All In One WP Security & Firewall - Version 5.1.2

Version Description

  • 07/December/2022 =

  • FEATURE: User Agent - Blacklist manager functionality should be based on PHP instead .htaccess rules.

  • FIX: Sorting by 'status' on the comment spam table

  • FIX: Copy protection feature not working on iPhone

  • FIX: Cookie based brute force prevention locks out if plugin deactivated and activated again.

  • FIX: The notice to reapply .htaccess rules after reactivating the plugin is displayed on subsites.

  • FIX: Various WordPress command line notices about undefined $_SERVER indexes

  • FIX: Deativate and reactivate plugin firewall settings file sync issue solved.

  • TWEAK: 2FA setting page to show premium options for AIOS premium.

  • TWEAK: Remove characters that should not have been on the scanner page

  • TWEAK: Organise firewall rules into subdirectories

  • TWEAK: Added GDPR question answer to the AIOS WP org plugin's FAQ section.

  • TWEAK: Allow AIOS management permission to be filtered via aios_management_permission filter

  • TWEAK: Make use of is_main_site() function.

  • TWEAK: Copy IP to clipboard when clicking on it at WP Security -> Brute Force -> Login whitelist.

Download this release

Release Info

Developer DavidAnderson
Plugin Icon 128x128 All In One WP Security & Firewall
Version 5.1.2
Comparing to
See all releases

Code changes from version 5.1.1 to 5.1.2

Files changed (41) hide show
  1. admin/wp-security-admin-init.php +25 -33
  2. admin/wp-security-blacklist-menu.php +156 -144
  3. admin/wp-security-brute-force-menu.php +6 -6
  4. admin/wp-security-database-menu.php +1 -1
  5. admin/wp-security-filescan-menu.php +386 -386
  6. admin/wp-security-firewall-setup-notice.php +1 -1
  7. admin/wp-security-list-comment-spammer-ip.php +45 -24
  8. admin/wp-security-settings-menu.php +1 -2
  9. admin/wp-security-spam-menu.php +1 -1
  10. admin/wp-security-user-registration-menu.php +1 -1
  11. classes/aios-ajax.php +1 -1
  12. classes/firewall/family/wp-security-firewall-families.php +1 -1
  13. classes/firewall/rule/rules/{rule-block-query-strings-6g.php → 6g/rule-block-query-strings-6g.php} +1 -1
  14. classes/firewall/rule/rules/{rule-block-refs-6g.php → 6g/rule-block-refs-6g.php} +1 -1
  15. classes/firewall/rule/rules/{rule-block-request-strings-6g.php → 6g/rule-block-request-strings-6g.php} +5 -2
  16. classes/firewall/rule/rules/{rule-block-user-agents-6g.php → 6g/rule-block-user-agents-6g.php} +1 -1
  17. classes/firewall/rule/rules/{rule-request-method-6g.php → 6g/rule-request-method-6g.php} +0 -0
  18. classes/firewall/rule/rules/blacklist/rule-user-agent-blacklist.php +56 -0
  19. classes/firewall/rule/rules/{rule-cookie-prevent-bruteforce.php → bruteforce/rule-cookie-prevent-bruteforce.php} +2 -2
  20. classes/firewall/rule/wp-security-firewall-rule-builder.php +5 -9
  21. classes/firewall/rule/wp-security-firewall-rule.php +8 -0
  22. classes/firewall/wp-security-firewall-loader.php +3 -0
  23. classes/wp-security-config.php +12 -12
  24. classes/wp-security-configure-settings.php +43 -3
  25. classes/wp-security-deactivation-tasks.php +7 -4
  26. classes/wp-security-general-init-tasks.php +19 -11
  27. classes/wp-security-installer.php +37 -14
  28. classes/wp-security-two-factor-login.php +4 -4
  29. classes/wp-security-uninstallation-tasks.php +2 -7
  30. classes/wp-security-user-login.php +1 -1
  31. classes/wp-security-utility-firewall.php +2 -5
  32. classes/wp-security-utility-htaccess.php +0 -41
  33. classes/wp-security-utility.php +3 -1
  34. classes/wp-security-wp-footer-content.php +17 -26
  35. includes/simba-tfa/simba-tfa.php +2 -1
  36. js/wp-security-admin-script.js +28 -2
  37. languages/all-in-one-wp-security-and-firewall.pot +224 -224
  38. readme.txt +35 -12
  39. vendor/composer/installed.php +2 -2
  40. wp-security-core.php +21 -6
  41. wp-security.php +2 -2
admin/wp-security-admin-init.php CHANGED
@@ -46,7 +46,7 @@ class AIOWPSecurity_Admin_Init {
46
  //This class is only initialized if is_admin() is true
47
 
48
  //handle CSV download
49
- if (current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) {
50
  $this->admin_includes();
51
  add_action('admin_menu', array($this, 'create_admin_menus'));
52
  add_action('admin_menu', array($this, 'premium_upgrade_submenu'), 40);
@@ -160,7 +160,7 @@ class AIOWPSecurity_Admin_Init {
160
  return $this->is_aiowps_admin_page;
161
  }
162
  global $pagenow;
163
- $this->is_aiowps_admin_page = (current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION) && 'admin.php' == $pagenow && isset($_GET['page']) && false !== strpos($_GET['page'], AIOWPSEC_MENU_SLUG_PREFIX));
164
  return $this->is_aiowps_admin_page;
165
  }
166
 
@@ -257,6 +257,7 @@ class AIOWPSecurity_Admin_Init {
257
  wp_localize_script('aiowpsec-admin-js', 'aios_trans',
258
  array(
259
  'unexpected_response' => __('Unexpected response:', 'all-in-one-wp-security-and-firewall'),
 
260
  )
261
  );
262
  wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
@@ -411,50 +412,42 @@ class AIOWPSecurity_Admin_Init {
411
  function create_admin_menus()
412
  {
413
  $menu_icon_url = AIO_WP_SECURITY_URL.'/images/plugin-icon.png';
414
- $this->main_menu_page = add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG , array($this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
415
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'all-in-one-wp-security-and-firewall'), __('Dashboard', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG, array($this, 'handle_dashboard_menu_rendering'));
416
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'all-in-one-wp-security-and-firewall'), __('Settings', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SETTINGS_MENU_SLUG, array($this, 'handle_settings_menu_rendering'));
417
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'all-in-one-wp-security-and-firewall'), __('User Accounts', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array($this, 'handle_user_accounts_menu_rendering'));
418
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'all-in-one-wp-security-and-firewall'), __('User Login', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_LOGIN_MENU_SLUG, array($this, 'handle_user_login_menu_rendering'));
419
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'all-in-one-wp-security-and-firewall'), __('User Registration', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array($this, 'handle_user_registration_menu_rendering'));
420
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'all-in-one-wp-security-and-firewall'), __('Database Security', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_DB_SEC_MENU_SLUG, array($this, 'handle_database_menu_rendering'));
421
- if (is_multisite() && get_current_blog_id() != 1){
422
- //Suppress the Filesystem Security menu if site is a multi site AND not the main site
423
- }else{
424
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'all-in-one-wp-security-and-firewall'), __('Filesystem Security', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESYSTEM_MENU_SLUG, array($this, 'handle_filesystem_menu_rendering'));
425
  }
426
- if (is_multisite() && get_current_blog_id() != 1){
427
- //Suppress the Blacklist Manager menu if site is a multi site AND not the main site
428
- }else{
429
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'all-in-one-wp-security-and-firewall'), __('Blacklist Manager', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BLACKLIST_MENU_SLUG, array($this, 'handle_blacklist_menu_rendering'));
430
  }
431
- if (is_multisite() && get_current_blog_id() != 1){
432
- //Suppress the firewall menu if site is a multi site AND not the main site
433
- }else{
434
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'all-in-one-wp-security-and-firewall'), __('Firewall', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array($this, 'handle_firewall_menu_rendering'));
435
  }
436
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'all-in-one-wp-security-and-firewall'), __('Brute Force', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array($this, 'handle_brute_force_menu_rendering'));
437
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array($this, 'handle_spam_menu_rendering'));
438
- if (is_multisite() && get_current_blog_id() != 1){
439
- //Suppress the filescan menu if site is a multi site AND not the main site
440
- }else{
441
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'all-in-one-wp-security-and-firewall'), __('Scanner', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FILESCAN_MENU_SLUG, array($this, 'handle_filescan_menu_rendering'));
442
  }
443
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'all-in-one-wp-security-and-firewall'), __('Maintenance', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAINTENANCE_MENU_SLUG, array($this, 'handle_maintenance_menu_rendering'));
444
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'all-in-one-wp-security-and-firewall'), __('Miscellaneous', 'all-in-one-wp-security-and-firewall') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MISC_MENU_SLUG, array($this, 'handle_misc_menu_rendering'));
445
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Tools', 'all-in-one-wp-security-and-firewall'), __('Tools', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_TOOLS_MENU_SLUG, array($this, 'handle_tools_menu_rendering'));
446
  do_action('aiowpsecurity_admin_menu_created');
447
  }
448
 
449
  /**
450
- * Adds submenu link to premium upgrade tab.
451
  *
452
  * @return Void
453
  */
454
  public function premium_upgrade_submenu() {
455
  if (!defined('AIOWPSECURITY_NOADS_B') || !AIOWPSECURITY_NOADS_B) {
456
  global $submenu;
457
- $submenu[AIOWPSEC_MAIN_MENU_SLUG][] = array(__('Premium Upgrade', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, 'admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=premium-upgrade');
458
  }
459
  }
460
 
@@ -554,4 +547,3 @@ class AIOWPSecurity_Admin_Init {
554
  }
555
 
556
  }//End of class
557
-
46
  //This class is only initialized if is_admin() is true
47
 
48
  //handle CSV download
49
+ if (current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
50
  $this->admin_includes();
51
  add_action('admin_menu', array($this, 'create_admin_menus'));
52
  add_action('admin_menu', array($this, 'premium_upgrade_submenu'), 40);
160
  return $this->is_aiowps_admin_page;
161
  }
162
  global $pagenow;
163
+ $this->is_aiowps_admin_page = (current_user_can(apply_filters('aios_management_permission', 'manage_options')) && 'admin.php' == $pagenow && isset($_GET['page']) && false !== strpos($_GET['page'], AIOWPSEC_MENU_SLUG_PREFIX));
164
  return $this->is_aiowps_admin_page;
165
  }
166
 
257
  wp_localize_script('aiowpsec-admin-js', 'aios_trans',
258
  array(
259
  'unexpected_response' => __('Unexpected response:', 'all-in-one-wp-security-and-firewall'),
260
+ 'copied' => __('Copied', 'all-in-one-wp-security-and-firewall')
261
  )
262
  );
263
  wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
412
  function create_admin_menus()
413
  {
414
  $menu_icon_url = AIO_WP_SECURITY_URL.'/images/plugin-icon.png';
415
+ $this->main_menu_page = add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG , array($this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
416
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'all-in-one-wp-security-and-firewall'), __('Dashboard', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG, array($this, 'handle_dashboard_menu_rendering'));
417
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'all-in-one-wp-security-and-firewall'), __('Settings', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_SETTINGS_MENU_SLUG, array($this, 'handle_settings_menu_rendering'));
418
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'all-in-one-wp-security-and-firewall'), __('User Accounts', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array($this, 'handle_user_accounts_menu_rendering'));
419
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'all-in-one-wp-security-and-firewall'), __('User Login', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_LOGIN_MENU_SLUG, array($this, 'handle_user_login_menu_rendering'));
420
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'all-in-one-wp-security-and-firewall'), __('User Registration', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array($this, 'handle_user_registration_menu_rendering'));
421
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'all-in-one-wp-security-and-firewall'), __('Database Security', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_DB_SEC_MENU_SLUG, array($this, 'handle_database_menu_rendering'));
422
+ if (is_main_site()) {
423
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'all-in-one-wp-security-and-firewall'), __('Filesystem Security', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FILESYSTEM_MENU_SLUG, array($this, 'handle_filesystem_menu_rendering'));
 
 
424
  }
425
+ if (is_main_site()) {
426
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'all-in-one-wp-security-and-firewall'), __('Blacklist Manager', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_BLACKLIST_MENU_SLUG, array($this, 'handle_blacklist_menu_rendering'));
 
 
427
  }
428
+ if (is_main_site()) {
429
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'all-in-one-wp-security-and-firewall'), __('Firewall', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FIREWALL_MENU_SLUG, array($this, 'handle_firewall_menu_rendering'));
 
 
430
  }
431
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'all-in-one-wp-security-and-firewall'), __('Brute Force', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array($this, 'handle_brute_force_menu_rendering'));
432
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_SPAM_MENU_SLUG, array($this, 'handle_spam_menu_rendering'));
433
+ if (is_main_site()) {
434
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'all-in-one-wp-security-and-firewall'), __('Scanner', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FILESCAN_MENU_SLUG, array($this, 'handle_filescan_menu_rendering'));
 
 
435
  }
436
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'all-in-one-wp-security-and-firewall'), __('Maintenance', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAINTENANCE_MENU_SLUG, array($this, 'handle_maintenance_menu_rendering'));
437
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'all-in-one-wp-security-and-firewall'), __('Miscellaneous', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MISC_MENU_SLUG, array($this, 'handle_misc_menu_rendering'));
438
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Tools', 'all-in-one-wp-security-and-firewall'), __('Tools', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_TOOLS_MENU_SLUG, array($this, 'handle_tools_menu_rendering'));
439
  do_action('aiowpsecurity_admin_menu_created');
440
  }
441
 
442
  /**
443
+ * Adds submenu link for premium upgrade tab.
444
  *
445
  * @return Void
446
  */
447
  public function premium_upgrade_submenu() {
448
  if (!defined('AIOWPSECURITY_NOADS_B') || !AIOWPSECURITY_NOADS_B) {
449
  global $submenu;
450
+ $submenu[AIOWPSEC_MAIN_MENU_SLUG][] = array(__('Premium Upgrade', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), 'admin.php?page='.AIOWPSEC_MAIN_MENU_SLUG.'&tab=premium-upgrade');
451
  }
452
  }
453
 
547
  }
548
 
549
  }//End of class
 
admin/wp-security-blacklist-menu.php CHANGED
@@ -1,54 +1,73 @@
1
  <?php
2
- if(!defined('ABSPATH')){
3
  exit;//Exit if accessed directly
4
  }
5
 
6
- class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
7
- {
8
- var $menu_page_slug = AIOWPSEC_BLACKLIST_MENU_SLUG;
 
 
 
9
 
10
- /* Specify all the tabs of this menu in the following array */
11
- var $menu_tabs;
 
 
 
 
12
 
13
- var $menu_tabs_handler = array(
14
- 'tab1' => 'render_tab1',
15
- );
 
 
 
16
 
17
- function __construct()
18
- {
19
- $this->render_menu_page();
20
- }
 
 
 
 
 
 
 
 
 
 
 
21
 
22
- function set_menu_tabs()
23
- {
24
- $this->menu_tabs = array(
25
- 'tab1' => __('Ban users', 'all-in-one-wp-security-and-firewall'),
26
- );
27
- }
 
 
28
 
29
- /*
30
- * Renders our tabs of this menu as nav items
31
- */
32
- function render_menu_tabs()
33
- {
34
- $current_tab = $this->get_current_tab();
 
 
 
 
 
 
35
 
36
- echo '<h2 class="nav-tab-wrapper">';
37
- foreach ( $this->menu_tabs as $tab_key => $tab_caption )
38
- {
39
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
40
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
41
- }
42
- echo '</h2>';
43
- }
44
-
45
- /*
46
  * The menu rendering goes here
47
  */
48
- function render_menu_page()
49
- {
50
  echo '<div class="wrap">';
51
- echo '<h2>'.__('Blacklist manager','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
52
  $this->set_menu_tabs();
53
  $tab = $this->get_current_tab();
54
  $this->render_menu_tabs();
@@ -62,116 +81,105 @@ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
62
  </div><!-- end of wrap -->
63
  <?php
64
  }
65
-
66
- function render_tab1()
67
- {
 
 
 
 
 
 
68
  global $aio_wp_security;
69
  global $aiowps_feature_mgr;
 
70
  $result = 1;
71
- if (isset($_POST['aiowps_save_blacklist_settings']))
72
- {
73
- $nonce=$_REQUEST['_wpnonce'];
74
- if (!wp_verify_nonce($nonce, 'aiowpsec-blacklist-settings-nonce'))
75
- {
76
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings.",4);
77
  die('Nonce check failed for save blacklist settings.');
78
  }
79
-
80
- if (isset($_POST["aiowps_enable_blacklisting"]) && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents']))
81
- {
82
- $this->show_msg_error('You must submit at least one IP address or one User Agent value or both!','all-in-one-wp-security-and-firewall');
83
- }
84
- else
85
- {
86
- if (!empty($_POST['aiowps_banned_ip_addresses']))
87
- {
88
- $ip_addresses = $_POST['aiowps_banned_ip_addresses'];
 
89
  $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
90
  $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
91
- if($payload[0] == 1){
92
  //success case
93
- $result = 1;
94
  $list = $payload[1];
95
- $banned_ip_data = implode(PHP_EOL, $list);
96
- $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$banned_ip_data);
97
  $_POST['aiowps_banned_ip_addresses'] = ''; //Clear the post variable for the banned address list
98
- }
99
- else{
100
  $result = -1;
101
  $error_msg = $payload[1][0];
102
  $this->show_msg_error($error_msg);
103
  }
104
-
105
- }
106
- else
107
- {
108
- $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',''); //Clear the IP address config value
109
  }
110
 
111
- if (!empty($_POST['aiowps_banned_user_agents']))
112
- {
113
- $result = $result * $this->validate_user_agent_list();
114
- }else{
115
  //clear the user agent list
116
- $aio_wp_security->configs->set_value('aiowps_banned_user_agents','');
 
117
  }
118
 
119
- if ($result == 1)
120
- {
121
- $aio_wp_security->configs->set_value('aiowps_enable_blacklisting',isset($_POST["aiowps_enable_blacklisting"])?'1':'');
122
  $aio_wp_security->configs->save_config(); //Save the configuration
123
 
124
  //Recalculate points after the feature status/options have been altered
125
  $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
126
 
127
  $this->show_msg_settings_updated();
128
-
129
- $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
130
- if ( !$write_result )
131
- {
132
- $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
133
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
134
- }
135
  }
136
  }
137
  }
138
  ?>
139
- <h2><?php _e('Ban IPs or user agents', 'all-in-one-wp-security-and-firewall'); ?></h2>
140
  <div class="aio_blue_box">
141
  <?php
142
- echo '<p>'.__('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
143
- <br />'.__('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
144
- <br />'.__('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
145
- <br />'.__('By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall').'
146
  </p>';
147
  ?>
148
  </div>
149
- <?php
150
- if (!defined('AIOWPSECURITY_NOADS_B') || !AIOWPSECURITY_NOADS_B) {
151
- ?>
152
- <div class="aio_grey_box">
153
- <?php
154
- $premium_plugin_link = '<strong><a href="https://aiosplugin.com/" target="_blank">'.htmlspecialchars(__('All In One WP Security & Firewall Premium', 'all-in-one-wp-security-and-firewall')).'</a></strong>';
155
- $info_msg = sprintf( __('You may also be interested in %s.', 'all-in-one-wp-security-and-firewall'), $premium_plugin_link);
156
- $info_msg2 = sprintf(__('This plugin adds a number of extra features including %s and %s.', 'all-in-one-wp-security-and-firewall'), '<strong>'.__('smart 404 blocking', 'all-in-one-wp-security-and-firewall').'</strong>', '<strong>'.__('country IP blocking', 'all-in-one-wp-security-and-firewall').'</strong>');
157
-
158
- echo '<p>'.
159
- $info_msg.
160
- '<br />'.
161
- $info_msg2.
162
- '</p>';
163
- ?>
164
- </div>
165
- <?php
166
- }
167
- ?>
168
-
169
  <div class="postbox">
170
- <h3 class="hndle"><label for="title"><?php _e('IP hosts and user agent blacklist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
171
  <div class="inside">
172
  <?php
173
  //Display security info badge
174
- global $aiowps_feature_mgr;
175
  $aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
176
  ?>
177
  <form action="" method="POST">
@@ -179,80 +187,84 @@ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
179
  <div class="aio_orange_box">
180
  <p>
181
  <?php
182
- $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a>';
183
  echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
184
  ?>
185
  </p>
186
  </div>
187
  <table class="form-table">
188
  <tr valign="top">
189
- <th scope="row"><?php _e('Enable IP or user agent blacklisting', 'all-in-one-wp-security-and-firewall'); ?>:</th>
190
  <td>
191
- <input id="aiowps_enable_blacklisting" name="aiowps_enable_blacklisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1') echo ' checked="checked"'; ?> value="1"/>
192
  <label for="aiowps_enable_blacklisting" class="description"><?php _e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></label>
193
  </td>
194
  </tr>
195
  <tr valign="top">
196
- <th scope="row"><label for="aiowps_banned_ip_addresses"><?php _e('Enter IP addresses:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
197
  <td>
198
- <textarea id="aiowps_banned_ip_addresses" name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses')); ?></textarea>
199
  <br />
200
- <span class="description"><?php _e('Enter one or more IP addresses or IP ranges.', 'all-in-one-wp-security-and-firewall'); ?></span>
201
- <?php $aio_wp_security->include_template('info/ip-address-ip-range-info.php'); ?>
202
  </td>
203
  </tr>
204
  <tr valign="top">
205
- <th scope="row"><label for="aiowps_banned_user_agents"><?php _e('Enter user agents:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
206
  <td>
207
- <textarea id="aiowps_banned_user_agents" name="aiowps_banned_user_agents" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_user_agents']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_user_agents')); ?></textarea>
208
  <br />
209
  <span class="description">
210
- <?php _e('Enter one or more user agent strings.','all-in-one-wp-security-and-firewall');?></span>
211
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
212
  <div class="aiowps_more_info_body">
213
  <?php
214
- echo '<p class="description">'.__('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
215
- echo '<p class="description">'.__('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall').'</p>';
216
  echo '<p class="description">SquigglebotBot</p>';
217
- echo '<p class="description">'.__('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall').'</p>';
218
  echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
219
  ?>
220
  </div>
221
-
222
  </td>
223
  </tr>
224
  </table>
225
- <input type="submit" name="aiowps_save_blacklist_settings" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
226
  </form>
227
  </div></div>
228
  <?php
229
  }
230
 
231
- function validate_user_agent_list()
232
- {
233
- global $aio_wp_security;
 
 
 
 
 
 
 
234
  @ini_set('auto_detect_line_endings', true);
235
- //$errors = '';
236
-
237
- $submitted_agents = explode(PHP_EOL, $_POST['aiowps_banned_user_agents']);
238
- $agents = array();
239
- if (!empty($submitted_agents))
240
- {
241
- foreach ($submitted_agents as $agent)
242
- {
243
- $text = sanitize_text_field($agent);
244
- $agents[] = $text;
245
  }
246
- }
247
 
248
- if (sizeof($agents) > 1)
249
- {
250
  sort( $agents );
251
  $agents = array_unique($agents, SORT_STRING);
252
  }
253
 
254
- $banned_user_agent_data = implode(PHP_EOL, $agents);
255
- $aio_wp_security->configs->set_value('aiowps_banned_user_agents',$banned_user_agent_data);
 
256
  $_POST['aiowps_banned_user_agents'] = ''; //Clear the post variable for the banned address list
257
  return 1;
258
  }
1
  <?php
2
+ if (!defined('ABSPATH')) {
3
  exit;//Exit if accessed directly
4
  }
5
 
6
+ /**
7
+ * AIOWPSecurity_Blacklist_Menu class for banning ips and user agents.
8
+ *
9
+ * @access public
10
+ */
11
+ class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu {
12
 
13
+ /**
14
+ * Blacklist menu slug
15
+ *
16
+ * @var string
17
+ */
18
+ private $menu_page_slug = AIOWPSEC_BLACKLIST_MENU_SLUG;
19
 
20
+ /**
21
+ * Specify all the tabs of this menu
22
+ *
23
+ * @var array
24
+ */
25
+ protected $menu_tabs;
26
 
27
+ /**
28
+ * Specify all the tabs handler methods
29
+ *
30
+ * @var array
31
+ */
32
+ protected $menu_tabs_handler = array(
33
+ 'ban-users' => 'render_ban_users',
34
+ );
35
+
36
+ /**
37
+ * Construct adds menu for blacklist
38
+ */
39
+ public function __construct() {
40
+ $this->render_menu_page();
41
+ }
42
 
43
+ /**
44
+ * Set menu tabs name.
45
+ */
46
+ private function set_menu_tabs() {
47
+ $this->menu_tabs = array(
48
+ 'ban-users' => __('Ban users', 'all-in-one-wp-security-and-firewall'),
49
+ );
50
+ }
51
 
52
+ /**
53
+ * Renders our tabs of this menu as nav items
54
+ */
55
+ private function render_menu_tabs() {
56
+ $current_tab = $this->get_current_tab();
57
+ echo '<h2 class="nav-tab-wrapper">';
58
+ foreach ($this->menu_tabs as $tab_key => $tab_caption) {
59
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
60
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
61
+ }
62
+ echo '</h2>';
63
+ }
64
 
65
+ /**
 
 
 
 
 
 
 
 
 
66
  * The menu rendering goes here
67
  */
68
+ private function render_menu_page() {
 
69
  echo '<div class="wrap">';
70
+ echo '<h2>' . __('Blacklist manager', 'all-in-one-wp-security-and-firewall') . '</h2>';//Interface title
71
  $this->set_menu_tabs();
72
  $tab = $this->get_current_tab();
73
  $this->render_menu_tabs();
81
  </div><!-- end of wrap -->
82
  <?php
83
  }
84
+
85
+ /**
86
+ * Renders ban user tab for blacklist IPs and user agents
87
+ *
88
+ * @global $aio_wp_security
89
+ * @global $aiowps_feature_mgr
90
+ * @global $aiowps_firewall_config
91
+ */
92
+ private function render_ban_users() {
93
  global $aio_wp_security;
94
  global $aiowps_feature_mgr;
95
+ global $aiowps_firewall_config;
96
  $result = 1;
97
+ if (isset($_POST['aiowps_save_blacklist_settings'])) {
98
+ if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-blacklist-settings-nonce')) {
99
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings.", 4);
 
 
 
100
  die('Nonce check failed for save blacklist settings.');
101
  }
102
+ $aiowps_enable_blacklisting = isset($_POST["aiowps_enable_blacklisting"]) ? '1' : '';
103
+ $aiowps_banned_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
104
+ $aiowps_banned_user_agents = $aio_wp_security->configs->get_value('aiowps_banned_user_agents');
105
+ if ('' == $aiowps_enable_blacklisting && empty($aiowps_banned_ip_addresses) && empty($aiowps_banned_user_agents) && (!empty($_POST['aiowps_banned_ip_addresses']) || !empty($_POST['aiowps_banned_user_agents']))) {
106
+ $result = -1;
107
+ $this->show_msg_error('You must check the enable IP or user agent blacklisting.', 'all-in-one-wp-security-and-firewall');
108
+ } else if ('1' == $aiowps_enable_blacklisting && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents'])) {
109
+ $this->show_msg_error('You must submit at least one IP address or one user agent value.', 'all-in-one-wp-security-and-firewall');
110
+ } else {
111
+ if ('1' == $aiowps_enable_blacklisting && !empty($_POST['aiowps_banned_ip_addresses'])) {
112
+ $ip_addresses = stripslashes($_POST['aiowps_banned_ip_addresses']);
113
  $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
114
  $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
115
+ if (1 == $payload[0]) {
116
  //success case
 
117
  $list = $payload[1];
118
+ $banned_ip_data = implode("\n", $list);
119
+ $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
120
  $_POST['aiowps_banned_ip_addresses'] = ''; //Clear the post variable for the banned address list
121
+ } else {
 
122
  $result = -1;
123
  $error_msg = $payload[1][0];
124
  $this->show_msg_error($error_msg);
125
  }
126
+ } else {
127
+ $aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', ''); //Clear the IP address config value
 
 
 
128
  }
129
 
130
+ if ('1' == $aiowps_enable_blacklisting && !empty($_POST['aiowps_banned_user_agents'])) {
131
+ $result = $result * $this->validate_user_agent_list(stripslashes($_POST['aiowps_banned_user_agents']));
132
+ } else {
 
133
  //clear the user agent list
134
+ $aio_wp_security->configs->set_value('aiowps_banned_user_agents', '');
135
+ $aiowps_firewall_config->set_value('aiowps_blacklist_user_agents', array());
136
  }
137
 
138
+ if (1 == $result) {
139
+ $aio_wp_security->configs->set_value('aiowps_enable_blacklisting', $aiowps_enable_blacklisting);
 
140
  $aio_wp_security->configs->save_config(); //Save the configuration
141
 
142
  //Recalculate points after the feature status/options have been altered
143
  $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
144
 
145
  $this->show_msg_settings_updated();
 
 
 
 
 
 
 
146
  }
147
  }
148
  }
149
  ?>
150
+ <h2><?php _e('Ban IPs or user agents', 'all-in-one-wp-security-and-firewall')?></h2>
151
  <div class="aio_blue_box">
152
  <?php
153
+ echo '<p>' . __('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
154
+ <br />' . __('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
155
+ <br />' . __('Black-listed visitors will be blocked as soon as WordPress loads, preventing them from gaining any further access.', 'all-in-one-wp-security-and-firewall').'
 
156
  </p>';
157
  ?>
158
  </div>
159
+ <?php
160
+ if (!defined('AIOWPSECURITY_NOADS_B') || !AIOWPSECURITY_NOADS_B) {
161
+ ?>
162
+ <div class="aio_grey_box">
163
+ <?php
164
+ $premium_plugin_link = '<strong><a href="https://aiosplugin.com/" target="_blank">' . htmlspecialchars(__('All In One WP Security & Firewall Premium', 'all-in-one-wp-security-and-firewall')) . '</a></strong>';
165
+ $info_msg = sprintf(__('You may also be interested in %s.', 'all-in-one-wp-security-and-firewall'), $premium_plugin_link);
166
+ $info_msg2 = sprintf(__('This plugin adds a number of extra features including %s and %s.', 'all-in-one-wp-security-and-firewall'), '<strong>' . __('smart 404 blocking', 'all-in-one-wp-security-and-firewall') . '</strong>', '<strong>' . __('country IP blocking', 'all-in-one-wp-security-and-firewall') . '</strong>');
167
+
168
+ echo '<p>' .
169
+ $info_msg .
170
+ '<br />' .
171
+ $info_msg2 .
172
+ '</p>';
173
+ ?>
174
+ </div>
175
+ <?php
176
+ }
177
+ ?>
 
178
  <div class="postbox">
179
+ <h3 class="hndle"><label for="title"><?php _e('IP hosts and user agent blacklist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
180
  <div class="inside">
181
  <?php
182
  //Display security info badge
 
183
  $aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
184
  ?>
185
  <form action="" method="POST">
187
  <div class="aio_orange_box">
188
  <p>
189
  <?php
190
+ $read_link = '<a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">' . __('must read this message', 'all-in-one-wp-security-and-firewall') . '</a>';
191
  echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
192
  ?>
193
  </p>
194
  </div>
195
  <table class="form-table">
196
  <tr valign="top">
197
+ <th scope="row"><?php _e('Enable IP or user agent blacklisting', 'all-in-one-wp-security-and-firewall')?>:</th>
198
  <td>
199
+ <input id="aiowps_enable_blacklisting" name="aiowps_enable_blacklisting" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')); ?> value="1"/>
200
  <label for="aiowps_enable_blacklisting" class="description"><?php _e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></label>
201
  </td>
202
  </tr>
203
  <tr valign="top">
204
+ <th scope="row"><label for="aiowps_banned_ip_addresses"><?php _e('Enter IP addresses:', 'all-in-one-wp-security-and-firewall')?></label></th>
205
  <td>
206
+ <textarea id="aiowps_banned_ip_addresses" name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php echo (-1 == $result) ? esc_textarea(wp_unslash($_POST['aiowps_banned_ip_addresses'])) : esc_textarea($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses')); ?></textarea>
207
  <br />
208
+ <span class="description"><?php _e('Enter one or more IP addresses or IP ranges.', 'all-in-one-wp-security-and-firewall');?></span>
209
+ <?php $aio_wp_security->include_template('info/ip-address-ip-range-info.php');?>
210
  </td>
211
  </tr>
212
  <tr valign="top">
213
+ <th scope="row"><label for="aiowps_banned_user_agents"><?php _e('Enter user agents:', 'all-in-one-wp-security-and-firewall')?></label></th>
214
  <td>
215
+ <textarea id="aiowps_banned_user_agents" name="aiowps_banned_user_agents" rows="5" cols="50"><?php echo (-1 == $result) ? esc_textarea(wp_unslash($_POST['aiowps_banned_user_agents'])) : esc_textarea($aio_wp_security->configs->get_value('aiowps_banned_user_agents')); ?></textarea>
216
  <br />
217
  <span class="description">
218
+ <?php _e('Enter one or more user agent strings.', 'all-in-one-wp-security-and-firewall');?></span>
219
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
220
  <div class="aiowps_more_info_body">
221
  <?php
222
+ echo '<p class="description">' . __('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
223
+ echo '<p class="description">' . __('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall') . '</p>';
224
  echo '<p class="description">SquigglebotBot</p>';
225
+ echo '<p class="description">' . __('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall') . '</p>';
226
  echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
227
  ?>
228
  </div>
 
229
  </td>
230
  </tr>
231
  </table>
232
+ <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_blacklist_settings');?>
233
  </form>
234
  </div></div>
235
  <?php
236
  }
237
 
238
+ /**
239
+ * Validates posted user agent list and set, save as config.
240
+ *
241
+ * @param string $banned_user_agents
242
+ *
243
+ * @global $aio_wp_security
244
+ * @global $aiowps_firewall_config
245
+ */
246
+ private function validate_user_agent_list($banned_user_agents) {
247
+ global $aio_wp_security, $aiowps_firewall_config;
248
  @ini_set('auto_detect_line_endings', true);
249
+ $submitted_agents = explode("\n", $banned_user_agents);
250
+ $agents = array();
251
+ if (!empty($submitted_agents)) {
252
+ foreach ($submitted_agents as $agent) {
253
+ if (!empty($agent)) {
254
+ $text = sanitize_text_field($agent);
255
+ $agents[] = $text;
256
+ }
 
 
257
  }
258
+ }
259
 
260
+ if (sizeof($agents) > 1) {
 
261
  sort( $agents );
262
  $agents = array_unique($agents, SORT_STRING);
263
  }
264
 
265
+ $banned_user_agent_data = implode("\n", $agents);
266
+ $aio_wp_security->configs->set_value('aiowps_banned_user_agents', $banned_user_agent_data);
267
+ $aiowps_firewall_config->set_value('aiowps_blacklist_user_agents', $agents);
268
  $_POST['aiowps_banned_user_agents'] = ''; //Clear the post variable for the banned address list
269
  return 1;
270
  }
admin/wp-security-brute-force-menu.php CHANGED
@@ -65,7 +65,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
65
 
66
  echo '<h2 class="nav-tab-wrapper">';
67
  foreach ( $this->menu_tabs as $tab_key => $tab_caption ) {
68
- if (is_multisite() && 1 != get_current_blog_id() && false === stristr($tab_caption, 'Rename login page') && false === stristr($tab_caption, 'Login CAPTCHA')) {
69
  // Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "CAPTCHA"
70
  } else {
71
  $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
@@ -212,7 +212,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
212
  <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
213
  <div class="aio_orange_box">
214
  <?php
215
- $read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">' . __('must read this message', 'all-in-one-wp-security-and-firewall') . '</a>';
216
  echo '<p>' . sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link) . '</p>';
217
  echo '<p>' . __("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall") . '</p>';
218
  ?>
@@ -333,8 +333,8 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
333
  <div class="aio_yellow_box">
334
  <?php
335
  $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">' . __('backup', 'all-in-one-wp-security-and-firewall') . '</a>';
336
- $video_link = '<a href="https://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994" target="_blank">' . __('video tutorial', 'all-in-one-wp-security-and-firewall') . '</a>';
337
- $info_msg = sprintf( __('To learn more about how to use this feature, please watch the following %s.', 'all-in-one-wp-security-and-firewall'), $video_link);
338
  $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Cookie-based brute force login prevention', 'all-in-one-wp-security-and-firewall').'</a>';
339
  echo '<p>' . $info_msg . '</p>';
340
  ?>
@@ -356,7 +356,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
356
  <?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
357
  <div class="aio_orange_box">
358
  <p>
359
- <?php _e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a> before activating this feature.', 'all-in-one-wp-security-and-firewall'); ?>
360
  </p>
361
  </div>
362
  <?php
@@ -831,7 +831,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
831
  <tr valign="top">
832
  <th scope="row"><label for="aiowps_user_ip"><?php _e('Your current IP address', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
833
  <td>
834
- <input id="aiowps_user_ip" size="40" name="aiowps_user_ip" type="text" value="<?php echo $your_ip_address; ?>" readonly="readonly"/>
835
  <span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
836
  </td>
837
  </tr>
65
 
66
  echo '<h2 class="nav-tab-wrapper">';
67
  foreach ( $this->menu_tabs as $tab_key => $tab_caption ) {
68
+ if ((!is_main_site()) && false === stristr($tab_caption, 'Rename login page') && false === stristr($tab_caption, 'Login CAPTCHA')) {
69
  // Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "CAPTCHA"
70
  } else {
71
  $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
212
  <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
213
  <div class="aio_orange_box">
214
  <?php
215
+ $read_link = '<a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">' . __('must read this message', 'all-in-one-wp-security-and-firewall') . '</a>';
216
  echo '<p>' . sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link) . '</p>';
217
  echo '<p>' . __("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall") . '</p>';
218
  ?>
333
  <div class="aio_yellow_box">
334
  <?php
335
  $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">' . __('backup', 'all-in-one-wp-security-and-firewall') . '</a>';
336
+ $tutorial_link = '<a href="https://aiosplugin.com/how-to-use-cookie-based-brute-force-login-attack-prevention-feature/" target="_blank">' . __('tutorial', 'all-in-one-wp-security-and-firewall') . '</a>';
337
+ $info_msg = sprintf( __('To learn more about how to use this feature, please read the following %s.', 'all-in-one-wp-security-and-firewall'), $tutorial_link);
338
  $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Cookie-based brute force login prevention', 'all-in-one-wp-security-and-firewall').'</a>';
339
  echo '<p>' . $info_msg . '</p>';
340
  ?>
356
  <?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
357
  <div class="aio_orange_box">
358
  <p>
359
+ <?php _e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a> before activating this feature.', 'all-in-one-wp-security-and-firewall'); ?>
360
  </p>
361
  </div>
362
  <?php
831
  <tr valign="top">
832
  <th scope="row"><label for="aiowps_user_ip"><?php _e('Your current IP address', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
833
  <td>
834
+ <input id="aiowps_user_ip" class="copy-to-clipboard" size="40" name="aiowps_user_ip" type="text" value="<?php echo esc_attr($your_ip_address); ?>" readonly>
835
  <span class="description"><?php _e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
836
  </td>
837
  </tr>
admin/wp-security-database-menu.php CHANGED
@@ -80,7 +80,7 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
80
 
81
  public function set_menu_tabs()
82
  {
83
- if (is_multisite() && get_current_blog_id() != 1){
84
  //Suppress the DB prefix change tab if site is a multi site AND not the main site
85
  $this->menu_tabs = array(
86
  //'tab1' => __('Database prefix', 'all-in-one-wp-security-and-firewall'),
80
 
81
  public function set_menu_tabs()
82
  {
83
+ if (!is_main_site()) {
84
  //Suppress the DB prefix change tab if site is a multi site AND not the main site
85
  $this->menu_tabs = array(
86
  //'tab1' => __('Database prefix', 'all-in-one-wp-security-and-firewall'),
admin/wp-security-filescan-menu.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
 
2
  if (!defined('ABSPATH')) {
3
- exit;//Exit if accessed directly
4
  }
5
 
6
  /**
@@ -16,7 +17,7 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu {
16
  * @var string
17
  */
18
  protected $menu_page_slug = AIOWPSEC_FILESCAN_MENU_SLUG;
19
-
20
  /**
21
  * Specify all the tabs of this menu
22
  *
@@ -30,10 +31,10 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu {
30
  * @var array
31
  */
32
  protected $menu_tabs_handler = array(
33
- 'file-change-detect' => 'render_file_change_detect',
34
- 'malware-scan' => 'render_malware_scan',
35
- );
36
-
37
  /**
38
  * Renders the menu and current tab page.
39
  *
@@ -42,8 +43,8 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu {
42
  public function __construct() {
43
  $this->render_menu_page();
44
  }
45
-
46
-
47
  /**
48
  * Sets the menu and tab names.
49
  *
@@ -71,309 +72,308 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu {
71
  }
72
  echo '</h2>';
73
  }
74
-
75
- /**
76
- * The menu rendering goes here
77
- *
78
- * @return void
79
- */
80
- private function render_menu_page() {
81
- echo '<div class="wrap">';
82
- echo '<h2>' . __('Scanner', 'all-in-one-wp-security-and-firewall') . '</h2>';//Interface title
83
- $this->set_menu_tabs();
84
- $tab = $this->get_current_tab();
85
- $this->render_menu_tabs();
86
- ?>
87
- <div id="poststuff"><div id="post-body">
88
- <?php
89
- //$tab_keys = array_keys($this->menu_tabs);
90
- call_user_func(array($this, $this->menu_tabs_handler[$tab]));
91
- ?>
92
- </div></div>
93
- </div><!-- end of wrap -->
94
- <?php
95
- }
96
-
97
- /**
98
- * File change detection on your system files.
99
- *
100
- * @global $wpdb
101
- * @global $aio_wp_security
102
- * @global $aiowps_feature_mgr
103
- */
104
- private function render_file_change_detect() {
105
- global $wpdb, $aio_wp_security;
106
- global $aiowps_feature_mgr;
107
- if (isset($_POST['fcd_scan_info'])) {
108
- //Display scan file change info and clear the global alert variable
109
-
110
- //Clear the global variable
111
- $aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
112
- $aio_wp_security->configs->save_config();
113
-
114
- //Display the last scan results
115
- $this->display_last_scan_results();
116
  }
117
 
118
- if (isset($_POST['aiowps_view_last_fcd_results'])) {
119
- //Display the last scan results
120
- if (!$this->display_last_scan_results()) {
121
- $this->show_msg_updated(__('There have been no file changes since the last scan.', 'all-in-one-wp-security-and-firewall'));
122
- }
123
- }
124
 
125
- if (isset($_POST['aiowps_manual_fcd_scan'])) {
126
- $nonce = $_POST['_wpnonce'];
127
- if (!wp_verify_nonce($nonce, 'aiowpsec-fcd-manual-scan-nonce')) {
128
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual file change detection scan operation.", 4);
129
- die('Nonce check failed for manual file change detection scan operation.');
130
- }
131
 
132
- $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
133
- if (false === $result) {
134
- // error case
135
- $this->show_msg_error(__('There was an error during the file change detection scan. Please check the AIOS logs.', 'all-in-one-wp-security-and-firewall'));
136
- }
137
-
138
- //If this is first scan display special message
139
- if (1 == $result['initial_scan']) {
140
- $this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans.', 'all-in-one-wp-security-and-firewall'));
141
- } elseif (!$aio_wp_security->configs->get_value('aiowps_fcds_change_detected')) {
142
- $this->show_msg_updated(__('Scan Complete - There were no file changes detected.', 'all-in-one-wp-security-and-firewall'));
143
- }
144
- }
145
 
146
- if (isset($_POST['aiowps_schedule_fcd_scan'])) { //Do form submission tasks
147
- $error = '';
148
- $reset_scan_data = FALSE;
149
- $file_types = '';
150
- $files = '';
151
 
152
- $nonce = $_POST['_wpnonce'];
153
- if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-fcd-scan-nonce')) {
154
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for file change detection scan options save.", 4);
155
- die("Nonce check failed for file change detection scan options save.");
156
- }
157
 
158
- $fcd_scan_frequency = sanitize_text_field($_POST['aiowps_fcd_scan_frequency']);
159
- if (!is_numeric($fcd_scan_frequency)) {
160
- $error .= '<br>' . __('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
161
- $fcd_scan_frequency = '4';//Set it to the default value for this field
162
- }
163
-
164
- if (!empty($_POST['aiowps_fcd_exclude_filetypes'])) {
165
- $file_types = trim($_POST['aiowps_fcd_exclude_filetypes']);
166
- //$file_types_array = preg_split( '/\r\n|\r|\n/', $file_types );
167
 
168
- //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these filetypes
169
- if ($file_types != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')) {
170
- $reset_scan_data = TRUE;
171
- }
172
- }
173
-
174
- if (!empty($_POST['aiowps_fcd_exclude_files'])) {
175
- $files = trim($_POST['aiowps_fcd_exclude_files']);
176
- //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these files/dirs
177
- if ($files != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_files')) {
178
- $reset_scan_data = TRUE;
179
- }
180
- }
181
 
182
- // Explode by end-of-line character, then trim and filter empty lines
183
- $email_list_array = array_filter(array_map('trim', explode("\n", $_POST['aiowps_fcd_scan_email_address'])), 'strlen');
184
- $errors = array();
185
- foreach ($email_list_array as $key => $value) {
186
- $email_sane = sanitize_email($value);
187
- if (!is_email($email_sane)) {
188
- $errors[] = __('The following address was removed because it is not a valid email address: ', 'all-in-one-wp-security-and-firewall')
189
- . htmlspecialchars($value);
190
- unset($email_list_array[$key]);
191
- }
192
- }
193
- $email_address = implode("\n", $email_list_array);
194
- if (!empty($errors)) {
195
- $this->show_msg_error(__('Attention:', 'all-in-one-wp-security-and-firewall') . '<br>' . implode('<br>', $errors));
196
- }
197
 
198
- //Save all the form values to the options
199
- $aio_wp_security->configs->set_value('aiowps_enable_automated_fcd_scan', isset($_POST["aiowps_enable_automated_fcd_scan"]) ? '1' : '');
200
- $aio_wp_security->configs->set_value('aiowps_fcd_scan_frequency', absint($fcd_scan_frequency));
201
- $aio_wp_security->configs->set_value('aiowps_fcd_scan_interval', $_POST["aiowps_fcd_scan_interval"]);
202
- $aio_wp_security->configs->set_value('aiowps_fcd_exclude_filetypes', $file_types);
203
- $aio_wp_security->configs->set_value('aiowps_fcd_exclude_files', $files);
204
- $aio_wp_security->configs->set_value('aiowps_send_fcd_scan_email', isset($_POST["aiowps_send_fcd_scan_email"]) ? '1' : '');
205
- $aio_wp_security->configs->set_value('aiowps_fcd_scan_email_address', $email_address);
206
- $aio_wp_security->configs->save_config();
207
 
208
- //Recalculate points after the feature status/options have been altered
209
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
210
- $this->show_msg_settings_updated();
211
-
212
- //Let's check if backup interval was set to less than 24 hours
213
- if (isset($_POST["aiowps_enable_automated_fcd_scan"]) && ($fcd_scan_frequency < 24) && 0 == $_POST["aiowps_fcd_scan_interval"]) {
214
- $this->show_msg_updated(__('Attention: You have configured your file change detection scan to occur at least once daily.', 'all-in-one-wp-security-and-firewall') . ' ' . __('For most websites we recommended that you choose a less frequent schedule such as once every few days, once a week or once a month.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Choosing a less frequent schedule will also help reduce your server load.', 'all-in-one-wp-security-and-firewall'));
215
- }
216
-
217
- if ($reset_scan_data) {
218
- //Clear old scan row and ask user to perform a fresh scan to reset the data
219
- $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
220
- $where = array('meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data');
221
- $wpdb->delete($aiowps_global_meta_tbl_name, $where);
222
- $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
223
- $new_scan_alert = __('New scan completed: The plugin has detected that you have made changes to the "File Types To Ignore" or "Files To Ignore" fields.', 'all-in-one-wp-security-and-firewall').' '.__('In order to ensure that future scan results are accurate, the old scan data has been refreshed.', 'all-in-one-wp-security-and-firewall');
224
- $this->show_msg_updated($new_scan_alert);
225
- }
226
- }
227
-
228
- //Display an alert warning message if a file change was detected
229
- if ($aio_wp_security->configs->get_value('aiowps_fcds_change_detected')) {
230
- $error_msg = __('All In One WP Security & Firewall has detected that there was a change in your host\'s files.', 'all-in-one-wp-security-and-firewall');
231
-
232
- $button = '<div><form action="" method="POST"><input type="submit" name="fcd_scan_info" value="' . __('View scan details and clear this message', 'all-in-one-wp-security-and-firewall') . '" class="button-secondary" /></form></div>';
233
- $error_msg .= $button;
234
- $this->show_msg_error($error_msg);
235
- }
236
- ?>
237
- <div class="aio_blue_box">
238
- <?php
239
- echo '<p>' . __('If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.', 'all-in-one-wp-security-and-firewall') .
240
- '<br>' . __('Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.', 'all-in-one-wp-security-and-firewall') .
241
- '<br>' . __('In general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.', 'all-in-one-wp-security-and-firewall') .
242
- '<br>' . __('The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system\'s files.', 'all-in-one-wp-security-and-firewall') .
243
- '<br>' . __('This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)', 'all-in-one-wp-security-and-firewall') . '</p>';
244
- ?>
245
- </div>
246
 
247
- ?>
248
- <div class="postbox">
249
- <h3 class="hndle"><label for="title"><?php _e('Manual file change detection scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
250
- <div class="inside">
251
- <form action="" method="POST">
252
- <?php wp_nonce_field('aiowpsec-fcd-manual-scan-nonce'); ?>
253
- <table class="form-table">
254
- <tr valign="top">
255
- <span class="description"><?php _e('To perform a manual file change detection scan click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
256
- </tr>
257
- </table>
258
- <input type="submit" name="aiowps_manual_fcd_scan" value="<?php _e('Perform scan now', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
259
- </form>
260
- </div></div>
261
- <div class="postbox">
262
- <h3 class="hndle"><label for="title"><?php _e('View last saved file change results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
263
- <div class="inside">
264
- <form action="" method="POST">
265
- <?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>
266
- <table class="form-table">
267
- <tr valign="top">
268
- <span class="description"><?php _e('Click the button below to view the saved file change results from the last scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
269
- </tr>
270
- </table>
271
- <input type="submit" name="aiowps_view_last_fcd_results" value="<?php _e('View last file change', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
272
- </form>
273
- </div></div>
274
- <div class="postbox">
275
- <h3 class="hndle"><label for="title"><?php _e('File change detection settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
276
- <div class="inside">
277
- <?php
278
- $aiowps_feature_mgr->output_feature_details_badge('scan-file-change-detection');
279
- ?>
280
- <form action="" method="POST">
281
- <?php wp_nonce_field('aiowpsec-scheduled-fcd-scan-nonce'); ?>
282
- <table class="form-table">
283
- <tr valign="top">
284
- <th scope="row"><?php _e('Enable automated file change detection scan', 'all-in-one-wp-security-and-firewall'); ?>:</th>
285
- <td>
286
- <input id="aiowps_enable_automated_fcd_scan" name="aiowps_enable_automated_fcd_scan" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan')=='1') echo ' checked="checked"'; ?> value="1"/>
287
- <label for="aiowps_enable_automated_fcd_scan" class="description"><?php _e('Check this if you want the system to automatically/periodically scan your files to check for file changes based on the settings below', 'all-in-one-wp-security-and-firewall'); ?></label>
288
- </td>
289
- </tr>
290
- <tr valign="top">
291
- <th scope="row"><label for="aiowps_fcd_scan_frequency"><?php _e('Scan time interval', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
292
- <td><input id="aiowps_fcd_scan_frequency" type="text" size="5" name="aiowps_fcd_scan_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); ?>" />
293
- <select id="backup_interval" name="aiowps_fcd_scan_interval">
294
- <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '0' ); ?>><?php _e( 'Hours', 'all-in-one-wp-security-and-firewall' ); ?></option>
295
- <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '1' ); ?>><?php _e( 'Days', 'all-in-one-wp-security-and-firewall' ); ?></option>
296
- <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '2' ); ?>><?php _e( 'Weeks', 'all-in-one-wp-security-and-firewall' ); ?></option>
297
- </select>
298
- <span class="description"><?php _e('Set the value for how often you would like a scan to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
299
- </td>
300
- </tr>
301
- <tr valign="top">
302
- <th scope="row"><label for="aiowps_fcd_exclude_filetypes"><?php _e('File types to ignore', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
303
- <td><textarea id="aiowps_fcd_exclude_filetypes" name="aiowps_fcd_exclude_filetypes" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')); ?></textarea>
304
- <br>
305
- <span class="description"><?php _e('Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
306
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
307
- <div class="aiowps_more_info_body">
308
- <?php
309
- echo '<p class="description">' . __('You can exclude file types from the scan which would not normally pose any security threat if they were changed. These can include things such as image files.', 'all-in-one-wp-security-and-firewall') . '</p>';
310
- echo '<p class="description">' . sprintf(__('Example: If you want the scanner to ignore files of type %s, %s, and %s, then you would enter the following:', 'all-in-one-wp-security-and-firewall'),'jpg' ,'png', 'bmp'). '</p>';
311
- echo '<p class="description">' . 'jpg' . '</p>';
312
- echo '<p class="description">' . 'png' . '</p>';
313
- echo '<p class="description">' . 'bmp' . '</p>';
314
- ?>
315
- </div>
316
- </td>
317
- </tr>
318
- <tr valign="top">
319
- <th scope="row"><label for="aiowps_fcd_exclude_files"><?php _e('Files/Directories to ignore', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
320
- <td><textarea id="aiowps_fcd_exclude_files" name="aiowps_fcd_exclude_files" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_files')); ?></textarea>
321
- <br>
322
- <span class="description"><?php _e('Enter each file or directory on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
323
- <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
324
- <div class="aiowps_more_info_body">
325
- <?php
326
- echo '<p class="description">' . __('You can exclude specific files/directories from the scan which would not normally pose any security threat if they were changed. These can include things such as log files.', 'all-in-one-wp-security-and-firewall') . '</p>';
327
- echo '<p class="description">' . __('Example: If you want the scanner to ignore certain files in different directories or whole directories, then you would enter the following:', 'all-in-one-wp-security-and-firewall') . '</p>';
328
- echo '<p class="description">' . 'cache/config/master.php' . '</p>';
329
- echo '<p class="description">' . __('somedirectory', 'all-in-one-wp-security-and-firewall') . '</p>';
330
- ?>
331
- </div>
332
- </td>
333
- </tr>
334
- <tr valign="top">
335
- <th scope="row">
336
  <label for="aiowps_fcd_scan_email_address"><?php _e('Send email when change detected', 'all-in-one-wp-security-and-firewall'); ?>:</label>
337
  </th>
338
- <td>
339
- <input id="aiowps_send_fcd_scan_email" name="aiowps_send_fcd_scan_email" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email')=='1') echo ' checked="checked"'; ?> value="1"/>
340
- <label for="aiowps_send_fcd_scan_email" class="description"><?php _e('Check this if you want the system to email you if a file change was detected', 'all-in-one-wp-security-and-firewall'); ?></label>
341
- <br>
342
- <textarea name="aiowps_fcd_scan_email_address" id="aiowps_fcd_scan_email_address" rows="5" cols="50"><?php echo esc_textarea(wp_unslash(AIOWPSecurity_Utility::get_textarea_str_val($aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address')))); ?></textarea>
343
- <br>
344
- <span class="description"><?php _e('Enter one or more email addresses on a new line.', 'all-in-one-wp-security-and-firewall'); ?></span>
345
- </td>
346
- </tr>
347
- </table>
348
- <input type="submit" name="aiowps_schedule_fcd_scan" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
349
- </form>
350
- </div></div>
351
-
352
- <?php
353
- }
354
-
355
- /**
356
- * Malware code scan on your system files.
357
- *
358
- * @return void
359
- */
360
- private function render_malware_scan() {
361
- ?>
362
- <div class="aio_blue_box">
363
- <?php
364
- echo '<h2>' . __('What is malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
365
- echo '<p>' . __('The word malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall') . '</p>' .
366
- '<p>' . __('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall') . '</p>' .
367
- '<p>' . __('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall') . '</p>';
368
 
369
- $site_scanners_link = '<a href="http://www.site-scanners.com" target="_blank">' . __('here', 'all-in-one-wp-security-and-firewall'). '</a>';
370
 
371
- echo '<h2>' . __('Scanning for malware', 'all-in-one-wp-security-and-firewall') . '</h2>';
372
- echo '<p>' . __('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably.', 'all-in-one-wp-security-and-firewall') . ' ' . __('This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall') . '</p>'.
373
- '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
374
- echo '<p>' . __('When you sign up for this service you will get the following:', 'all-in-one-wp-security-and-firewall') . '</p>';
375
- echo '<ul class="aiowps_admin_ul_grp1">
376
- <li>' . __('Automatic daily scan of 1 website', 'all-in-one-wp-security-and-firewall') . '</li>
377
  <li>' . __('Automatic malware and blacklist monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
378
  <li>' . __('Automatic email alerting', 'all-in-one-wp-security-and-firewall') . '</li>
379
  <li>' . __('Site uptime monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
@@ -381,98 +381,98 @@ class AIOWPSecurity_Filescan_Menu extends AIOWPSecurity_Admin_Menu {
381
  <li>' . __('We provide advice for malware cleanup', 'all-in-one-wp-security-and-firewall') . '</li>
382
  <li>' . __('Blacklist removal', 'all-in-one-wp-security-and-firewall') . '</li>
383
  <li>' . __('No contract (cancel anytime)', 'all-in-one-wp-security-and-firewall') . '</li>
384
- </ul>';
385
- echo '<p>' . sprintf(__('Learn more %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link) . '</p>';
386
- ?>
387
- </div>
388
 
389
- <?php
390
- }
391
-
392
- /**
393
- * Outputs the last scan results in a postbox
394
- *
395
- * @return void
396
- */
397
- private function display_last_scan_results() {
398
- $fcd_data = AIOWPSecurity_Scan::get_fcd_data();
399
- if (!$fcd_data || !isset($fcd_data['last_scan_result'])) {
400
- // no fcd data found
401
- return false;
402
- }
403
- ?>
404
- <div class="postbox">
405
- <h3 class="hndle"><label for="title"><?php _e('Latest file change scan results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
406
- <div class="inside">
407
- <?php
408
- $files_added_output = "";
409
- $files_removed_output = "";
410
- $files_changed_output = "";
411
- $last_scan_results = $fcd_data['last_scan_result'];
412
- if (!empty($last_scan_results['files_added'])) {
413
- //Output table of files added
414
- echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . __('The following files were added to your host.', 'all-in-one-wp-security-and-firewall') . '</div>';
415
- $files_added_output .= '<table class="widefat">';
416
- $files_added_output .= '<tr>';
417
- $files_added_output .= '<th>' . __('File','all-in-one-wp-security-and-firewall') . '</th>';
418
- $files_added_output .= '<th>' . __('File size','all-in-one-wp-security-and-firewall') . '</th>';
419
- $files_added_output .= '<th>' . __('File modified','all-in-one-wp-security-and-firewall') . '</th>';
420
- $files_added_output .= '</tr>';
421
- foreach ($last_scan_results['files_added'] as $key => $value) {
422
- $files_added_output .= '<tr>';
423
- $files_added_output .= '<td>' . $key . '</td>';
424
- $files_added_output .= '<td>' . $value['filesize'] . '</td>';
425
- $files_added_output .= '<td>' . date('Y-m-d H:i:s', $value['last_modified']) . '</td>';
426
- $files_added_output .= '</tr>';
427
- }
428
- $files_added_output .= '</table>';
429
- echo $files_added_output;
430
- }
431
- echo '<div class="aio_spacer_15"></div>';
432
- if (!empty($last_scan_results['files_removed'])) {
433
- //Output table of files removed
434
- echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . __('The following files were removed from your host.', 'all-in-one-wp-security-and-firewall') . '</div>';
435
- $files_removed_output .= '<table class="widefat">';
436
- $files_removed_output .= '<tr>';
437
- $files_removed_output .= '<th>'.__('File', 'all-in-one-wp-security-and-firewall').'</th>';
438
- $files_removed_output .= '<th>'.__('File size', 'all-in-one-wp-security-and-firewall').'</th>';
439
- $files_removed_output .= '<th>'.__('File modified', 'all-in-one-wp-security-and-firewall').'</th>';
440
- $files_removed_output .= '</tr>';
441
- foreach ($last_scan_results['files_removed'] as $key => $value) {
442
- $files_removed_output .= '<tr>';
443
- $files_removed_output .= '<td>' . $key . '</td>';
444
- $files_removed_output .= '<td>' . $value['filesize'] . '</td>';
445
- $files_removed_output .= '<td>' . date('Y-m-d H:i:s', $value['last_modified']) . '</td>';
446
- $files_removed_output .= '</tr>';
447
- }
448
- $files_removed_output .= '</table>';
449
- echo $files_removed_output;
450
- }
451
 
452
- echo '<div class="aio_spacer_15"></div>';
453
 
454
- if (!empty($last_scan_results['files_changed'])) {
455
- //Output table of files changed
456
- echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . __('The following files were changed on your host.', 'all-in-one-wp-security-and-firewall') . '</div>';
457
- $files_changed_output .= '<table class="widefat">';
458
- $files_changed_output .= '<tr>';
459
- $files_changed_output .= '<th>' . __('File', 'all-in-one-wp-security-and-firewall') . '</th>';
460
- $files_changed_output .= '<th>' . __('File size', 'all-in-one-wp-security-and-firewall') . '</th>';
461
- $files_changed_output .= '<th>' . __('File modified', 'all-in-one-wp-security-and-firewall') . '</th>';
462
- $files_changed_output .= '</tr>';
463
- foreach ($last_scan_results['files_changed'] as $key => $value) {
464
- $files_changed_output .= '<tr>';
465
- $files_changed_output .= '<td>' . $key . '</td>';
466
- $files_changed_output .= '<td>' . $value['filesize'] . '</td>';
467
- $files_changed_output .= '<td>' . date('Y-m-d H:i:s', $value['last_modified']) . '</td>';
468
- $files_changed_output .= '</tr>';
469
- }
470
- $files_changed_output .= '</table>';
471
- echo $files_changed_output;
472
- }
473
-
474
- ?>
475
- </div></div>
476
- <?php
477
- }
478
  } //end class
1
  <?php
2
+
3
  if (!defined('ABSPATH')) {
4
+ exit;//Exit if accessed directly
5
  }
6
 
7
  /**
17
  * @var string
18
  */
19
  protected $menu_page_slug = AIOWPSEC_FILESCAN_MENU_SLUG;
20
+
21
  /**
22
  * Specify all the tabs of this menu
23
  *
31
  * @var array
32
  */
33
  protected $menu_tabs_handler = array(
34
+ 'file-change-detect' => 'render_file_change_detect',
35
+ 'malware-scan' => 'render_malware_scan',
36
+ );
37
+
38
  /**
39
  * Renders the menu and current tab page.
40
  *
43
  public function __construct() {
44
  $this->render_menu_page();
45
  }
46
+
47
+
48
  /**
49
  * Sets the menu and tab names.
50
  *
72
  }
73
  echo '</h2>';
74
  }
75
+
76
+ /**
77
+ * The menu rendering goes here
78
+ *
79
+ * @return void
80
+ */
81
+ private function render_menu_page() {
82
+ echo '<div class="wrap">';
83
+ echo '<h2>' . __('Scanner', 'all-in-one-wp-security-and-firewall') . '</h2>'; // Interface title
84
+ $this->set_menu_tabs();
85
+ $tab = $this->get_current_tab();
86
+ $this->render_menu_tabs();
87
+ ?>
88
+ <div id="poststuff"><div id="post-body">
89
+ <?php
90
+ // $tab_keys = array_keys($this->menu_tabs);
91
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
92
+ ?>
93
+ </div></div>
94
+ </div><!-- end of wrap -->
95
+ <?php
96
+ }
97
+
98
+ /**
99
+ * File change detection on your system files.
100
+ *
101
+ * @global $wpdb
102
+ * @global $aio_wp_security
103
+ * @global $aiowps_feature_mgr
104
+ */
105
+ private function render_file_change_detect() {
106
+ global $wpdb, $aio_wp_security;
107
+ global $aiowps_feature_mgr;
108
+ if (isset($_POST['fcd_scan_info'])) {
109
+ //Display scan file change info and clear the global alert variable
110
+
111
+ //Clear the global variable
112
+ $aio_wp_security->configs->set_value('aiowps_fcds_change_detected', FALSE);
113
+ $aio_wp_security->configs->save_config();
114
+
115
+ //Display the last scan results
116
+ $this->display_last_scan_results();
117
  }
118
 
119
+ if (isset($_POST['aiowps_view_last_fcd_results'])) {
120
+ //Display the last scan results
121
+ if (!$this->display_last_scan_results()) {
122
+ $this->show_msg_updated(__('There have been no file changes since the last scan.', 'all-in-one-wp-security-and-firewall'));
123
+ }
124
+ }
125
 
126
+ if (isset($_POST['aiowps_manual_fcd_scan'])) {
127
+ $nonce = $_POST['_wpnonce'];
128
+ if (!wp_verify_nonce($nonce, 'aiowpsec-fcd-manual-scan-nonce')) {
129
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for manual file change detection scan operation.", 4);
130
+ die('Nonce check failed for manual file change detection scan operation.');
131
+ }
132
 
133
+ $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
134
+ if (false === $result) {
135
+ // error case
136
+ $this->show_msg_error(__('There was an error during the file change detection scan. Please check the AIOS logs.', 'all-in-one-wp-security-and-firewall'));
137
+ }
138
+
139
+ //If this is first scan display special message
140
+ if (1 == $result['initial_scan']) {
141
+ $this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans.', 'all-in-one-wp-security-and-firewall'));
142
+ } elseif (!$aio_wp_security->configs->get_value('aiowps_fcds_change_detected')) {
143
+ $this->show_msg_updated(__('Scan Complete - There were no file changes detected.', 'all-in-one-wp-security-and-firewall'));
144
+ }
145
+ }
146
 
147
+ if (isset($_POST['aiowps_schedule_fcd_scan'])) { //Do form submission tasks
148
+ $error = '';
149
+ $reset_scan_data = FALSE;
150
+ $file_types = '';
151
+ $files = '';
152
 
153
+ $nonce = $_POST['_wpnonce'];
154
+ if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-fcd-scan-nonce')) {
155
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for file change detection scan options save.", 4);
156
+ die("Nonce check failed for file change detection scan options save.");
157
+ }
158
 
159
+ $fcd_scan_frequency = sanitize_text_field($_POST['aiowps_fcd_scan_frequency']);
160
+ if (!is_numeric($fcd_scan_frequency)) {
161
+ $error .= '<br>' . __('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.', 'all-in-one-wp-security-and-firewall');
162
+ $fcd_scan_frequency = '4'; // Set it to the default value for this field
163
+ }
164
+
165
+ if (!empty($_POST['aiowps_fcd_exclude_filetypes'])) {
166
+ $file_types = trim($_POST['aiowps_fcd_exclude_filetypes']);
167
+ // $file_types_array = preg_split( '/\r\n|\r|\n/', $file_types );
168
 
169
+ // Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these filetypes
170
+ if ($file_types != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')) {
171
+ $reset_scan_data = TRUE;
172
+ }
173
+ }
174
+
175
+ if (!empty($_POST['aiowps_fcd_exclude_files'])) {
176
+ $files = trim($_POST['aiowps_fcd_exclude_files']);
177
+ //Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these files/dirs
178
+ if ($files != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_files')) {
179
+ $reset_scan_data = TRUE;
180
+ }
181
+ }
182
 
183
+ // Explode by end-of-line character, then trim and filter empty lines
184
+ $email_list_array = array_filter(array_map('trim', explode("\n", $_POST['aiowps_fcd_scan_email_address'])), 'strlen');
185
+ $errors = array();
186
+ foreach ($email_list_array as $key => $value) {
187
+ $email_sane = sanitize_email($value);
188
+ if (!is_email($email_sane)) {
189
+ $errors[] = __('The following address was removed because it is not a valid email address: ', 'all-in-one-wp-security-and-firewall')
190
+ . htmlspecialchars($value);
191
+ unset($email_list_array[$key]);
192
+ }
193
+ }
194
+ $email_address = implode("\n", $email_list_array);
195
+ if (!empty($errors)) {
196
+ $this->show_msg_error(__('Attention:', 'all-in-one-wp-security-and-firewall') . '<br>' . implode('<br>', $errors));
197
+ }
198
 
199
+ // Save all the form values to the options
200
+ $aio_wp_security->configs->set_value('aiowps_enable_automated_fcd_scan', isset($_POST["aiowps_enable_automated_fcd_scan"]) ? '1' : '');
201
+ $aio_wp_security->configs->set_value('aiowps_fcd_scan_frequency', absint($fcd_scan_frequency));
202
+ $aio_wp_security->configs->set_value('aiowps_fcd_scan_interval', $_POST["aiowps_fcd_scan_interval"]);
203
+ $aio_wp_security->configs->set_value('aiowps_fcd_exclude_filetypes', $file_types);
204
+ $aio_wp_security->configs->set_value('aiowps_fcd_exclude_files', $files);
205
+ $aio_wp_security->configs->set_value('aiowps_send_fcd_scan_email', isset($_POST["aiowps_send_fcd_scan_email"]) ? '1' : '');
206
+ $aio_wp_security->configs->set_value('aiowps_fcd_scan_email_address', $email_address);
207
+ $aio_wp_security->configs->save_config();
208
 
209
+ // Recalculate points after the feature status/options have been altered
210
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
211
+ $this->show_msg_settings_updated();
212
+
213
+ // Let's check if backup interval was set to less than 24 hours
214
+ if (isset($_POST["aiowps_enable_automated_fcd_scan"]) && ($fcd_scan_frequency < 24) && 0 == $_POST["aiowps_fcd_scan_interval"]) {
215
+ $this->show_msg_updated(__('Attention: You have configured your file change detection scan to occur at least once daily.', 'all-in-one-wp-security-and-firewall') . ' ' . __('For most websites we recommended that you choose a less frequent schedule such as once every few days, once a week or once a month.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Choosing a less frequent schedule will also help reduce your server load.', 'all-in-one-wp-security-and-firewall'));
216
+ }
217
+
218
+ if ($reset_scan_data) {
219
+ //Clear old scan row and ask user to perform a fresh scan to reset the data
220
+ $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
221
+ $where = array('meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data');
222
+ $wpdb->delete($aiowps_global_meta_tbl_name, $where);
223
+ $result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
224
+ $new_scan_alert = __('New scan completed: The plugin has detected that you have made changes to the "File Types To Ignore" or "Files To Ignore" fields.', 'all-in-one-wp-security-and-firewall').' '.__('In order to ensure that future scan results are accurate, the old scan data has been refreshed.', 'all-in-one-wp-security-and-firewall');
225
+ $this->show_msg_updated($new_scan_alert);
226
+ }
227
+ }
228
+
229
+ // Display an alert warning message if a file change was detected
230
+ if ($aio_wp_security->configs->get_value('aiowps_fcds_change_detected')) {
231
+ $error_msg = __('All In One WP Security & Firewall has detected that there was a change in your host\'s files.', 'all-in-one-wp-security-and-firewall');
232
+
233
+ $button = '<div><form action="" method="POST"><input type="submit" name="fcd_scan_info" value="' . __('View scan details and clear this message', 'all-in-one-wp-security-and-firewall') . '" class="button-secondary" /></form></div>';
234
+ $error_msg .= $button;
235
+ $this->show_msg_error($error_msg);
236
+ }
237
+ ?>
238
+ <div class="aio_blue_box">
239
+ <?php
240
+ echo '<p>' . __('If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.', 'all-in-one-wp-security-and-firewall') .
241
+ '<br>' . __('Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.', 'all-in-one-wp-security-and-firewall') .
242
+ '<br>' . __('In general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.', 'all-in-one-wp-security-and-firewall') .
243
+ '<br>' . __('The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system\'s files.', 'all-in-one-wp-security-and-firewall') .
244
+ '<br>' . __('This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)', 'all-in-one-wp-security-and-firewall') . '</p>';
245
+ ?>
246
+ </div>
247
 
248
+ <div class="postbox">
249
+ <h3 class="hndle"><label for="title"><?php _e('Manual file change detection scan', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
250
+ <div class="inside">
251
+ <form action="" method="POST">
252
+ <?php wp_nonce_field('aiowpsec-fcd-manual-scan-nonce'); ?>
253
+ <table class="form-table">
254
+ <tr valign="top">
255
+ <span class="description"><?php _e('To perform a manual file change detection scan click on the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
256
+ </tr>
257
+ </table>
258
+ <input type="submit" name="aiowps_manual_fcd_scan" value="<?php _e('Perform scan now', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
259
+ </form>
260
+ </div></div>
261
+ <div class="postbox">
262
+ <h3 class="hndle"><label for="title"><?php _e('View last saved file change results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
263
+ <div class="inside">
264
+ <form action="" method="POST">
265
+ <?php wp_nonce_field('aiowpsec-view-last-fcd-results-nonce'); ?>
266
+ <table class="form-table">
267
+ <tr valign="top">
268
+ <span class="description"><?php _e('Click the button below to view the saved file change results from the last scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
269
+ </tr>
270
+ </table>
271
+ <input type="submit" name="aiowps_view_last_fcd_results" value="<?php _e('View last file change', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
272
+ </form>
273
+ </div></div>
274
+ <div class="postbox">
275
+ <h3 class="hndle"><label for="title"><?php _e('File change detection settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
276
+ <div class="inside">
277
+ <?php
278
+ $aiowps_feature_mgr->output_feature_details_badge('scan-file-change-detection');
279
+ ?>
280
+ <form action="" method="POST">
281
+ <?php wp_nonce_field('aiowpsec-scheduled-fcd-scan-nonce'); ?>
282
+ <table class="form-table">
283
+ <tr valign="top">
284
+ <th scope="row"><?php _e('Enable automated file change detection scan', 'all-in-one-wp-security-and-firewall'); ?>:</th>
285
+ <td>
286
+ <input id="aiowps_enable_automated_fcd_scan" name="aiowps_enable_automated_fcd_scan" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_automated_fcd_scan')=='1') echo ' checked="checked"'; ?> value="1"/>
287
+ <label for="aiowps_enable_automated_fcd_scan" class="description"><?php _e('Check this if you want the system to automatically/periodically scan your files to check for file changes based on the settings below', 'all-in-one-wp-security-and-firewall'); ?></label>
288
+ </td>
289
+ </tr>
290
+ <tr valign="top">
291
+ <th scope="row"><label for="aiowps_fcd_scan_frequency"><?php _e('Scan time interval', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
292
+ <td><input id="aiowps_fcd_scan_frequency" type="text" size="5" name="aiowps_fcd_scan_frequency" value="<?php echo $aio_wp_security->configs->get_value('aiowps_fcd_scan_frequency'); ?>" />
293
+ <select id="backup_interval" name="aiowps_fcd_scan_interval">
294
+ <option value="0" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '0' ); ?>><?php _e( 'Hours', 'all-in-one-wp-security-and-firewall' ); ?></option>
295
+ <option value="1" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '1' ); ?>><?php _e( 'Days', 'all-in-one-wp-security-and-firewall' ); ?></option>
296
+ <option value="2" <?php selected( $aio_wp_security->configs->get_value('aiowps_fcd_scan_interval'), '2' ); ?>><?php _e( 'Weeks', 'all-in-one-wp-security-and-firewall' ); ?></option>
297
+ </select>
298
+ <span class="description"><?php _e('Set the value for how often you would like a scan to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
299
+ </td>
300
+ </tr>
301
+ <tr valign="top">
302
+ <th scope="row"><label for="aiowps_fcd_exclude_filetypes"><?php _e('File types to ignore', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
303
+ <td><textarea id="aiowps_fcd_exclude_filetypes" name="aiowps_fcd_exclude_filetypes" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes')); ?></textarea>
304
+ <br>
305
+ <span class="description"><?php _e('Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
306
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
307
+ <div class="aiowps_more_info_body">
308
+ <?php
309
+ echo '<p class="description">' . __('You can exclude file types from the scan which would not normally pose any security threat if they were changed. These can include things such as image files.', 'all-in-one-wp-security-and-firewall') . '</p>';
310
+ echo '<p class="description">' . sprintf(__('Example: If you want the scanner to ignore files of type %s, %s, and %s, then you would enter the following:', 'all-in-one-wp-security-and-firewall'),'jpg' ,'png', 'bmp'). '</p>';
311
+ echo '<p class="description">' . 'jpg' . '</p>';
312
+ echo '<p class="description">' . 'png' . '</p>';
313
+ echo '<p class="description">' . 'bmp' . '</p>';
314
+ ?>
315
+ </div>
316
+ </td>
317
+ </tr>
318
+ <tr valign="top">
319
+ <th scope="row"><label for="aiowps_fcd_exclude_files"><?php _e('Files/Directories to ignore', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
320
+ <td><textarea id="aiowps_fcd_exclude_files" name="aiowps_fcd_exclude_files" rows="5" cols="50"><?php echo htmlspecialchars($aio_wp_security->configs->get_value('aiowps_fcd_exclude_files')); ?></textarea>
321
+ <br>
322
+ <span class="description"><?php _e('Enter each file or directory on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
323
+ <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
324
+ <div class="aiowps_more_info_body">
325
+ <?php
326
+ echo '<p class="description">' . __('You can exclude specific files/directories from the scan which would not normally pose any security threat if they were changed. These can include things such as log files.', 'all-in-one-wp-security-and-firewall') . '</p>';
327
+ echo '<p class="description">' . __('Example: If you want the scanner to ignore certain files in different directories or whole directories, then you would enter the following:', 'all-in-one-wp-security-and-firewall') . '</p>';
328
+ echo '<p class="description">' . 'cache/config/master.php' . '</p>';
329
+ echo '<p class="description">' . __('somedirectory', 'all-in-one-wp-security-and-firewall') . '</p>';
330
+ ?>
331
+ </div>
332
+ </td>
333
+ </tr>
334
+ <tr valign="top">
335
+ <th scope="row">
 
336
  <label for="aiowps_fcd_scan_email_address"><?php _e('Send email when change detected', 'all-in-one-wp-security-and-firewall'); ?>:</label>
337
  </th>
338
+ <td>
339
+ <input id="aiowps_send_fcd_scan_email" name="aiowps_send_fcd_scan_email" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_send_fcd_scan_email')=='1') echo ' checked="checked"'; ?> value="1"/>
340
+ <label for="aiowps_send_fcd_scan_email" class="description"><?php _e('Check this if you want the system to email you if a file change was detected', 'all-in-one-wp-security-and-firewall'); ?></label>
341
+ <br>
342
+ <textarea name="aiowps_fcd_scan_email_address" id="aiowps_fcd_scan_email_address" rows="5" cols="50"><?php echo esc_textarea(wp_unslash(AIOWPSecurity_Utility::get_textarea_str_val($aio_wp_security->configs->get_value('aiowps_fcd_scan_email_address')))); ?></textarea>
343
+ <br>
344
+ <span class="description"><?php _e('Enter one or more email addresses on a new line.', 'all-in-one-wp-security-and-firewall'); ?></span>
345
+ </td>
346
+ </tr>
347
+ </table>
348
+ <input type="submit" name="aiowps_schedule_fcd_scan" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
349
+ </form>
350
+ </div></div>
351
+
352
+ <?php
353
+ }
354
+
355
+ /**
356
+ * Malware code scan on your system files.
357
+ *
358
+ * @return void
359
+ */
360
+ private function render_malware_scan() {
361
+ ?>
362
+ <div class="aio_blue_box">
363
+ <?php
364
+ echo '<h2>' . __('What is malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
365
+ echo '<p>' . __('The word malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall') . '</p>' .
366
+ '<p>' . __('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall') . '</p>' .
367
+ '<p>' . __('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall') . '</p>';
368
 
369
+ $site_scanners_link = '<a href="https://aiosplugin.com/why-upgrade-to-premium/" target="_blank">' . __('here', 'all-in-one-wp-security-and-firewall'). '</a>';
370
 
371
+ echo '<h2>' . __('Scanning for malware', 'all-in-one-wp-security-and-firewall') . '</h2>';
372
+ echo '<p>' . __('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably.', 'all-in-one-wp-security-and-firewall') . ' ' . __('This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall') . '</p>'.
373
+ '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
374
+ echo '<p>' . __('This service is included with the premium plugin and provides the following:', 'all-in-one-wp-security-and-firewall') . '</p>';
375
+ echo '<ul class="aiowps_admin_ul_grp1">
376
+ <li>' . __('Automatic daily scans', 'all-in-one-wp-security-and-firewall') . '</li>
377
  <li>' . __('Automatic malware and blacklist monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
378
  <li>' . __('Automatic email alerting', 'all-in-one-wp-security-and-firewall') . '</li>
379
  <li>' . __('Site uptime monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
381
  <li>' . __('We provide advice for malware cleanup', 'all-in-one-wp-security-and-firewall') . '</li>
382
  <li>' . __('Blacklist removal', 'all-in-one-wp-security-and-firewall') . '</li>
383
  <li>' . __('No contract (cancel anytime)', 'all-in-one-wp-security-and-firewall') . '</li>
384
+ </ul>';
385
+ echo '<p>' . sprintf(__('Learn more %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link) . '</p>';
386
+ ?>
387
+ </div>
388
 
389
+ <?php
390
+ }
391
+
392
+ /**
393
+ * Outputs the last scan results in a postbox
394
+ *
395
+ * @return void
396
+ */
397
+ private function display_last_scan_results() {
398
+ $fcd_data = AIOWPSecurity_Scan::get_fcd_data();
399
+ if (!$fcd_data || !isset($fcd_data['last_scan_result'])) {
400
+ // no fcd data found
401
+ return false;
402
+ }
403
+ ?>
404
+ <div class="postbox">
405
+ <h3 class="hndle"><label for="title"><?php _e('Latest file change scan results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
406
+ <div class="inside">
407
+ <?php
408
+ $files_added_output = "";
409
+ $files_removed_output = "";
410
+ $files_changed_output = "";
411
+ $last_scan_results = $fcd_data['last_scan_result'];
412
+ if (!empty($last_scan_results['files_added'])) {
413
+ // Output table of files added
414
+ echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . __('The following files were added to your host.', 'all-in-one-wp-security-and-firewall') . '</div>';
415
+ $files_added_output .= '<table class="widefat">';
416
+ $files_added_output .= '<tr>';
417
+ $files_added_output .= '<th>' . __('File','all-in-one-wp-security-and-firewall') . '</th>';
418
+ $files_added_output .= '<th>' . __('File size','all-in-one-wp-security-and-firewall') . '</th>';
419
+ $files_added_output .= '<th>' . __('File modified','all-in-one-wp-security-and-firewall') . '</th>';
420
+ $files_added_output .= '</tr>';
421
+ foreach ($last_scan_results['files_added'] as $key => $value) {
422
+ $files_added_output .= '<tr>';
423
+ $files_added_output .= '<td>' . $key . '</td>';
424
+ $files_added_output .= '<td>' . $value['filesize'] . '</td>';
425
+ $files_added_output .= '<td>' . date('Y-m-d H:i:s', $value['last_modified']) . '</td>';
426
+ $files_added_output .= '</tr>';
427
+ }
428
+ $files_added_output .= '</table>';
429
+ echo $files_added_output;
430
+ }
431
+ echo '<div class="aio_spacer_15"></div>';
432
+ if (!empty($last_scan_results['files_removed'])) {
433
+ // Output table of files removed
434
+ echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . __('The following files were removed from your host.', 'all-in-one-wp-security-and-firewall') . '</div>';
435
+ $files_removed_output .= '<table class="widefat">';
436
+ $files_removed_output .= '<tr>';
437
+ $files_removed_output .= '<th>'.__('File', 'all-in-one-wp-security-and-firewall').'</th>';
438
+ $files_removed_output .= '<th>'.__('File size', 'all-in-one-wp-security-and-firewall').'</th>';
439
+ $files_removed_output .= '<th>'.__('File modified', 'all-in-one-wp-security-and-firewall').'</th>';
440
+ $files_removed_output .= '</tr>';
441
+ foreach ($last_scan_results['files_removed'] as $key => $value) {
442
+ $files_removed_output .= '<tr>';
443
+ $files_removed_output .= '<td>' . $key . '</td>';
444
+ $files_removed_output .= '<td>' . $value['filesize'] . '</td>';
445
+ $files_removed_output .= '<td>' . date('Y-m-d H:i:s', $value['last_modified']) . '</td>';
446
+ $files_removed_output .= '</tr>';
447
+ }
448
+ $files_removed_output .= '</table>';
449
+ echo $files_removed_output;
450
+ }
451
 
452
+ echo '<div class="aio_spacer_15"></div>';
453
 
454
+ if (!empty($last_scan_results['files_changed'])) {
455
+ // Output table of files changed
456
+ echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . __('The following files were changed on your host.', 'all-in-one-wp-security-and-firewall') . '</div>';
457
+ $files_changed_output .= '<table class="widefat">';
458
+ $files_changed_output .= '<tr>';
459
+ $files_changed_output .= '<th>' . __('File', 'all-in-one-wp-security-and-firewall') . '</th>';
460
+ $files_changed_output .= '<th>' . __('File size', 'all-in-one-wp-security-and-firewall') . '</th>';
461
+ $files_changed_output .= '<th>' . __('File modified', 'all-in-one-wp-security-and-firewall') . '</th>';
462
+ $files_changed_output .= '</tr>';
463
+ foreach ($last_scan_results['files_changed'] as $key => $value) {
464
+ $files_changed_output .= '<tr>';
465
+ $files_changed_output .= '<td>' . $key . '</td>';
466
+ $files_changed_output .= '<td>' . $value['filesize'] . '</td>';
467
+ $files_changed_output .= '<td>' . date('Y-m-d H:i:s', $value['last_modified']) . '</td>';
468
+ $files_changed_output .= '</tr>';
469
+ }
470
+ $files_changed_output .= '</table>';
471
+ echo $files_changed_output;
472
+ }
473
+
474
+ ?>
475
+ </div></div>
476
+ <?php
477
+ }
478
  } //end class
admin/wp-security-firewall-setup-notice.php CHANGED
@@ -604,7 +604,7 @@ class AIOWPSecurity_Firewall_Setup_Notice {
604
  return true;
605
  }
606
 
607
- if (!current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) {
608
  return true;
609
  }
610
 
604
  return true;
605
  }
606
 
607
+ if (!current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
608
  return true;
609
  }
610
 
admin/wp-security-list-comment-spammer-ip.php CHANGED
@@ -6,14 +6,14 @@ if (!defined('ABSPATH')) {
6
 
7
  class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
8
 
9
- public function __construct(){
10
  global $status, $page;
11
-
12
  //Set parent defaults
13
- parent::__construct( array(
14
- 'singular' => 'item', //singular name of the listed records
15
- 'plural' => 'items', //plural name of the listed records
16
- 'ajax' => false //does this table support ajax?
17
  ) );
18
 
19
  }
@@ -25,7 +25,7 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
25
  public function column_comment_author_IP($item) {
26
  $tab = strip_tags($_REQUEST['tab']);
27
  //Build row actions
28
- if (is_multisite() && get_current_blog_id() != 1) {
29
  //Suppress the block link if site is a multi site AND not the main site
30
  $actions = array(); //blank array
31
  } else {
@@ -46,7 +46,7 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
46
  }
47
 
48
 
49
- public function column_cb($item){
50
  return sprintf(
51
  '<input type="checkbox" name="%1$s[]" value="%2$s" />',
52
  /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
@@ -54,7 +54,7 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
54
  );
55
  }
56
 
57
- public function get_columns(){
58
  $columns = array(
59
  'cb' => '<input type="checkbox" />', //Render a checkbox
60
  'comment_author_IP' => __('Spammer IP', 'all-in-one-wp-security-and-firewall'),
@@ -74,7 +74,7 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
74
  }
75
 
76
  public function get_bulk_actions() {
77
- if (is_multisite() && get_current_blog_id() != 1) {
78
  //Suppress the block link if site is a multi site AND not the main site
79
  $actions = array(); //blank array
80
  } else {
@@ -89,9 +89,9 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
89
  if (empty($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'], 'bulk-items')) return;
90
 
91
  global $aio_wp_security;
92
- if('block'===$this->current_action()) {
93
  //Process block bulk actions
94
- if(!isset($_REQUEST['item'])) {
95
  $error_msg = '<div id="message" class="error"><p><strong>';
96
  $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
97
  $error_msg .= '</strong></p></div>';
@@ -118,8 +118,8 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
118
  }
119
  }
120
  } else if ($entries != NULL) {
121
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
122
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip')) {
123
  $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
124
  die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
125
  }
@@ -156,8 +156,8 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
156
  }
157
  }
158
  } else if ($entries != NULL) {
159
- $nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
160
- if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip')) {
161
  $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
162
  die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
163
  }
@@ -175,7 +175,7 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
175
  AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.','all-in-one-wp-security-and-firewall'));
176
 
177
  //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
178
- if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1') {
179
  $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
180
  if ($write_result) {
181
  AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.','all-in-one-wp-security-and-firewall'));
@@ -219,24 +219,45 @@ class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
219
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
220
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
221
 
222
- $sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
 
 
 
 
 
 
 
 
 
223
  FROM $wpdb->comments
224
  WHERE comment_approved = 'spam'
225
  GROUP BY comment_author_IP
226
  HAVING amount >= %d
227
  ORDER BY $orderby $order
228
  ", $minimum_comments_per_ip);
 
229
  $data = $wpdb->get_results($sql, ARRAY_A);
230
 
231
- //Get all permamnetly blocked IP addresses
232
  $block_list = AIOWPSecurity_Blocking::get_list_blocked_ips();
233
- if(!empty($block_list)){
234
- foreach($data as $key=>$value){
235
- if(in_array($value['comment_author_IP'],$block_list)){
236
- $data[$key]['status'] = 'blocked';
237
- }
 
 
 
 
 
 
 
 
 
 
238
  }
239
  }
 
240
  $current_page = $this->get_pagenum();
241
  $total_items = count($data);
242
  $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
6
 
7
  class AIOWPSecurity_List_Comment_Spammer_IP extends AIOWPSecurity_List_Table {
8
 
9
+ public function __construct() {
10
  global $status, $page;
11
+
12
  //Set parent defaults
13
+ parent::__construct(array(
14
+ 'singular' => 'item', // singular name of the listed records
15
+ 'plural' => 'items', // plural name of the listed records
16
+ 'ajax' => false // does this table support ajax?
17
  ) );
18
 
19
  }
25
  public function column_comment_author_IP($item) {
26
  $tab = strip_tags($_REQUEST['tab']);
27
  //Build row actions
28
+ if (!is_main_site()) {
29
  //Suppress the block link if site is a multi site AND not the main site
30
  $actions = array(); //blank array
31
  } else {
46
  }
47
 
48
 
49
+ public function column_cb($item) {
50
  return sprintf(
51
  '<input type="checkbox" name="%1$s[]" value="%2$s" />',
52
  /*$1%s*/ $this->_args['singular'], //Let's simply repurpose the table's singular label
54
  );
55
  }
56
 
57
+ public function get_columns() {
58
  $columns = array(
59
  'cb' => '<input type="checkbox" />', //Render a checkbox
60
  'comment_author_IP' => __('Spammer IP', 'all-in-one-wp-security-and-firewall'),
74
  }
75
 
76
  public function get_bulk_actions() {
77
+ if (!is_main_site()) {
78
  //Suppress the block link if site is a multi site AND not the main site
79
  $actions = array(); //blank array
80
  } else {
89
  if (empty($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'], 'bulk-items')) return;
90
 
91
  global $aio_wp_security;
92
+ if ('block' === $this->current_action()) {
93
  //Process block bulk actions
94
+ if (!isset($_REQUEST['item'])) {
95
  $error_msg = '<div id="message" class="error"><p><strong>';
96
  $error_msg .= __('Please select some records using the checkboxes','all-in-one-wp-security-and-firewall');
97
  $error_msg .= '</strong></p></div>';
118
  }
119
  }
120
  } else if ($entries != NULL) {
121
+ $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
122
+ if (!isset($nonce) || !wp_verify_nonce($nonce, 'block_spammer_ip')) {
123
  $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
124
  die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
125
  }
156
  }
157
  }
158
  } else if ($entries != NULL) {
159
+ $nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
160
+ if (!isset($nonce) || !wp_verify_nonce($nonce, 'block_spammer_ip')) {
161
  $aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
162
  die(__('Nonce check failed for delete selected blocked IP operation!','all-in-one-wp-security-and-firewall'));
163
  }
175
  AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses were saved in the blacklist configuration settings.','all-in-one-wp-security-and-firewall'));
176
 
177
  //Let's check if the Enable Blacklisting flag has been set - If so, we will write the new data to the .htaccess file.
178
+ if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_blacklisting')) {
179
  $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
180
  if ($write_result) {
181
  AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The .htaccess file was successfully modified to include the selected IP addresses.','all-in-one-wp-security-and-firewall'));
219
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
220
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
221
 
222
+ // status is not a key in the database so we don't want to sort the database results, but sort the array later
223
+ if ('status' == $orderby) {
224
+ $sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
225
+ FROM $wpdb->comments
226
+ WHERE comment_approved = 'spam'
227
+ GROUP BY comment_author_IP
228
+ HAVING amount >= %d
229
+ ", $minimum_comments_per_ip);
230
+ } else {
231
+ $sql = $wpdb->prepare("SELECT comment_author_IP, COUNT(*) AS amount
232
  FROM $wpdb->comments
233
  WHERE comment_approved = 'spam'
234
  GROUP BY comment_author_IP
235
  HAVING amount >= %d
236
  ORDER BY $orderby $order
237
  ", $minimum_comments_per_ip);
238
+ }
239
  $data = $wpdb->get_results($sql, ARRAY_A);
240
 
241
+ // Get all permamnetly blocked IP addresses
242
  $block_list = AIOWPSecurity_Blocking::get_list_blocked_ips();
243
+
244
+ foreach ($data as $key => $value) {
245
+ if (in_array($value['comment_author_IP'], $block_list)) {
246
+ $data[$key]['status'] = 'blocked';
247
+ } else {
248
+ $data[$key]['status'] = 'not blocked';
249
+ }
250
+ }
251
+
252
+ if ('status' == $orderby) {
253
+ $keys = array_column($data, 'status');
254
+ if ('asc' == $order) {
255
+ array_multisort($keys, SORT_ASC, SORT_STRING, $data);
256
+ } else {
257
+ array_multisort($keys, SORT_DESC, SORT_STRING, $data);
258
  }
259
  }
260
+
261
  $current_page = $this->get_pagenum();
262
  $total_items = count($data);
263
  $data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
admin/wp-security-settings-menu.php CHANGED
@@ -200,8 +200,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
200
 
201
  ?>
202
  <div class="aio_grey_box">
203
- <p><?php _e('For information, updates and documentation, please visit the', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank"><?php echo htmlspecialchars('All In One WP Security & Firewall Plugin'); ?></a> <?php _e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
204
- <p><a href="https://www.tipsandtricks-hq.com/development-center" target="_blank"><?php _e('Follow us', 'all-in-one-wp-security-and-firewall'); ?></a> <?php _e('on Twitter, Google+ or via Email to stay up to date about the new security features of this plugin.', 'all-in-one-wp-security-and-firewall'); ?></p>
205
  </div>
206
 
207
  <div class="postbox">
200
 
201
  ?>
202
  <div class="aio_grey_box">
203
+ <p><?php _e('For information, updates and documentation, please visit the', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://aiosplugin.com" target="_blank"><?php echo htmlspecialchars('All In One WP Security & Firewall Plugin'); ?></a> <?php _e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
 
204
  </div>
205
 
206
  <div class="postbox">
admin/wp-security-spam-menu.php CHANGED
@@ -445,7 +445,7 @@ class AIOWPSecurity_Spam_Menu extends AIOWPSecurity_Admin_Menu
445
  <h3 class="hndle"><label for="title"><?php _e('Spammer IP address results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
446
  <div class="inside">
447
  <?php
448
- if (is_multisite() && get_current_blog_id() != 1)
449
  {
450
  echo '<div class="aio_yellow_box">';
451
  echo '<p>'.__('The plugin has detected that you are using a Multi-Site WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>
445
  <h3 class="hndle"><label for="title"><?php _e('Spammer IP address results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
446
  <div class="inside">
447
  <?php
448
+ if (!is_main_site())
449
  {
450
  echo '<div class="aio_yellow_box">';
451
  echo '<p>'.__('The plugin has detected that you are using a Multi-Site WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>
admin/wp-security-user-registration-menu.php CHANGED
@@ -212,7 +212,7 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
212
  <h3 class="hndle"><label for="title"><?php _e('Registration page CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
213
  <div class="inside">
214
  <?php
215
- if (is_multisite() && get_current_blog_id() != 1)
216
  {
217
  //Hide config settings if MS and not main site
218
  $special_msg = '<div class="aio_yellow_box">';
212
  <h3 class="hndle"><label for="title"><?php _e('Registration page CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
213
  <div class="inside">
214
  <?php
215
+ if (!is_main_site())
216
  {
217
  //Hide config settings if MS and not main site
218
  $special_msg = '<div class="aio_yellow_box">';
classes/aios-ajax.php CHANGED
@@ -139,7 +139,7 @@ if (!class_exists('AIOS_Ajax')) :
139
  * @return bool
140
  */
141
  private function is_user_capable() {
142
- return current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION);
143
  }
144
 
145
  /**
139
  * @return bool
140
  */
141
  private function is_user_capable() {
142
+ return current_user_can(apply_filters('aios_management_permission', 'manage_options'));
143
  }
144
 
145
  /**
classes/firewall/family/wp-security-firewall-families.php CHANGED
@@ -6,6 +6,6 @@ namespace AIOWPS\Firewall;
6
  */
7
  return array(
8
  array('name' => '6G', 'priority' => 10),
9
- array('name' => 'Blacklist', 'priority' => 0),
10
  array('name' => 'Bruteforce', 'priority' => 0),
11
  );
6
  */
7
  return array(
8
  array('name' => '6G', 'priority' => 10),
9
+ array('name' => 'Blacklist', 'priority' => 1),
10
  array('name' => 'Bruteforce', 'priority' => 0),
11
  );
classes/firewall/rule/rules/{rule-block-query-strings-6g.php → 6g/rule-block-query-strings-6g.php} RENAMED
@@ -38,7 +38,7 @@ class Rule_Block_Query_Strings_6g extends Rule {
38
  */
39
  public function is_satisfied() {
40
 
41
- if (empty($_SERVER['QUERY_STRING'])) return !Rule::SATISFIED;
42
 
43
  //Patterns to match against
44
  $patterns = array(
38
  */
39
  public function is_satisfied() {
40
 
41
+ if (empty($_SERVER['QUERY_STRING'])) return Rule::NOT_SATISFIED;
42
 
43
  //Patterns to match against
44
  $patterns = array(
classes/firewall/rule/rules/{rule-block-refs-6g.php → 6g/rule-block-refs-6g.php} RENAMED
@@ -38,7 +38,7 @@ class Rule_Block_Refs_6g extends Rule {
38
  */
39
  public function is_satisfied() {
40
 
41
- if (empty($_SERVER['HTTP_REFERER'])) return !Rule::SATISFIED;
42
 
43
  //Patterns to match against
44
  $patterns = array(
38
  */
39
  public function is_satisfied() {
40
 
41
+ if (empty($_SERVER['HTTP_REFERER'])) return Rule::NOT_SATISFIED;
42
 
43
  //Patterns to match against
44
  $patterns = array(
classes/firewall/rule/rules/{rule-block-request-strings-6g.php → 6g/rule-block-request-strings-6g.php} RENAMED
@@ -38,7 +38,10 @@ class Rule_Block_Request_Strings_6g extends Rule {
38
  */
39
  public function is_satisfied() {
40
 
41
- if (empty($_SERVER['PHP_SELF'])) return !Rule::SATISFIED;
 
 
 
42
 
43
  //Patterns to match against
44
  $patterns = array(
@@ -55,7 +58,7 @@ class Rule_Block_Request_Strings_6g extends Rule {
55
  '#/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php#i',
56
  );
57
 
58
- return Rule_Utils::contains_pattern(rawurldecode($_SERVER['PHP_SELF']), $patterns);
59
  }
60
 
61
  }
38
  */
39
  public function is_satisfied() {
40
 
41
+ if (empty($_SERVER['REQUEST_URI'])) return Rule::NOT_SATISFIED;
42
+
43
+ // ensure we get the request uri without the query string
44
+ $uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
45
 
46
  //Patterns to match against
47
  $patterns = array(
58
  '#/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php#i',
59
  );
60
 
61
+ return Rule_Utils::contains_pattern(rawurldecode($uri), $patterns);
62
  }
63
 
64
  }
classes/firewall/rule/rules/{rule-block-user-agents-6g.php → 6g/rule-block-user-agents-6g.php} RENAMED
@@ -38,7 +38,7 @@ class Rule_Block_User_Agents_6g extends Rule {
38
  */
39
  public function is_satisfied() {
40
 
41
- if (empty($_SERVER['HTTP_USER_AGENT'])) return !Rule::SATISFIED;
42
 
43
  //Patterns to match against
44
  $patterns = array(
38
  */
39
  public function is_satisfied() {
40
 
41
+ if (empty($_SERVER['HTTP_USER_AGENT'])) return Rule::NOT_SATISFIED;
42
 
43
  //Patterns to match against
44
  $patterns = array(
classes/firewall/rule/rules/{rule-request-method-6g.php → 6g/rule-request-method-6g.php} RENAMED
File without changes
classes/firewall/rule/rules/blacklist/rule-user-agent-blacklist.php ADDED
@@ -0,0 +1,56 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ namespace AIOWPS\Firewall;
3
+
4
+ /**
5
+ * Rule that blocks user agents to access.
6
+ */
7
+ class Rule_User_Agent_Blacklist extends Rule {
8
+
9
+ /**
10
+ * Implements the action to be taken
11
+ */
12
+ use Action_Forbid_and_Exit_Trait;
13
+
14
+ /**
15
+ * List of user agents to block
16
+ *
17
+ * @var array
18
+ */
19
+ private $blocked_user_agents;
20
+
21
+ /**
22
+ * Construct our rule
23
+ */
24
+ public function __construct() {
25
+ global $aiowps_firewall_config;
26
+
27
+ // Set the rule's metadata
28
+ $this->name = 'Blocked user agents';
29
+ $this->family = 'Blacklist';
30
+ $this->priority = 0;
31
+ $this->blocked_user_agents = $aiowps_firewall_config->get_value('aiowps_blacklist_user_agents');
32
+ }
33
+
34
+ /**
35
+ * Determines whether the rule is active
36
+ *
37
+ * @return boolean
38
+ */
39
+ public function is_active() {
40
+ return !empty($this->blocked_user_agents);
41
+ }
42
+
43
+ /**
44
+ * The condition to be satisfied for the rule to apply
45
+ *
46
+ * @return boolean
47
+ */
48
+ public function is_satisfied() {
49
+ foreach ($this->blocked_user_agents as $block_user_agent) {
50
+ if (!empty($block_user_agent) && strpos($_SERVER['HTTP_USER_AGENT'], $block_user_agent)) {
51
+ return Rule::SATISFIED;
52
+ }
53
+ }
54
+ return Rule::NOT_SATISFIED;
55
+ }
56
+ }
classes/firewall/rule/rules/{rule-cookie-prevent-bruteforce.php → bruteforce/rule-cookie-prevent-bruteforce.php} RENAMED
@@ -51,7 +51,7 @@ class Rule_Cookie_Prevent_Bruteforce extends Rule {
51
  $pw_protected_exception = $aiowps_firewall_config->get_value('aios_brute_force_attack_prevention_pw_protected_exception');
52
  $prevent_ajax_exception = $aiowps_firewall_config->get_value('aios_brute_force_attack_prevention_ajax_exception');
53
 
54
- if ('' != $_SERVER['REQUEST_URI'] && !hash_equals($brute_force_secret_cookie_val, hash_hmac('md5', $brute_force_secret_word, $brute_force_cookie_salt))) {
55
  // admin section or login page or login custom slug called
56
  $is_admin_or_login = (false != strpos($_SERVER['REQUEST_URI'], 'wp-admin') || false != strpos($_SERVER['REQUEST_URI'], 'wp-login') || ('' != $login_page_slug && false != strpos($_SERVER['REQUEST_URI'], $login_page_slug))) ? 1 : 0;
57
 
@@ -69,7 +69,7 @@ class Rule_Cookie_Prevent_Bruteforce extends Rule {
69
  }
70
  }
71
  }
72
- return !Rule::SATISFIED;
73
  }
74
 
75
  }
51
  $pw_protected_exception = $aiowps_firewall_config->get_value('aios_brute_force_attack_prevention_pw_protected_exception');
52
  $prevent_ajax_exception = $aiowps_firewall_config->get_value('aios_brute_force_attack_prevention_ajax_exception');
53
 
54
+ if (isset($_SERVER['REQUEST_URI']) && '' != $_SERVER['REQUEST_URI'] && !hash_equals($brute_force_secret_cookie_val, hash_hmac('md5', $brute_force_secret_word, $brute_force_cookie_salt))) {
55
  // admin section or login page or login custom slug called
56
  $is_admin_or_login = (false != strpos($_SERVER['REQUEST_URI'], 'wp-admin') || false != strpos($_SERVER['REQUEST_URI'], 'wp-login') || ('' != $login_page_slug && false != strpos($_SERVER['REQUEST_URI'], $login_page_slug))) ? 1 : 0;
57
 
69
  }
70
  }
71
  }
72
+ return Rule::NOT_SATISFIED;
73
  }
74
 
75
  }
classes/firewall/rule/wp-security-firewall-rule-builder.php CHANGED
@@ -31,18 +31,14 @@ class Rule_Builder {
31
  * @return iterable
32
  */
33
  private static function get_rule_classname() {
 
34
 
35
- $handle = opendir(AIOWPS_FIREWALL_DIR.'/rule/rules/');
36
- if ($handle) {
37
- while (false !== ($entry = readdir($handle))) {
38
- $matches = array();
39
- if (preg_match('/^rule-(.*)\.php$/', $entry, $matches)) {
40
- yield "AIOWPS\Firewall\Rule_".ucwords(str_replace('-', '_', $matches[1]), '_');
41
- }
42
  }
43
- @closedir($handle); //phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
44
  }
45
-
46
  }
47
 
48
  }
31
  * @return iterable
32
  */
33
  private static function get_rule_classname() {
34
+ $rec_iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator(AIOWPS_FIREWALL_DIR.'/rule/rules/', \FilesystemIterator::SKIP_DOTS));
35
 
36
+ foreach ($rec_iterator as $dir_iterator) {
37
+ $matches = array();
38
+ if (preg_match('/^rule-(?<rule_name>.*)\.php$/', $dir_iterator->getFilename(), $matches)) {
39
+ yield "AIOWPS\Firewall\Rule_".ucwords(str_replace('-', '_', $matches['rule_name']), '_');
 
 
 
40
  }
 
41
  }
 
42
  }
43
 
44
  }
classes/firewall/rule/wp-security-firewall-rule.php CHANGED
@@ -34,6 +34,14 @@ abstract class Rule {
34
  */
35
  const SATISFIED = true;
36
 
 
 
 
 
 
 
 
 
37
  /**
38
  * Executes the rule's action
39
  *
34
  */
35
  const SATISFIED = true;
36
 
37
+ /**
38
+ * An abstraction for when the rule is not satisfied
39
+ *
40
+ * @var boolean
41
+ */
42
+ const NOT_SATISFIED = false;
43
+
44
+
45
  /**
46
  * Executes the rule's action
47
  *
classes/firewall/wp-security-firewall-loader.php CHANGED
@@ -142,6 +142,9 @@ class Loader {
142
  AIOWPS_FIREWALL_DIR."/rule/{$file}",
143
  AIOWPS_FIREWALL_DIR."/rule/actions/{$classname}.php",
144
  AIOWPS_FIREWALL_DIR."/rule/rules/{$rule}",
 
 
 
145
  AIOWPS_FIREWALL_DIR."/libs/{$file}",
146
  );
147
 
142
  AIOWPS_FIREWALL_DIR."/rule/{$file}",
143
  AIOWPS_FIREWALL_DIR."/rule/actions/{$classname}.php",
144
  AIOWPS_FIREWALL_DIR."/rule/rules/{$rule}",
145
+ AIOWPS_FIREWALL_DIR."/rule/rules/6g/{$rule}",
146
+ AIOWPS_FIREWALL_DIR."/rule/rules/bruteforce/{$rule}",
147
+ AIOWPS_FIREWALL_DIR."/rule/rules/blacklist/{$rule}",
148
  AIOWPS_FIREWALL_DIR."/libs/{$file}",
149
  );
150
 
classes/wp-security-config.php CHANGED
@@ -8,22 +8,22 @@ class AIOWPSecurity_Config {
8
  public $configs;
9
 
10
  public static $_this;
11
-
12
  public function __construct() {
13
  }
14
 
15
  public function load_config() {
16
- $this->configs = get_option('aio_wp_security_configs');
17
  }
18
-
19
  public function get_value($key) {
20
  return isset($this->configs[$key]) ? $this->configs[$key] : '';
21
  }
22
-
23
  public function set_value($key, $value) {
24
  $this->configs[$key] = $value;
25
  }
26
-
27
  public function add_value($key, $value) {
28
  if (!is_array($this->configs)) {
29
  $this->configs = array();
@@ -45,13 +45,13 @@ class AIOWPSecurity_Config {
45
  return update_option('aio_wp_security_configs', $this->configs);
46
  }
47
 
48
- /**
49
- * Remove key element from config.
50
- *
51
- * @param String $key config key
52
- *
53
- * @return boolean True if removed, otherwise false.
54
- */
55
  public function delete_value($key) {
56
  if (!is_array($this->configs)) {
57
  $this->configs = array();
8
  public $configs;
9
 
10
  public static $_this;
11
+
12
  public function __construct() {
13
  }
14
 
15
  public function load_config() {
16
+ $this->configs = get_option('aio_wp_security_configs');
17
  }
18
+
19
  public function get_value($key) {
20
  return isset($this->configs[$key]) ? $this->configs[$key] : '';
21
  }
22
+
23
  public function set_value($key, $value) {
24
  $this->configs[$key] = $value;
25
  }
26
+
27
  public function add_value($key, $value) {
28
  if (!is_array($this->configs)) {
29
  $this->configs = array();
45
  return update_option('aio_wp_security_configs', $this->configs);
46
  }
47
 
48
+ /**
49
+ * Remove key element from config.
50
+ *
51
+ * @param String $key config key
52
+ *
53
+ * @return boolean True if removed, otherwise false.
54
+ */
55
  public function delete_value($key) {
56
  if (!is_array($this->configs)) {
57
  $this->configs = array();
classes/wp-security-configure-settings.php CHANGED
@@ -169,6 +169,8 @@ class AIOWPSecurity_Configure_Settings {
169
  //TODO - keep adding default options for any fields that require it
170
 
171
  self::turn_off_all_6g_firewall_configs();
 
 
172
 
173
  // Save it
174
  return $aio_wp_security->configs->save_config();
@@ -357,7 +359,7 @@ class AIOWPSecurity_Configure_Settings {
357
 
358
  update_option('aiowpsec_db_version', AIO_WP_SECURITY_DB_VERSION);
359
  }
360
-
361
  /**
362
  * Firewall configs set based on version.
363
  *
@@ -367,9 +369,32 @@ class AIOWPSecurity_Configure_Settings {
367
  if (version_compare(get_option('aiowpsec_firewall_version'), '1.0.1', '<')) {
368
  self::set_cookie_based_bruteforce_firewall_configs();
369
  }
 
 
 
370
  update_option('aiowpsec_firewall_version', AIO_WP_SECURITY_FIREWALL_VERSION);
371
  }
372
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
373
  /**
374
  * Cookie based bruteforce firewall configs set.
375
  *
@@ -397,7 +422,22 @@ class AIOWPSecurity_Configure_Settings {
397
  $aiowps_firewall_config->set_value('aios_brute_force_secret_cookie_name', AIOWPSecurity_Utility::get_brute_force_secret_cookie_name());
398
  $aiowps_firewall_config->set_value('aios_brute_force_cookie_salt', wp_salt());
399
  }
400
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
401
  /**
402
  * Turn off all security features.
403
  *
@@ -449,7 +489,6 @@ class AIOWPSecurity_Configure_Settings {
449
  $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter', '');//Checkbox
450
  $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall', '');//Checkbox
451
  $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall', '');//Checkbox
452
- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '');//Checkbox
453
  $aio_wp_security->configs->set_value('aiowps_enable_custom_rules', '');//Checkbox
454
  $aio_wp_security->configs->set_value('aiowps_place_custom_rules_at_top', '');//Checkbox
455
  $aio_wp_security->configs->set_value('aiowps_custom_rules', '');
@@ -468,6 +507,7 @@ class AIOWPSecurity_Configure_Settings {
468
  $aio_wp_security->configs->save_config();
469
 
470
  self::turn_off_all_6g_firewall_configs();
 
471
 
472
  // Refresh the .htaccess file based on the new settings
473
  $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
169
  //TODO - keep adding default options for any fields that require it
170
 
171
  self::turn_off_all_6g_firewall_configs();
172
+ self::set_cookie_based_bruteforce_firewall_configs();
173
+ self::set_user_agent_firewall_configs();
174
 
175
  // Save it
176
  return $aio_wp_security->configs->save_config();
359
 
360
  update_option('aiowpsec_db_version', AIO_WP_SECURITY_DB_VERSION);
361
  }
362
+
363
  /**
364
  * Firewall configs set based on version.
365
  *
369
  if (version_compare(get_option('aiowpsec_firewall_version'), '1.0.1', '<')) {
370
  self::set_cookie_based_bruteforce_firewall_configs();
371
  }
372
+ if (version_compare(get_option('aiowpsec_firewall_version'), '1.0.2', '<')) {
373
+ self::set_user_agent_firewall_configs();
374
+ }
375
  update_option('aiowpsec_firewall_version', AIO_WP_SECURITY_FIREWALL_VERSION);
376
  }
377
 
378
+ /**
379
+ * Reapply firewall configs.
380
+ *
381
+ * @return void.
382
+ */
383
+ public static function reapply_firewall_configs() {
384
+ self::set_cookie_based_bruteforce_firewall_configs();
385
+ self::set_user_agent_firewall_configs();
386
+ }
387
+
388
+ /**
389
+ * Turn off Cookie based bruteforce firewall configs.
390
+ *
391
+ * @return void.
392
+ */
393
+ public static function turn_off_cookie_based_bruteforce_firewall_configs() {
394
+ global $aiowps_firewall_config;
395
+ $aiowps_firewall_config->set_value('aios_enable_brute_force_attack_prevention', "0");
396
+ }
397
+
398
  /**
399
  * Cookie based bruteforce firewall configs set.
400
  *
422
  $aiowps_firewall_config->set_value('aios_brute_force_secret_cookie_name', AIOWPSecurity_Utility::get_brute_force_secret_cookie_name());
423
  $aiowps_firewall_config->set_value('aios_brute_force_cookie_salt', wp_salt());
424
  }
425
+
426
+ /**
427
+ * User agent firewall configs set.
428
+ *
429
+ * @return void.
430
+ */
431
+ public static function set_user_agent_firewall_configs() {
432
+ global $aio_wp_security;
433
+ global $aiowps_firewall_config;
434
+ if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_blacklisting') && !empty($aio_wp_security->configs->get_value('aiowps_banned_user_agents'))) {
435
+ $aiowps_firewall_config->set_value('aiowps_blacklist_user_agents', explode("\n", preg_replace("/\r/", "", trim($aio_wp_security->configs->get_value('aiowps_banned_user_agents')))));
436
+ } else {
437
+ $aiowps_firewall_config->set_value('aiowps_blacklist_user_agents', array());
438
+ }
439
+ }
440
+
441
  /**
442
  * Turn off all security features.
443
  *
489
  $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter', '');//Checkbox
490
  $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall', '');//Checkbox
491
  $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall', '');//Checkbox
 
492
  $aio_wp_security->configs->set_value('aiowps_enable_custom_rules', '');//Checkbox
493
  $aio_wp_security->configs->set_value('aiowps_place_custom_rules_at_top', '');//Checkbox
494
  $aio_wp_security->configs->set_value('aiowps_custom_rules', '');
507
  $aio_wp_security->configs->save_config();
508
 
509
  self::turn_off_all_6g_firewall_configs();
510
+ self::set_user_agent_firewall_configs();
511
 
512
  // Refresh the .htaccess file based on the new settings
513
  $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
classes/wp-security-deactivation-tasks.php CHANGED
@@ -14,18 +14,21 @@ class AIOWPSecurity_Deactivation_Tasks extends AIOWPSecurity_Base_Tasks {
14
  */
15
  protected static function run_for_a_site() {
16
  global $aio_wp_security;
17
- //Let's first save the current aio_wp_security_configs options in a temp option
18
- update_option('aiowps_temp_configs', $aio_wp_security->configs->configs);
19
 
20
- delete_option('aio_wp_security_configs');
 
 
21
 
22
  if (is_main_site()) {
23
  // Remove all firewall and other .htaccess rules and remove all settings from .htaccess file that were added by this plugin
24
  AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
 
25
 
26
- //Deactivates PHP-based firewall
27
  AIOWPSecurity_Utility_Firewall::remove_firewall();
28
  }
 
 
29
  }
30
 
31
  }
14
  */
15
  protected static function run_for_a_site() {
16
  global $aio_wp_security;
 
 
17
 
18
+ // Let's first save the current aio_wp_security_configs options in a temp option
19
+ $aio_wp_security->configs->load_config();
20
+ update_option('aiowps_temp_configs', $aio_wp_security->configs->configs);
21
 
22
  if (is_main_site()) {
23
  // Remove all firewall and other .htaccess rules and remove all settings from .htaccess file that were added by this plugin
24
  AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
25
+ AIOWPSecurity_Configure_Settings::turn_off_cookie_based_bruteforce_firewall_configs();
26
 
27
+ // Deactivates PHP-based firewall
28
  AIOWPSecurity_Utility_Firewall::remove_firewall();
29
  }
30
+
31
+ delete_option('aio_wp_security_configs');
32
  }
33
 
34
  }
classes/wp-security-general-init-tasks.php CHANGED
@@ -28,15 +28,17 @@ class AIOWPSecurity_General_Init_Tasks {
28
  add_filter('retrieve_password_message', array($this, 'decode_reset_pw_msg'), 10, 4); //Fix for non decoded html entities in password reset link
29
  }
30
 
31
- if (current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION) && is_admin()) {
32
  if ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
33
  add_action('all_admin_notices', array($this, 'google_recaptcha_notice'));
34
  }
35
 
36
- add_action('all_admin_notices', array($this, 'do_firewall_notice'));
37
- add_action('admin_post_aiowps_firewall_setup', array(AIOWPSecurity_Firewall_Setup_Notice::get_instance(), 'handle_setup_form'));
38
- add_action('admin_post_aiowps_firewall_downgrade', array(AIOWPSecurity_Firewall_Setup_Notice::get_instance(), 'handle_downgrade_protection_form'));
39
- add_action('admin_post_aiowps_firewall_setup_dismiss', array(AIOWPSecurity_Firewall_Setup_Notice::get_instance(), 'handle_dismiss_form'));
 
 
40
 
41
  $this->reapply_htaccess_rules();
42
  add_action('admin_notices', array($this,'reapply_htaccess_rules_notice'));
@@ -170,7 +172,7 @@ class AIOWPSecurity_General_Init_Tasks {
170
  add_action('login_form', array($this, 'insert_honeypot_hidden_field'));
171
  }
172
  }
173
-
174
  // For registration honeypot feature
175
  if ($aio_wp_security->configs->get_value('aiowps_enable_registration_honeypot') == '1') {
176
  if (!is_user_logged_in()) {
@@ -459,7 +461,7 @@ class AIOWPSecurity_General_Init_Tasks {
459
  $disabled_message .= '<tr id="disable-password">';
460
  $disabled_message .= '<th>'.__('Disabled').'</th>';
461
  $disabled_message .= '<td>'.htmlspecialchars(__('Application passwords have been disabled by All In One WP Security & Firewall plugin.', 'all-in-one-wp-security-and-firewall'));
462
- if (current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) {
463
  $aiowps_addtional_setting_url = 'admin.php?page=aiowpsec_userlogin&tab=additional';
464
  $change_setting_url = is_multisite() ? network_admin_url($aiowps_addtional_setting_url) : admin_url($aiowps_addtional_setting_url);
465
  $disabled_message .= '<p><a href="'.$change_setting_url.'" class="button">'.__('Change setting', 'all-in-one-wp-security-and-firewall').'</a></p>';
@@ -625,14 +627,20 @@ class AIOWPSecurity_General_Init_Tasks {
625
  }
626
 
627
  /**
628
- * Displays a notice message if the plugin was reactivated after being initially deactivated.
629
- * Gives users option of re-applying the AIOS rules which were deleted from the .htaccess after deactivation.
 
630
  */
631
  public function reapply_htaccess_rules_notice() {
632
- if (get_option('aiowps_temp_configs') !== false) {
633
  $reapply_htaccess_yes_url = wp_nonce_url('admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1', 'aiowps-reapply-htaccess-yes');
634
  $reapply_htaccess_no_url = wp_nonce_url('admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2', 'aiowps-reapply-htaccess-no');
635
- echo '<div class="updated"><p>'.htmlspecialchars(__('Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?', 'all-in-one-wp-security-and-firewall')).'&nbsp;&nbsp;<a href="'.esc_url($reapply_htaccess_yes_url).'" class="button-primary">'.__('Yes', 'all-in-one-wp-security-and-firewall').'</a>&nbsp;&nbsp;<a href="'.esc_url($reapply_htaccess_no_url).'" class="button-primary">'.__('No', 'all-in-one-wp-security-and-firewall').'</a></p></div>';
 
 
 
 
 
636
  }
637
  }
638
 
28
  add_filter('retrieve_password_message', array($this, 'decode_reset_pw_msg'), 10, 4); //Fix for non decoded html entities in password reset link
29
  }
30
 
31
+ if (current_user_can(apply_filters('aios_management_permission', 'manage_options')) && is_admin()) {
32
  if ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
33
  add_action('all_admin_notices', array($this, 'google_recaptcha_notice'));
34
  }
35
 
36
+ if (is_main_site() && is_super_admin()) {
37
+ add_action('all_admin_notices', array($this, 'do_firewall_notice'));
38
+ add_action('admin_post_aiowps_firewall_setup', array(AIOWPSecurity_Firewall_Setup_Notice::get_instance(), 'handle_setup_form'));
39
+ add_action('admin_post_aiowps_firewall_downgrade', array(AIOWPSecurity_Firewall_Setup_Notice::get_instance(), 'handle_downgrade_protection_form'));
40
+ add_action('admin_post_aiowps_firewall_setup_dismiss', array(AIOWPSecurity_Firewall_Setup_Notice::get_instance(), 'handle_dismiss_form'));
41
+ }
42
 
43
  $this->reapply_htaccess_rules();
44
  add_action('admin_notices', array($this,'reapply_htaccess_rules_notice'));
172
  add_action('login_form', array($this, 'insert_honeypot_hidden_field'));
173
  }
174
  }
175
+
176
  // For registration honeypot feature
177
  if ($aio_wp_security->configs->get_value('aiowps_enable_registration_honeypot') == '1') {
178
  if (!is_user_logged_in()) {
461
  $disabled_message .= '<tr id="disable-password">';
462
  $disabled_message .= '<th>'.__('Disabled').'</th>';
463
  $disabled_message .= '<td>'.htmlspecialchars(__('Application passwords have been disabled by All In One WP Security & Firewall plugin.', 'all-in-one-wp-security-and-firewall'));
464
+ if (current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
465
  $aiowps_addtional_setting_url = 'admin.php?page=aiowpsec_userlogin&tab=additional';
466
  $change_setting_url = is_multisite() ? network_admin_url($aiowps_addtional_setting_url) : admin_url($aiowps_addtional_setting_url);
467
  $disabled_message .= '<p><a href="'.$change_setting_url.'" class="button">'.__('Change setting', 'all-in-one-wp-security-and-firewall').'</a></p>';
627
  }
628
 
629
  /**
630
+ * Displays a notice message if the plugin is reactivated which gives users the option of re-applying the AIOS rules which were deleted from the .htaccess file at the last deactivation.
631
+ *
632
+ * @return Void
633
  */
634
  public function reapply_htaccess_rules_notice() {
635
+ if (false !== get_option('aiowps_temp_configs')) {
636
  $reapply_htaccess_yes_url = wp_nonce_url('admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1', 'aiowps-reapply-htaccess-yes');
637
  $reapply_htaccess_no_url = wp_nonce_url('admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2', 'aiowps-reapply-htaccess-no');
638
+
639
+ if (is_main_site() && is_super_admin()) {
640
+ echo '<div class="updated"><p>'.htmlspecialchars(__('Would you like All In One WP Security & Firewall to restore the config settings and re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?', 'all-in-one-wp-security-and-firewall')).'&nbsp;&nbsp;<a href="'.esc_url($reapply_htaccess_yes_url).'" class="button-primary">'.__('Yes', 'all-in-one-wp-security-and-firewall').'</a>&nbsp;&nbsp;<a href="'.esc_url($reapply_htaccess_no_url).'" class="button-primary">'.__('No', 'all-in-one-wp-security-and-firewall').'</a></p></div>';
641
+ } elseif (!is_main_site()) {
642
+ echo '<div class="updated"><p>'.htmlspecialchars(__('Would you like All In One WP Security & Firewall to restore the config settings which were cleared when you deactivated the plugin?', 'all-in-one-wp-security-and-firewall')).'&nbsp;&nbsp;<a href="'.esc_url($reapply_htaccess_yes_url).'" class="button-primary">'.__('Yes', 'all-in-one-wp-security-and-firewall').'</a>&nbsp;&nbsp;<a href="'.esc_url($reapply_htaccess_no_url).'" class="button-primary">'.__('No', 'all-in-one-wp-security-and-firewall').'</a></p></div>';
643
+ }
644
  }
645
  }
646
 
classes/wp-security-installer.php CHANGED
@@ -201,32 +201,55 @@ class AIOWPSecurity_Installer {
201
  }
202
  }
203
 
 
 
 
 
 
 
 
204
  public static function reactivation_tasks() {
205
  global $aio_wp_security;
206
- $temp_cfgs = get_option('aiowps_temp_configs');
207
- if (false !== $temp_cfgs) {
208
- //Case where previously installed plugin was reactivated
209
- //Let's copy the original configs back to the options table
210
- $updated = update_option('aio_wp_security_configs', $temp_cfgs);
 
 
 
211
  if (!$updated) {
212
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Installer::reactivation_tasks() - Update of option settings failed upon plugin activation!", 4);
213
- }
214
- $aio_wp_security->configs->configs = $temp_cfgs; //copy the original configs to memory
215
- //Now let's write any rules to the .htaccess file if necessary
216
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
217
 
218
- if (!$res) {
219
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Installer::reactivation_tasks() - Could not write to the .htaccess file. Please check the file permissions.", 4);
220
  return false;
221
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
222
  delete_option('aiowps_temp_configs');
 
223
  return true;
224
  } else {
225
- $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Deactivation::run_deactivation_tasks() - Original config settings not found!", 4);
226
  return false;
227
  }
228
  }
229
-
230
  /**
231
  * Setup AIOS cron tasks.
232
  * Handles both single and multi-site (NW activation) cases.
201
  }
202
  }
203
 
204
+ /**
205
+ * Restores original config settings and .htaccess file rules from before the last deactivation.
206
+ *
207
+ * @global AIO_WP_Security $aio_wp_security
208
+ *
209
+ * @return Boolean - whether or not the restoration succeeded
210
+ */
211
  public static function reactivation_tasks() {
212
  global $aio_wp_security;
213
+
214
+ $temp_configs = get_option('aiowps_temp_configs');
215
+
216
+ if (false !== $temp_configs) {
217
+ // Case where previously installed plugin is reactivated
218
+ // Let's copy the original configs back to the options table
219
+ $updated = update_option('aio_wp_security_configs', $temp_configs);
220
+
221
  if (!$updated) {
222
+ if (get_option('aio_wp_security_configs') === $temp_configs) {
223
+ delete_option('aiowps_temp_configs');
224
+ }
 
 
225
 
226
+ $aio_wp_security->debug_logger->log_debug('AIOWPSecurity_Installer::reactivation_tasks() - Restoration of original config settings failed or nothing changed.', 4);
 
227
  return false;
228
  }
229
+
230
+ // Load the restored config settings to the configs object
231
+ $aio_wp_security->configs->load_config();
232
+
233
+ if (is_main_site() && is_super_admin()) {
234
+ // Now let's write any rules to the .htaccess file if necessary
235
+ $result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
236
+ AIOWPSecurity_Configure_Settings::reapply_firewall_configs();
237
+
238
+ if (!$result) {
239
+ $aio_wp_security->debug_logger->log_debug('AIOWPSecurity_Installer::reactivation_tasks() - Could not write to the .htaccess file. Please check the file permissions.', 4);
240
+ return false;
241
+ }
242
+ }
243
+
244
  delete_option('aiowps_temp_configs');
245
+
246
  return true;
247
  } else {
248
+ $aio_wp_security->debug_logger->log_debug('AIOWPSecurity_Installer::reactivation_tasks() - Original config settings not found.', 4);
249
  return false;
250
  }
251
  }
252
+
253
  /**
254
  * Setup AIOS cron tasks.
255
  * Handles both single and multi-site (NW activation) cases.
classes/wp-security-two-factor-login.php CHANGED
@@ -90,9 +90,9 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
90
 
91
  global $current_user;
92
  if ($this->is_activated_for_user($current_user->ID)) {
93
- if (!current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) {
94
  $menu_icon_url = AIO_WP_SECURITY_URL . '/images/plugin-icon.png';
95
- add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_MAIN_MENU_SLUG, '', $menu_icon_url);
96
  }
97
  add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Two Factor Auth', 'all-in-one-wp-security-and-firewall'), __('Two Factor Auth', 'all-in-one-wp-security-and-firewall'), 'read', AIOWPSEC_TWO_FACTOR_AUTH_MENU_SLUG, array($this, 'show_dashboard_user_settings_page'));
98
  }
@@ -105,7 +105,7 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
105
  * @return array Returns all tabs with callback function name
106
  */
107
  public function add_two_factor_setting_tab($tabs = array()) {
108
- if (!current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) return;
109
 
110
  $tabs['two-factor-authentication'] = array(
111
  'title' => __('Two factor authentication', 'all-in-one-wp-security-and-firewall-premium'),
@@ -136,7 +136,7 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
136
  */
137
  public function show_admin_settings_page() {
138
 
139
- if (!is_admin() || !current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) return;
140
 
141
  // The value for totp_controller is already set by versions of the TFA plugin after 3 Oct 2022
142
  $this->include_template('admin-settings.php', array(
90
 
91
  global $current_user;
92
  if ($this->is_activated_for_user($current_user->ID)) {
93
+ if (!current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
94
  $menu_icon_url = AIO_WP_SECURITY_URL . '/images/plugin-icon.png';
95
+ add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG, '', $menu_icon_url);
96
  }
97
  add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Two Factor Auth', 'all-in-one-wp-security-and-firewall'), __('Two Factor Auth', 'all-in-one-wp-security-and-firewall'), 'read', AIOWPSEC_TWO_FACTOR_AUTH_MENU_SLUG, array($this, 'show_dashboard_user_settings_page'));
98
  }
105
  * @return array Returns all tabs with callback function name
106
  */
107
  public function add_two_factor_setting_tab($tabs = array()) {
108
+ if (!current_user_can(apply_filters('aios_management_permission', 'manage_options'))) return;
109
 
110
  $tabs['two-factor-authentication'] = array(
111
  'title' => __('Two factor authentication', 'all-in-one-wp-security-and-firewall-premium'),
136
  */
137
  public function show_admin_settings_page() {
138
 
139
+ if (!is_admin() || !current_user_can(apply_filters('aios_management_permission', 'manage_options'))) return;
140
 
141
  // The value for totp_controller is already set by versions of the TFA plugin after 3 Oct 2022
142
  $this->include_template('admin-settings.php', array(
classes/wp-security-uninstallation-tasks.php CHANGED
@@ -61,18 +61,13 @@ class AIOWPSecurity_Uninstallation_Tasks extends AIOWPSecurity_Base_Tasks {
61
 
62
  // check and delete configurations
63
  if ('1' == $aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_configs')) {
64
-
65
  delete_option('aio_wp_security_configs');
66
  delete_option('aiowps_temp_configs');
67
  delete_option('aiowpsec_db_version');
68
-
69
- if (is_main_site()) {
70
- // Remove all settings from .htaccess file that were added by this plugin
71
- AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
72
- }
73
  }
74
  }
75
-
76
  /**
77
  * Helper function which clears aiowps cron events
78
  */
61
 
62
  // check and delete configurations
63
  if ('1' == $aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_configs')) {
 
64
  delete_option('aio_wp_security_configs');
65
  delete_option('aiowps_temp_configs');
66
  delete_option('aiowpsec_db_version');
67
+ delete_option('aiowpsec_firewall_version');
 
 
 
 
68
  }
69
  }
70
+
71
  /**
72
  * Helper function which clears aiowps cron events
73
  */
classes/wp-security-user-login.php CHANGED
@@ -25,7 +25,7 @@ class AIOWPSecurity_User_Login {
25
  add_filter('login_message', array($this, 'aiowps_login_message')); //WP filter to add or modify messages on the login page
26
 
27
  // Display disable lockdown message
28
- if (is_admin() && current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION) && $aio_wp_security->is_login_lockdown_by_const() && $this->is_admin_page_to_display_disable_login_lockdown_by_const_notice()) {
29
  add_action('all_admin_notices', array($this, 'disable_login_lockdown_by_const_notice'));
30
  }
31
  }
25
  add_filter('login_message', array($this, 'aiowps_login_message')); //WP filter to add or modify messages on the login page
26
 
27
  // Display disable lockdown message
28
+ if (is_admin() && current_user_can(apply_filters('aios_management_permission', 'manage_options')) && $aio_wp_security->is_login_lockdown_by_const() && $this->is_admin_page_to_display_disable_login_lockdown_by_const_notice()) {
29
  add_action('all_admin_notices', array($this, 'disable_login_lockdown_by_const_notice'));
30
  }
31
  }
classes/wp-security-utility-firewall.php CHANGED
@@ -178,7 +178,7 @@ class AIOWPSecurity_Utility_Firewall {
178
  */
179
  public static function remove_firewall() {
180
  global $aio_wp_security;
181
-
182
  $firewall_files = array(
183
  'server' => AIOWPSecurity_Utility_Firewall::get_server_file(),
184
  'bootstrap' => AIOWPSecurity_Utility_Firewall::get_bootstrap_file(),
@@ -196,15 +196,12 @@ class AIOWPSecurity_Utility_Firewall {
196
  $removed = $file->remove_contents();
197
 
198
  if (is_wp_error($removed)) {
199
- global $aio_wp_security;
200
-
201
  $error_message = $removed->get_error_message();
202
  $error_message .= ' - ';
203
  $error_message .= $removed->get_error_data();
204
  $aio_wp_security->debug_logger->log_debug($error_message, 4);
205
  }
206
  }
207
-
208
  }
209
 
210
  //Delete our mu-plugin, if it's created
@@ -216,6 +213,6 @@ class AIOWPSecurity_Utility_Firewall {
216
 
217
  $aio_wp_security->configs->set_value('aios_firewall_dismiss', false);
218
  $aio_wp_security->configs->save_config();
219
-
220
  }
 
221
  }
178
  */
179
  public static function remove_firewall() {
180
  global $aio_wp_security;
181
+
182
  $firewall_files = array(
183
  'server' => AIOWPSecurity_Utility_Firewall::get_server_file(),
184
  'bootstrap' => AIOWPSecurity_Utility_Firewall::get_bootstrap_file(),
196
  $removed = $file->remove_contents();
197
 
198
  if (is_wp_error($removed)) {
 
 
199
  $error_message = $removed->get_error_message();
200
  $error_message .= ' - ';
201
  $error_message .= $removed->get_error_data();
202
  $aio_wp_security->debug_logger->log_debug($error_message, 4);
203
  }
204
  }
 
205
  }
206
 
207
  //Delete our mu-plugin, if it's created
213
 
214
  $aio_wp_security->configs->set_value('aios_firewall_dismiss', false);
215
  $aio_wp_security->configs->save_config();
 
216
  }
217
+
218
  }
classes/wp-security-utility-htaccess.php CHANGED
@@ -309,47 +309,6 @@ class AIOWPSecurity_Utility_Htaccess {
309
 
310
  $rules .= AIOWPSecurity_Utility_Htaccess::$ip_blacklist_marker_end . PHP_EOL; //Add feature marker end
311
  }
312
-
313
- //Now let's do the user agent list
314
- $user_agents = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_user_agents'));
315
- if (!empty($user_agents) && !(sizeof($user_agents) == 1 && trim($user_agents[0]) == '')) {
316
- if ($apache_or_litespeed) {
317
- $rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_start . PHP_EOL; //Add feature marker start
318
- //Start mod_rewrite rules
319
- $rules .= "<IfModule mod_rewrite.c>" . PHP_EOL . "RewriteEngine On" . PHP_EOL . PHP_EOL;
320
- $count = 1;
321
- foreach ($user_agents as $agent) {
322
- $agent_escaped = quotemeta($agent);
323
- $pattern = '/\s/'; //Find spaces in the string
324
- $replacement = '\s'; //Replace spaces with \s so apache can understand
325
- $agent_sanitized = preg_replace($pattern, $replacement, $agent_escaped);
326
-
327
- $rules .= "RewriteCond %{HTTP_USER_AGENT} ^" . trim($agent_sanitized);
328
- if ($count < sizeof($user_agents)) {
329
- $rules .= " [NC,OR]" . PHP_EOL;
330
- $count++;
331
- } else {
332
- $rules .= " [NC]" . PHP_EOL;
333
- }
334
-
335
- }
336
- $rules .= "RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
337
- // End mod_rewrite rules
338
- $rules .= "</IfModule>" . PHP_EOL;
339
- $rules .= AIOWPSecurity_Utility_Htaccess::$user_agent_blacklist_marker_end . PHP_EOL; //Add feature marker end
340
- } else {
341
- $count = 1;
342
- $alist = '';
343
- foreach ($user_agents as $agent) {
344
- $alist .= trim($agent);
345
- if ($count < sizeof($user_agents)) {
346
- $alist .= '|';
347
- $count++;
348
- }
349
- }
350
- $rules .= "\tif (\$http_user_agent ~* " . $alist . ") { return 403; }" . PHP_EOL;
351
- }
352
- }
353
  }
354
 
355
  return implode(PHP_EOL, array_diff(explode(PHP_EOL, $rules), array('Deny from ', 'Deny from')));
309
 
310
  $rules .= AIOWPSecurity_Utility_Htaccess::$ip_blacklist_marker_end . PHP_EOL; //Add feature marker end
311
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
312
  }
313
 
314
  return implode(PHP_EOL, array_diff(explode(PHP_EOL, $rules), array('Deny from ', 'Deny from')));
classes/wp-security-utility.php CHANGED
@@ -26,7 +26,7 @@ class AIOWPSecurity_Utility {
26
  */
27
  public static function has_manage_cap() {
28
  // This filter will useful when the administrator would like to give permission to access AIOWPS to Security Analyst.
29
- $cap = apply_filters('aiowps_management_capability', AIOWPSEC_MANAGEMENT_PERMISSION);
30
  return current_user_can($cap);
31
  }
32
 
@@ -47,6 +47,8 @@ class AIOWPSecurity_Utility {
47
  * @return string
48
  */
49
  public static function get_current_page_url() {
 
 
50
  $pageURL = 'http';
51
  if (isset($_SERVER["HTTPS"]) && "on" == $_SERVER["HTTPS"]) {
52
  $pageURL .= "s";
26
  */
27
  public static function has_manage_cap() {
28
  // This filter will useful when the administrator would like to give permission to access AIOWPS to Security Analyst.
29
+ $cap = apply_filters('aiowps_management_capability', apply_filters('aios_management_permission', 'manage_options'));
30
  return current_user_can($cap);
31
  }
32
 
47
  * @return string
48
  */
49
  public static function get_current_page_url() {
50
+ if (defined('WP_CLI') && WP_CLI) return '';
51
+
52
  $pageURL = 'http';
53
  if (isset($_SERVER["HTTPS"]) && "on" == $_SERVER["HTTPS"]) {
54
  $pageURL .= "s";
classes/wp-security-wp-footer-content.php CHANGED
@@ -29,7 +29,7 @@ class AIOWPSecurity_WP_Footer_Content {
29
 
30
  // Activate the copy protection feature for non-admin users
31
  $copy_protection_active = $aio_wp_security->configs->get_value('aiowps_copy_protection') == '1';
32
- if ($copy_protection_active && !current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) {
33
  $this->output_copy_protection_code();
34
  }
35
 
@@ -75,35 +75,26 @@ class AIOWPSecurity_WP_Footer_Content {
75
  public function output_copy_protection_code() {
76
  ?>
77
  <meta http-equiv="imagetoolbar" content="no"><!-- disable image toolbar (if any) -->
 
 
 
 
 
 
 
 
 
78
  <script type="text/javascript">
79
  /*<![CDATA[*/
80
- document.oncontextmenu = function() {
81
- return false;
82
- };
83
- document.onselectstart = function() {
84
- if (event.srcElement.type != "text" && event.srcElement.type != "textarea" && event.srcElement.type != "password") {
85
- return false;
86
- }
87
- else {
88
- return true;
89
  }
90
  };
91
- if (window.sidebar) {
92
- document.onmousedown = function(e) {
93
- var obj = e.target;
94
- if (obj.tagName.toUpperCase() == 'SELECT'
95
- || obj.tagName.toUpperCase() == "INPUT"
96
- || obj.tagName.toUpperCase() == "TEXTAREA"
97
- || obj.tagName.toUpperCase() == "PASSWORD") {
98
- return true;
99
- }
100
- else {
101
- return false;
102
- }
103
- };
104
- }
105
  document.ondragstart = function() {
106
- return false;
 
 
107
  };
108
  /*]]>*/
109
  </script>
@@ -122,7 +113,7 @@ class AIOWPSecurity_WP_Footer_Content {
122
  if(cust_login !== null) {
123
  var recaptcha_script = document.createElement('script');
124
  recaptcha_script.setAttribute('src','https://www.google.com/recaptcha/api.js?hl=<?php echo AIOWPSecurity_Captcha::get_google_recaptcha_compatible_site_locale(); ?>&ver=<?php echo AIO_WP_SECURITY_VERSION; ?>');
125
- document.head.appendChild(recaptcha_script);
126
  }
127
  </script>
128
  <?php
29
 
30
  // Activate the copy protection feature for non-admin users
31
  $copy_protection_active = $aio_wp_security->configs->get_value('aiowps_copy_protection') == '1';
32
+ if ($copy_protection_active && !current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
33
  $this->output_copy_protection_code();
34
  }
35
 
75
  public function output_copy_protection_code() {
76
  ?>
77
  <meta http-equiv="imagetoolbar" content="no"><!-- disable image toolbar (if any) -->
78
+ <style>
79
+ :root {
80
+ -webkit-user-select: none;
81
+ -webkit-touch-callout: none;
82
+ -ms-user-select: none;
83
+ -moz-user-select: none;
84
+ user-select: none;
85
+ }
86
+ </style>
87
  <script type="text/javascript">
88
  /*<![CDATA[*/
89
+ document.oncontextmenu = function(event) {
90
+ if (event.target.tagName != 'INPUT' && event.target.tagName != 'TEXTAREA') {
91
+ event.preventDefault();
 
 
 
 
 
 
92
  }
93
  };
 
 
 
 
 
 
 
 
 
 
 
 
 
 
94
  document.ondragstart = function() {
95
+ if (event.target.tagName != 'INPUT' && event.target.tagName != 'TEXTAREA') {
96
+ event.preventDefault();
97
+ }
98
  };
99
  /*]]>*/
100
  </script>
113
  if(cust_login !== null) {
114
  var recaptcha_script = document.createElement('script');
115
  recaptcha_script.setAttribute('src','https://www.google.com/recaptcha/api.js?hl=<?php echo AIOWPSecurity_Captcha::get_google_recaptcha_compatible_site_locale(); ?>&ver=<?php echo AIO_WP_SECURITY_VERSION; ?>');
116
+ document.head.appendChild(recaptcha_script);
117
  }
118
  </script>
119
  <?php
includes/simba-tfa/simba-tfa.php CHANGED
@@ -309,11 +309,12 @@ class Simba_Two_Factor_Authentication_1 {
309
  * Enqueue CSS styling on the users page
310
  */
311
  public function load_users_css() {
 
312
  wp_enqueue_style(
313
  'tfa-users-css',
314
  $this->includes_url().'/users.css',
315
  array(),
316
- $this->version,
317
  'screen'
318
  );
319
  }
309
  * Enqueue CSS styling on the users page
310
  */
311
  public function load_users_css() {
312
+ $css_version = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime($this->includes_dir().'/users.css');
313
  wp_enqueue_style(
314
  'tfa-users-css',
315
  $this->includes_url().'/users.css',
316
  array(),
317
+ $css_version,
318
  'screen'
319
  );
320
  }
js/wp-security-admin-script.js CHANGED
@@ -261,8 +261,9 @@ jQuery(function($) {
261
  });
262
  }
263
 
264
- // Hide 2FA premium advertisement
265
- if (jQuery('.tfa-premium').length) {
 
266
  jQuery('.tfa-premium').hide();
267
  }
268
 
@@ -272,4 +273,29 @@ jQuery(function($) {
272
  jQuery('input[name=aiowps_trash_spam_comments_after_days]').prop('disabled', !jQuery(this).prop('checked'));
273
  });
274
  // End of trash spam comments toggle handling
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
275
  });
261
  });
262
  }
263
 
264
+ // Hide 2FA premium section (advertisements) for free.
265
+ if (jQuery('.tfa-premium').length && 0 == jQuery('#tfa_trusted_for').length) {
266
+ jQuery('.tfa-premium').parent().find('hr').first().hide();
267
  jQuery('.tfa-premium').hide();
268
  }
269
 
273
  jQuery('input[name=aiowps_trash_spam_comments_after_days]').prop('disabled', !jQuery(this).prop('checked'));
274
  });
275
  // End of trash spam comments toggle handling
276
+
277
+ // Copies text using the deprecated document.execCommand method
278
+ function deprecated_copy(text) {
279
+ var $temp = $('<input>');
280
+ $('body').append($temp);
281
+ $temp.val(event.target.value).select();
282
+ if (document.execCommand('copy')) {
283
+ alert(aios_trans.copied);
284
+ }
285
+ $temp.remove()
286
+ }
287
+
288
+ // Start of copy-to-clipboard click handling
289
+ jQuery('.copy-to-clipboard').on('click', function(event) {
290
+ if (navigator.clipboard) {
291
+ navigator.clipboard.writeText(event.target.value).then(function() {
292
+ alert(aios_trans.copied);
293
+ }, function() {
294
+ deprecated_copy(event.target.value);
295
+ });
296
+ } else {
297
+ deprecated_copy(event.target.value);
298
+ }
299
+ });
300
+ // End of copy-to-clipboard click handling
301
  });
languages/all-in-one-wp-security-and-firewall.pot CHANGED
@@ -24,75 +24,79 @@ msgstr ""
24
  msgid "Unexpected response:"
25
  msgstr ""
26
 
27
- #: src/admin/wp-security-admin-init.php:290
 
 
 
 
28
  msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
29
  msgstr ""
30
 
31
- #: src/admin/wp-security-admin-init.php:414, src/admin/wp-security-admin-init.php:414, src/classes/wp-security-two-factor-login.php:95, src/classes/wp-security-two-factor-login.php:95
32
  msgid "WP Security"
33
  msgstr ""
34
 
35
- #: src/admin/wp-security-admin-init.php:415, src/admin/wp-security-admin-init.php:415, src/admin/wp-security-dashboard-menu.php:26, src/admin/wp-security-dashboard-menu.php:76
36
  msgid "Dashboard"
37
  msgstr ""
38
 
39
- #: src/admin/wp-security-admin-init.php:416, src/admin/wp-security-admin-init.php:416, src/admin/wp-security-settings-menu.php:95
40
  msgid "Settings"
41
  msgstr ""
42
 
43
- #: src/admin/wp-security-admin-init.php:417, src/admin/wp-security-admin-init.php:417
44
  msgid "User Accounts"
45
  msgstr ""
46
 
47
- #: src/admin/wp-security-admin-init.php:418, src/admin/wp-security-admin-init.php:418
48
  msgid "User Login"
49
  msgstr ""
50
 
51
- #: src/admin/wp-security-admin-init.php:419, src/admin/wp-security-admin-init.php:419
52
  msgid "User Registration"
53
  msgstr ""
54
 
55
- #: src/admin/wp-security-admin-init.php:420, src/admin/wp-security-admin-init.php:420
56
  msgid "Database Security"
57
  msgstr ""
58
 
59
- #: src/admin/wp-security-admin-init.php:424, src/admin/wp-security-admin-init.php:424
60
  msgid "Filesystem Security"
61
  msgstr ""
62
 
63
- #: src/admin/wp-security-admin-init.php:429, src/admin/wp-security-admin-init.php:429
64
  msgid "Blacklist Manager"
65
  msgstr ""
66
 
67
- #: src/admin/wp-security-admin-init.php:434, src/admin/wp-security-admin-init.php:434, src/admin/wp-security-firewall-menu.php:62, src/admin/wp-security-firewall-menu.php:1318
68
  msgid "Firewall"
69
  msgstr ""
70
 
71
- #: src/admin/wp-security-admin-init.php:436, src/admin/wp-security-admin-init.php:436
72
  msgid "Brute Force"
73
  msgstr ""
74
 
75
- #: src/admin/wp-security-admin-init.php:437, src/admin/wp-security-admin-init.php:437
76
  msgid "Spam Prevention"
77
  msgstr ""
78
 
79
- #: src/admin/wp-security-admin-init.php:441, src/admin/wp-security-admin-init.php:441, src/admin/wp-security-filescan-menu.php:82
80
  msgid "Scanner"
81
  msgstr ""
82
 
83
- #: src/admin/wp-security-admin-init.php:443, src/admin/wp-security-admin-init.php:443, src/admin/wp-security-maintenance-menu.php:51
84
  msgid "Maintenance"
85
  msgstr ""
86
 
87
- #: src/admin/wp-security-admin-init.php:444, src/admin/wp-security-admin-init.php:444, src/admin/wp-security-misc-options-menu.php:57
88
  msgid "Miscellaneous"
89
  msgstr ""
90
 
91
- #: src/admin/wp-security-admin-init.php:445, src/admin/wp-security-admin-init.php:445, src/admin/wp-security-tools-menu.php:64
92
  msgid "Tools"
93
  msgstr ""
94
 
95
- #: src/admin/wp-security-admin-init.php:457
96
  msgid "Premium Upgrade"
97
  msgstr ""
98
 
@@ -108,111 +112,103 @@ msgstr ""
108
  msgid "Failed to delete the selected record(s)."
109
  msgstr ""
110
 
111
- #: src/admin/wp-security-blacklist-menu.php:25
112
  msgid "Ban users"
113
  msgstr ""
114
 
115
- #: src/admin/wp-security-blacklist-menu.php:51
116
  msgid "Blacklist manager"
117
  msgstr ""
118
 
119
- #: src/admin/wp-security-blacklist-menu.php:132, src/admin/wp-security-firewall-menu.php:1235, src/admin/wp-security-list-404.php:237, src/admin/wp-security-list-comment-spammer-ip.php:183
120
- msgid "The plugin was unable to write to the .htaccess file. Please edit file manually."
121
- msgstr ""
122
-
123
- #: src/admin/wp-security-blacklist-menu.php:139
124
  msgid "Ban IPs or user agents"
125
  msgstr ""
126
 
127
- #: src/admin/wp-security-blacklist-menu.php:142
128
  msgid "The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents."
129
  msgstr ""
130
 
131
- #: src/admin/wp-security-blacklist-menu.php:143
132
  msgid "This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below."
133
  msgstr ""
134
 
135
- #: src/admin/wp-security-blacklist-menu.php:144
136
- msgid "The plugin achieves this by making appropriate modifications to your .htaccess file."
137
- msgstr ""
138
-
139
- #: src/admin/wp-security-blacklist-menu.php:145
140
- msgid "By blocking people, you are using the most secure first line of defence, which denies all access to blacklisted visitors as soon as they hit your hosting server."
141
  msgstr ""
142
 
143
- #: src/admin/wp-security-blacklist-menu.php:154, src/admin/wp-security-firewall-menu.php:1057, src/templates/may-also-like.php:20
144
  msgid "All In One WP Security & Firewall Premium"
145
  msgstr ""
146
 
147
- #: src/admin/wp-security-blacklist-menu.php:155, src/admin/wp-security-firewall-menu.php:1058
148
  msgid "You may also be interested in %s."
149
  msgstr ""
150
 
151
- #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1059
152
  msgid "This plugin adds a number of extra features including %s and %s."
153
  msgstr ""
154
 
155
- #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1059
156
  msgid "smart 404 blocking"
157
  msgstr ""
158
 
159
- #: src/admin/wp-security-blacklist-menu.php:156, src/admin/wp-security-firewall-menu.php:1059
160
  msgid "country IP blocking"
161
  msgstr ""
162
 
163
- #: src/admin/wp-security-blacklist-menu.php:170
164
  msgid "IP hosts and user agent blacklist settings"
165
  msgstr ""
166
 
167
- #: src/admin/wp-security-blacklist-menu.php:182, src/admin/wp-security-brute-force-menu.php:215, src/admin/wp-security-brute-force-menu.php:359
168
  msgid "must read this message"
169
  msgstr ""
170
 
171
- #: src/admin/wp-security-blacklist-menu.php:183, src/admin/wp-security-brute-force-menu.php:216
172
  msgid "This feature can lock you out of admin if it doesn't work correctly on your site. You %s before activating this feature."
173
  msgstr ""
174
 
175
- #: src/admin/wp-security-blacklist-menu.php:189
176
  msgid "Enable IP or user agent blacklisting"
177
  msgstr ""
178
 
179
- #: src/admin/wp-security-blacklist-menu.php:192
180
  msgid "Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below"
181
  msgstr ""
182
 
183
- #: src/admin/wp-security-blacklist-menu.php:196
184
  msgid "Enter IP addresses:"
185
  msgstr ""
186
 
187
- #: src/admin/wp-security-blacklist-menu.php:200
188
  msgid "Enter one or more IP addresses or IP ranges."
189
  msgstr ""
190
 
191
- #: src/admin/wp-security-blacklist-menu.php:205
192
  msgid "Enter user agents:"
193
  msgstr ""
194
 
195
- #: src/admin/wp-security-blacklist-menu.php:210
196
  msgid "Enter one or more user agent strings."
197
  msgstr ""
198
 
199
- #: src/admin/wp-security-blacklist-menu.php:211, src/admin/wp-security-brute-force-menu.php:402, src/admin/wp-security-brute-force-menu.php:436, src/admin/wp-security-brute-force-menu.php:459, src/admin/wp-security-brute-force-menu.php:480, src/admin/wp-security-filescan-menu.php:306, src/admin/wp-security-filescan-menu.php:323, src/admin/wp-security-firewall-menu.php:177, src/admin/wp-security-firewall-menu.php:214, src/admin/wp-security-firewall-menu.php:234, src/admin/wp-security-firewall-menu.php:260, src/admin/wp-security-firewall-menu.php:387, src/admin/wp-security-firewall-menu.php:417, src/admin/wp-security-firewall-menu.php:448, src/admin/wp-security-firewall-menu.php:476, src/admin/wp-security-firewall-menu.php:505, src/admin/wp-security-firewall-menu.php:683, src/admin/wp-security-firewall-menu.php:701, src/admin/wp-security-firewall-menu.php:739, src/admin/wp-security-firewall-menu.php:870, src/admin/wp-security-firewall-menu.php:1089, src/admin/wp-security-firewall-menu.php:1112, src/admin/wp-security-firewall-menu.php:1321, src/admin/wp-security-spam-menu.php:186, src/admin/wp-security-spam-menu.php:221, src/admin/wp-security-spam-menu.php:390, src/admin/wp-security-spam-menu.php:430, src/admin/wp-security-user-login-menu.php:362, src/templates/info/ip-address-ip-range-info.php:2, src/templates/menus/settings/advanced-settings.php:63
200
- msgid "More info"
201
  msgstr ""
202
 
203
- #: src/admin/wp-security-blacklist-menu.php:214
204
  msgid "Each user agent string must be on a new line."
205
  msgstr ""
206
 
207
- #: src/admin/wp-security-blacklist-menu.php:215
208
  msgid "Example 1 - A single user agent string to block:"
209
  msgstr ""
210
 
211
- #: src/admin/wp-security-blacklist-menu.php:217
212
  msgid "Example 2 - A list of more than 1 user agent strings to block"
213
  msgstr ""
214
 
215
- #: src/admin/wp-security-blacklist-menu.php:225, src/admin/wp-security-brute-force-menu.php:235, src/admin/wp-security-brute-force-menu.php:725, src/admin/wp-security-brute-force-menu.php:848, src/admin/wp-security-brute-force-menu.php:914, src/admin/wp-security-filescan-menu.php:348, src/admin/wp-security-filesystem-menu.php:242, src/admin/wp-security-firewall-menu.php:947, src/admin/wp-security-firewall-menu.php:1131, src/admin/wp-security-misc-options-menu.php:167, src/admin/wp-security-misc-options-menu.php:218, src/admin/wp-security-misc-options-menu.php:278, src/admin/wp-security-settings-menu.php:619, src/admin/wp-security-settings-menu.php:680, src/admin/wp-security-spam-menu.php:233, src/admin/wp-security-spam-menu.php:407, src/admin/wp-security-spam-menu.php:526, src/admin/wp-security-spam-menu.php:588, src/admin/wp-security-user-login-menu.php:384, src/admin/wp-security-user-login-menu.php:422, src/admin/wp-security-user-login-menu.php:601, src/admin/wp-security-user-login-menu.php:788, src/admin/wp-security-user-registration-menu.php:150, src/admin/wp-security-user-registration-menu.php:242, src/admin/wp-security-user-registration-menu.php:305, src/templates/menus/settings/advanced-settings.php:217
216
  msgid "Save settings"
217
  msgstr ""
218
 
@@ -252,7 +248,7 @@ msgstr ""
252
  msgid "You must use alpha numeric characters for your login page slug."
253
  msgstr ""
254
 
255
- #: src/admin/wp-security-brute-force-menu.php:136, src/admin/wp-security-filescan-menu.php:195, src/admin/wp-security-firewall-menu.php:153, src/admin/wp-security-firewall-menu.php:1013, src/admin/wp-security-spam-menu.php:101, src/admin/wp-security-spam-menu.php:270, src/admin/wp-security-spam-menu.php:302, src/admin/wp-security-user-login-menu.php:184, src/admin/wp-security-user-login-menu.php:553, src/templates/partials/non-apache-feature-notice.php:9
256
  msgid "Attention:"
257
  msgstr ""
258
 
@@ -361,11 +357,11 @@ msgid "backup"
361
  msgstr ""
362
 
363
  #: src/admin/wp-security-brute-force-menu.php:336
364
- msgid "video tutorial"
365
  msgstr ""
366
 
367
  #: src/admin/wp-security-brute-force-menu.php:337
368
- msgid "To learn more about how to use this feature, please watch the following %s."
369
  msgstr ""
370
 
371
  #: src/admin/wp-security-brute-force-menu.php:338, src/admin/wp-security-user-login-menu.php:253
@@ -377,7 +373,7 @@ msgid "Cookie based brute force login prevention"
377
  msgstr ""
378
 
379
  #: src/admin/wp-security-brute-force-menu.php:359
380
- msgid "This feature can lock you out of admin if it doesn't work correctly on your site. You <a href=\"https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note\" target=\"_blank\">.__must read this message"
381
  msgstr ""
382
 
383
  #: src/admin/wp-security-brute-force-menu.php:370
@@ -408,6 +404,10 @@ msgstr ""
408
  msgid "Check this if you want to protect your login page from Brute Force Attack."
409
  msgstr ""
410
 
 
 
 
 
411
  #: src/admin/wp-security-brute-force-menu.php:406
412
  msgid "This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser."
413
  msgstr ""
@@ -512,7 +512,7 @@ msgstr ""
512
  msgid "Save feature settings"
513
  msgstr ""
514
 
515
- #: src/admin/wp-security-brute-force-menu.php:557, src/classes/wp-security-general-init-tasks.php:622
516
  msgid "Your Google reCAPTCHA configuration is invalid."
517
  msgstr ""
518
 
@@ -1072,7 +1072,7 @@ msgstr ""
1072
  msgid "Your WordPress system has a total of %s tables and your new DB prefix will be: %s"
1073
  msgstr ""
1074
 
1075
- #: src/admin/wp-security-database-menu.php:320, src/classes/wp-security-utility.php:306
1076
  msgid "Failed to make a backup of the wp-config.php file. This operation will not go ahead."
1077
  msgstr ""
1078
 
@@ -1140,83 +1140,83 @@ msgstr ""
1140
  msgid "%s view definitions were updated successfully!"
1141
  msgstr ""
1142
 
1143
- #: src/admin/wp-security-filescan-menu.php:54, src/classes/grade-system/wp-security-feature-item-manager.php:127
1144
  msgid "File change detection"
1145
  msgstr ""
1146
 
1147
- #: src/admin/wp-security-filescan-menu.php:55
1148
  msgid "Malware scan"
1149
  msgstr ""
1150
 
1151
- #: src/admin/wp-security-filescan-menu.php:121
1152
  msgid "There have been no file changes since the last scan."
1153
  msgstr ""
1154
 
1155
- #: src/admin/wp-security-filescan-menu.php:135
1156
  msgid "There was an error during the file change detection scan. Please check the AIOS logs."
1157
  msgstr ""
1158
 
1159
- #: src/admin/wp-security-filescan-menu.php:140
1160
  msgid "The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans."
1161
  msgstr ""
1162
 
1163
- #: src/admin/wp-security-filescan-menu.php:142
1164
  msgid "Scan Complete - There were no file changes detected."
1165
  msgstr ""
1166
 
1167
- #: src/admin/wp-security-filescan-menu.php:160
1168
  msgid "You entered a non numeric value for the \"backup time interval\" field. It has been set to the default value."
1169
  msgstr ""
1170
 
1171
- #: src/admin/wp-security-filescan-menu.php:188
1172
  msgid "The following address was removed because it is not a valid email address: "
1173
  msgstr ""
1174
 
1175
- #: src/admin/wp-security-filescan-menu.php:214
1176
  msgid "Attention: You have configured your file change detection scan to occur at least once daily."
1177
  msgstr ""
1178
 
1179
- #: src/admin/wp-security-filescan-menu.php:214
1180
  msgid "For most websites we recommended that you choose a less frequent schedule such as once every few days, once a week or once a month."
1181
  msgstr ""
1182
 
1183
- #: src/admin/wp-security-filescan-menu.php:214
1184
  msgid "Choosing a less frequent schedule will also help reduce your server load."
1185
  msgstr ""
1186
 
1187
- #: src/admin/wp-security-filescan-menu.php:223
1188
  msgid "New scan completed: The plugin has detected that you have made changes to the \"File Types To Ignore\" or \"Files To Ignore\" fields."
1189
  msgstr ""
1190
 
1191
- #: src/admin/wp-security-filescan-menu.php:223
1192
  msgid "In order to ensure that future scan results are accurate, the old scan data has been refreshed."
1193
  msgstr ""
1194
 
1195
- #: src/admin/wp-security-filescan-menu.php:230
1196
  msgid "All In One WP Security & Firewall has detected that there was a change in your host's files."
1197
  msgstr ""
1198
 
1199
- #: src/admin/wp-security-filescan-menu.php:232
1200
  msgid "View scan details and clear this message"
1201
  msgstr ""
1202
 
1203
- #: src/admin/wp-security-filescan-menu.php:239
1204
  msgid "If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site."
1205
  msgstr ""
1206
 
1207
- #: src/admin/wp-security-filescan-menu.php:240
1208
  msgid "Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website."
1209
  msgstr ""
1210
 
1211
- #: src/admin/wp-security-filescan-menu.php:241
1212
  msgid "In general, WordPress core and plugin files and file types such as \".php\" or \".js\" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected."
1213
  msgstr ""
1214
 
1215
- #: src/admin/wp-security-filescan-menu.php:242
1216
  msgid "The \"File Change Detection Feature\" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system's files."
1217
  msgstr ""
1218
 
1219
- #: src/admin/wp-security-filescan-menu.php:243
1220
  msgid "This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)"
1221
  msgstr ""
1222
 
@@ -1340,7 +1340,7 @@ msgstr ""
1340
  msgid "This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings."
1341
  msgstr ""
1342
 
1343
- #: src/admin/wp-security-filescan-menu.php:369, src/classes/wp-security-general-init-tasks.php:622, src/classes/wp-security-notices.php:99
1344
  msgid "here"
1345
  msgstr ""
1346
 
@@ -1361,11 +1361,11 @@ msgid "This is why we have created an easy-to-use scanning service which is host
1361
  msgstr ""
1362
 
1363
  #: src/admin/wp-security-filescan-menu.php:374
1364
- msgid "When you sign up for this service you will get the following:"
1365
  msgstr ""
1366
 
1367
  #: src/admin/wp-security-filescan-menu.php:376
1368
- msgid "Automatic daily scan of 1 website"
1369
  msgstr ""
1370
 
1371
  #: src/admin/wp-security-filescan-menu.php:377
@@ -1552,7 +1552,7 @@ msgstr ""
1552
  msgid "You have successfully saved the Prevent Access to Default WP Files configuration."
1553
  msgstr ""
1554
 
1555
- #: src/admin/wp-security-filesystem-menu.php:286, src/admin/wp-security-firewall-menu.php:128, src/admin/wp-security-firewall-menu.php:348, src/admin/wp-security-firewall-menu.php:615, src/admin/wp-security-firewall-menu.php:914, src/admin/wp-security-settings-menu.php:772, src/admin/wp-security-spam-menu.php:124
1556
  msgid "Could not write to the .htaccess file. Please check the file permissions."
1557
  msgstr ""
1558
 
@@ -2380,6 +2380,10 @@ msgstr ""
2380
  msgid "Click this button if you wish to purge all 404 event logs from the DB."
2381
  msgstr ""
2382
 
 
 
 
 
2383
  #: src/admin/wp-security-firewall-menu.php:1243
2384
  msgid "Custom .htaccess rules settings"
2385
  msgstr ""
@@ -3088,411 +3092,403 @@ msgstr ""
3088
  msgid "Page"
3089
  msgstr ""
3090
 
3091
- #: src/admin/wp-security-settings-menu.php:204
3092
- msgid "Follow us"
3093
- msgstr ""
3094
-
3095
- #: src/admin/wp-security-settings-menu.php:204
3096
- msgid "on Twitter, Google+ or via Email to stay up to date about the new security features of this plugin."
3097
- msgstr ""
3098
-
3099
- #: src/admin/wp-security-settings-menu.php:208
3100
  msgid "WP Security plugin"
3101
  msgstr ""
3102
 
3103
- #: src/admin/wp-security-settings-menu.php:212
3104
  msgid "Thank you for using the AIOS security plugin."
3105
  msgstr ""
3106
 
3107
- #: src/admin/wp-security-settings-menu.php:216
3108
  msgid "There are a lot of security features in this plugin."
3109
  msgstr ""
3110
 
3111
- #: src/admin/wp-security-settings-menu.php:221
3112
  msgid "To start, go through each security option and enable the \"basic\" options."
3113
  msgstr ""
3114
 
3115
- #: src/admin/wp-security-settings-menu.php:225
3116
  msgid "The more features you enable, the more security points you will achieve."
3117
  msgstr ""
3118
 
3119
- #: src/admin/wp-security-settings-menu.php:228
3120
  msgid "Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php."
3121
  msgstr ""
3122
 
3123
- #: src/admin/wp-security-settings-menu.php:231
3124
  msgid "Backup your database"
3125
  msgstr ""
3126
 
3127
- #: src/admin/wp-security-settings-menu.php:232, src/admin/wp-security-settings-menu.php:433
3128
  msgid "Backup .htaccess file"
3129
  msgstr ""
3130
 
3131
- #: src/admin/wp-security-settings-menu.php:233, src/admin/wp-security-settings-menu.php:534
3132
  msgid "Backup wp-config.php file"
3133
  msgstr ""
3134
 
3135
- #: src/admin/wp-security-settings-menu.php:240
3136
  msgid "Disable security features"
3137
  msgstr ""
3138
 
3139
- #: src/admin/wp-security-settings-menu.php:246
3140
  msgid "If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin."
3141
  msgstr ""
3142
 
3143
- #: src/admin/wp-security-settings-menu.php:250
3144
  msgid "Disable all security features"
3145
  msgstr ""
3146
 
3147
- #: src/admin/wp-security-settings-menu.php:257, src/admin/wp-security-settings-menu.php:267
3148
  msgid "Disable all firewall rules"
3149
  msgstr ""
3150
 
3151
- #: src/admin/wp-security-settings-menu.php:263
3152
  msgid "This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site."
3153
  msgstr ""
3154
 
3155
- #: src/admin/wp-security-settings-menu.php:274, src/admin/wp-security-settings-menu.php:287
3156
  msgid "Reset settings"
3157
  msgstr ""
3158
 
3159
- #: src/admin/wp-security-settings-menu.php:279
3160
  msgid "This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin."
3161
  msgstr ""
3162
 
3163
- #: src/admin/wp-security-settings-menu.php:280
3164
  msgid "This button click will reset/empty all the database tables of the security plugin also."
3165
  msgstr ""
3166
 
3167
- #: src/admin/wp-security-settings-menu.php:281
3168
  msgid "Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated."
3169
  msgstr ""
3170
 
3171
- #: src/admin/wp-security-settings-menu.php:282
3172
  msgid "In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin."
3173
  msgstr ""
3174
 
3175
- #: src/admin/wp-security-settings-menu.php:283
3176
  msgid "%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall Plugin."
3177
  msgstr ""
3178
 
3179
- #: src/admin/wp-security-settings-menu.php:295
3180
  msgid "Debug settings"
3181
  msgstr ""
3182
 
3183
- #: src/admin/wp-security-settings-menu.php:301
3184
  msgid "This setting allows you to enable/disable debug for this plugin."
3185
  msgstr ""
3186
 
3187
- #: src/admin/wp-security-settings-menu.php:307
3188
  msgid "Enable debug"
3189
  msgstr ""
3190
 
3191
- #: src/admin/wp-security-settings-menu.php:310
3192
  msgid "Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue."
3193
  msgstr ""
3194
 
3195
- #: src/admin/wp-security-settings-menu.php:314
3196
  msgid "Save debug settings"
3197
  msgstr ""
3198
 
3199
- #: src/admin/wp-security-settings-menu.php:350
3200
  msgid "Your .htaccess file was successfully backed up! Using an FTP program go to the \"/wp-content/aiowps_backups\" directory to save a copy of the file to your computer."
3201
  msgstr ""
3202
 
3203
- #: src/admin/wp-security-settings-menu.php:356
3204
  msgid "htaccess file rename failed during backup. Please check your root directory for the backup file using FTP."
3205
  msgstr ""
3206
 
3207
- #: src/admin/wp-security-settings-menu.php:362
3208
  msgid "htaccess backup failed."
3209
  msgstr ""
3210
 
3211
- #: src/admin/wp-security-settings-menu.php:377
3212
  msgid "Please choose a .htaccess to restore from."
3213
  msgstr ""
3214
 
3215
- #: src/admin/wp-security-settings-menu.php:392
3216
  msgid "htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP."
3217
  msgstr ""
3218
 
3219
- #: src/admin/wp-security-settings-menu.php:396
3220
  msgid "Your .htaccess file has successfully been restored!"
3221
  msgstr ""
3222
 
3223
- #: src/admin/wp-security-settings-menu.php:402
3224
  msgid "htaccess Restore operation failed! Please check the contents of the file you are trying to restore from."
3225
  msgstr ""
3226
 
3227
- #: src/admin/wp-security-settings-menu.php:408
3228
  msgid ".htaccess file operations"
3229
  msgstr ""
3230
 
3231
- #: src/admin/wp-security-settings-menu.php:411
3232
  msgid "Your \".htaccess\" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms."
3233
  msgstr ""
3234
 
3235
- #: src/admin/wp-security-settings-menu.php:412
3236
  msgid "This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future."
3237
  msgstr ""
3238
 
3239
- #: src/admin/wp-security-settings-menu.php:413
3240
  msgid "You can also restore your site's .htaccess settings using a backed up .htaccess file."
3241
  msgstr ""
3242
 
3243
- #: src/admin/wp-security-settings-menu.php:428
3244
  msgid "Save the current .htaccess file"
3245
  msgstr ""
3246
 
3247
- #: src/admin/wp-security-settings-menu.php:432
3248
  msgid "Click the button below to backup and save the currently active .htaccess file."
3249
  msgstr ""
3250
 
3251
- #: src/admin/wp-security-settings-menu.php:437
3252
  msgid "Restore from a backed up .htaccess file"
3253
  msgstr ""
3254
 
3255
- #: src/admin/wp-security-settings-menu.php:443
3256
  msgid ".htaccess file to restore from"
3257
  msgstr ""
3258
 
3259
- #: src/admin/wp-security-settings-menu.php:445
3260
  msgid "Select Your htaccess File"
3261
  msgstr ""
3262
 
3263
- #: src/admin/wp-security-settings-menu.php:449
3264
  msgid "After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt)."
3265
  msgstr ""
3266
 
3267
- #: src/admin/wp-security-settings-menu.php:455
3268
  msgid "Restore .htaccess file"
3269
  msgstr ""
3270
 
3271
- #: src/admin/wp-security-settings-menu.php:477
3272
  msgid "Please choose a wp-config.php file to restore from."
3273
  msgstr ""
3274
 
3275
- #: src/admin/wp-security-settings-menu.php:493
3276
  msgid "wp-config.php file restore failed. Please attempt to restore this file manually using FTP."
3277
  msgstr ""
3278
 
3279
- #: src/admin/wp-security-settings-menu.php:497
3280
  msgid "Your wp-config.php file has successfully been restored!"
3281
  msgstr ""
3282
 
3283
- #: src/admin/wp-security-settings-menu.php:503
3284
  msgid "wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from."
3285
  msgstr ""
3286
 
3287
- #: src/admin/wp-security-settings-menu.php:509
3288
  msgid "wp-config.php file operations"
3289
  msgstr ""
3290
 
3291
- #: src/admin/wp-security-settings-menu.php:512
3292
  msgid "Your \"wp-config.php\" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components."
3293
  msgstr ""
3294
 
3295
- #: src/admin/wp-security-settings-menu.php:513
3296
  msgid "This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future."
3297
  msgstr ""
3298
 
3299
- #: src/admin/wp-security-settings-menu.php:514
3300
  msgid "You can also restore your site's wp-config.php settings using a backed up wp-config.php file."
3301
  msgstr ""
3302
 
3303
- #: src/admin/wp-security-settings-menu.php:529
3304
  msgid "Save the current wp-config.php file"
3305
  msgstr ""
3306
 
3307
- #: src/admin/wp-security-settings-menu.php:533
3308
  msgid "Click the button below to backup and download the contents of the currently active wp-config.php file."
3309
  msgstr ""
3310
 
3311
- #: src/admin/wp-security-settings-menu.php:539
3312
  msgid "Restore from a backed up wp-config file"
3313
  msgstr ""
3314
 
3315
- #: src/admin/wp-security-settings-menu.php:545
3316
  msgid "wp-config file to restore from"
3317
  msgstr ""
3318
 
3319
- #: src/admin/wp-security-settings-menu.php:547
3320
  msgid "Select Your wp-config File"
3321
  msgstr ""
3322
 
3323
- #: src/admin/wp-security-settings-menu.php:551
3324
  msgid "After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt)."
3325
  msgstr ""
3326
 
3327
- #: src/admin/wp-security-settings-menu.php:557
3328
  msgid "Restore wp-config file"
3329
  msgstr ""
3330
 
3331
- #: src/admin/wp-security-settings-menu.php:561
3332
  msgid "View Contents of the currently active wp-config.php file"
3333
  msgstr ""
3334
 
3335
- #: src/admin/wp-security-settings-menu.php:591
3336
  msgid "Manage delete plugin settings saved."
3337
  msgstr ""
3338
 
3339
- #: src/admin/wp-security-settings-menu.php:596
3340
  msgid "Manage delete plugin tasks"
3341
  msgstr ""
3342
 
3343
- #: src/admin/wp-security-settings-menu.php:603
3344
  msgid "Delete database tables"
3345
  msgstr ""
3346
 
3347
- #: src/admin/wp-security-settings-menu.php:606
3348
  msgid "Check this if you want to remove database tables when the plugin is uninstalled."
3349
  msgstr ""
3350
 
3351
- #: src/admin/wp-security-settings-menu.php:610
3352
  msgid "Delete settings"
3353
  msgstr ""
3354
 
3355
- #: src/admin/wp-security-settings-menu.php:613
3356
  msgid "Check this if you want to remove all plugin settings when uninstalling the plugin."
3357
  msgstr ""
3358
 
3359
- #: src/admin/wp-security-settings-menu.php:613
3360
  msgid "It will also remove all custom htaccess rules that were added by this plugin."
3361
  msgstr ""
3362
 
3363
- #: src/admin/wp-security-settings-menu.php:647
3364
  msgid "WP generator meta tag and version info"
3365
  msgstr ""
3366
 
3367
- #: src/admin/wp-security-settings-menu.php:650
3368
  msgid "WordPress generator automatically adds some meta information inside the \"head\" tags of every page on your site's front end. Below is an example of this:"
3369
  msgstr ""
3370
 
3371
- #: src/admin/wp-security-settings-menu.php:652
3372
  msgid "The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit."
3373
  msgstr ""
3374
 
3375
- #: src/admin/wp-security-settings-menu.php:653
3376
  msgid "There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:"
3377
  msgstr ""
3378
 
3379
- #: src/admin/wp-security-settings-menu.php:655
3380
  msgid "This feature will allow you to remove the WP generator meta info and other version info from your site's pages."
3381
  msgstr ""
3382
 
3383
- #: src/admin/wp-security-settings-menu.php:661
3384
  msgid "WP generator meta info"
3385
  msgstr ""
3386
 
3387
- #: src/admin/wp-security-settings-menu.php:673
3388
  msgid "Remove WP generator meta info"
3389
  msgstr ""
3390
 
3391
- #: src/admin/wp-security-settings-menu.php:676
3392
  msgid "Check this if you want to remove the version and meta info produced by WP from all pages"
3393
  msgstr ""
3394
 
3395
- #: src/admin/wp-security-settings-menu.php:704
3396
  msgid "Please choose a file to import your settings from."
3397
  msgstr ""
3398
 
3399
- #: src/admin/wp-security-settings-menu.php:736
3400
  msgid "Import AIOS settings from .$import_from. operation failed!"
3401
  msgstr ""
3402
 
3403
- #: src/admin/wp-security-settings-menu.php:742, src/admin/wp-security-settings-menu.php:786
3404
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes."
3405
  msgstr ""
3406
 
3407
- #: src/admin/wp-security-settings-menu.php:744, src/admin/wp-security-settings-menu.php:788
3408
  msgid "The file you uploaded was also deleted for security purposes because it contains security settings details."
3409
  msgstr ""
3410
 
3411
- #: src/admin/wp-security-settings-menu.php:759
3412
  msgid "Your AIOS settings were successfully imported via file input."
3413
  msgstr ""
3414
 
3415
- #: src/admin/wp-security-settings-menu.php:760
3416
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details."
3417
  msgstr ""
3418
 
3419
- #: src/admin/wp-security-settings-menu.php:762
3420
  msgid "Your AIOS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details."
3421
  msgstr ""
3422
 
3423
- #: src/admin/wp-security-settings-menu.php:765
3424
  msgid "Your AIOS settings were successfully imported via text entry."
3425
  msgstr ""
3426
 
3427
- #: src/admin/wp-security-settings-menu.php:780
3428
  msgid "The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from."
3429
  msgstr ""
3430
 
3431
- #: src/admin/wp-security-settings-menu.php:797
3432
  msgid "Export or import your AIOS settings"
3433
  msgstr ""
3434
 
3435
- #: src/admin/wp-security-settings-menu.php:800
3436
  msgid "This section allows you to export or import your All In One WP Security & Firewall settings."
3437
  msgstr ""
3438
 
3439
- #: src/admin/wp-security-settings-menu.php:801
3440
  msgid "This can be handy if you wanted to save time by applying the settings from one site to another site."
3441
  msgstr ""
3442
 
3443
- #: src/admin/wp-security-settings-menu.php:802
3444
  msgid "NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site."
3445
  msgstr ""
3446
 
3447
- #: src/admin/wp-security-settings-menu.php:803
3448
  msgid "For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain."
3449
  msgstr ""
3450
 
3451
- #: src/admin/wp-security-settings-menu.php:809, src/admin/wp-security-settings-menu.php:818
3452
  msgid "Export AIOS settings"
3453
  msgstr ""
3454
 
3455
- #: src/admin/wp-security-settings-menu.php:815
3456
  msgid "To export your All In One WP Security & Firewall settings click the button below."
3457
  msgstr ""
3458
 
3459
- #: src/admin/wp-security-settings-menu.php:822, src/admin/wp-security-settings-menu.php:851
3460
  msgid "Import AIOS settings"
3461
  msgstr ""
3462
 
3463
- #: src/admin/wp-security-settings-menu.php:828
3464
  msgid "Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below."
3465
  msgstr ""
3466
 
3467
- #: src/admin/wp-security-settings-menu.php:830
3468
  msgid "Import file"
3469
  msgstr ""
3470
 
3471
- #: src/admin/wp-security-settings-menu.php:833
3472
  msgid "Select Your Import Settings File"
3473
  msgstr ""
3474
 
3475
- #: src/admin/wp-security-settings-menu.php:837
3476
  msgid "After selecting your file, click the button below to apply the settings to your site."
3477
  msgstr ""
3478
 
3479
- #: src/admin/wp-security-settings-menu.php:844
3480
  msgid "Copy/Paste import data"
3481
  msgstr ""
3482
 
3483
- #: src/admin/wp-security-settings-menu.php:893
3484
  msgid "Default - if correct, then this is the best option"
3485
  msgstr ""
3486
 
3487
- #: src/admin/wp-security-settings-menu.php:894
3488
  msgid "Only use if you're using Cloudflare."
3489
  msgstr ""
3490
 
3491
- #: src/admin/wp-security-settings-menu.php:902
3492
  msgid "(current value: %s)"
3493
  msgstr ""
3494
 
3495
- #: src/admin/wp-security-settings-menu.php:905
3496
  msgid "no value (i.e. empty) on your server"
3497
  msgstr ""
3498
 
@@ -3736,7 +3732,7 @@ msgstr ""
3736
  msgid "Spammer IP address results"
3737
  msgstr ""
3738
 
3739
- #: src/admin/wp-security-spam-menu.php:451, src/classes/wp-security-utility.php:253
3740
  msgid "The plugin has detected that you are using a Multi-Site WordPress installation."
3741
  msgstr ""
3742
 
@@ -4488,15 +4484,15 @@ msgstr ""
4488
  msgid "Invalid IP retrieve method."
4489
  msgstr ""
4490
 
4491
- #: src/classes/aios-ajax.php:131, src/wp-security-core.php:261
4492
  msgid "The security check failed; try refreshing the page."
4493
  msgstr ""
4494
 
4495
- #: src/classes/aios-ajax.php:152, src/wp-security-core.php:271
4496
  msgid "You are not allowed to run this command."
4497
  msgstr ""
4498
 
4499
- #: src/classes/aios-ajax.php:173, src/wp-security-core.php:285
4500
  msgid "Options can only be saved by network admin"
4501
  msgstr ""
4502
 
@@ -4620,7 +4616,7 @@ msgstr ""
4620
  msgid "Advanced"
4621
  msgstr ""
4622
 
4623
- #: src/classes/wp-security-captcha.php:47, src/classes/wp-security-general-init-tasks.php:387
4624
  msgid "Please enter an answer in digits:"
4625
  msgstr ""
4626
 
@@ -4752,59 +4748,63 @@ msgstr ""
4752
  msgid "The following files were changed on your host"
4753
  msgstr ""
4754
 
4755
- #: src/classes/wp-security-general-init-tasks.php:192, src/classes/wp-security-general-init-tasks.php:461
4756
  msgid "Application passwords have been disabled by All In One WP Security & Firewall plugin."
4757
  msgstr ""
4758
 
4759
- #: src/classes/wp-security-general-init-tasks.php:408, src/classes/wp-security-general-init-tasks.php:521, src/classes/wp-security-general-init-tasks.php:554, src/classes/wp-security-user-login.php:137, src/classes/wp-security-user-registration.php:74
4760
  msgid "<strong>ERROR</strong>: Your answer was incorrect - please try again."
4761
  msgstr ""
4762
 
4763
- #: src/classes/wp-security-general-init-tasks.php:443
4764
  msgid "Enter something special:"
4765
  msgstr ""
4766
 
4767
- #: src/classes/wp-security-general-init-tasks.php:456
4768
  msgid "Application passwords"
4769
  msgstr ""
4770
 
4771
- #: src/classes/wp-security-general-init-tasks.php:465
4772
  msgid "Change setting"
4773
  msgstr ""
4774
 
4775
- #: src/classes/wp-security-general-init-tasks.php:467
4776
  msgid "Site admin can only change this setting."
4777
  msgstr ""
4778
 
4779
- #: src/classes/wp-security-general-init-tasks.php:496
4780
  msgid "Error: You entered an incorrect CAPTCHA answer. Please go back and try again."
4781
  msgstr ""
4782
 
4783
- #: src/classes/wp-security-general-init-tasks.php:538
4784
  msgid "Your CAPTCHA answer was incorrect - please try again."
4785
  msgstr ""
4786
 
4787
- #: src/classes/wp-security-general-init-tasks.php:547
4788
  msgid "<strong>ERROR</strong>: Your IP address is currently locked please contact the administrator!"
4789
  msgstr ""
4790
 
4791
- #: src/classes/wp-security-general-init-tasks.php:622
4792
  msgid "Please enter the correct reCAPTCHA keys %s to use the Google reCAPTCHA feature."
4793
  msgstr ""
4794
 
4795
- #: src/classes/wp-security-general-init-tasks.php:635
4796
- msgid "Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?"
4797
  msgstr ""
4798
 
4799
- #: src/classes/wp-security-general-init-tasks.php:635, src/templates/may-also-like.php:40, src/templates/may-also-like.php:43, src/templates/may-also-like.php:54, src/templates/may-also-like.php:57, src/templates/may-also-like.php:68, src/templates/may-also-like.php:71, src/templates/may-also-like.php:91, src/templates/may-also-like.php:103, src/templates/may-also-like.php:115, src/templates/may-also-like.php:127, src/templates/may-also-like.php:139, src/templates/may-also-like.php:151, src/templates/may-also-like.php:168, src/templates/may-also-like.php:171, src/templates/may-also-like.php:183, src/templates/may-also-like.php:195, src/templates/may-also-like.php:207, src/templates/may-also-like.php:219, src/templates/may-also-like.php:231, src/templates/may-also-like.php:243, src/templates/may-also-like.php:252, src/templates/may-also-like.php:255, src/templates/may-also-like.php:264, src/templates/may-also-like.php:267, src/templates/may-also-like.php:279, src/templates/may-also-like.php:297, src/templates/may-also-like.php:309, src/templates/may-also-like.php:327, src/templates/may-also-like.php:339, src/templates/may-also-like.php:351, src/templates/may-also-like.php:368, src/templates/may-also-like.php:380
4800
  msgid "Yes"
4801
  msgstr ""
4802
 
4803
- #: src/classes/wp-security-general-init-tasks.php:635, src/templates/may-also-like.php:88, src/templates/may-also-like.php:100, src/templates/may-also-like.php:112, src/templates/may-also-like.php:124, src/templates/may-also-like.php:136, src/templates/may-also-like.php:148, src/templates/may-also-like.php:180, src/templates/may-also-like.php:192, src/templates/may-also-like.php:204, src/templates/may-also-like.php:216, src/templates/may-also-like.php:228, src/templates/may-also-like.php:240, src/templates/may-also-like.php:276, src/templates/may-also-like.php:294, src/templates/may-also-like.php:306, src/templates/may-also-like.php:324, src/templates/may-also-like.php:336, src/templates/may-also-like.php:348, src/templates/may-also-like.php:365, src/templates/may-also-like.php:377, src/templates/notices/custom-notice.php:27
4804
  msgid "No"
4805
  msgstr ""
4806
 
4807
- #: src/classes/wp-security-general-init-tasks.php:654
 
 
 
 
4808
  msgid "Your registration is pending approval."
4809
  msgstr ""
4810
 
@@ -5068,35 +5068,35 @@ msgstr ""
5068
  msgid "You cannot ban your own IP address: "
5069
  msgstr ""
5070
 
5071
- #: src/classes/wp-security-utility.php:254
5072
  msgid "This feature can only be configured by the \"superadmin\" on the main site."
5073
  msgstr ""
5074
 
5075
- #: src/classes/wp-security-utility.php:283
5076
  msgid "Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED."
5077
  msgstr ""
5078
 
5079
- #: src/classes/wp-security-utility.php:286
5080
  msgid "Your system config file is already configured to disallow PHP file editing."
5081
  msgstr ""
5082
 
5083
- #: src/classes/wp-security-utility.php:310
5084
  msgid "A backup copy of your wp-config.php file was created successfully...."
5085
  msgstr ""
5086
 
5087
- #: src/classes/wp-security-utility.php:315
5088
  msgid "Settings Saved - Your system is now configured to not allow PHP file editing."
5089
  msgstr ""
5090
 
5091
- #: src/classes/wp-security-utility.php:318, src/classes/wp-security-utility.php:361
5092
  msgid "Operation failed! Unable to modify wp-config.php file!"
5093
  msgstr ""
5094
 
5095
- #: src/classes/wp-security-utility.php:346, src/classes/wp-security-utility.php:353
5096
  msgid "Your system config file is already configured to allow PHP file editing."
5097
  msgstr ""
5098
 
5099
- #: src/classes/wp-security-utility.php:358
5100
  msgid "Settings Saved - Your system is now configured to allow PHP file editing."
5101
  msgstr ""
5102
 
@@ -5740,23 +5740,23 @@ msgstr ""
5740
  msgid "You are using the non-apache server %s, so this feature won't work on your site."
5741
  msgstr ""
5742
 
5743
- #: src/wp-security-core.php:239, src/wp-security.php:45
5744
  msgid "This plugin requires PHP version %s."
5745
  msgstr ""
5746
 
5747
- #: src/wp-security-core.php:240
5748
  msgid "Current site PHP version is %s."
5749
  msgstr ""
5750
 
5751
- #: src/wp-security-core.php:241, src/wp-security.php:47
5752
  msgid "You will need to ask your web hosting company to upgrade."
5753
  msgstr ""
5754
 
5755
- #: src/wp-security-core.php:400
5756
  msgid "Error:"
5757
  msgstr ""
5758
 
5759
- #: src/wp-security-core.php:400
5760
  msgid "template not found"
5761
  msgstr ""
5762
 
24
  msgid "Unexpected response:"
25
  msgstr ""
26
 
27
+ #: src/admin/wp-security-admin-init.php:260
28
+ msgid "Copied"
29
+ msgstr ""
30
+
31
+ #: src/admin/wp-security-admin-init.php:291
32
  msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
33
  msgstr ""
34
 
35
+ #: src/admin/wp-security-admin-init.php:415, src/admin/wp-security-admin-init.php:415, src/classes/wp-security-two-factor-login.php:95, src/classes/wp-security-two-factor-login.php:95
36
  msgid "WP Security"
37
  msgstr ""
38
 
39
+ #: src/admin/wp-security-admin-init.php:416, src/admin/wp-security-admin-init.php:416, src/admin/wp-security-dashboard-menu.php:26, src/admin/wp-security-dashboard-menu.php:76
40
  msgid "Dashboard"
41
  msgstr ""
42
 
43
+ #: src/admin/wp-security-admin-init.php:417, src/admin/wp-security-admin-init.php:417, src/admin/wp-security-settings-menu.php:95
44
  msgid "Settings"
45
  msgstr ""
46
 
47
+ #: src/admin/wp-security-admin-init.php:418, src/admin/wp-security-admin-init.php:418
48
  msgid "User Accounts"
49
  msgstr ""
50
 
51
+ #: src/admin/wp-security-admin-init.php:419, src/admin/wp-security-admin-init.php:419
52
  msgid "User Login"
53
  msgstr ""
54
 
55
+ #: src/admin/wp-security-admin-init.php:420, src/admin/wp-security-admin-init.php:420
56
  msgid "User Registration"
57
  msgstr ""
58
 
59
+ #: src/admin/wp-security-admin-init.php:421, src/admin/wp-security-admin-init.php:421
60
  msgid "Database Security"
61
  msgstr ""
62
 
63
+ #: src/admin/wp-security-admin-init.php:423, src/admin/wp-security-admin-init.php:423
64
  msgid "Filesystem Security"
65
  msgstr ""
66
 
67
+ #: src/admin/wp-security-admin-init.php:426, src/admin/wp-security-admin-init.php:426
68
  msgid "Blacklist Manager"
69
  msgstr ""
70
 
71
+ #: src/admin/wp-security-admin-init.php:429, src/admin/wp-security-admin-init.php:429, src/admin/wp-security-firewall-menu.php:62, src/admin/wp-security-firewall-menu.php:1318
72
  msgid "Firewall"
73
  msgstr ""
74
 
75
+ #: src/admin/wp-security-admin-init.php:431, src/admin/wp-security-admin-init.php:431
76
  msgid "Brute Force"
77
  msgstr ""
78
 
79
+ #: src/admin/wp-security-admin-init.php:432, src/admin/wp-security-admin-init.php:432
80
  msgid "Spam Prevention"
81
  msgstr ""
82
 
83
+ #: src/admin/wp-security-admin-init.php:434, src/admin/wp-security-admin-init.php:434, src/admin/wp-security-filescan-menu.php:83
84
  msgid "Scanner"
85
  msgstr ""
86
 
87
+ #: src/admin/wp-security-admin-init.php:436, src/admin/wp-security-admin-init.php:436, src/admin/wp-security-maintenance-menu.php:51
88
  msgid "Maintenance"
89
  msgstr ""
90
 
91
+ #: src/admin/wp-security-admin-init.php:437, src/admin/wp-security-admin-init.php:437, src/admin/wp-security-misc-options-menu.php:57
92
  msgid "Miscellaneous"
93
  msgstr ""
94
 
95
+ #: src/admin/wp-security-admin-init.php:438, src/admin/wp-security-admin-init.php:438, src/admin/wp-security-tools-menu.php:64
96
  msgid "Tools"
97
  msgstr ""
98
 
99
+ #: src/admin/wp-security-admin-init.php:450
100
  msgid "Premium Upgrade"
101
  msgstr ""
102
 
112
  msgid "Failed to delete the selected record(s)."
113
  msgstr ""
114
 
115
+ #: src/admin/wp-security-blacklist-menu.php:48
116
  msgid "Ban users"
117
  msgstr ""
118
 
119
+ #: src/admin/wp-security-blacklist-menu.php:70
120
  msgid "Blacklist manager"
121
  msgstr ""
122
 
123
+ #: src/admin/wp-security-blacklist-menu.php:150
 
 
 
 
124
  msgid "Ban IPs or user agents"
125
  msgstr ""
126
 
127
+ #: src/admin/wp-security-blacklist-menu.php:153
128
  msgid "The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents."
129
  msgstr ""
130
 
131
+ #: src/admin/wp-security-blacklist-menu.php:154
132
  msgid "This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below."
133
  msgstr ""
134
 
135
+ #: src/admin/wp-security-blacklist-menu.php:155
136
+ msgid "Black-listed visitors will be blocked as soon as WordPress loads, preventing them from gaining any further access."
 
 
 
 
137
  msgstr ""
138
 
139
+ #: src/admin/wp-security-blacklist-menu.php:164, src/admin/wp-security-firewall-menu.php:1057, src/templates/may-also-like.php:20
140
  msgid "All In One WP Security & Firewall Premium"
141
  msgstr ""
142
 
143
+ #: src/admin/wp-security-blacklist-menu.php:165, src/admin/wp-security-firewall-menu.php:1058
144
  msgid "You may also be interested in %s."
145
  msgstr ""
146
 
147
+ #: src/admin/wp-security-blacklist-menu.php:166, src/admin/wp-security-firewall-menu.php:1059
148
  msgid "This plugin adds a number of extra features including %s and %s."
149
  msgstr ""
150
 
151
+ #: src/admin/wp-security-blacklist-menu.php:166, src/admin/wp-security-firewall-menu.php:1059
152
  msgid "smart 404 blocking"
153
  msgstr ""
154
 
155
+ #: src/admin/wp-security-blacklist-menu.php:166, src/admin/wp-security-firewall-menu.php:1059
156
  msgid "country IP blocking"
157
  msgstr ""
158
 
159
+ #: src/admin/wp-security-blacklist-menu.php:179
160
  msgid "IP hosts and user agent blacklist settings"
161
  msgstr ""
162
 
163
+ #: src/admin/wp-security-blacklist-menu.php:190, src/admin/wp-security-brute-force-menu.php:215, src/admin/wp-security-brute-force-menu.php:359
164
  msgid "must read this message"
165
  msgstr ""
166
 
167
+ #: src/admin/wp-security-blacklist-menu.php:191, src/admin/wp-security-brute-force-menu.php:216
168
  msgid "This feature can lock you out of admin if it doesn't work correctly on your site. You %s before activating this feature."
169
  msgstr ""
170
 
171
+ #: src/admin/wp-security-blacklist-menu.php:197
172
  msgid "Enable IP or user agent blacklisting"
173
  msgstr ""
174
 
175
+ #: src/admin/wp-security-blacklist-menu.php:200
176
  msgid "Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below"
177
  msgstr ""
178
 
179
+ #: src/admin/wp-security-blacklist-menu.php:204
180
  msgid "Enter IP addresses:"
181
  msgstr ""
182
 
183
+ #: src/admin/wp-security-blacklist-menu.php:208
184
  msgid "Enter one or more IP addresses or IP ranges."
185
  msgstr ""
186
 
187
+ #: src/admin/wp-security-blacklist-menu.php:213
188
  msgid "Enter user agents:"
189
  msgstr ""
190
 
191
+ #: src/admin/wp-security-blacklist-menu.php:218
192
  msgid "Enter one or more user agent strings."
193
  msgstr ""
194
 
195
+ #: src/admin/wp-security-blacklist-menu.php:219
196
+ msgid "More Info"
197
  msgstr ""
198
 
199
+ #: src/admin/wp-security-blacklist-menu.php:222
200
  msgid "Each user agent string must be on a new line."
201
  msgstr ""
202
 
203
+ #: src/admin/wp-security-blacklist-menu.php:223
204
  msgid "Example 1 - A single user agent string to block:"
205
  msgstr ""
206
 
207
+ #: src/admin/wp-security-blacklist-menu.php:225
208
  msgid "Example 2 - A list of more than 1 user agent strings to block"
209
  msgstr ""
210
 
211
+ #: src/admin/wp-security-blacklist-menu.php:232, src/admin/wp-security-brute-force-menu.php:235, src/admin/wp-security-brute-force-menu.php:725, src/admin/wp-security-brute-force-menu.php:848, src/admin/wp-security-brute-force-menu.php:914, src/admin/wp-security-filescan-menu.php:348, src/admin/wp-security-filesystem-menu.php:242, src/admin/wp-security-firewall-menu.php:947, src/admin/wp-security-firewall-menu.php:1131, src/admin/wp-security-misc-options-menu.php:167, src/admin/wp-security-misc-options-menu.php:218, src/admin/wp-security-misc-options-menu.php:278, src/admin/wp-security-settings-menu.php:618, src/admin/wp-security-settings-menu.php:679, src/admin/wp-security-spam-menu.php:233, src/admin/wp-security-spam-menu.php:407, src/admin/wp-security-spam-menu.php:526, src/admin/wp-security-spam-menu.php:588, src/admin/wp-security-user-login-menu.php:384, src/admin/wp-security-user-login-menu.php:422, src/admin/wp-security-user-login-menu.php:601, src/admin/wp-security-user-login-menu.php:788, src/admin/wp-security-user-registration-menu.php:150, src/admin/wp-security-user-registration-menu.php:242, src/admin/wp-security-user-registration-menu.php:305, src/templates/menus/settings/advanced-settings.php:217
212
  msgid "Save settings"
213
  msgstr ""
214
 
248
  msgid "You must use alpha numeric characters for your login page slug."
249
  msgstr ""
250
 
251
+ #: src/admin/wp-security-brute-force-menu.php:136, src/admin/wp-security-filescan-menu.php:196, src/admin/wp-security-firewall-menu.php:153, src/admin/wp-security-firewall-menu.php:1013, src/admin/wp-security-spam-menu.php:101, src/admin/wp-security-spam-menu.php:270, src/admin/wp-security-spam-menu.php:302, src/admin/wp-security-user-login-menu.php:184, src/admin/wp-security-user-login-menu.php:553, src/templates/partials/non-apache-feature-notice.php:9
252
  msgid "Attention:"
253
  msgstr ""
254
 
357
  msgstr ""
358
 
359
  #: src/admin/wp-security-brute-force-menu.php:336
360
+ msgid "tutorial"
361
  msgstr ""
362
 
363
  #: src/admin/wp-security-brute-force-menu.php:337
364
+ msgid "To learn more about how to use this feature, please read the following %s."
365
  msgstr ""
366
 
367
  #: src/admin/wp-security-brute-force-menu.php:338, src/admin/wp-security-user-login-menu.php:253
373
  msgstr ""
374
 
375
  #: src/admin/wp-security-brute-force-menu.php:359
376
+ msgid "This feature can lock you out of admin if it doesn't work correctly on your site. You <a href=\"https://aiosplugin.com/important-note-on-intermediate-and-advanced-features\" target=\"_blank\">.__must read this message"
377
  msgstr ""
378
 
379
  #: src/admin/wp-security-brute-force-menu.php:370
404
  msgid "Check this if you want to protect your login page from Brute Force Attack."
405
  msgstr ""
406
 
407
+ #: src/admin/wp-security-brute-force-menu.php:402, src/admin/wp-security-brute-force-menu.php:436, src/admin/wp-security-brute-force-menu.php:459, src/admin/wp-security-brute-force-menu.php:480, src/admin/wp-security-filescan-menu.php:306, src/admin/wp-security-filescan-menu.php:323, src/admin/wp-security-firewall-menu.php:177, src/admin/wp-security-firewall-menu.php:214, src/admin/wp-security-firewall-menu.php:234, src/admin/wp-security-firewall-menu.php:260, src/admin/wp-security-firewall-menu.php:387, src/admin/wp-security-firewall-menu.php:417, src/admin/wp-security-firewall-menu.php:448, src/admin/wp-security-firewall-menu.php:476, src/admin/wp-security-firewall-menu.php:505, src/admin/wp-security-firewall-menu.php:683, src/admin/wp-security-firewall-menu.php:701, src/admin/wp-security-firewall-menu.php:739, src/admin/wp-security-firewall-menu.php:870, src/admin/wp-security-firewall-menu.php:1089, src/admin/wp-security-firewall-menu.php:1112, src/admin/wp-security-firewall-menu.php:1321, src/admin/wp-security-spam-menu.php:186, src/admin/wp-security-spam-menu.php:221, src/admin/wp-security-spam-menu.php:390, src/admin/wp-security-spam-menu.php:430, src/admin/wp-security-user-login-menu.php:362, src/templates/info/ip-address-ip-range-info.php:2, src/templates/menus/settings/advanced-settings.php:63
408
+ msgid "More info"
409
+ msgstr ""
410
+
411
  #: src/admin/wp-security-brute-force-menu.php:406
412
  msgid "This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser."
413
  msgstr ""
512
  msgid "Save feature settings"
513
  msgstr ""
514
 
515
+ #: src/admin/wp-security-brute-force-menu.php:557, src/classes/wp-security-general-init-tasks.php:624
516
  msgid "Your Google reCAPTCHA configuration is invalid."
517
  msgstr ""
518
 
1072
  msgid "Your WordPress system has a total of %s tables and your new DB prefix will be: %s"
1073
  msgstr ""
1074
 
1075
+ #: src/admin/wp-security-database-menu.php:320, src/classes/wp-security-utility.php:308
1076
  msgid "Failed to make a backup of the wp-config.php file. This operation will not go ahead."
1077
  msgstr ""
1078
 
1140
  msgid "%s view definitions were updated successfully!"
1141
  msgstr ""
1142
 
1143
+ #: src/admin/wp-security-filescan-menu.php:55, src/classes/grade-system/wp-security-feature-item-manager.php:127
1144
  msgid "File change detection"
1145
  msgstr ""
1146
 
1147
+ #: src/admin/wp-security-filescan-menu.php:56
1148
  msgid "Malware scan"
1149
  msgstr ""
1150
 
1151
+ #: src/admin/wp-security-filescan-menu.php:122
1152
  msgid "There have been no file changes since the last scan."
1153
  msgstr ""
1154
 
1155
+ #: src/admin/wp-security-filescan-menu.php:136
1156
  msgid "There was an error during the file change detection scan. Please check the AIOS logs."
1157
  msgstr ""
1158
 
1159
+ #: src/admin/wp-security-filescan-menu.php:141
1160
  msgid "The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans."
1161
  msgstr ""
1162
 
1163
+ #: src/admin/wp-security-filescan-menu.php:143
1164
  msgid "Scan Complete - There were no file changes detected."
1165
  msgstr ""
1166
 
1167
+ #: src/admin/wp-security-filescan-menu.php:161
1168
  msgid "You entered a non numeric value for the \"backup time interval\" field. It has been set to the default value."
1169
  msgstr ""
1170
 
1171
+ #: src/admin/wp-security-filescan-menu.php:189
1172
  msgid "The following address was removed because it is not a valid email address: "
1173
  msgstr ""
1174
 
1175
+ #: src/admin/wp-security-filescan-menu.php:215
1176
  msgid "Attention: You have configured your file change detection scan to occur at least once daily."
1177
  msgstr ""
1178
 
1179
+ #: src/admin/wp-security-filescan-menu.php:215
1180
  msgid "For most websites we recommended that you choose a less frequent schedule such as once every few days, once a week or once a month."
1181
  msgstr ""
1182
 
1183
+ #: src/admin/wp-security-filescan-menu.php:215
1184
  msgid "Choosing a less frequent schedule will also help reduce your server load."
1185
  msgstr ""
1186
 
1187
+ #: src/admin/wp-security-filescan-menu.php:224
1188
  msgid "New scan completed: The plugin has detected that you have made changes to the \"File Types To Ignore\" or \"Files To Ignore\" fields."
1189
  msgstr ""
1190
 
1191
+ #: src/admin/wp-security-filescan-menu.php:224
1192
  msgid "In order to ensure that future scan results are accurate, the old scan data has been refreshed."
1193
  msgstr ""
1194
 
1195
+ #: src/admin/wp-security-filescan-menu.php:231
1196
  msgid "All In One WP Security & Firewall has detected that there was a change in your host's files."
1197
  msgstr ""
1198
 
1199
+ #: src/admin/wp-security-filescan-menu.php:233
1200
  msgid "View scan details and clear this message"
1201
  msgstr ""
1202
 
1203
+ #: src/admin/wp-security-filescan-menu.php:240
1204
  msgid "If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site."
1205
  msgstr ""
1206
 
1207
+ #: src/admin/wp-security-filescan-menu.php:241
1208
  msgid "Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website."
1209
  msgstr ""
1210
 
1211
+ #: src/admin/wp-security-filescan-menu.php:242
1212
  msgid "In general, WordPress core and plugin files and file types such as \".php\" or \".js\" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected."
1213
  msgstr ""
1214
 
1215
+ #: src/admin/wp-security-filescan-menu.php:243
1216
  msgid "The \"File Change Detection Feature\" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system's files."
1217
  msgstr ""
1218
 
1219
+ #: src/admin/wp-security-filescan-menu.php:244
1220
  msgid "This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)"
1221
  msgstr ""
1222
 
1340
  msgid "This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings."
1341
  msgstr ""
1342
 
1343
+ #: src/admin/wp-security-filescan-menu.php:369, src/classes/wp-security-general-init-tasks.php:624, src/classes/wp-security-notices.php:99
1344
  msgid "here"
1345
  msgstr ""
1346
 
1361
  msgstr ""
1362
 
1363
  #: src/admin/wp-security-filescan-menu.php:374
1364
+ msgid "This service is included with the premium plugin and provides the following:"
1365
  msgstr ""
1366
 
1367
  #: src/admin/wp-security-filescan-menu.php:376
1368
+ msgid "Automatic daily scans"
1369
  msgstr ""
1370
 
1371
  #: src/admin/wp-security-filescan-menu.php:377
1552
  msgid "You have successfully saved the Prevent Access to Default WP Files configuration."
1553
  msgstr ""
1554
 
1555
+ #: src/admin/wp-security-filesystem-menu.php:286, src/admin/wp-security-firewall-menu.php:128, src/admin/wp-security-firewall-menu.php:348, src/admin/wp-security-firewall-menu.php:615, src/admin/wp-security-firewall-menu.php:914, src/admin/wp-security-settings-menu.php:771, src/admin/wp-security-spam-menu.php:124
1556
  msgid "Could not write to the .htaccess file. Please check the file permissions."
1557
  msgstr ""
1558
 
2380
  msgid "Click this button if you wish to purge all 404 event logs from the DB."
2381
  msgstr ""
2382
 
2383
+ #: src/admin/wp-security-firewall-menu.php:1235, src/admin/wp-security-list-404.php:237, src/admin/wp-security-list-comment-spammer-ip.php:183
2384
+ msgid "The plugin was unable to write to the .htaccess file. Please edit file manually."
2385
+ msgstr ""
2386
+
2387
  #: src/admin/wp-security-firewall-menu.php:1243
2388
  msgid "Custom .htaccess rules settings"
2389
  msgstr ""
3092
  msgid "Page"
3093
  msgstr ""
3094
 
3095
+ #: src/admin/wp-security-settings-menu.php:207
 
 
 
 
 
 
 
 
3096
  msgid "WP Security plugin"
3097
  msgstr ""
3098
 
3099
+ #: src/admin/wp-security-settings-menu.php:211
3100
  msgid "Thank you for using the AIOS security plugin."
3101
  msgstr ""
3102
 
3103
+ #: src/admin/wp-security-settings-menu.php:215
3104
  msgid "There are a lot of security features in this plugin."
3105
  msgstr ""
3106
 
3107
+ #: src/admin/wp-security-settings-menu.php:220
3108
  msgid "To start, go through each security option and enable the \"basic\" options."
3109
  msgstr ""
3110
 
3111
+ #: src/admin/wp-security-settings-menu.php:224
3112
  msgid "The more features you enable, the more security points you will achieve."
3113
  msgstr ""
3114
 
3115
+ #: src/admin/wp-security-settings-menu.php:227
3116
  msgid "Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php."
3117
  msgstr ""
3118
 
3119
+ #: src/admin/wp-security-settings-menu.php:230
3120
  msgid "Backup your database"
3121
  msgstr ""
3122
 
3123
+ #: src/admin/wp-security-settings-menu.php:231, src/admin/wp-security-settings-menu.php:432
3124
  msgid "Backup .htaccess file"
3125
  msgstr ""
3126
 
3127
+ #: src/admin/wp-security-settings-menu.php:232, src/admin/wp-security-settings-menu.php:533
3128
  msgid "Backup wp-config.php file"
3129
  msgstr ""
3130
 
3131
+ #: src/admin/wp-security-settings-menu.php:239
3132
  msgid "Disable security features"
3133
  msgstr ""
3134
 
3135
+ #: src/admin/wp-security-settings-menu.php:245
3136
  msgid "If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin."
3137
  msgstr ""
3138
 
3139
+ #: src/admin/wp-security-settings-menu.php:249
3140
  msgid "Disable all security features"
3141
  msgstr ""
3142
 
3143
+ #: src/admin/wp-security-settings-menu.php:256, src/admin/wp-security-settings-menu.php:266
3144
  msgid "Disable all firewall rules"
3145
  msgstr ""
3146
 
3147
+ #: src/admin/wp-security-settings-menu.php:262
3148
  msgid "This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site."
3149
  msgstr ""
3150
 
3151
+ #: src/admin/wp-security-settings-menu.php:273, src/admin/wp-security-settings-menu.php:286
3152
  msgid "Reset settings"
3153
  msgstr ""
3154
 
3155
+ #: src/admin/wp-security-settings-menu.php:278
3156
  msgid "This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin."
3157
  msgstr ""
3158
 
3159
+ #: src/admin/wp-security-settings-menu.php:279
3160
  msgid "This button click will reset/empty all the database tables of the security plugin also."
3161
  msgstr ""
3162
 
3163
+ #: src/admin/wp-security-settings-menu.php:280
3164
  msgid "Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated."
3165
  msgstr ""
3166
 
3167
+ #: src/admin/wp-security-settings-menu.php:281
3168
  msgid "In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin."
3169
  msgstr ""
3170
 
3171
+ #: src/admin/wp-security-settings-menu.php:282
3172
  msgid "%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall Plugin."
3173
  msgstr ""
3174
 
3175
+ #: src/admin/wp-security-settings-menu.php:294
3176
  msgid "Debug settings"
3177
  msgstr ""
3178
 
3179
+ #: src/admin/wp-security-settings-menu.php:300
3180
  msgid "This setting allows you to enable/disable debug for this plugin."
3181
  msgstr ""
3182
 
3183
+ #: src/admin/wp-security-settings-menu.php:306
3184
  msgid "Enable debug"
3185
  msgstr ""
3186
 
3187
+ #: src/admin/wp-security-settings-menu.php:309
3188
  msgid "Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue."
3189
  msgstr ""
3190
 
3191
+ #: src/admin/wp-security-settings-menu.php:313
3192
  msgid "Save debug settings"
3193
  msgstr ""
3194
 
3195
+ #: src/admin/wp-security-settings-menu.php:349
3196
  msgid "Your .htaccess file was successfully backed up! Using an FTP program go to the \"/wp-content/aiowps_backups\" directory to save a copy of the file to your computer."
3197
  msgstr ""
3198
 
3199
+ #: src/admin/wp-security-settings-menu.php:355
3200
  msgid "htaccess file rename failed during backup. Please check your root directory for the backup file using FTP."
3201
  msgstr ""
3202
 
3203
+ #: src/admin/wp-security-settings-menu.php:361
3204
  msgid "htaccess backup failed."
3205
  msgstr ""
3206
 
3207
+ #: src/admin/wp-security-settings-menu.php:376
3208
  msgid "Please choose a .htaccess to restore from."
3209
  msgstr ""
3210
 
3211
+ #: src/admin/wp-security-settings-menu.php:391
3212
  msgid "htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP."
3213
  msgstr ""
3214
 
3215
+ #: src/admin/wp-security-settings-menu.php:395
3216
  msgid "Your .htaccess file has successfully been restored!"
3217
  msgstr ""
3218
 
3219
+ #: src/admin/wp-security-settings-menu.php:401
3220
  msgid "htaccess Restore operation failed! Please check the contents of the file you are trying to restore from."
3221
  msgstr ""
3222
 
3223
+ #: src/admin/wp-security-settings-menu.php:407
3224
  msgid ".htaccess file operations"
3225
  msgstr ""
3226
 
3227
+ #: src/admin/wp-security-settings-menu.php:410
3228
  msgid "Your \".htaccess\" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms."
3229
  msgstr ""
3230
 
3231
+ #: src/admin/wp-security-settings-menu.php:411
3232
  msgid "This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future."
3233
  msgstr ""
3234
 
3235
+ #: src/admin/wp-security-settings-menu.php:412
3236
  msgid "You can also restore your site's .htaccess settings using a backed up .htaccess file."
3237
  msgstr ""
3238
 
3239
+ #: src/admin/wp-security-settings-menu.php:427
3240
  msgid "Save the current .htaccess file"
3241
  msgstr ""
3242
 
3243
+ #: src/admin/wp-security-settings-menu.php:431
3244
  msgid "Click the button below to backup and save the currently active .htaccess file."
3245
  msgstr ""
3246
 
3247
+ #: src/admin/wp-security-settings-menu.php:436
3248
  msgid "Restore from a backed up .htaccess file"
3249
  msgstr ""
3250
 
3251
+ #: src/admin/wp-security-settings-menu.php:442
3252
  msgid ".htaccess file to restore from"
3253
  msgstr ""
3254
 
3255
+ #: src/admin/wp-security-settings-menu.php:444
3256
  msgid "Select Your htaccess File"
3257
  msgstr ""
3258
 
3259
+ #: src/admin/wp-security-settings-menu.php:448
3260
  msgid "After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt)."
3261
  msgstr ""
3262
 
3263
+ #: src/admin/wp-security-settings-menu.php:454
3264
  msgid "Restore .htaccess file"
3265
  msgstr ""
3266
 
3267
+ #: src/admin/wp-security-settings-menu.php:476
3268
  msgid "Please choose a wp-config.php file to restore from."
3269
  msgstr ""
3270
 
3271
+ #: src/admin/wp-security-settings-menu.php:492
3272
  msgid "wp-config.php file restore failed. Please attempt to restore this file manually using FTP."
3273
  msgstr ""
3274
 
3275
+ #: src/admin/wp-security-settings-menu.php:496
3276
  msgid "Your wp-config.php file has successfully been restored!"
3277
  msgstr ""
3278
 
3279
+ #: src/admin/wp-security-settings-menu.php:502
3280
  msgid "wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from."
3281
  msgstr ""
3282
 
3283
+ #: src/admin/wp-security-settings-menu.php:508
3284
  msgid "wp-config.php file operations"
3285
  msgstr ""
3286
 
3287
+ #: src/admin/wp-security-settings-menu.php:511
3288
  msgid "Your \"wp-config.php\" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components."
3289
  msgstr ""
3290
 
3291
+ #: src/admin/wp-security-settings-menu.php:512
3292
  msgid "This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future."
3293
  msgstr ""
3294
 
3295
+ #: src/admin/wp-security-settings-menu.php:513
3296
  msgid "You can also restore your site's wp-config.php settings using a backed up wp-config.php file."
3297
  msgstr ""
3298
 
3299
+ #: src/admin/wp-security-settings-menu.php:528
3300
  msgid "Save the current wp-config.php file"
3301
  msgstr ""
3302
 
3303
+ #: src/admin/wp-security-settings-menu.php:532
3304
  msgid "Click the button below to backup and download the contents of the currently active wp-config.php file."
3305
  msgstr ""
3306
 
3307
+ #: src/admin/wp-security-settings-menu.php:538
3308
  msgid "Restore from a backed up wp-config file"
3309
  msgstr ""
3310
 
3311
+ #: src/admin/wp-security-settings-menu.php:544
3312
  msgid "wp-config file to restore from"
3313
  msgstr ""
3314
 
3315
+ #: src/admin/wp-security-settings-menu.php:546
3316
  msgid "Select Your wp-config File"
3317
  msgstr ""
3318
 
3319
+ #: src/admin/wp-security-settings-menu.php:550
3320
  msgid "After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt)."
3321
  msgstr ""
3322
 
3323
+ #: src/admin/wp-security-settings-menu.php:556
3324
  msgid "Restore wp-config file"
3325
  msgstr ""
3326
 
3327
+ #: src/admin/wp-security-settings-menu.php:560
3328
  msgid "View Contents of the currently active wp-config.php file"
3329
  msgstr ""
3330
 
3331
+ #: src/admin/wp-security-settings-menu.php:590
3332
  msgid "Manage delete plugin settings saved."
3333
  msgstr ""
3334
 
3335
+ #: src/admin/wp-security-settings-menu.php:595
3336
  msgid "Manage delete plugin tasks"
3337
  msgstr ""
3338
 
3339
+ #: src/admin/wp-security-settings-menu.php:602
3340
  msgid "Delete database tables"
3341
  msgstr ""
3342
 
3343
+ #: src/admin/wp-security-settings-menu.php:605
3344
  msgid "Check this if you want to remove database tables when the plugin is uninstalled."
3345
  msgstr ""
3346
 
3347
+ #: src/admin/wp-security-settings-menu.php:609
3348
  msgid "Delete settings"
3349
  msgstr ""
3350
 
3351
+ #: src/admin/wp-security-settings-menu.php:612
3352
  msgid "Check this if you want to remove all plugin settings when uninstalling the plugin."
3353
  msgstr ""
3354
 
3355
+ #: src/admin/wp-security-settings-menu.php:612
3356
  msgid "It will also remove all custom htaccess rules that were added by this plugin."
3357
  msgstr ""
3358
 
3359
+ #: src/admin/wp-security-settings-menu.php:646
3360
  msgid "WP generator meta tag and version info"
3361
  msgstr ""
3362
 
3363
+ #: src/admin/wp-security-settings-menu.php:649
3364
  msgid "WordPress generator automatically adds some meta information inside the \"head\" tags of every page on your site's front end. Below is an example of this:"
3365
  msgstr ""
3366
 
3367
+ #: src/admin/wp-security-settings-menu.php:651
3368
  msgid "The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit."
3369
  msgstr ""
3370
 
3371
+ #: src/admin/wp-security-settings-menu.php:652
3372
  msgid "There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:"
3373
  msgstr ""
3374
 
3375
+ #: src/admin/wp-security-settings-menu.php:654
3376
  msgid "This feature will allow you to remove the WP generator meta info and other version info from your site's pages."
3377
  msgstr ""
3378
 
3379
+ #: src/admin/wp-security-settings-menu.php:660
3380
  msgid "WP generator meta info"
3381
  msgstr ""
3382
 
3383
+ #: src/admin/wp-security-settings-menu.php:672
3384
  msgid "Remove WP generator meta info"
3385
  msgstr ""
3386
 
3387
+ #: src/admin/wp-security-settings-menu.php:675
3388
  msgid "Check this if you want to remove the version and meta info produced by WP from all pages"
3389
  msgstr ""
3390
 
3391
+ #: src/admin/wp-security-settings-menu.php:703
3392
  msgid "Please choose a file to import your settings from."
3393
  msgstr ""
3394
 
3395
+ #: src/admin/wp-security-settings-menu.php:735
3396
  msgid "Import AIOS settings from .$import_from. operation failed!"
3397
  msgstr ""
3398
 
3399
+ #: src/admin/wp-security-settings-menu.php:741, src/admin/wp-security-settings-menu.php:785
3400
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes."
3401
  msgstr ""
3402
 
3403
+ #: src/admin/wp-security-settings-menu.php:743, src/admin/wp-security-settings-menu.php:787
3404
  msgid "The file you uploaded was also deleted for security purposes because it contains security settings details."
3405
  msgstr ""
3406
 
3407
+ #: src/admin/wp-security-settings-menu.php:758
3408
  msgid "Your AIOS settings were successfully imported via file input."
3409
  msgstr ""
3410
 
3411
+ #: src/admin/wp-security-settings-menu.php:759
3412
  msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details."
3413
  msgstr ""
3414
 
3415
+ #: src/admin/wp-security-settings-menu.php:761
3416
  msgid "Your AIOS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details."
3417
  msgstr ""
3418
 
3419
+ #: src/admin/wp-security-settings-menu.php:764
3420
  msgid "Your AIOS settings were successfully imported via text entry."
3421
  msgstr ""
3422
 
3423
+ #: src/admin/wp-security-settings-menu.php:779
3424
  msgid "The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from."
3425
  msgstr ""
3426
 
3427
+ #: src/admin/wp-security-settings-menu.php:796
3428
  msgid "Export or import your AIOS settings"
3429
  msgstr ""
3430
 
3431
+ #: src/admin/wp-security-settings-menu.php:799
3432
  msgid "This section allows you to export or import your All In One WP Security & Firewall settings."
3433
  msgstr ""
3434
 
3435
+ #: src/admin/wp-security-settings-menu.php:800
3436
  msgid "This can be handy if you wanted to save time by applying the settings from one site to another site."
3437
  msgstr ""
3438
 
3439
+ #: src/admin/wp-security-settings-menu.php:801
3440
  msgid "NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site."
3441
  msgstr ""
3442
 
3443
+ #: src/admin/wp-security-settings-menu.php:802
3444
  msgid "For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain."
3445
  msgstr ""
3446
 
3447
+ #: src/admin/wp-security-settings-menu.php:808, src/admin/wp-security-settings-menu.php:817
3448
  msgid "Export AIOS settings"
3449
  msgstr ""
3450
 
3451
+ #: src/admin/wp-security-settings-menu.php:814
3452
  msgid "To export your All In One WP Security & Firewall settings click the button below."
3453
  msgstr ""
3454
 
3455
+ #: src/admin/wp-security-settings-menu.php:821, src/admin/wp-security-settings-menu.php:850
3456
  msgid "Import AIOS settings"
3457
  msgstr ""
3458
 
3459
+ #: src/admin/wp-security-settings-menu.php:827
3460
  msgid "Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below."
3461
  msgstr ""
3462
 
3463
+ #: src/admin/wp-security-settings-menu.php:829
3464
  msgid "Import file"
3465
  msgstr ""
3466
 
3467
+ #: src/admin/wp-security-settings-menu.php:832
3468
  msgid "Select Your Import Settings File"
3469
  msgstr ""
3470
 
3471
+ #: src/admin/wp-security-settings-menu.php:836
3472
  msgid "After selecting your file, click the button below to apply the settings to your site."
3473
  msgstr ""
3474
 
3475
+ #: src/admin/wp-security-settings-menu.php:843
3476
  msgid "Copy/Paste import data"
3477
  msgstr ""
3478
 
3479
+ #: src/admin/wp-security-settings-menu.php:892
3480
  msgid "Default - if correct, then this is the best option"
3481
  msgstr ""
3482
 
3483
+ #: src/admin/wp-security-settings-menu.php:893
3484
  msgid "Only use if you're using Cloudflare."
3485
  msgstr ""
3486
 
3487
+ #: src/admin/wp-security-settings-menu.php:901
3488
  msgid "(current value: %s)"
3489
  msgstr ""
3490
 
3491
+ #: src/admin/wp-security-settings-menu.php:904
3492
  msgid "no value (i.e. empty) on your server"
3493
  msgstr ""
3494
 
3732
  msgid "Spammer IP address results"
3733
  msgstr ""
3734
 
3735
+ #: src/admin/wp-security-spam-menu.php:451, src/classes/wp-security-utility.php:255
3736
  msgid "The plugin has detected that you are using a Multi-Site WordPress installation."
3737
  msgstr ""
3738
 
4484
  msgid "Invalid IP retrieve method."
4485
  msgstr ""
4486
 
4487
+ #: src/classes/aios-ajax.php:131, src/wp-security-core.php:276
4488
  msgid "The security check failed; try refreshing the page."
4489
  msgstr ""
4490
 
4491
+ #: src/classes/aios-ajax.php:152, src/wp-security-core.php:285
4492
  msgid "You are not allowed to run this command."
4493
  msgstr ""
4494
 
4495
+ #: src/classes/aios-ajax.php:173, src/wp-security-core.php:299
4496
  msgid "Options can only be saved by network admin"
4497
  msgstr ""
4498
 
4616
  msgid "Advanced"
4617
  msgstr ""
4618
 
4619
+ #: src/classes/wp-security-captcha.php:47, src/classes/wp-security-general-init-tasks.php:389
4620
  msgid "Please enter an answer in digits:"
4621
  msgstr ""
4622
 
4748
  msgid "The following files were changed on your host"
4749
  msgstr ""
4750
 
4751
+ #: src/classes/wp-security-general-init-tasks.php:194, src/classes/wp-security-general-init-tasks.php:463
4752
  msgid "Application passwords have been disabled by All In One WP Security & Firewall plugin."
4753
  msgstr ""
4754
 
4755
+ #: src/classes/wp-security-general-init-tasks.php:410, src/classes/wp-security-general-init-tasks.php:523, src/classes/wp-security-general-init-tasks.php:556, src/classes/wp-security-user-login.php:137, src/classes/wp-security-user-registration.php:74
4756
  msgid "<strong>ERROR</strong>: Your answer was incorrect - please try again."
4757
  msgstr ""
4758
 
4759
+ #: src/classes/wp-security-general-init-tasks.php:445
4760
  msgid "Enter something special:"
4761
  msgstr ""
4762
 
4763
+ #: src/classes/wp-security-general-init-tasks.php:458
4764
  msgid "Application passwords"
4765
  msgstr ""
4766
 
4767
+ #: src/classes/wp-security-general-init-tasks.php:467
4768
  msgid "Change setting"
4769
  msgstr ""
4770
 
4771
+ #: src/classes/wp-security-general-init-tasks.php:469
4772
  msgid "Site admin can only change this setting."
4773
  msgstr ""
4774
 
4775
+ #: src/classes/wp-security-general-init-tasks.php:498
4776
  msgid "Error: You entered an incorrect CAPTCHA answer. Please go back and try again."
4777
  msgstr ""
4778
 
4779
+ #: src/classes/wp-security-general-init-tasks.php:540
4780
  msgid "Your CAPTCHA answer was incorrect - please try again."
4781
  msgstr ""
4782
 
4783
+ #: src/classes/wp-security-general-init-tasks.php:549
4784
  msgid "<strong>ERROR</strong>: Your IP address is currently locked please contact the administrator!"
4785
  msgstr ""
4786
 
4787
+ #: src/classes/wp-security-general-init-tasks.php:624
4788
  msgid "Please enter the correct reCAPTCHA keys %s to use the Google reCAPTCHA feature."
4789
  msgstr ""
4790
 
4791
+ #: src/classes/wp-security-general-init-tasks.php:640
4792
+ msgid "Would you like All In One WP Security & Firewall to restore the config settings and re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?"
4793
  msgstr ""
4794
 
4795
+ #: src/classes/wp-security-general-init-tasks.php:640, src/classes/wp-security-general-init-tasks.php:642, src/templates/may-also-like.php:40, src/templates/may-also-like.php:43, src/templates/may-also-like.php:54, src/templates/may-also-like.php:57, src/templates/may-also-like.php:68, src/templates/may-also-like.php:71, src/templates/may-also-like.php:91, src/templates/may-also-like.php:103, src/templates/may-also-like.php:115, src/templates/may-also-like.php:127, src/templates/may-also-like.php:139, src/templates/may-also-like.php:151, src/templates/may-also-like.php:168, src/templates/may-also-like.php:171, src/templates/may-also-like.php:183, src/templates/may-also-like.php:195, src/templates/may-also-like.php:207, src/templates/may-also-like.php:219, src/templates/may-also-like.php:231, src/templates/may-also-like.php:243, src/templates/may-also-like.php:252, src/templates/may-also-like.php:255, src/templates/may-also-like.php:264, src/templates/may-also-like.php:267, src/templates/may-also-like.php:279, src/templates/may-also-like.php:297, src/templates/may-also-like.php:309, src/templates/may-also-like.php:327, src/templates/may-also-like.php:339, src/templates/may-also-like.php:351, src/templates/may-also-like.php:368, src/templates/may-also-like.php:380
4796
  msgid "Yes"
4797
  msgstr ""
4798
 
4799
+ #: src/classes/wp-security-general-init-tasks.php:640, src/classes/wp-security-general-init-tasks.php:642, src/templates/may-also-like.php:88, src/templates/may-also-like.php:100, src/templates/may-also-like.php:112, src/templates/may-also-like.php:124, src/templates/may-also-like.php:136, src/templates/may-also-like.php:148, src/templates/may-also-like.php:180, src/templates/may-also-like.php:192, src/templates/may-also-like.php:204, src/templates/may-also-like.php:216, src/templates/may-also-like.php:228, src/templates/may-also-like.php:240, src/templates/may-also-like.php:276, src/templates/may-also-like.php:294, src/templates/may-also-like.php:306, src/templates/may-also-like.php:324, src/templates/may-also-like.php:336, src/templates/may-also-like.php:348, src/templates/may-also-like.php:365, src/templates/may-also-like.php:377, src/templates/notices/custom-notice.php:27
4800
  msgid "No"
4801
  msgstr ""
4802
 
4803
+ #: src/classes/wp-security-general-init-tasks.php:642
4804
+ msgid "Would you like All In One WP Security & Firewall to restore the config settings which were cleared when you deactivated the plugin?"
4805
+ msgstr ""
4806
+
4807
+ #: src/classes/wp-security-general-init-tasks.php:662
4808
  msgid "Your registration is pending approval."
4809
  msgstr ""
4810
 
5068
  msgid "You cannot ban your own IP address: "
5069
  msgstr ""
5070
 
5071
+ #: src/classes/wp-security-utility.php:256
5072
  msgid "This feature can only be configured by the \"superadmin\" on the main site."
5073
  msgstr ""
5074
 
5075
+ #: src/classes/wp-security-utility.php:285
5076
  msgid "Settings Saved - The ability to edit PHP files via the admin the panel has been DISABLED."
5077
  msgstr ""
5078
 
5079
+ #: src/classes/wp-security-utility.php:288
5080
  msgid "Your system config file is already configured to disallow PHP file editing."
5081
  msgstr ""
5082
 
5083
+ #: src/classes/wp-security-utility.php:312
5084
  msgid "A backup copy of your wp-config.php file was created successfully...."
5085
  msgstr ""
5086
 
5087
+ #: src/classes/wp-security-utility.php:317
5088
  msgid "Settings Saved - Your system is now configured to not allow PHP file editing."
5089
  msgstr ""
5090
 
5091
+ #: src/classes/wp-security-utility.php:320, src/classes/wp-security-utility.php:363
5092
  msgid "Operation failed! Unable to modify wp-config.php file!"
5093
  msgstr ""
5094
 
5095
+ #: src/classes/wp-security-utility.php:348, src/classes/wp-security-utility.php:355
5096
  msgid "Your system config file is already configured to allow PHP file editing."
5097
  msgstr ""
5098
 
5099
+ #: src/classes/wp-security-utility.php:360
5100
  msgid "Settings Saved - Your system is now configured to allow PHP file editing."
5101
  msgstr ""
5102
 
5740
  msgid "You are using the non-apache server %s, so this feature won't work on your site."
5741
  msgstr ""
5742
 
5743
+ #: src/wp-security-core.php:254, src/wp-security.php:45
5744
  msgid "This plugin requires PHP version %s."
5745
  msgstr ""
5746
 
5747
+ #: src/wp-security-core.php:255
5748
  msgid "Current site PHP version is %s."
5749
  msgstr ""
5750
 
5751
+ #: src/wp-security-core.php:256, src/wp-security.php:47
5752
  msgid "You will need to ask your web hosting company to upgrade."
5753
  msgstr ""
5754
 
5755
+ #: src/wp-security-core.php:414
5756
  msgid "Error:"
5757
  msgstr ""
5758
 
5759
+ #: src/wp-security-core.php:414
5760
  msgid "template not found"
5761
  msgstr ""
5762
 
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: security, malware scanning, two factor authentication, firewall, antivirus
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.1
8
- Stable tag: 5.1.1
9
  License: GPLv3 or later
10
 
11
  Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress. Featuring login security tools, a cutting-edge firewall and much more.
@@ -21,16 +21,19 @@ The collected information is stored on your server. No information is transmitte
21
 
22
  All-in-One Security (AIOS) is a security plugin designed especially for WordPress, now brought to you from the team at UpdraftPlus.
23
  Customers love All-In-One Security because it’s easy to use, and it does a whole lot for free.
 
24
  All-In-One Security gives you **Login Security Tools**, to keep bots at bay and protect your website from brute force attacks.
25
- Our **Web Application Firewall** gives you automatic protection from the security threats.
 
 
26
  **Content Protection Features** protect what you’ve worked so hard to build; All-In-One Security eliminates comment spam and prevents other websites from stealing your content with features like iFrame prevention and copywriting protection.
27
 
28
  https://www.youtube.com/watch?v=CJvCTlVtazA
29
 
30
  #### Still on the fence?
31
  * We’re currently the **Only WordPress Security Plugin with a 5 Star user** rating across more than 1 million installs.
32
- * Our Security team try maintains a list of known exploits, building protections against them on priority basis for free and paying customers.
33
- * We’re already the world’s number one for backups, so you know you can trust us with the security of your website too.
34
 
35
  #### LOGIN SECURITY
36
  Protect against brute-force attacks and keep bots at bay. All-In-One Security takes WordPress’ default login security features to a whole new level.
@@ -38,8 +41,8 @@ Protect against brute-force attacks and keep bots at bay. All-In-One Security ta
38
  * **Supports best practice:** All-In-One Security detects if an account has the default ‘admin’ username or if a user has identical login and display names, prompting the user to change this in support of better security practices.
39
  * **Hide login page from bots:** Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.
40
  * **Change default `wp_` prefix to a value of your choice:** Hackers use automated code to attack websites like yours. Make life harder for them and protect your site with this simple but effective AIOS security feature.
41
- * **Login lockout** External users making multiple login attempts can be locked out for a configured period of time. You can also lockout users with invalid usernames. See a list of all locked out users and unlock with one click.
42
- * **Reporting:** All-In-One Security provides a wealth of information about website users. View activity by username, IP address, login and logout dates and times. See a list of users currently logged in, and a list of all failed login attempts.
43
  * **Force logouts:** Ensure users don’t stay logged in indefinitely. With All-In-One Security you can force logouts for all users after a configurable amount of time.
44
  * **Robot verification:** For additional security and to prevent spam registrations, implement Google reCAPTCHA, plain maths CAPTCHA or a honeypot to registration pages, or enable manual approval of user accounts instead.
45
  * **Stops user enumeration:** Prevent external users and bots from fetching user information via author permalink.
@@ -49,7 +52,7 @@ Protect against brute-force attacks and keep bots at bay. All-In-One Security ta
49
 
50
  #### FIREWALL & FILE PROTECTION
51
  A Web Application Firewall (WAF) is your website’s first line of defence, protecting your site by monitoring traffic and blocking malicious requests.
52
- Progressively activate firewall settings ranging from basic, intermediate and advanced.
53
  Get comprehensive, instant protection with All-In-One Security.
54
 
55
  * **Automatic protection from the latest threats:** Our team maintains a list of known exploits, actively building protections against them which are then released as new firewall rules to free and paying customers.
@@ -61,14 +64,14 @@ Get comprehensive, instant protection with All-In-One Security.
61
  * **Cross site scripting (XSS) protection:** All-In-One Security prevents attackers from injecting malicious script into your website via a special cookie.
62
  * **File change detection:** Security scanners alert you to file changes in your WordPress system, so you can see if a change is legitimate or suspicious, and investigate as appropriate.
63
  * **Disable PHP file editing:** Protect your PHP code by disabling the ability to edit files in the WordPress administration area.
64
- * **Permission setting alerts:** Identify files or folders where the permission settings are not secure and correct with one-click.
65
  * **Ability to create custom rules:** Advanced users can add custom rules to block access to various resources on your site.
66
  * **Access prevention:** Prevent external users from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site.
67
 
68
  #### CONTENT PROTECTION
69
  Eliminate spam, protect your WordPress content, and your search engine rankings with these important security features from All-In-One-Security.
70
 
71
- * **Comment SPAM prevention :** Webpages littered with spam comments damage your brand, effect the user experience and impact SEO.
72
  All-In-One Security stops SPAM at the source by preventing comments that originate from other domains. AIOS automatically and permanently blocks spammers’ IP addresses. Site owners can use reCAPTCHA to reduce comment spam and block malicious users with just one click.
73
  * **iFrame protection:** Preventing other websites from reproducing your content via an ‘iFrame’ is an useful security feature that protects your intellectual property and your website visitors.
74
  * **Copywriting protection:** Stop users from stealing your content by disabling the right-click, select and copy text function.
@@ -116,7 +119,7 @@ The decision is yours to make. ‘Free’ AIOS incorporates a web application fi
116
  But if your WordPress site is a business website, if it showcases what you do, or who you are, we generally recommend AIOS Premium. Prices start from as little as $70 for the year.
117
 
118
  = What are the additional features of All-In-One Security Premium? =
119
- AIOS Premium scans your WordPress website for malware whilst aso monitoring your site's response time and uptime, notifying you of any issues within 24 hours, AIOS Premium customers also benefit from hands-on ticketed support via email (rather than via WP Support forums).
120
  Additional security tools include Country Blocking, Smart 404 Error Blocking and Advanced Two Factor Authentication.
121
  More information is available from our [All-In-One Security website](https://aiosplugin.com)
122
 
@@ -141,6 +144,9 @@ AIOS should be compatible with most hosts, unless the host has specifically rest
141
  Development and test sites require their own licence if updates to the plugin are needed.
142
  However, these sites can be disconnected from the licence when they have served their purpose. You can disconnect the licence via the site's WP Admin->Plugins page, and it will be available to be reassigned to a different site.
143
 
 
 
 
144
  == Installation ==
145
 
146
  To begin making your WordPress site more secure:
@@ -159,6 +165,23 @@ Go to the settings menu after you activate the plugin and follow the instruction
159
 
160
  == Changelog ==
161
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
162
  = 5.1.1 - 16/November/2022 =
163
 
164
  * SECURITY: Fixed a failure to check bulk action nonces, leading to a CSRF vulnerability. Exploitation would require an attacker to craft a link specifically for your site, and persuade you to click it whilst logged in; if you did so, this could result in bulk actions being carried out on AIOS list tables (e.g. delete entries from blocked IP address lists), with the attacker being restricted to deleting entries by database ID numbers that he cannot know directly (e.g. 15, 16, 17) and not IP address (e.g. 100.101.102.103).
@@ -169,7 +192,7 @@ Go to the settings menu after you activate the plugin and follow the instruction
169
  * FIX: Force logout link not working in the currently logged-in users list.
170
  * FIX: Google reCAPTCHA site key and secret key are not verified immediately.
171
  * TWEAK: Code style changes for scanner related pages and future item manager class.
172
- * TWEAK: Capitalisation style reapply for firewall menu tabs.
173
  * TWEAK: Instead login lockdown used login lockout word in UI and mail content. Changed constant AIOWPS_DISABLE_LOGIN_LOCKDOWN to AIOWPS_DISABLE_LOGIN_LOCKOUT.
174
  * TWEAK: Update tabs, links to match capitalisation style of other UpdraftPlus plugins.
175
  * TWEAK: Added the filter `aios_server_type` to override the `AIOWPSecurity_Utility::get_server_type()` method's return value.
@@ -1088,4 +1111,4 @@ those who want to enable the basic firewall but do not have "AllowOverride" opti
1088
  - First commit to the WP repository.
1089
 
1090
  == Upgrade Notice ==
1091
- * 5.1.1: Various tweaks, fixes and minor improvements; full details are in the changelog. All users are recommended to update.
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.1
8
+ Stable tag: 5.1.2
9
  License: GPLv3 or later
10
 
11
  Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress. Featuring login security tools, a cutting-edge firewall and much more.
21
 
22
  All-in-One Security (AIOS) is a security plugin designed especially for WordPress, now brought to you from the team at UpdraftPlus.
23
  Customers love All-In-One Security because it’s easy to use, and it does a whole lot for free.
24
+
25
  All-In-One Security gives you **Login Security Tools**, to keep bots at bay and protect your website from brute force attacks.
26
+
27
+ Our **Web Application Firewall** gives you automatic protection from security threats.
28
+
29
  **Content Protection Features** protect what you’ve worked so hard to build; All-In-One Security eliminates comment spam and prevents other websites from stealing your content with features like iFrame prevention and copywriting protection.
30
 
31
  https://www.youtube.com/watch?v=CJvCTlVtazA
32
 
33
  #### Still on the fence?
34
  * We’re currently the **Only WordPress Security Plugin with a 5 Star user** rating across more than 1 million installs.
35
+ * Our security team maintains a list of known exploits, actively building protections against them and releasing these as new firewall rules to free and paying customers, at the same time.
36
+ * We’re already the world’s number one for backups, so you know you can trust us with the security of your website too.
37
 
38
  #### LOGIN SECURITY
39
  Protect against brute-force attacks and keep bots at bay. All-In-One Security takes WordPress’ default login security features to a whole new level.
41
  * **Supports best practice:** All-In-One Security detects if an account has the default ‘admin’ username or if a user has identical login and display names, prompting the user to change this in support of better security practices.
42
  * **Hide login page from bots:** Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.
43
  * **Change default `wp_` prefix to a value of your choice:** Hackers use automated code to attack websites like yours. Make life harder for them and protect your site with this simple but effective AIOS security feature.
44
+ * **Login lockout:** External users making multiple login attempts can be locked out for a configured period of time. You can also lockout users with invalid usernames. See a list of all locked out users and unlock with one click.
45
+ * **Reporting:** All-In-One Security provides a wealth of information about website users. View activity by username, IP address, login and logout dates and times. See a list of users currently logged in, and a list of all failed login attempts.
46
  * **Force logouts:** Ensure users don’t stay logged in indefinitely. With All-In-One Security you can force logouts for all users after a configurable amount of time.
47
  * **Robot verification:** For additional security and to prevent spam registrations, implement Google reCAPTCHA, plain maths CAPTCHA or a honeypot to registration pages, or enable manual approval of user accounts instead.
48
  * **Stops user enumeration:** Prevent external users and bots from fetching user information via author permalink.
52
 
53
  #### FIREWALL & FILE PROTECTION
54
  A Web Application Firewall (WAF) is your website’s first line of defence, protecting your site by monitoring traffic and blocking malicious requests.
55
+ Progressively activate firewall settings ranging from basic, intermediate and advanced.
56
  Get comprehensive, instant protection with All-In-One Security.
57
 
58
  * **Automatic protection from the latest threats:** Our team maintains a list of known exploits, actively building protections against them which are then released as new firewall rules to free and paying customers.
64
  * **Cross site scripting (XSS) protection:** All-In-One Security prevents attackers from injecting malicious script into your website via a special cookie.
65
  * **File change detection:** Security scanners alert you to file changes in your WordPress system, so you can see if a change is legitimate or suspicious, and investigate as appropriate.
66
  * **Disable PHP file editing:** Protect your PHP code by disabling the ability to edit files in the WordPress administration area.
67
+ * **Permission setting alerts:** Identify files or folders where the permission settings are not secure and correct with one-click.
68
  * **Ability to create custom rules:** Advanced users can add custom rules to block access to various resources on your site.
69
  * **Access prevention:** Prevent external users from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site.
70
 
71
  #### CONTENT PROTECTION
72
  Eliminate spam, protect your WordPress content, and your search engine rankings with these important security features from All-In-One-Security.
73
 
74
+ * **Comment SPAM prevention :** Webpages littered with spam comments damage your brand, effect the user experience and impact SEO.
75
  All-In-One Security stops SPAM at the source by preventing comments that originate from other domains. AIOS automatically and permanently blocks spammers’ IP addresses. Site owners can use reCAPTCHA to reduce comment spam and block malicious users with just one click.
76
  * **iFrame protection:** Preventing other websites from reproducing your content via an ‘iFrame’ is an useful security feature that protects your intellectual property and your website visitors.
77
  * **Copywriting protection:** Stop users from stealing your content by disabling the right-click, select and copy text function.
119
  But if your WordPress site is a business website, if it showcases what you do, or who you are, we generally recommend AIOS Premium. Prices start from as little as $70 for the year.
120
 
121
  = What are the additional features of All-In-One Security Premium? =
122
+ AIOS Premium scans your WordPress website for malware whilst also monitoring your site's response time and uptime, notifying you of any issues within 24 hours, AIOS Premium customers also benefit from hands-on ticketed support via email (rather than via WP Support forums).
123
  Additional security tools include Country Blocking, Smart 404 Error Blocking and Advanced Two Factor Authentication.
124
  More information is available from our [All-In-One Security website](https://aiosplugin.com)
125
 
144
  Development and test sites require their own licence if updates to the plugin are needed.
145
  However, these sites can be disconnected from the licence when they have served their purpose. You can disconnect the licence via the site's WP Admin->Plugins page, and it will be available to be reassigned to a different site.
146
 
147
+ = Is the All In One Security & Firewall Plugin GDPR and other privacy law compliant? =
148
+ Please read more about GDPR compliance here: https://aiosplugin.com/privacy-policy/ .
149
+
150
  == Installation ==
151
 
152
  To begin making your WordPress site more secure:
165
 
166
  == Changelog ==
167
 
168
+ = 5.1.2 - 07/December/2022 =
169
+
170
+ * FEATURE: User Agent - Blacklist manager functionality should be based on PHP instead .htaccess rules.
171
+ * FIX: Sorting by 'status' on the comment spam table
172
+ * FIX: Copy protection feature not working on iPhone
173
+ * FIX: Cookie based brute force prevention locks out if plugin deactivated and activated again.
174
+ * FIX: The notice to reapply .htaccess rules after reactivating the plugin is displayed on subsites.
175
+ * FIX: Various WordPress command line notices about undefined $_SERVER indexes
176
+ * FIX: Deativate and reactivate plugin firewall settings file sync issue solved.
177
+ * TWEAK: 2FA setting page to show premium options for AIOS premium.
178
+ * TWEAK: Remove characters that should not have been on the scanner page
179
+ * TWEAK: Organise firewall rules into subdirectories
180
+ * TWEAK: Added GDPR question answer to the AIOS WP org plugin's FAQ section.
181
+ * TWEAK: Allow AIOS management permission to be filtered via `aios_management_permission` filter
182
+ * TWEAK: Make use of is_main_site() function.
183
+ * TWEAK: Copy IP to clipboard when clicking on it at WP Security -> Brute Force -> Login whitelist.
184
+
185
  = 5.1.1 - 16/November/2022 =
186
 
187
  * SECURITY: Fixed a failure to check bulk action nonces, leading to a CSRF vulnerability. Exploitation would require an attacker to craft a link specifically for your site, and persuade you to click it whilst logged in; if you did so, this could result in bulk actions being carried out on AIOS list tables (e.g. delete entries from blocked IP address lists), with the attacker being restricted to deleting entries by database ID numbers that he cannot know directly (e.g. 15, 16, 17) and not IP address (e.g. 100.101.102.103).
192
  * FIX: Force logout link not working in the currently logged-in users list.
193
  * FIX: Google reCAPTCHA site key and secret key are not verified immediately.
194
  * TWEAK: Code style changes for scanner related pages and future item manager class.
195
+ * TWEAK: Capitalisation style reapply for firewall menu tabs.
196
  * TWEAK: Instead login lockdown used login lockout word in UI and mail content. Changed constant AIOWPS_DISABLE_LOGIN_LOCKDOWN to AIOWPS_DISABLE_LOGIN_LOCKOUT.
197
  * TWEAK: Update tabs, links to match capitalisation style of other UpdraftPlus plugins.
198
  * TWEAK: Added the filter `aios_server_type` to override the `AIOWPSecurity_Utility::get_server_type()` method's return value.
1111
  - First commit to the WP repository.
1112
 
1113
  == Upgrade Notice ==
1114
+ * 5.1.2: Various tweaks, fixes and minor improvements; full details are in the changelog. All users are recommended to update.
vendor/composer/installed.php CHANGED
@@ -5,7 +5,7 @@
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
- 'reference' => '70f283c3de6e404040b9626b25c6f2146cf99ef8',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
@@ -34,7 +34,7 @@
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
- 'reference' => '70f283c3de6e404040b9626b25c6f2146cf99ef8',
38
  'dev_requirement' => false,
39
  ),
40
  ),
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
+ 'reference' => '5ac25fa91ce15d20d33f76d8185c5dd7ecb0796e',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
+ 'reference' => '5ac25fa91ce15d20d33f76d8185c5dd7ecb0796e',
38
  'dev_requirement' => false,
39
  ),
40
  ),
wp-security-core.php CHANGED
@@ -8,11 +8,11 @@ if (!class_exists('AIO_WP_Security')) {
8
 
9
  class AIO_WP_Security {
10
 
11
- public $version = '5.1.1';
12
 
13
  public $db_version = '1.9.6';
14
 
15
- public $firewall_version = '1.0.1';
16
 
17
  public $plugin_url;
18
 
@@ -77,6 +77,9 @@ if (!class_exists('AIO_WP_Security')) {
77
  * @return Void.
78
  */
79
  public function __construct() {
 
 
 
80
  $this->define_constants();
81
  $this->load_configs();
82
  $this->includes();
@@ -129,7 +132,7 @@ if (!class_exists('AIO_WP_Security')) {
129
  define('AIO_WP_SECURITY_BACKUPS_DIR_NAME', 'aiowps_backups');
130
  define('AIO_WP_SECURITY_BACKUPS_PATH', AIO_WP_SECURITY_PATH.'/backups');
131
  define('AIO_WP_SECURITY_LIB_PATH', AIO_WP_SECURITY_PATH.'/lib');
132
- if (!defined('AIOWPSEC_MANAGEMENT_PERMISSION')) {//This will allow the user to define custom capability for this constant in wp-config file
133
  define('AIOWPSEC_MANAGEMENT_PERMISSION', 'manage_options');
134
  }
135
  define('AIOWPSEC_MENU_SLUG_PREFIX', 'aiowpsec');
@@ -224,6 +227,18 @@ if (!class_exists('AIO_WP_Security')) {
224
  $this->load_ajax_handler();
225
  }
226
 
 
 
 
 
 
 
 
 
 
 
 
 
227
  /**
228
  * Activation handler function.
229
  *
@@ -263,8 +278,7 @@ if (!class_exists('AIO_WP_Security')) {
263
  }
264
 
265
  $subaction = sanitize_text_field($_POST['subaction']);
266
-
267
- if (!current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) {
268
  wp_send_json(array(
269
  'result' => false,
270
  'error_code' => 'security_check',
@@ -441,10 +455,11 @@ if (!class_exists('AIO_WP_Security')) {
441
  if (is_admin()) {
442
  if (get_option('aiowpsec_firewall_version') != AIO_WP_SECURITY_FIREWALL_VERSION) {
443
  AIOWPSecurity_Configure_Settings::set_firewall_configs();
 
444
  }
445
  }
446
  }
447
-
448
  public function db_upgrade_handler() {
449
  if (is_admin()) {//Check if DB needs to be upgraded
450
  if (get_option('aiowpsec_db_version') != AIO_WP_SECURITY_DB_VERSION) {
8
 
9
  class AIO_WP_Security {
10
 
11
+ public $version = '5.1.2';
12
 
13
  public $db_version = '1.9.6';
14
 
15
+ public $firewall_version = '1.0.2';
16
 
17
  public $plugin_url;
18
 
77
  * @return Void.
78
  */
79
  public function __construct() {
80
+ // Add management permission filter early before any of the includes try to use it
81
+ add_filter('aios_management_permission', array($this, 'aios_management_permission'), 10, 2);
82
+
83
  $this->define_constants();
84
  $this->load_configs();
85
  $this->includes();
132
  define('AIO_WP_SECURITY_BACKUPS_DIR_NAME', 'aiowps_backups');
133
  define('AIO_WP_SECURITY_BACKUPS_PATH', AIO_WP_SECURITY_PATH.'/backups');
134
  define('AIO_WP_SECURITY_LIB_PATH', AIO_WP_SECURITY_PATH.'/lib');
135
+ if (!defined('AIOWPSEC_MANAGEMENT_PERMISSION')) { // This will allow the user to define custom capability for this constant in wp-config file
136
  define('AIOWPSEC_MANAGEMENT_PERMISSION', 'manage_options');
137
  }
138
  define('AIOWPSEC_MENU_SLUG_PREFIX', 'aiowpsec');
227
  $this->load_ajax_handler();
228
  }
229
 
230
+ /**
231
+ * A filter function to get the management permission for AIOS
232
+ *
233
+ * @param string $permission - the management permission
234
+ *
235
+ * @return string - the filtered permission
236
+ */
237
+ public function aios_management_permission($permission) {
238
+ if (defined('AIOWPSEC_MANAGEMENT_PERMISSION') && AIOWPSEC_MANAGEMENT_PERMISSION) return AIOWPSEC_MANAGEMENT_PERMISSION;
239
+ return $permission;
240
+ }
241
+
242
  /**
243
  * Activation handler function.
244
  *
278
  }
279
 
280
  $subaction = sanitize_text_field($_POST['subaction']);
281
+ if (!current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
 
282
  wp_send_json(array(
283
  'result' => false,
284
  'error_code' => 'security_check',
455
  if (is_admin()) {
456
  if (get_option('aiowpsec_firewall_version') != AIO_WP_SECURITY_FIREWALL_VERSION) {
457
  AIOWPSecurity_Configure_Settings::set_firewall_configs();
458
+ AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
459
  }
460
  }
461
  }
462
+
463
  public function db_upgrade_handler() {
464
  if (is_admin()) {//Check if DB needs to be upgraded
465
  if (get_option('aiowpsec_db_version') != AIO_WP_SECURITY_DB_VERSION) {
wp-security.php CHANGED
@@ -2,11 +2,11 @@
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
- Version: 5.1.1
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team
9
- Author URI: https://teamupdraft.com/
10
  Description: All round best WordPress security plugin!
11
  Text Domain: all-in-one-wp-security-and-firewall
12
  Domain Path: /languages
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
+ Version: 5.1.2
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team
9
+ Author URI: https://aiosplugin.com/
10
  Description: All round best WordPress security plugin!
11
  Text Domain: all-in-one-wp-security-and-firewall
12
  Domain Path: /languages