WordPress Backup & Security Plugin – BlogVault - Version 4.77

Version Description

  • Improved the landing pages.
  • Enhanced future vulnerability protection
  • IP Blocking Improvements
  • Improved firewall configuration for migrations
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 WordPress Backup & Security Plugin – BlogVault
Version 4.77
Comparing to
See all releases

Code changes from version 4.76 to 4.77

Files changed (22) hide show
  1. admin/components/bv_testimony.php +5 -5
  2. admin/components/mc_testimony.php +5 -5
  3. blogvault.php +1 -1
  4. css/bvplugin.min.css +1 -1
  5. img/bv-testimony-david-attardi.jpg +0 -0
  6. img/bv-testimony-michael-signorella.jpg +0 -0
  7. img/bv-testimony-mickey-kay.jpeg +0 -0
  8. img/bv-testimony-ryan-sullivan.png +0 -0
  9. img/mc-testimony-armand-girard.jpg +0 -0
  10. img/mc-testimony-david-mccan.jpg +0 -0
  11. img/mc-testimony-ivica-delic.jpg +0 -0
  12. img/mc-testimony-miriam-schwab.jpg +0 -0
  13. info.php +14 -3
  14. protect/base.php +81 -0
  15. protect/fw/fw.php +103 -31
  16. protect/fw/request.php +5 -0
  17. protect/fw/rule_evaluator.php +123 -6
  18. protect/prepend/protect.php +3 -2
  19. protect/wp/ipstore.php +1 -50
  20. protect/wp/lp/lp.php +3 -0
  21. protect/wp/protect.php +8 -5
  22. readme.txt +7 -1
admin/components/bv_testimony.php CHANGED
@@ -1,6 +1,6 @@
1
  <ul class="slides text-center">
2
  <li class="slide text-center">
3
- <img class="user" src="https://mk0blogvaultmouod805.kinstacdn.com/wp-content/uploads/2019/08/3f0da814b87f6f0c824c2b46f35f2b5b-1-1.jpeg"/><br/>
4
  <p>
5
  <h1>&ldquo;</h1>
6
  <h4>Backing up & restoring is so easy with BlogVault. It’s transformed how we migrate sites with its 1-click migration. Very useful for web designers & site owners. Fantastic support.</h4>
@@ -8,7 +8,7 @@
8
  </p>
9
  </li>
10
  <li class="slide text-center">
11
- <img class = "user" src="https://mk0blogvaultmouod805.kinstacdn.com/wp-content/uploads/2018/08/David_attard-1-e1537959081205.jpg"/><br/>
12
  <p>
13
  <h1>&ldquo;</h1>
14
  <h4>Once we installed the plugin & clicked migrate, nothing else was required. Our site had been migrated, lock stock & barrel. The smoothest & fastest migration of a WP website we ever did.</h4>
@@ -16,7 +16,7 @@
16
  </p>
17
  </li>
18
  <li class="slide text-center">
19
- <img class = "user" src="https://mk0blogvaultmouod805.kinstacdn.com/wp-content/uploads/2019/08/wpsitecare-ryan-1-1.png"/><br/>
20
  <p>
21
  <h1>&ldquo;</h1>
22
  <h4>BlogVault is the most reliable backup and restore tool we’ve ever used at WP Site Care. BlogVault is battle-tested at scale.</h4>
@@ -24,11 +24,11 @@
24
  </p>
25
  </li>
26
  <li class="slide text-center">
27
- <img class = "user" src="https://mk0blogvaultmouod805.kinstacdn.com/wp-content/uploads/2019/07/michael-signorella.jpg"/><br/>
28
  <p>
29
  <h1>&ldquo;</h1>
30
  <h4>This platform has proved to be invaluable. I tried a few other options for staging & found BlogVault to be the easiest to manage & migrate.</h4>
31
  <h5>Michael Signorella, Studio Signorella</h5>
32
  </p>
33
  </li>
34
- </ul>
1
  <ul class="slides text-center">
2
  <li class="slide text-center">
3
+ <img class="user" src="<?php echo plugins_url("/../../img/bv-testimony-mickey-kay.jpeg", __FILE__); ?>"/><br/>
4
  <p>
5
  <h1>&ldquo;</h1>
6
  <h4>Backing up & restoring is so easy with BlogVault. It’s transformed how we migrate sites with its 1-click migration. Very useful for web designers & site owners. Fantastic support.</h4>
8
  </p>
9
  </li>
10
  <li class="slide text-center">
11
+ <img class = "user" src="<?php echo plugins_url("/../../img/bv-testimony-david-attardi.jpg", __FILE__); ?>"/><br/>
12
  <p>
13
  <h1>&ldquo;</h1>
14
  <h4>Once we installed the plugin & clicked migrate, nothing else was required. Our site had been migrated, lock stock & barrel. The smoothest & fastest migration of a WP website we ever did.</h4>
16
  </p>
17
  </li>
18
  <li class="slide text-center">
19
+ <img class = "user" src="<?php echo plugins_url("/../../img/bv-testimony-ryan-sullivan.png", __FILE__); ?>"/><br/>
20
  <p>
21
  <h1>&ldquo;</h1>
22
  <h4>BlogVault is the most reliable backup and restore tool we’ve ever used at WP Site Care. BlogVault is battle-tested at scale.</h4>
24
  </p>
25
  </li>
26
  <li class="slide text-center">
27
+ <img class = "user" src="<?php echo plugins_url("/../../img/bv-testimony-michael-signorella.jpg", __FILE__); ?>"/><br/>
28
  <p>
29
  <h1>&ldquo;</h1>
30
  <h4>This platform has proved to be invaluable. I tried a few other options for staging & found BlogVault to be the easiest to manage & migrate.</h4>
31
  <h5>Michael Signorella, Studio Signorella</h5>
32
  </p>
33
  </li>
34
+ </ul>
admin/components/mc_testimony.php CHANGED
@@ -1,6 +1,6 @@
1
  <ul class="slides text-center">
2
  <li class="slide text-center">
3
- <img class="user" src="https://mk0malcaredecgig0d6a.kinstacdn.com/wp-content/uploads/2019/09/Ivica-Delic-1.jpg"/><br/>
4
  <p>
5
  <h1>&ldquo;</h1>
6
  <h4>Incredibly simple but powerful plugin. I am amazed how smooth its all going, scanning is very fast and I am so happy that I found it &#128578;</h4>
@@ -8,7 +8,7 @@
8
  </p>
9
  </li>
10
  <li class="slide text-center">
11
- <img class = "user" src="https://mk0malcaredecgig0d6a.kinstacdn.com/wp-content/uploads/2019/01/Miriam-Schwab-2.jpg"/><br/>
12
 
13
  <p>
14
  <h1>&ldquo;</h1>
@@ -17,7 +17,7 @@
17
  </p>
18
  </li>
19
  <li class="slide text-center">
20
- <img class = "user" src="https://mk0malcaredecgig0d6a.kinstacdn.com/wp-content/uploads/2019/09/david-mccan-wordpress-cpt-1-1.jpg"/><br/>
21
 
22
  <p>
23
  <h1>&ldquo;</h1>
@@ -26,7 +26,7 @@
26
  </p>
27
  </li>
28
  <li class="slide text-center">
29
- <img class = "user" src="https://mk0malcaredecgig0d6a.kinstacdn.com/wp-content/uploads/2019/09/Armand-Girard-1.jpg"/><br/>
30
 
31
  <p>
32
  <h1>&ldquo;</h1>
@@ -34,4 +34,4 @@
34
  <h5>Armand Girard, Central Florida Promo</h5>
35
  </p>
36
  </li>
37
- </ul>
1
  <ul class="slides text-center">
2
  <li class="slide text-center">
3
+ <img class="user" src="<?php echo plugins_url("/../../img/mc-testimony-ivica-delic.jpg", __FILE__); ?>"/><br/>
4
  <p>
5
  <h1>&ldquo;</h1>
6
  <h4>Incredibly simple but powerful plugin. I am amazed how smooth its all going, scanning is very fast and I am so happy that I found it &#128578;</h4>
8
  </p>
9
  </li>
10
  <li class="slide text-center">
11
+ <img class = "user" src="<?php echo plugins_url("/../../img/mc-testimony-miriam-schwab.jpg", __FILE__); ?>"/><br/>
12
 
13
  <p>
14
  <h1>&ldquo;</h1>
17
  </p>
18
  </li>
19
  <li class="slide text-center">
20
+ <img class = "user" src="<?php echo plugins_url("/../../img/mc-testimony-david-mccan.jpg", __FILE__); ?>"/><br/>
21
 
22
  <p>
23
  <h1>&ldquo;</h1>
26
  </p>
27
  </li>
28
  <li class="slide text-center">
29
+ <img class = "user" src="<?php echo plugins_url("/../../img/mc-testimony-armand-girard.jpg", __FILE__); ?>"/><br/>
30
 
31
  <p>
32
  <h1>&ldquo;</h1>
34
  <h5>Armand Girard, Central Florida Promo</h5>
35
  </p>
36
  </li>
37
+ </ul>
blogvault.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://blogvault.net
5
  Description: Easiest way to backup & secure your WordPress site
6
  Author: Backup by BlogVault
7
  Author URI: https://blogvault.net
8
- Version: 4.76
9
  Network: True
10
  */
11
 
5
  Description: Easiest way to backup & secure your WordPress site
6
  Author: Backup by BlogVault
7
  Author URI: https://blogvault.net
8
+ Version: 4.77
9
  Network: True
10
  */
11
 
css/bvplugin.min.css CHANGED
@@ -1 +1 @@
1
- @import url('https://fonts.googleapis.com/css?family=Roboto:400, 500');@import url(https://fonts.googleapis.com/css2?family=Noto+Serif&display=swap);body a,body h1,body h2,body h3,body h4{font-family:Roboto,sans-serif}body button,body h5,body h6,body li,body p,body ul li a{font-family:Roboto,sans-serif}.text-center{text-align:center}.text-right{text-align:right}.d-flex{display:flex}.center-align-dflex{align-items:center;display:flex;justify-content:center;flex-direction:column}.h-100{height:100%}.mb-2{margin-bottom:20px}.mr-1{margin-right:10px}.mt-1{margin-top:10px}.float-right{float:right}.fw-600{font-weight:600}.text-white{color:#fff!important}.text-capitalize{text-transform:capitalize}.text-uppercase{text-transform:uppercase}input[type=checkbox]:checked::before{width:2.3rem;margin:-1px 0 0 -4px}input[type=checkbox]:focus{outline:unset!important}.color-grey{color:#4a4a4a!important}.color-blue{color:#7683ad!important}a{outline:unset!important;box-shadow:none!important}.custom-container{max-width:1440px;margin:auto}#wpcontent{padding:0!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#add-new-account #header .intro-video{display:none}#header{padding-top:77px;padding-bottom:40px;background-color:#f6f6ff;height:100%;position:relative;text-align:center}#header .top-links{position:absolute;top:15px;right:10px}#header .top-links a{text-decoration:underline}.blogvault #header .logo-img img{height:70px}.blogvault #header a:hover{color:#2f9d92}.malcare #header a:hover{color:#ee5151}#header .heading{font-family:Roboto;font-style:normal;font-size:22px;font-weight:500}#header .intro-video,#list-features .intro-video{padding:10px 25px;background:rgba(255,255,255);border:1px solid #e3ebfd;box-sizing:border-box;border-radius:8px;max-width:300px;font-family:Lato;font-weight:400;font-style:normal;font-size:14px;line-height:17px;color:#7683ad;margin:auto;margin-top:15px}#list-features .intro-video{margin:unset;margin-top:50px}.email-form{margin-top:10px}.email-form h5.check-box-text input.check-box{position:relative;width:20px;height:20px;margin:0 0 5px 0;border-radius:4px}.email-form h5.check-box-text{font-style:normal;font-weight:400;font-size:14px;line-height:17px;text-align:center;letter-spacing:.291667px;color:#4a4a4a;margin:15px 5px}.email-form .search-container label>a{text-decoration:underline}.blogvault .email-form .search-container label>a{color:#2f9d92}.malcare .email-form .search-container label>a{color:#ee5151}.email-form input.search{background:#fff;box-sizing:border-box;box-shadow:0 2px 10px rgba(204,203,203,.4);border-radius:8px;padding:25px;max-width:600px;width:100%;font-family:Roboto;font-weight:400;font-size:16px;line-height:10px;letter-spacing:.319444px;height:52px}.blogvault .email-form input.search{border:1px solid rgba(71,194,214,.5)}.malcare .email-form input.search{border:1px solid rgba(101,99,255,.5)}.email-form .e-mail-button{border:1px solid #e5e5e5;box-sizing:border-box;padding:25px;max-width:600px;width:100%;border-radius:8px;font-style:normal;font-weight:600;font-size:17px;line-height:1px;text-align:center;letter-spacing:.333333px;color:#4a4a4a}.email-form .e-mail-button:active{transform:translateY(.5px)}.blogvault .email-form .e-mail-button{background:#47c2d6}.malcare .email-form .e-mail-button{background:#7b7afe}#account-list h4,#footer h4,#list-features h4{font-family:Roboto;font-weight:500;font-style:normal;font-size:24px;line-height:28px;text-align:center;letter-spacing:.416667px;color:#4a4a4a}#account-list h5,#footer h5,#list-features h5{font-family:Roboto;font-weight:400;font-style:normal;font-size:12px;line-height:28px;text-align:center;letter-spacing:.8px;text-transform:uppercase}.blogvault h5{color:#2f9d92}.malcare h5{color:#ee5151}#footer .brand{justify-content:center}#footer .brand img{margin:0 15px}#footer .heading{margin-bottom:30px}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#account-list,#footer,#list-features{padding:50px 0}#list-features .heading{padding-bottom:20px}.blogvault #list-features img.main-image{width:100%}#list-features ul{list-style:inside}#list-features li{font-size:12px}#list-features #accordion input{display:none}#list-features #accordion{background:#fff;font-family:Roboto;font-style:normal}#list-features #accordion h4{color:#333;font-weight:500;font-size:18px;line-height:24px;text-align:left}#list-features #accordion h5{color:#2f9d92;font-weight:400;font-size:11px;line-height:22px;letter-spacing:.5px}.blogvault #list-features #accordion h5{color:#2f9d92}.malcare #list-features #accordion h5{color:#ee5151}#list-features #accordion label{border-radius:8px;display:block;margin-bottom:.125em;padding:.25em 1em;z-index:20}#list-features #accordion label:hover{text-decoration:underline}#list-features #accordion .article{display:none;overflow:hidden;z-index:10;font-weight:400;font-size:14px;line-height:22px;padding:.25em 1em;color:#888}#list-features #accordion input:checked~.acc-card{border:1px solid rgba(101,99,255,.3);box-sizing:border-box;box-shadow:0 2px 8px rgba(229,229,229,.25);border-radius:8px}#list-features #accordion input:checked~.acc-card .article{display:block}#account-list .account-list-container{width:800px;margin:auto;padding:20px;box-sizing:border-box;box-shadow:2px 2px 9px rgb(212 212 212),0 0 9px rgb(212 212 212);border-radius:11.5px}#account-list table{min-width:700px;margin:auto;margin-top:30px}#account-list .table-container{max-height:340px;overflow:auto}#account-list table input.button-primary{box-shadow:unset}#account-list .table-container::-webkit-scrollbar{width:6px;height:6px}#account-list .table-container::-webkit-scrollbar-thumb{background:#ccc;border-radius:10px;width:6px;height:6px}#account-list table tr th{text-align:center}#account-list table tr td{padding:10px}#testimony{overflow:hidden}#testimony .carousel{padding-top:80px;text-align:center;height:auto;width:100%;margin:auto;position:relative}#testimony .slide h1{font-family:"Noto Serif";font-style:normal;font-weight:400;font-size:144px;line-height:51px;text-align:center;letter-spacing:.9px;color:#7b7afe;margin:20px}#testimony .slide h4{font-family:Roboto;font-style:normal;font-weight:400;font-size:28px;line-height:46px;text-align:center;letter-spacing:.2px;color:#fff;padding:20px;max-width:1440px;margin:auto}#testimony .slide h5{font-family:Roboto;font-style:normal;font-weight:400;font-size:18px;line-height:21px;text-align:center;letter-spacing:.15px;color:#fff;mix-blend-mode:normal;opacity:.58;padding:20px;max-width:1440px;margin:auto}#testimony .carousel .slides{width:400%;left:0;padding-left:0;padding-top:1em;list-style:none;position:relative;-webkit-transition:transform .5s;-moz-transition:transform .5s;-o-transition:transform .5s;transition:transform .5s}#testimony .carousel .slide .user{position:relative;top:-90px;border-radius:50%;height:140px;width:140px}#testimony .carousel .slide-div{background:#2d3a67;width:100%}#testimony .carousel .slides li{width:25%;position:relative;float:left}#testimony .carousel li p{margin-top:0}#testimony .carousel .slidesNavigation{display:inline-block;list-style:none;margin:40px}#testimony .carousel input{display:none}#testimony .carousel .slidesNavigation label{float:left;margin:6px;display:block;height:10px;width:10px;-webkit-border-radius:50%;border-radius:50%;border:solid 1px #fff;background:#fff;opacity:.4;font-size:0}#radio-1:checked~.slides{transform:translateX(0)}#radio-2:checked~.slides{transform:translateX(-25%)}#radio-3:checked~.slides{transform:translateX(-50%)}#radio-4:checked~.slides{transform:translateX(-75%)}#testimony .carousel #radio-1:checked~.slidesNavigation label#dotForRadio-1,#testimony .carousel #radio-2:checked~.slidesNavigation label#dotForRadio-2,#testimony .carousel #radio-3:checked~.slidesNavigation label#dotForRadio-3,#testimony .carousel #radio-4:checked~.slidesNavigation label#dotForRadio-4{opacity:1}@media (max-width:624px){#get-started span{display:none}#get-started:before{font-size:13px;content:"Submit"}#footer .brand{justify-content:center}#footer .brand img{margin:20px;display:inline-block}.email-form .search-container label{font-size:11px}#header .heading{font-size:18px}#header .logo-img img{height:60px}#header .intro-video,#list-features .intro-video{max-width:77%}slide #list-features .intro-video{margin-bottom:15px}#list-features img.main-image{width:100%}#account-list .account-list-container{width:unset;box-shadow:unset;margin:0 10px}#account-list a.btn{margin-bottom:10px}}@media (max-width:1024px){.man-img{display:none}.d-flex{display:inline-block}.intro-video{margin:auto;margin-bottom:70px}}@media (min-width:1024px) and (max-width:1367px){#get-started span{display:none}#get-started:before{content:"Submit"}}@media (min-width:768px){.justify-content-center{justify-content:center}}@media (max-width:1440px){.row{margin-left:0!important;margin-right:0!important}}
1
+ @import url('https://fonts.googleapis.com/css?family=Roboto:400, 500');@import url(https://fonts.googleapis.com/css2?family=Noto+Serif&display=swap);body a,body h1,body h2,body h3,body h4{font-family:Roboto,sans-serif}body button,body h5,body h6,body li,body p,body ul li a{font-family:Roboto,sans-serif}.text-center{text-align:center}.text-right{text-align:right}.d-flex{display:flex}.center-align-dflex{align-items:center;display:flex;justify-content:center;flex-direction:column}.h-100{height:100%}.mb-2{margin-bottom:20px}.mr-1{margin-right:10px}.mt-1{margin-top:10px}.float-right{float:right}.fw-600{font-weight:600}.text-white{color:#fff!important}.text-capitalize{text-transform:capitalize}.text-uppercase{text-transform:uppercase}input[type=checkbox]:checked::before{width:2.3rem;margin:-1px 0 0 -4px}input[type=checkbox]:focus{outline:unset!important}.color-grey{color:#4a4a4a!important}.color-blue{color:#7683ad!important}a{outline:unset!important;box-shadow:none!important}.custom-container{max-width:1440px;margin:auto}#wpcontent{padding:0!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#add-new-account #header .intro-video{display:none}#header{padding-top:77px;padding-bottom:40px;background-color:#f6f6ff;height:100%;position:relative;text-align:center}#header .top-links{position:absolute;top:15px;right:10px}#header .top-links a{text-decoration:underline}.blogvault #header .logo-img img{height:70px}.blogvault #header a:hover{color:#2f9d92}.malcare #header a:hover{color:#ee5151}#header .heading{font-family:Roboto;font-style:normal;font-size:22px;font-weight:500}#header .intro-video,#list-features .intro-video{padding:10px 25px;background:rgba(255,255,255);border:1px solid #e3ebfd;box-sizing:border-box;border-radius:8px;max-width:300px;font-family:Lato;font-weight:400;font-style:normal;font-size:14px;line-height:17px;color:#7683ad;margin:auto;margin-top:15px}#list-features .intro-video{margin:unset;margin-top:50px}.email-form{margin-top:10px}.email-form h5.check-box-text input.check-box{position:relative;width:20px;height:20px;margin:0 0 5px 0;border-radius:4px}.email-form h5.check-box-text{font-style:normal;font-weight:400;font-size:14px;line-height:17px;text-align:center;letter-spacing:.291667px;color:#4a4a4a;margin:15px 5px}.email-form .search-container label>a{text-decoration:underline}.blogvault .email-form .search-container label>a{color:#2f9d92}.malcare .email-form .search-container label>a{color:#ee5151}.email-form input.search{background:#fff;box-sizing:border-box;box-shadow:0 2px 10px rgba(204,203,203,.4);border-radius:8px;padding:25px;max-width:600px;width:100%;font-family:Roboto;font-weight:400;font-size:16px;line-height:10px;letter-spacing:.319444px;height:52px}.blogvault .email-form input.search{border:1px solid rgba(71,194,214,.5)}.malcare .email-form input.search{border:1px solid rgba(101,99,255,.5)}.email-form .e-mail-button{border:1px solid #e5e5e5;box-sizing:border-box;padding:25px;max-width:600px;width:100%;border-radius:8px;font-style:normal;font-weight:600;font-size:17px;line-height:1px;text-align:center;letter-spacing:.333333px;color:#4a4a4a}.email-form .e-mail-button:active{transform:translateY(.5px)}.blogvault .email-form .e-mail-button{background:#47c2d6}.malcare .email-form .e-mail-button{background:#7b7afe}#account-list h4,#footer h4,#list-features h4{font-family:Roboto;font-weight:500;font-style:normal;font-size:24px;line-height:28px;text-align:center;letter-spacing:.416667px;color:#4a4a4a}#account-list h5,#footer h5,#list-features h5{font-family:Roboto;font-weight:400;font-style:normal;font-size:12px;line-height:28px;text-align:center;letter-spacing:.8px;text-transform:uppercase}.blogvault h5{color:#2f9d92}.malcare h5{color:#ee5151}#footer .brand{justify-content:center}#footer .brand img{margin:0 15px}#footer .heading{margin-bottom:30px}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#account-list,#footer,#list-features{padding:50px 0}#list-features .heading{padding-bottom:20px}.blogvault #list-features img.main-image{width:100%}#list-features ul{list-style:inside}#list-features li{font-size:12px}#list-features #accordion input{display:none}#list-features #accordion{background:#fff;font-family:Roboto;font-style:normal}#list-features #accordion h4{color:#333;font-weight:500;font-size:18px;line-height:24px;text-align:left}#list-features #accordion h5{color:#2f9d92;font-weight:400;font-size:11px;line-height:22px;letter-spacing:.5px}.blogvault #list-features #accordion h5{color:#2f9d92}.malcare #list-features #accordion h5{color:#ee5151}#list-features #accordion label{border-radius:8px;display:block;margin-bottom:.125em;padding:.25em 1em;z-index:20}#list-features #accordion label:hover{text-decoration:underline}#list-features #accordion .article{display:none;overflow:hidden;z-index:10;font-weight:400;font-size:14px;line-height:22px;padding:.25em 1em;color:#888}#list-features #accordion input:checked~.acc-card{border:1px solid rgba(101,99,255,.3);box-sizing:border-box;box-shadow:0 2px 8px rgba(229,229,229,.25);border-radius:8px}#list-features #accordion input:checked~.acc-card .article{display:block}#account-list .account-list-container{width:800px;margin:auto;padding:20px;box-sizing:border-box;box-shadow:2px 2px 9px rgb(212 212 212),0 0 9px rgb(212 212 212);border-radius:11.5px}#account-list table{min-width:700px;margin:auto;margin-top:30px}#account-list .table-container{max-height:340px;overflow:auto}#account-list table input.button-primary{box-shadow:unset}#account-list .table-container::-webkit-scrollbar{width:6px;height:6px}#account-list .table-container::-webkit-scrollbar-thumb{background:#ccc;border-radius:10px;width:6px;height:6px}#account-list table tr th{text-align:center}#account-list table tr td{padding:10px}#testimony{overflow:hidden}#testimony .carousel{padding-top:80px;text-align:center;height:auto;width:100%;margin:auto;position:relative}#testimony .slide h1{font-family:"Noto Serif";font-style:normal;font-weight:400;font-size:144px;line-height:51px;text-align:center;letter-spacing:.9px;color:#7b7afe;margin:20px}#testimony .slide h4{font-family:Roboto;font-style:normal;font-weight:400;font-size:28px;line-height:46px;text-align:center;letter-spacing:.2px;color:#fff;padding:20px;max-width:1440px;margin:auto}#testimony .slide h5{font-family:Roboto;font-style:normal;font-weight:400;font-size:18px;line-height:21px;text-align:center;letter-spacing:.15px;color:#fff;mix-blend-mode:normal;opacity:.58;padding:20px;max-width:1440px;margin:auto}#testimony .carousel .slides{width:400%;left:0;padding-left:0;padding-top:1em;list-style:none;position:relative;-webkit-transition:transform .5s;-moz-transition:transform .5s;-o-transition:transform .5s;transition:transform .5s}#testimony .carousel .slide .user{position:relative;top:-90px;border-radius:50%;height:140px;width:140px;object-fit:cover}#testimony .carousel .slide-div{background:#2d3a67;width:100%}#testimony .carousel .slides li{width:25%;position:relative;float:left}#testimony .carousel li p{margin-top:0}#testimony .carousel .slidesNavigation{display:inline-block;list-style:none;margin:40px}#testimony .carousel input{display:none}#testimony .carousel .slidesNavigation label{float:left;margin:6px;display:block;height:10px;width:10px;-webkit-border-radius:50%;border-radius:50%;border:solid 1px #fff;background:#fff;opacity:.4;font-size:0}#radio-1:checked~.slides{transform:translateX(0)}#radio-2:checked~.slides{transform:translateX(-25%)}#radio-3:checked~.slides{transform:translateX(-50%)}#radio-4:checked~.slides{transform:translateX(-75%)}#testimony .carousel #radio-1:checked~.slidesNavigation label#dotForRadio-1,#testimony .carousel #radio-2:checked~.slidesNavigation label#dotForRadio-2,#testimony .carousel #radio-3:checked~.slidesNavigation label#dotForRadio-3,#testimony .carousel #radio-4:checked~.slidesNavigation label#dotForRadio-4{opacity:1}@media (max-width:624px){#get-started span{display:none}#get-started:before{font-size:13px;content:"Submit"}#footer .brand{justify-content:center}#footer .brand img{margin:20px;display:inline-block}.email-form .search-container label{font-size:11px}#header .heading{font-size:18px}#header .logo-img img{height:60px}#header .intro-video,#list-features .intro-video{max-width:77%}slide #list-features .intro-video{margin-bottom:15px}#list-features img.main-image{width:100%}#account-list .account-list-container{width:unset;box-shadow:unset;margin:0 10px}#account-list a.btn{margin-bottom:10px}}@media (max-width:1024px){.man-img{display:none}.d-flex{display:inline-block}.intro-video{margin:auto;margin-bottom:70px}}@media (min-width:1024px) and (max-width:1367px){#get-started span{display:none}#get-started:before{content:"Submit"}}@media (min-width:768px){.justify-content-center{justify-content:center}}@media (max-width:1440px){.row{margin-left:0!important;margin-right:0!important}}
img/bv-testimony-david-attardi.jpg ADDED
Binary file
img/bv-testimony-michael-signorella.jpg ADDED
Binary file
img/bv-testimony-mickey-kay.jpeg ADDED
Binary file
img/bv-testimony-ryan-sullivan.png ADDED
Binary file
img/mc-testimony-armand-girard.jpg ADDED
Binary file
img/mc-testimony-david-mccan.jpg ADDED
Binary file
img/mc-testimony-ivica-delic.jpg ADDED
Binary file
img/mc-testimony-miriam-schwab.jpg ADDED
Binary file
info.php CHANGED
@@ -10,7 +10,7 @@ if (!class_exists('BVInfo')) :
10
  public $badgeinfo = 'bvbadge';
11
  public $ip_header_option = 'bvipheader';
12
  public $brand_option = 'bvbrand';
13
- public $version = '4.76';
14
  public $webpage = 'https://blogvault.net';
15
  public $appurl = 'https://app.blogvault.net';
16
  public $slug = 'blogvault-real-time-backup/blogvault.php';
@@ -103,8 +103,19 @@ if (!class_exists('BVInfo')) :
103
  return ($this->getWatchTime() > $expiry_time);
104
  }
105
 
 
 
 
 
 
 
 
 
 
 
 
106
  public function isProtectModuleEnabled() {
107
- return $this->isServiceActive("protect");
108
  }
109
 
110
  public function isDynSyncModuleEnabled() {
@@ -130,7 +141,7 @@ if (!class_exists('BVInfo')) :
130
  }
131
 
132
  public function isMalcare() {
133
- return $this->getBrandName() === 'MalCare - Pro';
134
  }
135
 
136
  public function isBlogvault() {
10
  public $badgeinfo = 'bvbadge';
11
  public $ip_header_option = 'bvipheader';
12
  public $brand_option = 'bvbrand';
13
+ public $version = '4.77';
14
  public $webpage = 'https://blogvault.net';
15
  public $appurl = 'https://app.blogvault.net';
16
  public $slug = 'blogvault-real-time-backup/blogvault.php';
103
  return ($this->getWatchTime() > $expiry_time);
104
  }
105
 
106
+ public function isValidEnvironment(){
107
+ $bvsiteinfo = new BVWPSiteInfo();
108
+ $siteurl = $bvsiteinfo->siteurl();
109
+ $bvconfig = $this->config;
110
+ if ($bvconfig && array_key_exists("abspath", $bvconfig) &&
111
+ array_key_exists("siteurl", $bvconfig) && !empty($siteurl)) {
112
+ return ($bvconfig["abspath"] == ABSPATH && $bvconfig["siteurl"] == $siteurl);
113
+ }
114
+ return true;
115
+ }
116
+
117
  public function isProtectModuleEnabled() {
118
+ return $this->isServiceActive("protect") && $this->isValidEnvironment();
119
  }
120
 
121
  public function isDynSyncModuleEnabled() {
141
  }
142
 
143
  public function isMalcare() {
144
+ return $this->getBrandName() === 'MalCare';
145
  }
146
 
147
  public function isBlogvault() {
protect/base.php CHANGED
@@ -25,5 +25,86 @@ class BVProtectBase {
25
 
26
  return $ip;
27
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
  endif;
25
 
26
  return $ip;
27
  }
28
+
29
+ public static function hasIPv6Support() {
30
+ return defined('AF_INET6');
31
+ }
32
+
33
+ public static function isValidIP($ip) {
34
+ return filter_var($ip, FILTER_VALIDATE_IP) !== false;
35
+ }
36
+
37
+ public static function bvInetPton($ip) {
38
+ $pton = self::isValidIP($ip) ? (self::hasIPv6Support() ? inet_pton($ip) : self::_bvInetPton($ip)) : false;
39
+ return $pton;
40
+ }
41
+
42
+ public static function _bvInetPton($ip) {
43
+ if (preg_match('/^(?:\d{1,3}(?:\.|$)){4}/', $ip)) {
44
+ $octets = explode('.', $ip);
45
+ $bin = chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
46
+ return $bin;
47
+ }
48
+
49
+ if (preg_match('/^((?:[\da-f]{1,4}(?::|)){0,8})(::)?((?:[\da-f]{1,4}(?::|)){0,8})$/i', $ip)) {
50
+ if ($ip === '::') {
51
+ return "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
52
+ }
53
+ $colon_count = substr_count($ip, ':');
54
+ $dbl_colon_pos = strpos($ip, '::');
55
+ if ($dbl_colon_pos !== false) {
56
+ $ip = str_replace('::', str_repeat(':0000',
57
+ (($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($ip) - 2) ? 9 : 8) - $colon_count) . ':', $ip);
58
+ $ip = trim($ip, ':');
59
+ }
60
+
61
+ $ip_groups = explode(':', $ip);
62
+ $ipv6_bin = '';
63
+ foreach ($ip_groups as $ip_group) {
64
+ $ipv6_bin .= pack('H*', str_pad($ip_group, 4, '0', STR_PAD_LEFT));
65
+ }
66
+
67
+ return strlen($ipv6_bin) === 16 ? $ipv6_bin : false;
68
+ }
69
+
70
+ if (preg_match('/^(?:\:(?:\:0{1,4}){0,4}\:|(?:0{1,4}\:){5})ffff\:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i', $ip, $matches)) {
71
+ $octets = explode('.', $matches[1]);
72
+ return chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
73
+ }
74
+
75
+ return false;
76
+ }
77
+
78
+ public static function isIPInRange($start_ip_range, $end_ip_range, $ip) {
79
+ $bin_ip = null;
80
+ if ($ip) {
81
+ $bin_ip = self::bvInetPton($ip);
82
+ }
83
+ if ($bin_ip && $bin_ip >= self::bvInetPton($start_ip_range)
84
+ && $bin_ip <= self::bvInetPton($end_ip_range)) {
85
+ return true;
86
+ }
87
+ return false;
88
+ }
89
+
90
+ public static function isPrivateIP($ip) {
91
+ $private_ip_ranges = array(
92
+ array("10.0.0.0", "10.255.255.255"),
93
+ array("172.16.0.0", "172.31.255.255"),
94
+ array("192.168.0.0", "192.168.255.255"),
95
+ array("127.0.0.1", "127.255.255.255"),
96
+ array("::1","::1"),
97
+ array("fc00::","fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")
98
+ );
99
+
100
+ $result = false;
101
+ foreach ($private_ip_ranges as $ip_range) {
102
+ $result = self::isIPInRange($ip_range[0], $ip_range[1], $ip);
103
+ if($result) {
104
+ return $result;
105
+ }
106
+ }
107
+ return $result;
108
+ }
109
  }
110
  endif;
protect/fw/fw.php CHANGED
@@ -12,9 +12,16 @@ class BVFW {
12
  public $ipstore;
13
  public $category;
14
  public $logger;
15
- public $ruleSet;
 
16
  public $ruleEvaluator;
17
  public $break_rule_evaluation;
 
 
 
 
 
 
18
 
19
  const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
  @@HOSTNAME|
@@ -53,17 +60,26 @@ class BVFW {
53
  const IP_COOKIE = "bvfw-ip-cookie";
54
  const PREVENT_CACHE_COOKIE = "wp-bvfw-prevent-cache-cookie";
55
 
56
- public function __construct($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet) {
 
57
  $this->config = new BVFWConfig($confHash);
58
  $this->request = new BVWPRequest($ip);
59
  $this->bvinfo = $bvinfo;
60
  $this->ipstore = $ipstore;
61
  $this->logger = $logger;
62
- $this->ruleSet = $ruleSet;
63
- $this->ruleEvaluator = new BVFWRuleEvaluator($this->request);
64
  $this->break_rule_evaluation = false;
65
  }
66
 
 
 
 
 
 
 
 
 
67
  public function setcookie($name, $value, $expire) {
68
  $path = $this->config->cookiePath;
69
  $cookie_domain = $this->config->cookieDomain;
@@ -162,8 +178,8 @@ class BVFW {
162
  if ($this->config->isCompleteLoggingEnabled()) {
163
  $canlog = true;
164
  } else if ($this->config->isVisitorLoggingEnabled()) {
165
- $canlog = !$this->hasValidBypassCookie() &&
166
- (!function_exists('is_user_logged_in') || !is_user_logged_in());
167
  }
168
  return $canlog;
169
  }
@@ -215,6 +231,10 @@ class BVFW {
215
  $this->request->setCategory(BVWPRequest::WHITELISTED);
216
  $this->request->setStatus(BVWPRequest::BYPASSED);
217
  return true;
 
 
 
 
218
  }
219
  return false;
220
  }
@@ -251,16 +271,53 @@ class BVFW {
251
  if ($this->isBlacklistedIP()) {
252
  $this->terminateRequest(BVWPRequest::BLACKLISTED);
253
  }
254
- if ($this->config->isRulesModeEnabled()) {
255
- if (is_array($this->ruleSet)) {
256
- $this->evaluateRules($this->ruleSet);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
257
  } else {
258
- $this->request->updateRulesInfo('errors', 'ruleset', 'Invalid RuleSet');
259
  }
260
  }
261
  }
262
  }
263
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
264
  public function matchCount($pattern, $subject) {
265
  $count = 0;
266
  if (is_array($subject)) {
@@ -389,52 +446,67 @@ class BVFW {
389
  foreach ($ruleSet as $rule) {
390
  $id = $rule["id"];
391
  $ruleLogic = $rule["rule_logic"];
392
- $actions = $rule["actions"];
393
- $min_rule_engine_ver = $rule["min_rule_engine_ver"];
394
  $this->ruleEvaluator->resetErrors();
395
 
396
- if (BVFWRuleEvaluator::VERSION >= $min_rule_engine_ver) {
397
- if ($this->ruleEvaluator->evaluateRule($ruleLogic) && empty($this->ruleEvaluator->getErrors())) {
398
- $this->request->updateMatchedRules($id);
399
- $this->executeActions($actions);
400
- } elseif (!empty($this->ruleEvaluator->getErrors())) {
401
- $this->request->updateRulesInfo("errors", (string) $id, $this->ruleEvaluator->getErrors());
402
- }
403
  }
 
404
  if ($this->break_rule_evaluation) {
405
  return;
406
  }
407
  }
408
  }
409
 
410
- function executeActions($actions){
411
- foreach($actions as $action) {
 
 
 
 
 
412
  switch ($action["type"]) {
413
  case "ALLOW":
414
  $this->break_rule_evaluation = true;
415
  $this->request->setCategory(BVWPRequest::RULE_ALLOWED);
416
  return;
417
  case "BLOCK":
418
- $this->terminateRequest(BVWPRequest::RULE_BLOCKED);
 
 
419
  return;
420
  case "INSPECT":
421
  $this->inspectRequest();
422
  break;
423
- case "DEBUG":
424
- //TODO
425
- break;
426
- case "SCRUB":
427
- //TODO
428
- break;
429
- case "FILTER":
430
- //TODO
431
- break;
432
  }
433
  }
434
  }
435
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
436
  public function inspectRequest() {
437
  $this->request->updateRulesInfo('inspect', "headers", $this->request->getHeaders());
 
 
 
 
 
 
438
  $this->request->updateRulesInfo('inspect', "getParams", $this->request->getGetParams());
439
  $this->request->updateRulesInfo('inspect', "postParams", $this->getPostParamsToLog($this->request->getPostParams()));
440
  $this->request->updateRulesInfo('inspect', "cookies", $this->request->getCookies());
12
  public $ipstore;
13
  public $category;
14
  public $logger;
15
+ public $generic_rule_set = array();
16
+ public $wpf_rule_set = array();
17
  public $ruleEvaluator;
18
  public $break_rule_evaluation;
19
+ public $ruleActions = array();
20
+ private static $instance = null;
21
+
22
+ #RuleLevels
23
+ const GENERIC = 1;
24
+ const WPF = 2;
25
 
26
  const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
27
  @@HOSTNAME|
60
  const IP_COOKIE = "bvfw-ip-cookie";
61
  const PREVENT_CACHE_COOKIE = "wp-bvfw-prevent-cache-cookie";
62
 
63
+ #singleton design
64
+ private function __construct($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet) {
65
  $this->config = new BVFWConfig($confHash);
66
  $this->request = new BVWPRequest($ip);
67
  $this->bvinfo = $bvinfo;
68
  $this->ipstore = $ipstore;
69
  $this->logger = $logger;
70
+ $this->initializeLevelWiseRuleSets($ruleSet);
71
+ $this->ruleEvaluator = new BVFWRuleEvaluator($this);
72
  $this->break_rule_evaluation = false;
73
  }
74
 
75
+ public static function getInstance($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet) {
76
+ if (!isset(self::$instance)) {
77
+ self::$instance = new BVFW($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet);
78
+ }
79
+
80
+ return self::$instance;
81
+ }
82
+
83
  public function setcookie($name, $value, $expire) {
84
  $path = $this->config->cookiePath;
85
  $cookie_domain = $this->config->cookieDomain;
178
  if ($this->config->isCompleteLoggingEnabled()) {
179
  $canlog = true;
180
  } else if ($this->config->isVisitorLoggingEnabled()) {
181
+ $canlog = ($this->request->hasMatchedRules()) || (!$this->hasValidBypassCookie() &&
182
+ (!function_exists('is_user_logged_in') || !is_user_logged_in()));
183
  }
184
  return $canlog;
185
  }
231
  $this->request->setCategory(BVWPRequest::WHITELISTED);
232
  $this->request->setStatus(BVWPRequest::BYPASSED);
233
  return true;
234
+ } else if(BVProtectBase::isPrivateIP($this->request->getIP())) {
235
+ $this->request->setCategory(BVWPRequest::PRIVATEIP);
236
+ $this->request->setStatus(BVWPRequest::BYPASSED);
237
+ return true;
238
  }
239
  return false;
240
  }
271
  if ($this->isBlacklistedIP()) {
272
  $this->terminateRequest(BVWPRequest::BLACKLISTED);
273
  }
274
+ }
275
+ }
276
+
277
+ public function canExecuteRules() {
278
+ if (!$this->isWhitelistedIP() && $this->config->isRulesModeEnabled()) {
279
+ return true;
280
+ }
281
+ return false;
282
+ }
283
+
284
+ public function initializeLevelWiseRuleSets($rule_set) {
285
+ if (!is_array($rule_set)) {
286
+ $this->request->updateRulesInfo('errors', 'ruleset', 'Invalid RuleSet');
287
+ return;
288
+ }
289
+
290
+ foreach ($rule_set as $rule) {
291
+ if (BVFWRuleEvaluator::VERSION >= $rule["min_rule_engine_ver"]) {
292
+ if (array_key_exists("level", $rule) && $rule["level"] == BVFW::WPF) {
293
+ array_push($this->wpf_rule_set, $rule);
294
  } else {
295
+ array_push($this->generic_rule_set, $rule);
296
  }
297
  }
298
  }
299
  }
300
 
301
+ public function ruleSetToExecute() {
302
+ $rule_set = array();
303
+ if ($this->isWpLoaded()) {
304
+ $rule_set = $this->wpf_rule_set;
305
+ }
306
+ if (!defined('MCWAFLOADED') && !$this->hasValidBypassCookie()) {
307
+ $rule_set = array_merge($rule_set, $this->generic_rule_set);
308
+ }
309
+ return $rule_set;
310
+ }
311
+
312
+ public function executeRules() {
313
+ if (!$this->canExecuteRules()) {
314
+ return;
315
+ }
316
+
317
+ $rule_set = $this->ruleSetToExecute();
318
+ $this->evaluateRules($rule_set);
319
+ }
320
+
321
  public function matchCount($pattern, $subject) {
322
  $count = 0;
323
  if (is_array($subject)) {
446
  foreach ($ruleSet as $rule) {
447
  $id = $rule["id"];
448
  $ruleLogic = $rule["rule_logic"];
449
+ $this->ruleActions[$id] = $rule["actions"];
 
450
  $this->ruleEvaluator->resetErrors();
451
 
452
+ if ($this->ruleEvaluator->evaluateRule($ruleLogic) && empty($this->ruleEvaluator->getErrors())) {
453
+ $this->handleMatchedRule($id);
454
+ } elseif (!empty($this->ruleEvaluator->getErrors())) {
455
+ $this->request->updateRulesInfo("errors", (string) $id, $this->ruleEvaluator->getErrors());
 
 
 
456
  }
457
+
458
  if ($this->break_rule_evaluation) {
459
  return;
460
  }
461
  }
462
  }
463
 
464
+ function handleMatchedRule($id) {
465
+ $this->request->updateMatchedRules($id);
466
+ $this->executeActions($id);
467
+ }
468
+
469
+ function executeActions($id){
470
+ foreach($this->ruleActions[$id] as $action) {
471
  switch ($action["type"]) {
472
  case "ALLOW":
473
  $this->break_rule_evaluation = true;
474
  $this->request->setCategory(BVWPRequest::RULE_ALLOWED);
475
  return;
476
  case "BLOCK":
477
+ if ($this->config->isProtecting()) {
478
+ $this->terminateRequest(BVWPRequest::RULE_BLOCKED);
479
+ }
480
  return;
481
  case "INSPECT":
482
  $this->inspectRequest();
483
  break;
 
 
 
 
 
 
 
 
 
484
  }
485
  }
486
  }
487
 
488
+ function isWPLoaded() {
489
+ return defined('BVWPLOADED');
490
+ }
491
+
492
+ function getCurrentWPUser() {
493
+ if (!$this->isWPLoaded()) {
494
+ return;
495
+ }
496
+ if (!function_exists('wp_get_current_user')) {
497
+ @include_once(ABSPATH . "wp-includes/pluggable.php");
498
+ }
499
+ return wp_get_current_user();
500
+ }
501
+
502
  public function inspectRequest() {
503
  $this->request->updateRulesInfo('inspect', "headers", $this->request->getHeaders());
504
+
505
+ $wp_user = $this->getCurrentWPUser();
506
+ if ($wp_user && isset($wp_user->ID)) {
507
+ $this->request->updateRulesInfo('inspect', "userID", $wp_user->ID);
508
+ }
509
+
510
  $this->request->updateRulesInfo('inspect', "getParams", $this->request->getGetParams());
511
  $this->request->updateRulesInfo('inspect', "postParams", $this->getPostParamsToLog($this->request->getPostParams()));
512
  $this->request->updateRulesInfo('inspect', "cookies", $this->request->getCookies());
protect/fw/request.php CHANGED
@@ -36,6 +36,7 @@ class BVWPRequest {
36
  const USER_BLACKLISTED = 50;
37
  const RULE_BLOCKED = 60;
38
  const RULE_ALLOWED = 70;
 
39
 
40
  public function __construct($ip) {
41
  $fileNames = array();
@@ -180,6 +181,10 @@ class BVWPRequest {
180
  return $this->matchedRules;
181
  }
182
 
 
 
 
 
183
  public function updateReqInfo($info) {
184
  if (is_array($info)) {
185
  $this->reqInfo = $this->reqInfo + $info;
36
  const USER_BLACKLISTED = 50;
37
  const RULE_BLOCKED = 60;
38
  const RULE_ALLOWED = 70;
39
+ const PRIVATEIP = 80;
40
 
41
  public function __construct($ip) {
42
  $fileNames = array();
181
  return $this->matchedRules;
182
  }
183
 
184
+ public function hasMatchedRules() {
185
+ return !empty($this->matchedRules);
186
+ }
187
+
188
  public function updateReqInfo($info) {
189
  if (is_array($info)) {
190
  $this->reqInfo = $this->reqInfo + $info;
protect/fw/rule_evaluator.php CHANGED
@@ -6,10 +6,11 @@ if (!class_exists('BVFWRuleEvaluator')) :
6
  class BVFWRuleEvaluator {
7
  private $request;
8
 
9
- const VERSION = 0.2;
10
 
11
- public function __construct($request) {
12
- $this->request = $request;
 
13
  }
14
 
15
  function getErrors() {
@@ -310,9 +311,8 @@ class BVFWRuleEvaluator {
310
  function evaluateExpression($expr) {
311
  switch ($expr["type"]) {
312
  case "AND" :
313
- $loperand = $this->getValue($expr["left_operand"]);
314
- $roperand = $this->getValue($expr["right_operand"]);
315
- return ($loperand && $roperand);
316
  case "OR" :
317
  $loperand = $this->getValue($expr["left_operand"]);
318
  $roperand = $this->getValue($expr["right_operand"]);
@@ -343,6 +343,111 @@ class BVFWRuleEvaluator {
343
  return $_args;
344
  }
345
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
346
  function executeFunctionCall($func) {
347
  $name = $func["name"];
348
  $handler = array($this, $name);
@@ -367,6 +472,18 @@ class BVFWRuleEvaluator {
367
  return $this->fetchConstantValue($expr["value"]);
368
  case "FUNCTION" :
369
  return $this->executeFunctionCall($expr);
 
 
 
 
 
 
 
 
 
 
 
 
370
  default :
371
  return $this->evaluateExpression($expr);
372
  }
6
  class BVFWRuleEvaluator {
7
  private $request;
8
 
9
+ const VERSION = 0.3;
10
 
11
+ public function __construct($fw) {
12
+ $this->fw = $fw;
13
+ $this->request = $fw->request;
14
  }
15
 
16
  function getErrors() {
311
  function evaluateExpression($expr) {
312
  switch ($expr["type"]) {
313
  case "AND" :
314
+ return ($this->getValue($expr["left_operand"]) &&
315
+ $this->getValue($expr["right_operand"]));
 
316
  case "OR" :
317
  $loperand = $this->getValue($expr["left_operand"]);
318
  $roperand = $this->getValue($expr["right_operand"]);
343
  return $_args;
344
  }
345
 
346
+ function loadPluggable() {
347
+ if (!function_exists('wp_get_current_user')) {
348
+ @include_once(ABSPATH . "wp-includes/pluggable.php");
349
+ }
350
+ }
351
+
352
+ function addWPAction($hook_name, $func_name, $priority, $accepted_args, $config) {
353
+ $this->loadPluggable();
354
+ add_action($hook_name, array($this, $func_name), $priority, $accepted_args);
355
+ $this->setVariable($hook_name, $config);
356
+ return false;
357
+ }
358
+
359
+ function addWPFilter($hook_name, $func_name, $priority, $accepted_args, $config) {
360
+ $this->loadPluggable();
361
+ add_filter($hook_name, array($this, $func_name), $priority, $accepted_args);
362
+ $this->setVariable($hook_name, $config);
363
+ return false;
364
+ }
365
+
366
+ function setVariable($name, $value) {
367
+ $this->{$name} = $value;
368
+ }
369
+
370
+ function getVariable($name) {
371
+ return $this->{$name};
372
+ }
373
+
374
+ function preInsertUpdatePost($maybe_empty, $postarr) {
375
+ $curr_hook = current_filter();
376
+ $config = $this->getVariable($curr_hook);
377
+ $posts_to_consider = $config["posts_to_consider"];
378
+ $rule_id = $config["rule_id"];
379
+ if (in_array($postarr['post_type'], $posts_to_consider)) {
380
+ if ((!empty($postarr['ID']) && !current_user_can("edit_{$postarr['post_type']}", $postarr['ID']))
381
+ || !current_user_can("edit_posts")) {
382
+ $log_data = array($postarr['post_type'], $postarr['ID']);
383
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
384
+ $this->fw->handleMatchedRule($rule_id);
385
+ }
386
+ }
387
+ return false;
388
+ }
389
+
390
+ function preDeletePost($delete, $post) {
391
+ $curr_hook = current_filter();
392
+ $config = $this->getVariable($curr_hook);
393
+ $posts_to_consider = $config["posts_to_consider"];
394
+ $rule_id = $config["rule_id"];
395
+ if (isset($post->post_type) && in_array($post->post_type, $posts_to_consider) &&
396
+ !current_user_can("delete_{$post->post_type}", $post->ID)) {
397
+ $log_data = array($post->post_type, $post->ID);
398
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
399
+ $this->fw->handleMatchedRule($rule_id);
400
+ }
401
+ }
402
+
403
+ function preUserCreation($user_login) {
404
+ $curr_hook = current_filter();
405
+ $config = $this->getVariable($curr_hook);
406
+ $rule_id = $config["rule_id"];
407
+ if (!username_exists($user_login) && !current_user_can('create_users')) {
408
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $user_login);
409
+ $this->fw->handleMatchedRule($rule_id);
410
+ }
411
+ return $user_login;
412
+ }
413
+
414
+ function preDeleteUser($id, $reassign, $user) {
415
+ $curr_hook = current_filter();
416
+ $config = $this->getVariable($curr_hook);
417
+ $rule_id = $config["rule_id"];
418
+ if (!current_user_can('delete_users')) {
419
+ $log_data = array($id, $reassign, array("ID" => $user->ID,
420
+ "username" => $user->user_login,
421
+ "user_email" => $user->user_email,
422
+ "caps" => $user->allcaps,
423
+ "roles" => $user->roles));
424
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
425
+ $this->fw->handleMatchedRule($rule_id);
426
+ }
427
+ }
428
+
429
+ function handleOption($option, $log_data) {
430
+ $curr_hook = current_filter();
431
+ $config = $this->getVariable($curr_hook);
432
+ $options_to_consider = $config["options_to_consider"];
433
+ $rule_id = $config["rule_id"];
434
+ if (in_array($option, $options_to_consider) && !current_user_can('manage_options')) {
435
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
436
+ $this->fw->handleMatchedRule($rule_id);
437
+ }
438
+ }
439
+
440
+ function preUpdateOption($value, $option, $old_value) {
441
+ $log_data = array($value, $option, $old_value);
442
+ $this->handleOption($option, $log_data);
443
+ return $value;
444
+ }
445
+
446
+ function preDeleteOption($option) {
447
+ $this->handleOption($option, $option);
448
+ return $option;
449
+ }
450
+
451
  function executeFunctionCall($func) {
452
  $name = $func["name"];
453
  $handler = array($this, $name);
472
  return $this->fetchConstantValue($expr["value"]);
473
  case "FUNCTION" :
474
  return $this->executeFunctionCall($expr);
475
+ case "ARRAY" :
476
+ $arr = array();
477
+ foreach ($expr["value"] as $element) {
478
+ $arr[] = $this->getValue($element);
479
+ }
480
+ return $arr;
481
+ case "HASH" :
482
+ $hash = array();
483
+ foreach($expr["value"] as $key => $value) {
484
+ $hash[strval($key)] = $value;
485
+ }
486
+ return $hash;
487
  default :
488
  return $this->evaluateExpression($expr);
489
  }
protect/prepend/protect.php CHANGED
@@ -58,7 +58,7 @@ require_once dirname( __FILE__ ) . '/logger.php';
58
  $fwlogger = new BVPrependLogger();
59
 
60
  $fwConfHash = array_key_exists('fw', $mcConf) ? $mcConf['fw'] : array();
61
- $fw = new BVFW($fwlogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $mcRuleSet);
62
 
63
  if ($fw->isActive()) {
64
 
@@ -69,7 +69,8 @@ require_once dirname( __FILE__ ) . '/logger.php';
69
  register_shutdown_function(array($fw, 'log'));
70
 
71
  $fw->execute();
72
- define('MCFWLOADED', true);
 
73
  }
74
 
75
  return true;
58
  $fwlogger = new BVPrependLogger();
59
 
60
  $fwConfHash = array_key_exists('fw', $mcConf) ? $mcConf['fw'] : array();
61
+ $fw = BVFW::getInstance($fwlogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $mcRuleSet);
62
 
63
  if ($fw->isActive()) {
64
 
69
  register_shutdown_function(array($fw, 'log'));
70
 
71
  $fw->execute();
72
+ $fw->executeRules();
73
+ define('MCWAFLOADED', true);
74
  }
75
 
76
  return true;
protect/wp/ipstore.php CHANGED
@@ -27,55 +27,6 @@ if (!class_exists('BVIPStore')) :
27
  $this->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
30
- public function hasIPv6Support() {
31
- return defined('AF_INET6');
32
- }
33
-
34
- public static function isValidIP($ip) {
35
- return filter_var($ip, FILTER_VALIDATE_IP) !== false;
36
- }
37
-
38
- public function bvInetPton($ip) {
39
- $pton = $this->isValidIP($ip) ? ($this->hasIPv6Support() ? inet_pton($ip) : $this->_bvInetPton($ip)) : false;
40
- return $pton;
41
- }
42
-
43
- public function _bvInetPton($ip) {
44
- if (preg_match('/^(?:\d{1,3}(?:\.|$)){4}/', $ip)) {
45
- $octets = explode('.', $ip);
46
- $bin = chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
47
- return $bin;
48
- }
49
-
50
- if (preg_match('/^((?:[\da-f]{1,4}(?::|)){0,8})(::)?((?:[\da-f]{1,4}(?::|)){0,8})$/i', $ip)) {
51
- if ($ip === '::') {
52
- return "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
53
- }
54
- $colon_count = substr_count($ip, ':');
55
- $dbl_colon_pos = strpos($ip, '::');
56
- if ($dbl_colon_pos !== false) {
57
- $ip = str_replace('::', str_repeat(':0000',
58
- (($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($ip) - 2) ? 9 : 8) - $colon_count) . ':', $ip);
59
- $ip = trim($ip, ':');
60
- }
61
-
62
- $ip_groups = explode(':', $ip);
63
- $ipv6_bin = '';
64
- foreach ($ip_groups as $ip_group) {
65
- $ipv6_bin .= pack('H*', str_pad($ip_group, 4, '0', STR_PAD_LEFT));
66
- }
67
-
68
- return strlen($ipv6_bin) === 16 ? $ipv6_bin : false;
69
- }
70
-
71
- if (preg_match('/^(?:\:(?:\:0{1,4}){0,4}\:|(?:0{1,4}\:){5})ffff\:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i', $ip, $matches)) {
72
- $octets = explode('.', $matches[1]);
73
- return chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
74
- }
75
-
76
- return false;
77
- }
78
-
79
  public function isLPIPBlacklisted($ip) {
80
  return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
81
  }
@@ -97,7 +48,7 @@ if (!class_exists('BVIPStore')) :
97
  $db = $this->db;
98
  $table = $db->getBVTable(BVIPStore::$name);
99
  if ($db->isTablePresent($table)) {
100
- $binIP = $this->bvInetPton($ip);
101
  if ($binIP !== false) {
102
  $category_str = ($category == BVIPStore::FW) ? "`is_fw` = true" : "`is_lp` = true";
103
  $query_str = "SELECT * FROM $table WHERE %s >= `start_ip_range` && %s <= `end_ip_range` && " . $category_str . " && `type` = %d LIMIT 1;";
27
  $this->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
30
  public function isLPIPBlacklisted($ip) {
31
  return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
32
  }
48
  $db = $this->db;
49
  $table = $db->getBVTable(BVIPStore::$name);
50
  if ($db->isTablePresent($table)) {
51
+ $binIP = BVProtectBase::bvInetPton($ip);
52
  if ($binIP !== false) {
53
  $category_str = ($category == BVIPStore::FW) ? "`is_fw` = true" : "`is_lp` = true";
54
  $query_str = "SELECT * FROM $table WHERE %s >= `start_ip_range` && %s <= `end_ip_range` && " . $category_str . " && `type` = %d LIMIT 1;";
protect/wp/lp/lp.php CHANGED
@@ -31,6 +31,7 @@ class BVWPLP {
31
  const BLACKLISTED = 5;
32
  const BYPASSED = 6;
33
  const ALLOWED = 7;
 
34
 
35
  public function __construct($db, $settings, $ip, $ipstore, $confHash) {
36
  $this->db = $db;
@@ -199,6 +200,8 @@ class BVWPLP {
199
  $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip, $this->getFailedLoginGap());
200
  if ($this->isWhitelistedIP()) {
201
  $this->setCategory(BVWPLP::BYPASSED);
 
 
202
  } else if ($this->isBlacklistedIP()) {
203
  $this->setCategory(BVWPLP::BLACKLISTED);
204
  $this->terminateLogin();
31
  const BLACKLISTED = 5;
32
  const BYPASSED = 6;
33
  const ALLOWED = 7;
34
+ const PRIVATEIP = 8;
35
 
36
  public function __construct($db, $settings, $ip, $ipstore, $confHash) {
37
  $this->db = $db;
200
  $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip, $this->getFailedLoginGap());
201
  if ($this->isWhitelistedIP()) {
202
  $this->setCategory(BVWPLP::BYPASSED);
203
+ } else if (BVProtectBase::isPrivateIP($this->ip)) {
204
+ $this->setCategory(BVWPLP::PRIVATEIP);
205
  } else if ($this->isBlacklistedIP()) {
206
  $this->setCategory(BVWPLP::BLACKLISTED);
207
  $this->terminateLogin();
protect/wp/protect.php CHANGED
@@ -28,7 +28,7 @@ class BVProtect {
28
  $bvipstore = new BVIPStore($this->db);
29
  $bvipstore->init();
30
  $bvinfo = new BVInfo($this->settings);
31
-
32
  $config = $this->settings->getOption($bvinfo->services_option_name);
33
  if (array_key_exists('protect', $config)) {
34
  $config = $config['protect'];
@@ -38,12 +38,12 @@ class BVProtect {
38
 
39
  $ipHeader = array_key_exists('ipheader', $config) ? $config['ipheader'] : false;
40
  $ip = BVProtectBase::getIP($ipHeader);
41
-
42
  $fwLogger = new BVLogger($this->db, BVFWConfig::$requests_table);
43
 
44
  $fwConfHash = array_key_exists('fw', $config) ? $config['fw'] : array();
45
  $ruleSet = $this->getRuleSet();
46
- $fw = new BVFW($fwLogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $ruleSet);
47
 
48
  if ($fw->isActive()) {
49
 
@@ -51,15 +51,18 @@ class BVProtect {
51
  add_action('init', array($fw, 'setBypassCookie'));
52
  }
53
 
54
- if (!defined('MCFWLOADED') && $fw->canSetIPCookie()) {
55
  $fw->setIPCookie();
56
  }
57
 
58
- if (!defined('MCFWLOADED')) {
 
 
59
  register_shutdown_function(array($fw, 'log'));
60
 
61
  $fw->execute();
62
  }
 
63
  }
64
 
65
  $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
28
  $bvipstore = new BVIPStore($this->db);
29
  $bvipstore->init();
30
  $bvinfo = new BVInfo($this->settings);
31
+
32
  $config = $this->settings->getOption($bvinfo->services_option_name);
33
  if (array_key_exists('protect', $config)) {
34
  $config = $config['protect'];
38
 
39
  $ipHeader = array_key_exists('ipheader', $config) ? $config['ipheader'] : false;
40
  $ip = BVProtectBase::getIP($ipHeader);
41
+
42
  $fwLogger = new BVLogger($this->db, BVFWConfig::$requests_table);
43
 
44
  $fwConfHash = array_key_exists('fw', $config) ? $config['fw'] : array();
45
  $ruleSet = $this->getRuleSet();
46
+ $fw = BVFW::getInstance($fwLogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $ruleSet);
47
 
48
  if ($fw->isActive()) {
49
 
51
  add_action('init', array($fw, 'setBypassCookie'));
52
  }
53
 
54
+ if (!defined('MCWAFLOADED') && $fw->canSetIPCookie()) {
55
  $fw->setIPCookie();
56
  }
57
 
58
+ define('BVWPLOADED', true);
59
+
60
+ if (!defined('MCWAFLOADED')) {
61
  register_shutdown_function(array($fw, 'log'));
62
 
63
  $fw->execute();
64
  }
65
+ $fw->executeRules();
66
  }
67
 
68
  $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://app.blogvault.net/home/signup
6
  Requires at least: 4.0
7
  Tested up to: 5.9
8
  Requires PHP: 5.4.0
9
- Stable tag: 4.76
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -252,6 +252,12 @@ These are available on our website: [Terms of Service](https://blogvault.net/tos
252
  9. We power WordPress migration for WPEngine, Pantheon, FlyWheel, LiquidWeb, Cloudways, Savvii, and many more. Need we say more?
253
 
254
  == CHANGELOG ==
 
 
 
 
 
 
255
  = 4.76 =
256
  * Improvements in fetching file stats
257
 
6
  Requires at least: 4.0
7
  Tested up to: 5.9
8
  Requires PHP: 5.4.0
9
+ Stable tag: 4.77
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
252
  9. We power WordPress migration for WPEngine, Pantheon, FlyWheel, LiquidWeb, Cloudways, Savvii, and many more. Need we say more?
253
 
254
  == CHANGELOG ==
255
+ = 4.77 =
256
+ * Improved the landing pages.
257
+ * Enhanced future vulnerability protection
258
+ * IP Blocking Improvements
259
+ * Improved firewall configuration for migrations
260
+
261
  = 4.76 =
262
  * Improvements in fetching file stats
263