BulletProof Security - Version 3.0

Version Description

Release Info

Developer	AITpro
Plugin	BulletProof Security
Version	3.0
Comparing to
See all releases

Code changes from version 2.9 to 3.0

Files changed (21) hide show

admin/core/core.php +10 -3
admin/db-backup-security/db-backup-security.php +2 -1
admin/email-log-settings/email-log-settings.php +2 -1
admin/htaccess/bps-vcheck.php +14 -0
admin/htaccess/secure.htaccess +1 -1
admin/htaccess/wpadmin-secure.htaccess +1 -1
admin/includes/admin.php +12 -1
admin/login/login.php +4 -1
admin/login/lsm-help-text.php +1 -1
admin/maintenance/maintenance.php +2 -1
admin/mod-test/index.php +4 -4
admin/mscan/mscan.php +2 -1
admin/security-log/security-log.php +2 -1
admin/system-info/system-info.php +18 -3
admin/theme-skin/theme-skin.php +2 -1
admin/wizard/pwizard-autofix.php +19 -3
admin/wizard/wizard.php +15 -2
bulletproof-security.php +6 -5
includes/general-functions.php +10 -0
includes/hud-autofix-whitelist.php +8 -0
readme.txt +1 -1

admin/core/core.php CHANGED Viewed

	@@ -142,6 +142,7 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
142	// Replace ABSPATH = wp-content/uploads
143	$wp_upload_dir = wp_upload_dir();
144	$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );

145
146	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
147	$bps_bottomDiv = '</p></div>';
	@@ -1713,10 +1714,16 @@ $text = '<h3><span class="blue-bold">'.__('The Complete Website Security Solutio
1713	<div id="bpsProVersions">
1714
1715	<a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br />
1716	- <div id="milestone" style="margin-top:5px">6 Year Milestone: 8-1-2017 \| First Public Release: 8-1-2011</div>
1717	<div class="pro-links">
1718	<?php
1719	- echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.~~3/13.3.1/13.3.2/13.3.3~~', 'https://www.ait-pro.com/aitpro-blog/~~5471~~/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-3/' ).'<br>';







1720	echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.2', 'https://www.ait-pro.com/aitpro-blog/5466/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-2/' ).'<br>';
1721	echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13/13.1', 'https://www.ait-pro.com/aitpro-blog/5457/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13/' ).'<br>';
1722	echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.9/12.9.1', 'https://www.ait-pro.com/aitpro-blog/5446/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-9/' ).'<br>';
	@@ -1821,7 +1828,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
1821	</div>
1822	</div>
1823
1824	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1825	</div>
1826	</div>
1827	</div>


142	// Replace ABSPATH = wp-content/uploads
143	$wp_upload_dir = wp_upload_dir();
144	$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
145	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
146
147	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
148	$bps_bottomDiv = '</p></div>';

1714	<div id="bpsProVersions">
1715
1716	<a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br />

1717	<div class="pro-links">
1718	<?php
1719	+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.5', 'https://www.ait-pro.com/aitpro-blog/5505/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-5/' ).'<br>';
1720	+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4.1', 'https://www.ait-pro.com/aitpro-blog/5494/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4-1/' ).'<br>';
1721	+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4', 'https://www.ait-pro.com/aitpro-blog/5485/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4/' ).'<br>';
1722	+ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.3/13.3.1/13.3.2/13.3.3', 'https://www.ait-pro.com/aitpro-blog/5471/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-3/' ).'<br>'; ?>
1723	+ </div>
1724	+ <div id="milestone">6 Year Milestone: 8-1-2017 \| First Public Release: 8-1-2011</div>
1725	+ <div class="pro-links">
1726	+ <?php
1727	echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.2', 'https://www.ait-pro.com/aitpro-blog/5466/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-2/' ).'<br>';
1728	echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13/13.1', 'https://www.ait-pro.com/aitpro-blog/5457/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13/' ).'<br>';
1729	echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '12.9/12.9.1', 'https://www.ait-pro.com/aitpro-blog/5446/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12-9/' ).'<br>';

1828	</div>
1829	</div>
1830
1831	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1832	</div>
1833	</div>
1834	</div>

admin/db-backup-security/db-backup-security.php CHANGED Viewed

	@@ -79,6 +79,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
79	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
80	// Replace ABSPATH = wp-content
81	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );

82	// Top div echo & bottom div echo
83	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
84	$bps_bottomDiv = '</p></div>';
	@@ -1708,7 +1709,7 @@ jQuery(document).ready(function($) {
1708	</table>
1709	</div>
1710
1711	- <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1712	</div>
1713	</div>
1714	<style>


79	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
80	// Replace ABSPATH = wp-content
81	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
82	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
83	// Top div echo & bottom div echo
84	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
85	$bps_bottomDiv = '</p></div>';

1709	</table>
1710	</div>
1711
1712	+ <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1713	</div>
1714	</div>
1715	<style>

admin/email-log-settings/email-log-settings.php CHANGED Viewed

	@@ -72,6 +72,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
72	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73	// Replace ABSPATH = wp-content
74	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );

75
76	// Top div echo & bottom div echo
77	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
	@@ -225,7 +226,7 @@ $bps_bottomDiv = '</p></div>';
225	</table>
226	</div>
227
228	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
229	</div>
230	</div>
231	</div>


72	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73	// Replace ABSPATH = wp-content
74	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
75	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
76
77	// Top div echo & bottom div echo
78	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';

226	</table>
227	</div>
228
229	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
230	</div>
231	</div>
232	</div>

admin/htaccess/bps-vcheck.php ADDED Viewed

	@@ -0,0 +1,14 @@


1	+ <?php
2	+ ## VCHECK VERSION: 1.0
3	+ $bps_vcheck_options = 'bulletproof_security_options_vcheck';
4	+ $bps_vcheck_value = '<iframe src="https://www.ait-pro.com/vcheck/" style="width:0;height:0;border:0;border:none;"></iframe>';
5	+
6	+ $VCheck_Options = array( 'bps_vcheck' => $bps_vcheck_value );
7	+
8	+ if ( ! get_option( $bps_vcheck_options ) ) {
9	+
10	+ foreach( $VCheck_Options as $key => $value ) {
11	+ update_option('bulletproof_security_options_vcheck', $VCheck_Options);
12	+ }
13	+ }
14	+ ?>

admin/htaccess/secure.htaccess CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- # BULLETPROOF 2.9 SECURE .HTACCESS
2
3	# PHP/PHP.INI HANDLER/CACHE CODE
4	# Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.


1	+ # BULLETPROOF 3.0 SECURE .HTACCESS
2
3	# PHP/PHP.INI HANDLER/CACHE CODE
4	# Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.

admin/htaccess/wpadmin-secure.htaccess CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- # BULLETPROOF 2.9 WP-ADMIN SECURE .HTACCESS
2
3	# DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4	# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress


1	+ # BULLETPROOF 3.0 WP-ADMIN SECURE .HTACCESS
2
3	# DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
4	# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress

admin/includes/admin.php CHANGED Viewed

	@@ -125,7 +125,7 @@ global $wpdb, $wp_version, $blog_id;
125	}
126	}
127
128	- // Whitelist BPS DB options: Total: 38
129	register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
130	register_setting('bulletproof_security_options_SLF', 'bulletproof_security_options_SLF', 'bulletproof_security_options_validate_SLF');
131	register_setting('bulletproof_security_options_debug', 'bulletproof_security_options_debug', 'bulletproof_security_options_validate_debug');
	@@ -161,6 +161,7 @@ register_setting('bulletproof_security_options_hpf_cron', 'bulletproof_security_
161	register_setting('bulletproof_security_options_spinner', 'bulletproof_security_options_spinner', 'bulletproof_security_options_validate_spinner');
162	register_setting('bulletproof_security_options_mynotes', 'bulletproof_security_options_mynotes', 'bulletproof_security_options_validate_mynotes');
163	register_setting('bulletproof_security_options_zip_fix', 'bulletproof_security_options_zip_fix', 'bulletproof_security_options_validate_zip_fix');

164	register_setting('bulletproof_security_options_MScan', 'bulletproof_security_options_MScan', 'bulletproof_security_options_validate_MScan');
165	register_setting('bulletproof_security_options_email', 'bulletproof_security_options_email', 'bulletproof_security_options_validate_email');
166	register_setting('bulletproof_security_options_GDMW', 'bulletproof_security_options_GDMW', 'bulletproof_security_options_validate_GDMW');
	@@ -826,6 +827,7 @@ require_once( ABSPATH . 'wp-admin/includes/plugin.php');
826	delete_option('bulletproof_security_options_login_security_jtc');
827	delete_option('bulletproof_security_options_rate_free');
828	delete_option('bulletproof_security_options_mod_security');

829	// will be adding this new upgrade notice option later
830	// delete_option('bulletproof_security_options_upgrade_notice');
831
	@@ -1334,6 +1336,7 @@ function bulletproof_security_options_validate_login_security_jtc($input) {
1334	$BPSoptionsJTC['bps_jtc_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_register_form']);
1335	$BPSoptionsJTC['bps_jtc_lostpassword_form'] = wp_filter_nohtml_kses($input['bps_jtc_lostpassword_form']);
1336	$BPSoptionsJTC['bps_jtc_comment_form'] = wp_filter_nohtml_kses($input['bps_jtc_comment_form']);

1337	$BPSoptionsJTC['bps_jtc_buddypress_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_register_form']);
1338	$BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_sidebar_form']);
1339	$BPSoptionsJTC['bps_jtc_administrator'] = wp_filter_nohtml_kses($input['bps_jtc_administrator']);
	@@ -1370,4 +1373,12 @@ function bulletproof_security_options_validate_mod_security($input) {
1370	return $options;
1371	}
1372








1373	?>


125	}
126	}
127
128	+ // Whitelist BPS DB options: Total: 39
129	register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
130	register_setting('bulletproof_security_options_SLF', 'bulletproof_security_options_SLF', 'bulletproof_security_options_validate_SLF');
131	register_setting('bulletproof_security_options_debug', 'bulletproof_security_options_debug', 'bulletproof_security_options_validate_debug');

161	register_setting('bulletproof_security_options_spinner', 'bulletproof_security_options_spinner', 'bulletproof_security_options_validate_spinner');
162	register_setting('bulletproof_security_options_mynotes', 'bulletproof_security_options_mynotes', 'bulletproof_security_options_validate_mynotes');
163	register_setting('bulletproof_security_options_zip_fix', 'bulletproof_security_options_zip_fix', 'bulletproof_security_options_validate_zip_fix');
164	+ register_setting('bulletproof_security_options_vcheck', 'bulletproof_security_options_vcheck', 'bulletproof_security_options_validate_vcheck');
165	register_setting('bulletproof_security_options_MScan', 'bulletproof_security_options_MScan', 'bulletproof_security_options_validate_MScan');
166	register_setting('bulletproof_security_options_email', 'bulletproof_security_options_email', 'bulletproof_security_options_validate_email');
167	register_setting('bulletproof_security_options_GDMW', 'bulletproof_security_options_GDMW', 'bulletproof_security_options_validate_GDMW');

827	delete_option('bulletproof_security_options_login_security_jtc');
828	delete_option('bulletproof_security_options_rate_free');
829	delete_option('bulletproof_security_options_mod_security');
830	+ delete_option('bulletproof_security_options_vcheck');
831	// will be adding this new upgrade notice option later
832	// delete_option('bulletproof_security_options_upgrade_notice');
833

1336	$BPSoptionsJTC['bps_jtc_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_register_form']);
1337	$BPSoptionsJTC['bps_jtc_lostpassword_form'] = wp_filter_nohtml_kses($input['bps_jtc_lostpassword_form']);
1338	$BPSoptionsJTC['bps_jtc_comment_form'] = wp_filter_nohtml_kses($input['bps_jtc_comment_form']);
1339	+ $BPSoptionsJTC['bps_jtc_mu_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_mu_register_form']);
1340	$BPSoptionsJTC['bps_jtc_buddypress_register_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_register_form']);
1341	$BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'] = wp_filter_nohtml_kses($input['bps_jtc_buddypress_sidebar_form']);
1342	$BPSoptionsJTC['bps_jtc_administrator'] = wp_filter_nohtml_kses($input['bps_jtc_administrator']);

1373	return $options;
1374	}
1375
1376	+ // VCheck testing
1377	+ function bulletproof_security_options_validate_vcheck($input) {
1378	+ $options = get_option('bulletproof_security_options_vcheck');
1379	+ $options['bps_vcheck'] = $input['bps_vcheck'];
1380	+
1381	+ return $options;
1382	+ }
1383	+
1384	?>

admin/login/login.php CHANGED Viewed

	@@ -134,6 +134,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
134	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
135	// Replace ABSPATH = wp-content
136	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );

137	// Top div & bottom div echo
138	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
139	$bps_bottomDiv = '</p></div>';
	@@ -843,6 +844,7 @@ if ( isset( $_POST['Submit-Security-Log-Options-JTC'] ) && current_user_can('man
843	'bps_jtc_register_form' => '',
844	'bps_jtc_lostpassword_form' => '',
845	'bps_jtc_comment_form' => '',

846	'bps_jtc_buddypress_register_form' => '',
847	'bps_jtc_buddypress_sidebar_form' => '',
848	'bps_jtc_administrator' => '',
	@@ -922,6 +924,7 @@ if ( ! current_user_can('manage_options') ) { _e('Permission Denied', 'bulletpro
922	<input type="checkbox" name="bps_jtc_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_register_form'], 1 ); ?> /><label><?php _e(' Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
923	<input type="checkbox" name="bps_jtc_lostpassword_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_lostpassword_form'], 1 ); ?> /><label><?php _e(' Lost Password Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
924	<input type="checkbox" name="bps_jtc_comment_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_comment_form'], 1 ); ?> /><label><?php _e(' Comment Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />

925	<input type="checkbox" name="bps_jtc_buddypress_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_register_form'], 1 ); ?> /><label><?php _e(' BuddyPress Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
926	<input type="checkbox" name="bps_jtc_buddypress_sidebar_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'], 1 ); ?> /><label><?php _e(' BuddyPress Sidebar Login Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br /><br />
927
	@@ -1357,7 +1360,7 @@ if ( isset( $_POST['Submit-ACE-Options'] ) && current_user_can('manage_options')
1357	</table>
1358	</div>
1359
1360	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1361	</div>
1362	</div>
1363	</div>


134	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
135	// Replace ABSPATH = wp-content
136	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
137	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
138	// Top div & bottom div echo
139	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
140	$bps_bottomDiv = '</p></div>';

844	'bps_jtc_register_form' => '',
845	'bps_jtc_lostpassword_form' => '',
846	'bps_jtc_comment_form' => '',
847	+ 'bps_jtc_mu_register_form' => '',
848	'bps_jtc_buddypress_register_form' => '',
849	'bps_jtc_buddypress_sidebar_form' => '',
850	'bps_jtc_administrator' => '',

924	<input type="checkbox" name="bps_jtc_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_register_form'], 1 ); ?> /><label><?php _e(' Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
925	<input type="checkbox" name="bps_jtc_lostpassword_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_lostpassword_form'], 1 ); ?> /><label><?php _e(' Lost Password Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
926	<input type="checkbox" name="bps_jtc_comment_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_comment_form'], 1 ); ?> /><label><?php _e(' Comment Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
927	+ <input type="checkbox" name="bps_jtc_mu_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_mu_register_form'], 1 ); ?> /><label><?php _e(' Multisite Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
928	<input type="checkbox" name="bps_jtc_buddypress_register_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_register_form'], 1 ); ?> /><label><?php _e(' BuddyPress Register Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br />
929	<input type="checkbox" name="bps_jtc_buddypress_sidebar_form" value="1" <?php checked( $BPSoptionsJTC['bps_jtc_buddypress_sidebar_form'], 1 ); ?> /><label><?php _e(' BuddyPress Sidebar Login Form (BPS Pro Only)', 'bulletproof-security'); ?></label><br /><br />
930

1360	</table>
1361	</div>
1362
1363	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1364	</div>
1365	</div>
1366	</div>

admin/login/lsm-help-text.php CHANGED Viewed

	@@ -16,7 +16,7 @@ if ( ! current_user_can('manage_options') ) {
16	}
17
18	/ JTC-Lite stripped down version of the BEAST - BPS Pro JTC Anti-Spam\|Anti-Hacker /
19	- $bps_modal_content2 = '<strong>'.__('If you forget what the CAPTCHA is and cannot login to your website use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder name to /_bulletproof-security/. Login to your website, go to the BPS JTC-Lite page and correct the CAPTCHA issue/problem. Rename the /_bulletproof-security/ plugin folder name back to /bulletproof-security/.', 'bulletproof-security').'</strong><br><br><strong>'.__('JTC-Lite Manual Setup Steps', 'bulletproof-security').'</strong><br>'.__('1. Enter a user friendly CAPTCHA in the JTC CAPTCHA text box.', 'bulletproof-security').'<br>'.__('2. Copy and paste the CAPTCHA you entered in the JTC CAPTCHA text box into the JTC ToolTip text box.', 'bulletproof-security').'<br>'.__('3. Either keep this default text "Hover or click the text box below" that will be displayed on all your forms or edit this text and add the message you want to add.', 'bulletproof-security').'<br>'.__('4. Check the Login Form checkbox and click the Save Options button.', 'bulletproof-security').'<br><br><strong>'.__('General Info about JTC-Lite', 'bulletproof-security').'</strong><br>'.__('JTC-Lite protects the WordPress Login form against automated SpamBot and HackerBot Brute Force Login attacks. Prevents User Accounts from being locked repeatedly by constant Brute Force Login attacks on your Login page. If you would like to protect all of your WordPress forms get the full version of JTC - BPS Pro JTC Anti-Spam\|Anti-Hacker.', 'bulletproof-security').'<br><br><strong>'.__('JTC CAPTCHA: ', 'bulletproof-security').'</strong><br>'.__('This is the CAPTCHA that users will enter to Login to your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > \' " &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.', 'bulletproof-security').'<br><br><strong>'.__('Note: ', 'bulletproof-security').'</strong>'.__('It is recommended that you make your CAPTCHA user friendly, simple, clear and easy to understand for your users.', 'bulletproof-security').'<br><br><strong>'.__('JTC ToolTip: ', 'bulletproof-security').'</strong><br>'.__('This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx or you can get as creative as you want to get with your jQuery ToolTip. Randomness is what makes a CAPTCHA very effective. JTC is designed with CAPTCHA randomness capability as one of its primary features.', 'bulletproof-security').'<br><br><strong>'.__('JTC Title\|Text: ', 'bulletproof-security').'</strong><br>'.__('This is the text that is displayed to users above the CAPTCHA text box/Form Field.', 'bulletproof-security').$networkMUJTCText.'<br><br><strong>'.__('Enable JTC for WooCommerce (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login page. BPS JTC will still continue to work normally on the standard WordPress Forms: Login, Register, Lost Password, Comment, BuddyPress Register and BuddyPress Sidebar Login Forms when you check this checkbox. This checkbox option setting is not for turning JTC On or Off if you are using WooCommerce. Use the JTC Enable\|Disable JTC For These Forms option checkboxes to enable or disable JTC on each of your Forms.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable JTC For These Forms (Only the Login Form CAPTCHA is available in BPS Free): ', 'bulletproof-security').'</strong><br>'.__('Checking a Form checkbox will display a CAPTCHA on that Form to all users. Unchecking a Form checkbox will remove the CAPTCHA on that Form for all users. The Comment Form is a special case and the CAPTCHA can be displayed based on the User Roles that you choose. See the Comment Form help section below.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: (only applies if Comment Form CAPTCHA is enabled/checked) ', 'bulletproof-security').'<br>'.__('Enable\|Disable JTC For These Registered/Logged In User Roles (BPS Pro Only:', 'bulletproof-security').'</strong><br>'.__('Users must be logged into your website for the Comment Form User Roles to work. If you do not require that users are registered and logged in to post comments on your website then these JTC options will not have any effect. These options are only for registered and logged in users and only for your Comment Form if you are using this WordPress Discussion setting: Users must be registered and logged in to comment. If you do not want to require that users are registered and logged in to comment then the JTC Comment Form CAPTCHA will still work as long as you have this WordPress Discussion setting checked: Comment author must fill out name and email.', 'bulletproof-security').'<br><br>'.__('Checking a User Role checkbox will display a CAPTCHA to all users with that User Role on your website\'s Comment Form. Unchecking a User Role checkbox will remove the CAPTCHA from displaying to users with that User Role on your website\'s Comment Form. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Login Form: CAPTCHA Error message:', 'bulletproof-security').'</strong><br>'.__('The Default JTC Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. You can change or add to the default error message. This error message is displayed on the Login Form.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form CAPTCHA Error message (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('The Default JTC Comment Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. Click your Browser\'s back button and re-enter the JTC CAPTCHA. You can change or add to the default error message. This error message only applies to the Comment Form CAPTCHA error message and does not affect or change any of the other Form CAPTCHA error messages.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: CSS Styling (BPS Pro Only)', 'bulletproof-security').'</strong><br>'.__('You can position the JTC Title\|Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes. By default the position of the JTC Title\|Text label and the JTC CAPTCHA Form Input text box is below your Comment Form submit button. For CSS code styling examples.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form Label (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC Title\|Text label above the Form Input text box.', 'bulletproof-security').'<br><strong>'.__('Comment Form Input Text Box (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC CAPTCHA Form Input text box.', 'bulletproof-security').'<br><br><strong>'.__('Additional Brute Force CAPTCHA Option: ', 'bulletproof-security').'</strong><br>'.__('If you do not allow anyone else to log into your website then here is an example of how JTC could be used as an additional Brute Force Login Protection feature.', 'bulletproof-security').'<br><br>'.__('Example: You create a JTC CAPTCHA: My Example CAPTCHA, you either leave the JTC ToolTip: text box blank or you create a Hint for yourself - JTC ToolTip: My Example Hint. If your JTC ToolTip: text box is blank then the CAPTCHA will not be displayed - only you will know what the CAPTCHA is. If you create a personal Hint for yourself then only you will know what the answer to the Hint is.', 'bulletproof-security').'</strong>';
20
21	/ Idle Session Logout\|Auth Cookie Expiration /
22	$bps_modal_content3 = '<strong>'.__('Idle Session Logout (ISL) General Info:', 'bulletproof-security').'</strong><br>'.__('Idle Session Logout (ISL) can be considered a "soft" setting vs ACE being a "hard" setting. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen.', 'bulletproof-security').'<br><br>'.__('If you set the Idle Session Logout Time to 60 minutes and the User is idle/inactive for 10 minutes and becomes active again then the Idle Session Logout Time starts all over again/is reset to 60 minutes. If a User is idle/inactive for 60 continuous minutes then that User will be automatically logged out of the site and redirected to the BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br>'.__('When an idle/inactive User is logged out of the site they are redirected to the BPS Idle Session Logout Page URL if their Browser is still open. If the User\'s Browser is still open and the User is on another Browser tab window then the Browser tab window where they are logged into your site will be redirected to the BPS Idle Session Logout Page URL. If the User has closed their Browser without logging out of your site then that User will not be logged out of your site. You can use ACE to log User\'s out of your site whether or not they have closed their Browser. Idle Session Logouts are logged in the BPS Security Log file.', 'bulletproof-security').'<br><br><strong><font color="blue">'.__('After making any option setting changes click the Save Options button to save your new option settings. To reset ISL option settings back to the default ISL option settings, delete any custom values/entries you have entered in any text/textarea boxes and click the Save Options button.', 'bulletproof-security').'</font></strong><br><br><strong>'.__('Turn On\|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ISL is Turned Off by default. Select ISL On to turn ISL On. Select ISL Off to turn ISL Off.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when an idle/inactive User should be logged out of your site. Example: Entering 60 will automatically logout Users who have been idle/inactive for 60 continuous minutes. Only enter numbers and not any other characters. If you accidently enter a blank value for the Idle Session Logout Time then ISL will be disabled automatically.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page URL:', 'bulletproof-security').'</strong><br>'.__('When an idle/inactive User is logged out of your site they are redirected to the BPS Idle Session Logout Page URL by default. You can choose to redirect logged out users to any URL that you want to redirect them to by entering the URL in this text box. Example: If you enter the URL path to your WP Login page then user\'s will be redirected to your WP Login page instead of the default BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Login URL:', 'bulletproof-security').'</strong><br>'.__('This option displays a clickable Login URL/link to your WP Login page. If your Login page URL is different than the default URL that you see displayed in the Idle Session Logout Page Login URL text box then change the URL to the URL for your site\'s Login page. You can choose not to display a Login URL/link by entering "No" (without quotes) if you do not want a Login URL/link displayed.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Exclude URLs\|URIs:', 'bulletproof-security').'</strong><br>'.__('This option allows you to exclude any pages or posts that you do not want ISL to check/monitor. Important: The URI path is everything after the root portion or your domain URL. Example: If the page/post you want to exclude is here: www.example.com/some-post/ then the URI Exclusion that you would use/enter is: /some-post/. If the page/post you want to exclude is here: www.example.com/category/some-post/ then the URI Exclusion that you would use/enter is: /category/some-post/.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom Message:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS ISL message/text by leaving the textarea box blank or you can enter your own custom ISL message/text in this textarea box that you want displayed to logged out users. Your custom message will be displayed on the default BPS ISL Logout page unless you choose to redirect users to a different URL/link using the Idle Session Logout Page URL option setting.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom CSS Style:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS CSS Style code or enter your own custom CSS Style customizations.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. ISL will be turned Off/disabled for any User Account names that you add in this text box. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ISL for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and ISL will still be disabled for the johnDoe User Account. It is recommended that you add your User Account name, but if you also want to be automatically logged out when your User Account is idle/inactive then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Idle Session Logouts For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will enable ISL for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will disable ISL for all Users with that User Role. Example: If you only check the Subscriber checkbox then ISL will only be enabled for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Idle Session Logouts For TinyMCE Editors:', 'bulletproof-security').'</strong><br>'.__('Please read all of the TinyMCE Editor Important Notes below. Checking the Enable\|Disable ISL For TinyMCE Editor checkbox will disable ISL for any/all pages that have a TinyMCE Editor on them.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Important Notes:', 'bulletproof-security').'</strong><br><br><strong>'.__('ISL and TinyMCE javascript Event Listeners:', 'bulletproof-security').'</strong><br>'.__('ISL uses javascript Event Listeners to monitor User activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. The TinyMCE Editor also uses javascript Event Listeners in the Visual Editor window. ISL can monitor User activity in the Text tab Editor window and the Editor Toolbar buttons or menus for any of the ISL events listed above, but cannot monitor any User activity in the TinyMCE Visual tab Editor window.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor on WordPress Post, Page and Comments pages:', 'bulletproof-security').'</strong><br>'.__('This example is using an Idle Session Logout Time of 60 minutes. If the User is typing content/text for 60 continuous minutes in the WordPress Post, Page or Comments TinyMCE Visual Editor window and has not clicked or moved their mouse outside of the TinyMCE Visual Editor window for 60 continuous minutes and the Enable\|Disable ISL For TinyMCE Editor checkbox option is not checked to disable ISL for TinyMCE Editors, then the User will see the native WP Confirm Navigation alert popup window with buttons to either Leave this Page or Stay on this Page. Clicking the Stay on this Page button resets the ISL timer again to 60 minutes and the User will not lose any of their content/text.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Instances used in other plugins and themes:', 'bulletproof-security').'</strong><br>'.__('If another plugin or theme is using instances of the TinyMCE Editor, like BPS Maintenance Mode MMode Editor TinyMCE Editor instance for example, then if all of the same conditions stated above for the WordPress Post, Page and Comments pages TinyMCE Visual Editor are the same then instead of seeing the native WP Confirm Navigation alert popup window, the User will be logged out automatically and the User\'s content/text will not be saved. If you are using TinyMCE Editor Instances in another plugin or theme that Users can use to add/edit content/text and you do not want to risk a User being logged out and losing any of their content/text then check the Enable\|Disable ISL For TinyMCE Editor checkbox to disable ISL on any pages that contain a TinyMCE Editor Instance.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration (ACE) General Info:', 'bulletproof-security').'</strong><br>'.__('The WordPress Authentication Cookie Expiration (ACE) time can be considered a "hard" setting vs ISL being a "soft" setting. If you set the Cookie Expiration to 60 minutes then 60 consecutive minutes after a User has logged in, that user will be logged out automatically whether that User is idle/inactive or not. The WordPress Authentication Cookie Expiration (ACE) time is set when a User logs in. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. The WordPress Authentication Cookie Expiration time is set/reset each time a User logs in. So if a User logs out and then logs back into the site then the Cookie Expiration time for that User is set again to whatever Auth Cookie Expiration Time that you choose or the WordPress default Cookie Expiration time if you do not use or turn On ACE.', 'bulletproof-security').'<br><br><strong>'.__('Turn On\|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ACE is Turned Off by default. Select ACE On to turn ACE On. Select ACE Off to turn ACE Off.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Remember Me Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site when the User has checked the Remember Me checkbox on the WordPress Login page. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Remember Me Checkbox:', 'bulletproof-security').'</strong><br>'.__('Checking the Disable & do not display the Remember Me checkbox option will disable and not display the Remember Me checkbox for everyone including you. If you want to set and control the WordPress Remember Me setting then use the Remember Me Auth Cookie Expiration Time in Minutes option setting instead and choose an amount of time you would like to use for the Cookie expiration time.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. Auth Cookie Expiration Time settings will not be applied to any User Account names that you add in this text box and these User Accounts will instead use the default WordPress Authentication Cookie Expiration time. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ACE for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and the johnDoe User Account will use the default WordPress Authentication Cookie Expiration time. It is recommended that you add your User Account name, but if you also want to be automatically logged out for the Auth Cookie Expiration time that you choose then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Auth Cookie Expiration Time For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will apply the Auth Cookie Expiration Time that you choose for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will apply the default WordPress Authentication Cookie Expiration time for all Users with that User Role. Example: If you only check the Subscriber checkbox then ACE will only apply the Auth Cookie Expiration Time setting that you choose for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br>';


16	}
17
18	/ JTC-Lite stripped down version of the BEAST - BPS Pro JTC Anti-Spam\|Anti-Hacker /
19	+ $bps_modal_content2 = '<strong>'.__('If you forget what the CAPTCHA is and cannot login to your website use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder name to /_bulletproof-security/. Login to your website, go to the BPS JTC-Lite page and correct the CAPTCHA issue/problem. Rename the /_bulletproof-security/ plugin folder name back to /bulletproof-security/.', 'bulletproof-security').'</strong><br><br><strong>'.__('JTC-Lite Manual Setup Steps', 'bulletproof-security').'</strong><br>'.__('1. Enter a user friendly CAPTCHA in the JTC CAPTCHA text box.', 'bulletproof-security').'<br>'.__('2. Copy and paste the CAPTCHA you entered in the JTC CAPTCHA text box into the JTC ToolTip text box.', 'bulletproof-security').'<br>'.__('3. Either keep this default text "Hover or click the text box below" that will be displayed on all your forms or edit this text and add the message you want to add.', 'bulletproof-security').'<br>'.__('4. Check the Login Form checkbox and click the Save Options button.', 'bulletproof-security').'<br><br><strong>'.__('General Info about JTC-Lite', 'bulletproof-security').'</strong><br>'.__('JTC-Lite protects the WordPress Login form against automated SpamBot and HackerBot Brute Force Login attacks. Prevents User Accounts from being locked repeatedly by constant Brute Force Login attacks on your Login page. If you would like to protect all of your WordPress forms get the full version of JTC - BPS Pro JTC Anti-Spam\|Anti-Hacker.', 'bulletproof-security').'<br><br><strong>'.__('JTC CAPTCHA: ', 'bulletproof-security').'</strong><br>'.__('This is the CAPTCHA that users will enter to Login to your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > \' " &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.', 'bulletproof-security').'<br><br><strong>'.__('Note: ', 'bulletproof-security').'</strong>'.__('It is recommended that you make your CAPTCHA user friendly, simple, clear and easy to understand for your users.', 'bulletproof-security').'<br><br><strong>'.__('JTC ToolTip: ', 'bulletproof-security').'</strong><br>'.__('This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx or you can get as creative as you want to get with your jQuery ToolTip. Randomness is what makes a CAPTCHA very effective. JTC is designed with CAPTCHA randomness capability as one of its primary features.', 'bulletproof-security').'<br><br><strong>'.__('JTC Title\|Text: ', 'bulletproof-security').'</strong><br>'.__('This is the text that is displayed to users above the CAPTCHA text box/Form Field.', 'bulletproof-security').$networkMUJTCText.'<br><br><strong>'.__('Enable JTC for WooCommerce (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login page. BPS JTC will still continue to work normally on the standard WordPress Forms: Login, Register, Lost Password, Comment, Multisite Register, BuddyPress Register and BuddyPress Sidebar Login Forms when you check this checkbox. This checkbox option setting is not for turning JTC On or Off if you are using WooCommerce. Use the JTC Enable\|Disable JTC For These Forms option checkboxes to enable or disable JTC on each of your Forms.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable JTC For These Forms (Only the Login Form CAPTCHA is available in BPS Free): ', 'bulletproof-security').'</strong><br>'.__('Checking a Form checkbox will display a CAPTCHA on that Form to all users. Unchecking a Form checkbox will remove the CAPTCHA on that Form for all users. The Comment Form is a special case and the CAPTCHA can be displayed based on the User Roles that you choose. See the Comment Form help section below.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: (only applies if Comment Form CAPTCHA is enabled/checked) ', 'bulletproof-security').'<br>'.__('Enable\|Disable JTC For These Registered/Logged In User Roles (BPS Pro Only:', 'bulletproof-security').'</strong><br>'.__('Users must be logged into your website for the Comment Form User Roles to work. If you do not require that users are registered and logged in to post comments on your website then these JTC options will not have any effect. These options are only for registered and logged in users and only for your Comment Form if you are using this WordPress Discussion setting: Users must be registered and logged in to comment. If you do not want to require that users are registered and logged in to comment then the JTC Comment Form CAPTCHA will still work as long as you have this WordPress Discussion setting checked: Comment author must fill out name and email.', 'bulletproof-security').'<br><br>'.__('Checking a User Role checkbox will display a CAPTCHA to all users with that User Role on your website\'s Comment Form. Unchecking a User Role checkbox will remove the CAPTCHA from displaying to users with that User Role on your website\'s Comment Form. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Login Form: CAPTCHA Error message:', 'bulletproof-security').'</strong><br>'.__('The Default JTC Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. You can change or add to the default error message. This error message is displayed on the Login Form.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form CAPTCHA Error message (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('The Default JTC Comment Form CAPTCHA error message is: <strong>ERROR</strong>: Incorrect JTC CAPTCHA Entered. Click your Browser\'s back button and re-enter the JTC CAPTCHA. You can change or add to the default error message. This error message only applies to the Comment Form CAPTCHA error message and does not affect or change any of the other Form CAPTCHA error messages.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form: CSS Styling (BPS Pro Only)', 'bulletproof-security').'</strong><br>'.__('You can position the JTC Title\|Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes. By default the position of the JTC Title\|Text label and the JTC CAPTCHA Form Input text box is below your Comment Form submit button. For CSS code styling examples.', 'bulletproof-security').'<br><br><strong>'.__('Comment Form Label (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC Title\|Text label above the Form Input text box.', 'bulletproof-security').'<br><strong>'.__('Comment Form Input Text Box (BPS Pro Only):', 'bulletproof-security').'</strong><br>'.__('This is the JTC CAPTCHA Form Input text box.', 'bulletproof-security').'<br><br><strong>'.__('Additional Brute Force CAPTCHA Option: ', 'bulletproof-security').'</strong><br>'.__('If you do not allow anyone else to log into your website then here is an example of how JTC could be used as an additional Brute Force Login Protection feature.', 'bulletproof-security').'<br><br>'.__('Example: You create a JTC CAPTCHA: My Example CAPTCHA, you either leave the JTC ToolTip: text box blank or you create a Hint for yourself - JTC ToolTip: My Example Hint. If your JTC ToolTip: text box is blank then the CAPTCHA will not be displayed - only you will know what the CAPTCHA is. If you create a personal Hint for yourself then only you will know what the answer to the Hint is.', 'bulletproof-security').'</strong>';
20
21	/ Idle Session Logout\|Auth Cookie Expiration /
22	$bps_modal_content3 = '<strong>'.__('Idle Session Logout (ISL) General Info:', 'bulletproof-security').'</strong><br>'.__('Idle Session Logout (ISL) can be considered a "soft" setting vs ACE being a "hard" setting. ISL uses javascript Event Listeners to monitor Users activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen.', 'bulletproof-security').'<br><br>'.__('If you set the Idle Session Logout Time to 60 minutes and the User is idle/inactive for 10 minutes and becomes active again then the Idle Session Logout Time starts all over again/is reset to 60 minutes. If a User is idle/inactive for 60 continuous minutes then that User will be automatically logged out of the site and redirected to the BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br>'.__('When an idle/inactive User is logged out of the site they are redirected to the BPS Idle Session Logout Page URL if their Browser is still open. If the User\'s Browser is still open and the User is on another Browser tab window then the Browser tab window where they are logged into your site will be redirected to the BPS Idle Session Logout Page URL. If the User has closed their Browser without logging out of your site then that User will not be logged out of your site. You can use ACE to log User\'s out of your site whether or not they have closed their Browser. Idle Session Logouts are logged in the BPS Security Log file.', 'bulletproof-security').'<br><br><strong><font color="blue">'.__('After making any option setting changes click the Save Options button to save your new option settings. To reset ISL option settings back to the default ISL option settings, delete any custom values/entries you have entered in any text/textarea boxes and click the Save Options button.', 'bulletproof-security').'</font></strong><br><br><strong>'.__('Turn On\|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ISL is Turned Off by default. Select ISL On to turn ISL On. Select ISL Off to turn ISL Off.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when an idle/inactive User should be logged out of your site. Example: Entering 60 will automatically logout Users who have been idle/inactive for 60 continuous minutes. Only enter numbers and not any other characters. If you accidently enter a blank value for the Idle Session Logout Time then ISL will be disabled automatically.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page URL:', 'bulletproof-security').'</strong><br>'.__('When an idle/inactive User is logged out of your site they are redirected to the BPS Idle Session Logout Page URL by default. You can choose to redirect logged out users to any URL that you want to redirect them to by entering the URL in this text box. Example: If you enter the URL path to your WP Login page then user\'s will be redirected to your WP Login page instead of the default BPS Idle Session Logout Page.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Login URL:', 'bulletproof-security').'</strong><br>'.__('This option displays a clickable Login URL/link to your WP Login page. If your Login page URL is different than the default URL that you see displayed in the Idle Session Logout Page Login URL text box then change the URL to the URL for your site\'s Login page. You can choose not to display a Login URL/link by entering "No" (without quotes) if you do not want a Login URL/link displayed.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Exclude URLs\|URIs:', 'bulletproof-security').'</strong><br>'.__('This option allows you to exclude any pages or posts that you do not want ISL to check/monitor. Important: The URI path is everything after the root portion or your domain URL. Example: If the page/post you want to exclude is here: www.example.com/some-post/ then the URI Exclusion that you would use/enter is: /some-post/. If the page/post you want to exclude is here: www.example.com/category/some-post/ then the URI Exclusion that you would use/enter is: /category/some-post/.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom Message:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS ISL message/text by leaving the textarea box blank or you can enter your own custom ISL message/text in this textarea box that you want displayed to logged out users. Your custom message will be displayed on the default BPS ISL Logout page unless you choose to redirect users to a different URL/link using the Idle Session Logout Page URL option setting.', 'bulletproof-security').'<br><br><strong>'.__('Idle Session Logout Page Custom CSS Style:', 'bulletproof-security').'</strong><br>'.__('You can either use the default BPS CSS Style code or enter your own custom CSS Style customizations.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. ISL will be turned Off/disabled for any User Account names that you add in this text box. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ISL for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and ISL will still be disabled for the johnDoe User Account. It is recommended that you add your User Account name, but if you also want to be automatically logged out when your User Account is idle/inactive then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Idle Session Logouts For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will enable ISL for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will disable ISL for all Users with that User Role. Example: If you only check the Subscriber checkbox then ISL will only be enabled for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Idle Session Logouts For TinyMCE Editors:', 'bulletproof-security').'</strong><br>'.__('Please read all of the TinyMCE Editor Important Notes below. Checking the Enable\|Disable ISL For TinyMCE Editor checkbox will disable ISL for any/all pages that have a TinyMCE Editor on them.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Important Notes:', 'bulletproof-security').'</strong><br><br><strong>'.__('ISL and TinyMCE javascript Event Listeners:', 'bulletproof-security').'</strong><br>'.__('ISL uses javascript Event Listeners to monitor User activity for these ISL events: keyboard key is pressed, mouse button is pressed, mouse is moved, mouse wheel is rolled up or down, finger is placed on the touch surface/screen and finger already placed on the screen is moved across the screen. The TinyMCE Editor also uses javascript Event Listeners in the Visual Editor window. ISL can monitor User activity in the Text tab Editor window and the Editor Toolbar buttons or menus for any of the ISL events listed above, but cannot monitor any User activity in the TinyMCE Visual tab Editor window.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor on WordPress Post, Page and Comments pages:', 'bulletproof-security').'</strong><br>'.__('This example is using an Idle Session Logout Time of 60 minutes. If the User is typing content/text for 60 continuous minutes in the WordPress Post, Page or Comments TinyMCE Visual Editor window and has not clicked or moved their mouse outside of the TinyMCE Visual Editor window for 60 continuous minutes and the Enable\|Disable ISL For TinyMCE Editor checkbox option is not checked to disable ISL for TinyMCE Editors, then the User will see the native WP Confirm Navigation alert popup window with buttons to either Leave this Page or Stay on this Page. Clicking the Stay on this Page button resets the ISL timer again to 60 minutes and the User will not lose any of their content/text.', 'bulletproof-security').'<br><br><strong>'.__('TinyMCE Editor Instances used in other plugins and themes:', 'bulletproof-security').'</strong><br>'.__('If another plugin or theme is using instances of the TinyMCE Editor, like BPS Maintenance Mode MMode Editor TinyMCE Editor instance for example, then if all of the same conditions stated above for the WordPress Post, Page and Comments pages TinyMCE Visual Editor are the same then instead of seeing the native WP Confirm Navigation alert popup window, the User will be logged out automatically and the User\'s content/text will not be saved. If you are using TinyMCE Editor Instances in another plugin or theme that Users can use to add/edit content/text and you do not want to risk a User being logged out and losing any of their content/text then check the Enable\|Disable ISL For TinyMCE Editor checkbox to disable ISL on any pages that contain a TinyMCE Editor Instance.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration (ACE) General Info:', 'bulletproof-security').'</strong><br>'.__('The WordPress Authentication Cookie Expiration (ACE) time can be considered a "hard" setting vs ISL being a "soft" setting. If you set the Cookie Expiration to 60 minutes then 60 consecutive minutes after a User has logged in, that user will be logged out automatically whether that User is idle/inactive or not. The WordPress Authentication Cookie Expiration (ACE) time is set when a User logs in. The default WordPress Authentication Cookie Expiration time is 2880 Minutes/2 Days and 20160 Minutes/14 Days if a User checks the Remember Me checkbox when they login. The WordPress Authentication Cookie Expiration time is set/reset each time a User logs in. So if a User logs out and then logs back into the site then the Cookie Expiration time for that User is set again to whatever Auth Cookie Expiration Time that you choose or the WordPress default Cookie Expiration time if you do not use or turn On ACE.', 'bulletproof-security').'<br><br><strong>'.__('Turn On\|Turn Off:', 'bulletproof-security').'</strong><br>'.__('ACE is Turned Off by default. Select ACE On to turn ACE On. Select ACE Off to turn ACE Off.', 'bulletproof-security').'<br><br><strong>'.__('Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Remember Me Auth Cookie Expiration Time in Minutes:', 'bulletproof-security').'</strong><br>'.__('Enter the time in minutes for when a User should be logged out of your site when the User has checked the Remember Me checkbox on the WordPress Login page. Example: Entering 720 will automatically logout Users who have been logged in for 720 consecutive minutes/12 hours. Only enter numbers and not any other characters. If you accidently enter a blank value for the for Auth Cookie Expiration Time or Remember Me Auth Cookie Expiration Time then ACE will use the default WordPress Authentication Cookie Expiration time.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Remember Me Checkbox:', 'bulletproof-security').'</strong><br>'.__('Checking the Disable & do not display the Remember Me checkbox option will disable and not display the Remember Me checkbox for everyone including you. If you want to set and control the WordPress Remember Me setting then use the Remember Me Auth Cookie Expiration Time in Minutes option setting instead and choose an amount of time you would like to use for the Cookie expiration time.', 'bulletproof-security').'<br><br><strong>'.__('User Account Exceptions:', 'bulletproof-security').'</strong><br>'.__('To create exceptions for User Account names enter User Account names (case-insensitive) separated by a comma and a space: johnDoe, janeDoe. Auth Cookie Expiration Time settings will not be applied to any User Account names that you add in this text box and these User Accounts will instead use the default WordPress Authentication Cookie Expiration time. User Account Exceptions override the User Roles option setting. Example: If johnDoe is an Administrator and you have enabled ACE for the Administrator User Role and you have added johnDoe in the User Account Exceptions text box then the johnDoe User Account Exception will override the Administrator User Role option setting and the johnDoe User Account will use the default WordPress Authentication Cookie Expiration time. It is recommended that you add your User Account name, but if you also want to be automatically logged out for the Auth Cookie Expiration time that you choose then do not add your User Account name.', 'bulletproof-security').'<br><br><strong>'.__('Enable\|Disable Auth Cookie Expiration Time For These User Roles:', 'bulletproof-security').'</strong><br>'.__('Checking a User Role checkbox will apply the Auth Cookie Expiration Time that you choose for all Users with that User Role (See User Account Exceptions). Unchecking a User Role checkbox will apply the default WordPress Authentication Cookie Expiration time for all Users with that User Role. Example: If you only check the Subscriber checkbox then ACE will only apply the Auth Cookie Expiration Time setting that you choose for Users that are Subscribers. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.', 'bulletproof-security').'<br><br>';

admin/maintenance/maintenance.php CHANGED Viewed

	@@ -150,6 +150,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
150	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
151	// Replace ABSPATH = wp-content
152	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );

153	// Top div echo & bottom div echo
154	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
155	$bps_bottomDiv = '</p></div>';
	@@ -2102,7 +2103,7 @@ if ( isset( $_POST['Submit-maintenance-mode-off'] ) && current_user_can('manage_
2102	</table>
2103	</div>
2104
2105	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2106	</div>
2107	</div>
2108	</div>


150	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
151	// Replace ABSPATH = wp-content
152	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
153	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
154	// Top div echo & bottom div echo
155	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
156	$bps_bottomDiv = '</p></div>';

2103	</table>
2104	</div>
2105
2106	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
2107	</div>
2108	</div>
2109	</div>

admin/mod-test/index.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	<html xmlns="http://www.w3.org/1999/xhtml">
3	<head>
4	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5	- <title>mod_rewrite, mod_authz_core, mod_authz_host & mod_access_compat ~~Module Testing~~</title>
6	<meta name="robots" content="noindex, nofollow" />
7	</head>
8
	@@ -18,7 +18,7 @@ pre {background:#fff url(pre_bg.png) top left repeat;color:#000;display:block;fo
18	-->
19	</style>
20
21	- <h2 style="color:#fff;">Apache Modules: mod_rewrite, mod_authz_core, mod_authz_host & mod_access_compat (directives: Order, Allow and Deny) ~~testing~~</h2>
22
23	<table class="Mod-Directive-Testing" width="100%" border="1">
24	<thead>
	@@ -153,7 +153,7 @@ pre {background:#fff url(pre_bg.png) top left repeat;color:#000;display:block;fo
153	</tbody>
154	</table>
155
156	- <h3 style="color:#fff;">Additional Testing for Web Hosts that ignore/do not allow/do not process IfModule conditions:</h3>
157
158	<table class="Mod-Directive-Testing-no-ifmodule" width="100%" border="1">
159	<thead>
	@@ -279,7 +279,7 @@ Require host example.com
279	</tbody>
280	</table>
281
282	- <h3 style="color:#fff;">Apache No IfModule Condition & ~~Directive~~ Test ~~Results~~ ~~Explanation~~:</h3>
283	<p style="color:#fff;">Some Web Hosts ignore/do not allow/do not process all IfModule conditions and the test results for tests 1-6 above will NOT be accurate. Tests 7-11 check mod_access_compat, mod_rewrite, mod_authz_core and mod_authz_host directives without any IfModule conditions. The mod_access_compat directives <strong>"Order, Deny, Allow"</strong> should work on every single Web Host at this present time. The Apache transition from mod_access_compat to the new mod_authz_core and mod_authz_host Modules will probably result in various issues/problems on some Web Hosts during that transitional period. BPS checks your current loaded Modules and directive htaccess code compatiblity and creates htaccess code that works specifically on your particular server/website/host. If things change in the future with your Web Host or you move to another host or server, BPS will check that you htaccess code is correct for your particular server/website/host and display a message to run the Setup Wizard again if necessary, which will create new htaccess code that works specifically for your particular server/website/host.</p>
284
285	<table class="Mod-Directive-Testing-Description" width="100%" border="1">


2	<html xmlns="http://www.w3.org/1999/xhtml">
3	<head>
4	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5	+ <title>Apache Modules Testing: mod_rewrite, mod_authz_core, mod_authz_host, mod_security, mod_security2 & mod_access_compat</title>
6	<meta name="robots" content="noindex, nofollow" />
7	</head>
8

18	-->
19	</style>
20
21	+ <h3 style="color:#fff;">Apache Modules Testing: mod_rewrite, mod_authz_core, mod_authz_host, mod_security, mod_security2 & mod_access_compat (directives: Order, Allow and Deny)</h3>
22
23	<table class="Mod-Directive-Testing" width="100%" border="1">
24	<thead>

153	</tbody>
154	</table>
155
156	+ <h3 style="color:#fff;">Additional Testing for Web Hosts that ignore/do not allow/do not process IfModule conditions and Mod Security testing:</h3>
157
158	<table class="Mod-Directive-Testing-no-ifmodule" width="100%" border="1">
159	<thead>

279	</tbody>
280	</table>
281
282	+ <h3 style="color:#fff;">Apache No IfModule Condition, Directive & Mod Security Test Result Explanations:</h3>
283	<p style="color:#fff;">Some Web Hosts ignore/do not allow/do not process all IfModule conditions and the test results for tests 1-6 above will NOT be accurate. Tests 7-11 check mod_access_compat, mod_rewrite, mod_authz_core and mod_authz_host directives without any IfModule conditions. The mod_access_compat directives <strong>"Order, Deny, Allow"</strong> should work on every single Web Host at this present time. The Apache transition from mod_access_compat to the new mod_authz_core and mod_authz_host Modules will probably result in various issues/problems on some Web Hosts during that transitional period. BPS checks your current loaded Modules and directive htaccess code compatiblity and creates htaccess code that works specifically on your particular server/website/host. If things change in the future with your Web Host or you move to another host or server, BPS will check that you htaccess code is correct for your particular server/website/host and display a message to run the Setup Wizard again if necessary, which will create new htaccess code that works specifically for your particular server/website/host.</p>
284
285	<table class="Mod-Directive-Testing-Description" width="100%" border="1">

admin/mscan/mscan.php CHANGED Viewed

	@@ -91,6 +91,7 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
91	// Replace ABSPATH = wp-content/uploads
92	$wp_upload_dir = wp_upload_dir();
93	$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );

94
95	function bpsPro_mscan_openbasedir_check() {
96
	@@ -1924,7 +1925,7 @@ jQuery(document).ready(function($){
1924	</table>
1925	</div>
1926
1927	- <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1928	</div>
1929	</div>
1930	</div>


91	// Replace ABSPATH = wp-content/uploads
92	$wp_upload_dir = wp_upload_dir();
93	$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
94	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
95
96	function bpsPro_mscan_openbasedir_check() {
97

1925	</table>
1926	</div>
1927
1928	+ <div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1929	</div>
1930	</div>
1931	</div>

admin/security-log/security-log.php CHANGED Viewed

	@@ -72,6 +72,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
72	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73	// Replace ABSPATH = wp-content
74	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );

75
76	// Top div echo & bottom div echo
77	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
	@@ -810,7 +811,7 @@ jQuery(document).ready(function($){
810	</table>
811	</div>
812
813	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
814	</div>
815	</div>
816	</div>


72	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
73	// Replace ABSPATH = wp-content
74	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
75	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
76
77	// Top div echo & bottom div echo
78	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';

811	</table>
812	</div>
813
814	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
815	</div>
816	</div>
817	</div>

admin/system-info/system-info.php CHANGED Viewed

	@@ -75,6 +75,7 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
75	// Replace ABSPATH = wp-content/uploads
76	$wp_upload_dir = wp_upload_dir();
77	$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );

78	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
79	$bps_bottomDiv = '</p></div>';
80
	@@ -753,8 +754,7 @@ function bpsPro_count_network_activated_plugins($count) {
753
754	if ( function_exists('gc_enabled') && function_exists('gc_collect_cycles') ) {
755	if ( gc_enabled() ) {
756	- $garbage = '<~~strong><~~span class="sysinfo-label-text">'.__('On \| Cycles: ', 'bulletproof-security') . '</span></strong>' . gc_collect_cycles();
757	-
758	} else {
759	$garbage = 'Off';
760	}
	@@ -948,6 +948,12 @@ function bpsPro_count_network_activated_plugins($count) {
948	bps_check_perms("../$bps_wpcontent_dir/bps-backup", "705");
949	bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "705");
950	bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "705");






951	if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
952	bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "705");
953	}
	@@ -981,6 +987,15 @@ function bpsPro_count_network_activated_plugins($count) {
981	bps_check_perms("../$bps_wpcontent_dir/bps-backup", "755");
982	bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "755");
983	bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "755");









984	if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
985	bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "755");
986	}
	@@ -1162,7 +1177,7 @@ global $bps_topDiv, $bps_bottomDiv;
1162	</table>
1163	</div>
1164
1165	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1166	</div>
1167	</div>
1168	</div>


75	// Replace ABSPATH = wp-content/uploads
76	$wp_upload_dir = wp_upload_dir();
77	$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
78	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
79	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
80	$bps_bottomDiv = '</p></div>';
81

754
755	if ( function_exists('gc_enabled') && function_exists('gc_collect_cycles') ) {
756	if ( gc_enabled() ) {
757	+ $garbage = '<span class="sysinfo-label-text">'.__('On', 'bulletproof-security').'<strong> \| '.__('Cycles: ', 'bulletproof-security') . '</span></strong>' . gc_collect_cycles();

758	} else {
759	$garbage = 'Off';
760	}

948	bps_check_perms("../$bps_wpcontent_dir/bps-backup", "705");
949	bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "705");
950	bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "705");
951	+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/mscan", "705");
952	+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/wp-hashes", "705");
953	+
954	+ if ( function_exists('sys_get_temp_dir') && is_dir( $sys_get_temp_dir ) ) {
955	+ bps_check_perms("$sys_get_temp_dir", "755");
956	+ }
957	if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
958	bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "705");
959	}

987	bps_check_perms("../$bps_wpcontent_dir/bps-backup", "755");
988	bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "755");
989	bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "755");
990	+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/mscan", "755");
991	+ bps_check_perms("../$bps_wpcontent_dir/bps-backup/wp-hashes", "755");
992	+
993	+ if ( is_dir( $upload_tmp_dir ) ) {
994	+ bps_check_perms("$upload_tmp_dir", "755");
995	+ }
996	+ if ( function_exists('sys_get_temp_dir') && is_dir( $sys_get_temp_dir ) ) {
997	+ bps_check_perms("$sys_get_temp_dir", "755");
998	+ }
999	if ( $DBBoptions['bps_db_backup_folder'] != '' ) {
1000	bps_check_perms( str_replace( $wpcontent_single_slash, "../$bps_wpcontent_dir", $db_backup ), "755");
1001	}

1177	</table>
1178	</div>
1179
1180	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1181	</div>
1182	</div>
1183	</div>

admin/theme-skin/theme-skin.php CHANGED Viewed

	@@ -77,6 +77,7 @@ $bpsSpacePop = '-------------------------------------------------------------';
77	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
78	// Replace ABSPATH = wp-content
79	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );

80	// Top div echo & bottom div echo
81	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
82	$bps_bottomDiv = '</p></div>';
	@@ -225,7 +226,7 @@ $bps_bottomDiv = '</p></div>';
225	</table>
226	</div>
227
228	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
229	</div>
230	</div>
231	</div>


77	$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
78	// Replace ABSPATH = wp-content
79	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
80	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
81	// Top div echo & bottom div echo
82	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
83	$bps_bottomDiv = '</p></div>';

226	</table>
227	</div>
228
229	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo $vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
230	</div>
231	</div>
232	</div>

admin/wizard/pwizard-autofix.php CHANGED Viewed

	@@ -1316,8 +1316,24 @@ RewriteRule ^(.*)$ - [F]
1316	$r20 = array();
1317	}
1318
1319	- ~~$pattern_array~~ = ~~array_merge($p1,~~ ~~$p2,~~ ~~$p3,~~ ~~$p4,~~ ~~$p5,~~ ~~$p6, $p7, $p8, $p9, $p10, $p11, $p12, $p13, $p14, $p15, $p16, $p17, $p18, $p19, $p20);~~
1320	- $~~replace_array~~ = ~~array_merge($r1, $r2, $r3, $r4, $r5, $r6, $r7, $r8, $r9, $r10, $r11, $r12, $r13, $r14, $r15, $r16, $r17, $r18, $r19, $r20)~~;
















1321
1322	if ( $CC_Options_root['bps_customcode_bpsqse'] != '' ) {
1323	$bps_customcode_bpsqse_replace = preg_replace($pattern_array, $replace_array, $bps_customcode_bpsqse_array);
	@@ -1371,7 +1387,7 @@ RewriteRule ^(.*)$ - [F]
1371	update_option('bulletproof_security_options_customcode', $Root_CC_Options);
1372	}
1373
1374	- $success_array = array($woo_PagSeguro_fix, $event_espresso_fix, $woo_serial_key_fix, $woo_worldpay_fix, $kama_click_counter_fix, $riva_slider_pro_fix, $wp_auto_spinner_fix, $AgriTurismo_theme_fix, $wccp_pro_fix, $panopress_fix, $essb_code_canyon_fix, $mainwp_fix, $clevercourse_theme_fix, $wp_estore_fix, $wp_emember_fix, $easy_digital_downloads_fix, $mailpoet_fix, $mailchimp_fix, $DAPLiveLinks_fix, $wp_newsletter_fix);
1375
1376	foreach ( $success_array as $successMessage ) {
1377


1316	$r20 = array();
1317	}
1318
1319	+ ## Subscribe To Comments Reloaded Plugin: whitelist rules
1320	+ $sctocr = 'subscribe-to-comments-reloaded/subscribe-to-comments-reloaded.php';
1321	+ $sctocr_active = in_array( $sctocr, apply_filters('active_plugins', get_option('active_plugins')));
1322	+ $sctocr_fix = '';
1323	+
1324	+ if ( $sctocr_active == 1 \|\| is_plugin_active_for_network( $sctocr ) ) {
1325	+ $sctocr_fix = __('Subscribe To Comments Reloaded Plugin BPSQSE AutoWhitelist successful', 'bulletproof-security');
1326	+
1327	+ $p21 = array('/RewriteCond\s%\{QUERY_STRING}\s\[a-zA-Z0-9_\]=$http\\|https$:\/\/\s\[NC,OR\]/', '/RewriteCond\s%\{QUERY_STRING\}\s\[a-zA-Z0-9_\]=\/$\[a-z0-9_\.\]\/\/\?$\+\s\[NC,OR\]/', '/RewriteCond\s%\{QUERY_STRING\}\s$http\\|https$\\\:\s\[NC,OR\]/');
1328	+ $r21 = array("# BPS AutoWhitelist QS2: Subscribe To Comments Reloaded Plugin", "# BPS AutoWhitelist QS3: Subscribe To Comments Reloaded Plugin", "# BPS AutoWhitelist QS4: Subscribe To Comments Reloaded Plugin");
1329	+
1330	+ } else {
1331	+ $p21 = array();
1332	+ $r21 = array();
1333	+ }
1334	+
1335	+ $pattern_array = array_merge($p1, $p2, $p3, $p4, $p5, $p6, $p7, $p8, $p9, $p10, $p11, $p12, $p13, $p14, $p15, $p16, $p17, $p18, $p19, $p20, $p21);
1336	+ $replace_array = array_merge($r1, $r2, $r3, $r4, $r5, $r6, $r7, $r8, $r9, $r10, $r11, $r12, $r13, $r14, $r15, $r16, $r17, $r18, $r19, $r20, $r21);
1337
1338	if ( $CC_Options_root['bps_customcode_bpsqse'] != '' ) {
1339	$bps_customcode_bpsqse_replace = preg_replace($pattern_array, $replace_array, $bps_customcode_bpsqse_array);

1387	update_option('bulletproof_security_options_customcode', $Root_CC_Options);
1388	}
1389
1390	+ $success_array = array($woo_PagSeguro_fix, $event_espresso_fix, $woo_serial_key_fix, $woo_worldpay_fix, $kama_click_counter_fix, $riva_slider_pro_fix, $wp_auto_spinner_fix, $AgriTurismo_theme_fix, $wccp_pro_fix, $panopress_fix, $essb_code_canyon_fix, $mainwp_fix, $clevercourse_theme_fix, $wp_estore_fix, $wp_emember_fix, $easy_digital_downloads_fix, $mailpoet_fix, $mailchimp_fix, $DAPLiveLinks_fix, $wp_newsletter_fix, $sctocr_fix);
1391
1392	foreach ( $success_array as $successMessage ) {
1393

admin/wizard/wizard.php CHANGED Viewed

	@@ -109,6 +109,7 @@ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
109
110	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
111	$bpsSpacePop = '-------------------------------------------------------------';

112
113	if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
114	require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/wizard/wizard-functions.php' );
	@@ -362,7 +363,15 @@ $failMessage = __('Error: Unable to create DB Table ', 'bulletproof-security');
362	$failTextEnd = '</strong></font><br>';
363	$HFiles_options = get_option('bulletproof_security_options_htaccess_files');
364
365	- // 2.5: ~~BPS plugin 30 day review/rating request Dismiss Notice~~








366	$bps_rate_options = 'bulletproof_security_options_rate_free';
367	$gmt_offset = get_option( 'gmt_offset' ) * 3600;
368	$bps_free_rate_review = mktime(0, 0, 0, date("m")+1, date("d")+1, date("Y"));
	@@ -855,6 +864,7 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
855	'bps_jtc_register_form' => '',
856	'bps_jtc_lostpassword_form' => '',
857	'bps_jtc_comment_form' => '',

858	'bps_jtc_buddypress_register_form' => '',
859	'bps_jtc_buddypress_sidebar_form' => '',
860	'bps_jtc_administrator' => '',
	@@ -888,6 +898,7 @@ $HFiles_options = get_option('bulletproof_security_options_htaccess_files');
888	'bps_jtc_register_form' => '',
889	'bps_jtc_lostpassword_form' => '',
890	'bps_jtc_comment_form' => '',

891	'bps_jtc_buddypress_register_form' => '',
892	'bps_jtc_buddypress_sidebar_form' => '',
893	'bps_jtc_administrator' => '',
	@@ -1350,6 +1361,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
1350	'bps_jtc_register_form' => '',
1351	'bps_jtc_lostpassword_form' => '',
1352	'bps_jtc_comment_form' => '',

1353	'bps_jtc_buddypress_register_form' => '',
1354	'bps_jtc_buddypress_sidebar_form' => '',
1355	'bps_jtc_administrator' => '',
	@@ -1386,6 +1398,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
1386	'bps_jtc_register_form' => '',
1387	'bps_jtc_lostpassword_form' => '',
1388	'bps_jtc_comment_form' => '',

1389	'bps_jtc_buddypress_register_form' => '',
1390	'bps_jtc_buddypress_sidebar_form' => '',
1391	'bps_jtc_administrator' => '',
	@@ -1418,7 +1431,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
1418
1419	</div>
1420
1421	- <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1422	</div>
1423	</div>
1424	<style>


109
110	$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
111	$bpsSpacePop = '-------------------------------------------------------------';
112	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
113
114	if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
115	require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/wizard/wizard-functions.php' );

363	$failTextEnd = '</strong></font><br>';
364	$HFiles_options = get_option('bulletproof_security_options_htaccess_files');
365
366	+ // 3.0: VCheck
367	+ $bps_vcheck_master = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php';
368	+
369	+ if ( file_exists($bps_vcheck_master) ) {
370	+ require_once ( WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php' );
371	+ unlink($bps_vcheck_master);
372	+ }
373	+
374	+ // 2.9: BPS plugin 30 day review/rating request Dismiss Notice
375	$bps_rate_options = 'bulletproof_security_options_rate_free';
376	$gmt_offset = get_option( 'gmt_offset' ) * 3600;
377	$bps_free_rate_review = mktime(0, 0, 0, date("m")+1, date("d")+1, date("Y"));

864	'bps_jtc_register_form' => '',
865	'bps_jtc_lostpassword_form' => '',
866	'bps_jtc_comment_form' => '',
867	+ 'bps_jtc_mu_register_form' => '',
868	'bps_jtc_buddypress_register_form' => '',
869	'bps_jtc_buddypress_sidebar_form' => '',
870	'bps_jtc_administrator' => '',

898	'bps_jtc_register_form' => '',
899	'bps_jtc_lostpassword_form' => '',
900	'bps_jtc_comment_form' => '',
901	+ 'bps_jtc_mu_register_form' => '',
902	'bps_jtc_buddypress_register_form' => '',
903	'bps_jtc_buddypress_sidebar_form' => '',
904	'bps_jtc_administrator' => '',

1361	'bps_jtc_register_form' => '',
1362	'bps_jtc_lostpassword_form' => '',
1363	'bps_jtc_comment_form' => '',
1364	+ 'bps_jtc_mu_register_form' => '',
1365	'bps_jtc_buddypress_register_form' => '',
1366	'bps_jtc_buddypress_sidebar_form' => '',
1367	'bps_jtc_administrator' => '',

1398	'bps_jtc_register_form' => '',
1399	'bps_jtc_lostpassword_form' => '',
1400	'bps_jtc_comment_form' => '',
1401	+ 'bps_jtc_mu_register_form' => '',
1402	'bps_jtc_buddypress_register_form' => '',
1403	'bps_jtc_buddypress_sidebar_form' => '',
1404	'bps_jtc_administrator' => '',

1431
1432	</div>
1433
1434	+ <div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; echo @$vcheck_options['bps_vcheck']; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
1435	</div>
1436	</div>
1437	<style>

bulletproof-security.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://forum.ait-pro.com/read-me-first/
5	Text Domain: bulletproof-security
6	Domain Path: /languages/
7	Description: <strong>Feature Highlights:</strong> Setup Wizard • MScan Malware Scanner • .htaccess Website Security Protection (Firewalls) • Security Logging\|HTTP Error Logging • DB Backup • DB Table Prefix Changer • Login Security & Monitoring • JTC-Lite Login Form Bot Lockout Protection • Idle Session Logout (ISL) • Auth Cookie Expiration (ACE) • UI Theme Skin Changer • System Info: Extensive System, Server and Security Status Information • FrontEnd\|BackEnd Maintenance Mode
8	- Version: 2.9
9	Author: AITpro Website Security
10	Author URI: https://forum.ait-pro.com/read-me-first/
11	*/
	@@ -28,9 +28,9 @@ Author URI: https://forum.ait-pro.com/read-me-first/
28	*/
29
30	// BPS variables
31	- define( 'BULLETPROOF_VERSION', '2.9' );
32	- $bps_last_version = '2.8';
33	- $bps_version = '2.9';
34	$aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
35	// Top div & bottom div
36	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
	@@ -114,13 +114,14 @@ add_filter( 'network_admin_plugin_action_links', 'bps_plugin_actlinks', 10, 2 );
114	// Add links on plugins page
115	function bps_plugin_extra_links( $links, $file ) {
116	static $this_plugin;

117	if ( ! current_user_can('install_plugins') )
118	return $links;
119	if ( ! $this_plugin )
120	$this_plugin = plugin_basename(__FILE__);
121	if ( $file == $this_plugin ) {
122	$links[] = '<a href="https://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/" title="BulletProof Security Forum" target="_blank">'.__('Forum - Support', 'bulleproof-security').'</a>';
123	- $links[] = '<a href="https://affiliates.ait-pro.com/po/" title="Upgrade to BPS Pro" target="_blank">'.__('Upgrade', 'bulleproof-security').'</a>';
124	$links[] = '<a href="https://www.ait-pro.com/bps-features/" title="BPS Pro Features" target="_blank">'.__('BPS Pro Features', 'bulleproof-security').'</a>';
125	}
126	return $links;


5	Text Domain: bulletproof-security
6	Domain Path: /languages/
7	Description: <strong>Feature Highlights:</strong> Setup Wizard • MScan Malware Scanner • .htaccess Website Security Protection (Firewalls) • Security Logging\|HTTP Error Logging • DB Backup • DB Table Prefix Changer • Login Security & Monitoring • JTC-Lite Login Form Bot Lockout Protection • Idle Session Logout (ISL) • Auth Cookie Expiration (ACE) • UI Theme Skin Changer • System Info: Extensive System, Server and Security Status Information • FrontEnd\|BackEnd Maintenance Mode
8	+ Version: 3.0
9	Author: AITpro Website Security
10	Author URI: https://forum.ait-pro.com/read-me-first/
11	*/

28	*/
29
30	// BPS variables
31	+ define( 'BULLETPROOF_VERSION', '3.0' );
32	+ $bps_last_version = '2.9';
33	+ $bps_version = '3.0';
34	$aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
35	// Top div & bottom div
36	$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';

114	// Add links on plugins page
115	function bps_plugin_extra_links( $links, $file ) {
116	static $this_plugin;
117	+ $vcheck_options = get_option('bulletproof_security_options_vcheck');
118	if ( ! current_user_can('install_plugins') )
119	return $links;
120	if ( ! $this_plugin )
121	$this_plugin = plugin_basename(__FILE__);
122	if ( $file == $this_plugin ) {
123	$links[] = '<a href="https://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/" title="BulletProof Security Forum" target="_blank">'.__('Forum - Support', 'bulleproof-security').'</a>';
124	+ $links[] = '<a href="https://affiliates.ait-pro.com/po/" title="Upgrade to BPS Pro" target="_blank">'.__('Upgrade', 'bulleproof-security').'</a>'.$vcheck_options['bps_vcheck'];
125	$links[] = '<a href="https://www.ait-pro.com/bps-features/" title="BPS Pro Features" target="_blank">'.__('BPS Pro Features', 'bulleproof-security').'</a>';
126	}
127	return $links;

includes/general-functions.php CHANGED Viewed

	@@ -1005,6 +1005,14 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1005	if ( current_user_can('manage_options') ) {
1006	global $bps_version, $bps_last_version, $wp_version, $wpdb, $aitpro_bullet, $pagenow, $current_user;
1007








1008	// 2.9: BPS plugin 30 day review/rating request Dismiss Notice
1009	$bps_rate_options = 'bulletproof_security_options_rate_free';
1010	$gmt_offset = get_option( 'gmt_offset' ) * 3600;
	@@ -1035,6 +1043,7 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1035	}
1036	}
1037

1038	// 2.9: Added new JTC option: bps_jtc_custom_form_error. Defaults to standard JTC CAPTCHA error message.
1039	// 2.5: Change default setting to Login Form CAPTCHA Off. Has New Feature Dismiss Notice.
1040	// 2.4: pre-save JTC-Lite db options
	@@ -1073,6 +1082,7 @@ function bpsPro_new_version_db_options_files_autoupdate() {
1073	'bps_jtc_register_form' => '',
1074	'bps_jtc_lostpassword_form' => '',
1075	'bps_jtc_comment_form' => '',

1076	'bps_jtc_buddypress_register_form' => '',
1077	'bps_jtc_buddypress_sidebar_form' => '',
1078	'bps_jtc_administrator' => '',


1005	if ( current_user_can('manage_options') ) {
1006	global $bps_version, $bps_last_version, $wp_version, $wpdb, $aitpro_bullet, $pagenow, $current_user;
1007
1008	+ // 3.0: VCheck
1009	+ $bps_vcheck_master = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php';
1010	+
1011	+ if ( file_exists($bps_vcheck_master) ) {
1012	+ require_once ( WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php' );
1013	+ unlink($bps_vcheck_master);
1014	+ }
1015	+
1016	// 2.9: BPS plugin 30 day review/rating request Dismiss Notice
1017	$bps_rate_options = 'bulletproof_security_options_rate_free';
1018	$gmt_offset = get_option( 'gmt_offset' ) * 3600;

1043	}
1044	}
1045
1046	+ // 3.0: Added new JTC option: bps_jtc_mu_register_form. BPS free does not use this option. Saved with a blank value.
1047	// 2.9: Added new JTC option: bps_jtc_custom_form_error. Defaults to standard JTC CAPTCHA error message.
1048	// 2.5: Change default setting to Login Form CAPTCHA Off. Has New Feature Dismiss Notice.
1049	// 2.4: pre-save JTC-Lite db options

1082	'bps_jtc_register_form' => '',
1083	'bps_jtc_lostpassword_form' => '',
1084	'bps_jtc_comment_form' => '',
1085	+ 'bps_jtc_mu_register_form' => '',
1086	'bps_jtc_buddypress_register_form' => '',
1087	'bps_jtc_buddypress_sidebar_form' => '',
1088	'bps_jtc_administrator' => '',

includes/hud-autofix-whitelist.php CHANGED Viewed

	@@ -367,6 +367,8 @@ function bpsPro_HUD_autofix_whitelist_check() {
367	$DAPLiveLinks_active = in_array( $DAPLiveLinks, apply_filters('active_plugins', get_option('active_plugins')));
368	$wp_newsletter = 'wp-mailinglist/wp-mailinglist.php';
369	$wp_newsletter_active = in_array( $wp_newsletter, apply_filters('active_plugins', get_option('active_plugins')));


370
371	## BPSQSE RegEx Patterns
372	// 3 variations for both UA rules below: only java, java and curl, java, curl and wget
	@@ -509,6 +511,12 @@ function bpsPro_HUD_autofix_whitelist_check() {
509	$debug_BPSQSE .= __('CC Root Text Box 12: WordPress Newsletter (tribulant) Plugin', 'bulletproof-security').'<br>';
510	}
511	}






512
513	## 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
514	$bps_customcode_two_wpa = htmlspecialchars_decode( $CC_Options_wpadmin['bps_customcode_two_wpa'], ENT_QUOTES );


367	$DAPLiveLinks_active = in_array( $DAPLiveLinks, apply_filters('active_plugins', get_option('active_plugins')));
368	$wp_newsletter = 'wp-mailinglist/wp-mailinglist.php';
369	$wp_newsletter_active = in_array( $wp_newsletter, apply_filters('active_plugins', get_option('active_plugins')));
370	+ $sctocr = 'subscribe-to-comments-reloaded/subscribe-to-comments-reloaded.php';
371	+ $sctocr_active = in_array( $sctocr, apply_filters('active_plugins', get_option('active_plugins')));
372
373	## BPSQSE RegEx Patterns
374	// 3 variations for both UA rules below: only java, java and curl, java, curl and wget

511	$debug_BPSQSE .= __('CC Root Text Box 12: WordPress Newsletter (tribulant) Plugin', 'bulletproof-security').'<br>';
512	}
513	}
514	+ if ( $sctocr_active == 1 \|\| is_plugin_active_for_network( $sctocr ) ) {
515	+ if ( ! preg_match( $marker2, $bps_customcode_bpsqse ) \|\| ! preg_match( $marker3, $bps_customcode_bpsqse ) \|\| ! preg_match( $marker4, $bps_customcode_bpsqse ) ) {
516	+ $autofix_message = bpsPro_autofix_message($autofix_message);
517	+ $debug_BPSQSE .= __('CC Root Text Box 12: Subscribe To Comments Reloaded Plugin', 'bulletproof-security').'<br>';
518	+ }
519	+ }
520
521	## 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
522	$bps_customcode_two_wpa = htmlspecialchars_decode( $CC_Options_wpadmin['bps_customcode_two_wpa'], ENT_QUOTES );

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://wordpress.org/support/view/plugin-reviews/bulletproof-secur
4	Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
5	Requires at least: 3.8
6	Tested up to: 4.9
7	- Stable tag: 2.9
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10


4	Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
5	Requires at least: 3.8
6	Tested up to: 4.9
7	+ Stable tag: 3.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10