Brute Force Login Protection

Version Description

Improved stability

Release Info

Developer	Jan-Paul Kleemans
Plugin	Brute Force Login Protection
Version	1.5
Comparing to
See all releases

Code changes from version 1.4.1 to 1.5

Files changed (3) hide show

brute-force-login-protection.php +7 -7
includes/htaccess.php +111 -10
readme.txt +12 -5

brute-force-login-protection.php CHANGED Viewed

	@@ -10,7 +10,7 @@ require_once 'includes/htaccess.php';
10	* Text Domain: brute-force-login-protection
11	* Author: Fresh-Media
12	* Author URI: http://fresh-media.nl/
13	- * Version: 1.~~4.1~~
14	* License: GPL2
15	*
16	* Copyright 2014 Fresh-Media
	@@ -348,13 +348,13 @@ class BruteForceLoginProtection {
348	*/
349	private function __setDefaultOptions() {
350	$this->__options = array(
351	- 'allowed_attempts' => 20, //Allowed login attempts before deny,
352	- 'reset_time' => 60, //Minutes before resetting login attempts count
353	'login_failed_delay' => 1, //Delay in seconds when a user login has failed
354	- 'inform_user' => true, //Inform user about remaining login attempts on login page
355	- 'send_email' => false, //Send email to administrator when an IP has been blocked
356	- '403_message' => '', //Message to show to a blocked user
357	- 'htaccess_dir' => get_home_path() //.htaccess file location
358	);
359	}
360


10	* Text Domain: brute-force-login-protection
11	* Author: Fresh-Media
12	* Author URI: http://fresh-media.nl/
13	+ * Version: 1.5
14	* License: GPL2
15	*
16	* Copyright 2014 Fresh-Media

348	*/
349	private function __setDefaultOptions() {
350	$this->__options = array(
351	+ 'allowed_attempts' => 20, //Allowed login attempts before deny,
352	+ 'reset_time' => 60, //Minutes before resetting login attempts count
353	'login_failed_delay' => 1, //Delay in seconds when a user login has failed
354	+ 'inform_user' => true, //Inform user about remaining login attempts on login page
355	+ 'send_email' => false, //Send email to administrator when an IP has been blocked
356	+ '403_message' => '', //Message to show to a blocked user
357	+ 'htaccess_dir' => get_home_path() //.htaccess file location
358	);
359	}
360

includes/htaccess.php CHANGED Viewed

@@ -1,7 +1,5 @@
             <?php
-            -
            require_once ABSPATH . '/wp-admin/includes/misc.php';
-            -
             class Htaccess {
                 private $__path;
@@ -29,8 +27,8 @@ class Htaccess {
                  */
                 public function checkRequirements() {
                     $status = array(
-            -
                        'found' => false,
-            -
                        'readable' => false,
                         'writeable' => false
                     );
@@ -107,7 +105,7 @@ class Htaccess {
                     $insertion = array_merge($this->__header, array($line), $otherLines, $this->__footer);
-            -
                    return insert_with_markers($this->__path, 'Brute Force Login Protection', $insertion);
+                }
                 /**
@@ -132,7 +130,7 @@ class Htaccess {
                         $insertion[] = '#' . $line;
+                    }
-            -
                    return insert_with_markers($this->__path, 'Brute Force Login Protection', $insertion);
+                }
                 /**
@@ -150,7 +148,7 @@ class Htaccess {
                     $insertion = array_merge($this->__header, $lines, $this->__footer);
-            -
                    return insert_with_markers($this->__path, 'Brute Force Login Protection', $insertion);
+                }
                 /**
@@ -164,7 +162,7 @@ class Htaccess {
                  * @return array
                  */
                 private function __getLines($prefixes = false, $onlyBody = false, $exceptPrefix = false) {
-            -
                    $allLines = extract_from_markers($this->__path, 'Brute Force Login Protection');
                     if ($onlyBody) {
                         $allLines = array_diff($allLines, $this->__header, $this->__footer);
@@ -203,7 +201,7 @@ class Htaccess {
                 private function __addLine($line) {
                     $insertion = array_merge($this->__header, $this->__getLines(false, true), array($line), $this->__footer);
-            -
                    return insert_with_markers($this->__path, 'Brute Force Login Protection', array_unique($insertion));
+                }
                 /**
@@ -235,7 +233,110 @@ class Htaccess {
                     unset($insertion[$lineKey]);
-            -
                    return insert_with_markers($this->__path, 'Brute Force Login Protection', $insertion);
+                }
+            }


1	<?php
2


3	class Htaccess {
4
5	private $__path;

27	*/
28	public function checkRequirements() {
29	$status = array(
30	+ 'found' => false,
31	+ 'readable' => false,
32	'writeable' => false
33	);
34

105
106	$insertion = array_merge($this->__header, array($line), $otherLines, $this->__footer);
107
108	+ return $this->__insert($insertion);
109	}
110
111	/**

130	$insertion[] = '#' . $line;
131	}
132
133	+ return $this->__insert($insertion);
134	}
135
136	/**

148
149	$insertion = array_merge($this->__header, $lines, $this->__footer);
150
151	+ return $this->__insert($insertion);
152	}
153
154	/**

162	* @return array
163	*/
164	private function __getLines($prefixes = false, $onlyBody = false, $exceptPrefix = false) {
165	+ $allLines = $this->__extract();
166
167	if ($onlyBody) {
168	$allLines = array_diff($allLines, $this->__header, $this->__footer);

201	private function __addLine($line) {
202	$insertion = array_merge($this->__header, $this->__getLines(false, true), array($line), $this->__footer);
203
204	+ return $this->__insert(array_unique($insertion));
205	}
206
207	/**

233
234	unset($insertion[$lineKey]);
235
236	+ return $this->__insert($insertion);
237	+ }
238	+
239	+ /**
240	+ * Returns array of strings from between BEGIN and END markers from .htaccess.
241	+ *
242	+ * @return array Array of strings from between BEGIN and END markers from .htaccess.
243	+ */
244	+ private function __extract() {
245	+ $marker = 'Brute Force Login Protection';
246	+
247	+ $result = array();
248	+
249	+ if (!file_exists($this->__path)) {
250	+ return $result;
251	+ }
252	+
253	+ if ($markerdata = explode("\n", implode('', file($this->__path)))) {
254	+ $state = false;
255	+ foreach ($markerdata as $markerline) {
256	+ if (strpos($markerline, '# END ' . $marker) !== false) {
257	+ $state = false;
258	+ }
259	+ if ($state) {
260	+ $result[] = $markerline;
261	+ }
262	+ if (strpos($markerline, '# BEGIN ' . $marker) !== false) {
263	+ $state = true;
264	+ }
265	+ }
266	+ }
267	+
268	+ return $result;
269	+ }
270	+
271	+ /**
272	+ * Inserts an array of strings into .htaccess, placing it between
273	+ * BEGIN and END markers. Replaces existing marked info. Retains surrounding
274	+ * data. Creates file if none exists.
275	+ *
276	+ * @param string $insertion
277	+ * @return bool True on write success, false on failure.
278	+ */
279	+ private function __insert($insertion) {
280	+ $marker = 'Brute Force Login Protection';
281	+
282	+ if (!file_exists($this->__path) \|\| is_writeable($this->__path)) {
283	+ if (!file_exists($this->__path)) {
284	+ $markerdata = '';
285	+ } else {
286	+ $markerdata = explode("\n", implode('', file($this->__path)));
287	+ }
288	+
289	+ $newContent = '';
290	+
291	+ $foundit = false;
292	+ if ($markerdata) {
293	+ $lineCount = count($markerdata);
294	+
295	+ $state = true;
296	+ foreach ($markerdata as $n => $markerline) {
297	+ if (strpos($markerline, '# BEGIN ' . $marker) !== false) {
298	+ $state = false;
299	+ }
300	+
301	+ if ($state) { //Non-BFLP lines
302	+ if ($n + 1 < $lineCount) {
303	+ $newContent .= "{$markerline}\n";
304	+ } else {
305	+ $newContent .= "{$markerline}";
306	+ }
307	+ }
308	+
309	+ if (strpos($markerline, '# END ' . $marker) !== false) {
310	+ $newContent .= "# BEGIN {$marker}\n";
311	+ if (is_array($insertion)) {
312	+ foreach ($insertion as $insertline) {
313	+ $newContent .= "{$insertline}\n";
314	+ }
315	+ }
316	+ $newContent .= "# END {$marker}\n";
317	+
318	+ $state = true;
319	+ $foundit = true;
320	+ }
321	+ }
322	+
323	+ if ($state === false) { //If BEGIN marker found but missing END marker
324	+ return false;
325	+ }
326	+ }
327	+
328	+ if (!$foundit) {
329	+ $newContent .= "\n# BEGIN {$marker}\n";
330	+ foreach ($insertion as $insertline) {
331	+ $newContent .= "{$insertline}\n";
332	+ }
333	+ $newContent .= "# END {$marker}\n";
334	+ }
335	+
336	+ return file_put_contents($this->__path, $newContent, LOCK_EX);
337	+ } else {
338	+ return false;
339	+ }
340	}
341
342	}

readme.txt CHANGED Viewed

	@@ -2,18 +2,19 @@
2	Contributors: Jan-Paul Kleemans
3	Tags: brute force, bruteforce, login, wp-login, protection, shield, security, htaccess, block, ip
4	Requires at least: 2.7.0
5	- Tested up to: 4.0
6	- Stable tag: 1.~~4.1~~
7	License: GPL2
8
9	Protects your website against brute force login attacks using .htaccess
10
11	== Description ==
12	- A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. ~~Brute Force Login Protection protects your website against brute force login attacks using .htaccess.~~

13
14	After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.
15
16	- Features
17
18	* Limit the number of allowed login attempts using normal login form
19	* Limit the number of allowed login attempts using Auth Cookies
	@@ -24,7 +25,10 @@ Features
24	* Option to email administrator when an IP has been blocked
25	* Custom message to show to blocked users
26
27	- ~~Your~~ ~~feedback~~ ~~is highly appreciated!~~



28
29	== Installation ==
30	1. Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
	@@ -44,6 +48,9 @@ Brute Force Login Protection will only work if your .htaccess file is writeable
44	1. Plugin settings page
45
46	== Changelog ==



47	= 1.4.1 =
48	* Option to email administrator when an IP has been blocked
49	* Button to whitelist your current IP


2	Contributors: Jan-Paul Kleemans
3	Tags: brute force, bruteforce, login, wp-login, protection, shield, security, htaccess, block, ip
4	Requires at least: 2.7.0
5	+ Tested up to: 4.1
6	+ Stable tag: 1.5
7	License: GPL2
8
9	Protects your website against brute force login attacks using .htaccess
10
11	== Description ==
12	+ A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.
13	+ Brute Force Login Protection is a lightweight plugin that protects your website against brute force login attacks using .htaccess.
14
15	After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.
16
17	+ = Features =
18
19	* Limit the number of allowed login attempts using normal login form
20	* Limit the number of allowed login attempts using Auth Cookies

25	* Option to email administrator when an IP has been blocked
26	* Custom message to show to blocked users
27
28	+ = Contribute =
29	+ If you'd like to make a contribution to the Brute Force Login Protection plugin, you can submit a pull request to our <a href="https://github.com/jpkleemans/Brute-Force-Login-Protection/">GitHub Repository</a>.
30	+ You can also create a thread in our <a href="https://wordpress.org/support/plugin/brute-force-login-protection/">Support Forum</a>.
31	+ Your feedback is highly appreciated!
32
33	== Installation ==
34	1. Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.

48	1. Plugin settings page
49
50	== Changelog ==
51	+ = 1.5 =
52	+ * Improved stability
53	+
54	= 1.4.1 =
55	* Option to email administrator when an IP has been blocked
56	* Button to whitelist your current IP

Brute Force Login Protection - Version 1.5

Version Description

Release Info

Code changes from version 1.4.1 to 1.5