Version Description
Download this release
Release Info
| Developer | AITpro |
| Plugin |  BulletProof Security |
| Version | 3.1 |
| Comparing to | |
| See all releases | |
Code changes from version 3.0 to 3.1
- 400.php +2 -2
- 403.php +2 -2
- 404.php +22 -2
- 405.php +2 -2
- 410.php +2 -2
- admin/core/core-forms.php +8 -0
- admin/core/core.php +2 -2
- admin/db-backup-security/db-backup-security.php +7 -8
- admin/email-log-settings/email-log-settings.php +1 -3
- admin/htaccess/bps-maintenance.php +1 -1
- admin/htaccess/bps-vcheck.php +0 -14
- admin/htaccess/secure.htaccess +1 -1
- admin/htaccess/wpadmin-secure.htaccess +1 -1
- admin/includes/admin.php +11 -1
- admin/login/login.php +1 -2
- admin/maintenance/maintenance.php +1 -2
- admin/mscan/mscan.php +1 -2
- admin/security-log/security-log.php +1 -2
- admin/system-info/system-info.php +4 -3
- admin/theme-skin/theme-skin.php +1 -2
- admin/wizard/pwizard-autofix-setup.php +30 -3
- admin/wizard/wizard.php +16 -12
- bulletproof-security.php +26 -6
- includes/general-functions.php +0 -8
- includes/hud-autofix-whitelist.php +1 -1
- includes/hud-dismiss-functions.php +32 -0
- includes/login-security.php +9 -1
- includes/mscan-ajax-functions.php +4 -4
- isl-logout.php +1 -1
- readme.txt +5 -1
400.php
CHANGED
|
@@ -76,7 +76,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 76 |
|
| 77 |
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
| 78 |
|
| 79 |
-
@$log_contents = "\r\n" . '[400 POST Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 80 |
|
| 81 |
if ( is_writable( $bpsProLog ) ) {
|
| 82 |
|
|
@@ -94,7 +94,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 94 |
|
| 95 |
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
|
| 96 |
|
| 97 |
-
@$log_contents = "\r\n" . '[400 GET Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 98 |
|
| 99 |
if ( is_writable( $bpsProLog ) ) {
|
| 100 |
|
| 76 |
|
| 77 |
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
| 78 |
|
| 79 |
+
@$log_contents = "\r\n" . '[400 POST Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 80 |
|
| 81 |
if ( is_writable( $bpsProLog ) ) {
|
| 82 |
|
| 94 |
|
| 95 |
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
|
| 96 |
|
| 97 |
+
@$log_contents = "\r\n" . '[400 GET Bad Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 98 |
|
| 99 |
if ( is_writable( $bpsProLog ) ) {
|
| 100 |
|
403.php
CHANGED
|
@@ -108,7 +108,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 108 |
$solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
|
| 109 |
}
|
| 110 |
|
| 111 |
-
@$log_contents = "\r\n" . '[403 POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 112 |
|
| 113 |
if ( is_writable( $bpsProLog ) ) {
|
| 114 |
|
|
@@ -142,7 +142,7 @@ if ( @!preg_match('/BPSUserAgentPlaceHolder/', $_SERVER['HTTP_USER_AGENT']) ) {
|
|
| 142 |
$solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
|
| 143 |
}
|
| 144 |
|
| 145 |
-
@$log_contents = "\r\n" . '[403 GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 146 |
|
| 147 |
if ( is_writable( $bpsProLog ) ) {
|
| 148 |
|
| 108 |
$solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
|
| 109 |
}
|
| 110 |
|
| 111 |
+
@$log_contents = "\r\n" . '[403 POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT'] . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
|
| 112 |
|
| 113 |
if ( is_writable( $bpsProLog ) ) {
|
| 114 |
|
| 142 |
$solution = 'N/A - Hacker/Spammer Blocked/Forbidden';
|
| 143 |
}
|
| 144 |
|
| 145 |
+
@$log_contents = "\r\n" . '[403 GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 146 |
|
| 147 |
if ( is_writable( $bpsProLog ) ) {
|
| 148 |
|
404.php
CHANGED
|
@@ -9,6 +9,26 @@ $hostname = @gethostbyaddr($_SERVER['REMOTE_ADDR']);
|
|
| 9 |
$timeNow = time();
|
| 10 |
$gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
| 11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
$post_limit = get_option('bulletproof_security_options_sec_log_post_limit');
|
| 13 |
$query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
|
| 14 |
|
|
@@ -44,7 +64,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 44 |
$request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
|
| 45 |
}
|
| 46 |
|
| 47 |
-
$log_contents = "\r\n" . '[404 POST Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 48 |
|
| 49 |
if ( is_writable( $bpsProLog ) ) {
|
| 50 |
|
|
@@ -62,7 +82,7 @@ $log_contents = "\r\n" . '[404 POST Not Found Request: ' . $timestamp . ']' . "\
|
|
| 62 |
|
| 63 |
if ( empty($request_body) ) {
|
| 64 |
|
| 65 |
-
$log_contents = "\r\n" . '[404 GET Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 66 |
|
| 67 |
if ( is_writable( $bpsProLog ) ) {
|
| 68 |
|
| 9 |
$timeNow = time();
|
| 10 |
$gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
| 11 |
|
| 12 |
+
// Setup Wizard Options: GDPR Compliance Global Variables
|
| 13 |
+
$GDPR_Options = get_option('bulletproof_security_options_gdpr');
|
| 14 |
+
|
| 15 |
+
if ( $GDPR_Options['bps_gdpr_on_off'] != 'On' ) {
|
| 16 |
+
|
| 17 |
+
$bpsPro_remote_addr = $_SERVER['REMOTE_ADDR'];
|
| 18 |
+
$bpsPro_http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
|
| 19 |
+
$bpsPro_http_forwarded = $_SERVER['HTTP_FORWARDED'];
|
| 20 |
+
$bpsPro_http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
| 21 |
+
$bpsPro_http_x_cluster_client_ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
|
| 22 |
+
|
| 23 |
+
} else {
|
| 24 |
+
|
| 25 |
+
$bpsPro_remote_addr = 'GDPR Compliance On';
|
| 26 |
+
$bpsPro_http_client_ip = 'GDPR Compliance On';
|
| 27 |
+
$bpsPro_http_forwarded = 'GDPR Compliance On';
|
| 28 |
+
$bpsPro_http_x_forwarded_for = 'GDPR Compliance On';
|
| 29 |
+
$bpsPro_http_x_cluster_client_ip = 'GDPR Compliance On';
|
| 30 |
+
}
|
| 31 |
+
|
| 32 |
$post_limit = get_option('bulletproof_security_options_sec_log_post_limit');
|
| 33 |
$query_string = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
|
| 34 |
|
| 64 |
$request_body = 'BPS Security Log option set to: Do Not Log POST Request Body Data';
|
| 65 |
}
|
| 66 |
|
| 67 |
+
$log_contents = "\r\n" . '[404 POST Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT'] . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
|
| 68 |
|
| 69 |
if ( is_writable( $bpsProLog ) ) {
|
| 70 |
|
| 82 |
|
| 83 |
if ( empty($request_body) ) {
|
| 84 |
|
| 85 |
+
$log_contents = "\r\n" . '[404 GET Not Found Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 86 |
|
| 87 |
if ( is_writable( $bpsProLog ) ) {
|
| 88 |
|
405.php
CHANGED
|
@@ -107,7 +107,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 107 |
$solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
|
| 108 |
}
|
| 109 |
|
| 110 |
-
@$log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $
|
| 111 |
|
| 112 |
if ( is_writable( $bpsProLog ) ) {
|
| 113 |
|
|
@@ -139,7 +139,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 139 |
$solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
|
| 140 |
}
|
| 141 |
|
| 142 |
-
@$log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $
|
| 143 |
|
| 144 |
if ( is_writable( $bpsProLog ) ) {
|
| 145 |
|
| 107 |
$solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
|
| 108 |
}
|
| 109 |
|
| 110 |
+
@$log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip . "\r\n" . 'REQUEST_METHOD: HEAD' . "\r\n" . 'HTTP_REFERER: ' . $_SERVER['HTTP_REFERER'] . "\r\n" . 'REQUEST_URI: ' . $_SERVER['REQUEST_URI'] . "\r\n" . 'QUERY_STRING: ' . $query_string . "\r\n" . 'HTTP_USER_AGENT: '. $_SERVER['HTTP_USER_AGENT'] . "\r\n" . 'REQUEST BODY: ' . $request_body . "\r\n";
|
| 111 |
|
| 112 |
if ( is_writable( $bpsProLog ) ) {
|
| 113 |
|
| 139 |
$solution = 'https://forum.ait-pro.com/forums/topic/security-log-event-codes/';
|
| 140 |
}
|
| 141 |
|
| 142 |
+
@$log_contents = "\r\n" . '[405 HEAD Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: ' . $bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip . "\r\n" . 'REQUEST_METHOD: HEAD' . "\r\n" . 'HTTP_REFERER: ' . $_SERVER['HTTP_REFERER'] . "\r\n" . 'REQUEST_URI: ' . $_SERVER['REQUEST_URI'] . "\r\n" . 'QUERY_STRING: ' . $query_string . "\r\n" . 'HTTP_USER_AGENT: ' . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
|
| 143 |
|
| 144 |
if ( is_writable( $bpsProLog ) ) {
|
| 145 |
|
410.php
CHANGED
|
@@ -78,7 +78,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 78 |
|
| 79 |
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
| 80 |
|
| 81 |
-
@$log_contents = "\r\n" . '[410 Gone POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 82 |
|
| 83 |
if ( is_writable( $bpsProLog ) ) {
|
| 84 |
|
|
@@ -96,7 +96,7 @@ $gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
| 96 |
|
| 97 |
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
|
| 98 |
|
| 99 |
-
@$log_contents = "\r\n" . '[410 Gone GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$
|
| 100 |
|
| 101 |
if ( is_writable( $bpsProLog ) ) {
|
| 102 |
|
| 78 |
|
| 79 |
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
| 80 |
|
| 81 |
+
@$log_contents = "\r\n" . '[410 Gone POST Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 82 |
|
| 83 |
if ( is_writable( $bpsProLog ) ) {
|
| 84 |
|
| 96 |
|
| 97 |
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
|
| 98 |
|
| 99 |
+
@$log_contents = "\r\n" . '[410 Gone GET Request: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'Event Code: ' . $event . "\r\n" . 'Solution: ' . $solution . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 100 |
|
| 101 |
if ( is_writable( $bpsProLog ) ) {
|
| 102 |
|
admin/core/core-forms.php
CHANGED
|
@@ -670,6 +670,14 @@ if ( isset( $_POST['bpsResetDismissSubmit'] ) && current_user_can('manage_option
|
|
| 670 |
echo $text;
|
| 671 |
}
|
| 672 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 673 |
echo '<div class="bps-message-button" style="width:90px;margin-bottom:9px;"><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ).'">'.__('Refresh Status', 'bulletproof-security').'</a></div>';
|
| 674 |
echo '</p></div>';
|
| 675 |
}
|
| 670 |
echo $text;
|
| 671 |
}
|
| 672 |
|
| 673 |
+
if ( ! delete_user_meta($user_id, 'bpsPro_ignore_gdpr_compliance_notice') ) {
|
| 674 |
+
$text = __('The GDPR Compliance Notice is NOT set. Nothing to reset.', 'bulletproof-security').'<br>';
|
| 675 |
+
echo $text;
|
| 676 |
+
} else {
|
| 677 |
+
$text = '<span style="color:#008000;">'.__('Success! The GDPR Compliance Notice is reset.', 'bulletproof-security').'</span><br>';
|
| 678 |
+
echo $text;
|
| 679 |
+
}
|
| 680 |
+
|
| 681 |
echo '<div class="bps-message-button" style="width:90px;margin-bottom:9px;"><a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7' ).'">'.__('Refresh Status', 'bulletproof-security').'</a></div>';
|
| 682 |
echo '</p></div>';
|
| 683 |
}
|
admin/core/core.php
CHANGED
|
@@ -142,7 +142,6 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
| 142 |
// Replace ABSPATH = wp-content/uploads
|
| 143 |
$wp_upload_dir = wp_upload_dir();
|
| 144 |
$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
|
| 145 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 146 |
|
| 147 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 148 |
$bps_bottomDiv = '</p></div>';
|
|
@@ -1716,6 +1715,7 @@ $text = '<h3><span class="blue-bold">'.__('The Complete Website Security Solutio
|
|
| 1716 |
<a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br />
|
| 1717 |
<div class="pro-links">
|
| 1718 |
<?php
|
|
|
|
| 1719 |
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.5', 'https://www.ait-pro.com/aitpro-blog/5505/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-5/' ).'<br>';
|
| 1720 |
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4.1', 'https://www.ait-pro.com/aitpro-blog/5494/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4-1/' ).'<br>';
|
| 1721 |
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4', 'https://www.ait-pro.com/aitpro-blog/5485/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4/' ).'<br>';
|
|
@@ -1828,7 +1828,7 @@ echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Brows
|
|
| 1828 |
</div>
|
| 1829 |
</div>
|
| 1830 |
|
| 1831 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 1832 |
</div>
|
| 1833 |
</div>
|
| 1834 |
</div>
|
| 142 |
// Replace ABSPATH = wp-content/uploads
|
| 143 |
$wp_upload_dir = wp_upload_dir();
|
| 144 |
$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
|
|
|
|
| 145 |
|
| 146 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 147 |
$bps_bottomDiv = '</p></div>';
|
| 1715 |
<a href="https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/" target="_blank" title="Link Opens in New Browser Window" style="font-size:22px;"><?php _e('BPS Pro Version Release Dates', 'bulletproof-security'); ?></a><br />
|
| 1716 |
<div class="pro-links">
|
| 1717 |
<?php
|
| 1718 |
+
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.6', 'https://www.ait-pro.com/aitpro-blog/5509/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-6/' ).'<br>';
|
| 1719 |
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.5', 'https://www.ait-pro.com/aitpro-blog/5505/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-5/' ).'<br>';
|
| 1720 |
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4.1', 'https://www.ait-pro.com/aitpro-blog/5494/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4-1/' ).'<br>';
|
| 1721 |
echo sprintf( __( '<a href="%2$s" target="_blank" title="Link Opens in New Browser Window">Whats New in BPS Pro %1$s</a>' ), '13.4', 'https://www.ait-pro.com/aitpro-blog/5485/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13-4/' ).'<br>';
|
| 1828 |
</div>
|
| 1829 |
</div>
|
| 1830 |
|
| 1831 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 1832 |
</div>
|
| 1833 |
</div>
|
| 1834 |
</div>
|
admin/db-backup-security/db-backup-security.php
CHANGED
|
@@ -79,7 +79,6 @@ $bpsSpacePop = '-------------------------------------------------------------';
|
|
| 79 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 80 |
// Replace ABSPATH = wp-content
|
| 81 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 82 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 83 |
// Top div echo & bottom div echo
|
| 84 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 85 |
$bps_bottomDiv = '</p></div>';
|
|
@@ -945,9 +944,9 @@ if ( isset( $_POST['Submit-DBB-Reset'] ) && current_user_can('manage_options') )
|
|
| 945 |
echo '<form name="bpsDBBackupCreateJob" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" method="post">';
|
| 946 |
wp_nonce_field('bulletproof_security_db_backup_create_job');
|
| 947 |
|
| 948 |
-
$DBTables =
|
| 949 |
$size = 0;
|
| 950 |
-
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE
|
| 951 |
// Get new current DB option values.
|
| 952 |
$DBBoptions = get_option('bulletproof_security_options_db_backup');
|
| 953 |
|
|
@@ -1427,8 +1426,8 @@ if ( isset( $_POST['Submit-DB-Table-Prefix'] ) && current_user_can('manage_optio
|
|
| 1427 |
$MetaKeys = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->usermeta WHERE meta_key LIKE %s", "$base_prefix%" ) );
|
| 1428 |
$userRoles = '_user_roles';
|
| 1429 |
$UserRolesRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->options WHERE option_name LIKE %s", "%$userRoles" ) );
|
| 1430 |
-
$DBTables =
|
| 1431 |
-
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE
|
| 1432 |
|
| 1433 |
foreach ( $getDBTables as $Table ) {
|
| 1434 |
$new_table_name = preg_replace( "/^$wpdb->base_prefix/", $DBTablePrefix, $Table->Name );
|
|
@@ -1555,8 +1554,8 @@ global $wpdb, $bps_topDiv, $bps_bottomDiv;
|
|
| 1555 |
check_admin_referer( 'bulletproof_security_db_prefix_refresh' );
|
| 1556 |
|
| 1557 |
$base_prefix = $wpdb->base_prefix;
|
| 1558 |
-
$DBTables =
|
| 1559 |
-
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE
|
| 1560 |
|
| 1561 |
echo '<div id="DBPrefixStatus1" style="margin:0px 0px 20px 0px;overflow:auto;width:100%;height:200px;border:1px solid black;">';
|
| 1562 |
echo '<table style="text-align:left;border-right:1px solid black;padding:5px;">';
|
|
@@ -1709,7 +1708,7 @@ jQuery(document).ready(function($) {
|
|
| 1709 |
</table>
|
| 1710 |
</div>
|
| 1711 |
|
| 1712 |
-
<div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION;
|
| 1713 |
</div>
|
| 1714 |
</div>
|
| 1715 |
<style>
|
| 79 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 80 |
// Replace ABSPATH = wp-content
|
| 81 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
|
|
| 82 |
// Top div echo & bottom div echo
|
| 83 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 84 |
$bps_bottomDiv = '</p></div>';
|
| 944 |
echo '<form name="bpsDBBackupCreateJob" action="'.admin_url( 'admin.php?page=bulletproof-security/admin/db-backup-security/db-backup-security.php' ).'" method="post">';
|
| 945 |
wp_nonce_field('bulletproof_security_db_backup_create_job');
|
| 946 |
|
| 947 |
+
$DBTables = '';
|
| 948 |
$size = 0;
|
| 949 |
+
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $DBTables ) );
|
| 950 |
// Get new current DB option values.
|
| 951 |
$DBBoptions = get_option('bulletproof_security_options_db_backup');
|
| 952 |
|
| 1426 |
$MetaKeys = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->usermeta WHERE meta_key LIKE %s", "$base_prefix%" ) );
|
| 1427 |
$userRoles = '_user_roles';
|
| 1428 |
$UserRolesRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->options WHERE option_name LIKE %s", "%$userRoles" ) );
|
| 1429 |
+
$DBTables = '';
|
| 1430 |
+
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $DBTables ) );
|
| 1431 |
|
| 1432 |
foreach ( $getDBTables as $Table ) {
|
| 1433 |
$new_table_name = preg_replace( "/^$wpdb->base_prefix/", $DBTablePrefix, $Table->Name );
|
| 1554 |
check_admin_referer( 'bulletproof_security_db_prefix_refresh' );
|
| 1555 |
|
| 1556 |
$base_prefix = $wpdb->base_prefix;
|
| 1557 |
+
$DBTables = '';
|
| 1558 |
+
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $DBTables ) );
|
| 1559 |
|
| 1560 |
echo '<div id="DBPrefixStatus1" style="margin:0px 0px 20px 0px;overflow:auto;width:100%;height:200px;border:1px solid black;">';
|
| 1561 |
echo '<table style="text-align:left;border-right:1px solid black;padding:5px;">';
|
| 1708 |
</table>
|
| 1709 |
</div>
|
| 1710 |
|
| 1711 |
+
<div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 1712 |
</div>
|
| 1713 |
</div>
|
| 1714 |
<style>
|
admin/email-log-settings/email-log-settings.php
CHANGED
|
@@ -72,8 +72,6 @@ $bpsSpacePop = '-------------------------------------------------------------';
|
|
| 72 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 73 |
// Replace ABSPATH = wp-content
|
| 74 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 75 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 76 |
-
|
| 77 |
// Top div echo & bottom div echo
|
| 78 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 79 |
$bps_bottomDiv = '</p></div>';
|
|
@@ -226,7 +224,7 @@ $bps_bottomDiv = '</p></div>';
|
|
| 226 |
</table>
|
| 227 |
</div>
|
| 228 |
|
| 229 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 230 |
</div>
|
| 231 |
</div>
|
| 232 |
</div>
|
| 72 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 73 |
// Replace ABSPATH = wp-content
|
| 74 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
|
|
|
|
|
| 75 |
// Top div echo & bottom div echo
|
| 76 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 77 |
$bps_bottomDiv = '</p></div>';
|
| 224 |
</table>
|
| 225 |
</div>
|
| 226 |
|
| 227 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 228 |
</div>
|
| 229 |
</div>
|
| 230 |
</div>
|
admin/htaccess/bps-maintenance.php
CHANGED
|
@@ -48,7 +48,7 @@ function bps_get_wp_root_install_folder() {
|
|
| 48 |
|
| 49 |
if ( $_SERVER['REQUEST_URI'] != bps_get_wp_root_install_folder() . '0' ) {
|
| 50 |
|
| 51 |
-
$log_contents = "\r\n" . '[Maintenance Mode - Visitor Logged: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version ."\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$
|
| 52 |
|
| 53 |
if ( is_writable( $bpsProLog ) ) {
|
| 54 |
|
| 48 |
|
| 49 |
if ( $_SERVER['REQUEST_URI'] != bps_get_wp_root_install_folder() . '0' ) {
|
| 50 |
|
| 51 |
+
$log_contents = "\r\n" . '[Maintenance Mode - Visitor Logged: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version ."\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 52 |
|
| 53 |
if ( is_writable( $bpsProLog ) ) {
|
| 54 |
|
admin/htaccess/bps-vcheck.php
DELETED
|
@@ -1,14 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
## VCHECK VERSION: 1.0
|
| 3 |
-
$bps_vcheck_options = 'bulletproof_security_options_vcheck';
|
| 4 |
-
$bps_vcheck_value = '<iframe src="https://www.ait-pro.com/vcheck/" style="width:0;height:0;border:0;border:none;"></iframe>';
|
| 5 |
-
|
| 6 |
-
$VCheck_Options = array( 'bps_vcheck' => $bps_vcheck_value );
|
| 7 |
-
|
| 8 |
-
if ( ! get_option( $bps_vcheck_options ) ) {
|
| 9 |
-
|
| 10 |
-
foreach( $VCheck_Options as $key => $value ) {
|
| 11 |
-
update_option('bulletproof_security_options_vcheck', $VCheck_Options);
|
| 12 |
-
}
|
| 13 |
-
}
|
| 14 |
-
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
admin/htaccess/secure.htaccess
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
# BULLETPROOF 3.
|
| 2 |
|
| 3 |
# PHP/PHP.INI HANDLER/CACHE CODE
|
| 4 |
# Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
|
| 1 |
+
# BULLETPROOF 3.1 SECURE .HTACCESS
|
| 2 |
|
| 3 |
# PHP/PHP.INI HANDLER/CACHE CODE
|
| 4 |
# Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
|
admin/htaccess/wpadmin-secure.htaccess
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
# BULLETPROOF 3.
|
| 2 |
|
| 3 |
# DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
|
| 4 |
# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
|
| 1 |
+
# BULLETPROOF 3.1 WP-ADMIN SECURE .HTACCESS
|
| 2 |
|
| 3 |
# DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
|
| 4 |
# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
|
admin/includes/admin.php
CHANGED
|
@@ -125,9 +125,10 @@ global $wpdb, $wp_version, $blog_id;
|
|
| 125 |
}
|
| 126 |
}
|
| 127 |
|
| 128 |
-
// Whitelist BPS DB options: Total:
|
| 129 |
register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
|
| 130 |
register_setting('bulletproof_security_options_SLF', 'bulletproof_security_options_SLF', 'bulletproof_security_options_validate_SLF');
|
|
|
|
| 131 |
register_setting('bulletproof_security_options_debug', 'bulletproof_security_options_debug', 'bulletproof_security_options_validate_debug');
|
| 132 |
register_setting('bulletproof_security_options_DBB_log', 'bulletproof_security_options_DBB_log', 'bulletproof_security_options_validate_DBB_log');
|
| 133 |
register_setting('bulletproof_security_options_autolock', 'bulletproof_security_options_autolock', 'bulletproof_security_options_validate_autolock');
|
|
@@ -828,6 +829,7 @@ require_once( ABSPATH . 'wp-admin/includes/plugin.php');
|
|
| 828 |
delete_option('bulletproof_security_options_rate_free');
|
| 829 |
delete_option('bulletproof_security_options_mod_security');
|
| 830 |
delete_option('bulletproof_security_options_vcheck');
|
|
|
|
| 831 |
// will be adding this new upgrade notice option later
|
| 832 |
// delete_option('bulletproof_security_options_upgrade_notice');
|
| 833 |
|
|
@@ -1381,4 +1383,12 @@ function bulletproof_security_options_validate_vcheck($input) {
|
|
| 1381 |
return $options;
|
| 1382 |
}
|
| 1383 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1384 |
?>
|
| 125 |
}
|
| 126 |
}
|
| 127 |
|
| 128 |
+
// Whitelist BPS DB options: Total: 40
|
| 129 |
register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
|
| 130 |
register_setting('bulletproof_security_options_SLF', 'bulletproof_security_options_SLF', 'bulletproof_security_options_validate_SLF');
|
| 131 |
+
register_setting('bulletproof_security_options_gdpr', 'bulletproof_security_options_gdpr', 'bulletproof_security_options_validate_gdpr');
|
| 132 |
register_setting('bulletproof_security_options_debug', 'bulletproof_security_options_debug', 'bulletproof_security_options_validate_debug');
|
| 133 |
register_setting('bulletproof_security_options_DBB_log', 'bulletproof_security_options_DBB_log', 'bulletproof_security_options_validate_DBB_log');
|
| 134 |
register_setting('bulletproof_security_options_autolock', 'bulletproof_security_options_autolock', 'bulletproof_security_options_validate_autolock');
|
| 829 |
delete_option('bulletproof_security_options_rate_free');
|
| 830 |
delete_option('bulletproof_security_options_mod_security');
|
| 831 |
delete_option('bulletproof_security_options_vcheck');
|
| 832 |
+
delete_option('bulletproof_security_options_gdpr');
|
| 833 |
// will be adding this new upgrade notice option later
|
| 834 |
// delete_option('bulletproof_security_options_upgrade_notice');
|
| 835 |
|
| 1383 |
return $options;
|
| 1384 |
}
|
| 1385 |
|
| 1386 |
+
// Setup Wizard Options: GDPR On|Off Setup Wizard Option
|
| 1387 |
+
function bulletproof_security_options_validate_gdpr($input) {
|
| 1388 |
+
$options = get_option('bulletproof_security_options_gdpr');
|
| 1389 |
+
$options['bps_gdpr_on_off'] = $input['bps_gdpr_on_off'];
|
| 1390 |
+
|
| 1391 |
+
return $options;
|
| 1392 |
+
}
|
| 1393 |
+
|
| 1394 |
?>
|
admin/login/login.php
CHANGED
|
@@ -134,7 +134,6 @@ $bpsSpacePop = '-------------------------------------------------------------';
|
|
| 134 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 135 |
// Replace ABSPATH = wp-content
|
| 136 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 137 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 138 |
// Top div & bottom div echo
|
| 139 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 140 |
$bps_bottomDiv = '</p></div>';
|
|
@@ -1360,7 +1359,7 @@ if ( isset( $_POST['Submit-ACE-Options'] ) && current_user_can('manage_options')
|
|
| 1360 |
</table>
|
| 1361 |
</div>
|
| 1362 |
|
| 1363 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 1364 |
</div>
|
| 1365 |
</div>
|
| 1366 |
</div>
|
| 134 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 135 |
// Replace ABSPATH = wp-content
|
| 136 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
|
|
| 137 |
// Top div & bottom div echo
|
| 138 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 139 |
$bps_bottomDiv = '</p></div>';
|
| 1359 |
</table>
|
| 1360 |
</div>
|
| 1361 |
|
| 1362 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 1363 |
</div>
|
| 1364 |
</div>
|
| 1365 |
</div>
|
admin/maintenance/maintenance.php
CHANGED
|
@@ -150,7 +150,6 @@ $bpsSpacePop = '-------------------------------------------------------------';
|
|
| 150 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 151 |
// Replace ABSPATH = wp-content
|
| 152 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 153 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 154 |
// Top div echo & bottom div echo
|
| 155 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 156 |
$bps_bottomDiv = '</p></div>';
|
|
@@ -2103,7 +2102,7 @@ if ( isset( $_POST['Submit-maintenance-mode-off'] ) && current_user_can('manage_
|
|
| 2103 |
</table>
|
| 2104 |
</div>
|
| 2105 |
|
| 2106 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 2107 |
</div>
|
| 2108 |
</div>
|
| 2109 |
</div>
|
| 150 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 151 |
// Replace ABSPATH = wp-content
|
| 152 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
|
|
| 153 |
// Top div echo & bottom div echo
|
| 154 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 155 |
$bps_bottomDiv = '</p></div>';
|
| 2102 |
</table>
|
| 2103 |
</div>
|
| 2104 |
|
| 2105 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 2106 |
</div>
|
| 2107 |
</div>
|
| 2108 |
</div>
|
admin/mscan/mscan.php
CHANGED
|
@@ -91,7 +91,6 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
| 91 |
// Replace ABSPATH = wp-content/uploads
|
| 92 |
$wp_upload_dir = wp_upload_dir();
|
| 93 |
$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
|
| 94 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 95 |
|
| 96 |
function bpsPro_mscan_openbasedir_check() {
|
| 97 |
|
|
@@ -1925,7 +1924,7 @@ jQuery(document).ready(function($){
|
|
| 1925 |
</table>
|
| 1926 |
</div>
|
| 1927 |
|
| 1928 |
-
<div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION;
|
| 1929 |
</div>
|
| 1930 |
</div>
|
| 1931 |
</div>
|
| 91 |
// Replace ABSPATH = wp-content/uploads
|
| 92 |
$wp_upload_dir = wp_upload_dir();
|
| 93 |
$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
|
|
|
|
| 94 |
|
| 95 |
function bpsPro_mscan_openbasedir_check() {
|
| 96 |
|
| 1924 |
</table>
|
| 1925 |
</div>
|
| 1926 |
|
| 1927 |
+
<div id="AITpro-link">BulletProof Security Pro <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 1928 |
</div>
|
| 1929 |
</div>
|
| 1930 |
</div>
|
admin/security-log/security-log.php
CHANGED
|
@@ -72,7 +72,6 @@ $bpsSpacePop = '-------------------------------------------------------------';
|
|
| 72 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 73 |
// Replace ABSPATH = wp-content
|
| 74 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 75 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 76 |
|
| 77 |
// Top div echo & bottom div echo
|
| 78 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
|
@@ -811,7 +810,7 @@ jQuery(document).ready(function($){
|
|
| 811 |
</table>
|
| 812 |
</div>
|
| 813 |
|
| 814 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 815 |
</div>
|
| 816 |
</div>
|
| 817 |
</div>
|
| 72 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 73 |
// Replace ABSPATH = wp-content
|
| 74 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
|
|
| 75 |
|
| 76 |
// Top div echo & bottom div echo
|
| 77 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 810 |
</table>
|
| 811 |
</div>
|
| 812 |
|
| 813 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 814 |
</div>
|
| 815 |
</div>
|
| 816 |
</div>
|
admin/system-info/system-info.php
CHANGED
|
@@ -75,7 +75,6 @@ $bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
| 75 |
// Replace ABSPATH = wp-content/uploads
|
| 76 |
$wp_upload_dir = wp_upload_dir();
|
| 77 |
$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
|
| 78 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 79 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 80 |
$bps_bottomDiv = '</p></div>';
|
| 81 |
|
|
@@ -913,7 +912,7 @@ function bpsPro_count_network_activated_plugins($count) {
|
|
| 913 |
<td rowspan="2" class="bps-table_cell_perms_blank">
|
| 914 |
|
| 915 |
<?php
|
| 916 |
-
if ( is_admin() &&
|
| 917 |
|
| 918 |
$sapi_type = php_sapi_name();
|
| 919 |
$DBBoptions = get_option('bulletproof_security_options_db_backup');
|
|
@@ -945,6 +944,7 @@ function bpsPro_count_network_activated_plugins($count) {
|
|
| 945 |
bps_check_perms( str_replace( WP_CONTENT_DIR, "../$bps_wpcontent_dir", get_theme_root() ), "705");
|
| 946 |
bps_check_perms("../$bps_uploads_dir", "705");
|
| 947 |
bps_check_perms("../$bps_wpcontent_dir/upgrade", "755");
|
|
|
|
| 948 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup", "705");
|
| 949 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "705");
|
| 950 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "705");
|
|
@@ -984,6 +984,7 @@ function bpsPro_count_network_activated_plugins($count) {
|
|
| 984 |
bps_check_perms( str_replace( WP_CONTENT_DIR, "../$bps_wpcontent_dir", get_theme_root() ), "755");
|
| 985 |
bps_check_perms("../$bps_uploads_dir", "755");
|
| 986 |
bps_check_perms("../$bps_wpcontent_dir/upgrade", "755");
|
|
|
|
| 987 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup", "755");
|
| 988 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "755");
|
| 989 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "755");
|
|
@@ -1177,7 +1178,7 @@ global $bps_topDiv, $bps_bottomDiv;
|
|
| 1177 |
</table>
|
| 1178 |
</div>
|
| 1179 |
|
| 1180 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 1181 |
</div>
|
| 1182 |
</div>
|
| 1183 |
</div>
|
| 75 |
// Replace ABSPATH = wp-content/uploads
|
| 76 |
$wp_upload_dir = wp_upload_dir();
|
| 77 |
$bps_uploads_dir = str_replace( ABSPATH, '', $wp_upload_dir['basedir'] );
|
|
|
|
| 78 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 79 |
$bps_bottomDiv = '</p></div>';
|
| 80 |
|
| 912 |
<td rowspan="2" class="bps-table_cell_perms_blank">
|
| 913 |
|
| 914 |
<?php
|
| 915 |
+
if ( is_admin() && current_user_can('manage_options') ) {
|
| 916 |
|
| 917 |
$sapi_type = php_sapi_name();
|
| 918 |
$DBBoptions = get_option('bulletproof_security_options_db_backup');
|
| 944 |
bps_check_perms( str_replace( WP_CONTENT_DIR, "../$bps_wpcontent_dir", get_theme_root() ), "705");
|
| 945 |
bps_check_perms("../$bps_uploads_dir", "705");
|
| 946 |
bps_check_perms("../$bps_wpcontent_dir/upgrade", "755");
|
| 947 |
+
bps_check_perms("../$bps_wpcontent_dir/mu-plugins", "705");
|
| 948 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup", "705");
|
| 949 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "705");
|
| 950 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "705");
|
| 984 |
bps_check_perms( str_replace( WP_CONTENT_DIR, "../$bps_wpcontent_dir", get_theme_root() ), "755");
|
| 985 |
bps_check_perms("../$bps_uploads_dir", "755");
|
| 986 |
bps_check_perms("../$bps_wpcontent_dir/upgrade", "755");
|
| 987 |
+
bps_check_perms("../$bps_wpcontent_dir/mu-plugins", "755");
|
| 988 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup", "755");
|
| 989 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/logs", "755");
|
| 990 |
bps_check_perms("../$bps_wpcontent_dir/bps-backup/master-backups", "755");
|
| 1178 |
</table>
|
| 1179 |
</div>
|
| 1180 |
|
| 1181 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://www.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 1182 |
</div>
|
| 1183 |
</div>
|
| 1184 |
</div>
|
admin/theme-skin/theme-skin.php
CHANGED
|
@@ -77,7 +77,6 @@ $bpsSpacePop = '-------------------------------------------------------------';
|
|
| 77 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 78 |
// Replace ABSPATH = wp-content
|
| 79 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 80 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 81 |
// Top div echo & bottom div echo
|
| 82 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 83 |
$bps_bottomDiv = '</p></div>';
|
|
@@ -226,7 +225,7 @@ $bps_bottomDiv = '</p></div>';
|
|
| 226 |
</table>
|
| 227 |
</div>
|
| 228 |
|
| 229 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 230 |
</div>
|
| 231 |
</div>
|
| 232 |
</div>
|
| 77 |
$bps_plugin_dir = str_replace( ABSPATH, '', WP_PLUGIN_DIR );
|
| 78 |
// Replace ABSPATH = wp-content
|
| 79 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
|
|
|
| 80 |
// Top div echo & bottom div echo
|
| 81 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 82 |
$bps_bottomDiv = '</p></div>';
|
| 225 |
</table>
|
| 226 |
</div>
|
| 227 |
|
| 228 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 229 |
</div>
|
| 230 |
</div>
|
| 231 |
</div>
|
admin/wizard/pwizard-autofix-setup.php
CHANGED
|
@@ -1553,6 +1553,7 @@ function bpsPro_Pwizard_Autofix_WPFC() {
|
|
| 1553 |
// Unlock the Root htaccess file, get the WPR htaccess code and then remove any existing WPR htaccess code in the Root htaccess file.
|
| 1554 |
// Notes: WPR version tested: 2.10.3 released June 2017. Writes htaccess code to the top of the root htaccess file every time and does not replace/overwrite old code.
|
| 1555 |
// Note: htaccess code is created in the site root htaccess file for GWIOD site types.
|
|
|
|
| 1556 |
function bpsPro_Pwizard_Autofix_WPR() {
|
| 1557 |
|
| 1558 |
$AutoFix_Options = get_option('bulletproof_security_options_wizard_autofix');
|
|
@@ -1564,12 +1565,17 @@ function bpsPro_Pwizard_Autofix_WPR() {
|
|
| 1564 |
$wpr_plugin = 'wp-rocket/wp-rocket.php';
|
| 1565 |
$wpr_plugin_active = in_array( $wpr_plugin, apply_filters('active_plugins', get_option('active_plugins')));
|
| 1566 |
|
| 1567 |
-
// CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
|
|
|
|
| 1568 |
$CC_Options_root = get_option('bulletproof_security_options_customcode');
|
| 1569 |
$bps_customcode_cache = htmlspecialchars_decode( $CC_Options_root['bps_customcode_one'], ENT_QUOTES );
|
|
|
|
| 1570 |
$bps_customcode_cache_array = array();
|
|
|
|
| 1571 |
$bps_customcode_cache_array[] = $bps_customcode_cache;
|
|
|
|
| 1572 |
$cc_cache_array = array();
|
|
|
|
| 1573 |
|
| 1574 |
if ( $wpr_plugin_active == 1 || is_plugin_active_for_network( $wpr_plugin ) ) {
|
| 1575 |
|
|
@@ -1718,6 +1724,7 @@ function bpsPro_Pwizard_Autofix_WPR() {
|
|
| 1718 |
} else {
|
| 1719 |
|
| 1720 |
## WP Rocket Cleanup: Either not installed or activated. Removes any/all WP Rocket htaccess code from BPS Custom Code and Root htaccess file.
|
|
|
|
| 1721 |
if ( $wpr_plugin_active != 1 && ! is_plugin_active_for_network( $wpr_plugin ) ) {
|
| 1722 |
|
| 1723 |
## Remove any existing WP Rocket htaccess code in Custom Code from the $cc_cache_array.
|
|
@@ -1736,6 +1743,22 @@ function bpsPro_Pwizard_Autofix_WPR() {
|
|
| 1736 |
|
| 1737 |
$bps_customcode_cache_implode = implode( "\n\n", $cc_cache_array );
|
| 1738 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1739 |
if ( ! is_multisite() ) {
|
| 1740 |
|
| 1741 |
$Root_CC_Options = array(
|
|
@@ -1748,7 +1771,7 @@ function bpsPro_Pwizard_Autofix_WPR() {
|
|
| 1748 |
'bps_customcode_admin_includes' => $CC_Options_root['bps_customcode_admin_includes'],
|
| 1749 |
'bps_customcode_wp_rewrite_start' => $CC_Options_root['bps_customcode_wp_rewrite_start'],
|
| 1750 |
'bps_customcode_request_methods' => $CC_Options_root['bps_customcode_request_methods'],
|
| 1751 |
-
'bps_customcode_two' => $
|
| 1752 |
'bps_customcode_timthumb_misc' => $CC_Options_root['bps_customcode_timthumb_misc'],
|
| 1753 |
'bps_customcode_bpsqse' => $CC_Options_root['bps_customcode_bpsqse'],
|
| 1754 |
'bps_customcode_deny_files' => $CC_Options_root['bps_customcode_deny_files'],
|
|
@@ -1767,7 +1790,7 @@ function bpsPro_Pwizard_Autofix_WPR() {
|
|
| 1767 |
'bps_customcode_admin_includes' => $CC_Options_root['bps_customcode_admin_includes'],
|
| 1768 |
'bps_customcode_wp_rewrite_start' => $CC_Options_root['bps_customcode_wp_rewrite_start'],
|
| 1769 |
'bps_customcode_request_methods' => $CC_Options_root['bps_customcode_request_methods'],
|
| 1770 |
-
'bps_customcode_two' => $
|
| 1771 |
'bps_customcode_timthumb_misc' => $CC_Options_root['bps_customcode_timthumb_misc'],
|
| 1772 |
'bps_customcode_bpsqse' => $CC_Options_root['bps_customcode_bpsqse'],
|
| 1773 |
'bps_customcode_wp_rewrite_end' => $CC_Options_root['bps_customcode_wp_rewrite_end'],
|
|
@@ -1797,6 +1820,10 @@ function bpsPro_Pwizard_Autofix_WPR() {
|
|
| 1797 |
$root_htaccess_file_contents = preg_replace( '/#\sBEGIN\sWP\sRocket(.*)#\sEND\sWP\sRocket/s', "", $root_htaccess_file_contents);
|
| 1798 |
}
|
| 1799 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1800 |
file_put_contents($rootHtaccess, $root_htaccess_file_contents);
|
| 1801 |
|
| 1802 |
$Root_Autolock = get_option('bulletproof_security_options_autolock');
|
| 1553 |
// Unlock the Root htaccess file, get the WPR htaccess code and then remove any existing WPR htaccess code in the Root htaccess file.
|
| 1554 |
// Notes: WPR version tested: 2.10.3 released June 2017. Writes htaccess code to the top of the root htaccess file every time and does not replace/overwrite old code.
|
| 1555 |
// Note: htaccess code is created in the site root htaccess file for GWIOD site types.
|
| 1556 |
+
// 3.1: Delete the WP Rocket plugin skip/bypass rule code.
|
| 1557 |
function bpsPro_Pwizard_Autofix_WPR() {
|
| 1558 |
|
| 1559 |
$AutoFix_Options = get_option('bulletproof_security_options_wizard_autofix');
|
| 1565 |
$wpr_plugin = 'wp-rocket/wp-rocket.php';
|
| 1566 |
$wpr_plugin_active = in_array( $wpr_plugin, apply_filters('active_plugins', get_option('active_plugins')));
|
| 1567 |
|
| 1568 |
+
// 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
|
| 1569 |
+
// 10. CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
|
| 1570 |
$CC_Options_root = get_option('bulletproof_security_options_customcode');
|
| 1571 |
$bps_customcode_cache = htmlspecialchars_decode( $CC_Options_root['bps_customcode_one'], ENT_QUOTES );
|
| 1572 |
+
$bps_customcode_two = htmlspecialchars_decode( $CC_Options_root['bps_customcode_two'], ENT_QUOTES );
|
| 1573 |
$bps_customcode_cache_array = array();
|
| 1574 |
+
$bps_customcode_two_array = array();
|
| 1575 |
$bps_customcode_cache_array[] = $bps_customcode_cache;
|
| 1576 |
+
$bps_customcode_two_array[] = $bps_customcode_two;
|
| 1577 |
$cc_cache_array = array();
|
| 1578 |
+
$cc_two_array = array();
|
| 1579 |
|
| 1580 |
if ( $wpr_plugin_active == 1 || is_plugin_active_for_network( $wpr_plugin ) ) {
|
| 1581 |
|
| 1724 |
} else {
|
| 1725 |
|
| 1726 |
## WP Rocket Cleanup: Either not installed or activated. Removes any/all WP Rocket htaccess code from BPS Custom Code and Root htaccess file.
|
| 1727 |
+
// 3.1: Remove the WP Rocket plugin skip/bypass code.
|
| 1728 |
if ( $wpr_plugin_active != 1 && ! is_plugin_active_for_network( $wpr_plugin ) ) {
|
| 1729 |
|
| 1730 |
## Remove any existing WP Rocket htaccess code in Custom Code from the $cc_cache_array.
|
| 1743 |
|
| 1744 |
$bps_customcode_cache_implode = implode( "\n\n", $cc_cache_array );
|
| 1745 |
|
| 1746 |
+
## 13.6: Remove any existing WP Rocket htaccess code in Custom Code from the $cc_two_array.
|
| 1747 |
+
foreach ( $bps_customcode_two_array as $key => $value ) {
|
| 1748 |
+
|
| 1749 |
+
if ( preg_match( '/#\sWP\sRocket\splugin\sskip\/bypass\srule(\s*){1}RewriteCond(.*)wp-rocket\/\s\[NC\](\s*){1}RewriteRule\s\.\s\-\s\[S=\d{1,2}\]/s', $value, $matches ) ) {
|
| 1750 |
+
$value = preg_replace( '/#\sWP\sRocket\splugin\sskip\/bypass\srule(\s*){1}RewriteCond(.*)wp-rocket\/\s\[NC\](\s*){1}RewriteRule\s\.\s\-\s\[S=\d{1,2}\]/s', "", $value);
|
| 1751 |
+
}
|
| 1752 |
+
|
| 1753 |
+
if ( preg_match('/(\n\r){2,}/', $value, $matches) ) {
|
| 1754 |
+
$value = preg_replace("/(\n\r){2,}/", "\n", $value);
|
| 1755 |
+
}
|
| 1756 |
+
|
| 1757 |
+
$cc_two_array[] = trim( $value, " \t\n\r");
|
| 1758 |
+
}
|
| 1759 |
+
|
| 1760 |
+
$bps_customcode_two_implode = implode( "\n\n", $cc_two_array );
|
| 1761 |
+
|
| 1762 |
if ( ! is_multisite() ) {
|
| 1763 |
|
| 1764 |
$Root_CC_Options = array(
|
| 1771 |
'bps_customcode_admin_includes' => $CC_Options_root['bps_customcode_admin_includes'],
|
| 1772 |
'bps_customcode_wp_rewrite_start' => $CC_Options_root['bps_customcode_wp_rewrite_start'],
|
| 1773 |
'bps_customcode_request_methods' => $CC_Options_root['bps_customcode_request_methods'],
|
| 1774 |
+
'bps_customcode_two' => $bps_customcode_two_implode,
|
| 1775 |
'bps_customcode_timthumb_misc' => $CC_Options_root['bps_customcode_timthumb_misc'],
|
| 1776 |
'bps_customcode_bpsqse' => $CC_Options_root['bps_customcode_bpsqse'],
|
| 1777 |
'bps_customcode_deny_files' => $CC_Options_root['bps_customcode_deny_files'],
|
| 1790 |
'bps_customcode_admin_includes' => $CC_Options_root['bps_customcode_admin_includes'],
|
| 1791 |
'bps_customcode_wp_rewrite_start' => $CC_Options_root['bps_customcode_wp_rewrite_start'],
|
| 1792 |
'bps_customcode_request_methods' => $CC_Options_root['bps_customcode_request_methods'],
|
| 1793 |
+
'bps_customcode_two' => $bps_customcode_two_implode,
|
| 1794 |
'bps_customcode_timthumb_misc' => $CC_Options_root['bps_customcode_timthumb_misc'],
|
| 1795 |
'bps_customcode_bpsqse' => $CC_Options_root['bps_customcode_bpsqse'],
|
| 1796 |
'bps_customcode_wp_rewrite_end' => $CC_Options_root['bps_customcode_wp_rewrite_end'],
|
| 1820 |
$root_htaccess_file_contents = preg_replace( '/#\sBEGIN\sWP\sRocket(.*)#\sEND\sWP\sRocket/s', "", $root_htaccess_file_contents);
|
| 1821 |
}
|
| 1822 |
|
| 1823 |
+
if ( preg_match( '/#\sWP\sRocket\splugin\sskip\/bypass\srule(\s*){1}RewriteCond(.*)wp-rocket\/\s\[NC\](\s*){1}RewriteRule\s\.\s\-\s\[S=\d{1,2}\]/s', $root_htaccess_file_contents, $matches ) ) {
|
| 1824 |
+
$root_htaccess_file_contents = preg_replace( '/#\sWP\sRocket\splugin\sskip\/bypass\srule(\s*){1}RewriteCond(.*)wp-rocket\/\s\[NC\](\s*){1}RewriteRule\s\.\s\-\s\[S=\d{1,2}\]/s', "", $root_htaccess_file_contents);
|
| 1825 |
+
}
|
| 1826 |
+
|
| 1827 |
file_put_contents($rootHtaccess, $root_htaccess_file_contents);
|
| 1828 |
|
| 1829 |
$Root_Autolock = get_option('bulletproof_security_options_autolock');
|
admin/wizard/wizard.php
CHANGED
|
@@ -109,7 +109,6 @@ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
|
|
| 109 |
|
| 110 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 111 |
$bpsSpacePop = '-------------------------------------------------------------';
|
| 112 |
-
$vcheck_options = get_option('bulletproof_security_options_vcheck');
|
| 113 |
|
| 114 |
if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
|
| 115 |
require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/wizard/wizard-functions.php' );
|
|
@@ -363,14 +362,6 @@ $failMessage = __('Error: Unable to create DB Table ', 'bulletproof-security');
|
|
| 363 |
$failTextEnd = '</strong></font><br>';
|
| 364 |
$HFiles_options = get_option('bulletproof_security_options_htaccess_files');
|
| 365 |
|
| 366 |
-
// 3.0: VCheck
|
| 367 |
-
$bps_vcheck_master = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php';
|
| 368 |
-
|
| 369 |
-
if ( file_exists($bps_vcheck_master) ) {
|
| 370 |
-
require_once ( WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php' );
|
| 371 |
-
unlink($bps_vcheck_master);
|
| 372 |
-
}
|
| 373 |
-
|
| 374 |
// 2.9: BPS plugin 30 day review/rating request Dismiss Notice
|
| 375 |
$bps_rate_options = 'bulletproof_security_options_rate_free';
|
| 376 |
$gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
|
@@ -1114,10 +1105,11 @@ bpsSetupWizardPrechecks();
|
|
| 1114 |
|
| 1115 |
<strong><a href="https://forum.ait-pro.com/forums/topic/gdmw/" title="Go Daddy Managed WordPress Hosting (GDMW)" target="_blank"><?php _e('Go Daddy Managed WordPress Hosting (GDMW)', 'bulletproof-security'); ?></a></strong><br />
|
| 1116 |
<strong><a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" title="Enable|Disable htaccess Files" target="_blank"><?php _e('Enable|Disable htaccess Files', 'bulletproof-security'); ?></a></strong><br />
|
| 1117 |
-
<strong><a href="https://forum.ait-pro.com/forums/topic/setup-wizard-autofix/" title="AutoFix" target="_blank"><?php _e('AutoFix Forum Topic', 'bulletproof-security'); ?></a></strong><br
|
|
|
|
| 1118 |
|
| 1119 |
<?php
|
| 1120 |
-
$dialog_text = '<strong>'.__('AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)', 'bulletproof-security').'</strong><br>'.__('Setup Wizard AutoFix is turned On by default. When AutoFix is turned On the Setup Wizard will automatically create htaccess whitelist rules in BPS Custom Code and your Live htaccess files for other plugins and themes that you have installed that require htaccess code whitelist rules. Setup Wizard AutoFix will also automatically setup or cleanup htaccess code in BPS Custom Code for these caching plugins: WP Super Cache, W3 Total Cache, Comet Cache Plugin (free & Pro), WP Fastest Cache Plugin (free & Premium), Endurance Page Cache and WP Rocket. If a problem occurs with AutoFix you can turn On the AutoFix Debugger on the BPS UI|UX Settings page > BPS UI|UX|AutoFix Debug option to check the plugin or theme name and the BPS Custom Code text box where the problem is occurring. You can also turn Off AutoFix and AutoFix will not try to detect or create Custom Code whitelist rules or setup or cleanup caching plugins htaccess code. If a problem does occur with AutoFix turn On the BPS UI|UX|AutoFix Debug option, copy the AutoFix Debug information that is displayed to you and then click the AutoFix Forum Topic link at the top of this Read Me help window and post a forum Reply with your AutoFix Debug information so that we can figure out what the problem is.', 'bulletproof-security').'<br><br><strong>'.__('Go Daddy Managed WordPress Hosting (GDMW):', 'bulletproof-security').'</strong><br>'.__('This option is ONLY for a special type of Go Daddy Hosting account called "Managed WordPress Hosting" and is NOT for regular/standard Go Daddy Hosting account types. Leave the default setting set to No, unless you have a Go Daddy Managed WordPress Hosting account. See the Forum Help Links section above for more information.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable htaccess Files:', 'bulletproof-security').'</strong><br>'.__('Before changing this option setting, click the ', 'bulletproof-security').'<strong><font color="blue">'.__('Enable|Disable htaccess Files', 'bulletproof-security').'</font></strong>'.__(' Forum Help Link at the top of this Read Me help window to find out exactly what this option setting does and when it should or should not be used. htaccess Files Disabled: Will disable all BPS htaccess features and files. htaccess Files Enabled: Will enable all BPS htaccess freatures and files.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable wp-admin BulletProof Mode', 'bulletproof-security').'</strong><br>'.__('The default setting is already set to: wp-admin BulletProof Mode Enabled. If you would like to disable wp-admin BulletProof Mode select wp-admin BulletProof Mode Disabled.', 'bulletproof-security').'<br><br><strong>'.__('Zip File Download Fix (Incapsula, Proxy, Other Cause):', 'bulletproof-security').'</strong><br>'.__('This option should only be set to On if you are seeing a 403 error and/or unable to download these Zip files: Custom Code Export Zip file, Login Security Table Export Zip file or the Setup Wizard Root htaccess file backup Zip file. The Setup Wizard Root htaccess file backup Zip file link is only displayed if BPS detects that your current Root htaccess file is not a BPS Root htaccess file. If you are still unable to download zip files after setting this option to On then you will need to whitelist your Proxy IP address in the Plugin Firewall Whitelist by Hostname (domain name) and IP Address tool under the Plugin Firewall Additional Whitelist Tools accordion tab. If that does not work then you will need to deactivate the Plugin Firewall temporarily, download the zip file and then activate the Plugin Firewall again.', 'bulletproof-security').'<br><br><strong>'.__('Network|Multisite Sitewide Login Security Settings', 'bulletproof-security').'</strong><br>'.__('This option is for Network|Multisite sites only. This is an independent option Form that creates and saves Login Security DB option settings for all Network sites when you click the Save Network LSM Options Sitewide button. If Login Security option settings have already been setup and saved for any Network site then those Login Security option settings will NOT be changed. If Login Security options settings have NOT already been setup and saved for any Network site then those Login Security option settings will be created and saved with these default settings: Max Login Attempts: 3, Automatic Lockout Time: 60, Manual Lockout Time: 60, Max DB Rows To Show: blank show all rows, Turn On|Turn Off: Turn On Login Security, Logging Options: Log Only Account Lockouts, Error Messages: Standard WP Login Errors, Attempts Remaining: Show Login Attempts Remaining, Password Reset: Enable Password Reset, Sort DB Rows: Ascending - Show Oldest Login First.', 'bulletproof-security').'<br><br><strong>'.__('Network|Multisite Sitewide JTC-Lite Settings', 'bulletproof-security').'</strong><br>'.__('This option is for Network|Multisite sites only. This is an independent option Form that creates and saves JTC-Lite DB option settings for all Network sites when you click the Save Network JTC Options Sitewide button. If JTC option settings have already been setup and saved for any Network site then those JTC option settings will not be changed. If JTC options settings have not already been setup and saved for any Network site then those JTC option settings will be created and saved with these default settings: JTC CAPTCHA: jtc, JTC ToolTip: Type/Enter: jtc, JTC Title|Text: Hover or click the text box below, Enable|Disable JTC Anti-Spam For These Forms: Login Form checkbox is checked and will display the JTC CAPTCHA text box on the Login Form.', 'bulletproof-security');
|
| 1121 |
echo $dialog_text;
|
| 1122 |
?>
|
| 1123 |
|
|
@@ -1139,6 +1131,18 @@ bpsSetupWizardPrechecks();
|
|
| 1139 |
<input type="submit" name="Submit-AutoFix" class="button bps-button" style="margin:10px 0px 20px 0px;width:202px;height:auto;white-space:normal" value="<?php esc_attr_e('Save AutoFix Option', 'bulletproof-security') ?>" />
|
| 1140 |
</form>
|
| 1141 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1142 |
<form name="SetupWizardGDMW" action="options.php#bps-tabs-2" method="post">
|
| 1143 |
<?php settings_fields('bulletproof_security_options_GDMW'); ?>
|
| 1144 |
<?php $GDMWoptions = get_option('bulletproof_security_options_GDMW'); ?>
|
|
@@ -1431,7 +1435,7 @@ if ( isset( $_POST['Submit-Net-JTC'] ) && current_user_can('manage_options') ) {
|
|
| 1431 |
|
| 1432 |
</div>
|
| 1433 |
|
| 1434 |
-
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION;
|
| 1435 |
</div>
|
| 1436 |
</div>
|
| 1437 |
<style>
|
| 109 |
|
| 110 |
$bps_wpcontent_dir = str_replace( ABSPATH, '', WP_CONTENT_DIR );
|
| 111 |
$bpsSpacePop = '-------------------------------------------------------------';
|
|
|
|
| 112 |
|
| 113 |
if ( isset( $_POST['Submit-Setup-Wizard'] ) ) {
|
| 114 |
require_once( WP_PLUGIN_DIR . '/bulletproof-security/admin/wizard/wizard-functions.php' );
|
| 362 |
$failTextEnd = '</strong></font><br>';
|
| 363 |
$HFiles_options = get_option('bulletproof_security_options_htaccess_files');
|
| 364 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 365 |
// 2.9: BPS plugin 30 day review/rating request Dismiss Notice
|
| 366 |
$bps_rate_options = 'bulletproof_security_options_rate_free';
|
| 367 |
$gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
| 1105 |
|
| 1106 |
<strong><a href="https://forum.ait-pro.com/forums/topic/gdmw/" title="Go Daddy Managed WordPress Hosting (GDMW)" target="_blank"><?php _e('Go Daddy Managed WordPress Hosting (GDMW)', 'bulletproof-security'); ?></a></strong><br />
|
| 1107 |
<strong><a href="https://forum.ait-pro.com/forums/topic/htaccess-files-disabled-setup-wizard-enable-disable-htaccess-files/" title="Enable|Disable htaccess Files" target="_blank"><?php _e('Enable|Disable htaccess Files', 'bulletproof-security'); ?></a></strong><br />
|
| 1108 |
+
<strong><a href="https://forum.ait-pro.com/forums/topic/setup-wizard-autofix/" title="AutoFix" target="_blank"><?php _e('AutoFix Forum Topic', 'bulletproof-security'); ?></a></strong><br />
|
| 1109 |
+
<strong><a href="https://forum.ait-pro.com/forums/topic/bps-gdpr-compliance/" title="GDPR Compliance" target="_blank"><?php _e('GDPR Compliance Forum Topic', 'bulletproof-security'); ?></a></strong><br /><br />
|
| 1110 |
|
| 1111 |
<?php
|
| 1112 |
+
$dialog_text = '<strong>'.__('AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)', 'bulletproof-security').'</strong><br>'.__('Setup Wizard AutoFix is turned On by default. When AutoFix is turned On the Setup Wizard will automatically create htaccess whitelist rules in BPS Custom Code and your Live htaccess files for other plugins and themes that you have installed that require htaccess code whitelist rules. Setup Wizard AutoFix will also automatically setup or cleanup htaccess code in BPS Custom Code for these caching plugins: WP Super Cache, W3 Total Cache, Comet Cache Plugin (free & Pro), WP Fastest Cache Plugin (free & Premium), Endurance Page Cache and WP Rocket. If a problem occurs with AutoFix you can turn On the AutoFix Debugger on the BPS UI|UX Settings page > BPS UI|UX|AutoFix Debug option to check the plugin or theme name and the BPS Custom Code text box where the problem is occurring. You can also turn Off AutoFix and AutoFix will not try to detect or create Custom Code whitelist rules or setup or cleanup caching plugins htaccess code. If a problem does occur with AutoFix turn On the BPS UI|UX|AutoFix Debug option, copy the AutoFix Debug information that is displayed to you and then click the AutoFix Forum Topic link at the top of this Read Me help window and post a forum Reply with your AutoFix Debug information so that we can figure out what the problem is.', 'bulletproof-security').'<br><br><strong>'.__('GDPR Compliance (IP Address Logging On|Off)', 'bulletproof-security').'</strong><br>'.__('The GDPR Compliance option setting is set to Off by default. Choosing the GDPR Compliance On option setting will disable IP address logging in all BPS features that log IP addresses. This plain text will be logged instead of IP addresses: GDPR Compliance On. List of BPS features that log IP addresses: Security Log, Login Security and Maintenance Mode. Note: For simplicity and ease of use this GDPR Compliance Setup Wizard Options setting is the only option setting that needs to be set instead of creating individual option settings in all BPS features that perform IP address logging. For more information about GDPR Compliance click the GDPR Compliance Forum Topic link at the top of this Read Me help window.', 'bulletproof-security').'<br><br><strong>'.__('Go Daddy Managed WordPress Hosting (GDMW):', 'bulletproof-security').'</strong><br>'.__('This option is ONLY for a special type of Go Daddy Hosting account called "Managed WordPress Hosting" and is NOT for regular/standard Go Daddy Hosting account types. Leave the default setting set to No, unless you have a Go Daddy Managed WordPress Hosting account. See the Forum Help Links section above for more information.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable htaccess Files:', 'bulletproof-security').'</strong><br>'.__('Before changing this option setting, click the ', 'bulletproof-security').'<strong><font color="blue">'.__('Enable|Disable htaccess Files', 'bulletproof-security').'</font></strong>'.__(' Forum Help Link at the top of this Read Me help window to find out exactly what this option setting does and when it should or should not be used. htaccess Files Disabled: Will disable all BPS htaccess features and files. htaccess Files Enabled: Will enable all BPS htaccess freatures and files.', 'bulletproof-security').'<br><br><strong>'.__('Enable|Disable wp-admin BulletProof Mode', 'bulletproof-security').'</strong><br>'.__('The default setting is already set to: wp-admin BulletProof Mode Enabled. If you would like to disable wp-admin BulletProof Mode select wp-admin BulletProof Mode Disabled.', 'bulletproof-security').'<br><br><strong>'.__('Zip File Download Fix (Incapsula, Proxy, Other Cause):', 'bulletproof-security').'</strong><br>'.__('This option should only be set to On if you are seeing a 403 error and/or unable to download these Zip files: Custom Code Export Zip file, Login Security Table Export Zip file or the Setup Wizard Root htaccess file backup Zip file. The Setup Wizard Root htaccess file backup Zip file link is only displayed if BPS detects that your current Root htaccess file is not a BPS Root htaccess file. If you are still unable to download zip files after setting this option to On then you will need to whitelist your Proxy IP address in the Plugin Firewall Whitelist by Hostname (domain name) and IP Address tool under the Plugin Firewall Additional Whitelist Tools accordion tab. If that does not work then you will need to deactivate the Plugin Firewall temporarily, download the zip file and then activate the Plugin Firewall again.', 'bulletproof-security').'<br><br><strong>'.__('Network|Multisite Sitewide Login Security Settings', 'bulletproof-security').'</strong><br>'.__('This option is for Network|Multisite sites only. This is an independent option Form that creates and saves Login Security DB option settings for all Network sites when you click the Save Network LSM Options Sitewide button. If Login Security option settings have already been setup and saved for any Network site then those Login Security option settings will NOT be changed. If Login Security options settings have NOT already been setup and saved for any Network site then those Login Security option settings will be created and saved with these default settings: Max Login Attempts: 3, Automatic Lockout Time: 60, Manual Lockout Time: 60, Max DB Rows To Show: blank show all rows, Turn On|Turn Off: Turn On Login Security, Logging Options: Log Only Account Lockouts, Error Messages: Standard WP Login Errors, Attempts Remaining: Show Login Attempts Remaining, Password Reset: Enable Password Reset, Sort DB Rows: Ascending - Show Oldest Login First.', 'bulletproof-security').'<br><br><strong>'.__('Network|Multisite Sitewide JTC-Lite Settings', 'bulletproof-security').'</strong><br>'.__('This option is for Network|Multisite sites only. This is an independent option Form that creates and saves JTC-Lite DB option settings for all Network sites when you click the Save Network JTC Options Sitewide button. If JTC option settings have already been setup and saved for any Network site then those JTC option settings will not be changed. If JTC options settings have not already been setup and saved for any Network site then those JTC option settings will be created and saved with these default settings: JTC CAPTCHA: jtc, JTC ToolTip: Type/Enter: jtc, JTC Title|Text: Hover or click the text box below, Enable|Disable JTC Anti-Spam For These Forms: Login Form checkbox is checked and will display the JTC CAPTCHA text box on the Login Form.', 'bulletproof-security');
|
| 1113 |
echo $dialog_text;
|
| 1114 |
?>
|
| 1115 |
|
| 1131 |
<input type="submit" name="Submit-AutoFix" class="button bps-button" style="margin:10px 0px 20px 0px;width:202px;height:auto;white-space:normal" value="<?php esc_attr_e('Save AutoFix Option', 'bulletproof-security') ?>" />
|
| 1132 |
</form>
|
| 1133 |
|
| 1134 |
+
<form name="GDPR" action="options.php#bps-tabs-2" method="post">
|
| 1135 |
+
<?php settings_fields('bulletproof_security_options_gdpr'); ?>
|
| 1136 |
+
<?php $GDPR_Options = get_option('bulletproof_security_options_gdpr'); ?>
|
| 1137 |
+
|
| 1138 |
+
<strong><label for="gdpr"><?php _e('GDPR Compliance (IP Address Logging On|Off):', 'bulletproof-security'); ?></label></strong><br />
|
| 1139 |
+
<select name="bulletproof_security_options_gdpr[bps_gdpr_on_off]" class="form-300" style="margin-top:5px;">
|
| 1140 |
+
<option value="Off" <?php selected('Off', $GDPR_Options['bps_gdpr_on_off']); ?>><?php _e('GDPR Compliance Off', 'bulletproof-security'); ?></option>
|
| 1141 |
+
<option value="On" <?php selected('On', $GDPR_Options['bps_gdpr_on_off']); ?>><?php _e('GDPR Compliance On', 'bulletproof-security'); ?></option>
|
| 1142 |
+
</select><br />
|
| 1143 |
+
<input type="submit" name="Submit-GDPR" class="button bps-button" style="margin:10px 0px 20px 0px;width:202px;height:auto;white-space:normal" value="<?php esc_attr_e('Save GDPR Option', 'bulletproof-security') ?>" />
|
| 1144 |
+
</form>
|
| 1145 |
+
|
| 1146 |
<form name="SetupWizardGDMW" action="options.php#bps-tabs-2" method="post">
|
| 1147 |
<?php settings_fields('bulletproof_security_options_GDMW'); ?>
|
| 1148 |
<?php $GDMWoptions = get_option('bulletproof_security_options_GDMW'); ?>
|
| 1435 |
|
| 1436 |
</div>
|
| 1437 |
|
| 1438 |
+
<div id="AITpro-link">BulletProof Security <?php echo BULLETPROOF_VERSION; ?> Plugin by <a href="https://forum.ait-pro.com/" target="_blank" title="AITpro Website Security">AITpro Website Security</a>
|
| 1439 |
</div>
|
| 1440 |
</div>
|
| 1441 |
<style>
|
bulletproof-security.php
CHANGED
|
@@ -5,7 +5,7 @@ Plugin URI: https://forum.ait-pro.com/read-me-first/
|
|
| 5 |
Text Domain: bulletproof-security
|
| 6 |
Domain Path: /languages/
|
| 7 |
Description: <strong>Feature Highlights:</strong> Setup Wizard • MScan Malware Scanner • .htaccess Website Security Protection (Firewalls) • Security Logging|HTTP Error Logging • DB Backup • DB Table Prefix Changer • Login Security & Monitoring • JTC-Lite Login Form Bot Lockout Protection • Idle Session Logout (ISL) • Auth Cookie Expiration (ACE) • UI Theme Skin Changer • System Info: Extensive System, Server and Security Status Information • FrontEnd|BackEnd Maintenance Mode
|
| 8 |
-
Version: 3.
|
| 9 |
Author: AITpro Website Security
|
| 10 |
Author URI: https://forum.ait-pro.com/read-me-first/
|
| 11 |
*/
|
|
@@ -28,14 +28,34 @@ Author URI: https://forum.ait-pro.com/read-me-first/
|
|
| 28 |
*/
|
| 29 |
|
| 30 |
// BPS variables
|
| 31 |
-
define( 'BULLETPROOF_VERSION', '3.
|
| 32 |
-
$bps_last_version = '
|
| 33 |
-
$bps_version = '3.
|
| 34 |
$aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
|
| 35 |
// Top div & bottom div
|
| 36 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 37 |
$bps_bottomDiv = '</p></div>';
|
| 38 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39 |
// Load BPS Global class - not doing anything with this Class in BPS Free
|
| 40 |
//require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/class.php' );
|
| 41 |
|
|
@@ -114,14 +134,14 @@ add_filter( 'network_admin_plugin_action_links', 'bps_plugin_actlinks', 10, 2 );
|
|
| 114 |
// Add links on plugins page
|
| 115 |
function bps_plugin_extra_links( $links, $file ) {
|
| 116 |
static $this_plugin;
|
| 117 |
-
|
| 118 |
if ( ! current_user_can('install_plugins') )
|
| 119 |
return $links;
|
| 120 |
if ( ! $this_plugin )
|
| 121 |
$this_plugin = plugin_basename(__FILE__);
|
| 122 |
if ( $file == $this_plugin ) {
|
| 123 |
$links[] = '<a href="https://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/" title="BulletProof Security Forum" target="_blank">'.__('Forum - Support', 'bulleproof-security').'</a>';
|
| 124 |
-
$links[] = '<a href="https://affiliates.ait-pro.com/po/" title="Upgrade to BPS Pro" target="_blank">'.__('Upgrade', 'bulleproof-security').'</a>'
|
| 125 |
$links[] = '<a href="https://www.ait-pro.com/bps-features/" title="BPS Pro Features" target="_blank">'.__('BPS Pro Features', 'bulleproof-security').'</a>';
|
| 126 |
}
|
| 127 |
return $links;
|
| 5 |
Text Domain: bulletproof-security
|
| 6 |
Domain Path: /languages/
|
| 7 |
Description: <strong>Feature Highlights:</strong> Setup Wizard • MScan Malware Scanner • .htaccess Website Security Protection (Firewalls) • Security Logging|HTTP Error Logging • DB Backup • DB Table Prefix Changer • Login Security & Monitoring • JTC-Lite Login Form Bot Lockout Protection • Idle Session Logout (ISL) • Auth Cookie Expiration (ACE) • UI Theme Skin Changer • System Info: Extensive System, Server and Security Status Information • FrontEnd|BackEnd Maintenance Mode
|
| 8 |
+
Version: 3.1
|
| 9 |
Author: AITpro Website Security
|
| 10 |
Author URI: https://forum.ait-pro.com/read-me-first/
|
| 11 |
*/
|
| 28 |
*/
|
| 29 |
|
| 30 |
// BPS variables
|
| 31 |
+
define( 'BULLETPROOF_VERSION', '3.1' );
|
| 32 |
+
$bps_last_version = '3.0';
|
| 33 |
+
$bps_version = '3.1';
|
| 34 |
$aitpro_bullet = '<img src="'.plugins_url('/bulletproof-security/admin/images/aitpro-bullet.png').'" style="padding:0px 3px 0px 3px;" />';
|
| 35 |
// Top div & bottom div
|
| 36 |
$bps_topDiv = '<div id="message" class="updated" style="background-color:#dfecf2;border:1px solid #999;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><p>';
|
| 37 |
$bps_bottomDiv = '</p></div>';
|
| 38 |
|
| 39 |
+
// Setup Wizard Options: GDPR Compliance Global Variables
|
| 40 |
+
$GDPR_Options = get_option('bulletproof_security_options_gdpr');
|
| 41 |
+
|
| 42 |
+
if ( $GDPR_Options['bps_gdpr_on_off'] != 'On' ) {
|
| 43 |
+
|
| 44 |
+
$bpsPro_remote_addr = $_SERVER['REMOTE_ADDR'];
|
| 45 |
+
$bpsPro_http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
|
| 46 |
+
$bpsPro_http_forwarded = $_SERVER['HTTP_FORWARDED'];
|
| 47 |
+
$bpsPro_http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
| 48 |
+
$bpsPro_http_x_cluster_client_ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
|
| 49 |
+
|
| 50 |
+
} else {
|
| 51 |
+
|
| 52 |
+
$bpsPro_remote_addr = 'GDPR Compliance On';
|
| 53 |
+
$bpsPro_http_client_ip = 'GDPR Compliance On';
|
| 54 |
+
$bpsPro_http_forwarded = 'GDPR Compliance On';
|
| 55 |
+
$bpsPro_http_x_forwarded_for = 'GDPR Compliance On';
|
| 56 |
+
$bpsPro_http_x_cluster_client_ip = 'GDPR Compliance On';
|
| 57 |
+
}
|
| 58 |
+
|
| 59 |
// Load BPS Global class - not doing anything with this Class in BPS Free
|
| 60 |
//require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/class.php' );
|
| 61 |
|
| 134 |
// Add links on plugins page
|
| 135 |
function bps_plugin_extra_links( $links, $file ) {
|
| 136 |
static $this_plugin;
|
| 137 |
+
|
| 138 |
if ( ! current_user_can('install_plugins') )
|
| 139 |
return $links;
|
| 140 |
if ( ! $this_plugin )
|
| 141 |
$this_plugin = plugin_basename(__FILE__);
|
| 142 |
if ( $file == $this_plugin ) {
|
| 143 |
$links[] = '<a href="https://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/" title="BulletProof Security Forum" target="_blank">'.__('Forum - Support', 'bulleproof-security').'</a>';
|
| 144 |
+
$links[] = '<a href="https://affiliates.ait-pro.com/po/" title="Upgrade to BPS Pro" target="_blank">'.__('Upgrade', 'bulleproof-security').'</a>';
|
| 145 |
$links[] = '<a href="https://www.ait-pro.com/bps-features/" title="BPS Pro Features" target="_blank">'.__('BPS Pro Features', 'bulleproof-security').'</a>';
|
| 146 |
}
|
| 147 |
return $links;
|
includes/general-functions.php
CHANGED
|
@@ -1005,14 +1005,6 @@ function bpsPro_new_version_db_options_files_autoupdate() {
|
|
| 1005 |
if ( current_user_can('manage_options') ) {
|
| 1006 |
global $bps_version, $bps_last_version, $wp_version, $wpdb, $aitpro_bullet, $pagenow, $current_user;
|
| 1007 |
|
| 1008 |
-
// 3.0: VCheck
|
| 1009 |
-
$bps_vcheck_master = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php';
|
| 1010 |
-
|
| 1011 |
-
if ( file_exists($bps_vcheck_master) ) {
|
| 1012 |
-
require_once ( WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/bps-vcheck.php' );
|
| 1013 |
-
unlink($bps_vcheck_master);
|
| 1014 |
-
}
|
| 1015 |
-
|
| 1016 |
// 2.9: BPS plugin 30 day review/rating request Dismiss Notice
|
| 1017 |
$bps_rate_options = 'bulletproof_security_options_rate_free';
|
| 1018 |
$gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
| 1005 |
if ( current_user_can('manage_options') ) {
|
| 1006 |
global $bps_version, $bps_last_version, $wp_version, $wpdb, $aitpro_bullet, $pagenow, $current_user;
|
| 1007 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1008 |
// 2.9: BPS plugin 30 day review/rating request Dismiss Notice
|
| 1009 |
$bps_rate_options = 'bulletproof_security_options_rate_free';
|
| 1010 |
$gmt_offset = get_option( 'gmt_offset' ) * 3600;
|
includes/hud-autofix-whitelist.php
CHANGED
|
@@ -513,7 +513,7 @@ function bpsPro_HUD_autofix_whitelist_check() {
|
|
| 513 |
}
|
| 514 |
if ( $sctocr_active == 1 || is_plugin_active_for_network( $sctocr ) ) {
|
| 515 |
if ( ! preg_match( $marker2, $bps_customcode_bpsqse ) || ! preg_match( $marker3, $bps_customcode_bpsqse ) || ! preg_match( $marker4, $bps_customcode_bpsqse ) ) {
|
| 516 |
-
$autofix_message =
|
| 517 |
$debug_BPSQSE .= __('CC Root Text Box 12: Subscribe To Comments Reloaded Plugin', 'bulletproof-security').'<br>';
|
| 518 |
}
|
| 519 |
}
|
| 513 |
}
|
| 514 |
if ( $sctocr_active == 1 || is_plugin_active_for_network( $sctocr ) ) {
|
| 515 |
if ( ! preg_match( $marker2, $bps_customcode_bpsqse ) || ! preg_match( $marker3, $bps_customcode_bpsqse ) || ! preg_match( $marker4, $bps_customcode_bpsqse ) ) {
|
| 516 |
+
$autofix_message = 1;
|
| 517 |
$debug_BPSQSE .= __('CC Root Text Box 12: Subscribe To Comments Reloaded Plugin', 'bulletproof-security').'<br>';
|
| 518 |
}
|
| 519 |
}
|
includes/hud-dismiss-functions.php
CHANGED
|
@@ -28,6 +28,7 @@ function bps_HUD_WP_Dashboard() {
|
|
| 28 |
bpsPro_hud_jtc_lite_notice();
|
| 29 |
bpsPro_hud_rate_notice();
|
| 30 |
bpsPro_hud_mod_security_check();
|
|
|
|
| 31 |
//bps_hud_check_public_username();
|
| 32 |
}
|
| 33 |
}
|
|
@@ -807,5 +808,36 @@ $user_id = $current_user->ID;
|
|
| 807 |
}
|
| 808 |
}
|
| 809 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 810 |
|
| 811 |
?>
|
| 28 |
bpsPro_hud_jtc_lite_notice();
|
| 29 |
bpsPro_hud_rate_notice();
|
| 30 |
bpsPro_hud_mod_security_check();
|
| 31 |
+
bpsPro_hud_gdpr_compliance();
|
| 32 |
//bps_hud_check_public_username();
|
| 33 |
}
|
| 34 |
}
|
| 808 |
}
|
| 809 |
}
|
| 810 |
|
| 811 |
+
// Heads Up Display w/ Dismiss Notice - GDPR Compliance Dismiss Notice. Displays a link to a help forum topic.
|
| 812 |
+
function bpsPro_hud_gdpr_compliance() {
|
| 813 |
+
|
| 814 |
+
global $current_user;
|
| 815 |
+
$user_id = $current_user->ID;
|
| 816 |
+
|
| 817 |
+
if ( ! get_user_meta($user_id, 'bpsPro_ignore_gdpr_compliance_notice')) {
|
| 818 |
+
|
| 819 |
+
if ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) != 'wp-admin' ) {
|
| 820 |
+
$bps_base = basename(esc_html($_SERVER['REQUEST_URI'])) . '?';
|
| 821 |
+
} elseif ( esc_html($_SERVER['QUERY_STRING']) == '' && basename(esc_html($_SERVER['REQUEST_URI'])) == 'wp-admin' ) {
|
| 822 |
+
$bps_base = basename( str_replace( 'wp-admin', 'index.php?', esc_html($_SERVER['REQUEST_URI'])));
|
| 823 |
+
} else {
|
| 824 |
+
$bps_base = str_replace( admin_url(), '', esc_html($_SERVER['REQUEST_URI']) ) . '&';
|
| 825 |
+
}
|
| 826 |
+
|
| 827 |
+
$text = '<div class="update-nag" style="background-color:#dfecf2;border:1px solid #999;font-size:1em;font-weight:600;padding:2px 5px;margin-top:2px;-moz-border-radius-topleft:3px;-webkit-border-top-left-radius:3px;-khtml-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-topright:3px;-webkit-border-top-right-radius:3px;-khtml-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);-moz-box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);box-shadow: 3px 3px 5px -1px rgba(153,153,153,0.7);"><font color="blue">'.__('BPS GDPR Compliance Notice', 'bulletproof-security').'</font><br>'.__('A new Setup Wizard Option has been created which allows you to turn off all IP address logging in BPS to make your website GDPR Compliant.', 'bulletproof-security').'<br>'.__('Click this ', 'bulletproof-security').'<a href="'.admin_url( 'admin.php?page=bulletproof-security/admin/wizard/wizard.php#bps-tabs-2' ).'">'.__('GDPR Compliance Setup Wizard Option link', 'bulletproof-security').'</a>. '.__('Choose the GDPR Compliance On setting.', 'bulletproof-security').'<br>'.__('For more information about GDPR Compliance click this ', 'bulletproof-security').'<a href="https://forum.ait-pro.com/forums/topic/bps-gdpr-compliance/" target="_blank" title="GDPR Compliance">'.__('GDPR Compliance Forum Topic link', 'bulletproof-security').'</a>.<br>'.__('To Dismiss this Notice click the Dismiss Notice button below. To Reset Dismiss Notices click the Reset|Recheck Dismiss Notices button on the BPS Custom Code page.', 'bulletproof-security').'<br><div style="float:left;margin:3px 0px 3px 0px;padding:2px 6px 2px 6px;background-color:#e8e8e8;border:1px solid gray;"><a href="'.$bps_base.'bpsPro_gdpr_compliance_nag_ignore=0'.'" style="text-decoration:none;font-weight:bold;">'.__('Dismiss Notice', 'bulletproof-security').'</a></div></div>';
|
| 828 |
+
echo $text;
|
| 829 |
+
}
|
| 830 |
+
}
|
| 831 |
+
|
| 832 |
+
add_action('admin_init', 'bpsPro_gdpr_compliance_nag_ignore');
|
| 833 |
+
|
| 834 |
+
function bpsPro_gdpr_compliance_nag_ignore() {
|
| 835 |
+
global $current_user;
|
| 836 |
+
$user_id = $current_user->ID;
|
| 837 |
+
|
| 838 |
+
if ( isset($_GET['bpsPro_gdpr_compliance_nag_ignore']) && '0' == $_GET['bpsPro_gdpr_compliance_nag_ignore'] ) {
|
| 839 |
+
add_user_meta($user_id, 'bpsPro_ignore_gdpr_compliance_notice', 'true', true);
|
| 840 |
+
}
|
| 841 |
+
}
|
| 842 |
|
| 843 |
?>
|
includes/login-security.php
CHANGED
|
@@ -75,7 +75,6 @@ $BPSoptions = get_option('bulletproof_security_options_login_security');
|
|
| 75 |
$BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
|
| 76 |
$options = get_option('bulletproof_security_options_email');
|
| 77 |
$bpspro_login_table = $wpdb->prefix . "bpspro_login_security";
|
| 78 |
-
$ip_address = esc_html( $_SERVER['REMOTE_ADDR'] );
|
| 79 |
$hostname = esc_html( @gethostbyaddr($_SERVER['REMOTE_ADDR'] ) );
|
| 80 |
$request_uri = esc_html( $_SERVER['REQUEST_URI'] );
|
| 81 |
$login_time = time();
|
|
@@ -92,6 +91,15 @@ $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' -
|
|
| 92 |
$headers = array( 'Content-Type: text/html; charset=UTF-8', 'From: ' . $bps_email_from, 'Cc: ' . $bps_email_cc, 'Bcc: ' . $bps_email_bcc );
|
| 93 |
$subject = " BPS Login Security Alert - $timestamp ";
|
| 94 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 95 |
/*
|
| 96 |
***************************************************************
|
| 97 |
// Log All Account Logins for valid Users - Good and Bad Logins
|
| 75 |
$BPSoptionsJTC = get_option('bulletproof_security_options_login_security_jtc');
|
| 76 |
$options = get_option('bulletproof_security_options_email');
|
| 77 |
$bpspro_login_table = $wpdb->prefix . "bpspro_login_security";
|
|
|
|
| 78 |
$hostname = esc_html( @gethostbyaddr($_SERVER['REMOTE_ADDR'] ) );
|
| 79 |
$request_uri = esc_html( $_SERVER['REQUEST_URI'] );
|
| 80 |
$login_time = time();
|
| 91 |
$headers = array( 'Content-Type: text/html; charset=UTF-8', 'From: ' . $bps_email_from, 'Cc: ' . $bps_email_cc, 'Bcc: ' . $bps_email_bcc );
|
| 92 |
$subject = " BPS Login Security Alert - $timestamp ";
|
| 93 |
|
| 94 |
+
// 3.1: New GDPR conditional code for IP addresses logged in the WP DB
|
| 95 |
+
$GDPR_Options = get_option('bulletproof_security_options_gdpr');
|
| 96 |
+
|
| 97 |
+
if ( $GDPR_Options['bps_gdpr_on_off'] != 'On' ) {
|
| 98 |
+
$ip_address = esc_html( $_SERVER['REMOTE_ADDR'] );
|
| 99 |
+
} else {
|
| 100 |
+
$ip_address = 'GDPR Compliance On';
|
| 101 |
+
}
|
| 102 |
+
|
| 103 |
/*
|
| 104 |
***************************************************************
|
| 105 |
// Log All Account Logins for valid Users - Good and Bad Logins
|
includes/mscan-ajax-functions.php
CHANGED
|
@@ -408,9 +408,9 @@ global $wp_version, $wpdb;
|
|
| 408 |
$image_files_time_math = $total_image_files / 34;
|
| 409 |
$image_files_time = round($image_files_time_math);
|
| 410 |
|
| 411 |
-
$rows =
|
| 412 |
$size = 0;
|
| 413 |
-
$result = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE
|
| 414 |
|
| 415 |
foreach ( $result as $data ) {
|
| 416 |
$size += $data->Data_length + $data->Index_length;
|
|
@@ -1295,8 +1295,8 @@ global $wp_version, $wpdb;
|
|
| 1295 |
fwrite( $handle, "Scanning Database: Suspicious code pattern matches:\r\n" );
|
| 1296 |
|
| 1297 |
$db_code_match = 0;
|
| 1298 |
-
$DBTables =
|
| 1299 |
-
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE
|
| 1300 |
|
| 1301 |
## 13.4.1: MScan Database Scan search patterns for DB Query below are now in file: /wp-content/bps-backup/mscan/mscan-pattern-match.php
|
| 1302 |
|
| 408 |
$image_files_time_math = $total_image_files / 34;
|
| 409 |
$image_files_time = round($image_files_time_math);
|
| 410 |
|
| 411 |
+
$rows = '';
|
| 412 |
$size = 0;
|
| 413 |
+
$result = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $rows ) );
|
| 414 |
|
| 415 |
foreach ( $result as $data ) {
|
| 416 |
$size += $data->Data_length + $data->Index_length;
|
| 1295 |
fwrite( $handle, "Scanning Database: Suspicious code pattern matches:\r\n" );
|
| 1296 |
|
| 1297 |
$db_code_match = 0;
|
| 1298 |
+
$DBTables = '';
|
| 1299 |
+
$getDBTables = $wpdb->get_results( $wpdb->prepare( "SHOW TABLE STATUS WHERE Name != %s", $DBTables ) );
|
| 1300 |
|
| 1301 |
## 13.4.1: MScan Database Scan search patterns for DB Query below are now in file: /wp-content/bps-backup/mscan/mscan-pattern-match.php
|
| 1302 |
|
isl-logout.php
CHANGED
|
@@ -27,7 +27,7 @@ require( ABSPATH . WPINC . '/pluggable.php' );
|
|
| 27 |
$timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
|
| 28 |
}
|
| 29 |
|
| 30 |
-
@$log_contents = "\r\n" . '[Idle Session Logout: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$
|
| 31 |
|
| 32 |
if ( is_writable( $bpsProLog ) ) {
|
| 33 |
|
| 27 |
$timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset);
|
| 28 |
}
|
| 29 |
|
| 30 |
+
@$log_contents = "\r\n" . '[Idle Session Logout: ' . $timestamp . ']' . "\r\n" . 'BPS: ' . $bps_version . "\r\n" . 'WP: ' . $wp_version . "\r\n" . 'REMOTE_ADDR: '.$bpsPro_remote_addr . "\r\n" . 'Host Name: ' . $hostname . "\r\n" . 'SERVER_PROTOCOL: ' . $_SERVER['SERVER_PROTOCOL'] . "\r\n" . 'HTTP_CLIENT_IP: ' . $bpsPro_http_client_ip . "\r\n" . 'HTTP_FORWARDED: ' . $bpsPro_http_forwarded . "\r\n" . 'HTTP_X_FORWARDED_FOR: ' . $bpsPro_http_x_forwarded_for . "\r\n" . 'HTTP_X_CLUSTER_CLIENT_IP: ' . $bpsPro_http_x_cluster_client_ip."\r\n" . 'REQUEST_METHOD: '.$_SERVER['REQUEST_METHOD']."\r\n" . 'HTTP_REFERER: '.$_SERVER['HTTP_REFERER']."\r\n" . 'REQUEST_URI: '.$_SERVER['REQUEST_URI']."\r\n" . 'QUERY_STRING: '.$query_string."\r\n" . 'HTTP_USER_AGENT: '.$_SERVER['HTTP_USER_AGENT']."\r\n";
|
| 31 |
|
| 32 |
if ( is_writable( $bpsProLog ) ) {
|
| 33 |
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://wordpress.org/support/view/plugin-reviews/bulletproof-secur
|
|
| 4 |
Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
|
| 5 |
Requires at least: 3.8
|
| 6 |
Tested up to: 4.9
|
| 7 |
-
Stable tag: 3.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -176,6 +176,10 @@ Security plugin features and frequently asked questions see the FAQ section belo
|
|
| 176 |
* Language Packs: <a href="https://translate.wordpress.org/projects/wp-plugins/bulletproof-security" title="Translate BulletProof Security">Translate BulletProof Security</a>
|
| 177 |
* Bonus Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to... To translate plugin text into your Language.
|
| 178 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 179 |
= BulletProof Security Bonus Custom Code =
|
| 180 |
|
| 181 |
* <a href="https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/" title="Brute Force Login Protection .htaccess code" rel="nofollow" target="_blank">Brute Force Login Protection .htaccess Code</a>
|
| 4 |
Tags: security, secure, malware scanner, login security, firewall, security plugin, wordpress security, login, bruteforce, backup, exploit, infection, protection, virus, anti-virus, logout, spam, anti-spam
|
| 5 |
Requires at least: 3.8
|
| 6 |
Tested up to: 4.9
|
| 7 |
+
Stable tag: 3.1
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 176 |
* Language Packs: <a href="https://translate.wordpress.org/projects/wp-plugins/bulletproof-security" title="Translate BulletProof Security">Translate BulletProof Security</a>
|
| 177 |
* Bonus Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to... To translate plugin text into your Language.
|
| 178 |
|
| 179 |
+
= GDPR Compliance =
|
| 180 |
+
* BPS has a GDPR Compliance Setup Wizard Options setting, which allows someone to turn IP address logging On or Off throughout all BPS plugin features by choosing the GDPR Compliance On option setting on the Setup Wizard Options page: BPS Features affected: Security Logging, Login Security Logging, and Maintenance Mode Logging. Note: For simplicity and ease of use there is only one option setting that needs to be set instead of creating individual option settings in all BPS features that perform IP address logging.
|
| 181 |
+
* <a href="https://forum.ait-pro.com/forums/topic/bps-gdpr-compliance/" title="BPS GDPR Compliance Forum Topic" rel="nofollow" target="_blank">BPS GDPR Compliance Forum Topic</a>
|
| 182 |
+
|
| 183 |
= BulletProof Security Bonus Custom Code =
|
| 184 |
|
| 185 |
* <a href="https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/" title="Brute Force Login Protection .htaccess code" rel="nofollow" target="_blank">Brute Force Login Protection .htaccess Code</a>
|
