iThemes Security (formerly Better WP Security) - Version 6.2.0

Version Description

  • Enhancement: Improved plugin performance by reducing the number of queries made on each page.
    • Enhancement: Reduced memory and CPU usage due to various code improvements.
    • Bug Fix: A database backup will no longer be created when first activating the plugin.
    • Bug Fix: Added compatibility for MySQL strict mode in database creation syntax.
    • Bug Fix: Removed warning about a "non well formed numeric value encountered" in PHP 7.1.
    • Bug Fix: Modifications to wp-config.php, .htaccess, and nginx.conf files are now properly re-added upon reactivation.
    • Bug Fix: Fixed full settings for Hide Backend being displayed after disabling the feature and saving the settings.
    • Bug Fix: Enabling or disabling the Hide Backend feature will update the "Log Out" link so that it works as expected without having to load a new page.
    • Bug Fix: Enabling or disabling the Hide Backend feature now properly updates the .htaccess/nginx.conf file on enable and disable rather than at some future point.
    • Bug Fix: Fixed issue that could cause improper database table creation on multisite sites.
    • Bug Fix: Fixed a bug that could prevent settings from saving properly if the site was migrated to a new server or a new home path on the server.
Download this release

Release Info

Developer chrisjean
Plugin Icon 128x128 iThemes Security (formerly Better WP Security)
Version 6.2.0
Comparing to
See all releases

Code changes from version 6.1.1 to 6.2.0

Files changed (63) hide show
  1. better-wp-security.php +2 -2
  2. core/admin-pages/js/script.js +1 -0
  3. core/admin-pages/page-settings.php +2 -2
  4. core/class-itsec-core.php +82 -253
  5. core/class-itsec-lib.php +8 -6
  6. core/class-itsec-modules.php +10 -5
  7. core/class-itsec-notify.php +43 -64
  8. core/class-itsec-setup.php +200 -363
  9. core/history.txt +13 -0
  10. core/lib/class-itsec-lib-config-file.php +0 -2
  11. core/lib/storage.php +5 -1
  12. core/lib/validator.php +87 -87
  13. core/modules/404-detection/init.php +0 -3
  14. core/modules/admin-user/init.php +0 -3
  15. core/modules/away-mode/init.php +0 -3
  16. core/modules/away-mode/setup.php +2 -2
  17. core/modules/away-mode/utilities.php +0 -2
  18. core/modules/backup/class-itsec-backup.php +6 -8
  19. core/modules/backup/init.php +0 -3
  20. core/modules/backup/setup.php +16 -7
  21. core/modules/ban-users/init.php +3 -6
  22. core/modules/ban-users/setup.php +3 -7
  23. core/modules/brute-force/init.php +0 -3
  24. core/modules/content-directory/init.php +0 -3
  25. core/modules/content-directory/utility.php +68 -68
  26. core/modules/core/init.php +0 -3
  27. core/modules/core/setup.php +6 -8
  28. core/modules/database-prefix/init.php +0 -3
  29. core/modules/database-prefix/utility.php +14 -14
  30. core/modules/file-change/class-itsec-file-change.php +2 -6
  31. core/modules/file-change/init.php +0 -3
  32. core/modules/file-change/scanner.php +4 -10
  33. core/modules/file-change/settings-page.php +0 -2
  34. core/modules/file-permissions/init.php +0 -3
  35. core/modules/file-writing/init.php +0 -3
  36. core/modules/global/init.php +0 -3
  37. core/modules/global/settings.php +4 -11
  38. core/modules/global/setup.php +39 -0
  39. core/modules/global/validator.php +22 -14
  40. core/modules/hide-backend/class-itsec-hide-backend.php +10 -14
  41. core/modules/hide-backend/config-generators.php +21 -9
  42. core/modules/hide-backend/init.php +0 -3
  43. core/modules/hide-backend/js/index.php +1 -0
  44. core/modules/hide-backend/js/settings-page.js +5 -0
  45. core/modules/hide-backend/settings-page.php +38 -11
  46. core/modules/hide-backend/setup.php +10 -15
  47. core/modules/ipcheck/init.php +0 -3
  48. core/modules/malware/init.php +0 -3
  49. core/modules/malware/settings-page.php +0 -2
  50. core/modules/malware/setup.php +7 -14
  51. core/modules/multisite-tweaks/init.php +0 -5
  52. core/modules/pro/init.php +0 -3
  53. core/modules/salts/init.php +0 -3
  54. core/modules/security-check/init.php +0 -3
  55. core/modules/ssl/init.php +0 -3
  56. core/modules/strong-passwords/init.php +0 -3
  57. core/modules/system-tweaks/config-generators.php +2 -2
  58. core/modules/system-tweaks/init.php +0 -3
  59. core/modules/wordpress-tweaks/init.php +0 -3
  60. core/sidebar-widget-active-lockouts.php +25 -25
  61. core/sidebar-widget-temp-whitelist.php +26 -26
  62. history.txt +12 -0
  63. readme.txt +17 -4
better-wp-security.php CHANGED
@@ -6,7 +6,7 @@
6
  * Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7
  * Author: iThemes
8
  * Author URI: https://ithemes.com
9
- * Version: 6.1.1
10
  * Text Domain: better-wp-security
11
  * Network: True
12
  * License: GPLv2
@@ -31,4 +31,4 @@ if ( is_admin() ) {
31
 
32
  require( "$itsec_dir/core/class-itsec-core.php" );
33
  $itsec_core = ITSEC_Core::get_instance();
34
- $itsec_core->init( __FILE__, __( 'iThemes Security', 'better-wp-security' ) );
6
  * Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7
  * Author: iThemes
8
  * Author URI: https://ithemes.com
9
+ * Version: 6.2.0
10
  * Text Domain: better-wp-security
11
  * Network: True
12
  * License: GPLv2
31
 
32
  require( "$itsec_dir/core/class-itsec-core.php" );
33
  $itsec_core = ITSEC_Core::get_instance();
34
+ $itsec_core->init( __FILE__, esc_html__( 'iThemes Security', 'better-wp-security' ) );
core/admin-pages/js/script.js CHANGED
@@ -524,6 +524,7 @@ var itsecSettingsPage = {
524
  itsecSettingsPage.sendAJAXRequest( module, method, data, function( results ) {
525
  if ( results.success && results.response ) {
526
  jQuery( '#itsec-module-card-' + module + ' .itsec-module-settings-content-main' ).html( results.response );
 
527
  } else if ( results.errors && results.errors.length > 0 ) {
528
  itsecSettingsPage.showErrors( results.errors, results.module, 'open' );
529
  }
524
  itsecSettingsPage.sendAJAXRequest( module, method, data, function( results ) {
525
  if ( results.success && results.response ) {
526
  jQuery( '#itsec-module-card-' + module + ' .itsec-module-settings-content-main' ).html( results.response );
527
+ jQuery( '.itsec-settings-toggle' ).trigger( 'change' );
528
  } else if ( results.errors && results.errors.length > 0 ) {
529
  itsecSettingsPage.showErrors( results.errors, results.module, 'open' );
530
  }
core/admin-pages/page-settings.php CHANGED
@@ -131,13 +131,13 @@ final class ITSEC_Settings_Page {
131
  }
132
 
133
  public function handle_ajax_request() {
134
- global $itsec_globals;
135
-
136
  if ( WP_DEBUG ) {
137
  ini_set( 'display_errors', 1 );
138
  }
139
 
140
 
 
 
141
  $method = ( isset( $_POST['method'] ) && is_string( $_POST['method'] ) ) ? $_POST['method'] : '';
142
  $module = ( isset( $_POST['module'] ) && is_string( $_POST['module'] ) ) ? $_POST['module'] : '';
143
 
131
  }
132
 
133
  public function handle_ajax_request() {
 
 
134
  if ( WP_DEBUG ) {
135
  ini_set( 'display_errors', 1 );
136
  }
137
 
138
 
139
+ ITSEC_Core::set_interactive( true );
140
+
141
  $method = ( isset( $_POST['method'] ) && is_string( $_POST['method'] ) ) ? $_POST['method'] : '';
142
  $module = ( isset( $_POST['module'] ) && is_string( $_POST['module'] ) ) ? $_POST['module'] : '';
143
 
core/class-itsec-core.php CHANGED
@@ -1,4 +1,5 @@
1
  <?php
 
2
  /**
3
  * iThemes Security Core.
4
  *
@@ -17,28 +18,41 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
17
 
18
  final class ITSEC_Core {
19
 
 
 
 
 
 
 
 
 
 
20
  /**
21
- * @var ITSEC_Core - Static property to hold our singleton instance
 
 
 
22
  */
23
- static $instance = false;
 
 
 
24
 
25
  private
26
  $itsec_files,
27
  $itsec_notify,
28
  $sync_api,
29
- $plugin_build,
30
  $plugin_file,
31
  $plugin_dir,
 
32
  $current_time,
33
  $current_time_gmt,
34
  $is_iwp_call,
35
- $interactive,
36
  $request_type,
37
  $wp_upload_dir,
38
- $notices_loaded,
39
- $doing_data_upgrade,
40
  $storage_dir;
41
 
 
42
  /**
43
  * Private constructor to make this a singleton
44
  *
@@ -74,24 +88,22 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
74
  public function init( $plugin_file, $plugin_name ) {
75
  global $itsec_globals, $itsec_logger, $itsec_lockout;
76
 
77
- $this->plugin_build = 4056; // used to trigger updates
78
  $this->plugin_file = $plugin_file;
79
  $this->plugin_dir = dirname( $plugin_file ) . '/';
 
80
  $this->current_time = current_time( 'timestamp' );
81
  $this->current_time_gmt = current_time( 'timestamp', true );
82
- $this->notices_loaded = false;
83
- $this->doing_data_upgrade = false;
84
-
85
- $this->interactive = false; // Used to distinguish between a user modifying settings and the API modifying
86
- // settings (such as from Sync requests).
87
 
88
  $itsec_globals = array(
89
- 'plugin_name' => sanitize_text_field( $plugin_name ),
90
  'plugin_dir' => $this->plugin_dir,
91
  'current_time' => $this->current_time,
92
  'current_time_gmt' => $this->current_time_gmt,
93
  );
94
 
 
 
 
 
95
 
96
  require( $this->plugin_dir . 'core/class-itsec-modules.php' );
97
  add_action( 'itsec-register-modules', array( $this, 'register_modules' ) );
@@ -110,78 +122,33 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
110
  $itsec_logger = new ITSEC_Logger();
111
  $itsec_lockout = new ITSEC_Lockout( $this );
112
 
113
-
114
- //Determine if we need to run upgrade scripts
115
- $plugin_data = get_site_option( 'itsec_data' );
116
-
117
- if ( false === $plugin_data ) {
118
- $plugin_data = $this->save_plugin_data();
119
  }
120
 
121
- $itsec_globals['data'] = $plugin_data;
122
-
123
- if ( ( isset( $plugin_data['build'] ) && $plugin_data['build'] !== $this->plugin_build ) ) {
124
- // We need to upgrade the data. Delay init of the rest of the plugin until the upgrade is complete.
125
-
126
- $this->doing_data_upgrade = true;
127
-
128
- // Run the actions early so that the rest of the code can still use the plugins_loaded hook.
129
- add_action( 'plugins_loaded', array( $this, 'execute_upgrade' ), -100 );
130
- add_action( 'plugins_loaded', array( $this, 'continue_init' ), -90 );
131
- } else {
132
- $this->continue_init();
133
- }
134
- }
135
-
136
- public function continue_init() {
137
- ITSEC_Modules::run_active_modules();
138
-
139
-
140
- add_action( 'ithemes_sync_register_verbs', array( $this, 'register_sync_verbs' ) );
141
 
142
  if ( is_admin() ) {
143
  require( $this->plugin_dir . 'core/admin-pages/init.php' );
144
 
145
- //add action link
146
  add_filter( 'plugin_action_links', array( $this, 'add_action_link' ), 10, 2 );
147
-
148
- //add plugin meta links
149
  add_filter( 'plugin_row_meta', array( $this, 'add_plugin_meta_links' ), 10, 4 );
150
-
151
  }
152
 
153
- register_activation_hook( $this->plugin_file, array( 'ITSEC_Core', 'on_activate' ) );
154
- register_deactivation_hook( $this->plugin_file, array( 'ITSEC_Core', 'on_deactivate' ) );
155
- register_uninstall_hook( $this->plugin_file, array( 'ITSEC_Core', 'on_uninstall' ) );
 
 
 
 
 
156
 
157
  //Admin bar links
158
  if ( ! ITSEC_Modules::get_setting( 'global', 'hide_admin_bar' ) ) {
159
  add_action( 'admin_bar_menu', array( $this, 'modify_admin_bar' ), 99 );
160
  }
161
 
162
- //See if they're upgrade from Better WP Security
163
- if ( is_multisite() && true === ITSEC_Modules::get_setting( 'global', 'did_upgrade' ) ) {
164
-
165
- switch_to_blog( 1 );
166
-
167
- $bwps_options = get_option( 'bit51_bwps' );
168
-
169
- restore_current_blog();
170
-
171
- } else {
172
-
173
- $bwps_options = get_option( 'bit51_bwps' );
174
-
175
- }
176
-
177
- if ( $bwps_options !== false ) {
178
- add_action( 'plugins_loaded', array( $this, 'do_upgrade' ) );
179
- }
180
-
181
-
182
- add_action( 'wp_login_failed', array( 'ITSEC_Lib', 'handle_wp_login_failed' ) );
183
-
184
-
185
  do_action( 'itsec_initialized' );
186
  }
187
 
@@ -210,32 +177,37 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
210
  public function register_modules() {
211
  $path = dirname( __FILE__ );
212
 
213
- include( "$path/modules/security-check/init.php" );
214
- include( "$path/modules/global/init.php" );
215
- include( "$path/modules/404-detection/init.php" );
216
- include( "$path/modules/away-mode/init.php" );
217
- include( "$path/modules/ban-users/init.php" );
218
- include( "$path/modules/brute-force/init.php" );
219
- include( "$path/modules/core/init.php" );
220
- include( "$path/modules/backup/init.php" );
221
- include( "$path/modules/file-change/init.php" );
222
- include( "$path/modules/file-permissions/init.php" );
223
- include( "$path/modules/hide-backend/init.php" );
224
- include( "$path/modules/ipcheck/init.php" );
225
- include( "$path/modules/malware/init.php" );
226
- include( "$path/modules/ssl/init.php" );
227
- include( "$path/modules/strong-passwords/init.php" );
228
- include( "$path/modules/system-tweaks/init.php" );
229
- include( "$path/modules/wordpress-tweaks/init.php" );
230
- include( "$path/modules/multisite-tweaks/init.php" );
231
-
232
- include( "$path/modules/admin-user/init.php" );
233
- include( "$path/modules/salts/init.php" );
234
- include( "$path/modules/content-directory/init.php" );
235
- include( "$path/modules/database-prefix/init.php" );
236
- include( "$path/modules/file-writing/init.php" );
 
 
 
 
 
237
  if ( ! ITSEC_Core::is_pro() ) {
238
- include( "$path/modules/pro/init.php" );
239
  }
240
  }
241
 
@@ -341,174 +313,26 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
341
  );
342
  }
343
 
344
- /**
345
- * Calls upgrade script for older versions (pre 4.x).
346
- *
347
- * @since 4.0
348
- *
349
- * @return void
350
- */
351
- public function do_upgrade() {
352
-
353
- //require plugin setup information
354
- if ( ! class_exists( 'ITSEC_Setup' ) ) {
355
- require( self::get_core_dir() . '/class-itsec-setup.php' );
356
- }
357
-
358
- new ITSEC_Setup( 'upgrade', 3064 ); //run upgrade scripts
359
-
360
- }
361
-
362
- /**
363
- * Execute upgrade for version after 4.0
364
- *
365
- * @since 4.0.6
366
- *
367
- * @return void
368
- */
369
- public function execute_upgrade( $current_data_build = false ) {
370
-
371
- global $itsec_globals;
372
-
373
  $this->doing_data_upgrade = true;
374
 
375
- //require plugin setup information
376
- if ( ! class_exists( 'ITSEC_Setup' ) ) {
377
- require( self::get_core_dir() . '/class-itsec-setup.php' );
378
- }
379
-
380
- if ( empty( $current_data_build ) ) {
381
- $current_data_build = $itsec_globals['data']['build'];
382
- }
383
-
384
- new ITSEC_Setup( 'upgrade', $current_data_build ); //run upgrade scripts
385
-
386
- $itsec_modules = ITSEC_Modules::get_instance();
387
- $itsec_modules->run_activation();
388
-
389
- }
390
-
391
- /**
392
- * Call activation script
393
- *
394
- * @since 4.5
395
- *
396
- * @return void
397
- */
398
- public static function on_activate() {
399
-
400
- //require plugin setup information
401
- if ( ! class_exists( 'ITSEC_Setup' ) ) {
402
- require( self::get_core_dir() . '/class-itsec-setup.php' );
403
- }
404
-
405
- ITSEC_Setup::on_activate();
406
-
407
  }
408
 
409
- /**
410
- * Call deactivation script
411
- *
412
- * @since 4.5
413
- *
414
- * @return void
415
- */
416
- public static function on_deactivate() {
417
-
418
- //require plugin setup information
419
- if ( ! class_exists( 'ITSEC_Setup' ) ) {
420
- require( self::get_core_dir() . '/class-itsec-setup.php' );
421
- }
422
-
423
- ITSEC_Setup::on_deactivate();
424
-
425
  }
426
 
427
- /**
428
- * Call uninstall script
429
- *
430
- * @since 4.5
431
- *
432
- * @return void
433
- */
434
- public static function on_uninstall() {
435
-
436
- // Ensure that the uninstall routines are run only if there are no other iThemes Security plugins active.
437
- $active_plugins = get_option( 'active_plugins', array() );
438
- if ( ! is_array( $active_plugins ) ) {
439
- $active_plugins = array();
440
- }
441
-
442
- if ( is_multisite() ) {
443
- $network_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
444
- $active_plugins = array_merge( $active_plugins, array_keys( $network_plugins ) );
445
- }
446
-
447
- foreach ( $active_plugins as $active_plugin ) {
448
- $file = basename( $active_plugin );
449
-
450
- if ( in_array( $file, array( 'better-wp-security.php', 'ithemes-security-pro.php' ) ) ) {
451
- return;
452
- }
453
- }
454
-
455
  require_once( self::get_core_dir() . '/class-itsec-setup.php' );
456
- ITSEC_Setup::on_uninstall();
457
-
458
  }
459
 
460
- /**
461
- * Saves general plugin data to determine global items.
462
- *
463
- * Sets up general plugin data such as build, and others.
464
- *
465
- * @since 4.0
466
- *
467
- * @return array plugin data
468
- */
469
- public function save_plugin_data() {
470
-
471
- $save_data = false; //flag to avoid saving data if we don't have to
472
-
473
- $plugin_data = get_site_option( 'itsec_data' );
474
-
475
- //Update the build number if we need to
476
- if ( ! isset( $plugin_data['build'] ) || ( isset( $plugin_data['build'] ) && $plugin_data['build'] !== $this->plugin_build ) ) {
477
- $plugin_data['build'] = $this->plugin_build;
478
- $save_data = true;
479
- }
480
-
481
- //update the activated time if we need to in order to tell when the plugin was installed
482
- if ( ! isset( $plugin_data['activation_timestamp'] ) ) {
483
- $plugin_data['activation_timestamp'] = self::get_current_time_gmt();
484
- $save_data = true;
485
- }
486
-
487
- //update the activated time if we need to in order to tell when the plugin was installed
488
- if ( ! isset( $plugin_data['already_supported'] ) ) {
489
- $plugin_data['already_supported'] = false;
490
- $save_data = true;
491
- }
492
-
493
- //update the activated time if we need to in order to tell when the plugin was installed
494
- if ( ! isset( $plugin_data['setup_completed'] ) ) {
495
- $plugin_data['setup_completed'] = false;
496
- $save_data = true;
497
- }
498
-
499
- //update the tooltips dismissed
500
- if ( ! isset( $plugin_data['tooltips_dismissed'] ) ) {
501
- $plugin_data['tooltips_dismissed'] = false;
502
- $save_data = true;
503
- }
504
-
505
- //update the options table if we have to
506
- if ( $save_data === true ) {
507
- update_site_option( 'itsec_data', $plugin_data );
508
- }
509
-
510
- return $plugin_data;
511
-
512
  }
513
 
514
  public static function add_notice( $callback, $all_pages = false ) {
@@ -567,6 +391,11 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
567
  return self::get_plugin_dir() . 'core/';
568
  }
569
 
 
 
 
 
 
570
  public static function is_pro() {
571
  return is_dir( self::get_plugin_dir() . 'pro' );
572
  }
1
  <?php
2
+
3
  /**
4
  * iThemes Security Core.
5
  *
18
 
19
  final class ITSEC_Core {
20
 
21
+ private static $instance = false;
22
+
23
+ /**
24
+ * This number keeps track of data format changes and triggers data upgrade handlers.
25
+ *
26
+ * @access private
27
+ */
28
+ private $plugin_build = 4070;
29
+
30
  /**
31
+ * Used to distinguish between a user modifying settings and the API modifying settings (such as from Sync
32
+ * requests).
33
+ *
34
+ * @access private
35
  */
36
+ private $interactive = false;
37
+
38
+ private $notices_loaded = false;
39
+ private $doing_data_upgrade = false;
40
 
41
  private
42
  $itsec_files,
43
  $itsec_notify,
44
  $sync_api,
 
45
  $plugin_file,
46
  $plugin_dir,
47
+ $plugin_name,
48
  $current_time,
49
  $current_time_gmt,
50
  $is_iwp_call,
 
51
  $request_type,
52
  $wp_upload_dir,
 
 
53
  $storage_dir;
54
 
55
+
56
  /**
57
  * Private constructor to make this a singleton
58
  *
88
  public function init( $plugin_file, $plugin_name ) {
89
  global $itsec_globals, $itsec_logger, $itsec_lockout;
90
 
 
91
  $this->plugin_file = $plugin_file;
92
  $this->plugin_dir = dirname( $plugin_file ) . '/';
93
+ $this->plugin_name = $plugin_name;
94
  $this->current_time = current_time( 'timestamp' );
95
  $this->current_time_gmt = current_time( 'timestamp', true );
 
 
 
 
 
96
 
97
  $itsec_globals = array(
 
98
  'plugin_dir' => $this->plugin_dir,
99
  'current_time' => $this->current_time,
100
  'current_time_gmt' => $this->current_time_gmt,
101
  );
102
 
103
+ register_activation_hook( $this->plugin_file, array( 'ITSEC_Core', 'handle_activation' ) );
104
+ register_deactivation_hook( $this->plugin_file, array( 'ITSEC_Core', 'handle_deactivation' ) );
105
+ register_uninstall_hook( $this->plugin_file, array( 'ITSEC_Core', 'handle_uninstall' ) );
106
+
107
 
108
  require( $this->plugin_dir . 'core/class-itsec-modules.php' );
109
  add_action( 'itsec-register-modules', array( $this, 'register_modules' ) );
122
  $itsec_logger = new ITSEC_Logger();
123
  $itsec_lockout = new ITSEC_Lockout( $this );
124
 
125
+ // Handle upgrade if needed.
126
+ if ( ITSEC_Modules::get_setting( 'global', 'build' ) < $this->plugin_build ) {
127
+ add_action( 'plugins_loaded', array( $this, 'handle_upgrade' ), -100 );
 
 
 
128
  }
129
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
130
 
131
  if ( is_admin() ) {
132
  require( $this->plugin_dir . 'core/admin-pages/init.php' );
133
 
 
134
  add_filter( 'plugin_action_links', array( $this, 'add_action_link' ), 10, 2 );
 
 
135
  add_filter( 'plugin_row_meta', array( $this, 'add_plugin_meta_links' ), 10, 4 );
 
136
  }
137
 
138
+
139
+ add_action( 'plugins_loaded', array( $this, 'continue_init' ), -90 );
140
+ add_action( 'wp_login_failed', array( 'ITSEC_Lib', 'handle_wp_login_failed' ) );
141
+ add_action( 'ithemes_sync_register_verbs', array( $this, 'register_sync_verbs' ) );
142
+ }
143
+
144
+ public function continue_init() {
145
+ ITSEC_Modules::run_active_modules();
146
 
147
  //Admin bar links
148
  if ( ! ITSEC_Modules::get_setting( 'global', 'hide_admin_bar' ) ) {
149
  add_action( 'admin_bar_menu', array( $this, 'modify_admin_bar' ), 99 );
150
  }
151
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
152
  do_action( 'itsec_initialized' );
153
  }
154
 
177
  public function register_modules() {
178
  $path = dirname( __FILE__ );
179
 
180
+ ITSEC_Modules::register_module( 'security-check', "$path/modules/security-check", 'always-active' );
181
+ ITSEC_Modules::register_module( 'global', "$path/modules/global", 'always-active' );
182
+ ITSEC_Modules::register_module( '404-detection', "$path/modules/404-detection" );
183
+ ITSEC_Modules::register_module( 'away-mode', "$path/modules/away-mode" );
184
+ ITSEC_Modules::register_module( 'ban-users', "$path/modules/ban-users", 'default-active' );
185
+ include( "$path/modules/ban-users/init.php" ); // Provides the itsec_ban_users_handle_new_blacklisted_ip function which is always needed.
186
+ ITSEC_Modules::register_module( 'brute-force', "$path/modules/brute-force", 'default-active' );
187
+ ITSEC_Modules::register_module( 'core', "$path/modules/core", 'always-active' );
188
+ ITSEC_Modules::register_module( 'backup', "$path/modules/backup", 'default-active' );
189
+ ITSEC_Modules::register_module( 'file-change', "$path/modules/file-change" );
190
+ ITSEC_Modules::register_module( 'file-permissions', "$path/modules/file-permissions", 'always-active' );
191
+ ITSEC_Modules::register_module( 'hide-backend', "$path/modules/hide-backend", 'always-active' );
192
+ ITSEC_Modules::register_module( 'network-brute-force', "$path/modules/ipcheck", 'default-active' );
193
+ ITSEC_Modules::register_module( 'malware', "$path/modules/malware", 'always-active' );
194
+ ITSEC_Modules::register_module( 'ssl', "$path/modules/ssl" );
195
+ ITSEC_Modules::register_module( 'strong-passwords', "$path/modules/strong-passwords", 'default-active' );
196
+ ITSEC_Modules::register_module( 'system-tweaks', "$path/modules/system-tweaks" );
197
+ ITSEC_Modules::register_module( 'wordpress-tweaks', "$path/modules/wordpress-tweaks", 'default-active' );
198
+
199
+ if ( is_multisite() ) {
200
+ ITSEC_Modules::register_module( 'multisite-tweaks', "$path/modules/multisite-tweaks" );
201
+ }
202
+
203
+ ITSEC_Modules::register_module( 'admin-user', "$path/modules/admin-user", 'always-active' );
204
+ ITSEC_Modules::register_module( 'wordpress-salts', "$path/modules/salts", 'always-active' );
205
+ ITSEC_Modules::register_module( 'content-directory', "$path/modules/content-directory", 'always-active' );
206
+ ITSEC_Modules::register_module( 'database-prefix', "$path/modules/database-prefix", 'always-active' );
207
+ ITSEC_Modules::register_module( 'file-writing', "$path/modules/file-writing", 'always-active' );
208
+
209
  if ( ! ITSEC_Core::is_pro() ) {
210
+ ITSEC_Modules::register_module( 'pro-module-upsells', "$path/modules/pro", 'always-active' );
211
  }
212
  }
213
 
313
  );
314
  }
315
 
316
+ public function handle_upgrade( $build = false ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
317
  $this->doing_data_upgrade = true;
318
 
319
+ require_once( self::get_core_dir() . '/class-itsec-setup.php' );
320
+ ITSEC_Setup::handle_upgrade( $build );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
321
  }
322
 
323
+ public static function handle_activation() {
324
+ require_once( self::get_core_dir() . '/class-itsec-setup.php' );
325
+ ITSEC_Setup::handle_activation();
 
 
 
 
 
 
 
 
 
 
 
 
 
326
  }
327
 
328
+ public static function handle_deactivation() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
329
  require_once( self::get_core_dir() . '/class-itsec-setup.php' );
330
+ ITSEC_Setup::handle_deactivation();
 
331
  }
332
 
333
+ public static function handle_uninstall() {
334
+ require_once( self::get_core_dir() . '/class-itsec-setup.php' );
335
+ ITSEC_Setup::handle_uninstall();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
336
  }
337
 
338
  public static function add_notice( $callback, $all_pages = false ) {
391
  return self::get_plugin_dir() . 'core/';
392
  }
393
 
394
+ public static function get_plugin_name() {
395
+ $self = self::get_instance();
396
+ return $self->plugin_name;
397
+ }
398
+
399
  public static function is_pro() {
400
  return is_dir( self::get_plugin_dir() . 'pro' );
401
  }
core/class-itsec-lib.php CHANGED
@@ -73,13 +73,13 @@ final class ITSEC_Lib {
73
  }
74
 
75
  //Set up log table
76
- $tables = "CREATE TABLE " . $wpdb->prefix . "itsec_log (
77
  log_id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
78
  log_type varchar(20) NOT NULL DEFAULT '',
79
  log_function varchar(255) NOT NULL DEFAULT '',
80
  log_priority int(2) NOT NULL DEFAULT 1,
81
- log_date datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
82
- log_date_gmt datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
83
  log_host varchar(40),
84
  log_username varchar(60),
85
  log_user bigint(20) UNSIGNED,
@@ -92,7 +92,7 @@ final class ITSEC_Lib {
92
  ) " . $charset_collate . ";";
93
 
94
  //set up lockout table
95
- $tables .= "CREATE TABLE " . $wpdb->prefix . "itsec_lockouts (
96
  lockout_id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
97
  lockout_type varchar(20) NOT NULL,
98
  lockout_start datetime NOT NULL,
@@ -112,7 +112,7 @@ final class ITSEC_Lib {
112
  ) " . $charset_collate . ";";
113
 
114
  //set up temp table
115
- $tables .= "CREATE TABLE " . $wpdb->prefix . "itsec_temp (
116
  temp_id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
117
  temp_type varchar(20) NOT NULL,
118
  temp_date datetime NOT NULL,
@@ -127,7 +127,7 @@ final class ITSEC_Lib {
127
  KEY temp_username (temp_username)
128
  ) " . $charset_collate . ";";
129
 
130
- require_once ABSPATH . 'wp-admin/includes/upgrade.php';
131
  @dbDelta( $tables );
132
 
133
  }
@@ -664,8 +664,10 @@ final class ITSEC_Lib {
664
  if ( - 1 < $memory_limit ) {
665
 
666
  $unit = strtolower( substr( $memory_limit, - 1 ) );
 
667
 
668
  $new_unit = strtolower( substr( $new_memory_limit, - 1 ) );
 
669
 
670
  if ( 'm' == $unit ) {
671
 
73
  }
74
 
75
  //Set up log table
76
+ $tables = "CREATE TABLE " . $wpdb->base_prefix . "itsec_log (
77
  log_id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
78
  log_type varchar(20) NOT NULL DEFAULT '',
79
  log_function varchar(255) NOT NULL DEFAULT '',
80
  log_priority int(2) NOT NULL DEFAULT 1,
81
+ log_date datetime NOT NULL DEFAULT '1000-01-01 00:00:00',
82
+ log_date_gmt datetime NOT NULL DEFAULT '1000-01-01 00:00:00',
83
  log_host varchar(40),
84
  log_username varchar(60),
85
  log_user bigint(20) UNSIGNED,
92
  ) " . $charset_collate . ";";
93
 
94
  //set up lockout table
95
+ $tables .= "CREATE TABLE " . $wpdb->base_prefix . "itsec_lockouts (
96
  lockout_id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
97
  lockout_type varchar(20) NOT NULL,
98
  lockout_start datetime NOT NULL,
112
  ) " . $charset_collate . ";";
113
 
114
  //set up temp table
115
+ $tables .= "CREATE TABLE " . $wpdb->base_prefix . "itsec_temp (
116
  temp_id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
117
  temp_type varchar(20) NOT NULL,
118
  temp_date datetime NOT NULL,
127
  KEY temp_username (temp_username)
128
  ) " . $charset_collate . ";";
129
 
130
+ require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
131
  @dbDelta( $tables );
132
 
133
  }
664
  if ( - 1 < $memory_limit ) {
665
 
666
  $unit = strtolower( substr( $memory_limit, - 1 ) );
667
+ $memory_limit = (int) $memory_limit;
668
 
669
  $new_unit = strtolower( substr( $new_memory_limit, - 1 ) );
670
+ $new_memory_limit = (int) $new_memory_limit;
671
 
672
  if ( 'm' == $unit ) {
673
 
core/class-itsec-modules.php CHANGED
@@ -20,9 +20,6 @@ final class ITSEC_Modules {
20
  require_once( dirname( __FILE__ ) . '/lib/settings.php' );
21
  require_once( dirname( __FILE__ ) . '/lib/storage.php' );
22
 
23
- register_activation_hook( ITSEC_Core::get_plugin_file(), array( $this, 'run_activation' ) );
24
- register_deactivation_hook( ITSEC_Core::get_plugin_file(), array( $this, 'run_deactivation' ) );
25
-
26
  // Action triggered from another part of Security which runs when the settings page is loaded.
27
  add_action( 'itsec-settings-page-init', array( $this, 'load_settings_page' ) );
28
  add_action( 'itsec-logs-page-init', array( $this, 'load_settings_page' ) );
@@ -259,7 +256,11 @@ final class ITSEC_Modules {
259
  }
260
  }
261
 
262
- update_site_option( 'itsec_active_modules', $self->_active_modules );
 
 
 
 
263
  }
264
 
265
  $default_active_modules = apply_filters( 'itsec-default-active-modules', array_keys( $self->_default_active_modules ) );
@@ -403,7 +404,11 @@ final class ITSEC_Modules {
403
  }
404
  }
405
 
406
- update_site_option( 'itsec_active_modules', $self->_active_modules );
 
 
 
 
407
 
408
  return true;
409
  }
20
  require_once( dirname( __FILE__ ) . '/lib/settings.php' );
21
  require_once( dirname( __FILE__ ) . '/lib/storage.php' );
22
 
 
 
 
23
  // Action triggered from another part of Security which runs when the settings page is loaded.
24
  add_action( 'itsec-settings-page-init', array( $this, 'load_settings_page' ) );
25
  add_action( 'itsec-logs-page-init', array( $this, 'load_settings_page' ) );
256
  }
257
  }
258
 
259
+ if ( is_multisite() ) {
260
+ update_site_option( 'itsec_active_modules', $self->_active_modules );
261
+ } else {
262
+ update_option( 'itsec_active_modules', $self->_active_modules );
263
+ }
264
  }
265
 
266
  $default_active_modules = apply_filters( 'itsec-default-active-modules', array_keys( $self->_default_active_modules ) );
404
  }
405
  }
406
 
407
+ if ( is_multisite() ) {
408
+ update_site_option( 'itsec_active_modules', $self->_active_modules );
409
+ } else {
410
+ update_option( 'itsec_active_modules', $self->_active_modules );
411
+ }
412
 
413
  return true;
414
  }
core/class-itsec-notify.php CHANGED
@@ -8,42 +8,28 @@
8
  */
9
  class ITSEC_Notify {
10
 
11
- private
12
- $queue;
13
 
14
- function __construct() {
15
-
16
- global $itsec_globals;
17
-
18
- $this->queue = get_site_option( 'itsec_message_queue' );
19
-
20
- if ( ITSEC_Modules::get_setting( 'global', 'digest_email' ) ) {
21
-
22
- if ( defined( 'ITSEC_NOTIFY_USE_CRON' ) && true === ITSEC_NOTIFY_USE_CRON ) {
23
 
24
- add_action( 'itsec_digest_email', array( $this, 'init' ) ); //Action to execute during a cron run.
25
 
26
- //schedule digest email
27
- if ( false === wp_next_scheduled( 'itsec_digest_email' ) ) {
28
- wp_schedule_event( time(), 'daily', 'itsec_digest_email' );
29
- }
30
 
31
- } else {
 
 
 
32
 
33
- //Send digest if it has been 24 hours
34
- if (
35
- get_site_transient( 'itsec_notification_running' ) === false && (
36
- $this->queue === false ||
37
- (
38
- is_array( $this->queue ) &&
39
- isset( $this->queue['last_sent'] ) &&
40
- $this->queue['last_sent'] < ( $itsec_globals['current_time_gmt'] - 86400 )
41
- )
42
- )
43
- ) {
44
- add_action( 'init', array( $this, 'init' ) );
45
- }
46
 
 
 
 
47
  }
48
 
49
  }
@@ -107,32 +93,28 @@ class ITSEC_Notify {
107
  }
108
 
109
 
110
- if ( is_array( $this->queue ) && ! empty( $this->queue['messages'] ) && is_array( $this->queue['messages'] ) ) {
111
- if ( in_array( 'file-change', $this->queue['messages'] ) ) {
112
- $mail->add_section_heading( esc_html__( 'File Changes', 'better-wp-security' ), 'folder' );
113
- $mail->add_text( esc_html__( 'File changes detected on the site.', 'better-wp-security' ) );
114
- $send_email = true;
115
- }
116
 
117
- $messages = array();
 
 
 
118
 
119
- foreach ( $this->queue['messages'] as $message ) {
120
  if ( 'file-change' === $message ) {
121
- continue;
122
  }
123
-
124
- $messages[] = $message;
125
  }
 
126
 
127
- if ( ! empty( $messages ) ) {
128
- $mail->add_section_heading( esc_html__( 'Messages', 'better-wp-security' ), 'message' );
129
-
130
- foreach ( $messages as $message ) {
131
- $mail->add_text( $message );
132
- }
133
 
134
- $send_email = true;
 
135
  }
 
 
136
  }
137
 
138
 
@@ -154,12 +136,8 @@ class ITSEC_Notify {
154
  $mail->add_footer();
155
 
156
 
157
- $this->queue = array(
158
- 'last_sent' => ITSEC_Core::get_current_time_gmt(),
159
- 'messages' => array(),
160
- );
161
-
162
- update_site_option( 'itsec_message_queue', $this->queue );
163
 
164
 
165
  $subject = esc_html__( 'Daily Security Digest', 'better-wp-security' );
@@ -178,12 +156,15 @@ class ITSEC_Notify {
178
  public function register_file_change() {
179
  // Until a better system can be devised, use the message queue to store this flag.
180
 
181
- if ( in_array( 'file-change', $this->queue['messages'] ) ) {
 
 
182
  return;
183
  }
184
 
185
- $this->queue['messages'][] = 'file-change';
186
- update_site_option( 'itsec_message_queue', $this->queue );
 
187
  }
188
 
189
  /**
@@ -197,8 +178,6 @@ class ITSEC_Notify {
197
  */
198
  public function notify( $body = null ) {
199
 
200
- global $itsec_globals;
201
-
202
  $allowed_tags = array(
203
  'a' => array(
204
  'href' => array(),
@@ -221,11 +200,13 @@ class ITSEC_Notify {
221
 
222
  if ( ITSEC_Modules::get_setting( 'global', 'digest_email' ) ) {
223
 
224
- if ( ! in_array( wp_kses( $body, $allowed_tags ), $this->queue['messages'] ) ) {
 
 
225
 
226
- $this->queue['messages'][] = wp_kses( $body, $allowed_tags );
227
 
228
- update_site_option( 'itsec_message_queue', $this->queue );
229
 
230
  }
231
 
@@ -270,8 +251,6 @@ class ITSEC_Notify {
270
  */
271
  private function send_mail( $subject, $message, $headers = '', $attachments = array() ) {
272
 
273
- global $itsec_globals;
274
-
275
  $recipients = ITSEC_Modules::get_setting( 'global', 'notification_email' );
276
  $all_success = true;
277
 
8
  */
9
  class ITSEC_Notify {
10
 
11
+ public function __construct() {
 
12
 
13
+ if ( ! ITSEC_Modules::get_setting( 'global', 'digest_email' ) ) {
14
+ return;
15
+ }
 
 
 
 
 
 
16
 
17
+ if ( defined( 'ITSEC_NOTIFY_USE_CRON' ) && true === ITSEC_NOTIFY_USE_CRON ) {
18
 
19
+ add_action( 'itsec_digest_email', array( $this, 'init' ) ); //Action to execute during a cron run.
 
 
 
20
 
21
+ //schedule digest email
22
+ if ( false === wp_next_scheduled( 'itsec_digest_email' ) ) {
23
+ wp_schedule_event( time(), 'daily', 'itsec_digest_email' );
24
+ }
25
 
26
+ } else {
27
+ $last_sent = ITSEC_Modules::get_setting( 'global', 'digest_last_sent' );
28
+ $yesterday = ITSEC_Core::get_current_time_gmt() - DAY_IN_SECONDS;
 
 
 
 
 
 
 
 
 
 
29
 
30
+ // Send digest if it has been 24 hours
31
+ if ( $last_sent < $yesterday && false === get_site_transient( 'itsec_notification_running' ) ) {
32
+ add_action( 'init', array( $this, 'init' ) );
33
  }
34
 
35
  }
93
  }
94
 
95
 
96
+ $messages = ITSEC_Modules::get_setting( 'global', 'digest_messages' );
 
 
 
 
 
97
 
98
+ if ( in_array( 'file-change', $messages ) ) {
99
+ $mail->add_section_heading( esc_html__( 'File Changes', 'better-wp-security' ), 'folder' );
100
+ $mail->add_text( esc_html__( 'File changes detected on the site.', 'better-wp-security' ) );
101
+ $send_email = true;
102
 
103
+ foreach ( $messages as $index => $message ) {
104
  if ( 'file-change' === $message ) {
105
+ unset( $messages[$index] );
106
  }
 
 
107
  }
108
+ }
109
 
110
+ if ( ! empty( $messages ) ) {
111
+ $mail->add_section_heading( esc_html__( 'Messages', 'better-wp-security' ), 'message' );
 
 
 
 
112
 
113
+ foreach ( $messages as $message ) {
114
+ $mail->add_text( $message );
115
  }
116
+
117
+ $send_email = true;
118
  }
119
 
120
 
136
  $mail->add_footer();
137
 
138
 
139
+ ITSEC_Modules::set_setting( 'global', 'digest_last_sent', ITSEC_Core::get_current_time_gmt() );
140
+ ITSEC_Modules::set_setting( 'global', 'digest_messages', array() );
 
 
 
 
141
 
142
 
143
  $subject = esc_html__( 'Daily Security Digest', 'better-wp-security' );
156
  public function register_file_change() {
157
  // Until a better system can be devised, use the message queue to store this flag.
158
 
159
+ $messages = ITSEC_Modules::get_setting( 'global', 'digest_messages' );
160
+
161
+ if ( in_array( 'file-change', $messages ) ) {
162
  return;
163
  }
164
 
165
+ $messages[] = 'file-change';
166
+
167
+ ITSEC_Modules::set_setting( 'global', 'digest_messages', $messages );
168
  }
169
 
170
  /**
178
  */
179
  public function notify( $body = null ) {
180
 
 
 
181
  $allowed_tags = array(
182
  'a' => array(
183
  'href' => array(),
200
 
201
  if ( ITSEC_Modules::get_setting( 'global', 'digest_email' ) ) {
202
 
203
+ $messages = ITSEC_Modules::get_setting( 'global', 'digest_messages' );
204
+
205
+ if ( ! in_array( wp_kses( $body, $allowed_tags ), $messages ) ) {
206
 
207
+ $messages[] = wp_kses( $body, $allowed_tags );
208
 
209
+ ITSEC_Modules::set_setting( 'global', 'digest_messages', $messages );
210
 
211
  }
212
 
251
  */
252
  private function send_mail( $subject, $message, $headers = '', $attachments = array() ) {
253
 
 
 
254
  $recipients = ITSEC_Modules::get_setting( 'global', 'notification_email' );
255
  $all_success = true;
256
 
core/class-itsec-setup.php CHANGED
@@ -6,403 +6,297 @@
6
  * @package iThemes-Security
7
  * @since 4.0
8
  */
9
- class ITSEC_Setup {
10
-
11
- private
12
- $defaults;
13
-
14
- /**
15
- * Establish setup object
16
- *
17
- * Establishes set object and calls appropriate execution function
18
- *
19
- * @param bool $case [optional] Appropriate execution module to call
20
- *
21
- * */
22
- function __construct( $case = false, $upgrading = false ) {
23
-
24
- global $itsec_globals;
25
-
26
- $this->defaults = array(
27
- 'notification_email' => array( get_option( 'admin_email' ) ),
28
- 'backup_email' => array( get_option( 'admin_email' ) ),
29
- 'lockout_message' => __( 'error', 'better-wp-security' ),
30
- 'user_lockout_message' => __( 'You have been locked out due to too many invalid login attempts.', 'better-wp-security' ),
31
- 'community_lockout_message' => __( "Your IP address has been flagged as a threat by the iThemes Security network.", 'better-wp-security' ),
32
- 'blacklist' => true,
33
- 'blacklist_count' => 3,
34
- 'blacklist_period' => 7,
35
- 'email_notifications' => true,
36
- 'lockout_period' => 15,
37
- 'lockout_white_list' => array(),
38
- 'log_rotation' => 14,
39
- 'log_type' => 0,
40
- 'log_location' => ITSEC_Core::get_storage_dir( 'logs' ),
41
- 'allow_tracking' => false,
42
- 'write_files' => false,
43
- 'nginx_file' => ABSPATH . 'nginx.conf',
44
- 'infinitewp_compatibility' => false,
45
- 'did_upgrade' => false,
46
- 'lock_file' => false,
47
- 'digest_email' => false,
48
- 'proxy_override' => false,
49
- 'hide_admin_bar' => false,
50
- );
51
-
52
- if ( ! $case ) {
53
- die( 'error' );
54
- }
55
-
56
- switch ( $case ) {
57
-
58
- case 'activate': //active plugin
59
- $this->activate_execute();
60
- break;
61
-
62
- case 'upgrade': //upgrade plugin
63
- $this->upgrade_execute( $upgrading );
64
- break;
65
-
66
- case 'deactivate': //deactivate plugin
67
- $this->deactivate_execute();
68
- break;
69
-
70
- case 'uninstall': //uninstall plugin
71
- $this->uninstall_execute();
72
- break;
73
-
74
- }
75
-
76
  }
77
 
78
- /**
79
- * Execute setup script for each module installed
80
- *
81
- * @return void
82
- */
83
- function do_modules() {
84
- $itsec_modules = ITSEC_Modules::get_instance();
85
- $itsec_modules->run_activation();
86
- }
87
-
88
- /**
89
- * Public function to activate
90
- *
91
- * */
92
- static function on_activate() {
93
-
94
- global $itsec_setup_action;
95
-
96
- $itsec_setup_action = 'activate';
97
-
98
- define( 'ITSEC_DO_ACTIVATION', true );
99
-
100
- new ITSEC_Setup( 'activate' );
101
-
102
- }
103
-
104
- /**
105
- * Public function to deactivate
106
- *
107
- * */
108
- static function on_deactivate() {
109
-
110
- global $itsec_setup_action;
111
-
112
- if ( defined( 'ITSEC_DEVELOPMENT' ) && ITSEC_DEVELOPMENT == true ) { //set ITSEC_DEVELOPMENT to true to reset settings on deactivation for development
113
-
114
- $itsec_setup_action = 'uninstall';
115
 
 
 
 
116
  } else {
117
-
118
- $itsec_setup_action = 'deactivate';
119
-
120
  }
121
-
122
- new ITSEC_Setup( $itsec_setup_action );
123
  }
124
 
125
- /**
126
- * Public function to uninstall
127
- *
128
- * */
129
- static function on_uninstall() {
130
-
131
- global $itsec_setup_action;
132
-
133
- $itsec_setup_action = 'uninstall';
134
 
135
- new ITSEC_Setup( 'uninstall' );
 
 
136
 
 
 
137
  }
138
 
139
- /**
140
- * Execute activation.
141
- *
142
- * @since 4.0
143
- *
144
- * @param boolean $upgrade true if the plugin is updating
145
- *
146
- * @return void
147
- */
148
- private function activate_execute() {
149
 
150
- global $itsec_globals;
 
 
151
 
152
- //if this is multisite make sure they're network activating or die
153
- if ( defined( 'ITSEC_DO_ACTIVATION' ) && ITSEC_DO_ACTIVATION == true && is_multisite() && ! strpos( $_SERVER['REQUEST_URI'], 'wp-admin/network/plugins.php' ) ) {
154
 
155
- die ( __( '<strong>ERROR</strong>: You must activate this plugin from the network dashboard.', 'better-wp-security' ) );
 
156
 
157
- }
 
 
 
158
 
159
- if ( ( $site_data = get_site_option( 'itsec_data' ) ) === false ) {
160
- add_site_option( 'itsec_data', array(), false );
161
  }
162
 
163
- if ( get_site_option( 'itsec_initials' ) === false ) {
164
- add_site_option( 'itsec_initials', array(), false );
165
- }
 
 
 
 
 
 
 
 
166
 
167
- if ( get_site_option( 'itsec_api_nag' ) === false ) { //show the nag to activate an API key
168
- add_site_option( 'itsec_api_nag', true, false );
169
  }
170
 
171
- $options = get_site_option( 'itsec_global' );
172
 
173
- if ( $options === false || ( isset( $options['log_info'] ) && sizeof( $options ) <= 2 ) ) {
 
 
 
 
 
 
174
 
175
- $this->defaults['log_info'] = substr( sanitize_title( get_bloginfo( 'name' ) ), 0, 20 ) . '-' . wp_generate_password( 30, false );
176
 
177
- $itsec_globals['settings'] = $this->defaults;
 
178
 
179
- update_site_option( 'itsec_global', $this->defaults );
 
 
180
 
181
- }
 
 
182
 
183
- //load utility functions
184
- if ( ! class_exists( 'ITSEC_Lib' ) ) {
185
- require( $itsec_globals['plugin_dir'] . 'core/class-itsec-lib.php' );
186
  }
187
 
188
- ITSEC_Lib::create_database_tables();
189
 
190
- $this->do_modules();
 
 
 
191
 
 
 
192
  }
193
 
194
- /**
195
- * Update Execution
196
- *
197
- * @since 4.0
198
- *
199
- * @param string $old_version Old version number
200
- *
201
- * @return void
202
- */
203
- private function upgrade_execute( $upgrade = false ) {
204
-
205
- global $itsec_old_version, $itsec_globals, $wpdb, $itsec_setup_action;
206
- $tables_updated = false;
207
 
208
- $itsec_setup_action = 'upgrade';
209
- $itsec_old_version = $upgrade;
210
 
211
- if ( $itsec_old_version < 4000 ) {
 
212
 
213
- global $itsec_bwps_options;
 
 
 
 
214
 
215
- if ( wp_next_scheduled( 'bwps_backup' ) ) {
216
- wp_clear_scheduled_hook( 'bwps_backup' );
217
- }
218
 
219
- if ( is_multisite() ) {
 
220
 
221
- switch_to_blog( 1 );
 
 
222
 
223
- $itsec_bwps_options = get_option( 'bit51_bwps' );
224
- delete_option( 'bit51_bwps' );
225
- delete_option( 'bwps_intrusion_warning' );
226
- delete_option( 'bit51_bwps_data' );
227
- delete_site_transient( 'bit51_bwps_backup' );
228
- delete_site_transient( 'bwps_away' );
229
 
230
- restore_current_blog();
 
 
 
231
 
232
- } else {
233
 
234
- $itsec_bwps_options = get_option( 'bit51_bwps' );
235
- delete_option( 'bit51_bwps' );
236
- delete_option( 'bwps_intrusion_warning' );
237
- delete_option( 'bit51_bwps_data' );
238
- delete_site_transient( 'bit51_bwps_backup' );
239
- delete_site_transient( 'bwps_away' );
240
 
241
- }
242
 
243
- if ( $itsec_bwps_options !== false ) {
244
 
245
- $current_options = get_site_option( 'itsec_global' );
246
 
247
- if ( $current_options === false ) {
248
- $current_options = $this->defaults;
249
- }
250
 
251
- $current_options['notification_email'] = array( isset( $itsec_bwps_options['ll_emailaddress'] ) && strlen( $itsec_bwps_options['ll_emailaddress'] ) ? $itsec_bwps_options['ll_emailaddress'] : get_option( 'admin_email' ) );
252
- $current_options['backup_email'] = array( isset( $itsec_bwps_options['backup_emailaddress'] ) && strlen( $itsec_bwps_options['backup_emailaddress'] ) ? $itsec_bwps_options['backup_emailaddress'] : get_option( 'admin_email' ) );
253
- $current_options['blacklist'] = isset( $itsec_bwps_options['ll_blacklistip'] ) && $itsec_bwps_options['ll_blacklistip'] == 0 ? false : true;
254
- $current_options['blacklist_count'] = isset( $itsec_bwps_options['ll_blacklistipthreshold'] ) && intval( $itsec_bwps_options['ll_blacklistipthreshold'] ) > 0 ? intval( $itsec_bwps_options['ll_blacklistipthreshold'] ) : 3;
255
- $current_options['write_files'] = isset( $itsec_bwps_options['st_writefiles'] ) && $itsec_bwps_options['st_writefiles'] == 1 ? true : false;
256
- $itsec_globals['settings']['write_files'] = $current_options['write_files'];
257
- $current_options['did_upgrade'] = true;
258
 
259
- if ( isset( $itsec_bwps_options['id_whitelist'] ) && ! is_array( $itsec_bwps_options['id_whitelist'] ) && strlen( $itsec_bwps_options['id_whitelist'] ) > 1 ) {
 
 
260
 
261
- $raw_hosts = explode( PHP_EOL, $itsec_bwps_options['id_whitelist'] );
 
262
 
263
- foreach ( $raw_hosts as $host ) {
 
264
 
265
- if ( strlen( $host ) > 1 ) {
266
- $current_options['lockout_white_list'][] = $host;
267
- }
268
 
269
- }
270
 
271
- }
 
272
 
273
- if ( $current_options['write_files'] === false ) {
274
- set_site_transient( 'ITSEC_SHOW_WRITE_FILES_TOOLTIP', true, 600 );
275
- }
 
276
 
277
- update_site_option( 'itsec_global', $current_options );
 
278
 
 
 
279
  }
 
280
 
281
- $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "bwps_lockouts`;" );
282
- $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "bwps_log`;" );
283
- $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_d404`;" );
284
- $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_ll`;" );
285
- $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_lockouts`;" );
286
 
287
- delete_option( 'bwps_file_log' );
288
- delete_option( 'bwps_awaymode' );
289
- delete_option( 'bwps_filecheck' );
290
- delete_option( 'BWPS_Login_Slug' );
291
- delete_option( 'BWPS_options' );
292
- delete_option( 'BWPS_versions' );
293
- delete_option( 'bit51_bwps_data' );
294
 
 
 
295
  }
296
 
297
- $this->do_modules();
298
-
299
- $itsec_globals['data']['build'] = ITSEC_Core::get_plugin_build();
300
 
301
- update_site_option( 'itsec_data', $itsec_globals['data'] );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
302
 
303
- if ( $itsec_old_version < 4030 ) {
 
 
 
 
304
 
305
- ITSEC_Lib::create_database_tables(); //adds username field to lockouts and temp
306
- $tables_updated = true;
307
- ITSEC_Response::regenerate_server_config();
308
 
 
 
309
  }
310
 
311
- if ( $itsec_old_version < 4031 ) {
312
 
313
- $banned_option = get_site_option( 'itsec_ban_users' );
314
-
315
- if ( isset( $banned_option['white_list'] ) ) {
316
-
317
- $banned_white_list = $banned_option['white_list'];
318
- $options = get_site_option( 'itsec_global' );
319
- $white_list = isset( $options['lockout_white_list'] ) ? $options['lockout_white_list'] : array();
 
 
320
 
321
- if ( ! is_array( $white_list ) ) {
322
- $white_list = explode( PHP_EOL, $white_list );
323
- }
 
 
 
324
 
325
- if ( ! is_array( $banned_white_list ) ) {
326
- $banned_white_list = explode( PHP_EOL, $banned_white_list );
327
- }
328
 
329
- $new_white_list = array_merge( $white_list, $banned_white_list );
330
 
331
- $options['lockout_white_list'] = $new_white_list;
332
 
333
- update_site_option( 'itsec_global', $options );
 
 
334
 
335
  }
336
 
337
  }
338
 
339
- if ( $itsec_old_version < 4033 ) {
 
340
 
341
- if ( get_site_option( 'itsec_api_nag' ) === false ) { //show the nag to activate an API key
342
- add_site_option( 'itsec_api_nag', true, false );
343
- }
344
 
345
- }
346
-
347
- //IPv6 support was added in 4039
348
- if ( $itsec_old_version < 4039 && ! $tables_updated ) {
349
- ITSEC_Lib::create_database_tables();
350
- $tables_updated = true;
351
- }
352
 
353
- if ( $itsec_old_version < 4040 ) {
354
- $options = get_site_option( 'itsec_global' );
 
355
 
356
- if ( $options['log_info'] ) {
357
- $new_log_info = substr( sanitize_title( get_bloginfo( 'name' ) ), 0, 20 ) . '-' . wp_generate_password( 30, false );
358
- $old_file = path_join( $options['log_location'], 'event-log-' . $options['log_info'] . '.log' );
359
- $new_file = path_join( $options['log_location'], 'event-log-' . $new_log_info . '.log' );
360
-
361
- // If the file exists already, don't update the location unless we successfully move it.
362
- if ( file_exists( $old_file ) && rename( $old_file, $new_file ) ) {
363
- $options['log_info'] = $new_log_info;
364
- }
365
  }
366
 
367
- // Make sure we have an index files to block directory listing in logs directory
368
- if ( is_dir( $options['log_location'] ) && ! file_exists( path_join( $options['log_location'], 'index.php' ) ) ) {
369
- file_put_contents( path_join( $options['log_location'], 'index.php' ), "<?php\n// Silence is golden." );
370
  }
371
 
372
- $backup_options = get_site_option( 'itsec_backup' );
373
- // Make sure we have an index files to block directory listing in backups directory
374
- if ( is_dir( $backup_options['location'] ) && ! file_exists( path_join( $backup_options['location'], 'index.php' ) ) ) {
375
- file_put_contents( path_join( $backup_options['location'], 'index.php' ), "<?php\n// Silence is golden." );
376
- }
377
 
378
  update_site_option( 'itsec_global', $options );
379
- }
380
 
381
- $itsec_modules = ITSEC_Modules::get_instance();
382
- $itsec_modules->run_upgrade( $itsec_old_version, ITSEC_Core::get_plugin_build() );
383
 
384
  }
385
 
386
- /**
387
- * Deactivate execution
388
- *
389
- * @since 4.0
390
- *
391
- * @return void
392
- * */
393
- private function deactivate_execute() {
394
-
395
- global $itsec_globals, $wpdb;
396
-
397
- wp_clear_scheduled_hook( 'itsec_purge_lockouts' );
398
-
399
- require_once( $itsec_globals['plugin_dir'] . 'core/class-itsec-modules.php' );
400
- $itsec_modules = ITSEC_Modules::get_instance();
401
- $itsec_modules->run_deactivation();
402
-
403
- $itsec_files = ITSEC_Core::get_itsec_files();
404
- $itsec_files->do_deactivate();
405
 
 
 
406
  delete_site_option( 'itsec_flush_old_rewrites' );
407
  delete_site_option( 'itsec_manual_update' );
408
  delete_site_option( 'itsec_rewrites_changed' );
@@ -410,70 +304,13 @@ class ITSEC_Setup {
410
  delete_site_option( 'itsec_had_other_version' );
411
  delete_site_option( 'itsec_no_file_lock_release' );
412
  delete_site_option( 'itsec_clear_login' );
413
- delete_site_option( 'itsec_temp_whitelist_ip' );
414
- delete_site_option( 'itsec_api_nag' );
415
  delete_site_transient( 'ITSEC_SHOW_WRITE_FILES_TOOLTIP' );
416
  delete_site_transient( 'itsec_upload_dir' );
417
- delete_site_transient( 'itsec_notification_running' );
418
- wp_clear_scheduled_hook( 'itsec_digest_email' );
419
-
420
- $htaccess = ITSEC_Lib::get_htaccess();
421
-
422
- //Make sure we can write to the file
423
- $perms = substr( sprintf( '%o', @fileperms( $htaccess ) ), - 4 );
424
-
425
- if ( $perms == '0444' ) {
426
- @chmod( $htaccess, 0664 );
427
- }
428
-
429
- flush_rewrite_rules();
430
-
431
- //reset file permissions if we changed them
432
- if ( $perms == '0444' ) {
433
- @chmod( $htaccess, 0444 );
434
- }
435
-
436
- ITSEC_Lib::clear_caches();
437
-
438
- }
439
-
440
- /**
441
- * Uninstall execution
442
- *
443
- * @since 4.0
444
- *
445
- * @return void
446
- * */
447
- private function uninstall_execute() {
448
 
449
- global $itsec_globals, $wpdb;
450
-
451
- $this->deactivate_execute();
452
-
453
- require_once( $itsec_globals['plugin_dir'] . 'core/class-itsec-modules.php' );
454
- ITSEC_Modules::run_uninstall();
455
-
456
- $itsec_files = ITSEC_Core::get_itsec_files();
457
- $itsec_files->do_deactivate();
458
-
459
- delete_site_option( 'itsec-storage' );
460
- delete_site_option( 'itsec_global' );
461
- delete_site_option( 'itsec_data' );
462
- delete_site_option( 'itsec_initials' );
463
- delete_site_option( 'itsec_jquery_version' );
464
- delete_site_option( 'itsec_message_queue' );
465
-
466
- $wpdb->query( "DROP TABLE IF EXISTS " . $wpdb->base_prefix . "itsec_log;" );
467
- $wpdb->query( "DROP TABLE IF EXISTS " . $wpdb->base_prefix . "itsec_lockouts;" );
468
- $wpdb->query( "DROP TABLE IF EXISTS " . $wpdb->base_prefix . "itsec_temp;" );
469
-
470
- if ( is_dir( ITSEC_Core::get_storage_dir() ) ) {
471
- require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-directory.php' );
472
-
473
- ITSEC_Lib_Directory::remove( ITSEC_Core::get_storage_dir() );
474
  }
475
-
476
- ITSEC_Lib::clear_caches();
477
  }
478
-
479
  }
6
  * @package iThemes-Security
7
  * @since 4.0
8
  */
9
+ final class ITSEC_Setup {
10
+ public static function handle_activation() {
11
+ self::setup_plugin_data();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  }
13
 
14
+ public static function handle_deactivation() {
15
+ if ( ! self::is_only_active_itsec_plugin() ) {
16
+ return;
17
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
18
 
19
+ if ( defined( 'ITSEC_DEVELOPMENT' ) && ITSEC_DEVELOPMENT ) {
20
+ // Set this in wp-config.php to run the uninstall routine on deactivate.
21
+ self::handle_uninstall();
22
  } else {
23
+ self::deactivate();
 
 
24
  }
 
 
25
  }
26
 
27
+ public static function handle_uninstall() {
28
+ if ( ! self::is_only_active_itsec_plugin() ) {
29
+ return;
30
+ }
 
 
 
 
 
31
 
32
+ self::deactivate();
33
+ self::uninstall();
34
+ }
35
 
36
+ public static function handle_upgrade( $build = false ) {
37
+ self::setup_plugin_data( $build );
38
  }
39
 
40
+ private static function setup_plugin_data( $build = false ) {
41
+ // Determine build number of current data if it was not passed in.
 
 
 
 
 
 
 
 
42
 
43
+ if ( empty( $build ) ) {
44
+ $build = ITSEC_Modules::get_setting( 'global', 'build' );
45
+ }
46
 
47
+ if ( empty( $build ) ) {
48
+ $plugin_data = get_site_option( 'itsec_data' );
49
 
50
+ if ( is_array( $plugin_data ) && ! empty( $plugin_data['build'] ) ) {
51
+ $build = $plugin_data['build'];
52
 
53
+ if ( ! empty( $plugin_data['activation_timestamp'] ) ) {
54
+ ITSEC_Modules::set_setting( 'global', 'activation_timestamp', $plugin_data['activation_timestamp'] );
55
+ }
56
+ }
57
 
58
+ delete_site_option( 'itsec_data' );
 
59
  }
60
 
61
+ if ( empty( $build ) ) {
62
+ if ( is_multisite() ) {
63
+ switch_to_blog( 1 );
64
+ $bwps_options = get_option( 'bit51_bwps' );
65
+ restore_current_blog();
66
+ } else {
67
+ $bwps_options = get_option( 'bit51_bwps' );
68
+ }
69
+
70
+ if ( false !== $bwps_options ) {
71
+ self::upgrade_from_bwps();
72
 
73
+ $build = 3064;
74
+ }
75
  }
76
 
 
77
 
78
+ // Ensure that the database tables are present and updated to the current schema.
79
+ require_once( ITSEC_Core::get_core_dir() . '/class-itsec-lib.php' );
80
+ ITSEC_Lib::create_database_tables();
81
+
82
+ // Run activation routines for modules to ensure that they are properly set up.
83
+ $itsec_modules = ITSEC_Modules::get_instance();
84
+ $itsec_modules->run_activation();
85
 
 
86
 
87
+ if ( ! empty( $build ) ) {
88
+ // Existing install. Perform data upgrades.
89
 
90
+ if ( $build < 4031 ) {
91
+ self::upgrade_data_to_4031();
92
+ }
93
 
94
+ if ( $build < 4069 ) {
95
+ self::upgrade_data_to_4069();
96
+ }
97
 
98
+ // Run upgrade routines for modules to ensure that they are up-to-date.
99
+ $itsec_modules = ITSEC_Modules::get_instance();
100
+ $itsec_modules->run_upgrade( $build, ITSEC_Core::get_plugin_build() );
101
  }
102
 
 
103
 
104
+ // Ensure that the active modules are loaded and regenerate the configs.
105
+ ITSEC_Modules::run_active_modules();
106
+ $itsec_files = ITSEC_Core::get_itsec_files();
107
+ $itsec_files->do_activate();
108
 
109
+ // Update stored build number.
110
+ ITSEC_Modules::set_setting( 'global', 'build', ITSEC_Core::get_plugin_build() );
111
  }
112
 
113
+ private static function deactivate() {
 
 
 
 
 
 
 
 
 
 
 
 
114
 
115
+ $itsec_modules = ITSEC_Modules::get_instance();
116
+ $itsec_modules->run_deactivation();
117
 
118
+ $itsec_files = ITSEC_Core::get_itsec_files();
119
+ $itsec_files->do_deactivate();
120
 
121
+ delete_site_option( 'itsec_temp_whitelist_ip' );
122
+ delete_site_transient( 'itsec_notification_running' );
123
+ delete_site_transient( 'itsec_wp_upload_dir' );
124
+ wp_clear_scheduled_hook( 'itsec_digest_email' );
125
+ wp_clear_scheduled_hook( 'itsec_purge_lockouts' );
126
 
127
+ $htaccess = ITSEC_Lib::get_htaccess();
 
 
128
 
129
+ //Make sure we can write to the file
130
+ $perms = substr( sprintf( '%o', @fileperms( $htaccess ) ), - 4 );
131
 
132
+ if ( $perms == '0444' ) {
133
+ @chmod( $htaccess, 0664 );
134
+ }
135
 
136
+ flush_rewrite_rules();
 
 
 
 
 
137
 
138
+ //reset file permissions if we changed them
139
+ if ( $perms == '0444' ) {
140
+ @chmod( $htaccess, 0444 );
141
+ }
142
 
143
+ ITSEC_Lib::clear_caches();
144
 
145
+ }
 
 
 
 
 
146
 
147
+ private function uninstall() {
148
 
149
+ global $wpdb;
150
 
151
+ ITSEC_Modules::run_uninstall();
152
 
153
+ $itsec_files = ITSEC_Core::get_itsec_files();
154
+ $itsec_files->do_deactivate();
 
155
 
156
+ delete_site_option( 'itsec-storage' );
157
+ delete_site_option( 'itsec_active_modules' );
 
 
 
 
 
158
 
159
+ $wpdb->query( "DROP TABLE IF EXISTS " . $wpdb->base_prefix . "itsec_log;" );
160
+ $wpdb->query( "DROP TABLE IF EXISTS " . $wpdb->base_prefix . "itsec_lockouts;" );
161
+ $wpdb->query( "DROP TABLE IF EXISTS " . $wpdb->base_prefix . "itsec_temp;" );
162
 
163
+ if ( is_dir( ITSEC_Core::get_storage_dir() ) ) {
164
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-directory.php' );
165
 
166
+ ITSEC_Lib_Directory::remove( ITSEC_Core::get_storage_dir() );
167
+ }
168
 
169
+ ITSEC_Lib::clear_caches();
 
 
170
 
171
+ }
172
 
173
+ private static function is_only_active_itsec_plugin() {
174
+ $active_plugins = (array) get_option( 'active_plugins', array() );
175
 
176
+ if ( is_multisite() ) {
177
+ $network_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
178
+ $active_plugins = array_merge( $active_plugins, array_keys( $network_plugins ) );
179
+ }
180
 
181
+ foreach ( $active_plugins as $active_plugin ) {
182
+ $file = basename( $active_plugin );
183
 
184
+ if ( in_array( $file, array( 'better-wp-security.php', 'ithemes-security-pro.php' ) ) ) {
185
+ return true;
186
  }
187
+ }
188
 
189
+ return false;
190
+ }
 
 
 
191
 
192
+ private static function upgrade_from_bwps() {
193
+ global $itsec_bwps_options, $wpdb;
 
 
 
 
 
194
 
195
+ if ( wp_next_scheduled( 'bwps_backup' ) ) {
196
+ wp_clear_scheduled_hook( 'bwps_backup' );
197
  }
198
 
199
+ if ( is_multisite() ) {
200
+ switch_to_blog( 1 );
201
+ }
202
 
203
+ $itsec_bwps_options = get_option( 'bit51_bwps' );
204
+
205
+ delete_option( 'bit51_bwps' );
206
+ delete_option( 'bwps_intrusion_warning' );
207
+ delete_option( 'bit51_bwps_data' );
208
+ delete_option( 'bwps_file_log' );
209
+ delete_option( 'bwps_awaymode' );
210
+ delete_option( 'bwps_filecheck' );
211
+ delete_option( 'BWPS_Login_Slug' );
212
+ delete_option( 'BWPS_options' );
213
+ delete_option( 'BWPS_versions' );
214
+ delete_site_transient( 'bit51_bwps_backup' );
215
+ delete_site_transient( 'bwps_away' );
216
+
217
+ if ( is_multisite() ) {
218
+ restore_current_blog();
219
+ }
220
 
221
+ $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "bwps_lockouts`;" );
222
+ $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "bwps_log`;" );
223
+ $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_d404`;" );
224
+ $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_ll`;" );
225
+ $wpdb->query( "DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_lockouts`;" );
226
 
 
 
 
227
 
228
+ if ( ! is_array( $itsec_bwps_options ) ) {
229
+ return;
230
  }
231
 
232
+ $current_options = get_site_option( 'itsec_global' );
233
 
234
+ if ( $current_options === false ) {
235
+ $current_options = array(
236
+ 'blacklist' => true,
237
+ 'blacklist_count' => 3,
238
+ 'lockout_white_list' => array(),
239
+ 'log_location' => ITSEC_Core::get_storage_dir( 'logs' ),
240
+ 'write_files' => false,
241
+ );
242
+ }
243
 
244
+ $current_options['notification_email'] = array( isset( $itsec_bwps_options['ll_emailaddress'] ) && strlen( $itsec_bwps_options['ll_emailaddress'] ) ? $itsec_bwps_options['ll_emailaddress'] : get_option( 'admin_email' ) );
245
+ $current_options['backup_email'] = array( isset( $itsec_bwps_options['backup_emailaddress'] ) && strlen( $itsec_bwps_options['backup_emailaddress'] ) ? $itsec_bwps_options['backup_emailaddress'] : get_option( 'admin_email' ) );
246
+ $current_options['blacklist'] = isset( $itsec_bwps_options['ll_blacklistip'] ) && $itsec_bwps_options['ll_blacklistip'] == 0 ? false : true;
247
+ $current_options['blacklist_count'] = isset( $itsec_bwps_options['ll_blacklistipthreshold'] ) && intval( $itsec_bwps_options['ll_blacklistipthreshold'] ) > 0 ? intval( $itsec_bwps_options['ll_blacklistipthreshold'] ) : 3;
248
+ $current_options['write_files'] = isset( $itsec_bwps_options['st_writefiles'] ) && $itsec_bwps_options['st_writefiles'] == 1 ? true : false;
249
+ $itsec_globals['settings']['write_files'] = $current_options['write_files'];
250
 
251
+ if ( isset( $itsec_bwps_options['id_whitelist'] ) && ! is_array( $itsec_bwps_options['id_whitelist'] ) && strlen( $itsec_bwps_options['id_whitelist'] ) > 1 ) {
 
 
252
 
253
+ $raw_hosts = explode( PHP_EOL, $itsec_bwps_options['id_whitelist'] );
254
 
255
+ foreach ( $raw_hosts as $host ) {
256
 
257
+ if ( strlen( $host ) > 1 ) {
258
+ $current_options['lockout_white_list'][] = $host;
259
+ }
260
 
261
  }
262
 
263
  }
264
 
265
+ update_site_option( 'itsec_global', $current_options );
266
+ }
267
 
268
+ private static function upgrade_data_to_4031() {
269
+ $banned_option = get_site_option( 'itsec_ban_users' );
 
270
 
271
+ if ( isset( $banned_option['white_list'] ) ) {
 
 
 
 
 
 
272
 
273
+ $banned_white_list = $banned_option['white_list'];
274
+ $options = get_site_option( 'itsec_global' );
275
+ $white_list = isset( $options['lockout_white_list'] ) ? $options['lockout_white_list'] : array();
276
 
277
+ if ( ! is_array( $white_list ) ) {
278
+ $white_list = explode( PHP_EOL, $white_list );
 
 
 
 
 
 
 
279
  }
280
 
281
+ if ( ! is_array( $banned_white_list ) ) {
282
+ $banned_white_list = explode( PHP_EOL, $banned_white_list );
 
283
  }
284
 
285
+ $new_white_list = array_merge( $white_list, $banned_white_list );
286
+
287
+ $options['lockout_white_list'] = $new_white_list;
 
 
288
 
289
  update_site_option( 'itsec_global', $options );
 
290
 
291
+ }
 
292
 
293
  }
294
 
295
+ private static function upgrade_data_to_4069() {
296
+ global $wpdb;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
297
 
298
+ delete_site_option( 'itsec_api_nag' );
299
+ delete_site_option( 'itsec_initials' );
300
  delete_site_option( 'itsec_flush_old_rewrites' );
301
  delete_site_option( 'itsec_manual_update' );
302
  delete_site_option( 'itsec_rewrites_changed' );
304
  delete_site_option( 'itsec_had_other_version' );
305
  delete_site_option( 'itsec_no_file_lock_release' );
306
  delete_site_option( 'itsec_clear_login' );
307
+ delete_site_option( 'itsec_jquery_version' );
 
308
  delete_site_transient( 'ITSEC_SHOW_WRITE_FILES_TOOLTIP' );
309
  delete_site_transient( 'itsec_upload_dir' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
310
 
311
+ if ( ! is_multisite() ) {
312
+ $wpdb->update( $wpdb->options, array( 'autoload' => 'yes' ), array( 'option_name' => 'itsec_active_modules' ) );
313
+ $wpdb->update( $wpdb->options, array( 'autoload' => 'yes' ), array( 'option_name' => 'itsec-storage' ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
314
  }
 
 
315
  }
 
316
  }
core/history.txt CHANGED
@@ -492,3 +492,16 @@
492
  Bug Fix: Fixed bug that prevented Network Brute Force Protection from working properly on some sites.
493
  3.0.1 - 2017-02-09 - Chris Jean
494
  Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
 
 
 
 
 
 
 
 
 
 
 
 
 
492
  Bug Fix: Fixed bug that prevented Network Brute Force Protection from working properly on some sites.
493
  3.0.1 - 2017-02-09 - Chris Jean
494
  Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
495
+ 3.1.0 - 2017-03-09 - Chris Jean
496
+ Enhancement: Improved plugin performance by reducing the number of queries made on each page.
497
+ Enhancement: Reduced memory and CPU usage due to various code improvements.
498
+ Bug Fix: A database backup will no longer be created when first activating the plugin.
499
+ Bug Fix: Added compatibility for MySQL strict mode in database creation syntax.
500
+ Bug Fix: Removed warning about a "non well formed numeric value encountered" in PHP 7.1.
501
+ Bug Fix: Modifications to wp-config.php, .htaccess, and nginx.conf files are now properly re-added upon reactivation.
502
+ Bug Fix: Fixed full settings for Hide Backend being displayed after disabling the feature and saving the settings.
503
+ Bug Fix: Enabling or disabling the Hide Backend feature will update the "Log Out" link so that it works as expected without having to load a new page.
504
+ Bug Fix: Enabling or disabling the Hide Backend feature now properly updates the .htaccess/nginx.conf file on enable and disable rather than at some future point.
505
+ Bug Fix: Fixed issue that could cause improper database table creation on multisite sites.
506
+ 3.1.1 - 2017-03-14 - Chris Jean
507
+ Bug Fix: Fixed a bug that could prevent settings from saving properly if the site was migrated to a new server or a new home path on the server.
core/lib/class-itsec-lib-config-file.php CHANGED
@@ -703,8 +703,6 @@ class ITSEC_Lib_Config_File {
703
  * @return string Full path to the server config file or a blank string if modifications for the file are disabled.
704
  */
705
  public static function get_server_config_file_path() {
706
- global $itsec_globals;
707
-
708
  $server = ITSEC_Lib_Utility::get_web_server();
709
 
710
 
703
  * @return string Full path to the server config file or a blank string if modifications for the file are disabled.
704
  */
705
  public static function get_server_config_file_path() {
 
 
706
  $server = ITSEC_Lib_Utility::get_web_server();
707
 
708
 
core/lib/storage.php CHANGED
@@ -71,7 +71,11 @@ final class ITSEC_Storage {
71
 
72
  $data->changed = false;
73
 
74
- return update_site_option( $data->option, $data->cache );
 
 
 
 
75
  }
76
 
77
  public static function reload() {
71
 
72
  $data->changed = false;
73
 
74
+ if ( is_multisite() ) {
75
+ return update_site_option( $data->option, $data->cache );
76
+ } else {
77
+ return update_option( $data->option, $data->cache );
78
+ }
79
  }
80
 
81
  public static function reload() {
core/lib/validator.php CHANGED
@@ -3,61 +3,61 @@
3
  abstract class ITSEC_Validator {
4
  protected $run_validate_matching_fields = true;
5
  protected $run_validate_matching_types = true;
6
-
7
  protected $settings_obj;
8
  protected $defaults;
9
  protected $settings;
10
  protected $previous_settings;
11
-
12
  protected $can_save = true;
13
  protected $needs_refresh = false;
14
  protected $errors = array();
15
  protected $messages = array();
16
  protected $vars_to_skip_validate_matching_fields = array();
17
  protected $vars_to_skip_validate_matching_types = array();
18
-
19
-
20
  public function __construct() {
21
  $this->settings_obj = ITSEC_Modules::get_settings_obj( $this->get_id() );
22
-
23
  if ( ! is_callable( array( $this->settings_obj, 'get_defaults' ) ) ) {
24
  return;
25
  }
26
-
27
  $this->defaults = $this->settings_obj->get_defaults();
28
  }
29
-
30
  abstract public function get_id();
31
  protected function sanitize_settings() {}
32
  protected function validate_settings() {}
33
-
34
  public function validate( $settings ) {
35
  $this->settings = $settings;
36
  $this->previous_settings = ITSEC_Modules::get_settings( $this->get_id() );
37
-
38
  $this->sanitize_settings();
39
-
40
  if ( $this->run_validate_matching_fields ) {
41
  $this->validate_matching_fields();
42
  }
43
-
44
  if ( $this->run_validate_matching_types ) {
45
  $this->validate_matching_types();
46
  }
47
-
48
  $this->validate_settings();
49
  }
50
-
51
  protected function validate_matching_fields() {
52
  $id = $this->get_id();
53
-
54
  foreach ( array_keys( $this->defaults ) as $name ) {
55
  if ( ! isset( $this->settings[$name] ) && ! in_array( $name, $this->vars_to_skip_validate_matching_fields ) ) {
56
  $this->add_error( new WP_Error( "itsec-validator-$id-validate_matching_fields-missing-name-$name", sprintf( __( 'A validation function for %1$s received data that did not have the required entry for %2$s.', 'better-wp-security' ), $id, $name ) ) );
57
  $this->set_can_save( false );
58
  }
59
  }
60
-
61
  foreach ( array_keys( $this->settings ) as $name ) {
62
  if ( ! isset( $this->defaults[$name] ) && ! in_array( $name, $this->vars_to_skip_validate_matching_fields ) ) {
63
  $this->add_error( new WP_Error( "itsec-validator-$id-validate_matching_fields-unknown-name-$name", sprintf( __( 'A validation function for %1$s received data that has an entry for %2$s when no such entry exists.', 'better-wp-security' ), $id, $name ) ) );
@@ -65,29 +65,29 @@ abstract class ITSEC_Validator {
65
  }
66
  }
67
  }
68
-
69
  protected function validate_matching_types() {
70
  $id = $this->get_id();
71
-
72
  foreach ( $this->defaults as $name => $value ) {
73
  if ( in_array( $name, $this->vars_to_skip_validate_matching_types ) ) {
74
  // This is to prevent errors for a specific var appearing twice.
75
  continue;
76
  }
77
-
78
  if ( ! isset( $this->settings[$name] ) ) {
79
  // Skip missing entries to allow implementations that use validate_matching_types() but not
80
  // validate_matching_fields().
81
  continue;
82
  }
83
-
84
  if ( gettype( $value ) !== gettype( $this->settings[$name] ) ) {
85
  $this->add_error( new WP_Error( "itsec-validator-$id-validate_matching_types-inmatching-type-$name", sprintf( __( 'A validation function for %1$s received data that does not match the expected data type for the %2$s entry. A data type of %3$s was expected, but a data type of %4$s was received.', 'better-wp-security' ), $id, $name, gettype( $value ), gettype( $this->settings[$name] ) ) ) );
86
  $this->set_can_save( false );
87
  }
88
  }
89
  }
90
-
91
  final protected function set_default_if_empty( $vars ) {
92
  foreach ( (array) $vars as $var ) {
93
  if ( ! isset( $this->settings[$var] ) || '' === $this->settings[$var] ) {
@@ -95,7 +95,7 @@ abstract class ITSEC_Validator {
95
  }
96
  }
97
  }
98
-
99
  final protected function set_previous_if_empty( $vars ) {
100
  foreach ( (array) $vars as $var ) {
101
  if ( ! isset( $this->settings[$var] ) || '' === $this->settings[$var] ) {
@@ -103,26 +103,26 @@ abstract class ITSEC_Validator {
103
  }
104
  }
105
  }
106
-
107
  final protected function sanitize_setting( $type, $var, $name, $prevent_save_on_error = true, $trim_value = true ) {
108
  $id = $this->get_id();
109
-
110
  if ( ! isset( $this->settings[$var] ) ) {
111
  $this->add_error( new WP_Error( "itsec-validator-missing-var-$id-$var", sprintf( __( 'A validation check for %1$s failed. The %2$s value is missing. This could be due to a problem with the iThemes Security installation or an invalid modification. Please reinstall iThemes Security and try again.', 'better-wp-security' ), $id, $name ) ) );
112
  return false;
113
  }
114
-
115
  if ( $trim_value && is_string( $this->settings[$var] ) ) {
116
  $this->settings[$var] = trim( $this->settings[$var] );
117
  }
118
-
119
  $error = false;
120
-
121
  if ( 'string' === $type ) {
122
  $this->settings[$var] = (string) $this->settings[$var];
123
  } else if ( 'non-empty-string' === $type ) {
124
  $this->settings[$var] = (string) $this->settings[$var];
125
-
126
  if ( empty( $this->settings[$var] ) ) {
127
  $error = sprintf( __( 'The %1$s value cannot be empty.', 'better-wp-security' ), $name );
128
  }
@@ -130,7 +130,7 @@ abstract class ITSEC_Validator {
130
  $this->settings[$var] = sanitize_title( $this->settings[$var] );
131
  } else if ( 'non-empty-title' === $type ) {
132
  $this->settings[$var] = sanitize_title( $this->settings[$var] );
133
-
134
  if ( empty( $this->settings[$var] ) ) {
135
  $error = sprintf( __( 'The %1$s value cannot be empty.', 'better-wp-security' ), $name );
136
  }
@@ -166,26 +166,26 @@ abstract class ITSEC_Validator {
166
  }
167
  } else if ( 'email' === $type ) {
168
  $this->settings[$var] = sanitize_text_field( $this->settings[$var] );
169
-
170
  if ( empty( $this->settings[$var] ) || ! is_email( $this->settings[$var] ) ) {
171
  $error = sprintf( __( 'The %1$s value must be a valid email address.', 'better-wp-security' ), $name );
172
  }
173
  } else if ( 'valid-username' === $type ) {
174
  $this->settings[$var] = sanitize_text_field( $this->settings[$var] );
175
-
176
  if ( ! empty( $this->settings[$var] ) && ! validate_username( $this->settings[$var] ) ) {
177
  $error = sprintf( __( 'The %1$s value is not a valid username.', 'better-wp-security' ), $name );
178
  }
179
  } else if ( 'date' === $type ) {
180
  $val = $this->settings[$var];
181
-
182
  $separator = '[\-/\. ]';
183
-
184
  if ( preg_match( "|^(\d\d\d\d)$separator(\d\d?)$separator(\d\d?)$|", $val, $match ) ) {
185
  $year = intval( $match[1] );
186
  $month = intval( $match[2] );
187
  $day = intval( $match[3] );
188
-
189
  if ( ! checkdate( $month, $day, $year ) ) {
190
  $error = sprintf( __( 'The %1$s value must be a valid date.', 'better-wp-security' ), $name );
191
  }
@@ -197,21 +197,21 @@ abstract class ITSEC_Validator {
197
  $error = sprintf( __( 'The %1$s value must be a string.', 'better-wp-security' ), $name );
198
  } else {
199
  require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php' );
200
-
201
  $this->settings[$var] = rtrim( $this->settings[$var], DIRECTORY_SEPARATOR );
202
-
203
  if ( ! ITSEC_Lib_Directory::is_dir( $this->settings[$var] ) ) {
204
  $result = ITSEC_Lib_Directory::create( $this->settings[$var] );
205
-
206
  if ( is_wp_error( $result ) ) {
207
  $error = sprintf( _x( 'The directory supplied in %1$s cannot be used as a valid directory. %2$s', '%1$s is the input name. %2$s is the error message.', 'better-wp-security' ), $name, $result->get_error_message() );
208
  }
209
  }
210
-
211
  if ( empty( $error ) && ! ITSEC_Lib_Directory::is_writable( $this->settings[$var] ) ) {
212
  $error = sprintf( __( 'The directory supplied in %1$s is not writable. Please select a directory that can be written to.', 'better-wp-security' ), $name );
213
  }
214
-
215
  if ( empty( $error ) ) {
216
  ITSEC_Lib_Directory::add_file_listing_protection( $this->settings[$var] );
217
  }
@@ -221,17 +221,17 @@ abstract class ITSEC_Validator {
221
  $error = sprintf( __( 'The %1$s value must be a string.', 'better-wp-security' ), $name );
222
  } else {
223
  require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php' );
224
-
225
  if ( ! ITSEC_Lib_File::is_file( $this->settings[$var] ) && ITSEC_Lib_File::exists( $this->settings[$var] ) ) {
226
  $error = sprintf( __( 'The file path supplied in %1$s cannot be used as it already exists but is not a file. Please supply a valid file path.', 'better-wp-security' ), $name );
227
  } else {
228
  $result = ITSEC_Lib_Directory::create( dirname( $this->settings[$var] ) );
229
-
230
  if ( is_wp_error( $result ) ) {
231
  $error = sprintf( _x( 'The file path supplied in %1$s cannot be used as the parent directory cannot be created. %2$s', '%1$s is the input name. %2$s is the error message.', 'better-wp-security' ), $name, $result->get_error_message() );
232
  } else if ( ! ITSEC_Lib_File::exists( $this->settings[$var] ) ) {
233
  $result = ITSEC_Lib_File::write( $this->settings[$var], '' );
234
-
235
  if ( is_wp_error( $result ) ) {
236
  $error = sprintf( __( 'The file path supplied in %1$s could not be created. Please supply a file path that can be written to.', 'better-wp-security' ), $name );
237
  } else if ( ! is_writable( $this->settings[$var] ) ) {
@@ -244,21 +244,21 @@ abstract class ITSEC_Validator {
244
  }
245
  } else if ( is_array( $type ) && 2 === count( $type ) && $this === $type[0] ) {
246
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
247
-
248
  if ( ! is_array( $this->settings[$var] ) ) {
249
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
250
  } else {
251
  $invalid_entries = array();
252
-
253
  foreach ( $this->settings[$var] as $index => $entry ) {
254
  $entry = sanitize_text_field( trim( $entry ) );
255
  $this->settings[$var][$index] = $entry;
256
-
257
  if ( empty( $entry ) ) {
258
  unset( $this->settings[$var][$index] );
259
  } else {
260
  $result = call_user_func( $type, $entry );
261
-
262
  if ( false === $result ) {
263
  $invalid_entries[] = $entry;
264
  } else {
@@ -266,9 +266,9 @@ abstract class ITSEC_Validator {
266
  }
267
  }
268
  }
269
-
270
  $this->settings[$var] = array_unique( $this->settings[$var] );
271
-
272
  if ( ! empty( $invalid_entries ) ) {
273
  $error = wp_sprintf( _n( 'The following entry in %1$s is invalid: %2$l', 'The following entries in %1$s are invalid: %2$l', count( $invalid_entries ), 'better-wp-security' ), $name, $invalid_entries );
274
  }
@@ -276,20 +276,20 @@ abstract class ITSEC_Validator {
276
  } else if ( is_array( $type ) ) {
277
  if ( is_array( $this->settings[$var] ) ) {
278
  $invalid_entries = array();
279
-
280
  foreach ( $this->settings[$var] as $index => $entry ) {
281
  $entry = sanitize_text_field( trim( $entry ) );
282
  $this->settings[$var][$index] = $entry;
283
-
284
  if ( empty( $entry ) ) {
285
  unset( $this->settings[$var][$index] );
286
  } else if ( ! in_array( $entry, $type, true ) ) {
287
  $invalid_entries[] = $entry;
288
  }
289
  }
290
-
291
  $this->settings[$var] = array_unique( $this->settings[$var] );
292
-
293
  if ( ! empty( $invalid_entries ) ) {
294
  $error = wp_sprintf( _n( 'The following entry in %1$s is invalid: %2$l', 'The following entries in %1$s are invalid: %2$l', count( $invalid_entries ), 'better-wp-security' ), $name, $invalid_entries );
295
  }
@@ -299,53 +299,53 @@ abstract class ITSEC_Validator {
299
  }
300
  } else if ( 'newline-separated-array' === $type ) {
301
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
302
-
303
  if ( ! is_array( $this->settings[$var] ) ) {
304
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
305
  }
306
  } else if ( 'newline-separated-emails' === $type ) {
307
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
308
-
309
  if ( ! is_array( $this->settings[$var] ) ) {
310
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
311
  } else {
312
  $invalid_emails = array();
313
-
314
  foreach ( $this->settings[$var] as $index => $email ) {
315
  $email = sanitize_text_field( trim( $email ) );
316
  $this->settings[$var][$index] = $email;
317
-
318
  if ( empty( $email ) ) {
319
  unset( $this->settings[$var][$index] );
320
  } else if ( ! is_email( $email ) ) {
321
  $invalid_emails[] = $email;
322
  }
323
  }
324
-
325
  $this->settings[$var] = array_unique( $this->settings[$var] );
326
-
327
  if ( ! empty( $invalid_emails ) ) {
328
  $error = wp_sprintf( _n( 'The following email in %1$s is invalid: %2$l', 'The following emails in %1$s are invalid: %2$l', count( $invalid_emails ), 'better-wp-security' ), $name, $invalid_emails );
329
  }
330
  }
331
  } else if ( 'newline-separated-ips' === $type ) {
332
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
333
-
334
  if ( ! is_array( $this->settings[$var] ) ) {
335
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
336
  } else {
337
  require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-ip-tools.php' );
338
-
339
  $invalid_ips = array();
340
-
341
  foreach ( $this->settings[$var] as $index => $ip ) {
342
  $ip = trim( $ip );
343
-
344
  if ( '' === $ip ) {
345
  unset( $this->settings[$var][$index] );
346
  } else {
347
  $validated_ip = ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr( $ip );
348
-
349
  if ( false === $validated_ip ) {
350
  $invalid_ips[] = $ip;
351
  } else {
@@ -353,29 +353,29 @@ abstract class ITSEC_Validator {
353
  }
354
  }
355
  }
356
-
357
  $this->settings[$var] = array_unique( $this->settings[$var] );
358
-
359
  if ( ! empty( $invalid_ips ) ) {
360
  $error = wp_sprintf( _n( 'The following IP in %1$s is invalid: %2$l', 'The following IPs in %1$s are invalid: %2$l', count( $invalid_ips ), 'better-wp-security' ), $name, $invalid_ips );
361
  }
362
  }
363
  } else if ( 'newline-separated-extensions' === $type ) {
364
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
365
-
366
  if ( ! is_array( $this->settings[$var] ) ) {
367
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
368
  } else {
369
  $invalid_extensions = array();
370
-
371
  foreach ( $this->settings[$var] as $index => $extension ) {
372
  if ( ! preg_match( '/^(\.[^.]+)+$/', $extension ) ) {
373
  $invalid_extensions[] = $extension;
374
  }
375
  }
376
-
377
  $this->settings[$var] = array_unique( $this->settings[$var] );
378
-
379
  if ( ! empty( $invalid_extensions ) ) {
380
  $error = wp_sprintf( _n( 'The following extension in %1$s is invalid: %2$l', 'The following extensions in %1$s are invalid: %2$l', count( $invalid_extensions ), 'better-wp-security' ), $name, $invalid_extensions );
381
  }
@@ -384,21 +384,21 @@ abstract class ITSEC_Validator {
384
  /* translators: 1: sanitize type, 2: input name */
385
  $error = sprintf( __( 'An invalid sanitize type of "%1$s" was received for the %2$s input.', 'better-wp-security' ), $type, $name );
386
  }
387
-
388
  if ( false !== $error ) {
389
  $this->add_error( new WP_Error( "itsec-validator-$id-invalid-type-$var-$type", $error ) );
390
  $this->vars_to_skip_validate_matching_types[] = $var;
391
-
392
- if ( $prevent_save_on_error ) {
393
  $this->set_can_save( false );
394
  }
395
-
396
  return false;
397
  }
398
-
399
  return true;
400
  }
401
-
402
  final protected function convert_string_to_array( $string ) {
403
  if ( is_string( $string ) ) {
404
  $array = preg_split( "/[\r\n]+/", $string );
@@ -407,24 +407,24 @@ abstract class ITSEC_Validator {
407
  } else {
408
  return $string;
409
  }
410
-
411
  foreach ( $array as $key => $val ) {
412
  $val = trim( $val );
413
-
414
  if ( empty( $val ) ) {
415
  unset( $array[$key] );
416
  } else {
417
  $array[$key] = $val;
418
  }
419
  }
420
-
421
  return $array;
422
  }
423
-
424
  final protected function add_error( $error ) {
425
  $this->errors[] = $error;
426
  }
427
-
428
  final public function found_errors() {
429
  if ( empty( $this->errors ) ) {
430
  return false;
@@ -432,35 +432,35 @@ abstract class ITSEC_Validator {
432
  return true;
433
  }
434
  }
435
-
436
  final public function get_errors() {
437
  return $this->errors;
438
  }
439
-
440
  final protected function add_message( $message ) {
441
  $this->messages[] = $message;
442
  }
443
-
444
  final public function get_messages() {
445
  return $this->messages;
446
  }
447
-
448
  final protected function set_can_save( $can_save ) {
449
  $this->can_save = (bool) $can_save;
450
  }
451
-
452
  final public function can_save() {
453
  return $this->can_save;
454
  }
455
-
456
  final protected function set_needs_refresh( $needs_refresh ) {
457
  $this->needs_refresh = (bool) $needs_refresh;
458
  }
459
-
460
  final public function needs_refresh() {
461
  return $this->needs_refresh;
462
  }
463
-
464
  final public function get_settings() {
465
  return $this->settings;
466
  }
3
  abstract class ITSEC_Validator {
4
  protected $run_validate_matching_fields = true;
5
  protected $run_validate_matching_types = true;
6
+
7
  protected $settings_obj;
8
  protected $defaults;
9
  protected $settings;
10
  protected $previous_settings;
11
+
12
  protected $can_save = true;
13
  protected $needs_refresh = false;
14
  protected $errors = array();
15
  protected $messages = array();
16
  protected $vars_to_skip_validate_matching_fields = array();
17
  protected $vars_to_skip_validate_matching_types = array();
18
+
19
+
20
  public function __construct() {
21
  $this->settings_obj = ITSEC_Modules::get_settings_obj( $this->get_id() );
22
+
23
  if ( ! is_callable( array( $this->settings_obj, 'get_defaults' ) ) ) {
24
  return;
25
  }
26
+
27
  $this->defaults = $this->settings_obj->get_defaults();
28
  }
29
+
30
  abstract public function get_id();
31
  protected function sanitize_settings() {}
32
  protected function validate_settings() {}
33
+
34
  public function validate( $settings ) {
35
  $this->settings = $settings;
36
  $this->previous_settings = ITSEC_Modules::get_settings( $this->get_id() );
37
+
38
  $this->sanitize_settings();
39
+
40
  if ( $this->run_validate_matching_fields ) {
41
  $this->validate_matching_fields();
42
  }
43
+
44
  if ( $this->run_validate_matching_types ) {
45
  $this->validate_matching_types();
46
  }
47
+
48
  $this->validate_settings();
49
  }
50
+
51
  protected function validate_matching_fields() {
52
  $id = $this->get_id();
53
+
54
  foreach ( array_keys( $this->defaults ) as $name ) {
55
  if ( ! isset( $this->settings[$name] ) && ! in_array( $name, $this->vars_to_skip_validate_matching_fields ) ) {
56
  $this->add_error( new WP_Error( "itsec-validator-$id-validate_matching_fields-missing-name-$name", sprintf( __( 'A validation function for %1$s received data that did not have the required entry for %2$s.', 'better-wp-security' ), $id, $name ) ) );
57
  $this->set_can_save( false );
58
  }
59
  }
60
+
61
  foreach ( array_keys( $this->settings ) as $name ) {
62
  if ( ! isset( $this->defaults[$name] ) && ! in_array( $name, $this->vars_to_skip_validate_matching_fields ) ) {
63
  $this->add_error( new WP_Error( "itsec-validator-$id-validate_matching_fields-unknown-name-$name", sprintf( __( 'A validation function for %1$s received data that has an entry for %2$s when no such entry exists.', 'better-wp-security' ), $id, $name ) ) );
65
  }
66
  }
67
  }
68
+
69
  protected function validate_matching_types() {
70
  $id = $this->get_id();
71
+
72
  foreach ( $this->defaults as $name => $value ) {
73
  if ( in_array( $name, $this->vars_to_skip_validate_matching_types ) ) {
74
  // This is to prevent errors for a specific var appearing twice.
75
  continue;
76
  }
77
+
78
  if ( ! isset( $this->settings[$name] ) ) {
79
  // Skip missing entries to allow implementations that use validate_matching_types() but not
80
  // validate_matching_fields().
81
  continue;
82
  }
83
+
84
  if ( gettype( $value ) !== gettype( $this->settings[$name] ) ) {
85
  $this->add_error( new WP_Error( "itsec-validator-$id-validate_matching_types-inmatching-type-$name", sprintf( __( 'A validation function for %1$s received data that does not match the expected data type for the %2$s entry. A data type of %3$s was expected, but a data type of %4$s was received.', 'better-wp-security' ), $id, $name, gettype( $value ), gettype( $this->settings[$name] ) ) ) );
86
  $this->set_can_save( false );
87
  }
88
  }
89
  }
90
+
91
  final protected function set_default_if_empty( $vars ) {
92
  foreach ( (array) $vars as $var ) {
93
  if ( ! isset( $this->settings[$var] ) || '' === $this->settings[$var] ) {
95
  }
96
  }
97
  }
98
+
99
  final protected function set_previous_if_empty( $vars ) {
100
  foreach ( (array) $vars as $var ) {
101
  if ( ! isset( $this->settings[$var] ) || '' === $this->settings[$var] ) {
103
  }
104
  }
105
  }
106
+
107
  final protected function sanitize_setting( $type, $var, $name, $prevent_save_on_error = true, $trim_value = true ) {
108
  $id = $this->get_id();
109
+
110
  if ( ! isset( $this->settings[$var] ) ) {
111
  $this->add_error( new WP_Error( "itsec-validator-missing-var-$id-$var", sprintf( __( 'A validation check for %1$s failed. The %2$s value is missing. This could be due to a problem with the iThemes Security installation or an invalid modification. Please reinstall iThemes Security and try again.', 'better-wp-security' ), $id, $name ) ) );
112
  return false;
113
  }
114
+
115
  if ( $trim_value && is_string( $this->settings[$var] ) ) {
116
  $this->settings[$var] = trim( $this->settings[$var] );
117
  }
118
+
119
  $error = false;
120
+
121
  if ( 'string' === $type ) {
122
  $this->settings[$var] = (string) $this->settings[$var];
123
  } else if ( 'non-empty-string' === $type ) {
124
  $this->settings[$var] = (string) $this->settings[$var];
125
+
126
  if ( empty( $this->settings[$var] ) ) {
127
  $error = sprintf( __( 'The %1$s value cannot be empty.', 'better-wp-security' ), $name );
128
  }
130
  $this->settings[$var] = sanitize_title( $this->settings[$var] );
131
  } else if ( 'non-empty-title' === $type ) {
132
  $this->settings[$var] = sanitize_title( $this->settings[$var] );
133
+
134
  if ( empty( $this->settings[$var] ) ) {
135
  $error = sprintf( __( 'The %1$s value cannot be empty.', 'better-wp-security' ), $name );
136
  }
166
  }
167
  } else if ( 'email' === $type ) {
168
  $this->settings[$var] = sanitize_text_field( $this->settings[$var] );
169
+
170
  if ( empty( $this->settings[$var] ) || ! is_email( $this->settings[$var] ) ) {
171
  $error = sprintf( __( 'The %1$s value must be a valid email address.', 'better-wp-security' ), $name );
172
  }
173
  } else if ( 'valid-username' === $type ) {
174
  $this->settings[$var] = sanitize_text_field( $this->settings[$var] );
175
+
176
  if ( ! empty( $this->settings[$var] ) && ! validate_username( $this->settings[$var] ) ) {
177
  $error = sprintf( __( 'The %1$s value is not a valid username.', 'better-wp-security' ), $name );
178
  }
179
  } else if ( 'date' === $type ) {
180
  $val = $this->settings[$var];
181
+
182
  $separator = '[\-/\. ]';
183
+
184
  if ( preg_match( "|^(\d\d\d\d)$separator(\d\d?)$separator(\d\d?)$|", $val, $match ) ) {
185
  $year = intval( $match[1] );
186
  $month = intval( $match[2] );
187
  $day = intval( $match[3] );
188
+
189
  if ( ! checkdate( $month, $day, $year ) ) {
190
  $error = sprintf( __( 'The %1$s value must be a valid date.', 'better-wp-security' ), $name );
191
  }
197
  $error = sprintf( __( 'The %1$s value must be a string.', 'better-wp-security' ), $name );
198
  } else {
199
  require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php' );
200
+
201
  $this->settings[$var] = rtrim( $this->settings[$var], DIRECTORY_SEPARATOR );
202
+
203
  if ( ! ITSEC_Lib_Directory::is_dir( $this->settings[$var] ) ) {
204
  $result = ITSEC_Lib_Directory::create( $this->settings[$var] );
205
+
206
  if ( is_wp_error( $result ) ) {
207
  $error = sprintf( _x( 'The directory supplied in %1$s cannot be used as a valid directory. %2$s', '%1$s is the input name. %2$s is the error message.', 'better-wp-security' ), $name, $result->get_error_message() );
208
  }
209
  }
210
+
211
  if ( empty( $error ) && ! ITSEC_Lib_Directory::is_writable( $this->settings[$var] ) ) {
212
  $error = sprintf( __( 'The directory supplied in %1$s is not writable. Please select a directory that can be written to.', 'better-wp-security' ), $name );
213
  }
214
+
215
  if ( empty( $error ) ) {
216
  ITSEC_Lib_Directory::add_file_listing_protection( $this->settings[$var] );
217
  }
221
  $error = sprintf( __( 'The %1$s value must be a string.', 'better-wp-security' ), $name );
222
  } else {
223
  require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php' );
224
+
225
  if ( ! ITSEC_Lib_File::is_file( $this->settings[$var] ) && ITSEC_Lib_File::exists( $this->settings[$var] ) ) {
226
  $error = sprintf( __( 'The file path supplied in %1$s cannot be used as it already exists but is not a file. Please supply a valid file path.', 'better-wp-security' ), $name );
227
  } else {
228
  $result = ITSEC_Lib_Directory::create( dirname( $this->settings[$var] ) );
229
+
230
  if ( is_wp_error( $result ) ) {
231
  $error = sprintf( _x( 'The file path supplied in %1$s cannot be used as the parent directory cannot be created. %2$s', '%1$s is the input name. %2$s is the error message.', 'better-wp-security' ), $name, $result->get_error_message() );
232
  } else if ( ! ITSEC_Lib_File::exists( $this->settings[$var] ) ) {
233
  $result = ITSEC_Lib_File::write( $this->settings[$var], '' );
234
+
235
  if ( is_wp_error( $result ) ) {
236
  $error = sprintf( __( 'The file path supplied in %1$s could not be created. Please supply a file path that can be written to.', 'better-wp-security' ), $name );
237
  } else if ( ! is_writable( $this->settings[$var] ) ) {
244
  }
245
  } else if ( is_array( $type ) && 2 === count( $type ) && $this === $type[0] ) {
246
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
247
+
248
  if ( ! is_array( $this->settings[$var] ) ) {
249
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
250
  } else {
251
  $invalid_entries = array();
252
+
253
  foreach ( $this->settings[$var] as $index => $entry ) {
254
  $entry = sanitize_text_field( trim( $entry ) );
255
  $this->settings[$var][$index] = $entry;
256
+
257
  if ( empty( $entry ) ) {
258
  unset( $this->settings[$var][$index] );
259
  } else {
260
  $result = call_user_func( $type, $entry );
261
+
262
  if ( false === $result ) {
263
  $invalid_entries[] = $entry;
264
  } else {
266
  }
267
  }
268
  }
269
+
270
  $this->settings[$var] = array_unique( $this->settings[$var] );
271
+
272
  if ( ! empty( $invalid_entries ) ) {
273
  $error = wp_sprintf( _n( 'The following entry in %1$s is invalid: %2$l', 'The following entries in %1$s are invalid: %2$l', count( $invalid_entries ), 'better-wp-security' ), $name, $invalid_entries );
274
  }
276
  } else if ( is_array( $type ) ) {
277
  if ( is_array( $this->settings[$var] ) ) {
278
  $invalid_entries = array();
279
+
280
  foreach ( $this->settings[$var] as $index => $entry ) {
281
  $entry = sanitize_text_field( trim( $entry ) );
282
  $this->settings[$var][$index] = $entry;
283
+
284
  if ( empty( $entry ) ) {
285
  unset( $this->settings[$var][$index] );
286
  } else if ( ! in_array( $entry, $type, true ) ) {
287
  $invalid_entries[] = $entry;
288
  }
289
  }
290
+
291
  $this->settings[$var] = array_unique( $this->settings[$var] );
292
+
293
  if ( ! empty( $invalid_entries ) ) {
294
  $error = wp_sprintf( _n( 'The following entry in %1$s is invalid: %2$l', 'The following entries in %1$s are invalid: %2$l', count( $invalid_entries ), 'better-wp-security' ), $name, $invalid_entries );
295
  }
299
  }
300
  } else if ( 'newline-separated-array' === $type ) {
301
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
302
+
303
  if ( ! is_array( $this->settings[$var] ) ) {
304
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
305
  }
306
  } else if ( 'newline-separated-emails' === $type ) {
307
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
308
+
309
  if ( ! is_array( $this->settings[$var] ) ) {
310
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
311
  } else {
312
  $invalid_emails = array();
313
+
314
  foreach ( $this->settings[$var] as $index => $email ) {
315
  $email = sanitize_text_field( trim( $email ) );
316
  $this->settings[$var][$index] = $email;
317
+
318
  if ( empty( $email ) ) {
319
  unset( $this->settings[$var][$index] );
320
  } else if ( ! is_email( $email ) ) {
321
  $invalid_emails[] = $email;
322
  }
323
  }
324
+
325
  $this->settings[$var] = array_unique( $this->settings[$var] );
326
+
327
  if ( ! empty( $invalid_emails ) ) {
328
  $error = wp_sprintf( _n( 'The following email in %1$s is invalid: %2$l', 'The following emails in %1$s are invalid: %2$l', count( $invalid_emails ), 'better-wp-security' ), $name, $invalid_emails );
329
  }
330
  }
331
  } else if ( 'newline-separated-ips' === $type ) {
332
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
333
+
334
  if ( ! is_array( $this->settings[$var] ) ) {
335
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
336
  } else {
337
  require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-ip-tools.php' );
338
+
339
  $invalid_ips = array();
340
+
341
  foreach ( $this->settings[$var] as $index => $ip ) {
342
  $ip = trim( $ip );
343
+
344
  if ( '' === $ip ) {
345
  unset( $this->settings[$var][$index] );
346
  } else {
347
  $validated_ip = ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr( $ip );
348
+
349
  if ( false === $validated_ip ) {
350
  $invalid_ips[] = $ip;
351
  } else {
353
  }
354
  }
355
  }
356
+
357
  $this->settings[$var] = array_unique( $this->settings[$var] );
358
+
359
  if ( ! empty( $invalid_ips ) ) {
360
  $error = wp_sprintf( _n( 'The following IP in %1$s is invalid: %2$l', 'The following IPs in %1$s are invalid: %2$l', count( $invalid_ips ), 'better-wp-security' ), $name, $invalid_ips );
361
  }
362
  }
363
  } else if ( 'newline-separated-extensions' === $type ) {
364
  $this->settings[$var] = $this->convert_string_to_array( $this->settings[$var] );
365
+
366
  if ( ! is_array( $this->settings[$var] ) ) {
367
  $error = sprintf( __( 'The %1$s value must be a string with each entry separated by a new line.', 'better-wp-security' ), $name );
368
  } else {
369
  $invalid_extensions = array();
370
+
371
  foreach ( $this->settings[$var] as $index => $extension ) {
372
  if ( ! preg_match( '/^(\.[^.]+)+$/', $extension ) ) {
373
  $invalid_extensions[] = $extension;
374
  }
375
  }
376
+
377
  $this->settings[$var] = array_unique( $this->settings[$var] );
378
+
379
  if ( ! empty( $invalid_extensions ) ) {
380
  $error = wp_sprintf( _n( 'The following extension in %1$s is invalid: %2$l', 'The following extensions in %1$s are invalid: %2$l', count( $invalid_extensions ), 'better-wp-security' ), $name, $invalid_extensions );
381
  }
384
  /* translators: 1: sanitize type, 2: input name */
385
  $error = sprintf( __( 'An invalid sanitize type of "%1$s" was received for the %2$s input.', 'better-wp-security' ), $type, $name );
386
  }
387
+
388
  if ( false !== $error ) {
389
  $this->add_error( new WP_Error( "itsec-validator-$id-invalid-type-$var-$type", $error ) );
390
  $this->vars_to_skip_validate_matching_types[] = $var;
391
+
392
+ if ( $prevent_save_on_error && ITSEC_Core::is_interactive() ) {
393
  $this->set_can_save( false );
394
  }
395
+
396
  return false;
397
  }
398
+
399
  return true;
400
  }
401
+
402
  final protected function convert_string_to_array( $string ) {
403
  if ( is_string( $string ) ) {
404
  $array = preg_split( "/[\r\n]+/", $string );
407
  } else {
408
  return $string;
409
  }
410
+
411
  foreach ( $array as $key => $val ) {
412
  $val = trim( $val );
413
+
414
  if ( empty( $val ) ) {
415
  unset( $array[$key] );
416
  } else {
417
  $array[$key] = $val;
418
  }
419
  }
420
+
421
  return $array;
422
  }
423
+
424
  final protected function add_error( $error ) {
425
  $this->errors[] = $error;
426
  }
427
+
428
  final public function found_errors() {
429
  if ( empty( $this->errors ) ) {
430
  return false;
432
  return true;
433
  }
434
  }
435
+
436
  final public function get_errors() {
437
  return $this->errors;
438
  }
439
+
440
  final protected function add_message( $message ) {
441
  $this->messages[] = $message;
442
  }
443
+
444
  final public function get_messages() {
445
  return $this->messages;
446
  }
447
+
448
  final protected function set_can_save( $can_save ) {
449
  $this->can_save = (bool) $can_save;
450
  }
451
+
452
  final public function can_save() {
453
  return $this->can_save;
454
  }
455
+
456
  final protected function set_needs_refresh( $needs_refresh ) {
457
  $this->needs_refresh = (bool) $needs_refresh;
458
  }
459
+
460
  final public function needs_refresh() {
461
  return $this->needs_refresh;
462
  }
463
+
464
  final public function get_settings() {
465
  return $this->settings;
466
  }
core/modules/404-detection/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( '404-detection', dirname( __FILE__ ) );
 
 
 
core/modules/admin-user/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'admin-user', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/away-mode/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'away-mode', dirname( __FILE__ ) );
 
 
 
core/modules/away-mode/setup.php CHANGED
@@ -58,10 +58,10 @@ if ( ! class_exists( 'ITSEC_Away_Mode_Setup' ) ) {
58
 
59
  if ( $itsec_old_version < 4000 ) {
60
 
61
- global $itsec_bwps_options, $itsec_globals;
62
 
63
  $current_options = get_site_option( 'itsec_away_mode' );
64
- $current_time = $itsec_globals['current_time'];
65
 
66
  // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
67
  if ( false !== $current_options ) {
58
 
59
  if ( $itsec_old_version < 4000 ) {
60
 
61
+ global $itsec_bwps_options;
62
 
63
  $current_options = get_site_option( 'itsec_away_mode' );
64
+ $current_time = ITSEC_Core::get_current_time();
65
 
66
  // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
67
  if ( false !== $current_options ) {
core/modules/away-mode/utilities.php CHANGED
@@ -36,8 +36,6 @@ final class ITSEC_Away_Mode_Utilities {
36
  }
37
 
38
  public static function get_active_file_name() {
39
- global $itsec_globals;
40
-
41
  $file_name = apply_filters( 'itsec_filer_away_mode_active_file', ITSEC_Core::get_storage_dir() . '/itsec_away.confg' );
42
 
43
  return $file_name;
36
  }
37
 
38
  public static function get_active_file_name() {
 
 
39
  $file_name = apply_filters( 'itsec_filer_away_mode_active_file', ITSEC_Core::get_storage_dir() . '/itsec_away.confg' );
40
 
41
  return $file_name;
core/modules/backup/class-itsec-backup.php CHANGED
@@ -32,8 +32,6 @@ class ITSEC_Backup {
32
  */
33
  function run() {
34
 
35
- global $itsec_globals;
36
-
37
  $this->settings = ITSEC_Modules::get_settings( 'backup' );
38
 
39
  add_action( 'itsec_execute_backup_cron', array( $this, 'do_backup' ) );
@@ -48,6 +46,11 @@ class ITSEC_Backup {
48
  return;
49
  }
50
 
 
 
 
 
 
51
  if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
52
  // Don't run on AJAX requests.
53
  return;
@@ -58,15 +61,10 @@ class ITSEC_Backup {
58
  return;
59
  }
60
 
61
- if ( $this->settings['interval'] <= 0 ) {
62
- // Don't run when the interval is zero or less.
63
- return;
64
- }
65
-
66
 
67
  $next_run = $this->settings['last_run'] + $this->settings['interval'] * DAY_IN_SECONDS;
68
 
69
- if ( $next_run <= $itsec_globals['current_time_gmt'] ) {
70
  add_action( 'init', array( $this, 'do_backup' ), 10, 0 );
71
  }
72
  }
32
  */
33
  function run() {
34
 
 
 
35
  $this->settings = ITSEC_Modules::get_settings( 'backup' );
36
 
37
  add_action( 'itsec_execute_backup_cron', array( $this, 'do_backup' ) );
46
  return;
47
  }
48
 
49
+ if ( ! $this->settings['enabled'] || $this->settings['interval'] <= 0 ) {
50
+ // Don't run when scheduled backups aren't enabled or the interval is zero or less.
51
+ return;
52
+ }
53
+
54
  if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
55
  // Don't run on AJAX requests.
56
  return;
61
  return;
62
  }
63
 
 
 
 
 
 
64
 
65
  $next_run = $this->settings['last_run'] + $this->settings['interval'] * DAY_IN_SECONDS;
66
 
67
+ if ( $next_run <= ITSEC_Core::get_current_time_gmt() ) {
68
  add_action( 'init', array( $this, 'do_backup' ), 10, 0 );
69
  }
70
  }
core/modules/backup/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'backup', dirname( __FILE__ ), 'default-active' );
 
 
 
core/modules/backup/setup.php CHANGED
@@ -20,16 +20,14 @@ if ( ! class_exists( 'ITSEC_Backup_Setup' ) ) {
20
  *
21
  * @return void
22
  */
23
- public function execute_activate() {
24
- }
25
 
26
  /**
27
  * Execute module deactivation
28
  *
29
  * @return void
30
  */
31
- public function execute_deactivate() {
32
- }
33
 
34
  /**
35
  * Execute module uninstall
@@ -49,9 +47,9 @@ if ( ! class_exists( 'ITSEC_Backup_Setup' ) ) {
49
  *
50
  * @return void
51
  */
52
- public function execute_upgrade( $itsec_old_version ) {
53
 
54
- if ( $itsec_old_version < 4000 ) {
55
 
56
  global $itsec_bwps_options;
57
 
@@ -70,7 +68,15 @@ if ( ! class_exists( 'ITSEC_Backup_Setup' ) ) {
70
 
71
  }
72
 
73
- if ( $itsec_old_version < 4041 ) {
 
 
 
 
 
 
 
 
74
  $current_options = get_site_option( 'itsec_backup' );
75
 
76
  // If there are no current options, go with the new defaults by not saving anything
@@ -98,6 +104,9 @@ if ( ! class_exists( 'ITSEC_Backup_Setup' ) ) {
98
  }
99
  }
100
 
 
 
 
101
  }
102
 
103
  }
20
  *
21
  * @return void
22
  */
23
+ public function execute_activate() {}
 
24
 
25
  /**
26
  * Execute module deactivation
27
  *
28
  * @return void
29
  */
30
+ public function execute_deactivate() {}
 
31
 
32
  /**
33
  * Execute module uninstall
47
  *
48
  * @return void
49
  */
50
+ public function execute_upgrade( $build ) {
51
 
52
+ if ( $build < 4000 ) {
53
 
54
  global $itsec_bwps_options;
55
 
68
 
69
  }
70
 
71
+ if ( $build < 4040 ) {
72
+ $backup_options = get_site_option( 'itsec_backup' );
73
+ // Make sure we have an index files to block directory listing in backups directory
74
+ if ( is_dir( $backup_options['location'] ) && ! file_exists( path_join( $backup_options['location'], 'index.php' ) ) ) {
75
+ file_put_contents( path_join( $backup_options['location'], 'index.php' ), "<?php\n// Silence is golden." );
76
+ }
77
+ }
78
+
79
+ if ( $build < 4041 ) {
80
  $current_options = get_site_option( 'itsec_backup' );
81
 
82
  // If there are no current options, go with the new defaults by not saving anything
104
  }
105
  }
106
 
107
+ if ( $build < 4069 ) {
108
+ delete_site_option( 'itsec_backup' );
109
+ }
110
  }
111
 
112
  }
core/modules/ban-users/init.php CHANGED
@@ -1,17 +1,14 @@
1
  <?php
2
 
3
- ITSEC_Modules::register_module( 'ban-users', dirname( __FILE__ ), 'default-active' );
4
-
5
-
6
  function itsec_ban_users_handle_new_blacklisted_ip( $ip ) {
7
  $host_list = ITSEC_Modules::get_setting( 'ban-users', 'host_list', array() );
8
-
9
  if ( ! is_array( $host_list ) ) {
10
  $host_list = array();
11
  }
12
-
13
  $host_list[] = $ip;
14
-
15
  ITSEC_Modules::set_setting( 'ban-users', 'host_list', $host_list );
16
  }
17
  add_action( 'itsec-new-blacklisted-ip', 'itsec_ban_users_handle_new_blacklisted_ip' );
1
  <?php
2
 
 
 
 
3
  function itsec_ban_users_handle_new_blacklisted_ip( $ip ) {
4
  $host_list = ITSEC_Modules::get_setting( 'ban-users', 'host_list', array() );
5
+
6
  if ( ! is_array( $host_list ) ) {
7
  $host_list = array();
8
  }
9
+
10
  $host_list[] = $ip;
11
+
12
  ITSEC_Modules::set_setting( 'ban-users', 'host_list', $host_list );
13
  }
14
  add_action( 'itsec-new-blacklisted-ip', 'itsec_ban_users_handle_new_blacklisted_ip' );
core/modules/ban-users/setup.php CHANGED
@@ -96,16 +96,9 @@ if ( ! class_exists( 'ITSEC_Ban_Users_Setup' ) ) {
96
  }
97
 
98
  update_site_option( 'itsec_ban_users', $current_options );
99
- ITSEC_Response::regenerate_server_config();
100
  }
101
  }
102
 
103
- if ( $itsec_old_version < 4027 ) {
104
-
105
- ITSEC_Response::regenerate_server_config();
106
-
107
- }
108
-
109
  if ( $itsec_old_version < 4041 ) {
110
  $current_options = get_site_option( 'itsec_ban_users' );
111
 
@@ -141,6 +134,9 @@ if ( ! class_exists( 'ITSEC_Ban_Users_Setup' ) ) {
141
  }
142
  }
143
 
 
 
 
144
  }
145
 
146
  }
96
  }
97
 
98
  update_site_option( 'itsec_ban_users', $current_options );
 
99
  }
100
  }
101
 
 
 
 
 
 
 
102
  if ( $itsec_old_version < 4041 ) {
103
  $current_options = get_site_option( 'itsec_ban_users' );
104
 
134
  }
135
  }
136
 
137
+ if ( $itsec_old_version < 4069 ) {
138
+ delete_site_option( 'itsec_ban_users' );
139
+ }
140
  }
141
 
142
  }
core/modules/brute-force/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'brute-force', dirname( __FILE__ ), 'default-active' );
 
 
 
core/modules/content-directory/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'content-directory', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/content-directory/utility.php CHANGED
@@ -3,15 +3,15 @@
3
  final class ITSEC_Content_Directory_Utility {
4
  public static function change_content_directory( $dir_name ) {
5
  $dir_name = sanitize_file_name( $dir_name );
6
-
7
  if ( empty( $dir_name ) ) {
8
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-empty-directory-name', __( 'The content directory cannot be changed to a blank directory name.', 'better-wp-security' ) );
9
  }
10
-
11
  if ( preg_match( '{^(?:/|\\|[a-z]:)}i', $dir_name ) ) {
12
  return new WP_Error( 'itsec-content-diraectory-utility-change-content-directory-received-absolute-path', sprintf( __( 'The new directory name cannot be an absolute path. Please supply a path that is relative to <code>ABSPATH</code> (<code>%s</code>).', 'better-wp-security' ), esc_html( ABSPATH ) ) );
13
  }
14
-
15
  if ( 0 === strpos( WP_CONTENT_DIR, ABSPATH ) ) {
16
  $old_name = substr( WP_CONTENT_DIR, strlen( ABSPATH ) );
17
  $new_name = $dir_name;
@@ -19,76 +19,76 @@ final class ITSEC_Content_Directory_Utility {
19
  $old_name = WP_CONTENT_DIR;
20
  $new_name = ABSPATH . $dir_name;
21
  }
22
-
23
  $old_dir = WP_CONTENT_DIR;
24
  $new_dir = ABSPATH . $dir_name;
25
-
26
  if ( $old_dir === $new_dir ) {
27
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-received-same-directory', __( 'The new directory name cannot be the same as the current directory name. Please supply a new directory name.', 'better-wp-security' ) );
28
  }
29
-
30
  if ( file_exists( $new_dir ) ) {
31
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-path-already-exists', sprintf( __( 'A file or directory already exists at <code>%s</code>. No Directory Name changes have been made. Please choose a new Directory Name or remove the existing file or directory and try again.', 'better-wp-security' ), esc_html( $new_dir ) ) );
32
  }
33
-
34
-
35
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
36
-
37
-
38
  $old_permissions = ITSEC_Lib_Directory::get_permissions( $old_dir );
39
  $result = rename( $old_dir, $new_dir );
40
-
41
  if ( ! $result ) {
42
  /* translators: 1: Old directory path, 2: New directory path */
43
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-cannot-rename-directory', sprintf( __( 'Unable to rename the <code>%1$s</code> directory to <code>%2$s</code>. This could indicate a file permission issue or that your server does not support the supplied name as a valid directory name. No config file or directory changes have been made.', 'better-wp-security' ), esc_html( $old_name ), esc_html( $new_name ) ) );
44
  }
45
-
46
  // Make sure ITSEC_Core knows it's in a different place
47
  $plugin_file = str_replace( $old_dir, $new_dir, ITSEC_Core::get_plugin_file() );
48
  ITSEC_Core::set_plugin_file( $plugin_file );
49
  ITSEC_Core::update_wp_upload_dir( $old_dir, $new_dir );
50
  ITSEC_Modules::update_module_paths( $old_dir, $new_dir );
51
-
52
-
53
  $new_permissions = ITSEC_Lib_Directory::get_permissions( $new_dir );
54
-
55
  if ( is_int( $old_permissions) && is_int( $new_permissions ) && ( $old_permissions != $new_permissions ) ) {
56
  $result = ITSEC_Lib_Directory::chmod( $new_dir, $old_permissions );
57
-
58
  if ( is_wp_error( $result ) ) {
59
  /* translators: 1: Directory path, 2: Directory permissions */
60
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-unable-to-change-permissions', sprintf( __( 'Unable to set the permissions of the new Directory Name (<code>%1$s</code>) to match the permissions of the old Directory Name. You may have to manually change the permissions of the directory to <code>%2$s</code> in order for your site to function properly.', 'better-wp-security' ), esc_html( $new_name ), esc_html( $old_permissions ) ) );
61
  }
62
  }
63
-
64
-
65
  if ( 'wp-content' === $dir_name ) {
66
  // We're undoing the change.
67
  $expression = self::get_wp_config_define_expression();
68
  $expression = substr( $expression, 0, -1 );
69
  $expression .= "[\r\n]*|";
70
-
71
  $modification_result = ITSEC_Lib_Config_File::remove_from_wp_config( $expression );
72
  } else {
73
  $modification = self::get_wp_config_modification( $new_dir, get_option( 'siteurl' ) . "/$dir_name" );
74
-
75
  $modification_result = ITSEC_Lib_Config_File::append_wp_config( $modification, true );
76
  }
77
-
78
-
79
  if ( is_wp_error( $modification_result ) ) {
80
  $rename_result = rename( $new_dir, $old_dir );
81
-
82
  if ( $rename_result ) {
83
  // Reset the ITSEC_Core plugin file back to its old setting.
84
  $plugin_file = str_replace( $new_dir, $old_dir, ITSEC_Core::get_plugin_file() );
85
  ITSEC_Core::set_plugin_file( $plugin_file );
86
  ITSEC_Core::update_wp_upload_dir( $new_dir, $old_dir );
87
  ITSEC_Modules::update_module_paths( $new_dir, $old_dir );
88
-
89
-
90
  ITSEC_Lib_Directory::chmod( $old_dir, $old_permissions );
91
-
92
  /* translators: 1: Specific error details */
93
  return new WP_Error( $modification_result->get_error_code(), sprintf( __( 'Unable to update the <code>wp-config.php</code> file. No directory or config file changes have been made. The error that prevented the file from updating is as follows: %1$s', 'better-wp-security' ), $modification_result->get_error_message() ) );
94
  } else {
@@ -96,68 +96,68 @@ final class ITSEC_Content_Directory_Utility {
96
  return new WP_Error( $modification_result->get_error_code(), sprintf( __( 'CRITICAL ERROR: The <code>%1$s</code> directory was successfully renamed to the new name (<code>%2$s</code>). However, an error occurred when updating the <code>wp-config.php</code> file to configure WordPress to use the new content directory. iThemes Security attempted to rename the directory back to its original name, but an unknown error prevented the rename from working as expected. In order for your site to function properly, you will either need to manually rename the <code>%2$s</code> directory back to <code>%1$s</code> or manually update the <code>wp-config.php</code> file with the necessary modifications. The error that prevented the file from updating is as follows: %3$s', 'better-wp-security' ), $old_name, $new_name, $modification_result->get_error_message() ) );
97
  }
98
  }
99
-
100
-
101
  $backups_location = ITSEC_Modules::get_setting( 'backup', 'location' );
102
  $backups_location = str_replace( $old_dir, $new_dir, $backups_location );
103
  ITSEC_Modules::set_setting( 'backup', 'location', $backups_location );
104
-
105
  $log_location = ITSEC_Modules::get_setting( 'global', 'log_location' );
106
  $log_location = str_replace( $old_dir, $new_dir, $log_location );
107
  ITSEC_Modules::set_setting( 'global', 'log_location', $log_location );
108
-
109
  $nginx_file = ITSEC_Modules::get_setting( 'global', 'nginx_file' );
110
  $nginx_file = str_replace( $old_dir, $new_dir, $nginx_file );
111
  ITSEC_Modules::set_setting( 'global', 'nginx_file', $nginx_file );
112
-
113
-
114
  return $dir_name;
115
  }
116
-
117
  public static function get_wp_config_define_warning() {
118
  return __( 'Do not remove. Removing this line could break your site. Added by Security > Settings > Change Content Directory.', 'better-wp-security' );
119
  }
120
-
121
  public static function get_wp_config_define( $name, $value, $include_warning_comment = true ) {
122
  $name = str_replace( "'", "\\'", $name );
123
  $value = str_replace( "'", "\\'", $value );
124
  $line = "define( '$name', '$value' );";
125
-
126
  if ( $include_warning_comment ) {
127
  $line .= ' // ' . self::get_wp_config_define_warning();
128
  }
129
-
130
  return $line;
131
  }
132
-
133
  public static function get_wp_config_modification( $dir, $url, $include_warning_comment = true ) {
134
  $modification = self::get_wp_config_define( 'WP_CONTENT_DIR', $dir, $include_warning_comment ) . "\n";
135
  $modification .= self::get_wp_config_define( 'WP_CONTENT_URL', $url, $include_warning_comment );
136
-
137
  return $modification;
138
  }
139
-
140
  public static function get_wp_config_define_expression( $include_warning_comment = true ) {
141
  $expression = self::get_wp_config_modification( 'WILDCARD', 'WILDCARD', $include_warning_comment );
142
  $expression = preg_quote( $expression, '|' );
143
  $expression = str_replace( ' ', '\s*', $expression );
144
  $expression = str_replace( 'WILDCARD', "[^']+", $expression );
145
  $expression = "|$expression|";
146
-
147
  if ( $include_warning_comment ) {
148
  $expression = str_replace( "\n", "\s*[\r\n]+\s*", $expression );
149
  } else {
150
  $expression = str_replace( "\n", "\s*", $expression );
151
  }
152
-
153
  return $expression;
154
  }
155
-
156
  public static function is_custom_directory() {
157
  if ( isset( $GLOBALS['__itsec_content_directory_is_custom_directory'] ) ) {
158
  return $GLOBALS['__itsec_content_directory_is_custom_directory'];
159
  }
160
-
161
  if ( ABSPATH . 'wp-content' !== WP_CONTENT_DIR ) {
162
  $GLOBALS['__itsec_content_directory_is_custom_directory'] = true;
163
  } else if ( get_option( 'siteurl' ) . '/wp-content' !== WP_CONTENT_URL ) {
@@ -165,62 +165,62 @@ final class ITSEC_Content_Directory_Utility {
165
  } else {
166
  $GLOBALS['__itsec_content_directory_is_custom_directory'] = false;
167
  }
168
-
169
  return $GLOBALS['__itsec_content_directory_is_custom_directory'];
170
  }
171
-
172
  public static function is_modified_by_it_security() {
173
  if ( isset( $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] ) ) {
174
  return $GLOBALS['__itsec_content_directory_is_modified_by_it_security'];
175
  }
176
-
177
  $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = false;
178
-
179
-
180
  if ( ! self::is_custom_directory() ) {
181
  return false;
182
  }
183
-
184
-
185
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-config-file.php' );
186
-
187
  $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
188
-
189
  if ( empty( $wp_config_file ) ) {
190
  return false;
191
  }
192
-
193
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-file.php' );
194
-
195
  $wp_config = ITSEC_Lib_File::read( $wp_config_file );
196
-
197
  if ( is_wp_error( $wp_config ) ) {
198
  return false;
199
  }
200
-
201
  $define_expression = self::get_wp_config_define_expression();
202
-
203
  if ( ! preg_match( $define_expression, $wp_config ) ) {
204
  return false;
205
  }
206
-
207
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php' );
208
-
209
  $wp_config_without_comments = ITSEC_Lib_Utility::strip_php_comments( $wp_config );
210
-
211
  if ( is_wp_error( $wp_config_without_comments ) ) {
212
  return false;
213
  }
214
-
215
  $define_expression_without_comment = self::get_wp_config_define_expression( false );
216
-
217
  if ( ! preg_match( $define_expression_without_comment, $wp_config_without_comments ) ) {
218
  return false;
219
  }
220
-
221
-
222
  $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = true;
223
-
224
  return true;
225
  }
226
  }
3
  final class ITSEC_Content_Directory_Utility {
4
  public static function change_content_directory( $dir_name ) {
5
  $dir_name = sanitize_file_name( $dir_name );
6
+
7
  if ( empty( $dir_name ) ) {
8
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-empty-directory-name', __( 'The content directory cannot be changed to a blank directory name.', 'better-wp-security' ) );
9
  }
10
+
11
  if ( preg_match( '{^(?:/|\\|[a-z]:)}i', $dir_name ) ) {
12
  return new WP_Error( 'itsec-content-diraectory-utility-change-content-directory-received-absolute-path', sprintf( __( 'The new directory name cannot be an absolute path. Please supply a path that is relative to <code>ABSPATH</code> (<code>%s</code>).', 'better-wp-security' ), esc_html( ABSPATH ) ) );
13
  }
14
+
15
  if ( 0 === strpos( WP_CONTENT_DIR, ABSPATH ) ) {
16
  $old_name = substr( WP_CONTENT_DIR, strlen( ABSPATH ) );
17
  $new_name = $dir_name;
19
  $old_name = WP_CONTENT_DIR;
20
  $new_name = ABSPATH . $dir_name;
21
  }
22
+
23
  $old_dir = WP_CONTENT_DIR;
24
  $new_dir = ABSPATH . $dir_name;
25
+
26
  if ( $old_dir === $new_dir ) {
27
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-received-same-directory', __( 'The new directory name cannot be the same as the current directory name. Please supply a new directory name.', 'better-wp-security' ) );
28
  }
29
+
30
  if ( file_exists( $new_dir ) ) {
31
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-path-already-exists', sprintf( __( 'A file or directory already exists at <code>%s</code>. No Directory Name changes have been made. Please choose a new Directory Name or remove the existing file or directory and try again.', 'better-wp-security' ), esc_html( $new_dir ) ) );
32
  }
33
+
34
+
35
  require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
36
+
37
+
38
  $old_permissions = ITSEC_Lib_Directory::get_permissions( $old_dir );
39
  $result = rename( $old_dir, $new_dir );
40
+
41
  if ( ! $result ) {
42
  /* translators: 1: Old directory path, 2: New directory path */
43
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-cannot-rename-directory', sprintf( __( 'Unable to rename the <code>%1$s</code> directory to <code>%2$s</code>. This could indicate a file permission issue or that your server does not support the supplied name as a valid directory name. No config file or directory changes have been made.', 'better-wp-security' ), esc_html( $old_name ), esc_html( $new_name ) ) );
44
  }
45
+
46
  // Make sure ITSEC_Core knows it's in a different place
47
  $plugin_file = str_replace( $old_dir, $new_dir, ITSEC_Core::get_plugin_file() );
48
  ITSEC_Core::set_plugin_file( $plugin_file );
49
  ITSEC_Core::update_wp_upload_dir( $old_dir, $new_dir );
50
  ITSEC_Modules::update_module_paths( $old_dir, $new_dir );
51
+
52
+
53
  $new_permissions = ITSEC_Lib_Directory::get_permissions( $new_dir );
54
+
55
  if ( is_int( $old_permissions) && is_int( $new_permissions ) && ( $old_permissions != $new_permissions ) ) {
56
  $result = ITSEC_Lib_Directory::chmod( $new_dir, $old_permissions );
57
+
58
  if ( is_wp_error( $result ) ) {
59
  /* translators: 1: Directory path, 2: Directory permissions */
60
  return new WP_Error( 'itsec-content-directory-utility-change-content-directory-unable-to-change-permissions', sprintf( __( 'Unable to set the permissions of the new Directory Name (<code>%1$s</code>) to match the permissions of the old Directory Name. You may have to manually change the permissions of the directory to <code>%2$s</code> in order for your site to function properly.', 'better-wp-security' ), esc_html( $new_name ), esc_html( $old_permissions ) ) );
61
  }
62
  }
63
+
64
+
65
  if ( 'wp-content' === $dir_name ) {
66
  // We're undoing the change.
67
  $expression = self::get_wp_config_define_expression();
68
  $expression = substr( $expression, 0, -1 );
69
  $expression .= "[\r\n]*|";
70
+
71
  $modification_result = ITSEC_Lib_Config_File::remove_from_wp_config( $expression );
72
  } else {
73
  $modification = self::get_wp_config_modification( $new_dir, get_option( 'siteurl' ) . "/$dir_name" );
74
+
75
  $modification_result = ITSEC_Lib_Config_File::append_wp_config( $modification, true );
76
  }
77
+
78
+
79
  if ( is_wp_error( $modification_result ) ) {
80
  $rename_result = rename( $new_dir, $old_dir );
81
+
82
  if ( $rename_result ) {
83
  // Reset the ITSEC_Core plugin file back to its old setting.
84
  $plugin_file = str_replace( $new_dir, $old_dir, ITSEC_Core::get_plugin_file() );
85
  ITSEC_Core::set_plugin_file( $plugin_file );
86
  ITSEC_Core::update_wp_upload_dir( $new_dir, $old_dir );
87
  ITSEC_Modules::update_module_paths( $new_dir, $old_dir );
88
+
89
+
90
  ITSEC_Lib_Directory::chmod( $old_dir, $old_permissions );
91
+
92
  /* translators: 1: Specific error details */
93
  return new WP_Error( $modification_result->get_error_code(), sprintf( __( 'Unable to update the <code>wp-config.php</code> file. No directory or config file changes have been made. The error that prevented the file from updating is as follows: %1$s', 'better-wp-security' ), $modification_result->get_error_message() ) );
94
  } else {
96
  return new WP_Error( $modification_result->get_error_code(), sprintf( __( 'CRITICAL ERROR: The <code>%1$s</code> directory was successfully renamed to the new name (<code>%2$s</code>). However, an error occurred when updating the <code>wp-config.php</code> file to configure WordPress to use the new content directory. iThemes Security attempted to rename the directory back to its original name, but an unknown error prevented the rename from working as expected. In order for your site to function properly, you will either need to manually rename the <code>%2$s</code> directory back to <code>%1$s</code> or manually update the <code>wp-config.php</code> file with the necessary modifications. The error that prevented the file from updating is as follows: %3$s', 'better-wp-security' ), $old_name, $new_name, $modification_result->get_error_message() ) );
97
  }
98
  }
99
+
100
+
101
  $backups_location = ITSEC_Modules::get_setting( 'backup', 'location' );
102
  $backups_location = str_replace( $old_dir, $new_dir, $backups_location );
103
  ITSEC_Modules::set_setting( 'backup', 'location', $backups_location );
104
+
105
  $log_location = ITSEC_Modules::get_setting( 'global', 'log_location' );
106
  $log_location = str_replace( $old_dir, $new_dir, $log_location );
107
  ITSEC_Modules::set_setting( 'global', 'log_location', $log_location );
108
+
109
  $nginx_file = ITSEC_Modules::get_setting( 'global', 'nginx_file' );
110
  $nginx_file = str_replace( $old_dir, $new_dir, $nginx_file );
111
  ITSEC_Modules::set_setting( 'global', 'nginx_file', $nginx_file );
112
+
113
+
114
  return $dir_name;
115
  }
116
+
117
  public static function get_wp_config_define_warning() {
118
  return __( 'Do not remove. Removing this line could break your site. Added by Security > Settings > Change Content Directory.', 'better-wp-security' );
119
  }
120
+
121
  public static function get_wp_config_define( $name, $value, $include_warning_comment = true ) {
122
  $name = str_replace( "'", "\\'", $name );
123
  $value = str_replace( "'", "\\'", $value );
124
  $line = "define( '$name', '$value' );";
125
+
126
  if ( $include_warning_comment ) {
127
  $line .= ' // ' . self::get_wp_config_define_warning();
128
  }
129
+
130
  return $line;
131
  }
132
+
133
  public static function get_wp_config_modification( $dir, $url, $include_warning_comment = true ) {
134
  $modification = self::get_wp_config_define( 'WP_CONTENT_DIR', $dir, $include_warning_comment ) . "\n";
135
  $modification .= self::get_wp_config_define( 'WP_CONTENT_URL', $url, $include_warning_comment );
136
+
137
  return $modification;
138
  }
139
+
140
  public static function get_wp_config_define_expression( $include_warning_comment = true ) {
141
  $expression = self::get_wp_config_modification( 'WILDCARD', 'WILDCARD', $include_warning_comment );
142
  $expression = preg_quote( $expression, '|' );
143
  $expression = str_replace( ' ', '\s*', $expression );
144
  $expression = str_replace( 'WILDCARD', "[^']+", $expression );
145
  $expression = "|$expression|";
146
+
147
  if ( $include_warning_comment ) {
148
  $expression = str_replace( "\n", "\s*[\r\n]+\s*", $expression );
149
  } else {
150
  $expression = str_replace( "\n", "\s*", $expression );
151
  }
152
+
153
  return $expression;
154
  }
155
+
156
  public static function is_custom_directory() {
157
  if ( isset( $GLOBALS['__itsec_content_directory_is_custom_directory'] ) ) {
158
  return $GLOBALS['__itsec_content_directory_is_custom_directory'];
159
  }
160
+
161
  if ( ABSPATH . 'wp-content' !== WP_CONTENT_DIR ) {
162
  $GLOBALS['__itsec_content_directory_is_custom_directory'] = true;
163
  } else if ( get_option( 'siteurl' ) . '/wp-content' !== WP_CONTENT_URL ) {
165
  } else {
166
  $GLOBALS['__itsec_content_directory_is_custom_directory'] = false;
167
  }
168
+
169
  return $GLOBALS['__itsec_content_directory_is_custom_directory'];
170
  }
171
+
172
  public static function is_modified_by_it_security() {
173
  if ( isset( $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] ) ) {
174
  return $GLOBALS['__itsec_content_directory_is_modified_by_it_security'];
175
  }
176
+
177
  $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = false;
178
+
179
+
180
  if ( ! self::is_custom_directory() ) {
181
  return false;
182
  }
183
+
184
+
185
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
186
+
187
  $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
188
+
189
  if ( empty( $wp_config_file ) ) {
190
  return false;
191
  }
192
+
193
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php' );
194
+
195
  $wp_config = ITSEC_Lib_File::read( $wp_config_file );
196
+
197
  if ( is_wp_error( $wp_config ) ) {
198
  return false;
199
  }
200
+
201
  $define_expression = self::get_wp_config_define_expression();
202
+
203
  if ( ! preg_match( $define_expression, $wp_config ) ) {
204
  return false;
205
  }
206
+
207
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-utility.php' );
208
+
209
  $wp_config_without_comments = ITSEC_Lib_Utility::strip_php_comments( $wp_config );
210
+
211
  if ( is_wp_error( $wp_config_without_comments ) ) {
212
  return false;
213
  }
214
+
215
  $define_expression_without_comment = self::get_wp_config_define_expression( false );
216
+
217
  if ( ! preg_match( $define_expression_without_comment, $wp_config_without_comments ) ) {
218
  return false;
219
  }
220
+
221
+
222
  $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = true;
223
+
224
  return true;
225
  }
226
  }
core/modules/core/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'core', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/core/setup.php CHANGED
@@ -20,11 +20,7 @@ if ( ! class_exists( 'ITSEC_Core_Setup' ) ) {
20
  *
21
  * @return void
22
  */
23
- public function execute_activate() {
24
-
25
- add_site_option( 'itsec_free_just_activated', true );
26
-
27
- }
28
 
29
  /**
30
  * Execute module deactivation
@@ -53,12 +49,14 @@ if ( ! class_exists( 'ITSEC_Core_Setup' ) ) {
53
  *
54
  * @return void
55
  */
56
- public function execute_upgrade() {
57
-
 
 
58
  }
59
 
60
  }
61
 
62
  }
63
 
64
- new ITSEC_Core_Setup();
20
  *
21
  * @return void
22
  */
23
+ public function execute_activate() {}
 
 
 
 
24
 
25
  /**
26
  * Execute module deactivation
49
  *
50
  * @return void
51
  */
52
+ public function execute_upgrade( $build ) {
53
+ if ( $build < 4069 ) {
54
+ delete_site_option( 'itsec_free_just_activated' );
55
+ }
56
  }
57
 
58
  }
59
 
60
  }
61
 
62
+ new ITSEC_Core_Setup();
core/modules/database-prefix/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'database-prefix', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/database-prefix/utility.php CHANGED
@@ -3,17 +3,17 @@
3
  final class ITSEC_Database_Prefix_Utility {
4
  public static function change_database_prefix() {
5
  global $wpdb;
6
-
7
-
8
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-config-file.php' );
9
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-file.php' );
10
-
11
  $response = array(
12
  'errors' => array(),
13
  'new_prefix' => false,
14
  );
15
-
16
-
17
  //suppress error messages due to timing
18
  // error_reporting( 0 );
19
  // @ini_set( 'display_errors', 0 );
@@ -48,26 +48,26 @@ final class ITSEC_Database_Prefix_Utility {
48
 
49
  $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
50
  $config = ITSEC_Lib_File::read( $config_file_path );
51
-
52
  if ( is_wp_error( $config ) ) {
53
  /* translators: 1: Specific error details */
54
  $response['errors'][] = new WP_Error( $confix->get_error_code(), sprintf( __( 'Unable to read the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security' ), $config->get_error_message() ) );
55
  return $response;
56
  }
57
-
58
-
59
  $regex = '/(\$table_prefix\s*=\s*)([\'"]).+?\\2(\s*;)/';
60
  $config = preg_replace( $regex, "\${1}'$new_prefix'\${3}", $config );
61
-
62
  $write_result = ITSEC_Lib_File::write( $config_file_path, $config );
63
-
64
  if ( is_wp_error( $write_result ) ) {
65
  /* translators: 1: Specific error details */
66
  $response['errors'][] = new WP_Error( $confix->get_error_code(), sprintf( __( 'Unable to update the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security' ), $config->get_error_message() ) );
67
  return $response;
68
  }
69
-
70
-
71
  $response['new_prefix'] = $new_prefix;
72
 
73
 
3
  final class ITSEC_Database_Prefix_Utility {
4
  public static function change_database_prefix() {
5
  global $wpdb;
6
+
7
+
8
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
9
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php' );
10
+
11
  $response = array(
12
  'errors' => array(),
13
  'new_prefix' => false,
14
  );
15
+
16
+
17
  //suppress error messages due to timing
18
  // error_reporting( 0 );
19
  // @ini_set( 'display_errors', 0 );
48
 
49
  $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
50
  $config = ITSEC_Lib_File::read( $config_file_path );
51
+
52
  if ( is_wp_error( $config ) ) {
53
  /* translators: 1: Specific error details */
54
  $response['errors'][] = new WP_Error( $confix->get_error_code(), sprintf( __( 'Unable to read the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security' ), $config->get_error_message() ) );
55
  return $response;
56
  }
57
+
58
+
59
  $regex = '/(\$table_prefix\s*=\s*)([\'"]).+?\\2(\s*;)/';
60
  $config = preg_replace( $regex, "\${1}'$new_prefix'\${3}", $config );
61
+
62
  $write_result = ITSEC_Lib_File::write( $config_file_path, $config );
63
+
64
  if ( is_wp_error( $write_result ) ) {
65
  /* translators: 1: Specific error details */
66
  $response['errors'][] = new WP_Error( $confix->get_error_code(), sprintf( __( 'Unable to update the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security' ), $config->get_error_message() ) );
67
  return $response;
68
  }
69
+
70
+
71
  $response['new_prefix'] = $new_prefix;
72
 
73
 
core/modules/file-change/class-itsec-file-change.php CHANGED
@@ -24,8 +24,6 @@ class ITSEC_File_Change {
24
  */
25
  function run() {
26
 
27
- global $itsec_globals;
28
-
29
  $settings = ITSEC_Modules::get_settings( 'file-change' );
30
  $interval = 86400; //Run daily
31
 
@@ -44,7 +42,7 @@ class ITSEC_File_Change {
44
  if (
45
  ( ! defined( 'DOING_AJAX' ) || DOING_AJAX === false ) &&
46
  isset( $settings['last_run'] ) &&
47
- ( $itsec_globals['current_time'] - $interval ) > $settings['last_run'] &&
48
  ( ! defined( 'ITSEC_FILE_CHECK_CRON' ) || false === ITSEC_FILE_CHECK_CRON )
49
  ) {
50
 
@@ -122,8 +120,6 @@ class ITSEC_File_Change {
122
  */
123
  public function logs_metabox_content() {
124
 
125
- global $itsec_globals;
126
-
127
  if ( ! class_exists( 'ITSEC_File_Change_Log' ) ) {
128
  require( dirname( __FILE__ ) . '/class-itsec-file-change-log.php' );
129
  }
@@ -145,7 +141,7 @@ class ITSEC_File_Change {
145
 
146
  $next_run_raw = $settings['last_run'] + $interval;
147
 
148
- if ( date( 'j', $next_run_raw ) == date( 'j', $itsec_globals['current_time'] ) ) {
149
  $next_run_day = __( 'Today', 'better-wp-security' );
150
  } else {
151
  $next_run_day = __( 'Tomorrow', 'better-wp-security' );
24
  */
25
  function run() {
26
 
 
 
27
  $settings = ITSEC_Modules::get_settings( 'file-change' );
28
  $interval = 86400; //Run daily
29
 
42
  if (
43
  ( ! defined( 'DOING_AJAX' ) || DOING_AJAX === false ) &&
44
  isset( $settings['last_run'] ) &&
45
+ ( ITSEC_Core::get_current_time() - $interval ) > $settings['last_run'] &&
46
  ( ! defined( 'ITSEC_FILE_CHECK_CRON' ) || false === ITSEC_FILE_CHECK_CRON )
47
  ) {
48
 
120
  */
121
  public function logs_metabox_content() {
122
 
 
 
123
  if ( ! class_exists( 'ITSEC_File_Change_Log' ) ) {
124
  require( dirname( __FILE__ ) . '/class-itsec-file-change-log.php' );
125
  }
141
 
142
  $next_run_raw = $settings['last_run'] + $interval;
143
 
144
+ if ( date( 'j', $next_run_raw ) == date( 'j', ITSEC_Core::get_current_time() ) ) {
145
  $next_run_day = __( 'Today', 'better-wp-security' );
146
  } else {
147
  $next_run_day = __( 'Tomorrow', 'better-wp-security' );
core/modules/file-change/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'file-change', dirname( __FILE__ ) );
 
 
 
core/modules/file-change/scanner.php CHANGED
@@ -34,8 +34,6 @@ final class ITSEC_File_Change_Scanner {
34
 
35
  private function __construct() {
36
 
37
- global $itsec_globals;
38
-
39
  $this->settings = ITSEC_Modules::get_settings( 'file-change' );
40
  $this->running = false;
41
  $this->excludes = array(
@@ -71,7 +69,7 @@ final class ITSEC_File_Change_Scanner {
71
 
72
  public function execute_file_check( $scheduled_call = true, $return_data = false ) {
73
 
74
- global $itsec_logger, $itsec_globals;
75
 
76
  if ( false === $this->running ) {
77
 
@@ -227,7 +225,7 @@ final class ITSEC_File_Change_Scanner {
227
  unset( $files_changed );
228
  unset( $current_files );
229
 
230
- $this->settings['last_run'] = $itsec_globals['current_time'];
231
  $this->settings['last_chunk'] = $chunk;
232
 
233
  ITSEC_Modules::set_settings( 'file-change', $this->settings );
@@ -330,13 +328,11 @@ final class ITSEC_File_Change_Scanner {
330
  */
331
  public function get_email_report( $email_details ) {
332
 
333
- global $itsec_globals;
334
-
335
  //seperate array by category
336
  $added = $email_details[3]['added'];
337
  $removed = $email_details[3]['removed'];
338
  $changed = $email_details[3]['changed'];
339
- $report = '<strong>' . __( 'Scan Time:', 'better-wp-security' ) . '</strong> ' . date( 'l, F jS g:i a e', $itsec_globals['current_time'] ) . "<br />" . PHP_EOL;
340
  $report .= '<strong>' . __( 'Files Added:', 'better-wp-security' ) . '</strong> ' . $email_details[0] . "<br />" . PHP_EOL;
341
  $report .= '<strong>' . __( 'Files Deleted:', 'better-wp-security' ) . '</strong> ' . $email_details[1] . "<br />" . PHP_EOL;
342
  $report .= '<strong>' . __( 'Files Modified:', 'better-wp-security' ) . '</strong> ' . $email_details[2] . "<br />" . PHP_EOL;
@@ -583,14 +579,12 @@ final class ITSEC_File_Change_Scanner {
583
  */
584
  private function send_notification_email( $email_details ) {
585
 
586
- global $itsec_globals;
587
-
588
  $itsec_notify = ITSEC_Core::get_itsec_notify();
589
 
590
  if ( ! ITSEC_Modules::get_setting( 'global', 'digest_email' ) ) {
591
 
592
  $headers = 'From: ' . get_bloginfo( 'name' ) . ' <' . get_option( 'admin_email' ) . '>' . "\r\n";
593
- $subject = '[' . get_option( 'siteurl' ) . '] ' . __( 'WordPress File Change Warning', 'better-wp-security' ) . ' ' . date( 'l, F jS, Y \a\\t g:i a e', $itsec_globals['current_time'] );
594
 
595
  $body = '<p>' . __( 'A file (or files) on your site at ', 'better-wp-security' ) . ' ' . get_option( 'siteurl' ) . __( ' have been changed. Please review the report below to verify changes are not the result of a compromise.', 'better-wp-security' ) . '</p>';
596
  $body .= $this->get_email_report( $email_details ); //get report
34
 
35
  private function __construct() {
36
 
 
 
37
  $this->settings = ITSEC_Modules::get_settings( 'file-change' );
38
  $this->running = false;
39
  $this->excludes = array(
69
 
70
  public function execute_file_check( $scheduled_call = true, $return_data = false ) {
71
 
72
+ global $itsec_logger;
73
 
74
  if ( false === $this->running ) {
75
 
225
  unset( $files_changed );
226
  unset( $current_files );
227
 
228
+ $this->settings['last_run'] = ITSEC_Core::get_current_time();
229
  $this->settings['last_chunk'] = $chunk;
230
 
231
  ITSEC_Modules::set_settings( 'file-change', $this->settings );
328
  */
329
  public function get_email_report( $email_details ) {
330
 
 
 
331
  //seperate array by category
332
  $added = $email_details[3]['added'];
333
  $removed = $email_details[3]['removed'];
334
  $changed = $email_details[3]['changed'];
335
+ $report = '<strong>' . __( 'Scan Time:', 'better-wp-security' ) . '</strong> ' . date( 'l, F jS g:i a e', ITSEC_Core::get_current_time() ) . "<br />" . PHP_EOL;
336
  $report .= '<strong>' . __( 'Files Added:', 'better-wp-security' ) . '</strong> ' . $email_details[0] . "<br />" . PHP_EOL;
337
  $report .= '<strong>' . __( 'Files Deleted:', 'better-wp-security' ) . '</strong> ' . $email_details[1] . "<br />" . PHP_EOL;
338
  $report .= '<strong>' . __( 'Files Modified:', 'better-wp-security' ) . '</strong> ' . $email_details[2] . "<br />" . PHP_EOL;
579
  */
580
  private function send_notification_email( $email_details ) {
581
 
 
 
582
  $itsec_notify = ITSEC_Core::get_itsec_notify();
583
 
584
  if ( ! ITSEC_Modules::get_setting( 'global', 'digest_email' ) ) {
585
 
586
  $headers = 'From: ' . get_bloginfo( 'name' ) . ' <' . get_option( 'admin_email' ) . '>' . "\r\n";
587
+ $subject = '[' . get_option( 'siteurl' ) . '] ' . __( 'WordPress File Change Warning', 'better-wp-security' ) . ' ' . date( 'l, F jS, Y \a\\t g:i a e', ITSEC_Core::get_current_time() );
588
 
589
  $body = '<p>' . __( 'A file (or files) on your site at ', 'better-wp-security' ) . ' ' . get_option( 'siteurl' ) . __( ' have been changed. Please review the report below to verify changes are not the result of a compromise.', 'better-wp-security' ) . '</p>';
590
  $body .= $this->get_email_report( $email_details ); //get report
core/modules/file-change/settings-page.php CHANGED
@@ -159,8 +159,6 @@ final class ITSEC_File_Change_Settings_Page extends ITSEC_Module_Settings_Page {
159
  */
160
  public function get_filetree_data( $data ) {
161
 
162
- global $itsec_globals;
163
-
164
  $directory = sanitize_text_field( $data['dir'] );
165
  $directory = urldecode( $directory );
166
  $directory = realpath( $directory );
159
  */
160
  public function get_filetree_data( $data ) {
161
 
 
 
162
  $directory = sanitize_text_field( $data['dir'] );
163
  $directory = urldecode( $directory );
164
  $directory = realpath( $directory );
core/modules/file-permissions/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'file-permissions', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/file-writing/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'file-writing', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/global/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'global', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/global/settings.php CHANGED
@@ -6,8 +6,6 @@ final class ITSEC_Global_Settings_New extends ITSEC_Settings {
6
  }
7
 
8
  public function get_defaults() {
9
- global $itsec_globals;
10
-
11
  $email = get_option( 'admin_email' );
12
 
13
  return array(
@@ -38,19 +36,14 @@ final class ITSEC_Global_Settings_New extends ITSEC_Settings {
38
  'show_error_codes' => false,
39
  'show_new_dashboard_notice' => true,
40
  'show_security_check' => true,
 
 
 
 
41
  );
42
  }
43
 
44
  protected function handle_settings_changes( $old_settings ) {
45
- if ( $this->settings['digest_email'] && ! $old_settings['digest_email'] ) {
46
- $digest_queue = array(
47
- 'last_sent' => ITSEC_Core::get_current_time_gmt(),
48
- 'messages' => array(),
49
- );
50
-
51
- update_site_option( 'itsec_message_queue', $digest_queue );
52
- }
53
-
54
  if ( $this->settings['write_files'] && ! $old_settings['write_files'] ) {
55
  ITSEC_Response::regenerate_server_config();
56
  ITSEC_Response::regenerate_wp_config();
6
  }
7
 
8
  public function get_defaults() {
 
 
9
  $email = get_option( 'admin_email' );
10
 
11
  return array(
36
  'show_error_codes' => false,
37
  'show_new_dashboard_notice' => true,
38
  'show_security_check' => true,
39
+ 'digest_last_sent' => 0,
40
+ 'digest_messages' => array(),
41
+ 'build' => 0,
42
+ 'activation_timestamp' => 0,
43
  );
44
  }
45
 
46
  protected function handle_settings_changes( $old_settings ) {
 
 
 
 
 
 
 
 
 
47
  if ( $this->settings['write_files'] && ! $old_settings['write_files'] ) {
48
  ITSEC_Response::regenerate_server_config();
49
  ITSEC_Response::regenerate_wp_config();
core/modules/global/setup.php CHANGED
@@ -45,6 +45,26 @@ if ( ! class_exists( 'ITSEC_Global_Setup' ) ) {
45
  * @return void
46
  */
47
  public function execute_upgrade( $itsec_old_version ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
48
 
49
  if ( $itsec_old_version < 4041 ) {
50
  $current_options = get_site_option( 'itsec_global' );
@@ -83,6 +103,25 @@ if ( ! class_exists( 'ITSEC_Global_Setup' ) ) {
83
  }
84
  }
85
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
86
  }
87
 
88
  }
45
  * @return void
46
  */
47
  public function execute_upgrade( $itsec_old_version ) {
48
+ if ( $itsec_old_version < 4040 ) {
49
+ $options = get_site_option( 'itsec_global' );
50
+
51
+ if ( $options['log_info'] ) {
52
+ $new_log_info = substr( sanitize_title( get_bloginfo( 'name' ) ), 0, 20 ) . '-' . wp_generate_password( 30, false );
53
+ $old_file = path_join( $options['log_location'], 'event-log-' . $options['log_info'] . '.log' );
54
+ $new_file = path_join( $options['log_location'], 'event-log-' . $new_log_info . '.log' );
55
+
56
+ // If the file exists already, don't update the location unless we successfully move it.
57
+ if ( file_exists( $old_file ) && rename( $old_file, $new_file ) ) {
58
+ $options['log_info'] = $new_log_info;
59
+ update_site_option( 'itsec_global', $options );
60
+ }
61
+ }
62
+
63
+ // Make sure we have an index files to block directory listing in logs directory
64
+ if ( is_dir( $options['log_location'] ) && ! file_exists( path_join( $options['log_location'], 'index.php' ) ) ) {
65
+ file_put_contents( path_join( $options['log_location'], 'index.php' ), "<?php\n// Silence is golden." );
66
+ }
67
+ }
68
 
69
  if ( $itsec_old_version < 4041 ) {
70
  $current_options = get_site_option( 'itsec_global' );
103
  }
104
  }
105
 
106
+ if ( $itsec_old_version < 4059 ) {
107
+ $message_queue = get_site_option( 'itsec_message_queue' );
108
+
109
+ if ( false !== $message_queue ) {
110
+ if ( isset( $message_queue['last_sent'] ) ) {
111
+ ITSEC_Modules::set_setting( 'global', 'digest_last_sent', $message_queue['last_sent'] );
112
+ }
113
+
114
+ if ( isset( $message_queue['messages'] ) ) {
115
+ ITSEC_Modules::set_setting( 'global', 'digest_messages', $message_queue['messages'] );
116
+ }
117
+
118
+ delete_site_option( 'itsec_message_queue' );
119
+ }
120
+ }
121
+
122
+ if ( $itsec_old_version < 4064 ) {
123
+ delete_site_option( 'itsec_global' );
124
+ }
125
  }
126
 
127
  }
core/modules/global/validator.php CHANGED
@@ -5,14 +5,6 @@ class ITSEC_Global_Validator extends ITSEC_Validator {
5
  return 'global';
6
  }
7
 
8
- public function get_valid_log_types() {
9
- return array(
10
- 'database' => __( 'Database Only', 'better-wp-security' ),
11
- 'file' => __( 'File Only', 'better-wp-security' ),
12
- 'both' => __( 'Both', 'better-wp-security' ),
13
- );
14
- }
15
-
16
  protected function sanitize_settings() {
17
  if ( is_dir( WP_PLUGIN_DIR . '/iwp-client' ) ) {
18
  $this->sanitize_setting( 'bool', 'infinitewp_compatibility', __( 'Add InfiniteWP Compatibility', 'better-wp-security' ) );
@@ -27,7 +19,7 @@ class ITSEC_Global_Validator extends ITSEC_Validator {
27
  }
28
 
29
 
30
- $this->set_previous_if_empty( array( 'did_upgrade', 'log_info', 'show_new_dashboard_notice', 'show_security_check' ) );
31
  $this->set_default_if_empty( array( 'log_location', 'nginx_file' ) );
32
 
33
 
@@ -61,7 +53,27 @@ class ITSEC_Global_Validator extends ITSEC_Validator {
61
  $this->sanitize_setting( 'newline-separated-emails', 'backup_email', __( 'Backup Delivery Email', 'better-wp-security' ) );
62
 
63
 
64
- $allowed_tags = array(
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
65
  'a' => array(
66
  'href' => array(),
67
  'title' => array(),
@@ -79,10 +91,6 @@ class ITSEC_Global_Validator extends ITSEC_Validator {
79
  'style' => array(),
80
  ),
81
  );
82
-
83
- $this->settings['lockout_message'] = trim( wp_kses( $this->settings['lockout_message'], $allowed_tags ) );
84
- $this->settings['user_lockout_message'] = trim( wp_kses( $this->settings['user_lockout_message'], $allowed_tags ) );
85
- $this->settings['community_lockout_message'] = trim( wp_kses( $this->settings['community_lockout_message'], $allowed_tags ) );
86
  }
87
  }
88
 
5
  return 'global';
6
  }
7
 
 
 
 
 
 
 
 
 
8
  protected function sanitize_settings() {
9
  if ( is_dir( WP_PLUGIN_DIR . '/iwp-client' ) ) {
10
  $this->sanitize_setting( 'bool', 'infinitewp_compatibility', __( 'Add InfiniteWP Compatibility', 'better-wp-security' ) );
19
  }
20
 
21
 
22
+ $this->set_previous_if_empty( array( 'did_upgrade', 'log_info', 'show_new_dashboard_notice', 'show_security_check', 'digest_last_sent', 'digest_messages', 'build', 'activation_timestamp' ) );
23
  $this->set_default_if_empty( array( 'log_location', 'nginx_file' ) );
24
 
25
 
53
  $this->sanitize_setting( 'newline-separated-emails', 'backup_email', __( 'Backup Delivery Email', 'better-wp-security' ) );
54
 
55
 
56
+ $allowed_tags = $this->get_allowed_tags();
57
+
58
+ $this->settings['lockout_message'] = trim( wp_kses( $this->settings['lockout_message'], $allowed_tags ) );
59
+ $this->settings['user_lockout_message'] = trim( wp_kses( $this->settings['user_lockout_message'], $allowed_tags ) );
60
+ $this->settings['community_lockout_message'] = trim( wp_kses( $this->settings['community_lockout_message'], $allowed_tags ) );
61
+
62
+ if ( $this->settings['digest_last_sent'] <= 0 ) {
63
+ $this->settings['digest_last_sent'] = ITSEC_Core::get_current_time_gmt();
64
+ }
65
+ }
66
+
67
+ public function get_valid_log_types() {
68
+ return array(
69
+ 'database' => __( 'Database Only', 'better-wp-security' ),
70
+ 'file' => __( 'File Only', 'better-wp-security' ),
71
+ 'both' => __( 'Both', 'better-wp-security' ),
72
+ );
73
+ }
74
+
75
+ private function get_allowed_tags() {
76
+ return array(
77
  'a' => array(
78
  'href' => array(),
79
  'title' => array(),
91
  'style' => array(),
92
  ),
93
  );
 
 
 
 
94
  }
95
  }
96
 
core/modules/hide-backend/class-itsec-hide-backend.php CHANGED
@@ -10,15 +10,14 @@ class ITSEC_Hide_Backend {
10
 
11
  $this->settings = ITSEC_Modules::get_settings( 'hide-backend' );
12
 
13
- if ( ! $this->settings['enabled'] ) {
14
- return;
15
- }
16
-
17
-
18
  add_filter( 'itsec_filter_apache_server_config_modification', array( $this, 'filter_apache_server_config_modification' ) );
19
  add_filter( 'itsec_filter_litespeed_server_config_modification', array( $this, 'filter_apache_server_config_modification' ) );
20
  add_filter( 'itsec_filter_nginx_server_config_modification', array( $this, 'filter_nginx_server_config_modification' ) );
21
 
 
 
 
 
22
 
23
  $jetpack_active_modules = get_option( 'jetpack_active_modules' );
24
 
@@ -65,14 +64,14 @@ class ITSEC_Hide_Backend {
65
 
66
  public function filter_apache_server_config_modification( $modification ) {
67
  require_once( dirname( __FILE__ ) . '/config-generators.php' );
68
-
69
- return ITSEC_Hide_Backend_Config_Generators::filter_apache_server_config_modification( $modification, $this->settings );
70
  }
71
-
72
  public function filter_nginx_server_config_modification( $modification ) {
73
  require_once( dirname( __FILE__ ) . '/config-generators.php' );
74
-
75
- return ITSEC_Hide_Backend_Config_Generators::filter_nginx_server_config_modification( $modification, $this->settings );
76
  }
77
 
78
  /**
@@ -123,8 +122,7 @@ class ITSEC_Hide_Backend {
123
  *
124
  * @return void
125
  */
126
- public
127
- function execute_hide_backend() {
128
 
129
  if ( get_site_option( 'users_can_register' ) == 1 && isset( $_SERVER['REQUEST_URI'] ) && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $this->settings['register'] ) {
130
 
@@ -282,8 +280,6 @@ class ITSEC_Hide_Backend {
282
  */
283
  public function filter_login_url( $url ) {
284
 
285
- $t = str_replace( 'wp-login.php', $this->settings['slug'], $url );
286
-
287
  return str_replace( 'wp-login.php', $this->settings['slug'], $url );
288
 
289
  }
10
 
11
  $this->settings = ITSEC_Modules::get_settings( 'hide-backend' );
12
 
 
 
 
 
 
13
  add_filter( 'itsec_filter_apache_server_config_modification', array( $this, 'filter_apache_server_config_modification' ) );
14
  add_filter( 'itsec_filter_litespeed_server_config_modification', array( $this, 'filter_apache_server_config_modification' ) );
15
  add_filter( 'itsec_filter_nginx_server_config_modification', array( $this, 'filter_nginx_server_config_modification' ) );
16
 
17
+ if ( ! $this->settings['enabled'] ) {
18
+ return;
19
+ }
20
+
21
 
22
  $jetpack_active_modules = get_option( 'jetpack_active_modules' );
23
 
64
 
65
  public function filter_apache_server_config_modification( $modification ) {
66
  require_once( dirname( __FILE__ ) . '/config-generators.php' );
67
+
68
+ return ITSEC_Hide_Backend_Config_Generators::filter_apache_server_config_modification( $modification );
69
  }
70
+
71
  public function filter_nginx_server_config_modification( $modification ) {
72
  require_once( dirname( __FILE__ ) . '/config-generators.php' );
73
+
74
+ return ITSEC_Hide_Backend_Config_Generators::filter_nginx_server_config_modification( $modification );
75
  }
76
 
77
  /**
122
  *
123
  * @return void
124
  */
125
+ public function execute_hide_backend() {
 
126
 
127
  if ( get_site_option( 'users_can_register' ) == 1 && isset( $_SERVER['REQUEST_URI'] ) && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $this->settings['register'] ) {
128
 
280
  */
281
  public function filter_login_url( $url ) {
282
 
 
 
283
  return str_replace( 'wp-login.php', $this->settings['slug'], $url );
284
 
285
  }
core/modules/hide-backend/config-generators.php CHANGED
@@ -1,31 +1,43 @@
1
  <?php
2
 
3
  final class ITSEC_Hide_Backend_Config_Generators {
4
- public static function filter_apache_server_config_modification( $modification, $settings ) {
 
 
 
 
 
 
5
  $home_root = ITSEC_Lib::get_home_root();
6
-
7
  $modification .= "\n";
8
  $modification .= "\t# " . __( 'Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security' ) . "\n";
9
  $modification .= "\tRewriteRule ^($home_root)?{$settings['slug']}/?$ {$home_root}wp-login.php [QSA,L]\n";
10
-
11
  if ( 'wp-register.php' != $settings['register'] ) {
12
  $modification .= "\tRewriteRule ^($home_root)?{$settings['register']}/?$ /wplogin?action=register [QSA,L]\n";
13
  }
14
-
15
  return $modification;
16
  }
17
-
18
- public static function filter_nginx_server_config_modification( $modification, $settings ) {
 
 
 
 
 
 
19
  $home_root = ITSEC_Lib::get_home_root();
20
-
21
  $modification .= "\n";
22
  $modification .= "\t# " . __( 'Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security' ) . "\n";
23
  $modification .= "\trewrite ^($home_root)?{$settings['slug']}/?$ {$home_root}wp-login.php?\$query_string break;\n";
24
-
25
  if ( 'wp-register.php' != $settings['register'] ) {
26
  $modification .= "\trewrite ^($home_root)?{$settings['register']}/?$ {$home_root}{$settings['slug']}?action=register break;\n";
27
  }
28
-
29
  return $modification;
30
  }
31
  }
1
  <?php
2
 
3
  final class ITSEC_Hide_Backend_Config_Generators {
4
+ public static function filter_apache_server_config_modification( $modification ) {
5
+ $settings = ITSEC_Modules::get_settings( 'hide-backend' );
6
+
7
+ if ( ! $settings['enabled'] ) {
8
+ return $modification;
9
+ }
10
+
11
  $home_root = ITSEC_Lib::get_home_root();
12
+
13
  $modification .= "\n";
14
  $modification .= "\t# " . __( 'Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security' ) . "\n";
15
  $modification .= "\tRewriteRule ^($home_root)?{$settings['slug']}/?$ {$home_root}wp-login.php [QSA,L]\n";
16
+
17
  if ( 'wp-register.php' != $settings['register'] ) {
18
  $modification .= "\tRewriteRule ^($home_root)?{$settings['register']}/?$ /wplogin?action=register [QSA,L]\n";
19
  }
20
+
21
  return $modification;
22
  }
23
+
24
+ public static function filter_nginx_server_config_modification( $modification ) {
25
+ $settings = ITSEC_Modules::get_settings( 'hide-backend' );
26
+
27
+ if ( ! $settings['enabled'] ) {
28
+ return $modification;
29
+ }
30
+
31
  $home_root = ITSEC_Lib::get_home_root();
32
+
33
  $modification .= "\n";
34
  $modification .= "\t# " . __( 'Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security' ) . "\n";
35
  $modification .= "\trewrite ^($home_root)?{$settings['slug']}/?$ {$home_root}wp-login.php?\$query_string break;\n";
36
+
37
  if ( 'wp-register.php' != $settings['register'] ) {
38
  $modification .= "\trewrite ^($home_root)?{$settings['register']}/?$ {$home_root}{$settings['slug']}?action=register break;\n";
39
  }
40
+
41
  return $modification;
42
  }
43
  }
core/modules/hide-backend/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'hide-backend', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/hide-backend/js/index.php ADDED
@@ -0,0 +1 @@
 
1
+ <?php //You don't belong here. ?>
core/modules/hide-backend/js/settings-page.js ADDED
@@ -0,0 +1,5 @@
 
 
 
 
 
1
+ function itsec_hide_backend_update_logout_url( args ) {
2
+ var url = jQuery( '#wp-admin-bar-logout a' ).attr( 'href' );
3
+ url = url.replace( args[0], args[1] );
4
+ jQuery( '#wp-admin-bar-logout a' ).attr( 'href', url );
5
+ }
core/modules/hide-backend/settings-page.php CHANGED
@@ -1,40 +1,67 @@
1
  <?php
2
 
3
  final class ITSEC_Hide_Backend_Settings_Page extends ITSEC_Module_Settings_Page {
 
 
 
4
  public function __construct() {
5
  $this->id = 'hide-backend';
6
  $this->title = __( 'Hide Backend', 'better-wp-security' );
7
  $this->description = __( 'Hide the login page by changing its name and preventing access to wp-login.php and wp-admin.', 'better-wp-security' );
8
  $this->type = 'advanced';
9
-
10
  parent::__construct();
11
  }
12
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  protected function render_description( $form ) {
14
-
15
  ?>
16
  <p><?php _e( 'Hides the login page (wp-login.php, wp-admin, admin and login) making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform.', 'better-wp-security' ); ?></p>
17
  <?php
18
-
19
  }
20
-
21
  protected function render_settings( $form ) {
22
  $settings = $form->get_options();
23
  $permalink_structure = get_option( 'permalink_structure', false );
24
-
25
  if ( empty( $permalink_structure ) && ! is_multisite() ) {
26
  echo '<div class="itsec-warning-message">';
27
  printf( __( 'You must change <a href="%s">WordPress permalinks</a> to a setting other than "Plain" in order to use this feature.', 'better-wp-security' ), network_admin_url( 'options-permalink.php' ) );
28
  echo "</div>\n";
29
-
30
  return;
31
  }
32
-
33
  ?>
34
  <div class="itsec-write-files-disabled">
35
  <div class="itsec-warning-message"><?php _e( 'The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security' ); ?></div>
36
  </div>
37
-
38
  <div class="itsec-write-files-enabled">
39
  <table class="form-table itsec-settings-section">
40
  <tr>
@@ -45,7 +72,7 @@ final class ITSEC_Hide_Backend_Settings_Page extends ITSEC_Module_Settings_Page
45
  </td>
46
  </tr>
47
  </table>
48
-
49
  <table class="form-table itsec-settings-section itsec-hide-backend-enabled-content">
50
  <tr>
51
  <th scope="row"><label for="itsec-hide-backend-slug"><?php _e( 'Login Slug', 'better-wp-security' ); ?></label></th>
@@ -94,7 +121,7 @@ final class ITSEC_Hide_Backend_Settings_Page extends ITSEC_Module_Settings_Page
94
  </table>
95
  </div>
96
  <?php
97
-
98
  }
99
  }
100
 
1
  <?php
2
 
3
  final class ITSEC_Hide_Backend_Settings_Page extends ITSEC_Module_Settings_Page {
4
+ private $version = 1;
5
+
6
+
7
  public function __construct() {
8
  $this->id = 'hide-backend';
9
  $this->title = __( 'Hide Backend', 'better-wp-security' );
10
  $this->description = __( 'Hide the login page by changing its name and preventing access to wp-login.php and wp-admin.', 'better-wp-security' );
11
  $this->type = 'advanced';
12
+
13
  parent::__construct();
14
  }
15
+
16
+ public function handle_form_post( $data ) {
17
+ $retval = ITSEC_Modules::set_settings( $this->id, $data );
18
+
19
+ if ( $retval['saved'] ) {
20
+ if ( $retval['new_settings']['enabled'] ) {
21
+ $args = array(
22
+ 'wp-login.php?',
23
+ $retval['new_settings']['slug'] . '?',
24
+ );
25
+ } else {
26
+ $args = array(
27
+ $retval['old_settings']['slug'] . '?',
28
+ 'wp-login.php?',
29
+ );
30
+ }
31
+
32
+ ITSEC_Response::add_js_function_call( 'itsec_hide_backend_update_logout_url', $args );
33
+ }
34
+ }
35
+
36
+ public function enqueue_scripts_and_styles() {
37
+ wp_enqueue_script( 'itsec-hide-backend-settings-page-script', plugins_url( 'js/settings-page.js', __FILE__ ), array( 'jquery' ), $this->version, true );
38
+ }
39
+
40
  protected function render_description( $form ) {
41
+
42
  ?>
43
  <p><?php _e( 'Hides the login page (wp-login.php, wp-admin, admin and login) making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform.', 'better-wp-security' ); ?></p>
44
  <?php
45
+
46
  }
47
+
48
  protected function render_settings( $form ) {
49
  $settings = $form->get_options();
50
  $permalink_structure = get_option( 'permalink_structure', false );
51
+
52
  if ( empty( $permalink_structure ) && ! is_multisite() ) {
53
  echo '<div class="itsec-warning-message">';
54
  printf( __( 'You must change <a href="%s">WordPress permalinks</a> to a setting other than "Plain" in order to use this feature.', 'better-wp-security' ), network_admin_url( 'options-permalink.php' ) );
55
  echo "</div>\n";
56
+
57
  return;
58
  }
59
+
60
  ?>
61
  <div class="itsec-write-files-disabled">
62
  <div class="itsec-warning-message"><?php _e( 'The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security' ); ?></div>
63
  </div>
64
+
65
  <div class="itsec-write-files-enabled">
66
  <table class="form-table itsec-settings-section">
67
  <tr>
72
  </td>
73
  </tr>
74
  </table>
75
+
76
  <table class="form-table itsec-settings-section itsec-hide-backend-enabled-content">
77
  <tr>
78
  <th scope="row"><label for="itsec-hide-backend-slug"><?php _e( 'Login Slug', 'better-wp-security' ); ?></label></th>
121
  </table>
122
  </div>
123
  <?php
124
+
125
  }
126
  }
127
 
core/modules/hide-backend/setup.php CHANGED
@@ -4,9 +4,6 @@ if ( ! class_exists( 'ITSEC_Hide_Backend_Setup' ) ) {
4
 
5
  class ITSEC_Hide_Backend_Setup {
6
 
7
- private
8
- $defaults;
9
-
10
  public function __construct() {
11
 
12
  add_action( 'itsec_modules_do_plugin_activation', array( $this, 'execute_activate' ) );
@@ -105,20 +102,8 @@ if ( ! class_exists( 'ITSEC_Hide_Backend_Setup' ) ) {
105
 
106
  if ( isset( $current_options['enabled'] ) && $current_options['enabled'] === true ) {
107
 
108
- $config_file = ITSEC_Lib::get_htaccess();
109
-
110
- //Make sure we can write to the file
111
- $perms = substr( sprintf( '%o', @fileperms( $config_file ) ), - 4 );
112
-
113
- @chmod( $config_file, 0664 );
114
-
115
  add_action( 'admin_init', array( $this, 'flush_rewrite_rules' ) );
116
 
117
- //reset file permissions if we changed them
118
- if ( $perms == '0444' ) {
119
- @chmod( $config_file, 0444 );
120
- }
121
-
122
  ITSEC_Response::regenerate_server_config();
123
 
124
  }
@@ -136,6 +121,9 @@ if ( ! class_exists( 'ITSEC_Hide_Backend_Setup' ) ) {
136
  }
137
  }
138
 
 
 
 
139
  }
140
 
141
  /**
@@ -146,8 +134,15 @@ if ( ! class_exists( 'ITSEC_Hide_Backend_Setup' ) ) {
146
  * @return void
147
  */
148
  public function flush_rewrite_rules() {
 
 
 
 
 
149
 
150
  flush_rewrite_rules();
 
 
151
  }
152
 
153
  }
4
 
5
  class ITSEC_Hide_Backend_Setup {
6
 
 
 
 
7
  public function __construct() {
8
 
9
  add_action( 'itsec_modules_do_plugin_activation', array( $this, 'execute_activate' ) );
102
 
103
  if ( isset( $current_options['enabled'] ) && $current_options['enabled'] === true ) {
104
 
 
 
 
 
 
 
 
105
  add_action( 'admin_init', array( $this, 'flush_rewrite_rules' ) );
106
 
 
 
 
 
 
107
  ITSEC_Response::regenerate_server_config();
108
 
109
  }
121
  }
122
  }
123
 
124
+ if ( $itsec_old_version < 4070 ) {
125
+ delete_site_option( 'itsec_hide_backend' );
126
+ }
127
  }
128
 
129
  /**
134
  * @return void
135
  */
136
  public function flush_rewrite_rules() {
137
+ $config_file = ITSEC_Lib::get_htaccess();
138
+
139
+ //Make sure we can write to the file
140
+ $perms = substr( sprintf( '%o', @fileperms( $config_file ) ), - 4 );
141
+ @chmod( $config_file, 0664 );
142
 
143
  flush_rewrite_rules();
144
+
145
+ @chmod( $config_file, $perms );
146
  }
147
 
148
  }
core/modules/ipcheck/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'network-brute-force', dirname( __FILE__ ), 'default-active' );
 
 
 
core/modules/malware/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'malware', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/malware/settings-page.php CHANGED
@@ -26,8 +26,6 @@ class ITSEC_Settings_Page_Sidebar_Widget_Malware_Scan extends ITSEC_Settings_Pag
26
  }
27
 
28
  public function handle_ajax_request( $data ) {
29
- global $itsec_globals;
30
-
31
  require_once( dirname( __FILE__ ) . '/class-itsec-malware-scanner.php' );
32
  require_once( dirname( __FILE__ ) . '/class-itsec-malware-scan-results-template.php' );
33
 
26
  }
27
 
28
  public function handle_ajax_request( $data ) {
 
 
29
  require_once( dirname( __FILE__ ) . '/class-itsec-malware-scanner.php' );
30
  require_once( dirname( __FILE__ ) . '/class-itsec-malware-scan-results-template.php' );
31
 
core/modules/malware/setup.php CHANGED
@@ -28,17 +28,7 @@ if ( ! class_exists( 'ITSEC_Malware_Setup' ) ) {
28
  *
29
  * @return void
30
  */
31
- public function execute_activate() {
32
-
33
- $options = get_site_option( 'itsec_malware' );
34
-
35
- if ( $options === false ) {
36
-
37
- add_site_option( 'itsec_malware', $this->defaults );
38
-
39
- }
40
-
41
- }
42
 
43
  /**
44
  * Execute module deactivation
@@ -46,6 +36,7 @@ if ( ! class_exists( 'ITSEC_Malware_Setup' ) ) {
46
  * @return void
47
  */
48
  public function execute_deactivate() {
 
49
  }
50
 
51
  /**
@@ -66,12 +57,14 @@ if ( ! class_exists( 'ITSEC_Malware_Setup' ) ) {
66
  *
67
  * @return void
68
  */
69
- public function execute_upgrade() {
70
-
 
 
71
  }
72
 
73
  }
74
 
75
  }
76
 
77
- new ITSEC_Malware_Setup();
28
  *
29
  * @return void
30
  */
31
+ public function execute_activate() {}
 
 
 
 
 
 
 
 
 
 
32
 
33
  /**
34
  * Execute module deactivation
36
  * @return void
37
  */
38
  public function execute_deactivate() {
39
+ delete_site_transient( 'itsec_cached_sucuri_scan' );
40
  }
41
 
42
  /**
57
  *
58
  * @return void
59
  */
60
+ public function execute_upgrade( $itsec_old_version ) {
61
+ if ( $itsec_old_version < 4065 ) {
62
+ delete_site_option( 'itsec_malware' );
63
+ }
64
  }
65
 
66
  }
67
 
68
  }
69
 
70
+ new ITSEC_Malware_Setup();
core/modules/multisite-tweaks/init.php DELETED
@@ -1,5 +0,0 @@
1
- <?php
2
-
3
- if ( is_multisite() ) {
4
- ITSEC_Modules::register_module( 'multisite-tweaks', dirname( __FILE__ ) );
5
- }
 
 
 
 
 
core/modules/pro/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'pro-module-upsells', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/salts/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'wordpress-salts', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/security-check/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'security-check', dirname( __FILE__ ), 'always-active' );
 
 
 
core/modules/ssl/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'ssl', dirname( __FILE__ ) );
 
 
 
core/modules/strong-passwords/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'strong-passwords', dirname( __FILE__ ), 'default-active' );
 
 
 
core/modules/system-tweaks/config-generators.php CHANGED
@@ -6,7 +6,7 @@ final class ITSEC_System_Tweaks_Config_Generators {
6
  }
7
 
8
  public static function filter_apache_server_config_modification( $modification, $server = 'apache' ) {
9
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php' );
10
 
11
  $input = ITSEC_Modules::get_settings( 'system-tweaks' );
12
  $wp_includes = WPINC;
@@ -157,7 +157,7 @@ final class ITSEC_System_Tweaks_Config_Generators {
157
  }
158
 
159
  public static function filter_nginx_server_config_modification( $modification ) {
160
- require_once( $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php' );
161
 
162
  $input = ITSEC_Modules::get_settings( 'system-tweaks' );
163
  $wp_includes = WPINC;
6
  }
7
 
8
  public static function filter_apache_server_config_modification( $modification, $server = 'apache' ) {
9
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-utility.php' );
10
 
11
  $input = ITSEC_Modules::get_settings( 'system-tweaks' );
12
  $wp_includes = WPINC;
157
  }
158
 
159
  public static function filter_nginx_server_config_modification( $modification ) {
160
+ require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-utility.php' );
161
 
162
  $input = ITSEC_Modules::get_settings( 'system-tweaks' );
163
  $wp_includes = WPINC;
core/modules/system-tweaks/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'system-tweaks', dirname( __FILE__ ) );
 
 
 
core/modules/wordpress-tweaks/init.php DELETED
@@ -1,3 +0,0 @@
1
- <?php
2
-
3
- ITSEC_Modules::register_module( 'wordpress-tweaks', dirname( __FILE__ ), 'default-active' );
 
 
 
core/sidebar-widget-active-lockouts.php CHANGED
@@ -8,102 +8,102 @@ class ITSEC_Settings_Page_Sidebar_Widget_Active_Lockouts extends ITSEC_Settings_
8
 
9
  parent::__construct();
10
  }
11
-
12
  public function render( $form ) {
13
- global $itsec_lockout, $itsec_globals;
14
-
15
  $lockouts = $itsec_lockout->get_lockouts( 'all', true );
16
  $users = array();
17
  $hosts = array();
18
-
19
  foreach ( $lockouts as $lockout ) {
20
  if ( empty( $lockout['lockout_expire_gmt'] ) ) {
21
  continue;
22
  }
23
-
24
  $expiration = strtotime( $lockout['lockout_expire_gmt'] );
25
-
26
- if ( $expiration < $itsec_globals['current_time_gmt'] ) {
27
  continue;
28
  }
29
-
30
  $data = array( $lockout['lockout_id'], $expiration );
31
-
32
  if ( ! empty( $lockout['lockout_username'] ) ) {
33
  $users[$lockout['lockout_username']] = $data;
34
  } else if ( ! empty( $lockout['lockout_host'] ) ) {
35
  $hosts[$lockout['lockout_host']] = $data;
36
  }
37
  }
38
-
39
-
40
  if ( empty( $users ) && empty( $hosts ) ) {
41
  echo '<p>' . __( 'There are no active lockouts at this time.', 'better-wp-security' ) . "</p>\n";
42
  return;
43
  }
44
-
45
  if ( ! empty( $users ) ) {
46
  //echo '<p>' . _n( 'The following user is currently locked out from logging in:', 'The following users are currently locked out from logging in:', count( $users ), 'better-wp-security' ) . "</p>\n";
47
  echo '<p><strong>' . _n( 'User', 'Users', count( $users ), 'better-wp-security' ) . "</strong></p>\n";
48
  echo "<ul>\n";
49
-
50
  foreach ( $users as $user => $data ) {
51
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'USER - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( $user ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
52
  echo '<li><label>';
53
  $form->add_multi_checkbox( 'users', $data[0] );
54
  echo " $label</label></li>\n";
55
  }
56
-
57
  echo "</ul>\n";
58
  }
59
-
60
  if ( ! empty( $hosts ) ) {
61
  //echo '<p>' . _n( 'The following host is currently locked out from accessing the site:', 'The following hosts are currently locked out from accessing the site:', count( $hosts ), 'better-wp-security' ) . "</p>\n";
62
  echo '<p><strong>' . _n( 'Host', 'Hosts', count( $hosts ), 'better-wp-security' ) . "</strong></p>\n";
63
  echo "<ul>\n";
64
-
65
  foreach ( $hosts as $host => $data ) {
66
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'HOST - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( strtoupper( $host ) ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
67
  echo '<li><label>';
68
  $form->add_multi_checkbox( 'hosts', $data[0] );
69
  echo " $label</label></li>\n";
70
  }
71
-
72
  echo "</ul>\n";
73
  }
74
-
75
  echo '<p>';
76
  $form->add_submit( 'release-lockouts', array( 'value' => __( 'Release Selected Lockouts', 'better-wp-security' ), 'class' => 'button-secondary' ) );
77
  echo "</p>\n";
78
  }
79
-
80
  protected function save( $data ) {
81
  global $itsec_lockout;
82
-
83
  $count = 0;
84
-
85
  if ( ! empty( $data['users'] ) && is_array( $data['users'] ) ) {
86
  foreach ( $data['users'] as $id ) {
87
  $result = $itsec_lockout->release_lockout( $id );
88
  $count++;
89
-
90
  if ( ! $result ) {
91
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the user with a lockout ID of %d', 'better-wp-security' ), $id );
92
  }
93
  }
94
  }
95
-
96
  if ( ! empty( $data['hosts'] ) && is_array( $data['hosts'] ) ) {
97
  foreach ( $data['hosts'] as $id ) {
98
  $result = $itsec_lockout->release_lockout( $id );
99
  $count++;
100
-
101
  if ( ! $result ) {
102
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the host with a lockout ID of %d', 'better-wp-security' ), $id );
103
  }
104
  }
105
  }
106
-
107
  if ( empty( $this->errors ) ) {
108
  if ( $count > 0 ) {
109
  $this->messages[] = _n( 'Successfully removed the selected lockout.', 'Sucessfully remove the selected lockouts.', $count, 'better-wp-security' );
8
 
9
  parent::__construct();
10
  }
11
+
12
  public function render( $form ) {
13
+ global $itsec_lockout;
14
+
15
  $lockouts = $itsec_lockout->get_lockouts( 'all', true );
16
  $users = array();
17
  $hosts = array();
18
+
19
  foreach ( $lockouts as $lockout ) {
20
  if ( empty( $lockout['lockout_expire_gmt'] ) ) {
21
  continue;
22
  }
23
+
24
  $expiration = strtotime( $lockout['lockout_expire_gmt'] );
25
+
26
+ if ( $expiration < ITSEC_Core::get_current_time_gmt() ) {
27
  continue;
28
  }
29
+
30
  $data = array( $lockout['lockout_id'], $expiration );
31
+
32
  if ( ! empty( $lockout['lockout_username'] ) ) {
33
  $users[$lockout['lockout_username']] = $data;
34
  } else if ( ! empty( $lockout['lockout_host'] ) ) {
35
  $hosts[$lockout['lockout_host']] = $data;
36
  }
37
  }
38
+
39
+
40
  if ( empty( $users ) && empty( $hosts ) ) {
41
  echo '<p>' . __( 'There are no active lockouts at this time.', 'better-wp-security' ) . "</p>\n";
42
  return;
43
  }
44
+
45
  if ( ! empty( $users ) ) {
46
  //echo '<p>' . _n( 'The following user is currently locked out from logging in:', 'The following users are currently locked out from logging in:', count( $users ), 'better-wp-security' ) . "</p>\n";
47
  echo '<p><strong>' . _n( 'User', 'Users', count( $users ), 'better-wp-security' ) . "</strong></p>\n";
48
  echo "<ul>\n";
49
+
50
  foreach ( $users as $user => $data ) {
51
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'USER - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( $user ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
52
  echo '<li><label>';
53
  $form->add_multi_checkbox( 'users', $data[0] );
54
  echo " $label</label></li>\n";
55
  }
56
+
57
  echo "</ul>\n";
58
  }
59
+
60
  if ( ! empty( $hosts ) ) {
61
  //echo '<p>' . _n( 'The following host is currently locked out from accessing the site:', 'The following hosts are currently locked out from accessing the site:', count( $hosts ), 'better-wp-security' ) . "</p>\n";
62
  echo '<p><strong>' . _n( 'Host', 'Hosts', count( $hosts ), 'better-wp-security' ) . "</strong></p>\n";
63
  echo "<ul>\n";
64
+
65
  foreach ( $hosts as $host => $data ) {
66
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'HOST - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( strtoupper( $host ) ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
67
  echo '<li><label>';
68
  $form->add_multi_checkbox( 'hosts', $data[0] );
69
  echo " $label</label></li>\n";
70
  }
71
+
72
  echo "</ul>\n";
73
  }
74
+
75
  echo '<p>';
76
  $form->add_submit( 'release-lockouts', array( 'value' => __( 'Release Selected Lockouts', 'better-wp-security' ), 'class' => 'button-secondary' ) );
77
  echo "</p>\n";
78
  }
79
+
80
  protected function save( $data ) {
81
  global $itsec_lockout;
82
+
83
  $count = 0;
84
+
85
  if ( ! empty( $data['users'] ) && is_array( $data['users'] ) ) {
86
  foreach ( $data['users'] as $id ) {
87
  $result = $itsec_lockout->release_lockout( $id );
88
  $count++;
89
+
90
  if ( ! $result ) {
91
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the user with a lockout ID of %d', 'better-wp-security' ), $id );
92
  }
93
  }
94
  }
95
+
96
  if ( ! empty( $data['hosts'] ) && is_array( $data['hosts'] ) ) {
97
  foreach ( $data['hosts'] as $id ) {
98
  $result = $itsec_lockout->release_lockout( $id );
99
  $count++;
100
+
101
  if ( ! $result ) {
102
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the host with a lockout ID of %d', 'better-wp-security' ), $id );
103
  }
104
  }
105
  }
106
+
107
  if ( empty( $this->errors ) ) {
108
  if ( $count > 0 ) {
109
  $this->messages[] = _n( 'Successfully removed the selected lockout.', 'Sucessfully remove the selected lockouts.', $count, 'better-wp-security' );
core/sidebar-widget-temp-whitelist.php CHANGED
@@ -4,105 +4,105 @@ class ITSEC_Settings_Page_Sidebar_Widget_Temp_Whitelist extends ITSEC_Settings_P
4
  public function __construct() {
5
  $this->id = 'temp-whitelist';
6
  $this->title = __( 'Active Lockouts', 'better-wp-security' );
7
-
8
  parent::__construct();
9
  }
10
-
11
  public function render( $form ) {
12
- global $itsec_lockout, $itsec_globals;
13
-
14
  $lockouts = $itsec_lockout->get_lockouts( 'all', true );
15
  $users = array();
16
  $hosts = array();
17
-
18
  foreach ( $lockouts as $lockout ) {
19
  if ( empty( $lockout['lockout_expire_gmt'] ) ) {
20
  continue;
21
  }
22
-
23
  $expiration = strtotime( $lockout['lockout_expire_gmt'] );
24
-
25
- if ( $expiration < $itsec_globals['current_time_gmt'] ) {
26
  continue;
27
  }
28
-
29
  $data = array( $lockout['lockout_id'], $expiration );
30
-
31
  if ( ! empty( $lockout['lockout_username'] ) ) {
32
  $users[$lockout['lockout_username']] = $data;
33
  } else if ( ! empty( $lockout['lockout_host'] ) ) {
34
  $hosts[$lockout['lockout_host']] = $data;
35
  }
36
  }
37
-
38
-
39
  if ( empty( $users ) && empty( $hosts ) ) {
40
  echo '<p>' . __( 'There are no active lockouts at this time.', 'better-wp-security' ) . "</p>\n";
41
  return;
42
  }
43
-
44
  if ( ! empty( $users ) ) {
45
  //echo '<p>' . _n( 'The following user is currently locked out from logging in:', 'The following users are currently locked out from logging in:', count( $users ), 'better-wp-security' ) . "</p>\n";
46
  echo '<p><strong>' . _n( 'User', 'Users', count( $users ), 'better-wp-security' ) . "</strong></p>\n";
47
  echo "<ul>\n";
48
-
49
  foreach ( $users as $user => $data ) {
50
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'USER - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( $user ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
51
  echo '<li><label>';
52
  $form->add_multi_checkbox( 'users', $data[0] );
53
  echo " $label</label></li>\n";
54
  }
55
-
56
  echo "</ul>\n";
57
  }
58
-
59
  if ( ! empty( $hosts ) ) {
60
  // echo '<p>' . _n( 'The following host is currently locked out from accessing the site:', 'The following hosts are currently locked out from accessing the site:', count( $hosts ), 'better-wp-security' ) . "</p>\n";
61
  echo '<p><strong>' . _n( 'Host', 'Hosts', count( $hosts ), 'better-wp-security' ) . "</strong></p>\n";
62
  echo "<ul>\n";
63
-
64
  foreach ( $hosts as $host => $data ) {
65
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'HOST - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( strtoupper( $host ) ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
66
  echo '<li><label>';
67
  $form->add_multi_checkbox( 'hosts', $data[0] );
68
  echo " $label</label></li>\n";
69
  }
70
-
71
  echo "</ul>\n";
72
  }
73
-
74
  echo '<p>';
75
  $form->add_submit( 'release-lockouts', array( 'value' => __( 'Release Selected Lockouts', 'better-wp-security' ), 'class' => 'button-secondary' ) );
76
  echo "</p>\n";
77
  }
78
-
79
  protected function save( $data ) {
80
  global $itsec_lockout;
81
-
82
  $count = 0;
83
-
84
  if ( ! empty( $data['users'] ) && is_array( $data['users'] ) ) {
85
  foreach ( $data['users'] as $id ) {
86
  $result = $itsec_lockout->release_lockout( $id );
87
  $count++;
88
-
89
  if ( ! $result ) {
90
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the user with a lockout ID of %d', 'better-wp-security' ), $id );
91
  }
92
  }
93
  }
94
-
95
  if ( ! empty( $data['hosts'] ) && is_array( $data['hosts'] ) ) {
96
  foreach ( $data['hosts'] as $id ) {
97
  $result = $itsec_lockout->release_lockout( $id );
98
  $count++;
99
-
100
  if ( ! $result ) {
101
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the host with a lockout ID of %d', 'better-wp-security' ), $id );
102
  }
103
  }
104
  }
105
-
106
  if ( empty( $this->errors ) ) {
107
  if ( $count > 0 ) {
108
  $this->messages[] = _n( 'Successfully removed the selected lockout.', 'Sucessfully remove the selected lockouts.', $count, 'better-wp-security' );
4
  public function __construct() {
5
  $this->id = 'temp-whitelist';
6
  $this->title = __( 'Active Lockouts', 'better-wp-security' );
7
+
8
  parent::__construct();
9
  }
10
+
11
  public function render( $form ) {
12
+ global $itsec_lockout;
13
+
14
  $lockouts = $itsec_lockout->get_lockouts( 'all', true );
15
  $users = array();
16
  $hosts = array();
17
+
18
  foreach ( $lockouts as $lockout ) {
19
  if ( empty( $lockout['lockout_expire_gmt'] ) ) {
20
  continue;
21
  }
22
+
23
  $expiration = strtotime( $lockout['lockout_expire_gmt'] );
24
+
25
+ if ( $expiration < ITSEC_Core::get_current_time_gmt() ) {
26
  continue;
27
  }
28
+
29
  $data = array( $lockout['lockout_id'], $expiration );
30
+
31
  if ( ! empty( $lockout['lockout_username'] ) ) {
32
  $users[$lockout['lockout_username']] = $data;
33
  } else if ( ! empty( $lockout['lockout_host'] ) ) {
34
  $hosts[$lockout['lockout_host']] = $data;
35
  }
36
  }
37
+
38
+
39
  if ( empty( $users ) && empty( $hosts ) ) {
40
  echo '<p>' . __( 'There are no active lockouts at this time.', 'better-wp-security' ) . "</p>\n";
41
  return;
42
  }
43
+
44
  if ( ! empty( $users ) ) {
45
  //echo '<p>' . _n( 'The following user is currently locked out from logging in:', 'The following users are currently locked out from logging in:', count( $users ), 'better-wp-security' ) . "</p>\n";
46
  echo '<p><strong>' . _n( 'User', 'Users', count( $users ), 'better-wp-security' ) . "</strong></p>\n";
47
  echo "<ul>\n";
48
+
49
  foreach ( $users as $user => $data ) {
50
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'USER - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( $user ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
51
  echo '<li><label>';
52
  $form->add_multi_checkbox( 'users', $data[0] );
53
  echo " $label</label></li>\n";
54
  }
55
+
56
  echo "</ul>\n";
57
  }
58
+
59
  if ( ! empty( $hosts ) ) {
60
  // echo '<p>' . _n( 'The following host is currently locked out from accessing the site:', 'The following hosts are currently locked out from accessing the site:', count( $hosts ), 'better-wp-security' ) . "</p>\n";
61
  echo '<p><strong>' . _n( 'Host', 'Hosts', count( $hosts ), 'better-wp-security' ) . "</strong></p>\n";
62
  echo "<ul>\n";
63
+
64
  foreach ( $hosts as $host => $data ) {
65
  $label = sprintf( _x( '%1$s - Expires in %2$s', 'HOST - Expires in TIME', 'better-wp-security' ), '<strong>' . esc_html( strtoupper( $host ) ) . '</strong>', '<em>' . human_time_diff( $data[1] ) . '</em>' );
66
  echo '<li><label>';
67
  $form->add_multi_checkbox( 'hosts', $data[0] );
68
  echo " $label</label></li>\n";
69
  }
70
+
71
  echo "</ul>\n";
72
  }
73
+
74
  echo '<p>';
75
  $form->add_submit( 'release-lockouts', array( 'value' => __( 'Release Selected Lockouts', 'better-wp-security' ), 'class' => 'button-secondary' ) );
76
  echo "</p>\n";
77
  }
78
+
79
  protected function save( $data ) {
80
  global $itsec_lockout;
81
+
82
  $count = 0;
83
+
84
  if ( ! empty( $data['users'] ) && is_array( $data['users'] ) ) {
85
  foreach ( $data['users'] as $id ) {
86
  $result = $itsec_lockout->release_lockout( $id );
87
  $count++;
88
+
89
  if ( ! $result ) {
90
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the user with a lockout ID of %d', 'better-wp-security' ), $id );
91
  }
92
  }
93
  }
94
+
95
  if ( ! empty( $data['hosts'] ) && is_array( $data['hosts'] ) ) {
96
  foreach ( $data['hosts'] as $id ) {
97
  $result = $itsec_lockout->release_lockout( $id );
98
  $count++;
99
+
100
  if ( ! $result ) {
101
  $this->errors[] = sprintf( __( 'An unknown error prevented releasing the lockout the host with a lockout ID of %d', 'better-wp-security' ), $id );
102
  }
103
  }
104
  }
105
+
106
  if ( empty( $this->errors ) ) {
107
  if ( $count > 0 ) {
108
  $this->messages[] = _n( 'Successfully removed the selected lockout.', 'Sucessfully remove the selected lockouts.', $count, 'better-wp-security' );
history.txt CHANGED
@@ -611,3 +611,15 @@
611
  Bug Fix: Fixed bug that prevented Network Brute Force Protection from working properly on some sites.
612
  6.1.1 - 2017-02-09 - Chris Jean
613
  Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
 
 
 
 
 
 
 
 
 
 
 
 
611
  Bug Fix: Fixed bug that prevented Network Brute Force Protection from working properly on some sites.
612
  6.1.1 - 2017-02-09 - Chris Jean
613
  Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
614
+ 6.2.0 - 2017-03-14 - Chris Jean
615
+ Enhancement: Improved plugin performance by reducing the number of queries made on each page.
616
+ Enhancement: Reduced memory and CPU usage due to various code improvements.
617
+ Bug Fix: A database backup will no longer be created when first activating the plugin.
618
+ Bug Fix: Added compatibility for MySQL strict mode in database creation syntax.
619
+ Bug Fix: Removed warning about a "non well formed numeric value encountered" in PHP 7.1.
620
+ Bug Fix: Modifications to wp-config.php, .htaccess, and nginx.conf files are now properly re-added upon reactivation.
621
+ Bug Fix: Fixed full settings for Hide Backend being displayed after disabling the feature and saving the settings.
622
+ Bug Fix: Enabling or disabling the Hide Backend feature will update the "Log Out" link so that it works as expected without having to load a new page.
623
+ Bug Fix: Enabling or disabling the Hide Backend feature now properly updates the .htaccess/nginx.conf file on enable and disable rather than at some future point.
624
+ Bug Fix: Fixed issue that could cause improper database table creation on multisite sites.
625
+ Bug Fix: Fixed a bug that could prevent settings from saving properly if the site was migrated to a new server or a new home path on the server.
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: ithemes, chrisjean, gerroald, mattdanner
3
  Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4
  Requires at least: 4.5
5
- Tested up to: 4.7.2
6
- Stable tag: 6.1.1
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -188,6 +188,19 @@ Free support may be available with the help of the community in the <a href="htt
188
 
189
  == Changelog ==
190
 
 
 
 
 
 
 
 
 
 
 
 
 
 
191
  = 6.1.1 =
192
  * Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
193
 
@@ -1648,5 +1661,5 @@ This release is a complete rewrite from the ground up. Special thanks to Cory Mi
1648
 
1649
  == Upgrade Notice ==
1650
 
1651
- = 6.1.1 =
1652
- Version 6.1.1 fixes a bug that could prevent Away Mode from functioning. It is recommended for all users.
2
  Contributors: ithemes, chrisjean, gerroald, mattdanner
3
  Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4
  Requires at least: 4.5
5
+ Tested up to: 4.7.3
6
+ Stable tag: 6.2.0
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
188
 
189
  == Changelog ==
190
 
191
+ = 6.2.0 =
192
+ * Enhancement: Improved plugin performance by reducing the number of queries made on each page.
193
+ * Enhancement: Reduced memory and CPU usage due to various code improvements.
194
+ * Bug Fix: A database backup will no longer be created when first activating the plugin.
195
+ * Bug Fix: Added compatibility for MySQL strict mode in database creation syntax.
196
+ * Bug Fix: Removed warning about a "non well formed numeric value encountered" in PHP 7.1.
197
+ * Bug Fix: Modifications to wp-config.php, .htaccess, and nginx.conf files are now properly re-added upon reactivation.
198
+ * Bug Fix: Fixed full settings for Hide Backend being displayed after disabling the feature and saving the settings.
199
+ * Bug Fix: Enabling or disabling the Hide Backend feature will update the "Log Out" link so that it works as expected without having to load a new page.
200
+ * Bug Fix: Enabling or disabling the Hide Backend feature now properly updates the .htaccess/nginx.conf file on enable and disable rather than at some future point.
201
+ * Bug Fix: Fixed issue that could cause improper database table creation on multisite sites.
202
+ * Bug Fix: Fixed a bug that could prevent settings from saving properly if the site was migrated to a new server or a new home path on the server.
203
+
204
  = 6.1.1 =
205
  * Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
206
 
1661
 
1662
  == Upgrade Notice ==
1663
 
1664
+ = 6.2.0 =
1665
+ Version 6.2.0 greatly improves performance and fixes numerous bugs. It is recommended for all users.