All In One WP Security & Firewall - Version 5.1.3

Version Description

  • 09/December/2022 =

  • SECURITY: No longer save settings import files in a publicly accessible folder where they can be potentially indexed by search engines if the administrator does not actually import the settings (which deletes the import file)

  • TWEAK: Improve the UX for uploading import files

  • TWEAK: Add a default CAPTCHA option making way for new CAPTCHAs in the future

Download this release

Release Info

Developer DavidAnderson
Plugin Icon 128x128 All In One WP Security & Firewall
Version 5.1.3
Comparing to
See all releases

Code changes from version 5.1.2 to 5.1.3

Files changed (18) hide show
  1. admin/wp-security-admin-init.php +454 -453
  2. admin/wp-security-brute-force-menu.php +533 -693
  3. admin/wp-security-settings-menu.php +697 -844
  4. classes/wp-security-captcha.php +37 -3
  5. classes/wp-security-configure-settings.php +4 -2
  6. classes/wp-security-general-init-tasks.php +6 -6
  7. classes/wp-security-utility-htaccess.php +4 -3
  8. classes/wp-security-wp-footer-content.php +1 -1
  9. css/wp-security-admin-styles.css +4 -0
  10. includes/simba-tfa/includes/tfa.js +69 -23
  11. includes/simba-tfa/simba-tfa.php +125 -17
  12. js/wp-security-admin-script.js +215 -202
  13. languages/all-in-one-wp-security-and-firewall.pot +283 -339
  14. readme.txt +9 -2
  15. templates/wp-admin/brute-force/captcha-settings.php +170 -0
  16. vendor/composer/installed.php +2 -2
  17. wp-security-core.php +2 -2
  18. wp-security.php +1 -1
admin/wp-security-admin-init.php CHANGED
@@ -4,205 +4,205 @@
4
  * Main admin file which loads all settings panels and sets up admin menus.
5
  */
6
  if (!defined('ABSPATH')) {
7
- exit;// Exit if accessed directly
8
  }
9
 
10
  class AIOWPSecurity_Admin_Init {
11
 
12
- /**
13
- * Whether the page is admin dashboard page.
14
- * @var boolean
15
- */
16
- private $is_admin_dashboard_page;
17
 
18
- /**
19
  * Whether the page is admin AIOS page.
20
- * @var boolean
21
- */
22
- private $is_aiowps_admin_page;
23
-
24
- var $main_menu_page;
25
- var $dashboard_menu;
26
- var $settings_menu;
27
- var $user_accounts_menu;
28
- var $user_login_menu;
29
- var $user_registration_menu;
30
- var $db_security_menu;
31
- var $filesystem_menu;
32
- var $blacklist_menu;
33
- var $firewall_menu;
34
- var $brute_force_menu;
35
- var $maintenance_menu;
36
- var $spam_menu;
37
- var $filescan_menu;
38
- var $misc_menu;
39
-
40
- /**
41
- * Includes admin dependencies and hook admin actions.
42
- *
43
- * @return void
44
- */
45
- public function __construct() {
46
- //This class is only initialized if is_admin() is true
47
-
48
- //handle CSV download
49
- if (current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
50
- $this->admin_includes();
51
- add_action('admin_menu', array($this, 'create_admin_menus'));
52
  add_action('admin_menu', array($this, 'premium_upgrade_submenu'), 40);
53
- add_action('admin_init', array($this, 'aiowps_csv_download'));
54
- }
55
-
56
- add_action('admin_init', array($this, 'hook_admin_notices'));
57
-
58
- //make sure we are on our plugin's menu pages
59
- if ($this->is_aiowps_admin_page()) {
60
- add_action('admin_print_scripts', array($this, 'admin_menu_page_scripts'));
61
- add_action('admin_print_styles', array($this, 'admin_menu_page_styles'));
62
- add_action('init', array($this, 'init_hook_handler_for_admin_side'));
63
-
64
- if (class_exists('AIOWPS_PREMIUM')) {
65
- add_filter('admin_footer_text', array($this, 'display_footer_review_message'));
66
- }
67
- }
68
- }
69
-
70
- private function aiowps_output_csv($items, $export_keys, $filename='data.csv') {
71
- header("Content-Type: text/csv; charset=utf-8");
72
- header("Content-Disposition: attachment; filename=".$filename);
73
- header("Pragma: no-cache");
74
- header("Expires: 0");
75
- $output = fopen('php://output', 'w'); //open output stream
76
-
77
- fputcsv($output, $export_keys); //let's put column names first
78
-
79
- foreach ($items as $item) {
80
- unset($csv_line);
81
- foreach ($export_keys as $key => $value) {
82
- if (isset($item[$key])) {
83
- $csv_line[] = $item[$key];
84
- }
85
- }
86
- fputcsv($output, $csv_line);
87
- }
88
- }
89
-
90
- public function aiowps_csv_download() {
91
- global $aio_wp_security;
92
- if (isset($_POST['aiowpsec_export_acct_activity_logs_to_csv'])) { //Export account activity logs
93
- $nonce = $_REQUEST['_wpnonce'];
94
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-acct-activity-logs-to-csv-nonce')) {
95
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for export account activity logs to CSV.", 4);
96
  die('Nonce check failed for export account activity logs to CSV.');
97
- }
98
- include_once 'wp-security-list-acct-activity.php';
99
- $acct_activity_list = new AIOWPSecurity_List_Account_Activity();
100
- $acct_activity_list->prepare_items(true);
101
- //Let's build a list of items we want to export and give them readable names
102
- $export_keys = array(
103
- 'user_id' => 'User ID',
104
- 'user_login' => 'Username',
105
- 'login_date' => 'Login Date',
106
- 'logout_date' => 'Logout Date',
107
- 'login_ip' => 'IP'
108
- );
109
- $this->aiowps_output_csv($acct_activity_list->items, $export_keys, 'account_activity_logs.csv');
110
- exit();
111
- }
112
- if (isset($_POST['aiowps_export_failed_login_records_to_csv'])) {//Export failed login records
113
- $nonce = $_REQUEST['_wpnonce'];
114
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-failed-login-records-to-csv-nonce')) {
115
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for export failed login records to CSV!", 4);
116
  die('Nonce check failed for export failed login records to CSV.');
117
- }
118
- include_once 'wp-security-list-login-fails.php';
119
- $failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts();
120
- $failed_login_list->prepare_items(true);
121
- $export_keys = array(
122
- 'login_attempt_ip' => 'Login IP Range',
123
- 'user_id' => 'User ID',
124
- 'user_login' => 'Username',
125
- 'failed_login_date' => 'Date',
126
- );
127
- $this->aiowps_output_csv($failed_login_list->items, $export_keys, 'failed_login_records.csv');
128
- exit();
129
- }
130
- if (isset($_POST['aiowps_export_404_event_logs_to_csv'])) {//Export 404 event logs
131
- $nonce = $_REQUEST['_wpnonce'];
132
- if (!wp_verify_nonce($nonce, 'aiowpsec-export-404-event-logs-to-csv-nonce')) {
133
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for export 404 event logs to CSV.", 4);
134
  die('Nonce check failed for export 404 event logs to CSV.');
135
- }
136
- include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1
137
- $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1
138
- $event_list_404->prepare_items(true);
139
- $export_keys = array(
140
- 'id' => 'Id',
141
- 'event_type' => 'Event Type',
142
- 'ip_or_host' => 'IP Address',
143
- 'url' => 'Attempted URL',
144
- 'referer_info' => 'Referer',
145
- 'event_date' => 'Date',
146
- 'status' => 'Lock Status',
147
- );
148
- $this->aiowps_output_csv($event_list_404->items, $export_keys, '404_event_logs.csv');
149
- exit();
150
- }
151
- }
152
-
153
- /**
154
- * Check whether current admin page is All In One WP Security admin page or not.
155
- *
156
- * @return boolean True if All In One WP Security admin page, Otherwise false.
157
- */
158
- private function is_aiowps_admin_page() {
159
- if (isset($this->is_aiowps_admin_page)) {
160
- return $this->is_aiowps_admin_page;
161
- }
162
- global $pagenow;
163
- $this->is_aiowps_admin_page = (current_user_can(apply_filters('aios_management_permission', 'manage_options')) && 'admin.php' == $pagenow && isset($_GET['page']) && false !== strpos($_GET['page'], AIOWPSEC_MENU_SLUG_PREFIX));
164
- return $this->is_aiowps_admin_page;
165
- }
166
-
167
- /**
168
  * Hook admin notices on admin dashboard page and admin AIOS pages.
169
- *
170
- * @return void
171
- */
172
- public function hook_admin_notices() {
173
- if (!current_user_can('update_plugins')) {
174
- return;
175
- }
176
 
177
  // If none of the admin dashboard page or the AIOS page, Then bail
178
- if (!$this->is_admin_dashboard_page() && !$this->is_aiowps_admin_page()) {
179
- return;
180
- }
181
-
182
- add_action('all_admin_notices', array($this, 'render_admin_notices'));
183
- }
184
-
185
- /**
186
- * Check whether current admin page is Admin Dashboard page or not.
187
- *
188
- * @return boolean True if Admin Dashboard page, Otherwise false.
189
- */
190
- private function is_admin_dashboard_page() {
191
- if (isset($this->is_admin_dashboard_page)) {
192
- return $this->is_admin_dashboard_page;
193
- }
194
- global $pagenow;
195
- $this->is_admin_dashboard_page = 'index.php' == $pagenow;
196
- return $this->is_admin_dashboard_page;
197
- }
198
-
199
- /**
200
- * Render admin notices.
201
- *
202
- * @return void
203
- */
204
- public function render_admin_notices() {
205
- global $aio_wp_security;
206
 
207
  $custom_notice_ids = array_merge(AIOS_Abstracted_Ids::custom_admin_notice_ids(), AIOS_Abstracted_Ids::htaccess_to_php_feature_notice_ids());
208
  foreach ($custom_notice_ids as $custom_admin_notice_id) {
@@ -215,40 +215,40 @@ class AIOWPSecurity_Admin_Init {
215
  }
216
 
217
  $installed_at = $aio_wp_security->notices->get_aiowps_plugin_installed_timestamp();
218
- $time_now = $aio_wp_security->notices->get_time_now();
219
- $installed_for = $time_now - $installed_at;
220
 
221
- $dismissed_dash_notice_until = (int) $aio_wp_security->configs->get_value('dismissdashnotice');
222
 
223
- if ($this->is_admin_dashboard_page() && ($installed_at && $time_now > $dismissed_dash_notice_until && $installed_for > (14 * 86400)) || (defined('AIOWPSECURITY_FORCE_DASHNOTICE') && AIOWPSECURITY_FORCE_DASHNOTICE)) {
224
- $aio_wp_security->include_template('notices/thanks-for-using-main-dash.php');
225
- } elseif ($this->is_aiowps_admin_page() && $installed_at && $installed_for > 14*86400) {
226
- $aio_wp_security->notices->do_notice(false, 'top');
227
- }
228
- }
229
 
230
- function admin_includes()
231
- {
232
- include_once('wp-security-admin-menu.php');
233
- }
234
 
235
  /**
236
  * Enqueue admin JavaScripts.
237
  *
238
  * @return Void
239
  */
240
- public function admin_menu_page_scripts() {
241
  if (!AIOWPSecurity_Utility::has_manage_cap()) {
242
  return;
243
  }
244
 
245
- wp_enqueue_script('jquery');
246
- wp_enqueue_script('postbox');
247
- wp_enqueue_script('dashboard');
248
- wp_enqueue_script('thickbox');
249
- wp_enqueue_script('media-upload');
250
- wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'), AIO_WP_SECURITY_VERSION, true);
251
- wp_enqueue_script('aiowpsec-admin-js');
252
  wp_localize_script('aiowpsec-admin-js', 'aios_data',
253
  array(
254
  'ajax_nonce' => wp_create_nonce('aios-ajax-nonce'),
@@ -257,113 +257,114 @@ class AIOWPSecurity_Admin_Init {
257
  wp_localize_script('aiowpsec-admin-js', 'aios_trans',
258
  array(
259
  'unexpected_response' => __('Unexpected response:', 'all-in-one-wp-security-and-firewall'),
260
- 'copied' => __('Copied', 'all-in-one-wp-security-and-firewall')
 
261
  )
262
  );
263
- wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
264
- }
265
-
266
- function admin_menu_page_styles()
267
- {
268
- wp_enqueue_style('dashboard');
269
- wp_enqueue_style('thickbox');
270
- wp_enqueue_style('global');
271
- wp_enqueue_style('wp-admin');
272
  $admin_css_version = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime(AIO_WP_SECURITY_PATH. '/css/wp-security-admin-styles.css');
273
- wp_enqueue_style('aiowpsec-admin-css', AIO_WP_SECURITY_URL. '/css/wp-security-admin-styles.css', array(), $admin_css_version);
274
- }
275
-
276
- function init_hook_handler_for_admin_side()
277
- {
278
- $this->aiowps_media_uploader_modification();
279
- $this->initialize_feature_manager();
280
- $this->do_other_admin_side_init_tasks();
281
- }
282
-
283
- /**
284
- * Show footer review message and link.
285
- *
286
- * @return string
287
- */
288
- public function display_footer_review_message() {
289
- /* translators: 1: All In One WP Security & Firewall 2: G2 review link */
290
- $message = sprintf(
291
- __('Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!', 'all-in-one-wp-security-and-firewall'),
292
- '<b>' . htmlspecialchars('All In One WP Security & Firewall') . '</b>',
293
- '<a href="https://www.g2.com/products/all-in-one-wp-security-firewall/reviews" target="_blank">&starf;&starf;&starf;&starf;&starf;</a>'
294
- );
295
- return $message;
296
- }
297
-
298
- function aiowps_media_uploader_modification()
299
- {
300
- //For changing button text inside media uploader (thickbox)
301
- global $pagenow;
302
- if ('media-upload.php' == $pagenow || 'async-upload.php' == $pagenow)
303
- {
304
- // Here we will customize the 'Insert into Post' Button text inside Thickbox
305
- add_filter( 'gettext', array($this, 'aiowps_media_uploader_replace_thickbox_text'), 1, 2);
306
- }
307
- }
308
-
309
- function aiowps_media_uploader_replace_thickbox_text($translated_text, $text)
310
- {
311
- if ('Insert into Post' == $text)
312
- {
313
- $referer = strpos(wp_get_referer(), 'aiowpsec');
314
- if ($referer != '')
315
- {
316
- return ('Select File');
317
- }
318
- }
319
- return $translated_text;
320
- }
321
-
322
- function initialize_feature_manager()
323
- {
324
- $aiowps_feature_mgr = new AIOWPSecurity_Feature_Item_Manager();
325
- $aiowps_feature_mgr->initialize_features();
326
- $aiowps_feature_mgr->check_and_set_feature_status();
327
- $aiowps_feature_mgr->calculate_total_points();
328
- $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr;
329
- }
330
 
331
  /**
332
  * Other admin side init tasks.
333
  *
334
  * @return void
335
  */
336
- private function do_other_admin_side_init_tasks() {
337
- global $aio_wp_security;
338
-
339
- //***New Feature improvement for Cookie Based Brute Force Protection***//
340
- //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
341
- //So now we will drop a more secure test cookie using a 10 digit random string
342
-
343
- if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')) {
344
- // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser
345
- $test_cookie_name_saved = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
346
- if (empty($test_cookie_name_saved)) {
347
- $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
348
- $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
349
- $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
350
- $aio_wp_security->configs->save_config();//save the value
351
- AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
352
- }
353
- }
354
- //For cookie test form submission case
355
- if (isset($_GET['page']) && AIOWPSEC_BRUTE_FORCE_MENU_SLUG == $_GET['page'] && isset($_GET['tab']) && 'cookie-based-brute-force-prevention' == $_GET['tab']) {
356
- global $aio_wp_security;
357
- if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
358
- $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
359
- $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
360
- $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
361
- $aio_wp_security->configs->save_config();//save the value
362
- AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
363
- $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=cookie-based-brute-force-prevention";
364
- $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
365
- AIOWPSecurity_Utility::redirect_to_url($redirect_url);
366
- }
367
 
368
  if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) { // Enabling the BFLA feature so drop the cookie again
369
  $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
@@ -374,27 +375,27 @@ class AIOWPSecurity_Admin_Init {
374
  }
375
 
376
  if (isset($_REQUEST['aiowps_cookie_test'])) {
377
- $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
378
- $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
379
- if (empty($cookie_val)) {
380
- $aio_wp_security->configs->set_value('aiowps_cookie_test_success','');
381
- } else {
382
- $aio_wp_security->configs->set_value('aiowps_cookie_test_success','1');
383
- }
384
- $aio_wp_security->configs->save_config();//save the value
385
- }
386
- }
387
-
388
- if (isset($_POST['aiowps_save_wp_config'])) { // the wp-config backup operation
389
- $nonce = $_REQUEST['_wpnonce'];
390
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
391
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!",4);
392
- die("Nonce check failed on wp_config file save!");
393
- }
394
- $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
395
- $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path); //Backup the wp_config.php file
396
- AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
397
- }
398
 
399
  // Handle export settings
400
  if (isset($_POST['aiowps_export_settings'])) { // Do form submission tasks
@@ -402,41 +403,41 @@ class AIOWPSecurity_Admin_Init {
402
  if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
403
  $aio_wp_security->debug_logger->log_debug('Nonce check failed on export AIOS settings.', 4);
404
  die('Nonce check failed on export AIOS settings.');
405
- }
406
- $config_data = get_option('aio_wp_security_configs');
407
- $output = json_encode($config_data);
408
- AIOWPSecurity_Utility_File::download_content_to_a_file($output);
409
- }
410
- }
411
-
412
- function create_admin_menus()
413
- {
414
- $menu_icon_url = AIO_WP_SECURITY_URL.'/images/plugin-icon.png';
415
- $this->main_menu_page = add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG , array($this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
416
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'all-in-one-wp-security-and-firewall'), __('Dashboard', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG, array($this, 'handle_dashboard_menu_rendering'));
417
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'all-in-one-wp-security-and-firewall'), __('Settings', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_SETTINGS_MENU_SLUG, array($this, 'handle_settings_menu_rendering'));
418
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'all-in-one-wp-security-and-firewall'), __('User Accounts', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array($this, 'handle_user_accounts_menu_rendering'));
419
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'all-in-one-wp-security-and-firewall'), __('User Login', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_LOGIN_MENU_SLUG, array($this, 'handle_user_login_menu_rendering'));
420
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'all-in-one-wp-security-and-firewall'), __('User Registration', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array($this, 'handle_user_registration_menu_rendering'));
421
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'all-in-one-wp-security-and-firewall'), __('Database Security', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_DB_SEC_MENU_SLUG, array($this, 'handle_database_menu_rendering'));
422
- if (is_main_site()) {
423
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'all-in-one-wp-security-and-firewall'), __('Filesystem Security', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FILESYSTEM_MENU_SLUG, array($this, 'handle_filesystem_menu_rendering'));
424
- }
425
- if (is_main_site()) {
426
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'all-in-one-wp-security-and-firewall'), __('Blacklist Manager', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_BLACKLIST_MENU_SLUG, array($this, 'handle_blacklist_menu_rendering'));
427
- }
428
- if (is_main_site()) {
429
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'all-in-one-wp-security-and-firewall'), __('Firewall', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FIREWALL_MENU_SLUG, array($this, 'handle_firewall_menu_rendering'));
430
- }
431
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'all-in-one-wp-security-and-firewall'), __('Brute Force', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array($this, 'handle_brute_force_menu_rendering'));
432
  add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_SPAM_MENU_SLUG, array($this, 'handle_spam_menu_rendering'));
433
- if (is_main_site()) {
434
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'all-in-one-wp-security-and-firewall'), __('Scanner', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FILESCAN_MENU_SLUG, array($this, 'handle_filescan_menu_rendering'));
435
- }
436
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'all-in-one-wp-security-and-firewall'), __('Maintenance', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAINTENANCE_MENU_SLUG, array($this, 'handle_maintenance_menu_rendering'));
437
- add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'all-in-one-wp-security-and-firewall'), __('Miscellaneous', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MISC_MENU_SLUG, array($this, 'handle_misc_menu_rendering'));
438
  add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Tools', 'all-in-one-wp-security-and-firewall'), __('Tools', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_TOOLS_MENU_SLUG, array($this, 'handle_tools_menu_rendering'));
439
- do_action('aiowpsecurity_admin_menu_created');
440
  }
441
 
442
  /**
@@ -451,99 +452,99 @@ class AIOWPSecurity_Admin_Init {
451
  }
452
  }
453
 
454
- function handle_dashboard_menu_rendering()
455
- {
456
- include_once('wp-security-dashboard-menu.php');
457
- $this->dashboard_menu = new AIOWPSecurity_Dashboard_Menu();
458
- }
459
-
460
- function handle_settings_menu_rendering()
461
- {
462
- include_once('wp-security-settings-menu.php');
463
- $this->settings_menu = new AIOWPSecurity_Settings_Menu();
464
-
465
- }
466
-
467
- function handle_user_accounts_menu_rendering()
468
- {
469
- include_once('wp-security-user-accounts-menu.php');
470
- $this->user_accounts_menu = new AIOWPSecurity_User_Accounts_Menu();
471
- }
472
-
473
- function handle_user_login_menu_rendering()
474
- {
475
- include_once('wp-security-user-login-menu.php');
476
- $this->user_login_menu = new AIOWPSecurity_User_Login_Menu();
477
- }
478
-
479
- function handle_user_registration_menu_rendering()
480
- {
481
- include_once('wp-security-user-registration-menu.php');
482
- $this->user_registration_menu = new AIOWPSecurity_User_Registration_Menu();
483
- }
484
-
485
- function handle_database_menu_rendering()
486
- {
487
- include_once('wp-security-database-menu.php');
488
- $this->db_security_menu = new AIOWPSecurity_Database_Menu();
489
- }
490
-
491
- function handle_filesystem_menu_rendering()
492
- {
493
- include_once('wp-security-filesystem-menu.php');
494
- $this->filesystem_menu = new AIOWPSecurity_Filesystem_Menu();
495
- }
496
-
497
- function handle_blacklist_menu_rendering()
498
- {
499
- include_once('wp-security-blacklist-menu.php');
500
- $this->blacklist_menu = new AIOWPSecurity_Blacklist_Menu();
501
- }
502
-
503
- function handle_firewall_menu_rendering()
504
- {
505
- include_once('wp-security-firewall-menu.php');
506
- $this->firewall_menu = new AIOWPSecurity_Firewall_Menu();
507
- }
508
-
509
- function handle_brute_force_menu_rendering()
510
- {
511
- include_once('wp-security-brute-force-menu.php');
512
- $this->brute_force_menu = new AIOWPSecurity_Brute_Force_Menu();
513
- }
514
-
515
- function handle_maintenance_menu_rendering()
516
- {
517
- include_once('wp-security-maintenance-menu.php');
518
- $this->maintenance_menu = new AIOWPSecurity_Maintenance_Menu();
519
- }
520
-
521
- function handle_spam_menu_rendering()
522
- {
523
- include_once('wp-security-spam-menu.php');
524
- $this->spam_menu = new AIOWPSecurity_Spam_Menu();
525
- }
526
-
527
- function handle_filescan_menu_rendering()
528
- {
529
- include_once('wp-security-filescan-menu.php');
530
- $this->filescan_menu = new AIOWPSecurity_Filescan_Menu();
531
- }
532
-
533
- function handle_misc_menu_rendering()
534
- {
535
- include_once('wp-security-misc-options-menu.php');
536
- $this->misc_menu = new AIOWPSecurity_Misc_Options_Menu();
537
- }
538
-
539
- /**
540
- * Renders 'Tools' submenu first tab page.
541
- *
542
- * @return Void
543
- */
544
- public function handle_tools_menu_rendering() {
545
- include_once(AIO_WP_SECURITY_PATH.'/admin/wp-security-tools-menu.php');
546
- new AIOWPSecurity_Tools_Menu();
547
- }
548
 
549
  }//End of class
4
  * Main admin file which loads all settings panels and sets up admin menus.
5
  */
6
  if (!defined('ABSPATH')) {
7
+ exit;// Exit if accessed directly
8
  }
9
 
10
  class AIOWPSecurity_Admin_Init {
11
 
12
+ /**
13
+ * Whether the page is admin dashboard page.
14
+ * @var boolean
15
+ */
16
+ private $is_admin_dashboard_page;
17
 
18
+ /**
19
  * Whether the page is admin AIOS page.
20
+ * @var boolean
21
+ */
22
+ private $is_aiowps_admin_page;
23
+
24
+ var $main_menu_page;
25
+ var $dashboard_menu;
26
+ var $settings_menu;
27
+ var $user_accounts_menu;
28
+ var $user_login_menu;
29
+ var $user_registration_menu;
30
+ var $db_security_menu;
31
+ var $filesystem_menu;
32
+ var $blacklist_menu;
33
+ var $firewall_menu;
34
+ var $brute_force_menu;
35
+ var $maintenance_menu;
36
+ var $spam_menu;
37
+ var $filescan_menu;
38
+ var $misc_menu;
39
+
40
+ /**
41
+ * Includes admin dependencies and hook admin actions.
42
+ *
43
+ * @return void
44
+ */
45
+ public function __construct() {
46
+ //This class is only initialized if is_admin() is true
47
+
48
+ //handle CSV download
49
+ if (current_user_can(apply_filters('aios_management_permission', 'manage_options'))) {
50
+ $this->admin_includes();
51
+ add_action('admin_menu', array($this, 'create_admin_menus'));
52
  add_action('admin_menu', array($this, 'premium_upgrade_submenu'), 40);
53
+ add_action('admin_init', array($this, 'aiowps_csv_download'));
54
+ }
55
+
56
+ add_action('admin_init', array($this, 'hook_admin_notices'));
57
+
58
+ //make sure we are on our plugin's menu pages
59
+ if ($this->is_aiowps_admin_page()) {
60
+ add_action('admin_print_scripts', array($this, 'admin_menu_page_scripts'));
61
+ add_action('admin_print_styles', array($this, 'admin_menu_page_styles'));
62
+ add_action('init', array($this, 'init_hook_handler_for_admin_side'));
63
+
64
+ if (class_exists('AIOWPS_PREMIUM')) {
65
+ add_filter('admin_footer_text', array($this, 'display_footer_review_message'));
66
+ }
67
+ }
68
+ }
69
+
70
+ private function aiowps_output_csv($items, $export_keys, $filename='data.csv') {
71
+ header("Content-Type: text/csv; charset=utf-8");
72
+ header("Content-Disposition: attachment; filename=".$filename);
73
+ header("Pragma: no-cache");
74
+ header("Expires: 0");
75
+ $output = fopen('php://output', 'w'); //open output stream
76
+
77
+ fputcsv($output, $export_keys); //let's put column names first
78
+
79
+ foreach ($items as $item) {
80
+ unset($csv_line);
81
+ foreach ($export_keys as $key => $value) {
82
+ if (isset($item[$key])) {
83
+ $csv_line[] = $item[$key];
84
+ }
85
+ }
86
+ fputcsv($output, $csv_line);
87
+ }
88
+ }
89
+
90
+ public function aiowps_csv_download() {
91
+ global $aio_wp_security;
92
+ if (isset($_POST['aiowpsec_export_acct_activity_logs_to_csv'])) { //Export account activity logs
93
+ $nonce = $_REQUEST['_wpnonce'];
94
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-acct-activity-logs-to-csv-nonce')) {
95
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for export account activity logs to CSV.", 4);
96
  die('Nonce check failed for export account activity logs to CSV.');
97
+ }
98
+ include_once 'wp-security-list-acct-activity.php';
99
+ $acct_activity_list = new AIOWPSecurity_List_Account_Activity();
100
+ $acct_activity_list->prepare_items(true);
101
+ //Let's build a list of items we want to export and give them readable names
102
+ $export_keys = array(
103
+ 'user_id' => 'User ID',
104
+ 'user_login' => 'Username',
105
+ 'login_date' => 'Login Date',
106
+ 'logout_date' => 'Logout Date',
107
+ 'login_ip' => 'IP'
108
+ );
109
+ $this->aiowps_output_csv($acct_activity_list->items, $export_keys, 'account_activity_logs.csv');
110
+ exit();
111
+ }
112
+ if (isset($_POST['aiowps_export_failed_login_records_to_csv'])) {//Export failed login records
113
+ $nonce = $_REQUEST['_wpnonce'];
114
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-failed-login-records-to-csv-nonce')) {
115
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for export failed login records to CSV!", 4);
116
  die('Nonce check failed for export failed login records to CSV.');
117
+ }
118
+ include_once 'wp-security-list-login-fails.php';
119
+ $failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts();
120
+ $failed_login_list->prepare_items(true);
121
+ $export_keys = array(
122
+ 'login_attempt_ip' => 'Login IP Range',
123
+ 'user_id' => 'User ID',
124
+ 'user_login' => 'Username',
125
+ 'failed_login_date' => 'Date',
126
+ );
127
+ $this->aiowps_output_csv($failed_login_list->items, $export_keys, 'failed_login_records.csv');
128
+ exit();
129
+ }
130
+ if (isset($_POST['aiowps_export_404_event_logs_to_csv'])) {//Export 404 event logs
131
+ $nonce = $_REQUEST['_wpnonce'];
132
+ if (!wp_verify_nonce($nonce, 'aiowpsec-export-404-event-logs-to-csv-nonce')) {
133
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for export 404 event logs to CSV.", 4);
134
  die('Nonce check failed for export 404 event logs to CSV.');
135
+ }
136
+ include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1
137
+ $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1
138
+ $event_list_404->prepare_items(true);
139
+ $export_keys = array(
140
+ 'id' => 'Id',
141
+ 'event_type' => 'Event Type',
142
+ 'ip_or_host' => 'IP Address',
143
+ 'url' => 'Attempted URL',
144
+ 'referer_info' => 'Referer',
145
+ 'event_date' => 'Date',
146
+ 'status' => 'Lock Status',
147
+ );
148
+ $this->aiowps_output_csv($event_list_404->items, $export_keys, '404_event_logs.csv');
149
+ exit();
150
+ }
151
+ }
152
+
153
+ /**
154
+ * Check whether current admin page is All In One WP Security admin page or not.
155
+ *
156
+ * @return boolean True if All In One WP Security admin page, Otherwise false.
157
+ */
158
+ private function is_aiowps_admin_page() {
159
+ if (isset($this->is_aiowps_admin_page)) {
160
+ return $this->is_aiowps_admin_page;
161
+ }
162
+ global $pagenow;
163
+ $this->is_aiowps_admin_page = (current_user_can(apply_filters('aios_management_permission', 'manage_options')) && 'admin.php' == $pagenow && isset($_GET['page']) && false !== strpos($_GET['page'], AIOWPSEC_MENU_SLUG_PREFIX));
164
+ return $this->is_aiowps_admin_page;
165
+ }
166
+
167
+ /**
168
  * Hook admin notices on admin dashboard page and admin AIOS pages.
169
+ *
170
+ * @return void
171
+ */
172
+ public function hook_admin_notices() {
173
+ if (!current_user_can('update_plugins')) {
174
+ return;
175
+ }
176
 
177
  // If none of the admin dashboard page or the AIOS page, Then bail
178
+ if (!$this->is_admin_dashboard_page() && !$this->is_aiowps_admin_page()) {
179
+ return;
180
+ }
181
+
182
+ add_action('all_admin_notices', array($this, 'render_admin_notices'));
183
+ }
184
+
185
+ /**
186
+ * Check whether current admin page is Admin Dashboard page or not.
187
+ *
188
+ * @return boolean True if Admin Dashboard page, Otherwise false.
189
+ */
190
+ private function is_admin_dashboard_page() {
191
+ if (isset($this->is_admin_dashboard_page)) {
192
+ return $this->is_admin_dashboard_page;
193
+ }
194
+ global $pagenow;
195
+ $this->is_admin_dashboard_page = 'index.php' == $pagenow;
196
+ return $this->is_admin_dashboard_page;
197
+ }
198
+
199
+ /**
200
+ * Render admin notices.
201
+ *
202
+ * @return void
203
+ */
204
+ public function render_admin_notices() {
205
+ global $aio_wp_security;
206
 
207
  $custom_notice_ids = array_merge(AIOS_Abstracted_Ids::custom_admin_notice_ids(), AIOS_Abstracted_Ids::htaccess_to_php_feature_notice_ids());
208
  foreach ($custom_notice_ids as $custom_admin_notice_id) {
215
  }
216
 
217
  $installed_at = $aio_wp_security->notices->get_aiowps_plugin_installed_timestamp();
218
+ $time_now = $aio_wp_security->notices->get_time_now();
219
+ $installed_for = $time_now - $installed_at;
220
 
221
+ $dismissed_dash_notice_until = (int) $aio_wp_security->configs->get_value('dismissdashnotice');
222
 
223
+ if ($this->is_admin_dashboard_page() && ($installed_at && $time_now > $dismissed_dash_notice_until && $installed_for > (14 * 86400)) || (defined('AIOWPSECURITY_FORCE_DASHNOTICE') && AIOWPSECURITY_FORCE_DASHNOTICE)) {
224
+ $aio_wp_security->include_template('notices/thanks-for-using-main-dash.php');
225
+ } elseif ($this->is_aiowps_admin_page() && $installed_at && $installed_for > 14*86400) {
226
+ $aio_wp_security->notices->do_notice(false, 'top');
227
+ }
228
+ }
229
 
230
+ function admin_includes()
231
+ {
232
+ include_once('wp-security-admin-menu.php');
233
+ }
234
 
235
  /**
236
  * Enqueue admin JavaScripts.
237
  *
238
  * @return Void
239
  */
240
+ public function admin_menu_page_scripts() {
241
  if (!AIOWPSecurity_Utility::has_manage_cap()) {
242
  return;
243
  }
244
 
245
+ wp_enqueue_script('jquery');
246
+ wp_enqueue_script('postbox');
247
+ wp_enqueue_script('dashboard');
248
+ wp_enqueue_script('thickbox');
249
+ wp_enqueue_script('media-upload');
250
+ wp_register_script('aiowpsec-admin-js', AIO_WP_SECURITY_URL. '/js/wp-security-admin-script.js', array('jquery'), AIO_WP_SECURITY_VERSION, true);
251
+ wp_enqueue_script('aiowpsec-admin-js');
252
  wp_localize_script('aiowpsec-admin-js', 'aios_data',
253
  array(
254
  'ajax_nonce' => wp_create_nonce('aios-ajax-nonce'),
257
  wp_localize_script('aiowpsec-admin-js', 'aios_trans',
258
  array(
259
  'unexpected_response' => __('Unexpected response:', 'all-in-one-wp-security-and-firewall'),
260
+ 'copied' => __('Copied', 'all-in-one-wp-security-and-firewall'),
261
+ 'no_import_file' => __('You have not yet selected a file to import.', 'all-in-one-wp-security-and-firewall')
262
  )
263
  );
264
+ wp_register_script('aiowpsec-pw-tool-js', AIO_WP_SECURITY_URL. '/js/password-strength-tool.js', array('jquery')); // We will enqueue this in the user acct menu class
265
+ }
266
+
267
+ function admin_menu_page_styles()
268
+ {
269
+ wp_enqueue_style('dashboard');
270
+ wp_enqueue_style('thickbox');
271
+ wp_enqueue_style('global');
272
+ wp_enqueue_style('wp-admin');
273
  $admin_css_version = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime(AIO_WP_SECURITY_PATH. '/css/wp-security-admin-styles.css');
274
+ wp_enqueue_style('aiowpsec-admin-css', AIO_WP_SECURITY_URL. '/css/wp-security-admin-styles.css', array(), $admin_css_version);
275
+ }
276
+
277
+ function init_hook_handler_for_admin_side()
278
+ {
279
+ $this->aiowps_media_uploader_modification();
280
+ $this->initialize_feature_manager();
281
+ $this->do_other_admin_side_init_tasks();
282
+ }
283
+
284
+ /**
285
+ * Show footer review message and link.
286
+ *
287
+ * @return string
288
+ */
289
+ public function display_footer_review_message() {
290
+ /* translators: 1: All In One WP Security & Firewall 2: G2 review link */
291
+ $message = sprintf(
292
+ __('Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!', 'all-in-one-wp-security-and-firewall'),
293
+ '<b>' . htmlspecialchars('All In One WP Security & Firewall') . '</b>',
294
+ '<a href="https://www.g2.com/products/all-in-one-wp-security-firewall/reviews" target="_blank">&starf;&starf;&starf;&starf;&starf;</a>'
295
+ );
296
+ return $message;
297
+ }
298
+
299
+ function aiowps_media_uploader_modification()
300
+ {
301
+ //For changing button text inside media uploader (thickbox)
302
+ global $pagenow;
303
+ if ('media-upload.php' == $pagenow || 'async-upload.php' == $pagenow)
304
+ {
305
+ // Here we will customize the 'Insert into Post' Button text inside Thickbox
306
+ add_filter( 'gettext', array($this, 'aiowps_media_uploader_replace_thickbox_text'), 1, 2);
307
+ }
308
+ }
309
+
310
+ function aiowps_media_uploader_replace_thickbox_text($translated_text, $text)
311
+ {
312
+ if ('Insert into Post' == $text)
313
+ {
314
+ $referer = strpos(wp_get_referer(), 'aiowpsec');
315
+ if ($referer != '')
316
+ {
317
+ return ('Select File');
318
+ }
319
+ }
320
+ return $translated_text;
321
+ }
322
+
323
+ function initialize_feature_manager()
324
+ {
325
+ $aiowps_feature_mgr = new AIOWPSecurity_Feature_Item_Manager();
326
+ $aiowps_feature_mgr->initialize_features();
327
+ $aiowps_feature_mgr->check_and_set_feature_status();
328
+ $aiowps_feature_mgr->calculate_total_points();
329
+ $GLOBALS['aiowps_feature_mgr'] = $aiowps_feature_mgr;
330
+ }
331
 
332
  /**
333
  * Other admin side init tasks.
334
  *
335
  * @return void
336
  */
337
+ private function do_other_admin_side_init_tasks() {
338
+ global $aio_wp_security;
339
+
340
+ //***New Feature improvement for Cookie Based Brute Force Protection***//
341
+ //The old "test cookie" used to be too easy to guess because someone could just read the code and get the value.
342
+ //So now we will drop a more secure test cookie using a 10 digit random string
343
+
344
+ if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')) {
345
+ // This code is for users who had this feature saved using an older release. This will drop the new more secure test cookie to the browser
346
+ $test_cookie_name_saved = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
347
+ if (empty($test_cookie_name_saved)) {
348
+ $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
349
+ $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
350
+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
351
+ $aio_wp_security->configs->save_config();//save the value
352
+ AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
353
+ }
354
+ }
355
+ //For cookie test form submission case
356
+ if (isset($_GET['page']) && AIOWPSEC_BRUTE_FORCE_MENU_SLUG == $_GET['page'] && isset($_GET['tab']) && 'cookie-based-brute-force-prevention' == $_GET['tab']) {
357
+ global $aio_wp_security;
358
+ if (isset($_POST['aiowps_do_cookie_test_for_bfla'])) {
359
+ $random_suffix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
360
+ $test_cookie_name = 'aiowps_cookie_test_'.$random_suffix;
361
+ $aio_wp_security->configs->set_value('aiowps_cookie_brute_test', $test_cookie_name);
362
+ $aio_wp_security->configs->save_config();//save the value
363
+ AIOWPSecurity_Utility::set_cookie_value($test_cookie_name, '1');
364
+ $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=cookie-based-brute-force-prevention";
365
+ $redirect_url = AIOWPSecurity_Utility::add_query_data_to_url($cur_url, 'aiowps_cookie_test', "1");
366
+ AIOWPSecurity_Utility::redirect_to_url($redirect_url);
367
+ }
368
 
369
  if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) { // Enabling the BFLA feature so drop the cookie again
370
  $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
375
  }
376
 
377
  if (isset($_REQUEST['aiowps_cookie_test'])) {
378
+ $test_cookie = $aio_wp_security->configs->get_value('aiowps_cookie_brute_test');
379
+ $cookie_val = AIOWPSecurity_Utility::get_cookie_value($test_cookie);
380
+ if (empty($cookie_val)) {
381
+ $aio_wp_security->configs->set_value('aiowps_cookie_test_success','');
382
+ } else {
383
+ $aio_wp_security->configs->set_value('aiowps_cookie_test_success','1');
384
+ }
385
+ $aio_wp_security->configs->save_config();//save the value
386
+ }
387
+ }
388
+
389
+ if (isset($_POST['aiowps_save_wp_config'])) { // the wp-config backup operation
390
+ $nonce = $_REQUEST['_wpnonce'];
391
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-wp-config-nonce')) {
392
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp_config file save!",4);
393
+ die("Nonce check failed on wp_config file save!");
394
+ }
395
+ $wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
396
+ $result = AIOWPSecurity_Utility_File::backup_and_rename_wp_config($wp_config_path); //Backup the wp_config.php file
397
+ AIOWPSecurity_Utility_File::download_a_file_option1($wp_config_path, "wp-config-backup.txt");
398
+ }
399
 
400
  // Handle export settings
401
  if (isset($_POST['aiowps_export_settings'])) { // Do form submission tasks
403
  if (!wp_verify_nonce($nonce, 'aiowpsec-export-settings-nonce')) {
404
  $aio_wp_security->debug_logger->log_debug('Nonce check failed on export AIOS settings.', 4);
405
  die('Nonce check failed on export AIOS settings.');
406
+ }
407
+ $config_data = get_option('aio_wp_security_configs');
408
+ $output = json_encode($config_data);
409
+ AIOWPSecurity_Utility_File::download_content_to_a_file($output);
410
+ }
411
+ }
412
+
413
+ function create_admin_menus()
414
+ {
415
+ $menu_icon_url = AIO_WP_SECURITY_URL.'/images/plugin-icon.png';
416
+ $this->main_menu_page = add_menu_page(__('WP Security', 'all-in-one-wp-security-and-firewall'), __('WP Security', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG , array($this, 'handle_dashboard_menu_rendering'), $menu_icon_url);
417
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Dashboard', 'all-in-one-wp-security-and-firewall'), __('Dashboard', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAIN_MENU_SLUG, array($this, 'handle_dashboard_menu_rendering'));
418
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Settings', 'all-in-one-wp-security-and-firewall'), __('Settings', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_SETTINGS_MENU_SLUG, array($this, 'handle_settings_menu_rendering'));
419
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Accounts', 'all-in-one-wp-security-and-firewall'), __('User Accounts', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_ACCOUNTS_MENU_SLUG, array($this, 'handle_user_accounts_menu_rendering'));
420
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Login', 'all-in-one-wp-security-and-firewall'), __('User Login', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_LOGIN_MENU_SLUG, array($this, 'handle_user_login_menu_rendering'));
421
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('User Registration', 'all-in-one-wp-security-and-firewall'), __('User Registration', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_USER_REGISTRATION_MENU_SLUG, array($this, 'handle_user_registration_menu_rendering'));
422
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Database Security', 'all-in-one-wp-security-and-firewall'), __('Database Security', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_DB_SEC_MENU_SLUG, array($this, 'handle_database_menu_rendering'));
423
+ if (is_main_site()) {
424
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Filesystem Security', 'all-in-one-wp-security-and-firewall'), __('Filesystem Security', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FILESYSTEM_MENU_SLUG, array($this, 'handle_filesystem_menu_rendering'));
425
+ }
426
+ if (is_main_site()) {
427
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Blacklist Manager', 'all-in-one-wp-security-and-firewall'), __('Blacklist Manager', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_BLACKLIST_MENU_SLUG, array($this, 'handle_blacklist_menu_rendering'));
428
+ }
429
+ if (is_main_site()) {
430
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'all-in-one-wp-security-and-firewall'), __('Firewall', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FIREWALL_MENU_SLUG, array($this, 'handle_firewall_menu_rendering'));
431
+ }
432
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'all-in-one-wp-security-and-firewall'), __('Brute Force', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array($this, 'handle_brute_force_menu_rendering'));
433
  add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), __('Spam Prevention', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_SPAM_MENU_SLUG, array($this, 'handle_spam_menu_rendering'));
434
+ if (is_main_site()) {
435
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Scanner', 'all-in-one-wp-security-and-firewall'), __('Scanner', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_FILESCAN_MENU_SLUG, array($this, 'handle_filescan_menu_rendering'));
436
+ }
437
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Maintenance', 'all-in-one-wp-security-and-firewall'), __('Maintenance', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MAINTENANCE_MENU_SLUG, array($this, 'handle_maintenance_menu_rendering'));
438
+ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Miscellaneous', 'all-in-one-wp-security-and-firewall'), __('Miscellaneous', 'all-in-one-wp-security-and-firewall') , apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_MISC_MENU_SLUG, array($this, 'handle_misc_menu_rendering'));
439
  add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Tools', 'all-in-one-wp-security-and-firewall'), __('Tools', 'all-in-one-wp-security-and-firewall'), apply_filters('aios_management_permission', 'manage_options'), AIOWPSEC_TOOLS_MENU_SLUG, array($this, 'handle_tools_menu_rendering'));
440
+ do_action('aiowpsecurity_admin_menu_created');
441
  }
442
 
443
  /**
452
  }
453
  }
454
 
455
+ function handle_dashboard_menu_rendering()
456
+ {
457
+ include_once('wp-security-dashboard-menu.php');
458
+ $this->dashboard_menu = new AIOWPSecurity_Dashboard_Menu();
459
+ }
460
+
461
+ function handle_settings_menu_rendering()
462
+ {
463
+ include_once('wp-security-settings-menu.php');
464
+ $this->settings_menu = new AIOWPSecurity_Settings_Menu();
465
+
466
+ }
467
+
468
+ function handle_user_accounts_menu_rendering()
469
+ {
470
+ include_once('wp-security-user-accounts-menu.php');
471
+ $this->user_accounts_menu = new AIOWPSecurity_User_Accounts_Menu();
472
+ }
473
+
474
+ function handle_user_login_menu_rendering()
475
+ {
476
+ include_once('wp-security-user-login-menu.php');
477
+ $this->user_login_menu = new AIOWPSecurity_User_Login_Menu();
478
+ }
479
+
480
+ function handle_user_registration_menu_rendering()
481
+ {
482
+ include_once('wp-security-user-registration-menu.php');
483
+ $this->user_registration_menu = new AIOWPSecurity_User_Registration_Menu();
484
+ }
485
+
486
+ function handle_database_menu_rendering()
487
+ {
488
+ include_once('wp-security-database-menu.php');
489
+ $this->db_security_menu = new AIOWPSecurity_Database_Menu();
490
+ }
491
+
492
+ function handle_filesystem_menu_rendering()
493
+ {
494
+ include_once('wp-security-filesystem-menu.php');
495
+ $this->filesystem_menu = new AIOWPSecurity_Filesystem_Menu();
496
+ }
497
+
498
+ function handle_blacklist_menu_rendering()
499
+ {
500
+ include_once('wp-security-blacklist-menu.php');
501
+ $this->blacklist_menu = new AIOWPSecurity_Blacklist_Menu();
502
+ }
503
+
504
+ function handle_firewall_menu_rendering()
505
+ {
506
+ include_once('wp-security-firewall-menu.php');
507
+ $this->firewall_menu = new AIOWPSecurity_Firewall_Menu();
508
+ }
509
+
510
+ function handle_brute_force_menu_rendering()
511
+ {
512
+ include_once('wp-security-brute-force-menu.php');
513
+ $this->brute_force_menu = new AIOWPSecurity_Brute_Force_Menu();
514
+ }
515
+
516
+ function handle_maintenance_menu_rendering()
517
+ {
518
+ include_once('wp-security-maintenance-menu.php');
519
+ $this->maintenance_menu = new AIOWPSecurity_Maintenance_Menu();
520
+ }
521
+
522
+ function handle_spam_menu_rendering()
523
+ {
524
+ include_once('wp-security-spam-menu.php');
525
+ $this->spam_menu = new AIOWPSecurity_Spam_Menu();
526
+ }
527
+
528
+ function handle_filescan_menu_rendering()
529
+ {
530
+ include_once('wp-security-filescan-menu.php');
531
+ $this->filescan_menu = new AIOWPSecurity_Filescan_Menu();
532
+ }
533
+
534
+ function handle_misc_menu_rendering()
535
+ {
536
+ include_once('wp-security-misc-options-menu.php');
537
+ $this->misc_menu = new AIOWPSecurity_Misc_Options_Menu();
538
+ }
539
+
540
+ /**
541
+ * Renders 'Tools' submenu first tab page.
542
+ *
543
+ * @return Void
544
+ */
545
+ public function handle_tools_menu_rendering() {
546
+ include_once(AIO_WP_SECURITY_PATH.'/admin/wp-security-tools-menu.php');
547
+ new AIOWPSecurity_Tools_Menu();
548
+ }
549
 
550
  }//End of class
admin/wp-security-brute-force-menu.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  if (!defined('ABSPATH')) {
3
- exit;//Exit if accessed directly
4
  }
5
 
6
  /**
@@ -32,7 +32,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
32
  protected $menu_tabs_handler = array(
33
  'rename-login' => 'render_rename_login',
34
  'cookie-based-brute-force-prevention' => 'render_cookie_based_brute_force_prevention',
35
- 'login-captcha' => 'render_login_captcha',
36
  'login-whitelist' => 'render_login_whitelist',
37
  'honeypot' => 'render_honeypot',
38
  );
@@ -43,7 +43,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
43
  public function __construct() {
44
  $this->render_menu_page();
45
  }
46
-
47
  /**
48
  * Set menu tabs name.
49
  */
@@ -51,7 +51,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
51
  $this->menu_tabs = array(
52
  'rename-login' => __('Rename login page','all-in-one-wp-security-and-firewall'),
53
  'cookie-based-brute-force-prevention' => __('Cookie based brute force prevention', 'all-in-one-wp-security-and-firewall'),
54
- 'login-captcha' => __('Login CAPTCHA', 'all-in-one-wp-security-and-firewall'),
55
  'login-whitelist' => __('Login whitelist', 'all-in-one-wp-security-and-firewall'),
56
  'honeypot' => __('Honeypot', 'all-in-one-wp-security-and-firewall'),
57
  );
@@ -61,40 +61,40 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
61
  * Renders our tabs of this menu as nav items
62
  */
63
  private function render_menu_tabs() {
64
- $current_tab = $this->get_current_tab();
65
 
66
- echo '<h2 class="nav-tab-wrapper">';
67
- foreach ( $this->menu_tabs as $tab_key => $tab_caption ) {
68
  if ((!is_main_site()) && false === stristr($tab_caption, 'Rename login page') && false === stristr($tab_caption, 'Login CAPTCHA')) {
69
  // Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "CAPTCHA"
70
  } else {
71
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
72
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
73
- }
74
- }
75
- echo '</h2>';
76
  }
77
 
78
  /**
79
  * The menu rendering goes here
80
  */
81
  private function render_menu_page() {
82
- echo '<div class="wrap">';
83
- echo '<h2>' . __('Brute force','all-in-one-wp-security-and-firewall') . '</h2>';//Interface title
84
- $this->set_menu_tabs();
85
- $tab = $this->get_current_tab();
86
- $this->render_menu_tabs();
87
- ?>
88
- <div id="poststuff"><div id="post-body">
89
- <?php
90
- //$tab_keys = array_keys($this->menu_tabs);
91
- call_user_func(array($this, $this->menu_tabs_handler[$tab]));
92
- ?>
93
- </div></div>
94
- </div><!-- end of wrap -->
95
- <?php
96
  }
97
-
98
  /**
99
  * Rename login page tab.
100
  *
@@ -103,141 +103,141 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
103
  * @global $aiowps_feature_mgr
104
  */
105
  private function render_rename_login() {
106
- global $wpdb, $aio_wp_security;
107
- global $aiowps_feature_mgr;
108
- $aiowps_login_page_slug = '';
109
 
110
- if (get_option('permalink_structure')) {
111
  $home_url = trailingslashit(home_url());
112
- } else {
113
  $home_url = trailingslashit(home_url()) . '?';
114
- }
115
-
116
- if(isset($_POST['aiowps_save_rename_login_page_settings'])) { //Do form submission tasks
117
- $error = '';
118
- $nonce = $_POST['_wpnonce'];
119
- if (!wp_verify_nonce($nonce, 'aiowpsec-rename-login-page-nonce')) {
120
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for rename login page save.", 4);
121
- die("Nonce check failed for rename login page save.");
122
- }
123
-
124
- if (empty($_POST['aiowps_login_page_slug']) && isset($_POST["aiowps_enable_rename_login_page"])) {
125
- $error .= '<br />' . __('Please enter a value for your login page slug.', 'all-in-one-wp-security-and-firewall');
126
- } else if (!empty($_POST['aiowps_login_page_slug'])) {
127
- $aiowps_login_page_slug = sanitize_text_field($_POST['aiowps_login_page_slug']);
128
- if ('wp-admin' == $aiowps_login_page_slug) {
129
- $error .= '<br />' . __('You cannot use the value "wp-admin" for your login page slug.', 'all-in-one-wp-security-and-firewall');
130
- } elseif (preg_match('/[^a-z_\-0-9]/i', $aiowps_login_page_slug)) {
131
- $error .= '<br />' . __('You must use alpha numeric characters for your login page slug.', 'all-in-one-wp-security-and-firewall');
132
- }
133
- }
134
-
135
- if ($error) {
136
- $this->show_msg_error(__('Attention:', 'all-in-one-wp-security-and-firewall') . ' ' . $error);
137
- } else {
138
- $htaccess_res = '';
139
- $cookie_feature_active = false;
140
- //Save all the form values to the options
141
- if (isset($_POST["aiowps_enable_rename_login_page"])) {
142
- $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '1');
143
- } else {
144
- $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '');
145
- }
146
- $aio_wp_security->configs->set_value('aiowps_login_page_slug', $aiowps_login_page_slug);
147
- $aio_wp_security->configs->save_config();
148
-
149
-
150
- //Recalculate points after the feature status/options have been altered
151
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
152
- if (false === $htaccess_res) {
153
- $this->show_msg_error(__('Could not delete the Cookie-based directives from the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
154
- }
155
- else {
156
- $this->show_msg_settings_updated();
157
- }
158
-
159
- /** The following is a fix/workaround for the following issue:
160
- * https://wordpress.org/support/topic/applying-brute-force-rename-login-page-not-working/
161
- * ie, when saving the rename login config, the logout link does not update on the first page load after the $_POST submit to reflect the new rename login setting.
162
- * Added a page refresh to fix this for now until I figure out a better solution.
163
- *
164
- **/
165
- $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=rename-login";
166
- AIOWPSecurity_Utility::redirect_to_url($cur_url);
167
-
168
- }
169
- }
170
-
171
- ?>
172
- <div class="aio_blue_box">
173
- <?php
174
  echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'all-in-one-wp-security-and-firewall').'</p>'.
175
- '<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'all-in-one-wp-security-and-firewall').'</p>'.
176
- '<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'all-in-one-wp-security-and-firewall').'</p>'.
177
- '<p>'.__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'all-in-one-wp-security-and-firewall') . '</p>';
178
  if (!is_multisite() || 1 == get_current_blog_id()) {
179
- $cookie_based_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=cookie-based-brute-force-prevention" target="_blank">'.__('Cookie based brute force prevention', 'all-in-one-wp-security-and-firewall').'</a>';
180
- $white_list_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=login-whitelist" target="_blank">'.__('Login page white list', 'all-in-one-wp-security-and-firewall').'</a>';
181
-
182
  echo '<div class="aio_section_separator_1"></div>'.
183
- '<p>' . __('You may also be interested in the following alternative brute force prevention features:', 'all-in-one-wp-security-and-firewall') . '</p>'.
184
- '<p>' . $cookie_based_feature_url . '</p>'.
185
- '<p>' . $white_list_feature_url . '</p>';
186
- }
187
- ?>
188
- </div>
189
- <?php
190
- //Show the user the new login URL if this feature is active
191
- if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')) {
192
- ?>
193
- <div class="aio_yellow_box">
194
- <p><?php _e('Your WordPress login page URL has been renamed.', 'all-in-one-wp-security-and-firewall'); ?></p>
195
- <p><?php _e('Your current login URL is:', 'all-in-one-wp-security-and-firewall'); ?></p>
196
- <p><strong><?php echo $home_url.$aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?></strong></p>
197
- </div>
198
-
199
- <?php
200
- }
201
- ?>
202
- <div class="postbox">
203
  <h3 class="hndle"><label for="title"><?php _e('Rename login page settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204
- <div class="inside">
205
- <?php
206
- //Display security info badge
207
- global $aiowps_feature_mgr;
208
- $aiowps_feature_mgr->output_feature_details_badge("bf-rename-login-page");
209
- ?>
210
-
211
- <form action="" method="POST">
212
- <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
213
- <div class="aio_orange_box">
214
- <?php
215
- $read_link = '<a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">' . __('must read this message', 'all-in-one-wp-security-and-firewall') . '</a>';
216
- echo '<p>' . sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link) . '</p>';
217
- echo '<p>' . __("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall") . '</p>';
218
- ?>
219
- </div>
220
- <table class="form-table">
221
- <tr valign="top">
222
  <th scope="row"><?php _e('Enable rename login page feature', 'all-in-one-wp-security-and-firewall'); ?>:</th>
223
- <td>
224
- <input id="aiowps_enable_rename_login_page" name="aiowps_enable_rename_login_page" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page'),'1'); ?> value="1"/>
225
- <label for="aiowps_enable_rename_login_page" class="description"><?php _e('Check this if you want to enable the rename login page feature', 'all-in-one-wp-security-and-firewall'); ?></label>
226
- </td>
227
- </tr>
228
  <tr valign="top">
229
  <th scope="row"><label for="aiowps_login_page_slug"><?php _e('Login page URL', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
230
  <td><code><?php echo $home_url; ?></code><input id="aiowps_login_page_slug" type="text" size="15" name="aiowps_login_page_slug" value="<?php echo $aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?>">
231
- <span class="description"><?php _e('Enter a string which will represent your secure login page slug. You are encouraged to choose something which is hard to guess and only you will remember.', 'all-in-one-wp-security-and-firewall'); ?></span>
232
- </td>
233
- </tr>
234
- </table>
235
- <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_rename_login_page_settings');?>
236
- </form>
237
- </div></div>
238
 
239
- <?php
240
- }
241
 
242
  /**
243
  * Cookie based brute force prevention tab.
@@ -248,96 +248,96 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
248
  *
249
  * @return void
250
  */
251
- private function render_cookie_based_brute_force_prevention() {
252
- global $aio_wp_security;
253
- global $aiowps_feature_mgr;
254
- global $aiowps_firewall_config;
255
- $error = false;
256
- $msg = '';
257
-
258
- //Save settings for brute force cookie method
259
- if (isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall'])) {
260
- if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-enable-cookie-based-brute-force-prevention')) {
261
- $aio_wp_security->debug_logger->log_debug('Nonce check failed on enable cookie based brute force prevention feature.', 4);
262
- die('Nonce check failed on enable cookie based brute force prevention feature.');
263
- }
264
-
265
- if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
266
- $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
267
- if (empty($brute_force_feature_secret_word)) {
268
- $brute_force_feature_secret_word = AIOS_DEFAULT_BRUTE_FORCE_FEATURE_SECRET_WORD;
269
- } elseif (!ctype_alnum($brute_force_feature_secret_word)) {
270
- $msg = '<p>' . __('Settings have not been saved - your secret word must consist only of alphanumeric characters, i.e., letters and/or numbers only.', 'all-in-one-wp-security-and-firewall') . '</p>';
271
- $error = true;
272
- }
273
-
274
- if (filter_var($_POST['aiowps_cookie_based_brute_force_redirect_url'], FILTER_VALIDATE_URL)) {
275
- $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url', esc_url_raw($_POST['aiowps_cookie_based_brute_force_redirect_url']));
276
- } else {
277
- $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url', 'http://127.0.0.1');
278
- }
279
-
280
- if (!$error) {
281
  $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '1');
282
  $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word', $brute_force_feature_secret_word);
283
 
284
- $msg = '<p>' . __('You have successfully enabled the cookie based brute force prevention feature', 'all-in-one-wp-security-and-firewall') . '</p>';
285
- $msg .= '<p>' . __('From now on you will need to log into your WP Admin using the following URL:', 'all-in-one-wp-security-and-firewall') . '</p>';
286
- $msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
287
- $msg .= '<p>' . __('It is important that you save this URL value somewhere in case you forget it, OR,', 'all-in-one-wp-security-and-firewall') . '</p>';
288
- $msg .= '<p>' . sprintf( __('simply remember to add a "?%s=1" to your current site URL address.', 'all-in-one-wp-security-and-firewall'), $brute_force_feature_secret_word) . '</p>';
289
- }
290
- } else {
291
- $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '');
292
- $msg = __('You have successfully saved cookie based brute force prevention feature settings.', 'all-in-one-wp-security-and-firewall');
293
- }
294
-
295
- if (isset($_POST['aiowps_brute_force_attack_prevention_pw_protected_exception'])) {
296
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception', '1');
297
- } else {
298
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception', '');
299
- }
300
-
301
- if (isset($_POST['aiowps_brute_force_attack_prevention_ajax_exception'])) {
302
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception', '1');
303
- } else {
304
- $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception', '');
305
- }
306
-
307
- if (!$error) {
308
- AIOWPSecurity_Configure_Settings::set_cookie_based_bruteforce_firewall_configs();
309
- $aio_wp_security->configs->save_config();//save the value
310
-
311
- //Recalculate points after the feature status/options have been altered
312
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
313
- if ('' != $msg) {
314
- echo '<div id="message" class="updated fade"><p>';
315
- echo $msg;
316
- echo '</p></div>';
317
- }
318
- } else {
319
- $this->show_msg_error($msg);
320
- }
321
- }
322
- ?>
323
  <h2><?php _e('Brute force prevention firewall settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
324
 
325
- <div class="aio_blue_box">
326
- <?php
327
- //TODO - need to fix the following message
328
- echo '<p>' . __('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'all-in-one-wp-security-and-firewall').
329
- '<br>' . __('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'all-in-one-wp-security-and-firewall').
330
- '<br>' . __('The features in this tab will stop the majority of brute force login attacks thus providing even better protection for your WP login page.', 'all-in-one-wp-security-and-firewall') . '</p>';
331
- ?>
332
- </div>
333
- <div class="aio_yellow_box">
334
- <?php
335
- $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">' . __('backup', 'all-in-one-wp-security-and-firewall') . '</a>';
336
- $tutorial_link = '<a href="https://aiosplugin.com/how-to-use-cookie-based-brute-force-login-attack-prevention-feature/" target="_blank">' . __('tutorial', 'all-in-one-wp-security-and-firewall') . '</a>';
337
- $info_msg = sprintf( __('To learn more about how to use this feature, please read the following %s.', 'all-in-one-wp-security-and-firewall'), $tutorial_link);
338
- $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Cookie-based brute force login prevention', 'all-in-one-wp-security-and-firewall').'</a>';
339
- echo '<p>' . $info_msg . '</p>';
340
- ?>
341
  </div>
342
  <?php
343
  if (defined('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION') && AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION) {
@@ -346,158 +346,158 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
346
  ?>
347
  <div class="postbox">
348
  <h3 class="hndle"><label for="title"><?php _e('Cookie based brute force login prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
349
- <div class="inside">
350
- <?php
351
- //Display security info badge
352
- global $aiowps_feature_mgr;
353
- $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
354
- ?>
355
- <form action="" method="POST">
356
- <?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
357
- <div class="aio_orange_box">
358
- <p>
359
- <?php _e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a> before activating this feature.', 'all-in-one-wp-security-and-firewall'); ?>
360
- </p>
361
- </div>
362
- <?php
363
- $cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
364
-
365
- $disable_brute_force_fetaure_input = true;
366
- // If the cookie test is successful or if the feature is already enabled then go ahead as normal
367
- if ('1' == $cookie_test_value || '1' == $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')) {
368
- if (isset($_POST['aiowps_cookie_test'])) {//Cookie test was just performed and the test succeded
369
- echo '<div class="aio_green_box"><p>';
370
- _e('The cookie test was successful. You can now enable this feature.', 'all-in-one-wp-security-and-firewall');
371
- echo '</p></div>';
372
- }
373
  $disable_brute_force_fetaure_input = false;
374
- } else {
375
- //Cookie test needs to be performed
376
- if (isset($_POST['aiowps_cookie_test']) && '1' != $cookie_test_value) {//Test failed
377
- echo '<div class="aio_red_box"><p>';
378
  _e('The cookie test failed on this server. Consequently, this feature cannot be used on this site.', 'all-in-one-wp-security-and-firewall');
379
  echo '</p></div>';
380
- }
381
- ?>
382
- <div class="aio_yellow_box">
383
- <p>
384
- <?php
385
- _e('Before using this feature, you must perform a cookie test first.', 'all-in-one-wp-security-and-firewall');
386
- echo ' ';
387
- echo htmlspecialchars(__("This ensures that your browser cookie is working correctly and that you won't lock yourself out.", 'all-in-one-wp-security-and-firewall'));
388
- ?>
389
- </p>
390
- </div>
391
- <?php
392
  submit_button(__('Perform cookie test', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_do_cookie_test_for_bfla');
393
  }
394
  $disable_brute_force_sub_fields = !$aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
395
- ?>
396
- <table class="form-table">
397
  <tr valign="top">
398
  <th scope="row"><?php _e('Enable brute force attack prevention', 'all-in-one-wp-security-and-firewall'); ?>:</th>
399
- <td>
400
- <input id="aiowps_enable_brute_force_attack_prevention" name="aiowps_enable_brute_force_attack_prevention" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention'));?> value="1"<?php disabled($disable_brute_force_fetaure_input); ?>/>
401
- <label for="aiowps_enable_brute_force_attack_prevention" class="description"><?php _e('Check this if you want to protect your login page from Brute Force Attack.', 'all-in-one-wp-security-and-firewall'); ?></label>
402
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
403
- <div class="aiowps_more_info_body">
404
- <p class="description">
405
- <?php
406
- _e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'all-in-one-wp-security-and-firewall');
407
- echo '<br>';
408
- _e('To use this feature do the following:', 'all-in-one-wp-security-and-firewall');
409
- echo '<br>';
410
- _e('1) Enable the checkbox.', 'all-in-one-wp-security-and-firewall');
411
- echo '<br>';
412
- _e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'all-in-one-wp-security-and-firewall');
413
- echo '<br>';
414
- _e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'all-in-one-wp-security-and-firewall');
415
- echo '<br>';
416
- _e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'all-in-one-wp-security-and-firewall');
417
- ?>
418
- </p>
419
- </div>
420
- </td>
421
- </tr>
422
  <tr valign="top">
423
  <th scope="row"><label for="aiowps_brute_force_secret_word"><?php _e('Secret word', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
424
  <td><input id="aiowps_brute_force_secret_word" type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>"<?php disabled($disable_brute_force_sub_fields); ?>>
425
- <span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'all-in-one-wp-security-and-firewall'); ?></span>
426
- </td>
427
- </tr>
428
- <tr valign="top">
429
- <th scope="row"><label for="aiowps_cookie_based_brute_force_redirect_url"><?php _e('Re-direct URL', 'all-in-one-wp-security-and-firewall')?>:</label></th>
430
- <td><input id="aiowps_cookie_based_brute_force_redirect_url" type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" <?php disabled($disable_brute_force_sub_fields); ?> />
431
- <span class="description">
432
- <?php
433
- _e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'all-in-one-wp-security-and-firewall');
434
- ?>
435
- </span>
436
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
437
- <div class="aiowps_more_info_body">
438
- <p class="description">
439
- <?php
440
- _e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.', 'all-in-one-wp-security-and-firewall');
441
- echo '<br>';
442
- _e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'all-in-one-wp-security-and-firewall');
443
- echo '<br>';
444
- _e('Useful Tip:', 'all-in-one-wp-security-and-firewall');
445
- echo '<br>';
446
- _e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'all-in-one-wp-security-and-firewall');
447
- echo '<br>';
448
- _e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'all-in-one-wp-security-and-firewall');
449
- ?>
450
- </p>
451
- </div>
452
- </td>
453
- </tr>
454
  <tr valign="top">
455
  <th scope="row"><?php _e('My site has posts or pages which are password protected', 'all-in-one-wp-security-and-firewall'); ?>:</th>
456
- <td>
457
- <input id="aiowps_brute_force_attack_prevention_pw_protected_exception" name="aiowps_brute_force_attack_prevention_pw_protected_exception" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')); ?> value="1"<?php disabled($disable_brute_force_sub_fields); ?> />
458
- <label for="aiowps_brute_force_attack_prevention_pw_protected_exception" class="description"><?php _e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'all-in-one-wp-security-and-firewall'); ?></label>
459
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
460
- <div class="aiowps_more_info_body">
461
- <p class="description">
462
- <?php
463
- _e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added so that people trying to access pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
464
- echo '<br>';
465
- _e('By enabling this checkbox, the plugin will add the necessary rules and exceptions so that people trying to access these pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
466
- echo '<br>';
467
- echo "<strong>".__('Helpful Tip:', 'all-in-one-wp-security-and-firewall')."</strong>";
468
- echo '<br>';
469
- _e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'all-in-one-wp-security-and-firewall');
470
- ?>
471
- </p>
472
- </div>
473
- </td>
474
- </tr>
475
  <tr valign="top">
476
  <th scope="row"><?php _e('My site has a theme or plugins which use AJAX', 'all-in-one-wp-security-and-firewall'); ?>:</th>
477
- <td>
478
- <input id="aiowps_brute_force_attack_prevention_ajax_exception" name="aiowps_brute_force_attack_prevention_ajax_exception" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')); ?> value="1"<?php disabled($disable_brute_force_sub_fields); ?>/>
479
- <label for="aiowps_brute_force_attack_prevention_ajax_exception" class="description"><?php _e('Check this if your site uses AJAX functionality.', 'all-in-one-wp-security-and-firewall'); ?></label>
480
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
481
- <div class="aiowps_more_info_body">
482
- <p class="description">
483
- <?php
484
- _e('In the cases where your WordPress installation has a theme or plugin that uses AJAX, a few extra lines of directives and exceptions need to be added to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'all-in-one-wp-security-and-firewall');
485
- echo '<br>';
486
- _e('By enabling this checkbox, the plugin will add the necessary rules and exceptions so that AJAX operations will work as expected.', 'all-in-one-wp-security-and-firewall');
487
- ?>
488
- </p>
489
- </div>
490
- </td>
491
- </tr>
492
- </table>
493
  <?php
494
  $other_attributes = $disable_brute_force_fetaure_input ? array('disabled' => 'disabled') : array();
495
  submit_button(__('Save feature settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_apply_cookie_based_bruteforce_firewall', false, $other_attributes);
496
  ?>
497
- </form>
498
- </div></div>
499
- <?php
500
- }
501
 
502
  /**
503
  * Login captcha tab.
@@ -507,27 +507,34 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
507
  *
508
  * @return void
509
  */
510
- private function render_login_captcha() {
511
- global $aio_wp_security;
512
- global $aiowps_feature_mgr;
 
 
513
 
514
  if (isset($_POST['aiowpsec_save_captcha_settings'])) { // Do form submission tasks
515
  $error = '';
516
  if (!wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-captcha-settings-nonce')) {
517
  $aio_wp_security->debug_logger->log_debug('Nonce check failed on CAPTCHA settings save.', 4);
518
  die('Nonce check failed on CAPTCHA settings save.');
519
- }
 
 
 
 
520
 
 
521
 
522
- //Save all the form values to the options
523
  $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); // Generate random 20 char string for use during CAPTCHA encode/decode
524
- $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
525
- $aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
526
- $aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha',isset($_POST["aiowps_enable_woo_login_captcha"])?'1':'');
527
- $aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha',isset($_POST["aiowps_enable_woo_register_captcha"])?'1':'');
528
- $aio_wp_security->configs->set_value('aiowps_enable_woo_lostpassword_captcha',isset($_POST["aiowps_enable_woo_lostpassword_captcha"])?'1':'');
529
- $aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha',isset($_POST["aiowps_enable_custom_login_captcha"])?'1':'');
530
- $aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
531
 
532
  $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key', sanitize_text_field($_POST['aiowps_recaptcha_site_key']));
533
 
@@ -537,9 +544,7 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
537
  $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key', $secret_key);
538
  }
539
 
540
- $aio_wp_security->configs->set_value('aiowps_default_recaptcha', isset($_POST['aiowps_default_recaptcha']) ? '1' : ''); // Checkbox
541
-
542
- if ('1' == $aio_wp_security->configs->get_value('aiowps_default_recaptcha') && false === $aio_wp_security->captcha_obj->google_recaptcha_verify_configuration($aio_wp_security->configs->get_value('aiowps_recaptcha_site_key'), $aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'))) {
543
  $aio_wp_security->configs->set_value('aios_google_recaptcha_invalid_configuration', '1');
544
  } elseif ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
545
  $aio_wp_security->configs->delete_value('aios_google_recaptcha_invalid_configuration');
@@ -547,185 +552,20 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
547
 
548
  $aio_wp_security->configs->save_config();
549
 
550
- //Recalculate points after the feature status/options have been altered
551
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
552
 
553
- $this->show_msg_settings_updated();
554
  }
555
 
556
  if ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
557
  echo '<div class="notice notice-warning aio_red_box"><p>'.__('Your Google reCAPTCHA configuration is invalid.', 'all-in-one-wp-security-and-firewall').' '.__('Please enter the correct reCAPTCHA keys below to use the reCAPTCHA feature.', 'all-in-one-wp-security-and-firewall').'</p></div>';
558
  }
559
 
560
- $secret_key_masked = AIOWPSecurity_Utility::mask_string($aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'));
561
- ?>
562
- <div class="aio_blue_box">
563
- <?php
564
- $recaptcha_link = '<a href="https://www.google.com/recaptcha" target="_blank">Google reCAPTCHA v2</a>';
565
- echo sprintf('<p>' . __('This feature allows you to add a CAPTCHA form on various WordPress login pages and forms.', 'all-in-one-wp-security-and-firewall') .
566
- '<br>' . __('Adding a CAPTCHA form on a login page or form is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall') .
567
- '<br>' . __('You have the option of using either %s or a plain maths CAPTCHA form.', 'all-in-one-wp-security-and-firewall') .
568
- '<br>' . __('If you enable Google reCAPTCHA the reCAPTCHA widget will be displayed for all forms the CAPTCHA settings below.', 'all-in-one-wp-security-and-firewall') .
569
- '<br>' . __('If Google reCAPTCHA is disabled the simple maths CAPTCHA form will apply and users will need to enter the answer to a simple mathematical question.', 'all-in-one-wp-security-and-firewall') . '</p>', $recaptcha_link);
570
- ?>
571
- </div>
572
- <form action="" method="POST">
573
- <?php wp_nonce_field('aiowpsec-captcha-settings-nonce'); ?>
574
- <div class="postbox">
575
- <h3 class="hndle"><label for="title"><?php _e('Google reCAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
576
- <div class="inside">
577
- <div class="aio_orange_box">
578
- <p>
579
- <?php
580
- echo __('By enabling these settings the Google reCAPTCHA v2 widget will be applied by default for all forms with CAPTCHA enabled.', 'all-in-one-wp-security-and-firewall');
581
- ?>
582
- </p>
583
- </div>
584
-
585
- <?php if ($aio_wp_security->is_login_lockdown_by_const()) { ?>
586
- <div class="aio_blue_box">
587
- <p>
588
- <?php
589
- echo __('reCAPTCHA will not work because you have disabled login lockout by activating the AIOS_DISABLE_LOGIN_LOCKOUT constant value in a configuration file.', 'all-in-one-wp-security-and-firewall').'
590
- <br>'.__('To enable it, define AIOS_DISABLE_LOGIN_LOCKOUT constant value as false, or remove it.', 'all-in-one-wp-security-and-firewall');
591
- ?>
592
- </p>
593
- </div>
594
- <?php } ?>
595
-
596
- <table class="form-table">
597
- <tr valign="top">
598
- <th scope="row"><?php _e('Use Google reCAPTCHA as default', 'all-in-one-wp-security-and-firewall')?>:</th>
599
- <td>
600
- <input id="aiowps_default_recaptcha" name="aiowps_default_recaptcha" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_default_recaptcha'),'1'); ?> value="1"/>
601
- <label for="aiowps_default_recaptcha" class="description"><?php _e('Check this if you want to default to Google reCAPTCHA for all settings below. (If this is left unchecked, all CAPTCHA forms will revert to the plain maths CAPTCHA)', 'all-in-one-wp-security-and-firewall'); ?></label>
602
- </td>
603
- </tr>
604
- <tr valign="top">
605
- <th scope="row"><label for="aiowps_recaptcha_site_key"><?php _e('Site key', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
606
- <td><input id="aiowps_recaptcha_site_key" type="text" size="50" name="aiowps_recaptcha_site_key" value="<?php echo esc_html( $aio_wp_security->configs->get_value('aiowps_recaptcha_site_key') ); ?>" />
607
- </td>
608
- </tr>
609
- <tr valign="top">
610
- <th scope="row">
611
- <label for="aiowps_recaptcha_secret_key"><?php _e('Secret key', 'all-in-one-wp-security-and-firewall'); ?>:</label>
612
- </th>
613
- <td>
614
- <input id="aiowps_recaptcha_secret_key" type="text" size="50" name="aiowps_recaptcha_secret_key" value="<?php echo esc_html($secret_key_masked); ?>">
615
- </td>
616
- </tr>
617
- </table>
618
- </div></div>
619
- <div class="postbox">
620
- <h3 class="hndle"><label for="title"><?php _e('Login form CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
621
- <div class="inside">
622
- <?php
623
- //Display security info badge
624
- global $aiowps_feature_mgr;
625
- $aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
626
- ?>
627
- <table class="form-table">
628
- <tr valign="top">
629
- <th scope="row"><?php _e('Enable CAPTCHA on login page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
630
- <td>
631
- <input id="aiowps_enable_login_captcha" name="aiowps_enable_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
632
- <label for="aiowps_enable_login_captcha" class="description"><?php _e('Check this if you want to insert a CAPTCHA form on the login page.', 'all-in-one-wp-security-and-firewall'); ?></label>
633
- </td>
634
- </tr>
635
- </table>
636
- </div></div>
637
- <div class="postbox">
638
- <h3 class="hndle"><label for="title"><?php _e('Lost password form CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
639
- <div class="inside">
640
- <?php
641
- //Display security info badge
642
- global $aiowps_feature_mgr;
643
- $aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
644
- ?>
645
-
646
- <table class="form-table">
647
- <tr valign="top">
648
- <th scope="row"><?php _e('Enable CAPTCHA on lost password page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
649
- <td>
650
- <input id="aiowps_enable_lost_password_captcha" name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
651
- <label for="aiowps_enable_lost_password_captcha" class="description"><?php _e('Check this if you want to insert a CAPTCHA form on the lost password page.', 'all-in-one-wp-security-and-firewall'); ?></label>
652
- </td>
653
- </tr>
654
- </table>
655
- </div></div>
656
- <div class="postbox">
657
- <h3 class="hndle"><label for="title"><?php _e('Custom login form CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
658
- <div class="inside">
659
- <?php
660
- //Display security info badge
661
- global $aiowps_feature_mgr;
662
- $aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
663
- ?>
664
- <table class="form-table">
665
- <tr valign="top">
666
- <th scope="row"><?php _e('Enable CAPTCHA on custom login form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
667
- <td>
668
- <input id="aiowps_enable_custom_login_captcha" name="aiowps_enable_custom_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
669
- <label for="aiowps_enable_custom_login_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a custom login form generated by the following WP function: wp_login_form()', 'all-in-one-wp-security-and-firewall'); ?></label>
670
- </td>
671
- </tr>
672
- </table>
673
- </div></div>
674
- <?php
675
- // Only display WooCommerce CAPTCHA settings if woo is active
676
- if (AIOWPSecurity_Utility::is_woocommerce_plugin_active()) {
677
- ?>
678
- <div class="postbox">
679
- <h3 class="hndle"><label for="title"><?php _e('WooCommerce forms CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
680
- <div class="inside">
681
- <?php
682
- //Display security info badge
683
- global $aiowps_feature_mgr;
684
- $aiowps_feature_mgr->output_feature_details_badge("woo-login-captcha");
685
- ?>
686
- <table class="form-table">
687
- <tr valign="top">
688
- <th scope="row"><?php _e('Enable CAPTCHA on WooCommerce login form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
689
- <td>
690
- <input id="aiowps_enable_woo_login_captcha" name="aiowps_enable_woo_login_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
691
- <label for="aiowps_enable_woo_login_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a WooCommerce login form.', 'all-in-one-wp-security-and-firewall'); ?></label>
692
- </td>
693
- </tr>
694
- </table>
695
- <hr>
696
- <?php
697
- $aiowps_feature_mgr->output_feature_details_badge("woo-lostpassword-captcha");
698
- ?>
699
- <table class="form-table">
700
- <tr valign="top">
701
- <th scope="row"><?php _e('Enable CAPTCHA on WooCommerce lost password form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
702
- <td>
703
- <input id="aiowps_enable_woo_lostpassword_captcha" name="aiowps_enable_woo_lostpassword_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
704
- <label for="aiowps_enable_woo_lostpassword_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a WooCommerce lost password form.', 'all-in-one-wp-security-and-firewall'); ?></label>
705
- </td>
706
- </tr>
707
- </table>
708
- <hr>
709
- <?php
710
- $aiowps_feature_mgr->output_feature_details_badge("woo-register-captcha");
711
- ?>
712
- <table class="form-table">
713
- <tr valign="top">
714
- <th scope="row"><?php _e('Enable CAPTCHA on WooCommerce registration form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
715
- <td>
716
- <input id="aiowps_enable_woo_register_captcha" name="aiowps_enable_woo_register_captcha" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha')=='1') echo ' checked="checked"'; ?> value="1"/>
717
- <label for="aiowps_enable_woo_register_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a WooCommerce registration form.', 'all-in-one-wp-security-and-firewall'); ?></label>
718
- </td>
719
- </tr>
720
- </table>
721
- </div></div>
722
- <?php
723
- }
724
- ?>
725
- <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_captcha_settings');?>
726
- </form>
727
- <?php
728
- }
729
 
730
  /**
731
  * Login whitelist tab.
@@ -736,73 +576,73 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
736
  * @return void
737
  */
738
  private function render_login_whitelist() {
739
- global $aio_wp_security;
740
- global $aiowps_feature_mgr;
741
- $result = 0;
742
- $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
743
- if (isset($_POST['aiowps_save_whitelist_settings'])) {
744
- $nonce = $_POST['_wpnonce'];
745
- if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce')) {
746
- $aio_wp_security->debug_logger->log_debug('Nonce check failed for save whitelist settings.', 4);
747
- die('Nonce check failed for save whitelist settings.');
748
- }
749
-
750
- if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses'])) {
751
- $this->show_msg_error('You must submit at least one IP address!','all-in-one-wp-security-and-firewall');
752
- } else {
753
- if (!empty($_POST['aiowps_allowed_ip_addresses'])) {
754
- $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
755
- $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
756
- $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
757
- if (1 == $payload[0]) {
758
- //success case
759
- $result = 1;
760
- $list = $payload[1];
761
- $whitelist_ip_data = implode("\n", $list);
762
- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', $whitelist_ip_data);
763
- $_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
764
- } else {
765
- $result = -1;
766
- $error_msg = htmlspecialchars($payload[1][0]);
767
- $this->show_msg_error($error_msg);
768
- }
769
- } else {
770
- $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', ''); //Clear the IP address config value
771
- }
772
-
773
- if (1 == $result) {
774
- $aio_wp_security->configs->set_value('aiowps_enable_whitelisting', isset($_POST["aiowps_enable_whitelisting"]) ? '1' : '');
775
  if ('1' == $aio_wp_security->configs->get_value('aiowps_is_login_whitelist_disabled_on_upgrade')) {
776
  $aio_wp_security->configs->delete_value('aiowps_is_login_whitelist_disabled_on_upgrade');
777
  }
778
- $aio_wp_security->configs->save_config(); //Save the configuration
779
 
780
- //Recalculate points after the feature status/options have been altered
781
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
782
 
783
- $this->show_msg_settings_updated();
784
- }
785
- }
786
- }
787
- ?>
788
  <h2><?php _e('Login whitelist', 'all-in-one-wp-security-and-firewall'); ?></h2>
789
- <div class="aio_blue_box">
790
- <?php
791
- echo '<p>' . __('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall') . '
792
- <br>' . __('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '
793
- <br>' . __('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall') . '
794
- <br>' . __('By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall') . '
795
- </p>';
796
- ?>
797
- </div>
798
- <div class="aio_yellow_box">
799
- <?php
800
- $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=cookie-based-brute-force-prevention" target="_blank">' . __('Cookie-Based brute force login prevention', 'all-in-one-wp-security-and-firewall') . '</a>';
801
- $rename_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=rename-login" target="_blank">' . __('Rename login page', 'all-in-one-wp-security-and-firewall') . '</a>';
802
- echo '<p>' . sprintf( __('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link) . '</p>
803
- <p>' . __('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall') . '</p>';
804
- ?>
805
- </div>
806
 
807
  <?php
808
  if (defined('AIOS_DISABLE_LOGIN_WHITELIST') && AIOS_DISABLE_LOGIN_WHITELIST) {
@@ -810,25 +650,25 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
810
  }
811
  ?>
812
 
813
- <div class="postbox">
814
  <h3 class="hndle"><label for="title"><?php _e('Login IP whitelist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
815
- <div class="inside">
816
- <?php
817
- //Display security info badge
818
- global $aiowps_feature_mgr;
819
- $aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
820
- ?>
821
- <form action="" method="POST">
822
- <?php wp_nonce_field('aiowpsec-whitelist-settings-nonce'); ?>
823
- <table class="form-table">
824
- <tr valign="top">
825
  <th scope="row"><?php _e('Enable IP whitelisting', 'all-in-one-wp-security-and-firewall'); ?>:</th>
826
- <td>
827
- <input id="aiowps_enable_whitelisting" name="aiowps_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
828
- <label for="aiowps_enable_whitelisting" class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></label>
829
- </td>
830
- </tr>
831
- <tr valign="top">
832
  <th scope="row"><label for="aiowps_user_ip"><?php _e('Your current IP address', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
833
  <td>
834
  <input id="aiowps_user_ip" class="copy-to-clipboard" size="40" name="aiowps_user_ip" type="text" value="<?php echo esc_attr($your_ip_address); ?>" readonly>
@@ -837,19 +677,19 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
837
  </tr>
838
  <tr valign="top">
839
  <th scope="row"><label for="aiowps_allowed_ip_addresses"><?php _e('Enter whitelisted IP addresses:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
840
- <td>
841
- <textarea id="aiowps_allowed_ip_addresses" name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php echo esc_textarea(wp_unslash(-1 == $result ? $_POST['aiowps_allowed_ip_addresses'] : $aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'))); ?></textarea>
842
  <br>
843
  <span class="description"><?php echo __('Enter one or more IP addresses or IP ranges you wish to include in your whitelist.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Only the addresses specified here will have access to the WordPress login page.', 'all-in-one-wp-security-and-firewall'); ?></span>
844
  <?php $aio_wp_security->include_template('info/ip-address-ip-range-info.php'); ?>
845
- </td>
846
- </tr>
847
- </table>
848
- <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_whitelist_settings');?>
849
- </form>
850
- </div></div>
851
- <?php
852
- }
853
 
854
  /**
855
  * Honeypot tab.
@@ -859,61 +699,61 @@ class AIOWPSecurity_Brute_Force_Menu extends AIOWPSecurity_Admin_Menu {
859
  *
860
  * @return void
861
  */
862
- function render_honeypot() {
863
- global $aio_wp_security;
864
- global $aiowps_feature_mgr;
865
-
866
- if(isset($_POST['aiowpsec_save_honeypot_settings'])) { //Do form submission tasks
867
- $error = '';
868
- $nonce = $_POST['_wpnonce'];
869
- if (!wp_verify_nonce($nonce, 'aiowpsec-honeypot-settings-nonce')) {
870
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on honeypot settings save.",4);
871
- die("Nonce check failed on honeypot settings save.");
872
- }
873
-
874
- //Save all the form values to the options
875
- $aio_wp_security->configs->set_value('aiowps_enable_login_honeypot', isset($_POST["aiowps_enable_login_honeypot"]) ? '1' : '');
876
- $aio_wp_security->configs->save_config();
877
-
878
- //Recalculate points after the feature status/options have been altered
879
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
880
-
881
- $this->show_msg_settings_updated();
882
- }
883
- ?>
884
- <div class="aio_blue_box">
885
- <?php
886
- echo '<p>' . __('This feature allows you to add a special hidden "honeypot" field on the WordPress login page. This will only be visible to robots and not humans.', 'all-in-one-wp-security-and-firewall') . '
887
- <br>' . __('Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.', 'all-in-one-wp-security-and-firewall') . '
888
- <br>' . __('The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.', 'all-in-one-wp-security-and-firewall') . '
889
- <br>' . __('Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1.', 'all-in-one-wp-security-and-firewall') . '
890
- </p>';
891
- ?>
892
- </div>
893
- <form action="" method="POST">
894
- <div class="postbox">
895
  <h3 class="hndle"><label for="title"><?php _e('Login form honeypot settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
896
- <div class="inside">
897
- <?php
898
- //Display security info badge
899
- global $aiowps_feature_mgr;
900
- $aiowps_feature_mgr->output_feature_details_badge("login-honeypot");
901
- ?>
902
-
903
- <?php wp_nonce_field('aiowpsec-honeypot-settings-nonce'); ?>
904
- <table class="form-table">
905
- <tr valign="top">
906
  <th scope="row"><?php _e('Enable honeypot on login page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
907
- <td>
908
- <input id="aiowps_enable_login_honeypot" name="aiowps_enable_login_honeypot" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot'),'1'); ?> value="1"/>
909
- <label for="aiowps_enable_login_honeypot" class="description"><?php _e('Check this if you want to enable the honeypot feature for the login page', 'all-in-one-wp-security-and-firewall'); ?></label>
910
- </td>
911
- </tr>
912
- </table>
913
- </div></div>
914
  <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_honeypot_settings');?>
915
- </form>
916
- <?php
917
- }
918
-
919
  } //end class
1
  <?php
2
  if (!defined('ABSPATH')) {
3
+ exit; // Exit if accessed directly
4
  }
5
 
6
  /**
32
  protected $menu_tabs_handler = array(
33
  'rename-login' => 'render_rename_login',
34
  'cookie-based-brute-force-prevention' => 'render_cookie_based_brute_force_prevention',
35
+ 'captcha-settings' => 'render_captcha_settings',
36
  'login-whitelist' => 'render_login_whitelist',
37
  'honeypot' => 'render_honeypot',
38
  );
43
  public function __construct() {
44
  $this->render_menu_page();
45
  }
46
+
47
  /**
48
  * Set menu tabs name.
49
  */
51
  $this->menu_tabs = array(
52
  'rename-login' => __('Rename login page','all-in-one-wp-security-and-firewall'),
53
  'cookie-based-brute-force-prevention' => __('Cookie based brute force prevention', 'all-in-one-wp-security-and-firewall'),
54
+ 'captcha-settings' => __('CAPTCHA settings', 'all-in-one-wp-security-and-firewall'),
55
  'login-whitelist' => __('Login whitelist', 'all-in-one-wp-security-and-firewall'),
56
  'honeypot' => __('Honeypot', 'all-in-one-wp-security-and-firewall'),
57
  );
61
  * Renders our tabs of this menu as nav items
62
  */
63
  private function render_menu_tabs() {
64
+ $current_tab = $this->get_current_tab();
65
 
66
+ echo '<h2 class="nav-tab-wrapper">';
67
+ foreach ( $this->menu_tabs as $tab_key => $tab_caption ) {
68
  if ((!is_main_site()) && false === stristr($tab_caption, 'Rename login page') && false === stristr($tab_caption, 'Login CAPTCHA')) {
69
  // Suppress the all Brute Force menu tabs if site is a multi site AND not the main site except "rename login" and "CAPTCHA"
70
  } else {
71
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
72
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
73
+ }
74
+ }
75
+ echo '</h2>';
76
  }
77
 
78
  /**
79
  * The menu rendering goes here
80
  */
81
  private function render_menu_page() {
82
+ echo '<div class="wrap">';
83
+ echo '<h2>' . __('Brute force','all-in-one-wp-security-and-firewall') . '</h2>';//Interface title
84
+ $this->set_menu_tabs();
85
+ $tab = $this->get_current_tab();
86
+ $this->render_menu_tabs();
87
+ ?>
88
+ <div id="poststuff"><div id="post-body">
89
+ <?php
90
+ // $tab_keys = array_keys($this->menu_tabs);
91
+ call_user_func(array($this, $this->menu_tabs_handler[$tab]));
92
+ ?>
93
+ </div></div>
94
+ </div><!-- end of wrap -->
95
+ <?php
96
  }
97
+
98
  /**
99
  * Rename login page tab.
100
  *
103
  * @global $aiowps_feature_mgr
104
  */
105
  private function render_rename_login() {
106
+ global $wpdb, $aio_wp_security;
107
+ global $aiowps_feature_mgr;
108
+ $aiowps_login_page_slug = '';
109
 
110
+ if (get_option('permalink_structure')) {
111
  $home_url = trailingslashit(home_url());
112
+ } else {
113
  $home_url = trailingslashit(home_url()) . '?';
114
+ }
115
+
116
+ if(isset($_POST['aiowps_save_rename_login_page_settings'])) { // Do form submission tasks
117
+ $error = '';
118
+ $nonce = $_POST['_wpnonce'];
119
+ if (!wp_verify_nonce($nonce, 'aiowpsec-rename-login-page-nonce')) {
120
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for rename login page save.", 4);
121
+ die("Nonce check failed for rename login page save.");
122
+ }
123
+
124
+ if (empty($_POST['aiowps_login_page_slug']) && isset($_POST["aiowps_enable_rename_login_page"])) {
125
+ $error .= '<br />' . __('Please enter a value for your login page slug.', 'all-in-one-wp-security-and-firewall');
126
+ } else if (!empty($_POST['aiowps_login_page_slug'])) {
127
+ $aiowps_login_page_slug = sanitize_text_field($_POST['aiowps_login_page_slug']);
128
+ if ('wp-admin' == $aiowps_login_page_slug) {
129
+ $error .= '<br />' . __('You cannot use the value "wp-admin" for your login page slug.', 'all-in-one-wp-security-and-firewall');
130
+ } elseif (preg_match('/[^a-z_\-0-9]/i', $aiowps_login_page_slug)) {
131
+ $error .= '<br />' . __('You must use alpha numeric characters for your login page slug.', 'all-in-one-wp-security-and-firewall');
132
+ }
133
+ }
134
+
135
+ if ($error) {
136
+ $this->show_msg_error(__('Attention:', 'all-in-one-wp-security-and-firewall') . ' ' . $error);
137
+ } else {
138
+ $htaccess_res = '';
139
+ $cookie_feature_active = false;
140
+ // Save all the form values to the options
141
+ if (isset($_POST["aiowps_enable_rename_login_page"])) {
142
+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '1');
143
+ } else {
144
+ $aio_wp_security->configs->set_value('aiowps_enable_rename_login_page', '');
145
+ }
146
+ $aio_wp_security->configs->set_value('aiowps_login_page_slug', $aiowps_login_page_slug);
147
+ $aio_wp_security->configs->save_config();
148
+
149
+
150
+ // Recalculate points after the feature status/options have been altered
151
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
152
+ if (false === $htaccess_res) {
153
+ $this->show_msg_error(__('Could not delete the Cookie-based directives from the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
154
+ }
155
+ else {
156
+ $this->show_msg_settings_updated();
157
+ }
158
+
159
+ /** The following is a fix/workaround for the following issue:
160
+ * https://wordpress.org/support/topic/applying-brute-force-rename-login-page-not-working/
161
+ * ie, when saving the rename login config, the logout link does not update on the first page load after the $_POST submit to reflect the new rename login setting.
162
+ * Added a page refresh to fix this for now until I figure out a better solution.
163
+ *
164
+ **/
165
+ $cur_url = "admin.php?page=".AIOWPSEC_BRUTE_FORCE_MENU_SLUG."&tab=rename-login";
166
+ AIOWPSecurity_Utility::redirect_to_url($cur_url);
167
+
168
+ }
169
+ }
170
+
171
+ ?>
172
+ <div class="aio_blue_box">
173
+ <?php
174
  echo '<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'all-in-one-wp-security-and-firewall').'</p>'.
175
+ '<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'all-in-one-wp-security-and-firewall').'</p>'.
176
+ '<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'all-in-one-wp-security-and-firewall').'</p>'.
177
+ '<p>'.__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'all-in-one-wp-security-and-firewall') . '</p>';
178
  if (!is_multisite() || 1 == get_current_blog_id()) {
179
+ $cookie_based_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=cookie-based-brute-force-prevention" target="_blank">'.__('Cookie based brute force prevention', 'all-in-one-wp-security-and-firewall').'</a>';
180
+ $white_list_feature_url = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=login-whitelist" target="_blank">'.__('Login page white list', 'all-in-one-wp-security-and-firewall').'</a>';
181
+
182
  echo '<div class="aio_section_separator_1"></div>'.
183
+ '<p>' . __('You may also be interested in the following alternative brute force prevention features:', 'all-in-one-wp-security-and-firewall') . '</p>'.
184
+ '<p>' . $cookie_based_feature_url . '</p>'.
185
+ '<p>' . $white_list_feature_url . '</p>';
186
+ }
187
+ ?>
188
+ </div>
189
+ <?php
190
+ // Show the user the new login URL if this feature is active
191
+ if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')) {
192
+ ?>
193
+ <div class="aio_yellow_box">
194
+ <p><?php _e('Your WordPress login page URL has been renamed.', 'all-in-one-wp-security-and-firewall'); ?></p>
195
+ <p><?php _e('Your current login URL is:', 'all-in-one-wp-security-and-firewall'); ?></p>
196
+ <p><strong><?php echo $home_url.$aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?></strong></p>
197
+ </div>
198
+
199
+ <?php
200
+ }
201
+ ?>
202
+ <div class="postbox">
203
  <h3 class="hndle"><label for="title"><?php _e('Rename login page settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
204
+ <div class="inside">
205
+ <?php
206
+ // Display security info badge
207
+ global $aiowps_feature_mgr;
208
+ $aiowps_feature_mgr->output_feature_details_badge("bf-rename-login-page");
209
+ ?>
210
+
211
+ <form action="" method="POST">
212
+ <?php wp_nonce_field('aiowpsec-rename-login-page-nonce'); ?>
213
+ <div class="aio_orange_box">
214
+ <?php
215
+ $read_link = '<a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">' . __('must read this message', 'all-in-one-wp-security-and-firewall') . '</a>';
216
+ echo '<p>' . sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link) . '</p>';
217
+ echo '<p>' . __("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", "all-in-one-wp-security-and-firewall") . '</p>';
218
+ ?>
219
+ </div>
220
+ <table class="form-table">
221
+ <tr valign="top">
222
  <th scope="row"><?php _e('Enable rename login page feature', 'all-in-one-wp-security-and-firewall'); ?>:</th>
223
+ <td>
224
+ <input id="aiowps_enable_rename_login_page" name="aiowps_enable_rename_login_page" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page'),'1'); ?> value="1"/>
225
+ <label for="aiowps_enable_rename_login_page" class="description"><?php _e('Check this if you want to enable the rename login page feature', 'all-in-one-wp-security-and-firewall'); ?></label>
226
+ </td>
227
+ </tr>
228
  <tr valign="top">
229
  <th scope="row"><label for="aiowps_login_page_slug"><?php _e('Login page URL', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
230
  <td><code><?php echo $home_url; ?></code><input id="aiowps_login_page_slug" type="text" size="15" name="aiowps_login_page_slug" value="<?php echo $aio_wp_security->configs->get_value('aiowps_login_page_slug'); ?>">
231
+ <span class="description"><?php _e('Enter a string which will represent your secure login page slug. You are encouraged to choose something which is hard to guess and only you will remember.', 'all-in-one-wp-security-and-firewall'); ?></span>
232
+ </td>
233
+ </tr>
234
+ </table>
235
+ <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_rename_login_page_settings');?>
236
+ </form>
237
+ </div></div>
238
 
239
+ <?php
240
+ }
241
 
242
  /**
243
  * Cookie based brute force prevention tab.
248
  *
249
  * @return void
250
  */
251
+ private function render_cookie_based_brute_force_prevention() {
252
+ global $aio_wp_security;
253
+ global $aiowps_feature_mgr;
254
+ global $aiowps_firewall_config;
255
+ $error = false;
256
+ $msg = '';
257
+
258
+ // Save settings for brute force cookie method
259
+ if (isset($_POST['aiowps_apply_cookie_based_bruteforce_firewall'])) {
260
+ if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-enable-cookie-based-brute-force-prevention')) {
261
+ $aio_wp_security->debug_logger->log_debug('Nonce check failed on enable cookie based brute force prevention feature.', 4);
262
+ die('Nonce check failed on enable cookie based brute force prevention feature.');
263
+ }
264
+
265
+ if (isset($_POST['aiowps_enable_brute_force_attack_prevention'])) {
266
+ $brute_force_feature_secret_word = sanitize_text_field($_POST['aiowps_brute_force_secret_word']);
267
+ if (empty($brute_force_feature_secret_word)) {
268
+ $brute_force_feature_secret_word = AIOS_DEFAULT_BRUTE_FORCE_FEATURE_SECRET_WORD;
269
+ } elseif (!ctype_alnum($brute_force_feature_secret_word)) {
270
+ $msg = '<p>' . __('Settings have not been saved - your secret word must consist only of alphanumeric characters, i.e., letters and/or numbers only.', 'all-in-one-wp-security-and-firewall') . '</p>';
271
+ $error = true;
272
+ }
273
+
274
+ if (filter_var($_POST['aiowps_cookie_based_brute_force_redirect_url'], FILTER_VALIDATE_URL)) {
275
+ $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url', esc_url_raw($_POST['aiowps_cookie_based_brute_force_redirect_url']));
276
+ } else {
277
+ $aio_wp_security->configs->set_value('aiowps_cookie_based_brute_force_redirect_url', 'http://127.0.0.1');
278
+ }
279
+
280
+ if (!$error) {
281
  $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '1');
282
  $aio_wp_security->configs->set_value('aiowps_brute_force_secret_word', $brute_force_feature_secret_word);
283
 
284
+ $msg = '<p>' . __('You have successfully enabled the cookie based brute force prevention feature', 'all-in-one-wp-security-and-firewall') . '</p>';
285
+ $msg .= '<p>' . __('From now on you will need to log into your WP Admin using the following URL:', 'all-in-one-wp-security-and-firewall') . '</p>';
286
+ $msg .= '<p><strong>'.AIOWPSEC_WP_URL.'/?'.$brute_force_feature_secret_word.'=1</strong></p>';
287
+ $msg .= '<p>' . __('It is important that you save this URL value somewhere in case you forget it, OR,', 'all-in-one-wp-security-and-firewall') . '</p>';
288
+ $msg .= '<p>' . sprintf( __('simply remember to add a "?%s=1" to your current site URL address.', 'all-in-one-wp-security-and-firewall'), $brute_force_feature_secret_word) . '</p>';
289
+ }
290
+ } else {
291
+ $aio_wp_security->configs->set_value('aiowps_enable_brute_force_attack_prevention', '');
292
+ $msg = __('You have successfully saved cookie based brute force prevention feature settings.', 'all-in-one-wp-security-and-firewall');
293
+ }
294
+
295
+ if (isset($_POST['aiowps_brute_force_attack_prevention_pw_protected_exception'])) {
296
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception', '1');
297
+ } else {
298
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_pw_protected_exception', '');
299
+ }
300
+
301
+ if (isset($_POST['aiowps_brute_force_attack_prevention_ajax_exception'])) {
302
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception', '1');
303
+ } else {
304
+ $aio_wp_security->configs->set_value('aiowps_brute_force_attack_prevention_ajax_exception', '');
305
+ }
306
+
307
+ if (!$error) {
308
+ AIOWPSecurity_Configure_Settings::set_cookie_based_bruteforce_firewall_configs();
309
+ $aio_wp_security->configs->save_config();//save the value
310
+
311
+ //Recalculate points after the feature status/options have been altered
312
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
313
+ if ('' != $msg) {
314
+ echo '<div id="message" class="updated fade"><p>';
315
+ echo $msg;
316
+ echo '</p></div>';
317
+ }
318
+ } else {
319
+ $this->show_msg_error($msg);
320
+ }
321
+ }
322
+ ?>
323
  <h2><?php _e('Brute force prevention firewall settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
324
 
325
+ <div class="aio_blue_box">
326
+ <?php
327
+ //TODO - need to fix the following message
328
+ echo '<p>' . __('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'all-in-one-wp-security-and-firewall').
329
+ '<br>' . __('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'all-in-one-wp-security-and-firewall').
330
+ '<br>' . __('The features in this tab will stop the majority of brute force login attacks thus providing even better protection for your WP login page.', 'all-in-one-wp-security-and-firewall') . '</p>';
331
+ ?>
332
+ </div>
333
+ <div class="aio_yellow_box">
334
+ <?php
335
+ $backup_tab_link = '<a href="admin.php?page='.AIOWPSEC_SETTINGS_MENU_SLUG.'&tab=tab2" target="_blank">' . __('backup', 'all-in-one-wp-security-and-firewall') . '</a>';
336
+ $tutorial_link = '<a href="https://aiosplugin.com/how-to-use-cookie-based-brute-force-login-attack-prevention-feature/" target="_blank">' . __('tutorial', 'all-in-one-wp-security-and-firewall') . '</a>';
337
+ $info_msg = sprintf( __('To learn more about how to use this feature, please read the following %s.', 'all-in-one-wp-security-and-firewall'), $tutorial_link);
338
+ $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">'.__('Cookie-based brute force login prevention', 'all-in-one-wp-security-and-firewall').'</a>';
339
+ echo '<p>' . $info_msg . '</p>';
340
+ ?>
341
  </div>
342
  <?php
343
  if (defined('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION') && AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION) {
346
  ?>
347
  <div class="postbox">
348
  <h3 class="hndle"><label for="title"><?php _e('Cookie based brute force login prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
349
+ <div class="inside">
350
+ <?php
351
+ //Display security info badge
352
+ global $aiowps_feature_mgr;
353
+ $aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
354
+ ?>
355
+ <form action="" method="POST">
356
+ <?php wp_nonce_field('aiowpsec-enable-cookie-based-brute-force-prevention'); ?>
357
+ <div class="aio_orange_box">
358
+ <p>
359
+ <?php _e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://aiosplugin.com/important-note-on-intermediate-and-advanced-features" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a> before activating this feature.', 'all-in-one-wp-security-and-firewall'); ?>
360
+ </p>
361
+ </div>
362
+ <?php
363
+ $cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
364
+
365
+ $disable_brute_force_fetaure_input = true;
366
+ // If the cookie test is successful or if the feature is already enabled then go ahead as normal
367
+ if ('1' == $cookie_test_value || '1' == $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')) {
368
+ if (isset($_POST['aiowps_cookie_test'])) {//Cookie test was just performed and the test succeded
369
+ echo '<div class="aio_green_box"><p>';
370
+ _e('The cookie test was successful. You can now enable this feature.', 'all-in-one-wp-security-and-firewall');
371
+ echo '</p></div>';
372
+ }
373
  $disable_brute_force_fetaure_input = false;
374
+ } else {
375
+ //Cookie test needs to be performed
376
+ if (isset($_POST['aiowps_cookie_test']) && '1' != $cookie_test_value) {//Test failed
377
+ echo '<div class="aio_red_box"><p>';
378
  _e('The cookie test failed on this server. Consequently, this feature cannot be used on this site.', 'all-in-one-wp-security-and-firewall');
379
  echo '</p></div>';
380
+ }
381
+ ?>
382
+ <div class="aio_yellow_box">
383
+ <p>
384
+ <?php
385
+ _e('Before using this feature, you must perform a cookie test first.', 'all-in-one-wp-security-and-firewall');
386
+ echo ' ';
387
+ echo htmlspecialchars(__("This ensures that your browser cookie is working correctly and that you won't lock yourself out.", 'all-in-one-wp-security-and-firewall'));
388
+ ?>
389
+ </p>
390
+ </div>
391
+ <?php
392
  submit_button(__('Perform cookie test', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_do_cookie_test_for_bfla');
393
  }
394
  $disable_brute_force_sub_fields = !$aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
395
+ ?>
396
+ <table class="form-table">
397
  <tr valign="top">
398
  <th scope="row"><?php _e('Enable brute force attack prevention', 'all-in-one-wp-security-and-firewall'); ?>:</th>
399
+ <td>
400
+ <input id="aiowps_enable_brute_force_attack_prevention" name="aiowps_enable_brute_force_attack_prevention" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention'));?> value="1"<?php disabled($disable_brute_force_fetaure_input); ?>/>
401
+ <label for="aiowps_enable_brute_force_attack_prevention" class="description"><?php _e('Check this if you want to protect your login page from Brute Force Attack.', 'all-in-one-wp-security-and-firewall'); ?></label>
402
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
403
+ <div class="aiowps_more_info_body">
404
+ <p class="description">
405
+ <?php
406
+ _e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'all-in-one-wp-security-and-firewall');
407
+ echo '<br>';
408
+ _e('To use this feature do the following:', 'all-in-one-wp-security-and-firewall');
409
+ echo '<br>';
410
+ _e('1) Enable the checkbox.', 'all-in-one-wp-security-and-firewall');
411
+ echo '<br>';
412
+ _e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'all-in-one-wp-security-and-firewall');
413
+ echo '<br>';
414
+ _e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'all-in-one-wp-security-and-firewall');
415
+ echo '<br>';
416
+ _e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'all-in-one-wp-security-and-firewall');
417
+ ?>
418
+ </p>
419
+ </div>
420
+ </td>
421
+ </tr>
422
  <tr valign="top">
423
  <th scope="row"><label for="aiowps_brute_force_secret_word"><?php _e('Secret word', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
424
  <td><input id="aiowps_brute_force_secret_word" type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); ?>"<?php disabled($disable_brute_force_sub_fields); ?>>
425
+ <span class="description"><?php _e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.', 'all-in-one-wp-security-and-firewall'); ?></span>
426
+ </td>
427
+ </tr>
428
+ <tr valign="top">
429
+ <th scope="row"><label for="aiowps_cookie_based_brute_force_redirect_url"><?php _e('Re-direct URL', 'all-in-one-wp-security-and-firewall')?>:</label></th>
430
+ <td><input id="aiowps_cookie_based_brute_force_redirect_url" type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo $aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url'); ?>" <?php disabled($disable_brute_force_sub_fields); ?> />
431
+ <span class="description">
432
+ <?php
433
+ _e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'all-in-one-wp-security-and-firewall');
434
+ ?>
435
+ </span>
436
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
437
+ <div class="aiowps_more_info_body">
438
+ <p class="description">
439
+ <?php
440
+ _e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.', 'all-in-one-wp-security-and-firewall');
441
+ echo '<br>';
442
+ _e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'all-in-one-wp-security-and-firewall');
443
+ echo '<br>';
444
+ _e('Useful Tip:', 'all-in-one-wp-security-and-firewall');
445
+ echo '<br>';
446
+ _e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'all-in-one-wp-security-and-firewall');
447
+ echo '<br>';
448
+ _e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'all-in-one-wp-security-and-firewall');
449
+ ?>
450
+ </p>
451
+ </div>
452
+ </td>
453
+ </tr>
454
  <tr valign="top">
455
  <th scope="row"><?php _e('My site has posts or pages which are password protected', 'all-in-one-wp-security-and-firewall'); ?>:</th>
456
+ <td>
457
+ <input id="aiowps_brute_force_attack_prevention_pw_protected_exception" name="aiowps_brute_force_attack_prevention_pw_protected_exception" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')); ?> value="1"<?php disabled($disable_brute_force_sub_fields); ?> />
458
+ <label for="aiowps_brute_force_attack_prevention_pw_protected_exception" class="description"><?php _e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'all-in-one-wp-security-and-firewall'); ?></label>
459
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
460
+ <div class="aiowps_more_info_body">
461
+ <p class="description">
462
+ <?php
463
+ _e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added so that people trying to access pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
464
+ echo '<br>';
465
+ _e('By enabling this checkbox, the plugin will add the necessary rules and exceptions so that people trying to access these pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
466
+ echo '<br>';
467
+ echo "<strong>".__('Helpful Tip:', 'all-in-one-wp-security-and-firewall')."</strong>";
468
+ echo '<br>';
469
+ _e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'all-in-one-wp-security-and-firewall');
470
+ ?>
471
+ </p>
472
+ </div>
473
+ </td>
474
+ </tr>
475
  <tr valign="top">
476
  <th scope="row"><?php _e('My site has a theme or plugins which use AJAX', 'all-in-one-wp-security-and-firewall'); ?>:</th>
477
+ <td>
478
+ <input id="aiowps_brute_force_attack_prevention_ajax_exception" name="aiowps_brute_force_attack_prevention_ajax_exception" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')); ?> value="1"<?php disabled($disable_brute_force_sub_fields); ?>/>
479
+ <label for="aiowps_brute_force_attack_prevention_ajax_exception" class="description"><?php _e('Check this if your site uses AJAX functionality.', 'all-in-one-wp-security-and-firewall'); ?></label>
480
  <span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
481
+ <div class="aiowps_more_info_body">
482
+ <p class="description">
483
+ <?php
484
+ _e('In the cases where your WordPress installation has a theme or plugin that uses AJAX, a few extra lines of directives and exceptions need to be added to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'all-in-one-wp-security-and-firewall');
485
+ echo '<br>';
486
+ _e('By enabling this checkbox, the plugin will add the necessary rules and exceptions so that AJAX operations will work as expected.', 'all-in-one-wp-security-and-firewall');
487
+ ?>
488
+ </p>
489
+ </div>
490
+ </td>
491
+ </tr>
492
+ </table>
493
  <?php
494
  $other_attributes = $disable_brute_force_fetaure_input ? array('disabled' => 'disabled') : array();
495
  submit_button(__('Save feature settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_apply_cookie_based_bruteforce_firewall', false, $other_attributes);
496
  ?>
497
+ </form>
498
+ </div></div>
499
+ <?php
500
+ }
501
 
502
  /**
503
  * Login captcha tab.
507
  *
508
  * @return void
509
  */
510
+ private function render_captcha_settings() {
511
+ global $aio_wp_security;
512
+ global $aiowps_feature_mgr;
513
+
514
+ $supported_captchas = $aio_wp_security->captcha_obj->get_supported_captchas();
515
 
516
  if (isset($_POST['aiowpsec_save_captcha_settings'])) { // Do form submission tasks
517
  $error = '';
518
  if (!wp_verify_nonce($_POST['_wpnonce'], 'aiowpsec-captcha-settings-nonce')) {
519
  $aio_wp_security->debug_logger->log_debug('Nonce check failed on CAPTCHA settings save.', 4);
520
  die('Nonce check failed on CAPTCHA settings save.');
521
+ }
522
+
523
+ $default_captcha = isset($_POST['aiowps_default_captcha']) ? sanitize_text_field($_POST['aiowps_default_captcha']) : '';
524
+
525
+ $default_captcha = array_key_exists($default_captcha, $supported_captchas) ? $default_captcha : 'none';
526
 
527
+ $aio_wp_security->configs->set_value('aiowps_default_captcha', $default_captcha);
528
 
529
+ //Save all the form values to the options
530
  $random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); // Generate random 20 char string for use during CAPTCHA encode/decode
531
+ $aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
532
+ $aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
533
+ $aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha',isset($_POST["aiowps_enable_woo_login_captcha"])?'1':'');
534
+ $aio_wp_security->configs->set_value('aiowps_enable_woo_register_captcha',isset($_POST["aiowps_enable_woo_register_captcha"])?'1':'');
535
+ $aio_wp_security->configs->set_value('aiowps_enable_woo_lostpassword_captcha',isset($_POST["aiowps_enable_woo_lostpassword_captcha"])?'1':'');
536
+ $aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha',isset($_POST["aiowps_enable_custom_login_captcha"])?'1':'');
537
+ $aio_wp_security->configs->set_value('aiowps_enable_lost_password_captcha',isset($_POST["aiowps_enable_lost_password_captcha"])?'1':'');
538
 
539
  $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key', sanitize_text_field($_POST['aiowps_recaptcha_site_key']));
540
 
544
  $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key', $secret_key);
545
  }
546
 
547
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha') && false === $aio_wp_security->captcha_obj->google_recaptcha_verify_configuration($aio_wp_security->configs->get_value('aiowps_recaptcha_site_key'), $aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'))) {
 
 
548
  $aio_wp_security->configs->set_value('aios_google_recaptcha_invalid_configuration', '1');
549
  } elseif ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
550
  $aio_wp_security->configs->delete_value('aios_google_recaptcha_invalid_configuration');
552
 
553
  $aio_wp_security->configs->save_config();
554
 
555
+ //Recalculate points after the feature status/options have been altered
556
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
557
 
558
+ $this->show_msg_settings_updated();
559
  }
560
 
561
  if ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
562
  echo '<div class="notice notice-warning aio_red_box"><p>'.__('Your Google reCAPTCHA configuration is invalid.', 'all-in-one-wp-security-and-firewall').' '.__('Please enter the correct reCAPTCHA keys below to use the reCAPTCHA feature.', 'all-in-one-wp-security-and-firewall').'</p></div>';
563
  }
564
 
565
+ $default_captcha = $aio_wp_security->configs->get_value('aiowps_default_captcha');
566
+ $secret_key_masked = AIOWPSecurity_Utility::mask_string($aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'));
567
+ $aio_wp_security->include_template('wp-admin/brute-force/captcha-settings.php', false, array('supported_captchas' => $supported_captchas, 'default_captcha' => $default_captcha, 'secret_key_masked' => $secret_key_masked));
568
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
569
 
570
  /**
571
  * Login whitelist tab.
576
  * @return void
577
  */
578
  private function render_login_whitelist() {
579
+ global $aio_wp_security;
580
+ global $aiowps_feature_mgr;
581
+ $result = 0;
582
+ $your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
583
+ if (isset($_POST['aiowps_save_whitelist_settings'])) {
584
+ $nonce = $_POST['_wpnonce'];
585
+ if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce')) {
586
+ $aio_wp_security->debug_logger->log_debug('Nonce check failed for save whitelist settings.', 4);
587
+ die('Nonce check failed for save whitelist settings.');
588
+ }
589
+
590
+ if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses'])) {
591
+ $this->show_msg_error('You must submit at least one IP address!','all-in-one-wp-security-and-firewall');
592
+ } else {
593
+ if (!empty($_POST['aiowps_allowed_ip_addresses'])) {
594
+ $ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
595
+ $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
596
+ $payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
597
+ if (1 == $payload[0]) {
598
+ //success case
599
+ $result = 1;
600
+ $list = $payload[1];
601
+ $whitelist_ip_data = implode("\n", $list);
602
+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', $whitelist_ip_data);
603
+ $_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
604
+ } else {
605
+ $result = -1;
606
+ $error_msg = htmlspecialchars($payload[1][0]);
607
+ $this->show_msg_error($error_msg);
608
+ }
609
+ } else {
610
+ $aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', ''); //Clear the IP address config value
611
+ }
612
+
613
+ if (1 == $result) {
614
+ $aio_wp_security->configs->set_value('aiowps_enable_whitelisting', isset($_POST["aiowps_enable_whitelisting"]) ? '1' : '');
615
  if ('1' == $aio_wp_security->configs->get_value('aiowps_is_login_whitelist_disabled_on_upgrade')) {
616
  $aio_wp_security->configs->delete_value('aiowps_is_login_whitelist_disabled_on_upgrade');
617
  }
618
+ $aio_wp_security->configs->save_config(); //Save the configuration
619
 
620
+ //Recalculate points after the feature status/options have been altered
621
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
622
 
623
+ $this->show_msg_settings_updated();
624
+ }
625
+ }
626
+ }
627
+ ?>
628
  <h2><?php _e('Login whitelist', 'all-in-one-wp-security-and-firewall'); ?></h2>
629
+ <div class="aio_blue_box">
630
+ <?php
631
+ echo '<p>' . __('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall') . '
632
+ <br>' . __('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '
633
+ <br>' . __('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall') . '
634
+ <br>' . __('By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall') . '
635
+ </p>';
636
+ ?>
637
+ </div>
638
+ <div class="aio_yellow_box">
639
+ <?php
640
+ $brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=cookie-based-brute-force-prevention" target="_blank">' . __('Cookie-Based brute force login prevention', 'all-in-one-wp-security-and-firewall') . '</a>';
641
+ $rename_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=rename-login" target="_blank">' . __('Rename login page', 'all-in-one-wp-security-and-firewall') . '</a>';
642
+ echo '<p>' . sprintf( __('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link) . '</p>
643
+ <p>' . __('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall') . '</p>';
644
+ ?>
645
+ </div>
646
 
647
  <?php
648
  if (defined('AIOS_DISABLE_LOGIN_WHITELIST') && AIOS_DISABLE_LOGIN_WHITELIST) {
650
  }
651
  ?>
652
 
653
+ <div class="postbox">
654
  <h3 class="hndle"><label for="title"><?php _e('Login IP whitelist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
655
+ <div class="inside">
656
+ <?php
657
+ //Display security info badge
658
+ global $aiowps_feature_mgr;
659
+ $aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
660
+ ?>
661
+ <form action="" method="POST">
662
+ <?php wp_nonce_field('aiowpsec-whitelist-settings-nonce'); ?>
663
+ <table class="form-table">
664
+ <tr valign="top">
665
  <th scope="row"><?php _e('Enable IP whitelisting', 'all-in-one-wp-security-and-firewall'); ?>:</th>
666
+ <td>
667
+ <input id="aiowps_enable_whitelisting" name="aiowps_enable_whitelisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_whitelisting')=='1') echo ' checked="checked"'; ?> value="1"/>
668
+ <label for="aiowps_enable_whitelisting" class="description"><?php _e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></label>
669
+ </td>
670
+ </tr>
671
+ <tr valign="top">
672
  <th scope="row"><label for="aiowps_user_ip"><?php _e('Your current IP address', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
673
  <td>
674
  <input id="aiowps_user_ip" class="copy-to-clipboard" size="40" name="aiowps_user_ip" type="text" value="<?php echo esc_attr($your_ip_address); ?>" readonly>
677
  </tr>
678
  <tr valign="top">
679
  <th scope="row"><label for="aiowps_allowed_ip_addresses"><?php _e('Enter whitelisted IP addresses:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
680
+ <td>
681
+ <textarea id="aiowps_allowed_ip_addresses" name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php echo esc_textarea(wp_unslash(-1 == $result ? $_POST['aiowps_allowed_ip_addresses'] : $aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'))); ?></textarea>
682
  <br>
683
  <span class="description"><?php echo __('Enter one or more IP addresses or IP ranges you wish to include in your whitelist.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Only the addresses specified here will have access to the WordPress login page.', 'all-in-one-wp-security-and-firewall'); ?></span>
684
  <?php $aio_wp_security->include_template('info/ip-address-ip-range-info.php'); ?>
685
+ </td>
686
+ </tr>
687
+ </table>
688
+ <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_whitelist_settings');?>
689
+ </form>
690
+ </div></div>
691
+ <?php
692
+ }
693
 
694
  /**
695
  * Honeypot tab.
699
  *
700
  * @return void
701
  */
702
+ private function render_honeypot() {
703
+ global $aio_wp_security;
704
+ global $aiowps_feature_mgr;
705
+
706
+ if(isset($_POST['aiowpsec_save_honeypot_settings'])) { //Do form submission tasks
707
+ $error = '';
708
+ $nonce = $_POST['_wpnonce'];
709
+ if (!wp_verify_nonce($nonce, 'aiowpsec-honeypot-settings-nonce')) {
710
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on honeypot settings save.",4);
711
+ die("Nonce check failed on honeypot settings save.");
712
+ }
713
+
714
+ //Save all the form values to the options
715
+ $aio_wp_security->configs->set_value('aiowps_enable_login_honeypot', isset($_POST["aiowps_enable_login_honeypot"]) ? '1' : '');
716
+ $aio_wp_security->configs->save_config();
717
+
718
+ //Recalculate points after the feature status/options have been altered
719
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
720
+
721
+ $this->show_msg_settings_updated();
722
+ }
723
+ ?>
724
+ <div class="aio_blue_box">
725
+ <?php
726
+ echo '<p>' . __('This feature allows you to add a special hidden "honeypot" field on the WordPress login page. This will only be visible to robots and not humans.', 'all-in-one-wp-security-and-firewall') . '
727
+ <br>' . __('Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field.', 'all-in-one-wp-security-and-firewall') . '
728
+ <br>' . __('The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.', 'all-in-one-wp-security-and-firewall') . '
729
+ <br>' . __('Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1.', 'all-in-one-wp-security-and-firewall') . '
730
+ </p>';
731
+ ?>
732
+ </div>
733
+ <form action="" method="POST">
734
+ <div class="postbox">
735
  <h3 class="hndle"><label for="title"><?php _e('Login form honeypot settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
736
+ <div class="inside">
737
+ <?php
738
+ //Display security info badge
739
+ global $aiowps_feature_mgr;
740
+ $aiowps_feature_mgr->output_feature_details_badge("login-honeypot");
741
+ ?>
742
+
743
+ <?php wp_nonce_field('aiowpsec-honeypot-settings-nonce'); ?>
744
+ <table class="form-table">
745
+ <tr valign="top">
746
  <th scope="row"><?php _e('Enable honeypot on login page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
747
+ <td>
748
+ <input id="aiowps_enable_login_honeypot" name="aiowps_enable_login_honeypot" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot'),'1'); ?> value="1"/>
749
+ <label for="aiowps_enable_login_honeypot" class="description"><?php _e('Check this if you want to enable the honeypot feature for the login page', 'all-in-one-wp-security-and-firewall'); ?></label>
750
+ </td>
751
+ </tr>
752
+ </table>
753
+ </div></div>
754
  <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_honeypot_settings');?>
755
+ </form>
756
+ <?php
757
+ }
758
+
759
  } //end class
admin/wp-security-settings-menu.php CHANGED
@@ -4,74 +4,74 @@ if (!defined('ABSPATH')) die('No direct access.');
4
 
5
  class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
6
 
7
- private $menu_page_slug = AIOWPSEC_SETTINGS_MENU_SLUG;
8
-
9
- /* Specify all the tabs of this menu in the following array */
10
- public $menu_tabs;
11
-
12
- /**
13
- * Class constructor
14
- */
15
- public function __construct() {
16
- $this->render_menu_page();
17
- }
18
-
19
- /**
20
- * Sets the menu_tabs class variable
21
- */
22
- public function set_menu_tabs() {
23
- $menu_tabs = array(
24
- 'tab1' => array(
25
- 'title' => __('General settings', 'all-in-one-wp-security-and-firewall'),
26
- 'render_callback' => array($this, 'render_tab1'),
27
- ),
28
- 'tab2' => array(
29
- 'title' => '.htaccess '.__('file', 'all-in-one-wp-security-and-firewall'),
30
- 'render_callback' => array($this, 'render_tab2'),
31
- ),
32
- 'tab3' => array(
33
- 'title' => 'wp-config.php '.__('file', 'all-in-one-wp-security-and-firewall'),
34
- 'render_callback' => array($this, 'render_tab3'),
35
- ),
36
- 'delete-plugin-settings' => array(
37
- 'title' => __('Delete plugin settings', 'all-in-one-wp-security-and-firewall'),
38
- 'render_callback' => array($this, 'render_delete_plugin_settings_tab'),
39
- ),
40
- 'tab4' => array(
41
- 'title' => __('WP version info', 'all-in-one-wp-security-and-firewall'),
42
- 'render_callback' => array($this, 'render_tab4'),
43
- ),
44
- 'tab5' => array(
45
- 'title' => __('Import/Export', 'all-in-one-wp-security-and-firewall'),
46
- 'render_callback' => array($this, 'render_tab5'),
47
- ),
48
- );
49
 
50
  if (is_main_site()) {
51
  $menu_tabs['advanced-settings'] = array(
52
- 'title' => __('Advanced settings', 'all-in-one-wp-security-and-firewall'),
53
- 'render_callback' => array($this, 'render_advanced_settings'),
54
- );
55
- }
56
 
57
 
58
  $menu_tabs = apply_filters('aiowpsecurity_setting_tabs', $menu_tabs);
59
  $this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab'));
60
- }
61
-
62
- /*
63
- * Renders our tabs of this menu as nav items
64
- */
65
- public function render_menu_tabs() {
66
- $current_tab = $this->get_current_tab();
67
-
68
- echo '<h2 class="nav-tab-wrapper">';
69
- foreach ($this->menu_tabs as $tab_key => $tab_info) {
70
- $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
71
- echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . esc_html($tab_info['title']) . '</a>';
72
- }
73
- echo '</h2>';
74
- }
75
 
76
  /**
77
  * Decide whether to display the tab for the given tab information.
@@ -87,780 +87,651 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
87
  }
88
  }
89
 
90
- /*
91
- * The menu rendering goes here
92
- */
93
- public function render_menu_page() {
94
- echo '<div class="wrap">';
95
- echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
96
- $this->set_menu_tabs();
97
- $tab = $this->get_current_tab();
98
- $this->render_menu_tabs();
99
- ?>
100
- <div id="poststuff"><div id="post-body">
101
- <?php
102
- call_user_func($this->menu_tabs[$tab]['render_callback']);
103
- ?>
104
- </div></div>
105
- </div><!-- end of wrap -->
106
- <?php
107
- }
108
-
109
- public function render_tab1() {
110
- global $aio_wp_security;
111
- if(isset($_POST['aiowpsec_disable_all_features']))//Do form submission tasks
112
- {
113
- $nonce=$_REQUEST['_wpnonce'];
114
- if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-features'))
115
- {
116
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all security features!",4);
117
- die("Nonce check failed on disable all security features!");
118
- }
119
- AIOWPSecurity_Configure_Settings::turn_off_all_security_features();
120
- //Now let's clear the applicable rules from the .htaccess file
121
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
122
-
123
- //Now let's revert the disable editing setting in the wp-config.php file if necessary
124
- $res2 = AIOWPSecurity_Utility::enable_file_edits();
125
-
126
- if ($res)
127
- {
128
- $this->show_msg_updated(__('All the security features have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
129
- }
130
- else
131
- {
132
- $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
133
- }
134
-
135
- if(!$res2)
136
- {
137
- $this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'all-in-one-wp-security-and-firewall'));
138
- }
139
- }
140
-
141
- if(isset($_POST['aiowpsec_disable_all_firewall_rules']))//Do form submission tasks
142
- {
143
- $nonce=$_REQUEST['_wpnonce'];
144
- if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules'))
145
- {
146
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!",4);
147
- die("Nonce check failed on disable all firewall rules!");
148
- }
149
- AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
150
- //Now let's clear the applicable rules from the .htaccess file
151
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
152
-
153
- if ($res)
154
- {
155
- $this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
156
- }
157
- else
158
- {
159
- $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
160
- }
161
- }
162
-
163
- if (isset($_POST['aiowps_reset_settings'])) { // Do form submission tasks
164
- if (!wp_verify_nonce($_POST['_wpnonce'], 'aiowps-reset-settings-nonce')) {
165
- $aio_wp_security->debug_logger->log_debug("Nonce check failed for reset settings.", 4);
166
- die("Nonce check failed for reset settings.");
167
- }
168
-
169
- if (!class_exists('AIOWPSecurity_Reset_Settings')) {
170
- require(AIO_WP_SECURITY_PATH . '/admin/wp-security-reset-settings.php' );
171
- }
172
- $reset_option_res = AIOWPSecurity_Reset_Settings::reset_options();
173
- $delete_htaccess = AIOWPSecurity_Reset_Settings::delete_htaccess();
174
- $truncate_db_tables = AIOWPSecurity_Reset_Settings::reset_db_tables();
175
-
176
- if (false === $reset_option_res && false === $delete_htaccess) {
177
- $this->show_msg_error(__('Deletion of aio_wp_security_configs option and .htaccess directives failed.', 'all-in-one-wp-security-and-firewall'));
178
- } elseif (false === $reset_option_res) {
179
- $this->show_msg_error(__('Reset of aio_wp_security_configs option failed.', 'all-in-one-wp-security-and-firewall'));
180
- } elseif (false === $delete_htaccess) {
181
- $this->show_msg_error(__('Deletion of .htaccess directives failed.', 'all-in-one-wp-security-and-firewall'));
182
- } else {
183
- $this->show_msg_updated(__('All settings have been successfully reset.', 'all-in-one-wp-security-and-firewall'));
184
- }
185
- }
186
-
187
- if(isset($_POST['aiowps_save_debug_settings']))//Do form submission tasks
188
- {
189
- $nonce=$_REQUEST['_wpnonce'];
190
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-debug-settings'))
191
- {
192
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on save debug settings!",4);
193
- die("Nonce check failed on save debug settings!");
194
- }
195
-
196
- $aio_wp_security->configs->set_value('aiowps_enable_debug',isset($_POST["aiowps_enable_debug"])?'1':'');
197
- $aio_wp_security->configs->save_config();
198
- $this->show_msg_settings_updated();
199
- }
200
-
201
- ?>
202
- <div class="aio_grey_box">
203
  <p><?php _e('For information, updates and documentation, please visit the', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://aiosplugin.com" target="_blank"><?php echo htmlspecialchars('All In One WP Security & Firewall Plugin'); ?></a> <?php _e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
204
- </div>
205
 
206
- <div class="postbox">
207
  <h3 class="hndle"><label for="title"><?php _e('WP Security plugin', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
208
- <div class="inside">
209
- <p>
210
- <?php
211
  _e('Thank you for using the AIOS security plugin.', 'all-in-one-wp-security-and-firewall');
212
- ?>
213
- &nbsp;
214
- <?php
215
  _e('There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall');
216
- ?>
217
- </p>
218
- <p>
219
- <?php
220
- _e('To start, go through each security option and enable the "basic" options.', 'all-in-one-wp-security-and-firewall');
221
- ?>
222
- &nbsp;
223
- <?php
224
  _e('The more features you enable, the more security points you will achieve.', 'all-in-one-wp-security-and-firewall');
225
- ?>
226
- </p>
227
- <p><?php _e('Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php.', 'all-in-one-wp-security-and-firewall'); ?></p>
228
- <p>
229
- <ul class="aiowps_admin_ul_grp1">
230
- <li><a href="admin.php?page=aiowpsec_database&tab=tab2" target="_blank"><?php _e('Backup your database', 'all-in-one-wp-security-and-firewall'); ?></a></li>
231
- <li><a href="admin.php?page=aiowpsec_settings&tab=tab2" target="_blank"><?php _e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
232
- <li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
233
- </ul>
234
- </p>
235
- </div>
236
- </div> <!-- end postbox-->
237
-
238
- <div class="postbox">
239
  <h3 class="hndle"><label for="title"><?php _e('Disable security features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
240
- <div class="inside">
241
- <form method="post" action="">
242
- <?php wp_nonce_field('aiowpsec-disable-all-features'); ?>
243
- <div class="aio_blue_box">
244
- <?php
245
- echo '<p>'.__('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
246
- ?>
247
- </div>
248
- <div class="submit">
249
  <input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable all security features', 'all-in-one-wp-security-and-firewall'); ?>">
250
- </div>
251
- </form>
252
- </div>
253
- </div> <!-- end postbox-->
254
 
255
- <div class="postbox">
256
  <h3 class="hndle"><label for="title"><?php _e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
257
- <div class="inside">
258
- <form method="post" action="">
259
- <?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?>
260
- <div class="aio_blue_box">
261
- <?php
262
- echo '<p>'.__('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
263
- ?>
264
- </div>
265
- <div class="submit">
266
  <input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?>">
267
- </div>
268
- </form>
269
- </div>
270
- </div> <!-- end postbox-->
271
 
272
- <div class="postbox">
273
  <h3 class="hndle"><label for="title"><?php _e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
274
- <div class="inside">
275
- <form method="post" action="">
276
- <div class="aio_blue_box">
277
- <?php
278
- echo '<p>'.htmlspecialchars(__('This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin.', 'all-in-one-wp-security-and-firewall')).'</p>';
279
- echo '<p'.__('This button click will reset/empty all the database tables of the security plugin also.', 'all-in-one-wp-security-and-firewall').'</p>';
280
- echo '<p>'.htmlspecialchars(__('Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated.', 'all-in-one-wp-security-and-firewall')).'</p>';
281
  echo '<p>'.htmlspecialchars(__('In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin.', 'all-in-one-wp-security-and-firewall')).'</p>';
282
  echo '<p>'.sprintf(htmlspecialchars(__('%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall Plugin.', 'all-in-one-wp-security-and-firewall')), '<strong>', '</strong>').'</p>';
283
- ?>
284
- </div>
285
- <div class="submit">
286
  <input type="submit" name="aiowps_reset_settings" value="<?php _e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button">
287
- </div>
288
- <?php wp_nonce_field('aiowps-reset-settings-nonce'); ?>
289
- </form>
290
- </div>
291
- </div> <!-- end postbox-->
292
 
293
- <div class="postbox">
294
  <h3 class="hndle"><label for="title"><?php _e('Debug settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
295
- <div class="inside">
296
- <form method="post" action="">
297
- <?php wp_nonce_field('aiowpsec-save-debug-settings'); ?>
298
- <div class="aio_blue_box">
299
- <?php
300
- echo '<p>'.__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
301
- ?>
302
- </div>
303
-
304
- <table class="form-table">
305
- <tr valign="top">
306
  <th scope="row"><?php _e('Enable debug', 'all-in-one-wp-security-and-firewall'); ?>:</th>
307
- <td>
308
- <input id="aiowps_enable_debug" name="aiowps_enable_debug" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_debug')=='1') echo ' checked="checked"'; ?> value="1"/>
309
- <label for="aiowps_enable_debug" class="description"><?php _e('Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue.', 'all-in-one-wp-security-and-firewall'); ?></label>
310
- </td>
311
- </tr>
312
- </table>
313
  <input type="submit" name="aiowps_save_debug_settings" value="<?php _e('Save debug settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button">
314
- </form>
315
- </div>
316
- </div> <!-- end postbox-->
317
- <?php
318
- }
319
 
320
  /**
321
- * Render tab 2 content.
322
- *
323
  * @return void
324
  */
325
- private function render_tab2() {
326
- global $aio_wp_security;
327
-
328
- $home_path = AIOWPSecurity_Utility_File::get_home_path();
329
- $htaccess_path = $home_path . '.htaccess';
330
-
331
- if(isset($_POST['aiowps_save_htaccess']))//Do form submission tasks
332
- {
333
- $nonce=$_REQUEST['_wpnonce'];
334
- if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce'))
335
- {
336
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!",4);
337
- die("Nonce check failed on htaccess file save!");
338
- }
339
-
340
- $result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path); //Backup the htaccess file
341
-
342
- if ($result)
343
- {
344
- $random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
345
- $aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
346
- if (rename($aiowps_backup_dir.'/'.'.htaccess.backup', $aiowps_backup_dir.'/'.$random_prefix.'_htaccess_backup.txt'))
347
- {
348
- echo '<div id="message" class="updated fade"><p>';
349
- _e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.','all-in-one-wp-security-and-firewall');
350
- echo '</p></div>';
351
- }
352
- else
353
- {
354
- $aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!",4);
355
- $this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.','all-in-one-wp-security-and-firewall'));
356
- }
357
- }
358
- else
359
- {
360
- $aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!",4);
361
- $this->show_msg_error(__('htaccess backup failed.','all-in-one-wp-security-and-firewall'));
362
- }
363
- }
364
-
365
- if(isset($_POST['aiowps_restore_htaccess_button']))//Do form submission tasks
366
- {
367
- $nonce=$_REQUEST['_wpnonce'];
368
- if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce'))
369
- {
370
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!",4);
371
- die("Nonce check failed on htaccess file restore!");
372
- }
373
-
374
- if (empty($_POST['aiowps_htaccess_file']))
375
- {
376
- $this->show_msg_error(__('Please choose a .htaccess to restore from.', 'all-in-one-wp-security-and-firewall'));
377
- }
378
- else
379
- {
380
- //Let's copy the uploaded .htaccess file into the active root file
381
- $new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
382
- //TODO
383
- //Verify that file chosen has contents which are relevant to .htaccess file
384
- $is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
385
- if ($is_htaccess == 1)
386
- {
387
- if (!copy($new_htaccess_file_path, $htaccess_path))
388
- {
389
- //Failed to make a backup copy
390
- $aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!",4);
391
- $this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.','all-in-one-wp-security-and-firewall'));
392
- }
393
- else
394
- {
395
- $this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
396
- }
397
- }
398
- else
399
- {
400
- $aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!",4);
401
- $this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
402
- }
403
- }
404
- }
405
-
406
- ?>
407
  <h2><?php _e('.htaccess file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
408
- <div class="aio_blue_box">
409
- <?php
410
- echo '<p>'.__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
411
- <br />'.__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
412
- <br />'.__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
413
- </p>';
414
- ?>
415
- </div>
416
- <?php
417
- $blog_id = get_current_blog_id();
418
- if (is_multisite() && !is_main_site( $blog_id ))
419
- {
420
- //Hide config settings if MS and not main site
421
- AIOWPSecurity_Utility::display_multisite_message();
422
- }
423
- else
424
- {
425
- ?>
426
- <div class="postbox">
427
- <h3 class="hndle"><label for="title"><?php _e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
428
- <div class="inside">
429
- <form action="" method="POST">
430
- <?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?>
431
- <p class="description"><?php _e('Click the button below to backup and save the currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'); ?></p>
432
  <input type="submit" name="aiowps_save_htaccess" value="<?php _e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
433
- </form>
434
- </div></div>
435
- <div class="postbox">
436
- <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
437
- <div class="inside">
438
- <form action="" method="POST">
439
- <?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?>
440
- <table class="form-table">
441
- <tr valign="top">
442
- <th scope="row"><label for="aiowps_htaccess_file_button"><?php _e('.htaccess file to restore from', 'all-in-one-wp-security-and-firewall')?></label>:</th>
443
- <td>
444
- <input type="button" id="aiowps_htaccess_file_button" name="aiowps_htaccess_file_button" class="button rbutton" value="<?php _e('Select Your htaccess File', 'all-in-one-wp-security-and-firewall'); ?>" />
445
- <input name="aiowps_htaccess_file" type="text" id="aiowps_htaccess_file" value="" size="80" />
446
- <p class="description">
447
- <?php
448
- _e('After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).', 'all-in-one-wp-security-and-firewall');
449
- ?>
450
- </p>
451
- </td>
452
- </tr>
453
- </table>
454
- <input type="submit" name="aiowps_restore_htaccess_button" value="<?php _e('Restore .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
455
- </form>
456
- </div></div>
457
- <?php
458
- } // End if statement
459
- }
460
-
461
- function render_tab3()
462
- {
463
- global $aio_wp_security;
464
-
465
- if(isset($_POST['aiowps_restore_wp_config_button']))//Do form submission tasks
466
- {
467
- $nonce=$_REQUEST['_wpnonce'];
468
- if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce'))
469
- {
470
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore!",4);
471
- die("Nonce check failed on wp-config file restore!");
472
- }
473
-
474
- if (empty($_POST['aiowps_wp_config_file']))
475
- {
476
- $this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'all-in-one-wp-security-and-firewall'));
477
- }
478
- else
479
- {
480
- //Let's copy the uploaded wp-config.php file into the active root file
481
- $new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
482
-
483
- //Verify that file chosen is a wp-config.file
484
- $is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
485
- if ($is_wp_config == 1)
486
- {
487
- $active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
488
- if (!copy($new_wp_config_file_path, $active_root_wp_config))
489
- {
490
- //Failed to make a backup copy
491
- $aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!",4);
492
- $this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.','all-in-one-wp-security-and-firewall'));
493
- }
494
- else
495
- {
496
- $this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
497
- }
498
- }
499
- else
500
- {
501
- $aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!",4);
502
- $this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
503
- }
504
- }
505
- }
506
-
507
- ?>
508
  <h2><?php _e('wp-config.php file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
509
- <div class="aio_blue_box">
510
- <?php
511
- echo '<p>'.__('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
512
- <br />'.__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
513
- <br />'.__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
514
- </p>';
515
- ?>
516
- </div>
517
- <?php
518
- $blog_id = get_current_blog_id();
519
- if (is_multisite() && !is_main_site( $blog_id ))
520
- {
521
- //Hide config settings if MS and not main site
522
- AIOWPSecurity_Utility::display_multisite_message();
523
- }
524
- else
525
- {
526
- ?>
527
- <div class="postbox">
528
- <h3 class="hndle"><label for="title"><?php _e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
529
- <div class="inside">
530
- <form action="" method="POST">
531
- <?php wp_nonce_field('aiowpsec-save-wp-config-nonce'); ?>
532
- <p class="description"><?php _e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'all-in-one-wp-security-and-firewall'); ?></p>
533
  <input type="submit" name="aiowps_save_wp_config" value="<?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
534
 
535
- </form>
536
- </div></div>
537
- <div class="postbox">
538
- <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
539
- <div class="inside">
540
- <form action="" method="POST">
541
- <?php wp_nonce_field('aiowpsec-restore-wp-config-nonce'); ?>
542
- <table class="form-table">
543
- <tr valign="top">
544
- <th scope="row"><label for="aiowps_wp_config_file_button"><?php _e('wp-config file to restore from', 'all-in-one-wp-security-and-firewall')?></label>:</th>
545
- <td>
546
- <input type="button" id="aiowps_wp_config_file_button" name="aiowps_wp_config_file_button" class="button rbutton" value="<?php _e('Select Your wp-config File', 'all-in-one-wp-security-and-firewall'); ?>" />
547
- <input name="aiowps_wp_config_file" type="text" id="aiowps_wp_config_file" value="" size="80" />
548
- <p class="description">
549
- <?php
550
- _e('After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt).', 'all-in-one-wp-security-and-firewall');
551
- ?>
552
- </p>
553
- </td>
554
- </tr>
555
- </table>
556
- <input type="submit" name="aiowps_restore_wp_config_button" value="<?php _e('Restore wp-config file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
557
- </form>
558
- </div></div>
559
- <!-- <div class="postbox">-->
560
- <!-- <h3 class="hndle"><label for="title">--><?php //_e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?><!--</label></h3>-->
561
- <!-- <div class="inside">-->
562
- <!-- --><?php
563
  // $wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
564
  // $wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
565
  // ?>
566
- <!-- <textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly>--><?php //echo $wp_config_contents; ?><!--</textarea>-->
567
- <!-- </div></div>-->
568
 
569
- <?php
570
- } //End if statement
571
- }
572
 
573
  public function render_delete_plugin_settings_tab() {
574
  global $aio_wp_security;
575
 
576
- if (isset($_POST['aiowpsec_save_delete_plugin_settings']))
577
- {
578
- $nonce=$_REQUEST['_wpnonce'];
579
- if (!wp_verify_nonce($nonce, 'aiowpsec-delete-plugin-settings'))
580
- {
581
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on manage delete plugin settings save.",4);
582
- die("Nonce check failed on manage delete plugin settings save.");
583
- }
584
-
585
- //Save settings
586
- $aio_wp_security->configs->set_value('aiowps_on_uninstall_delete_db_tables', isset($_POST['aiowps_on_uninstall_delete_db_tables']) ? '1' : '');
587
- $aio_wp_security->configs->set_value('aiowps_on_uninstall_delete_configs', isset($_POST['aiowps_on_uninstall_delete_configs']) ? '1' : '');
588
- $aio_wp_security->configs->save_config();
589
-
590
- $this->show_msg_updated(__('Manage delete plugin settings saved.', 'all-in-one-wp-security-and-firewall'));
591
-
592
- }
593
- ?>
594
- <div class="postbox">
595
- <h3 class="hndle"><label for="title"><?php _e('Manage delete plugin tasks', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
596
- <div class="inside">
597
- <form action="" method="POST">
598
- <?php wp_nonce_field('aiowpsec-delete-plugin-settings'); ?>
599
-
600
- <table class="form-table">
601
- <tr valign="top">
602
- <th scope="row"><?php _e('Delete database tables', 'all-in-one-wp-security-and-firewall')?>:</th>
603
- <td>
604
- <input id="aiowps_on_uninstall_delete_db_tables" name="aiowps_on_uninstall_delete_db_tables" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_db_tables')=='1') echo ' checked="checked"'; ?> value="1"/>
605
- <label for="aiowps_on_uninstall_delete_db_tables" class="description"><?php _e('Check this if you want to remove database tables when the plugin is uninstalled.', 'all-in-one-wp-security-and-firewall'); ?></label>
606
- </td>
607
- </tr>
608
- <tr valign="top">
609
- <th scope="row"><?php _e('Delete settings', 'all-in-one-wp-security-and-firewall')?>:</th>
610
- <td>
611
- <input id="aiowps_on_uninstall_delete_configs" name="aiowps_on_uninstall_delete_configs" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_configs'), '1'); ?> value="1"/>
612
- <label for="aiowps_on_uninstall_delete_configs" class="description"><?php echo __('Check this if you want to remove all plugin settings when uninstalling the plugin.', 'all-in-one-wp-security-and-firewall').' '.__('It will also remove all custom htaccess rules that were added by this plugin.', 'all-in-one-wp-security-and-firewall'); ?></label>
613
- </td>
614
- </tr>
615
- </table>
616
-
617
- <div class="submit">
618
  <input type="submit" class="button-primary" name="aiowpsec_save_delete_plugin_settings" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
619
- </div>
620
- </form>
621
- </div></div>
622
- <?php
623
  }
624
 
625
- public function render_tab4() {
626
- global $aio_wp_security;
627
- global $aiowps_feature_mgr;
628
-
629
- if(isset($_POST['aiowps_save_remove_wp_meta_info']))//Do form submission tasks
630
- {
631
- $nonce=$_REQUEST['_wpnonce'];
632
- if (!wp_verify_nonce($nonce, 'aiowpsec-remove-wp-meta-info-nonce'))
633
- {
634
- $aio_wp_security->debug_logger->log_debug("Nonce check failed on remove wp meta info options save!",4);
635
- die("Nonce check failed on remove wp meta info options save!");
636
- }
637
- $aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info',isset($_POST["aiowps_remove_wp_generator_meta_info"])?'1':'');
638
- $aio_wp_security->configs->save_config();
639
-
640
- //Recalculate points after the feature status/options have been altered
641
- $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
642
-
643
- $this->show_msg_settings_updated();
644
- }
645
- ?>
646
  <h2><?php _e('WP generator meta tag and version info', 'all-in-one-wp-security-and-firewall'); ?></h2>
647
- <div class="aio_blue_box">
648
- <?php
649
- echo '<p>'.__('WordPress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end. Below is an example of this:', 'all-in-one-wp-security-and-firewall');
650
- echo '<br /><strong>&lt;meta name="generator" content="WordPress 3.5.1" /&gt;</strong>';
651
- echo '<br />'.__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
652
- <br /><br />'.__('There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:', 'all-in-one-wp-security-and-firewall').'
653
- <br /><strong>&lt;link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" /&gt;</strong>
654
- <br /><br />'.__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
655
- </p>';
656
- ?>
657
- </div>
658
-
659
- <div class="postbox">
660
  <h3 class="hndle"><label for="title"><?php _e('WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
661
- <div class="inside">
662
- <?php
663
- //Display security info badge
664
- global $aiowps_feature_mgr;
665
- $aiowps_feature_mgr->output_feature_details_badge("wp-generator-meta-tag");
666
- ?>
667
-
668
- <form action="" method="POST">
669
- <?php wp_nonce_field('aiowpsec-remove-wp-meta-info-nonce'); ?>
670
- <table class="form-table">
671
- <tr valign="top">
672
  <th scope="row"><?php _e('Remove WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?>:</th>
673
- <td>
674
- <input id="aiowps_remove_wp_generator_meta_info" name="aiowps_remove_wp_generator_meta_info" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info')=='1') echo ' checked="checked"'; ?> value="1"/>
675
- <label for="aiowps_remove_wp_generator_meta_info" class="description"><?php _e('Check this if you want to remove the version and meta info produced by WP from all pages', 'all-in-one-wp-security-and-firewall'); ?></label>
676
- </td>
677
- </tr>
678
- </table>
679
  <input type="submit" name="aiowps_save_remove_wp_meta_info" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
680
- </form>
681
- </div></div>
682
- <?php
683
- }
684
-
685
- public function render_tab5() {
686
- global $aio_wp_security;
687
-
688
- global $wpdb;
689
-
690
- $events_table_name = AIOWPSEC_TBL_EVENTS;
691
- AIOWPSecurity_Utility::cleanup_table($events_table_name, 500);
692
- if(isset($_POST['aiowps_import_settings']))//Do form submission tasks
693
- {
694
- $nonce=$_REQUEST['_wpnonce'];
695
- if (!wp_verify_nonce($nonce, 'aiowpsec-import-settings-nonce'))
696
- {
697
  $aio_wp_security->debug_logger->log_debug('Nonce check failed on import AIOS settings.', 4);
698
  die('Nonce check failed on import AIOS settings.');
699
- }
700
-
701
- if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_text']))
702
- {
703
- $this->show_msg_error(__('Please choose a file to import your settings from.', 'all-in-one-wp-security-and-firewall'));
704
- }
705
- else
706
- {
707
- if (empty($_POST['aiowps_import_settings_file'])) {
708
- $import_from = "text";
709
- } else {
710
- $import_from = "file";
711
- }
712
-
713
- if ($import_from == "file") {
714
- //Let's get the uploaded import file path
715
- $submitted_import_file_path = trim($_POST['aiowps_import_settings_file']);
716
- $attachment_id = AIOWPSecurity_Utility_File::get_attachment_id_from_url($submitted_import_file_path); //we'll need this later for deleting
717
-
718
- // Verify that file chosen has valid AIOS settings contents
719
- $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($submitted_import_file_path);
720
- } else {
721
- //Get the string right from the textarea. Still confirm it's in the expected format.
722
- $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_text($_POST['aiowps_import_settings_text']);
723
- }
724
-
725
- if ($aiowps_settings_file_contents != -1)
726
- {
727
- //Apply the settings and delete the file (if applicable)
728
- $settings_array = json_decode($aiowps_settings_file_contents, true);
729
- $aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
730
-
731
- if (!$aiowps_settings_applied)
732
- {
733
- //Failed to import settings
734
- $aio_wp_security->debug_logger->log_debug('Import AIOS settings from ' . $import_from . ' operation failed.', 4);
735
- $this->show_msg_error(__('Import AIOS settings from ' . $import_from . ' operation failed!', 'all-in-one-wp-security-and-firewall'));
736
-
737
- if ($import_from == "file") {
738
- //Delete the uploaded settings file for security purposes
739
- wp_delete_attachment( $attachment_id, true );
740
- if ( false === wp_delete_attachment( $attachment_id, true ) ){
741
- $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
742
- }else{
743
- $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
744
- }
745
- }
746
- }
747
- else
748
- {
749
- $aio_wp_security->configs->configs = $settings_array; //Refresh the configs global variable
750
-
751
- //Just in case user submits partial config settings
752
- //Run add_option_values to make sure any missing config items are at least set to default
753
- AIOWPSecurity_Configure_Settings::add_option_values();
754
- if ($import_from == "file") {
755
- //Delete the uploaded settings file for security purposes
756
- wp_delete_attachment( $attachment_id, true );
757
- if ( false === wp_delete_attachment( $attachment_id, true ) ){
758
- $this->show_msg_updated(__('Your AIOS settings were successfully imported via file input.', 'all-in-one-wp-security-and-firewall'));
759
- $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
760
- }else{
761
- $this->show_msg_updated(__('Your AIOS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
762
- }
763
- } else {
764
- $this->show_msg_updated(__('Your AIOS settings were successfully imported via text entry.', 'all-in-one-wp-security-and-firewall'));
765
- }
766
- //Now let's refresh the .htaccess file with any modified rules if applicable
767
- $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
768
-
769
- if( !$res )
770
- {
771
- $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
772
- }
773
- }
774
- }
775
- else
776
- {
777
- //Invalid settings file
778
- $aio_wp_security->debug_logger->log_debug("The contents of your settings file appear invalid!",4);
779
- $this->show_msg_error(__('The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.','all-in-one-wp-security-and-firewall'));
780
-
781
- if ($import_from == "file") {
782
- //Let's also delete the uploaded settings file for security purposes
783
- wp_delete_attachment( $attachment_id, true );
784
- if ( false === wp_delete_attachment( $attachment_id, true ) ){
785
- $this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
786
- }else{
787
- $this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
788
- }
789
- }
790
-
791
- }
792
- }
793
- }
794
-
795
- ?>
796
  <h2><?php _e('Export or import your AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
797
- <div class="aio_blue_box">
798
- <?php
799
  echo '<p>'.htmlspecialchars(__('This section allows you to export or import your All In One WP Security & Firewall settings.', 'all-in-one-wp-security-and-firewall'));
800
- echo '<br />'.__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
801
- <br />'.__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
802
- <br />'.__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.','all-in-one-wp-security-and-firewall').'
803
- </p>';
804
- ?>
805
- </div>
806
-
807
- <div class="postbox">
808
  <h3 class="hndle"><label for="title"><?php _e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
809
- <div class="inside">
810
- <form action="" method="POST">
811
- <?php wp_nonce_field('aiowpsec-export-settings-nonce'); ?>
812
- <table class="form-table">
813
- <tr valign="top">
814
  <span class="description"><?php echo htmlspecialchars(__('To export your All In One WP Security & Firewall settings click the button below.', 'all-in-one-wp-security-and-firewall')); ?></span>
815
- </tr>
816
- </table>
817
  <input type="submit" name="aiowps_export_settings" value="<?php _e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
818
- </form>
819
- </div></div>
820
- <div class="postbox">
821
  <h3 class="hndle"><label for="title"><?php _e('Import AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
822
- <div class="inside">
823
- <form action="" method="POST">
824
- <?php wp_nonce_field('aiowpsec-import-settings-nonce'); ?>
825
- <table class="form-table">
826
  <tr valign="top">
827
- <span class="description"><?php echo htmlspecialchars(__('Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below.', 'all-in-one-wp-security-and-firewall')); ?></span>
828
  <th scope="row">
829
- <label for="aiowps_import_settings_file_button"><?php _e('Import file', 'all-in-one-wp-security-and-firewall'); ?>:</label>
830
  </th>
831
- <td>
832
- <input type="button" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button rbutton" value="<?php _e('Select Your Import Settings File', 'all-in-one-wp-security-and-firewall'); ?>" />
833
- <input name="aiowps_import_settings_file" type="text" id="aiowps_import_settings_file" value="" size="80" />
834
- <p class="description">
835
- <?php
836
- _e('After selecting your file, click the button below to apply the settings to your site.', 'all-in-one-wp-security-and-firewall');
837
- ?>
838
- </p>
839
- </td>
840
- </tr>
841
- <tr valign="top">
842
- <th scope="row">
843
- <label for="aiowps_import_settings_text"><?php _e('Copy/Paste import data', 'all-in-one-wp-security-and-firewall'); ?>:</label>
844
- </th>
845
- <td>
846
- <textarea name="aiowps_import_settings_text" id="aiowps_import_settings_text" style="width:80%;height:140px;"></textarea>
847
- </td>
848
- </tr>
849
- </table>
850
- <input type="submit" name="aiowps_import_settings" value="<?php _e('Import AIOS settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
851
- </form>
852
- </div></div>
853
- <?php
854
- }
855
 
856
  /**
857
- * Renders advanced settings tab.
858
- *
859
  * @return void
860
  */
861
  public function render_advanced_settings() {
862
  if (!is_main_site()) {
863
- return;
864
  }
865
 
866
  global $aio_wp_security;
@@ -873,7 +744,7 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
873
 
874
  $ip_retrieve_method_id = sanitize_text_field($_POST["aiowps_ip_retrieve_method"]);
875
 
876
- if (in_array($ip_retrieve_method_id, array_keys(AIOS_Abstracted_Ids::get_ip_retrieve_methods()))) {
877
  $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', $ip_retrieve_method_id);
878
  $aio_wp_security->configs->save_config(); //Save the configuration
879
 
@@ -889,17 +760,17 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
889
  }
890
 
891
  $ip_retrieve_methods_postfixes = array(
892
- 'REMOTE_ADDR' => __('Default - if correct, then this is the best option', 'all-in-one-wp-security-and-firewall'),
893
- 'HTTP_CF_CONNECTING_IP' => __("Only use if you're using Cloudflare.", 'all-in-one-wp-security-and-firewall'),
894
  );
895
 
896
  $ip_retrieve_methods = array();
897
- foreach (AIOS_Abstracted_Ids::get_ip_retrieve_methods() as $id => $ip_method) {
898
- $ip_retrieve_methods[$id]['ip_method'] = $ip_method;
899
 
900
  if (isset($_SERVER[$ip_method])) {
901
  $ip_retrieve_methods[$id]['ip_method'] .= ' '.sprintf(__('(current value: %s)', 'all-in-one-wp-security-and-firewall'), $_SERVER[$ip_method]);
902
- $ip_retrieve_methods[$id]['is_enabled'] = true;
903
  } else {
904
  $ip_retrieve_methods[$id]['ip_method'] .= ' (' . __('no value (i.e. empty) on your server', 'all-in-one-wp-security-and-firewall') . ')';
905
  $ip_retrieve_methods[$id]['is_enabled'] = false;
@@ -914,76 +785,58 @@ class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
914
  'is_localhost' => AIOWPSecurity_Utility::is_localhost(),
915
  'ip_retrieve_methods' => $ip_retrieve_methods,
916
  'server_suitable_ip_methods' => AIOWPSecurity_Utility_IP::get_server_suitable_ip_methods(),
917
- ));
918
  }
919
 
920
- private function check_if_wp_config_contents($wp_file)
921
- {
922
- $is_wp_config = false;
923
-
924
- $file_contents = file($wp_file);
925
-
926
- if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
927
- {
928
- return -1;
929
- }
930
- foreach ($file_contents as $line)
931
- {
932
- if ((strpos($line, "define('DB_NAME'") !== false))
933
- {
934
- $is_wp_config = true; //It appears that we have some sort of wp-config.php file
935
- break;
936
- }
937
- else
938
- {
939
- //see if we're at the end of the section
940
- $is_wp_config = false;
941
- }
942
- }
943
-
944
- return $is_wp_config ? 1 : -1;
945
-
946
- }
947
-
948
- function check_if_valid_aiowps_settings_text($strText) {
949
- if ($this->check_is_aiopws_settings($strText)) {
950
- return stripcslashes($strText);
951
- } else {
952
- return -1;
953
- }
954
- }
955
-
956
- private function check_is_aiopws_settings($strText) {
957
- if (false === strpos($strText, 'aiowps_enable_login_lockdown')) {
958
- return false;
959
- }
960
-
961
- return true;
962
- }
963
 
964
- // Checks if valid AIOS settings file and returns contents as string
965
- private function check_if_valid_aiowps_settings_file($wp_file) {
966
- $is_aiopws_settings = false;
 
 
 
 
 
 
967
 
968
- $file_contents = file_get_contents($wp_file);
 
 
 
 
 
 
969
 
970
- if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
971
- {
972
- return -1;
973
- }
 
 
 
 
 
 
 
 
 
 
 
974
 
975
  // Check a known AIOS config strings to see if it is contained within this file
976
- $is_aiopws_settings = $this->check_is_aiopws_settings($file_contents);
977
-
978
- if ($is_aiopws_settings)
979
- {
980
- return $file_contents;
981
- }
982
- else
983
- {
984
- return -1;
985
- }
986
-
987
- }
988
 
989
  } //end class
4
 
5
  class AIOWPSecurity_Settings_Menu extends AIOWPSecurity_Admin_Menu {
6
 
7
+ private $menu_page_slug = AIOWPSEC_SETTINGS_MENU_SLUG;
8
+
9
+ /* Specify all the tabs of this menu in the following array */
10
+ public $menu_tabs;
11
+
12
+ /**
13
+ * Class constructor
14
+ */
15
+ public function __construct() {
16
+ $this->render_menu_page();
17
+ }
18
+
19
+ /**
20
+ * Sets the menu_tabs class variable
21
+ */
22
+ public function set_menu_tabs() {
23
+ $menu_tabs = array(
24
+ 'tab1' => array(
25
+ 'title' => __('General settings', 'all-in-one-wp-security-and-firewall'),
26
+ 'render_callback' => array($this, 'render_tab1'),
27
+ ),
28
+ 'htaccess-file-operations' => array(
29
+ 'title' => '.htaccess '.__('file', 'all-in-one-wp-security-and-firewall'),
30
+ 'render_callback' => array($this, 'render_htaccess_file_operations'),
31
+ ),
32
+ 'wp-config-file-operations' => array(
33
+ 'title' => 'wp-config.php '.__('file', 'all-in-one-wp-security-and-firewall'),
34
+ 'render_callback' => array($this, 'render_wp_config_file_operations'),
35
+ ),
36
+ 'delete-plugin-settings' => array(
37
+ 'title' => __('Delete plugin settings', 'all-in-one-wp-security-and-firewall'),
38
+ 'render_callback' => array($this, 'render_delete_plugin_settings_tab'),
39
+ ),
40
+ 'tab4' => array(
41
+ 'title' => __('WP version info', 'all-in-one-wp-security-and-firewall'),
42
+ 'render_callback' => array($this, 'render_tab4'),
43
+ ),
44
+ 'settings-file-operations' => array(
45
+ 'title' => __('Import/Export', 'all-in-one-wp-security-and-firewall'),
46
+ 'render_callback' => array($this, 'render_settings_file_operations'),
47
+ ),
48
+ );
49
 
50
  if (is_main_site()) {
51
  $menu_tabs['advanced-settings'] = array(
52
+ 'title' => __('Advanced settings', 'all-in-one-wp-security-and-firewall'),
53
+ 'render_callback' => array($this, 'render_advanced_settings'),
54
+ );
55
+ }
56
 
57
 
58
  $menu_tabs = apply_filters('aiowpsecurity_setting_tabs', $menu_tabs);
59
  $this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab'));
60
+ }
61
+
62
+ /*
63
+ * Renders our tabs of this menu as nav items
64
+ */
65
+ public function render_menu_tabs() {
66
+ $current_tab = $this->get_current_tab();
67
+
68
+ echo '<h2 class="nav-tab-wrapper">';
69
+ foreach ($this->menu_tabs as $tab_key => $tab_info) {
70
+ $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
71
+ echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . esc_html($tab_info['title']) . '</a>';
72
+ }
73
+ echo '</h2>';
74
+ }
75
 
76
  /**
77
  * Decide whether to display the tab for the given tab information.
87
  }
88
  }
89
 
90
+ /*
91
+ * The menu rendering goes here
92
+ */
93
+ public function render_menu_page() {
94
+ echo '<div class="wrap">';
95
+ echo '<h2>'.__('Settings','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
96
+ $this->set_menu_tabs();
97
+ $tab = $this->get_current_tab();
98
+ $this->render_menu_tabs();
99
+ ?>
100
+ <div id="poststuff"><div id="post-body">
101
+ <?php
102
+ call_user_func($this->menu_tabs[$tab]['render_callback']);
103
+ ?>
104
+ </div></div>
105
+ </div><!-- end of wrap -->
106
+ <?php
107
+ }
108
+
109
+ public function render_tab1() {
110
+ global $aio_wp_security;
111
+ if (isset($_POST['aiowpsec_disable_all_features'])) { // Do form submission tasks
112
+ $nonce=$_REQUEST['_wpnonce'];
113
+ if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-features')) {
114
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all security features!",4);
115
+ die("Nonce check failed on disable all security features!");
116
+ }
117
+ AIOWPSecurity_Configure_Settings::turn_off_all_security_features();
118
+ //Now let's clear the applicable rules from the .htaccess file
119
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
120
+
121
+ //Now let's revert the disable editing setting in the wp-config.php file if necessary
122
+ $res2 = AIOWPSecurity_Utility::enable_file_edits();
123
+
124
+ if ($res) {
125
+ $this->show_msg_updated(__('All the security features have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
126
+ } else {
127
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
128
+ }
129
+
130
+ if (!$res2) {
131
+ $this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'all-in-one-wp-security-and-firewall'));
132
+ }
133
+ }
134
+
135
+ if (isset($_POST['aiowpsec_disable_all_firewall_rules'])) { // Do form submission tasks
136
+ $nonce=$_REQUEST['_wpnonce'];
137
+ if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules')) {
138
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!",4);
139
+ die("Nonce check failed on disable all firewall rules!");
140
+ }
141
+ AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
142
+ //Now let's clear the applicable rules from the .htaccess file
143
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
144
+
145
+ if ($res) {
146
+ $this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
147
+ } else {
148
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
149
+ }
150
+ }
151
+
152
+ if (isset($_POST['aiowps_reset_settings'])) { // Do form submission tasks
153
+ if (!wp_verify_nonce($_POST['_wpnonce'], 'aiowps-reset-settings-nonce')) {
154
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed for reset settings.", 4);
155
+ die("Nonce check failed for reset settings.");
156
+ }
157
+
158
+ if (!class_exists('AIOWPSecurity_Reset_Settings')) {
159
+ require(AIO_WP_SECURITY_PATH . '/admin/wp-security-reset-settings.php' );
160
+ }
161
+ $reset_option_res = AIOWPSecurity_Reset_Settings::reset_options();
162
+ $delete_htaccess = AIOWPSecurity_Reset_Settings::delete_htaccess();
163
+ $truncate_db_tables = AIOWPSecurity_Reset_Settings::reset_db_tables();
164
+
165
+ if (false === $reset_option_res && false === $delete_htaccess) {
166
+ $this->show_msg_error(__('Deletion of aio_wp_security_configs option and .htaccess directives failed.', 'all-in-one-wp-security-and-firewall'));
167
+ } elseif (false === $reset_option_res) {
168
+ $this->show_msg_error(__('Reset of aio_wp_security_configs option failed.', 'all-in-one-wp-security-and-firewall'));
169
+ } elseif (false === $delete_htaccess) {
170
+ $this->show_msg_error(__('Deletion of .htaccess directives failed.', 'all-in-one-wp-security-and-firewall'));
171
+ } else {
172
+ $this->show_msg_updated(__('All settings have been successfully reset.', 'all-in-one-wp-security-and-firewall'));
173
+ }
174
+ }
175
+
176
+ if (isset($_POST['aiowps_save_debug_settings'])) { // Do form submission tasks
177
+ $nonce=$_REQUEST['_wpnonce'];
178
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-debug-settings')) {
179
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on save debug settings!",4);
180
+ die("Nonce check failed on save debug settings!");
181
+ }
182
+
183
+ $aio_wp_security->configs->set_value('aiowps_enable_debug',isset($_POST["aiowps_enable_debug"])?'1':'');
184
+ $aio_wp_security->configs->save_config();
185
+ $this->show_msg_settings_updated();
186
+ }
187
+
188
+ ?>
189
+ <div class="aio_grey_box">
 
 
 
 
 
 
 
 
 
 
 
 
 
190
  <p><?php _e('For information, updates and documentation, please visit the', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://aiosplugin.com" target="_blank"><?php echo htmlspecialchars('All In One WP Security & Firewall Plugin'); ?></a> <?php _e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
191
+ </div>
192
 
193
+ <div class="postbox">
194
  <h3 class="hndle"><label for="title"><?php _e('WP Security plugin', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
195
+ <div class="inside">
196
+ <p>
197
+ <?php
198
  _e('Thank you for using the AIOS security plugin.', 'all-in-one-wp-security-and-firewall');
199
+ ?>
200
+ &nbsp;
201
+ <?php
202
  _e('There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall');
203
+ ?>
204
+ </p>
205
+ <p>
206
+ <?php
207
+ _e('To start, go through each security option and enable the "basic" options.', 'all-in-one-wp-security-and-firewall');
208
+ ?>
209
+ &nbsp;
210
+ <?php
211
  _e('The more features you enable, the more security points you will achieve.', 'all-in-one-wp-security-and-firewall');
212
+ ?>
213
+ </p>
214
+ <p><?php _e('Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php.', 'all-in-one-wp-security-and-firewall'); ?></p>
215
+ <p>
216
+ <ul class="aiowps_admin_ul_grp1">
217
+ <li><a href="admin.php?page=aiowpsec_database&tab=tab2" target="_blank"><?php _e('Backup your database', 'all-in-one-wp-security-and-firewall'); ?></a></li>
218
+ <li><a href="admin.php?page=aiowpsec_settings&tab=tab2" target="_blank"><?php _e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
219
+ <li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
220
+ </ul>
221
+ </p>
222
+ </div>
223
+ </div> <!-- end postbox-->
224
+
225
+ <div class="postbox">
226
  <h3 class="hndle"><label for="title"><?php _e('Disable security features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
227
+ <div class="inside">
228
+ <form method="post" action="">
229
+ <?php wp_nonce_field('aiowpsec-disable-all-features'); ?>
230
+ <div class="aio_blue_box">
231
+ <?php
232
+ echo '<p>'.__('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
233
+ ?>
234
+ </div>
235
+ <div class="submit">
236
  <input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable all security features', 'all-in-one-wp-security-and-firewall'); ?>">
237
+ </div>
238
+ </form>
239
+ </div>
240
+ </div> <!-- end postbox-->
241
 
242
+ <div class="postbox">
243
  <h3 class="hndle"><label for="title"><?php _e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
244
+ <div class="inside">
245
+ <form method="post" action="">
246
+ <?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?>
247
+ <div class="aio_blue_box">
248
+ <?php
249
+ echo '<p>'.__('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
250
+ ?>
251
+ </div>
252
+ <div class="submit">
253
  <input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?>">
254
+ </div>
255
+ </form>
256
+ </div>
257
+ </div> <!-- end postbox-->
258
 
259
+ <div class="postbox">
260
  <h3 class="hndle"><label for="title"><?php _e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
261
+ <div class="inside">
262
+ <form method="post" action="">
263
+ <div class="aio_blue_box">
264
+ <?php
265
+ echo '<p>'.htmlspecialchars(__('This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin.', 'all-in-one-wp-security-and-firewall')).'</p>';
266
+ echo '<p'.__('This button click will reset/empty all the database tables of the security plugin also.', 'all-in-one-wp-security-and-firewall').'</p>';
267
+ echo '<p>'.htmlspecialchars(__('Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated.', 'all-in-one-wp-security-and-firewall')).'</p>';
268
  echo '<p>'.htmlspecialchars(__('In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin.', 'all-in-one-wp-security-and-firewall')).'</p>';
269
  echo '<p>'.sprintf(htmlspecialchars(__('%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall Plugin.', 'all-in-one-wp-security-and-firewall')), '<strong>', '</strong>').'</p>';
270
+ ?>
271
+ </div>
272
+ <div class="submit">
273
  <input type="submit" name="aiowps_reset_settings" value="<?php _e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button">
274
+ </div>
275
+ <?php wp_nonce_field('aiowps-reset-settings-nonce'); ?>
276
+ </form>
277
+ </div>
278
+ </div> <!-- end postbox-->
279
 
280
+ <div class="postbox">
281
  <h3 class="hndle"><label for="title"><?php _e('Debug settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
282
+ <div class="inside">
283
+ <form method="post" action="">
284
+ <?php wp_nonce_field('aiowpsec-save-debug-settings'); ?>
285
+ <div class="aio_blue_box">
286
+ <?php
287
+ echo '<p>'.__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
288
+ ?>
289
+ </div>
290
+
291
+ <table class="form-table">
292
+ <tr valign="top">
293
  <th scope="row"><?php _e('Enable debug', 'all-in-one-wp-security-and-firewall'); ?>:</th>
294
+ <td>
295
+ <input id="aiowps_enable_debug" name="aiowps_enable_debug" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_debug')=='1') echo ' checked="checked"'; ?> value="1"/>
296
+ <label for="aiowps_enable_debug" class="description"><?php _e('Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue.', 'all-in-one-wp-security-and-firewall'); ?></label>
297
+ </td>
298
+ </tr>
299
+ </table>
300
  <input type="submit" name="aiowps_save_debug_settings" value="<?php _e('Save debug settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button">
301
+ </form>
302
+ </div>
303
+ </div> <!-- end postbox-->
304
+ <?php
305
+ }
306
 
307
  /**
308
+ * Render tab 2 content.
309
+ *
310
  * @return void
311
  */
312
+ private function render_htaccess_file_operations() {
313
+ global $aio_wp_security;
314
+
315
+ $home_path = AIOWPSecurity_Utility_File::get_home_path();
316
+ $htaccess_path = $home_path . '.htaccess';
317
+
318
+ if (isset($_POST['aiowps_save_htaccess'])) { // Do form submission tasks
319
+ $nonce = $_REQUEST['_wpnonce'];
320
+ if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce')) {
321
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!",4);
322
+ die("Nonce check failed on htaccess file save!");
323
+ }
324
+
325
+ $result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path); //Backup the htaccess file
326
+
327
+ if ($result) {
328
+ $random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
329
+ $aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
330
+ if (rename($aiowps_backup_dir.'/'.'.htaccess.backup', $aiowps_backup_dir.'/'.$random_prefix.'_htaccess_backup.txt')) {
331
+ echo '<div id="message" class="updated fade"><p>';
332
+ _e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.','all-in-one-wp-security-and-firewall');
333
+ echo '</p></div>';
334
+ } else {
335
+ $aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!",4);
336
+ $this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.','all-in-one-wp-security-and-firewall'));
337
+ }
338
+ } else {
339
+ $aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!",4);
340
+ $this->show_msg_error(__('htaccess backup failed.','all-in-one-wp-security-and-firewall'));
341
+ }
342
+ }
343
+
344
+ if (isset($_POST['aiowps_restore_htaccess'])) { // Do form submission tasks
345
+ $nonce = $_REQUEST['_wpnonce'];
346
+ if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce')) {
347
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore.",4);
348
+ die("Nonce check failed on htaccess file restore.");
349
+ }
350
+
351
+ if (empty($_POST['aiowps_htaccess_file']) || empty($_POST['aiowps_htaccess_file_contents'])) {
352
+ $this->show_msg_error(__('Please choose a valid .htaccess to restore from.', 'all-in-one-wp-security-and-firewall'));
353
+ } else {
354
+ $htaccess_file_contents = trim(stripslashes($_POST['aiowps_htaccess_file_contents']));
355
+ //TODO
356
+ //Verify that file chosen has contents which are relevant to .htaccess file
357
+ $is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($htaccess_file_contents);
358
+ if ($is_htaccess == 1) {
359
+ if (!file_put_contents($htaccess_path, $htaccess_file_contents)) {
360
+ //Failed to make a backup copy
361
+ $aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed.",4);
362
+ $this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.','all-in-one-wp-security-and-firewall'));
363
+ } else {
364
+ $this->show_msg_updated(__('Your .htaccess file has successfully been restored.', 'all-in-one-wp-security-and-firewall'));
365
+ }
366
+ } else {
367
+ $aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid.",4);
368
+ $this->show_msg_error(__('htaccess Restore operation failed. Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
369
+ }
370
+ }
371
+ }
372
+
373
+ ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
374
  <h2><?php _e('.htaccess file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
375
+ <div class="aio_blue_box">
376
+ <?php
377
+ echo '<p>'.__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
378
+ <br />'.__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
379
+ <br />'.__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
380
+ </p>';
381
+ ?>
382
+ </div>
383
+ <?php
384
+ $blog_id = get_current_blog_id();
385
+ if (is_multisite() && !is_main_site($blog_id)) {
386
+ //Hide config settings if MS and not main site
387
+ AIOWPSecurity_Utility::display_multisite_message();
388
+ } else {
389
+ ?>
390
+ <div class="postbox">
391
+ <h3 class="hndle"><label for="title"><?php _e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
392
+ <div class="inside">
393
+ <form action="" method="POST">
394
+ <?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?>
395
+ <p class="description"><?php _e('Click the button below to backup and save the currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'); ?></p>
 
 
 
396
  <input type="submit" name="aiowps_save_htaccess" value="<?php _e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
397
+ </form>
398
+ </div></div>
399
+ <div class="postbox">
400
+ <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
401
+ <div class="inside">
402
+ <form id="aiowps_restore_htaccess_form" action="" method="POST">
403
+ <?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?>
404
+ <table class="form-table">
405
+ <tr valign="top">
406
+ <th scope="row"><label for="aiowps_restore_htaccess_button"><?php _e('.htaccess file to restore from', 'all-in-one-wp-security-and-firewall')?></label>:</th>
407
+ <td>
408
+ <input type="submit" name="aiowps_restore_htaccess_button" class="button button-primary" value="<?php _e('Restore your .htaccess File', 'all-in-one-wp-security-and-firewall'); ?>">
409
+ <input name="aiowps_restore_htaccess" type="hidden" value="1">
410
+ <input name="aiowps_htaccess_file" type="file" id="aiowps_htaccess_file">
411
+ <input name="aiowps_htaccess_file_contents" type="hidden" id="aiowps_htaccess_file_contents">
412
+ </td>
413
+ </tr>
414
+ </table>
415
+ </form>
416
+ </div></div>
417
+ <?php
418
+ } // End if statement
419
+ }
420
+
421
+ public function render_wp_config_file_operations() {
422
+ global $aio_wp_security;
423
+
424
+ if (isset($_POST['aiowps_restore_wp_config'])) { // Do form submission tasks
425
+ $nonce = $_REQUEST['_wpnonce'];
426
+ if (!wp_verify_nonce($nonce, 'aiowpsec-restore-wp-config-nonce')) {
427
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on wp-config file restore.",4);
428
+ die("Nonce check failed on wp-config file restore!");
429
+ }
430
+
431
+ if (empty($_POST['aiowps_wp_config_file']) || empty($_POST['aiowps_wp_config_file_contents'])) {
432
+ $this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'all-in-one-wp-security-and-firewall'));
433
+ } else {
434
+ $wp_config_file_contents = trim(stripslashes($_POST['aiowps_wp_config_file_contents']));
435
+
436
+ //Verify that file chosen is a wp-config.file
437
+ $is_wp_config = $this->check_if_wp_config_contents($wp_config_file_contents);
438
+ if ($is_wp_config == 1) {
439
+ $active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
440
+ if (!file_put_contents($active_root_wp_config, $wp_config_file_contents)) {
441
+ //Failed to make a backup copy
442
+ $aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed.",4);
443
+ $this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.','all-in-one-wp-security-and-firewall'));
444
+ } else {
445
+ $this->show_msg_updated(__('Your wp-config.php file has successfully been restored.', 'all-in-one-wp-security-and-firewall'));
446
+ }
447
+ } else {
448
+ $aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid.",4);
449
+ $this->show_msg_error(__('wp-config.php Restore operation failed. Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
450
+ }
451
+ }
452
+ }
453
+
454
+ ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
455
  <h2><?php _e('wp-config.php file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
456
+ <div class="aio_blue_box">
457
+ <?php
458
+ echo '<p>'.__('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
459
+ <br />'.__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
460
+ <br />'.__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
461
+ </p>';
462
+ ?>
463
+ </div>
464
+ <?php
465
+ $blog_id = get_current_blog_id();
466
+ if (is_multisite() && !is_main_site($blog_id)) {
467
+ //Hide config settings if MS and not main site
468
+ AIOWPSecurity_Utility::display_multisite_message();
469
+ } else {
470
+ ?>
471
+ <div class="postbox">
472
+ <h3 class="hndle"><label for="title"><?php _e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
473
+ <div class="inside">
474
+ <form action="" method="POST">
475
+ <?php wp_nonce_field('aiowpsec-save-wp-config-nonce'); ?>
476
+ <p class="description"><?php _e('Click the button below to backup and download the contents of the currently active wp-config.php file.', 'all-in-one-wp-security-and-firewall'); ?></p>
 
 
 
477
  <input type="submit" name="aiowps_save_wp_config" value="<?php _e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
478
 
479
+ </form>
480
+ </div></div>
481
+ <div class="postbox">
482
+ <h3 class="hndle"><label for="title"><?php _e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
483
+ <div class="inside">
484
+ <form id="aiowps_restore_wp_config_form" action="" method="POST">
485
+ <?php wp_nonce_field('aiowpsec-restore-wp-config-nonce'); ?>
486
+ <table class="form-table">
487
+ <tr valign="top">
488
+ <th scope="row"><label for="aiowps_restore_wp_config_button"><?php _e('wp-config file to restore from', 'all-in-one-wp-security-and-firewall')?></label>:</th>
489
+ <td>
490
+ <input type="submit" name="aiowps_restore_wp_config_button" class="button button-primary" value="<?php _e('Restore your wp-config file', 'all-in-one-wp-security-and-firewall'); ?>">
491
+ <input name="aiowps_restore_wp_config" type="hidden" value="1">
492
+ <input name="aiowps_wp_config_file" type="file" id="aiowps_wp_config_file">
493
+ <input name="aiowps_wp_config_file_contents" type="hidden" id="aiowps_wp_config_file_contents">
494
+ </td>
495
+ </tr>
496
+ </table>
497
+ </form>
498
+ </div></div>
499
+ <!-- <div class="postbox">-->
500
+ <!-- <h3 class="hndle"><label for="title">--><?php //_e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?><!--</label></h3>-->
501
+ <!-- <div class="inside">-->
502
+ <!-- --><?php
 
 
 
 
503
  // $wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
504
  // $wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file);
505
  // ?>
506
+ <!-- <textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly>--><?php //echo $wp_config_contents; ?><!--</textarea>-->
507
+ <!-- </div></div>-->
508
 
509
+ <?php
510
+ } //End if statement
511
+ }
512
 
513
  public function render_delete_plugin_settings_tab() {
514
  global $aio_wp_security;
515
 
516
+ if (isset($_POST['aiowpsec_save_delete_plugin_settings'])) {
517
+ $nonce=$_REQUEST['_wpnonce'];
518
+ if (!wp_verify_nonce($nonce, 'aiowpsec-delete-plugin-settings')) {
519
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on manage delete plugin settings save.",4);
520
+ die("Nonce check failed on manage delete plugin settings save.");
521
+ }
522
+
523
+ //Save settings
524
+ $aio_wp_security->configs->set_value('aiowps_on_uninstall_delete_db_tables', isset($_POST['aiowps_on_uninstall_delete_db_tables']) ? '1' : '');
525
+ $aio_wp_security->configs->set_value('aiowps_on_uninstall_delete_configs', isset($_POST['aiowps_on_uninstall_delete_configs']) ? '1' : '');
526
+ $aio_wp_security->configs->save_config();
527
+
528
+ $this->show_msg_updated(__('Manage delete plugin settings saved.', 'all-in-one-wp-security-and-firewall'));
529
+
530
+ }
531
+ ?>
532
+ <div class="postbox">
533
+ <h3 class="hndle"><label for="title"><?php _e('Manage delete plugin tasks', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
534
+ <div class="inside">
535
+ <form action="" method="POST">
536
+ <?php wp_nonce_field('aiowpsec-delete-plugin-settings'); ?>
537
+
538
+ <table class="form-table">
539
+ <tr valign="top">
540
+ <th scope="row"><?php _e('Delete database tables', 'all-in-one-wp-security-and-firewall')?>:</th>
541
+ <td>
542
+ <input id="aiowps_on_uninstall_delete_db_tables" name="aiowps_on_uninstall_delete_db_tables" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_db_tables')=='1') echo ' checked="checked"'; ?> value="1"/>
543
+ <label for="aiowps_on_uninstall_delete_db_tables" class="description"><?php _e('Check this if you want to remove database tables when the plugin is uninstalled.', 'all-in-one-wp-security-and-firewall'); ?></label>
544
+ </td>
545
+ </tr>
546
+ <tr valign="top">
547
+ <th scope="row"><?php _e('Delete settings', 'all-in-one-wp-security-and-firewall')?>:</th>
548
+ <td>
549
+ <input id="aiowps_on_uninstall_delete_configs" name="aiowps_on_uninstall_delete_configs" type="checkbox"<?php checked($aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_configs'), '1'); ?> value="1"/>
550
+ <label for="aiowps_on_uninstall_delete_configs" class="description"><?php echo __('Check this if you want to remove all plugin settings when uninstalling the plugin.', 'all-in-one-wp-security-and-firewall').' '.__('It will also remove all custom htaccess rules that were added by this plugin.', 'all-in-one-wp-security-and-firewall'); ?></label>
551
+ </td>
552
+ </tr>
553
+ </table>
554
+
555
+ <div class="submit">
 
 
556
  <input type="submit" class="button-primary" name="aiowpsec_save_delete_plugin_settings" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
557
+ </div>
558
+ </form>
559
+ </div></div>
560
+ <?php
561
  }
562
 
563
+ public function render_tab4() {
564
+ global $aio_wp_security;
565
+ global $aiowps_feature_mgr;
566
+
567
+ if(isset($_POST['aiowps_save_remove_wp_meta_info'])) { // Do form submission tasks
568
+ $nonce=$_REQUEST['_wpnonce'];
569
+ if (!wp_verify_nonce($nonce, 'aiowpsec-remove-wp-meta-info-nonce')) {
570
+ $aio_wp_security->debug_logger->log_debug("Nonce check failed on remove wp meta info options save!",4);
571
+ die("Nonce check failed on remove wp meta info options save!");
572
+ }
573
+ $aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info',isset($_POST["aiowps_remove_wp_generator_meta_info"])?'1':'');
574
+ $aio_wp_security->configs->save_config();
575
+
576
+ //Recalculate points after the feature status/options have been altered
577
+ $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
578
+
579
+ $this->show_msg_settings_updated();
580
+ }
581
+ ?>
 
 
582
  <h2><?php _e('WP generator meta tag and version info', 'all-in-one-wp-security-and-firewall'); ?></h2>
583
+ <div class="aio_blue_box">
584
+ <?php
585
+ echo '<p>'.__('WordPress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end. Below is an example of this:', 'all-in-one-wp-security-and-firewall');
586
+ echo '<br /><strong>&lt;meta name="generator" content="WordPress 3.5.1" /&gt;</strong>';
587
+ echo '<br />'.__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
588
+ <br /><br />'.__('There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:', 'all-in-one-wp-security-and-firewall').'
589
+ <br /><strong>&lt;link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" /&gt;</strong>
590
+ <br /><br />'.__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
591
+ </p>';
592
+ ?>
593
+ </div>
594
+
595
+ <div class="postbox">
596
  <h3 class="hndle"><label for="title"><?php _e('WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
597
+ <div class="inside">
598
+ <?php
599
+ //Display security info badge
600
+ global $aiowps_feature_mgr;
601
+ $aiowps_feature_mgr->output_feature_details_badge("wp-generator-meta-tag");
602
+ ?>
603
+
604
+ <form action="" method="POST">
605
+ <?php wp_nonce_field('aiowpsec-remove-wp-meta-info-nonce'); ?>
606
+ <table class="form-table">
607
+ <tr valign="top">
608
  <th scope="row"><?php _e('Remove WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?>:</th>
609
+ <td>
610
+ <input id="aiowps_remove_wp_generator_meta_info" name="aiowps_remove_wp_generator_meta_info" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info')=='1') echo ' checked="checked"'; ?> value="1"/>
611
+ <label for="aiowps_remove_wp_generator_meta_info" class="description"><?php _e('Check this if you want to remove the version and meta info produced by WP from all pages', 'all-in-one-wp-security-and-firewall'); ?></label>
612
+ </td>
613
+ </tr>
614
+ </table>
615
  <input type="submit" name="aiowps_save_remove_wp_meta_info" value="<?php _e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
616
+ </form>
617
+ </div></div>
618
+ <?php
619
+ }
620
+
621
+ public function render_settings_file_operations() {
622
+ global $aio_wp_security;
623
+
624
+ global $wpdb;
625
+
626
+ $events_table_name = AIOWPSEC_TBL_EVENTS;
627
+ AIOWPSecurity_Utility::cleanup_table($events_table_name, 500);
628
+ if (isset($_POST['aiowps_import_settings'])) { // Do form submission tasks
629
+ $nonce = $_REQUEST['_wpnonce'];
630
+ if (!wp_verify_nonce($nonce, 'aiowpsec-import-settings-nonce')) {
 
 
631
  $aio_wp_security->debug_logger->log_debug('Nonce check failed on import AIOS settings.', 4);
632
  die('Nonce check failed on import AIOS settings.');
633
+ }
634
+
635
+ if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_file_contents'])) {
636
+ $this->show_msg_error(__('Please choose a file to import your settings from.', 'all-in-one-wp-security-and-firewall'));
637
+ } else {
638
+ //Let's get the uploaded import file path
639
+ $import_file_contents = trim(stripslashes($_POST['aiowps_import_settings_file_contents']));
640
+
641
+ // Verify that file chosen has valid AIOS settings contents
642
+ $aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($import_file_contents);
643
+
644
+
645
+ if ($aiowps_settings_file_contents != -1) {
646
+ //Apply the settings and delete the file (if applicable)
647
+ $settings_array = json_decode($aiowps_settings_file_contents, true);
648
+ $aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
649
+
650
+ if (!$aiowps_settings_applied) {
651
+ // Failed to import settings
652
+ $aio_wp_security->debug_logger->log_debug('Import AIOS settings operation failed.', 4);
653
+ $this->show_msg_error(__('Import AIOS settings operation failed.', 'all-in-one-wp-security-and-firewall'));
654
+ } else {
655
+ $aio_wp_security->configs->configs = $settings_array; //Refresh the configs global variable
656
+
657
+ //Just in case user submits partial config settings
658
+ //Run add_option_values to make sure any missing config items are at least set to default
659
+ AIOWPSecurity_Configure_Settings::add_option_values();
660
+
661
+ $this->show_msg_updated(__('Your AIOS settings were successfully imported.', 'all-in-one-wp-security-and-firewall'));
662
+
663
+ //Now let's refresh the .htaccess file with any modified rules if applicable
664
+ $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
665
+
666
+ if (!$res) {
667
+ $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
668
+ }
669
+ }
670
+ } else {
671
+ //Invalid settings file
672
+ $aio_wp_security->debug_logger->log_debug("The contents of your settings file are invalid.",4);
673
+ $this->show_msg_error(__('The contents of your settings file are invalid. Please check the contents of the file you are trying to import settings from.','all-in-one-wp-security-and-firewall'));
674
+ }
675
+ }
676
+ }
677
+
678
+ ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
679
  <h2><?php _e('Export or import your AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
680
+ <div class="aio_blue_box">
681
+ <?php
682
  echo '<p>'.htmlspecialchars(__('This section allows you to export or import your All In One WP Security & Firewall settings.', 'all-in-one-wp-security-and-firewall'));
683
+ echo '<br />'.__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
684
+ <br />'.__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
685
+ <br />'.__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.','all-in-one-wp-security-and-firewall').'
686
+ </p>';
687
+ ?>
688
+ </div>
689
+
690
+ <div class="postbox">
691
  <h3 class="hndle"><label for="title"><?php _e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
692
+ <div class="inside">
693
+ <form action="" method="POST">
694
+ <?php wp_nonce_field('aiowpsec-export-settings-nonce'); ?>
695
+ <table class="form-table">
696
+ <tr valign="top">
697
  <span class="description"><?php echo htmlspecialchars(__('To export your All In One WP Security & Firewall settings click the button below.', 'all-in-one-wp-security-and-firewall')); ?></span>
698
+ </tr>
699
+ </table>
700
  <input type="submit" name="aiowps_export_settings" value="<?php _e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
701
+ </form>
702
+ </div></div>
703
+ <div class="postbox">
704
  <h3 class="hndle"><label for="title"><?php _e('Import AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
705
+ <div class="inside">
706
+ <form id="aiowps_restore_settings_form" action="" method="POST">
707
+ <?php wp_nonce_field('aiowpsec-import-settings-nonce'); ?>
708
+ <table class="form-table">
709
  <tr valign="top">
710
+ <span class="description"><?php echo htmlspecialchars(__('Use this section to import your All In One WP Security & Firewall settings from a file.', 'all-in-one-wp-security-and-firewall')); ?></span>
711
  <th scope="row">
712
+ <label for="aiowps_import_settings_file_button"><?php _e('Settings file to restore from', 'all-in-one-wp-security-and-firewall'); ?>:</label>
713
  </th>
714
+ <td>
715
+ <input type="submit" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button button-primary" value="<?php _e('Select Your Import Settings File', 'all-in-one-wp-security-and-firewall'); ?>">
716
+ <input name="aiowps_import_settings" type="hidden" value="1">
717
+ <input name="aiowps_import_settings_file" type="file" id="aiowps_import_settings_file">
718
+ <input name="aiowps_import_settings_file_contents" type="hidden" id="aiowps_import_settings_file_contents">
719
+ </td>
720
+ </tr>
721
+ </table>
722
+ </form>
723
+ </div></div>
724
+ <?php
725
+ }
 
 
 
 
 
 
 
 
 
 
 
 
726
 
727
  /**
728
+ * Renders advanced settings tab.
729
+ *
730
  * @return void
731
  */
732
  public function render_advanced_settings() {
733
  if (!is_main_site()) {
734
+ return;
735
  }
736
 
737
  global $aio_wp_security;
744
 
745
  $ip_retrieve_method_id = sanitize_text_field($_POST["aiowps_ip_retrieve_method"]);
746
 
747
+ if (in_array($ip_retrieve_method_id, array_keys(AIOS_Abstracted_Ids::get_ip_retrieve_methods()))) {
748
  $aio_wp_security->configs->set_value('aiowps_ip_retrieve_method', $ip_retrieve_method_id);
749
  $aio_wp_security->configs->save_config(); //Save the configuration
750
 
760
  }
761
 
762
  $ip_retrieve_methods_postfixes = array(
763
+ 'REMOTE_ADDR' => __('Default - if correct, then this is the best option', 'all-in-one-wp-security-and-firewall'),
764
+ 'HTTP_CF_CONNECTING_IP' => __("Only use if you're using Cloudflare.", 'all-in-one-wp-security-and-firewall'),
765
  );
766
 
767
  $ip_retrieve_methods = array();
768
+ foreach (AIOS_Abstracted_Ids::get_ip_retrieve_methods() as $id => $ip_method) {
769
+ $ip_retrieve_methods[$id]['ip_method'] = $ip_method;
770
 
771
  if (isset($_SERVER[$ip_method])) {
772
  $ip_retrieve_methods[$id]['ip_method'] .= ' '.sprintf(__('(current value: %s)', 'all-in-one-wp-security-and-firewall'), $_SERVER[$ip_method]);
773
+ $ip_retrieve_methods[$id]['is_enabled'] = true;
774
  } else {
775
  $ip_retrieve_methods[$id]['ip_method'] .= ' (' . __('no value (i.e. empty) on your server', 'all-in-one-wp-security-and-firewall') . ')';
776
  $ip_retrieve_methods[$id]['is_enabled'] = false;
785
  'is_localhost' => AIOWPSecurity_Utility::is_localhost(),
786
  'ip_retrieve_methods' => $ip_retrieve_methods,
787
  'server_suitable_ip_methods' => AIOWPSecurity_Utility_IP::get_server_suitable_ip_methods(),
788
+ ));
789
  }
790
 
791
+ private function check_if_wp_config_contents($file_contents) {
792
+ $is_wp_config = false;
793
+
794
+ if ($file_contents == '' || $file_contents == NULL || $file_contents == false) {
795
+ return -1;
796
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
797
 
798
+ if (preg_match("/define\(\s*['\"]DB_NAME['\"]/", $file_contents)) {
799
+ $is_wp_config = true; //It appears that we have some sort of .htacces file
800
+ } else {
801
+ //see if we're at the end of the section
802
+ $is_wp_config = false;
803
+ }
804
+
805
+ return $is_wp_config ? 1 : -1;
806
+ }
807
 
808
+ private function check_if_valid_aiowps_settings_text($strText) {
809
+ if ($this->check_is_aiopws_settings($strText)) {
810
+ return stripcslashes($strText);
811
+ } else {
812
+ return -1;
813
+ }
814
+ }
815
 
816
+ private function check_is_aiopws_settings($strText) {
817
+ if (false === strpos($strText, 'aiowps_enable_login_lockdown')) {
818
+ return false;
819
+ }
820
+
821
+ return true;
822
+ }
823
+
824
+ // Checks if valid AIOS settings file and returns contents as string
825
+ private function check_if_valid_aiowps_settings_file($file_contents) {
826
+ $is_aiopws_settings = false;
827
+
828
+ if ($file_contents == '' || $file_contents == NULL || $file_contents == false) {
829
+ return -1;
830
+ }
831
 
832
  // Check a known AIOS config strings to see if it is contained within this file
833
+ $is_aiopws_settings = $this->check_is_aiopws_settings($file_contents);
834
+
835
+ if ($is_aiopws_settings) {
836
+ return $file_contents;
837
+ } else {
838
+ return -1;
839
+ }
840
+ }
 
 
 
 
841
 
842
  } //end class
classes/wp-security-captcha.php CHANGED
@@ -8,7 +8,41 @@ class AIOWPSecurity_Captcha {
8
  private $google_verify_recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
9
 
10
  public function __construct() {
11
- //NOP
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  }
13
 
14
  /**
@@ -159,7 +193,7 @@ class AIOWPSecurity_Captcha {
159
  */
160
  public function verify_captcha_submit() {
161
  global $aio_wp_security;
162
- if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
163
  // Google reCAPTCHA enabled
164
  if ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
165
  return true;
@@ -173,7 +207,7 @@ class AIOWPSecurity_Captcha {
173
  // Expected CAPTCHA field in $_POST but got none!
174
  return false;
175
  }
176
- } else {
177
  // Math CAPTCHA is enabled
178
  if (array_key_exists('aiowps-captcha-answer', $_POST)) {
179
  $captcha_answer = isset($_POST['aiowps-captcha-answer']) ? sanitize_text_field($_POST['aiowps-captcha-answer']) : '';
8
  private $google_verify_recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
9
 
10
  public function __construct() {
11
+ $this->upgrade_captcha_options();
12
+ }
13
+
14
+ /**
15
+ * This function handles upgrading captcha options
16
+ *
17
+ * @return void
18
+ */
19
+ private function upgrade_captcha_options() {
20
+ global $aio_wp_security;
21
+
22
+ if (!empty($aio_wp_security->configs->get_value('aiowps_default_captcha'))) return;
23
+
24
+ // Upgrade the default captcha option
25
+ if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
26
+ $aio_wp_security->configs->set_value('aiowps_default_recaptcha', '');
27
+ $aio_wp_security->configs->set_value('aiowps_default_captcha', 'google-recaptcha-v2');
28
+ } elseif ('1' == $aio_wp_security->configs->get_value('aiowps_enable_login_captcha') || '1' == $aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha')) {
29
+ $aio_wp_security->configs->set_value('aiowps_default_captcha', 'simple-math');
30
+ } else {
31
+ $aio_wp_security->configs->set_value('aiowps_default_captcha', 'none');
32
+ }
33
+ }
34
+
35
+ /**
36
+ * This function will return an array of supported CAPTCHA options
37
+ *
38
+ * @return array - an array of supported CAPTCHA options
39
+ */
40
+ public function get_supported_captchas() {
41
+ return array(
42
+ 'none' => 'No CAPTCHA',
43
+ 'google-recaptcha-v2' => 'Google reCAPTCHA V2',
44
+ 'simple-math' => 'Simple math CAPTCHA'
45
+ );
46
  }
47
 
48
  /**
193
  */
194
  public function verify_captcha_submit() {
195
  global $aio_wp_security;
196
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
197
  // Google reCAPTCHA enabled
198
  if ('1' == $aio_wp_security->configs->get_value('aios_google_recaptcha_invalid_configuration')) {
199
  return true;
207
  // Expected CAPTCHA field in $_POST but got none!
208
  return false;
209
  }
210
+ } elseif ('simple-math' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
211
  // Math CAPTCHA is enabled
212
  if (array_key_exists('aiowps-captcha-answer', $_POST)) {
213
  $captcha_answer = isset($_POST['aiowps-captcha-answer']) ? sanitize_text_field($_POST['aiowps-captcha-answer']) : '';
classes/wp-security-configure-settings.php CHANGED
@@ -50,6 +50,7 @@ class AIOWPSecurity_Configure_Settings {
50
  $aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses', '');
51
 
52
  // CAPTCHA feature
 
53
  $aio_wp_security->configs->set_value('aiowps_enable_login_captcha', '');//Checkbox
54
  $aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha', '');//Checkbox
55
  $aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha', '');//Checkbox
@@ -160,7 +161,7 @@ class AIOWPSecurity_Configure_Settings {
160
  // Google reCAPTCHA
161
  $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key', '');
162
  $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key', '');
163
- $aio_wp_security->configs->set_value('aiowps_default_recaptcha', '');//Checkbox
164
 
165
  // Deactivation Handler
166
  $aio_wp_security->configs->set_value('aiowps_on_uninstall_delete_db_tables', '1'); //Checkbox
@@ -223,6 +224,7 @@ class AIOWPSecurity_Configure_Settings {
223
  $aio_wp_security->configs->add_value('aiowps_enable_whitelisting', '');//Checkbox
224
  $aio_wp_security->configs->add_value('aiowps_allowed_ip_addresses', '');
225
  // CAPTCHA feature
 
226
  $aio_wp_security->configs->add_value('aiowps_enable_login_captcha', '');//Checkbox
227
  $aio_wp_security->configs->add_value('aiowps_enable_custom_login_captcha', '');//Checkbox
228
  $aio_wp_security->configs->add_value('aiowps_enable_woo_login_captcha', '');//Checkbox
@@ -328,7 +330,7 @@ class AIOWPSecurity_Configure_Settings {
328
  // Google reCAPTCHA
329
  $aio_wp_security->configs->add_value('aiowps_recaptcha_site_key', '');
330
  $aio_wp_security->configs->add_value('aiowps_recaptcha_secret_key', '');
331
- $aio_wp_security->configs->add_value('aiowps_default_recaptcha', '');//Checkbox
332
 
333
  // Deactivation Handler
334
  $aio_wp_security->configs->add_value('aiowps_on_uninstall_delete_db_tables', '1'); //Checkbox
50
  $aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses', '');
51
 
52
  // CAPTCHA feature
53
+ $aio_wp_security->configs->set_value('aiowps_default_captcha', '');
54
  $aio_wp_security->configs->set_value('aiowps_enable_login_captcha', '');//Checkbox
55
  $aio_wp_security->configs->set_value('aiowps_enable_custom_login_captcha', '');//Checkbox
56
  $aio_wp_security->configs->set_value('aiowps_enable_woo_login_captcha', '');//Checkbox
161
  // Google reCAPTCHA
162
  $aio_wp_security->configs->set_value('aiowps_recaptcha_site_key', '');
163
  $aio_wp_security->configs->set_value('aiowps_recaptcha_secret_key', '');
164
+ $aio_wp_security->configs->set_value('aiowps_default_recaptcha', ''); // Not used since 5.1.2
165
 
166
  // Deactivation Handler
167
  $aio_wp_security->configs->set_value('aiowps_on_uninstall_delete_db_tables', '1'); //Checkbox
224
  $aio_wp_security->configs->add_value('aiowps_enable_whitelisting', '');//Checkbox
225
  $aio_wp_security->configs->add_value('aiowps_allowed_ip_addresses', '');
226
  // CAPTCHA feature
227
+ $aio_wp_security->configs->add_value('aiowps_default_captcha', '');
228
  $aio_wp_security->configs->add_value('aiowps_enable_login_captcha', '');//Checkbox
229
  $aio_wp_security->configs->add_value('aiowps_enable_custom_login_captcha', '');//Checkbox
230
  $aio_wp_security->configs->add_value('aiowps_enable_woo_login_captcha', '');//Checkbox
330
  // Google reCAPTCHA
331
  $aio_wp_security->configs->add_value('aiowps_recaptcha_site_key', '');
332
  $aio_wp_security->configs->add_value('aiowps_recaptcha_secret_key', '');
333
+ $aio_wp_security->configs->add_value('aiowps_default_recaptcha', ''); // Not used since 5.1.2
334
 
335
  // Deactivation Handler
336
  $aio_wp_security->configs->add_value('aiowps_on_uninstall_delete_db_tables', '1'); //Checkbox
classes/wp-security-general-init-tasks.php CHANGED
@@ -238,7 +238,7 @@ class AIOWPSecurity_General_Init_Tasks {
238
  switch_to_blog($blog_id);
239
  if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
240
  if (!is_user_logged_in()) {
241
- if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
242
  add_action('wp_head', array($this, 'add_recaptcha_script'));
243
  }
244
  add_action('comment_form_after_fields', array($this, 'insert_captcha_question_form'), 1);
@@ -250,7 +250,7 @@ class AIOWPSecurity_General_Init_Tasks {
250
  } else {
251
  if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
252
  if (!is_user_logged_in()) {
253
- if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
254
  add_action('wp_head', array($this, 'add_recaptcha_script'));
255
  }
256
  add_action('comment_form_after_fields', array($this, 'insert_captcha_question_form'), 1);
@@ -380,12 +380,12 @@ class AIOWPSecurity_General_Init_Tasks {
380
  return '';
381
  }
382
 
383
- if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
384
  $site_key = esc_html($aio_wp_security->configs->get_value('aiowps_recaptcha_site_key'));
385
  $cap_form = '<div class="g-recaptcha-wrap" style="padding:10px 0 10px 0"><div class="g-recaptcha" data-sitekey="'.$site_key.'"></div></div>';
386
  $cust_html_code .= $cap_form;
387
  return $cust_html_code;
388
- } else {
389
  $cap_form = '<p class="aiowps-captcha"><label>'.__('Please enter an answer in digits:', 'all-in-one-wp-security-and-firewall').'</label>';
390
  $cap_form .= '<div class="aiowps-captcha-equation"><strong>';
391
  $maths_question_output = $aio_wp_security->captcha_obj->generate_maths_question();
@@ -415,7 +415,7 @@ class AIOWPSecurity_General_Init_Tasks {
415
  public function insert_captcha_question_form() {
416
  global $aio_wp_security;
417
 
418
- if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
419
 
420
  // WooCommerce "my account" page needs special consideration, ie,
421
  // need to display two Google reCAPTCHA forms on same page (for login and register forms)
@@ -434,7 +434,7 @@ class AIOWPSecurity_General_Init_Tasks {
434
 
435
  // For all other forms simply display Google reCAPTCHA as per normal
436
  $aio_wp_security->captcha_obj->display_recaptcha_form();
437
- } else {
438
  // Display plain maths CAPTCHA form
439
  $aio_wp_security->captcha_obj->display_captcha_form();
440
  }
238
  switch_to_blog($blog_id);
239
  if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
240
  if (!is_user_logged_in()) {
241
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
242
  add_action('wp_head', array($this, 'add_recaptcha_script'));
243
  }
244
  add_action('comment_form_after_fields', array($this, 'insert_captcha_question_form'), 1);
250
  } else {
251
  if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
252
  if (!is_user_logged_in()) {
253
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
254
  add_action('wp_head', array($this, 'add_recaptcha_script'));
255
  }
256
  add_action('comment_form_after_fields', array($this, 'insert_captcha_question_form'), 1);
380
  return '';
381
  }
382
 
383
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
384
  $site_key = esc_html($aio_wp_security->configs->get_value('aiowps_recaptcha_site_key'));
385
  $cap_form = '<div class="g-recaptcha-wrap" style="padding:10px 0 10px 0"><div class="g-recaptcha" data-sitekey="'.$site_key.'"></div></div>';
386
  $cust_html_code .= $cap_form;
387
  return $cust_html_code;
388
+ } elseif ('simple-math' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
389
  $cap_form = '<p class="aiowps-captcha"><label>'.__('Please enter an answer in digits:', 'all-in-one-wp-security-and-firewall').'</label>';
390
  $cap_form .= '<div class="aiowps-captcha-equation"><strong>';
391
  $maths_question_output = $aio_wp_security->captcha_obj->generate_maths_question();
415
  public function insert_captcha_question_form() {
416
  global $aio_wp_security;
417
 
418
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
419
 
420
  // WooCommerce "my account" page needs special consideration, ie,
421
  // need to display two Google reCAPTCHA forms on same page (for login and register forms)
434
 
435
  // For all other forms simply display Google reCAPTCHA as per normal
436
  $aio_wp_security->captcha_obj->display_recaptcha_form();
437
+ } elseif ('simple-math' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
438
  // Display plain maths CAPTCHA form
439
  $aio_wp_security->captcha_obj->display_captcha_form();
440
  }
classes/wp-security-utility-htaccess.php CHANGED
@@ -738,12 +738,13 @@ class AIOWPSecurity_Utility_Htaccess {
738
  * If it finds the tag it will deem the file as being .htaccess specific.
739
  * This was written to supplement the .htaccess restore functionality
740
  *
741
- * @param string $file
 
742
  * @return boolean
743
  */
744
- public static function check_if_htaccess_contents($file) {
745
  $is_htaccess = false;
746
- $file_contents = file_get_contents($file);
747
  if (false === $file_contents || strlen($file_contents) == 0) {
748
  return -1;
749
  }
738
  * If it finds the tag it will deem the file as being .htaccess specific.
739
  * This was written to supplement the .htaccess restore functionality
740
  *
741
+ * @param string $file_contents - the contents of the .htaccess file
742
+ *
743
  * @return boolean
744
  */
745
+ public static function check_if_htaccess_contents($file_contents) {
746
  $is_htaccess = false;
747
+
748
  if (false === $file_contents || strlen($file_contents) == 0) {
749
  return -1;
750
  }
classes/wp-security-wp-footer-content.php CHANGED
@@ -11,7 +11,7 @@ class AIOWPSecurity_WP_Footer_Content {
11
  global $aio_wp_security;
12
 
13
  // If Google reCAPTCHA is enabled do relevant tasks
14
- if ($aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
15
  // For WooCommerce forms.
16
  // Only proceed if WooCommerce installed and active
17
  if (AIOWPSecurity_Utility::is_woocommerce_plugin_active()) {
11
  global $aio_wp_security;
12
 
13
  // If Google reCAPTCHA is enabled do relevant tasks
14
+ if ('google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
15
  // For WooCommerce forms.
16
  // Only proceed if WooCommerce installed and active
17
  if (AIOWPSecurity_Utility::is_woocommerce_plugin_active()) {
css/wp-security-admin-styles.css CHANGED
@@ -420,4 +420,8 @@ svg > g > g.google-visualization-tooltip {
420
 
421
  .wp-security_page_aiowpsec_settings h2, .wp-security_page_aiowpsec_settings #poststuff h2 {
422
  padding-left: 0;
 
 
 
 
423
  }
420
 
421
  .wp-security_page_aiowpsec_settings h2, .wp-security_page_aiowpsec_settings #poststuff h2 {
422
  padding-left: 0;
423
+ }
424
+
425
+ .aio_hidden {
426
+ display: none;
427
  }
includes/simba-tfa/includes/tfa.js CHANGED
@@ -1,26 +1,79 @@
1
  jQuery(function($) {
2
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  /**
4
  * Check if the user requires an OTP field and if so, display it
5
  *
6
- * @param String form - DOM selector string
 
7
  *
8
  * @uses show_otp_field()
9
  *
10
  * @return Boolean - true if we got involved
11
  */
12
- function check_and_possibly_show_otp_field(form) {
13
 
14
  // If this is a "lost password" form, then exit
15
- if ($(form).attr('id') === 'lostpasswordform' || $(form).attr('id') === 'resetpasswordform') return false;
16
-
17
- // 'username' is used by WooCommerce
18
- var username = $(form).find('[name="log"], [name="username"], #user_login, #affwp-login-user-login, #affwp-user-login, #gform_fields_login input[type="text"]').first().val();
19
 
20
  if (!username.length) return false;
21
 
 
 
 
 
 
 
 
 
 
 
22
  var $submit_button = $(form).find('input[name="wp-submit"], input[type="submit"], button[type="submit"]').first();
23
-
24
  if (simba_tfasettings.hasOwnProperty('spinnerimg')) {
25
  var styling = 'float:right; margin:6px 12px; width: 20px; height: 20px;';
26
  if ($('#theme-my-login #wp-submit').length >0) {
@@ -62,24 +115,12 @@ jQuery(function($) {
62
  console.log(response.extra_output);
63
  }
64
 
65
- if (true === response.status) {
66
- // Don't bother to remove the spinner if the form is being submitted.
 
67
  $('.simbaotp_spinner').remove();
68
-
69
- var user_can_trust = (response.hasOwnProperty('user_can_trust') && response.user_can_trust) ? true : false;
70
-
71
- var user_already_trusted = (response.hasOwnProperty('user_already_trusted') && response.user_can_trust) ? true : false;
72
-
73
- console.log("Simba TFA: User has OTP enabled: showing OTP field (user_can_trust="+user_can_trust+")");
74
-
75
- show_otp_field(form, user_can_trust, user_already_trusted);
76
-
77
  } else {
78
- console.log("Simba TFA: User does not have OTP enabled: submitting form");
79
-
80
- // For some reason, .submit() stopped working with TML 7.x. N.B. Used to do this only for form_type == 2 ("TML shortcode or widget, WP Members, bbPress, Ultimate Membership Pro, WooCommerce or Elementor login form")
81
- $(form).find('input[type="submit"], button[type="submit"]').first().trigger('click');
82
- // $('#wp-submit').parents('form').first().trigger('submit');
83
  }
84
 
85
  } catch(err) {
@@ -277,4 +318,9 @@ jQuery(function($) {
277
 
278
  $(simba_tfasettings.login_form_selectors).on('submit', form_submit_handler);
279
 
 
 
 
 
 
280
  });
1
  jQuery(function($) {
2
 
3
+ var username_requires_otp = [];
4
+
5
+ /**
6
+ * Returns the jQuery identifiers for finding the username field. Abstracted here to avoid maintaining multiple lists.
7
+ *
8
+ * @return String
9
+ */
10
+ function get_username_identifiers() {
11
+ // 'username' is used by WooCommerce
12
+ return '[name="log"], [name="username"], #user_login, #affwp-login-user-login, #affwp-user-login, #gform_fields_login input[type="text"]';
13
+ }
14
+
15
+ /**
16
+ * Process the results of a check for whether the user has TFA enabled or not
17
+ *
18
+ * @param Object form - jQuery form object
19
+ * @param Object response - the response from the check; must have the property (boolean) "status" and potentially user_(boolean) "can_trust" and (boolean) user_can_trust.
20
+ */
21
+ function process_user_tfa_enabled_check_results(form, response) {
22
+
23
+ if (true === response.status) {
24
+ // Don't bother to remove the spinner if the form is being submitted.
25
+ $('.simbaotp_spinner').remove();
26
+
27
+ var user_can_trust = (response.hasOwnProperty('user_can_trust') && response.user_can_trust) ? true : false;
28
+
29
+ var user_already_trusted = (response.hasOwnProperty('user_already_trusted') && response.user_can_trust) ? true : false;
30
+
31
+ console.log("Simba TFA: User has OTP enabled: showing OTP field (user_can_trust="+user_can_trust+")");
32
+
33
+ show_otp_field(form, user_can_trust, user_already_trusted);
34
+
35
+ return true;
36
+
37
+ } else {
38
+ console.log("Simba TFA: User does not have OTP enabled: submitting form");
39
+ // For some reason, .submit() stopped working with TML 7.x. N.B. Used to do this only for form_type == 2 ("TML shortcode or widget, WP Members, bbPress, Ultimate Membership Pro, WooCommerce or Elementor login form")
40
+ $(form).find('input[type="submit"], button[type="submit"]').first().trigger('click');
41
+ // $('#wp-submit').parents('form').first().trigger('submit');
42
+ }
43
+ return false;
44
+ }
45
+
46
  /**
47
  * Check if the user requires an OTP field and if so, display it
48
  *
49
+ * @param String form - DOM selector string
50
+ * @param Boolean only_cache_the_results - if true, then nothing more will be done that caching the results (in the variable username_requires_otp will be updated)
51
  *
52
  * @uses show_otp_field()
53
  *
54
  * @return Boolean - true if we got involved
55
  */
56
+ function check_and_possibly_show_otp_field(form, only_cache_the_results) {
57
 
58
  // If this is a "lost password" form, then exit
59
+ if ($(form).attr('id') === 'lostpasswordform' || $(form).attr('id') === 'resetpasswordform') return false;
60
+
61
+ var username = $(form).find(get_username_identifiers()).first().val();
 
62
 
63
  if (!username.length) return false;
64
 
65
+ // Is the result already known?
66
+ if ('object' === typeof username_requires_otp[username]) {
67
+ if (!only_cache_the_results) {
68
+ // Process the already-known result
69
+ return process_user_tfa_enabled_check_results($(form), username_requires_otp[username]);
70
+ }
71
+ // No further processing
72
+ return true;
73
+ }
74
+
75
  var $submit_button = $(form).find('input[name="wp-submit"], input[type="submit"], button[type="submit"]').first();
76
+
77
  if (simba_tfasettings.hasOwnProperty('spinnerimg')) {
78
  var styling = 'float:right; margin:6px 12px; width: 20px; height: 20px;';
79
  if ($('#theme-my-login #wp-submit').length >0) {
115
  console.log(response.extra_output);
116
  }
117
 
118
+ if (only_cache_the_results) {
119
+ // Save the result for later processing
120
+ username_requires_otp[username] = response;
121
  $('.simbaotp_spinner').remove();
 
 
 
 
 
 
 
 
 
122
  } else {
123
+ process_user_tfa_enabled_check_results($(form), response);
 
 
 
 
124
  }
125
 
126
  } catch(err) {
318
 
319
  $(simba_tfasettings.login_form_selectors).on('submit', form_submit_handler);
320
 
321
+ $(simba_tfasettings.login_form_selectors).find(get_username_identifiers()).on('blur', function() {
322
+ var $form = $(this).parents('form').first();
323
+ check_and_possibly_show_otp_field($form, true);
324
+ });
325
+
326
  });
includes/simba-tfa/simba-tfa.php CHANGED
@@ -370,33 +370,100 @@ class Simba_Two_Factor_Authentication_1 {
370
  }
371
 
372
  /**
373
- * Runs upon the WP action admin_init
 
 
374
  */
375
- public function register_two_factor_auth_settings() {
376
  global $wp_roles;
 
377
  if (!isset($wp_roles)) $wp_roles = new WP_Roles();
378
 
 
 
 
 
 
 
 
 
 
 
 
 
379
  foreach ($wp_roles->role_names as $id => $name) {
380
- register_setting('tfa_user_roles_group', 'tfa_'.$id);
381
- register_setting('tfa_user_roles_trusted_group', 'tfa_trusted_'.$id);
382
- register_setting('tfa_user_roles_required_group', 'tfa_required_'.$id);
383
  }
384
 
385
  if (is_multisite()) {
386
- register_setting('tfa_user_roles_group', 'tfa__super_admin');
387
- register_setting('tfa_user_roles_trusted_group', 'tfa_trusted__super_admin');
388
- register_setting('tfa_user_roles_required_group', 'tfa_required__super_admin');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
389
  }
390
 
391
- register_setting('tfa_user_roles_required_group', 'tfa_requireafter');
392
- register_setting('tfa_user_roles_required_group', 'tfa_require_enforce_after');
393
- register_setting('tfa_user_roles_required_group', 'tfa_if_required_redirect_to');
394
- register_setting('tfa_user_roles_required_group', 'tfa_hide_turn_off');
395
- register_setting('tfa_user_roles_trusted_group', 'tfa_trusted_for');
396
- register_setting('simba_tfa_woocommerce_group', 'tfa_wc_add_section');
397
- register_setting('simba_tfa_woocommerce_group', 'tfa_bot_protection');
398
- register_setting('simba_tfa_default_hmac_group', 'tfa_default_hmac');
399
- register_setting('tfa_xmlrpc_status_group', 'tfa_xmlrpc_on');
 
 
 
 
 
400
  }
401
 
402
  /**
@@ -1057,6 +1124,47 @@ class Simba_Two_Factor_Authentication_1 {
1057
  return $value;
1058
  }
1059
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1060
  /**
1061
  * Paint a list of checkboxes, one for each role
1062
  *
370
  }
371
 
372
  /**
373
+ * Returns all two factor authentication setting name => group pairs.
374
+ *
375
+ * @return Array
376
  */
377
+ private function get_config_keys() {
378
  global $wp_roles;
379
+
380
  if (!isset($wp_roles)) $wp_roles = new WP_Roles();
381
 
382
+ $keys = array(
383
+ 'tfa_requireafter' => 'tfa_user_roles_required_group',
384
+ 'tfa_require_enforce_after' => 'tfa_user_roles_required_group',
385
+ 'tfa_if_required_redirect_to' => 'tfa_user_roles_required_group',
386
+ 'tfa_hide_turn_off' => 'tfa_user_roles_required_group',
387
+ 'tfa_trusted_for' => 'tfa_user_roles_trusted_group',
388
+ 'tfa_wc_add_section' => 'simba_tfa_woocommerce_group',
389
+ 'tfa_bot_protection' => 'simba_tfa_woocommerce_group',
390
+ 'tfa_default_hmac' => 'simba_tfa_default_hmac_group',
391
+ 'tfa_xmlrpc_on' => 'tfa_xmlrpc_status_group',
392
+ );
393
+
394
  foreach ($wp_roles->role_names as $id => $name) {
395
+ $keys['tfa_'.$id] = 'tfa_user_roles_group';
396
+ $keys['tfa_trusted_'.$id] = 'tfa_user_roles_trusted_group';
397
+ $keys['tfa_required_'.$id] = 'tfa_user_roles_required_group';
398
  }
399
 
400
  if (is_multisite()) {
401
+ $keys['tfa__super_admin'] = 'tfa_user_roles_group';
402
+ $keys['tfa_trusted__super_admin'] = 'tfa_user_roles_trusted_group';
403
+ $keys['tfa_required__super_admin'] = 'tfa_user_roles_required_group';
404
+ }
405
+
406
+ return $keys;
407
+ }
408
+
409
+ /**
410
+ * Registers all two factor authentication settings. Runs upon the WP action admin_init.
411
+ */
412
+ public function register_two_factor_auth_settings() {
413
+ $config_keys = $this->get_config_keys();
414
+
415
+ foreach ($config_keys as $name => $group) {
416
+ register_setting($group, $name);
417
+ }
418
+ }
419
+
420
+ /**
421
+ * Returns all two factor authentication options from the WP database.
422
+ *
423
+ * @return Array
424
+ */
425
+ public function get_configs() {
426
+ $config_keys = $this->get_config_keys();
427
+
428
+ $configs = array();
429
+
430
+ foreach (array_keys($config_keys) as $name) {
431
+ if (false !== $this->get_option($name)) {
432
+ $configs[$name] = $this->get_option($name);
433
+ }
434
+ }
435
+
436
+ return $configs;
437
+ }
438
+
439
+ /**
440
+ * Sets two factor authentication options from array.
441
+ *
442
+ * @param Array $configs
443
+ *
444
+ * @return Boolean
445
+ */
446
+ public function set_configs($configs) {
447
+ $result = false;
448
+
449
+ foreach ($configs as $key => $value) {
450
+ $result = $this->update_option($key, $value) ? true : $result;
451
  }
452
 
453
+ return $result;
454
+ }
455
+
456
+ /**
457
+ * Deletes all two factor authentication options from the WP database.
458
+ *
459
+ * @return Void
460
+ */
461
+ public function delete_configs() {
462
+ $config_keys = $this->get_config_keys();
463
+
464
+ foreach (array_keys($config_keys) as $name) {
465
+ $this->delete_option($name);
466
+ }
467
  }
468
 
469
  /**
1124
  return $value;
1125
  }
1126
 
1127
+ /**
1128
+ * Updates an option.
1129
+ *
1130
+ * @param String $key - option key
1131
+ * @param Mixed $value - option value
1132
+ *
1133
+ * @return Boolean
1134
+ */
1135
+ public function update_option($key, $value) {
1136
+ if (!is_multisite()) return update_option($key, $value);
1137
+
1138
+ $main_site_id = function_exists('get_main_site_id') ? get_main_site_id() : 1;
1139
+ $update_option_site_id = apply_filters('simba_tfa_update_option_site_id', $main_site_id);
1140
+
1141
+ switch_to_blog($update_option_site_id);
1142
+ $result = update_option($key, $value);
1143
+ restore_current_blog();
1144
+
1145
+ return $result;
1146
+ }
1147
+
1148
+ /**
1149
+ * Deletes an option.
1150
+ *
1151
+ * @param String $key - option key
1152
+ *
1153
+ * @return Boolean
1154
+ */
1155
+ public function delete_option($key) {
1156
+ if (!is_multisite()) return delete_option($key);
1157
+
1158
+ $main_site_id = function_exists('get_main_site_id') ? get_main_site_id() : 1;
1159
+ $delete_option_site_id = apply_filters('simba_tfa_delete_option_site_id', $main_site_id);
1160
+
1161
+ switch_to_blog($delete_option_site_id);
1162
+ $result = delete_option($key);
1163
+ restore_current_blog();
1164
+
1165
+ return $result;
1166
+ }
1167
+
1168
  /**
1169
  * Paint a list of checkboxes, one for each role
1170
  *
js/wp-security-admin-script.js CHANGED
@@ -16,79 +16,79 @@
16
  */
17
  function aios_send_command(action, data, callback, options) {
18
 
19
- default_options = {
20
- json_parse: true,
21
- alert_on_error: true,
22
- action: 'aios_ajax',
23
- nonce: aios_data.ajax_nonce,
24
- nonce_key: 'nonce',
25
- timeout: null,
26
- async: true,
27
- type: 'POST'
28
- };
29
-
30
- if ('undefined' === typeof options) options = {};
31
-
32
- for (var opt in default_options) {
33
- if (!options.hasOwnProperty(opt)) { options[opt] = default_options[opt]; }
34
- }
35
-
36
- var ajax_data = {
37
- action: options.action,
38
- subaction: action,
39
- };
40
-
41
- ajax_data[options.nonce_key] = options.nonce;
42
- ajax_data.data = data;
43
-
44
- var ajax_opts = {
45
- type: options.type,
46
- url: ajaxurl,
47
- data: ajax_data,
48
- success: function(response, status) {
49
- if (options.json_parse) {
50
- try {
51
- var resp = aios_parse_json(response);
52
- } catch (e) {
53
- if ('function' == typeof options.error_callback) {
54
- return options.error_callback(response, e, 502, resp);
55
- } else {
56
- console.log(e);
57
- console.log(response);
58
- if (options.alert_on_error) { alert(aios_trans.unexpected_response+' '+response); }
59
- return;
60
- }
61
- }
62
- if (resp.hasOwnProperty('fatal_error')) {
63
- if ('function' == typeof options.error_callback) {
64
- // 500 is internal server error code
65
- return options.error_callback(response, status, 500, resp);
66
- } else {
67
- console.error(resp.fatal_error_message);
68
- if (options.alert_on_error) { alert(resp.fatal_error_message); }
69
- return false;
70
- }
71
- }
72
- if ('function' == typeof callback) callback(resp, status, response);
73
- } else {
74
- if ('function' == typeof callback) callback(response, status);
75
- }
76
- },
77
- error: function(response, status, error_code) {
78
- if ('function' == typeof options.error_callback) {
79
- options.error_callback(response, status, error_code);
80
- } else {
81
- console.log("aios_send_command: error: "+status+" ("+error_code+")");
82
- console.log(response);
83
- }
84
- },
85
- dataType: 'text',
86
- async: options.async
87
- };
88
-
89
- if (null != options.timeout) { ajax_opts.timeout = options.timeout; }
90
-
91
- jQuery.ajax(ajax_opts);
92
 
93
  }
94
 
@@ -104,127 +104,131 @@ function aios_send_command(action, data, callback, options) {
104
  */
105
  function aios_parse_json(json_mix_str, analyse) {
106
 
107
- analyse = ('undefined' === typeof analyse) ? false : true;
108
-
109
- // Just try it - i.e. the 'default' case where things work (which can include extra whitespace/line-feeds, and simple strings, etc.).
110
- if (!analyse) {
111
- try {
112
- var result = JSON.parse(json_mix_str);
113
- return result;
114
- } catch (e) {
115
- console.log('AIOS: Exception when trying to parse JSON (1) - will attempt to fix/re-parse based upon first/last curly brackets');
116
- console.log(json_mix_str);
117
- }
118
- }
119
-
120
- var json_start_pos = json_mix_str.indexOf('{');
121
- var json_last_pos = json_mix_str.lastIndexOf('}');
122
-
123
- // Case where some php notice may be added after or before json string
124
- if (json_start_pos > -1 && json_last_pos > -1) {
125
- var json_str = json_mix_str.slice(json_start_pos, json_last_pos + 1);
126
- try {
127
- var parsed = JSON.parse(json_str);
128
- if (!analyse) { console.log('AIOS: JSON re-parse successful'); }
129
- return analyse ? { parsed: parsed, json_start_pos: json_start_pos, json_last_pos: json_last_pos + 1 } : parsed;
130
- } catch (e) {
131
- console.log('AIOS: Exception when trying to parse JSON (2) - will attempt to fix/re-parse based upon bracket counting');
132
-
133
- var cursor = json_start_pos;
134
- var open_count = 0;
135
- var last_character = '';
136
- var inside_string = false;
137
-
138
- // Don't mistake this for a real JSON parser. Its aim is to improve the odds in real-world cases seen, not to arrive at universal perfection.
139
- while ((open_count > 0 || cursor == json_start_pos) && cursor <= json_last_pos) {
140
-
141
- var current_character = json_mix_str.charAt(cursor);
142
-
143
- if (!inside_string && '{' == current_character) {
144
- open_count++;
145
- } else if (!inside_string && '}' == current_character) {
146
- open_count--;
147
- } else if ('"' == current_character && '\\' != last_character) {
148
- inside_string = inside_string ? false : true;
149
- }
150
-
151
- last_character = current_character;
152
- cursor++;
153
- }
154
- console.log("Started at cursor="+json_start_pos+", ended at cursor="+cursor+" with result following:");
155
- console.log(json_mix_str.substring(json_start_pos, cursor));
156
-
157
- try {
158
- var parsed = JSON.parse(json_mix_str.substring(json_start_pos, cursor));
159
- console.log('AIOS: JSON re-parse successful');
160
- return analyse ? { parsed: parsed, json_start_pos: json_start_pos, json_last_pos: cursor } : parsed;
161
- } catch (e) {
162
- // Throw it again, so that our function works just like JSON.parse() in its behaviour.
163
- throw e;
164
- }
165
- }
166
- }
167
-
168
- throw "AIOS: could not parse the JSON";
169
 
170
  }
171
 
172
  jQuery(function($) {
173
- //Add Generic Admin Dashboard JS Code in this file
174
-
175
- //Media Uploader - start
176
- function aiowps_attach_media_uploader(key) {
177
- jQuery('#' + key + '_button').on('click', function() {
178
- text_element = jQuery('#' + key).attr('name');
179
- button_element = jQuery('#' + key + '_button').attr('name');
180
- tb_show('All In One Security - Please Select a File', 'media-upload.php?referer=aiowpsec&amp;TB_iframe=true&amp;post_id=0width=640&amp;height=485');
181
- return false;
182
- });
183
- window.send_to_editor = function(html) {
184
- var self_element = text_element;
185
- fileurl = jQuery(html).attr('href');
186
- jQuery('#' + self_element).val(fileurl);
187
- tb_remove();
188
- };
189
- }
190
-
191
- var current_admin_page = getParameterByName('page'); //check query arg of loaded page to see if a gallery needs wm processing
192
- if(current_admin_page == 'aiowpsec_maintenance'){
193
- //don't load custom uploader stuff because we want to use standard wp uploader code
194
- }else{
195
- aiowps_attach_media_uploader('aiowps_htaccess_file');
196
- aiowps_attach_media_uploader('aiowps_wp_config_file');
197
- aiowps_attach_media_uploader('aiowps_import_settings_file');
198
- aiowps_attach_media_uploader('aiowps_db_file'); //TODO - for future use when we implement DB restore
199
-
200
- }
201
- //End of Media Uploader
202
-
203
- //Triggers the more info toggle link
204
- $(".aiowps_more_info_body").hide();//hide the more info on page load
205
- $('.aiowps_more_info_anchor').on('click', function() {
206
- $(this).next(".aiowps_more_info_body").animate({ "height": "toggle"});
207
- var toogle_char_ref = $(this).find(".aiowps_more_info_toggle_char");
208
- var toggle_char_value = toogle_char_ref.text();
209
- if(toggle_char_value === "+"){
210
- toogle_char_ref.text("-");
211
- }
212
- else{
213
- toogle_char_ref.text("+");
214
- }
215
- });
216
- //End of more info toggle
217
-
218
- //This function uses javascript to retrieve a query arg from the current page URL
219
- function getParameterByName(name) {
220
- var url = window.location.href;
221
- name = name.replace(/[\[\]]/g, "\\$&");
222
- var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
223
- results = regex.exec(url);
224
- if (!results) return null;
225
- if (!results[2]) return '';
226
- return decodeURIComponent(results[2].replace(/\+/g, " "));
227
- }
 
 
 
 
228
 
229
  // Start of brute force attack prevention toggle handling
230
  jQuery('input[name=aiowps_enable_brute_force_attack_prevention]').on('click', function() {
@@ -235,6 +239,15 @@ jQuery(function($) {
235
  });
236
  // End of brute force attack prevention toggle handling
237
 
 
 
 
 
 
 
 
 
 
238
  /**
239
  * Take a backup with UpdraftPlus if possible.
240
  *
@@ -254,18 +267,18 @@ jQuery(function($) {
254
  }, file_entities, 'autobackup', 0, exclude_files, 0);
255
  }
256
  }
257
- if (jQuery('#aios-manual-db-backup-now').length) {
258
- jQuery('#aios-manual-db-backup-now').on('click', function (e) {
259
- e.preventDefault();
260
- take_a_backup_with_updraftplus();
261
- });
262
- }
263
-
264
- // Hide 2FA premium section (advertisements) for free.
265
- if (jQuery('.tfa-premium').length && 0 == jQuery('#tfa_trusted_for').length) {
266
- jQuery('.tfa-premium').parent().find('hr').first().hide();
267
- jQuery('.tfa-premium').hide();
268
- }
269
 
270
 
271
  // Start of trash spam comments toggle handling
16
  */
17
  function aios_send_command(action, data, callback, options) {
18
 
19
+ default_options = {
20
+ json_parse: true,
21
+ alert_on_error: true,
22
+ action: 'aios_ajax',
23
+ nonce: aios_data.ajax_nonce,
24
+ nonce_key: 'nonce',
25
+ timeout: null,
26
+ async: true,
27
+ type: 'POST'
28
+ };
29
+
30
+ if ('undefined' === typeof options) options = {};
31
+
32
+ for (var opt in default_options) {
33
+ if (!options.hasOwnProperty(opt)) { options[opt] = default_options[opt]; }
34
+ }
35
+
36
+ var ajax_data = {
37
+ action: options.action,
38
+ subaction: action,
39
+ };
40
+
41
+ ajax_data[options.nonce_key] = options.nonce;
42
+ ajax_data.data = data;
43
+
44
+ var ajax_opts = {
45
+ type: options.type,
46
+ url: ajaxurl,
47
+ data: ajax_data,
48
+ success: function(response, status) {
49
+ if (options.json_parse) {
50
+ try {
51
+ var resp = aios_parse_json(response);
52
+ } catch (e) {
53
+ if ('function' == typeof options.error_callback) {
54
+ return options.error_callback(response, e, 502, resp);
55
+ } else {
56
+ console.log(e);
57
+ console.log(response);
58
+ if (options.alert_on_error) { alert(aios_trans.unexpected_response+' '+response); }
59
+ return;
60
+ }
61
+ }
62
+ if (resp.hasOwnProperty('fatal_error')) {
63
+ if ('function' == typeof options.error_callback) {
64
+ // 500 is internal server error code
65
+ return options.error_callback(response, status, 500, resp);
66
+ } else {
67
+ console.error(resp.fatal_error_message);
68
+ if (options.alert_on_error) { alert(resp.fatal_error_message); }
69
+ return false;
70
+ }
71
+ }
72
+ if ('function' == typeof callback) callback(resp, status, response);
73
+ } else {
74
+ if ('function' == typeof callback) callback(response, status);
75
+ }
76
+ },
77
+ error: function(response, status, error_code) {
78
+ if ('function' == typeof options.error_callback) {
79
+ options.error_callback(response, status, error_code);
80
+ } else {
81
+ console.log("aios_send_command: error: "+status+" ("+error_code+")");
82
+ console.log(response);
83
+ }
84
+ },
85
+ dataType: 'text',
86
+ async: options.async
87
+ };
88
+
89
+ if (null != options.timeout) { ajax_opts.timeout = options.timeout; }
90
+
91
+ jQuery.ajax(ajax_opts);
92
 
93
  }
94
 
104
  */
105
  function aios_parse_json(json_mix_str, analyse) {
106
 
107
+ analyse = ('undefined' === typeof analyse) ? false : true;
108
+
109
+ // Just try it - i.e. the 'default' case where things work (which can include extra whitespace/line-feeds, and simple strings, etc.).
110
+ if (!analyse) {
111
+ try {
112
+ var result = JSON.parse(json_mix_str);
113
+ return result;
114
+ } catch (e) {
115
+ console.log('AIOS: Exception when trying to parse JSON (1) - will attempt to fix/re-parse based upon first/last curly brackets');
116
+ console.log(json_mix_str);
117
+ }
118
+ }
119
+
120
+ var json_start_pos = json_mix_str.indexOf('{');
121
+ var json_last_pos = json_mix_str.lastIndexOf('}');
122
+
123
+ // Case where some php notice may be added after or before json string
124
+ if (json_start_pos > -1 && json_last_pos > -1) {
125
+ var json_str = json_mix_str.slice(json_start_pos, json_last_pos + 1);
126
+ try {
127
+ var parsed = JSON.parse(json_str);
128
+ if (!analyse) { console.log('AIOS: JSON re-parse successful'); }
129
+ return analyse ? { parsed: parsed, json_start_pos: json_start_pos, json_last_pos: json_last_pos + 1 } : parsed;
130
+ } catch (e) {
131
+ console.log('AIOS: Exception when trying to parse JSON (2) - will attempt to fix/re-parse based upon bracket counting');
132
+
133
+ var cursor = json_start_pos;
134
+ var open_count = 0;
135
+ var last_character = '';
136
+ var inside_string = false;
137
+
138
+ // Don't mistake this for a real JSON parser. Its aim is to improve the odds in real-world cases seen, not to arrive at universal perfection.
139
+ while ((open_count > 0 || cursor == json_start_pos) && cursor <= json_last_pos) {
140
+
141
+ var current_character = json_mix_str.charAt(cursor);
142
+
143
+ if (!inside_string && '{' == current_character) {
144
+ open_count++;
145
+ } else if (!inside_string && '}' == current_character) {
146
+ open_count--;
147
+ } else if ('"' == current_character && '\\' != last_character) {
148
+ inside_string = inside_string ? false : true;
149
+ }
150
+
151
+ last_character = current_character;
152
+ cursor++;
153
+ }
154
+ console.log("Started at cursor="+json_start_pos+", ended at cursor="+cursor+" with result following:");
155
+ console.log(json_mix_str.substring(json_start_pos, cursor));
156
+
157
+ try {
158
+ var parsed = JSON.parse(json_mix_str.substring(json_start_pos, cursor));
159
+ console.log('AIOS: JSON re-parse successful');
160
+ return analyse ? { parsed: parsed, json_start_pos: json_start_pos, json_last_pos: cursor } : parsed;
161
+ } catch (e) {
162
+ // Throw it again, so that our function works just like JSON.parse() in its behaviour.
163
+ throw e;
164
+ }
165
+ }
166
+ }
167
+
168
+ throw "AIOS: could not parse the JSON";
169
 
170
  }
171
 
172
  jQuery(function($) {
173
+ //Add Generic Admin Dashboard JS Code in this file
174
+
175
+ //Media Uploader - start
176
+ jQuery("#aiowps_restore_htaccess_form").submit(function(e) {
177
+ e.preventDefault();
178
+ aios_read_restore_file(this, 'htaccess');
179
+ });
180
+
181
+ jQuery("#aiowps_restore_wp_config_form").submit(function(e) {
182
+ e.preventDefault();
183
+ aios_read_restore_file(this, 'wp_config');
184
+ });
185
+
186
+ jQuery("#aiowps_restore_settings_form").submit(function(e) {
187
+ e.preventDefault();
188
+ aios_read_restore_file(this, 'import_settings');
189
+ });
190
+
191
+ function aios_read_restore_file(form, file) {
192
+ var aios_import_file_input = document.getElementById('aiowps_' + file + '_file');
193
+ if (aios_import_file_input.files.length == 0) {
194
+ alert(aios_trans.no_import_file);
195
+ return;
196
+ }
197
+ var aios_import_file_file = aios_import_file_input.files[0];
198
+ var aios_import_file_reader = new FileReader();
199
+ aios_import_file_reader.onload = function() {
200
+ jQuery('#aiowps_' + file + '_file_contents').val(this.result);
201
+ form.submit();
202
+ };
203
+ aios_import_file_reader.readAsText(aios_import_file_file);
204
+ }
205
+ //End of Media Uploader
206
+
207
+ // Triggers the more info toggle link
208
+ $(".aiowps_more_info_body").hide();//hide the more info on page load
209
+ $('.aiowps_more_info_anchor').on('click', function() {
210
+ $(this).next(".aiowps_more_info_body").animate({ "height": "toggle"});
211
+ var toogle_char_ref = $(this).find(".aiowps_more_info_toggle_char");
212
+ var toggle_char_value = toogle_char_ref.text();
213
+ if(toggle_char_value === "+"){
214
+ toogle_char_ref.text("-");
215
+ }
216
+ else{
217
+ toogle_char_ref.text("+");
218
+ }
219
+ });
220
+ //End of more info toggle
221
+
222
+ //This function uses javascript to retrieve a query arg from the current page URL
223
+ function getParameterByName(name) {
224
+ var url = window.location.href;
225
+ name = name.replace(/[\[\]]/g, "\\$&");
226
+ var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
227
+ results = regex.exec(url);
228
+ if (!results) return null;
229
+ if (!results[2]) return '';
230
+ return decodeURIComponent(results[2].replace(/\+/g, " "));
231
+ }
232
 
233
  // Start of brute force attack prevention toggle handling
234
  jQuery('input[name=aiowps_enable_brute_force_attack_prevention]').on('click', function() {
239
  });
240
  // End of brute force attack prevention toggle handling
241
 
242
+ // Start of CAPTCHA handling
243
+ jQuery('.wrap').on('change', '#aiowps_default_captcha', function () {
244
+ var selected_captcha = $(this).val();
245
+ jQuery('.captcha_settings').hide();
246
+ jQuery('#aios-'+ selected_captcha).show();
247
+
248
+ });
249
+ // End of CAPTCHA handling
250
+
251
  /**
252
  * Take a backup with UpdraftPlus if possible.
253
  *
267
  }, file_entities, 'autobackup', 0, exclude_files, 0);
268
  }
269
  }
270
+ if (jQuery('#aios-manual-db-backup-now').length) {
271
+ jQuery('#aios-manual-db-backup-now').on('click', function (e) {
272
+ e.preventDefault();
273
+ take_a_backup_with_updraftplus();
274
+ });
275
+ }
276
+
277
+ // Hide 2FA premium section (advertisements) for free.
278
+ if (jQuery('.tfa-premium').length && 0 == jQuery('#tfa_trusted_for').length) {
279
+ jQuery('.tfa-premium').parent().find('hr').first().hide();
280
+ jQuery('.tfa-premium').hide();
281
+ }
282
 
283
 
284
  // Start of trash spam comments toggle handling
languages/all-in-one-wp-security-and-firewall.pot CHANGED
@@ -28,75 +28,79 @@ msgstr ""
28
  msgid "Copied"
29
  msgstr ""
30
 
31
- #: src/admin/wp-security-admin-init.php:291
 
 
 
 
32
  msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
33
  msgstr ""
34
 
35
- #: src/admin/wp-security-admin-init.php:415, src/admin/wp-security-admin-init.php:415, src/classes/wp-security-two-factor-login.php:95, src/classes/wp-security-two-factor-login.php:95
36
  msgid "WP Security"
37
  msgstr ""
38
 
39
- #: src/admin/wp-security-admin-init.php:416, src/admin/wp-security-admin-init.php:416, src/admin/wp-security-dashboard-menu.php:26, src/admin/wp-security-dashboard-menu.php:76
40
  msgid "Dashboard"
41
  msgstr ""
42
 
43
- #: src/admin/wp-security-admin-init.php:417, src/admin/wp-security-admin-init.php:417, src/admin/wp-security-settings-menu.php:95
44
  msgid "Settings"
45
  msgstr ""
46
 
47
- #: src/admin/wp-security-admin-init.php:418, src/admin/wp-security-admin-init.php:418
48
  msgid "User Accounts"
49
  msgstr ""
50
 
51
- #: src/admin/wp-security-admin-init.php:419, src/admin/wp-security-admin-init.php:419
52
  msgid "User Login"
53
  msgstr ""
54
 
55
- #: src/admin/wp-security-admin-init.php:420, src/admin/wp-security-admin-init.php:420
56
  msgid "User Registration"
57
  msgstr ""
58
 
59
- #: src/admin/wp-security-admin-init.php:421, src/admin/wp-security-admin-init.php:421
60
  msgid "Database Security"
61
  msgstr ""
62
 
63
- #: src/admin/wp-security-admin-init.php:423, src/admin/wp-security-admin-init.php:423
64
  msgid "Filesystem Security"
65
  msgstr ""
66
 
67
- #: src/admin/wp-security-admin-init.php:426, src/admin/wp-security-admin-init.php:426
68
  msgid "Blacklist Manager"
69
  msgstr ""
70
 
71
- #: src/admin/wp-security-admin-init.php:429, src/admin/wp-security-admin-init.php:429, src/admin/wp-security-firewall-menu.php:62, src/admin/wp-security-firewall-menu.php:1318
72
  msgid "Firewall"
73
  msgstr ""
74
 
75
- #: src/admin/wp-security-admin-init.php:431, src/admin/wp-security-admin-init.php:431
76
  msgid "Brute Force"
77
  msgstr ""
78
 
79
- #: src/admin/wp-security-admin-init.php:432, src/admin/wp-security-admin-init.php:432
80
  msgid "Spam Prevention"
81
  msgstr ""
82
 
83
- #: src/admin/wp-security-admin-init.php:434, src/admin/wp-security-admin-init.php:434, src/admin/wp-security-filescan-menu.php:83
84
  msgid "Scanner"
85
  msgstr ""
86
 
87
- #: src/admin/wp-security-admin-init.php:436, src/admin/wp-security-admin-init.php:436, src/admin/wp-security-maintenance-menu.php:51
88
  msgid "Maintenance"
89
  msgstr ""
90
 
91
- #: src/admin/wp-security-admin-init.php:437, src/admin/wp-security-admin-init.php:437, src/admin/wp-security-misc-options-menu.php:57
92
  msgid "Miscellaneous"
93
  msgstr ""
94
 
95
- #: src/admin/wp-security-admin-init.php:438, src/admin/wp-security-admin-init.php:438, src/admin/wp-security-tools-menu.php:64
96
  msgid "Tools"
97
  msgstr ""
98
 
99
- #: src/admin/wp-security-admin-init.php:450
100
  msgid "Premium Upgrade"
101
  msgstr ""
102
 
@@ -208,11 +212,11 @@ msgstr ""
208
  msgid "Example 2 - A list of more than 1 user agent strings to block"
209
  msgstr ""
210
 
211
- #: src/admin/wp-security-blacklist-menu.php:232, src/admin/wp-security-brute-force-menu.php:235, src/admin/wp-security-brute-force-menu.php:725, src/admin/wp-security-brute-force-menu.php:848, src/admin/wp-security-brute-force-menu.php:914, src/admin/wp-security-filescan-menu.php:348, src/admin/wp-security-filesystem-menu.php:242, src/admin/wp-security-firewall-menu.php:947, src/admin/wp-security-firewall-menu.php:1131, src/admin/wp-security-misc-options-menu.php:167, src/admin/wp-security-misc-options-menu.php:218, src/admin/wp-security-misc-options-menu.php:278, src/admin/wp-security-settings-menu.php:618, src/admin/wp-security-settings-menu.php:679, src/admin/wp-security-spam-menu.php:233, src/admin/wp-security-spam-menu.php:407, src/admin/wp-security-spam-menu.php:526, src/admin/wp-security-spam-menu.php:588, src/admin/wp-security-user-login-menu.php:384, src/admin/wp-security-user-login-menu.php:422, src/admin/wp-security-user-login-menu.php:601, src/admin/wp-security-user-login-menu.php:788, src/admin/wp-security-user-registration-menu.php:150, src/admin/wp-security-user-registration-menu.php:242, src/admin/wp-security-user-registration-menu.php:305, src/templates/menus/settings/advanced-settings.php:217
212
  msgid "Save settings"
213
  msgstr ""
214
 
215
- #: src/admin/wp-security-brute-force-menu.php:52, src/admin/wp-security-brute-force-menu.php:801, src/admin/wp-security-dashboard-menu.php:651
216
  msgid "Rename login page"
217
  msgstr ""
218
 
@@ -220,11 +224,11 @@ msgstr ""
220
  msgid "Cookie based brute force prevention"
221
  msgstr ""
222
 
223
- #: src/admin/wp-security-brute-force-menu.php:54, src/classes/grade-system/wp-security-feature-item-manager.php:105
224
- msgid "Login CAPTCHA"
225
  msgstr ""
226
 
227
- #: src/admin/wp-security-brute-force-menu.php:55, src/admin/wp-security-brute-force-menu.php:788
228
  msgid "Login whitelist"
229
  msgstr ""
230
 
@@ -512,215 +516,99 @@ msgstr ""
512
  msgid "Save feature settings"
513
  msgstr ""
514
 
515
- #: src/admin/wp-security-brute-force-menu.php:557, src/classes/wp-security-general-init-tasks.php:624
516
  msgid "Your Google reCAPTCHA configuration is invalid."
517
  msgstr ""
518
 
519
- #: src/admin/wp-security-brute-force-menu.php:557
520
  msgid "Please enter the correct reCAPTCHA keys below to use the reCAPTCHA feature."
521
  msgstr ""
522
 
523
- #: src/admin/wp-security-brute-force-menu.php:565
524
- msgid "This feature allows you to add a CAPTCHA form on various WordPress login pages and forms."
525
- msgstr ""
526
-
527
- #: src/admin/wp-security-brute-force-menu.php:566
528
- msgid "Adding a CAPTCHA form on a login page or form is another effective yet simple \"Brute Force\" prevention technique."
529
- msgstr ""
530
-
531
- #: src/admin/wp-security-brute-force-menu.php:567
532
- msgid "You have the option of using either %s or a plain maths CAPTCHA form."
533
- msgstr ""
534
-
535
- #: src/admin/wp-security-brute-force-menu.php:568
536
- msgid "If you enable Google reCAPTCHA the reCAPTCHA widget will be displayed for all forms the CAPTCHA settings below."
537
- msgstr ""
538
-
539
- #: src/admin/wp-security-brute-force-menu.php:569
540
- msgid "If Google reCAPTCHA is disabled the simple maths CAPTCHA form will apply and users will need to enter the answer to a simple mathematical question."
541
- msgstr ""
542
-
543
- #: src/admin/wp-security-brute-force-menu.php:575
544
- msgid "Google reCAPTCHA settings"
545
- msgstr ""
546
-
547
- #: src/admin/wp-security-brute-force-menu.php:580
548
- msgid "By enabling these settings the Google reCAPTCHA v2 widget will be applied by default for all forms with CAPTCHA enabled."
549
- msgstr ""
550
-
551
- #: src/admin/wp-security-brute-force-menu.php:589
552
- msgid "reCAPTCHA will not work because you have disabled login lockout by activating the AIOS_DISABLE_LOGIN_LOCKOUT constant value in a configuration file."
553
- msgstr ""
554
-
555
- #: src/admin/wp-security-brute-force-menu.php:590
556
- msgid "To enable it, define AIOS_DISABLE_LOGIN_LOCKOUT constant value as false, or remove it."
557
- msgstr ""
558
-
559
- #: src/admin/wp-security-brute-force-menu.php:598
560
- msgid "Use Google reCAPTCHA as default"
561
- msgstr ""
562
-
563
- #: src/admin/wp-security-brute-force-menu.php:601
564
- msgid "Check this if you want to default to Google reCAPTCHA for all settings below. (If this is left unchecked, all CAPTCHA forms will revert to the plain maths CAPTCHA)"
565
- msgstr ""
566
-
567
- #: src/admin/wp-security-brute-force-menu.php:605
568
- msgid "Site key"
569
- msgstr ""
570
-
571
- #: src/admin/wp-security-brute-force-menu.php:611
572
- msgid "Secret key"
573
- msgstr ""
574
-
575
- #: src/admin/wp-security-brute-force-menu.php:620
576
- msgid "Login form CAPTCHA settings"
577
- msgstr ""
578
-
579
- #: src/admin/wp-security-brute-force-menu.php:629
580
- msgid "Enable CAPTCHA on login page"
581
- msgstr ""
582
-
583
- #: src/admin/wp-security-brute-force-menu.php:632
584
- msgid "Check this if you want to insert a CAPTCHA form on the login page."
585
- msgstr ""
586
-
587
- #: src/admin/wp-security-brute-force-menu.php:638
588
- msgid "Lost password form CAPTCHA settings"
589
- msgstr ""
590
-
591
- #: src/admin/wp-security-brute-force-menu.php:648
592
- msgid "Enable CAPTCHA on lost password page"
593
- msgstr ""
594
-
595
- #: src/admin/wp-security-brute-force-menu.php:651
596
- msgid "Check this if you want to insert a CAPTCHA form on the lost password page."
597
- msgstr ""
598
-
599
- #: src/admin/wp-security-brute-force-menu.php:657
600
- msgid "Custom login form CAPTCHA settings"
601
- msgstr ""
602
-
603
- #: src/admin/wp-security-brute-force-menu.php:666
604
- msgid "Enable CAPTCHA on custom login form"
605
- msgstr ""
606
-
607
- #: src/admin/wp-security-brute-force-menu.php:669
608
- msgid "Check this if you want to insert CAPTCHA on a custom login form generated by the following WP function: wp_login_form()"
609
- msgstr ""
610
-
611
- #: src/admin/wp-security-brute-force-menu.php:679
612
- msgid "WooCommerce forms CAPTCHA settings"
613
- msgstr ""
614
-
615
- #: src/admin/wp-security-brute-force-menu.php:688
616
- msgid "Enable CAPTCHA on WooCommerce login form"
617
- msgstr ""
618
-
619
- #: src/admin/wp-security-brute-force-menu.php:691
620
- msgid "Check this if you want to insert CAPTCHA on a WooCommerce login form."
621
- msgstr ""
622
-
623
- #: src/admin/wp-security-brute-force-menu.php:701
624
- msgid "Enable CAPTCHA on WooCommerce lost password form"
625
- msgstr ""
626
-
627
- #: src/admin/wp-security-brute-force-menu.php:704
628
- msgid "Check this if you want to insert CAPTCHA on a WooCommerce lost password form."
629
- msgstr ""
630
-
631
- #: src/admin/wp-security-brute-force-menu.php:714
632
- msgid "Enable CAPTCHA on WooCommerce registration form"
633
- msgstr ""
634
-
635
- #: src/admin/wp-security-brute-force-menu.php:717
636
- msgid "Check this if you want to insert CAPTCHA on a WooCommerce registration form."
637
- msgstr ""
638
-
639
- #: src/admin/wp-security-brute-force-menu.php:791
640
  msgid "The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page."
641
  msgstr ""
642
 
643
- #: src/admin/wp-security-brute-force-menu.php:792
644
  msgid "This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below."
645
  msgstr ""
646
 
647
- #: src/admin/wp-security-brute-force-menu.php:793
648
  msgid "The plugin achieves this by writing the appropriate directives to your .htaccess file."
649
  msgstr ""
650
 
651
- #: src/admin/wp-security-brute-force-menu.php:794
652
  msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
653
  msgstr ""
654
 
655
- #: src/admin/wp-security-brute-force-menu.php:800
656
  msgid "Cookie-Based brute force login prevention"
657
  msgstr ""
658
 
659
- #: src/admin/wp-security-brute-force-menu.php:802
660
  msgid "Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>."
661
  msgstr ""
662
 
663
- #: src/admin/wp-security-brute-force-menu.php:803
664
  msgid "These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security."
665
  msgstr ""
666
 
667
- #: src/admin/wp-security-brute-force-menu.php:814
668
  msgid "Login IP whitelist settings"
669
  msgstr ""
670
 
671
- #: src/admin/wp-security-brute-force-menu.php:825
672
  msgid "Enable IP whitelisting"
673
  msgstr ""
674
 
675
- #: src/admin/wp-security-brute-force-menu.php:828, src/admin/wp-security-user-login-menu.php:408
676
  msgid "Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below"
677
  msgstr ""
678
 
679
- #: src/admin/wp-security-brute-force-menu.php:832
680
  msgid "Your current IP address"
681
  msgstr ""
682
 
683
- #: src/admin/wp-security-brute-force-menu.php:835
684
  msgid "You can copy and paste this address in the text box below if you want to include it in your login whitelist."
685
  msgstr ""
686
 
687
- #: src/admin/wp-security-brute-force-menu.php:839, src/admin/wp-security-user-login-menu.php:412
688
  msgid "Enter whitelisted IP addresses:"
689
  msgstr ""
690
 
691
- #: src/admin/wp-security-brute-force-menu.php:843, src/admin/wp-security-user-login-menu.php:416
692
  msgid "Enter one or more IP addresses or IP ranges you wish to include in your whitelist."
693
  msgstr ""
694
 
695
- #: src/admin/wp-security-brute-force-menu.php:843
696
  msgid "Only the addresses specified here will have access to the WordPress login page."
697
  msgstr ""
698
 
699
- #: src/admin/wp-security-brute-force-menu.php:886
700
  msgid "This feature allows you to add a special hidden \"honeypot\" field on the WordPress login page. This will only be visible to robots and not humans."
701
  msgstr ""
702
 
703
- #: src/admin/wp-security-brute-force-menu.php:887
704
  msgid "Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field."
705
  msgstr ""
706
 
707
- #: src/admin/wp-security-brute-force-menu.php:888, src/admin/wp-security-user-registration-menu.php:278
708
  msgid "The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with."
709
  msgstr ""
710
 
711
- #: src/admin/wp-security-brute-force-menu.php:889
712
  msgid "Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1."
713
  msgstr ""
714
 
715
- #: src/admin/wp-security-brute-force-menu.php:895
716
  msgid "Login form honeypot settings"
717
  msgstr ""
718
 
719
- #: src/admin/wp-security-brute-force-menu.php:906
720
  msgid "Enable honeypot on login page"
721
  msgstr ""
722
 
723
- #: src/admin/wp-security-brute-force-menu.php:909
724
  msgid "Check this if you want to enable the honeypot feature for the login page"
725
  msgstr ""
726
 
@@ -1552,7 +1440,7 @@ msgstr ""
1552
  msgid "You have successfully saved the Prevent Access to Default WP Files configuration."
1553
  msgstr ""
1554
 
1555
- #: src/admin/wp-security-filesystem-menu.php:286, src/admin/wp-security-firewall-menu.php:128, src/admin/wp-security-firewall-menu.php:348, src/admin/wp-security-firewall-menu.php:615, src/admin/wp-security-firewall-menu.php:914, src/admin/wp-security-settings-menu.php:771, src/admin/wp-security-spam-menu.php:124
1556
  msgid "Could not write to the .htaccess file. Please check the file permissions."
1557
  msgstr ""
1558
 
@@ -3052,443 +2940,399 @@ msgstr ""
3052
  msgid "Import/Export"
3053
  msgstr ""
3054
 
3055
- #: src/admin/wp-security-settings-menu.php:128
3056
  msgid "All the security features have been disabled successfully!"
3057
  msgstr ""
3058
 
3059
- #: src/admin/wp-security-settings-menu.php:132, src/admin/wp-security-settings-menu.php:159
3060
  msgid "Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the \".htaccess File\"."
3061
  msgstr ""
3062
 
3063
- #: src/admin/wp-security-settings-menu.php:137
3064
  msgid "Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the \"wp-config.php File\"."
3065
  msgstr ""
3066
 
3067
- #: src/admin/wp-security-settings-menu.php:155
3068
  msgid "All firewall rules have been disabled successfully!"
3069
  msgstr ""
3070
 
3071
- #: src/admin/wp-security-settings-menu.php:177
3072
  msgid "Deletion of aio_wp_security_configs option and .htaccess directives failed."
3073
  msgstr ""
3074
 
3075
- #: src/admin/wp-security-settings-menu.php:179
3076
  msgid "Reset of aio_wp_security_configs option failed."
3077
  msgstr ""
3078
 
3079
- #: src/admin/wp-security-settings-menu.php:181
3080
  msgid "Deletion of .htaccess directives failed."
3081
  msgstr ""
3082
 
3083
- #: src/admin/wp-security-settings-menu.php:183
3084
  msgid "All settings have been successfully reset."
3085
  msgstr ""
3086
 
3087
- #: src/admin/wp-security-settings-menu.php:203
3088
  msgid "For information, updates and documentation, please visit the"
3089
  msgstr ""
3090
 
3091
- #: src/admin/wp-security-settings-menu.php:203
3092
  msgid "Page"
3093
  msgstr ""
3094
 
3095
- #: src/admin/wp-security-settings-menu.php:207
3096
  msgid "WP Security plugin"
3097
  msgstr ""
3098
 
3099
- #: src/admin/wp-security-settings-menu.php:211
3100
  msgid "Thank you for using the AIOS security plugin."
3101
  msgstr ""
3102
 
3103
- #: src/admin/wp-security-settings-menu.php:215
3104
  msgid "There are a lot of security features in this plugin."
3105
  msgstr ""
3106
 
3107
- #: src/admin/wp-security-settings-menu.php:220
3108
  msgid "To start, go through each security option and enable the \"basic\" options."
3109
  msgstr ""
3110
 
3111
- #: src/admin/wp-security-settings-menu.php:224
3112
  msgid "The more features you enable, the more security points you will achieve."
3113
  msgstr ""
3114
 
3115
- #: src/admin/wp-security-settings-menu.php:227
3116
  msgid "Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php."
3117
  msgstr ""
3118
 
3119
- #: src/admin/wp-security-settings-menu.php:230
3120
  msgid "Backup your database"
3121
  msgstr ""
3122
 
3123
- #: src/admin/wp-security-settings-menu.php:231, src/admin/wp-security-settings-menu.php:432
3124
  msgid "Backup .htaccess file"
3125
  msgstr ""
3126
 
3127
- #: src/admin/wp-security-settings-menu.php:232, src/admin/wp-security-settings-menu.php:533
3128
  msgid "Backup wp-config.php file"
3129
  msgstr ""
3130
 
3131
- #: src/admin/wp-security-settings-menu.php:239
3132
  msgid "Disable security features"
3133
  msgstr ""
3134
 
3135
- #: src/admin/wp-security-settings-menu.php:245
3136
  msgid "If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin."
3137
  msgstr ""
3138
 
3139
- #: src/admin/wp-security-settings-menu.php:249
3140
  msgid "Disable all security features"
3141
  msgstr ""
3142
 
3143
- #: src/admin/wp-security-settings-menu.php:256, src/admin/wp-security-settings-menu.php:266
3144
  msgid "Disable all firewall rules"
3145
  msgstr ""
3146
 
3147
- #: src/admin/wp-security-settings-menu.php:262
3148
  msgid "This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site."
3149
  msgstr ""
3150
 
3151
- #: src/admin/wp-security-settings-menu.php:273, src/admin/wp-security-settings-menu.php:286
3152
  msgid "Reset settings"
3153
  msgstr ""
3154
 
3155
- #: src/admin/wp-security-settings-menu.php:278
3156
  msgid "This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin."
3157
  msgstr ""
3158
 
3159
- #: src/admin/wp-security-settings-menu.php:279
3160
  msgid "This button click will reset/empty all the database tables of the security plugin also."
3161
  msgstr ""
3162
 
3163
- #: src/admin/wp-security-settings-menu.php:280
3164
  msgid "Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated."
3165
  msgstr ""
3166
 
3167
- #: src/admin/wp-security-settings-menu.php:281
3168
  msgid "In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin."
3169
  msgstr ""
3170
 
3171
- #: src/admin/wp-security-settings-menu.php:282
3172
  msgid "%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall Plugin."
3173
  msgstr ""
3174
 
3175
- #: src/admin/wp-security-settings-menu.php:294
3176
  msgid "Debug settings"
3177
  msgstr ""
3178
 
3179
- #: src/admin/wp-security-settings-menu.php:300
3180
  msgid "This setting allows you to enable/disable debug for this plugin."
3181
  msgstr ""
3182
 
3183
- #: src/admin/wp-security-settings-menu.php:306
3184
  msgid "Enable debug"
3185
  msgstr ""
3186
 
3187
- #: src/admin/wp-security-settings-menu.php:309
3188
  msgid "Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue."
3189
  msgstr ""
3190
 
3191
- #: src/admin/wp-security-settings-menu.php:313
3192
  msgid "Save debug settings"
3193
  msgstr ""
3194
 
3195
- #: src/admin/wp-security-settings-menu.php:349
3196
  msgid "Your .htaccess file was successfully backed up! Using an FTP program go to the \"/wp-content/aiowps_backups\" directory to save a copy of the file to your computer."
3197
  msgstr ""
3198
 
3199
- #: src/admin/wp-security-settings-menu.php:355
3200
  msgid "htaccess file rename failed during backup. Please check your root directory for the backup file using FTP."
3201
  msgstr ""
3202
 
3203
- #: src/admin/wp-security-settings-menu.php:361
3204
  msgid "htaccess backup failed."
3205
  msgstr ""
3206
 
3207
- #: src/admin/wp-security-settings-menu.php:376
3208
- msgid "Please choose a .htaccess to restore from."
3209
  msgstr ""
3210
 
3211
- #: src/admin/wp-security-settings-menu.php:391
3212
  msgid "htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP."
3213
  msgstr ""
3214
 
3215
- #: src/admin/wp-security-settings-menu.php:395
3216
- msgid "Your .htaccess file has successfully been restored!"
3217
  msgstr ""
3218
 
3219
- #: src/admin/wp-security-settings-menu.php:401
3220
- msgid "htaccess Restore operation failed! Please check the contents of the file you are trying to restore from."
3221
  msgstr ""
3222
 
3223
- #: src/admin/wp-security-settings-menu.php:407
3224
  msgid ".htaccess file operations"
3225
  msgstr ""
3226
 
3227
- #: src/admin/wp-security-settings-menu.php:410
3228
  msgid "Your \".htaccess\" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms."
3229
  msgstr ""
3230
 
3231
- #: src/admin/wp-security-settings-menu.php:411
3232
  msgid "This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future."
3233
  msgstr ""
3234
 
3235
- #: src/admin/wp-security-settings-menu.php:412
3236
  msgid "You can also restore your site's .htaccess settings using a backed up .htaccess file."
3237
  msgstr ""
3238
 
3239
- #: src/admin/wp-security-settings-menu.php:427
3240
  msgid "Save the current .htaccess file"
3241
  msgstr ""
3242
 
3243
- #: src/admin/wp-security-settings-menu.php:431
3244
  msgid "Click the button below to backup and save the currently active .htaccess file."
3245
  msgstr ""
3246
 
3247
- #: src/admin/wp-security-settings-menu.php:436
3248
  msgid "Restore from a backed up .htaccess file"
3249
  msgstr ""
3250
 
3251
- #: src/admin/wp-security-settings-menu.php:442
3252
  msgid ".htaccess file to restore from"
3253
  msgstr ""
3254
 
3255
- #: src/admin/wp-security-settings-menu.php:444
3256
- msgid "Select Your htaccess File"
3257
  msgstr ""
3258
 
3259
- #: src/admin/wp-security-settings-menu.php:448
3260
- msgid "After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt)."
3261
- msgstr ""
3262
-
3263
- #: src/admin/wp-security-settings-menu.php:454
3264
- msgid "Restore .htaccess file"
3265
- msgstr ""
3266
-
3267
- #: src/admin/wp-security-settings-menu.php:476
3268
  msgid "Please choose a wp-config.php file to restore from."
3269
  msgstr ""
3270
 
3271
- #: src/admin/wp-security-settings-menu.php:492
3272
  msgid "wp-config.php file restore failed. Please attempt to restore this file manually using FTP."
3273
  msgstr ""
3274
 
3275
- #: src/admin/wp-security-settings-menu.php:496
3276
- msgid "Your wp-config.php file has successfully been restored!"
3277
  msgstr ""
3278
 
3279
- #: src/admin/wp-security-settings-menu.php:502
3280
- msgid "wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from."
3281
  msgstr ""
3282
 
3283
- #: src/admin/wp-security-settings-menu.php:508
3284
  msgid "wp-config.php file operations"
3285
  msgstr ""
3286
 
3287
- #: src/admin/wp-security-settings-menu.php:511
3288
  msgid "Your \"wp-config.php\" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components."
3289
  msgstr ""
3290
 
3291
- #: src/admin/wp-security-settings-menu.php:512
3292
  msgid "This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future."
3293
  msgstr ""
3294
 
3295
- #: src/admin/wp-security-settings-menu.php:513
3296
  msgid "You can also restore your site's wp-config.php settings using a backed up wp-config.php file."
3297
  msgstr ""
3298
 
3299
- #: src/admin/wp-security-settings-menu.php:528
3300
  msgid "Save the current wp-config.php file"
3301
  msgstr ""
3302
 
3303
- #: src/admin/wp-security-settings-menu.php:532
3304
  msgid "Click the button below to backup and download the contents of the currently active wp-config.php file."
3305
  msgstr ""
3306
 
3307
- #: src/admin/wp-security-settings-menu.php:538
3308
  msgid "Restore from a backed up wp-config file"
3309
  msgstr ""
3310
 
3311
- #: src/admin/wp-security-settings-menu.php:544
3312
  msgid "wp-config file to restore from"
3313
  msgstr ""
3314
 
3315
- #: src/admin/wp-security-settings-menu.php:546
3316
- msgid "Select Your wp-config File"
3317
  msgstr ""
3318
 
3319
- #: src/admin/wp-security-settings-menu.php:550
3320
- msgid "After selecting your file click the button below to restore your site using the backed up wp-config file (wp-config.php.backup.txt)."
3321
- msgstr ""
3322
-
3323
- #: src/admin/wp-security-settings-menu.php:556
3324
- msgid "Restore wp-config file"
3325
- msgstr ""
3326
-
3327
- #: src/admin/wp-security-settings-menu.php:560
3328
  msgid "View Contents of the currently active wp-config.php file"
3329
  msgstr ""
3330
 
3331
- #: src/admin/wp-security-settings-menu.php:590
3332
  msgid "Manage delete plugin settings saved."
3333
  msgstr ""
3334
 
3335
- #: src/admin/wp-security-settings-menu.php:595
3336
  msgid "Manage delete plugin tasks"
3337
  msgstr ""
3338
 
3339
- #: src/admin/wp-security-settings-menu.php:602
3340
  msgid "Delete database tables"
3341
  msgstr ""
3342
 
3343
- #: src/admin/wp-security-settings-menu.php:605
3344
  msgid "Check this if you want to remove database tables when the plugin is uninstalled."
3345
  msgstr ""
3346
 
3347
- #: src/admin/wp-security-settings-menu.php:609
3348
  msgid "Delete settings"
3349
  msgstr ""
3350
 
3351
- #: src/admin/wp-security-settings-menu.php:612
3352
  msgid "Check this if you want to remove all plugin settings when uninstalling the plugin."
3353
  msgstr ""
3354
 
3355
- #: src/admin/wp-security-settings-menu.php:612
3356
  msgid "It will also remove all custom htaccess rules that were added by this plugin."
3357
  msgstr ""
3358
 
3359
- #: src/admin/wp-security-settings-menu.php:646
3360
  msgid "WP generator meta tag and version info"
3361
  msgstr ""
3362
 
3363
- #: src/admin/wp-security-settings-menu.php:649
3364
  msgid "WordPress generator automatically adds some meta information inside the \"head\" tags of every page on your site's front end. Below is an example of this:"
3365
  msgstr ""
3366
 
3367
- #: src/admin/wp-security-settings-menu.php:651
3368
  msgid "The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit."
3369
  msgstr ""
3370
 
3371
- #: src/admin/wp-security-settings-menu.php:652
3372
  msgid "There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:"
3373
  msgstr ""
3374
 
3375
- #: src/admin/wp-security-settings-menu.php:654
3376
  msgid "This feature will allow you to remove the WP generator meta info and other version info from your site's pages."
3377
  msgstr ""
3378
 
3379
- #: src/admin/wp-security-settings-menu.php:660
3380
  msgid "WP generator meta info"
3381
  msgstr ""
3382
 
3383
- #: src/admin/wp-security-settings-menu.php:672
3384
  msgid "Remove WP generator meta info"
3385
  msgstr ""
3386
 
3387
- #: src/admin/wp-security-settings-menu.php:675
3388
  msgid "Check this if you want to remove the version and meta info produced by WP from all pages"
3389
  msgstr ""
3390
 
3391
- #: src/admin/wp-security-settings-menu.php:703
3392
  msgid "Please choose a file to import your settings from."
3393
  msgstr ""
3394
 
3395
- #: src/admin/wp-security-settings-menu.php:735
3396
- msgid "Import AIOS settings from .$import_from. operation failed!"
3397
- msgstr ""
3398
-
3399
- #: src/admin/wp-security-settings-menu.php:741, src/admin/wp-security-settings-menu.php:785
3400
- msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes."
3401
- msgstr ""
3402
-
3403
- #: src/admin/wp-security-settings-menu.php:743, src/admin/wp-security-settings-menu.php:787
3404
- msgid "The file you uploaded was also deleted for security purposes because it contains security settings details."
3405
  msgstr ""
3406
 
3407
- #: src/admin/wp-security-settings-menu.php:758
3408
- msgid "Your AIOS settings were successfully imported via file input."
3409
  msgstr ""
3410
 
3411
- #: src/admin/wp-security-settings-menu.php:759
3412
- msgid "The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details."
3413
- msgstr ""
3414
-
3415
- #: src/admin/wp-security-settings-menu.php:761
3416
- msgid "Your AIOS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details."
3417
- msgstr ""
3418
-
3419
- #: src/admin/wp-security-settings-menu.php:764
3420
- msgid "Your AIOS settings were successfully imported via text entry."
3421
- msgstr ""
3422
-
3423
- #: src/admin/wp-security-settings-menu.php:779
3424
  msgid "The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from."
3425
  msgstr ""
3426
 
3427
- #: src/admin/wp-security-settings-menu.php:796
3428
  msgid "Export or import your AIOS settings"
3429
  msgstr ""
3430
 
3431
- #: src/admin/wp-security-settings-menu.php:799
3432
  msgid "This section allows you to export or import your All In One WP Security & Firewall settings."
3433
  msgstr ""
3434
 
3435
- #: src/admin/wp-security-settings-menu.php:800
3436
  msgid "This can be handy if you wanted to save time by applying the settings from one site to another site."
3437
  msgstr ""
3438
 
3439
- #: src/admin/wp-security-settings-menu.php:801
3440
  msgid "NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site."
3441
  msgstr ""
3442
 
3443
- #: src/admin/wp-security-settings-menu.php:802
3444
  msgid "For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain."
3445
  msgstr ""
3446
 
3447
- #: src/admin/wp-security-settings-menu.php:808, src/admin/wp-security-settings-menu.php:817
3448
  msgid "Export AIOS settings"
3449
  msgstr ""
3450
 
3451
- #: src/admin/wp-security-settings-menu.php:814
3452
  msgid "To export your All In One WP Security & Firewall settings click the button below."
3453
  msgstr ""
3454
 
3455
- #: src/admin/wp-security-settings-menu.php:821, src/admin/wp-security-settings-menu.php:850
3456
  msgid "Import AIOS settings"
3457
  msgstr ""
3458
 
3459
- #: src/admin/wp-security-settings-menu.php:827
3460
- msgid "Use this section to import your All In One WP Security & Firewall settings from a file. Alternatively, copy/paste the contents of your import file into the textarea below."
3461
  msgstr ""
3462
 
3463
- #: src/admin/wp-security-settings-menu.php:829
3464
- msgid "Import file"
3465
  msgstr ""
3466
 
3467
- #: src/admin/wp-security-settings-menu.php:832
3468
  msgid "Select Your Import Settings File"
3469
  msgstr ""
3470
 
3471
- #: src/admin/wp-security-settings-menu.php:836
3472
- msgid "After selecting your file, click the button below to apply the settings to your site."
3473
- msgstr ""
3474
-
3475
- #: src/admin/wp-security-settings-menu.php:843
3476
- msgid "Copy/Paste import data"
3477
- msgstr ""
3478
-
3479
- #: src/admin/wp-security-settings-menu.php:892
3480
  msgid "Default - if correct, then this is the best option"
3481
  msgstr ""
3482
 
3483
- #: src/admin/wp-security-settings-menu.php:893
3484
  msgid "Only use if you're using Cloudflare."
3485
  msgstr ""
3486
 
3487
- #: src/admin/wp-security-settings-menu.php:901
3488
  msgid "(current value: %s)"
3489
  msgstr ""
3490
 
3491
- #: src/admin/wp-security-settings-menu.php:904
3492
  msgid "no value (i.e. empty) on your server"
3493
  msgstr ""
3494
 
@@ -4556,6 +4400,10 @@ msgstr ""
4556
  msgid "Enable rename login page"
4557
  msgstr ""
4558
 
 
 
 
 
4559
  #: src/classes/grade-system/wp-security-feature-item-manager.php:106
4560
  msgid "Lost password CAPTCHA"
4561
  msgstr ""
@@ -4616,87 +4464,87 @@ msgstr ""
4616
  msgid "Advanced"
4617
  msgstr ""
4618
 
4619
- #: src/classes/wp-security-captcha.php:47, src/classes/wp-security-general-init-tasks.php:389
4620
  msgid "Please enter an answer in digits:"
4621
  msgstr ""
4622
 
4623
- #: src/classes/wp-security-captcha.php:127
4624
  msgid "one"
4625
  msgstr ""
4626
 
4627
- #: src/classes/wp-security-captcha.php:128
4628
  msgid "two"
4629
  msgstr ""
4630
 
4631
- #: src/classes/wp-security-captcha.php:129
4632
  msgid "three"
4633
  msgstr ""
4634
 
4635
- #: src/classes/wp-security-captcha.php:130
4636
  msgid "four"
4637
  msgstr ""
4638
 
4639
- #: src/classes/wp-security-captcha.php:131
4640
  msgid "five"
4641
  msgstr ""
4642
 
4643
- #: src/classes/wp-security-captcha.php:132
4644
  msgid "six"
4645
  msgstr ""
4646
 
4647
- #: src/classes/wp-security-captcha.php:133
4648
  msgid "seven"
4649
  msgstr ""
4650
 
4651
- #: src/classes/wp-security-captcha.php:134
4652
  msgid "eight"
4653
  msgstr ""
4654
 
4655
- #: src/classes/wp-security-captcha.php:135
4656
  msgid "nine"
4657
  msgstr ""
4658
 
4659
- #: src/classes/wp-security-captcha.php:136
4660
  msgid "ten"
4661
  msgstr ""
4662
 
4663
- #: src/classes/wp-security-captcha.php:137
4664
  msgid "eleven"
4665
  msgstr ""
4666
 
4667
- #: src/classes/wp-security-captcha.php:138
4668
  msgid "twelve"
4669
  msgstr ""
4670
 
4671
- #: src/classes/wp-security-captcha.php:139
4672
  msgid "thirteen"
4673
  msgstr ""
4674
 
4675
- #: src/classes/wp-security-captcha.php:140
4676
  msgid "fourteen"
4677
  msgstr ""
4678
 
4679
- #: src/classes/wp-security-captcha.php:141
4680
  msgid "fifteen"
4681
  msgstr ""
4682
 
4683
- #: src/classes/wp-security-captcha.php:142
4684
  msgid "sixteen"
4685
  msgstr ""
4686
 
4687
- #: src/classes/wp-security-captcha.php:143
4688
  msgid "seventeen"
4689
  msgstr ""
4690
 
4691
- #: src/classes/wp-security-captcha.php:144
4692
  msgid "eighteen"
4693
  msgstr ""
4694
 
4695
- #: src/classes/wp-security-captcha.php:145
4696
  msgid "nineteen"
4697
  msgstr ""
4698
 
4699
- #: src/classes/wp-security-captcha.php:146
4700
  msgid "twenty"
4701
  msgstr ""
4702
 
@@ -5740,6 +5588,102 @@ msgstr ""
5740
  msgid "You are using the non-apache server %s, so this feature won't work on your site."
5741
  msgstr ""
5742
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5743
  #: src/wp-security-core.php:254, src/wp-security.php:45
5744
  msgid "This plugin requires PHP version %s."
5745
  msgstr ""
28
  msgid "Copied"
29
  msgstr ""
30
 
31
+ #: src/admin/wp-security-admin-init.php:261
32
+ msgid "You have not yet selected a file to import."
33
+ msgstr ""
34
+
35
+ #: src/admin/wp-security-admin-init.php:292
36
  msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
37
  msgstr ""
38
 
39
+ #: src/admin/wp-security-admin-init.php:416, src/admin/wp-security-admin-init.php:416, src/classes/wp-security-two-factor-login.php:95, src/classes/wp-security-two-factor-login.php:95
40
  msgid "WP Security"
41
  msgstr ""
42
 
43
+ #: src/admin/wp-security-admin-init.php:417, src/admin/wp-security-admin-init.php:417, src/admin/wp-security-dashboard-menu.php:26, src/admin/wp-security-dashboard-menu.php:76
44
  msgid "Dashboard"
45
  msgstr ""
46
 
47
+ #: src/admin/wp-security-admin-init.php:418, src/admin/wp-security-admin-init.php:418, src/admin/wp-security-settings-menu.php:95
48
  msgid "Settings"
49
  msgstr ""
50
 
51
+ #: src/admin/wp-security-admin-init.php:419, src/admin/wp-security-admin-init.php:419
52
  msgid "User Accounts"
53
  msgstr ""
54
 
55
+ #: src/admin/wp-security-admin-init.php:420, src/admin/wp-security-admin-init.php:420
56
  msgid "User Login"
57
  msgstr ""
58
 
59
+ #: src/admin/wp-security-admin-init.php:421, src/admin/wp-security-admin-init.php:421
60
  msgid "User Registration"
61
  msgstr ""
62
 
63
+ #: src/admin/wp-security-admin-init.php:422, src/admin/wp-security-admin-init.php:422
64
  msgid "Database Security"
65
  msgstr ""
66
 
67
+ #: src/admin/wp-security-admin-init.php:424, src/admin/wp-security-admin-init.php:424
68
  msgid "Filesystem Security"
69
  msgstr ""
70
 
71
+ #: src/admin/wp-security-admin-init.php:427, src/admin/wp-security-admin-init.php:427
72
  msgid "Blacklist Manager"
73
  msgstr ""
74
 
75
+ #: src/admin/wp-security-admin-init.php:430, src/admin/wp-security-admin-init.php:430, src/admin/wp-security-firewall-menu.php:62, src/admin/wp-security-firewall-menu.php:1318
76
  msgid "Firewall"
77
  msgstr ""
78
 
79
+ #: src/admin/wp-security-admin-init.php:432, src/admin/wp-security-admin-init.php:432
80
  msgid "Brute Force"
81
  msgstr ""
82
 
83
+ #: src/admin/wp-security-admin-init.php:433, src/admin/wp-security-admin-init.php:433
84
  msgid "Spam Prevention"
85
  msgstr ""
86
 
87
+ #: src/admin/wp-security-admin-init.php:435, src/admin/wp-security-admin-init.php:435, src/admin/wp-security-filescan-menu.php:83
88
  msgid "Scanner"
89
  msgstr ""
90
 
91
+ #: src/admin/wp-security-admin-init.php:437, src/admin/wp-security-admin-init.php:437, src/admin/wp-security-maintenance-menu.php:51
92
  msgid "Maintenance"
93
  msgstr ""
94
 
95
+ #: src/admin/wp-security-admin-init.php:438, src/admin/wp-security-admin-init.php:438, src/admin/wp-security-misc-options-menu.php:57
96
  msgid "Miscellaneous"
97
  msgstr ""
98
 
99
+ #: src/admin/wp-security-admin-init.php:439, src/admin/wp-security-admin-init.php:439, src/admin/wp-security-tools-menu.php:64
100
  msgid "Tools"
101
  msgstr ""
102
 
103
+ #: src/admin/wp-security-admin-init.php:451
104
  msgid "Premium Upgrade"
105
  msgstr ""
106
 
212
  msgid "Example 2 - A list of more than 1 user agent strings to block"
213
  msgstr ""
214
 
215
+ #: src/admin/wp-security-blacklist-menu.php:232, src/admin/wp-security-brute-force-menu.php:235, src/admin/wp-security-brute-force-menu.php:688, src/admin/wp-security-brute-force-menu.php:754, src/admin/wp-security-filescan-menu.php:348, src/admin/wp-security-filesystem-menu.php:242, src/admin/wp-security-firewall-menu.php:947, src/admin/wp-security-firewall-menu.php:1131, src/admin/wp-security-misc-options-menu.php:167, src/admin/wp-security-misc-options-menu.php:218, src/admin/wp-security-misc-options-menu.php:278, src/admin/wp-security-settings-menu.php:556, src/admin/wp-security-settings-menu.php:615, src/admin/wp-security-spam-menu.php:233, src/admin/wp-security-spam-menu.php:407, src/admin/wp-security-spam-menu.php:526, src/admin/wp-security-spam-menu.php:588, src/admin/wp-security-user-login-menu.php:384, src/admin/wp-security-user-login-menu.php:422, src/admin/wp-security-user-login-menu.php:601, src/admin/wp-security-user-login-menu.php:788, src/admin/wp-security-user-registration-menu.php:150, src/admin/wp-security-user-registration-menu.php:242, src/admin/wp-security-user-registration-menu.php:305, src/templates/menus/settings/advanced-settings.php:217, src/templates/wp-admin/brute-force/captcha-settings.php:169
216
  msgid "Save settings"
217
  msgstr ""
218
 
219
+ #: src/admin/wp-security-brute-force-menu.php:52, src/admin/wp-security-brute-force-menu.php:641, src/admin/wp-security-dashboard-menu.php:651
220
  msgid "Rename login page"
221
  msgstr ""
222
 
224
  msgid "Cookie based brute force prevention"
225
  msgstr ""
226
 
227
+ #: src/admin/wp-security-brute-force-menu.php:54, src/templates/wp-admin/brute-force/captcha-settings.php:5
228
+ msgid "CAPTCHA settings"
229
  msgstr ""
230
 
231
+ #: src/admin/wp-security-brute-force-menu.php:55, src/admin/wp-security-brute-force-menu.php:628
232
  msgid "Login whitelist"
233
  msgstr ""
234
 
516
  msgid "Save feature settings"
517
  msgstr ""
518
 
519
+ #: src/admin/wp-security-brute-force-menu.php:562, src/classes/wp-security-general-init-tasks.php:624
520
  msgid "Your Google reCAPTCHA configuration is invalid."
521
  msgstr ""
522
 
523
+ #: src/admin/wp-security-brute-force-menu.php:562
524
  msgid "Please enter the correct reCAPTCHA keys below to use the reCAPTCHA feature."
525
  msgstr ""
526
 
527
+ #: src/admin/wp-security-brute-force-menu.php:631
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
528
  msgid "The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page."
529
  msgstr ""
530
 
531
+ #: src/admin/wp-security-brute-force-menu.php:632
532
  msgid "This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below."
533
  msgstr ""
534
 
535
+ #: src/admin/wp-security-brute-force-menu.php:633
536
  msgid "The plugin achieves this by writing the appropriate directives to your .htaccess file."
537
  msgstr ""
538
 
539
+ #: src/admin/wp-security-brute-force-menu.php:634
540
  msgid "By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page."
541
  msgstr ""
542
 
543
+ #: src/admin/wp-security-brute-force-menu.php:640
544
  msgid "Cookie-Based brute force login prevention"
545
  msgstr ""
546
 
547
+ #: src/admin/wp-security-brute-force-menu.php:642
548
  msgid "Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>."
549
  msgstr ""
550
 
551
+ #: src/admin/wp-security-brute-force-menu.php:643
552
  msgid "These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security."
553
  msgstr ""
554
 
555
+ #: src/admin/wp-security-brute-force-menu.php:654
556
  msgid "Login IP whitelist settings"
557
  msgstr ""
558
 
559
+ #: src/admin/wp-security-brute-force-menu.php:665
560
  msgid "Enable IP whitelisting"
561
  msgstr ""
562
 
563
+ #: src/admin/wp-security-brute-force-menu.php:668, src/admin/wp-security-user-login-menu.php:408
564
  msgid "Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below"
565
  msgstr ""
566
 
567
+ #: src/admin/wp-security-brute-force-menu.php:672
568
  msgid "Your current IP address"
569
  msgstr ""
570
 
571
+ #: src/admin/wp-security-brute-force-menu.php:675
572
  msgid "You can copy and paste this address in the text box below if you want to include it in your login whitelist."
573
  msgstr ""
574
 
575
+ #: src/admin/wp-security-brute-force-menu.php:679, src/admin/wp-security-user-login-menu.php:412
576
  msgid "Enter whitelisted IP addresses:"
577
  msgstr ""
578
 
579
+ #: src/admin/wp-security-brute-force-menu.php:683, src/admin/wp-security-user-login-menu.php:416
580
  msgid "Enter one or more IP addresses or IP ranges you wish to include in your whitelist."
581
  msgstr ""
582
 
583
+ #: src/admin/wp-security-brute-force-menu.php:683
584
  msgid "Only the addresses specified here will have access to the WordPress login page."
585
  msgstr ""
586
 
587
+ #: src/admin/wp-security-brute-force-menu.php:726
588
  msgid "This feature allows you to add a special hidden \"honeypot\" field on the WordPress login page. This will only be visible to robots and not humans."
589
  msgstr ""
590
 
591
+ #: src/admin/wp-security-brute-force-menu.php:727
592
  msgid "Since robots usually fill in every input field from a login form, they will also submit a value for the special hidden honeypot field."
593
  msgstr ""
594
 
595
+ #: src/admin/wp-security-brute-force-menu.php:728, src/admin/wp-security-user-registration-menu.php:278
596
  msgid "The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with."
597
  msgstr ""
598
 
599
+ #: src/admin/wp-security-brute-force-menu.php:729
600
  msgid "Therefore, if the plugin detects that this field has a value when the login form is submitted, then the robot which is attempting to login to your site will be redirected to its localhost address - http://127.0.0.1."
601
  msgstr ""
602
 
603
+ #: src/admin/wp-security-brute-force-menu.php:735
604
  msgid "Login form honeypot settings"
605
  msgstr ""
606
 
607
+ #: src/admin/wp-security-brute-force-menu.php:746
608
  msgid "Enable honeypot on login page"
609
  msgstr ""
610
 
611
+ #: src/admin/wp-security-brute-force-menu.php:749
612
  msgid "Check this if you want to enable the honeypot feature for the login page"
613
  msgstr ""
614
 
1440
  msgid "You have successfully saved the Prevent Access to Default WP Files configuration."
1441
  msgstr ""
1442
 
1443
+ #: src/admin/wp-security-filesystem-menu.php:286, src/admin/wp-security-firewall-menu.php:128, src/admin/wp-security-firewall-menu.php:348, src/admin/wp-security-firewall-menu.php:615, src/admin/wp-security-firewall-menu.php:914, src/admin/wp-security-settings-menu.php:667, src/admin/wp-security-spam-menu.php:124
1444
  msgid "Could not write to the .htaccess file. Please check the file permissions."
1445
  msgstr ""
1446
 
2940
  msgid "Import/Export"
2941
  msgstr ""
2942
 
2943
+ #: src/admin/wp-security-settings-menu.php:125
2944
  msgid "All the security features have been disabled successfully!"
2945
  msgstr ""
2946
 
2947
+ #: src/admin/wp-security-settings-menu.php:127, src/admin/wp-security-settings-menu.php:148
2948
  msgid "Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the \".htaccess File\"."
2949
  msgstr ""
2950
 
2951
+ #: src/admin/wp-security-settings-menu.php:131
2952
  msgid "Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the \"wp-config.php File\"."
2953
  msgstr ""
2954
 
2955
+ #: src/admin/wp-security-settings-menu.php:146
2956
  msgid "All firewall rules have been disabled successfully!"
2957
  msgstr ""
2958
 
2959
+ #: src/admin/wp-security-settings-menu.php:166
2960
  msgid "Deletion of aio_wp_security_configs option and .htaccess directives failed."
2961
  msgstr ""
2962
 
2963
+ #: src/admin/wp-security-settings-menu.php:168
2964
  msgid "Reset of aio_wp_security_configs option failed."
2965
  msgstr ""
2966
 
2967
+ #: src/admin/wp-security-settings-menu.php:170
2968
  msgid "Deletion of .htaccess directives failed."
2969
  msgstr ""
2970
 
2971
+ #: src/admin/wp-security-settings-menu.php:172
2972
  msgid "All settings have been successfully reset."
2973
  msgstr ""
2974
 
2975
+ #: src/admin/wp-security-settings-menu.php:190
2976
  msgid "For information, updates and documentation, please visit the"
2977
  msgstr ""
2978
 
2979
+ #: src/admin/wp-security-settings-menu.php:190
2980
  msgid "Page"
2981
  msgstr ""
2982
 
2983
+ #: src/admin/wp-security-settings-menu.php:194
2984
  msgid "WP Security plugin"
2985
  msgstr ""
2986
 
2987
+ #: src/admin/wp-security-settings-menu.php:198
2988
  msgid "Thank you for using the AIOS security plugin."
2989
  msgstr ""
2990
 
2991
+ #: src/admin/wp-security-settings-menu.php:202
2992
  msgid "There are a lot of security features in this plugin."
2993
  msgstr ""
2994
 
2995
+ #: src/admin/wp-security-settings-menu.php:207
2996
  msgid "To start, go through each security option and enable the \"basic\" options."
2997
  msgstr ""
2998
 
2999
+ #: src/admin/wp-security-settings-menu.php:211
3000
  msgid "The more features you enable, the more security points you will achieve."
3001
  msgstr ""
3002
 
3003
+ #: src/admin/wp-security-settings-menu.php:214
3004
  msgid "Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php."
3005
  msgstr ""
3006
 
3007
+ #: src/admin/wp-security-settings-menu.php:217
3008
  msgid "Backup your database"
3009
  msgstr ""
3010
 
3011
+ #: src/admin/wp-security-settings-menu.php:218, src/admin/wp-security-settings-menu.php:396
3012
  msgid "Backup .htaccess file"
3013
  msgstr ""
3014
 
3015
+ #: src/admin/wp-security-settings-menu.php:219, src/admin/wp-security-settings-menu.php:477
3016
  msgid "Backup wp-config.php file"
3017
  msgstr ""
3018
 
3019
+ #: src/admin/wp-security-settings-menu.php:226
3020
  msgid "Disable security features"
3021
  msgstr ""
3022
 
3023
+ #: src/admin/wp-security-settings-menu.php:232
3024
  msgid "If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin."
3025
  msgstr ""
3026
 
3027
+ #: src/admin/wp-security-settings-menu.php:236
3028
  msgid "Disable all security features"
3029
  msgstr ""
3030
 
3031
+ #: src/admin/wp-security-settings-menu.php:243, src/admin/wp-security-settings-menu.php:253
3032
  msgid "Disable all firewall rules"
3033
  msgstr ""
3034
 
3035
+ #: src/admin/wp-security-settings-menu.php:249
3036
  msgid "This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site."
3037
  msgstr ""
3038
 
3039
+ #: src/admin/wp-security-settings-menu.php:260, src/admin/wp-security-settings-menu.php:273
3040
  msgid "Reset settings"
3041
  msgstr ""
3042
 
3043
+ #: src/admin/wp-security-settings-menu.php:265
3044
  msgid "This button click will delete all of your settings related to the All In One WP Security & Firewall Plugin."
3045
  msgstr ""
3046
 
3047
+ #: src/admin/wp-security-settings-menu.php:266
3048
  msgid "This button click will reset/empty all the database tables of the security plugin also."
3049
  msgstr ""
3050
 
3051
+ #: src/admin/wp-security-settings-menu.php:267
3052
  msgid "Use this plugin if you were locked out by the All In One WP Security & Firewall Plugin and/or you are having issues logging in when that plugin is activated."
3053
  msgstr ""
3054
 
3055
+ #: src/admin/wp-security-settings-menu.php:268
3056
  msgid "In addition to the settings it will also delete any directives which were added to the .htaccess file by the All In One WP Security & Firewall Plugin."
3057
  msgstr ""
3058
 
3059
+ #: src/admin/wp-security-settings-menu.php:269
3060
  msgid "%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All In One WP Security & Firewall Plugin."
3061
  msgstr ""
3062
 
3063
+ #: src/admin/wp-security-settings-menu.php:281
3064
  msgid "Debug settings"
3065
  msgstr ""
3066
 
3067
+ #: src/admin/wp-security-settings-menu.php:287
3068
  msgid "This setting allows you to enable/disable debug for this plugin."
3069
  msgstr ""
3070
 
3071
+ #: src/admin/wp-security-settings-menu.php:293
3072
  msgid "Enable debug"
3073
  msgstr ""
3074
 
3075
+ #: src/admin/wp-security-settings-menu.php:296
3076
  msgid "Check this if you want to enable debug. You should keep this option disabled after you have finished debugging the issue."
3077
  msgstr ""
3078
 
3079
+ #: src/admin/wp-security-settings-menu.php:300
3080
  msgid "Save debug settings"
3081
  msgstr ""
3082
 
3083
+ #: src/admin/wp-security-settings-menu.php:332
3084
  msgid "Your .htaccess file was successfully backed up! Using an FTP program go to the \"/wp-content/aiowps_backups\" directory to save a copy of the file to your computer."
3085
  msgstr ""
3086
 
3087
+ #: src/admin/wp-security-settings-menu.php:336
3088
  msgid "htaccess file rename failed during backup. Please check your root directory for the backup file using FTP."
3089
  msgstr ""
3090
 
3091
+ #: src/admin/wp-security-settings-menu.php:340
3092
  msgid "htaccess backup failed."
3093
  msgstr ""
3094
 
3095
+ #: src/admin/wp-security-settings-menu.php:352
3096
+ msgid "Please choose a valid .htaccess to restore from."
3097
  msgstr ""
3098
 
3099
+ #: src/admin/wp-security-settings-menu.php:362
3100
  msgid "htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP."
3101
  msgstr ""
3102
 
3103
+ #: src/admin/wp-security-settings-menu.php:364
3104
+ msgid "Your .htaccess file has successfully been restored."
3105
  msgstr ""
3106
 
3107
+ #: src/admin/wp-security-settings-menu.php:368
3108
+ msgid "htaccess Restore operation failed. Please check the contents of the file you are trying to restore from."
3109
  msgstr ""
3110
 
3111
+ #: src/admin/wp-security-settings-menu.php:374
3112
  msgid ".htaccess file operations"
3113
  msgstr ""
3114
 
3115
+ #: src/admin/wp-security-settings-menu.php:377
3116
  msgid "Your \".htaccess\" file is a key component of your website's security and it can be modified to implement various levels of protection mechanisms."
3117
  msgstr ""
3118
 
3119
+ #: src/admin/wp-security-settings-menu.php:378
3120
  msgid "This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future."
3121
  msgstr ""
3122
 
3123
+ #: src/admin/wp-security-settings-menu.php:379
3124
  msgid "You can also restore your site's .htaccess settings using a backed up .htaccess file."
3125
  msgstr ""
3126
 
3127
+ #: src/admin/wp-security-settings-menu.php:391
3128
  msgid "Save the current .htaccess file"
3129
  msgstr ""
3130
 
3131
+ #: src/admin/wp-security-settings-menu.php:395
3132
  msgid "Click the button below to backup and save the currently active .htaccess file."
3133
  msgstr ""
3134
 
3135
+ #: src/admin/wp-security-settings-menu.php:400
3136
  msgid "Restore from a backed up .htaccess file"
3137
  msgstr ""
3138
 
3139
+ #: src/admin/wp-security-settings-menu.php:406
3140
  msgid ".htaccess file to restore from"
3141
  msgstr ""
3142
 
3143
+ #: src/admin/wp-security-settings-menu.php:408
3144
+ msgid "Restore your .htaccess File"
3145
  msgstr ""
3146
 
3147
+ #: src/admin/wp-security-settings-menu.php:432
 
 
 
 
 
 
 
 
3148
  msgid "Please choose a wp-config.php file to restore from."
3149
  msgstr ""
3150
 
3151
+ #: src/admin/wp-security-settings-menu.php:443
3152
  msgid "wp-config.php file restore failed. Please attempt to restore this file manually using FTP."
3153
  msgstr ""
3154
 
3155
+ #: src/admin/wp-security-settings-menu.php:445
3156
+ msgid "Your wp-config.php file has successfully been restored."
3157
  msgstr ""
3158
 
3159
+ #: src/admin/wp-security-settings-menu.php:449
3160
+ msgid "wp-config.php Restore operation failed. Please check the contents of the file you are trying to restore from."
3161
  msgstr ""
3162
 
3163
+ #: src/admin/wp-security-settings-menu.php:455
3164
  msgid "wp-config.php file operations"
3165
  msgstr ""
3166
 
3167
+ #: src/admin/wp-security-settings-menu.php:458
3168
  msgid "Your \"wp-config.php\" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components."
3169
  msgstr ""
3170
 
3171
+ #: src/admin/wp-security-settings-menu.php:459
3172
  msgid "This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future."
3173
  msgstr ""
3174
 
3175
+ #: src/admin/wp-security-settings-menu.php:460
3176
  msgid "You can also restore your site's wp-config.php settings using a backed up wp-config.php file."
3177
  msgstr ""
3178
 
3179
+ #: src/admin/wp-security-settings-menu.php:472
3180
  msgid "Save the current wp-config.php file"
3181
  msgstr ""
3182
 
3183
+ #: src/admin/wp-security-settings-menu.php:476
3184
  msgid "Click the button below to backup and download the contents of the currently active wp-config.php file."
3185
  msgstr ""
3186
 
3187
+ #: src/admin/wp-security-settings-menu.php:482
3188
  msgid "Restore from a backed up wp-config file"
3189
  msgstr ""
3190
 
3191
+ #: src/admin/wp-security-settings-menu.php:488
3192
  msgid "wp-config file to restore from"
3193
  msgstr ""
3194
 
3195
+ #: src/admin/wp-security-settings-menu.php:490
3196
+ msgid "Restore your wp-config file"
3197
  msgstr ""
3198
 
3199
+ #: src/admin/wp-security-settings-menu.php:500
 
 
 
 
 
 
 
 
3200
  msgid "View Contents of the currently active wp-config.php file"
3201
  msgstr ""
3202
 
3203
+ #: src/admin/wp-security-settings-menu.php:528
3204
  msgid "Manage delete plugin settings saved."
3205
  msgstr ""
3206
 
3207
+ #: src/admin/wp-security-settings-menu.php:533
3208
  msgid "Manage delete plugin tasks"
3209
  msgstr ""
3210
 
3211
+ #: src/admin/wp-security-settings-menu.php:540
3212
  msgid "Delete database tables"
3213
  msgstr ""
3214
 
3215
+ #: src/admin/wp-security-settings-menu.php:543
3216
  msgid "Check this if you want to remove database tables when the plugin is uninstalled."
3217
  msgstr ""
3218
 
3219
+ #: src/admin/wp-security-settings-menu.php:547
3220
  msgid "Delete settings"
3221
  msgstr ""
3222
 
3223
+ #: src/admin/wp-security-settings-menu.php:550
3224
  msgid "Check this if you want to remove all plugin settings when uninstalling the plugin."
3225
  msgstr ""
3226
 
3227
+ #: src/admin/wp-security-settings-menu.php:550
3228
  msgid "It will also remove all custom htaccess rules that were added by this plugin."
3229
  msgstr ""
3230
 
3231
+ #: src/admin/wp-security-settings-menu.php:582
3232
  msgid "WP generator meta tag and version info"
3233
  msgstr ""
3234
 
3235
+ #: src/admin/wp-security-settings-menu.php:585
3236
  msgid "WordPress generator automatically adds some meta information inside the \"head\" tags of every page on your site's front end. Below is an example of this:"
3237
  msgstr ""
3238
 
3239
+ #: src/admin/wp-security-settings-menu.php:587
3240
  msgid "The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit."
3241
  msgstr ""
3242
 
3243
+ #: src/admin/wp-security-settings-menu.php:588
3244
  msgid "There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:"
3245
  msgstr ""
3246
 
3247
+ #: src/admin/wp-security-settings-menu.php:590
3248
  msgid "This feature will allow you to remove the WP generator meta info and other version info from your site's pages."
3249
  msgstr ""
3250
 
3251
+ #: src/admin/wp-security-settings-menu.php:596
3252
  msgid "WP generator meta info"
3253
  msgstr ""
3254
 
3255
+ #: src/admin/wp-security-settings-menu.php:608
3256
  msgid "Remove WP generator meta info"
3257
  msgstr ""
3258
 
3259
+ #: src/admin/wp-security-settings-menu.php:611
3260
  msgid "Check this if you want to remove the version and meta info produced by WP from all pages"
3261
  msgstr ""
3262
 
3263
+ #: src/admin/wp-security-settings-menu.php:636
3264
  msgid "Please choose a file to import your settings from."
3265
  msgstr ""
3266
 
3267
+ #: src/admin/wp-security-settings-menu.php:653
3268
+ msgid "Import AIOS settings operation failed."
 
 
 
 
 
 
 
 
3269
  msgstr ""
3270
 
3271
+ #: src/admin/wp-security-settings-menu.php:661
3272
+ msgid "Your AIOS settings were successfully imported."
3273
  msgstr ""
3274
 
3275
+ #: src/admin/wp-security-settings-menu.php:673
 
 
 
 
 
 
 
 
 
 
 
 
3276
  msgid "The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from."
3277
  msgstr ""
3278
 
3279
+ #: src/admin/wp-security-settings-menu.php:679
3280
  msgid "Export or import your AIOS settings"
3281
  msgstr ""
3282
 
3283
+ #: src/admin/wp-security-settings-menu.php:682
3284
  msgid "This section allows you to export or import your All In One WP Security & Firewall settings."
3285
  msgstr ""
3286
 
3287
+ #: src/admin/wp-security-settings-menu.php:683
3288
  msgid "This can be handy if you wanted to save time by applying the settings from one site to another site."
3289
  msgstr ""
3290
 
3291
+ #: src/admin/wp-security-settings-menu.php:684
3292
  msgid "NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site."
3293
  msgstr ""
3294
 
3295
+ #: src/admin/wp-security-settings-menu.php:685
3296
  msgid "For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain."
3297
  msgstr ""
3298
 
3299
+ #: src/admin/wp-security-settings-menu.php:691, src/admin/wp-security-settings-menu.php:700
3300
  msgid "Export AIOS settings"
3301
  msgstr ""
3302
 
3303
+ #: src/admin/wp-security-settings-menu.php:697
3304
  msgid "To export your All In One WP Security & Firewall settings click the button below."
3305
  msgstr ""
3306
 
3307
+ #: src/admin/wp-security-settings-menu.php:704
3308
  msgid "Import AIOS settings"
3309
  msgstr ""
3310
 
3311
+ #: src/admin/wp-security-settings-menu.php:710
3312
+ msgid "Use this section to import your All In One WP Security & Firewall settings from a file."
3313
  msgstr ""
3314
 
3315
+ #: src/admin/wp-security-settings-menu.php:712
3316
+ msgid "Settings file to restore from"
3317
  msgstr ""
3318
 
3319
+ #: src/admin/wp-security-settings-menu.php:715
3320
  msgid "Select Your Import Settings File"
3321
  msgstr ""
3322
 
3323
+ #: src/admin/wp-security-settings-menu.php:763
 
 
 
 
 
 
 
 
3324
  msgid "Default - if correct, then this is the best option"
3325
  msgstr ""
3326
 
3327
+ #: src/admin/wp-security-settings-menu.php:764
3328
  msgid "Only use if you're using Cloudflare."
3329
  msgstr ""
3330
 
3331
+ #: src/admin/wp-security-settings-menu.php:772
3332
  msgid "(current value: %s)"
3333
  msgstr ""
3334
 
3335
+ #: src/admin/wp-security-settings-menu.php:775
3336
  msgid "no value (i.e. empty) on your server"
3337
  msgstr ""
3338
 
4400
  msgid "Enable rename login page"
4401
  msgstr ""
4402
 
4403
+ #: src/classes/grade-system/wp-security-feature-item-manager.php:105
4404
+ msgid "Login CAPTCHA"
4405
+ msgstr ""
4406
+
4407
  #: src/classes/grade-system/wp-security-feature-item-manager.php:106
4408
  msgid "Lost password CAPTCHA"
4409
  msgstr ""
4464
  msgid "Advanced"
4465
  msgstr ""
4466
 
4467
+ #: src/classes/wp-security-captcha.php:81, src/classes/wp-security-general-init-tasks.php:389
4468
  msgid "Please enter an answer in digits:"
4469
  msgstr ""
4470
 
4471
+ #: src/classes/wp-security-captcha.php:161
4472
  msgid "one"
4473
  msgstr ""
4474
 
4475
+ #: src/classes/wp-security-captcha.php:162
4476
  msgid "two"
4477
  msgstr ""
4478
 
4479
+ #: src/classes/wp-security-captcha.php:163
4480
  msgid "three"
4481
  msgstr ""
4482
 
4483
+ #: src/classes/wp-security-captcha.php:164
4484
  msgid "four"
4485
  msgstr ""
4486
 
4487
+ #: src/classes/wp-security-captcha.php:165
4488
  msgid "five"
4489
  msgstr ""
4490
 
4491
+ #: src/classes/wp-security-captcha.php:166
4492
  msgid "six"
4493
  msgstr ""
4494
 
4495
+ #: src/classes/wp-security-captcha.php:167
4496
  msgid "seven"
4497
  msgstr ""
4498
 
4499
+ #: src/classes/wp-security-captcha.php:168
4500
  msgid "eight"
4501
  msgstr ""
4502
 
4503
+ #: src/classes/wp-security-captcha.php:169
4504
  msgid "nine"
4505
  msgstr ""
4506
 
4507
+ #: src/classes/wp-security-captcha.php:170
4508
  msgid "ten"
4509
  msgstr ""
4510
 
4511
+ #: src/classes/wp-security-captcha.php:171
4512
  msgid "eleven"
4513
  msgstr ""
4514
 
4515
+ #: src/classes/wp-security-captcha.php:172
4516
  msgid "twelve"
4517
  msgstr ""
4518
 
4519
+ #: src/classes/wp-security-captcha.php:173
4520
  msgid "thirteen"
4521
  msgstr ""
4522
 
4523
+ #: src/classes/wp-security-captcha.php:174
4524
  msgid "fourteen"
4525
  msgstr ""
4526
 
4527
+ #: src/classes/wp-security-captcha.php:175
4528
  msgid "fifteen"
4529
  msgstr ""
4530
 
4531
+ #: src/classes/wp-security-captcha.php:176
4532
  msgid "sixteen"
4533
  msgstr ""
4534
 
4535
+ #: src/classes/wp-security-captcha.php:177
4536
  msgid "seventeen"
4537
  msgstr ""
4538
 
4539
+ #: src/classes/wp-security-captcha.php:178
4540
  msgid "eighteen"
4541
  msgstr ""
4542
 
4543
+ #: src/classes/wp-security-captcha.php:179
4544
  msgid "nineteen"
4545
  msgstr ""
4546
 
4547
+ #: src/classes/wp-security-captcha.php:180
4548
  msgid "twenty"
4549
  msgstr ""
4550
 
5588
  msgid "You are using the non-apache server %s, so this feature won't work on your site."
5589
  msgstr ""
5590
 
5591
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:11
5592
+ msgid "CAPTCHA will not work because you have disabled login lockout by activating the AIOS_DISABLE_LOGIN_LOCKOUT constant value in a configuration file."
5593
+ msgstr ""
5594
+
5595
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:12
5596
+ msgid "To enable it, define AIOS_DISABLE_LOGIN_LOCKOUT constant value as false, or remove it."
5597
+ msgstr ""
5598
+
5599
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:19
5600
+ msgid "This feature allows you to add a CAPTCHA form on various WordPress login pages and forms."
5601
+ msgstr ""
5602
+
5603
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:19
5604
+ msgid "Adding a CAPTCHA form on a login page or form is another effective yet simple \"Brute Force\" prevention technique."
5605
+ msgstr ""
5606
+
5607
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:20
5608
+ msgid "You have the option of using either %s or a plain maths CAPTCHA form."
5609
+ msgstr ""
5610
+
5611
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:24
5612
+ msgid "Default CAPTCHA"
5613
+ msgstr ""
5614
+
5615
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:43
5616
+ msgid "Site key"
5617
+ msgstr ""
5618
+
5619
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:49
5620
+ msgid "Secret key"
5621
+ msgstr ""
5622
+
5623
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:60
5624
+ msgid "Login form CAPTCHA settings"
5625
+ msgstr ""
5626
+
5627
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:69
5628
+ msgid "Enable CAPTCHA on login page"
5629
+ msgstr ""
5630
+
5631
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:72
5632
+ msgid "Check this if you want to insert a CAPTCHA form on the login page."
5633
+ msgstr ""
5634
+
5635
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:79
5636
+ msgid "Lost password form CAPTCHA settings"
5637
+ msgstr ""
5638
+
5639
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:89
5640
+ msgid "Enable CAPTCHA on lost password page"
5641
+ msgstr ""
5642
+
5643
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:92
5644
+ msgid "Check this if you want to insert a CAPTCHA form on the lost password page."
5645
+ msgstr ""
5646
+
5647
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:99
5648
+ msgid "Custom login form CAPTCHA settings"
5649
+ msgstr ""
5650
+
5651
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:108
5652
+ msgid "Enable CAPTCHA on custom login form"
5653
+ msgstr ""
5654
+
5655
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:111
5656
+ msgid "Check this if you want to insert CAPTCHA on a custom login form generated by the following WP function: wp_login_form()"
5657
+ msgstr ""
5658
+
5659
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:122
5660
+ msgid "WooCommerce forms CAPTCHA settings"
5661
+ msgstr ""
5662
+
5663
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:131
5664
+ msgid "Enable CAPTCHA on WooCommerce login form"
5665
+ msgstr ""
5666
+
5667
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:134
5668
+ msgid "Check this if you want to insert CAPTCHA on a WooCommerce login form."
5669
+ msgstr ""
5670
+
5671
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:144
5672
+ msgid "Enable CAPTCHA on WooCommerce lost password form"
5673
+ msgstr ""
5674
+
5675
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:147
5676
+ msgid "Check this if you want to insert CAPTCHA on a WooCommerce lost password form."
5677
+ msgstr ""
5678
+
5679
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:157
5680
+ msgid "Enable CAPTCHA on WooCommerce registration form"
5681
+ msgstr ""
5682
+
5683
+ #: src/templates/wp-admin/brute-force/captcha-settings.php:160
5684
+ msgid "Check this if you want to insert CAPTCHA on a WooCommerce registration form."
5685
+ msgstr ""
5686
+
5687
  #: src/wp-security-core.php:254, src/wp-security.php:45
5688
  msgid "This plugin requires PHP version %s."
5689
  msgstr ""
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: security, malware scanning, two factor authentication, firewall, antivirus
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.1
8
- Stable tag: 5.1.2
9
  License: GPLv3 or later
10
 
11
  Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress. Featuring login security tools, a cutting-edge firewall and much more.
@@ -165,6 +165,13 @@ Go to the settings menu after you activate the plugin and follow the instruction
165
 
166
  == Changelog ==
167
 
 
 
 
 
 
 
 
168
  = 5.1.2 - 07/December/2022 =
169
 
170
  * FEATURE: User Agent - Blacklist manager functionality should be based on PHP instead .htaccess rules.
@@ -1111,4 +1118,4 @@ those who want to enable the basic firewall but do not have "AllowOverride" opti
1111
  - First commit to the WP repository.
1112
 
1113
  == Upgrade Notice ==
1114
- * 5.1.2: Various tweaks, fixes and minor improvements; full details are in the changelog. All users are recommended to update.
5
  Requires PHP: 5.6
6
  Requires at least: 5.0
7
  Tested up to: 6.1
8
+ Stable tag: 5.1.3
9
  License: GPLv3 or later
10
 
11
  Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress. Featuring login security tools, a cutting-edge firewall and much more.
165
 
166
  == Changelog ==
167
 
168
+ = 5.1.3 - 09/December/2022 =
169
+
170
+ * SECURITY: No longer save settings import files in a publicly accessible folder where they can be potentially indexed by search engines if the administrator does not actually import the settings (which deletes the import file)
171
+ * TWEAK: Improve the UX for uploading import files
172
+ * TWEAK: Add a default CAPTCHA option making way for new CAPTCHAs in the future
173
+
174
+
175
  = 5.1.2 - 07/December/2022 =
176
 
177
  * FEATURE: User Agent - Blacklist manager functionality should be based on PHP instead .htaccess rules.
1118
  - First commit to the WP repository.
1119
 
1120
  == Upgrade Notice ==
1121
+ * 5.1.3: SECURITY: No longer save settings import files in a publicly accessible folder where they can be potentially indexed by search engines if the administrator does not actually import the settings (which deletes the import file) and some small tweaks; full details are in the changelog. All users are recommended to update.
templates/wp-admin/brute-force/captcha-settings.php ADDED
@@ -0,0 +1,170 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('ABSPATH')) die('No direct access.'); ?>
2
+ <form action="" method="POST">
3
+ <?php wp_nonce_field('aiowpsec-captcha-settings-nonce'); ?>
4
+ <div class="postbox">
5
+ <h3 class="hndle"><label for="title"><?php _e('CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
6
+ <div class="inside">
7
+ <?php if ($aio_wp_security->is_login_lockdown_by_const()) { ?>
8
+ <div class="aio_red_box">
9
+ <p>
10
+ <?php
11
+ echo __('CAPTCHA will not work because you have disabled login lockout by activating the AIOS_DISABLE_LOGIN_LOCKOUT constant value in a configuration file.', 'all-in-one-wp-security-and-firewall').'
12
+ <br>'.__('To enable it, define AIOS_DISABLE_LOGIN_LOCKOUT constant value as false, or remove it.', 'all-in-one-wp-security-and-firewall');
13
+ ?>
14
+ </p>
15
+ </div>
16
+ <?php } ?>
17
+ <?php
18
+ $recaptcha_link = '<a href="https://www.google.com/recaptcha" target="_blank">Google reCAPTCHA v2</a>';
19
+ echo sprintf('<p>' . __('This feature allows you to add a CAPTCHA form on various WordPress login pages and forms.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Adding a CAPTCHA form on a login page or form is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall') .
20
+ '<br>' . __('You have the option of using either %s or a plain maths CAPTCHA form.', 'all-in-one-wp-security-and-firewall') . '</p>', $recaptcha_link);
21
+ ?>
22
+ <table class="form-table">
23
+ <tr valign="top">
24
+ <th scope="row"><?php _e('Default CAPTCHA', 'all-in-one-wp-security-and-firewall'); ?>:</th>
25
+ <td>
26
+ <select name="aiowps_default_captcha" id="aiowps_default_captcha">
27
+ <?php
28
+ $output = '';
29
+ foreach ($supported_captchas as $key => $value) {
30
+ $output .= "<option value=\"".esc_attr($key)."\" ";
31
+ if ($key == $default_captcha) $output .= 'selected="selected"';
32
+ $output .= ">".htmlspecialchars($value) ."</option>\n";
33
+ }
34
+ echo $output;
35
+ ?>
36
+ </select>
37
+ </td>
38
+ </tr>
39
+ </table>
40
+ <div id="aios-google-recaptcha-v2" class="aio_grey_box captcha_settings <?php if ('google-recaptcha-v2' !== $default_captcha) echo 'aio_hidden'; ?>">
41
+ <table class="form-table">
42
+ <tr valign="top">
43
+ <th scope="row"><label for="aiowps_recaptcha_site_key"><?php _e('Site key', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
44
+ <td><input id="aiowps_recaptcha_site_key" type="text" size="50" name="aiowps_recaptcha_site_key" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_recaptcha_site_key')); ?>" />
45
+ </td>
46
+ </tr>
47
+ <tr valign="top">
48
+ <th scope="row">
49
+ <label for="aiowps_recaptcha_secret_key"><?php _e('Secret key', 'all-in-one-wp-security-and-firewall'); ?>:</label>
50
+ </th>
51
+ <td>
52
+ <input id="aiowps_recaptcha_secret_key" type="text" size="50" name="aiowps_recaptcha_secret_key" value="<?php echo esc_html($secret_key_masked); ?>">
53
+ </td>
54
+ </tr>
55
+ </table>
56
+ </div>
57
+ </div>
58
+ </div>
59
+ <div class="postbox">
60
+ <h3 class="hndle"><label for="title"><?php _e('Login form CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
61
+ <div class="inside">
62
+ <?php
63
+ //Display security info badge
64
+ global $aiowps_feature_mgr;
65
+ $aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
66
+ ?>
67
+ <table class="form-table">
68
+ <tr valign="top">
69
+ <th scope="row"><?php _e('Enable CAPTCHA on login page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
70
+ <td>
71
+ <input id="aiowps_enable_login_captcha" name="aiowps_enable_login_captcha" type="checkbox"<?php if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_login_captcha')) echo ' checked="checked"'; ?> value="1"/>
72
+ <label for="aiowps_enable_login_captcha" class="description"><?php _e('Check this if you want to insert a CAPTCHA form on the login page.', 'all-in-one-wp-security-and-firewall'); ?></label>
73
+ </td>
74
+ </tr>
75
+ </table>
76
+ </div>
77
+ </div>
78
+ <div class="postbox">
79
+ <h3 class="hndle"><label for="title"><?php _e('Lost password form CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
80
+ <div class="inside">
81
+ <?php
82
+ //Display security info badge
83
+ global $aiowps_feature_mgr;
84
+ $aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
85
+ ?>
86
+
87
+ <table class="form-table">
88
+ <tr valign="top">
89
+ <th scope="row"><?php _e('Enable CAPTCHA on lost password page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
90
+ <td>
91
+ <input id="aiowps_enable_lost_password_captcha" name="aiowps_enable_lost_password_captcha" type="checkbox"<?php if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')) echo ' checked="checked"'; ?> value="1"/>
92
+ <label for="aiowps_enable_lost_password_captcha" class="description"><?php _e('Check this if you want to insert a CAPTCHA form on the lost password page.', 'all-in-one-wp-security-and-firewall'); ?></label>
93
+ </td>
94
+ </tr>
95
+ </table>
96
+ </div>
97
+ </div>
98
+ <div class="postbox">
99
+ <h3 class="hndle"><label for="title"><?php _e('Custom login form CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
100
+ <div class="inside">
101
+ <?php
102
+ //Display security info badge
103
+ global $aiowps_feature_mgr;
104
+ $aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
105
+ ?>
106
+ <table class="form-table">
107
+ <tr valign="top">
108
+ <th scope="row"><?php _e('Enable CAPTCHA on custom login form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
109
+ <td>
110
+ <input id="aiowps_enable_custom_login_captcha" name="aiowps_enable_custom_login_captcha" type="checkbox"<?php if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha')) echo ' checked="checked"'; ?> value="1"/>
111
+ <label for="aiowps_enable_custom_login_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a custom login form generated by the following WP function: wp_login_form()', 'all-in-one-wp-security-and-firewall'); ?></label>
112
+ </td>
113
+ </tr>
114
+ </table>
115
+ </div>
116
+ </div>
117
+ <?php
118
+ // Only display WooCommerce CAPTCHA settings if woo is active
119
+ if (AIOWPSecurity_Utility::is_woocommerce_plugin_active()) {
120
+ ?>
121
+ <div class="postbox">
122
+ <h3 class="hndle"><label for="title"><?php _e('WooCommerce forms CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
123
+ <div class="inside">
124
+ <?php
125
+ //Display security info badge
126
+ global $aiowps_feature_mgr;
127
+ $aiowps_feature_mgr->output_feature_details_badge("woo-login-captcha");
128
+ ?>
129
+ <table class="form-table">
130
+ <tr valign="top">
131
+ <th scope="row"><?php _e('Enable CAPTCHA on WooCommerce login form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
132
+ <td>
133
+ <input id="aiowps_enable_woo_login_captcha" name="aiowps_enable_woo_login_captcha" type="checkbox"<?php if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha')) echo ' checked="checked"'; ?> value="1"/>
134
+ <label for="aiowps_enable_woo_login_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a WooCommerce login form.', 'all-in-one-wp-security-and-firewall'); ?></label>
135
+ </td>
136
+ </tr>
137
+ </table>
138
+ <hr>
139
+ <?php
140
+ $aiowps_feature_mgr->output_feature_details_badge("woo-lostpassword-captcha");
141
+ ?>
142
+ <table class="form-table">
143
+ <tr valign="top">
144
+ <th scope="row"><?php _e('Enable CAPTCHA on WooCommerce lost password form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
145
+ <td>
146
+ <input id="aiowps_enable_woo_lostpassword_captcha" name="aiowps_enable_woo_lostpassword_captcha" type="checkbox"<?php if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha')) echo ' checked="checked"'; ?> value="1"/>
147
+ <label for="aiowps_enable_woo_lostpassword_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a WooCommerce lost password form.', 'all-in-one-wp-security-and-firewall'); ?></label>
148
+ </td>
149
+ </tr>
150
+ </table>
151
+ <hr>
152
+ <?php
153
+ $aiowps_feature_mgr->output_feature_details_badge("woo-register-captcha");
154
+ ?>
155
+ <table class="form-table">
156
+ <tr valign="top">
157
+ <th scope="row"><?php _e('Enable CAPTCHA on WooCommerce registration form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
158
+ <td>
159
+ <input id="aiowps_enable_woo_register_captcha" name="aiowps_enable_woo_register_captcha" type="checkbox"<?php if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha')) echo ' checked="checked"'; ?> value="1"/>
160
+ <label for="aiowps_enable_woo_register_captcha" class="description"><?php _e('Check this if you want to insert CAPTCHA on a WooCommerce registration form.', 'all-in-one-wp-security-and-firewall'); ?></label>
161
+ </td>
162
+ </tr>
163
+ </table>
164
+ </div>
165
+ </div>
166
+ <?php
167
+ }
168
+ ?>
169
+ <?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_captcha_settings');?>
170
+ </form>
vendor/composer/installed.php CHANGED
@@ -5,7 +5,7 @@
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
- 'reference' => '5ac25fa91ce15d20d33f76d8185c5dd7ecb0796e',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
@@ -34,7 +34,7 @@
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
- 'reference' => '5ac25fa91ce15d20d33f76d8185c5dd7ecb0796e',
38
  'dev_requirement' => false,
39
  ),
40
  ),
5
  'type' => 'project',
6
  'install_path' => __DIR__ . '/../../',
7
  'aliases' => array(),
8
+ 'reference' => '4e41599e25e31329cfdd37eb0383778aae1f80b5',
9
  'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10
  'dev' => false,
11
  ),
34
  'type' => 'project',
35
  'install_path' => __DIR__ . '/../../',
36
  'aliases' => array(),
37
+ 'reference' => '4e41599e25e31329cfdd37eb0383778aae1f80b5',
38
  'dev_requirement' => false,
39
  ),
40
  ),
wp-security-core.php CHANGED
@@ -8,7 +8,7 @@ if (!class_exists('AIO_WP_Security')) {
8
 
9
  class AIO_WP_Security {
10
 
11
- public $version = '5.1.2';
12
 
13
  public $db_version = '1.9.6';
14
 
@@ -560,7 +560,7 @@ if (!class_exists('AIO_WP_Security')) {
560
  */
561
  public function aiowps_login_enqueue() {
562
  global $aio_wp_security;
563
- if (!$aio_wp_security->is_login_lockdown_by_const() && $aio_wp_security->configs->get_value('aiowps_default_recaptcha')) {
564
  if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1' || $aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
565
  wp_enqueue_script('google-recaptcha', 'https://www.google.com/recaptcha/api.js?hl=' . AIOWPSecurity_Captcha::get_google_recaptcha_compatible_site_locale(), array(), AIO_WP_SECURITY_VERSION);
566
  // Below is needed to provide some space for the Google reCAPTCHA form (otherwise it appears partially hidden on RHS)
8
 
9
  class AIO_WP_Security {
10
 
11
+ public $version = '5.1.3';
12
 
13
  public $db_version = '1.9.6';
14
 
560
  */
561
  public function aiowps_login_enqueue() {
562
  global $aio_wp_security;
563
+ if (!$aio_wp_security->is_login_lockdown_by_const() && 'google-recaptcha-v2' == $aio_wp_security->configs->get_value('aiowps_default_captcha')) {
564
  if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1' || $aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
565
  wp_enqueue_script('google-recaptcha', 'https://www.google.com/recaptcha/api.js?hl=' . AIOWPSecurity_Captcha::get_google_recaptcha_compatible_site_locale(), array(), AIO_WP_SECURITY_VERSION);
566
  // Below is needed to provide some space for the Google reCAPTCHA form (otherwise it appears partially hidden on RHS)
wp-security.php CHANGED
@@ -2,7 +2,7 @@
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
- Version: 5.1.2
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team
2
  // @codingStandardsIgnoreStart
3
  /*
4
  Plugin Name: All In One WP Security
5
+ Version: 5.1.3
6
  Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7
  Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8
  Author: All In One WP Security & Firewall Team