Defender Security – Malware Scanner, Login Security &amp;

Version Description

New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
New: Ability to force two-factor authentication for all users.
Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
Fix: Fixed an issue where the lockout pages could be cached by external cache engines.

Release Info

Developer	jdailey
Plugin	Defender Security – Malware Scanner, Login Security & Firewall
Version	1.8
Comparing to
See all releases

Code changes from version 1.7.6 to 1.8

Files changed (27) hide show

app/behavior/utils.php +53 -3
app/module/advanced-tools.php +3 -1
app/module/advanced-tools/behavior/at-widget.php +40 -2
app/module/advanced-tools/component/mask-api.php +101 -0
app/module/advanced-tools/controller/main.php +79 -4
app/module/advanced-tools/controller/mask-login.php +209 -0
app/module/advanced-tools/js/scripts.js +65 -7
app/module/advanced-tools/model/auth-settings.php +5 -0
app/module/advanced-tools/model/mask-settings.php +43 -0
app/module/advanced-tools/view/layouts/layout.php +6 -0
app/module/advanced-tools/view/login/disabled.php +21 -3
app/module/advanced-tools/view/login/otp.php +16 -1
app/module/advanced-tools/view/main-free.php +194 -0
app/module/advanced-tools/view/main.php +61 -3
app/module/advanced-tools/view/mask-login/disabled.php +24 -0
app/module/advanced-tools/view/mask-login/enabled.php +93 -0
app/module/hardener/component/change-admin.php +3 -2
app/module/hardener/component/security-key.php +8 -7
app/module/hardener/js/scripts.js +54 -44
app/module/ip-lockout/model/settings.php +1 -1
assets/css/defender-icon.css +16 -0
assets/css/styles.css +128 -84
changelog.txt +2 -8
languages/wpdef-default.pot +296 -68
readme.txt +15 -4
uninstall.php +1 -1
wp-defender.php +1 -1

app/behavior/utils.php CHANGED Viewed

@@ -560,7 +560,8 @@ class Utils extends Behavior {
             		//url should be end with php
             		global $is_apache, $is_nginx, $is_IIS, $is_iis7;
-            -
            		$server = null;
             		if ( $is_nginx ) {
             			$server = 'nginx';
@@ -570,7 +571,10 @@ class Utils extends Behavior {
             				$server = 'apache';
             			} else {
             				//so the server software is apache, let see what the header return
-            -
            				$request = wp_remote_head( $url, array( 'user-agent' => $_SERVER['HTTP_USER_AGENT'] ) );
             				$server  = wp_remote_retrieve_header( $request, 'server' );
             				$server  = explode( '/', $server );
             				if ( strtolower( $server[0] ) == 'nginx' ) {
@@ -586,7 +590,10 @@ class Utils extends Behavior {
             		if ( is_null( $server ) ) {
             			//if fall in here, means there is st unknowed.
-            -
            			$request = wp_remote_head( $url, array( 'user-agent' => $_SERVER['HTTP_USER_AGENT'] ) );
             			$server  = wp_remote_retrieve_header( $request, 'server' );
             			$server  = explode( '/', $server );
             			$server  = $server[0];
@@ -599,6 +606,49 @@ class Utils extends Behavior {
             		return $server;
+            	}
             	/**
             	 * @return string
             	 */


560	//url should be end with php
561	global $is_apache, $is_nginx, $is_IIS, $is_iis7;
562
563	+ $server = null;
564	+ $ssl_verify = apply_filters( 'defender_ssl_verify', true ); //most hosts dont really have valid ssl or ssl still pending
565
566	if ( $is_nginx ) {
567	$server = 'nginx';

571	$server = 'apache';
572	} else {
573	//so the server software is apache, let see what the header return
574	+ $request = wp_remote_head( $url, array(
575	+ 'user-agent' => $_SERVER['HTTP_USER_AGENT'],
576	+ 'sslverify' => $ssl_verify
577	+ ) );
578	$server = wp_remote_retrieve_header( $request, 'server' );
579	$server = explode( '/', $server );
580	if ( strtolower( $server[0] ) == 'nginx' ) {

590
591	if ( is_null( $server ) ) {
592	//if fall in here, means there is st unknowed.
593	+ $request = wp_remote_head( $url, array(
594	+ 'user-agent' => $_SERVER['HTTP_USER_AGENT'],
595	+ 'sslverify' => $ssl_verify
596	+ ) );
597	$server = wp_remote_retrieve_header( $request, 'server' );
598	$server = explode( '/', $server );
599	$server = $server[0];

606	return $server;
607	}
608
609	+ /**
610	+ * Determine the Apache version
611	+ * Most web servers have apache_get_version disabled, so we just get a simple curl of the headers
612	+ *
613	+ * @return String
614	+ */
615	+ public function determineApacheVersion() {
616	+ if ( ! function_exists( 'apache_get_version' ) ) {
617	+ $version = '2.2'; //default supported is 2.2
618	+ $url = home_url();
619	+ $apache_version = get_site_transient( 'wd_util_apache_version' );
620	+ if ( ! is_array( $apache_version ) ) {
621	+ $apache_version = array();
622	+ }
623	+
624	+ if ( isset( $apache_version[ $url ] ) && ! empty( $apache_version[ $url ] ) ) {
625	+ return strtolower( $apache_version[ $url ] );
626	+ }
627	+
628	+ $apache_version[ $url ] = $version; //default is 2.2
629	+
630	+ if ( isset( $_SERVER['SERVER_SOFTWARE'] ) ) {
631	+ $server = explode( " ", $_SERVER['SERVER_SOFTWARE'] );
632	+ if ( is_array( $server ) && count( $server ) > 1 ) {
633	+ $server = $server[0];
634	+ $server = explode( "/", $server );
635	+ if ( is_array( $server ) && count( $server ) > 1 ) {
636	+ $version = $server[1];
637	+ $apache_version[ $url ] = $version;
638	+ }
639	+ }
640	+ }
641	+
642	+ set_site_transient( 'wd_util_apache_version', $apache_version, 3600 );
643	+ } else {
644	+ $version = apache_get_version();
645	+ $version = explode( '/', $version );
646	+ $version = $version[1];
647	+ }
648	+
649	+ return $version;
650	+ }
651	+
652	/**
653	* @return string
654	*/

app/module/advanced-tools.php CHANGED Viewed

	@@ -7,9 +7,11 @@ namespace WP_Defender\Module;
7
8	use Hammer\Base\Module;
9	use WP_Defender\Module\Advanced_Tools\Controller\Main;

10
11	class Advanced_Tools extends Module {
12	public function __construct() {
13	- $main = new Main();

14	}
15	}


7
8	use Hammer\Base\Module;
9	use WP_Defender\Module\Advanced_Tools\Controller\Main;
10	+ use WP_Defender\Module\Advanced_Tools\Controller\Mask_Login;
11
12	class Advanced_Tools extends Module {
13	public function __construct() {
14	+ $main = new Main();
15	+ $maskLogin = new Mask_Login();
16	}
17	}

app/module/advanced-tools/behavior/at-widget.php CHANGED Viewed

	@@ -7,6 +7,7 @@ namespace WP_Defender\Module\Advanced_Tools\Behavior;
7
8	use Hammer\Base\Behavior;
9	use WP_Defender\Module\Advanced_Tools\Model\Auth_Settings;

10
11	class AT_Widget extends Behavior {
12	public function renderATWidget() {
	@@ -22,7 +23,7 @@ class AT_Widget extends Behavior {
22	<p class="line end">
23	<?php _e( "Enable advanced tools for enhanced protection against even the most aggressive of hackers and bots.", "defender-security" ) ?>
24	</p>
25	- <div class="at-line">
26	<strong>
27	<?php _e( "Two-Factor Authentication", "defender-security" ) ?>
28	</strong>
	@@ -59,7 +60,7 @@ class AT_Widget extends Behavior {
59	</span>
60	</p>
61	<?php else: ?>
62	- <form method="post" id="advanced-settings-frm" class="advanced-settings-frm">
63	<input type="hidden" name="action" value="saveAdvancedSettings"/>
64	<?php wp_nonce_field( 'saveAdvancedSettings' ) ?>
65	<input type="hidden" name="enabled" value="1"/>
	@@ -69,6 +70,43 @@ class AT_Widget extends Behavior {
69	</form>
70	<?php endif; ?>
71	</div>





































72	</div>
73	</div>
74	<?php


7
8	use Hammer\Base\Behavior;
9	use WP_Defender\Module\Advanced_Tools\Model\Auth_Settings;
10	+ use WP_Defender\Module\Advanced_Tools\Model\Mask_Settings;
11
12	class AT_Widget extends Behavior {
13	public function renderATWidget() {

23	<p class="line end">
24	<?php _e( "Enable advanced tools for enhanced protection against even the most aggressive of hackers and bots.", "defender-security" ) ?>
25	</p>
26	+ <div class="at-line end">
27	<strong>
28	<?php _e( "Two-Factor Authentication", "defender-security" ) ?>
29	</strong>

60	</span>
61	</p>
62	<?php else: ?>
63	+ <form method="post" id="advanced-settings-frm" class="advanced-settings-frm line">
64	<input type="hidden" name="action" value="saveAdvancedSettings"/>
65	<?php wp_nonce_field( 'saveAdvancedSettings' ) ?>
66	<input type="hidden" name="enabled" value="1"/>

70	</form>
71	<?php endif; ?>
72	</div>
73	+ <div class="at-line">
74	+ <strong>
75	+ <?php _e( "Mask Login Area", "defender-security" ) ?>
76	+ </strong>
77	+ <span>
78	+ <?php
79	+ _e( "Change the location of WordPress’s default wp-admin and wp-login URLs.", "defender-security" )
80	+ ?>
81	+ </span>
82	+ <?php
83	+ $settings = Mask_Settings::instance();
84	+ if ( $settings->enabled ):?>
85	+ <?php if ( $settings->isEnabled() == false ): ?>
86	+ <div class="well well-small well-yellow with-cap">
87	+ <i class="def-icon icon-warning"></i>
88	+ <span>
89	+ <?php _e( "<strong>Masking is currently inactive.</strong> Choose your URL and save your settings to finish setup.", "defender-security" ) ?>
90	+ </span>
91	+ <a href="<?php echo network_admin_url( 'admin.php?page=wdf-advanced-tools&view=mask-login' ) ?>"><?php _e( "Finish Setup", "defender-security" ) ?></a>
92	+ </div>
93	+ <?php else: ?>
94	+ <div class="well well-green with-cap">
95	+ <i class="def-icon icon-tick"></i>
96	+ <?php printf( __( "Masking is currently active at <strong>%s</strong>", "defender-security" ), \WP_Defender\Module\Advanced_Tools\Component\Mask_Api::getNewLoginUrl() ) ?>
97	+ </div>
98	+ <?php endif; ?>
99	+ <?php else: ?>
100	+ <form method="post" id="advanced-settings-frm" class="advanced-settings-frm">
101	+ <input type="hidden" name="action" value="saveATMaskLoginSettings"/>
102	+ <?php wp_nonce_field( 'saveATMaskLoginSettings' ) ?>
103	+ <input type="hidden" name="enabled" value="1"/>
104	+ <button type="submit" class="button button-primary button-small">
105	+ <?php _e( "Activate", "defender-security" ) ?>
106	+ </button>
107	+ </form>
108	+ <?php endif; ?>
109	+ </div>
110	</div>
111	</div>
112	<?php

app/module/advanced-tools/component/mask-api.php ADDED Viewed

	@@ -0,0 +1,101 @@


1	+ <?php
2	+ /**
3	+ * Author: Hoang Ngo
4	+ */
5	+
6	+ namespace WP_Defender\Module\Advanced_Tools\Component;
7	+
8	+ use Hammer\WP\Component;
9	+ use WP_Defender\Behavior\Utils;
10	+ use WP_Defender\Component\Error_Code;
11	+ use WP_Defender\Module\Advanced_Tools\Model\Mask_Settings;
12	+
13	+ class Mask_Api extends Component {
14	+ /**
15	+ * This will filter all the scheme, domain, params, only path return
16	+ *
17	+ * @param null $requestUri
18	+ *
19	+ * @return mixed\|string
20	+ */
21	+
22	+ public static function getRequestPath( $requestUri = null ) {
23	+ if ( empty( $requestUri ) ) {
24	+ $requestUri = $_SERVER['REQUEST_URI'];
25	+ }
26	+ //todo fix the case subfolder
27	+ $prefix = parse_url( network_site_url(), PHP_URL_PATH );
28	+ $requestPath = parse_url( $requestUri, PHP_URL_PATH );
29	+ //clean it a bit
30	+ if ( Utils::instance()->isActivatedSingle() == false
31	+ && defined( 'SUBDOMAIN_INSTALL' )
32	+ && constant( 'SUBDOMAIN_INSTALL' ) == false
33	+ && get_current_blog_id() != 1
34	+ ) {
35	+ //get the prefix
36	+ $siteInfo = get_blog_details();
37	+ $path = $siteInfo->path;
38	+ if ( ! empty( $path ) && strpos( $requestPath, $path ) === 0 ) {
39	+ $requestPath = substr( $requestPath, strlen( $path ) );
40	+ $requestPath = '/' . ltrim( $requestPath, '/' );
41	+ }
42	+ }
43	+ if ( strpos( $requestPath, $prefix ) === 0 ) {
44	+ $requestPath = substr( $requestPath, strlen( $prefix ) );
45	+ }
46	+ $requestPath = untrailingslashit( $requestPath );
47	+ if ( substr( $requestPath, 0, 1 ) != '/' ) {
48	+ $requestPath = '/' . $requestPath;
49	+ }
50	+
51	+ return $requestPath;
52	+ }
53	+
54	+ /**
55	+ * @return string
56	+ */
57	+ public static function getRedirectUrl() {
58	+ $settings = Mask_Settings::instance();
59	+
60	+ return untrailingslashit( network_site_url() ) . '/' . ltrim( $settings->redirectTrafficUrl, '/' );
61	+ }
62	+
63	+ /**
64	+ * @return string
65	+ */
66	+ public static function getNewLoginUrl() {
67	+ $settings = Mask_Settings::instance();
68	+
69	+ return untrailingslashit( site_url() ) . '/' . ltrim( $settings->maskUrl, '/' );
70	+ }
71	+
72	+ /**
73	+ * @param null $slug
74	+ *
75	+ * @return bool\|\WP_Error
76	+ */
77	+ public static function isValidMaskSlug( $slug = null ) {
78	+ if ( empty( $slug ) ) {
79	+ return true;
80	+ }
81	+ if ( preg_match( '\|[^a-z0-9_]\|i', $slug ) ) {
82	+ return new \WP_Error( Error_Code::VALIDATE, __( "The URL is invalid", "defender-security" ) );
83	+ }
84	+ if ( in_array( $slug, array( 'admin', 'backend', 'wp-login', 'wp-login.php' ) ) ) {
85	+ return new \WP_Error( Error_Code::VALIDATE, __( "A page already exists at this URL, please pick a unique page for your new login area.", "defender-security" ) );
86	+ }
87	+
88	+ //check if any URL appear
89	+ $post = get_posts( array(
90	+ 'name' => $slug,
91	+ 'post_type' => array( 'post', 'page' ),
92	+ 'post_status' => 'publish',
93	+ 'numberposts' => 1
94	+ ) );
95	+ if ( $post ) {
96	+ return new \WP_Error( Error_Code::VALIDATE, __( "A page already exists at this URL, please pick a unique page for your new login area.", "defender-security" ) );
97	+ }
98	+
99	+ return true;
100	+ }
101	+ }

app/module/advanced-tools/controller/main.php CHANGED Viewed

@@ -37,9 +37,9 @@ class Main extends Controller {
             			$this->add_action( 'defender_enqueue_assets', 'scripts', 11 );
+            		}
             		$this->add_ajax_action( 'saveAdvancedSettings', 'saveSettings' );
             		$setting = Auth_Settings::instance();
             		if ( $setting->enabled ) {
-            -
            			$this->add_action( 'update_option_jetpack_active_modules', 'listenForJetpackOption', 10, 3 );
             			//prepare for the login part
             			$isJetpackSSO = Auth_API::isJetPackSSO();
             			$isTML        = Auth_API::isTML();
@@ -55,15 +55,18 @@ class Main extends Controller {
             				 */
             			} else {
             				if ( $isJetpackSSO ) {
-            -
            					wp_defender()->global['compatibility'][] = __( "You enabled Jetpack WordPress.com login, so Defender will disable the two factors login for avoiding conflict", "defender-security" );
+            				}
             				if ( $isTML ) {
-            -
            					wp_defender()->global['compatibility'][] = __( "You enabled the plugin Theme My Login, so Defender will disable the two factors login for avoiding conflict", "defender-security" );
+            				}
+            			}
             			$this->add_filter( 'ms_shortcode_ajax_login', 'm2NoAjax' );
             			$this->add_action( 'show_user_profile', 'showUsers2FactorActivation' );
             			$this->add_action( 'profile_update', 'saveBackupEmail' );
             			$this->add_ajax_action( 'defVerifyOTP', 'verifyConfigOTP' );
             			$this->add_ajax_action( 'defDisableOTP', 'disableOTP' );
             			$this->add_ajax_action( 'defRetrieveOTP', 'retrieveOTP', false, true );
@@ -77,6 +80,71 @@ class Main extends Controller {
+            		}
+            	}
             	/**
             	 * We have some feature conflict with jetpack, so listen to know when Defender can on
+            	 *
@@ -221,6 +289,7 @@ class Main extends Controller {
             		if ( $res ) {
             			//save it
             			update_user_meta( get_current_user_id(), 'defenderAuthOn', 1 );
             			wp_send_json_success();
             		} else {
             			//now need to check if the current user have backup otp
@@ -402,8 +471,12 @@ class Main extends Controller {
             		$view = HTTP_Helper::retrieve_get( 'view' );
             		switch ( $view ) {
             			default:
             				$this->viewAuth();
             				break;
+            		}
+            	}
@@ -415,7 +488,9 @@ class Main extends Controller {
             		if ( $settings->enabled == false ) {
             			$this->render( 'disabled' );
             		} else {
-            -
            			$this->render( 'main', array(
             				'settings' => $settings
             			) );
+            		}


37	$this->add_action( 'defender_enqueue_assets', 'scripts', 11 );
38	}
39	$this->add_ajax_action( 'saveAdvancedSettings', 'saveSettings' );
40	+ $this->add_action( 'update_option_jetpack_active_modules', 'listenForJetpackOption', 10, 3 );
41	$setting = Auth_Settings::instance();
42	if ( $setting->enabled ) {

43	//prepare for the login part
44	$isJetpackSSO = Auth_API::isJetPackSSO();
45	$isTML = Auth_API::isTML();

55	*/
56	} else {
57	if ( $isJetpackSSO ) {
58	+ wp_defender()->global['compatibility'][] = __( "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. Please disable it and return to this page to continue setup.", "defender-security" );
59	}
60	if ( $isTML ) {
61	+ wp_defender()->global['compatibility'][] = __( "We’ve detected a conflict with Theme my login. Please disable it and return to this page to continue setup.", "defender-security" );
62	}
63	}
64	$this->add_filter( 'ms_shortcode_ajax_login', 'm2NoAjax' );
65	$this->add_action( 'show_user_profile', 'showUsers2FactorActivation' );
66	$this->add_action( 'profile_update', 'saveBackupEmail' );
67	+ //$this->add_action( 'wp_login', 'markAsForceAuth', 10, 2 );
68	+ $this->add_filter( 'login_redirect', 'login_redirect', 99 );
69	+ $this->add_action( 'current_screen', 'forceProfilePage', 1 );
70	$this->add_ajax_action( 'defVerifyOTP', 'verifyConfigOTP' );
71	$this->add_ajax_action( 'defDisableOTP', 'disableOTP' );
72	$this->add_ajax_action( 'defRetrieveOTP', 'retrieveOTP', false, true );

80	}
81	}
82
83	+ /**
84	+ * If user have flag then force enable
85	+ */
86	+ public function forceProfilePage() {
87	+ $user = wp_get_current_user();
88	+ if ( ! is_object( $user ) ) {
89	+ return;
90	+ }
91	+
92	+ $settings = Auth_Settings::instance();
93	+ if ( $settings->forceAuth != true ) {
94	+ return;
95	+ }
96	+
97	+ //not enable for this role oass
98	+ if ( ! Auth_API::isEnableForCurrentRole( $user ) ) {
99	+ return;
100	+ }
101	+ //user already enable OTP
102	+ if ( Auth_API::isUserEnableOTP( $user->ID ) ) {
103	+ return;
104	+ }
105	+ $screen = get_current_screen();
106	+ if ( $screen->id != 'profile' ) {
107	+ wp_redirect( admin_url( 'profile.php' ) . '#show2AuthActivator' );
108	+ exit;
109	+ }
110	+ }
111	+
112	+ public function login_redirect( $url ) {
113	+ $settings = Auth_Settings::instance();
114	+ if ( $settings->forceAuth != true ) {
115	+ return $url;
116	+ }
117	+
118	+ return $url;
119	+ }
120	+
121	+ /**
122	+ * @param $userLogin
123	+ * @param $user
124	+ */
125	+ public function markAsForceAuth( $userLogin, $user ) {
126	+ $settings = Auth_Settings::instance();
127	+ if ( $settings->forceAuth != true ) {
128	+ return;
129	+ }
130	+ //not enable for this role oass
131	+ if ( ! Auth_API::isEnableForCurrentRole( $user ) ) {
132	+ return;
133	+ }
134	+ //user already enable OTP
135	+ if ( Auth_API::isUserEnableOTP( $user->ID ) ) {
136	+ return;
137	+ }
138	+ //if this is normal user, force them
139	+ // if ( ! current_user_can( 'subscriber' ) ) {
140	+ // return;
141	+ // }
142	+ $flag = get_user_meta( $user->ID, 'defenderForceAuth', true );
143	+ if ( $flag === '' ) {
144	+ update_user_meta( $user->ID, 'defenderForceAuth', 1 );
145	+ }
146	+ }
147	+
148	/**
149	* We have some feature conflict with jetpack, so listen to know when Defender can on
150	*

289	if ( $res ) {
290	//save it
291	update_user_meta( get_current_user_id(), 'defenderAuthOn', 1 );
292	+ update_user_meta( get_current_user_id(), 'defenderForceAuth', 0 );
293	wp_send_json_success();
294	} else {
295	//now need to check if the current user have backup otp

471	$view = HTTP_Helper::retrieve_get( 'view' );
472	switch ( $view ) {
473	default:
474	+ //todo move to another class
475	$this->viewAuth();
476	break;
477	+ case 'mask-login':
478	+ do_action( 'defenderATMaskLogin' );
479	+ break;
480	}
481	}
482

488	if ( $settings->enabled == false ) {
489	$this->render( 'disabled' );
490	} else {
491	+ wp_enqueue_media();
492	+ $view = wp_defender()->isFree ? 'main-free' : 'main';
493	+ $this->render( $view, array(
494	'settings' => $settings
495	) );
496	}

app/module/advanced-tools/controller/mask-login.php ADDED Viewed

	@@ -0,0 +1,209 @@


1	+ <?php
2	+ /**
3	+ * Author: Hoang Ngo
4	+ */
5	+
6	+ namespace WP_Defender\Module\Advanced_Tools\Controller;
7	+
8	+ use Hammer\Helper\HTTP_Helper;
9	+ use WP_Defender\Behavior\Utils;
10	+ use WP_Defender\Controller;
11	+ use WP_Defender\Module\Advanced_Tools\Component\Auth_API;
12	+ use WP_Defender\Module\Advanced_Tools\Component\Mask_Api;
13	+ use WP_Defender\Module\Advanced_Tools\Model\Mask_Settings;
14	+
15	+ class Mask_Login extends Controller {
16	+ public $layout = 'layout';
17	+ protected $slug = 'wdf-advanced-tools';
18	+
19	+ /**
20	+ * @return array
21	+ */
22	+ public function behaviors() {
23	+ return array(
24	+ 'utils' => '\WP_Defender\Behavior\Utils'
25	+ );
26	+ }
27	+
28	+ public function __construct() {
29	+ if ( $this->isInPage() \|\| $this->isDashboard() ) {
30	+ $this->add_action( 'defender_enqueue_assets', 'scripts', 11 );
31	+ }
32	+ $this->add_action( 'defenderATMaskLogin', array( &$this, 'renderIndex' ) );
33	+ $this->add_ajax_action( 'saveATMaskLoginSettings', 'saveSettings' );
34	+ $settings = Mask_Settings::instance();
35	+ $emergencySwitch = apply_filters( 'wpd_masklogin_disabled', 0 );
36	+ if ( $settings->isEnabled() == true && $emergencySwitch == 0 ) {
37	+ $isJetpackSSO = Auth_API::isJetPackSSO();
38	+ $isTML = Auth_API::isTML();
39	+ if ( ! $isJetpackSSO && ! $isTML ) {
40	+ $this->add_action( 'init', 'handleLoginRequest', 9999 );
41	+ $this->add_filter( 'wp_redirect', 'filterWPRedirect', 10, 2 );
42	+ $this->add_filter( 'site_url', 'filterSiteUrl', 9999, 4 );
43	+ $this->add_filter( 'network_site_url', 'filterNetworkSiteUrl', 9999, 3 );
44	+ remove_action( 'template_redirect', 'wp_redirect_admin_locations' );
45	+ } else {
46	+ if ( $isJetpackSSO ) {
47	+ wp_defender()->global['compatibility'][] = __( "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. Please disable it and return to this page to continue setup.", "defender-security" );
48	+ }
49	+ if ( $isTML ) {
50	+ wp_defender()->global['compatibility'][] = __( "We’ve detected a conflict with Theme my login. Please disable it and return to this page to continue setup.", "defender-security" );
51	+ }
52	+ }
53	+ }
54	+ }
55	+
56	+ public function handleLoginRequest() {
57	+ //need to check if the current request is for signup, login, if those is not the slug, then we redirect
58	+ //to the 404 redirect, or 403 wp die
59	+ $requestPath = Mask_Api::getRequestPath();
60	+ $settings = Mask_Settings::instance();
61	+
62	+ if ( '/' . ltrim( $settings->maskUrl, '/' ) == $requestPath ) {
63	+ //we need to redirect this one to wp-login and open it
64	+ $this->_showLoginPage();
65	+ } elseif ( substr( $requestPath, 0, 9 ) == '/wp-admin' ) {
66	+ //this one try to login to wp-admin, redirect or lock it
67	+ $this->_handleRequestToAdmin();
68	+ } elseif ( $requestPath == '/wp-login.php' ) {
69	+ //this one want to login, redirect or lock
70	+ $this->_handleRequestToLoginPage();
71	+ }
72	+ }
73	+
74	+ public function filterNetworkSiteUrl( $url, $path, $scheme ) {
75	+ return $this->alterLoginUrl( $url, $scheme );
76	+ }
77	+
78	+ public function filterSiteUrl( $url, $path, $scheme, $blog_id ) {
79	+ return $this->alterLoginUrl( $url, $scheme );
80	+ }
81	+
82	+ public function filterWPRedirect( $location, $status ) {
83	+ return $this->alterLoginUrl( $location );
84	+ }
85	+
86	+ private function alterLoginUrl( $currentUrl, $scheme = null ) {
87	+ if ( strpos( $currentUrl, 'wp-login.php' ) !== false ) {
88	+ //this is URL go to old wp-login.php
89	+ $parts = parse_url( $currentUrl );
90	+ if ( isset( $parts['query'] ) ) {
91	+ parse_str( $parts['query'], $strings );
92	+
93	+ return add_query_arg( $strings, Mask_Api::getNewLoginUrl() );
94	+ } else {
95	+ return Mask_Api::getNewLoginUrl();
96	+ }
97	+ }
98	+
99	+ return $currentUrl;
100	+ }
101	+
102	+ /**
103	+ * Catch any request to wp-admin/*, block or redirect it base on settings.
104	+ * This wont apply for logged in user
105	+ */
106	+ private function _handleRequestToAdmin() {
107	+ global $pagenow;
108	+ if ( defined( 'DOING_AJAX' ) ) {
109	+ //we need to allow ajax access for other tasks
110	+ return;
111	+ }
112	+
113	+ if ( is_user_logged_in() ) {
114	+ return;
115	+ }
116	+
117	+ $this->_maybeLock();
118	+ }
119	+
120	+
121	+ private function _handleRequestToLoginPage() {
122	+ $this->_maybeLock();
123	+ }
124	+
125	+ private function _showLoginPage() {
126	+ global $error, $interim_login, $action, $user_login;
127	+ require_once ABSPATH . 'wp-login.php';
128	+ die;
129	+ }
130	+
131	+ private function _maybeLock() {
132	+ $settings = Mask_Settings::instance();
133	+ if ( $settings->isRedirect() == true ) {
134	+ wp_safe_redirect( Mask_Api::getRedirectUrl() );
135	+ die;
136	+ } else {
137	+ wp_die( __( "This feature is disabled", "defender-security" ) );
138	+ }
139	+ }
140	+
141	+ public function renderIndex() {
142	+ $settings = Mask_Settings::instance();
143	+ if ( $settings->enabled == false ) {
144	+ $this->render( 'mask-login/disabled', array(
145	+ 'settings' => $settings
146	+ ) );
147	+ } else {
148	+ $this->render( 'mask-login/enabled', array(
149	+ 'settings' => $settings
150	+ ) );
151	+ }
152	+ }
153	+
154	+ public function saveSettings() {
155	+ if ( ! $this->checkPermission() ) {
156	+ return;
157	+ }
158	+
159	+ if ( ! wp_verify_nonce( HTTP_Helper::retrieve_post( '_wpnonce' ), 'saveATMaskLoginSettings' ) ) {
160	+ return;
161	+ }
162	+
163	+ $data = $_POST;
164	+ $setting = Mask_Settings::instance();
165	+ if ( isset( $data['maskUrl'] ) && $setting->maskUrl != $data['maskUrl']
166	+ && is_wp_error( $error = Mask_Api::isValidMaskSlug( $data['maskUrl'] ) ) ) {
167	+ //validate
168	+ $res = array(
169	+ 'message' => __( "The Login URL is invalid.", "defender-security" )
170	+ );
171	+ wp_send_json_error( $res );
172	+ }
173	+ if ( isset( $data['redirectTrafficUrl'] ) && $setting->redirectTrafficUrl != $data['redirectTrafficUrl']
174	+ && is_wp_error( $error = Mask_Api::isValidMaskSlug( $data['redirectTrafficUrl'] ) ) ) {
175	+ //validate
176	+ $res = array(
177	+ 'message' => __( "The Redirection URL is invalid.", "defender-security" )
178	+ );
179	+ wp_send_json_error( $res );
180	+ }
181	+ if ( $data['redirectTrafficUrl'] == $data['maskUrl'] && strlen( $data['maskUrl'] ) > 0 ) {
182	+ $res = array(
183	+ 'message' => __( "Login and 404 redirect URLs can't be the same. Please use different URLs.", "defender-security" )
184	+ );
185	+ wp_send_json_error( $res );
186	+ }
187	+ $setting->import( $data );
188	+ $setting->save();
189	+
190	+ $res = array(
191	+ 'message' => __( "Your settings have been updated.", "defender-security" )
192	+ );
193	+ $res['reload'] = 1;
194	+ Utils::instance()->submitStatsToDev();
195	+ wp_send_json_success( $res );
196	+ }
197	+
198	+ /**
199	+ * Enqueue scripts & styles
200	+ */
201	+ public function scripts() {
202	+ if ( $this->isInPage() \|\| $this->isDashboard() ) {
203	+ \WDEV_Plugin_Ui::load( wp_defender()->getPluginUrl() . 'shared-ui/' );
204	+ wp_enqueue_script( 'defender' );
205	+ wp_enqueue_style( 'defender' );
206	+ wp_enqueue_script( 'adtools', wp_defender()->getPluginUrl() . 'app/module/advanced-tools/js/scripts.js' );
207	+ }
208	+ }
209	+ }

app/module/advanced-tools/js/scripts.js CHANGED Viewed

@@ -2,19 +2,77 @@ jQuery(function ($) {
                 Adtools.formHandler();
                 $('div.advanced-tools').on('form-submitted', function (e, data, form) {
-            -
                    if (form.attr('id') != 'advanced-settings-frm') {
-            -
                        return;
-            -
                    }
-            -
                    if (data.success == true) {
-            -
                        Defender.showNotification('success', data.data.message);
-            -
                    } else {
-            -
                        Defender.showNotification('error', data.data.message);
+                    }
                 })
                 $('.deactivate-2factor').click(function () {
                     $('#advanced-settings-frm').append('<input type="hidden" name="enabled" value="0"/>');
                     $(this).attr('disabled', 'disabled');
                     $('#advanced-settings-frm').submit();
                 })
             });
             window.Adtools = window.Adtools || {};


2	Adtools.formHandler();
3
4	$('div.advanced-tools').on('form-submitted', function (e, data, form) {
5	+ if (form.attr('id') === 'advanced-settings-frm' \|\| form.attr('id') === 'ad-mask-settings-frm') {
6	+ if (data.success == true) {
7	+ Defender.showNotification('success', data.data.message);
8	+ } else {
9	+ Defender.showNotification('error', data.data.message);
10	+ }

11	}
12	})
13	$('.deactivate-2factor').click(function () {
14	$('#advanced-settings-frm').append('<input type="hidden" name="enabled" value="0"/>');
15	$(this).attr('disabled', 'disabled');
16	$('#advanced-settings-frm').submit();
17	+ });
18	+ $('.deactivate-atmasking').click(function () {
19	+ $('#ad-mask-settings-frm').append('<input type="hidden" name="enabled" value="0"/>');
20	+ $(this).attr('disabled', 'disabled');
21	+ $('#ad-mask-settings-frm').submit();
22	+ })
23	+
24	+ $('body').on('change', '#toggle_force_auth', function (e) {
25	+ if ($(this).prop('checked') == true) {
26	+ $(this).closest('.column').find('.well').removeClass('is-hidden')
27	+ } else {
28	+ $(this).closest('.column').find('.well').addClass('is-hidden')
29	+ }
30	+ });
31	+ $('body').on('change', '#customGraphic', function (e) {
32	+ if ($(this).prop('checked') == true) {
33	+ $(this).closest('.column').find('.well').removeClass('is-hidden')
34	+ } else {
35	+ $(this).closest('.column').find('.well').addClass('is-hidden')
36	+ }
37	+ })
38	+ $('body').on('change', '#redirectTraffic', function (e) {
39	+ if ($(this).prop('checked') == true) {
40	+ $(this).closest('.column').find('.well').removeClass('is-hidden')
41	+ } else {
42	+ $(this).closest('.column').find('.well').addClass('is-hidden')
43	+ }
44	+ })
45	+
46	+
47	+ var mediaUploader;
48	+ $('.file-picker').click(function () {
49	+ if (mediaUploader) {
50	+ mediaUploader.open();
51	+ return;
52	+ }
53	+ // Extend the wp.media object
54	+ mediaUploader = wp.media.frames.file_frame = wp.media({
55	+ title: 'Choose an image file',
56	+ button: {
57	+ text: 'Choose File'
58	+ }, multiple: false,
59	+ library: {
60	+ type: ['image']
61	+ }
62	+ });
63	+
64	+ // When a file is selected, grab the URL and set it as the text field's value
65	+ mediaUploader.on('select', function () {
66	+ var attachment = mediaUploader.state().get('selection').first().toJSON();
67	+ if ($.inArray(attachment.mime, ["image/jpeg", "image/png", "image/gif"]) > -1) {
68	+ $('#customGraphicURL').val(attachment.url);
69	+ $('#customGraphicIMG').attr('src', attachment.url);
70	+ } else {
71	+ Defender.showNotification('error', 'Invalid image file type');
72	+ }
73	+ });
74	+ // Open the uploader dialog
75	+ mediaUploader.open();
76	})
77	});
78	window.Adtools = window.Adtools \|\| {};

app/module/advanced-tools/model/auth-settings.php CHANGED Viewed

	@@ -12,7 +12,11 @@ class Auth_Settings extends \Hammer\WP\Settings {
12	private static $_instance;
13	public $enabled = false;
14	public $lostPhone = true;


15	public $userRoles = array();


16	public $isConflict = array();
17
18	public function __construct( $id, $is_multi ) {
	@@ -23,6 +27,7 @@ class Auth_Settings extends \Hammer\WP\Settings {
23	$this->userRoles = array_keys( get_editable_roles() );
24	//remove subscriber from the list
25	unset( $this->userRoles[ array_search( 'subscriber', $this->userRoles ) ] );

26	parent::__construct( $id, $is_multi );
27	}
28


12	private static $_instance;
13	public $enabled = false;
14	public $lostPhone = true;
15	+ public $forceAuth = false;
16	+ public $forceAuthMess = "You are required to setup two-factor authentication to use this site.";
17	public $userRoles = array();
18	+ public $customGraphic = 0;
19	+ public $customGraphicURL = '';
20	public $isConflict = array();
21
22	public function __construct( $id, $is_multi ) {

27	$this->userRoles = array_keys( get_editable_roles() );
28	//remove subscriber from the list
29	unset( $this->userRoles[ array_search( 'subscriber', $this->userRoles ) ] );
30	+ $this->customGraphicURL = wp_defender()->getPluginUrl() . 'assets/img/2factor-disabled.svg';
31	parent::__construct( $id, $is_multi );
32	}
33

app/module/advanced-tools/model/mask-settings.php ADDED Viewed

	@@ -0,0 +1,43 @@


1	+ <?php
2	+ /**
3	+ * Author: Hoang Ngo
4	+ */
5	+
6	+ namespace WP_Defender\Module\Advanced_Tools\Model;
7	+
8	+ use Hammer\Helper\WP_Helper;
9	+
10	+ class Mask_Settings extends \Hammer\WP\Settings {
11	+ public $maskUrl = '';
12	+ public $redirectTraffic = false;
13	+ public $redirectTrafficUrl = '';
14	+ public $enabled = false;
15	+ private static $_instance;
16	+
17	+ public function __construct( $id, $is_multi ) {
18	+ parent::__construct( $id, $is_multi );
19	+ }
20	+
21	+ /**
22	+ * @return Mask_Settings
23	+ */
24	+ public static function instance() {
25	+ if ( is_null( self::$_instance ) ) {
26	+ $class = new Mask_Settings( 'wd_masking_login_settings', WP_Helper::is_network_activate( wp_defender()->plugin_slug ) );
27	+ self::$_instance = $class;
28	+ }
29	+
30	+ return self::$_instance;
31	+ }
32	+
33	+ /**
34	+ * @return bool
35	+ */
36	+ public function isEnabled() {
37	+ return $this->enabled && ( strlen( trim( $this->maskUrl ) ) > 0 );
38	+ }
39	+
40	+ public function isRedirect() {
41	+ return $this->redirectTraffic && ( strlen( trim( $this->redirectTrafficUrl ) ) > 0 );
42	+ }
43	+ }

app/module/advanced-tools/view/layouts/layout.php CHANGED Viewed

	@@ -13,6 +13,12 @@
13	<?php _e( "Two-Factor Authentication", "defender-security" ) ?>
14	</a>
15	</li>






16	</ul>
17	<div class="is-hidden-tablet mline">
18	<select class="mobile-nav">


13	<?php _e( "Two-Factor Authentication", "defender-security" ) ?>
14	</a>
15	</li>
16	+ <li class="issues-nav">
17	+ <a class="<?php echo \Hammer\Helper\HTTP_Helper::retrieve_get( 'view', false ) == 'mask-login' ? 'active' : null ?>"
18	+ href="<?php echo network_admin_url( 'admin.php?page=wdf-advanced-tools&view=mask-login' ) ?>">
19	+ <?php _e( "Mask Login Area", "defender-security" ) ?>
20	+ </a>
21	+ </li>
22	</ul>
23	<div class="is-hidden-tablet mline">
24	<select class="mobile-nav">

app/module/advanced-tools/view/login/disabled.php CHANGED Viewed

	@@ -5,6 +5,17 @@
5	<tr class="user-sessions-wrap hide-if-no-js">
6	<th><?php _e( "Two Factor Authentication", "defender-security" ) ?></th>
7	<td aria-live="assertive">











8	<div id="def2">
9	<div class="destroy-sessions">
10	<button type="button" class="button" id="show2AuthActivator">
	@@ -36,7 +47,7 @@
36	<p><strong><?php _e( "2. Scan the barcode", "defender-security" ) ?></strong></p>
37	<p><?php _e( "Open the Google Authenticator app you just downloaded, tap the “+” symbol and then use your phone’s camera to scan the barcode below.", "defender-security" ) ?></p>
38	<img class="barcode"
39	- src="<?php echo \WP_Defender\Module\Advanced_Tools\Component\Auth_API::generateQRCode( get_site_url(), $secretKey, 149, 149, ~~'wp-defender'~~ ) ?>"/>
40	<div class="line"></div>
41	<p><strong><?php _e( "3. Enter passcode", "defender-security" ) ?></strong></p>
42	<p>
	@@ -92,6 +103,13 @@
92	}
93	}
94	})
95	- })
96	})
97	- </script>


5	<tr class="user-sessions-wrap hide-if-no-js">
6	<th><?php _e( "Two Factor Authentication", "defender-security" ) ?></th>
7	<td aria-live="assertive">
8	+ <?php
9	+ $settings = \WP_Defender\Module\Advanced_Tools\Model\Auth_Settings::instance();
10	+ if ( $settings->forceAuth ):
11	+ ?>
12	+ <div class="def-warning">
13	+ <i class="dashicons dashicons-warning" aria-hidden="true"></i>
14	+ <?php
15	+ echo $settings->forceAuthMess
16	+ ?>
17	+ </div>
18	+ <?php endif; ?>
19	<div id="def2">
20	<div class="destroy-sessions">
21	<button type="button" class="button" id="show2AuthActivator">

47	<p><strong><?php _e( "2. Scan the barcode", "defender-security" ) ?></strong></p>
48	<p><?php _e( "Open the Google Authenticator app you just downloaded, tap the “+” symbol and then use your phone’s camera to scan the barcode below.", "defender-security" ) ?></p>
49	<img class="barcode"
50	+ src="<?php echo \WP_Defender\Module\Advanced_Tools\Component\Auth_API::generateQRCode( get_site_url(), $secretKey, 149, 149, get_site_url() ) ?>"/>
51	<div class="line"></div>
52	<p><strong><?php _e( "3. Enter passcode", "defender-security" ) ?></strong></p>
53	<p>

103	}
104	}
105	})
106	+ });
107	})
108	+ </script>
109	+ <?php if ( $settings->forceAuth ): ?>
110	+ <script type="text/javascript">
111	+ if (!window.location.hash) {
112	+ window.location.hash = '#show2AuthActivator';
113	+ }
114	+ </script>
115	+ <?php endif; ?>

app/module/advanced-tools/view/login/otp.php CHANGED Viewed

	@@ -157,6 +157,7 @@ $separator = is_rtl() ? ' &rsaquo; ' : ' &lsaquo; ';
157	do_action( 'login_header' );
158	?>
159	<div id="login">

160	<h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"
161	tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1>
162	<?php
	@@ -229,12 +230,26 @@ do_action( 'login_header' );
229	<input type="hidden" name="redirect_to" value="<?php echo $redirect_to ?>"/>
230	<?php wp_nonce_field( 'DefOtpCheck' ) ?>
231	</form>













232	<?php if ( \WP_Defender\Module\Advanced_Tools\Model\Auth_Settings::instance()->lostPhone ): ?>
233	<p id="nav">
234	<a id="lostPhone"
235	href="<?php echo admin_url( 'admin-ajax.php?action=defRetrieveOTP&token=' . $loginToken . '&nonce=' . wp_create_nonce( 'defRetrieveOTP' ) ) ?>">
236	<?php _e( "Lost your device?", "defender-security" ) ?></a>
237	- <img class="def-ajaxloader" ~~src="<?php echo wp_defender()->getPluginUrl().'app/module/advanced-tools/img/spinner.svg' ?>"/>~~

238	<strong class="notification">
239
240	</strong>


157	do_action( 'login_header' );
158	?>
159	<div id="login">
160	+
161	<h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"
162	tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1>
163	<?php

230	<input type="hidden" name="redirect_to" value="<?php echo $redirect_to ?>"/>
231	<?php wp_nonce_field( 'DefOtpCheck' ) ?>
232	</form>
233	+ <?php
234	+ $settings = \WP_Defender\Module\Advanced_Tools\Model\Auth_Settings::instance();
235	+
236	+ if ( wp_defender()->isFree == false && $settings->customGraphic ) {
237	+ ?>
238	+ <style type="text/css">
239	+ body.login div#login h1 a {
240	+ background-image: url("<?php echo $settings->customGraphicURL ?>");
241	+ }
242	+ </style>
243	+ <?php
244	+ }
245	+ ?>
246	<?php if ( \WP_Defender\Module\Advanced_Tools\Model\Auth_Settings::instance()->lostPhone ): ?>
247	<p id="nav">
248	<a id="lostPhone"
249	href="<?php echo admin_url( 'admin-ajax.php?action=defRetrieveOTP&token=' . $loginToken . '&nonce=' . wp_create_nonce( 'defRetrieveOTP' ) ) ?>">
250	<?php _e( "Lost your device?", "defender-security" ) ?></a>
251	+ <img class="def-ajaxloader"
252	+ src="<?php echo wp_defender()->getPluginUrl() . 'app/module/advanced-tools/img/spinner.svg' ?>"/>
253	<strong class="notification">
254
255	</strong>

app/module/advanced-tools/view/main-free.php ADDED Viewed

	@@ -0,0 +1,194 @@


1	+ <div class="dev-box is-clipped">
2	+ <div class="box-title">
3	+ <h3 class="def-issues-title">
4	+ <?php _e( "Two-Factor Authentication", "defender-security" ) ?>
5	+ </h3>
6	+ </div>
7	+ <div class="box-content issues-box-content">
8	+ <form method="post" id="advanced-settings-frm" class="advanced-settings-frm">
9	+ <?php
10	+ $class = 'line';
11	+ $enabledRoles = $settings->userRoles;
12	+
13	+ ?>
14	+ <p class="<?php echo $class ?>"><?php _e( "Configure your two-factor authentication settings. Our recommendations are enabled by default.", "defender-security" ) ?></p>
15	+ <?php if ( isset( wp_defender()->global['compatibility'] ) ): ?>
16	+ <div class="well well-error with-cap mline">
17	+ <i class="def-icon icon-warning icon-yellow "></i>
18	+ <?php echo implode( '<br/>', array_unique( wp_defender()->global['compatibility'] ) ); ?>
19	+ </div>
20	+ <?php endif; ?>
21	+ <?php
22	+ if ( count( $enabledRoles ) ):
23	+ ?>
24	+ <div class="well well-green with-cap">
25	+ <i class="def-icon icon-tick"></i>
26	+ <?php
27	+ printf( __( "<strong>Two-factor authentication is now active.</strong> User roles with this feature enabled must visit their <a href='%s'>Profile page</a> to complete setup and sync their account with the Authenticator app.", "defender-security" ),
28	+ admin_url( 'profile.php' ) );
29	+ ?>
30	+ </div>
31	+ <?php else: ?>
32	+ <div class="well well-yellow with-cap">
33	+ <i class="def-icon icon-warning"></i>
34	+ <?php
35	+ _e( "<strong>Two-factor authentication is currently inactive.</strong> Configure and save your settings to complete setup.", "defender-security" )
36	+ ?>
37	+ </div>
38	+ <?php endif; ?>
39	+ <div class="columns">
40	+ <div class="column is-one-third">
41	+ <label><?php _e( "User Roles", "defender-security" ) ?></label>
42	+ <span class="sub">
43	+ <?php _e( "Choose the user roles you want to enable two-factor authentication for. Users with those roles will then be required to use the Google Authenticator app to login.", "defender-security" ) ?>
44	+ </span>
45	+ </div>
46	+ <div class="column">
47	+ <ul class="dev-list marginless">
48	+ <li class="list-header">
49	+ <div>
50	+ <span class="list-label"><?php _e( "User role", "defender-security" ) ?></span>
51	+ </div>
52	+ </li>
53	+ <?php
54	+ $enabledRoles = $settings->userRoles;
55	+ $allRoles = get_editable_roles();
56	+ foreach ( $allRoles as $role => $detail ):
57	+ ?>
58	+ <li>
59	+ <div>
60	+ <span class="list-label">
61	+ <?php echo $detail['name'] ?>
62	+ </span>
63	+ <div class="list-detail">
64	+ <span class="toggle">
65	+ <input type="checkbox" <?php echo in_array( $role, $enabledRoles ) ? 'checked="checked"' : null ?>
66	+ name="userRoles[]"
67	+ value="<?php echo esc_attr( $role ) ?>"
68	+ class="toggle-checkbox"
69	+ id="toggle_<?php echo esc_attr( $role ) ?>_role"/>
70	+ <label class="toggle-label"
71	+ for="toggle_<?php echo esc_attr( $role ) ?>_role"></label>
72	+ </span>
73	+ </div>
74	+ </div>
75	+ </li>
76	+ <?php endforeach; ?>
77	+ </ul>
78	+ </div>
79	+ </div>
80	+ <div class="columns">
81	+ <div class="column is-one-third">
82	+ <label><?php _e( "Lost Phone", "defender-security" ) ?></label>
83	+ <span class="sub">
84	+ <?php _e( "If a user is unable to access their phone, you can allow an option to send the one time password to their registered email.", "defender-security" ) ?>
85	+ </span>
86	+ </div>
87	+ <div class="column">
88	+ <span class="toggle">
89	+ <input type="hidden" name="lostPhone" value="0"/>
90	+ <input type="checkbox" <?php checked( 1, $settings->lostPhone ) ?> name="lostPhone" value="1"
91	+ class="toggle-checkbox" id="toggle_lost_phone"/>
92	+ <label class="toggle-label" for="toggle_lost_phone"></label>
93	+ </span>
94	+ <span><?php _e( "Enable lost phone option", "defender-security" ) ?></span>
95	+ </div>
96	+ </div>
97	+ <div class="columns no-shadow">
98	+ <div class="column is-one-third">
99	+ <label><?php _e( "Force Authentication", "defender-security" ) ?></label>
100	+ <span class="sub">
101	+ <?php _e( "By default, two-factor authentication is optional for users. This setting forces users to activate two-factor.", "defender-security" ) ?>
102	+ </span>
103	+ </div>
104	+ <div class="column">
105	+ <span class="toggle">
106	+ <input type="hidden" name="forceAuth" value="0"/>
107	+ <input type="checkbox" <?php checked( 1, $settings->forceAuth ) ?> name="forceAuth" value="1"
108	+ class="toggle-checkbox" id="toggle_force_auth"/>
109	+ <label class="toggle-label" for="toggle_force_auth"></label>
110	+ </span>
111	+ <span><?php _e( "Force users to log in with two-factor authentication", "defender-security" ) ?></span>
112	+ <span class="form-help"><?php _e( "Note: Users will be forced to set up two-factor when they next login.", "defender-security" ) ?></span>
113	+ <div class="well well-white <?php echo $settings->forceAuth == false ? 'is-hidden' : null ?>">
114	+ <p>
115	+ <span class="form-help"><strong><?php _e( "Custom warning message", "defender-security" ) ?></strong></span>
116	+ </p>
117	+ <textarea name="forceAuthMess"><?php echo $settings->forceAuthMess ?></textarea>
118	+ <p>
119	+ <span class="form-help"><?php _e( "Note: This is shown in the users Profile area indicating they must use two-factor authentication.", "defender-security" ) ?></span>
120	+ </p>
121	+ </div>
122	+ </div>
123	+ </div>
124	+ <div class="columns no-shadow">
125	+ <a href="<?php echo \WP_Defender\Behavior\Utils::instance()->campaignURL( 'defender_twofactor_whitelabel_pro_tag' ) ?>"
126	+ role="button" target="_blank" class="button button-small button-pre">
127	+ <?php _e( "Pro Feature", "defender-security" ) ?></a>
128	+ <div class="column is-one-third">
129	+ <label><?php _e( "Custom Graphic", "defender-security" ) ?></label>
130	+ <span class="sub">
131	+ <?php _e( "By default, Defender’s icon appears above the login fields. You can upload your own branding, or turn this feature off.", "defender-security" ) ?>
132	+ </span>
133	+ </div>
134	+ <div class="column">
135	+ <span class="toggle">
136	+ <input type="checkbox" class="toggle-checkbox" id="customGraphic"/>
137	+ <label class="toggle-label" for="customGraphic"></label>
138	+ </span>
139	+ <span><?php _e( "Enable custom graphics above login fields", "defender-security" ) ?></span>
140	+ </div>
141	+ <div class="feature-disabled">
142	+
143	+ </div>
144	+ </div>
145	+ <div class="columns">
146	+ <div class="column is-one-third">
147	+ <label><?php _e( "App Download", "defender-security" ) ?></label>
148	+ <span class="sub">
149	+ <?php _e( "Need the app? Here’s links to the official Google Authenticator apps.", "defender-security" ) ?>
150	+ </span>
151	+ </div>
152	+ <div class="column">
153	+ <a href="https://itunes.apple.com/vn/app/google-authenticator/id388497605?mt=8">
154	+ <img src="<?php echo wp_defender()->getPluginUrl() . 'assets/img/ios-download.svg' ?>"/>
155	+ </a>
156	+ <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">
157	+ <img src="<?php echo wp_defender()->getPluginUrl() . 'assets/img/android-download.svg' ?>"/>
158	+ </a>
159	+ </div>
160	+ </div>
161	+ <div class="columns">
162	+ <div class="column is-one-third">
163	+ <label><?php _e( "Active Users", "defender-security" ) ?></label>
164	+ <span class="sub">
165	+ <?php _e( "Here’s a quick link to see which of your users have enabled two-factor verification.", "defender-security" ) ?>
166	+ </span>
167	+ </div>
168	+ <div class="column">
169	+ <?php printf( __( "<a href=\"%s\">View users</a> who have enabled this feature.", "defender-security" ), network_admin_url( 'users.php' ) ) ?>
170	+ </div>
171	+ </div>
172	+ <div class="columns mline">
173	+ <div class="column is-one-third">
174	+ <label><?php _e( "Deactivate", "defender-security" ) ?></label>
175	+ <span class="sub">
176	+ <?php _e( "Disable two-factor authentication on your website.", "defender-security" ) ?>
177	+ </span>
178	+ </div>
179	+ <div class="column">
180	+ <button type="button" class="button button-secondary deactivate-2factor">
181	+ <?php _e( "Deactivate", "defender-security" ) ?>
182	+ </button>
183	+ </div>
184	+ </div>
185	+ <div class="clear line"></div>
186	+ <input type="hidden" name="action" value="saveAdvancedSettings"/>
187	+ <?php wp_nonce_field( 'saveAdvancedSettings' ) ?>
188	+ <button type="submit" class="button button-primary float-r">
189	+ <?php _e( "SAVE SETTINGS", "defender-security" ) ?>
190	+ </button>
191	+ <div class="clear"></div>
192	+ </form>
193	+ </div>
194	+ </div>

app/module/advanced-tools/view/main.php CHANGED Viewed

@@ -7,7 +7,7 @@
                 <div class="box-content issues-box-content">
                     <form method="post" id="advanced-settings-frm" class="advanced-settings-frm">
             			<?php
-            -
            			$class = 'line';
             			$enabledRoles = $settings->userRoles;
             			?>
@@ -15,7 +15,7 @@
             			<?php if ( isset( wp_defender()->global['compatibility'] ) ): ?>
                             <div class="well well-error with-cap mline">
                                 <i class="def-icon icon-warning icon-yellow "></i>
-            -
            					<?php echo implode( '<br/>', wp_defender()->global['compatibility'] ); ?>
                             </div>
             			<?php endif; ?>
             			<?php
@@ -87,13 +87,71 @@
                             <div class="column">
                                 <span class="toggle">
                                     <input type="hidden" name="lostPhone" value="0"/>
-            -
                                    <input type="checkbox" checked="checked" name="lostPhone" value="1"
                                            class="toggle-checkbox" id="toggle_lost_phone"/>
                                     <label class="toggle-label" for="toggle_lost_phone"></label>
                                 </span>&nbsp;
                                 <span><?php _e( "Enable lost phone option", "defender-security" ) ?></span>
                             </div>
                         </div>
                         <div class="columns">
                             <div class="column is-one-third">
                                 <label><?php _e( "App Download", "defender-security" ) ?></label>


7	<div class="box-content issues-box-content">
8	<form method="post" id="advanced-settings-frm" class="advanced-settings-frm">
9	<?php
10	+ $class = 'line';
11	$enabledRoles = $settings->userRoles;
12
13	?>

15	<?php if ( isset( wp_defender()->global['compatibility'] ) ): ?>
16	<div class="well well-error with-cap mline">
17	<i class="def-icon icon-warning icon-yellow "></i>
18	+ <?php echo implode( '<br/>', array_unique( wp_defender()->global['compatibility'] ) ); ?>
19	</div>
20	<?php endif; ?>
21	<?php

87	<div class="column">
88	<span class="toggle">
89	<input type="hidden" name="lostPhone" value="0"/>
90	+ <input type="checkbox" <?php checked( 1, $settings->lostPhone ) ?> name="lostPhone" value="1"
91	class="toggle-checkbox" id="toggle_lost_phone"/>
92	<label class="toggle-label" for="toggle_lost_phone"></label>
93	</span>
94	<span><?php _e( "Enable lost phone option", "defender-security" ) ?></span>
95	</div>
96	</div>
97	+ <div class="columns">
98	+ <div class="column is-one-third">
99	+ <label><?php _e( "Force Authentication", "defender-security" ) ?></label>
100	+ <span class="sub">
101	+ <?php _e( "By default, two-factor authentication is optional for users. This setting forces users to activate two-factor.", "defender-security" ) ?>
102	+ </span>
103	+ </div>
104	+ <div class="column">
105	+ <span class="toggle">
106	+ <input type="hidden" name="forceAuth" value="0"/>
107	+ <input type="checkbox" <?php checked( 1, $settings->forceAuth ) ?> name="forceAuth" value="1"
108	+ class="toggle-checkbox" id="toggle_force_auth"/>
109	+ <label class="toggle-label" for="toggle_force_auth"></label>
110	+ </span>
111	+ <span><?php _e( "Force users to log in with two-factor authentication", "defender-security" ) ?></span>
112	+ <span class="form-help"><?php _e( "Note: Users will be forced to set up two-factor when they next login.", "defender-security" ) ?></span>
113	+ <div class="well well-white <?php echo $settings->forceAuth == false ? 'is-hidden' : null ?>">
114	+ <p>
115	+ <span class="form-help"><strong><?php _e( "Custom warning message", "defender-security" ) ?></strong></span>
116	+ </p>
117	+ <textarea name="forceAuthMess"><?php echo $settings->forceAuthMess ?></textarea>
118	+ <p>
119	+ <span class="form-help"><?php _e( "Note: This is shown in the users Profile area indicating they must use two-factor authentication.", "defender-security" ) ?></span>
120	+ </p>
121	+ </div>
122	+ </div>
123	+ </div>
124	+ <div class="columns">
125	+ <div class="column is-one-third">
126	+ <label><?php _e( "Custom Graphic", "defender-security" ) ?></label>
127	+ <span class="sub">
128	+ <?php _e( "By default, Defender’s icon appears above the login fields. You can upload your own branding, or turn this feature off.", "defender-security" ) ?>
129	+ </span>
130	+ </div>
131	+ <div class="column">
132	+ <span class="toggle">
133	+ <input type="hidden" name="customGraphic" value="0"/>
134	+ <input type="checkbox" <?php checked( 1, $settings->customGraphic ) ?> name="customGraphic"
135	+ value="1"
136	+ class="toggle-checkbox" id="customGraphic"/>
137	+ <label class="toggle-label" for="customGraphic"></label>
138	+ </span>
139	+ <span><?php _e( "Enable custom graphics above login fields", "defender-security" ) ?></span>
140	+ <span class="form-help"></span>
141	+ <div class="well well-white <?php echo $settings->customGraphic == false ? 'is-hidden' : null ?>">
142	+ <p>
143	+ <span class="form-help"><strong><?php _e( "Custom Graphic", "defender-security" ) ?></strong>
144	+ - <?php _e( "For best results use a 168x168px JPG or PNG.", "defender-security" ) ?></span>
145	+ </p>
146	+ <input type="hidden" id="customGraphicURL" name="customGraphicURL"
147	+ value="<?php echo $settings->customGraphicURL ?>"/>
148	+ <button type="button" class="button button-light file-picker">
149	+ <i class="wdv-icon wdv-icon-fw wdv-icon-plus-sign"></i>
150	+ </button>
151	+ <img id="customGraphicIMG" height="40" src="<?php echo $settings->customGraphicURL ?>">
152	+ </div>
153	+ </div>
154	+ </div>
155	<div class="columns">
156	<div class="column is-one-third">
157	<label><?php _e( "App Download", "defender-security" ) ?></label>

app/module/advanced-tools/view/mask-login/disabled.php ADDED Viewed

	@@ -0,0 +1,24 @@


1	+ <div class="dev-box">
2	+ <div class="box-title">
3	+ <h3 class="def-issues-title">
4	+ <?php _e( "Mask Login Area", "defender-security" ) ?>
5	+ </h3>
6	+ </div>
7	+ <div class="box-content issues-box-content tc">
8	+ <img src="<?php echo wp_defender()->getPluginUrl() . 'assets/img/2factor-disabled.svg' ?>"/>
9	+ <p>
10	+ <?php _e( "Change the location of WordPress’s default wp-admin and wp-login URLs to make it harder for automated bots to find, and more convenient for your users.", "defender-security" ) ?>
11	+ </p>
12	+ <form method="post" id="advanced-settings-frm" class="advanced-settings-frm">
13	+
14	+ <div class="clear line"></div>
15	+ <input type="hidden" name="action" value="saveATMaskLoginSettings"/>
16	+ <?php wp_nonce_field( 'saveATMaskLoginSettings' ) ?>
17	+ <input type="hidden" name="enabled" value="1"/>
18	+ <button type="submit" class="button button-primary">
19	+ <?php _e( "Activate", "defender-security" ) ?>
20	+ </button>
21	+ <div class="clear"></div>
22	+ </form>
23	+ </div>
24	+ </div>

app/module/advanced-tools/view/mask-login/enabled.php ADDED Viewed

	@@ -0,0 +1,93 @@


1	+ <div class="dev-box">
2	+ <div class="box-title">
3	+ <h3 class="def-issues-title">
4	+ <?php _e( "Mask Login Area", "defender-security" ) ?>
5	+ </h3>
6	+ </div>
7	+ <div class="box-content issues-box-content">
8	+ <form method="post" id="ad-mask-settings-frm" class="advanced-settings-frm">
9	+ <p class="line"><?php _e( "Change your default wp-admin and wp-content login URL.", "defender-security" ) ?></p>
10	+ <?php if ( isset( wp_defender()->global['compatibility'] ) ): ?>
11	+ <div class="well well-error with-cap">
12	+ <i class="def-icon icon-warning icon-yellow "></i>
13	+ <?php echo implode( '<br/>', array_unique( wp_defender()->global['compatibility'] ) ); ?>
14	+ </div>
15	+ <?php else: ?>
16	+ <?php if ( strlen( trim( $settings->maskUrl ) ) == 0 ): ?>
17	+ <div class="well well-yellow with-cap">
18	+ <i class="def-icon icon-warning icon-yellow "></i>
19	+ <?php _e( "Masking is currently inactive. Choose your URL and save your settings to finish setup. ", "defender-security" ) ?>
20	+ </div>
21	+ <?php else: ?>
22	+ <div class="well well-green with-cap">
23	+ <i class="def-icon icon-tick"></i>
24	+ <?php printf( __( "Masking is currently active at <strong>%s</strong>", "defender-security" ), \WP_Defender\Module\Advanced_Tools\Component\Mask_Api::getNewLoginUrl() ) ?>
25	+ </div>
26	+ <?php endif; ?>
27	+ <?php endif; ?>
28	+
29	+ <input type="hidden" name="action" value="saveATMaskLoginSettings"/>
30	+ <?php wp_nonce_field( 'saveATMaskLoginSettings' ) ?>
31	+ <div class="columns">
32	+ <div class="column is-one-third">
33	+ <label><?php _e( "Masking URLs", "defender-security" ) ?></label>
34	+ <span class="sub">
35	+ <?php _e( "Choose the new URL slug where users of your website will now navigate to to log in, register or administrate.", "defender-security" ) ?>
36	+ </span>
37	+ </div>
38	+ <div class="column">
39	+ <span class="form-help"><?php _e( "You can specify any URLs. For security reasons, less obvious URLs are recommended as they are harder for bots to guess.", "defender-security" ) ?></span>
40	+ <span class="form-help"><strong><?php _e( "New Login URL", "defender-security" ) ?></strong></span>
41	+ <input type="text" class="tl block" name="maskUrl" value="<?php echo $settings->maskUrl ?>"/>
42	+ <span class="form-help-s"><?php printf( __( "Users will login at <strong>%s</strong>", "defender-security" ), get_site_url() . '/' . $settings->maskUrl ) ?></span>
43	+ </div>
44	+ </div>
45	+ <div class="columns">
46	+ <div class="column is-one-third">
47	+ <label><?php _e( "Redirect traffic", "defender-security" ) ?></label>
48	+ <span class="sub">
49	+ <?php _e( "With this feature you can send visitors and bots who try to visit the default Wordpress login URLs to a separate URL to avoid 404s.", "defender-security" ) ?>
50	+ </span>
51	+ </div>
52	+ <div class="column">
53	+ <span class="toggle">
54	+ <input type="hidden" name="redirectTraffic" value="0"/>
55	+ <input type="checkbox" <?php checked( 1, $settings->redirectTraffic ) ?> name="redirectTraffic"
56	+ value="1"
57	+ class="toggle-checkbox" id="redirectTraffic"/>
58	+ <label class="toggle-label" for="redirectTraffic"></label>
59	+ </span>
60	+ <span><?php _e( "Enable 404 redirection", "defender-security" ) ?></span>
61	+ <div class="clear line"></div>
62	+ <div class="well well-white <?php echo $settings->redirectTraffic == false ? 'is-hidden' : null ?>">
63	+ <p>
64	+ <span class="form-help"><strong><?php _e( "Redirection URL", "defender-security" ) ?></strong></span>
65	+ </p>
66	+ <input type="text" class="block" name="redirectTrafficUrl"
67	+ value="<?php echo $settings->redirectTrafficUrl ?>">
68	+ <?php if ( strlen( $settings->redirectTrafficUrl ) ): ?>
69	+ <p>
70	+ <span class="form-help-s"><?php printf( __( "Visitors who visit the default login URLs will be redirected to <strong>%s</strong>", "defender-security" ), get_site_url() . '/' . $settings->redirectTrafficUrl ) ?></span>
71	+ </p>
72	+ <?php endif; ?>
73	+ </div>
74	+ </div>
75	+ </div>
76	+ <div class="columns mline">
77	+ <div class="column is-one-third">
78	+ <label><?php _e( "Deactivate", "defender-security" ) ?></label>
79	+ </div>
80	+ <div class="column">
81	+ <button type="button" class="button button-secondary deactivate-atmasking">
82	+ <?php _e( "Deactivate", "defender-security" ) ?>
83	+ </button>
84	+ </div>
85	+ </div>
86	+ <div class="clear line"></div>
87	+ <button type="submit" class="button button-primary float-r">
88	+ <?php _e( "Save Settings", "defender-security" ) ?>
89	+ </button>
90	+ <div class="clear"></div>
91	+ </form>
92	+ </div>
93	+ </div>

app/module/hardener/component/change-admin.php CHANGED Viewed

	@@ -53,8 +53,9 @@ class Change_Admin extends Rule {
53	} else {
54	Settings::instance()->addToResolved( self::$slug );
55	wp_send_json_success( array(
56	- 'message' => sprintf( __( "Your admin name has changed. You will need to <a href='~~" . wp_login_url() . "~~'><strong>%s</strong></a>.<br/>This will auto reload after <span class='hardener-timer'>10</span> seconds.", "defender-security" ), "re-login" ),
57	- 'reload' => 10

58	) );
59	}
60	}


53	} else {
54	Settings::instance()->addToResolved( self::$slug );
55	wp_send_json_success( array(
56	+ 'message' => sprintf( __( "Your admin name has changed. You will need to <a href='%s'><strong>%s</strong></a>.<br/>This will auto reload after <span class='hardener-timer'>10</span> seconds.", "defender-security" ), wp_login_url( network_admin_url( 'admin.php?page=wdf-hardener' ) ), "re-login" ),
57	+ 'reload' => 10,
58	+ 'url' => wp_login_url( network_admin_url( 'admin.php?page=wdf-hardener' ) )
59	) );
60	}
61	}

app/module/hardener/component/security-key.php CHANGED Viewed

	@@ -16,11 +16,11 @@ class Security_Key extends Rule {
16	static $service;
17
18	function getDescription() {
19	- $settings = Settings::instance();
20	- $time = $settings->getDValues( Security_Key_Service::CACHE_KEY );
21	- $interval = $settings->getDValues( 'securityReminderDuration' );
22	- if ( !$interval ) {
23	- $interval = Security_Key_Service::DEFAULT_DAYS;
24	}
25	if ( $time ) {
26	$daysAgo = ( time() - $time ) / ( 60 * 60 * 24 );
	@@ -79,8 +79,9 @@ class Security_Key extends Rule {
79	} else {
80	Settings::instance()->addToResolved( self::$slug );
81	wp_send_json_success( array(
82	- 'message' => sprintf( __( 'All key salts have been regenerated. You will now need to <a href="%s"><strong>re-login</strong></a>.<br/>This will auto reload after <span class="hardener-timer">10</span> seconds.', "defender-security" ), network_admin_url( 'admin.php?page=wdf-hardener' ) ),
83	- 'reload' => 10

84	) );
85	}
86	}


16	static $service;
17
18	function getDescription() {
19	+ $settings = Settings::instance();
20	+ $time = $settings->getDValues( Security_Key_Service::CACHE_KEY );
21	+ $interval = $settings->getDValues( 'securityReminderDuration' );
22	+ if ( ! $interval ) {
23	+ $interval = Security_Key_Service::DEFAULT_DAYS;
24	}
25	if ( $time ) {
26	$daysAgo = ( time() - $time ) / ( 60 * 60 * 24 );

79	} else {
80	Settings::instance()->addToResolved( self::$slug );
81	wp_send_json_success( array(
82	+ 'message' => sprintf( __( 'All key salts have been regenerated. You will now need to <a href="%s"><strong>re-login</strong></a>.<br/>This will auto reload after <span class="hardener-timer">10</span> seconds.', "defender-security" ), wp_login_url( network_admin_url( 'admin.php?page=wdf-hardener' ) ) ),
83	+ 'reload' => 10,
84	+ 'url' => wp_login_url( network_admin_url( 'admin.php?page=wdf-hardener' ) )
85	) );
86	}
87	}

app/module/hardener/js/scripts.js CHANGED Viewed

	@@ -3,16 +3,16 @@ jQuery(function ($) {
3	WDHardener.rules();
4
5	//On key up or is a user decides to paste
6	- $('.hardener-instructions textarea.hardener-php-excuted-ignore').on('keyup keypress paste',function(e){
7	var text_val = $(this).val();
8	//We cant allow index.php
9	- if( text_val.includes('index.php')){
10	- text_val = text_val.replace(/index.php/g,'');
11	$(this).val(text_val);
12	}
13
14	//no fancy scripts or html code. We also validate server side
15	- if( /<[a-z][\s\S]*>/i.test(text_val)){
16	text_val = text_val.replace(/<\/?[^>]+(>\|$)/g, "");
17	$(this).val(text_val);
18	}
	@@ -28,42 +28,42 @@ jQuery(function ($) {
28	var excludedFiles = text_val.split('\n');
29	var newRule = "";
30	var $wp_content = $('.hardener-wp-content-dir').val();
31	- $.each(excludedFiles, function(index, file) {
32	- if(file){
33	- newRule += "\n location ~* ^"+$wp_content+"/.*\"+file+"$ {"+
34	- " \n allow all;"+
35	- "\n}";
36	}
37	});
38	$('span.hardener-nginx-extra-instructions').html(newRule);
39	}
40	- if ( $('.hardener-instructions-apache-litespeed').length ) {
41	$('.hardener-update-frm [name="file_paths"]').val(text_val);
42	}
43	- });
44	-
45	- /**
46	- * Validate that the number put is greater than 0 and is actually a number
47	- */
48	- $(document).on('keyup keypress paste','.defender-login-duration', function(){
49	- var text_val = $(this).val();
50	- if( /^-?[0-9]+$/i.test(text_val)){
51	- //is integer
52	- if(text_val <= 0){
53	- $(this).val('');
54	- }
55	- } else{
56	$(this).val('');
57	- }
58	- });
59
60	/**
61	* Pevent PHP update posts toggle
62	*/
63	- $(document).on('change', 'input.trackback-toggle-update-posts', function(){
64	- if(this.checked) {
65	$('.hardener-frm-process-trackback [name="updatePosts"]').val('yes');
66	- }else{
67	$('.hardener-frm-process-trackback [name="updatePosts"]').val('no');
68	}
69	});
	@@ -71,32 +71,32 @@ jQuery(function ($) {
71	/**
72	* Toggle text area
73	*/
74	- $(document).on('click','button.hardener-php-excuted-execption', function(){
75	$('.hardener-instructions textarea.hardener-php-excuted-ignore').toggle('fast');
76	});
77
78	/**
79	* Server select
80	*/
81	- $(document).on('change', 'select.hardener-server-list', function(){
82	var selected = $(this).val();
83	- if($(this).hasClass('information')){
84	- $('.hardener-information').each(function(){
85	$(this).addClass('wd-hide');
86	});
87	- $('.hardener-information-'+selected).removeClass('wd-hide');
88	- }else{
89	- $('.hardener-instructions').each(function(){
90	$(this).addClass('wd-hide');
91	});
92	- $('.hardener-instructions-'+selected).removeClass('wd-hide');
93	}
94	- if( selected == 'apache' \|\| selected == 'litespeed' \|\| selected == 'nginx'){
95	$('.hardener-instructions-extra-exceptions').removeClass('wd-hide');
96	- }else{
97	$('.hardener-instructions-extra-exceptions').addClass('wd-hide');
98	}
99	-
100	});
101
102	$('div.hardener').on('form-submitted', function (e, data, form) {
	@@ -127,10 +127,10 @@ jQuery(function ($) {
127	$('.count-resolved').addClass('wd-hide');
128	}
129	var update_rules = true;
130	- if ( typeof data.data.update !== "undefined" ) {
131	update_rules = false;
132	}
133	- if ( update_rules ) {
134	form.closest('.rule').slideUp(500, function () {
135	$(this).remove();
136	if ($('.rule').size() == 0) {
	@@ -145,6 +145,7 @@ jQuery(function ($) {
145	}
146	});
147	});

148	function debounce(fn, delay) {
149	var timer = null;
150	return function () {
	@@ -155,6 +156,7 @@ function debounce(fn, delay) {
155	}, delay);
156	};
157	}

158	window.WDHardener = window.WDHardener \|\| {};
159
160	WDHardener.formHandler = function () {
	@@ -177,7 +179,7 @@ WDHardener.formHandler = function () {
177	Defender.showNotification('success', data.data.message, false);
178
179	//Count down timer
180	- if(jq('.hardener-timer').length){
181	var duration = data.data.reload;
182	var refreshTimer = setInterval(function () {
183	seconds = parseInt(duration % 60, 10);
	@@ -186,14 +188,22 @@ WDHardener.formHandler = function () {
186
187	if (--duration < 0) {
188	clearInterval(refreshTimer);
189	- ~~location~~.~~reload(~~)




190	}
191	}, 1000);
192	}
193
194	} else {
195	setTimeout(function () {
196	- ~~location~~.~~reload(~~)




197	}, 1500)
198	}
199	} else if (data.data != undefined && data.data.url != undefined) {


3	WDHardener.rules();
4
5	//On key up or is a user decides to paste
6	+ $('.hardener-instructions textarea.hardener-php-excuted-ignore').on('keyup keypress paste', function (e) {
7	var text_val = $(this).val();
8	//We cant allow index.php
9	+ if (text_val.includes('index.php')) {
10	+ text_val = text_val.replace(/index.php/g, '');
11	$(this).val(text_val);
12	}
13
14	//no fancy scripts or html code. We also validate server side
15	+ if (/<[a-z][\s\S]*>/i.test(text_val)) {
16	text_val = text_val.replace(/<\/?[^>]+(>\|$)/g, "");
17	$(this).val(text_val);
18	}

28	var excludedFiles = text_val.split('\n');
29	var newRule = "";
30	var $wp_content = $('.hardener-wp-content-dir').val();
31	+ $.each(excludedFiles, function (index, file) {
32	+ if (file) {
33	+ newRule += "\n location ~* ^" + $wp_content + "/.*\" + file + "$ {" +
34	+ " \n allow all;" +
35	+ "\n}";
36	}
37	});
38	$('span.hardener-nginx-extra-instructions').html(newRule);
39	}
40	+ if ($('.hardener-instructions-apache-litespeed').length) {
41	$('.hardener-update-frm [name="file_paths"]').val(text_val);
42	}
43	+ });
44	+
45	+ /**
46	+ * Validate that the number put is greater than 0 and is actually a number
47	+ */
48	+ $(document).on('keyup keypress paste', '.defender-login-duration', function () {
49	+ var text_val = $(this).val();
50	+ if (/^-?[0-9]+$/i.test(text_val)) {
51	+ //is integer
52	+ if (text_val <= 0) {
53	+ $(this).val('');
54	+ }
55	+ } else {
56	$(this).val('');
57	+ }
58	+ });
59
60	/**
61	* Pevent PHP update posts toggle
62	*/
63	+ $(document).on('change', 'input.trackback-toggle-update-posts', function () {
64	+ if (this.checked) {
65	$('.hardener-frm-process-trackback [name="updatePosts"]').val('yes');
66	+ } else {
67	$('.hardener-frm-process-trackback [name="updatePosts"]').val('no');
68	}
69	});

71	/**
72	* Toggle text area
73	*/
74	+ $(document).on('click', 'button.hardener-php-excuted-execption', function () {
75	$('.hardener-instructions textarea.hardener-php-excuted-ignore').toggle('fast');
76	});
77
78	/**
79	* Server select
80	*/
81	+ $(document).on('change', 'select.hardener-server-list', function () {
82	var selected = $(this).val();
83	+ if ($(this).hasClass('information')) {
84	+ $('.hardener-information').each(function () {
85	$(this).addClass('wd-hide');
86	});
87	+ $('.hardener-information-' + selected).removeClass('wd-hide');
88	+ } else {
89	+ $('.hardener-instructions').each(function () {
90	$(this).addClass('wd-hide');
91	});
92	+ $('.hardener-instructions-' + selected).removeClass('wd-hide');
93	}
94	+ if (selected == 'apache' \|\| selected == 'litespeed' \|\| selected == 'nginx') {
95	$('.hardener-instructions-extra-exceptions').removeClass('wd-hide');
96	+ } else {
97	$('.hardener-instructions-extra-exceptions').addClass('wd-hide');
98	}
99	+
100	});
101
102	$('div.hardener').on('form-submitted', function (e, data, form) {

127	$('.count-resolved').addClass('wd-hide');
128	}
129	var update_rules = true;
130	+ if (typeof data.data.update !== "undefined") {
131	update_rules = false;
132	}
133	+ if (update_rules) {
134	form.closest('.rule').slideUp(500, function () {
135	$(this).remove();
136	if ($('.rule').size() == 0) {

145	}
146	});
147	});
148	+
149	function debounce(fn, delay) {
150	var timer = null;
151	return function () {

156	}, delay);
157	};
158	}
159	+
160	window.WDHardener = window.WDHardener \|\| {};
161
162	WDHardener.formHandler = function () {

179	Defender.showNotification('success', data.data.message, false);
180
181	//Count down timer
182	+ if (jq('.hardener-timer').length) {
183	var duration = data.data.reload;
184	var refreshTimer = setInterval(function () {
185	seconds = parseInt(duration % 60, 10);

188
189	if (--duration < 0) {
190	clearInterval(refreshTimer);
191	+ if (data.data != undefined && data.data.url != undefined) {
192	+ location.href = data.data.url;
193	+ } else {
194	+ location.reload()
195	+ }
196	}
197	}, 1000);
198	}
199
200	} else {
201	setTimeout(function () {
202	+ if (data.data != undefined && data.data.url != undefined) {
203	+ location.href = data.data.url;
204	+ } else {
205	+ location.reload()
206	+ }
207	}, 1500)
208	}
209	} else if (data.data != undefined && data.data.url != undefined) {

app/module/ip-lockout/model/settings.php CHANGED Viewed

	@@ -58,7 +58,7 @@ class Settings extends \Hammer\WP\Settings {
58	public $cache = array();
59
60	public function __construct( $id, $isMulti ) {
61	- if ( is_admin() \|\| is_network_admin() && current_user_can( 'manage_options' ) ) {
62	$this->receipts[] = get_current_user_id();
63	$this->report_receipts[] = get_current_user_id();
64	$this->ip_whitelist = $this->getUserIp() . PHP_EOL;


58	public $cache = array();
59
60	public function __construct( $id, $isMulti ) {
61	+ if ( ( is_admin() \|\| is_network_admin() ) && current_user_can( 'manage_options' ) ) {
62	$this->receipts[] = get_current_user_id();
63	$this->report_receipts[] = get_current_user_id();
64	$this->ip_whitelist = $this->getUserIp() . PHP_EOL;

assets/css/defender-icon.css CHANGED Viewed

@@ -14,4 +14,20 @@
             .def-oval.oval-green {
                 background-color: #1ABC9C;
+            }


14
15	.def-oval.oval-green {
16	background-color: #1ABC9C;
17	+ }
18	+
19	+ .def-warning {
20	+ border-radius: 4px;
21	+ background-color: #FFF5D5;
22	+ color: #666;
23	+ padding: 10px 20px;
24	+ font-size: 14px;
25	+ font-style: italic;
26	+ max-width: 100%;
27	+ display: inline-block;
28	+ margin-bottom: 10px;
29	+ }
30	+
31	+ .def-warning i {
32	+ color: #FECF2F
33	}

assets/css/styles.css CHANGED Viewed

	@@ -198,6 +198,9 @@
198	background-repeat: no-repeat;
199	background-position: 50% 102%;
200	padding-bottom: 110px !important; }



201	.wpmud .wd-calendar {
202	background-color: white;
203	margin-top: 10px;
	@@ -306,6 +309,17 @@
306	background-image: url("../img/audit-presale.svg"); }
307	.wpmud .reporting-sale.audit-widget .presale-text div {
308	width: 67%; }











309	.wpmud .sale-overlay {
310	width: 100%;
311	height: 100%;
	@@ -335,6 +349,9 @@
335	position: absolute;
336	bottom: 30px;
337	right: 30px; }



338	.wpmud .feature-pre-require {
339	position: relative; }
340	.wpmud .feature-pre-require input, .wpmud .feature-pre-require label {
	@@ -367,6 +384,9 @@
367	font-size: 13px;
368	color: #333;
369	line-height: 22px; }



370	.wpmud .presale-text div:before {
371	content: '';
372	display: inline-block;
	@@ -725,14 +745,14 @@
725	margin-left: 25%; }
726	.columns.is-mobile > .wp-defender .column.is-1 {
727	flex: none;
728	- width: 8.~~3333333333~~%; }
729	.columns.is-mobile > .wp-defender .column.is-offset-1 {
730	- margin-left: 8.~~3333333333~~%; }
731	.columns.is-mobile > .wp-defender .column.is-2 {
732	flex: none;
733	- width: 16.~~6666666667~~%; }
734	.columns.is-mobile > .wp-defender .column.is-offset-2 {
735	- margin-left: 16.~~6666666667~~%; }
736	.columns.is-mobile > .wp-defender .column.is-3 {
737	flex: none;
738	width: 25%; }
	@@ -740,14 +760,14 @@
740	margin-left: 25%; }
741	.columns.is-mobile > .wp-defender .column.is-4 {
742	flex: none;
743	- width: 33.~~3333333333~~%; }
744	.columns.is-mobile > .wp-defender .column.is-offset-4 {
745	- margin-left: 33.~~3333333333~~%; }
746	.columns.is-mobile > .wp-defender .column.is-5 {
747	flex: none;
748	- width: 41.~~6666666667~~%; }
749	.columns.is-mobile > .wp-defender .column.is-offset-5 {
750	- margin-left: 41.~~6666666667~~%; }
751	.columns.is-mobile > .wp-defender .column.is-6 {
752	flex: none;
753	width: 50%; }
	@@ -755,14 +775,14 @@
755	margin-left: 50%; }
756	.columns.is-mobile > .wp-defender .column.is-7 {
757	flex: none;
758	- width: 58.~~3333333333~~%; }
759	.columns.is-mobile > .wp-defender .column.is-offset-7 {
760	- margin-left: 58.~~3333333333~~%; }
761	.columns.is-mobile > .wp-defender .column.is-8 {
762	flex: none;
763	- width: 66.~~6666666667~~%; }
764	.columns.is-mobile > .wp-defender .column.is-offset-8 {
765	- margin-left: 66.~~6666666667~~%; }
766	.columns.is-mobile > .wp-defender .column.is-9 {
767	flex: none;
768	width: 75%; }
	@@ -770,14 +790,14 @@
770	margin-left: 75%; }
771	.columns.is-mobile > .wp-defender .column.is-10 {
772	flex: none;
773	- width: 83.~~3333333333~~%; }
774	.columns.is-mobile > .wp-defender .column.is-offset-10 {
775	- margin-left: 83.~~3333333333~~%; }
776	.columns.is-mobile > .wp-defender .column.is-11 {
777	flex: none;
778	- width: 91.~~6666666667~~%; }
779	.columns.is-mobile > .wp-defender .column.is-offset-11 {
780	- margin-left: 91.~~6666666667~~%; }
781	.columns.is-mobile > .wp-defender .column.is-12 {
782	flex: none;
783	width: 100%; }
	@@ -816,14 +836,14 @@
816	margin-left: 25%; }
817	.wp-defender .column.is-1-mobile {
818	flex: none;
819	- width: 8.~~3333333333~~%; }
820	.wp-defender .column.is-offset-1-mobile {
821	- margin-left: 8.~~3333333333~~%; }
822	.wp-defender .column.is-2-mobile {
823	flex: none;
824	- width: 16.~~6666666667~~%; }
825	.wp-defender .column.is-offset-2-mobile {
826	- margin-left: 16.~~6666666667~~%; }
827	.wp-defender .column.is-3-mobile {
828	flex: none;
829	width: 25%; }
	@@ -831,14 +851,14 @@
831	margin-left: 25%; }
832	.wp-defender .column.is-4-mobile {
833	flex: none;
834	- width: 33.~~3333333333~~%; }
835	.wp-defender .column.is-offset-4-mobile {
836	- margin-left: 33.~~3333333333~~%; }
837	.wp-defender .column.is-5-mobile {
838	flex: none;
839	- width: 41.~~6666666667~~%; }
840	.wp-defender .column.is-offset-5-mobile {
841	- margin-left: 41.~~6666666667~~%; }
842	.wp-defender .column.is-6-mobile {
843	flex: none;
844	width: 50%; }
	@@ -846,14 +866,14 @@
846	margin-left: 50%; }
847	.wp-defender .column.is-7-mobile {
848	flex: none;
849	- width: 58.~~3333333333~~%; }
850	.wp-defender .column.is-offset-7-mobile {
851	- margin-left: 58.~~3333333333~~%; }
852	.wp-defender .column.is-8-mobile {
853	flex: none;
854	- width: 66.~~6666666667~~%; }
855	.wp-defender .column.is-offset-8-mobile {
856	- margin-left: 66.~~6666666667~~%; }
857	.wp-defender .column.is-9-mobile {
858	flex: none;
859	width: 75%; }
	@@ -861,14 +881,14 @@
861	margin-left: 75%; }
862	.wp-defender .column.is-10-mobile {
863	flex: none;
864	- width: 83.~~3333333333~~%; }
865	.wp-defender .column.is-offset-10-mobile {
866	- margin-left: 83.~~3333333333~~%; }
867	.wp-defender .column.is-11-mobile {
868	flex: none;
869	- width: 91.~~6666666667~~%; }
870	.wp-defender .column.is-offset-11-mobile {
871	- margin-left: 91.~~6666666667~~%; }
872	.wp-defender .column.is-12-mobile {
873	flex: none;
874	width: 100%; }
	@@ -907,14 +927,14 @@
907	margin-left: 25%; }
908	.wp-defender .column.is-1, .wp-defender .column.is-1-tablet {
909	flex: none;
910	- width: 8.~~3333333333~~%; }
911	.wp-defender .column.is-offset-1, .wp-defender .column.is-offset-1-tablet {
912	- margin-left: 8.~~3333333333~~%; }
913	.wp-defender .column.is-2, .wp-defender .column.is-2-tablet {
914	flex: none;
915	- width: 16.~~6666666667~~%; }
916	.wp-defender .column.is-offset-2, .wp-defender .column.is-offset-2-tablet {
917	- margin-left: 16.~~6666666667~~%; }
918	.wp-defender .column.is-3, .wp-defender .column.is-3-tablet {
919	flex: none;
920	width: 25%; }
	@@ -922,14 +942,14 @@
922	margin-left: 25%; }
923	.wp-defender .column.is-4, .wp-defender .column.is-4-tablet {
924	flex: none;
925	- width: 33.~~3333333333~~%; }
926	.wp-defender .column.is-offset-4, .wp-defender .column.is-offset-4-tablet {
927	- margin-left: 33.~~3333333333~~%; }
928	.wp-defender .column.is-5, .wp-defender .column.is-5-tablet {
929	flex: none;
930	- width: 41.~~6666666667~~%; }
931	.wp-defender .column.is-offset-5, .wp-defender .column.is-offset-5-tablet {
932	- margin-left: 41.~~6666666667~~%; }
933	.wp-defender .column.is-6, .wp-defender .column.is-6-tablet {
934	flex: none;
935	width: 50%; }
	@@ -937,14 +957,14 @@
937	margin-left: 50%; }
938	.wp-defender .column.is-7, .wp-defender .column.is-7-tablet {
939	flex: none;
940	- width: 58.~~3333333333~~%; }
941	.wp-defender .column.is-offset-7, .wp-defender .column.is-offset-7-tablet {
942	- margin-left: 58.~~3333333333~~%; }
943	.wp-defender .column.is-8, .wp-defender .column.is-8-tablet {
944	flex: none;
945	- width: 66.~~6666666667~~%; }
946	.wp-defender .column.is-offset-8, .wp-defender .column.is-offset-8-tablet {
947	- margin-left: 66.~~6666666667~~%; }
948	.wp-defender .column.is-9, .wp-defender .column.is-9-tablet {
949	flex: none;
950	width: 75%; }
	@@ -952,14 +972,14 @@
952	margin-left: 75%; }
953	.wp-defender .column.is-10, .wp-defender .column.is-10-tablet {
954	flex: none;
955	- width: 83.~~3333333333~~%; }
956	.wp-defender .column.is-offset-10, .wp-defender .column.is-offset-10-tablet {
957	- margin-left: 83.~~3333333333~~%; }
958	.wp-defender .column.is-11, .wp-defender .column.is-11-tablet {
959	flex: none;
960	- width: 91.~~6666666667~~%; }
961	.wp-defender .column.is-offset-11, .wp-defender .column.is-offset-11-tablet {
962	- margin-left: 91.~~6666666667~~%; }
963	.wp-defender .column.is-12, .wp-defender .column.is-12-tablet {
964	flex: none;
965	width: 100%; }
	@@ -998,14 +1018,14 @@
998	margin-left: 25%; }
999	.wp-defender .column.is-1-desktop {
1000	flex: none;
1001	- width: 8.~~3333333333~~%; }
1002	.wp-defender .column.is-offset-1-desktop {
1003	- margin-left: 8.~~3333333333~~%; }
1004	.wp-defender .column.is-2-desktop {
1005	flex: none;
1006	- width: 16.~~6666666667~~%; }
1007	.wp-defender .column.is-offset-2-desktop {
1008	- margin-left: 16.~~6666666667~~%; }
1009	.wp-defender .column.is-3-desktop {
1010	flex: none;
1011	width: 25%; }
	@@ -1013,14 +1033,14 @@
1013	margin-left: 25%; }
1014	.wp-defender .column.is-4-desktop {
1015	flex: none;
1016	- width: 33.~~3333333333~~%; }
1017	.wp-defender .column.is-offset-4-desktop {
1018	- margin-left: 33.~~3333333333~~%; }
1019	.wp-defender .column.is-5-desktop {
1020	flex: none;
1021	- width: 41.~~6666666667~~%; }
1022	.wp-defender .column.is-offset-5-desktop {
1023	- margin-left: 41.~~6666666667~~%; }
1024	.wp-defender .column.is-6-desktop {
1025	flex: none;
1026	width: 50%; }
	@@ -1028,14 +1048,14 @@
1028	margin-left: 50%; }
1029	.wp-defender .column.is-7-desktop {
1030	flex: none;
1031	- width: 58.~~3333333333~~%; }
1032	.wp-defender .column.is-offset-7-desktop {
1033	- margin-left: 58.~~3333333333~~%; }
1034	.wp-defender .column.is-8-desktop {
1035	flex: none;
1036	- width: 66.~~6666666667~~%; }
1037	.wp-defender .column.is-offset-8-desktop {
1038	- margin-left: 66.~~6666666667~~%; }
1039	.wp-defender .column.is-9-desktop {
1040	flex: none;
1041	width: 75%; }
	@@ -1043,14 +1063,14 @@
1043	margin-left: 75%; }
1044	.wp-defender .column.is-10-desktop {
1045	flex: none;
1046	- width: 83.~~3333333333~~%; }
1047	.wp-defender .column.is-offset-10-desktop {
1048	- margin-left: 83.~~3333333333~~%; }
1049	.wp-defender .column.is-11-desktop {
1050	flex: none;
1051	- width: 91.~~6666666667~~%; }
1052	.wp-defender .column.is-offset-11-desktop {
1053	- margin-left: 91.~~6666666667~~%; }
1054	.wp-defender .column.is-12-desktop {
1055	flex: none;
1056	width: 100%; }
	@@ -1089,14 +1109,14 @@
1089	margin-left: 25%; }
1090	.wp-defender .column.is-1-widescreen {
1091	flex: none;
1092	- width: 8.~~3333333333~~%; }
1093	.wp-defender .column.is-offset-1-widescreen {
1094	- margin-left: 8.~~3333333333~~%; }
1095	.wp-defender .column.is-2-widescreen {
1096	flex: none;
1097	- width: 16.~~6666666667~~%; }
1098	.wp-defender .column.is-offset-2-widescreen {
1099	- margin-left: 16.~~6666666667~~%; }
1100	.wp-defender .column.is-3-widescreen {
1101	flex: none;
1102	width: 25%; }
	@@ -1104,14 +1124,14 @@
1104	margin-left: 25%; }
1105	.wp-defender .column.is-4-widescreen {
1106	flex: none;
1107	- width: 33.~~3333333333~~%; }
1108	.wp-defender .column.is-offset-4-widescreen {
1109	- margin-left: 33.~~3333333333~~%; }
1110	.wp-defender .column.is-5-widescreen {
1111	flex: none;
1112	- width: 41.~~6666666667~~%; }
1113	.wp-defender .column.is-offset-5-widescreen {
1114	- margin-left: 41.~~6666666667~~%; }
1115	.wp-defender .column.is-6-widescreen {
1116	flex: none;
1117	width: 50%; }
	@@ -1119,14 +1139,14 @@
1119	margin-left: 50%; }
1120	.wp-defender .column.is-7-widescreen {
1121	flex: none;
1122	- width: 58.~~3333333333~~%; }
1123	.wp-defender .column.is-offset-7-widescreen {
1124	- margin-left: 58.~~3333333333~~%; }
1125	.wp-defender .column.is-8-widescreen {
1126	flex: none;
1127	- width: 66.~~6666666667~~%; }
1128	.wp-defender .column.is-offset-8-widescreen {
1129	- margin-left: 66.~~6666666667~~%; }
1130	.wp-defender .column.is-9-widescreen {
1131	flex: none;
1132	width: 75%; }
	@@ -1134,14 +1154,14 @@
1134	margin-left: 75%; }
1135	.wp-defender .column.is-10-widescreen {
1136	flex: none;
1137	- width: 83.~~3333333333~~%; }
1138	.wp-defender .column.is-offset-10-widescreen {
1139	- margin-left: 83.~~3333333333~~%; }
1140	.wp-defender .column.is-11-widescreen {
1141	flex: none;
1142	- width: 91.~~6666666667~~%; }
1143	.wp-defender .column.is-offset-11-widescreen {
1144	- margin-left: 91.~~6666666667~~%; }
1145	.wp-defender .column.is-12-widescreen {
1146	flex: none;
1147	width: 100%; }
	@@ -1404,7 +1424,8 @@
1404	padding: 15px 30px;
1405	line-height: 30px;
1406	display: block;
1407	- box-sizing: border-box; }

1408	.wp-defender .well a:not(.button) {
1409	color: #333;
1410	text-decoration: underline;
	@@ -1446,6 +1467,8 @@
1446	width: 21px;
1447	mask-repeat: no-repeat;
1448	-webkit-mask-repeat: no-repeat; }


1449	.wp-defender .well.schedule-box strong {
1450	font-weight: bold;
1451	color: #333;
	@@ -1502,6 +1525,11 @@
1502	width: auto;
1503	display: inline-block;
1504	margin-right: 10px; }





1505	.wp-defender form .columns {
1506	padding-bottom: 30px;
1507	padding-top: 30px;
	@@ -1526,7 +1554,10 @@
1526	font-size: 13px;
1527	color: #888;
1528	line-height: 22px;
1529	- margin: 10px 0 0; }



1530	.wp-defender form .columns .column span.inline {
1531	display: inline; }
1532	.wp-defender form .columns .column span.sub.inpos {
	@@ -1534,6 +1565,16 @@
1534	.wp-defender form .columns .column .form-help {
1535	display: inline;
1536	vertical-align: top; }










1537	.wp-defender form .columns .is-one-third label {
1538	color: #333;
1539	padding: 0;
	@@ -2311,6 +2352,11 @@
2311	background: url("../img/wpmud-icon-warning-yellow.svg") no-repeat;
2312	mask: none;
2313	-webkit-mask: none; }





2314	.wp-defender .advanced-tools .toggle .toggle-label:after {
2315	left: 0; }
2316	.wp-defender .advanced-tools .at-line {
	@@ -2423,5 +2469,3 @@
2423	.wp-defender.no-close {
2424	max-width: none;
2425	margin: 0; }
2426	-
2427	- /# sourceMappingURL=styles.css.map /


198	background-repeat: no-repeat;
199	background-position: 50% 102%;
200	padding-bottom: 110px !important; }
201	+ @media all and (-ms-high-contrast: none), (-ms-high-contrast: active) {
202	+ .wpmud .wd-activator .box {
203	+ background-image: url("../img/scanning-man.png"); } }
204	.wpmud .wd-calendar {
205	background-color: white;
206	margin-top: 10px;

309	background-image: url("../img/audit-presale.svg"); }
310	.wpmud .reporting-sale.audit-widget .presale-text div {
311	width: 67%; }
312	+ .wpmud .feature-disabled {
313	+ width: 110%;
314	+ height: 100%;
315	+ position: absolute;
316	+ top: 0;
317	+ left: -30px;
318	+ z-index: 999;
319	+ opacity: 0.5;
320	+ background: #f2f2f2; }
321	+ .wpmud .no-shadow {
322	+ box-shadow: none !important; }
323	.wpmud .sale-overlay {
324	width: 100%;
325	height: 100%;

349	position: absolute;
350	bottom: 30px;
351	right: 30px; }
352	+ @media screen and (max-width: 768px) {
353	+ .wpmud .scanning.scanning-free .box .presale-text {
354	+ bottom: 0; } }
355	.wpmud .feature-pre-require {
356	position: relative; }
357	.wpmud .feature-pre-require input, .wpmud .feature-pre-require label {

384	font-size: 13px;
385	color: #333;
386	line-height: 22px; }
387	+ @media screen and (max-width: 768px) {
388	+ .wpmud .presale-text div {
389	+ width: 80%; } }
390	.wpmud .presale-text div:before {
391	content: '';
392	display: inline-block;

745	margin-left: 25%; }
746	.columns.is-mobile > .wp-defender .column.is-1 {
747	flex: none;
748	+ width: 8.33333%; }
749	.columns.is-mobile > .wp-defender .column.is-offset-1 {
750	+ margin-left: 8.33333%; }
751	.columns.is-mobile > .wp-defender .column.is-2 {
752	flex: none;
753	+ width: 16.66667%; }
754	.columns.is-mobile > .wp-defender .column.is-offset-2 {
755	+ margin-left: 16.66667%; }
756	.columns.is-mobile > .wp-defender .column.is-3 {
757	flex: none;
758	width: 25%; }

760	margin-left: 25%; }
761	.columns.is-mobile > .wp-defender .column.is-4 {
762	flex: none;
763	+ width: 33.33333%; }
764	.columns.is-mobile > .wp-defender .column.is-offset-4 {
765	+ margin-left: 33.33333%; }
766	.columns.is-mobile > .wp-defender .column.is-5 {
767	flex: none;
768	+ width: 41.66667%; }
769	.columns.is-mobile > .wp-defender .column.is-offset-5 {
770	+ margin-left: 41.66667%; }
771	.columns.is-mobile > .wp-defender .column.is-6 {
772	flex: none;
773	width: 50%; }

775	margin-left: 50%; }
776	.columns.is-mobile > .wp-defender .column.is-7 {
777	flex: none;
778	+ width: 58.33333%; }
779	.columns.is-mobile > .wp-defender .column.is-offset-7 {
780	+ margin-left: 58.33333%; }
781	.columns.is-mobile > .wp-defender .column.is-8 {
782	flex: none;
783	+ width: 66.66667%; }
784	.columns.is-mobile > .wp-defender .column.is-offset-8 {
785	+ margin-left: 66.66667%; }
786	.columns.is-mobile > .wp-defender .column.is-9 {
787	flex: none;
788	width: 75%; }

790	margin-left: 75%; }
791	.columns.is-mobile > .wp-defender .column.is-10 {
792	flex: none;
793	+ width: 83.33333%; }
794	.columns.is-mobile > .wp-defender .column.is-offset-10 {
795	+ margin-left: 83.33333%; }
796	.columns.is-mobile > .wp-defender .column.is-11 {
797	flex: none;
798	+ width: 91.66667%; }
799	.columns.is-mobile > .wp-defender .column.is-offset-11 {
800	+ margin-left: 91.66667%; }
801	.columns.is-mobile > .wp-defender .column.is-12 {
802	flex: none;
803	width: 100%; }

836	margin-left: 25%; }
837	.wp-defender .column.is-1-mobile {
838	flex: none;
839	+ width: 8.33333%; }
840	.wp-defender .column.is-offset-1-mobile {
841	+ margin-left: 8.33333%; }
842	.wp-defender .column.is-2-mobile {
843	flex: none;
844	+ width: 16.66667%; }
845	.wp-defender .column.is-offset-2-mobile {
846	+ margin-left: 16.66667%; }
847	.wp-defender .column.is-3-mobile {
848	flex: none;
849	width: 25%; }

851	margin-left: 25%; }
852	.wp-defender .column.is-4-mobile {
853	flex: none;
854	+ width: 33.33333%; }
855	.wp-defender .column.is-offset-4-mobile {
856	+ margin-left: 33.33333%; }
857	.wp-defender .column.is-5-mobile {
858	flex: none;
859	+ width: 41.66667%; }
860	.wp-defender .column.is-offset-5-mobile {
861	+ margin-left: 41.66667%; }
862	.wp-defender .column.is-6-mobile {
863	flex: none;
864	width: 50%; }

866	margin-left: 50%; }
867	.wp-defender .column.is-7-mobile {
868	flex: none;
869	+ width: 58.33333%; }
870	.wp-defender .column.is-offset-7-mobile {
871	+ margin-left: 58.33333%; }
872	.wp-defender .column.is-8-mobile {
873	flex: none;
874	+ width: 66.66667%; }
875	.wp-defender .column.is-offset-8-mobile {
876	+ margin-left: 66.66667%; }
877	.wp-defender .column.is-9-mobile {
878	flex: none;
879	width: 75%; }

881	margin-left: 75%; }
882	.wp-defender .column.is-10-mobile {
883	flex: none;
884	+ width: 83.33333%; }
885	.wp-defender .column.is-offset-10-mobile {
886	+ margin-left: 83.33333%; }
887	.wp-defender .column.is-11-mobile {
888	flex: none;
889	+ width: 91.66667%; }
890	.wp-defender .column.is-offset-11-mobile {
891	+ margin-left: 91.66667%; }
892	.wp-defender .column.is-12-mobile {
893	flex: none;
894	width: 100%; }

927	margin-left: 25%; }
928	.wp-defender .column.is-1, .wp-defender .column.is-1-tablet {
929	flex: none;
930	+ width: 8.33333%; }
931	.wp-defender .column.is-offset-1, .wp-defender .column.is-offset-1-tablet {
932	+ margin-left: 8.33333%; }
933	.wp-defender .column.is-2, .wp-defender .column.is-2-tablet {
934	flex: none;
935	+ width: 16.66667%; }
936	.wp-defender .column.is-offset-2, .wp-defender .column.is-offset-2-tablet {
937	+ margin-left: 16.66667%; }
938	.wp-defender .column.is-3, .wp-defender .column.is-3-tablet {
939	flex: none;
940	width: 25%; }

942	margin-left: 25%; }
943	.wp-defender .column.is-4, .wp-defender .column.is-4-tablet {
944	flex: none;
945	+ width: 33.33333%; }
946	.wp-defender .column.is-offset-4, .wp-defender .column.is-offset-4-tablet {
947	+ margin-left: 33.33333%; }
948	.wp-defender .column.is-5, .wp-defender .column.is-5-tablet {
949	flex: none;
950	+ width: 41.66667%; }
951	.wp-defender .column.is-offset-5, .wp-defender .column.is-offset-5-tablet {
952	+ margin-left: 41.66667%; }
953	.wp-defender .column.is-6, .wp-defender .column.is-6-tablet {
954	flex: none;
955	width: 50%; }

957	margin-left: 50%; }
958	.wp-defender .column.is-7, .wp-defender .column.is-7-tablet {
959	flex: none;
960	+ width: 58.33333%; }
961	.wp-defender .column.is-offset-7, .wp-defender .column.is-offset-7-tablet {
962	+ margin-left: 58.33333%; }
963	.wp-defender .column.is-8, .wp-defender .column.is-8-tablet {
964	flex: none;
965	+ width: 66.66667%; }
966	.wp-defender .column.is-offset-8, .wp-defender .column.is-offset-8-tablet {
967	+ margin-left: 66.66667%; }
968	.wp-defender .column.is-9, .wp-defender .column.is-9-tablet {
969	flex: none;
970	width: 75%; }

972	margin-left: 75%; }
973	.wp-defender .column.is-10, .wp-defender .column.is-10-tablet {
974	flex: none;
975	+ width: 83.33333%; }
976	.wp-defender .column.is-offset-10, .wp-defender .column.is-offset-10-tablet {
977	+ margin-left: 83.33333%; }
978	.wp-defender .column.is-11, .wp-defender .column.is-11-tablet {
979	flex: none;
980	+ width: 91.66667%; }
981	.wp-defender .column.is-offset-11, .wp-defender .column.is-offset-11-tablet {
982	+ margin-left: 91.66667%; }
983	.wp-defender .column.is-12, .wp-defender .column.is-12-tablet {
984	flex: none;
985	width: 100%; }

1018	margin-left: 25%; }
1019	.wp-defender .column.is-1-desktop {
1020	flex: none;
1021	+ width: 8.33333%; }
1022	.wp-defender .column.is-offset-1-desktop {
1023	+ margin-left: 8.33333%; }
1024	.wp-defender .column.is-2-desktop {
1025	flex: none;
1026	+ width: 16.66667%; }
1027	.wp-defender .column.is-offset-2-desktop {
1028	+ margin-left: 16.66667%; }
1029	.wp-defender .column.is-3-desktop {
1030	flex: none;
1031	width: 25%; }

1033	margin-left: 25%; }
1034	.wp-defender .column.is-4-desktop {
1035	flex: none;
1036	+ width: 33.33333%; }
1037	.wp-defender .column.is-offset-4-desktop {
1038	+ margin-left: 33.33333%; }
1039	.wp-defender .column.is-5-desktop {
1040	flex: none;
1041	+ width: 41.66667%; }
1042	.wp-defender .column.is-offset-5-desktop {
1043	+ margin-left: 41.66667%; }
1044	.wp-defender .column.is-6-desktop {
1045	flex: none;
1046	width: 50%; }

1048	margin-left: 50%; }
1049	.wp-defender .column.is-7-desktop {
1050	flex: none;
1051	+ width: 58.33333%; }
1052	.wp-defender .column.is-offset-7-desktop {
1053	+ margin-left: 58.33333%; }
1054	.wp-defender .column.is-8-desktop {
1055	flex: none;
1056	+ width: 66.66667%; }
1057	.wp-defender .column.is-offset-8-desktop {
1058	+ margin-left: 66.66667%; }
1059	.wp-defender .column.is-9-desktop {
1060	flex: none;
1061	width: 75%; }

1063	margin-left: 75%; }
1064	.wp-defender .column.is-10-desktop {
1065	flex: none;
1066	+ width: 83.33333%; }
1067	.wp-defender .column.is-offset-10-desktop {
1068	+ margin-left: 83.33333%; }
1069	.wp-defender .column.is-11-desktop {
1070	flex: none;
1071	+ width: 91.66667%; }
1072	.wp-defender .column.is-offset-11-desktop {
1073	+ margin-left: 91.66667%; }
1074	.wp-defender .column.is-12-desktop {
1075	flex: none;
1076	width: 100%; }

1109	margin-left: 25%; }
1110	.wp-defender .column.is-1-widescreen {
1111	flex: none;
1112	+ width: 8.33333%; }
1113	.wp-defender .column.is-offset-1-widescreen {
1114	+ margin-left: 8.33333%; }
1115	.wp-defender .column.is-2-widescreen {
1116	flex: none;
1117	+ width: 16.66667%; }
1118	.wp-defender .column.is-offset-2-widescreen {
1119	+ margin-left: 16.66667%; }
1120	.wp-defender .column.is-3-widescreen {
1121	flex: none;
1122	width: 25%; }

1124	margin-left: 25%; }
1125	.wp-defender .column.is-4-widescreen {
1126	flex: none;
1127	+ width: 33.33333%; }
1128	.wp-defender .column.is-offset-4-widescreen {
1129	+ margin-left: 33.33333%; }
1130	.wp-defender .column.is-5-widescreen {
1131	flex: none;
1132	+ width: 41.66667%; }
1133	.wp-defender .column.is-offset-5-widescreen {
1134	+ margin-left: 41.66667%; }
1135	.wp-defender .column.is-6-widescreen {
1136	flex: none;
1137	width: 50%; }

1139	margin-left: 50%; }
1140	.wp-defender .column.is-7-widescreen {
1141	flex: none;
1142	+ width: 58.33333%; }
1143	.wp-defender .column.is-offset-7-widescreen {
1144	+ margin-left: 58.33333%; }
1145	.wp-defender .column.is-8-widescreen {
1146	flex: none;
1147	+ width: 66.66667%; }
1148	.wp-defender .column.is-offset-8-widescreen {
1149	+ margin-left: 66.66667%; }
1150	.wp-defender .column.is-9-widescreen {
1151	flex: none;
1152	width: 75%; }

1154	margin-left: 75%; }
1155	.wp-defender .column.is-10-widescreen {
1156	flex: none;
1157	+ width: 83.33333%; }
1158	.wp-defender .column.is-offset-10-widescreen {
1159	+ margin-left: 83.33333%; }
1160	.wp-defender .column.is-11-widescreen {
1161	flex: none;
1162	+ width: 91.66667%; }
1163	.wp-defender .column.is-offset-11-widescreen {
1164	+ margin-left: 91.66667%; }
1165	.wp-defender .column.is-12-widescreen {
1166	flex: none;
1167	width: 100%; }

1424	padding: 15px 30px;
1425	line-height: 30px;
1426	display: block;
1427	+ box-sizing: border-box;
1428	+ word-break: break-all; }
1429	.wp-defender .well a:not(.button) {
1430	color: #333;
1431	text-decoration: underline;

1467	width: 21px;
1468	mask-repeat: no-repeat;
1469	-webkit-mask-repeat: no-repeat; }
1470	+ .wp-defender .well.with-outline {
1471	+ border: solid 1px #ddd; }
1472	.wp-defender .well.schedule-box strong {
1473	font-weight: bold;
1474	color: #333;

1525	width: auto;
1526	display: inline-block;
1527	margin-right: 10px; }
1528	+ .wp-defender form input[type="text"].block {
1529	+ width: 100%;
1530	+ display: block;
1531	+ margin-right: 10px;
1532	+ text-align: left; }
1533	.wp-defender form .columns {
1534	padding-bottom: 30px;
1535	padding-top: 30px;

1554	font-size: 13px;
1555	color: #888;
1556	line-height: 22px;
1557	+ margin: 10px 0; }
1558	+ .wp-defender form .columns .column span.sub strong, .wp-defender form .columns .column span.form-help strong {
1559	+ color: #888;
1560	+ font-weight: 500; }
1561	.wp-defender form .columns .column span.inline {
1562	display: inline; }
1563	.wp-defender form .columns .column span.sub.inpos {

1565	.wp-defender form .columns .column .form-help {
1566	display: inline;
1567	vertical-align: top; }
1568	+ .wp-defender form .columns .column .form-help-s {
1569	+ display: block;
1570	+ font-size: 12px;
1571	+ color: #666;
1572	+ line-height: 22px;
1573	+ margin: 10px 0;
1574	+ word-break: break-all; }
1575	+ .wp-defender form .columns .column .form-help-s strong {
1576	+ color: #666;
1577	+ font-weight: 500; }
1578	.wp-defender form .columns .is-one-third label {
1579	color: #333;
1580	padding: 0;

2352	background: url("../img/wpmud-icon-warning-yellow.svg") no-repeat;
2353	mask: none;
2354	-webkit-mask: none; }
2355	+ .wp-defender .advanced-tools .button-pre {
2356	+ height: fit-content;
2357	+ z-index: 1000;
2358	+ position: absolute;
2359	+ right: 0; }
2360	.wp-defender .advanced-tools .toggle .toggle-label:after {
2361	left: 0; }
2362	.wp-defender .advanced-tools .at-line {

2469	.wp-defender.no-close {
2470	max-width: none;
2471	margin: 0; }

changelog.txt CHANGED Viewed

	@@ -1,16 +1,10 @@
1	Plugin Name: WP Defender
2	Author: Hoang Ngo, Aaron Edwards
3	- Tested up to: 4.9.4
4
5	Change Log:
6
7	- 1.7.6 - ~~2017~~-19-03
8	- ----------------------------------------------------------------------
9	- - Fix: Defender now can recognize and verify Bing Bot for whitelisting
10	- - Fix: Lockout page now will use site title instead of the text 'WP Defender'
11	- - Other minor enhancements and fixes
12	-
13	- 1.7.5 - 2017-07-02
14	----------------------------------------------------------------------
15	- Fix: Report status missing in Hub Security tab
16	- Fix: Some themes/plugins shown as a vulnerability but no info available


1	Plugin Name: WP Defender
2	Author: Hoang Ngo, Aaron Edwards
3	+ Tested up to: 4.7.4
4
5	Change Log:
6
7	+ 1.7.5 - 2018-07-02






8	----------------------------------------------------------------------
9	- Fix: Report status missing in Hub Security tab
10	- Fix: Some themes/plugins shown as a vulnerability but no info available

languages/wpdef-default.pot CHANGED Viewed

	@@ -2,9 +2,9 @@
2	# This file is distributed under the GNU General Public License (Version 2 - GPLv2).
3	msgid ""
4	msgstr ""
5	- "Project-Id-Version: Defender Pro 1.~~7.6~~\n"
6	"Report-Msgid-Bugs-To: https://wpmudev.org\n"
7	- "POT-Creation-Date: 2018-03-19 04:30:34+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=utf-8\n"
10	"Content-Transfer-Encoding: 8bit\n"
	@@ -152,17 +152,17 @@ msgid "Lockout reports are active scheduled to send %s"
152	msgstr ""
153
154	#: app/behavior/report-free.php:129 app/behavior/report.php:224
155	- #: app/behavior/utils.php:909 free/utils.php:~~656~~
156	msgid "daily"
157	msgstr ""
158
159	#: app/behavior/report-free.php:132 app/behavior/report.php:227
160	- #: app/behavior/utils.php:912 free/utils.php:~~659~~
161	msgid "weekly"
162	msgstr ""
163
164	#: app/behavior/report-free.php:135 app/behavior/report.php:230
165	- #: app/behavior/utils.php:915 free/utils.php:~~662~~
166	msgid "monthly"
167	msgstr ""
168
	@@ -236,7 +236,7 @@ msgstr ""
236	msgid "Never"
237	msgstr ""
238
239	- #: app/behavior/utils.php:892 free/utils.php:~~639~~
240	msgid "Please upgrade to 5.3 or later"
241	msgstr ""
242
	@@ -313,111 +313,167 @@ msgstr ""
313	msgid "Defender%s"
314	msgstr ""
315
316	- #: app/module/advanced-tools/behavior/at-widget.php:17
317	- #: app/module/advanced-tools/controller/main.php:~~392~~
318	#: app/module/advanced-tools/view/layouts/layout.php:5
319	msgid "Advanced Tools"
320	msgstr ""
321
322	- #: app/module/advanced-tools/behavior/at-widget.php:23
323	msgid ""
324	"Enable advanced tools for enhanced protection against even the most "
325	"aggressive of hackers and bots."
326	msgstr ""
327
328	- #: app/module/advanced-tools/behavior/at-widget.php:27
329	#: app/module/advanced-tools/view/layouts/layout.php:13

330	#: app/module/advanced-tools/view/main.php:4
331	msgid "Two-Factor Authentication"
332	msgstr ""
333
334	- #: app/module/advanced-tools/behavior/at-widget.php:31
335	msgid ""
336	"Add an extra layer of security to your WordPress account to ensure that "
337	"you’re the only person who can log in, even if someone else knows your "
338	"password"
339	msgstr ""
340
341	- #: app/module/advanced-tools/behavior/at-widget.php:43
342	msgid ""
343	"<strong>Two-factor authentication is now active.</strong> To turn on this "
344	"feature for your account, go to <a href='%s'>Your Profile</a> to complete "
345	"setup and sync your account with the Authenticator app."
346	msgstr ""
347
348	- #: app/module/advanced-tools/behavior/at-widget.php:51
349	msgid ""
350	"Two-factor authentication is currently inactive. Configure and save your "
351	"settings to finish setup. "
352	msgstr ""
353
354	- #: app/module/advanced-tools/behavior/at-widget.php:53

355	msgid "Finish Setup"
356	msgstr ""
357
358	- #: app/module/advanced-tools/behavior/at-widget.php:58
359	msgid ""
360	"Note: Each user on your website must individually enable two-factor "
361	"authentication via their user profile in order to enable and use this "
362	"security feature."
363	msgstr ""
364
365	- #: app/module/advanced-tools/behavior/at-widget.php:67

366	#: app/module/advanced-tools/view/disabled.php:19

367	#: app/module/audit/behavior/audit.php:43 app/module/audit/view/new.php:15
368	#: app/module/ip-lockout/behavior/widget.php:37
369	msgid "Activate"
370	msgstr ""
371

































372	#: app/module/advanced-tools/controller/main.php:58

373	msgid ""
374	- "~~You~~ ~~enabled~~ Jetpack ~~WordPress~~.com ~~login,~~ so ~~Defender~~ ~~will disable the two~~ "
375	- "~~factors~~ ~~login~~ ~~for~~ ~~avoiding~~ ~~conflict~~"
376	msgstr ""
377
378	#: app/module/advanced-tools/controller/main.php:61

379	msgid ""
380	- "~~You~~ ~~enabled~~ ~~the~~ ~~plugin~~ Theme My ~~Login,~~ so ~~Defender~~ ~~will~~ ~~disable~~ ~~the~~ ~~two~~ "
381	- "~~factors~~ ~~login~~ ~~for~~ ~~avoiding~~ ~~conflict~~"
382	msgstr ""
383
384	- #: app/module/advanced-tools/controller/main.php:~~135~~
385	msgid "Two Factor"
386	msgstr ""
387
388	- #: app/module/advanced-tools/controller/main.php:~~158~~
389	msgid "Your token is invalid"
390	msgstr ""
391
392	- #: app/module/advanced-tools/controller/main.php:~~170~~
393	msgid "Your code has been sent to your email."
394	msgstr ""
395
396	- #: app/module/advanced-tools/controller/main.php:~~214~~
397	msgid "Please input a valid OTP code"
398	msgstr ""
399
400	- #: app/module/advanced-tools/controller/main.php:~~228~~
401	msgid "Your OTP code is incorrect. Please try again."
402	msgstr ""
403
404	- #: app/module/advanced-tools/controller/main.php:~~289~~
405	msgid "Some error happen"
406	msgstr ""
407
408	- #: app/module/advanced-tools/controller/main.php:~~326~~
409	msgid "Whoops, the passcode you entered was incorrect or expired."
410	msgstr ""
411
412	- #: app/module/advanced-tools/controller/main.php:~~457~~

413	#: app/module/audit/controller/main.php:197
414	#: app/module/ip-lockout/controller/main.php:700
415	#: app/module/scan/controller/main.php:306
416	msgid "Your settings have been updated."
417	msgstr ""
418
















419	#: app/module/advanced-tools/view/disabled.php:4
420	- #: app/module/advanced-tools/view/layouts/layout.php:20
421	#: app/module/advanced-tools/view/login/disabled.php:6
422	#: app/module/advanced-tools/view/login/enabled.php:6
423	msgid "Two Factor Authentication"
	@@ -436,54 +492,54 @@ msgstr ""
436	msgid "Security"
437	msgstr ""
438
439	- #: app/module/advanced-tools/view/login/disabled.php:11
440	#: app/module/ip-lockout/view/detect-404/disabled.php:16
441	#: app/module/ip-lockout/view/login-lockouts/disabled.php:18
442	msgid "Enable"
443	msgstr ""
444
445	- #: app/module/advanced-tools/view/login/disabled.php:15
446	- #: app/module/advanced-tools/view/login/disabled.php:21
447	msgid "Use the Google Authenticator app to sign in with a separate passcode."
448	msgstr ""
449
450	- #: app/module/advanced-tools/view/login/disabled.php:20
451	#: app/module/scan/controller/main.php:531 app/module/scan/view/setting.php:138
452	#: app/module/scan/view/setting.php:158
453	msgid "Cancel"
454	msgstr ""
455
456	- #: app/module/advanced-tools/view/login/disabled.php:24
457	msgid "1. Install the Verification app"
458	msgstr ""
459
460	- #: app/module/advanced-tools/view/login/disabled.php:27
461	msgid ""
462	"Download and install the Google Authenticator app on your device using the "
463	"links below."
464	msgstr ""
465
466	- #: app/module/advanced-tools/view/login/disabled.php:36
467	msgid "2. Scan the barcode"
468	msgstr ""
469
470	- #: app/module/advanced-tools/view/login/disabled.php:37
471	msgid ""
472	"Open the Google Authenticator app you just downloaded, tap the “+” symbol "
473	"and then use your phone’s camera to scan the barcode below."
474	msgstr ""
475
476	- #: app/module/advanced-tools/view/login/disabled.php:41
477	msgid "3. Enter passcode"
478	msgstr ""
479
480	- #: app/module/advanced-tools/view/login/disabled.php:43
481	msgid ""
482	"Enter the 6 digit passcode that is shown on your device into the input "
483	"field below and hit “Verify”."
484	msgstr ""
485
486	- #: app/module/advanced-tools/view/login/disabled.php:49
487	msgid "Verify"
488	msgstr ""
489
	@@ -513,24 +569,26 @@ msgstr ""
513	msgid "Powered by WordPress"
514	msgstr ""
515
516	- #: app/module/advanced-tools/view/login/otp.php:~~224~~
517	msgid "Open the Google Authenticator app and enter the 6 digit passcode."
518	msgstr ""
519
520	- #: app/module/advanced-tools/view/login/otp.php:~~227~~
521	msgid "Authenticate"
522	msgstr ""
523
524	- #: app/module/advanced-tools/view/login/otp.php:~~236~~
525	msgid "Lost your device?"
526	msgstr ""
527

528	#: app/module/advanced-tools/view/main.php:14
529	msgid ""
530	"Configure your two-factor authentication settings. Our recommendations are "
531	"enabled by default."
532	msgstr ""
533

534	#: app/module/advanced-tools/view/main.php:27
535	msgid ""
536	"<strong>Two-factor authentication is now active.</strong> User roles with "
	@@ -538,16 +596,19 @@ msgid ""
538	"complete setup and sync their account with the Authenticator app."
539	msgstr ""
540

541	#: app/module/advanced-tools/view/main.php:35
542	msgid ""
543	"<strong>Two-factor authentication is currently inactive.</strong> Configure "
544	"and save your settings to complete setup."
545	msgstr ""
546

547	#: app/module/advanced-tools/view/main.php:41
548	msgid "User Roles"
549	msgstr ""
550

551	#: app/module/advanced-tools/view/main.php:43
552	msgid ""
553	"Choose the user roles you want to enable two-factor authentication for. "
	@@ -555,60 +616,210 @@ msgid ""
555	"Authenticator app to login."
556	msgstr ""
557

558	#: app/module/advanced-tools/view/main.php:50
559	msgid "User role"
560	msgstr ""
561

562	#: app/module/advanced-tools/view/main.php:82
563	msgid "Lost Phone"
564	msgstr ""
565

566	#: app/module/advanced-tools/view/main.php:84
567	msgid ""
568	"If a user is unable to access their phone, you can allow an option to send "
569	"the one time password to their registered email."
570	msgstr ""
571

572	#: app/module/advanced-tools/view/main.php:94
573	msgid "Enable lost phone option"
574	msgstr ""
575

576	#: app/module/advanced-tools/view/main.php:99
577	- msgid "~~App~~ ~~Download~~"
578	msgstr ""
579

580	#: app/module/advanced-tools/view/main.php:101
581	- msgid "~~Need the app? Here’s links to the official Google Authenticator apps.~~"







582	msgstr ""
583






584	#: app/module/advanced-tools/view/main.php:115

















































585	msgid "Active Users"
586	msgstr ""
587
588	- #: app/module/advanced-tools/view/main.php:~~117~~

589	msgid ""
590	"Here’s a quick link to see which of your users have enabled two-factor "
591	"verification."
592	msgstr ""
593
594	- #: app/module/advanced-tools/view/main.php:~~121~~

595	msgid "<a href=\"%s\">View users</a> who have enabled this feature."
596	msgstr ""
597
598	- #: app/module/advanced-tools/view/main.php:~~126~~
599	- #: app/module/advanced-tools/view/main.php:~~133~~




600	#: app/module/audit/view/settings.php:10
601	msgid "Deactivate"
602	msgstr ""
603
604	- #: app/module/advanced-tools/view/main.php:~~128~~

605	msgid "Disable two-factor authentication on your website."
606	msgstr ""
607
608	- #: app/module/advanced-tools/view/main.php:~~141~~

609	msgid "SAVE SETTINGS"
610	msgstr ""
611










































































612	#: app/module/audit/behavior/audit-free.php:25
613	#: app/module/audit/behavior/audit.php:38 app/view/activator.php:35
614	msgid ""
	@@ -1074,7 +1285,7 @@ msgstr ""
1074	msgid "Login Name"
1075	msgstr ""
1076
1077	- #: app/module/audit/component/options-audit.php:175
1078	msgid "Password"
1079	msgstr ""
1080
	@@ -1173,7 +1384,7 @@ msgstr ""
1173	#: app/module/scan/view/layouts/layout.php:132
1174	#: app/module/scan/view/layouts/layout.php:149
1175	#: app/module/scan/view/setting-free.php:3 app/module/scan/view/setting.php:3
1176	- #: app/view/settings.php:6 free/main-activator.php:157 main-activator.php:98
1177	msgid "Settings"
1178	msgstr ""
1179
	@@ -1761,6 +1972,13 @@ msgstr ""
1761	msgid "Change default admin user account"
1762	msgstr ""
1763







1764	#: app/module/hardener/component/db-prefix-service.php:32
1765	#: app/module/hardener/component/db-prefix-service.php:95
1766	#: app/module/hardener/component/disable-file-editor-service.php:32
	@@ -3528,14 +3746,6 @@ msgstr ""
3528	msgid "Plugins & Themes"
3529	msgstr ""
3530
3531	- #: app/module/scan/behavior/scan.php:137 app/module/scan/behavior/scan.php:152
3532	- #: app/module/scan/view/layouts/layout.php:62
3533	- #: app/module/scan/view/layouts/layout.php:78
3534	- #: app/module/scan/view/setting-free.php:30
3535	- #: app/module/scan/view/setting-free.php:45
3536	- msgid "Pro Feature"
3537	- msgstr ""
3538	-
3539	#: app/module/scan/behavior/scan.php:165
3540	msgid "VIEW REPORT"
3541	msgstr ""
	@@ -4051,6 +4261,28 @@ msgstr ""
4051	msgid "FIND OUT MORE"
4052	msgstr ""
4053






















4054	#: app/view/requirement.php:11
4055	msgid ""
4056	"Defender is currently scanning your files for malicious code, please be "
	@@ -4123,10 +4355,6 @@ msgid ""
4123	"your site is running smoothly."
4124	msgstr ""
4125
4126	- #: app/view/settings.php:187 app/view/settings.php:326
4127	- msgid "Save Settings"
4128	- msgstr ""
4129	-
4130	#: app/view/settings.php:208
4131	msgid "We did not find an admin user with this name..."
4132	msgstr ""
	@@ -4203,7 +4431,7 @@ msgstr ""
4203	msgid "<br/>Something went wrong. Please try again later!"
4204	msgstr ""
4205
4206	- #: free/main-activator.php:162 main-activator.php:~~103~~
4207	msgid "Docs"
4208	msgstr ""
4209
	@@ -4243,7 +4471,7 @@ msgstr ""
4243	msgid "Rate %s"
4244	msgstr ""
4245
4246	- #: main-activator.php:87
4247	msgid ""
4248	"We noticed you have both the free and pro versions of Defender installed, "
4249	"so we've automatically deactivated the free version for you."
	@@ -4272,7 +4500,7 @@ msgstr ""
4272	msgid "http://premium.wpmudev.org/"
4273	msgstr ""
4274
4275	- #: app/module/advanced-tools/view/login/otp.php:~~286~~
4276	#. translators: %s: site title
4277	msgctxt "site"
4278	msgid "← Back to %s"


2	# This file is distributed under the GNU General Public License (Version 2 - GPLv2).
3	msgid ""
4	msgstr ""
5	+ "Project-Id-Version: Defender Pro 1.8-beta6\n"
6	"Report-Msgid-Bugs-To: https://wpmudev.org\n"
7	+ "POT-Creation-Date: 2018-04-06 03:29:50+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=utf-8\n"
10	"Content-Transfer-Encoding: 8bit\n"

152	msgstr ""
153
154	#: app/behavior/report-free.php:129 app/behavior/report.php:224
155	+ #: app/behavior/utils.php:909 free/utils.php:706
156	msgid "daily"
157	msgstr ""
158
159	#: app/behavior/report-free.php:132 app/behavior/report.php:227
160	+ #: app/behavior/utils.php:912 free/utils.php:709
161	msgid "weekly"
162	msgstr ""
163
164	#: app/behavior/report-free.php:135 app/behavior/report.php:230
165	+ #: app/behavior/utils.php:915 free/utils.php:712
166	msgid "monthly"
167	msgstr ""
168

236	msgid "Never"
237	msgstr ""
238
239	+ #: app/behavior/utils.php:892 free/utils.php:689
240	msgid "Please upgrade to 5.3 or later"
241	msgstr ""
242

313	msgid "Defender%s"
314	msgstr ""
315
316	+ #: app/module/advanced-tools/behavior/at-widget.php:18
317	+ #: app/module/advanced-tools/controller/main.php:461
318	#: app/module/advanced-tools/view/layouts/layout.php:5
319	msgid "Advanced Tools"
320	msgstr ""
321
322	+ #: app/module/advanced-tools/behavior/at-widget.php:24
323	msgid ""
324	"Enable advanced tools for enhanced protection against even the most "
325	"aggressive of hackers and bots."
326	msgstr ""
327
328	+ #: app/module/advanced-tools/behavior/at-widget.php:28
329	#: app/module/advanced-tools/view/layouts/layout.php:13
330	+ #: app/module/advanced-tools/view/main-free.php:4
331	#: app/module/advanced-tools/view/main.php:4
332	msgid "Two-Factor Authentication"
333	msgstr ""
334
335	+ #: app/module/advanced-tools/behavior/at-widget.php:32
336	msgid ""
337	"Add an extra layer of security to your WordPress account to ensure that "
338	"you’re the only person who can log in, even if someone else knows your "
339	"password"
340	msgstr ""
341
342	+ #: app/module/advanced-tools/behavior/at-widget.php:44
343	msgid ""
344	"<strong>Two-factor authentication is now active.</strong> To turn on this "
345	"feature for your account, go to <a href='%s'>Your Profile</a> to complete "
346	"setup and sync your account with the Authenticator app."
347	msgstr ""
348
349	+ #: app/module/advanced-tools/behavior/at-widget.php:52
350	msgid ""
351	"Two-factor authentication is currently inactive. Configure and save your "
352	"settings to finish setup. "
353	msgstr ""
354
355	+ #: app/module/advanced-tools/behavior/at-widget.php:54
356	+ #: app/module/advanced-tools/behavior/at-widget.php:91
357	msgid "Finish Setup"
358	msgstr ""
359
360	+ #: app/module/advanced-tools/behavior/at-widget.php:59
361	msgid ""
362	"Note: Each user on your website must individually enable two-factor "
363	"authentication via their user profile in order to enable and use this "
364	"security feature."
365	msgstr ""
366
367	+ #: app/module/advanced-tools/behavior/at-widget.php:68
368	+ #: app/module/advanced-tools/behavior/at-widget.php:105
369	#: app/module/advanced-tools/view/disabled.php:19
370	+ #: app/module/advanced-tools/view/mask-login/disabled.php:19
371	#: app/module/audit/behavior/audit.php:43 app/module/audit/view/new.php:15
372	#: app/module/ip-lockout/behavior/widget.php:37
373	msgid "Activate"
374	msgstr ""
375
376	+ #: app/module/advanced-tools/behavior/at-widget.php:75
377	+ #: app/module/advanced-tools/view/layouts/layout.php:19
378	+ #: app/module/advanced-tools/view/mask-login/disabled.php:4
379	+ #: app/module/advanced-tools/view/mask-login/enabled.php:4
380	+ msgid "Mask Login Area"
381	+ msgstr ""
382	+
383	+ #: app/module/advanced-tools/behavior/at-widget.php:79
384	+ msgid "Change the location of WordPress’s default wp-admin and wp-login URLs."
385	+ msgstr ""
386	+
387	+ #: app/module/advanced-tools/behavior/at-widget.php:89
388	+ msgid ""
389	+ "<strong>Masking is currently inactive.</strong> Choose your URL and save "
390	+ "your settings to finish setup."
391	+ msgstr ""
392	+
393	+ #: app/module/advanced-tools/behavior/at-widget.php:96
394	+ #: app/module/advanced-tools/view/mask-login/enabled.php:24
395	+ msgid "Masking is currently active at <strong>%s</strong>"
396	+ msgstr ""
397	+
398	+ #: app/module/advanced-tools/component/mask-api.php:82
399	+ msgid "The URL is invalid"
400	+ msgstr ""
401	+
402	+ #: app/module/advanced-tools/component/mask-api.php:85
403	+ #: app/module/advanced-tools/component/mask-api.php:96
404	+ msgid ""
405	+ "A page already exists at this URL, please pick a unique page for your new "
406	+ "login area."
407	+ msgstr ""
408	+
409	#: app/module/advanced-tools/controller/main.php:58
410	+ #: app/module/advanced-tools/controller/mask-login.php:47
411	msgid ""
412	+ "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. "
413	+ "Please disable it and return to this page to continue setup."
414	msgstr ""
415
416	#: app/module/advanced-tools/controller/main.php:61
417	+ #: app/module/advanced-tools/controller/mask-login.php:50
418	msgid ""
419	+ "We’ve detected a conflict with Theme my login. Please disable it and return "
420	+ "to this page to continue setup."
421	msgstr ""
422
423	+ #: app/module/advanced-tools/controller/main.php:203
424	msgid "Two Factor"
425	msgstr ""
426
427	+ #: app/module/advanced-tools/controller/main.php:226
428	msgid "Your token is invalid"
429	msgstr ""
430
431	+ #: app/module/advanced-tools/controller/main.php:238
432	msgid "Your code has been sent to your email."
433	msgstr ""
434
435	+ #: app/module/advanced-tools/controller/main.php:282
436	msgid "Please input a valid OTP code"
437	msgstr ""
438
439	+ #: app/module/advanced-tools/controller/main.php:297
440	msgid "Your OTP code is incorrect. Please try again."
441	msgstr ""
442
443	+ #: app/module/advanced-tools/controller/main.php:358
444	msgid "Some error happen"
445	msgstr ""
446
447	+ #: app/module/advanced-tools/controller/main.php:395
448	msgid "Whoops, the passcode you entered was incorrect or expired."
449	msgstr ""
450
451	+ #: app/module/advanced-tools/controller/main.php:532
452	+ #: app/module/advanced-tools/controller/mask-login.php:191
453	#: app/module/audit/controller/main.php:197
454	#: app/module/ip-lockout/controller/main.php:700
455	#: app/module/scan/controller/main.php:306
456	msgid "Your settings have been updated."
457	msgstr ""
458
459	+ #: app/module/advanced-tools/controller/mask-login.php:137
460	+ msgid "This feature is disabled"
461	+ msgstr ""
462	+
463	+ #: app/module/advanced-tools/controller/mask-login.php:169
464	+ msgid "The Login URL is invalid."
465	+ msgstr ""
466	+
467	+ #: app/module/advanced-tools/controller/mask-login.php:177
468	+ msgid "The Redirection URL is invalid."
469	+ msgstr ""
470	+
471	+ #: app/module/advanced-tools/controller/mask-login.php:183
472	+ msgid "Login and 404 redirect URLs can't be the same. Please use different URLs."
473	+ msgstr ""
474	+
475	#: app/module/advanced-tools/view/disabled.php:4
476	+ #: app/module/advanced-tools/view/layouts/layout.php:26
477	#: app/module/advanced-tools/view/login/disabled.php:6
478	#: app/module/advanced-tools/view/login/enabled.php:6
479	msgid "Two Factor Authentication"

492	msgid "Security"
493	msgstr ""
494
495	+ #: app/module/advanced-tools/view/login/disabled.php:22
496	#: app/module/ip-lockout/view/detect-404/disabled.php:16
497	#: app/module/ip-lockout/view/login-lockouts/disabled.php:18
498	msgid "Enable"
499	msgstr ""
500
501	+ #: app/module/advanced-tools/view/login/disabled.php:26
502	+ #: app/module/advanced-tools/view/login/disabled.php:32
503	msgid "Use the Google Authenticator app to sign in with a separate passcode."
504	msgstr ""
505
506	+ #: app/module/advanced-tools/view/login/disabled.php:31
507	#: app/module/scan/controller/main.php:531 app/module/scan/view/setting.php:138
508	#: app/module/scan/view/setting.php:158
509	msgid "Cancel"
510	msgstr ""
511
512	+ #: app/module/advanced-tools/view/login/disabled.php:35
513	msgid "1. Install the Verification app"
514	msgstr ""
515
516	+ #: app/module/advanced-tools/view/login/disabled.php:38
517	msgid ""
518	"Download and install the Google Authenticator app on your device using the "
519	"links below."
520	msgstr ""
521
522	+ #: app/module/advanced-tools/view/login/disabled.php:47
523	msgid "2. Scan the barcode"
524	msgstr ""
525
526	+ #: app/module/advanced-tools/view/login/disabled.php:48
527	msgid ""
528	"Open the Google Authenticator app you just downloaded, tap the “+” symbol "
529	"and then use your phone’s camera to scan the barcode below."
530	msgstr ""
531
532	+ #: app/module/advanced-tools/view/login/disabled.php:52
533	msgid "3. Enter passcode"
534	msgstr ""
535
536	+ #: app/module/advanced-tools/view/login/disabled.php:54
537	msgid ""
538	"Enter the 6 digit passcode that is shown on your device into the input "
539	"field below and hit “Verify”."
540	msgstr ""
541
542	+ #: app/module/advanced-tools/view/login/disabled.php:60
543	msgid "Verify"
544	msgstr ""
545

569	msgid "Powered by WordPress"
570	msgstr ""
571
572	+ #: app/module/advanced-tools/view/login/otp.php:225
573	msgid "Open the Google Authenticator app and enter the 6 digit passcode."
574	msgstr ""
575
576	+ #: app/module/advanced-tools/view/login/otp.php:228
577	msgid "Authenticate"
578	msgstr ""
579
580	+ #: app/module/advanced-tools/view/login/otp.php:250
581	msgid "Lost your device?"
582	msgstr ""
583
584	+ #: app/module/advanced-tools/view/main-free.php:14
585	#: app/module/advanced-tools/view/main.php:14
586	msgid ""
587	"Configure your two-factor authentication settings. Our recommendations are "
588	"enabled by default."
589	msgstr ""
590
591	+ #: app/module/advanced-tools/view/main-free.php:27
592	#: app/module/advanced-tools/view/main.php:27
593	msgid ""
594	"<strong>Two-factor authentication is now active.</strong> User roles with "

596	"complete setup and sync their account with the Authenticator app."
597	msgstr ""
598
599	+ #: app/module/advanced-tools/view/main-free.php:35
600	#: app/module/advanced-tools/view/main.php:35
601	msgid ""
602	"<strong>Two-factor authentication is currently inactive.</strong> Configure "
603	"and save your settings to complete setup."
604	msgstr ""
605
606	+ #: app/module/advanced-tools/view/main-free.php:41
607	#: app/module/advanced-tools/view/main.php:41
608	msgid "User Roles"
609	msgstr ""
610
611	+ #: app/module/advanced-tools/view/main-free.php:43
612	#: app/module/advanced-tools/view/main.php:43
613	msgid ""
614	"Choose the user roles you want to enable two-factor authentication for. "

616	"Authenticator app to login."
617	msgstr ""
618
619	+ #: app/module/advanced-tools/view/main-free.php:50
620	#: app/module/advanced-tools/view/main.php:50
621	msgid "User role"
622	msgstr ""
623
624	+ #: app/module/advanced-tools/view/main-free.php:82
625	#: app/module/advanced-tools/view/main.php:82
626	msgid "Lost Phone"
627	msgstr ""
628
629	+ #: app/module/advanced-tools/view/main-free.php:84
630	#: app/module/advanced-tools/view/main.php:84
631	msgid ""
632	"If a user is unable to access their phone, you can allow an option to send "
633	"the one time password to their registered email."
634	msgstr ""
635
636	+ #: app/module/advanced-tools/view/main-free.php:94
637	#: app/module/advanced-tools/view/main.php:94
638	msgid "Enable lost phone option"
639	msgstr ""
640
641	+ #: app/module/advanced-tools/view/main-free.php:99
642	#: app/module/advanced-tools/view/main.php:99
643	+ msgid "Force Authentication"
644	msgstr ""
645
646	+ #: app/module/advanced-tools/view/main-free.php:101
647	#: app/module/advanced-tools/view/main.php:101
648	+ msgid ""
649	+ "By default, two-factor authentication is optional for users. This setting "
650	+ "forces users to activate two-factor."
651	+ msgstr ""
652	+
653	+ #: app/module/advanced-tools/view/main-free.php:111
654	+ #: app/module/advanced-tools/view/main.php:111
655	+ msgid "Force users to log in with two-factor authentication"
656	msgstr ""
657
658	+ #: app/module/advanced-tools/view/main-free.php:112
659	+ #: app/module/advanced-tools/view/main.php:112
660	+ msgid "Note: Users will be forced to set up two-factor when they next login."
661	+ msgstr ""
662	+
663	+ #: app/module/advanced-tools/view/main-free.php:115
664	#: app/module/advanced-tools/view/main.php:115
665	+ msgid "Custom warning message"
666	+ msgstr ""
667	+
668	+ #: app/module/advanced-tools/view/main-free.php:119
669	+ #: app/module/advanced-tools/view/main.php:119
670	+ msgid ""
671	+ "Note: This is shown in the users Profile area indicating they must use "
672	+ "two-factor authentication."
673	+ msgstr ""
674	+
675	+ #: app/module/advanced-tools/view/main-free.php:127
676	+ #: app/module/scan/behavior/scan.php:137 app/module/scan/behavior/scan.php:152
677	+ #: app/module/scan/view/layouts/layout.php:62
678	+ #: app/module/scan/view/layouts/layout.php:78
679	+ #: app/module/scan/view/setting-free.php:30
680	+ #: app/module/scan/view/setting-free.php:45
681	+ msgid "Pro Feature"
682	+ msgstr ""
683	+
684	+ #: app/module/advanced-tools/view/main-free.php:129
685	+ #: app/module/advanced-tools/view/main.php:126
686	+ #: app/module/advanced-tools/view/main.php:143
687	+ msgid "Custom Graphic"
688	+ msgstr ""
689	+
690	+ #: app/module/advanced-tools/view/main-free.php:131
691	+ #: app/module/advanced-tools/view/main.php:128
692	+ msgid ""
693	+ "By default, Defender’s icon appears above the login fields. You can upload "
694	+ "your own branding, or turn this feature off."
695	+ msgstr ""
696	+
697	+ #: app/module/advanced-tools/view/main-free.php:139
698	+ #: app/module/advanced-tools/view/main.php:139
699	+ msgid "Enable custom graphics above login fields"
700	+ msgstr ""
701	+
702	+ #: app/module/advanced-tools/view/main-free.php:147
703	+ #: app/module/advanced-tools/view/main.php:157
704	+ msgid "App Download"
705	+ msgstr ""
706	+
707	+ #: app/module/advanced-tools/view/main-free.php:149
708	+ #: app/module/advanced-tools/view/main.php:159
709	+ msgid "Need the app? Here’s links to the official Google Authenticator apps."
710	+ msgstr ""
711	+
712	+ #: app/module/advanced-tools/view/main-free.php:163
713	+ #: app/module/advanced-tools/view/main.php:173
714	msgid "Active Users"
715	msgstr ""
716
717	+ #: app/module/advanced-tools/view/main-free.php:165
718	+ #: app/module/advanced-tools/view/main.php:175
719	msgid ""
720	"Here’s a quick link to see which of your users have enabled two-factor "
721	"verification."
722	msgstr ""
723
724	+ #: app/module/advanced-tools/view/main-free.php:169
725	+ #: app/module/advanced-tools/view/main.php:179
726	msgid "<a href=\"%s\">View users</a> who have enabled this feature."
727	msgstr ""
728
729	+ #: app/module/advanced-tools/view/main-free.php:174
730	+ #: app/module/advanced-tools/view/main-free.php:181
731	+ #: app/module/advanced-tools/view/main.php:184
732	+ #: app/module/advanced-tools/view/main.php:191
733	+ #: app/module/advanced-tools/view/mask-login/enabled.php:78
734	+ #: app/module/advanced-tools/view/mask-login/enabled.php:82
735	#: app/module/audit/view/settings.php:10
736	msgid "Deactivate"
737	msgstr ""
738
739	+ #: app/module/advanced-tools/view/main-free.php:176
740	+ #: app/module/advanced-tools/view/main.php:186
741	msgid "Disable two-factor authentication on your website."
742	msgstr ""
743
744	+ #: app/module/advanced-tools/view/main-free.php:189
745	+ #: app/module/advanced-tools/view/main.php:199
746	msgid "SAVE SETTINGS"
747	msgstr ""
748
749	+ #: app/module/advanced-tools/view/main.php:144
750	+ msgid "For best results use a 168x168px JPG or PNG."
751	+ msgstr ""
752	+
753	+ #: app/module/advanced-tools/view/mask-login/disabled.php:10
754	+ msgid ""
755	+ "Change the location of WordPress’s default wp-admin and wp-login URLs to "
756	+ "make it harder for automated bots to find, and more convenient for your "
757	+ "users."
758	+ msgstr ""
759	+
760	+ #: app/module/advanced-tools/view/mask-login/enabled.php:9
761	+ msgid "Change your default wp-admin and wp-content login URL."
762	+ msgstr ""
763	+
764	+ #: app/module/advanced-tools/view/mask-login/enabled.php:19
765	+ msgid ""
766	+ "Masking is currently inactive. Choose your URL and save your settings to "
767	+ "finish setup. "
768	+ msgstr ""
769	+
770	+ #: app/module/advanced-tools/view/mask-login/enabled.php:33
771	+ msgid "Masking URLs"
772	+ msgstr ""
773	+
774	+ #: app/module/advanced-tools/view/mask-login/enabled.php:35
775	+ msgid ""
776	+ "Choose the new URL slug where users of your website will now navigate to to "
777	+ "log in, register or administrate."
778	+ msgstr ""
779	+
780	+ #: app/module/advanced-tools/view/mask-login/enabled.php:39
781	+ msgid ""
782	+ "You can specify any URLs. For security reasons, less obvious URLs are "
783	+ "recommended as they are harder for bots to guess."
784	+ msgstr ""
785	+
786	+ #: app/module/advanced-tools/view/mask-login/enabled.php:40
787	+ msgid "New Login URL"
788	+ msgstr ""
789	+
790	+ #: app/module/advanced-tools/view/mask-login/enabled.php:42
791	+ msgid "Users will login at <strong>%s</strong>"
792	+ msgstr ""
793	+
794	+ #: app/module/advanced-tools/view/mask-login/enabled.php:47
795	+ msgid "Redirect traffic"
796	+ msgstr ""
797	+
798	+ #: app/module/advanced-tools/view/mask-login/enabled.php:49
799	+ msgid ""
800	+ "With this feature you can send visitors and bots who try to visit the "
801	+ "default Wordpress login URLs to a separate URL to avoid 404s."
802	+ msgstr ""
803	+
804	+ #: app/module/advanced-tools/view/mask-login/enabled.php:60
805	+ msgid "Enable 404 redirection"
806	+ msgstr ""
807	+
808	+ #: app/module/advanced-tools/view/mask-login/enabled.php:64
809	+ msgid "Redirection URL"
810	+ msgstr ""
811	+
812	+ #: app/module/advanced-tools/view/mask-login/enabled.php:70
813	+ msgid ""
814	+ "Visitors who visit the default login URLs will be redirected to "
815	+ "<strong>%s</strong>"
816	+ msgstr ""
817	+
818	+ #: app/module/advanced-tools/view/mask-login/enabled.php:88
819	+ #: app/view/settings.php:187 app/view/settings.php:326
820	+ msgid "Save Settings"
821	+ msgstr ""
822	+
823	#: app/module/audit/behavior/audit-free.php:25
824	#: app/module/audit/behavior/audit.php:38 app/view/activator.php:35
825	msgid ""

1285	msgid "Login Name"
1286	msgstr ""
1287
1288	+ #: app/module/audit/component/options-audit.php:175 app/view/login-modal.php:11
1289	msgid "Password"
1290	msgstr ""
1291

1384	#: app/module/scan/view/layouts/layout.php:132
1385	#: app/module/scan/view/layouts/layout.php:149
1386	#: app/module/scan/view/setting-free.php:3 app/module/scan/view/setting.php:3
1387	+ #: app/view/settings.php:6 free/main-activator.php:157 main-activator.php:102
1388	msgid "Settings"
1389	msgstr ""
1390

1972	msgid "Change default admin user account"
1973	msgstr ""
1974
1975	+ #: app/module/hardener/component/change-admin.php:56
1976	+ msgid ""
1977	+ "Your admin name has changed. You will need to <a "
1978	+ "href='%s'><strong>%s</strong></a>.<br/>This will auto reload after <span "
1979	+ "class='hardener-timer'>10</span> seconds."
1980	+ msgstr ""
1981	+
1982	#: app/module/hardener/component/db-prefix-service.php:32
1983	#: app/module/hardener/component/db-prefix-service.php:95
1984	#: app/module/hardener/component/disable-file-editor-service.php:32

3746	msgid "Plugins & Themes"
3747	msgstr ""
3748








3749	#: app/module/scan/behavior/scan.php:165
3750	msgid "VIEW REPORT"
3751	msgstr ""

4261	msgid "FIND OUT MORE"
4262	msgstr ""
4263
4264	+ #: app/view/login-modal.php:3
4265	+ msgid ""
4266	+ "To get access to our free API services you simply need to create a WPMU DEV "
4267	+ "account. It only takes two seconds and it’s absolutely free, forever."
4268	+ msgstr ""
4269	+
4270	+ #: app/view/login-modal.php:7
4271	+ msgid "First name"
4272	+ msgstr ""
4273	+
4274	+ #: app/view/login-modal.php:9
4275	+ msgid "Email address"
4276	+ msgstr ""
4277	+
4278	+ #: app/view/login-modal.php:12
4279	+ msgid "minimum 8 characters"
4280	+ msgstr ""
4281	+
4282	+ #: app/view/login-modal.php:22
4283	+ msgid "Create Account"
4284	+ msgstr ""
4285	+
4286	#: app/view/requirement.php:11
4287	msgid ""
4288	"Defender is currently scanning your files for malicious code, please be "

4355	"your site is running smoothly."
4356	msgstr ""
4357




4358	#: app/view/settings.php:208
4359	msgid "We did not find an admin user with this name..."
4360	msgstr ""

4431	msgid "<br/>Something went wrong. Please try again later!"
4432	msgstr ""
4433
4434	+ #: free/main-activator.php:162 main-activator.php:107
4435	msgid "Docs"
4436	msgstr ""
4437

4471	msgid "Rate %s"
4472	msgstr ""
4473
4474	+ #: main-activator.php:91
4475	msgid ""
4476	"We noticed you have both the free and pro versions of Defender installed, "
4477	"so we've automatically deactivated the free version for you."

4500	msgid "http://premium.wpmudev.org/"
4501	msgstr ""
4502
4503	+ #: app/module/advanced-tools/view/login/otp.php:301
4504	#. translators: %s: site title
4505	msgctxt "site"
4506	msgid "← Back to %s"

readme.txt CHANGED Viewed

	@@ -1,13 +1,13 @@
1	=== Defender Security, Monitoring, and Hack Protection ===
2	Plugin Name: Defender Security, Monitoring, and Hack Protection
3	- Version: 1.~~7.6~~
4	Author: WPMU DEV
5	Author URI: http://premium.wpmudev.org/
6	Contributors: WPMUDEV
7	Tags: Security, Security Tweaks, Hardening, IP lockout, Monitoring, Blacklist, Site Protection, Hacked, Security Scan
8	Requires at least: 4.6
9	- Tested up to: 4.9.2
10	- Stable tag: 1.~~7.6~~
11	License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
12
13	Protect WordPress from hackers with security tweaks, code scans, 2-Step Verification, IP lockouts, and monitoring.
	@@ -58,10 +58,14 @@ Keep your site safe with Defender’s simple IP manager. Manually block specific
58	★★★★★ <br>
59	“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” - <a href="https://premium.wpmudev.org/profile/davidoswald/">David Oswald</a>
60
61	- = ~~Log-in~~ Protection =
62
63	Brute force attacks are no match for Defender. Limit login attempts to stop users trying to guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts.
64




65	= 404 Limiter =
66	Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a user keeps visiting pages that do not exist.
67
	@@ -73,6 +77,7 @@ Defender runs surveillance and sends notifications with information that matters
73	* Google 2-Step Verification
74	* One-click site hardening and security tweaking
75	* WordPress core file scanning and repair

76	* IP Blacklist manager and logging
77	* Unlimited file scans
78	* Timed Lockout brute force attack shield for login protection
	@@ -117,6 +122,12 @@ Hackers and bot attacks are not the only threat to your site. No matter what se
117
118	== Changelog ==
119






120	= 1.7.6 =
121	- Fix: Defender now can recognize and verify Bing Bot for whitelisting
122	- Fix: Lockout page now will use site title instead of the text 'WP Defender'


1	=== Defender Security, Monitoring, and Hack Protection ===
2	Plugin Name: Defender Security, Monitoring, and Hack Protection
3	+ Version: 1.8
4	Author: WPMU DEV
5	Author URI: http://premium.wpmudev.org/
6	Contributors: WPMUDEV
7	Tags: Security, Security Tweaks, Hardening, IP lockout, Monitoring, Blacklist, Site Protection, Hacked, Security Scan
8	Requires at least: 4.6
9	+ Tested up to: 4.9.5
10	+ Stable tag: 1.8
11	License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
12
13	Protect WordPress from hackers with security tweaks, code scans, 2-Step Verification, IP lockouts, and monitoring.

58	★★★★★ <br>
59	“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” - <a href="https://premium.wpmudev.org/profile/davidoswald/">David Oswald</a>
60
61	+ = Login Protection =
62
63	Brute force attacks are no match for Defender. Limit login attempts to stop users trying to guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts.
64
65	+ = Login Screen Masking =
66	+
67	+ Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, it lets you whitelable your login user experience and improves branding.
68	+
69	= 404 Limiter =
70	Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a user keeps visiting pages that do not exist.
71

77	* Google 2-Step Verification
78	* One-click site hardening and security tweaking
79	* WordPress core file scanning and repair
80	+ * Login Screen Masking
81	* IP Blacklist manager and logging
82	* Unlimited file scans
83	* Timed Lockout brute force attack shield for login protection

122
123	== Changelog ==
124
125	+ = 1.8 =
126	+ - New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
127	+ - New: Ability to force two-factor authentication for all users.
128	+ - Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
129	+ - Fix: Fixed an issue where the lockout pages could be cached by external cache engines.
130	+
131	= 1.7.6 =
132	- Fix: Defender now can recognize and verify Bing Bot for whitelisting
133	- Fix: Lockout page now will use site title instead of the text 'WP Defender'

uninstall.php CHANGED Viewed

	@@ -41,7 +41,7 @@ $cache->delete( 'cleanchecksum' );
41	\WP_Defender\Module\Hardener\Model\Settings::instance()->delete();
42	\WP_Defender\Module\IP_Lockout\Model\Settings::instance()->delete();
43	\WP_Defender\Module\Advanced_Tools\Model\Auth_Settings::instance()->delete();
44	-
45	//clear old stuff
46	delete_site_option( 'wp_defender' );
47	delete_option( 'wp_defender' );


41	\WP_Defender\Module\Hardener\Model\Settings::instance()->delete();
42	\WP_Defender\Module\IP_Lockout\Model\Settings::instance()->delete();
43	\WP_Defender\Module\Advanced_Tools\Model\Auth_Settings::instance()->delete();
44	+ \WP_Defender\Module\Advanced_Tools\Model\Mask_Settings::instance()->delete();
45	//clear old stuff
46	delete_site_option( 'wp_defender' );
47	delete_option( 'wp_defender' );

wp-defender.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	* Plugin Name: Defender
5	* Plugin URI: https://premium.wpmudev.org/project/wp-defender/
6	- * Version: 1.~~7.6~~
7	* Description: Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
8	* Author: WPMU DEV
9	* Author URI: http://premium.wpmudev.org/


3	/**
4	* Plugin Name: Defender
5	* Plugin URI: https://premium.wpmudev.org/project/wp-defender/
6	+ * Version: 1.8
7	* Description: Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
8	* Author: WPMU DEV
9	* Author URI: http://premium.wpmudev.org/

Defender Security – Malware Scanner, Login Security & Firewall - Version 1.8

Version Description

Release Info

Code changes from version 1.7.6 to 1.8