iThemes Security (formerly Better WP Security) - Version 5.6.1

Version Description

  • Bug Fix: Fixed a potential logging issue that could prevent some lockout notices from being properly logged on non-English sites.
    • Bug Fix: Prevented some notices from displaying to users who do not need to see them.
    • Bug Fix: Limited notices to only display on specific pages on the dashboard.
    • Compatibility Fix: Changed name of the $HTTP_RAW_POST_DATA variable to avoid erroneously tripping PHP 7 compatibility checks.
    • Code Cleanup: Removed legacy code that is no longer needed.
    • Enhancement: Started tracking when a user was last seen as logged in and active for future use.
    • Misc: Added a placeholder for the Pro feature "User Security Check".
Download this release

Release Info

Developer chrisjean
Plugin Icon 128x128 iThemes Security (formerly Better WP Security)
Version 5.6.1
Comparing to
See all releases

Code changes from version 5.6.0 to 5.6.1

Files changed (18) hide show
  1. better-wp-security.php +1 -1
  2. core/admin-pages/css/style.css +28 -3
  3. core/admin-pages/page-settings.php +5 -1
  4. core/class-itsec-core.php +11 -7
  5. core/class-itsec-dashboard-admin.php +0 -145
  6. core/class-itsec-files.php +26 -133
  7. core/class-itsec-lockout.php +0 -137
  8. core/content/index.php +0 -1
  9. core/content/perms.php +0 -259
  10. core/content/system.php +0 -330
  11. core/css/itsec_notice.css +6 -0
  12. core/history.txt +8 -0
  13. core/lib/class-itsec-lib-user-activity.php +52 -0
  14. core/modules/global/active.php +2 -2
  15. core/modules/ipcheck/class-itsec-ipcheck.php +2 -2
  16. core/modules/pro/settings-page.php +25 -9
  17. history.txt +8 -0
  18. readme.txt +89 -2
better-wp-security.php CHANGED
@@ -6,7 +6,7 @@
6
  * Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7
  * Author: iThemes
8
  * Author URI: https://ithemes.com
9
- * Version: 5.6.0
10
  * Text Domain: better-wp-security
11
  * Network: True
12
  * License: GPLv2
6
  * Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7
  * Author: iThemes
8
  * Author URI: https://ithemes.com
9
+ * Version: 5.6.1
10
  * Text Domain: better-wp-security
11
  * Network: True
12
  * License: GPLv2
core/admin-pages/css/style.css CHANGED
@@ -158,6 +158,24 @@ ul {
158
  min-height: 14em;
159
  }
160
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
161
  .itsec-module-pro-upsell {
162
  opacity: .5;
163
  }
@@ -315,9 +333,6 @@ body.itsec-modal-open {
315
  clear: both;
316
  box-sizing: border-box;
317
  }
318
- .itsec-module-cards-container * {
319
- box-sizing: border-box;
320
- }
321
  .itsec-module-cards {
322
  text-align: justify;
323
  font-size: 0.1px;
@@ -619,3 +634,13 @@ body.itsec-modal-open {
619
  .itsec-security-check-container-error {
620
  border-left-color: #dc3232;
621
  }
 
 
 
 
 
 
 
 
 
 
158
  min-height: 14em;
159
  }
160
 
161
+ /* Override max width for user security check */
162
+ #itsec-module-card-user-security-check .itsec-module-settings-content {
163
+ max-width: 100%;
164
+ position: relative;
165
+ }
166
+ @media screen and (max-width: 782px) {
167
+ #itsec-module-card-user-security-check p.search-box {
168
+ width: 100%;
169
+ }
170
+ #itsec-user-table {
171
+ padding-bottom: 100px;
172
+ }
173
+ }
174
+
175
+ /* Correct font size of user table nav in user security check */
176
+ #itsec-module-card-user-security-check .tablenav {
177
+ font-size: 12px;
178
+ }
179
  .itsec-module-pro-upsell {
180
  opacity: .5;
181
  }
333
  clear: both;
334
  box-sizing: border-box;
335
  }
 
 
 
336
  .itsec-module-cards {
337
  text-align: justify;
338
  font-size: 0.1px;
634
  .itsec-security-check-container-error {
635
  border-left-color: #dc3232;
636
  }
637
+
638
+ /**
639
+ * User Security Check
640
+ */
641
+ .itsec-two-factor .dashicons {
642
+ cursor: default;
643
+ }
644
+ .itsec-two-factor .dashicons.dashicons-unlock {
645
+ color: #dc3232;
646
+ }
core/admin-pages/page-settings.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
 
4
  final class ITSEC_Settings_Page {
5
- private $version = 1.3;
6
 
7
  private $self_url = '';
8
  private $modules = array();
@@ -141,6 +141,10 @@ final class ITSEC_Settings_Page {
141
  $method = ( isset( $_POST['method'] ) && is_string( $_POST['method'] ) ) ? $_POST['method'] : '';
142
  $module = ( isset( $_POST['module'] ) && is_string( $_POST['module'] ) ) ? $_POST['module'] : '';
143
 
 
 
 
 
144
 
145
  if ( false === check_ajax_referer( 'itsec-settings-nonce', 'nonce', false ) ) {
146
  ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-failed-nonce', __( 'A nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.', 'better-wp-security' ) ) );
2
 
3
 
4
  final class ITSEC_Settings_Page {
5
+ private $version = 1.4;
6
 
7
  private $self_url = '';
8
  private $modules = array();
141
  $method = ( isset( $_POST['method'] ) && is_string( $_POST['method'] ) ) ? $_POST['method'] : '';
142
  $module = ( isset( $_POST['module'] ) && is_string( $_POST['module'] ) ) ? $_POST['module'] : '';
143
 
144
+ if ( empty( $GLOBALS['hook_suffix'] ) ) {
145
+ $GLOBALS['hook_suffix'] = 'toplevel_page_itsec';
146
+ }
147
+
148
 
149
  if ( false === check_ajax_referer( 'itsec-settings-nonce', 'nonce', false ) ) {
150
  ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-failed-nonce', __( 'A nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.', 'better-wp-security' ) ) );
core/class-itsec-core.php CHANGED
@@ -103,6 +103,7 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
103
  require( $this->plugin_dir . 'core/class-itsec-files.php' );
104
  require( $this->plugin_dir . 'core/class-itsec-notify.php' );
105
  require( $this->plugin_dir . 'core/class-itsec-response.php' );
 
106
 
107
  $this->itsec_files = ITSEC_Files::get_instance();
108
  $this->itsec_notify = new ITSEC_Notify();
@@ -141,9 +142,6 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
141
  if ( is_admin() ) {
142
  require( $this->plugin_dir . 'core/admin-pages/init.php' );
143
 
144
- require( $this->plugin_dir . 'core/class-itsec-dashboard-admin.php' );
145
- new ITSEC_Dashboard_Admin( $this );
146
-
147
  //add action link
148
  add_filter( 'plugin_action_links', array( $this, 'add_action_link' ), 10, 2 );
149
 
@@ -523,7 +521,13 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
523
 
524
  }
525
 
526
- public static function add_notice( $callback ) {
 
 
 
 
 
 
527
  $self = self::get_instance();
528
 
529
  if ( ! $self->notices_loaded ) {
@@ -645,10 +649,10 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
645
  }
646
 
647
 
648
- $HTTP_RAW_POST_DATA = @file_get_contents( 'php://input' );
649
 
650
- if ( ! empty( $HTTP_RAW_POST_DATA ) ) {
651
- $data = base64_decode( $HTTP_RAW_POST_DATA );
652
 
653
  if ( false !== strpos( $data, 's:10:"iwp_action";' ) ) {
654
  $self->is_iwp_call = true;
103
  require( $this->plugin_dir . 'core/class-itsec-files.php' );
104
  require( $this->plugin_dir . 'core/class-itsec-notify.php' );
105
  require( $this->plugin_dir . 'core/class-itsec-response.php' );
106
+ require( $this->plugin_dir . 'core/lib/class-itsec-lib-user-activity.php' );
107
 
108
  $this->itsec_files = ITSEC_Files::get_instance();
109
  $this->itsec_notify = new ITSEC_Notify();
142
  if ( is_admin() ) {
143
  require( $this->plugin_dir . 'core/admin-pages/init.php' );
144
 
 
 
 
145
  //add action link
146
  add_filter( 'plugin_action_links', array( $this, 'add_action_link' ), 10, 2 );
147
 
521
 
522
  }
523
 
524
+ public static function add_notice( $callback, $all_pages = false ) {
525
+ global $pagenow, $plugin_page;
526
+
527
+ if ( ! $all_pages && ! in_array( $pagenow, array( 'plugins.php', 'update-core.php' ) ) && ( ! isset( $plugin_page ) || ! in_array( $plugin_page, array( 'itsec', 'itsec-logs' ) ) ) ) {
528
+ return;
529
+ }
530
+
531
  $self = self::get_instance();
532
 
533
  if ( ! $self->notices_loaded ) {
649
  }
650
 
651
 
652
+ $post_data = @file_get_contents( 'php://input' );
653
 
654
+ if ( ! empty( $post_data ) ) {
655
+ $data = base64_decode( $post_data );
656
 
657
  if ( false !== strpos( $data, 's:10:"iwp_action";' ) ) {
658
  $self->is_iwp_call = true;
core/class-itsec-dashboard-admin.php DELETED
@@ -1,145 +0,0 @@
1
- <?php
2
- /**
3
- * Display the plugin's dashboard information.
4
- *
5
- * Sets up and displays the dashboard status, file permissions and other system
6
- * information on the plugin's dashboard.
7
- *
8
- * @since 4.0.0
9
- *
10
- * @package iThemes_Security
11
- */
12
- class ITSEC_Dashboard_Admin {
13
-
14
- /**
15
- * Initialize the plugin dashboard
16
- *
17
- * Initialize areas of the plugin dashboard.
18
- *
19
- * @since 4.0.0
20
- *
21
- * @return ITSEC_Dashboard_Admin
22
- */
23
- function __construct() {
24
-
25
- if ( is_admin() ) {
26
-
27
- add_action( 'itsec_add_admin_meta_boxes', array( $this, 'itsec_add_admin_meta_boxes' ) );
28
-
29
- }
30
-
31
- }
32
-
33
- /**
34
- * Add meta boxes to the plugin dashboard.
35
- *
36
- * Adds plugin's metaboxes including status, system information and file
37
- * permissions to the plugin dashboard.
38
- *
39
- * @since 4.0.0
40
- *
41
- * @return void
42
- */
43
- public function itsec_add_admin_meta_boxes() {
44
-
45
- add_meta_box(
46
- 'itsec_file_permissions',
47
- __( 'WordPress File Permissions', 'better-wp-security' ),
48
- array( $this, 'metabox_normal_file_permissions' ),
49
- 'toplevel_page_itsec',
50
- 'advanced',
51
- 'core'
52
- );
53
-
54
- add_meta_box(
55
- 'itsec_system_info',
56
- __( 'System Information', 'better-wp-security' ),
57
- array( $this, 'metabox_normal_system_info' ),
58
- 'toplevel_page_itsec',
59
- 'advanced',
60
- 'core'
61
- );
62
-
63
- }
64
-
65
- /**
66
- * Display the file permissions metabox.
67
- *
68
- * Builds and displays the table that shows WordPress file permissions as marked up
69
- * in the system.php file.
70
- *
71
- * @since 4.0.0
72
- *
73
- * @return void
74
- */
75
- public function metabox_normal_file_permissions() {
76
-
77
- require_once( 'content/perms.php' );
78
-
79
- }
80
-
81
- /**
82
- * Display the system information metabox.
83
- *
84
- * Builds and displays the table that shows system infmormation as marked up
85
- * in the system.php file.
86
- *
87
- * @since 4.0.0
88
- *
89
- * @return void
90
- */
91
- public function metabox_normal_system_info() {
92
-
93
- require_once( 'content/system.php' );
94
-
95
- }
96
-
97
- /**
98
- * Displays required status array.
99
- *
100
- * Loops through the filterable status array to build the table items for the
101
- * security status metabox.
102
- *
103
- * @since 4.0.0
104
- *
105
- * @param array $status_array array of statuses
106
- * @param string $button_text string for button
107
- * @param string $button_class string for button
108
- *
109
- * @return void
110
- */
111
- private function status_loop( $status_array, $button_text, $button_class ) {
112
-
113
- foreach ( $status_array as $status ) {
114
-
115
- if ( isset( $status['advanced'] ) && true === $status['advanced'] ) {
116
-
117
- $page = 'advanced';
118
-
119
- } elseif ( isset( $status['pro'] ) && true === $status['pro'] ) {
120
-
121
- $page = 'pro';
122
-
123
- } else {
124
-
125
- $page = 'settings';
126
-
127
- }
128
-
129
- if ( false === strpos( $status['link'], 'http:' ) && false === strpos( $status['link'], '?page=' ) ) {
130
-
131
- $setting_link = '?page=toplevel_page_itsec_' . $page . $status['link'];
132
-
133
- } else {
134
-
135
- $setting_link = $status['link'];
136
-
137
- }
138
-
139
- printf( '<li><p>%s</p><div class="itsec_status_action"><a class="button-%s" href="%s">%s</a></div></li>', $status['text'], $button_class, $setting_link, $button_text );
140
-
141
- }
142
-
143
- }
144
-
145
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
core/class-itsec-files.php CHANGED
@@ -11,22 +11,21 @@
11
  */
12
  final class ITSEC_Files {
13
  static $instance = false;
14
-
15
  private function __construct() {
16
 
17
- add_action( 'itsec_add_admin_meta_boxes', array( $this, 'add_admin_meta_boxes' ) );
18
  add_action( 'itsec-new-blacklisted-ip', array( $this, 'quick_ban' ) );
19
 
20
  }
21
-
22
  public static function get_instance() {
23
  if ( ! self::$instance ) {
24
  self::$instance = new self;
25
  }
26
-
27
  return self::$instance;
28
  }
29
-
30
  /**
31
  * Check the setting that allows writing files.
32
  *
@@ -37,40 +36,40 @@ final class ITSEC_Files {
37
  public static function can_write_to_files() {
38
  $can_write = (bool) ITSEC_Modules::get_setting( 'global', 'write_files' );
39
  $can_write = apply_filters( 'itsec_filter_can_write_to_files', $can_write );
40
-
41
  return $can_write;
42
  }
43
 
44
  public static function regenerate_wp_config( $add_responses = true ) {
45
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
46
-
47
  $result = ITSEC_Lib_Config_File::update_wp_config();
48
  $success = ! is_wp_error( $result );
49
-
50
  if ( $add_responses && is_wp_error( $result ) ) {
51
  ITSEC_Response::add_error( $result );
52
  }
53
-
54
  return $success;
55
  }
56
-
57
  public static function regenerate_server_config( $add_responses = true ) {
58
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
59
-
60
  $result = ITSEC_Lib_Config_File::update_server_config();
61
  $success = ! is_wp_error( $result );
62
  $server = ITSEC_Lib_Utility::get_web_server();
63
-
64
  if ( $add_responses ) {
65
  if ( is_wp_error( $result ) ) {
66
  ITSEC_Response::add_error( $result );
67
-
68
  $file = ITSEC_Lib_Config_File::get_server_config_file_path();
69
  } else if ( 'nginx' === $server ) {
70
  ITSEC_Response::add_message( __( 'You must restart your NGINX server for the changes to take effect.', 'better-wp-security' ) );
71
  }
72
  }
73
-
74
  return $success;
75
  }
76
 
@@ -99,7 +98,7 @@ final class ITSEC_Files {
99
  */
100
  public function do_deactivate() {
101
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
102
-
103
  ITSEC_Lib_Config_File::reset_wp_config();
104
  ITSEC_Lib_Config_File::reset_server_config();
105
  }
@@ -123,15 +122,15 @@ final class ITSEC_Files {
123
  if ( ! ITSEC_Lib_IP_Tools::validate( $host ) ) {
124
  return false;
125
  }
126
-
127
-
128
  $host_rule = '# ' . __( 'Quick ban IP. Will be updated on next formal rules save.', 'better-wp-security' ) . "\n";
129
-
130
  if ( 'nginx' === ITSEC_Lib::get_server() ) {
131
  $host_rule .= "\tdeny $host;\n";
132
  } else if ( 'apache' === ITSEC_Lib::get_server() ) {
133
  $dhost = str_replace( '.', '\\.', $host ); //re-define $dhost to match required output for SetEnvIf-RegEX
134
-
135
  $host_rule .= "SetEnvIF REMOTE_ADDR \"^$dhost$\" DenyAccess\n"; //Ban IP
136
  $host_rule .= "SetEnvIF X-FORWARDED-FOR \"^$dhost$\" DenyAccess\n"; //Ban IP from Proxy-User
137
  $host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^$dhost$\" DenyAccess\n"; //Ban IP for Cluster/Cloud-hosted WP-Installs
@@ -149,14 +148,14 @@ final class ITSEC_Files {
149
  $host_rule .= "\tAllow from all\n";
150
  $host_rule .= "</IfModule>\n";
151
  }
152
-
153
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
154
  $result = ITSEC_Lib_Config_File::append_server_config( $host_rule );
155
-
156
  if ( is_wp_error( $result ) ) {
157
  return false;
158
  }
159
-
160
  return true;
161
  }
162
 
@@ -226,123 +225,17 @@ final class ITSEC_Files {
226
  if ( ITSEC_Modules::get_setting( 'global', 'lock_file' ) ) {
227
  return true;
228
  }
229
-
230
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-directory.php' );
231
-
232
  $lock_file = ITSEC_Core::get_storage_dir() . '/' . sanitize_text_field( $lock_file ) . '.lock';
233
-
234
  $result = ITSEC_Lib_Directory::remove( $lock_file );
235
-
236
  if ( is_wp_error( $result ) ) {
237
  return false;
238
  }
239
-
240
- return true;
241
- }
242
-
243
- /**
244
- * Add meta boxes to primary options pages.
245
- *
246
- * Adds the meta boxes containing rewrite rules that appears on the iThemes Security
247
- * Dashboard.
248
- *
249
- * @since 4.0.0
250
- *
251
- * @return void
252
- */
253
- public function add_admin_meta_boxes() {
254
-
255
- add_meta_box(
256
- 'itsec_rewrite',
257
- __( 'Rewrite Rules', 'better-wp-security' ),
258
- array( $this, 'rewrite_metabox' ),
259
- 'toplevel_page_itsec',
260
- 'bottom',
261
- 'core'
262
- );
263
-
264
- add_meta_box(
265
- 'itsec_wpconfig',
266
- __( 'wp-config.php Rules', 'better-wp-security' ),
267
- array( $this, 'config_metabox' ),
268
- 'toplevel_page_itsec',
269
- 'bottom',
270
- 'core'
271
- );
272
-
273
- }
274
 
275
- /**
276
- * Calls config metabox action.
277
- *
278
- * Allows a hook to add to the metabox containing the wp-config.php rules.
279
- *
280
- * @since 4.0.0
281
- *
282
- * @return void
283
- */
284
- public function config_metabox() {
285
-
286
- add_action( 'itsec_wpconfig_metabox', array( $this, 'config_metabox_contents' ) );
287
- do_action( 'itsec_wpconfig_metabox' );
288
-
289
- }
290
-
291
- /**
292
- * Echos content metabox contents.
293
- *
294
- * Echos the contents of the wp-config.php metabox
295
- *
296
- * @since 4.0.0
297
- *
298
- * @return void
299
- */
300
- public function config_metabox_contents() {
301
- require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
302
-
303
- $config = ITSEC_Lib_Config_File::get_wp_config();
304
-
305
- if ( empty( $config ) ) {
306
- _e( 'There are no rules to write.', 'better-wp-security' );
307
- } else {
308
- echo '<div class="itsec_rewrite_rules">' . highlight_string( $config, true ) . '</div>';
309
- }
310
- }
311
-
312
- /**
313
- * Calls rewrite metabox action.
314
- *
315
- * Executes the action to draw the htaccess rewrite rules metabox
316
- *
317
- * @since 4.0.0
318
- *
319
- * @return void
320
- */
321
- public function rewrite_metabox() {
322
-
323
- add_action( 'itsec_rewrite_metabox', array( $this, 'rewrite_metabox_contents' ) );
324
- do_action( 'itsec_rewrite_metabox' );
325
-
326
- }
327
-
328
- /**
329
- * Echos rewrite metabox content.
330
- *
331
- * Echos the rewrite rules in the dashboard.
332
- *
333
- * @since 4.0.0
334
- *
335
- * @return void
336
- */
337
- public function rewrite_metabox_contents() {
338
- require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
339
-
340
- $config = ITSEC_Lib_Config_File::get_server_config();
341
-
342
- if ( empty( $config ) ) {
343
- _e( 'There are no rules to write.', 'better-wp-security' );
344
- } else {
345
- echo '<div class="itsec_rewrite_rules">' . highlight_string( $config, true ) . '</div>';
346
- }
347
  }
348
  }
11
  */
12
  final class ITSEC_Files {
13
  static $instance = false;
14
+
15
  private function __construct() {
16
 
 
17
  add_action( 'itsec-new-blacklisted-ip', array( $this, 'quick_ban' ) );
18
 
19
  }
20
+
21
  public static function get_instance() {
22
  if ( ! self::$instance ) {
23
  self::$instance = new self;
24
  }
25
+
26
  return self::$instance;
27
  }
28
+
29
  /**
30
  * Check the setting that allows writing files.
31
  *
36
  public static function can_write_to_files() {
37
  $can_write = (bool) ITSEC_Modules::get_setting( 'global', 'write_files' );
38
  $can_write = apply_filters( 'itsec_filter_can_write_to_files', $can_write );
39
+
40
  return $can_write;
41
  }
42
 
43
  public static function regenerate_wp_config( $add_responses = true ) {
44
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
45
+
46
  $result = ITSEC_Lib_Config_File::update_wp_config();
47
  $success = ! is_wp_error( $result );
48
+
49
  if ( $add_responses && is_wp_error( $result ) ) {
50
  ITSEC_Response::add_error( $result );
51
  }
52
+
53
  return $success;
54
  }
55
+
56
  public static function regenerate_server_config( $add_responses = true ) {
57
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
58
+
59
  $result = ITSEC_Lib_Config_File::update_server_config();
60
  $success = ! is_wp_error( $result );
61
  $server = ITSEC_Lib_Utility::get_web_server();
62
+
63
  if ( $add_responses ) {
64
  if ( is_wp_error( $result ) ) {
65
  ITSEC_Response::add_error( $result );
66
+
67
  $file = ITSEC_Lib_Config_File::get_server_config_file_path();
68
  } else if ( 'nginx' === $server ) {
69
  ITSEC_Response::add_message( __( 'You must restart your NGINX server for the changes to take effect.', 'better-wp-security' ) );
70
  }
71
  }
72
+
73
  return $success;
74
  }
75
 
98
  */
99
  public function do_deactivate() {
100
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
101
+
102
  ITSEC_Lib_Config_File::reset_wp_config();
103
  ITSEC_Lib_Config_File::reset_server_config();
104
  }
122
  if ( ! ITSEC_Lib_IP_Tools::validate( $host ) ) {
123
  return false;
124
  }
125
+
126
+
127
  $host_rule = '# ' . __( 'Quick ban IP. Will be updated on next formal rules save.', 'better-wp-security' ) . "\n";
128
+
129
  if ( 'nginx' === ITSEC_Lib::get_server() ) {
130
  $host_rule .= "\tdeny $host;\n";
131
  } else if ( 'apache' === ITSEC_Lib::get_server() ) {
132
  $dhost = str_replace( '.', '\\.', $host ); //re-define $dhost to match required output for SetEnvIf-RegEX
133
+
134
  $host_rule .= "SetEnvIF REMOTE_ADDR \"^$dhost$\" DenyAccess\n"; //Ban IP
135
  $host_rule .= "SetEnvIF X-FORWARDED-FOR \"^$dhost$\" DenyAccess\n"; //Ban IP from Proxy-User
136
  $host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^$dhost$\" DenyAccess\n"; //Ban IP for Cluster/Cloud-hosted WP-Installs
148
  $host_rule .= "\tAllow from all\n";
149
  $host_rule .= "</IfModule>\n";
150
  }
151
+
152
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
153
  $result = ITSEC_Lib_Config_File::append_server_config( $host_rule );
154
+
155
  if ( is_wp_error( $result ) ) {
156
  return false;
157
  }
158
+
159
  return true;
160
  }
161
 
225
  if ( ITSEC_Modules::get_setting( 'global', 'lock_file' ) ) {
226
  return true;
227
  }
228
+
229
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-directory.php' );
230
+
231
  $lock_file = ITSEC_Core::get_storage_dir() . '/' . sanitize_text_field( $lock_file ) . '.lock';
232
+
233
  $result = ITSEC_Lib_Directory::remove( $lock_file );
234
+
235
  if ( is_wp_error( $result ) ) {
236
  return false;
237
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
238
 
239
+ return true;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
240
  }
241
  }
core/class-itsec-lockout.php CHANGED
@@ -36,9 +36,6 @@ final class ITSEC_Lockout {
36
  //Set an error message on improper logout
37
  add_action( 'login_head', array( $this, 'set_lockout_error' ) );
38
 
39
- //Add the metabox
40
- add_action( 'itsec_add_admin_meta_boxes', array( $this, 'add_admin_meta_boxes' ) );
41
-
42
  //Process clear lockout form
43
  add_action( 'itsec_admin_init', array( $this, 'release_lockout' ) );
44
 
@@ -56,26 +53,6 @@ final class ITSEC_Lockout {
56
  require_once( dirname( __FILE__ ) . '/sidebar-widget-active-lockouts.php' );
57
  }
58
 
59
- /**
60
- * Add meta boxes to primary options pages.
61
- *
62
- * @since 4.0
63
- *
64
- * @return void
65
- */
66
- function add_admin_meta_boxes() {
67
-
68
- add_meta_box(
69
- 'itsec_lockouts',
70
- __( 'Active Lockouts', 'better-wp-security' ),
71
- array( $this, 'lockout_metabox' ),
72
- 'toplevel_page_itsec',
73
- 'bottom',
74
- 'core'
75
- );
76
-
77
- }
78
-
79
  /**
80
  * Checks if the host or user is locked out and executes lockout
81
  *
@@ -763,120 +740,6 @@ final class ITSEC_Lockout {
763
  return true;
764
  }
765
 
766
-
767
- /**
768
- * Active lockouts table and form for dashboard.
769
- *
770
- * @Since 4.0
771
- *
772
- * @return void
773
- */
774
- public function lockout_metabox() {
775
-
776
- global $itsec_globals;
777
-
778
- ?>
779
- <form method="post" action="" id="itsec_release_lockout_form">
780
- <?php wp_nonce_field( 'itsec_release_lockout', 'wp_nonce' ); ?>
781
- <input type="hidden" name="itsec_release_lockout" value="true"/>
782
- <?php //get locked out hosts and users from database
783
- $host_locks = $this->get_lockouts( 'host', true, 50 );
784
- $user_locks = $this->get_lockouts( 'user', true, 50 );
785
- $username_locks = $this->get_lockouts( 'username', true, 50 );
786
- ?>
787
- <table class="form-table">
788
- <tr valign="top">
789
- <th scope="row" class="settinglabel">
790
- <?php _e( 'Locked out hosts', 'better-wp-security' ); ?>
791
- </th>
792
- <td class="settingfield">
793
- <?php if ( sizeof( $host_locks ) > 0 ) { ?>
794
- <ul>
795
- <?php foreach ( $host_locks as $host ) { ?>
796
- <li style="list-style: none;"><input type="checkbox"
797
- name="lo_<?php echo $host['lockout_id']; ?>"
798
- id="lo_<?php echo $host['lockout_id']; ?>"
799
- value="<?php echo $host['lockout_id']; ?>"/>
800
- <label
801
- for="lo_<?php echo $host['lockout_id']; ?>"><strong><?php echo esc_html( $host['lockout_host'] ); ?></strong>
802
- - <?php _e( 'Expires in', 'better-wp-security' ); ?>
803
- <em> <?php echo human_time_diff( $itsec_globals['current_time_gmt'], strtotime( $host['lockout_expire_gmt'] ) ); ?></em></label>
804
- </li>
805
- <?php } ?>
806
- </ul>
807
- <?php } else { //no host is locked out ?>
808
- <ul>
809
- <li style="list-style: none;">
810
- <p><?php _e( 'Currently no hosts are locked out of this website.', 'better-wp-security' ); ?></p>
811
- </li>
812
- </ul>
813
- <?php } ?>
814
- </td>
815
- </tr>
816
- <tr valign="top">
817
- <th scope="row" class="settinglabel">
818
- <?php _e( 'Locked out users', 'better-wp-security' ); ?>
819
- </th>
820
- <td class="settingfield">
821
- <?php if ( sizeof( $user_locks ) > 0 ) { ?>
822
- <ul>
823
- <?php foreach ( $user_locks as $user ) { ?>
824
- <?php $userdata = get_userdata( $user['lockout_user'] ); ?>
825
- <li style="list-style: none;"><input type="checkbox"
826
- name="lo_<?php echo $user['lockout_id']; ?>"
827
- id="lo_<?php echo $user['lockout_id']; ?>"
828
- value="<?php echo $user['lockout_id']; ?>"/>
829
- <label
830
- for="lo_<?php echo $user['lockout_id']; ?>"><strong><?php echo isset( $userdata->lockout ) ? $userdata->user_login : ''; ?></strong>
831
- - <?php _e( 'Expires in', 'better-wp-security' ); ?>
832
- <em> <?php echo human_time_diff( $itsec_globals['current_time_gmt'], strtotime( $user['lockout_expire_gmt'] ) ); ?></em></label>
833
- </li>
834
- <?php } ?>
835
- </ul>
836
- <?php } else { //no user is locked out ?>
837
- <ul>
838
- <li style="list-style: none;">
839
- <p><?php _e( 'Currently no users are locked out of this website.', 'better-wp-security' ); ?></p>
840
- </li>
841
- </ul>
842
- <?php } ?>
843
- </td>
844
- </tr>
845
- <tr valign="top">
846
- <th scope="row" class="settinglabel">
847
- <?php _e( 'Locked out usernames (not real users)', 'better-wp-security' ); ?>
848
- </th>
849
- <td class="settingfield">
850
- <?php if ( sizeof( $username_locks ) > 0 ) { ?>
851
- <ul>
852
- <?php foreach ( $username_locks as $user ) { ?>
853
- <li style="list-style: none;"><input type="checkbox"
854
- name="lo_<?php echo $user['lockout_id']; ?>"
855
- id="lo_<?php echo $user['lockout_id']; ?>"
856
- value="<?php echo $user['lockout_id']; ?>"/>
857
- <label
858
- for="lo_<?php echo $user['lockout_id']; ?>"><strong><?php echo sanitize_text_field( $user['lockout_username'] ); ?></strong>
859
- - <?php _e( 'Expires in', 'better-wp-security' ); ?>
860
- <em> <?php echo human_time_diff( $itsec_globals['current_time_gmt'], strtotime( $user['lockout_expire_gmt'] ) ); ?></em></label>
861
- </li>
862
- <?php } ?>
863
- </ul>
864
- <?php } else { //no user is locked out ?>
865
- <ul>
866
- <li style="list-style: none;">
867
- <p><?php _e( 'Currently no usernames are locked out of this website.', 'better-wp-security' ); ?></p>
868
- </li>
869
- </ul>
870
- <?php } ?>
871
- </td>
872
- </tr>
873
- </table>
874
- <p class="submit"><input type="submit" class="button-primary"
875
- value="<?php _e( 'Release Lockout', 'better-wp-security' ); ?>"/></p>
876
- </form>
877
- <?php
878
- }
879
-
880
  /**
881
  * Purges lockouts more than 7 days old from the database
882
  *
36
  //Set an error message on improper logout
37
  add_action( 'login_head', array( $this, 'set_lockout_error' ) );
38
 
 
 
 
39
  //Process clear lockout form
40
  add_action( 'itsec_admin_init', array( $this, 'release_lockout' ) );
41
 
53
  require_once( dirname( __FILE__ ) . '/sidebar-widget-active-lockouts.php' );
54
  }
55
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
56
  /**
57
  * Checks if the host or user is locked out and executes lockout
58
  *
740
  return true;
741
  }
742
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
743
  /**
744
  * Purges lockouts more than 7 days old from the database
745
  *
core/content/index.php DELETED
@@ -1 +0,0 @@
1
- <?php //You don't belong here. ?>
 
core/content/perms.php DELETED
@@ -1,259 +0,0 @@
1
- <?php
2
- /**
3
- * WordPress Permissions check code from Serverbuddy by PluginBuddy written by Dustin Bolton of iThemes
4
- */
5
-
6
- $tests = array();
7
-
8
- //BEGIN FOLDERS
9
- $this_test = array(
10
- 'title' => '/',
11
- 'suggestion' => '= 755',
12
- 'value' => substr( sprintf( '%o', fileperms( ABSPATH . '/' ) ), - 4 ),
13
- );
14
-
15
- if ( ! fileperms( ABSPATH . '/' ) || 755 != substr( sprintf( '%o', fileperms( ABSPATH . '/' ) ), - 4 ) ) {
16
-
17
- $this_test['status'] = 'WARNING';
18
-
19
- } else {
20
-
21
- $this_test['status'] = 'OK';
22
-
23
- }
24
-
25
- array_push( $tests, $this_test );
26
-
27
- $this_test = array(
28
- 'title' => '/wp-includes/',
29
- 'suggestion' => '= 755',
30
- 'value' => substr( sprintf( '%o', fileperms( ABSPATH . '/wp-includes/' ) ), - 4 ),
31
- );
32
-
33
- if ( ! fileperms( ABSPATH . '/wp-includes/' ) || 755 != substr( sprintf( '%o', fileperms( ABSPATH . '/wp-includes/' ) ), - 4 ) ) {
34
-
35
- $this_test['status'] = 'WARNING';
36
-
37
- } else {
38
-
39
- $this_test['status'] = 'OK';
40
-
41
- }
42
-
43
- array_push( $tests, $this_test );
44
-
45
-
46
- $this_test = array(
47
- 'title' => '/wp-admin/',
48
- 'suggestion' => '= 755',
49
- 'value' => substr( sprintf( '%o', fileperms( ABSPATH . '/wp-admin/' ) ), - 4 ),
50
- );
51
-
52
- if ( ! fileperms( ABSPATH . '/wp-admin/' ) || 755 != substr( sprintf( '%o', fileperms( ABSPATH . '/wp-admin/' ) ), - 4 ) ) {
53
-
54
- $this_test['status'] = 'WARNING';
55
-
56
- } else {
57
-
58
- $this_test['status'] = 'OK';
59
-
60
- }
61
-
62
- array_push( $tests, $this_test );
63
-
64
-
65
- $this_test = array(
66
- 'title' => '/wp-admin/js/',
67
- 'suggestion' => '= 755',
68
- 'value' => substr( sprintf( '%o', fileperms( ABSPATH . '/wp-admin/js/' ) ), - 4 ),
69
- );
70
-
71
- if ( ! fileperms( ABSPATH . '/wp-admin/js/' ) || 755 != substr( sprintf( '%o', fileperms( ABSPATH . '/wp-admin/js/' ) ), - 4 ) ) {
72
-
73
- $this_test['status'] = 'WARNING';
74
-
75
- } else {
76
-
77
- $this_test['status'] = 'OK';
78
-
79
- }
80
-
81
- array_push( $tests, $this_test );
82
-
83
-
84
- $this_test = array(
85
- 'title' => get_theme_root(),
86
- 'suggestion' => '= 755',
87
- 'value' => substr( sprintf( '%o', fileperms( get_theme_root() ) ), - 4 ),
88
- );
89
-
90
- if ( ! fileperms( get_theme_root() ) || 755 != substr( sprintf( '%o', fileperms( get_theme_root() ) ), - 4 ) ) {
91
-
92
- $this_test['status'] = 'WARNING';
93
-
94
- } else {
95
-
96
- $this_test['status'] = 'OK';
97
-
98
- }
99
-
100
- array_push( $tests, $this_test );
101
-
102
- $this_test = array(
103
- 'title' => str_replace( ABSPATH, '', dirname( plugin_dir_path( ITSEC_Core::get_plugin_file() ) ) ),
104
- 'suggestion' => '= 755',
105
- 'value' => substr( sprintf( '%o', fileperms( dirname( plugin_dir_path( ITSEC_Core::get_plugin_file() ) ) ) ), - 4 ),
106
- );
107
-
108
- if ( ! dirname( plugin_dir_path( ITSEC_Core::get_plugin_file() ) ) || 755 != substr( sprintf( '%o', fileperms( dirname( plugin_dir_path( ITSEC_Core::get_plugin_file() ) ) ) ), - 4 ) ) {
109
-
110
- $this_test['status'] = 'WARNING';
111
-
112
- } else {
113
-
114
- $this_test['status'] = 'OK';
115
-
116
- }
117
-
118
- array_push( $tests, $this_test );
119
-
120
- if ( defined( 'WP_CONTENT_DIR' ) ) {
121
-
122
- $wp_content_dir = WP_CONTENT_DIR;
123
-
124
- } else {
125
-
126
- $wp_content_dir = ABSPATH . '/wp-content/';
127
-
128
- }
129
-
130
- $this_test = array(
131
- 'title' => str_replace( ABSPATH, '', $wp_content_dir ),
132
- 'suggestion' => '= 755',
133
- 'value' => substr( sprintf( '%o', fileperms( $wp_content_dir ) ), - 4 ),
134
- );
135
-
136
- if ( ! fileperms( $wp_content_dir ) || 755 != substr( sprintf( '%o', fileperms( $wp_content_dir ) ), - 4 ) ) {
137
-
138
- $this_test['status'] = 'WARNING';
139
-
140
- } else {
141
-
142
- $this_test['status'] = 'OK';
143
-
144
- }
145
-
146
- array_push( $tests, $this_test );
147
-
148
- $wp_upload_dir = wp_upload_dir();
149
-
150
- $this_test = array(
151
- 'title' => str_replace( ABSPATH, '', $wp_upload_dir['basedir'] ),
152
- 'suggestion' => '= 755',
153
- 'value' => substr( sprintf( '%o', fileperms( $wp_upload_dir['basedir'] ) ), - 4 ),
154
- );
155
-
156
- if ( ! fileperms( $wp_upload_dir['basedir'] ) || 755 != substr( sprintf( '%o', fileperms( $wp_upload_dir['basedir'] ) ), - 4 ) ) {
157
-
158
- $this_test['status'] = 'WARNING';
159
-
160
- } else {
161
-
162
- $this_test['status'] = 'OK';
163
-
164
- }
165
-
166
- array_push( $tests, $this_test );
167
- //END FOLDERS
168
-
169
- //BEGIN FILES
170
- $this_test = array(
171
- 'title' => 'wp-config.php',
172
- 'suggestion' => '= 444',
173
- 'value' => substr( sprintf( '%o', fileperms( ITSEC_Lib::get_config() ) ), - 4 ),
174
- );
175
-
176
- if ( ! fileperms( ITSEC_Lib::get_config() ) || 444 != substr( sprintf( '%o', fileperms( ITSEC_Lib::get_config() ) ), - 4 ) ) {
177
-
178
- $this_test['status'] = 'WARNING';
179
-
180
- } else {
181
-
182
- $this_test['status'] = 'OK';
183
-
184
- }
185
-
186
- array_push( $tests, $this_test );
187
-
188
- $this_test = array(
189
- 'title' => '.htaccess',
190
- 'suggestion' => '= 444',
191
- 'value' => substr( sprintf( '%o', fileperms( ITSEC_Lib::get_htaccess() ) ), - 4 ),
192
- );
193
-
194
- if ( ! fileperms( ITSEC_Lib::get_htaccess() ) || 444 != substr( sprintf( '%o', fileperms( ITSEC_Lib::get_htaccess() ) ), - 4 ) ) {
195
-
196
- $this_test['status'] = 'WARNING';
197
-
198
- } else {
199
-
200
- $this_test['status'] = 'OK';
201
-
202
- }
203
-
204
- array_push( $tests, $this_test );
205
- //END FILES
206
-
207
- ?>
208
-
209
- <table class="widefat">
210
- <thead>
211
- <tr class="thead">
212
- <th><?php _e('Relative Path', 'better-wp-security' ); ?></th>
213
- <th><?php _e('Suggestion', 'better-wp-security' ); ?></th>
214
- <th<?php _e('>Value', 'better-wp-security' ); ?></th>
215
- <th><?php _e('Result', 'better-wp-security' ); ?></th>
216
- <th style="width: 60px;"><?php _e('Status', 'better-wp-security' ); ?></th>
217
- </tr>
218
- </thead>
219
- <tfoot>
220
- <tr class="thead">
221
- <th><?php _e('Relative Path', 'better-wp-security' ); ?></th>
222
- <th><?php _e('Suggestion', 'better-wp-security' ); ?></th>
223
- <th><?php _e('Value', 'better-wp-security' ); ?></th>
224
- <th><?php _e('Result', 'better-wp-security' ); ?></th>
225
- <th style="width: 60px;"><?php _e('Status', 'better-wp-security' ); ?></th>
226
- </tr>
227
- </tfoot>
228
- <tbody>
229
-
230
- <?php
231
- foreach ( $tests as $this_test ) {
232
-
233
- echo '<tr class="entry-row alternate">';
234
- echo ' <td>' . $this_test['title'] . '</td>';
235
- echo ' <td>' . $this_test['suggestion'] . '</td>';
236
- echo ' <td>' . $this_test['value'] . '</td>';
237
- echo ' <td>' . $this_test['status'] . '</td>';
238
- echo ' <td>';
239
-
240
- if ( 'OK' == $this_test['status'] ) {
241
-
242
- echo '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
243
-
244
- } elseif ( 'FAIL' == $this_test['status'] ) {
245
-
246
- echo '<div style="background-color: #CF3333; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
247
-
248
- } elseif ( 'WARNING' == $this_test['status'] ) {
249
-
250
- echo '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
251
-
252
- }
253
-
254
- echo ' </td>';
255
- echo '</tr>';
256
- }
257
- ?>
258
- </tbody>
259
- </table>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
core/content/system.php DELETED
@@ -1,330 +0,0 @@
1
- <?php
2
- global $wpdb, $itsec_globals;
3
- $config_file = ITSEC_Lib::get_config();
4
- $htaccess = ITSEC_Lib::get_htaccess();
5
- ?>
6
-
7
- <ul class="itsec-support">
8
- <li>
9
- <h4><?php _e( 'User Information', 'better-wp-security' ); ?></h4>
10
- <ul>
11
- <li><?php _e( 'Public IP Address', 'better-wp-security' ); ?>: <strong><a target="_blank"
12
- title="<?php _e( 'Get more information on this address', 'better-wp-security' ); ?>"
13
- href="http://whois.domaintools.com/<?php echo ITSEC_Lib::get_ip(); ?>"><?php echo ITSEC_Lib::get_ip(); ?></a></strong>
14
- </li>
15
- <li><?php _e( 'User Agent', 'better-wp-security' ); ?>:
16
- <strong><?php echo filter_var( $_SERVER['HTTP_USER_AGENT'], FILTER_SANITIZE_STRING ); ?></strong></li>
17
- </ul>
18
- </li>
19
-
20
- <li>
21
- <h4><?php _e( 'File System Information', 'better-wp-security' ); ?></h4>
22
- <ul>
23
- <li><?php _e( 'Website Root Folder', 'better-wp-security' ); ?>: <strong><?php echo get_site_url(); ?></strong>
24
- </li>
25
- <li><?php _e( 'Document Root Path', 'better-wp-security' ); ?>:
26
- <strong><?php echo filter_var( $_SERVER['DOCUMENT_ROOT'], FILTER_SANITIZE_STRING ); ?></strong></li>
27
- <?php
28
- if ( @is_writable( $htaccess ) ) {
29
-
30
- $copen = '<font color="red">';
31
- $cclose = '</font>';
32
- $htaw = __( 'Yes', 'better-wp-security' );
33
-
34
- } else {
35
-
36
- $copen = '';
37
- $cclose = '';
38
- $htaw = __( 'No.', 'better-wp-security' );
39
-
40
- }
41
- ?>
42
- <li><?php _e( '.htaccess File is Writable', 'better-wp-security' ); ?>:
43
- <strong><?php echo $copen . $htaw . $cclose; ?></strong></li>
44
- <?php
45
- if ( @is_writable( $config_file ) ) {
46
-
47
- $copen = '<font color="red">';
48
- $cclose = '</font>';
49
- $wconf = __( 'Yes', 'better-wp-security' );
50
-
51
- } else {
52
-
53
- $copen = '';
54
- $cclose = '';
55
- $wconf = __( 'No.', 'better-wp-security' );
56
-
57
- }
58
- ?>
59
- <li><?php _e( 'wp-config.php File is Writable', 'better-wp-security' ); ?>:
60
- <strong><?php echo $copen . $wconf . $cclose; ?></strong></li>
61
- </ul>
62
- </li>
63
-
64
- <li>
65
- <h4><?php _e( 'Database Information', 'better-wp-security' ); ?></h4>
66
- <?php
67
- $use_mysqli = $wpdb->use_mysqli;
68
- $mysql_server_version = $wpdb->get_var( "SELECT VERSION() AS version" );
69
-
70
- if ( $use_mysqli && is_callable( 'mysqli_get_client_info' ) ) {
71
- $mysql_client_version = mysqli_get_client_info();
72
- } else if ( ! $use_mysqli && is_callable( 'mysql_get_client_info' ) ) {
73
- $mysql_client_version = mysql_get_client_info();
74
- } else {
75
- $mysql_client_version = __( 'Unknown', 'unknown MySQL version', 'better-wp-security' );
76
- }
77
-
78
- $sql_mode = $wpdb->get_var( "SHOW VARIABLES LIKE 'sql_mode'", 1 );
79
-
80
- if ( empty( $sql_mode ) ) {
81
- $sql_mode = __( 'Not Set', 'better-wp-security' );
82
- }
83
- ?>
84
- <ul>
85
- <li><?php _e( 'MySQL Database Version', 'better-wp-security' ); ?>: <strong><?php echo esc_html( $mysql_server_version ); ?></strong></li>
86
- <li><?php _e( 'MySQL Client Version', 'better-wp-security' ); ?>: <strong><?php echo esc_html( $mysql_client_version ); ?></strong></li>
87
- <li><?php _e( 'Database Host', 'better-wp-security' ); ?>: <strong><?php echo esc_html( DB_HOST ); ?></strong></li>
88
- <li><?php _e( 'Database Name', 'better-wp-security' ); ?>: <strong><?php echo esc_html( DB_NAME ); ?></strong></li>
89
- <li><?php _e( 'Database User', 'better-wp-security' ); ?>: <strong><?php echo esc_html( DB_USER ); ?></strong></li>
90
- <li><?php _e( 'Use MySQLi', 'better-wp-security' ); ?>: <strong><?php echo esc_html( $use_mysqli ? __( 'Yes', 'better-wp-security' ) : __( 'No', 'better-wp-security' ) ); ?></strong></li>
91
- <li><?php _e( 'SQL Mode', 'better-wp-security' ); ?>: <strong><?php echo esc_html( $sql_mode ); ?></strong></li>
92
- </ul>
93
- </li>
94
-
95
- <li>
96
- <h4><?php _e( 'Server Information', 'better-wp-security' ); ?></h4>
97
- <?php $server_addr = array_key_exists( 'SERVER_ADDR', $_SERVER ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']; ?>
98
- <ul>
99
- <li><?php _e( 'Server / Website IP Address', 'better-wp-security' ); ?>: <strong><a target="_blank"
100
- title="<?php _e( 'Get more information on this address', 'better-wp-security' ); ?>"
101
- href="http://whois.domaintools.com/<?php echo $server_addr; ?>"><?php echo $server_addr; ?></a></strong>
102
- </li>
103
- <li><?php _e( 'Server Type', 'better-wp-security' ); ?>:
104
- <strong><?php echo filter_var( filter_var( $_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING ), FILTER_SANITIZE_STRING ); ?></strong>
105
- </li>
106
- <li><?php _e( 'Operating System', 'better-wp-security' ); ?>: <strong><?php echo PHP_OS; ?></strong></li>
107
- <li><?php _e( 'Browser Compression Supported', 'better-wp-security' ); ?>:
108
- <strong><?php echo filter_var( $_SERVER['HTTP_ACCEPT_ENCODING'], FILTER_SANITIZE_STRING ); ?></strong></li>
109
- <?php
110
- // from backupbuddy
111
-
112
- $disabled_functions = @ini_get( 'disable_functions' );
113
-
114
- if ( $disabled_functions == '' || $disabled_functions === false ) {
115
- $disabled_functions = '<i>(' . __( 'none', 'better-wp-security' ) . ')</i>';
116
- }
117
-
118
- $disabled_functions = str_replace( ', ', ',', $disabled_functions ); // Normalize spaces or lack of spaces between disabled functions.
119
- $disabled_functions_array = explode( ',', $disabled_functions );
120
-
121
- $php_uid = __( 'unavailable', 'better-wp-security' );
122
- $php_user = __( 'unavailable', 'better-wp-security' );
123
-
124
- if ( is_callable( 'posix_geteuid' ) && ( false === in_array( 'posix_geteuid', $disabled_functions_array ) ) ) {
125
-
126
- $php_uid = @posix_geteuid();
127
-
128
- if ( is_callable( 'posix_getpwuid' ) && ( false === in_array( 'posix_getpwuid', $disabled_functions_array ) ) ) {
129
-
130
- $php_user = @posix_getpwuid( $php_uid );
131
- $php_user = $php_user['name'];
132
-
133
- }
134
- }
135
-
136
- $php_gid = __( 'undefined', 'better-wp-security' );
137
-
138
- if ( is_callable( 'posix_getegid' ) && ( false === in_array( 'posix_getegid', $disabled_functions_array ) ) ) {
139
- $php_gid = @posix_getegid();
140
- }
141
-
142
- ?>
143
- <li><?php _e( 'PHP Process User (UID:GID)', 'better-wp-security' ); ?>:
144
- <strong><?php echo $php_user . ' (' . $php_uid . ':' . $php_gid . ')'; ?></strong></li>
145
- </ul>
146
- </li>
147
-
148
- <li>
149
- <h4><?php _e( 'PHP Information', 'better-wp-security' ); ?></h4>
150
- <ul>
151
- <li><?php _e( 'PHP Version', 'better-wp-security' ); ?>: <strong><?php echo PHP_VERSION; ?></strong></li>
152
- <li><?php _e( 'PHP Memory Usage', 'better-wp-security' ); ?>:
153
- <strong><?php echo round( memory_get_usage() / 1024 / 1024, 2 ) . __( ' MB', 'better-wp-security' ); ?></strong>
154
- </li>
155
- <?php
156
- if ( ini_get( 'memory_limit' ) ) {
157
- $memory_limit = filter_var( ini_get( 'memory_limit' ), FILTER_SANITIZE_STRING );
158
- } else {
159
- $memory_limit = __( 'N/A', 'better-wp-security' );
160
- }
161
- ?>
162
- <li><?php _e( 'PHP Memory Limit', 'better-wp-security' ); ?>: <strong><?php echo $memory_limit; ?></strong></li>
163
- <?php
164
- if ( ini_get( 'upload_max_filesize' ) ) {
165
- $upload_max = filter_var( ini_get( 'upload_max_filesize' ), FILTER_SANITIZE_STRING );
166
- } else {
167
- $upload_max = __( 'N/A', 'better-wp-security' );
168
- }
169
- ?>
170
- <li><?php _e( 'PHP Max Upload Size', 'better-wp-security' ); ?>: <strong><?php echo $upload_max; ?></strong></li>
171
- <?php
172
- if ( ini_get( 'post_max_size' ) ) {
173
- $post_max = filter_var( ini_get( 'post_max_size' ), FILTER_SANITIZE_STRING );
174
- } else {
175
- $post_max = __( 'N/A', 'better-wp-security' );
176
- }
177
- ?>
178
- <li><?php _e( 'PHP Max Post Size', 'better-wp-security' ); ?>: <strong><?php echo $post_max; ?></strong></li>
179
- <?php
180
- if ( ini_get( 'safe_mode' ) ) {
181
- $safe_mode = __( 'On', 'better-wp-security' );
182
- } else {
183
- $safe_mode = __( 'Off', 'better-wp-security' );
184
- }
185
- ?>
186
- <li><?php _e( 'PHP Safe Mode', 'better-wp-security' ); ?>: <strong><?php echo $safe_mode; ?></strong></li>
187
- <?php
188
- if ( ini_get( 'allow_url_fopen' ) ) {
189
- $allow_url_fopen = __( 'On', 'better-wp-security' );
190
- } else {
191
- $allow_url_fopen = __( 'Off', 'better-wp-security' );
192
- }
193
- ?>
194
- <li><?php _e( 'PHP Allow URL fopen', 'better-wp-security' ); ?>: <strong><?php echo $allow_url_fopen; ?></strong>
195
- </li>
196
- <?php
197
- if ( ini_get( 'allow_url_include' ) ) {
198
- $allow_url_include = __( 'On', 'better-wp-security' );
199
- } else {
200
- $allow_url_include = __( 'Off', 'better-wp-security' );
201
- }
202
- ?>
203
- <li><?php _e( 'PHP Allow URL Include' ); ?>: <strong><?php echo $allow_url_include; ?></strong></li>
204
- <?php
205
- if ( ini_get( 'display_errors' ) ) {
206
- $display_errors = __( 'On', 'better-wp-security' );
207
- } else {
208
- $display_errors = __( 'Off', 'better-wp-security' );
209
- }
210
- ?>
211
- <li><?php _e( 'PHP Display Errors', 'better-wp-security' ); ?>: <strong><?php echo $display_errors; ?></strong>
212
- </li>
213
- <?php
214
- if ( ini_get( 'display_startup_errors' ) ) {
215
- $display_startup_errors = __( 'On', 'better-wp-security' );
216
- } else {
217
- $display_startup_errors = __( 'Off', 'better-wp-security' );
218
- }
219
- ?>
220
- <li><?php _e( 'PHP Display Startup Errors', 'better-wp-security' ); ?>:
221
- <strong><?php echo $display_startup_errors; ?></strong></li>
222
- <?php
223
- if ( ini_get( 'expose_php' ) ) {
224
- $expose_php = __( 'On', 'better-wp-security' );
225
- } else {
226
- $expose_php = __( 'Off', 'better-wp-security' );
227
- }
228
- ?>
229
- <li><?php _e( 'PHP Expose PHP', 'better-wp-security' ); ?>: <strong><?php echo $expose_php; ?></strong></li>
230
- <?php
231
- if ( ini_get( 'register_globals' ) ) {
232
- $register_globals = __( 'On', 'better-wp-security' );
233
- } else {
234
- $register_globals = __( 'Off', 'better-wp-security' );
235
- }
236
- ?>
237
- <li><?php _e( 'PHP Register Globals', 'better-wp-security' ); ?>: <strong><?php echo $register_globals; ?></strong></li>
238
- <?php
239
- if ( ini_get( 'max_execution_time' ) ) {
240
- $max_execute = filter_var( ini_get( 'max_execution_time' ) );
241
- } else {
242
- $max_execute = __( 'N/A', 'better-wp-security' );
243
- }
244
- ?>
245
- <li><?php _e( 'PHP Max Script Execution Time' ); ?>:
246
- <strong><?php echo $max_execute; ?> <?php _e( 'Seconds' ); ?></strong></li>
247
- <?php
248
- if ( ini_get( 'magic_quotes_gpc' ) ) {
249
- $magic_quotes_gpc = __( 'On', 'better-wp-security' );
250
- } else {
251
- $magic_quotes_gpc = __( 'Off', 'better-wp-security' );
252
- }
253
- ?>
254
- <li><?php _e( 'PHP Magic Quotes GPC', 'better-wp-security' ); ?>: <strong><?php echo $magic_quotes_gpc; ?></strong></li>
255
- <?php
256
- if ( ini_get( 'open_basedir' ) ) {
257
- $open_basedir = __( 'On', 'better-wp-security' );
258
- } else {
259
- $open_basedir = __( 'Off', 'better-wp-security' );
260
- }
261
- ?>
262
- <li><?php _e( 'PHP open_basedir', 'better-wp-security' ); ?>: <strong><?php echo $open_basedir; ?></strong></li>
263
- <?php
264
- if ( is_callable( 'xml_parser_create' ) ) {
265
- $xml = __( 'Yes', 'better-wp-security' );
266
- } else {
267
- $xml = __( 'No', 'better-wp-security' );
268
- }
269
- ?>
270
- <li><?php _e( 'PHP XML Support', 'better-wp-security' ); ?>: <strong><?php echo $xml; ?></strong></li>
271
- <?php
272
- if ( is_callable( 'iptcparse' ) ) {
273
- $iptc = __( 'Yes', 'better-wp-security' );
274
- } else {
275
- $iptc = __( 'No', 'better-wp-security' );
276
- }
277
- ?>
278
- <li><?php _e( 'PHP IPTC Support', 'better-wp-security' ); ?>: <strong><?php echo $iptc; ?></strong></li>
279
- <?php
280
- if ( is_callable( 'exif_read_data' ) ) {
281
- $exif = __( 'Yes', 'better-wp-security' ) . " ( V" . substr( phpversion( 'exif' ), 0, 4 ) . ")";
282
- } else {
283
- $exif = __( 'No', 'better-wp-security' );
284
- }
285
- ?>
286
- <li><?php _e( 'PHP Exif Support', 'better-wp-security' ); ?>: <strong><?php echo $exif; ?></strong></li>
287
- <?php $disabled_functions = str_replace( ',', ', ', $disabled_functions ); // Normalize spaces or lack of spaces between disabled functions. ?>
288
- <li><?php _e( 'Disabled PHP Functions', 'better-wp-security' ); ?>: <strong><?php echo $disabled_functions; ?></strong></li>
289
- </ul>
290
- </li>
291
-
292
- <li>
293
- <h4><?php _e( 'WordPress Configuration', 'better-wp-security' ); ?></h4>
294
- <ul>
295
- <?php
296
- if ( is_multisite() ) {
297
- $multSite = __( 'Multisite is enabled', 'better-wp-security' );
298
- } else {
299
- $multSite = __( 'Multisite is NOT enabled', 'better-wp-security' );
300
- }
301
- ?>
302
- <li><?php _e( ' Multisite', 'better-wp-security' ); ?>: <strong><?php echo $multSite; ?></strong></li>
303
- <?php
304
- if ( get_option( 'permalink_structure' ) != '' ) {
305
- $copen = '';
306
- $cclose = '';
307
- $permalink_structure = __( 'Enabled', 'better-wp-security' );
308
- } else {
309
- $copen = '<font color="red">';
310
- $cclose = '</font>';
311
- $permalink_structure = __( 'WARNING! Permalinks are NOT Enabled. Permalinks MUST be enabled for this plugin to function correctly', 'better-wp-security' );
312
- }
313
- ?>
314
- <li><?php _e( 'WP Permalink Structure', 'better-wp-security' ); ?>:
315
- <strong> <?php echo $copen . $permalink_structure . $cclose; ?></strong></li>
316
- <li><?php _e( 'wp-config.php Location', 'better-wp-security' ); ?>: <strong><?php echo $config_file ?></strong></li>
317
- <?php $active_plugins = implode( ', ', get_option( 'active_plugins' ) ); ?>
318
- <li><?php _e( 'Active Plugins', 'better-wp-security' ); ?>: <strong><?php echo $active_plugins ?></strong></li>
319
- <li><?php _e( 'Content Directory', 'better-wp-security' ); ?>: <strong><?php echo WP_CONTENT_DIR ?></strong></li>
320
- </ul>
321
- </li>
322
- <li>
323
- <h4><?php echo $itsec_globals['plugin_name'] . __( ' variables', 'better-wp-security' ); ?></h4>
324
- <ul>
325
- <li><?php _e( 'Build Version', 'better-wp-security' ); ?>: <strong><?php echo ITSEC_Core::get_plugin_build(); ?></strong><br/>
326
- <em><?php _e( 'Note: this is NOT the same as the version number on the plugin page or WordPress.org page and is instead used for support.', 'better-wp-security' ); ?></em>
327
- </li>
328
- </ul>
329
- </li>
330
- </ul>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
core/css/itsec_notice.css CHANGED
@@ -47,6 +47,12 @@
47
  position: inherit;
48
  }
49
 
 
 
 
 
 
 
50
  .itsec_notice_text {
51
  display: block;
52
  margin: 10px 0 10px 0;
47
  position: inherit;
48
  }
49
 
50
+ .itsec-two-factor-notice .itsec-notice-button.itsec-notice-hide {
51
+ background-color: #C9DEEC;
52
+ color: #7F9DB1;
53
+ border-color: #9FBCD0;
54
+ }
55
+
56
  .itsec_notice_text {
57
  display: block;
58
  margin: 10px 0 10px 0;
core/history.txt CHANGED
@@ -408,3 +408,11 @@
408
  New Feature: Added a new Security Check section on the settings page. This new feature adds a tool to quickly ensure that the recommended features are enabled and the recommended settings are used.
409
  Bug Fix: Fixed the ability to remove the itsec_away.confg file in order to disable Away Mode.
410
  Enhancement: The "Ban Lists" setting of Banned Users is now enabled by default.
 
 
 
 
 
 
 
 
408
  New Feature: Added a new Security Check section on the settings page. This new feature adds a tool to quickly ensure that the recommended features are enabled and the recommended settings are used.
409
  Bug Fix: Fixed the ability to remove the itsec_away.confg file in order to disable Away Mode.
410
  Enhancement: The "Ban Lists" setting of Banned Users is now enabled by default.
411
+ 2.5.1 - 2016-07-12 - Chris Jean & Aaron D. Campbell
412
+ Enhancement: Improved styling of the two-factor authentication notice.
413
+ 2.5.2 - 2016-08-09 - Chris Jean & Aaron D. Campbell
414
+ Bug Fix: Fixed a potential logging issue that could prevent some lockout notices from being properly logged on non-English sites.
415
+ Bug Fix: Prevented some notices from displaying to users who do not need to see them.
416
+ Bug Fix: Limited notices to only display on specific pages on the dashboard.
417
+ Compatibility Fix: Changed name of the $HTTP_RAW_POST_DATA variable to avoid erroneously tripping PHP 7 compatibility checks.
418
+ Code Cleanup: Removed legacy code that is no longer needed.
core/lib/class-itsec-lib-user-activity.php ADDED
@@ -0,0 +1,52 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ final class ITSEC_Lib_User_Activity {
4
+ private static $instance;
5
+
6
+ private $user_id = false;
7
+
8
+ private function __construct() {
9
+ if ( did_action( 'init' ) ) {
10
+ $this->identify_user();
11
+ } else {
12
+ add_action( 'init', array( $this, 'identify_user' ) );
13
+ }
14
+ }
15
+
16
+ public static function get_instance() {
17
+ if ( ! self::$instance ) {
18
+ self::$instance = new self;
19
+ }
20
+
21
+ return self::$instance;
22
+ }
23
+
24
+ public function get_last_seen( $user_id = false ) {
25
+ if ( false === $user_id ) {
26
+ $user_id = get_current_user_id();
27
+ }
28
+
29
+ if ( 0 === $user_id ) {
30
+ return false;
31
+ }
32
+
33
+ return get_user_meta( $user_id, 'itsec_user_activity_last_seen', true );
34
+ }
35
+
36
+ public function identify_user() {
37
+ $this->user_id = get_current_user_id();
38
+
39
+ if ( 0 !== $this->user_id ) {
40
+ add_action( 'shutdown', array( $this, 'update_last_seen' ), 0 );
41
+ }
42
+ }
43
+
44
+ public function update_last_seen() {
45
+ $last_seen = $this->get_last_seen( $this->user_id );
46
+
47
+ if ( $last_seen < time() - HOUR_IN_SECONDS ) {
48
+ update_user_meta( $this->user_id, 'itsec_user_activity_last_seen', time() );
49
+ }
50
+ }
51
+ }
52
+ ITSEC_Lib_User_Activity::get_instance();
core/modules/global/active.php CHANGED
@@ -7,7 +7,7 @@ add_action( 'itsec_white_ips', 'itsec_global_filter_whitelisted_ips', 0 );
7
 
8
 
9
  function itsec_global_add_notice() {
10
- if ( ITSEC_Modules::get_setting( 'global', 'show_new_dashboard_notice' ) ) {
11
  ITSEC_Core::add_notice( 'itsec_global_show_new_dashboard_notice' );
12
  }
13
  }
@@ -32,7 +32,7 @@ add_action( 'wp_ajax_itsec-dismiss-notice-new_dashboard', 'itsec_global_dismiss_
32
 
33
 
34
  function itsec_network_brute_force_add_notice() {
35
- if ( ITSEC_Modules::get_setting( 'network-brute-force', 'api_nag' ) ) {
36
  ITSEC_Core::add_notice( 'itsec_network_brute_force_show_notice' );
37
  }
38
  }
7
 
8
 
9
  function itsec_global_add_notice() {
10
+ if ( ITSEC_Modules::get_setting( 'global', 'show_new_dashboard_notice' ) && current_user_can( ITSEC_Core::get_required_cap() ) ) {
11
  ITSEC_Core::add_notice( 'itsec_global_show_new_dashboard_notice' );
12
  }
13
  }
32
 
33
 
34
  function itsec_network_brute_force_add_notice() {
35
+ if ( ITSEC_Modules::get_setting( 'network-brute-force', 'api_nag' ) && current_user_can( ITSEC_Core::get_required_cap() ) ) {
36
  ITSEC_Core::add_notice( 'itsec_network_brute_force_show_notice' );
37
  }
38
  }
core/modules/ipcheck/class-itsec-ipcheck.php CHANGED
@@ -159,7 +159,7 @@ class ITSEC_IPCheck {
159
  $expiration = date( 'Y-m-d H:i:s', $itsec_globals['current_time'] + $cache );
160
  $expiration_gmt = date( 'Y-m-d H:i:s', $itsec_globals['current_time_gmt'] + $cache );
161
 
162
- $itsec_logger->log_event( __( 'lockout', 'better-wp-security' ), 10, array(
163
  'expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => 'host'
164
  ), $ip );
165
 
@@ -323,7 +323,7 @@ class ITSEC_IPCheck {
323
  $expiration = date( 'Y-m-d H:i:s', $itsec_globals['current_time'] + $cache );
324
  $expiration_gmt = date( 'Y-m-d H:i:s', $itsec_globals['current_time_gmt'] + $cache );
325
 
326
- $itsec_logger->log_event( __( 'lockout', 'better-wp-security' ), 10, array(
327
  'expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => 'host'
328
  ), $ip );
329
 
159
  $expiration = date( 'Y-m-d H:i:s', $itsec_globals['current_time'] + $cache );
160
  $expiration_gmt = date( 'Y-m-d H:i:s', $itsec_globals['current_time_gmt'] + $cache );
161
 
162
+ $itsec_logger->log_event( 'lockout', 10, array(
163
  'expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => 'host'
164
  ), $ip );
165
 
323
  $expiration = date( 'Y-m-d H:i:s', $itsec_globals['current_time'] + $cache );
324
  $expiration_gmt = date( 'Y-m-d H:i:s', $itsec_globals['current_time_gmt'] + $cache );
325
 
326
+ $itsec_logger->log_event( 'lockout', 10, array(
327
  'expires' => $expiration, 'expires_gmt' => $expiration_gmt, 'type' => 'host'
328
  ), $ip );
329
 
core/modules/pro/settings-page.php CHANGED
@@ -68,6 +68,25 @@ final class ITSEC_Recaptcha_Settings_Page extends ITSEC_Module_Settings_Page {
68
  new ITSEC_Recaptcha_Settings_Page();
69
 
70
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
71
  final class ITSEC_Two_Factor_Settings_Page extends ITSEC_Module_Settings_Page {
72
  public function __construct() {
73
  $this->id = 'two-factor';
@@ -100,20 +119,17 @@ final class ITSEC_User_Logging_Settings_Page extends ITSEC_Module_Settings_Page
100
  new ITSEC_User_Logging_Settings_Page();
101
 
102
 
103
- final class ITSEC_Import_Export_Settings_Page extends ITSEC_Module_Settings_Page {
104
- private $version = 1;
105
-
106
-
107
  public function __construct() {
108
- $this->id = 'import-export';
109
- $this->title = __( 'Settings Import and Export', 'better-wp-security' );
110
- $this->description = __( 'Export your settings as a backup or to import on other sites for quicker setup.', 'better-wp-security' );
111
  $this->type = 'recommended';
112
  $this->pro = true;
113
  $this->upsell = true;
114
- $this->upsell_url = 'https://ithemes.com/security/import-export-settings/?utm_source=wordpressadmin&utm_medium=widget&utm_campaign=itsecfreecta';
115
 
116
  parent::__construct();
117
  }
118
  }
119
- new ITSEC_Import_Export_Settings_Page();
68
  new ITSEC_Recaptcha_Settings_Page();
69
 
70
 
71
+ final class ITSEC_Import_Export_Settings_Page extends ITSEC_Module_Settings_Page {
72
+ private $version = 1;
73
+
74
+
75
+ public function __construct() {
76
+ $this->id = 'import-export';
77
+ $this->title = __( 'Settings Import and Export', 'better-wp-security' );
78
+ $this->description = __( 'Export your settings as a backup or to import on other sites for quicker setup.', 'better-wp-security' );
79
+ $this->type = 'recommended';
80
+ $this->pro = true;
81
+ $this->upsell = true;
82
+ $this->upsell_url = 'https://ithemes.com/security/import-export-settings/?utm_source=wordpressadmin&utm_medium=widget&utm_campaign=itsecfreecta';
83
+
84
+ parent::__construct();
85
+ }
86
+ }
87
+ new ITSEC_Import_Export_Settings_Page();
88
+
89
+
90
  final class ITSEC_Two_Factor_Settings_Page extends ITSEC_Module_Settings_Page {
91
  public function __construct() {
92
  $this->id = 'two-factor';
119
  new ITSEC_User_Logging_Settings_Page();
120
 
121
 
122
+ final class ITSEC_User_Security_Check_Settings_Page extends ITSEC_Module_Settings_Page {
 
 
 
123
  public function __construct() {
124
+ $this->id = 'user-security-check';
125
+ $this->title = __( 'User Security Check', 'better-wp-security' );
126
+ $this->description = __( 'Every user on your site affects overall security. See how your users might be affecting your security and take action when needed.', 'better-wp-security' );
127
  $this->type = 'recommended';
128
  $this->pro = true;
129
  $this->upsell = true;
130
+ $this->upsell_url = 'https://ithemes.com/security/wordpress-user-security-check/?utm_source=wordpressadmin&utm_medium=widget&utm_campaign=itsecfreecta';
131
 
132
  parent::__construct();
133
  }
134
  }
135
+ new ITSEC_User_Security_Check_Settings_Page();
history.txt CHANGED
@@ -534,3 +534,11 @@
534
  New Feature: Added a new Security Check section on the settings page. This new feature adds a tool to quickly ensure that the recommended features are enabled and the recommended settings are used.
535
  Bug Fix: Fixed the ability to remove the itsec_away.confg file in order to disable Away Mode.
536
  Enhancement: The "Ban Lists" setting of Banned Users is now enabled by default.
 
 
 
 
 
 
 
 
534
  New Feature: Added a new Security Check section on the settings page. This new feature adds a tool to quickly ensure that the recommended features are enabled and the recommended settings are used.
535
  Bug Fix: Fixed the ability to remove the itsec_away.confg file in order to disable Away Mode.
536
  Enhancement: The "Ban Lists" setting of Banned Users is now enabled by default.
537
+ 5.6.1 - 2016-08-10 - Chris Jean & Aaron D. Campbell
538
+ Bug Fix: Fixed a potential logging issue that could prevent some lockout notices from being properly logged on non-English sites.
539
+ Bug Fix: Prevented some notices from displaying to users who do not need to see them.
540
+ Bug Fix: Limited notices to only display on specific pages on the dashboard.
541
+ Compatibility Fix: Changed name of the $HTTP_RAW_POST_DATA variable to avoid erroneously tripping PHP 7 compatibility checks.
542
+ Code Cleanup: Removed legacy code that is no longer needed.
543
+ Enhancement: Started tracking when a user was last seen as logged in and active for future use.
544
+ Misc: Added a placeholder for the Pro feature "User Security Check".
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: ithemes, chrisjean, aaroncampbell, gerroald, mattdanner
3
  Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4
  Requires at least: 4.1
5
- Tested up to: 4.5.2
6
- Stable tag: 5.6.0
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -188,6 +188,15 @@ Free support may be available with the help of the community in the <a href="htt
188
 
189
  == Changelog ==
190
 
 
 
 
 
 
 
 
 
 
191
  = 5.6.0 =
192
  * New Feature: Added a new Security Check section on the settings page. This new feature adds a tool to quickly ensure that the recommended features are enabled and the recommended settings are used.
193
  * Bug Fix: Fixed the ability to remove the itsec_away.confg file in order to disable Away Mode.
@@ -1559,6 +1568,9 @@ This release is a complete rewrite from the ground up. Special thanks to Cory Mi
1559
 
1560
  == Upgrade Notice ==
1561
 
 
 
 
1562
  = 5.6.0 =
1563
  Version 5.6.0 contains a new feature to quickly apply recommended settings. It is recommended for all users.
1564
 
@@ -1594,3 +1606,78 @@ Version 5.3.5 contains minor bugfixes and enhancements and is recommended for al
1594
 
1595
  = 5.3.4 =
1596
  Version 5.3.4 contains minor bugfixes and enhancements and is recommended for all users.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
  Contributors: ithemes, chrisjean, aaroncampbell, gerroald, mattdanner
3
  Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4
  Requires at least: 4.1
5
+ Tested up to: 4.6
6
+ Stable tag: 5.6.1
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
188
 
189
  == Changelog ==
190
 
191
+ = 5.6.1 =
192
+ * Bug Fix: Fixed a potential logging issue that could prevent some lockout notices from being properly logged on non-English sites.
193
+ * Bug Fix: Prevented some notices from displaying to users who do not need to see them.
194
+ * Bug Fix: Limited notices to only display on specific pages on the dashboard.
195
+ * Compatibility Fix: Changed name of the $HTTP_RAW_POST_DATA variable to avoid erroneously tripping PHP 7 compatibility checks.
196
+ * Code Cleanup: Removed legacy code that is no longer needed.
197
+ * Enhancement: Started tracking when a user was last seen as logged in and active for future use.
198
+ * Misc: Added a placeholder for the Pro feature "User Security Check".
199
+
200
  = 5.6.0 =
201
  * New Feature: Added a new Security Check section on the settings page. This new feature adds a tool to quickly ensure that the recommended features are enabled and the recommended settings are used.
202
  * Bug Fix: Fixed the ability to remove the itsec_away.confg file in order to disable Away Mode.
1568
 
1569
  == Upgrade Notice ==
1570
 
1571
+ = 5.6.1 =
1572
+ Version 5.6.1 contains bug fixes and PHP 7 compatibility changes. It is recommended for all users.
1573
+
1574
  = 5.6.0 =
1575
  Version 5.6.0 contains a new feature to quickly apply recommended settings. It is recommended for all users.
1576
 
1606
 
1607
  = 5.3.4 =
1608
  Version 5.3.4 contains minor bugfixes and enhancements and is recommended for all users.
1609
+
1610
+ = 4.6.8 =
1611
+ Version 4.6.8 contains minor bugfixes and enhancements and is recommended for all users.
1612
+
1613
+ = 4.6.6 =
1614
+ Version 4.6.6 contains minor bugfixes and is recommended for all users.
1615
+
1616
+ = 4.6.2 =
1617
+ Version 4.6.2 contains new features and enhancements and is recommended for all users.
1618
+
1619
+ = 4.5.10 =
1620
+ Version 4.5.10 contains minor bugfixes and is recommended for all users.
1621
+
1622
+ = 4.5.8 =
1623
+ Version 4.5.8 contains minor bugfixes and enhancements and is recommended for all users.
1624
+
1625
+ = 4.5.6 =
1626
+ Version 4.5.6 contains a minor bugfix and is recommended for all users.
1627
+
1628
+ = 4.5.2 =
1629
+ Version 4.5.2 is a feature and bug-fix release addressing numerous minor bugs affecting some users. It is recommended for all users.
1630
+
1631
+ = 4.4.23 =
1632
+ Version 4.4.23 contains a security update and is recommended for all users.
1633
+
1634
+ = 4.4.21 =
1635
+ Version 4.4.21 contains a fix to an issue that affects daylight savings time as well as other minor bug fixes. It is recommended for all users.
1636
+
1637
+ = 4.4.20 =
1638
+ Version 4.4.20 contains a minor bugfix and is recommended for all users.
1639
+
1640
+ = 4.4.18 =
1641
+ Version 4.4.18 contains a minor bugfix and is recommended for all users.
1642
+
1643
+ = 4.4.16 =
1644
+ Version 4.4.16 is a bug-fix release addressing numerous minor bugs affecting some users. It is recommended for all users.
1645
+
1646
+ = 4.4.15 =
1647
+ Version 4.4.15 is a bug-fix release addressing numerous minor bugs affecting some users. It is recommended for all users.
1648
+
1649
+ = 4.4.13 =
1650
+ Version 4.4.13 is a bug-fix release addressing numerous minor bugs affecting some users. It is recommended for all users.
1651
+
1652
+ = 4.4.11 =
1653
+ Version 4.4.11 is a bug-fix release addressing numerous minor bugs affecting some users. It is recommended for all users.
1654
+
1655
+ = 4.4.9 =
1656
+ Version 4.4.9 is a bugfix release for the free version and contains new features for pro users. It is a recommended update for all users.
1657
+
1658
+ = 4.4.6 =
1659
+ Version 4.4.6 adds new features, enhancements, bug fixes and more. It is recommended for all users.
1660
+
1661
+ = 4.3.11 =
1662
+ Version 4.3.11 contains a security fix and should be installed by all users.
1663
+
1664
+ = 4.3.9 =
1665
+ Version 4.3.9 is a bug-fix release addressing numerous minor bugs affecting some users. It is recommended for all users.
1666
+
1667
+ = 4.3.7 =
1668
+ Version 4.3.7 adds malware scheduling and other features as well as numerous minor bugfixes and enhancements. It is recommended for all users.
1669
+
1670
+ = 4.3.3 =
1671
+ Version 4.3.3 adds malware scheduling and other features as well as numerous minor bugfixes and enhancements. It is recommended for all users.
1672
+
1673
+ = 4.2.15 =
1674
+ Version 4.2.15 delivers fixes for minor bugs experienced by some users.
1675
+
1676
+ = 4.2.13 =
1677
+ Version 4.2.13 delivers fixes for minor bugs experienced by some users.
1678
+
1679
+ = 4.2.8 =
1680
+ Version 4.2.8 delivers fixes for minor bugs and some enhancements including the ability to whitelist file types in 404 detection.
1681
+
1682
+ = 4.2.6 =
1683
+ Better WP Security is now iThemes Security with new features and a greatly improved code base. We recommend disabling Better WP Security before upgrading to 4.2.6 if you are not already on 4.0 or greater.