Version Description
- Improved stability
Download this release
Release Info
Developer | Jan-Paul Kleemans |
Plugin | Brute Force Login Protection |
Version | 1.5 |
Comparing to | |
See all releases |
Code changes from version 1.4.1 to 1.5
- brute-force-login-protection.php +7 -7
- includes/htaccess.php +111 -10
- readme.txt +12 -5
brute-force-login-protection.php
CHANGED
@@ -10,7 +10,7 @@ require_once 'includes/htaccess.php';
|
|
10 |
* Text Domain: brute-force-login-protection
|
11 |
* Author: Fresh-Media
|
12 |
* Author URI: http://fresh-media.nl/
|
13 |
-
* Version: 1.
|
14 |
* License: GPL2
|
15 |
*
|
16 |
* Copyright 2014 Fresh-Media
|
@@ -348,13 +348,13 @@ class BruteForceLoginProtection {
|
|
348 |
*/
|
349 |
private function __setDefaultOptions() {
|
350 |
$this->__options = array(
|
351 |
-
'allowed_attempts'
|
352 |
-
'reset_time'
|
353 |
'login_failed_delay' => 1, //Delay in seconds when a user login has failed
|
354 |
-
'inform_user'
|
355 |
-
'send_email'
|
356 |
-
'403_message'
|
357 |
-
'htaccess_dir'
|
358 |
);
|
359 |
}
|
360 |
|
10 |
* Text Domain: brute-force-login-protection
|
11 |
* Author: Fresh-Media
|
12 |
* Author URI: http://fresh-media.nl/
|
13 |
+
* Version: 1.5
|
14 |
* License: GPL2
|
15 |
*
|
16 |
* Copyright 2014 Fresh-Media
|
348 |
*/
|
349 |
private function __setDefaultOptions() {
|
350 |
$this->__options = array(
|
351 |
+
'allowed_attempts' => 20, //Allowed login attempts before deny,
|
352 |
+
'reset_time' => 60, //Minutes before resetting login attempts count
|
353 |
'login_failed_delay' => 1, //Delay in seconds when a user login has failed
|
354 |
+
'inform_user' => true, //Inform user about remaining login attempts on login page
|
355 |
+
'send_email' => false, //Send email to administrator when an IP has been blocked
|
356 |
+
'403_message' => '', //Message to show to a blocked user
|
357 |
+
'htaccess_dir' => get_home_path() //.htaccess file location
|
358 |
);
|
359 |
}
|
360 |
|
includes/htaccess.php
CHANGED
@@ -1,7 +1,5 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
require_once ABSPATH . '/wp-admin/includes/misc.php';
|
4 |
-
|
5 |
class Htaccess {
|
6 |
|
7 |
private $__path;
|
@@ -29,8 +27,8 @@ class Htaccess {
|
|
29 |
*/
|
30 |
public function checkRequirements() {
|
31 |
$status = array(
|
32 |
-
'found'
|
33 |
-
'readable'
|
34 |
'writeable' => false
|
35 |
);
|
36 |
|
@@ -107,7 +105,7 @@ class Htaccess {
|
|
107 |
|
108 |
$insertion = array_merge($this->__header, array($line), $otherLines, $this->__footer);
|
109 |
|
110 |
-
return
|
111 |
}
|
112 |
|
113 |
/**
|
@@ -132,7 +130,7 @@ class Htaccess {
|
|
132 |
$insertion[] = '#' . $line;
|
133 |
}
|
134 |
|
135 |
-
return
|
136 |
}
|
137 |
|
138 |
/**
|
@@ -150,7 +148,7 @@ class Htaccess {
|
|
150 |
|
151 |
$insertion = array_merge($this->__header, $lines, $this->__footer);
|
152 |
|
153 |
-
return
|
154 |
}
|
155 |
|
156 |
/**
|
@@ -164,7 +162,7 @@ class Htaccess {
|
|
164 |
* @return array
|
165 |
*/
|
166 |
private function __getLines($prefixes = false, $onlyBody = false, $exceptPrefix = false) {
|
167 |
-
$allLines =
|
168 |
|
169 |
if ($onlyBody) {
|
170 |
$allLines = array_diff($allLines, $this->__header, $this->__footer);
|
@@ -203,7 +201,7 @@ class Htaccess {
|
|
203 |
private function __addLine($line) {
|
204 |
$insertion = array_merge($this->__header, $this->__getLines(false, true), array($line), $this->__footer);
|
205 |
|
206 |
-
return
|
207 |
}
|
208 |
|
209 |
/**
|
@@ -235,7 +233,110 @@ class Htaccess {
|
|
235 |
|
236 |
unset($insertion[$lineKey]);
|
237 |
|
238 |
-
return
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
239 |
}
|
240 |
|
241 |
}
|
1 |
<?php
|
2 |
|
|
|
|
|
3 |
class Htaccess {
|
4 |
|
5 |
private $__path;
|
27 |
*/
|
28 |
public function checkRequirements() {
|
29 |
$status = array(
|
30 |
+
'found' => false,
|
31 |
+
'readable' => false,
|
32 |
'writeable' => false
|
33 |
);
|
34 |
|
105 |
|
106 |
$insertion = array_merge($this->__header, array($line), $otherLines, $this->__footer);
|
107 |
|
108 |
+
return $this->__insert($insertion);
|
109 |
}
|
110 |
|
111 |
/**
|
130 |
$insertion[] = '#' . $line;
|
131 |
}
|
132 |
|
133 |
+
return $this->__insert($insertion);
|
134 |
}
|
135 |
|
136 |
/**
|
148 |
|
149 |
$insertion = array_merge($this->__header, $lines, $this->__footer);
|
150 |
|
151 |
+
return $this->__insert($insertion);
|
152 |
}
|
153 |
|
154 |
/**
|
162 |
* @return array
|
163 |
*/
|
164 |
private function __getLines($prefixes = false, $onlyBody = false, $exceptPrefix = false) {
|
165 |
+
$allLines = $this->__extract();
|
166 |
|
167 |
if ($onlyBody) {
|
168 |
$allLines = array_diff($allLines, $this->__header, $this->__footer);
|
201 |
private function __addLine($line) {
|
202 |
$insertion = array_merge($this->__header, $this->__getLines(false, true), array($line), $this->__footer);
|
203 |
|
204 |
+
return $this->__insert(array_unique($insertion));
|
205 |
}
|
206 |
|
207 |
/**
|
233 |
|
234 |
unset($insertion[$lineKey]);
|
235 |
|
236 |
+
return $this->__insert($insertion);
|
237 |
+
}
|
238 |
+
|
239 |
+
/**
|
240 |
+
* Returns array of strings from between BEGIN and END markers from .htaccess.
|
241 |
+
*
|
242 |
+
* @return array Array of strings from between BEGIN and END markers from .htaccess.
|
243 |
+
*/
|
244 |
+
private function __extract() {
|
245 |
+
$marker = 'Brute Force Login Protection';
|
246 |
+
|
247 |
+
$result = array();
|
248 |
+
|
249 |
+
if (!file_exists($this->__path)) {
|
250 |
+
return $result;
|
251 |
+
}
|
252 |
+
|
253 |
+
if ($markerdata = explode("\n", implode('', file($this->__path)))) {
|
254 |
+
$state = false;
|
255 |
+
foreach ($markerdata as $markerline) {
|
256 |
+
if (strpos($markerline, '# END ' . $marker) !== false) {
|
257 |
+
$state = false;
|
258 |
+
}
|
259 |
+
if ($state) {
|
260 |
+
$result[] = $markerline;
|
261 |
+
}
|
262 |
+
if (strpos($markerline, '# BEGIN ' . $marker) !== false) {
|
263 |
+
$state = true;
|
264 |
+
}
|
265 |
+
}
|
266 |
+
}
|
267 |
+
|
268 |
+
return $result;
|
269 |
+
}
|
270 |
+
|
271 |
+
/**
|
272 |
+
* Inserts an array of strings into .htaccess, placing it between
|
273 |
+
* BEGIN and END markers. Replaces existing marked info. Retains surrounding
|
274 |
+
* data. Creates file if none exists.
|
275 |
+
*
|
276 |
+
* @param string $insertion
|
277 |
+
* @return bool True on write success, false on failure.
|
278 |
+
*/
|
279 |
+
private function __insert($insertion) {
|
280 |
+
$marker = 'Brute Force Login Protection';
|
281 |
+
|
282 |
+
if (!file_exists($this->__path) || is_writeable($this->__path)) {
|
283 |
+
if (!file_exists($this->__path)) {
|
284 |
+
$markerdata = '';
|
285 |
+
} else {
|
286 |
+
$markerdata = explode("\n", implode('', file($this->__path)));
|
287 |
+
}
|
288 |
+
|
289 |
+
$newContent = '';
|
290 |
+
|
291 |
+
$foundit = false;
|
292 |
+
if ($markerdata) {
|
293 |
+
$lineCount = count($markerdata);
|
294 |
+
|
295 |
+
$state = true;
|
296 |
+
foreach ($markerdata as $n => $markerline) {
|
297 |
+
if (strpos($markerline, '# BEGIN ' . $marker) !== false) {
|
298 |
+
$state = false;
|
299 |
+
}
|
300 |
+
|
301 |
+
if ($state) { //Non-BFLP lines
|
302 |
+
if ($n + 1 < $lineCount) {
|
303 |
+
$newContent .= "{$markerline}\n";
|
304 |
+
} else {
|
305 |
+
$newContent .= "{$markerline}";
|
306 |
+
}
|
307 |
+
}
|
308 |
+
|
309 |
+
if (strpos($markerline, '# END ' . $marker) !== false) {
|
310 |
+
$newContent .= "# BEGIN {$marker}\n";
|
311 |
+
if (is_array($insertion)) {
|
312 |
+
foreach ($insertion as $insertline) {
|
313 |
+
$newContent .= "{$insertline}\n";
|
314 |
+
}
|
315 |
+
}
|
316 |
+
$newContent .= "# END {$marker}\n";
|
317 |
+
|
318 |
+
$state = true;
|
319 |
+
$foundit = true;
|
320 |
+
}
|
321 |
+
}
|
322 |
+
|
323 |
+
if ($state === false) { //If BEGIN marker found but missing END marker
|
324 |
+
return false;
|
325 |
+
}
|
326 |
+
}
|
327 |
+
|
328 |
+
if (!$foundit) {
|
329 |
+
$newContent .= "\n# BEGIN {$marker}\n";
|
330 |
+
foreach ($insertion as $insertline) {
|
331 |
+
$newContent .= "{$insertline}\n";
|
332 |
+
}
|
333 |
+
$newContent .= "# END {$marker}\n";
|
334 |
+
}
|
335 |
+
|
336 |
+
return file_put_contents($this->__path, $newContent, LOCK_EX);
|
337 |
+
} else {
|
338 |
+
return false;
|
339 |
+
}
|
340 |
}
|
341 |
|
342 |
}
|
readme.txt
CHANGED
@@ -2,18 +2,19 @@
|
|
2 |
Contributors: Jan-Paul Kleemans
|
3 |
Tags: brute force, bruteforce, login, wp-login, protection, shield, security, htaccess, block, ip
|
4 |
Requires at least: 2.7.0
|
5 |
-
Tested up to: 4.
|
6 |
-
Stable tag: 1.
|
7 |
License: GPL2
|
8 |
|
9 |
Protects your website against brute force login attacks using .htaccess
|
10 |
|
11 |
== Description ==
|
12 |
-
A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.
|
|
|
13 |
|
14 |
After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.
|
15 |
|
16 |
-
Features
|
17 |
|
18 |
* Limit the number of allowed login attempts using normal login form
|
19 |
* Limit the number of allowed login attempts using Auth Cookies
|
@@ -24,7 +25,10 @@ Features
|
|
24 |
* Option to email administrator when an IP has been blocked
|
25 |
* Custom message to show to blocked users
|
26 |
|
27 |
-
|
|
|
|
|
|
|
28 |
|
29 |
== Installation ==
|
30 |
1. Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
|
@@ -44,6 +48,9 @@ Brute Force Login Protection will only work if your .htaccess file is writeable
|
|
44 |
1. Plugin settings page
|
45 |
|
46 |
== Changelog ==
|
|
|
|
|
|
|
47 |
= 1.4.1 =
|
48 |
* Option to email administrator when an IP has been blocked
|
49 |
* Button to whitelist your current IP
|
2 |
Contributors: Jan-Paul Kleemans
|
3 |
Tags: brute force, bruteforce, login, wp-login, protection, shield, security, htaccess, block, ip
|
4 |
Requires at least: 2.7.0
|
5 |
+
Tested up to: 4.1
|
6 |
+
Stable tag: 1.5
|
7 |
License: GPL2
|
8 |
|
9 |
Protects your website against brute force login attacks using .htaccess
|
10 |
|
11 |
== Description ==
|
12 |
+
A Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.
|
13 |
+
Brute Force Login Protection is a lightweight plugin that protects your website against brute force login attacks using .htaccess.
|
14 |
|
15 |
After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.
|
16 |
|
17 |
+
= Features =
|
18 |
|
19 |
* Limit the number of allowed login attempts using normal login form
|
20 |
* Limit the number of allowed login attempts using Auth Cookies
|
25 |
* Option to email administrator when an IP has been blocked
|
26 |
* Custom message to show to blocked users
|
27 |
|
28 |
+
= Contribute =
|
29 |
+
If you'd like to make a contribution to the Brute Force Login Protection plugin, you can submit a pull request to our <a href="https://github.com/jpkleemans/Brute-Force-Login-Protection/">GitHub Repository</a>.
|
30 |
+
You can also create a thread in our <a href="https://wordpress.org/support/plugin/brute-force-login-protection/">Support Forum</a>.
|
31 |
+
**Your feedback is highly appreciated!**
|
32 |
|
33 |
== Installation ==
|
34 |
1. Install the plugin either via the WordPress.org plugin directory, or by uploading the files to your wp-content/plugin directory.
|
48 |
1. Plugin settings page
|
49 |
|
50 |
== Changelog ==
|
51 |
+
= 1.5 =
|
52 |
+
* Improved stability
|
53 |
+
|
54 |
= 1.4.1 =
|
55 |
* Option to email administrator when an IP has been blocked
|
56 |
* Button to whitelist your current IP
|