."
3511
  msgstr ""
3512
 
3513
+ #: src/admin/wp-security-spam-menu.php:190
3514
  msgid "A legitimate comment is one which is submitted by a human who physically fills out the comment form and clicks the submit button. For such events, the HTTP_REFERRER is always set to your own domain."
3515
  msgstr ""
3516
 
3517
+ #: src/admin/wp-security-spam-menu.php:191
3518
  msgid "A comment submitted by a spambot is done by directly calling the comments.php file, which usually means that the HTTP_REFERRER value is not your domain and often times empty."
3519
  msgstr ""
3520
 
3521
+ #: src/admin/wp-security-spam-menu.php:192
3522
  msgid "This feature will check and block comment requests which are not referred by your domain thus greatly reducing your overall blog SPAM and PHP requests done by the server to process these comments."
3523
  msgstr ""
3524
 
3525
+ #: src/admin/wp-security-spam-menu.php:202
3526
  msgid "Comment Processing"
3527
  msgstr ""
3528
 
3529
+ #: src/admin/wp-security-spam-menu.php:208
3530
  msgid "Trash spam comments"
3531
  msgstr ""
3532
 
3533
+ #: src/admin/wp-security-spam-menu.php:218
3534
  msgid "Move spam comments to trash after %s days."
3535
  msgstr ""
3536
 
3537
+ #: src/admin/wp-security-spam-menu.php:223
3538
  msgid "More info"
3539
  msgstr ""
3540
 
3541
+ #: src/admin/wp-security-spam-menu.php:226
3542
  msgid "Enble this feature in order to move the spam comments to trash after given number of days."
3543
  msgstr ""
3544
 
3545
+ #: src/admin/wp-security-spam-menu.php:265
3546
  msgid "You entered a non numeric value for the minimum number of spam comments field. It has been set to the default value."
3547
  msgstr ""
3548
 
3549
+ #: src/admin/wp-security-spam-menu.php:268
3550
  msgid "You must enter an integer greater than zero for minimum number of spam comments field. It has been set to the default value."
3551
  msgstr ""
3552
 
3553
+ #: src/admin/wp-security-spam-menu.php:297
3554
  msgid "Nonce check failed for list SPAM comment IPs!"
3555
  msgstr ""
3556
 
3557
+ #: src/admin/wp-security-spam-menu.php:303
3558
  msgid "You entered a non numeric value for the minimum SPAM comments per IP field. It has been set to the default value."
3559
  msgstr ""
3560
 
3561
+ #: src/admin/wp-security-spam-menu.php:315
3562
  msgid "Displaying results for IP addresses which have posted a minimum of %s SPAM comments"
3563
  msgstr ""
3564
 
3565
+ #: src/admin/wp-security-spam-menu.php:330
3566
  msgid "Auto Block SPAMMER IPs"
3567
  msgstr ""
3568
 
3569
+ #: src/admin/wp-security-spam-menu.php:335
3570
  msgid "This feature has detected that %s is not active. It is highly recommended that you activate the Akismet plugin to make the most of this feature."
3571
  msgstr ""
3572
 
3573
+ #: src/admin/wp-security-spam-menu.php:344
3574
  msgid "This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of comments labelled as SPAM."
3575
  msgstr ""
3576
 
3577
+ #: src/admin/wp-security-spam-menu.php:345
3578
  msgid "Comments are usually labelled as SPAM either by the Akismet plugin or manually by the WP administrator when they mark a comment as \"spam\" from the WordPress Comments menu."
3579
  msgstr ""
3580
 
3581
+ #: src/admin/wp-security-spam-menu.php:359
3582
  msgid "You currently have no IP addresses permanently blocked due to SPAM."
3583
  msgstr ""
3584
 
3585
+ #: src/admin/wp-security-spam-menu.php:372
3586
  msgid "Spammer IPs Added To Permanent Block List Today: "
3587
  msgstr ""
3588
 
3589
+ #: src/admin/wp-security-spam-menu.php:373
3590
  msgid "All Time Total: "
3591
  msgstr ""
3592
 
3593
+ #: src/admin/wp-security-spam-menu.php:387
3594
  msgid "Enable Auto Block of SPAM Comment IPs"
3595
  msgstr ""
3596
 
3597
+ #: src/admin/wp-security-spam-menu.php:390
3598
  msgid "Check this box if you want this plugin to automatically block IP addresses which submit SPAM comments."
3599
  msgstr ""
3600
 
3601
+ #: src/admin/wp-security-spam-menu.php:394
3602
  msgid "Minimum number of SPAM comments"
3603
  msgstr ""
3604
 
3605
+ #: src/admin/wp-security-spam-menu.php:396
3606
  msgid "Specify the minimum number of SPAM comments for an IP address before it is permanently blocked."
3607
  msgstr ""
3608
 
3609
+ #: src/admin/wp-security-spam-menu.php:400
3610
  msgid "Example 1: Setting this value to \"1\" will block ALL IP addresses which were used to submit at least one SPAM comment."
3611
  msgstr ""
3612
 
3613
+ #: src/admin/wp-security-spam-menu.php:401
3614
  msgid "Example 2: Setting this value to \"5\" will block only those IP addresses which were used to submit 5 SPAM comments or more on your site."
3615
  msgstr ""
3616
 
3617
+ #: src/admin/wp-security-spam-menu.php:407
3618
  msgid "Run Now"
3619
  msgstr ""
3620
 
3621
+ #: src/admin/wp-security-spam-menu.php:408
3622
  msgid "Run SPAM IP Blocking Now"
3623
  msgstr ""
3624
 
3625
+ #: src/admin/wp-security-spam-menu.php:409
3626
  msgid "This feature normally runs automatically whenever a comment is submitted but you can run it manually by clicking this button. (useful for older comments)"
3627
  msgstr ""
3628
 
3629
+ #: src/admin/wp-security-spam-menu.php:419
3630
  msgid "List SPAMMER IP Addresses"
3631
  msgstr ""
3632
 
3633
+ #: src/admin/wp-security-spam-menu.php:423
3634
  msgid "This section displays a list of the IP addresses of the people or bots who have left SPAM comments on your site."
3635
  msgstr ""
3636
 
3637
+ #: src/admin/wp-security-spam-menu.php:424
3638
  msgid "This information can be handy for identifying the most persistent IP addresses or ranges used by spammers."
3639
  msgstr ""
3640
 
3641
+ #: src/admin/wp-security-spam-menu.php:425
3642
  msgid "By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list."
3643
  msgstr ""
3644
 
3645
+ #: src/admin/wp-security-spam-menu.php:426
3646
  msgid ""
3647
  "To add one or more of the IP addresses displayed in the table below to your blacklist, simply click the \"Block\" link for the individual row or select more than one address\n"
3648
  " using the checkboxes and then choose the \"block\" option from the Bulk Actions dropdown list and click the \"Apply\" button."
3649
  msgstr ""
3650
 
3651
+ #: src/admin/wp-security-spam-menu.php:436
3652
  msgid "Minimum number of SPAM comments per IP"
3653
  msgstr ""
3654
 
3655
+ #: src/admin/wp-security-spam-menu.php:438
3656
  msgid "This field allows you to list only those IP addresses which have been used to post X or more SPAM comments."
3657
  msgstr ""
3658
 
3659
+ #: src/admin/wp-security-spam-menu.php:442
3660
  msgid "Example 1: Setting this value to \"0\" or \"1\" will list ALL IP addresses which were used to submit SPAM comments."
3661
  msgstr ""
3662
 
3663
+ #: src/admin/wp-security-spam-menu.php:443
3664
  msgid "Example 2: Setting this value to \"5\" will list only those IP addresses which were used to submit 5 SPAM comments or more on your site."
3665
  msgstr ""
3666
 
3667
+ #: src/admin/wp-security-spam-menu.php:450
3668
  msgid "Find IP Addresses"
3669
  msgstr ""
3670
 
3671
+ #: src/admin/wp-security-spam-menu.php:454
3672
  msgid "SPAMMER IP Address Results"
3673
  msgstr ""
3674
 
3675
+ #: src/admin/wp-security-spam-menu.php:460, src/classes/wp-security-utility.php:253
3676
  msgid "The plugin has detected that you are using a Multi-Site WordPress installation."
3677
  msgstr ""
3678
 
3679
+ #: src/admin/wp-security-spam-menu.php:461
3680
  msgid "Only the \"superadmin\" can block IP addresses from the main site."
3681
  msgstr ""
3682
 
3683
+ #: src/admin/wp-security-spam-menu.php:462
3684
  msgid "Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the \"Blacklist Manager\" on the main site."
3685
  msgstr ""
3686
 
3687
+ #: src/admin/wp-security-spam-menu.php:507
3688
  msgid "BuddyPress SPAM Settings"
3689
  msgstr ""
3690
 
3691
+ #: src/admin/wp-security-spam-menu.php:512
3692
  msgid "Add Captcha To BuddyPress Registration Form"
3693
  msgstr ""
3694
 
3695
+ #: src/admin/wp-security-spam-menu.php:516
3696
  msgid "This feature will add a simple math captcha field in the BuddyPress registration form."
3697
  msgstr ""
3698
 
3699
+ #: src/admin/wp-security-spam-menu.php:517
3700
  msgid "Adding a captcha field in the registration form is a simple way of greatly reducing SPAM signups from bots without using .htaccess rules."
3701
  msgstr ""
3702
 
3703
+ #: src/admin/wp-security-spam-menu.php:527
3704
  msgid "Enable Captcha On BuddyPress Registration Form"
3705
  msgstr ""
3706
 
3707
+ #: src/admin/wp-security-spam-menu.php:530
3708
  msgid "Check this if you want to insert a captcha field on the BuddyPress registration forms"
3709
  msgstr ""
3710
 
3711
+ #: src/admin/wp-security-spam-menu.php:539
3712
  msgid "BuddyPress is not active! In order to use this feature you will need to have BuddyPress installed and activated."
3713
  msgstr ""
3714
 
3715
+ #: src/admin/wp-security-spam-menu.php:569
3716
  msgid "BBPress SPAM Settings"
3717
  msgstr ""
3718
 
3719
+ #: src/admin/wp-security-spam-menu.php:574
3720
  msgid "Add Captcha To BBPress New Topic Form"
3721
  msgstr ""
3722
 
3723
+ #: src/admin/wp-security-spam-menu.php:578
3724
  msgid "This feature will add a simple math captcha field in the BBPress new topic form."
3725
  msgstr ""
3726
 
3727
+ #: src/admin/wp-security-spam-menu.php:579
3728
  msgid "Adding a captcha field in this form is a simple way of greatly reducing SPAM submitted from bots."
3729
  msgstr ""
3730
 
3731
+ #: src/admin/wp-security-spam-menu.php:589
3732
  msgid "Enable Captcha On BBPress New Topic Form"
3733
  msgstr ""
3734
 
3735
+ #: src/admin/wp-security-spam-menu.php:592
3736
  msgid "Check this if you want to insert a captcha field on the BBPress new topic forms"
3737
  msgstr ""
3738
 
3739
+ #: src/admin/wp-security-spam-menu.php:601
3740
  msgid "BBPress is not active! In order to use this feature you will need to have BBPress installed and activated."
3741
  msgstr ""
3742
 
4408
  msgid "Check this if you want to enable the honeypot feature for the registration page"
4409
  msgstr ""
4410
 
4411
+ #: src/classes/aios-ajax.php:89
4412
+ msgid "Invalid IP retrieve method."
4413
+ msgstr ""
4414
+
4415
+ #: src/classes/aios-ajax.php:131, src/wp-security-core.php:252
4416
+ msgid "The security check failed; try refreshing the page."
4417
+ msgstr ""
4418
+
4419
+ #: src/classes/aios-ajax.php:152, src/wp-security-core.php:262
4420
+ msgid "You are not allowed to run this command."
4421
+ msgstr ""
4422
+
4423
+ #: src/classes/aios-ajax.php:173, src/wp-security-core.php:276
4424
+ msgid "Options can only be saved by network admin"
4425
+ msgstr ""
4426
+
4427
+ #: src/classes/aios-ajax.php:202
4428
+ msgid "The command \"%s\" was not found"
4429
+ msgstr ""
4430
+
4431
  #: src/classes/grade-system/wp-security-feature-item-manager.php:39
4432
  msgid "Remove WP Generator Meta Tag"
4433
  msgstr ""
4548
  msgid "Advanced"
4549
  msgstr ""
4550
 
4551
+ #: src/classes/wp-security-captcha.php:47, src/classes/wp-security-general-init-tasks.php:408
4552
  msgid "Please enter an answer in digits:"
4553
  msgstr ""
4554
 
4680
  msgid "The following files were changed on your host"
4681
  msgstr ""
4682
 
4683
+ #: src/classes/wp-security-general-init-tasks.php:210, src/classes/wp-security-general-init-tasks.php:482
4684
  msgid "Application passwords have been disabled by All In One WP Security & Firewall plugin."
4685
  msgstr ""
4686
 
4687
+ #: src/classes/wp-security-general-init-tasks.php:429, src/classes/wp-security-general-init-tasks.php:542, src/classes/wp-security-general-init-tasks.php:575, src/classes/wp-security-user-login.php:137, src/classes/wp-security-user-registration.php:74
4688
  msgid "<strong>ERROR</strong>: Your answer was incorrect - please try again."
4689
  msgstr ""
4690
 
4691
+ #: src/classes/wp-security-general-init-tasks.php:464
4692
  msgid "Enter something special:"
4693
  msgstr ""
4694
 
4695
+ #: src/classes/wp-security-general-init-tasks.php:477
4696
  msgid "Application Passwords"
4697
  msgstr ""
4698
 
4699
+ #: src/classes/wp-security-general-init-tasks.php:486
4700
  msgid "Change Setting"
4701
  msgstr ""
4702
 
4703
+ #: src/classes/wp-security-general-init-tasks.php:488
4704
  msgid "Site admin can only change this setting."
4705
  msgstr ""
4706
 
4707
+ #: src/classes/wp-security-general-init-tasks.php:517
4708
  msgid "Error: You entered an incorrect CAPTCHA answer. Please go back and try again."
4709
  msgstr ""
4710
 
4711
+ #: src/classes/wp-security-general-init-tasks.php:559
4712
  msgid "Your CAPTCHA answer was incorrect - please try again."
4713
  msgstr ""
4714
 
4715
+ #: src/classes/wp-security-general-init-tasks.php:568
4716
  msgid "<strong>ERROR</strong>: Your IP address is currently locked please contact the administrator!"
4717
  msgstr ""
4718
 
4719
+ #: src/classes/wp-security-general-init-tasks.php:643
4720
  msgid "Your Google reCAPTCHA site key is wrong. Please fill the correct reCAPTCHA keys %s to use the Google reCAPTCHA feature."
4721
  msgstr ""
4722
 
4723
+ #: src/classes/wp-security-general-init-tasks.php:643, src/classes/wp-security-notices.php:85
4724
  msgid "here"
4725
  msgstr ""
4726
 
4727
+ #: src/classes/wp-security-general-init-tasks.php:656
4728
  msgid "Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?"
4729
  msgstr ""
4730
 
4731
+ #: src/classes/wp-security-general-init-tasks.php:656
4732
  msgid "Yes"
4733
  msgstr ""
4734
 
4735
+ #: src/classes/wp-security-general-init-tasks.php:656, src/templates/notices/custom-notice.php:27
4736
  msgid "No"
4737
  msgstr ""
4738
 
4739
+ #: src/classes/wp-security-general-init-tasks.php:675
4740
  msgid "Your registration is pending approval."
4741
  msgstr ""
4742
 
4765
  msgstr ""
4766
 
4767
  #: src/classes/wp-security-notices.php:46
4768
+ msgid "Important: set up your IP address detection settings"
4769
+ msgstr ""
4770
+
4771
+ #: src/classes/wp-security-notices.php:48
4772
+ msgid "The All in One Security plugin couldn't be certain about the correct method to detect the IP address for your site visitors with your currently-configured IP address detection settings."
4773
+ msgstr ""
4774
+
4775
+ #: src/classes/wp-security-notices.php:49
4776
+ msgid "It is important for your security to set the IP address detection settings properly."
4777
+ msgstr ""
4778
+
4779
+ #: src/classes/wp-security-notices.php:52
4780
+ msgid "Please go to the settings and set them now."
4781
+ msgstr ""
4782
+
4783
+ #: src/classes/wp-security-notices.php:58
4784
+ msgid "Setup IP address detection settings"
4785
+ msgstr ""
4786
+
4787
+ #: src/classes/wp-security-notices.php:64
4788
+ msgid "Important: Disabled login whitelist setting"
4789
+ msgstr ""
4790
+
4791
+ #: src/classes/wp-security-notices.php:66
4792
+ msgid "The All in One Security plugin has disabled the login whitelist setting that you have enabled in the past."
4793
+ msgstr ""
4794
+
4795
+ #: src/classes/wp-security-notices.php:69
4796
+ msgid "Your website is running on a non-Apache webserver, so the login whitelisting was not functional until the recent update of AIOS (because it relied upon Apache-specific features). It began working with AIOS version 5.0.8."
4797
+ msgstr ""
4798
+
4799
+ #: src/classes/wp-security-notices.php:70
4800
+ msgid "We have disabled it so that your login page will not be blocked unexpectedly."
4801
+ msgstr ""
4802
+
4803
+ #: src/classes/wp-security-notices.php:73
4804
+ msgid "Would you like to re-enable login whitelisting?"
4805
+ msgstr ""
4806
+
4807
+ #: src/classes/wp-security-notices.php:79
4808
+ msgid "Setup login whitelist setting"
4809
+ msgstr ""
4810
+
4811
+ #: src/classes/wp-security-notices.php:85
4812
  msgid "Hey - We noticed All In One WP Security & Firewall has kept your site safe for a while. If you like us, please consider leaving a positive review to spread the word. Or if you have any issues or questions please leave us a support message %s."
4813
  msgstr ""
4814
 
4815
+ #: src/classes/wp-security-notices.php:85
4816
  msgid "Thank you so much!"
4817
  msgstr ""
4818
 
4819
+ #: src/classes/wp-security-notices.php:85
4820
  msgid "Team All In One WP Security & Firewall"
4821
  msgstr ""
4822
 
4823
+ #: src/classes/wp-security-notices.php:95
4824
  msgid "Enhance your security even more by backing up your site"
4825
  msgstr ""
4826
 
4827
+ #: src/classes/wp-security-notices.php:96
4828
  msgid "UpdraftPlus is the world's most trusted backup plugin from the owners of All In One WP Security & Firewall"
4829
  msgstr ""
4830
 
4831
+ #: src/classes/wp-security-notices.php:107
4832
  msgid "After you've secured your site, we recommend you install our WP-Optimize plugin to streamline it for better website performance."
4833
  msgstr ""
4834
 
4936
  msgid "<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!"
4937
  msgstr ""
4938
 
4939
+ #: src/classes/wp-security-utility-ip-address.php:211, src/classes/wp-security-utility-ip-address.php:225, src/classes/wp-security-utility-ip-address.php:239, src/classes/wp-security-utility-ip-address.php:251, src/classes/wp-security-utility-ip-address.php:263
4940
  msgid " is not a valid ip address format."
4941
  msgstr ""
4942
 
4943
+ #: src/classes/wp-security-utility-ip-address.php:268
4944
  msgid "You cannot ban your own IP address: "
4945
  msgstr ""
4946
 
4947
+ #: src/classes/wp-security-utility.php:254
4948
  msgid "This feature can only be configured by the \"superadmin\" on the main site."
4949
  msgstr ""
4950
 
4951
+ #: src/classes/wp-security-utility.php:283
4952
  msgid "Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED."
4953
  msgstr ""
4954
 
4955
+ #: src/classes/wp-security-utility.php:286
4956
  msgid "Your system config file is already configured to disallow PHP file editing."
4957
  msgstr ""
4958
 
4959
+ #: src/classes/wp-security-utility.php:310
4960
  msgid "A backup copy of your wp-config.php file was created successfully...."
4961
  msgstr ""
4962
 
4963
+ #: src/classes/wp-security-utility.php:315
4964
  msgid "Settings Saved - Your system is now configured to not allow PHP file editing."
4965
  msgstr ""
4966
 
4967
+ #: src/classes/wp-security-utility.php:318, src/classes/wp-security-utility.php:361
4968
  msgid "Operation failed! Unable to modify wp-config.php file!"
4969
  msgstr ""
4970
 
4971
+ #: src/classes/wp-security-utility.php:346, src/classes/wp-security-utility.php:353
4972
  msgid "Your system config file is already configured to allow PHP file editing."
4973
  msgstr ""
4974
 
4975
+ #: src/classes/wp-security-utility.php:358
4976
  msgid "Settings Saved - Your system is now configured to allow PHP file editing."
4977
  msgstr ""
4978
 
5076
  msgid "Example 5: 2001:db8:1263::/48"
5077
  msgstr ""
5078
 
5079
+ #: src/templates/menus/settings/advanced-settings.php:2
5080
+ msgid "IP address detection settings"
5081
+ msgstr ""
5082
+
5083
+ #: src/templates/menus/settings/advanced-settings.php:6
5084
+ msgid "The IP address detection settings allow you to specify how visitors' IP addresses are made known to PHP (and hence to WordPress and its plugins)."
5085
+ msgstr ""
5086
+
5087
+ #: src/templates/menus/settings/advanced-settings.php:7
5088
+ msgid "Usually, this is automatic and there is only one choice."
5089
+ msgstr ""
5090
+
5091
+ #: src/templates/menus/settings/advanced-settings.php:8
5092
+ msgid "However in some setups, such as those using proxies (including load-balancers and security firewalls like Cloudflare), it may be necessary to set this manually."
5093
+ msgstr ""
5094
+
5095
+ #: src/templates/menus/settings/advanced-settings.php:9
5096
+ msgid "Attention"
5097
+ msgstr ""
5098
+
5099
+ #: src/templates/menus/settings/advanced-settings.php:9
5100
+ msgid "It is important to set this correctly - otherwise you may make it possible for a hacker to ban all your visitors (e.g. via banning Cloudflare from connecting to you) instead of being banned himself."
5101
+ msgstr ""
5102
+
5103
+ #: src/templates/menus/settings/advanced-settings.php:9
5104
+ msgid "The default is to use the REMOTE_ADDR PHP server variable. If this variable does not contain the visitor's IP address, then whilst you can make a different selection below, it is better to ask your web hosting company to have it correctly set."
5105
+ msgstr ""
5106
+
5107
+ #: src/templates/menus/settings/advanced-settings.php:10
5108
+ msgid "This is the most secure setup, because when set correctly it is immune from being spoofed by an attacker."
5109
+ msgstr ""
5110
+
5111
+ #: src/templates/menus/settings/advanced-settings.php:16
5112
+ msgid "You have no available IP address detection method(s); you must contact your web hosting company."
5113
+ msgstr ""
5114
+
5115
+ #: src/templates/menus/settings/advanced-settings.php:22, src/templates/menus/settings/advanced-settings.php:27, src/templates/menus/settings/advanced-settings.php:32
5116
+ msgid "Your detected IP address according to %s:"
5117
+ msgstr ""
5118
+
5119
+ #: src/templates/menus/settings/advanced-settings.php:38
5120
+ msgid "If your site is setup on localhost, you won't see your external IP address using your server's IP detection setting; but on a localhost-served site (not available to the outside world), the setting is irrelevant and can be ignored."
5121
+ msgstr ""
5122
+
5123
+ #: src/templates/menus/settings/advanced-settings.php:61
5124
+ msgid "Choose a $_SERVER variable you would like to detect visitors' IP address using."
5125
+ msgstr ""
5126
+
5127
+ #: src/templates/menus/settings/advanced-settings.php:67
5128
+ msgid "If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER[\"REMOTE_ADDR\"]"
5129
+ msgstr ""
5130
+
5131
+ #: src/templates/menus/settings/advanced-settings.php:73
5132
+ msgid "Your IP address if using this setting:"
5133
+ msgstr ""
5134
+
5135
+ #: src/templates/menus/settings/advanced-settings.php:75
5136
+ msgid "fetching..."
5137
+ msgstr ""
5138
+
5139
+ #: src/templates/menus/settings/advanced-settings.php:81, src/templates/menus/settings/advanced-settings.php:190
5140
+ msgid "getting..."
5141
+ msgstr ""
5142
+
5143
+ #: src/templates/menus/settings/advanced-settings.php:89
5144
+ msgid "look-up possibly blocked by an ad-blocker or similar tool"
5145
+ msgstr ""
5146
+
5147
+ #: src/templates/menus/settings/advanced-settings.php:217
5148
+ msgid "Save settings"
5149
+ msgstr ""
5150
+
5151
  #: src/templates/notices/cookie-based-brute-force-prevention-disabled.php:4
5152
  msgid "Cookie based brute force login prevention currently disabled"
5153
  msgstr ""
5156
  msgid "Cookie based brute force login prevention is currently disabled via the AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION constant (which is mostly likely to be defined in your wp-config.php)"
5157
  msgstr ""
5158
 
5159
+ #: src/templates/notices/disable-login-whitelist.php:4
5160
+ msgid "Login whitelisting currently disabled"
5161
+ msgstr ""
5162
+
5163
+ #: src/templates/notices/disable-login-whitelist.php:6
5164
+ msgid "Login whitelisting is currently disabled via the AIOS_DISABLE_LOGIN_WHITELIST constant (which is mostly likely to be defined in your wp-config.php)"
5165
+ msgstr ""
5166
+
5167
  #: src/templates/notices/horizontal-notice.php:8, src/templates/notices/horizontal-notice.php:40
5168
  msgid "notice image"
5169
  msgstr ""
5244
  msgid "Free two-factor security plugin"
5245
  msgstr ""
5246
 
5247
+ #: src/templates/partials/non-apache-feature-notice.php:9
5248
+ msgid "Attention:"
5249
  msgstr ""
5250
 
5251
+ #: src/templates/partials/non-apache-feature-notice.php:9
5252
+ msgid "This feature works only on the Apache server."
5253
  msgstr ""
5254
 
5255
+ #: src/templates/partials/non-apache-feature-notice.php:10
5256
+ msgid "You are using the non-apache server %s, so this feature won't work on your site."
5257
  msgstr ""
5258
 
5259
+ #: src/wp-security-core.php:230, src/wp-security.php:45
5260
+ msgid "This plugin requires PHP version %s."
5261
  msgstr ""
5262
 
5263
+ #: src/wp-security-core.php:231
5264
+ msgid "Current site PHP version is %s."
5265
  msgstr ""
5266
 
5267
+ #: src/wp-security-core.php:232, src/wp-security.php:47
5268
+ msgid "You will need to ask your web hosting company to upgrade."
5269
  msgstr ""
5270
 
5271
+ #: src/wp-security-core.php:388
5272
  msgid "Error:"
5273
  msgstr ""
5274
 
5275
+ #: src/wp-security-core.php:388
5276
  msgid "template not found"
5277
  msgstr ""
5278
 
other-includes/wp-security-rename-login-feature-pre-5-2.php CHANGED
@@ -266,7 +266,7 @@ do_action('login_header');
266
  try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e) {}
267
  if (typeof wpOnload=='function')wpOnload();
268
  </script>
269
- <?php endif; ?>
270
 
271
  <?php
272
  /**
@@ -289,7 +289,7 @@ do_action('login_footer'); ?>
289
  function wp_shake_js() {
290
  ?>
291
  <script type="text/javascript">
292
- addLoadEvent = function(func) {if (typeof jQuery!="undefined")jQuery(document).ready(func);else if (typeof wpOnload!='function') {wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function() {oldonload();func();}}};
293
  function s(id,pos) {g(id).left=pos+'px';}
294
  function g(id) {return document.getElementById(id).style;}
295
  function shake(id,a,d) {c=a.shift();s(id,c);if (a.length>0) {setTimeout(function() {shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e) {}}}
@@ -438,11 +438,9 @@ if (defined('RELOCATE') && RELOCATE) { // Move flag is set
438
  update_option('siteurl', $url);
439
  }
440
 
441
- //Set a cookie now to see if they are supported by the browser.
442
- $secure = ('https' === parse_url(wp_login_url(), PHP_URL_SCHEME));
443
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure);
444
  if (SITECOOKIEPATH != COOKIEPATH)
445
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
446
 
447
  $lang = ! empty($_GET['wp_lang']) ? sanitize_text_field($_GET['wp_lang']) : '';
448
  $switched_locale = false;
@@ -485,128 +483,123 @@ switch ($action) {
485
 
486
  case 'postpass':
487
  if (! array_key_exists('post_password', $_POST)) {
488
- wp_safe_redirect(wp_get_referer());
489
- exit();
490
- }
491
-
492
- require_once ABSPATH . WPINC . '/class-phpass.php';
493
- $hasher = new PasswordHash(8, true);
494
-
495
- /**
496
- * Filter the life span of the post password cookie.
497
- *
498
- * By default, the cookie expires 10 days from creation. To turn this
499
- * into a session cookie, return 0.
500
- *
501
- * @since 3.7.0
502
- *
503
- * @param int $expires The expiry time, as passed to setcookie().
504
- */
505
- $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
506
- $referer = wp_get_referer();
507
- if ($referer) {
508
- $secure = ('https' === parse_url($referer, PHP_URL_SCHEME));
509
- } else {
510
- $secure = false;
511
- }
512
- setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
513
 
514
  if ($switched_locale) {
515
- restore_previous_locale();
516
- }
517
 
518
- wp_safe_redirect(wp_get_referer());
519
  exit();
520
  case 'logout':
521
- check_admin_referer('log-out');
522
 
523
- $user = wp_get_current_user();
524
 
525
- wp_logout();
526
 
527
- if (! empty($_REQUEST['redirect_to'])) {
528
  $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
529
  } else {
530
- $redirect_to = 'wp-login.php?loggedout=true';
531
- $requested_redirect_to = '';
532
  }
533
 
534
  if ($switched_locale) {
535
- restore_previous_locale();
536
- }
537
 
538
- /**
539
- * Filter the log out redirect URL.
540
- *
541
- * @since 4.2.0
542
- *
543
- * @param string $redirect_to The redirect destination URL.
544
- * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
545
- * @param WP_User $user The WP_User object for the user that's logging out.
546
- */
547
- $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
548
-
549
- wp_safe_redirect($redirect_to);
550
  exit();
551
 
552
  case 'lostpassword':
553
  case 'retrievepassword':
554
- if ($http_post) {
555
  $errors = retrieve_password();
556
  if (!is_wp_error($errors)) {
557
- $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
558
- wp_safe_redirect($redirect_to);
559
- exit();
560
- }
561
  }
562
 
563
- if (isset($_GET['error'])) {
564
  if ('invalidkey' == $_GET['error']) {
565
- $errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.'));
566
- } elseif ('expiredkey' == $_GET['error']) {
567
- $errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.'));
568
- }
569
  }
570
 
571
- $lostpassword_redirect = ! empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
572
- /**
573
- * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
574
- *
575
- * @since 3.0.0
576
- *
577
- * @param string $lostpassword_redirect The redirect destination URL.
578
- */
579
- $redirect_to = apply_filters('lostpassword_redirect', $lostpassword_redirect);
580
-
581
- /**
582
- * Fires before the lost password form.
583
- *
584
- * @since 1.5.1
585
- */
586
- do_action('lost_password');
587
-
588
- login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
589
 
590
  $user_login = '';
591
 
592
  if (isset($_POST['user_login']) && is_string($_POST['user_login'])) {
593
- $user_login = wp_unslash($_POST['user_login']);
594
  }
595
 
596
- ?>
597
 
598
  <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url(network_site_url('wp-login.php?action=lostpassword', 'login_post')); ?>" method="post">
599
  <p>
600
  <label for="user_login" ><?php _e('Username or Email Address'); ?><br />
601
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
602
  </p>
603
- <?php
604
- /**
605
- * Fires inside the lostpassword form tags, before the hidden fields.
606
- *
607
- * @since 2.1.0
608
- */
609
- do_action('lostpassword_form'); ?>
610
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
611
  <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
612
  </form>
@@ -634,51 +627,51 @@ switch ($action) {
634
  break;
635
  case 'resetpass':
636
  case 'rp':
637
- list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
638
- $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
639
- if (isset($_GET['key'])) {
640
  $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
641
  setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
642
  wp_safe_redirect(remove_query_arg(array('key', 'login')));
643
  exit;
644
  }
645
 
646
- if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
647
  list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
648
  $user = check_password_reset_key($rp_key, $rp_login);
649
  if (isset($_POST['pass1']) && ! hash_equals($rp_key, $_POST['rp_key'])) {
650
- $user = false;
651
- }
652
- } else {
653
  $user = false;
 
 
 
654
  }
655
 
656
- if (! $user || is_wp_error($user)) {
657
  setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
658
  if ($user && $user->get_error_code() === 'expired_key') {
659
- wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
660
- } else {
661
- wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
662
- }
663
  exit;
664
  }
665
 
666
- $errors = new WP_Error();
667
 
668
- if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'])
669
- $errors->add('password_reset_mismatch', __('The passwords do not match.'));
670
 
671
- /**
672
- * Fires before the password reset procedure is validated.
673
- *
674
- * @since 3.5.0
675
- *
676
- * @param object $errors WP Error object.
677
- * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
678
- */
679
- do_action('validate_password_reset', $errors, $user);
680
 
681
- if ((! $errors->get_error_code()) && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
682
  reset_password($user, $_POST['pass1']);
683
  setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
684
  login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in') . '</a></p>');
@@ -686,11 +679,11 @@ switch ($action) {
686
  exit;
687
  }
688
 
689
- wp_enqueue_script('utils');
690
- wp_enqueue_script('user-profile');
691
 
692
- login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors);
693
- ?>
694
  <form name="resetpassform" id="resetpassform" action="<?php echo esc_url(network_site_url('wp-login.php?action=resetpass', 'login_post')); ?>" method="post" autocomplete="off">
695
  <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login); ?>" autocomplete="off" />
696
 
@@ -711,7 +704,7 @@ switch ($action) {
711
  <div class="pw-weak">
712
  <label>
713
  <input type="checkbox" name="pw_weak" class="pw-checkbox" />
714
- <?php _e('Confirm use of weak password'); ?>
715
  </label>
716
  </div>
717
  </div>
@@ -723,43 +716,43 @@ switch ($action) {
723
  <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
724
  <br class="clear" />
725
 
726
- <?php
727
- /**
728
- * Fires following the 'Strength indicator' meter in the user password reset form.
729
- *
730
- * @since 3.9.0
731
- *
732
- * @param WP_User $user User object of the user whose password is being reset.
733
- */
734
- do_action('resetpass_form', $user);
735
- ?>
736
  <input type="hidden" name="rp_key" value="<?php echo esc_attr($rp_key); ?>" />
737
  <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
738
  </form>
739
 
740
  <p id="nav">
741
  <a href="<?php echo esc_url(wp_login_url()); ?>"><?php _e('Log in'); ?></a>
742
- <?php
743
- if (get_option('users_can_register')) :
744
- $registration_url = sprintf('<a href="%s">%s</a>', esc_url(wp_registration_url()), __('Register'));
745
 
746
- echo esc_html($login_link_separator);
747
 
748
- // This filter is documented in wp-includes/general-template.php
749
- echo apply_filters('register', $registration_url);
750
- endif;
751
- ?>
752
  </p>
753
 
754
- <?php
755
- login_footer('user_pass');
756
 
757
- if ($switched_locale) {
758
  restore_previous_locale();
759
  }
760
  break;
761
  case 'register':
762
- if (is_multisite()) {
763
  /**
764
  * Filter the Multisite sign up URL.
765
  *
@@ -771,41 +764,41 @@ switch ($action) {
771
  exit;
772
  }
773
 
774
- if (!get_option('users_can_register')) {
775
  wp_redirect(site_url('wp-login.php?registration=disabled'));
776
  exit();
777
  }
778
 
779
- $user_login = '';
780
- $user_email = '';
781
- if ($http_post) {
782
  if (isset($_POST['user_login']) && is_string($_POST['user_login'])) {
783
- $user_login = $_POST['user_login'];
784
- }
785
 
786
  if (isset($_POST['user_email']) && is_string($_POST['user_email'])) {
787
- $user_email = wp_unslash($_POST['user_email']);
788
- }
789
 
790
  $errors = register_new_user($user_login, $user_email);
791
  if (!is_wp_error($errors)) {
792
- $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
793
- wp_safe_redirect($redirect_to);
794
- exit();
795
- }
796
  }
797
 
798
- $registration_redirect = ! empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
799
- /**
800
- * Filter the registration redirect URL.
801
- *
802
- * @since 3.0.0
803
- *
804
- * @param string $registration_redirect The redirect destination URL.
805
- */
806
- $redirect_to = apply_filters('registration_redirect', $registration_redirect);
807
- login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
808
- ?>
809
 
810
  <form name="registerform" id="registerform" action="<?php echo esc_url(site_url('wp-login.php?action=register', 'login_post')); ?>" method="post" novalidate="novalidate">
811
  <p>
@@ -816,14 +809,14 @@ switch ($action) {
816
  <label for="user_email"><?php _e('Email'); ?><br />
817
  <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
818
  </p>
819
- <?php
820
- /**
821
- * Fires following the 'Email' field in the user registration form.
822
- *
823
- * @since 2.1.0
824
- */
825
- do_action('register_form');
826
- ?>
827
  <p id="reg_passmail"><?php _e('Registration confirmation will be emailed to you.'); ?></p>
828
  <br class="clear" />
829
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
@@ -832,203 +825,203 @@ switch ($action) {
832
 
833
  <p id="nav">
834
  <a href="<?php echo esc_url(wp_login_url()); ?>"><?php _e('Log in'); ?></a>
835
- <?php echo esc_html($login_link_separator); ?>
836
  <a href="<?php echo esc_url(wp_lostpassword_url()); ?>"><?php _e('Lost your password?'); ?></a>
837
  </p>
838
 
839
- <?php
840
- login_footer('user_login');
841
 
842
- if ($switched_locale) {
843
  restore_previous_locale();
844
  }
845
  break;
846
  case 'confirmaction':
847
- if (! isset($_GET['request_id'])) {
848
  wp_die(__('Invalid request.'));
849
  }
850
 
851
- $request_id = (int) $_GET['request_id'];
852
 
853
- if (isset($_GET['confirm_key'])) {
854
  $key = sanitize_text_field(wp_unslash($_GET['confirm_key']));
855
  $result = wp_validate_user_request_key($request_id, $key);
856
  } else {
857
- $result = new WP_Error('invalid_key', __('Invalid key'));
858
  }
859
 
860
- if (is_wp_error($result)) {
861
  wp_die($result);
862
  }
863
 
864
- /**
865
- * Fires an action hook when the account action has been confirmed by the user.
866
- *
867
- * Using this you can assume the user has agreed to perform the action by
868
- * clicking on the link in the confirmation email.
869
- *
870
- * After firing this action hook the page will redirect to wp-login a callback
871
- * redirects or exits first.
872
- *
873
- * @param int $request_id Request ID.
874
- */
875
- do_action('user_request_action_confirmed', $request_id);
876
-
877
- $message = _wp_privacy_account_request_confirmed_message($request_id);
878
-
879
- login_header(__('User action confirmed.'), $message);
880
- login_footer();
881
  exit;
882
 
883
  case 'login':
884
  default:
885
- $secure_cookie = '';
886
- $customize_login = isset($_REQUEST['customize-login']);
887
- if ($customize_login)
888
- wp_enqueue_script('customize-base');
889
 
890
- // If the user wants ssl but the session is not ssl, force a secure cookie.
891
  if (!empty($_POST['log']) && !force_ssl_admin()) {
892
- $user_name = sanitize_user($_POST['log']);
893
- $user = get_user_by('login', $user_name);
894
 
895
- if (! $user && strpos($user_name, '@')) {
896
  $user = get_user_by('email', $user_name);
897
- }
898
 
899
- if ($user) {
900
  if (get_user_option('use_ssl', $user->ID)) {
901
- $secure_cookie = true;
902
- force_ssl_admin(true);
903
- }
904
- }
905
  }
906
 
907
- if (isset($_REQUEST['redirect_to'])) {
908
  $redirect_to = $_REQUEST['redirect_to'];
909
  // Redirect to https if user wants ssl
910
  if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin'))
911
- $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
912
  } else {
913
- $redirect_to = admin_url();
914
  }
915
 
916
- $reauth = empty($_REQUEST['reauth']) ? false : true;
917
 
918
  $user = wp_signon(array(), $secure_cookie);
919
 
920
- if (empty($_COOKIE[LOGGED_IN_COOKIE])) {
921
  if (headers_sent()) {
922
- // translators: 1: Browser cookie documentation URL, 2: Support forums URL
923
- $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.'), __('https://codex.wordpress.org/Cookies'), __('https://wordpress.org/support/')));
924
- } elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
925
- // If cookies are disabled we can't log in even with a valid user+pass
926
- // translators: 1: Browser cookie documentation URL
927
- $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.'), __('https://codex.wordpress.org/Cookies')));
928
- }
929
  }
930
 
931
- $requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
932
- /**
933
- * Filter the login redirect URL.
934
- *
935
- * @since 3.0.0
936
- *
937
- * @param string $redirect_to The redirect destination URL.
938
- * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
939
- * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
940
- */
941
- $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
942
-
943
- if (!is_wp_error($user) && !$reauth) {
944
  if ($interim_login) {
945
- $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
946
- $interim_login = 'success';
947
- login_header('', $message); ?>
948
  </div>
949
- <?php
950
  // This action is documented in wp-login.php
951
  do_action('login_footer'); ?>
952
- <?php if ($customize_login) : ?>
953
  <script type="text/javascript">setTimeout(function() { new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000);</script>
954
  <?php endif; ?>
955
  </body></html>
956
- <?php exit;
957
- }
958
 
959
  if ((empty($redirect_to) || 'wp-admin/' == $redirect_to || admin_url() == $redirect_to)) {
960
- // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
961
- if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID))
962
- $redirect_to = user_admin_url();
963
- elseif (is_multisite() && !$user->has_cap('read'))
964
- $redirect_to = get_dashboard_url($user->ID);
965
- elseif (!$user->has_cap('edit_posts'))
966
- $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
967
 
968
- wp_redirect($redirect_to);
969
- exit();
970
- }
971
  wp_safe_redirect($redirect_to);
972
  exit();
973
  }
974
 
975
- $errors = $user;
976
- // Clear errors if loggedout is set.
977
- if (!empty($_GET['loggedout']) || $reauth)
978
- $errors = new WP_Error();
979
 
980
- if ($interim_login) {
981
  if (! $errors->get_error_code())
982
- $errors->add('expired', __('Your session has expired. Please log in to continue where you left off.'), 'message');
983
  } else {
984
- // Some parts of this script use the main login form to display a message
985
- if (isset($_GET['loggedout']) && true == $_GET['loggedout'])
986
- $errors->add('loggedout', __('You are now logged out.'), 'message');
987
- elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration'])
988
- $errors->add('registerdisabled', __('User registration is currently not allowed.'));
989
- elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'])
990
- $errors->add('confirm', __('Check your email for the confirmation link.'), 'message');
991
- elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'])
992
- $errors->add('newpass', __('Check your email for your new password.'), 'message');
993
- elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'])
994
- $errors->add('registered', __('Registration complete. Please check your email.'), 'message');
995
- elseif (strpos($redirect_to, 'about.php?updated'))
996
- $errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.'), 'message');
997
  }
998
 
999
- /**
1000
- * Filter the login page errors.
1001
- *
1002
- * @since 3.6.0
1003
- *
1004
- * @param object $errors WP Error object.
1005
- * @param string $redirect_to Redirect destination URL.
1006
- */
1007
- $errors = apply_filters('wp_login_errors', $errors, $redirect_to);
1008
 
1009
- // Clear any stale cookies.
1010
- if ($reauth)
1011
- wp_clear_auth_cookie();
1012
 
1013
- login_header(__('Log In'), '', $errors);
1014
 
1015
- if (isset($_POST['log']))
1016
- $user_login = ('incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code()) ? esc_attr(wp_unslash($_POST['log'])) : '';
1017
- $rememberme = ! empty($_POST['rememberme']);
1018
 
1019
- if (! empty($errors->errors)) {
1020
  $aria_describedby_error = ' aria-describedby="login_error"';
1021
  } else {
1022
- $aria_describedby_error = '';
1023
  }
1024
 
1025
- //aiowps - this check is necessary because otherwise if variables are undefined we get a warning!
1026
  if (empty($user_login)) {
1027
- $user_login = '';
1028
  }
1029
 
1030
  if (empty($error)) {
1031
- $error = '';
1032
  }
1033
  ?>
1034
 
@@ -1041,23 +1034,23 @@ switch ($action) {
1041
  <label for="user_pass"><?php _e('Password'); ?><br />
1042
  <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
1043
  </p>
1044
- <?php
1045
- /**
1046
- * Fires following the 'Password' field in the login form.
1047
- *
1048
- * @since 2.1.0
1049
- */
1050
- do_action('login_form');
1051
- ?>
1052
  <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked($rememberme); ?> /> <?php esc_html_e('Remember Me'); ?></label></p>
1053
  <p class="submit">
1054
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
1055
  <?php if ($interim_login) { ?>
1056
  <input type="hidden" name="interim-login" value="1" />
1057
- <?php } else { ?>
1058
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
1059
  <?php } ?>
1060
- <?php if ($customize_login) : ?>
1061
  <input type="hidden" name="customize-login" value="1" />
1062
  <?php endif; ?>
1063
  <input type="hidden" name="testcookie" value="1" />
@@ -1079,7 +1072,7 @@ switch ($action) {
1079
  <a href="<?php echo esc_url(wp_lostpassword_url()); ?>"><?php _e('Lost your password?'); ?></a>
1080
  <?php endif; ?>
1081
  </p>
1082
- <?php } ?>
1083
 
1084
  <script type="text/javascript">
1085
  function wp_attempt_focus() {
@@ -1087,7 +1080,7 @@ setTimeout(function() { try{
1087
  <?php if ($user_login) { ?>
1088
  d = document.getElementById('user_pass');
1089
  d.value = '';
1090
- <?php } else { ?>
1091
  d = document.getElementById('user_login');
1092
  <?php if ('invalid_username' == $errors->get_error_code()) { ?>
1093
  if (d.value != '')
@@ -1111,7 +1104,7 @@ d.select();
1111
  */
1112
  if (apply_filters('enable_login_autofocus', true) && ! $error) { ?>
1113
  wp_attempt_focus();
1114
- <?php } ?>
1115
  if (typeof wpOnload=='function')wpOnload();
1116
  <?php if ($interim_login) { ?>
1117
  (function() {
@@ -1123,13 +1116,13 @@ if (typeof wpOnload=='function')wpOnload();
1123
  }
1124
  } catch(e) {}
1125
  }());
1126
- <?php } ?>
1127
  </script>
1128
 
1129
  <?php
1130
- login_footer();
1131
 
1132
- if ($switched_locale) {
1133
  restore_previous_locale();
1134
  }
1135
  break;
266
  try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e) {}
267
  if (typeof wpOnload=='function')wpOnload();
268
  </script>
269
+ <?php endif; ?>
270
 
271
  <?php
272
  /**
289
  function wp_shake_js() {
290
  ?>
291
  <script type="text/javascript">
292
+ addLoadEvent = function(func) {if (typeof jQuery!="undefined")jQuery(func);else if (typeof wpOnload!='function') {wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function() {oldonload();func();}}};
293
  function s(id,pos) {g(id).left=pos+'px';}
294
  function g(id) {return document.getElementById(id).style;}
295
  function shake(id,a,d) {c=a.shift();s(id,c);if (a.length>0) {setTimeout(function() {shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e) {}}}
438
  update_option('siteurl', $url);
439
  }
440
 
441
+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
 
 
442
  if (SITECOOKIEPATH != COOKIEPATH)
443
+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
444
 
445
  $lang = ! empty($_GET['wp_lang']) ? sanitize_text_field($_GET['wp_lang']) : '';
446
  $switched_locale = false;
483
 
484
  case 'postpass':
485
  if (! array_key_exists('post_password', $_POST)) {
486
+ wp_safe_redirect(wp_get_referer());
487
+ exit();
488
+ }
489
+
490
+ require_once ABSPATH . WPINC . '/class-phpass.php';
491
+ $hasher = new PasswordHash(8, true);
492
+
493
+ /**
494
+ * Filter the life span of the post password cookie.
495
+ *
496
+ * By default, the cookie expires 10 days from creation. To turn this
497
+ * into a session cookie, return 0.
498
+ *
499
+ * @since 3.7.0
500
+ *
501
+ * @param int $expires The expiry time, as passed to setcookie().
502
+ */
503
+ $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
504
+
505
+ setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
 
 
 
 
 
506
 
507
  if ($switched_locale) {
508
+ restore_previous_locale();
509
+ }
510
 
511
+ wp_safe_redirect(wp_get_referer());
512
  exit();
513
  case 'logout':
514
+ check_admin_referer('log-out');
515
 
516
+ $user = wp_get_current_user();
517
 
518
+ wp_logout();
519
 
520
+ if (! empty($_REQUEST['redirect_to'])) {
521
  $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
522
  } else {
523
+ $redirect_to = 'wp-login.php?loggedout=true';
524
+ $requested_redirect_to = '';
525
  }
526
 
527
  if ($switched_locale) {
528
+ restore_previous_locale();
529
+ }
530
 
531
+ /**
532
+ * Filter the log out redirect URL.
533
+ *
534
+ * @since 4.2.0
535
+ *
536
+ * @param string $redirect_to The redirect destination URL.
537
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
538
+ * @param WP_User $user The WP_User object for the user that's logging out.
539
+ */
540
+ $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
541
+
542
+ wp_safe_redirect($redirect_to);
543
  exit();
544
 
545
  case 'lostpassword':
546
  case 'retrievepassword':
547
+ if ($http_post) {
548
  $errors = retrieve_password();
549
  if (!is_wp_error($errors)) {
550
+ $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
551
+ wp_safe_redirect($redirect_to);
552
+ exit();
553
+ }
554
  }
555
 
556
+ if (isset($_GET['error'])) {
557
  if ('invalidkey' == $_GET['error']) {
558
+ $errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.'));
559
+ } elseif ('expiredkey' == $_GET['error']) {
560
+ $errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.'));
561
+ }
562
  }
563
 
564
+ $lostpassword_redirect = ! empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
565
+ /**
566
+ * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
567
+ *
568
+ * @since 3.0.0
569
+ *
570
+ * @param string $lostpassword_redirect The redirect destination URL.
571
+ */
572
+ $redirect_to = apply_filters('lostpassword_redirect', $lostpassword_redirect);
573
+
574
+ /**
575
+ * Fires before the lost password form.
576
+ *
577
+ * @since 1.5.1
578
+ */
579
+ do_action('lost_password');
580
+
581
+ login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
582
 
583
  $user_login = '';
584
 
585
  if (isset($_POST['user_login']) && is_string($_POST['user_login'])) {
586
+ $user_login = wp_unslash($_POST['user_login']);
587
  }
588
 
589
+ ?>
590
 
591
  <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url(network_site_url('wp-login.php?action=lostpassword', 'login_post')); ?>" method="post">
592
  <p>
593
  <label for="user_login" ><?php _e('Username or Email Address'); ?><br />
594
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
595
  </p>
596
+ <?php
597
+ /**
598
+ * Fires inside the lostpassword form tags, before the hidden fields.
599
+ *
600
+ * @since 2.1.0
601
+ */
602
+ do_action('lostpassword_form'); ?>
603
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
604
  <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
605
  </form>
627
  break;
628
  case 'resetpass':
629
  case 'rp':
630
+ list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
631
+ $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
632
+ if (isset($_GET['key'])) {
633
  $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
634
  setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
635
  wp_safe_redirect(remove_query_arg(array('key', 'login')));
636
  exit;
637
  }
638
 
639
+ if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
640
  list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
641
  $user = check_password_reset_key($rp_key, $rp_login);
642
  if (isset($_POST['pass1']) && ! hash_equals($rp_key, $_POST['rp_key'])) {
 
 
 
643
  $user = false;
644
+ }
645
+ } else {
646
+ $user = false;
647
  }
648
 
649
+ if (! $user || is_wp_error($user)) {
650
  setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
651
  if ($user && $user->get_error_code() === 'expired_key') {
652
+ wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
653
+ } else {
654
+ wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
655
+ }
656
  exit;
657
  }
658
 
659
+ $errors = new WP_Error();
660
 
661
+ if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'])
662
+ $errors->add('password_reset_mismatch', __('The passwords do not match.'));
663
 
664
+ /**
665
+ * Fires before the password reset procedure is validated.
666
+ *
667
+ * @since 3.5.0
668
+ *
669
+ * @param object $errors WP Error object.
670
+ * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
671
+ */
672
+ do_action('validate_password_reset', $errors, $user);
673
 
674
+ if ((! $errors->get_error_code()) && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
675
  reset_password($user, $_POST['pass1']);
676
  setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
677
  login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in') . '</a></p>');
679
  exit;
680
  }
681
 
682
+ wp_enqueue_script('utils');
683
+ wp_enqueue_script('user-profile');
684
 
685
+ login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors);
686
+ ?>
687
  <form name="resetpassform" id="resetpassform" action="<?php echo esc_url(network_site_url('wp-login.php?action=resetpass', 'login_post')); ?>" method="post" autocomplete="off">
688
  <input type="hidden" id="user_login" value="<?php echo esc_attr($rp_login); ?>" autocomplete="off" />
689
 
704
  <div class="pw-weak">
705
  <label>
706
  <input type="checkbox" name="pw_weak" class="pw-checkbox" />
707
+ <?php _e('Confirm use of weak password'); ?>
708
  </label>
709
  </div>
710
  </div>
716
  <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
717
  <br class="clear" />
718
 
719
+ <?php
720
+ /**
721
+ * Fires following the 'Strength indicator' meter in the user password reset form.
722
+ *
723
+ * @since 3.9.0
724
+ *
725
+ * @param WP_User $user User object of the user whose password is being reset.
726
+ */
727
+ do_action('resetpass_form', $user);
728
+ ?>
729
  <input type="hidden" name="rp_key" value="<?php echo esc_attr($rp_key); ?>" />
730
  <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
731
  </form>
732
 
733
  <p id="nav">
734
  <a href="<?php echo esc_url(wp_login_url()); ?>"><?php _e('Log in'); ?></a>
735
+ <?php
736
+ if (get_option('users_can_register')) :
737
+ $registration_url = sprintf('<a href="%s">%s</a>', esc_url(wp_registration_url()), __('Register'));
738
 
739
+ echo esc_html($login_link_separator);
740
 
741
+ // This filter is documented in wp-includes/general-template.php
742
+ echo apply_filters('register', $registration_url);
743
+ endif;
744
+ ?>
745
  </p>
746
 
747
+ <?php
748
+ login_footer('user_pass');
749
 
750
+ if ($switched_locale) {
751
  restore_previous_locale();
752
  }
753
  break;
754
  case 'register':
755
+ if (is_multisite()) {
756
  /**
757
  * Filter the Multisite sign up URL.
758
  *
764
  exit;
765
  }
766
 
767
+ if (!get_option('users_can_register')) {
768
  wp_redirect(site_url('wp-login.php?registration=disabled'));
769
  exit();
770
  }
771
 
772
+ $user_login = '';
773
+ $user_email = '';
774
+ if ($http_post) {
775
  if (isset($_POST['user_login']) && is_string($_POST['user_login'])) {
776
+ $user_login = $_POST['user_login'];
777
+ }
778
 
779
  if (isset($_POST['user_email']) && is_string($_POST['user_email'])) {
780
+ $user_email = wp_unslash($_POST['user_email']);
781
+ }
782
 
783
  $errors = register_new_user($user_login, $user_email);
784
  if (!is_wp_error($errors)) {
785
+ $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
786
+ wp_safe_redirect($redirect_to);
787
+ exit();
788
+ }
789
  }
790
 
791
+ $registration_redirect = ! empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
792
+ /**
793
+ * Filter the registration redirect URL.
794
+ *
795
+ * @since 3.0.0
796
+ *
797
+ * @param string $registration_redirect The redirect destination URL.
798
+ */
799
+ $redirect_to = apply_filters('registration_redirect', $registration_redirect);
800
+ login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
801
+ ?>
802
 
803
  <form name="registerform" id="registerform" action="<?php echo esc_url(site_url('wp-login.php?action=register', 'login_post')); ?>" method="post" novalidate="novalidate">
804
  <p>
809
  <label for="user_email"><?php _e('Email'); ?><br />
810
  <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
811
  </p>
812
+ <?php
813
+ /**
814
+ * Fires following the 'Email' field in the user registration form.
815
+ *
816
+ * @since 2.1.0
817
+ */
818
+ do_action('register_form');
819
+ ?>
820
  <p id="reg_passmail"><?php _e('Registration confirmation will be emailed to you.'); ?></p>
821
  <br class="clear" />
822
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
825
 
826
  <p id="nav">
827
  <a href="<?php echo esc_url(wp_login_url()); ?>"><?php _e('Log in'); ?></a>
828
+ <?php echo esc_html($login_link_separator); ?>
829
  <a href="<?php echo esc_url(wp_lostpassword_url()); ?>"><?php _e('Lost your password?'); ?></a>
830
  </p>
831
 
832
+ <?php
833
+ login_footer('user_login');
834
 
835
+ if ($switched_locale) {
836
  restore_previous_locale();
837
  }
838
  break;
839
  case 'confirmaction':
840
+ if (! isset($_GET['request_id'])) {
841
  wp_die(__('Invalid request.'));
842
  }
843
 
844
+ $request_id = (int) $_GET['request_id'];
845
 
846
+ if (isset($_GET['confirm_key'])) {
847
  $key = sanitize_text_field(wp_unslash($_GET['confirm_key']));
848
  $result = wp_validate_user_request_key($request_id, $key);
849
  } else {
850
+ $result = new WP_Error('invalid_key', __('Invalid key'));
851
  }
852
 
853
+ if (is_wp_error($result)) {
854
  wp_die($result);
855
  }
856
 
857
+ /**
858
+ * Fires an action hook when the account action has been confirmed by the user.
859
+ *
860
+ * Using this you can assume the user has agreed to perform the action by
861
+ * clicking on the link in the confirmation email.
862
+ *
863
+ * After firing this action hook the page will redirect to wp-login a callback
864
+ * redirects or exits first.
865
+ *
866
+ * @param int $request_id Request ID.
867
+ */
868
+ do_action('user_request_action_confirmed', $request_id);
869
+
870
+ $message = _wp_privacy_account_request_confirmed_message($request_id);
871
+
872
+ login_header(__('User action confirmed.'), $message);
873
+ login_footer();
874
  exit;
875
 
876
  case 'login':
877
  default:
878
+ $secure_cookie = '';
879
+ $customize_login = isset($_REQUEST['customize-login']);
880
+ if ($customize_login)
881
+ wp_enqueue_script('customize-base');
882
 
883
+ // If the user wants ssl but the session is not ssl, force a secure cookie.
884
  if (!empty($_POST['log']) && !force_ssl_admin()) {
885
+ $user_name = sanitize_user($_POST['log']);
886
+ $user = get_user_by('login', $user_name);
887
 
888
+ if (! $user && strpos($user_name, '@')) {
889
  $user = get_user_by('email', $user_name);
890
+ }
891
 
892
+ if ($user) {
893
  if (get_user_option('use_ssl', $user->ID)) {
894
+ $secure_cookie = true;
895
+ force_ssl_admin(true);
896
+ }
897
+ }
898
  }
899
 
900
+ if (isset($_REQUEST['redirect_to'])) {
901
  $redirect_to = $_REQUEST['redirect_to'];
902
  // Redirect to https if user wants ssl
903
  if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin'))
904
+ $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
905
  } else {
906
+ $redirect_to = admin_url();
907
  }
908
 
909
+ $reauth = empty($_REQUEST['reauth']) ? false : true;
910
 
911
  $user = wp_signon(array(), $secure_cookie);
912
 
913
+ if (empty($_COOKIE[LOGGED_IN_COOKIE])) {
914
  if (headers_sent()) {
915
+ // translators: 1: Browser cookie documentation URL, 2: Support forums URL
916
+ $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.'), __('https://codex.wordpress.org/Cookies'), __('https://wordpress.org/support/')));
917
+ } elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
918
+ // If cookies are disabled we can't log in even with a valid user+pass
919
+ // translators: 1: Browser cookie documentation URL
920
+ $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.'), __('https://codex.wordpress.org/Cookies')));
921
+ }
922
  }
923
 
924
+ $requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
925
+ /**
926
+ * Filter the login redirect URL.
927
+ *
928
+ * @since 3.0.0
929
+ *
930
+ * @param string $redirect_to The redirect destination URL.
931
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
932
+ * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
933
+ */
934
+ $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
935
+
936
+ if (!is_wp_error($user) && !$reauth) {
937
  if ($interim_login) {
938
+ $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
939
+ $interim_login = 'success';
940
+ login_header('', $message); ?>
941
  </div>
942
+ <?php
943
  // This action is documented in wp-login.php
944
  do_action('login_footer'); ?>
945
+ <?php if ($customize_login) : ?>
946
  <script type="text/javascript">setTimeout(function() { new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000);</script>
947
  <?php endif; ?>
948
  </body></html>
949
+ <?php exit;
950
+ }
951
 
952
  if ((empty($redirect_to) || 'wp-admin/' == $redirect_to || admin_url() == $redirect_to)) {
953
+ // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
954
+ if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID))
955
+ $redirect_to = user_admin_url();
956
+ elseif (is_multisite() && !$user->has_cap('read'))
957
+ $redirect_to = get_dashboard_url($user->ID);
958
+ elseif (!$user->has_cap('edit_posts'))
959
+ $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
960
 
961
+ wp_redirect($redirect_to);
962
+ exit();
963
+ }
964
  wp_safe_redirect($redirect_to);
965
  exit();
966
  }
967
 
968
+ $errors = $user;
969
+ // Clear errors if loggedout is set.
970
+ if (!empty($_GET['loggedout']) || $reauth)
971
+ $errors = new WP_Error();
972
 
973
+ if ($interim_login) {
974
  if (! $errors->get_error_code())
975
+ $errors->add('expired', __('Your session has expired. Please log in to continue where you left off.'), 'message');
976
  } else {
977
+ // Some parts of this script use the main login form to display a message
978
+ if (isset($_GET['loggedout']) && true == $_GET['loggedout'])
979
+ $errors->add('loggedout', __('You are now logged out.'), 'message');
980
+ elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration'])
981
+ $errors->add('registerdisabled', __('User registration is currently not allowed.'));
982
+ elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'])
983
+ $errors->add('confirm', __('Check your email for the confirmation link.'), 'message');
984
+ elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'])
985
+ $errors->add('newpass', __('Check your email for your new password.'), 'message');
986
+ elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'])
987
+ $errors->add('registered', __('Registration complete. Please check your email.'), 'message');
988
+ elseif (strpos($redirect_to, 'about.php?updated'))
989
+ $errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.'), 'message');
990
  }
991
 
992
+ /**
993
+ * Filter the login page errors.
994
+ *
995
+ * @since 3.6.0
996
+ *
997
+ * @param object $errors WP Error object.
998
+ * @param string $redirect_to Redirect destination URL.
999
+ */
1000
+ $errors = apply_filters('wp_login_errors', $errors, $redirect_to);
1001
 
1002
+ // Clear any stale cookies.
1003
+ if ($reauth)
1004
+ wp_clear_auth_cookie();
1005
 
1006
+ login_header(__('Log In'), '', $errors);
1007
 
1008
+ if (isset($_POST['log']))
1009
+ $user_login = ('incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code()) ? esc_attr(wp_unslash($_POST['log'])) : '';
1010
+ $rememberme = ! empty($_POST['rememberme']);
1011
 
1012
+ if (! empty($errors->errors)) {
1013
  $aria_describedby_error = ' aria-describedby="login_error"';
1014
  } else {
1015
+ $aria_describedby_error = '';
1016
  }
1017
 
1018
+ //aiowps - this check is necessary because otherwise if variables are undefined we get a warning!
1019
  if (empty($user_login)) {
1020
+ $user_login = '';
1021
  }
1022
 
1023
  if (empty($error)) {
1024
+ $error = '';
1025
  }
1026
  ?>
1027
 
1034
  <label for="user_pass"><?php _e('Password'); ?><br />
1035
  <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
1036
  </p>
1037
+ <?php
1038
+ /**
1039
+ * Fires following the 'Password' field in the login form.
1040
+ *
1041
+ * @since 2.1.0
1042
+ */
1043
+ do_action('login_form');
1044
+ ?>
1045
  <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked($rememberme); ?> /> <?php esc_html_e('Remember Me'); ?></label></p>
1046
  <p class="submit">
1047
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
1048
  <?php if ($interim_login) { ?>
1049
  <input type="hidden" name="interim-login" value="1" />
1050
+ <?php } else { ?>
1051
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
1052
  <?php } ?>
1053
+ <?php if ($customize_login) : ?>
1054
  <input type="hidden" name="customize-login" value="1" />
1055
  <?php endif; ?>
1056
  <input type="hidden" name="testcookie" value="1" />
1072
  <a href="<?php echo esc_url(wp_lostpassword_url()); ?>"><?php _e('Lost your password?'); ?></a>
1073
  <?php endif; ?>
1074
  </p>
1075
+ <?php } ?>
1076
 
1077
  <script type="text/javascript">
1078
  function wp_attempt_focus() {
1080
  <?php if ($user_login) { ?>
1081
  d = document.getElementById('user_pass');
1082
  d.value = '';
1083
+ <?php } else { ?>
1084
  d = document.getElementById('user_login');
1085
  <?php if ('invalid_username' == $errors->get_error_code()) { ?>
1086
  if (d.value != '')
1104
  */
1105
  if (apply_filters('enable_login_autofocus', true) && ! $error) { ?>
1106
  wp_attempt_focus();
1107
+ <?php } ?>
1108
  if (typeof wpOnload=='function')wpOnload();
1109
  <?php if ($interim_login) { ?>
1110
  (function() {
1116
  }
1117
  } catch(e) {}
1118
  }());
1119
+ <?php } ?>
1120
  </script>
1121
 
1122
  <?php
1123
+ login_footer();
1124
 
1125
+ if ($switched_locale) {
1126
  restore_previous_locale();
1127
  }
1128
  break;
other-includes/wp-security-rename-login-feature-pre-5-7.php CHANGED
@@ -537,12 +537,10 @@ if (defined('RELOCATE') && RELOCATE) { // Move flag is set.
537
  }
538
  }
539
 
540
- // Set a cookie now to see if they are supported by the browser.
541
- $secure = ('https' === parse_url(wp_login_url(), PHP_URL_SCHEME));
542
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure);
543
 
544
  if (SITECOOKIEPATH !== COOKIEPATH) {
545
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
546
  }
547
 
548
  /**
@@ -766,16 +764,9 @@ switch ($action) {
766
  *
767
  * @param int $expires The expiry time, as passed to setcookie().
768
  */
769
- $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
770
- $referer = wp_get_referer();
771
 
772
- if ($referer) {
773
- $secure = ('https' === parse_url($referer, PHP_URL_SCHEME));
774
- } else {
775
- $secure = false;
776
- }
777
-
778
- setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
779
 
780
  wp_safe_redirect(wp_get_referer());
781
  exit;
537
  }
538
  }
539
 
540
+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
 
 
541
 
542
  if (SITECOOKIEPATH !== COOKIEPATH) {
543
+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
544
  }
545
 
546
  /**
764
  *
765
  * @param int $expires The expiry time, as passed to setcookie().
766
  */
767
+ $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
 
768
 
769
+ setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
 
 
 
 
 
 
770
 
771
  wp_safe_redirect(wp_get_referer());
772
  exit;
other-includes/wp-security-rename-login-feature.php CHANGED
@@ -395,12 +395,10 @@ if (defined('RELOCATE') && RELOCATE) { // Move flag is set.
395
  }
396
  }
397
 
398
- // Set a cookie now to see if they are supported by the browser.
399
- $secure = ('https' === parse_url(wp_login_url(), PHP_URL_SCHEME));
400
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure);
401
 
402
  if (SITECOOKIEPATH !== COOKIEPATH) {
403
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
404
  }
405
 
406
  /**
@@ -624,16 +622,9 @@ switch ($action) {
624
  *
625
  * @param int $expires The expiry time, as passed to setcookie().
626
  */
627
- $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
628
- $referer = wp_get_referer();
629
 
630
- if ($referer) {
631
- $secure = ('https' === parse_url($referer, PHP_URL_SCHEME));
632
- } else {
633
- $secure = false;
634
- }
635
-
636
- setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
637
 
638
  wp_safe_redirect(wp_get_referer());
639
  exit;
395
  }
396
  }
397
 
398
+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
 
 
399
 
400
  if (SITECOOKIEPATH !== COOKIEPATH) {
401
+ setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
402
  }
403
 
404
  /**
622
  *
623
  * @param int $expires The expiry time, as passed to setcookie().
624
  */
625
+ $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
 
626
 
627
+ setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
 
 
 
 
 
 
628
 
629
  wp_safe_redirect(wp_get_referer());
630
  exit;
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall,
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.0
8
- Stable tag: 5.0.7
9
  License: GPLv3 or later
10
 
11
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -179,6 +179,21 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
179
 
180
  == Changelog ==
181
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
182
  = 5.0.7 - 08/September/2022 =
183
 
184
  * FIX: The Login URL was prefixed with the site URL instead of the home URL when the home URL is different than the site URL.
@@ -1048,6 +1063,5 @@ those who want to enable the basic firewall but do not have "AllowOverride" opti
1048
  = 1.0 =
1049
  - First commit to the WP repository.
1050
 
1051
-
1052
  == Upgrade Notice ==
1053
- * 5.0.7: The 5.0 series has various new features such as a PHP-based firewall, Two Factor Authentication, and WHOIS lookup have been added. It contains various fixes and tweaks. 5.0.X releases are fixing issues discovered in the 5.0 branch. A recommended update for all.
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.0
8
+ Stable tag: 5.0.8
9
  License: GPLv3 or later
10
 
11
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
179
 
180
  == Changelog ==
181
 
182
+ = 5.0.8 - 29/September/2022 =
183
+
184
+ * SECURITY/FEATURE: Fix IP address detection, and give IP address detection settings in the Admin Dashboard > WP Security > Settings > Advanced Settings, provide user guidance on how to use them, and notify the user if there any problem is apparent. Versions from 5.0.0 to 5.0.7 had a defect allowing an attacker to spoof their IP address, aiding them to avoid detection or locking out legitimate users. Thanks to Calvin Alkan for the responsible disclosure.
185
+ * FIX: The 403 forbidden error was shown on the wp login screen if the login url contains the redirect_to parameter and the deny bad query strings firewall feature is enabled on localhost.
186
+ * FIX: The PUT request method was blocked when the user enabled the 6G firewall.
187
+ * FIX: The login whitelisting didn't work on servers not supporting .htaccess files, without this information being dislayed in the user interface. The feature is now ported to PHP so that it works on all servers. Thanks to Calvin Alkan for identifying this issue.
188
+ * TWEAK: Add index keys to the login lockdown, failed_logins and the permanent block tables to prevent poor database reading performance in the event of vast numbers of rows being stored in these tables (see the "SECURITY" item above, since the defect described there can allow this). Thanks to Calvin Alkan for identifying this issue.
189
+ * TWEAK: Resolve a PHP-firewall 'Unable to locate workspace' log message.
190
+ * TWEAK: Added a constant AIOS_DISABLE_GET_EXTERNAL_IP. Define this in your wp-config.php to disable getting the IP address via an external API when the IP retrieval method fail to get a valid IP address.
191
+ * TWEAK: Replace deprecated jQuery(document).ready() calls.
192
+ * TWEAK: Disable cookie access via JS and HTTP for cookie-based brute force prevention.
193
+ * TWEAK: Enhanced cookie storage mechanism for cookie-based brute force prevention. Thanks to Calvin Alkan for identifying this improvement.
194
+ * TWEAK: Display notice alerting the user that the block spam comment doesn't work on non-apache servers in the block spam comment section. Thanks to Calvin Alkan for identifying this omission.
195
+ * TWEAK: Added a constant AIOS_DISABLE_LOGIN_WHITELIST. Define this in your wp-config.php to disable login IP whitelist.
196
+
197
  = 5.0.7 - 08/September/2022 =
198
 
199
  * FIX: The Login URL was prefixed with the site URL instead of the home URL when the home URL is different than the site URL.
1063
  = 1.0 =
1064
  - First commit to the WP repository.
1065
 
 
1066
  == Upgrade Notice ==
1067
+ * 5.0.8: This is a security fix release fixing issues allowing an attacker to evade detection and block legitimate users, and to degrade site performance; full details are in the changelog. Many other further tweaks and improvements. All users are recommended to update.
templates/menus/settings/advanced-settings.php ADDED
@@ -0,0 +1,220 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <div class="postbox">
2
+ <h3 class="hndle"><label for="title"><?php _e('IP address detection settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
3
+ <div class="inside">
4
+ <div class="aio_blue_box">
5
+ <?php
6
+ echo '<p>'.__('The IP address detection settings allow you to specify how visitors\' IP addresses are made known to PHP (and hence to WordPress and its plugins).', 'all-in-one-wp-security-and-firewall').
7
+ '<br />'.__('Usually, this is automatic and there is only one choice.', 'all-in-one-wp-security-and-firewall').
8
+ ' '.__('However in some setups, such as those using proxies (including load-balancers and security firewalls like Cloudflare), it may be necessary to set this manually.', 'all-in-one-wp-security-and-firewall').
9
+ '</p><p><strong>'.__('Attention', 'all-in-one-wp-security-and-firewall').':</strong> '.__('It is important to set this correctly - otherwise you may make it possible for a hacker to ban all your visitors (e.g. via banning Cloudflare from connecting to you) instead of being banned himself.', 'all-in-one-wp-security-and-firewall').'</p><p>'.__("The default is to use the REMOTE_ADDR PHP server variable. If this variable does not contain the visitor's IP address, then whilst you can make a different selection below, it is better to ask your web hosting company to have it correctly set.", 'all-in-one-wp-security-and-firewall') . ' ' .
10
+ __("This is the most secure setup, because when set correctly it is immune from being spoofed by an attacker.", 'all-in-one-wp-security-and-firewall').'</p>';
11
+ ?>
12
+ </div>
13
+
14
+ <?php
15
+ if (empty($server_suitable_ip_methods)) {
16
+ echo '<br><strong>'.__('You have no available IP address detection method(s); you must contact your web hosting company.', 'all-in-one-wp-security-and-firewall').'</strong>';
17
+ }
18
+ ?>
19
+
20
+ <br><br>
21
+ <?php
22
+ echo sprintf(__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'Cloudflare');
23
+ ?>
24
+ <span id="aios-cloudflare-ip-address"></span>
25
+ <br>
26
+ <?php
27
+ echo sprintf(__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'ipify (IPv4)');
28
+ ?>
29
+ <span id="aios-ipify-ip-address"></span>
30
+ <br>
31
+ <?php
32
+ echo sprintf(__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'ipify (IPv6)');
33
+ ?>
34
+ <span id="aios-ipify-ip-64-address"></span>
35
+ <?php
36
+ if ($is_localhost) {
37
+ echo '<br>';
38
+ echo __("If your site is setup on localhost, you won't see your external IP address using your server's IP detection setting; but on a localhost-served site (not available to the outside world), the setting is irrelevant and can be ignored.", 'all-in-one-wp-security-and-firewall');
39
+ }
40
+ ?>
41
+ <style>
42
+ #aiowps_ip_retrieve_method option:disabled { color: #cccccc; }
43
+ .aios-ip-error { color: #ff0000; }
44
+ </style>
45
+ <form action="" method="POST">
46
+ <?php wp_nonce_field('aiowpsec-ip-settings-nonce'); ?>
47
+ <table class="form-table">
48
+ <tr valign="top">
49
+ <td>
50
+ <select id="aiowps_ip_retrieve_method" name="aiowps_ip_retrieve_method">
51
+ <?php
52
+ $current_ip_retrieve_method = $aio_wp_security->configs->get_value('aiowps_ip_retrieve_method');
53
+ foreach ($ip_retrieve_methods as $ip_method_id => $vals) {
54
+ ?>
55
+ <option value="<?php echo esc_attr($ip_method_id); ?>" <?php selected($current_ip_retrieve_method, $ip_method_id); ?> <?php disabled($vals['is_enabled'], false); ?>><?php echo $vals['ip_method']; ?></option>
56
+ <?php
57
+ }
58
+ ?>
59
+ </select>
60
+ <span class="description">
61
+ <?php _e("Choose a \$_SERVER variable you would like to detect visitors' IP address using.", 'all-in-one-wp-security-and-firewall'); ?>
62
+ </span>
63
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
64
+ <div class="aiowps_more_info_body">
65
+ <p class="description">
66
+ <?php
67
+ _e('If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER["REMOTE_ADDR"]', 'all-in-one-wp-security-and-firewall');
68
+ ?>
69
+ </p>
70
+ </div>
71
+ <div class="description">
72
+ <?php
73
+ echo __('Your IP address if using this setting:', 'all-in-one-wp-security-and-firewall') . ' ';
74
+ ?>
75
+ <span id="aios-ip-address-of-method"><?php _e('fetching...', 'all-in-one-wp-security-and-firewall'); ?></span>
76
+ </div>
77
+ <script>
78
+ jQuery(function() {
79
+ var get_ip_error_count = 0;
80
+ var unexpected_response_text = '<?php _e('Unexpected response:', 'updraftplus'); ?> ';
81
+ var getting_text = ' ' + '<?php _e('getting...', 'all-in-one-wp-security-and-firewall'); ?>'
82
+
83
+
84
+ jQuery('#aios-cloudflare-ip-address').html(getting_text);
85
+
86
+ function aios_get_ip_error() {
87
+ get_ip_error_count++;
88
+ if (get_ip_error_count > 3) {
89
+ var additional_error_msg = ' ' + '(<?php _e('look-up possibly blocked by an ad-blocker or similar tool', 'all-in-one-wp-security-and-firewall'); ?>)';
90
+ jQuery('#aios-cloudflare-ip-address').html(getting_text);
91
+ jQuery('#aios-ipify-ip-address').html(getting_text);
92
+ jQuery('#aios-ipify-ip-64-address').html(getting_text);
93
+
94
+
95
+ }
96
+ }
97
+
98
+ jQuery.ajax({
99
+ type: 'GET',
100
+ url: 'https://www.cloudflare.com/cdn-cgi/trace',
101
+ success: function (response, status) {
102
+ try {
103
+ // Convert key-value pairs to JSON
104
+ // https://stackoverflow.com/a/39284735/452587
105
+ var data = response.trim().split('\n').reduce(function (obj, pair) {
106
+ pair = pair.split('=');
107
+ return obj[pair[0]] = pair[1], obj;
108
+ }, {});
109
+ } catch (e) {
110
+ var error_msg =
111
+ unexpected_response_text+' '+response;
112
+ jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
113
+ console.log(e);
114
+ console.log(response);
115
+ return;
116
+ }
117
+
118
+ if (data.hasOwnProperty('ip')) {
119
+ jQuery('#aios-cloudflare-ip-address').html(data.ip);
120
+ } else {
121
+ var error_msg = "failure: The IP line doesn't exist in the response. Response: " + response + " Status: " + status;
122
+ jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
123
+ console.log(error_msg);
124
+ console.log(response);
125
+ }
126
+ },
127
+ error: function (response, status, error_code) {
128
+ var error_msg = "failure: " + status + " (" + error_code + ")";
129
+ jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
130
+ console.log(error_msg);
131
+ console.log(response);
132
+ aios_get_ip_error();
133
+ }
134
+ });
135
+
136
+ function aios_fill_ipify_ip_address($is_ipv6) {
137
+ if ($is_ipv6) {
138
+ var url = 'https://api64.ipify.org?format=json';
139
+ var selector = '#aios-ipify-ip-64-address';
140
+ var error_msg = 'IPv4 ';
141
+ } else { // IPv4
142
+ var url = 'https://api.ipify.org?format=json';
143
+ var selector = '#aios-ipify-ip-address';
144
+ var error_msg = 'IPv6 ';
145
+ }
146
+
147
+ jQuery(selector).html(getting_text);
148
+
149
+ jQuery.ajax({
150
+ type: 'GET',
151
+ dataType: 'json',
152
+ url: url,
153
+ success: function (response, status) {
154
+ if (response.hasOwnProperty('ip')) {
155
+ jQuery(selector).html(response.ip);
156
+ } else {
157
+ error_msg += "failure: The IP line doesn't exist in the response. Response: " + JSON.stringify(response) + " Status: " + status;
158
+ jQuery(selector).addClass('aios-ip-error').html(error_msg);
159
+ console.log(error_msg);
160
+ console.log(response);
161
+ }
162
+ },
163
+ error: function (response, status, error_code) {
164
+ error_msg += "failure: " + status + " (" + error_code + ")";
165
+ jQuery(selector).addClass('aios-ip-error').html(error_msg);
166
+ console.log(error_msg);
167
+ console.log(response);
168
+ aios_get_ip_error();
169
+ }
170
+ });
171
+ }
172
+ aios_fill_ipify_ip_address(false);
173
+ aios_fill_ipify_ip_address(true); // IPv6
174
+
175
+
176
+ jQuery('#aiowps_ip_retrieve_method').on('change', function() {
177
+ jQuery('#aios-ip-address-of-method').html(getting_text);
178
+ var ip_retrieve_method = jQuery('#aiowps_ip_retrieve_method').val();
179
+
180
+ // If selected disabled option, we get null value.
181
+ // Previously saved value and the option is disabled now.
182
+ if (null == ip_retrieve_method) {
183
+ jQuery('#aios-ip-address-of-method').html('');
184
+ return;
185
+ }
186
+
187
+ aios_send_command('get_ip_address_of_given_method', {
188
+ ip_retrieve_method: jQuery('#aiowps_ip_retrieve_method').val()
189
+ }, function (resp) {
190
+ jQuery('#aios-ip-address-of-method').html("<?php _e('getting...', 'all-in-one-wp-security-and-firewall'); ?>");
191
+ if (resp.hasOwnProperty('ip_address')) {
192
+ jQuery('#aios-ip-address-of-method').html(resp.ip_address);
193
+ } else {
194
+ alert(unexpected_response_text + JSON.stringify(resp));
195
+ console.log(resp);
196
+ }
197
+ }, {
198
+ error_callback: function (response, status, error_code, resp) {
199
+ if (typeof resp !== 'undefined' && resp.hasOwnProperty('fatal_error')) {
200
+ console.error(resp.fatal_error_message);
201
+ alert(resp.fatal_error_message);
202
+ } else {
203
+ var error_message = "aios_send_command: error: " + status + " (" + error_code + ")";
204
+ console.log(error_message);
205
+ alert(error_message);
206
+ console.log(response);
207
+ }
208
+ }
209
+ });
210
+ });
211
+ jQuery('#aiowps_ip_retrieve_method').change();
212
+ });
213
+ </script>
214
+ </td>
215
+ </tr>
216
+ </table>
217
+ <input type="submit" name="aiowps_save_advanced_settings" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall');?>" class="button-primary" />
218
+ </form>
219
+ </div>
220
+ </div>
templates/notices/{automated-database-backup-notice.php → custom-notice.php} RENAMED
@@ -7,9 +7,9 @@
7
  <?php echo $title; ?>
8
  <div class="aiowps_advert_dismiss">
9
  <?php if (!empty($dismiss_time)) { ?>
10
- <a href="#" onclick="jQuery('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aiowps_ajax', subaction: '<?php echo $dismiss_time;?>', nonce: '<?php echo wp_create_nonce('wp-security-ajax-nonce');?>' });"><?php _e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
11
  <?php } else { ?>
12
- <a href="#" onclick="jQuery('.aiowps_ad_container').slideUp();"><?php _e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
13
  <?php } ?>
14
  </div>
15
  </h3>
@@ -23,7 +23,7 @@
23
  <a class="aiowps_notice_link button button-primary" href="<?php esc_attr_e($button_link);?>">
24
  <?php echo $button_meta; ?>
25
  </a>
26
- <a class="aiowps_notice_link button button-secondary" style="margin-left: 8px;" href="#" onclick="jQuery('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aiowps_ajax', subaction: '<?php echo $dismiss_time;?>', nonce: '<?php echo wp_create_nonce('wp-security-ajax-nonce');?>', dismiss_forever: '1' });">
27
  <?php _e('No', 'all-in-one-wp-security-and-firewall'); ?>
28
  </a>
29
  </p>
7
  <?php echo $title; ?>
8
  <div class="aiowps_advert_dismiss">
9
  <?php if (!empty($dismiss_time)) { ?>
10
+ <a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aiowps_ajax', subaction: '<?php echo $dismiss_time;?>', nonce: '<?php echo wp_create_nonce('wp-security-ajax-nonce');?>' });"><?php _e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
11
  <?php } else { ?>
12
+ <a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp();"><?php _e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
13
  <?php } ?>
14
  </div>
15
  </h3>
23
  <a class="aiowps_notice_link button button-primary" href="<?php esc_attr_e($button_link);?>">
24
  <?php echo $button_meta; ?>
25
  </a>
26
+ <a class="aiowps_notice_link button button-secondary" style="margin-left: 8px;" href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aiowps_ajax', subaction: '<?php echo $dismiss_time;?>', nonce: '<?php echo wp_create_nonce('wp-security-ajax-nonce');?>', dismiss_forever: '1' });">
27
  <?php _e('No', 'all-in-one-wp-security-and-firewall'); ?>
28
  </a>
29
  </p>
templates/notices/disable-login-whitelist.php ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
2
+
3
+ <div class="error">
4
+ <h3><?php _e('Login whitelisting currently disabled', 'all-in-one-wp-security-and-firewall');?></h3>
5
+ <p>
6
+ <?php _e('Login whitelisting is currently disabled via the AIOS_DISABLE_LOGIN_WHITELIST constant (which is mostly likely to be defined in your wp-config.php)', 'all-in-one-wp-security-and-firewall'); ?>
7
+ </p>
8
+ </div>
templates/partials/non-apache-feature-notice.php ADDED
@@ -0,0 +1,15 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed');
3
+
4
+ if (!AIOWPSecurity_Utility::is_apache_server()) {
5
+ ?>
6
+ <div class="aio_red_box">
7
+ <p>
8
+ <?php
9
+ echo '<strong>' . __('Attention:', 'all-in-one-wp-security-and-firewall') . '</strong> ' . __('This feature works only on the Apache server.', 'all-in-one-wp-security-and-firewall') . ' ';
10
+ echo htmlspecialchars(sprintf(__("You are using the non-apache server %s, so this feature won't work on your site.", 'all-in-one-wp-security-and-firewall'), esc_html(AIOWPSecurity_Utility::get_server_software())));
11
+ ?>
12
+ </p>
13
+ </div>
14
+ <?php
15
+ }
vendor/composer/installed.php CHANGED
@@ -5,7 +5,7 @@
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
- 'reference' => '8fad4385dbb10db3db3d3f01a510f2b5461c23f5',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
@@ -34,7 +34,7 @@
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
- 'reference' => '8fad4385dbb10db3db3d3f01a510f2b5461c23f5',
38
  'dev_requirement' => false,
39
  ),
40
  ),
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
+ 'reference' => '61ce6659bdea4d22431826c5d8e6d3e67de9a0c6',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
+ 'reference' => '61ce6659bdea4d22431826c5d8e6d3e67de9a0c6',
38
  'dev_requirement' => false,
39
  ),
40
  ),
wp-security-core.php CHANGED
@@ -8,9 +8,9 @@ if (!class_exists('AIO_WP_Security')) {
8
 
9
  class AIO_WP_Security {
10
 
11
- public $version = '5.0.7';
12
 
13
- public $db_version = '1.9.3';
14
 
15
  public $plugin_url;
16
 
@@ -148,6 +148,7 @@ if (!class_exists('AIO_WP_Security')) {
148
  if (!defined('AIOS_PURGE_EVENTS_RECORDS_AFTER_DAYS')) define('AIOS_PURGE_EVENTS_RECORDS_AFTER_DAYS', 90);
149
  if (!defined('AIOS_PURGE_LOGIN_ACTIVITY_RECORDS_AFTER_DAYS')) define('AIOS_PURGE_LOGIN_ACTIVITY_RECORDS_AFTER_DAYS', 90);
150
  if (!defined('AIOS_PURGE_GLOBAL_META_DATA_RECORDS_AFTER_DAYS')) define('AIOS_PURGE_GLOBAL_META_DATA_RECORDS_AFTER_DAYS', 90);
 
151
 
152
  global $wpdb;
153
  define('AIOWPSEC_TBL_LOGIN_LOCKDOWN', $wpdb->prefix . 'aiowps_login_lockdown');
@@ -210,6 +211,8 @@ if (!class_exists('AIO_WP_Security')) {
210
  $debug_config = $this->configs->get_value('aiowps_enable_debug');
211
  $debug_enabled = empty($debug_config) ? false : true;
212
  $this->debug_logger = new AIOWPSecurity_Logger($debug_enabled);
 
 
213
  }
214
 
215
  /**
@@ -290,6 +293,12 @@ if (!class_exists('AIO_WP_Security')) {
290
  }
291
  } elseif ('dismiss_automated_database_backup_notice' == $subaction) {
292
  $this->delete_automated_backup_configs();
 
 
 
 
 
 
293
  } else {
294
  // Other commands, available for any remote method.
295
  }
@@ -480,8 +489,6 @@ if (!class_exists('AIO_WP_Security')) {
480
  add_action('login_enqueue_scripts', array($this, 'aiowps_login_enqueue'));
481
  add_action('wp_footer', array($this, 'aiowps_footer_content'));
482
 
483
- $this->configs->add_value('installed-at', time());
484
-
485
  add_action('wp_ajax_aiowps_ajax', array($this, 'aiowps_ajax_handler'));
486
 
487
  add_action('wp_login', array('AIOWPSecurity_User_Login', 'wp_login_action_handler'), 10, 2);
@@ -675,6 +682,14 @@ if (!class_exists('AIO_WP_Security')) {
675
  return $this->configs->get_value('aiowps_enable_brute_force_attack_prevention');
676
  }
677
 
 
 
 
 
 
 
 
 
678
  } // End of class
679
 
680
  }//End of class not exists check
8
 
9
  class AIO_WP_Security {
10
 
11
+ public $version = '5.0.8';
12
 
13
+ public $db_version = '1.9.5';
14
 
15
  public $plugin_url;
16
 
148
  if (!defined('AIOS_PURGE_EVENTS_RECORDS_AFTER_DAYS')) define('AIOS_PURGE_EVENTS_RECORDS_AFTER_DAYS', 90);
149
  if (!defined('AIOS_PURGE_LOGIN_ACTIVITY_RECORDS_AFTER_DAYS')) define('AIOS_PURGE_LOGIN_ACTIVITY_RECORDS_AFTER_DAYS', 90);
150
  if (!defined('AIOS_PURGE_GLOBAL_META_DATA_RECORDS_AFTER_DAYS')) define('AIOS_PURGE_GLOBAL_META_DATA_RECORDS_AFTER_DAYS', 90);
151
+ if (!defined('AIOS_DEFAULT_BRUTE_FORCE_FEATURE_SECRET_WORD')) define('AIOS_DEFAULT_BRUTE_FORCE_FEATURE_SECRET_WORD', 'aiossecret');
152
 
153
  global $wpdb;
154
  define('AIOWPSEC_TBL_LOGIN_LOCKDOWN', $wpdb->prefix . 'aiowps_login_lockdown');
211
  $debug_config = $this->configs->get_value('aiowps_enable_debug');
212
  $debug_enabled = empty($debug_config) ? false : true;
213
  $this->debug_logger = new AIOWPSecurity_Logger($debug_enabled);
214
+
215
+ $this->load_ajax_handler();
216
  }
217
 
218
  /**
293
  }
294
  } elseif ('dismiss_automated_database_backup_notice' == $subaction) {
295
  $this->delete_automated_backup_configs();
296
+ } elseif ('dismiss_ip_retrieval_settings_notice' == $subaction) {
297
+ $this->configs->set_value($subaction, 1);
298
+ } elseif ('dismiss_ip_retrieval_settings_notice' == $subaction) {
299
+ $this->configs->set_value('aiowps_is_login_whitelist_disabled_on_upgrade', 1);
300
+ } elseif ('dismiss_login_whitelist_disabled_on_upgrade_notice' == $subaction) {
301
+ $this->configs->delete_value('aiowps_is_login_whitelist_disabled_on_upgrade');
302
  } else {
303
  // Other commands, available for any remote method.
304
  }
489
  add_action('login_enqueue_scripts', array($this, 'aiowps_login_enqueue'));
490
  add_action('wp_footer', array($this, 'aiowps_footer_content'));
491
 
 
 
492
  add_action('wp_ajax_aiowps_ajax', array($this, 'aiowps_ajax_handler'));
493
 
494
  add_action('wp_login', array('AIOWPSecurity_User_Login', 'wp_login_action_handler'), 10, 2);
682
  return $this->configs->get_value('aiowps_enable_brute_force_attack_prevention');
683
  }
684
 
685
+ /**
686
+ * Instantiate Ajax handling class
687
+ */
688
+ private function load_ajax_handler() {
689
+ include_once(AIO_WP_SECURITY_PATH.'/classes/aios-ajax.php');
690
+ AIOS_Ajax::get_instance();
691
+ }
692
+
693
  } // End of class
694
 
695
  }//End of class not exists check
wp-security.php CHANGED
@@ -2,7 +2,7 @@
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
- Version: 5.0.7
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
+ Version: 5.0.8
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team