iThemes Security (formerly Better WP Security) - Version 5.1.1

Version Description

  • Enhancement: Removed Yandex and Sogou from the HackRepair blacklist as they are legitimate search engine bots.
  • Enhancement: Added detailed information about Sucuri malware scan errors to Malware Scan log details.
  • Bug Fix: No longer enables display of database errors when an event is logged.
Download this release

Release Info

Developer chrisjean
Plugin Icon 128x128 iThemes Security (formerly Better WP Security)
Version 5.1.1
Comparing to
See all releases

Code changes from version 5.0.1 to 5.1.1

Files changed (19) hide show
  1. better-wp-security.php +20 -16
  2. core/class-itsec-core.php +0 -24
  3. core/class-itsec-lib.php +20 -32
  4. core/class-itsec-logger.php +6 -2
  5. core/history.txt +12 -0
  6. core/modules/ban-users/class-itsec-ban-users-admin.php +40 -60
  7. core/modules/ban-users/lists/hackrepair-apache.inc +0 -2
  8. core/modules/ban-users/lists/hackrepair-litespeed.inc +0 -2
  9. core/modules/ban-users/lists/hackrepair-nginx.inc +0 -2
  10. core/modules/malware/class-itsec-malware-admin.php +1 -1
  11. core/modules/malware/class-itsec-malware-log.php +1 -1
  12. core/modules/malware/class-itsec-malware-scan-results-template.php +12 -3
  13. core/modules/malware/class-itsec-malware-scanner.php +19 -7
  14. core/modules/tweaks/class-itsec-tweaks-admin.php +72 -13
  15. core/modules/tweaks/class-itsec-tweaks.php +32 -0
  16. core/modules/tweaks/setup.php +1 -0
  17. history.txt +12 -0
  18. lang/better-wp-security.pot +270 -199
  19. readme.txt +17 -3
better-wp-security.php CHANGED
@@ -1,24 +1,28 @@
1
  <?php
 
2
  /*
3
- Plugin Name: iThemes Security
4
- Plugin URI: https://ithemes.com/security
5
- Description: Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts, detecting attack attempts and more.
6
- Version: 5.0.1
7
- Text Domain: better-wp-security
8
- Domain Path: /lang
9
- Author: iThemes.com
10
- Author URI: https://ithemes.com
11
- Network: True
12
- License: GPLv2
13
- Copyright 2015 iThemes (email : info@ithemes.com)
14
- */
15
 
16
- if ( is_admin() ) {
17
 
18
- require( dirname( __FILE__ ) . '/lib/icon-fonts/load.php' ); //Loads iThemes fonts
19
- require( dirname( __FILE__ ) . '/lib/one-version/index.php' ); //Only have one version of the plugin
20
 
 
 
 
 
 
 
 
21
  }
22
 
23
- require_once( dirname( __FILE__ ) . '/core/class-itsec-core.php' );
24
  new ITSEC_Core( __FILE__, __( 'iThemes Security', 'better-wp-security' ) );
1
  <?php
2
+
3
  /*
4
+ * Plugin Name: iThemes Security
5
+ * Plugin URI: https://ithemes.com/security
6
+ * Description: Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts, detecting attack attempts and more.
7
+ * Author: iThemes
8
+ * Author URI: https://ithemes.com
9
+ * Version: 5.1.1
10
+ * Text Domain: better-wp-security
11
+ * Network: True
12
+ * License: GPLv2
13
+ */
 
 
14
 
 
15
 
16
+ $itsec_dir = dirname( __FILE__ );
 
17
 
18
+ $locale = apply_filters( 'plugin_locale', get_locale(), 'better-wp-security' );
19
+ load_textdomain( 'better-wp-security', WP_LANG_DIR . "/plugins/better-wp-security/better-wp-security-$locale.mo" );
20
+ load_plugin_textdomain( 'better-wp-security' );
21
+
22
+ if ( is_admin() ) {
23
+ require( "$itsec_dir/lib/icon-fonts/load.php" );
24
+ require( "$itsec_dir/lib/one-version/index.php" );
25
  }
26
 
27
+ require( "$itsec_dir/core/class-itsec-core.php" );
28
  new ITSEC_Core( __FILE__, __( 'iThemes Security', 'better-wp-security' ) );
core/class-itsec-core.php CHANGED
@@ -410,8 +410,6 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
410
 
411
  }
412
 
413
- $this->load_textdomain();
414
-
415
  //builds admin menus after modules are loaded
416
  if ( is_admin() ) {
417
 
@@ -513,28 +511,6 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
513
  add_action( 'itsec_rewrite_metabox', array( $itsec_files, 'rewrite_metabox_contents' ) );
514
  }
515
 
516
- /**
517
- * Load the text translations.
518
- *
519
- * The translations are loaded from WP_LANG_DIR/plugins/
520
- */
521
- private function load_textdomain() {
522
- $plugin_dir = dirname( dirname( __FILE__ ) );
523
-
524
- if ( is_dir( "$plugin_dir/pro" ) ) {
525
- $plugin_name = 'ithemes-security-pro';
526
- $domain = 'it-l10n-ithemes-security-pro';
527
- } else {
528
- $plugin_name = 'better-wp-security';
529
- $domain = 'better-wp-security';
530
- }
531
-
532
- $locale = apply_filters( 'plugin_locale', get_locale(), 'better-wp-security' );
533
-
534
- load_textdomain( 'better-wp-security', WP_LANG_DIR . "/plugins/$plugin_name/$domain-$locale.mo" );
535
- load_plugin_textdomain( 'better-wp-security', false, basename( $plugin_dir ) . '/lang/' );
536
- }
537
-
538
  /**
539
  * Add action link to plugin page.
540
  *
410
 
411
  }
412
 
 
 
413
  //builds admin menus after modules are loaded
414
  if ( is_admin() ) {
415
 
511
  add_action( 'itsec_rewrite_metabox', array( $itsec_files, 'rewrite_metabox_contents' ) );
512
  }
513
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
514
  /**
515
  * Add action link to plugin page.
516
  *
core/class-itsec-lib.php CHANGED
@@ -361,53 +361,39 @@ final class ITSEC_Lib {
361
  * @return String The IP address of the user
362
  */
363
  public static function get_ip() {
364
-
365
  global $itsec_globals;
366
 
367
  if ( isset( $itsec_globals['settings']['proxy_override'] ) && true === $itsec_globals['settings']['proxy_override'] ) {
368
  return esc_sql( $_SERVER['REMOTE_ADDR'] );
369
  }
370
 
371
- //Just get the headers if we can or else use the SERVER global
372
- if ( function_exists( 'apache_request_headers' ) ) {
373
-
374
- $headers = apache_request_headers();
 
375
 
376
- } else {
377
 
378
- $headers = $_SERVER;
379
 
 
 
380
  }
381
 
382
- //Get the forwarded IP if it exists
383
- if ( array_key_exists( 'X-Forwarded-For', $headers ) &&
384
- (
385
- filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ||
386
- filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) )
387
- ) {
388
-
389
- $the_ip = $headers['X-Forwarded-For'];
390
-
391
- } elseif (
392
- array_key_exists( 'HTTP_X_FORWARDED_FOR', $headers ) &&
393
- (
394
- filter_var( $headers['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ||
395
- filter_var( $headers['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 )
396
- )
397
- ) {
398
-
399
- $the_ip = $headers['HTTP_X_FORWARDED_FOR'];
400
-
401
- } else if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
402
 
403
- $the_ip = $_SERVER['REMOTE_ADDR'];
404
 
405
- } else {
406
- $the_ip = '';
 
407
  }
408
 
409
- return esc_sql( $the_ip );
410
-
411
  }
412
 
413
  /**
@@ -493,10 +479,12 @@ final class ITSEC_Lib {
493
  */
494
  public static function get_server() {
495
 
 
496
  //Allows to override server authentication for testing or other reasons.
497
  if ( defined( 'ITSEC_SERVER_OVERRIDE' ) ) {
498
  return ITSEC_SERVER_OVERRIDE;
499
  }
 
500
 
501
  $server_raw = strtolower( filter_var( $_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING ) );
502
 
361
  * @return String The IP address of the user
362
  */
363
  public static function get_ip() {
 
364
  global $itsec_globals;
365
 
366
  if ( isset( $itsec_globals['settings']['proxy_override'] ) && true === $itsec_globals['settings']['proxy_override'] ) {
367
  return esc_sql( $_SERVER['REMOTE_ADDR'] );
368
  }
369
 
370
+ $headers = array(
371
+ 'HTTP_CF_CONNECTING_IP', // CloudFlare
372
+ 'HTTP_X_FORWARDED_FOR', // Squid and most other forward and reverse proxies
373
+ 'REMOTE_ADDR', // Default source of remote IP
374
+ );
375
 
376
+ $headers = apply_filters( 'itsec_filter_remote_addr_headers', $headers );
377
 
378
+ $headers = (array) $headers;
379
 
380
+ if ( ! in_array( 'REMOTE_ADDR', $headers ) ) {
381
+ $headers[] = 'REMOTE_ADDR';
382
  }
383
 
384
+ foreach ( $headers as $header ) {
385
+ if ( empty( $_SERVER[$header] ) ) {
386
+ continue;
387
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
388
 
389
+ $ip = filter_var( $_SERVER[$header], FILTER_VALIDATE_IP );
390
 
391
+ if ( ! empty( $ip ) ) {
392
+ break;
393
+ }
394
  }
395
 
396
+ return esc_sql( (string) $ip );
 
397
  }
398
 
399
  /**
479
  */
480
  public static function get_server() {
481
 
482
+ // @codeCoverageIgnoreStart
483
  //Allows to override server authentication for testing or other reasons.
484
  if ( defined( 'ITSEC_SERVER_OVERRIDE' ) ) {
485
  return ITSEC_SERVER_OVERRIDE;
486
  }
487
+ // @codeCoverageIgnoreEnd
488
 
489
  $server_raw = strtolower( filter_var( $_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING ) );
490
 
core/class-itsec-logger.php CHANGED
@@ -325,16 +325,20 @@ final class ITSEC_Logger {
325
 
326
  $query_format = "INSERT INTO `{$wpdb->base_prefix}itsec_log` ($columns) VALUES ($placeholders)";
327
 
328
- $wpdb->hide_errors(); //Don't show error if table isn't present. Instead we'll just try to reconstruct the tables.
329
  $result = $wpdb->query( $wpdb->prepare( $query_format, $values ) );
330
- $wpdb->show_errors();
331
 
332
  if ( ! $result ) {
 
 
333
  ITSEC_Lib::create_database_tables();
334
 
335
  // Attempt the query again. Since errors will now be shown, a remaining issue will be display an error.
336
  $result = $wpdb->query( $wpdb->prepare( $query_format, $values ) );
337
  }
 
 
 
338
  }
339
 
340
  if ( isset( $itsec_globals['settings']['log_type'] ) && ( $itsec_globals['settings']['log_type'] === 1 || $itsec_globals['settings']['log_type'] == 2 ) ) {
325
 
326
  $query_format = "INSERT INTO `{$wpdb->base_prefix}itsec_log` ($columns) VALUES ($placeholders)";
327
 
328
+ $cached_show_errors_setting = $wpdb->hide_errors();
329
  $result = $wpdb->query( $wpdb->prepare( $query_format, $values ) );
 
330
 
331
  if ( ! $result ) {
332
+ $wpdb->show_errors();
333
+
334
  ITSEC_Lib::create_database_tables();
335
 
336
  // Attempt the query again. Since errors will now be shown, a remaining issue will be display an error.
337
  $result = $wpdb->query( $wpdb->prepare( $query_format, $values ) );
338
  }
339
+
340
+ // Set $wpdb->show_errors back to its original setting.
341
+ $wpdb->show_errors( $cached_show_errors_setting );
342
  }
343
 
344
  if ( isset( $itsec_globals['settings']['log_type'] ) && ( $itsec_globals['settings']['log_type'] === 1 || $itsec_globals['settings']['log_type'] == 2 ) ) {
core/history.txt CHANGED
@@ -283,3 +283,15 @@
283
  Enhancement: Updated better-wp-security's translation domain from it-l10n-better-wp-security to better-wp-security.
284
  1.17.3 - 2015-09-15 - Chris Jean
285
  Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass "SSL peer certificate or SSH remote key was not OK" errors on servers with bad SSL configurations.
 
 
 
 
 
 
 
 
 
 
 
 
283
  Enhancement: Updated better-wp-security's translation domain from it-l10n-better-wp-security to better-wp-security.
284
  1.17.3 - 2015-09-15 - Chris Jean
285
  Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass "SSL peer certificate or SSH remote key was not OK" errors on servers with bad SSL configurations.
286
+ 1.17.4 - 2015-09-21 - Chris Jean
287
+ Compatibility Fix: Updated code triggered by the ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY define. This avoids plugin compatibility issues that prevent disabling the SSL peer verification.
288
+ 2.0.0 - 2015-10-14 - Chris Jean
289
+ New Feature: Added "Multiple Authentication Attempts per XML-RPC Request" setting to the WordPress Tweaks section. When this setting is set to "Block", iThemes Security will block brute force login attacks against XML-RPC as described by Sucuri in this blog post: https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
290
+ Enhancement: Updated text describing the XML-RPC setting in the WordPress Tweaks section to better explain what the setting is for and which setting is recommended.
291
+ Enhancement: Improved IP detection when proxy detection is active by processing the header set by CloudFlare.
292
+ Enhancement: Added a filter named itsec_filter_remote_addr_headers which can be used to change which headers are searched for the client IP. This allows for tailoring the IP detection for specific reverse proxies and load balancers.
293
+ Bug Fix: Updated the Banned Users settings to no longer add a newline to the Ban Hosts input each time the settings page is saved.
294
+ 2.0.1 - 2015-11-10 - Chris Jean
295
+ Enhancement: Removed Yandex and Sogou from the HackRepair blacklist as they are legitimate search engine bots.
296
+ Enhancement: Added detailed information about Sucuri malware scan errors to Malware Scan log details.
297
+ Bug Fix: No longer enables display of database errors when an event is logged.
core/modules/ban-users/class-itsec-ban-users-admin.php CHANGED
@@ -563,91 +563,76 @@ class ITSEC_Ban_Users_Admin {
563
 
564
  global $itsec_globals;
565
 
566
- $no_errors = false; //start out assuming they entered a bad IP somewhere
567
 
568
  //Sanitize checkbox features
569
  $input['enabled'] = ( isset( $input['enabled'] ) && intval( $input['enabled'] == 1 ) ? true : false );
570
  $input['default'] = ( isset( $input['default'] ) && intval( $input['default'] == 1 ) ? true : false );
571
 
572
- //process agent list
573
- if ( isset( $input['agent_list'] ) && ! is_array( $input['agent_list'] ) ) {
574
-
575
- $agents = explode( PHP_EOL, $input['agent_list'] );
576
-
577
- } elseif ( isset( $input['agent_list'] ) ) {
578
-
579
  $agents = $input['agent_list'];
580
-
581
  } else {
582
-
583
  $agents = array();
584
-
585
  }
586
 
587
  $good_agents = array();
588
 
589
  foreach ( $agents as $agent ) {
590
- $good_agents[] = trim( sanitize_text_field( $agent ) );
 
 
 
 
591
  }
592
 
593
- $input['agent_list'] = $good_agents;
594
-
595
- //Process hosts list
596
- if ( isset( $input['host_list'] ) && ! is_array( $input['host_list'] ) ) {
597
 
598
- $addresses = explode( PHP_EOL, $input['host_list'] );
599
-
600
- } elseif ( isset( $input['host_list'] ) ) {
601
 
 
 
 
602
  $addresses = $input['host_list'];
603
-
604
  } else {
605
-
606
  $addresses = array();
607
-
608
  }
609
 
 
 
 
 
610
  $bad_ips = array();
611
  $white_ips = array();
612
  $raw_ips = array();
613
-
614
  foreach ( $addresses as $index => $address ) {
615
-
616
- if ( strlen( trim( $address ) ) > 0 ) {
617
-
618
- if ( ITSEC_Lib::validates_ip_address( $address ) === false ) {
619
-
620
- $bad_ips[] = trim( filter_var( $address, FILTER_SANITIZE_STRING ) );
621
-
622
- }
623
-
624
- if ( ! class_exists( 'ITSEC_Ban_Users' ) ) {
625
- require( dirname( __FILE__ ) . '/class-itsec-ban-users.php' );
626
- }
627
-
628
- if ( ITSEC_Ban_Users::is_ip_whitelisted( $address, null, true ) ) {
629
-
630
- $white_ips[] = trim( filter_var( $address, FILTER_SANITIZE_STRING ) );
631
-
632
- }
633
-
634
- $raw_ips[] = trim( filter_var( $address, FILTER_SANITIZE_STRING ) );
635
-
636
- } else {
637
- unset( $addresses[$index] );
638
  }
639
-
 
 
 
 
 
 
 
 
 
640
  }
641
 
642
  $raw_ips = array_unique( $raw_ips );
643
 
644
- if ( sizeof( $bad_ips ) > 0 ) {
645
 
646
  $input['enabled'] = false; //disable ban users list
647
 
648
  $type = 'error';
649
 
650
- if ( $no_errors === true ) {
651
  $message = sprintf( '%s<br /><br />', __( 'Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security' ) );
652
  }
653
 
@@ -657,9 +642,7 @@ class ITSEC_Ban_Users_Admin {
657
 
658
  add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $message, $type );
659
 
660
- } else {
661
-
662
- $no_errors = true;
663
 
664
  }
665
 
@@ -669,7 +652,7 @@ class ITSEC_Ban_Users_Admin {
669
 
670
  $type = 'error';
671
 
672
- if ( $no_errors === true ) {
673
  $message = sprintf( '%s<br /><br />', __( 'Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security' ) );
674
  }
675
 
@@ -679,15 +662,13 @@ class ITSEC_Ban_Users_Admin {
679
 
680
  add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $message, $type );
681
 
682
- } else {
683
-
684
- $no_errors = true;
685
 
686
  }
687
 
688
  $input['host_list'] = $raw_ips;
689
 
690
- if ( $no_errors === true ) {
691
 
692
  if (
693
  ! isset( $type ) &&
@@ -697,11 +678,10 @@ class ITSEC_Ban_Users_Admin {
697
  $input['default'] !== $this->settings['default'] ||
698
  $input['agent_list'] !== $this->settings['agent_list']
699
  ) ||
700
- isset( $itsec_globals['settings']['write_files'] ) && $itsec_globals['settings']['write_files'] === true
 
701
  ) {
702
-
703
  add_site_option( 'itsec_rewrites_changed', true );
704
-
705
  }
706
 
707
  }
563
 
564
  global $itsec_globals;
565
 
566
+ $has_errors = false;
567
 
568
  //Sanitize checkbox features
569
  $input['enabled'] = ( isset( $input['enabled'] ) && intval( $input['enabled'] == 1 ) ? true : false );
570
  $input['default'] = ( isset( $input['default'] ) && intval( $input['default'] == 1 ) ? true : false );
571
 
572
+ if ( isset( $input['agent_list'] ) && is_string( $input['agent_list'] ) ) {
573
+ $agents = preg_split( '/(?<!\r)\n|\r(?!\n)|(?<!\r)\r\n|\r\r\n/', trim( $input['agent_list'] ) );
574
+ } else if ( isset( $input['agent_list'] ) && is_array( $input['agent_list'] ) ) {
 
 
 
 
575
  $agents = $input['agent_list'];
 
576
  } else {
 
577
  $agents = array();
 
578
  }
579
 
580
  $good_agents = array();
581
 
582
  foreach ( $agents as $agent ) {
583
+ $agent = trim( sanitize_text_field( $agent ) );
584
+
585
+ if ( ! empty( $agent ) ) {
586
+ $good_agents[] = $agent;
587
+ }
588
  }
589
 
590
+ $input['agent_list'] = array_unique( $good_agents );
 
 
 
591
 
 
 
 
592
 
593
+ if ( isset( $input['host_list'] ) && is_string( $input['host_list'] ) ) {
594
+ $addresses = preg_split( '/(?<!\r)\n|\r(?!\n)|(?<!\r)\r\n|\r\r\n/', trim( $input['host_list'] ) );
595
+ } else if ( isset( $input['host_list'] ) && is_array( $input['host_list'] ) ) {
596
  $addresses = $input['host_list'];
 
597
  } else {
 
598
  $addresses = array();
 
599
  }
600
 
601
+ if ( ! class_exists( 'ITSEC_Ban_Users' ) ) {
602
+ require( dirname( __FILE__ ) . '/class-itsec-ban-users.php' );
603
+ }
604
+
605
  $bad_ips = array();
606
  $white_ips = array();
607
  $raw_ips = array();
608
+
609
  foreach ( $addresses as $index => $address ) {
610
+ $address = trim( $address );
611
+
612
+ if ( empty( $address ) ) {
613
+ continue;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
614
  }
615
+
616
+ if ( ! ITSEC_Lib::validates_ip_address( $address ) ) {
617
+ $bad_ips[] = trim( filter_var( $address, FILTER_SANITIZE_STRING ) );
618
+ }
619
+
620
+ if ( ITSEC_Ban_Users::is_ip_whitelisted( $address, null, true ) ) {
621
+ $white_ips[] = trim( filter_var( $address, FILTER_SANITIZE_STRING ) );
622
+ }
623
+
624
+ $raw_ips[] = trim( filter_var( $address, FILTER_SANITIZE_STRING ) );
625
  }
626
 
627
  $raw_ips = array_unique( $raw_ips );
628
 
629
+ if ( ! empty( $bad_ips ) ) {
630
 
631
  $input['enabled'] = false; //disable ban users list
632
 
633
  $type = 'error';
634
 
635
+ if ( ! $has_errors ) {
636
  $message = sprintf( '%s<br /><br />', __( 'Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security' ) );
637
  }
638
 
642
 
643
  add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $message, $type );
644
 
645
+ $has_errors = true;
 
 
646
 
647
  }
648
 
652
 
653
  $type = 'error';
654
 
655
+ if ( ! $has_errors ) {
656
  $message = sprintf( '%s<br /><br />', __( 'Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security' ) );
657
  }
658
 
662
 
663
  add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $message, $type );
664
 
665
+ $has_errors = true;
 
 
666
 
667
  }
668
 
669
  $input['host_list'] = $raw_ips;
670
 
671
+ if ( ! $has_errors ) {
672
 
673
  if (
674
  ! isset( $type ) &&
678
  $input['default'] !== $this->settings['default'] ||
679
  $input['agent_list'] !== $this->settings['agent_list']
680
  ) ||
681
+ isset( $itsec_globals['settings']['write_files'] ) &&
682
+ true === $itsec_globals['settings']['write_files']
683
  ) {
 
684
  add_site_option( 'itsec_rewrites_changed', true );
 
685
  }
686
 
687
  }
core/modules/ban-users/lists/hackrepair-apache.inc CHANGED
@@ -126,7 +126,6 @@ RewriteCond %{HTTP_USER_AGENT} "^WPScan" [NC,OR]
126
  RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR]
127
  RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR]
128
  RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR]
129
- RewriteCond %{HTTP_USER_AGENT} "^Yandex" [NC,OR]
130
  RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR]
131
  RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR]
132
  RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR]
@@ -161,7 +160,6 @@ RewriteCond %{HTTP_USER_AGENT} "SBIder" [NC,OR]
161
  RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
162
  RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR]
163
  RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
164
- RewriteCond %{HTTP_USER_AGENT} "Sogou" [NC,OR]
165
  RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR]
166
  RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
167
  RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR]
126
  RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR]
127
  RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR]
128
  RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR]
 
129
  RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR]
130
  RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR]
131
  RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR]
160
  RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
161
  RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR]
162
  RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
 
163
  RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR]
164
  RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
165
  RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR]
core/modules/ban-users/lists/hackrepair-litespeed.inc CHANGED
@@ -126,7 +126,6 @@ RewriteCond %{HTTP_USER_AGENT} "^WPScan" [NC,OR]
126
  RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR]
127
  RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR]
128
  RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR]
129
- RewriteCond %{HTTP_USER_AGENT} "^Yandex" [NC,OR]
130
  RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR]
131
  RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR]
132
  RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR]
@@ -161,7 +160,6 @@ RewriteCond %{HTTP_USER_AGENT} "SBIder" [NC,OR]
161
  RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
162
  RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR]
163
  RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
164
- RewriteCond %{HTTP_USER_AGENT} "Sogou" [NC,OR]
165
  RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR]
166
  RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
167
  RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR]
126
  RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR]
127
  RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR]
128
  RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR]
 
129
  RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR]
130
  RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR]
131
  RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR]
160
  RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
161
  RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR]
162
  RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
 
163
  RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR]
164
  RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
165
  RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR]
core/modules/ban-users/lists/hackrepair-nginx.inc CHANGED
@@ -125,7 +125,6 @@ if ($http_user_agent ~* "^WPScan"){return 403;}
125
  if ($http_user_agent ~* "^WWW\-Mechanize"){return 403;}
126
  if ($http_user_agent ~* "^WWWOFFLE"){return 403;}
127
  if ($http_user_agent ~* "^Xaldon WebSpider"){return 403;}
128
- if ($http_user_agent ~* "^Yandex"){return 403;}
129
  if ($http_user_agent ~* "^Zeus"){return 403;}
130
  if ($http_user_agent ~* "^zmeu"){return 403;}
131
  if ($http_user_agent ~* "360Spider"){return 403;}
@@ -160,7 +159,6 @@ if ($http_user_agent ~* "SBIder"){return 403;}
160
  if ($http_user_agent ~* "SearchmetricsBot"){return 403;}
161
  if ($http_user_agent ~* "SeznamBot"){return 403;}
162
  if ($http_user_agent ~* "Snoopy"){return 403;}
163
- if ($http_user_agent ~* "Sogou"){return 403;}
164
  if ($http_user_agent ~* "Steeler"){return 403;}
165
  if ($http_user_agent ~* "URI\:\:Fetch"){return 403;}
166
  if ($http_user_agent ~* "urllib"){return 403;}
125
  if ($http_user_agent ~* "^WWW\-Mechanize"){return 403;}
126
  if ($http_user_agent ~* "^WWWOFFLE"){return 403;}
127
  if ($http_user_agent ~* "^Xaldon WebSpider"){return 403;}
 
128
  if ($http_user_agent ~* "^Zeus"){return 403;}
129
  if ($http_user_agent ~* "^zmeu"){return 403;}
130
  if ($http_user_agent ~* "360Spider"){return 403;}
159
  if ($http_user_agent ~* "SearchmetricsBot"){return 403;}
160
  if ($http_user_agent ~* "SeznamBot"){return 403;}
161
  if ($http_user_agent ~* "Snoopy"){return 403;}
 
162
  if ($http_user_agent ~* "Steeler"){return 403;}
163
  if ($http_user_agent ~* "URI\:\:Fetch"){return 403;}
164
  if ($http_user_agent ~* "urllib"){return 403;}
core/modules/malware/class-itsec-malware-admin.php CHANGED
@@ -34,7 +34,7 @@ class ITSEC_Malware_Admin {
34
  require_once( dirname( __FILE__ ) . '/class-itsec-malware-scan-results-template.php' );
35
 
36
  $details = "<div class='itsec-malware-scan-results-wrapper'>\n";
37
- $details .= ITSEC_Malware_Scan_Results_Template::get_html( $data );
38
  $details .= "</div>\n";
39
  }
40
 
34
  require_once( dirname( __FILE__ ) . '/class-itsec-malware-scan-results-template.php' );
35
 
36
  $details = "<div class='itsec-malware-scan-results-wrapper'>\n";
37
+ $details .= ITSEC_Malware_Scan_Results_Template::get_html( $data, true );
38
  $details .= "</div>\n";
39
  }
40
 
core/modules/malware/class-itsec-malware-log.php CHANGED
@@ -42,7 +42,7 @@ final class ITSEC_Malware_Log extends ITSEC_WP_List_Table {
42
  $content .= '<div id="itsec-log-malware-row-' . $item['count'] . '" style="display:none;">';
43
  $content .= "<div class='itsec-malware-scan-results-wrapper'>\n";
44
 
45
- $content .= ITSEC_Malware_Scan_Results_Template::get_html( $item['data'] );
46
 
47
  $content .= "</div>\n";
48
  $content .= "</div>\n";
42
  $content .= '<div id="itsec-log-malware-row-' . $item['count'] . '" style="display:none;">';
43
  $content .= "<div class='itsec-malware-scan-results-wrapper'>\n";
44
 
45
+ $content .= ITSEC_Malware_Scan_Results_Template::get_html( $item['data'], true );
46
 
47
  $content .= "</div>\n";
48
  $content .= "</div>\n";
core/modules/malware/class-itsec-malware-scan-results-template.php CHANGED
@@ -1,11 +1,11 @@
1
  <?php
2
 
3
  class ITSEC_Malware_Scan_Results_Template {
4
- public static function get_html( $results ) {
5
  $html = "<div class='itsec-malware-scan-results'>\n";
6
 
7
  if ( is_wp_error( $results ) ) {
8
- $html .= self::get_wp_error_details( $results );
9
  } else {
10
  $html .= self::get_system_error_details( $results );
11
  $html .= self::get_malware_details( $results );
@@ -17,13 +17,22 @@ class ITSEC_Malware_Scan_Results_Template {
17
  return $html;
18
  }
19
 
20
- protected static function get_wp_error_details( $results ) {
21
  $status = 'error';
22
  $description = __( 'The scan failed to properly scan the site.', 'better-wp-security' );
23
 
24
  $details = '<p>' . sprintf( __( 'Error Message: %s', 'better-wp-security' ), $results->get_error_message() ) . "</p>\n";
25
  $details .= '<p>' . sprintf( __( 'Error Code: <code>%s</code>', 'better-wp-security' ), esc_html( $results->get_error_code() ) ) . "</p>\n";
26
 
 
 
 
 
 
 
 
 
 
27
  return self::get_wrapped_section( 'wp-error', $status, $description, $details );
28
  }
29
 
1
  <?php
2
 
3
  class ITSEC_Malware_Scan_Results_Template {
4
+ public static function get_html( $results, $show_error_details = false ) {
5
  $html = "<div class='itsec-malware-scan-results'>\n";
6
 
7
  if ( is_wp_error( $results ) ) {
8
+ $html .= self::get_wp_error_details( $results, $show_error_details );
9
  } else {
10
  $html .= self::get_system_error_details( $results );
11
  $html .= self::get_malware_details( $results );
17
  return $html;
18
  }
19
 
20
+ protected static function get_wp_error_details( $results, $show_error_details ) {
21
  $status = 'error';
22
  $description = __( 'The scan failed to properly scan the site.', 'better-wp-security' );
23
 
24
  $details = '<p>' . sprintf( __( 'Error Message: %s', 'better-wp-security' ), $results->get_error_message() ) . "</p>\n";
25
  $details .= '<p>' . sprintf( __( 'Error Code: <code>%s</code>', 'better-wp-security' ), esc_html( $results->get_error_code() ) ) . "</p>\n";
26
 
27
+ if ( $show_error_details ) {
28
+ $data = $results->get_error_data();
29
+
30
+ if ( ! empty( $data ) ) {
31
+ $details .= '<p>' . __( 'If you contact support about this error, please provide the following debug details:', 'better-wp-security' ) . "</p>\n";
32
+ $details .= '<pre>' . print_r( $data, true ) . "</pre>\n";
33
+ }
34
+ }
35
+
36
  return self::get_wrapped_section( 'wp-error', $status, $description, $details );
37
  }
38
 
core/modules/malware/class-itsec-malware-scanner.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
 
3
- class ITSEC_Malware_Scanner {
4
  protected static $transient_name = 'itsec_cached_sucuri_scan';
5
 
6
  public static function scan() {
@@ -68,10 +68,19 @@ class ITSEC_Malware_Scanner {
68
 
69
  if ( defined( 'ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY' ) && ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY ) {
70
  $req_args['sslverify'] = false;
 
 
 
 
71
  }
72
 
73
  $response = wp_remote_get( $scan_url, $req_args );
74
 
 
 
 
 
 
75
  if ( is_wp_error( $response ) ) {
76
  return $response;
77
  }
@@ -88,18 +97,21 @@ class ITSEC_Malware_Scanner {
88
  return new WP_Error( 'itsec-malware-scanner-malformed-wp-remote-get-response', __( 'The response from the wp_remote_get function was malformed. This could indicate an issue with WordPress.', 'better-wp-security' ) );
89
  }
90
 
91
- if ( 'application/json' !== $response['headers']['content-type'] ) {
92
- return new WP_Error( 'itsec-malware-scanner-invalid-content-type-in-scan-response', sprintf( __( 'The Sucuri server returned an invalid content type. A content type of <code>%s</code> was received when a content type of <code>application/json</code> was expected. This could indicate a temporary issue with the Sucuri servers.', 'better-wp-security' ), esc_html( $response['headers']['content-type'] ) ) );
93
- }
94
 
95
  $body = @json_decode( $response['body'], true );
96
 
97
- if ( ! is_array( $body ) ) {
 
 
 
 
 
 
98
  if ( 'ERROR' === substr( $response['body'], 0, 5 ) ) {
99
- return new WP_Error( 'itsec-malware-scanner-error-received', sprintf( __( 'The scan did not complete successfully. Sucuri sent the following error: %s', 'better-wp-security' ), $response['body'] ) );
100
  }
101
 
102
- return new WP_Error( 'itsec-malware-scanner-unknown-scan-error', sprintf( __( 'An unknown error prevented the scan from completing successfully. The Sucuri server responded with a <code>%s</code> error code.', 'better-wp-security' ), $response['response']['code'] ) );
103
  }
104
 
105
 
1
  <?php
2
 
3
+ final class ITSEC_Malware_Scanner {
4
  protected static $transient_name = 'itsec_cached_sucuri_scan';
5
 
6
  public static function scan() {
68
 
69
  if ( defined( 'ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY' ) && ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY ) {
70
  $req_args['sslverify'] = false;
71
+
72
+ // Ensure that another plugin isn't preventing the disabling of sslverify from working.
73
+ add_filter( 'https_local_ssl_verify', '__return_false', 999999 );
74
+ add_filter( 'https_ssl_verify', '__return_false', 999999 );
75
  }
76
 
77
  $response = wp_remote_get( $scan_url, $req_args );
78
 
79
+ if ( defined( 'ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY' ) && ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY ) {
80
+ remove_filter( 'https_local_ssl_verify', '__return_false', 999999 );
81
+ remove_filter( 'https_ssl_verify', '__return_false', 999999 );
82
+ }
83
+
84
  if ( is_wp_error( $response ) ) {
85
  return $response;
86
  }
97
  return new WP_Error( 'itsec-malware-scanner-malformed-wp-remote-get-response', __( 'The response from the wp_remote_get function was malformed. This could indicate an issue with WordPress.', 'better-wp-security' ) );
98
  }
99
 
 
 
 
100
 
101
  $body = @json_decode( $response['body'], true );
102
 
103
+ if ( is_null( $body ) ) {
104
+ if ( 'application/json' === $response['headers']['content-type'] ) {
105
+ return new WP_Error( 'itsec-malware-scanner-invalid-json-data-in-scan-response', __( 'The scan did not complete successfully. The Sucuri server should send its response in JSON encoding. The response indicates that the encoding is JSON, but the data could not be decoded. This problem could be due to a temporary Sucuri server issue or a compatibility issue on your server. If the problem continues, please contact iThemes Security support.', 'better-wp-security' ), $response );
106
+ } else {
107
+ return new WP_Error( 'itsec-malware-scanner-invalid-content-type-in-scan-response', sprintf( __( 'The scan did not complete successfully. The Sucuri server should send its response in JSON encoding. The data received from the Sucuri server could not be decoded. In addition, a content type of <code>%s</code> was received when a content type of <code>application/json</code> was expected. This could indicate a temporary issue with the Sucuri servers.', 'better-wp-security' ), esc_html( $response['headers']['content-type'] ) ), $response );
108
+ }
109
+ } else if ( ! is_array( $body ) ) {
110
  if ( 'ERROR' === substr( $response['body'], 0, 5 ) ) {
111
+ return new WP_Error( 'itsec-malware-scanner-error-received', sprintf( __( 'The scan did not complete successfully. Sucuri sent the following error: %s', 'better-wp-security' ), $response['body'] ), $response );
112
  }
113
 
114
+ return new WP_Error( 'itsec-malware-scanner-unknown-scan-error', sprintf( __( 'An unknown error prevented the scan from completing successfully. The Sucuri server responded with a <code>%s</code> error code.', 'better-wp-security' ), $response['response']['code'] ), $response );
115
  }
116
 
117
 
core/modules/tweaks/class-itsec-tweaks-admin.php CHANGED
@@ -391,34 +391,62 @@ class ITSEC_Tweaks_Admin {
391
 
392
  if ( isset( $this->settings['disable_xmlrpc'] ) && $this->settings['disable_xmlrpc'] === true ) {
393
 
394
- $log_type = 2;
395
 
396
  } elseif ( ! isset( $this->settings['disable_xmlrpc'] ) || ( isset( $this->settings['disable_xmlrpc'] ) && $this->settings['disable_xmlrpc'] === false ) ) {
397
 
398
- $log_type = 0;
399
 
400
  } elseif ( isset( $this->settings['disable_xmlrpc'] ) ) {
401
 
402
- $log_type = $this->settings['disable_xmlrpc'];
403
 
404
  }
405
 
406
- echo '<select id="itsec_tweaks_server_disable_xmlrpc" name="itsec_tweaks[disable_xmlrpc]">';
407
 
408
- echo '<option value="0" ' . selected( $log_type, '0' ) . '>' . __( 'Off', 'better-wp-security' ) . '</option>';
409
- echo '<option value="1" ' . selected( $log_type, '1' ) . '>' . __( 'Only Disable Trackbacks/Pingbacks', 'better-wp-security' ) . '</option>';
410
- echo '<option value="2" ' . selected( $log_type, '2' ) . '>' . __( 'Completely Disable XML-RPC', 'better-wp-security' ) . '</option>';
411
- echo '</select>';
412
- echo '<label for="itsec_tweaks_server_disable_xmlrpc"> ' . __( 'Disable XML-RPC', 'better-wp-security' ) . '</label>';
 
413
  printf(
414
- '<p class="description"><ul><li>%s</li><li>%s</li><li>%s</li></ul></p>',
415
- __( 'Off = XML-RPC is fully enabled and will function as normal.', 'better-wp-security' ),
416
- __( 'Only Disable Trackbacks/Pingbacks = Your site will not be susceptible to denial of service attacks via the trackback/pingback feature. Other XML-RPC features will work as normal. You need this if you require features such as Jetpack or the WordPress Mobile app.', 'better-wp-security' ),
417
- __( 'Completely Disable XML-RPC is the safest, XML-RPC will be completely disabled by your webserver. This will prevent features such as Jetpack that require XML-RPC from working.', 'better-wp-security' )
418
  );
419
 
420
  }
421
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
422
  /**
423
  * echos Remove EditURI Header Field
424
  *
@@ -1259,6 +1287,22 @@ class ITSEC_Tweaks_Admin {
1259
 
1260
  array_push( $statuses[ $status_array ], $status );
1261
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1262
  if ( isset( $this->settings['uploads_php'] ) && $this->settings['uploads_php'] === true ) {
1263
 
1264
  $status_array = 'safe-medium';
@@ -1510,6 +1554,14 @@ class ITSEC_Tweaks_Admin {
1510
  'tweaks_wordpress'
1511
  );
1512
 
 
 
 
 
 
 
 
 
1513
  add_settings_field(
1514
  'itsec_tweaks[safe_jquery]',
1515
  __( 'Replace jQuery With a Safe Version', 'better-wp-security' ),
@@ -1742,12 +1794,17 @@ class ITSEC_Tweaks_Admin {
1742
  $input['comment_spam'] = ( isset( $input['comment_spam'] ) && intval( $input['comment_spam'] == 1 ) ? true : false );
1743
  $input['file_editor'] = ( isset( $input['file_editor'] ) && intval( $input['file_editor'] == 1 ) ? true : false );
1744
  $input['disable_xmlrpc'] = isset( $input['disable_xmlrpc'] ) ? intval( $input['disable_xmlrpc'] ) : 0;
 
1745
  $input['uploads_php'] = ( isset( $input['uploads_php'] ) && intval( $input['uploads_php'] == 1 ) ? true : false );
1746
  $input['safe_jquery'] = ( isset( $input['safe_jquery'] ) && intval( $input['safe_jquery'] == 1 ) ? true : false );
1747
  $input['login_errors'] = ( isset( $input['login_errors'] ) && intval( $input['login_errors'] == 1 ) ? true : false );
1748
  $input['force_unique_nicename'] = ( isset( $input['force_unique_nicename'] ) && intval( $input['force_unique_nicename'] == 1 ) ? true : false );
1749
  $input['disable_unused_author_pages'] = ( isset( $input['disable_unused_author_pages'] ) && intval( $input['disable_unused_author_pages'] == 1 ) ? true : false );
1750
 
 
 
 
 
1751
  if (
1752
  ( $input['protect_files'] !== $this->settings['protect_files'] ||
1753
  $input['directory_browsing'] !== $this->settings['directory_browsing'] ||
@@ -1756,6 +1813,7 @@ class ITSEC_Tweaks_Admin {
1756
  $input['non_english_characters'] !== $this->settings['non_english_characters'] ||
1757
  $input['comment_spam'] !== $this->settings['comment_spam'] ||
1758
  $input['disable_xmlrpc'] !== $this->settings['disable_xmlrpc'] ||
 
1759
  $input['uploads_php'] !== $this->settings['uploads_php']
1760
  ) ||
1761
  isset( $itsec_globals['settings']['write_files'] ) && $itsec_globals['settings']['write_files'] === true
@@ -1862,6 +1920,7 @@ class ITSEC_Tweaks_Admin {
1862
  'comment_spam' => '0:b',
1863
  'file_editor' => '0:b',
1864
  'disable_xmlrpc' => '0:b',
 
1865
  'core_updates' => '0:b',
1866
  'plugin_updates' => '0:b',
1867
  'theme_updates' => '0:b',
391
 
392
  if ( isset( $this->settings['disable_xmlrpc'] ) && $this->settings['disable_xmlrpc'] === true ) {
393
 
394
+ $setting = 2;
395
 
396
  } elseif ( ! isset( $this->settings['disable_xmlrpc'] ) || ( isset( $this->settings['disable_xmlrpc'] ) && $this->settings['disable_xmlrpc'] === false ) ) {
397
 
398
+ $setting = 0;
399
 
400
  } elseif ( isset( $this->settings['disable_xmlrpc'] ) ) {
401
 
402
+ $setting = $this->settings['disable_xmlrpc'];
403
 
404
  }
405
 
406
+ echo '<p>' . sprintf( __( 'WordPress\'s XML-RPC feature allows external services to access and modify content on the site. Common example of services that make use of XML-RPC are <a href="%1$s">the Jetpack plugin</a>, <a href="%2$s">the WordPress mobile app</a>, and <a href="%3$s">pingbacks</a>. If the site does not use a service that requires XML-RPC, select the "Disable XML-RPC" setting as disabling XML-RPC prevents attackers from using the feature to attack the site.', 'better-wp-security' ), esc_url( 'https://jetpack.me/' ), esc_url( 'https://apps.wordpress.org/' ), esc_url( 'https://make.wordpress.org/support/user-manual/building-your-wordpress-community/trackbacks-and-pingbacks/#pingbacks' ) ) . '</p>';
407
 
408
+ echo '<p><select id="itsec_tweaks_server_disable_xmlrpc" name="itsec_tweaks[disable_xmlrpc]">';
409
+ echo '<option value="2" ' . selected( $setting, '2' ) . '>' . __( 'Disable XML-RPC (recommended)', 'better-wp-security' ) . '</option>';
410
+ echo '<option value="1" ' . selected( $setting, '1' ) . '>' . __( 'Disable Pingbacks', 'better-wp-security' ) . '</option>';
411
+ echo '<option value="0" ' . selected( $setting, '0' ) . '>' . __( 'Enable XML-RPC', 'better-wp-security' ) . '</option>';
412
+ echo '</select></p>';
413
+
414
  printf(
415
+ '<ul><li>%s</li><li>%s</li><li>%s</li></ul>',
416
+ __( '<strong>Disable XML-RPC</strong> - XML-RPC is disabled on the site. This setting is highly recommended if Jetpack, the WordPress mobile app, pingbacks, and other services that use XML-RPC are not used.', 'better-wp-security' ),
417
+ __( '<strong>Disable Pingbacks</strong> - Only disable pingbacks. Other XML-RPC features will work as normal. Select this setting if you require features such as Jetpack or the WordPress Mobile app.', 'better-wp-security' ),
418
+ __( '<strong>Enable XML-RPC</strong> - XML-RPC is fully enabled and will function as normal. Use this setting only if the site must have unrestricted use of XML-RPC.', 'better-wp-security' )
419
  );
420
 
421
  }
422
 
423
+ /**
424
+ * Setting to control whether multiple authentications per XML-RPC request are allowed.
425
+ *
426
+ * @since 5.1.0
427
+ *
428
+ * @return void
429
+ */
430
+ public function tweaks_wordpress_allow_xmlrpc_multiauth() {
431
+ if ( isset( $this->settings['allow_xmlrpc_multiauth'] ) ) {
432
+ $setting = (bool) $this->settings['allow_xmlrpc_multiauth'];
433
+ } else {
434
+ $setting = true;
435
+ }
436
+
437
+ echo '<p>' . sprintf( __( 'WordPress\'s XML-RPC feature allows hundreds of username and password guesses per request. Use the recommended "Block" setting below to prevent attackers from exploiting this feature.', 'better-wp-security' ) ) . '</p>';
438
+
439
+ echo '<p><select id="itsec_tweaks_server_allow_xmlrpc_multiauth" name="itsec_tweaks[allow_xmlrpc_multiauth]">';
440
+ echo '<option value="0" ' . selected( $setting, false ) . '>' . __( 'Block (recommended)', 'better-wp-security' ) . '</option>';
441
+ echo '<option value="1" ' . selected( $setting, true ) . '>' . __( 'Allow', 'better-wp-security' ) . '</option>';
442
+ echo '</select></p>';
443
+
444
+ echo '<ul>';
445
+ echo '<li>' . __( '<strong>Block</strong> - Blocks XML-RPC requests that contain multiple login attempts. This setting is highly recommended.', 'better-wp-security' ) . '</li>';
446
+ echo '<li>' . __( '<strong>Allow</strong> - Allows XML-RPC requests that contain multiple login attempts. Only use this setting if a service requires it.', 'better-wp-security' ) . '</li>';
447
+ echo '</ul>';
448
+ }
449
+
450
  /**
451
  * echos Remove EditURI Header Field
452
  *
1287
 
1288
  array_push( $statuses[ $status_array ], $status );
1289
 
1290
+ if ( ! isset( $this->settings['allow_xmlrpc_multiauth'] ) || true === $this->settings['allow_xmlrpc_multiauth'] ) {
1291
+ $status_array = 'high';
1292
+ $status = array(
1293
+ 'text' => __( 'XML-RPC requests can try multiple authentication attempts per request. Attackers can use this to speed up their brute force attacks.', 'better-wp-security' ),
1294
+ 'link' => '#itsec_tweaks_server_allow_xmlrpc_multiauth',
1295
+ );
1296
+ } else {
1297
+ $status_array = 'safe-high';
1298
+ $status = array(
1299
+ 'text' => __( 'XML-RPC requests with multiple authentication attempts are blocked.', 'better-wp-security' ),
1300
+ 'link' => '#itsec_tweaks_server_allow_xmlrpc_multiauth',
1301
+ );
1302
+ }
1303
+
1304
+ array_push( $statuses[ $status_array ], $status );
1305
+
1306
  if ( isset( $this->settings['uploads_php'] ) && $this->settings['uploads_php'] === true ) {
1307
 
1308
  $status_array = 'safe-medium';
1554
  'tweaks_wordpress'
1555
  );
1556
 
1557
+ add_settings_field(
1558
+ 'itsec_tweaks[allow_xmlrpc_multiauth]',
1559
+ __( 'Multiple Authentication Attempts per XML-RPC Request', 'better-wp-security' ),
1560
+ array( $this, 'tweaks_wordpress_allow_xmlrpc_multiauth' ),
1561
+ 'security_page_toplevel_page_itsec_settings',
1562
+ 'tweaks_wordpress'
1563
+ );
1564
+
1565
  add_settings_field(
1566
  'itsec_tweaks[safe_jquery]',
1567
  __( 'Replace jQuery With a Safe Version', 'better-wp-security' ),
1794
  $input['comment_spam'] = ( isset( $input['comment_spam'] ) && intval( $input['comment_spam'] == 1 ) ? true : false );
1795
  $input['file_editor'] = ( isset( $input['file_editor'] ) && intval( $input['file_editor'] == 1 ) ? true : false );
1796
  $input['disable_xmlrpc'] = isset( $input['disable_xmlrpc'] ) ? intval( $input['disable_xmlrpc'] ) : 0;
1797
+ $input['allow_xmlrpc_multiauth'] = isset( $input['allow_xmlrpc_multiauth'] ) ? (bool) $input['allow_xmlrpc_multiauth'] : true;
1798
  $input['uploads_php'] = ( isset( $input['uploads_php'] ) && intval( $input['uploads_php'] == 1 ) ? true : false );
1799
  $input['safe_jquery'] = ( isset( $input['safe_jquery'] ) && intval( $input['safe_jquery'] == 1 ) ? true : false );
1800
  $input['login_errors'] = ( isset( $input['login_errors'] ) && intval( $input['login_errors'] == 1 ) ? true : false );
1801
  $input['force_unique_nicename'] = ( isset( $input['force_unique_nicename'] ) && intval( $input['force_unique_nicename'] == 1 ) ? true : false );
1802
  $input['disable_unused_author_pages'] = ( isset( $input['disable_unused_author_pages'] ) && intval( $input['disable_unused_author_pages'] == 1 ) ? true : false );
1803
 
1804
+ if ( ! isset( $this->settings['allow_xmlrpc_multiauth'] ) ) {
1805
+ $this->settings['allow_xmlrpc_multiauth'] = null;
1806
+ }
1807
+
1808
  if (
1809
  ( $input['protect_files'] !== $this->settings['protect_files'] ||
1810
  $input['directory_browsing'] !== $this->settings['directory_browsing'] ||
1813
  $input['non_english_characters'] !== $this->settings['non_english_characters'] ||
1814
  $input['comment_spam'] !== $this->settings['comment_spam'] ||
1815
  $input['disable_xmlrpc'] !== $this->settings['disable_xmlrpc'] ||
1816
+ $input['allow_xmlrpc_multiauth'] !== $this->settings['allow_xmlrpc_multiauth'] ||
1817
  $input['uploads_php'] !== $this->settings['uploads_php']
1818
  ) ||
1819
  isset( $itsec_globals['settings']['write_files'] ) && $itsec_globals['settings']['write_files'] === true
1920
  'comment_spam' => '0:b',
1921
  'file_editor' => '0:b',
1922
  'disable_xmlrpc' => '0:b',
1923
+ 'allow_xmlrpc_multiauth' => '0:b',
1924
  'core_updates' => '0:b',
1925
  'plugin_updates' => '0:b',
1926
  'theme_updates' => '0:b',
core/modules/tweaks/class-itsec-tweaks.php CHANGED
@@ -3,12 +3,17 @@
3
  class ITSEC_Tweaks {
4
 
5
  private $settings;
 
6
 
7
  function run() {
8
 
9
  $this->settings = get_site_option( 'itsec_tweaks' );
10
 
11
  if ( ! defined( 'WP_CLI' ) || false === WP_CLI ) { //don't risk blocking anything with WP_CLI
 
 
 
 
12
 
13
  //remove wlmanifest link if turned on
14
  if ( isset( $this->settings['wlwmanifest_header'] ) && $this->settings['wlwmanifest_header'] == true ) {
@@ -90,6 +95,33 @@ class ITSEC_Tweaks {
90
 
91
  }
92
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
93
  public function current_jquery() {
94
 
95
  global $itsec_is_old_admin;
3
  class ITSEC_Tweaks {
4
 
5
  private $settings;
6
+ private $first_xmlrpc_credentials;
7
 
8
  function run() {
9
 
10
  $this->settings = get_site_option( 'itsec_tweaks' );
11
 
12
  if ( ! defined( 'WP_CLI' ) || false === WP_CLI ) { //don't risk blocking anything with WP_CLI
13
+ // Functional code for the allow_xmlrpc_multiauth setting.
14
+ if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
15
+ $this->handle_xmlrpc_request();
16
+ }
17
 
18
  //remove wlmanifest link if turned on
19
  if ( isset( $this->settings['wlwmanifest_header'] ) && $this->settings['wlwmanifest_header'] == true ) {
95
 
96
  }
97
 
98
+ public function handle_xmlrpc_request() {
99
+ if ( ! isset( $this->settings['allow_xmlrpc_multiauth'] ) || true === $this->settings['allow_xmlrpc_multiauth'] ) {
100
+ return;
101
+ }
102
+
103
+ add_filter( 'authenticate', array( $this, 'block_multiauth_attempts' ), 0, 3 );
104
+ }
105
+
106
+ public function block_multiauth_attempts( $filter_val, $username, $password ) {
107
+ if ( empty( $this->first_xmlrpc_credentials ) ) {
108
+ $this->first_xmlrpc_credentials = array(
109
+ $username,
110
+ $password
111
+ );
112
+
113
+ return $filter_var;
114
+ }
115
+
116
+ if ( $username === $this->first_xmlrpc_credentials[0] && $password === $this->first_xmlrpc_credentials[1] ) {
117
+ return $filter_var;
118
+ }
119
+
120
+ status_header( 405 );
121
+ header( 'Content-Type: text/plain' );
122
+ die( __( 'XML-RPC services are disabled on this site.' ) );
123
+ }
124
+
125
  public function current_jquery() {
126
 
127
  global $itsec_is_old_admin;
core/modules/tweaks/setup.php CHANGED
@@ -27,6 +27,7 @@ if ( ! class_exists( 'ITSEC_Tweaks_Setup' ) ) {
27
  'comment_spam' => false,
28
  'file_editor' => false,
29
  'disable_xmlrpc' => 0,
 
30
  'uploads_php' => false,
31
  'login_errors' => false,
32
  'force_unique_nicename' => false,
27
  'comment_spam' => false,
28
  'file_editor' => false,
29
  'disable_xmlrpc' => 0,
30
+ 'allow_xmlrpc_multiauth' => true,
31
  'uploads_php' => false,
32
  'login_errors' => false,
33
  'force_unique_nicename' => false,
history.txt CHANGED
@@ -419,6 +419,18 @@
419
  Bug Fix: Minor change to fix a warning that can appear after changing the Content Directory.
420
  Bug Fix: Fixed a PHP fatal error that could occur on some servers when adding a ban to the site's .htaccess or nginx.conf file.
421
  5.0.0 - 2015-09-14 - Chris Jean
 
422
  New Feature: Added malware scanning provided by Sucuri SiteCheck.
423
  5.0.1 - 2015-09-15 - Chris Jean
424
  Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass "SSL peer certificate or SSH remote key was not OK" errors on servers with bad SSL configurations.
 
 
 
 
 
 
 
 
 
 
 
419
  Bug Fix: Minor change to fix a warning that can appear after changing the Content Directory.
420
  Bug Fix: Fixed a PHP fatal error that could occur on some servers when adding a ban to the site's .htaccess or nginx.conf file.
421
  5.0.0 - 2015-09-14 - Chris Jean
422
+ Compatibility Fix: Changed translation domain from it-l10n-better-wp-security to better-wp-security. This change was necessary in order to be included in the translate.wordpress.org project.
423
  New Feature: Added malware scanning provided by Sucuri SiteCheck.
424
  5.0.1 - 2015-09-15 - Chris Jean
425
  Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass "SSL peer certificate or SSH remote key was not OK" errors on servers with bad SSL configurations.
426
+ 5.1.0 - 2015-10-15 - Chris Jean
427
+ New Feature: Added "Multiple Authentication Attempts per XML-RPC Request" setting to the WordPress Tweaks section. When this setting is set to "Block", iThemes Security will block brute force login attacks against XML-RPC as described by Sucuri in this blog post: https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
428
+ Enhancement: Updated text describing the XML-RPC setting in the WordPress Tweaks section to better explain what the setting is for and which setting is recommended.
429
+ Enhancement: Improved IP detection when proxy detection is active by processing the header set by CloudFlare.
430
+ Enhancement: Added a filter named itsec_filter_remote_addr_headers which can be used to change which headers are searched for the client IP. This allows for tailoring the IP detection for specific reverse proxies and load balancers.
431
+ Bug Fix: Updated the Banned Users settings to no longer add a newline to the Ban Hosts input each time the settings page is saved.
432
+ Compatibility Fix: Updated code triggered by the ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY define. This avoids plugin compatibility issues that prevent disabling the SSL peer verification.
433
+ 5.1.1 - 2015-11-10 - Chris Jean
434
+ Enhancement: Removed Yandex and Sogou from the HackRepair blacklist as they are legitimate search engine bots.
435
+ Enhancement: Added detailed information about Sucuri malware scan errors to Malware Scan log details.
436
+ Bug Fix: No longer enables display of database errors when an event is logged.
lang/better-wp-security.pot CHANGED
@@ -2,9 +2,9 @@
2
  # This file is distributed under the same license as the iThemes Security package.
3
  msgid ""
4
  msgstr ""
5
- "Project-Id-Version: iThemes Security 5.0.1\n"
6
  "Report-Msgid-Bugs-To: http://ithemes.com/support/\n"
7
- "POT-Creation-Date: 2015-09-15 20:00:50+00:00\n"
8
  "PO-Revision-Date: 2015-MO-DA HO:MI+ZONE\n"
9
  "MIME-Version: 1.0\n"
10
  "Content-Type: text/plain; charset=UTF-8\n"
@@ -13,9 +13,9 @@ msgstr ""
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
15
 
16
- #. #-#-#-#-# better-wp-security.pot (iThemes Security 5.0.1) #-#-#-#-#
17
  #. Plugin Name of the plugin/theme
18
- #: better-wp-security.php:24
19
  msgid "iThemes Security"
20
  msgstr ""
21
 
@@ -51,106 +51,106 @@ msgstr ""
51
  msgid "Backups"
52
  msgstr ""
53
 
54
- #: core/class-itsec-core.php:562 core/class-itsec-core.php:655
55
- #: core/class-itsec-core.php:951 core/class-itsec-core.php:1699
56
- #: core/class-itsec-core.php:1738
57
  msgid "Dashboard"
58
  msgstr ""
59
 
60
- #: core/class-itsec-core.php:646 core/class-itsec-core.php:1700
61
  msgid "Security"
62
  msgstr ""
63
 
64
- #: core/class-itsec-core.php:795
65
  msgid "Dismiss"
66
  msgstr ""
67
 
68
- #: core/class-itsec-core.php:822 core/class-itsec-core.php:1783
69
  msgid "NGINX conf file and/or restart your NGINX server"
70
  msgstr ""
71
 
72
- #: core/class-itsec-core.php:826 core/class-itsec-core.php:1787
73
  msgid ".htaccess file"
74
  msgstr ""
75
 
76
- #: core/class-itsec-core.php:832 core/class-itsec-core.php:1793
77
  msgid ""
78
  "As you have not allowed this plugin to update system files you must update "
79
  "your"
80
  msgstr ""
81
 
82
- #: core/class-itsec-core.php:834 core/class-itsec-core.php:1795
83
  msgid ""
84
  "as well as your wp-config.php file manually. Rules to insert in both files "
85
  "can be found on the Dashboard page."
86
  msgstr ""
87
 
88
- #: core/class-itsec-core.php:836
89
  msgid "Click here"
90
  msgstr ""
91
 
92
- #: core/class-itsec-core.php:837
93
  msgid "to allow this plugin to write to these files."
94
  msgstr ""
95
 
96
- #: core/class-itsec-core.php:844 core/class-itsec-core.php:1800
97
  #: core/class-itsec-files.php:161
98
  #: core/modules/database-prefix/class-itsec-database-prefix-admin.php:225
99
  msgid "Settings Updated"
100
  msgstr ""
101
 
102
- #: core/class-itsec-core.php:911
103
  msgid "Show Intro"
104
  msgstr ""
105
 
106
- #: core/class-itsec-core.php:921
107
  msgid "Important First Steps"
108
  msgstr ""
109
 
110
- #: core/class-itsec-core.php:1001
111
  msgid ""
112
  "New! Take your site security to the next level by activating iThemes Brute "
113
  "Force Network Protection."
114
  msgstr ""
115
 
116
- #: core/class-itsec-core.php:1001
117
  msgid "Get Free API Key"
118
  msgstr ""
119
 
120
- #: core/class-itsec-core.php:1526
121
  msgid "Secure Your Site"
122
  msgstr ""
123
 
124
- #: core/class-itsec-core.php:1527
125
  msgid ""
126
  "Use the button below to enable default settings. This feature will enable "
127
  "all settings that cannot conflict with other plugins or themes."
128
  msgstr ""
129
 
130
- #: core/class-itsec-core.php:1528
131
  msgid "One-Click Secure"
132
  msgstr ""
133
 
134
- #: core/class-itsec-core.php:1530
135
  msgid ""
136
  "Site Secured. Check the dashboard for further suggestions on securing your "
137
  "site."
138
  msgstr ""
139
 
140
- #: core/class-itsec-core.php:1531
141
  msgid ""
142
  "Whoops. Something went wrong. Please contact support if the problem persists."
143
  msgstr ""
144
 
145
- #: core/class-itsec-core.php:1612
146
  msgid "Return to top"
147
  msgstr ""
148
 
149
- #: core/class-itsec-core.php:1916
150
  msgid "Thank you for activating"
151
  msgstr ""
152
 
153
- #: core/class-itsec-core.php:1916
154
  msgid ""
155
  "It looks like you had another version of this plugin activated. To avoid "
156
  "conflicts the extra version has been deactivated and we recommend you delete "
@@ -337,7 +337,7 @@ msgstr ""
337
  #: core/modules/away-mode/class-itsec-away-mode-admin.php:574
338
  #: core/modules/backup/class-itsec-backup-admin.php:475
339
  #: core/modules/backup/class-itsec-backup-admin.php:622
340
- #: core/modules/ban-users/class-itsec-ban-users-admin.php:743
341
  #: core/modules/brute-force/class-itsec-brute-force-admin.php:350
342
  #: core/modules/file-change/class-itsec-file-change-admin.php:450
343
  #: core/modules/file-change/class-itsec-file-change-admin.php:912
@@ -349,7 +349,7 @@ msgstr ""
349
  #: core/modules/ipcheck/class-itsec-ipcheck-admin.php:437
350
  #: core/modules/ssl/class-itsec-ssl-admin.php:395
351
  #: core/modules/strong-passwords/class-itsec-strong-passwords-admin.php:245
352
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1821
353
  msgid "Security error!"
354
  msgstr ""
355
 
@@ -411,9 +411,9 @@ msgstr ""
411
  #: core/modules/hide-backend/class-itsec-hide-backend-admin.php:460
412
  #: core/modules/ssl/class-itsec-ssl-admin.php:297
413
  #: core/modules/strong-passwords/class-itsec-strong-passwords-admin.php:182
414
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1599
415
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1622
416
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1645
417
  msgid "Save All Changes"
418
  msgstr ""
419
 
@@ -712,6 +712,7 @@ msgid ""
712
  msgstr ""
713
 
714
  #: core/class-itsec-global-settings.php:1349
 
715
  msgid "Allow"
716
  msgstr ""
717
 
@@ -1064,32 +1065,32 @@ msgstr ""
1064
  msgid "Clear Logs"
1065
  msgstr ""
1066
 
1067
- #: core/class-itsec-logger.php:377
1068
  msgid "Below are various logs of information collected by"
1069
  msgstr ""
1070
 
1071
- #: core/class-itsec-logger.php:379
1072
  msgid ""
1073
  "This information can help you get a picture of what is happening with your "
1074
  "site and the level of success you have achieved in your security efforts."
1075
  msgstr ""
1076
 
1077
- #: core/class-itsec-logger.php:397
1078
  msgid ""
1079
  "To view logs within the plugin you must enable database logging in the "
1080
  "plugin settings. File logging is not available for access within the plugin "
1081
  "itself."
1082
  msgstr ""
1083
 
1084
- #: core/class-itsec-logger.php:414
1085
  msgid "To adjust logging options visit the global settings page."
1086
  msgstr ""
1087
 
1088
- #: core/class-itsec-logger.php:416
1089
  msgid "Select Filter: "
1090
  msgstr ""
1091
 
1092
- #: core/class-itsec-logger.php:418
1093
  msgid "All Log Data"
1094
  msgstr ""
1095
 
@@ -1358,7 +1359,6 @@ msgstr ""
1358
  #: core/content/system.php:219 core/content/system.php:227
1359
  #: core/content/system.php:244 core/content/system.php:252
1360
  #: core/modules/ssl/class-itsec-ssl-admin.php:235
1361
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:408
1362
  msgid "Off"
1363
  msgstr ""
1364
 
@@ -2368,7 +2368,7 @@ msgstr ""
2368
  #: core/modules/backup/class-itsec-backup.php:366
2369
  #: core/modules/backup/class-itsec-backup.php:385
2370
  #: core/modules/malware/class-itsec-malware-log.php:109
2371
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:157
2372
  msgid "Error"
2373
  msgstr ""
2374
 
@@ -2498,18 +2498,18 @@ msgid ""
2498
  "access to your site."
2499
  msgstr ""
2500
 
2501
- #: core/modules/ban-users/class-itsec-ban-users-admin.php:651
2502
- #: core/modules/ban-users/class-itsec-ban-users-admin.php:673
2503
  msgid ""
2504
  "Note that the ban users feature has been disabled until the following errors "
2505
  "are corrected:"
2506
  msgstr ""
2507
 
2508
- #: core/modules/ban-users/class-itsec-ban-users-admin.php:655
2509
  msgid "is not a valid address in the ban users box."
2510
  msgstr ""
2511
 
2512
- #: core/modules/ban-users/class-itsec-ban-users-admin.php:677
2513
  msgid "is not a valid address as it has been white listed."
2514
  msgstr ""
2515
 
@@ -3934,13 +3934,13 @@ msgid "Scan Details"
3934
  msgstr ""
3935
 
3936
  #: core/modules/malware/class-itsec-malware-log.php:111
3937
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:155
3938
  msgid "Warning"
3939
  msgstr ""
3940
 
3941
  #: core/modules/malware/class-itsec-malware-log.php:113
3942
  #: core/modules/malware/class-itsec-malware-log.php:119
3943
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:153
3944
  msgid "Clean"
3945
  msgstr ""
3946
 
@@ -3961,7 +3961,7 @@ msgid "Malware Scan Report"
3961
  msgstr ""
3962
 
3963
  #: core/modules/malware/class-itsec-malware-scan-results-template.php:22
3964
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:136
3965
  msgid "The scan failed to properly scan the site."
3966
  msgstr ""
3967
 
@@ -3973,79 +3973,96 @@ msgstr ""
3973
  msgid "Error Code: <code>%s</code>"
3974
  msgstr ""
3975
 
3976
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:32
 
 
 
 
 
 
3977
  msgid "Blacklist"
3978
  msgstr ""
3979
 
3980
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:60
3981
  msgid "Malware"
3982
  msgstr ""
3983
 
3984
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:76
3985
  msgid "Security warning in the URL"
3986
  msgstr ""
3987
 
3988
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:78
3989
  msgid "Malware found on URL"
3990
  msgstr ""
3991
 
3992
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:87
3993
  msgid "Infected URL: <a href=\"%1$s\" target=\"_blank\">%2$s</a>"
3994
  msgstr ""
3995
 
3996
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:97
3997
  msgid "*Known Spam detected"
3998
  msgstr ""
3999
 
4000
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:101
4001
  msgid "Type: %1$s"
4002
  msgstr ""
4003
 
4004
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:103
4005
  msgid "Documentation: <a href=\"%1$s\" target=\"_blank\">%2$s</a>"
4006
  msgstr ""
4007
 
4008
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:116
4009
  msgid "Payload:<pre>%s</pre>"
4010
  msgstr ""
4011
 
4012
  #. translators: Scan result listing. %1$s is the status. %2$s is the
4013
  #. description.
4014
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:164
4015
  msgctxt "scan status, scan description"
4016
  msgid "%1$s %2$s"
4017
  msgstr ""
4018
 
4019
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:166
4020
  msgid "Show Details"
4021
  msgstr ""
4022
 
4023
  #. translators: Scan result listing. %1$s is the status. %2$s is the
4024
  #. description. %3$s is the details link.
4025
- #: core/modules/malware/class-itsec-malware-scan-results-template.php:169
4026
  msgctxt "scan status, scan description, scan details link"
4027
  msgid "%1$s %2$s %3$s"
4028
  msgstr ""
4029
 
4030
- #: core/modules/malware/class-itsec-malware-scanner.php:88
4031
  msgid ""
4032
  "The response from the wp_remote_get function was malformed. This could "
4033
  "indicate an issue with WordPress."
4034
  msgstr ""
4035
 
4036
- #: core/modules/malware/class-itsec-malware-scanner.php:92
4037
  msgid ""
4038
- "The Sucuri server returned an invalid content type. A content type of <code>"
4039
- "%s</code> was received when a content type of <code>application/json</code> "
4040
- "was expected. This could indicate a temporary issue with the Sucuri servers."
 
 
4041
  msgstr ""
4042
 
4043
- #: core/modules/malware/class-itsec-malware-scanner.php:99
 
 
 
 
 
 
 
 
 
4044
  msgid ""
4045
  "The scan did not complete successfully. Sucuri sent the following error: %s"
4046
  msgstr ""
4047
 
4048
- #: core/modules/malware/class-itsec-malware-scanner.php:102
4049
  msgid ""
4050
  "An unknown error prevented the scan from completing successfully. The Sucuri "
4051
  "server responded with a <code>%s</code> error code."
@@ -4292,7 +4309,7 @@ msgid "System Tweaks"
4292
  msgstr ""
4293
 
4294
  #: core/modules/tweaks/class-itsec-tweaks-admin.php:64
4295
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1895
4296
  msgid "WordPress Tweaks"
4297
  msgstr ""
4298
 
@@ -4427,524 +4444,574 @@ msgid ""
4427
  "note that this only makes a difference in multi-site installations."
4428
  msgstr ""
4429
 
4430
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:409
4431
- msgid "Only Disable Trackbacks/Pingbacks"
 
 
 
 
 
 
 
4432
  msgstr ""
4433
 
4434
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:410
4435
- msgid "Completely Disable XML-RPC"
4436
  msgstr ""
4437
 
4438
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:412
4439
- msgid "Disable XML-RPC"
4440
  msgstr ""
4441
 
4442
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:415
4443
- msgid "Off = XML-RPC is fully enabled and will function as normal."
4444
  msgstr ""
4445
 
4446
  #: core/modules/tweaks/class-itsec-tweaks-admin.php:416
4447
  msgid ""
4448
- "Only Disable Trackbacks/Pingbacks = Your site will not be susceptible to "
4449
- "denial of service attacks via the trackback/pingback feature. Other XML-RPC "
4450
- "features will work as normal. You need this if you require features such as "
4451
- "Jetpack or the WordPress Mobile app."
4452
  msgstr ""
4453
 
4454
  #: core/modules/tweaks/class-itsec-tweaks-admin.php:417
4455
  msgid ""
4456
- "Completely Disable XML-RPC is the safest, XML-RPC will be completely "
4457
- "disabled by your webserver. This will prevent features such as Jetpack that "
4458
- "require XML-RPC from working."
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
4459
  msgstr ""
4460
 
4461
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:438
4462
  msgid "Remove the RSD (Really Simple Discovery) header. "
4463
  msgstr ""
4464
 
4465
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:439
4466
  msgid ""
4467
  "Removes the RSD (Really Simple Discovery) header. If you don't integrate "
4468
  "your blog with external XML-RPC services such as Flickr then the \"RSD\" "
4469
  "function is pretty much useless to you."
4470
  msgstr ""
4471
 
4472
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:461
4473
  msgid "Disable File Editor"
4474
  msgstr ""
4475
 
4476
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:462
4477
  msgid ""
4478
  "Disables the file editor for plugins and themes requiring users to have "
4479
  "access to the file system to modify files. Once activated you will need to "
4480
  "manually edit theme and other files using a tool other than WordPress."
4481
  msgstr ""
4482
 
4483
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:484
4484
  msgid "Hide Plugin Update Notifications"
4485
  msgstr ""
4486
 
4487
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:485
4488
  msgid ""
4489
  "Hides plugin update notifications from users who cannot update plugins. "
4490
  "Please note that this only makes a difference in multi-site installations."
4491
  msgstr ""
4492
 
4493
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:510
4494
  msgid "Your current jQuery version is %1$s"
4495
  msgstr ""
4496
 
4497
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:513
4498
  msgid ""
4499
  "Your current jQuery version is undetermined. Please <a href=\"%1$s\" target="
4500
  "\"_blank\">check your homepage</a> to see if you even need this feature"
4501
  msgstr ""
4502
 
4503
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:528
4504
  msgid "Enqueue a safe version of jQuery"
4505
  msgstr ""
4506
 
4507
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:529
4508
  msgid ""
4509
  "Remove the existing jQuery version used and replace it with a safe version "
4510
  "(the version that comes default with WordPress)."
4511
  msgstr ""
4512
 
4513
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:534
4514
  msgid ""
4515
  "Note that this only checks the homepage of your site and only for users who "
4516
  "are logged in. This is done intentionally to save resources. If you think "
4517
  "this is in error "
4518
  msgstr ""
4519
 
4520
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:536
4521
  msgid "click here to check again."
4522
  msgstr ""
4523
 
4524
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:537
4525
  msgid ""
4526
  "This will open your homepage in a new window allowing the plugin to "
4527
  "determine the version of jQuery actually being used. You can then come back "
4528
  "here and reload this page to see your version."
4529
  msgstr ""
4530
 
4531
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:558
4532
  msgid "Hide Theme Update Notifications"
4533
  msgstr ""
4534
 
4535
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:559
4536
  msgid ""
4537
  "Hides theme update notifications from users who cannot update themes. Please "
4538
  "note that this only makes a difference in multi-site installations."
4539
  msgstr ""
4540
 
4541
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:581
4542
  msgid "Disable PHP in Uploads"
4543
  msgstr ""
4544
 
4545
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:582
4546
  msgid ""
4547
  "Disable PHP execution in the uploads directory. This will prevent uploading "
4548
  "of malicious scripts to uploads."
4549
  msgstr ""
4550
 
4551
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:604
4552
  msgid "Remove the Windows Live Writer header. "
4553
  msgstr ""
4554
 
4555
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:605
4556
  msgid ""
4557
  "This is not needed if you do not use Windows Live Writer or other blogging "
4558
  "clients that rely on this file."
4559
  msgstr ""
4560
 
4561
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:628
4562
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:686
4563
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:795
4564
  msgid ""
4565
  "Protect System Files - Security > Settings > System Tweaks > System Files"
4566
  msgstr ""
4567
 
4568
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:654
4569
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:807
4570
  msgid "Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC"
4571
  msgstr ""
4572
 
4573
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:677
4574
  msgid ""
4575
  "Disable Directory Browsing - Security > Settings > System Tweaks > Directory "
4576
  "Browsing"
4577
  msgstr ""
4578
 
4579
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:704
4580
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:821
4581
  msgid "Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads"
4582
  msgstr ""
4583
 
4584
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:711
4585
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:829
4586
  msgid ""
4587
  "Filter Request Methods - Security > Settings > System Tweaks > Request "
4588
  "Methods"
4589
  msgstr ""
4590
 
4591
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:718
4592
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:836
4593
  msgid ""
4594
  "Filter Suspicious Query Strings in the URL - Security > Settings > System "
4595
  "Tweaks > Suspicious Query Strings"
4596
  msgstr ""
4597
 
4598
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:743
4599
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:863
4600
  msgid ""
4601
  "Filter Non-English Characters - Security > Settings > System Tweaks > Non-"
4602
  "English Characters"
4603
  msgstr ""
4604
 
4605
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:752
4606
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:872
4607
  msgid ""
4608
  "Reduce Comment Spam - Security > Settings > System Tweaks > Comment Spam"
4609
  msgstr ""
4610
 
4611
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:873
4612
  msgid "Help reduce spam"
4613
  msgstr ""
4614
 
4615
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:931
4616
  msgid ""
4617
  "Disable File Editor - Security > Settings > WordPress Tweaks > File Editor"
4618
  msgstr ""
4619
 
4620
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:950
4621
  msgid "You are protecting common WordPress files from access."
4622
  msgstr ""
4623
 
4624
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:958
4625
  msgid ""
4626
  "You are not protecting common WordPress files from access. Click here to "
4627
  "protect WordPress files."
4628
  msgstr ""
4629
 
4630
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:972
4631
  msgid "You have successfully disabled directory browsing on your site."
4632
  msgstr ""
4633
 
4634
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:980
4635
  msgid ""
4636
  "You have not disabled directory browsing on your site. Click here to prevent "
4637
  "a user from seeing every file present in your WordPress site."
4638
  msgstr ""
4639
 
4640
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:994
4641
  msgid "You are blocking HTTP request methods you do not need."
4642
  msgstr ""
4643
 
4644
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1002
4645
  msgid ""
4646
  "You are not blocking HTTP request methods you do not need. Click here to "
4647
  "block extra HTTP request methods that WordPress should not normally need."
4648
  msgstr ""
4649
 
4650
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1014
4651
  msgid ""
4652
  "Your WordPress site is blocking suspicious looking information in the URL."
4653
  msgstr ""
4654
 
4655
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1022
4656
  msgid ""
4657
  "Your WordPress site is not blocking suspicious looking information in the "
4658
  "URL. Click here to block users from trying to execute code that they should "
4659
  "not be able to execute."
4660
  msgstr ""
4661
 
4662
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1034
4663
  msgid "Your WordPress site is blocking non-english characters in the URL."
4664
  msgstr ""
4665
 
4666
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1042
4667
  msgid ""
4668
  "Your WordPress site is not blocking non-english characters in the URL. Click "
4669
  "here to fix this."
4670
  msgstr ""
4671
 
4672
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1054
4673
  msgid "Your installation does not accept long URLs."
4674
  msgstr ""
4675
 
4676
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1062
4677
  msgid ""
4678
  "Your installation accepts long (over 255 character) URLS. This can lead to "
4679
  "vulnerabilities. Click here to fix this."
4680
  msgstr ""
4681
 
4682
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1074
4683
  msgid "Your wp-config.php and .htaccess files are not writeable."
4684
  msgstr ""
4685
 
4686
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1082
4687
  msgid ""
4688
  "Your wp-config.php and .htaccess files are writeable. This can lead to "
4689
  "vulnerabilities. Click here to fix this."
4690
  msgstr ""
4691
 
4692
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1094
4693
  msgid ""
4694
  "Your WordPress installation is not publishing the Windows Live Writer header."
4695
  msgstr ""
4696
 
4697
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1102
4698
  msgid ""
4699
  "Your WordPress installation is publishing the Windows Live Writer header. "
4700
  "Click here to fix this."
4701
  msgstr ""
4702
 
4703
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1114
4704
  msgid ""
4705
  "Your WordPress installation is not publishing the Really Simple Discovery "
4706
  "(RSD) header."
4707
  msgstr ""
4708
 
4709
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1122
4710
  msgid ""
4711
  "Your WordPress installation is publishing the Really Simple Discovery (RSD) "
4712
  "header. Click here to fix this."
4713
  msgstr ""
4714
 
4715
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1136
4716
  msgid ""
4717
  "Your WordPress installation is not telling users who cannot update themes "
4718
  "about theme updates."
4719
  msgstr ""
4720
 
4721
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1144
4722
  msgid ""
4723
  "Your WordPress installation is telling users who cannot update themes about "
4724
  "theme updates. Click here to fix this."
4725
  msgstr ""
4726
 
4727
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1156
4728
  msgid ""
4729
  "Your WordPress installation is not telling users who cannot update plugins "
4730
  "about plugin updates."
4731
  msgstr ""
4732
 
4733
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1164
4734
  msgid ""
4735
  "Your WordPress installation is telling users who cannot update plugins about "
4736
  "plugin updates. Click here to fix this."
4737
  msgstr ""
4738
 
4739
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1176
4740
  msgid ""
4741
  "Your WordPress installation is not telling users who cannot update WordPress "
4742
  "core about WordPress core updates."
4743
  msgstr ""
4744
 
4745
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1184
4746
  msgid ""
4747
  "Your WordPress installation is telling users who cannot update WordPress "
4748
  "core about WordPress core updates. Click here to fix this."
4749
  msgstr ""
4750
 
4751
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1198
4752
  msgid ""
4753
  "Your WordPress installation is not allowing users without a user agent to "
4754
  "post comments."
4755
  msgstr ""
4756
 
4757
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1206
4758
  msgid ""
4759
  "Your WordPress installation is allowing users without a user agent to post "
4760
  "comments. Fix this to reduce comment spam."
4761
  msgstr ""
4762
 
4763
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1218
4764
  msgid ""
4765
  "Users cannot edit plugin and themes files directly from within the WordPress "
4766
  "Dashboard."
4767
  msgstr ""
4768
 
4769
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1226
4770
  msgid ""
4771
  "Users can edit plugin and themes files directly from within the WordPress "
4772
  "Dashboard. Click here to fix this."
4773
  msgstr ""
4774
 
4775
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1238
4776
  msgid "XML-RPC is not available on your WordPress installation."
4777
  msgstr ""
4778
 
4779
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1246
4780
  msgid ""
4781
  "XML-RPC is protecting you from the trackback and pingback attack but is "
4782
  "still available on your site."
4783
  msgstr ""
4784
 
4785
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1254
4786
  msgid ""
4787
  "XML-RPC is available on your WordPress installation. Attackers can use this "
4788
  "feature to attack your site. Click here to disable access to XML-RPC."
4789
  msgstr ""
4790
 
4791
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1266
 
 
 
 
 
 
 
 
 
 
4792
  msgid "Users cannot execute PHP from the uploads folder."
4793
  msgstr ""
4794
 
4795
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1274
4796
  msgid "Users can execute PHP from the uploads folder."
4797
  msgstr ""
4798
 
4799
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1288
4800
  msgid "The front page of your site is using a safe version of jQuery."
4801
  msgstr ""
4802
 
4803
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1296
4804
  msgid ""
4805
  "The front page of your site is not using a safe version of jQuery or the "
4806
  "version of jQuery cannot be determined."
4807
  msgstr ""
4808
 
4809
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1304
4810
  msgid ""
4811
  "Your version of jQuery has not been determined. Load your homepage while "
4812
  "logged in to determine the version of jQuery you are using"
4813
  msgstr ""
4814
 
4815
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1316
4816
  msgid "User's nicknames are different from their display name."
4817
  msgstr ""
4818
 
4819
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1324
4820
  msgid ""
4821
  "User nicknames may be the same as their login name. This means their login "
4822
  "user name may be publicly available throughout the site."
4823
  msgstr ""
4824
 
4825
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1336
4826
  msgid ""
4827
  "Your login page is not giving out unnecessary information upon failed login."
4828
  msgstr ""
4829
 
4830
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1344
4831
  msgid ""
4832
  "Your login page is giving out unnecessary information upon failed login."
4833
  msgstr ""
4834
 
4835
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1356
4836
  msgid "User profiles for users without content are not publicly available."
4837
  msgstr ""
4838
 
4839
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1364
4840
  msgid ""
4841
  "User profiles for users without content are publicly available. This can "
4842
  "make it relatively easy to gain the username of important users."
4843
  msgstr ""
4844
 
4845
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1385
4846
  msgid "Configure Server Tweaks"
4847
  msgstr ""
4848
 
4849
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1392
4850
  msgid "Configure WordPress Tweaks"
4851
  msgstr ""
4852
 
4853
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1399
4854
  msgid "Configure Multisite Tweaks"
4855
  msgstr ""
4856
 
4857
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1407
4858
  msgid "System Files"
4859
  msgstr ""
4860
 
4861
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1417
4862
  msgid "Directory Browsing"
4863
  msgstr ""
4864
 
4865
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1427
4866
  msgid "Request Methods"
4867
  msgstr ""
4868
 
4869
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1435
4870
  msgid "Suspicious Query Strings"
4871
  msgstr ""
4872
 
4873
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1443
4874
  msgid "Non-English Characters"
4875
  msgstr ""
4876
 
4877
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1451
4878
  msgid "Long URL Strings"
4879
  msgstr ""
4880
 
4881
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1459
4882
  msgid "File Writing Permissions"
4883
  msgstr ""
4884
 
4885
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1467
4886
  msgid "Uploads"
4887
  msgstr ""
4888
 
4889
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1475
4890
  msgid "Windows Live Writer Header"
4891
  msgstr ""
4892
 
4893
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1483
4894
  msgid "EditURI Header"
4895
  msgstr ""
4896
 
4897
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1491
4898
  msgid "Comment Spam"
4899
  msgstr ""
4900
 
4901
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1499
4902
  msgid "File Editor"
4903
  msgstr ""
4904
 
4905
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1507
4906
  msgid "XML-RPC"
4907
  msgstr ""
4908
 
4909
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1515
 
 
 
 
4910
  msgid "Replace jQuery With a Safe Version"
4911
  msgstr ""
4912
 
4913
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1523
4914
  msgid "Login Error Messages"
4915
  msgstr ""
4916
 
4917
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1531
4918
  msgid "Force Unique Nickname"
4919
  msgstr ""
4920
 
4921
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1539
4922
  msgid "Disable Extra User Archives"
4923
  msgstr ""
4924
 
4925
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1549
4926
  msgid "Theme Update Notifications"
4927
  msgstr ""
4928
 
4929
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1557
4930
  msgid "Plugin Update Notifications"
4931
  msgstr ""
4932
 
4933
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1565
4934
  msgid "Core Update Notifications"
4935
  msgstr ""
4936
 
4937
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1589
4938
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1612
4939
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1635
4940
  msgid ""
4941
  "These are advanced settings that may be utilized to further strengthen the "
4942
  "security of your WordPress site."
4943
  msgstr ""
4944
 
4945
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1590
4946
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1613
4947
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1636
4948
  msgid ""
4949
  "Note: These settings are listed as advanced because they block common forms "
4950
  "of attacks but they can also block legitimate plugins and themes that rely "
@@ -4953,29 +5020,33 @@ msgid ""
4953
  "working as expected."
4954
  msgstr ""
4955
 
4956
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1591
4957
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1614
4958
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1637
4959
  msgid ""
4960
  "Remember, some of these settings might conflict with other plugins or "
4961
  "themes, so test your site after enabling each setting."
4962
  msgstr ""
4963
 
4964
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1837
4965
  msgid "Server Tweaks"
4966
  msgstr ""
4967
 
4968
- #: core/modules/tweaks/class-itsec-tweaks-admin.php:1885
4969
  msgid "Multisite Tweaks"
4970
  msgstr ""
4971
 
4972
- #: core/modules/tweaks/class-itsec-tweaks.php:174
 
 
 
 
4973
  msgid ""
4974
  "Your Nickname must be different than your login name. Please choose a "
4975
  "different Nickname."
4976
  msgstr ""
4977
 
4978
- #: core/modules/tweaks/class-itsec-tweaks.php:192
4979
  msgid ""
4980
  "A Nickname is required. Please choose a nickname or fill out your first and "
4981
  "last name."
@@ -4993,7 +5064,7 @@ msgid ""
4993
  msgstr ""
4994
 
4995
  #. Author of the plugin/theme
4996
- msgid "iThemes.com"
4997
  msgstr ""
4998
 
4999
  #. Author URI of the plugin/theme
2
  # This file is distributed under the same license as the iThemes Security package.
3
  msgid ""
4
  msgstr ""
5
+ "Project-Id-Version: iThemes Security 5.1.1\n"
6
  "Report-Msgid-Bugs-To: http://ithemes.com/support/\n"
7
+ "POT-Creation-Date: 2015-11-10 19:58:28+00:00\n"
8
  "PO-Revision-Date: 2015-MO-DA HO:MI+ZONE\n"
9
  "MIME-Version: 1.0\n"
10
  "Content-Type: text/plain; charset=UTF-8\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
15
 
16
+ #. #-#-#-#-# better-wp-security.pot (iThemes Security 5.1.1) #-#-#-#-#
17
  #. Plugin Name of the plugin/theme
18
+ #: better-wp-security.php:28
19
  msgid "iThemes Security"
20
  msgstr ""
21
 
51
  msgid "Backups"
52
  msgstr ""
53
 
54
+ #: core/class-itsec-core.php:538 core/class-itsec-core.php:631
55
+ #: core/class-itsec-core.php:927 core/class-itsec-core.php:1675
56
+ #: core/class-itsec-core.php:1714
57
  msgid "Dashboard"
58
  msgstr ""
59
 
60
+ #: core/class-itsec-core.php:622 core/class-itsec-core.php:1676
61
  msgid "Security"
62
  msgstr ""
63
 
64
+ #: core/class-itsec-core.php:771
65
  msgid "Dismiss"
66
  msgstr ""
67
 
68
+ #: core/class-itsec-core.php:798 core/class-itsec-core.php:1759
69
  msgid "NGINX conf file and/or restart your NGINX server"
70
  msgstr ""
71
 
72
+ #: core/class-itsec-core.php:802 core/class-itsec-core.php:1763
73
  msgid ".htaccess file"
74
  msgstr ""
75
 
76
+ #: core/class-itsec-core.php:808 core/class-itsec-core.php:1769
77
  msgid ""
78
  "As you have not allowed this plugin to update system files you must update "
79
  "your"
80
  msgstr ""
81
 
82
+ #: core/class-itsec-core.php:810 core/class-itsec-core.php:1771
83
  msgid ""
84
  "as well as your wp-config.php file manually. Rules to insert in both files "
85
  "can be found on the Dashboard page."
86
  msgstr ""
87
 
88
+ #: core/class-itsec-core.php:812
89
  msgid "Click here"
90
  msgstr ""
91
 
92
+ #: core/class-itsec-core.php:813
93
  msgid "to allow this plugin to write to these files."
94
  msgstr ""
95
 
96
+ #: core/class-itsec-core.php:820 core/class-itsec-core.php:1776
97
  #: core/class-itsec-files.php:161
98
  #: core/modules/database-prefix/class-itsec-database-prefix-admin.php:225
99
  msgid "Settings Updated"
100
  msgstr ""
101
 
102
+ #: core/class-itsec-core.php:887
103
  msgid "Show Intro"
104
  msgstr ""
105
 
106
+ #: core/class-itsec-core.php:897
107
  msgid "Important First Steps"
108
  msgstr ""
109
 
110
+ #: core/class-itsec-core.php:977
111
  msgid ""
112
  "New! Take your site security to the next level by activating iThemes Brute "
113
  "Force Network Protection."
114
  msgstr ""
115
 
116
+ #: core/class-itsec-core.php:977
117
  msgid "Get Free API Key"
118
  msgstr ""
119
 
120
+ #: core/class-itsec-core.php:1502
121
  msgid "Secure Your Site"
122
  msgstr ""
123
 
124
+ #: core/class-itsec-core.php:1503
125
  msgid ""
126
  "Use the button below to enable default settings. This feature will enable "
127
  "all settings that cannot conflict with other plugins or themes."
128
  msgstr ""
129
 
130
+ #: core/class-itsec-core.php:1504
131
  msgid "One-Click Secure"
132
  msgstr ""
133
 
134
+ #: core/class-itsec-core.php:1506
135
  msgid ""
136
  "Site Secured. Check the dashboard for further suggestions on securing your "
137
  "site."
138
  msgstr ""
139
 
140
+ #: core/class-itsec-core.php:1507
141
  msgid ""
142
  "Whoops. Something went wrong. Please contact support if the problem persists."
143
  msgstr ""
144
 
145
+ #: core/class-itsec-core.php:1588
146
  msgid "Return to top"
147
  msgstr ""
148
 
149
+ #: core/class-itsec-core.php:1892
150
  msgid "Thank you for activating"
151
  msgstr ""
152
 
153
+ #: core/class-itsec-core.php:1892
154
  msgid ""
155
  "It looks like you had another version of this plugin activated. To avoid "
156
  "conflicts the extra version has been deactivated and we recommend you delete "
337
  #: core/modules/away-mode/class-itsec-away-mode-admin.php:574
338
  #: core/modules/backup/class-itsec-backup-admin.php:475
339
  #: core/modules/backup/class-itsec-backup-admin.php:622
340
+ #: core/modules/ban-users/class-itsec-ban-users-admin.php:723
341
  #: core/modules/brute-force/class-itsec-brute-force-admin.php:350
342
  #: core/modules/file-change/class-itsec-file-change-admin.php:450
343
  #: core/modules/file-change/class-itsec-file-change-admin.php:912
349
  #: core/modules/ipcheck/class-itsec-ipcheck-admin.php:437
350
  #: core/modules/ssl/class-itsec-ssl-admin.php:395
351
  #: core/modules/strong-passwords/class-itsec-strong-passwords-admin.php:245
352
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1879
353
  msgid "Security error!"
354
  msgstr ""
355
 
411
  #: core/modules/hide-backend/class-itsec-hide-backend-admin.php:460
412
  #: core/modules/ssl/class-itsec-ssl-admin.php:297
413
  #: core/modules/strong-passwords/class-itsec-strong-passwords-admin.php:182
414
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1651
415
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1674
416
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1697
417
  msgid "Save All Changes"
418
  msgstr ""
419
 
712
  msgstr ""
713
 
714
  #: core/class-itsec-global-settings.php:1349
715
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:441
716
  msgid "Allow"
717
  msgstr ""
718
 
1065
  msgid "Clear Logs"
1066
  msgstr ""
1067
 
1068
+ #: core/class-itsec-logger.php:381
1069
  msgid "Below are various logs of information collected by"
1070
  msgstr ""
1071
 
1072
+ #: core/class-itsec-logger.php:383
1073
  msgid ""
1074
  "This information can help you get a picture of what is happening with your "
1075
  "site and the level of success you have achieved in your security efforts."
1076
  msgstr ""
1077
 
1078
+ #: core/class-itsec-logger.php:401
1079
  msgid ""
1080
  "To view logs within the plugin you must enable database logging in the "
1081
  "plugin settings. File logging is not available for access within the plugin "
1082
  "itself."
1083
  msgstr ""
1084
 
1085
+ #: core/class-itsec-logger.php:418
1086
  msgid "To adjust logging options visit the global settings page."
1087
  msgstr ""
1088
 
1089
+ #: core/class-itsec-logger.php:420
1090
  msgid "Select Filter: "
1091
  msgstr ""
1092
 
1093
+ #: core/class-itsec-logger.php:422
1094
  msgid "All Log Data"
1095
  msgstr ""
1096
 
1359
  #: core/content/system.php:219 core/content/system.php:227
1360
  #: core/content/system.php:244 core/content/system.php:252
1361
  #: core/modules/ssl/class-itsec-ssl-admin.php:235
 
1362
  msgid "Off"
1363
  msgstr ""
1364
 
2368
  #: core/modules/backup/class-itsec-backup.php:366
2369
  #: core/modules/backup/class-itsec-backup.php:385
2370
  #: core/modules/malware/class-itsec-malware-log.php:109
2371
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:166
2372
  msgid "Error"
2373
  msgstr ""
2374
 
2498
  "access to your site."
2499
  msgstr ""
2500
 
2501
+ #: core/modules/ban-users/class-itsec-ban-users-admin.php:636
2502
+ #: core/modules/ban-users/class-itsec-ban-users-admin.php:656
2503
  msgid ""
2504
  "Note that the ban users feature has been disabled until the following errors "
2505
  "are corrected:"
2506
  msgstr ""
2507
 
2508
+ #: core/modules/ban-users/class-itsec-ban-users-admin.php:640
2509
  msgid "is not a valid address in the ban users box."
2510
  msgstr ""
2511
 
2512
+ #: core/modules/ban-users/class-itsec-ban-users-admin.php:660
2513
  msgid "is not a valid address as it has been white listed."
2514
  msgstr ""
2515
 
3934
  msgstr ""
3935
 
3936
  #: core/modules/malware/class-itsec-malware-log.php:111
3937
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:164
3938
  msgid "Warning"
3939
  msgstr ""
3940
 
3941
  #: core/modules/malware/class-itsec-malware-log.php:113
3942
  #: core/modules/malware/class-itsec-malware-log.php:119
3943
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:162
3944
  msgid "Clean"
3945
  msgstr ""
3946
 
3961
  msgstr ""
3962
 
3963
  #: core/modules/malware/class-itsec-malware-scan-results-template.php:22
3964
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:145
3965
  msgid "The scan failed to properly scan the site."
3966
  msgstr ""
3967
 
3973
  msgid "Error Code: <code>%s</code>"
3974
  msgstr ""
3975
 
3976
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:31
3977
+ msgid ""
3978
+ "If you contact support about this error, please provide the following debug "
3979
+ "details:"
3980
+ msgstr ""
3981
+
3982
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:41
3983
  msgid "Blacklist"
3984
  msgstr ""
3985
 
3986
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:69
3987
  msgid "Malware"
3988
  msgstr ""
3989
 
3990
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:85
3991
  msgid "Security warning in the URL"
3992
  msgstr ""
3993
 
3994
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:87
3995
  msgid "Malware found on URL"
3996
  msgstr ""
3997
 
3998
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:96
3999
  msgid "Infected URL: <a href=\"%1$s\" target=\"_blank\">%2$s</a>"
4000
  msgstr ""
4001
 
4002
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:106
4003
  msgid "*Known Spam detected"
4004
  msgstr ""
4005
 
4006
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:110
4007
  msgid "Type: %1$s"
4008
  msgstr ""
4009
 
4010
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:112
4011
  msgid "Documentation: <a href=\"%1$s\" target=\"_blank\">%2$s</a>"
4012
  msgstr ""
4013
 
4014
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:125
4015
  msgid "Payload:<pre>%s</pre>"
4016
  msgstr ""
4017
 
4018
  #. translators: Scan result listing. %1$s is the status. %2$s is the
4019
  #. description.
4020
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:173
4021
  msgctxt "scan status, scan description"
4022
  msgid "%1$s %2$s"
4023
  msgstr ""
4024
 
4025
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:175
4026
  msgid "Show Details"
4027
  msgstr ""
4028
 
4029
  #. translators: Scan result listing. %1$s is the status. %2$s is the
4030
  #. description. %3$s is the details link.
4031
+ #: core/modules/malware/class-itsec-malware-scan-results-template.php:178
4032
  msgctxt "scan status, scan description, scan details link"
4033
  msgid "%1$s %2$s %3$s"
4034
  msgstr ""
4035
 
4036
+ #: core/modules/malware/class-itsec-malware-scanner.php:97
4037
  msgid ""
4038
  "The response from the wp_remote_get function was malformed. This could "
4039
  "indicate an issue with WordPress."
4040
  msgstr ""
4041
 
4042
+ #: core/modules/malware/class-itsec-malware-scanner.php:105
4043
  msgid ""
4044
+ "The scan did not complete successfully. The Sucuri server should send its "
4045
+ "response in JSON encoding. The response indicates that the encoding is JSON, "
4046
+ "but the data could not be decoded. This problem could be due to a temporary "
4047
+ "Sucuri server issue or a compatibility issue on your server. If the problem "
4048
+ "continues, please contact iThemes Security support."
4049
  msgstr ""
4050
 
4051
+ #: core/modules/malware/class-itsec-malware-scanner.php:107
4052
+ msgid ""
4053
+ "The scan did not complete successfully. The Sucuri server should send its "
4054
+ "response in JSON encoding. The data received from the Sucuri server could "
4055
+ "not be decoded. In addition, a content type of <code>%s</code> was received "
4056
+ "when a content type of <code>application/json</code> was expected. This "
4057
+ "could indicate a temporary issue with the Sucuri servers."
4058
+ msgstr ""
4059
+
4060
+ #: core/modules/malware/class-itsec-malware-scanner.php:111
4061
  msgid ""
4062
  "The scan did not complete successfully. Sucuri sent the following error: %s"
4063
  msgstr ""
4064
 
4065
+ #: core/modules/malware/class-itsec-malware-scanner.php:114
4066
  msgid ""
4067
  "An unknown error prevented the scan from completing successfully. The Sucuri "
4068
  "server responded with a <code>%s</code> error code."
4309
  msgstr ""
4310
 
4311
  #: core/modules/tweaks/class-itsec-tweaks-admin.php:64
4312
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1954
4313
  msgid "WordPress Tweaks"
4314
  msgstr ""
4315
 
4444
  "note that this only makes a difference in multi-site installations."
4445
  msgstr ""
4446
 
4447
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:406
4448
+ msgid ""
4449
+ "WordPress's XML-RPC feature allows external services to access and modify "
4450
+ "content on the site. Common example of services that make use of XML-RPC are "
4451
+ "<a href=\"%1$s\">the Jetpack plugin</a>, <a href=\"%2$s\">the WordPress "
4452
+ "mobile app</a>, and <a href=\"%3$s\">pingbacks</a>. If the site does not use "
4453
+ "a service that requires XML-RPC, select the \"Disable XML-RPC\" setting as "
4454
+ "disabling XML-RPC prevents attackers from using the feature to attack the "
4455
+ "site."
4456
  msgstr ""
4457
 
4458
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:409
4459
+ msgid "Disable XML-RPC (recommended)"
4460
  msgstr ""
4461
 
4462
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:410
4463
+ msgid "Disable Pingbacks"
4464
  msgstr ""
4465
 
4466
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:411
4467
+ msgid "Enable XML-RPC"
4468
  msgstr ""
4469
 
4470
  #: core/modules/tweaks/class-itsec-tweaks-admin.php:416
4471
  msgid ""
4472
+ "<strong>Disable XML-RPC</strong> - XML-RPC is disabled on the site. This "
4473
+ "setting is highly recommended if Jetpack, the WordPress mobile app, "
4474
+ "pingbacks, and other services that use XML-RPC are not used."
 
4475
  msgstr ""
4476
 
4477
  #: core/modules/tweaks/class-itsec-tweaks-admin.php:417
4478
  msgid ""
4479
+ "<strong>Disable Pingbacks</strong> - Only disable pingbacks. Other XML-RPC "
4480
+ "features will work as normal. Select this setting if you require features "
4481
+ "such as Jetpack or the WordPress Mobile app."
4482
+ msgstr ""
4483
+
4484
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:418
4485
+ msgid ""
4486
+ "<strong>Enable XML-RPC</strong> - XML-RPC is fully enabled and will function "
4487
+ "as normal. Use this setting only if the site must have unrestricted use of "
4488
+ "XML-RPC."
4489
+ msgstr ""
4490
+
4491
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:437
4492
+ msgid ""
4493
+ "WordPress's XML-RPC feature allows hundreds of username and password guesses "
4494
+ "per request. Use the recommended \"Block\" setting below to prevent "
4495
+ "attackers from exploiting this feature."
4496
+ msgstr ""
4497
+
4498
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:440
4499
+ msgid "Block (recommended)"
4500
+ msgstr ""
4501
+
4502
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:445
4503
+ msgid ""
4504
+ "<strong>Block</strong> - Blocks XML-RPC requests that contain multiple login "
4505
+ "attempts. This setting is highly recommended."
4506
+ msgstr ""
4507
+
4508
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:446
4509
+ msgid ""
4510
+ "<strong>Allow</strong> - Allows XML-RPC requests that contain multiple login "
4511
+ "attempts. Only use this setting if a service requires it."
4512
  msgstr ""
4513
 
4514
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:466
4515
  msgid "Remove the RSD (Really Simple Discovery) header. "
4516
  msgstr ""
4517
 
4518
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:467
4519
  msgid ""
4520
  "Removes the RSD (Really Simple Discovery) header. If you don't integrate "
4521
  "your blog with external XML-RPC services such as Flickr then the \"RSD\" "
4522
  "function is pretty much useless to you."
4523
  msgstr ""
4524
 
4525
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:489
4526
  msgid "Disable File Editor"
4527
  msgstr ""
4528
 
4529
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:490
4530
  msgid ""
4531
  "Disables the file editor for plugins and themes requiring users to have "
4532
  "access to the file system to modify files. Once activated you will need to "
4533
  "manually edit theme and other files using a tool other than WordPress."
4534
  msgstr ""
4535
 
4536
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:512
4537
  msgid "Hide Plugin Update Notifications"
4538
  msgstr ""
4539
 
4540
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:513
4541
  msgid ""
4542
  "Hides plugin update notifications from users who cannot update plugins. "
4543
  "Please note that this only makes a difference in multi-site installations."
4544
  msgstr ""
4545
 
4546
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:538
4547
  msgid "Your current jQuery version is %1$s"
4548
  msgstr ""
4549
 
4550
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:541
4551
  msgid ""
4552
  "Your current jQuery version is undetermined. Please <a href=\"%1$s\" target="
4553
  "\"_blank\">check your homepage</a> to see if you even need this feature"
4554
  msgstr ""
4555
 
4556
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:556
4557
  msgid "Enqueue a safe version of jQuery"
4558
  msgstr ""
4559
 
4560
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:557
4561
  msgid ""
4562
  "Remove the existing jQuery version used and replace it with a safe version "
4563
  "(the version that comes default with WordPress)."
4564
  msgstr ""
4565
 
4566
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:562
4567
  msgid ""
4568
  "Note that this only checks the homepage of your site and only for users who "
4569
  "are logged in. This is done intentionally to save resources. If you think "
4570
  "this is in error "
4571
  msgstr ""
4572
 
4573
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:564
4574
  msgid "click here to check again."
4575
  msgstr ""
4576
 
4577
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:565
4578
  msgid ""
4579
  "This will open your homepage in a new window allowing the plugin to "
4580
  "determine the version of jQuery actually being used. You can then come back "
4581
  "here and reload this page to see your version."
4582
  msgstr ""
4583
 
4584
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:586
4585
  msgid "Hide Theme Update Notifications"
4586
  msgstr ""
4587
 
4588
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:587
4589
  msgid ""
4590
  "Hides theme update notifications from users who cannot update themes. Please "
4591
  "note that this only makes a difference in multi-site installations."
4592
  msgstr ""
4593
 
4594
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:609
4595
  msgid "Disable PHP in Uploads"
4596
  msgstr ""
4597
 
4598
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:610
4599
  msgid ""
4600
  "Disable PHP execution in the uploads directory. This will prevent uploading "
4601
  "of malicious scripts to uploads."
4602
  msgstr ""
4603
 
4604
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:632
4605
  msgid "Remove the Windows Live Writer header. "
4606
  msgstr ""
4607
 
4608
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:633
4609
  msgid ""
4610
  "This is not needed if you do not use Windows Live Writer or other blogging "
4611
  "clients that rely on this file."
4612
  msgstr ""
4613
 
4614
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:656
4615
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:714
4616
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:823
4617
  msgid ""
4618
  "Protect System Files - Security > Settings > System Tweaks > System Files"
4619
  msgstr ""
4620
 
4621
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:682
4622
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:835
4623
  msgid "Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC"
4624
  msgstr ""
4625
 
4626
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:705
4627
  msgid ""
4628
  "Disable Directory Browsing - Security > Settings > System Tweaks > Directory "
4629
  "Browsing"
4630
  msgstr ""
4631
 
4632
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:732
4633
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:849
4634
  msgid "Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads"
4635
  msgstr ""
4636
 
4637
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:739
4638
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:857
4639
  msgid ""
4640
  "Filter Request Methods - Security > Settings > System Tweaks > Request "
4641
  "Methods"
4642
  msgstr ""
4643
 
4644
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:746
4645
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:864
4646
  msgid ""
4647
  "Filter Suspicious Query Strings in the URL - Security > Settings > System "
4648
  "Tweaks > Suspicious Query Strings"
4649
  msgstr ""
4650
 
4651
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:771
4652
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:891
4653
  msgid ""
4654
  "Filter Non-English Characters - Security > Settings > System Tweaks > Non-"
4655
  "English Characters"
4656
  msgstr ""
4657
 
4658
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:780
4659
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:900
4660
  msgid ""
4661
  "Reduce Comment Spam - Security > Settings > System Tweaks > Comment Spam"
4662
  msgstr ""
4663
 
4664
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:901
4665
  msgid "Help reduce spam"
4666
  msgstr ""
4667
 
4668
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:959
4669
  msgid ""
4670
  "Disable File Editor - Security > Settings > WordPress Tweaks > File Editor"
4671
  msgstr ""
4672
 
4673
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:978
4674
  msgid "You are protecting common WordPress files from access."
4675
  msgstr ""
4676
 
4677
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:986
4678
  msgid ""
4679
  "You are not protecting common WordPress files from access. Click here to "
4680
  "protect WordPress files."
4681
  msgstr ""
4682
 
4683
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1000
4684
  msgid "You have successfully disabled directory browsing on your site."
4685
  msgstr ""
4686
 
4687
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1008
4688
  msgid ""
4689
  "You have not disabled directory browsing on your site. Click here to prevent "
4690
  "a user from seeing every file present in your WordPress site."
4691
  msgstr ""
4692
 
4693
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1022
4694
  msgid "You are blocking HTTP request methods you do not need."
4695
  msgstr ""
4696
 
4697
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1030
4698
  msgid ""
4699
  "You are not blocking HTTP request methods you do not need. Click here to "
4700
  "block extra HTTP request methods that WordPress should not normally need."
4701
  msgstr ""
4702
 
4703
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1042
4704
  msgid ""
4705
  "Your WordPress site is blocking suspicious looking information in the URL."
4706
  msgstr ""
4707
 
4708
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1050
4709
  msgid ""
4710
  "Your WordPress site is not blocking suspicious looking information in the "
4711
  "URL. Click here to block users from trying to execute code that they should "
4712
  "not be able to execute."
4713
  msgstr ""
4714
 
4715
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1062
4716
  msgid "Your WordPress site is blocking non-english characters in the URL."
4717
  msgstr ""
4718
 
4719
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1070
4720
  msgid ""
4721
  "Your WordPress site is not blocking non-english characters in the URL. Click "
4722
  "here to fix this."
4723
  msgstr ""
4724
 
4725
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1082
4726
  msgid "Your installation does not accept long URLs."
4727
  msgstr ""
4728
 
4729
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1090
4730
  msgid ""
4731
  "Your installation accepts long (over 255 character) URLS. This can lead to "
4732
  "vulnerabilities. Click here to fix this."
4733
  msgstr ""
4734
 
4735
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1102
4736
  msgid "Your wp-config.php and .htaccess files are not writeable."
4737
  msgstr ""
4738
 
4739
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1110
4740
  msgid ""
4741
  "Your wp-config.php and .htaccess files are writeable. This can lead to "
4742
  "vulnerabilities. Click here to fix this."
4743
  msgstr ""
4744
 
4745
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1122
4746
  msgid ""
4747
  "Your WordPress installation is not publishing the Windows Live Writer header."
4748
  msgstr ""
4749
 
4750
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1130
4751
  msgid ""
4752
  "Your WordPress installation is publishing the Windows Live Writer header. "
4753
  "Click here to fix this."
4754
  msgstr ""
4755
 
4756
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1142
4757
  msgid ""
4758
  "Your WordPress installation is not publishing the Really Simple Discovery "
4759
  "(RSD) header."
4760
  msgstr ""
4761
 
4762
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1150
4763
  msgid ""
4764
  "Your WordPress installation is publishing the Really Simple Discovery (RSD) "
4765
  "header. Click here to fix this."
4766
  msgstr ""
4767
 
4768
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1164
4769
  msgid ""
4770
  "Your WordPress installation is not telling users who cannot update themes "
4771
  "about theme updates."
4772
  msgstr ""
4773
 
4774
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1172
4775
  msgid ""
4776
  "Your WordPress installation is telling users who cannot update themes about "
4777
  "theme updates. Click here to fix this."
4778
  msgstr ""
4779
 
4780
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1184
4781
  msgid ""
4782
  "Your WordPress installation is not telling users who cannot update plugins "
4783
  "about plugin updates."
4784
  msgstr ""
4785
 
4786
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1192
4787
  msgid ""
4788
  "Your WordPress installation is telling users who cannot update plugins about "
4789
  "plugin updates. Click here to fix this."
4790
  msgstr ""
4791
 
4792
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1204
4793
  msgid ""
4794
  "Your WordPress installation is not telling users who cannot update WordPress "
4795
  "core about WordPress core updates."
4796
  msgstr ""
4797
 
4798
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1212
4799
  msgid ""
4800
  "Your WordPress installation is telling users who cannot update WordPress "
4801
  "core about WordPress core updates. Click here to fix this."
4802
  msgstr ""
4803
 
4804
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1226
4805
  msgid ""
4806
  "Your WordPress installation is not allowing users without a user agent to "
4807
  "post comments."
4808
  msgstr ""
4809
 
4810
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1234
4811
  msgid ""
4812
  "Your WordPress installation is allowing users without a user agent to post "
4813
  "comments. Fix this to reduce comment spam."
4814
  msgstr ""
4815
 
4816
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1246
4817
  msgid ""
4818
  "Users cannot edit plugin and themes files directly from within the WordPress "
4819
  "Dashboard."
4820
  msgstr ""
4821
 
4822
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1254
4823
  msgid ""
4824
  "Users can edit plugin and themes files directly from within the WordPress "
4825
  "Dashboard. Click here to fix this."
4826
  msgstr ""
4827
 
4828
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1266
4829
  msgid "XML-RPC is not available on your WordPress installation."
4830
  msgstr ""
4831
 
4832
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1274
4833
  msgid ""
4834
  "XML-RPC is protecting you from the trackback and pingback attack but is "
4835
  "still available on your site."
4836
  msgstr ""
4837
 
4838
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1282
4839
  msgid ""
4840
  "XML-RPC is available on your WordPress installation. Attackers can use this "
4841
  "feature to attack your site. Click here to disable access to XML-RPC."
4842
  msgstr ""
4843
 
4844
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1293
4845
+ msgid ""
4846
+ "XML-RPC requests can try multiple authentication attempts per request. "
4847
+ "Attackers can use this to speed up their brute force attacks."
4848
+ msgstr ""
4849
+
4850
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1299
4851
+ msgid "XML-RPC requests with multiple authentication attempts are blocked."
4852
+ msgstr ""
4853
+
4854
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1310
4855
  msgid "Users cannot execute PHP from the uploads folder."
4856
  msgstr ""
4857
 
4858
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1318
4859
  msgid "Users can execute PHP from the uploads folder."
4860
  msgstr ""
4861
 
4862
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1332
4863
  msgid "The front page of your site is using a safe version of jQuery."
4864
  msgstr ""
4865
 
4866
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1340
4867
  msgid ""
4868
  "The front page of your site is not using a safe version of jQuery or the "
4869
  "version of jQuery cannot be determined."
4870
  msgstr ""
4871
 
4872
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1348
4873
  msgid ""
4874
  "Your version of jQuery has not been determined. Load your homepage while "
4875
  "logged in to determine the version of jQuery you are using"
4876
  msgstr ""
4877
 
4878
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1360
4879
  msgid "User's nicknames are different from their display name."
4880
  msgstr ""
4881
 
4882
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1368
4883
  msgid ""
4884
  "User nicknames may be the same as their login name. This means their login "
4885
  "user name may be publicly available throughout the site."
4886
  msgstr ""
4887
 
4888
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1380
4889
  msgid ""
4890
  "Your login page is not giving out unnecessary information upon failed login."
4891
  msgstr ""
4892
 
4893
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1388
4894
  msgid ""
4895
  "Your login page is giving out unnecessary information upon failed login."
4896
  msgstr ""
4897
 
4898
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1400
4899
  msgid "User profiles for users without content are not publicly available."
4900
  msgstr ""
4901
 
4902
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1408
4903
  msgid ""
4904
  "User profiles for users without content are publicly available. This can "
4905
  "make it relatively easy to gain the username of important users."
4906
  msgstr ""
4907
 
4908
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1429
4909
  msgid "Configure Server Tweaks"
4910
  msgstr ""
4911
 
4912
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1436
4913
  msgid "Configure WordPress Tweaks"
4914
  msgstr ""
4915
 
4916
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1443
4917
  msgid "Configure Multisite Tweaks"
4918
  msgstr ""
4919
 
4920
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1451
4921
  msgid "System Files"
4922
  msgstr ""
4923
 
4924
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1461
4925
  msgid "Directory Browsing"
4926
  msgstr ""
4927
 
4928
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1471
4929
  msgid "Request Methods"
4930
  msgstr ""
4931
 
4932
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1479
4933
  msgid "Suspicious Query Strings"
4934
  msgstr ""
4935
 
4936
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1487
4937
  msgid "Non-English Characters"
4938
  msgstr ""
4939
 
4940
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1495
4941
  msgid "Long URL Strings"
4942
  msgstr ""
4943
 
4944
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1503
4945
  msgid "File Writing Permissions"
4946
  msgstr ""
4947
 
4948
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1511
4949
  msgid "Uploads"
4950
  msgstr ""
4951
 
4952
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1519
4953
  msgid "Windows Live Writer Header"
4954
  msgstr ""
4955
 
4956
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1527
4957
  msgid "EditURI Header"
4958
  msgstr ""
4959
 
4960
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1535
4961
  msgid "Comment Spam"
4962
  msgstr ""
4963
 
4964
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1543
4965
  msgid "File Editor"
4966
  msgstr ""
4967
 
4968
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1551
4969
  msgid "XML-RPC"
4970
  msgstr ""
4971
 
4972
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1559
4973
+ msgid "Multiple Authentication Attempts per XML-RPC Request"
4974
+ msgstr ""
4975
+
4976
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1567
4977
  msgid "Replace jQuery With a Safe Version"
4978
  msgstr ""
4979
 
4980
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1575
4981
  msgid "Login Error Messages"
4982
  msgstr ""
4983
 
4984
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1583
4985
  msgid "Force Unique Nickname"
4986
  msgstr ""
4987
 
4988
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1591
4989
  msgid "Disable Extra User Archives"
4990
  msgstr ""
4991
 
4992
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1601
4993
  msgid "Theme Update Notifications"
4994
  msgstr ""
4995
 
4996
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1609
4997
  msgid "Plugin Update Notifications"
4998
  msgstr ""
4999
 
5000
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1617
5001
  msgid "Core Update Notifications"
5002
  msgstr ""
5003
 
5004
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1641
5005
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1664
5006
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1687
5007
  msgid ""
5008
  "These are advanced settings that may be utilized to further strengthen the "
5009
  "security of your WordPress site."
5010
  msgstr ""
5011
 
5012
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1642
5013
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1665
5014
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1688
5015
  msgid ""
5016
  "Note: These settings are listed as advanced because they block common forms "
5017
  "of attacks but they can also block legitimate plugins and themes that rely "
5020
  "working as expected."
5021
  msgstr ""
5022
 
5023
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1643
5024
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1666
5025
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1689
5026
  msgid ""
5027
  "Remember, some of these settings might conflict with other plugins or "
5028
  "themes, so test your site after enabling each setting."
5029
  msgstr ""
5030
 
5031
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1895
5032
  msgid "Server Tweaks"
5033
  msgstr ""
5034
 
5035
+ #: core/modules/tweaks/class-itsec-tweaks-admin.php:1944
5036
  msgid "Multisite Tweaks"
5037
  msgstr ""
5038
 
5039
+ #: core/modules/tweaks/class-itsec-tweaks.php:122
5040
+ msgid "XML-RPC services are disabled on this site."
5041
+ msgstr ""
5042
+
5043
+ #: core/modules/tweaks/class-itsec-tweaks.php:206
5044
  msgid ""
5045
  "Your Nickname must be different than your login name. Please choose a "
5046
  "different Nickname."
5047
  msgstr ""
5048
 
5049
+ #: core/modules/tweaks/class-itsec-tweaks.php:224
5050
  msgid ""
5051
  "A Nickname is required. Please choose a nickname or fill out your first and "
5052
  "last name."
5064
  msgstr ""
5065
 
5066
  #. Author of the plugin/theme
5067
+ msgid "iThemes"
5068
  msgstr ""
5069
 
5070
  #. Author URI of the plugin/theme
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: ithemes, chrisjean, aaroncampbell, gerroald, mattdanner
3
  Tags: security, malware, secure, multi-site, network, mu, login, lockdown, htaccess, hack, header, cleanup, ban, restrict, access, protect, protection, disable, images, image, hotlink, admin, username, database, prefix, wp-content, rename, directory, directories, secure, SSL, iThemes, BackupBuddy, Exchange, iThemes Exchange
4
  Requires at least: 4.1
5
  Tested up to: 4.3.1
6
- Stable tag: 5.0.1
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -16,7 +16,7 @@ Released under the terms of the GNU General Public License.
16
 
17
  iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
18
 
19
- Most WordPress admins don't even know theyre vulnerable, but iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site.
20
 
21
  = Maintained and Supported by iThemes =
22
 
@@ -169,7 +169,7 @@ DISCLAIMER: Under no circumstances do we release this plugin with any warranty,
169
  * <a href="http://ithemes.com/fixing-ithemes-security-lockouts/">Fixing iThemes Security Lockouts</a>
170
  * <a href="http://ithemes.com/what-is-changed-by-ithemes-security/">What is Changed By iThemes Security</a>
171
 
172
- = I've enabled the Enforce SSL option and it broke my site. How do I get back in? =
173
  * Open your wp-config.php file in a text editor and remove the following 2 lines:
174
  * define('FORCE_SSL_LOGIN', true);
175
  * define('FORCE_SSL_ADMIN', true);
@@ -189,10 +189,24 @@ Free support may be available with the help of the community in the <a href="htt
189
 
190
  == Changelog ==
191
 
 
 
 
 
 
 
 
 
 
 
 
 
 
192
  = 5.0.1 =
193
  * Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass "SSL peer certificate or SSH remote key was not OK" errors on servers with bad SSL configurations.
194
 
195
  = 5.0.0 =
 
196
  * New Feature: Added malware scanning provided by Sucuri SiteCheck.
197
 
198
  = 4.9.0 =
3
  Tags: security, malware, secure, multi-site, network, mu, login, lockdown, htaccess, hack, header, cleanup, ban, restrict, access, protect, protection, disable, images, image, hotlink, admin, username, database, prefix, wp-content, rename, directory, directories, secure, SSL, iThemes, BackupBuddy, Exchange, iThemes Exchange
4
  Requires at least: 4.1
5
  Tested up to: 4.3.1
6
+ Stable tag: 5.1.1
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
16
 
17
  iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
18
 
19
+ Most WordPress admins don't know they're vulnerable, but iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site.
20
 
21
  = Maintained and Supported by iThemes =
22
 
169
  * <a href="http://ithemes.com/fixing-ithemes-security-lockouts/">Fixing iThemes Security Lockouts</a>
170
  * <a href="http://ithemes.com/what-is-changed-by-ithemes-security/">What is Changed By iThemes Security</a>
171
 
172
+ = I've enabled the Enforce SSL option, and it broke my site. How do I get back in? =
173
  * Open your wp-config.php file in a text editor and remove the following 2 lines:
174
  * define('FORCE_SSL_LOGIN', true);
175
  * define('FORCE_SSL_ADMIN', true);
189
 
190
  == Changelog ==
191
 
192
+ = 5.1.1 =
193
+ * Enhancement: Removed Yandex and Sogou from the HackRepair blacklist as they are legitimate search engine bots.
194
+ * Enhancement: Added detailed information about Sucuri malware scan errors to Malware Scan log details.
195
+ * Bug Fix: No longer enables display of database errors when an event is logged.
196
+
197
+ = 5.1.0 =
198
+ * New Feature: Added "Multiple Authentication Attempts per XML-RPC Request" setting to the WordPress Tweaks section. When this setting is set to "Block", iThemes Security will block brute force login attacks against XML-RPC as described by Sucuri in this blog post: https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
199
+ * Enhancement: Updated text describing the XML-RPC setting in the WordPress Tweaks section to better explain what the setting is for and which setting is recommended.
200
+ * Enhancement: Improved IP detection when proxy detection is active by processing the header set by CloudFlare.
201
+ * Enhancement: Added a filter named itsec_filter_remote_addr_headers which can be used to change which headers are searched for the client IP. This allows for tailoring the IP detection for specific reverse proxies and load balancers.
202
+ * Bug Fix: Updated the Banned Users settings to no longer add a newline to the Ban Hosts input each time the settings page is saved.
203
+ * Compatibility Fix: Updated code triggered by the ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY define. This avoids plugin compatibility issues that prevent disabling the SSL peer verification.
204
+
205
  = 5.0.1 =
206
  * Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass "SSL peer certificate or SSH remote key was not OK" errors on servers with bad SSL configurations.
207
 
208
  = 5.0.0 =
209
+ * Compatibility Fix: Changed translation domain from it-l10n-better-wp-security to better-wp-security. This change was necessary in order to be included in the translate.wordpress.org project.
210
  * New Feature: Added malware scanning provided by Sucuri SiteCheck.
211
 
212
  = 4.9.0 =