Brute Force Login Protection - Version 1.3

Version Description

  • Protection against brute force attacks using Auth Cookies
Download this release

Release Info

Developer Jan-Paul Kleemans
Plugin Icon 128x128 Brute Force Login Protection
Version 1.3
Comparing to
See all releases

Code changes from version 1.2 to 1.3

Files changed (2) hide show
  1. brute-force-login-protection.php +11 -1
  2. readme.txt +6 -2
brute-force-login-protection.php CHANGED
@@ -10,7 +10,7 @@ require_once ABSPATH . '/wp-admin/includes/file.php';
10
  * Text Domain: brute-force-login-protection
11
  * Author: Jan-Paul Kleemans
12
  * Author URI: http://profiles.wordpress.org/jan-paul-kleemans/
13
- * Version: 1.2
14
  * License: GPL2
15
  *
16
  * Copyright 2014 Jan-Paul Kleemans
@@ -48,6 +48,10 @@ class BruteForceLoginProtection {
48
  //Login hooks
49
  add_action('wp_login_failed', array($this, 'loginFailed'));
50
  add_action('wp_login', array($this, 'loginSucceeded'));
 
 
 
 
51
  }
52
 
53
  /**
@@ -72,6 +76,7 @@ class BruteForceLoginProtection {
72
  * @return void
73
  */
74
  public function adminInit() {
 
75
  $this->__registerOptions();
76
  }
77
 
@@ -81,10 +86,12 @@ class BruteForceLoginProtection {
81
  * @return void
82
  */
83
  public function menuInit() {
 
84
  add_options_page(__('Brute Force Login Protection Settings', 'brute-force-login-protection'), 'Brute Force Login Protection', 'manage_options', 'brute-force-login-protection', array($this, 'showSettingsPage'));
85
  }
86
 
87
  /**
 
88
  * Adds base lines to .htaccess and resets commented denies.
89
  *
90
  * @return boolean
@@ -106,6 +113,7 @@ class BruteForceLoginProtection {
106
  }
107
 
108
  /**
 
109
  * Comments out all denies in .htaccess.
110
  *
111
  * @return boolean
@@ -169,6 +177,7 @@ class BruteForceLoginProtection {
169
  }
170
 
171
  /**
 
172
  * Increase number of attempts for clients IP. Deny IP if max attempts is reached.
173
  *
174
  * @return void
@@ -211,6 +220,7 @@ class BruteForceLoginProtection {
211
  }
212
 
213
  /**
 
214
  * Removes IP from bflp_login_attempts if exist.
215
  *
216
  * @return void
10
  * Text Domain: brute-force-login-protection
11
  * Author: Jan-Paul Kleemans
12
  * Author URI: http://profiles.wordpress.org/jan-paul-kleemans/
13
+ * Version: 1.3
14
  * License: GPL2
15
  *
16
  * Copyright 2014 Jan-Paul Kleemans
48
  //Login hooks
49
  add_action('wp_login_failed', array($this, 'loginFailed'));
50
  add_action('wp_login', array($this, 'loginSucceeded'));
51
+
52
+ //Auth cookie hooks
53
+ add_action('auth_cookie_bad_username', array($this, 'loginFailed'));
54
+ add_action('auth_cookie_bad_hash', array($this, 'loginFailed'));
55
  }
56
 
57
  /**
76
  * @return void
77
  */
78
  public function adminInit() {
79
+ //Register plugin settings
80
  $this->__registerOptions();
81
  }
82
 
86
  * @return void
87
  */
88
  public function menuInit() {
89
+ //Add settings page to the Settings menu
90
  add_options_page(__('Brute Force Login Protection Settings', 'brute-force-login-protection'), 'Brute Force Login Protection', 'manage_options', 'brute-force-login-protection', array($this, 'showSettingsPage'));
91
  }
92
 
93
  /**
94
+ * Called When the plugin is activated
95
  * Adds base lines to .htaccess and resets commented denies.
96
  *
97
  * @return boolean
113
  }
114
 
115
  /**
116
+ * Called When the plugin is deactivated
117
  * Comments out all denies in .htaccess.
118
  *
119
  * @return boolean
177
  }
178
 
179
  /**
180
+ * Called when a user login has failed
181
  * Increase number of attempts for clients IP. Deny IP if max attempts is reached.
182
  *
183
  * @return void
220
  }
221
 
222
  /**
223
+ * Called when a user has successfully logged in
224
  * Removes IP from bflp_login_attempts if exist.
225
  *
226
  * @return void
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: Jan-Paul Kleemans
3
  Tags: brute force, bruteforce, login, wp-login, protection, shield, security, htaccess, block, ip
4
  Requires at least: 2.7.0
5
  Tested up to: 3.9.1
6
- Stable tag: 1.2
7
  License: GPL2
8
 
9
  Protects your website against brute force login attacks using .htaccess
@@ -15,7 +15,8 @@ After a specified limit of login attempts within a specified time, the IP addres
15
 
16
  Features
17
 
18
- * Limit the number of allowed login attempts
 
19
  * Manually block IP addresses
20
  * Manually unblock IP addresses
21
  * Option to inform user about remaining attempts on login page
@@ -40,6 +41,9 @@ Brute Force Login Protection will only work if your .htaccess file is writeable
40
  1. Plugin settings page
41
 
42
  == Changelog ==
 
 
 
43
  = 1.2 =
44
  * Option to inform user about remaining attempts on login page
45
  * Ability to reset options
3
  Tags: brute force, bruteforce, login, wp-login, protection, shield, security, htaccess, block, ip
4
  Requires at least: 2.7.0
5
  Tested up to: 3.9.1
6
+ Stable tag: 1.3
7
  License: GPL2
8
 
9
  Protects your website against brute force login attacks using .htaccess
15
 
16
  Features
17
 
18
+ * Limit the number of allowed login attempts using normal login form
19
+ * Limit the number of allowed login attempts using Auth Cookies
20
  * Manually block IP addresses
21
  * Manually unblock IP addresses
22
  * Option to inform user about remaining attempts on login page
41
  1. Plugin settings page
42
 
43
  == Changelog ==
44
+ = 1.3 =
45
+ * Protection against brute force attacks using Auth Cookies
46
+
47
  = 1.2 =
48
  * Option to inform user about remaining attempts on login page
49
  * Ability to reset options