Defender Security – Malware Scanner, Login Security & Firewall - Version 2.0

Version Description

  • New: added tweak Disable XML-RPC
  • Improvement: Two factor authentication can now be force enabled by role.
  • Improvement: Masking URL description.
  • Fix: Compatibility with Appointments+ login when Mask Login is enabled.
  • Fix: /login/ will be blocked instead of redirecting to right login URL
  • Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
  • Fix: Accessibility issue when activating 2FA.
  • Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
  • Other minor enhancements and fixes
Download this release

Release Info

Developer jdailey
Plugin Icon 128x128 Defender Security – Malware Scanner, Login Security & Firewall
Version 2.0
Comparing to
See all releases

Code changes from version 1.9.1 to 2.0

Files changed (41) hide show
  1. app/controller/dashboard.php +89 -2
  2. app/module/advanced-tools/component/auth-api.php +36 -0
  3. app/module/advanced-tools/controller/main.php +16 -2
  4. app/module/advanced-tools/controller/mask-login.php +23 -2
  5. app/module/advanced-tools/js/scripts.js +11 -1
  6. app/module/advanced-tools/model/auth-settings.php +3 -1
  7. app/module/advanced-tools/view/main-free.php +17 -1
  8. app/module/advanced-tools/view/main.php +24 -7
  9. app/module/advanced-tools/view/mask-login/enabled.php +6 -6
  10. app/module/hardener/behavior/widget.php +3 -3
  11. app/module/hardener/component/disable-xml-rpc-service.php +42 -0
  12. app/module/hardener/component/disable-xml-rpc.php +90 -0
  13. app/module/hardener/model/settings.php +4 -2
  14. app/module/hardener/view/rules/change-admin.php +2 -2
  15. app/module/hardener/view/rules/db-prefix.php +2 -2
  16. app/module/hardener/view/rules/disable-file-editor.php +2 -2
  17. app/module/hardener/view/rules/disable-trackback.php +2 -2
  18. app/module/hardener/view/rules/disable-xml-rpc.php +54 -0
  19. app/module/hardener/view/rules/hide-error.php +2 -2
  20. app/module/hardener/view/rules/login-duration.php +5 -5
  21. app/module/hardener/view/rules/php-version.php +2 -2
  22. app/module/hardener/view/rules/prevent-php-executed.php +10 -10
  23. app/module/hardener/view/rules/protect-information.php +4 -4
  24. app/module/hardener/view/rules/security-key.php +2 -2
  25. app/module/hardener/view/rules/wp-version.php +2 -2
  26. app/module/ip-lockout/view/detect-404/enabled.php +2 -2
  27. app/module/ip-lockout/view/login-lockouts/enabled.php +2 -2
  28. app/module/ip-lockout/view/notification/enabled.php +4 -4
  29. app/module/ip-lockout/view/notification/report-free.php +1 -1
  30. app/module/ip-lockout/view/notification/report.php +2 -2
  31. app/module/scan/behavior/core-result.php +6 -3
  32. app/module/scan/component/scan-api.php +6 -2
  33. app/module/scan/component/token-utils.php +333 -0
  34. app/module/scan/js/script.js +13 -10
  35. assets/css/styles.css +5 -0
  36. assets/js/scripts.js +8 -0
  37. changelog.txt +30 -0
  38. languages/wpdef-default.pot +205 -126
  39. main-activator.php +1 -2
  40. readme.txt +15 -4
  41. wp-defender.php +1 -1
app/controller/dashboard.php CHANGED
@@ -37,6 +37,93 @@ class Dashboard extends Controller {
37
  $this->add_filter( 'wdp_register_hub_action', 'addMyEndpoint' );
38
  add_filter( 'custom_menu_order', '__return_true' );
39
  $this->add_filter( 'menu_order', 'menuOrder' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  }
41
 
42
  public function skipActivator() {
@@ -323,7 +410,7 @@ class Dashboard extends Controller {
323
  $cap = is_multisite() ? 'manage_network_options' : 'manage_options';
324
  $menu_title = wp_defender()->isFree ? esc_html__( "Defender", "defender-security" ) : esc_html__( "Defender Pro", "defender-security" );
325
  //$menu_title = sprintf( $menu_title, $indicator );
326
- add_menu_page( esc_html__( "Defender Pro", "defender-security" ), $menu_title, $cap, 'wp-defender', array(
327
  &$this,
328
  'actionIndex'
329
  ), $this->get_menu_icon() );
@@ -381,4 +468,4 @@ class Dashboard extends Controller {
381
  'at' => '\WP_Defender\Module\Advanced_Tools\Behavior\AT_Widget'
382
  );
383
  }
384
- }
37
  $this->add_filter( 'wdp_register_hub_action', 'addMyEndpoint' );
38
  add_filter( 'custom_menu_order', '__return_true' );
39
  $this->add_filter( 'menu_order', 'menuOrder' );
40
+ // Add pointer script.
41
+ $this->add_action( 'admin_enqueue_scripts', 'admin_pointers_header' );
42
+ }
43
+
44
+ /**
45
+ * Pointer header.
46
+ */
47
+ public function admin_pointers_header() {
48
+ if ( $this->admin_pointers_check() ) {
49
+ $this->add_action( 'admin_print_footer_scripts', 'admin_pointers_footer' );
50
+ wp_enqueue_script( 'wp-pointer' );
51
+ wp_enqueue_style( 'wp-pointer' );
52
+ }
53
+ }
54
+
55
+ /**
56
+ * Admin pointers check.
57
+ */
58
+ function admin_pointers_check() {
59
+ $currentScreen = get_current_screen();
60
+ if ( strpos( $currentScreen->id, 'defender' ) !== false ) {
61
+ return;
62
+ }
63
+ $admin_pointers = $this->admin_pointers();
64
+ foreach ( $admin_pointers as $pointer => $array ) {
65
+ if ( $array['active'] ) {
66
+ return true;
67
+ }
68
+ }
69
+ }
70
+
71
+ /**
72
+ * Pointer scripts.
73
+ */
74
+ function admin_pointers_footer() {
75
+ $admin_pointers = $this->admin_pointers();
76
+ ?>
77
+ <script type="text/javascript">
78
+ /* <![CDATA[ */
79
+ (function ($) {
80
+ <?php
81
+ foreach ( $admin_pointers as $pointer => $array ) {
82
+ if ( $array['active'] ) {
83
+ ?>
84
+ $('<?php echo $array['anchor_id']; ?>').pointer({
85
+ content: '<?php echo $array['content']; ?>',
86
+ position: {
87
+ edge: '<?php echo $array['edge']; ?>',
88
+ align: '<?php echo $array['align']; ?>'
89
+ },
90
+ close: function () {
91
+ $.post(ajaxurl, {
92
+ pointer: '<?php echo $pointer; ?>',
93
+ action: 'dismiss-wp-pointer'
94
+ });
95
+ }
96
+ }).pointer('open');
97
+ <?php
98
+ }
99
+ }
100
+ ?>
101
+ })(jQuery);
102
+ /* ]]> */
103
+ </script>
104
+ <?php
105
+ }
106
+
107
+ /**
108
+ * Admin pointers.
109
+ */
110
+ function admin_pointers() {
111
+ $dismissed = explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) );
112
+ $version = \str_replace( '.', '_', wp_defender()->version );
113
+ $prefix = 'defneder_admin_pointers' . $version . '_' . ( wp_defender()->isFree ? '_free' : null );
114
+
115
+ $new_pointer_content = '<h3>' . __( 'Get Secure', "defender-security" ) . '</h3>';
116
+ $new_pointer_content .= '<p>' . __( 'Enable security tweaks, activate monitoring and start protecting your login are and files here.', "defender-security" ) . '</p>';
117
+
118
+ return array(
119
+ $prefix . 'menu' => array(
120
+ 'content' => $new_pointer_content,
121
+ 'anchor_id' => '#toplevel_page_wp-defender',
122
+ 'edge' => 'top',
123
+ 'align' => 'left',
124
+ 'active' => ( ! in_array( $prefix . 'menu', $dismissed ) ),
125
+ ),
126
+ );
127
  }
128
 
129
  public function skipActivator() {
410
  $cap = is_multisite() ? 'manage_network_options' : 'manage_options';
411
  $menu_title = wp_defender()->isFree ? esc_html__( "Defender", "defender-security" ) : esc_html__( "Defender Pro", "defender-security" );
412
  //$menu_title = sprintf( $menu_title, $indicator );
413
+ add_menu_page( $menu_title, $menu_title, $cap, 'wp-defender', array(
414
  &$this,
415
  'actionIndex'
416
  ), $this->get_menu_icon() );
468
  'at' => '\WP_Defender\Module\Advanced_Tools\Behavior\AT_Widget'
469
  );
470
  }
471
+ }
app/module/advanced-tools/component/auth-api.php CHANGED
@@ -175,6 +175,42 @@ class Auth_API extends Component {
175
  }
176
  }
177
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
178
  /**
179
  * @return bool|mixed|string
180
  */
175
  }
176
  }
177
 
178
+ /**
179
+ * @param null $user
180
+ *
181
+ * @return bool
182
+ */
183
+ public static function isForcedRole( $user = null ) {
184
+ if ( $user == null ) {
185
+ $user = wp_get_current_user();
186
+ }
187
+ if ( ! $user instanceof \WP_User ) {
188
+ return false;
189
+ }
190
+ $settings = Auth_Settings::instance();
191
+ if ( 0 === count( $user->roles ) ) {
192
+ //this mean user just added but have no roles, we dnt force them
193
+ return false;
194
+ }
195
+
196
+ if ( Utils::instance()->isActivatedSingle() ) {
197
+ $isForced = array_intersect( $settings->forceAuthRoles, $user->roles );
198
+
199
+ return count( $isForced ) > 0;
200
+ } else {
201
+ $blogs = get_blogs_of_user( $user->ID );
202
+ $userRoles = array();
203
+ foreach ( $blogs as $blog ) {
204
+ //get user roles for this blog
205
+ $u = new \WP_User( $user->ID, '', $blog->userblog_id );
206
+ $userRoles = array_merge( $u->roles, $userRoles );
207
+ }
208
+ $isForced = array_intersect( $settings->forceAuthRoles, $userRoles );
209
+
210
+ return count( $isForced ) > 0;
211
+ }
212
+ }
213
+
214
  /**
215
  * @return bool|mixed|string
216
  */
app/module/advanced-tools/controller/main.php CHANGED
@@ -100,10 +100,17 @@ class Main extends Controller {
100
  if ( ! Auth_API::isEnableForCurrentRole( $user ) ) {
101
  return;
102
  }
 
 
 
 
 
 
103
  //user already enable OTP
104
  if ( Auth_API::isUserEnableOTP( $user->ID ) ) {
105
  return;
106
  }
 
107
  $screen = get_current_screen();
108
  if ( $screen->id != 'profile' ) {
109
  wp_redirect( admin_url( 'profile.php' ) . '#show2AuthActivator' );
@@ -546,6 +553,10 @@ class Main extends Controller {
546
  if ( ! isset( $data['userRoles'] ) ) {
547
  $data['userRoles'] = array();
548
  }
 
 
 
 
549
  $setting = Auth_Settings::instance();
550
  $setting->import( $data );
551
  $setting->save();
@@ -649,18 +660,21 @@ class Main extends Controller {
649
 
650
  /**
651
  * Replace email variables.
 
652
  * @param string $content Content to replace.
653
- * @param array $values Variables values.
 
654
  * @return string
655
  */
656
  public function replace_email_vars( $content, $values ) {
657
  $content = apply_filters( 'the_content', $content );
658
- $tags = array( 'display_name', 'passcode' );
659
  foreach ( $tags as $key => $tag ) {
660
  $upper_tag = strtoupper( $tag );
661
  $content = str_replace( '{{' . $upper_tag . '}}', $values[ $tag ], $content );
662
  $content = str_replace( '{{' . $tag . '}}', $values[ $tag ], $content );
663
  }
 
664
  return $content;
665
  }
666
  }
100
  if ( ! Auth_API::isEnableForCurrentRole( $user ) ) {
101
  return;
102
  }
103
+
104
+ //check if this role is forced
105
+ if ( ! Auth_API::isForcedRole( $user ) ) {
106
+ return;
107
+ }
108
+
109
  //user already enable OTP
110
  if ( Auth_API::isUserEnableOTP( $user->ID ) ) {
111
  return;
112
  }
113
+
114
  $screen = get_current_screen();
115
  if ( $screen->id != 'profile' ) {
116
  wp_redirect( admin_url( 'profile.php' ) . '#show2AuthActivator' );
553
  if ( ! isset( $data['userRoles'] ) ) {
554
  $data['userRoles'] = array();
555
  }
556
+ if ( ! isset( $data['forceAuthRoles'] ) ) {
557
+ $data['forceAuthRoles'] = array();
558
+ }
559
+
560
  $setting = Auth_Settings::instance();
561
  $setting->import( $data );
562
  $setting->save();
660
 
661
  /**
662
  * Replace email variables.
663
+ *
664
  * @param string $content Content to replace.
665
+ * @param array $values Variables values.
666
+ *
667
  * @return string
668
  */
669
  public function replace_email_vars( $content, $values ) {
670
  $content = apply_filters( 'the_content', $content );
671
+ $tags = array( 'display_name', 'passcode' );
672
  foreach ( $tags as $key => $tag ) {
673
  $upper_tag = strtoupper( $tag );
674
  $content = str_replace( '{{' . $upper_tag . '}}', $values[ $tag ], $content );
675
  $content = str_replace( '{{' . $tag . '}}', $values[ $tag ], $content );
676
  }
677
+
678
  return $content;
679
  }
680
  }
app/module/advanced-tools/controller/mask-login.php CHANGED
@@ -44,6 +44,11 @@ class Mask_Login extends Controller {
44
  // $this->add_filter( 'network_admin_url', 'filterAdminUrl', 9999, 2 );
45
  // $this->add_filter( 'admin_url', 'filterAdminUrl', 9999, 2 );
46
  remove_action( 'template_redirect', 'wp_redirect_admin_locations' );
 
 
 
 
 
47
  } else {
48
  if ( $isJetpackSSO ) {
49
  wp_defender()->global['compatibility'][] = __( "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. Please disable it and return to this page to continue setup.", "defender-security" );
@@ -67,12 +72,29 @@ class Mask_Login extends Controller {
67
  } elseif ( substr( $requestPath, 0, 9 ) == '/wp-admin' ) {
68
  //this one try to login to wp-admin, redirect or lock it
69
  $this->_handleRequestToAdmin();
70
- } elseif ( $requestPath == '/wp-login.php' ) {
71
  //this one want to login, redirect or lock
72
  $this->_handleRequestToLoginPage();
73
  }
74
  }
75
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
76
  /**
77
  * @param $url
78
  * @param $path
@@ -246,7 +268,6 @@ class Mask_Login extends Controller {
246
  }
247
  $setting->import( $data );
248
  $setting->save();
249
-
250
  $res = array(
251
  'message' => __( "Your settings have been updated.", "defender-security" )
252
  );
44
  // $this->add_filter( 'network_admin_url', 'filterAdminUrl', 9999, 2 );
45
  // $this->add_filter( 'admin_url', 'filterAdminUrl', 9999, 2 );
46
  remove_action( 'template_redirect', 'wp_redirect_admin_locations' );
47
+ //if prosite is activate and useremail is not defined, we need to update the
48
+ //email to match the new login URL
49
+ if ( is_plugin_active_for_network( 'pro-sites/pro-sites.php' ) ) {
50
+ $this->add_filter( 'update_welcome_email', 'updateWelcomeEmailPrositeCase', 10, 6 );
51
+ }
52
  } else {
53
  if ( $isJetpackSSO ) {
54
  wp_defender()->global['compatibility'][] = __( "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. Please disable it and return to this page to continue setup.", "defender-security" );
72
  } elseif ( substr( $requestPath, 0, 9 ) == '/wp-admin' ) {
73
  //this one try to login to wp-admin, redirect or lock it
74
  $this->_handleRequestToAdmin();
75
+ } elseif ( $requestPath == '/wp-login.php' || $requestPath == '/login' ) {
76
  //this one want to login, redirect or lock
77
  $this->_handleRequestToLoginPage();
78
  }
79
  }
80
 
81
+ /**
82
+ * @param $welcome_email
83
+ * @param $blog_id
84
+ * @param $user_id
85
+ * @param $password
86
+ * @param $title
87
+ * @param $meta
88
+ *
89
+ * @return mixed
90
+ */
91
+ public function updateWelcomeEmailPrositeCase( $welcome_email, $blog_id, $user_id, $password, $title, $meta ) {
92
+ $url = get_blogaddress_by_id( $blog_id );
93
+ $welcome_email = str_replace( $url . 'wp-login.php', Mask_Api::getNewLoginUrl( rtrim( '/', $url ) ), $welcome_email );
94
+
95
+ return $welcome_email;
96
+ }
97
+
98
  /**
99
  * @param $url
100
  * @param $path
268
  }
269
  $setting->import( $data );
270
  $setting->save();
 
271
  $res = array(
272
  'message' => __( "Your settings have been updated.", "defender-security" )
273
  );
app/module/advanced-tools/js/scripts.js CHANGED
@@ -28,6 +28,16 @@ jQuery(function ($) {
28
  $(this).closest('.column').find('.well').addClass('is-hidden')
29
  }
30
  });
 
 
 
 
 
 
 
 
 
 
31
  $('body').on('change', '#customGraphic', function (e) {
32
  if ($(this).prop('checked') == true) {
33
  $(this).closest('.column').find('.well').removeClass('is-hidden')
@@ -155,4 +165,4 @@ Adtools.formHandler = function () {
155
  })
156
  return false;
157
  })
158
- }
28
  $(this).closest('.column').find('.well').addClass('is-hidden')
29
  }
30
  });
31
+
32
+ $('body').on('change', '.toggle-checkbox', function (e) {
33
+ console.log( $(this).attr('id') );
34
+ if ($(this).prop('checked') == true) {
35
+ $('label[for="'+$(this).attr('id')+'"]').attr('aria-checked',true);
36
+ } else {
37
+ $('label[for="'+$(this).attr('id')+'"]').attr('aria-checked',false);
38
+ }
39
+ });
40
+
41
  $('body').on('change', '#customGraphic', function (e) {
42
  if ($(this).prop('checked') == true) {
43
  $(this).closest('.column').find('.well').removeClass('is-hidden')
165
  })
166
  return false;
167
  })
168
+ }
app/module/advanced-tools/model/auth-settings.php CHANGED
@@ -15,6 +15,7 @@ class Auth_Settings extends \Hammer\WP\Settings {
15
  public $forceAuth = false;
16
  public $forceAuthMess = "You are required to setup two-factor authentication to use this site.";
17
  public $userRoles = array();
 
18
  public $customGraphic = 0;
19
  public $customGraphicURL = '';
20
  public $isConflict = array();
@@ -112,6 +113,7 @@ Copy and paste the passcode into the input field on the login screen to complete
112
 
113
  Regards,
114
  Administrator';
115
- return $content;
 
116
  }
117
  }
15
  public $forceAuth = false;
16
  public $forceAuthMess = "You are required to setup two-factor authentication to use this site.";
17
  public $userRoles = array();
18
+ public $forceAuthRoles = array();
19
  public $customGraphic = 0;
20
  public $customGraphicURL = '';
21
  public $isConflict = array();
113
 
114
  Regards,
115
  Administrator';
116
+
117
+ return $content;
118
  }
119
  }
app/module/advanced-tools/view/main-free.php CHANGED
@@ -58,7 +58,9 @@
58
  <li>
59
  <div>
60
  <span class="list-label">
61
- <?php echo $detail['name'] ?>
 
 
62
  </span>
63
  <div class="list-detail">
64
  <span class="toggle">
@@ -111,6 +113,20 @@
111
  <span><?php _e( "Force users to log in with two-factor authentication", "defender-security" ) ?></span>
112
  <span class="form-help"><?php _e( "Note: Users will be forced to set up two-factor when they next login.", "defender-security" ) ?></span>
113
  <div class="well well-white <?php echo $settings->forceAuth == false ? 'is-hidden' : null ?>">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
114
  <p>
115
  <span class="form-help"><strong><?php _e( "Custom warning message", "defender-security" ) ?></strong></span>
116
  </p>
58
  <li>
59
  <div>
60
  <span class="list-label">
61
+ <label for="toggle_<?php echo esc_attr( $role ) ?>_role" role="checkbox" aria-checked="<?php echo in_array( $role, $enabledRoles ) ? 'true' : 'false' ?>">
62
+ <?php echo $detail['name'] ?>
63
+ </label>
64
  </span>
65
  <div class="list-detail">
66
  <span class="toggle">
113
  <span><?php _e( "Force users to log in with two-factor authentication", "defender-security" ) ?></span>
114
  <span class="form-help"><?php _e( "Note: Users will be forced to set up two-factor when they next login.", "defender-security" ) ?></span>
115
  <div class="well well-white <?php echo $settings->forceAuth == false ? 'is-hidden' : null ?>">
116
+ <p>
117
+ <span class="form-help"><strong><?php _e( "User Roles", "defender-security" ) ?></strong></span>
118
+ </p>
119
+ <ul>
120
+ <?php
121
+ $forceAuthRoles = $settings->forceAuthRoles;
122
+ foreach ( $allRoles as $role => $detail ):
123
+ ?>
124
+ <li>
125
+ <input id="forceAuth<?php echo esc_attr($role) ?>" type="checkbox" name="forceAuthRoles[]" value="<?php echo esc_attr( $role ) ?>" <?php echo in_array( $role, $forceAuthRoles ) ? 'checked="checked"' : null ?> />
126
+ <label for="forceAuth<?php echo esc_attr($role) ?>"><?php echo $detail['name'] ?></label>
127
+ </li>
128
+ <?php endforeach; ?>
129
+ </ul>
130
  <p>
131
  <span class="form-help"><strong><?php _e( "Custom warning message", "defender-security" ) ?></strong></span>
132
  </p>
app/module/advanced-tools/view/main.php CHANGED
@@ -58,7 +58,9 @@
58
  <li>
59
  <div>
60
  <span class="list-label">
61
- <?php echo $detail['name'] ?>
 
 
62
  </span>
63
  <div class="list-detail">
64
  <span class="toggle">
@@ -111,6 +113,20 @@
111
  <span><?php _e( "Force users to log in with two-factor authentication", "defender-security" ) ?></span>
112
  <span class="form-help"><?php _e( "Note: Users will be forced to set up two-factor when they next login.", "defender-security" ) ?></span>
113
  <div class="well well-white <?php echo $settings->forceAuth == false ? 'is-hidden' : null ?>">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
114
  <p>
115
  <span class="form-help"><strong><?php _e( "Custom warning message", "defender-security" ) ?></strong></span>
116
  </p>
@@ -160,13 +176,14 @@
160
  </span>
161
  </div>
162
  <div class="column">
163
- <div class="well well-white">
164
- <div class="box-title">
165
- <strong><?php _e( 'Email', "defender-security" );?></strong>
 
 
 
 
166
  </div>
167
- <div class="line"><?php _e( 'Lost phone one time password', "defender-security" );?></div>
168
- <span class="pull-right"><span class="span-icon icon-edit change-one-time-pass-email" tooltip="Edit"></span></span>
169
- </div>
170
  </div>
171
  </div>
172
  <div class="columns">
58
  <li>
59
  <div>
60
  <span class="list-label">
61
+ <label for="toggle_<?php echo esc_attr( $role ) ?>_role" role="checkbox" aria-checked="<?php echo in_array( $role, $enabledRoles ) ? 'true' : 'false' ?>">
62
+ <?php echo $detail['name'] ?>
63
+ </label>
64
  </span>
65
  <div class="list-detail">
66
  <span class="toggle">
113
  <span><?php _e( "Force users to log in with two-factor authentication", "defender-security" ) ?></span>
114
  <span class="form-help"><?php _e( "Note: Users will be forced to set up two-factor when they next login.", "defender-security" ) ?></span>
115
  <div class="well well-white <?php echo $settings->forceAuth == false ? 'is-hidden' : null ?>">
116
+ <p>
117
+ <span class="form-help"><strong><?php _e( "User Roles", "defender-security" ) ?></strong></span>
118
+ </p>
119
+ <ul>
120
+ <?php
121
+ $forceAuthRoles = $settings->forceAuthRoles;
122
+ foreach ( $allRoles as $role => $detail ):
123
+ ?>
124
+ <li>
125
+ <input id="forceAuth<?php echo esc_attr($role) ?>" type="checkbox" name="forceAuthRoles[]" value="<?php echo esc_attr( $role ) ?>" <?php echo in_array( $role, $forceAuthRoles ) ? 'checked="checked"' : null ?> />
126
+ <label for="forceAuth<?php echo esc_attr($role) ?>"><?php echo $detail['name'] ?></label>
127
+ </li>
128
+ <?php endforeach; ?>
129
+ </ul>
130
  <p>
131
  <span class="form-help"><strong><?php _e( "Custom warning message", "defender-security" ) ?></strong></span>
132
  </p>
176
  </span>
177
  </div>
178
  <div class="column">
179
+ <div class="well well-white">
180
+ <div class="box-title">
181
+ <strong><?php _e( 'Email', "defender-security" ); ?></strong>
182
+ </div>
183
+ <div class="line"><?php _e( 'Lost phone one time password', "defender-security" ); ?></div>
184
+ <span class="pull-right"><span class="span-icon icon-edit change-one-time-pass-email"
185
+ tooltip="Edit"></span></span>
186
  </div>
 
 
 
187
  </div>
188
  </div>
189
  <div class="columns">
app/module/advanced-tools/view/mask-login/enabled.php CHANGED
@@ -30,16 +30,16 @@
30
  <?php wp_nonce_field( 'saveATMaskLoginSettings' ) ?>
31
  <div class="columns">
32
  <div class="column is-one-third">
33
- <label><?php _e( "Masking URLs", "defender-security" ) ?></label>
34
  <span class="sub">
35
- <?php _e( "Choose the new URL slug where users of your website will now navigate to log in or register.", "defender-security" ) ?>
36
  </span>
37
  </div>
38
  <div class="column">
39
- <span class="form-help"><?php _e( "You can specify any URLs. For security reasons, less obvious URLs are recommended as they are harder for bots to guess.", "defender-security" ) ?></span>
40
- <span class="form-help"><strong><?php _e( "New Login URL", "defender-security" ) ?></strong></span>
41
- <input type="text" class="tl block" name="maskUrl" value="<?php echo $settings->maskUrl ?>"/>
42
- <span class="form-help-s"><?php printf( __( "Users will login at <strong>%s</strong>", "defender-security" ), get_site_url() . '/' . $settings->maskUrl ) ?></span>
43
  </div>
44
  </div>
45
  <div class="columns">
30
  <?php wp_nonce_field( 'saveATMaskLoginSettings' ) ?>
31
  <div class="columns">
32
  <div class="column is-one-third">
33
+ <label><?php _e( "Masking URL", "defender-security" ) ?></label>
34
  <span class="sub">
35
+ <?php _e( 'Choose a new slug where users of your website will now login instead of visiting /wp-login.', "defender-security" ) ?>
36
  </span>
37
  </div>
38
  <div class="column">
39
+ <span class="form-help"><?php _e( "You can choose any slug you like using alphanumeric characters and '-'s only. For security reasons, less obvious slugs are recommended as they are harder for bots to guess.", "defender-security" ) ?></span>
40
+ <span class="form-help"><strong><?php _e( 'New Login Slug', "defender-security" ) ?></strong></span>
41
+ <input type="text" class="tl block" name="maskUrl" value="<?php echo $settings->maskUrl ?>" placeholder="<?php _e( 'I.e. dashboard', "defender-security" ); ?>"/>
42
+ <span class="form-help-s"><?php printf( __( "Users will login at <strong>%s</strong>. Note: Registration and Password Reset emails have hardcoded URLs in them. We will update them automatically to match your new login URL.", "defender-security" ), get_site_url() . '/' . $settings->maskUrl ) ?></span>
43
  </div>
44
  </div>
45
  <div class="columns">
app/module/hardener/behavior/widget.php CHANGED
@@ -17,10 +17,10 @@ class Widget extends Behavior {
17
  <div class="box-title">
18
  <span class="span-icon hardener-icon" aria-hidden="true"></span>
19
  <h3><?php _e( "Security Tweaks", "defender-security" ) ?>
20
- <?php
21
  $hardener_issues = count( Settings::instance()->issues );
22
  if ( $hardener_issues ): ?>
23
- <span class="def-tag tag-yellow"
24
  tooltip="<?php esc_attr_e( sprintf( __('You have %d security tweak(s) needing attention.', "defender-security" ), $hardener_issues ) ); ?>">
25
  <?php
26
  echo $hardener_issues ?>
@@ -75,4 +75,4 @@ class Widget extends Behavior {
75
  private function _render() {
76
 
77
  }
78
- }
17
  <div class="box-title">
18
  <span class="span-icon hardener-icon" aria-hidden="true"></span>
19
  <h3><?php _e( "Security Tweaks", "defender-security" ) ?>
20
+ <?php
21
  $hardener_issues = count( Settings::instance()->issues );
22
  if ( $hardener_issues ): ?>
23
+ <span class="def-tag tag-yellow"
24
  tooltip="<?php esc_attr_e( sprintf( __('You have %d security tweak(s) needing attention.', "defender-security" ), $hardener_issues ) ); ?>">
25
  <?php
26
  echo $hardener_issues ?>
75
  private function _render() {
76
 
77
  }
78
+ }
app/module/hardener/component/disable-xml-rpc-service.php ADDED
@@ -0,0 +1,42 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Author: Hoang Ngo
4
+ */
5
+
6
+ namespace WP_Defender\Module\Hardener\Component;
7
+
8
+ use Hammer\Base\Container;
9
+ use Hammer\Helper\WP_Helper;
10
+ use WP_Defender\Module\Hardener\IRule_Service;
11
+ use WP_Defender\Module\Hardener\Model\Settings;
12
+ use WP_Defender\Module\Hardener\Rule_Service;
13
+
14
+ class Disable_Xml_Rpc_Service extends Rule_Service implements IRule_Service {
15
+ const CACHE_KEY = 'disable_xml_rpc';
16
+
17
+ /**
18
+ * @return bool
19
+ */
20
+ public function process() {
21
+ //first need to cache the status
22
+ Settings::instance()->setDValues( self::CACHE_KEY, 1 );
23
+ return true;
24
+ }
25
+
26
+ /**
27
+ * @return bool
28
+ */
29
+ public function revert() {
30
+ Settings::instance()->setDValues( self::CACHE_KEY, 0 );
31
+ return true;
32
+ }
33
+
34
+ /**
35
+ * @return mixed
36
+ */
37
+ public function check() {
38
+ $key = Settings::instance()->getDValues( self::CACHE_KEY );
39
+
40
+ return $key == 1;
41
+ }
42
+ }
app/module/hardener/component/disable-xml-rpc.php ADDED
@@ -0,0 +1,90 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Author: Hoang Ngo
4
+ */
5
+
6
+ namespace WP_Defender\Module\Hardener\Component;
7
+
8
+ use Hammer\Helper\HTTP_Helper;
9
+ use WP_Defender\Module\Hardener\Model\Settings;
10
+ use WP_Defender\Module\Hardener\Rule;
11
+
12
+ class Disable_Xml_Rpc extends Rule {
13
+ static $slug = 'disable_xml_rpc';
14
+ static $service;
15
+
16
+ function getDescription() {
17
+ $this->renderPartial( 'rules/disable-xml-rpc' );
18
+ }
19
+
20
+ /**
21
+ * @return bool
22
+ */
23
+ function check() {
24
+ return $this->getService()->check();
25
+ }
26
+
27
+ public function getTitle() {
28
+ return __( "Disable XML RPC", "defender-security" );
29
+ }
30
+
31
+ function addHooks() {
32
+ $this->add_action( 'processingHardener' . self::$slug, 'process' );
33
+ $this->add_action( 'processRevert' . self::$slug, 'revert' );
34
+ if ( in_array( self::$slug, Settings::instance()->fixed ) ) {
35
+ $this->add_filter( 'xmlrpc_enabled', 'return_false' );
36
+ $this->add_filter( 'xmlrpc_methods', 'block_xmlrpc_attacks' );
37
+ }
38
+ }
39
+
40
+ function return_false() {
41
+ return false;
42
+ }
43
+
44
+ function block_xmlrpc_attacks( $methods ) {
45
+ unset( $methods['pingback.ping'] );
46
+ unset( $methods['pingback.extensions.getPingbacks'] );
47
+ return $methods;
48
+ }
49
+
50
+ function revert() {
51
+ if ( ! $this->verifyNonce() ) {
52
+ return;
53
+ }
54
+
55
+ $ret = $this->getService()->revert();
56
+ if ( ! is_wp_error( $ret ) ) {
57
+ Settings::instance()->addToIssues( self::$slug );
58
+ } else {
59
+ wp_send_json_error( array(
60
+ 'message' => $ret->get_error_message()
61
+ ) );
62
+ }
63
+ }
64
+
65
+ function process() {
66
+ if ( ! $this->verifyNonce() ) {
67
+ return;
68
+ }
69
+
70
+ $ret = $this->getService()->process();
71
+ if ( ! is_wp_error( $ret ) ) {
72
+ Settings::instance()->addToResolved( self::$slug );
73
+ } else {
74
+ wp_send_json_error( array(
75
+ 'message' => $ret->get_error_message()
76
+ ) );
77
+ }
78
+ }
79
+
80
+ /**
81
+ * @return Disable_Trackback_Service
82
+ */
83
+ public function getService() {
84
+ if ( self::$service == null ) {
85
+ self::$service = new Disable_Trackback_Service();
86
+ }
87
+
88
+ return self::$service;
89
+ }
90
+ }
app/module/hardener/model/settings.php CHANGED
@@ -11,6 +11,7 @@ use WP_Defender\Module\Hardener\Component\Change_Admin;
11
  use WP_Defender\Module\Hardener\Component\DB_Prefix;
12
  use WP_Defender\Module\Hardener\Component\Disable_File_Editor;
13
  use WP_Defender\Module\Hardener\Component\Disable_Trackback;
 
14
  use WP_Defender\Module\Hardener\Component\Hide_Error;
15
  use WP_Defender\Module\Hardener\Component\Login_Duration;
16
  use WP_Defender\Module\Hardener\Component\PHP_Version;
@@ -264,7 +265,8 @@ class Settings extends \Hammer\WP\Settings {
264
  Security_Key::$slug => $init == true ? new Security_Key() : Security_Key::getClassName(),
265
  Protect_Information::$slug => $init == true ? new Protect_Information() : Protect_Information::getClassName(),
266
  Prevent_Php::$slug => $init == true ? new Prevent_Php() : Prevent_Php::getClassName(),
267
- Login_Duration::$slug => $init == true ? new Login_Duration() : Login_Duration::getClassName()
 
268
  );
269
  }
270
 
@@ -338,4 +340,4 @@ class Settings extends \Hammer\WP\Settings {
338
  public function setActiveServer( $server ) {
339
  $this->active_server = $server;
340
  }
341
- }
11
  use WP_Defender\Module\Hardener\Component\DB_Prefix;
12
  use WP_Defender\Module\Hardener\Component\Disable_File_Editor;
13
  use WP_Defender\Module\Hardener\Component\Disable_Trackback;
14
+ use WP_Defender\Module\Hardener\Component\Disable_Xml_Rpc;
15
  use WP_Defender\Module\Hardener\Component\Hide_Error;
16
  use WP_Defender\Module\Hardener\Component\Login_Duration;
17
  use WP_Defender\Module\Hardener\Component\PHP_Version;
265
  Security_Key::$slug => $init == true ? new Security_Key() : Security_Key::getClassName(),
266
  Protect_Information::$slug => $init == true ? new Protect_Information() : Protect_Information::getClassName(),
267
  Prevent_Php::$slug => $init == true ? new Prevent_Php() : Prevent_Php::getClassName(),
268
+ Login_Duration::$slug => $init == true ? new Login_Duration() : Login_Duration::getClassName(),
269
+ Disable_Xml_Rpc::$slug => $init == true ? new Disable_Xml_Rpc() : Disable_Xml_Rpc::getClassName(),
270
  );
271
  }
272
 
340
  public function setActiveServer( $server ) {
341
  $this->active_server = $server;
342
  }
343
+ }
app/module/hardener/view/rules/change-admin.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="change_admin">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -39,4 +39,4 @@
39
  </div>
40
  <div class="clear"></div>
41
  </div>
42
- </div>
1
  <div class="rule closed" id="change_admin">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
39
  </div>
40
  <div class="clear"></div>
41
  </div>
42
+ </div>
app/module/hardener/view/rules/db-prefix.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="db_prefix">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -42,4 +42,4 @@
42
  </div>
43
  <div class="clear"></div>
44
  </div>
45
- </div>
1
  <div class="rule closed" id="db_prefix">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
42
  </div>
43
  <div class="clear"></div>
44
  </div>
45
+ </div>
app/module/hardener/view/rules/disable-file-editor.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="disable_file_editor">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -42,4 +42,4 @@
42
  </div>
43
  <div class="clear"></div>
44
  </div>
45
- </div>
1
  <div class="rule closed" id="disable_file_editor">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
42
  </div>
43
  <div class="clear"></div>
44
  </div>
45
+ </div>
app/module/hardener/view/rules/disable-trackback.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="disable_trackback">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -54,4 +54,4 @@
54
  </div>
55
  <div class="clear"></div>
56
  </div>
57
- </div>
1
  <div class="rule closed" id="disable_trackback">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
54
  </div>
55
  <div class="clear"></div>
56
  </div>
57
+ </div>
app/module/hardener/view/rules/disable-xml-rpc.php ADDED
@@ -0,0 +1,54 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <div class="rule closed" id="disable_xml_rpc">
2
+ <div class="rule-title" role="link" tabindex="0">
3
+ <?php if ( $controller->check() == false ): ?>
4
+ <i class="def-icon icon-warning" aria-hidden="true"></i>
5
+ <?php else: ?>
6
+ <i class="def-icon icon-tick" aria-hidden="true"></i>
7
+ <?php endif; ?>
8
+ <?php _e( 'Disable XML-RPC', "defender-security" ) ?>
9
+ </div>
10
+ <div class="rule-content">
11
+ <h3><?php _e( "Overview", "defender-security" ) ?></h3>
12
+ <div class="line end">
13
+ <?php _e( 'XML-RPC is a system that allows you to post on your WordPress blog using popular weblog clients like Windows Live Writer. Technically, it’s a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism.<br/><br/>
14
+ If you are using the WordPress mobile app, want to make connections to services like IFTTT, or want to access and publish to your blog remotely, then you need XML-RPC enabled.<br/><br/>
15
+ In the past, there were security concerns with XML-RPC so we recommend making sure this feature is fully disabled if you don’t need it active.', "defender-security" ) ?>
16
+ </div>
17
+ <h3>
18
+ <?php _e( "How to fix", "defender-security" ) ?>
19
+ </h3>
20
+ <div class="line">
21
+ <?php _e( 'Automatically disable this feature below. You can re-enable it at any time if you need to.', "defender-security" ) ?>
22
+ </div>
23
+ <div class="">
24
+ <?php if ( $controller->check() ): ?>
25
+ <p class="mline notification">
26
+ <i class="def-icon icon-tick" aria-hidden="true"></i>
27
+ <span><?php _e( 'XML-RPC is disabled.', "defender-security" ) ?></span>
28
+ </p>
29
+ <div class="end"></div>
30
+ <div class="clear mline"></div>
31
+ <form method="post" class="hardener-frm rule-process">
32
+ <?php $controller->createNonceField(); ?>
33
+ <input type="hidden" name="action" value="processRevert"/>
34
+ <input type="hidden" name="slug" value="<?php echo $controller::$slug ?>"/>
35
+ <button class="button button-secondary"
36
+ type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
37
+ </form>
38
+ <?php else: ?>
39
+ <div class="end"></div>
40
+ <div class="clear mline"></div>
41
+ <form method="post" class="hardener-frm rule-process hardener-frm-process-xml-rpc">
42
+ <?php $controller->createNonceField(); ?>
43
+ <input type="hidden" name="action" value="processHardener"/>
44
+ <input type="hidden" name="updatePosts" value="no"/>
45
+ <input type="hidden" name="slug" value="<?php echo $controller::$slug ?>"/>
46
+ <button class="button float-r"
47
+ type="submit"><?php _e( "Disable XML-RPC", "defender-security" ) ?></button>
48
+ </form>
49
+ <?php $controller->showIgnoreForm() ?>
50
+ <?php endif; ?>
51
+ </div>
52
+ <div class="clear"></div>
53
+ </div>
54
+ </div>
app/module/hardener/view/rules/hide-error.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="disable-file-editor">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -45,4 +45,4 @@
45
  </div>
46
  <div class="clear"></div>
47
  </div>
48
- </div>
1
  <div class="rule closed" id="disable-file-editor">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
45
  </div>
46
  <div class="clear"></div>
47
  </div>
48
+ </div>
app/module/hardener/view/rules/login-duration.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="login-duration">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -20,7 +20,7 @@
20
  $setting = \WP_Defender\Module\Hardener\Model\Settings::instance();
21
 
22
  if ( $controller->check() ):
23
- ?>
24
  <p class="line"><?php esc_attr_e( sprintf( __('Login Duration is locked down. Current duration is %d days', "defender-security" ), $controller->getService()->getDuration() ) ); ?></p>
25
  <form method="post" class="hardener-frm rule-process">
26
  <?php $controller->createNonceField(); ?>
@@ -29,8 +29,8 @@
29
  <button class="button button-small button-grey" type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
30
  </form>
31
  <?php
32
- else:
33
- ?>
34
  <div class="line">
35
  <p><?php _e( "Please change the number of days a user can stay logged in", "defender-security" ) ?></p>
36
  </div>
@@ -50,4 +50,4 @@
50
  ?>
51
  </div>
52
  </div>
53
- </div>
1
  <div class="rule closed" id="login-duration">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
20
  $setting = \WP_Defender\Module\Hardener\Model\Settings::instance();
21
 
22
  if ( $controller->check() ):
23
+ ?>
24
  <p class="line"><?php esc_attr_e( sprintf( __('Login Duration is locked down. Current duration is %d days', "defender-security" ), $controller->getService()->getDuration() ) ); ?></p>
25
  <form method="post" class="hardener-frm rule-process">
26
  <?php $controller->createNonceField(); ?>
29
  <button class="button button-small button-grey" type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
30
  </form>
31
  <?php
32
+ else:
33
+ ?>
34
  <div class="line">
35
  <p><?php _e( "Please change the number of days a user can stay logged in", "defender-security" ) ?></p>
36
  </div>
50
  ?>
51
  </div>
52
  </div>
53
+ </div>
app/module/hardener/view/rules/php-version.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="php_version">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -44,4 +44,4 @@
44
  <?php $controller->showIgnoreForm() ?>
45
  <div class="clear"></div>
46
  </div>
47
- </div>
1
  <div class="rule closed" id="php_version">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
44
  <?php $controller->showIgnoreForm() ?>
45
  <div class="clear"></div>
46
  </div>
47
+ </div>
app/module/hardener/view/rules/prevent-php-executed.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="disable-file-editor">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -16,7 +16,7 @@
16
  <?php _e( "How to fix", "defender-security" ) ?>
17
  </h3>
18
  <div class="well">
19
- <?php
20
  $setting = \WP_Defender\Module\Hardener\Model\Settings::instance();
21
 
22
  if ( $controller->check() ): ?>
@@ -51,9 +51,9 @@
51
  <button class="button button-small button-grey"
52
  type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
53
  </form>
54
- <?php else:
55
  $servers = \WP_Defender\Behavior\Utils::instance()->serverTypes();
56
-
57
  if ( DIRECTORY_SEPARATOR == '\\' ) {
58
  //Windows
59
  $wp_includes = str_replace( ABSPATH, '', WPINC );
@@ -70,7 +70,7 @@
70
  } else if ( $is_iis7 ) {
71
  $setting->active_server = 'iis-7';
72
  }
73
-
74
  ?>
75
  <div class="columns">
76
  <div class="column is-one-third">
@@ -134,7 +134,7 @@ location ~* ^$wp_content/.*\.php$ {
134
  }
135
  ";
136
  ?>
137
-
138
  <p><?php esc_html_e( "For NGINX servers:", "defender-security" ) ?></p>
139
  <ol>
140
  <li>
@@ -176,9 +176,9 @@ location ~* ^$wp_content/.*\.php$ {
176
  <button class="button float-r"
177
  type="submit" ><?php _e( "Add web.config file", "defender-security" ) ?></button>
178
  </form>
179
-
180
- </div>
181
- <?php $controller->showIgnoreForm();
182
  $prevent_php_style = "style='display:none'";
183
  if ( in_array( $setting->active_server, array( 'apache', 'litespeed', 'nginx' ) ) ) {
184
  $prevent_php_style = "style='display:block'";
@@ -199,4 +199,4 @@ location ~* ^$wp_content/.*\.php$ {
199
  <?php endif; ?>
200
  </div>
201
  </div>
202
- </div>
1
  <div class="rule closed" id="disable-file-editor">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
16
  <?php _e( "How to fix", "defender-security" ) ?>
17
  </h3>
18
  <div class="well">
19
+ <?php
20
  $setting = \WP_Defender\Module\Hardener\Model\Settings::instance();
21
 
22
  if ( $controller->check() ): ?>
51
  <button class="button button-small button-grey"
52
  type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
53
  </form>
54
+ <?php else:
55
  $servers = \WP_Defender\Behavior\Utils::instance()->serverTypes();
56
+
57
  if ( DIRECTORY_SEPARATOR == '\\' ) {
58
  //Windows
59
  $wp_includes = str_replace( ABSPATH, '', WPINC );
70
  } else if ( $is_iis7 ) {
71
  $setting->active_server = 'iis-7';
72
  }
73
+
74
  ?>
75
  <div class="columns">
76
  <div class="column is-one-third">
134
  }
135
  ";
136
  ?>
137
+
138
  <p><?php esc_html_e( "For NGINX servers:", "defender-security" ) ?></p>
139
  <ol>
140
  <li>
176
  <button class="button float-r"
177
  type="submit" ><?php _e( "Add web.config file", "defender-security" ) ?></button>
178
  </form>
179
+
180
+ </div>
181
+ <?php $controller->showIgnoreForm();
182
  $prevent_php_style = "style='display:none'";
183
  if ( in_array( $setting->active_server, array( 'apache', 'litespeed', 'nginx' ) ) ) {
184
  $prevent_php_style = "style='display:block'";
199
  <?php endif; ?>
200
  </div>
201
  </div>
202
+ </div>
app/module/hardener/view/rules/protect-information.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="disable-file-editor">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -25,7 +25,7 @@
25
  <button class="button button-small button-grey"
26
  type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
27
  </form>
28
- <?php else:
29
  $servers = \WP_Defender\Behavior\Utils::instance()->serverTypes();
30
  $setting = \WP_Defender\Module\Hardener\Model\Settings::instance();
31
  $setting->active_server = \WP_Defender\Behavior\Utils::instance()->determineServer( true );
@@ -74,7 +74,7 @@
74
  } else {
75
  $wp_content = str_replace( $_SERVER['DOCUMENT_ROOT'], '', WP_CONTENT_DIR );
76
  }
77
-
78
  $rules = "# Turn off directory indexing
79
  autoindex off;
80
 
@@ -126,4 +126,4 @@ location ~* ^$wp_content/.*\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
126
  <?php endif; ?>
127
  </div>
128
  </div>
129
- </div>
1
  <div class="rule closed" id="disable-file-editor">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
25
  <button class="button button-small button-grey"
26
  type="submit"><?php _e( "Revert", "defender-security" ) ?></button>
27
  </form>
28
+ <?php else:
29
  $servers = \WP_Defender\Behavior\Utils::instance()->serverTypes();
30
  $setting = \WP_Defender\Module\Hardener\Model\Settings::instance();
31
  $setting->active_server = \WP_Defender\Behavior\Utils::instance()->determineServer( true );
74
  } else {
75
  $wp_content = str_replace( $_SERVER['DOCUMENT_ROOT'], '', WP_CONTENT_DIR );
76
  }
77
+
78
  $rules = "# Turn off directory indexing
79
  autoindex off;
80
 
126
  <?php endif; ?>
127
  </div>
128
  </div>
129
+ </div>
app/module/hardener/view/rules/security-key.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="security_key">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -54,4 +54,4 @@
54
  </div>
55
  <div class="clear"></div>
56
  </div>
57
- </div>
1
  <div class="rule closed" id="security_key">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
54
  </div>
55
  <div class="clear"></div>
56
  </div>
57
+ </div>
app/module/hardener/view/rules/wp-version.php CHANGED
@@ -1,5 +1,5 @@
1
  <div class="rule closed" id="wp-version">
2
- <div class="rule-title">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
@@ -46,4 +46,4 @@
46
  </div>
47
  <div class="clear"></div>
48
  </div>
49
- </div>
1
  <div class="rule closed" id="wp-version">
2
+ <div class="rule-title" role="link" tabindex="0">
3
  <?php if ( $controller->check() == false ): ?>
4
  <i class="def-icon icon-warning" aria-hidden="true"></i>
5
  <?php else: ?>
46
  </div>
47
  <div class="clear"></div>
48
  </div>
49
+ </div>
app/module/ip-lockout/view/detect-404/enabled.php CHANGED
@@ -1,7 +1,7 @@
1
  <div class="dev-box">
2
  <form method="post" id="settings-frm" class="ip-frm">
3
  <div class="box-title">
4
- <h3><?php esc_html_e( "404 DETECTION", "defender-security" ) ?></h3>
5
  <div class="side float-r">
6
  <div>
7
  <span tooltip="<?php esc_attr_e( "Deactivate 404 Detection", "defender-security" ) ?>" class="toggle">
@@ -150,4 +150,4 @@
150
  <div class="clear"></div>
151
  </div>
152
  </form>
153
- </div>
1
  <div class="dev-box">
2
  <form method="post" id="settings-frm" class="ip-frm">
3
  <div class="box-title">
4
+ <h3 role="checkbox"><label for="toggle_404_detection" role="checkbox" aria-checked="true"><?php esc_html_e( "404 DETECTION", "defender-security" ) ?></label></h3>
5
  <div class="side float-r">
6
  <div>
7
  <span tooltip="<?php esc_attr_e( "Deactivate 404 Detection", "defender-security" ) ?>" class="toggle">
150
  <div class="clear"></div>
151
  </div>
152
  </form>
153
+ </div>
app/module/ip-lockout/view/login-lockouts/enabled.php CHANGED
@@ -1,7 +1,7 @@
1
  <div class="dev-box">
2
  <form method="post" id="settings-frm" class="ip-frm">
3
  <div class="box-title">
4
- <h3><?php _e( "Login Protection", "defender-security" ) ?></h3>
5
  <div class="side float-r">
6
  <div>
7
  <span tooltip="<?php esc_attr_e( "Deactivate Login Protection", "defender-security" ) ?>"
@@ -126,4 +126,4 @@
126
  <div class="clear"></div>
127
  </div>
128
  </form>
129
- </div>
1
  <div class="dev-box">
2
  <form method="post" id="settings-frm" class="ip-frm">
3
  <div class="box-title">
4
+ <h3 role="checkbox"><label for="toggle_login_protect" role="checkbox" aria-checked="true"><?php _e( "Login Protection", "defender-security" ) ?></label></h3>
5
  <div class="side float-r">
6
  <div>
7
  <span tooltip="<?php esc_attr_e( "Deactivate Login Protection", "defender-security" ) ?>"
126
  <div class="clear"></div>
127
  </div>
128
  </form>
129
+ </div>
app/module/ip-lockout/view/notification/enabled.php CHANGED
@@ -24,7 +24,7 @@
24
  id="toggle_login_protection"/>
25
  <label class="toggle-label" for="toggle_login_protection"></label>
26
  </span>
27
- <label><?php esc_html_e( "Login Protection Lockout", "defender-security" ) ?></label>
28
  <span class="sub inpos">
29
  <?php esc_html_e( "When a user or IP is locked out for trying to access your login area.", "defender-security" ) ?>
30
  </span>
@@ -38,7 +38,7 @@
38
  class="toggle-checkbox" id="toggle_404_detection"/>
39
  <label class="toggle-label" for="toggle_404_detection"></label>
40
  </span>
41
- <label>
42
  <?php esc_html_e( "404 Detection Lockout", "defender-security" ) ?>
43
  </label>
44
  <span class="sub inpos"><?php esc_html_e( "When a user or IP is locked out for repeated hits on non-existent files.", "defender-security" ) ?></span>
@@ -76,7 +76,7 @@
76
  id="cooldown_enabled"/>
77
  <label class="toggle-label" for="cooldown_enabled"></label>
78
  </span>
79
- <label><?php _e( "Limit email notifications for repeat lockouts", "defender-security" ) ?></label>
80
  <div class="well well-white schedule-box">
81
  <label><strong><?php _e( "Threshold", "defender-security" ) ?></strong>
82
  - <?php _e( "The number of lockouts before we turn off emails", "defender-security" ) ?>
@@ -126,4 +126,4 @@
126
  <div class="clear"></div>
127
  </form>
128
  </div>
129
- </div>
24
  id="toggle_login_protection"/>
25
  <label class="toggle-label" for="toggle_login_protection"></label>
26
  </span>
27
+ <label for="toggle_login_protection" role="checkbox" aria-checked="<?php echo $settings->login_lockout_notification?'true':'false';?>"><?php esc_html_e( "Login Protection Lockout", "defender-security" ) ?></label>
28
  <span class="sub inpos">
29
  <?php esc_html_e( "When a user or IP is locked out for trying to access your login area.", "defender-security" ) ?>
30
  </span>
38
  class="toggle-checkbox" id="toggle_404_detection"/>
39
  <label class="toggle-label" for="toggle_404_detection"></label>
40
  </span>
41
+ <label for="toggle_404_detection" role="checkbox" aria-checked="<?php echo $settings->ip_lockout_notification?'true':'false';?>">
42
  <?php esc_html_e( "404 Detection Lockout", "defender-security" ) ?>
43
  </label>
44
  <span class="sub inpos"><?php esc_html_e( "When a user or IP is locked out for repeated hits on non-existent files.", "defender-security" ) ?></span>
76
  id="cooldown_enabled"/>
77
  <label class="toggle-label" for="cooldown_enabled"></label>
78
  </span>
79
+ <label for="cooldown_enabled" role="checkbox" aria-checked="<?php echo $settings->cooldown_enabled?'true':'false';?>"><?php _e( "Limit email notifications for repeat lockouts", "defender-security" ) ?></label>
80
  <div class="well well-white schedule-box">
81
  <label><strong><?php _e( "Threshold", "defender-security" ) ?></strong>
82
  - <?php _e( "The number of lockouts before we turn off emails", "defender-security" ) ?>
126
  <div class="clear"></div>
127
  </form>
128
  </div>
129
+ </div>
app/module/ip-lockout/view/notification/report-free.php CHANGED
@@ -29,7 +29,7 @@
29
  id="toggle_report"/>
30
  <label class="toggle-label" for="toggle_report"></label>
31
  </span>
32
- <label>
33
  <?php esc_html_e( "Send regular email report", "defender-security" ) ?>
34
  </label>
35
  <div class="clear mline"></div>
29
  id="toggle_report"/>
30
  <label class="toggle-label" for="toggle_report"></label>
31
  </span>
32
+ <label for="toggle_report" role="checkbox" aria-checked="true">
33
  <?php esc_html_e( "Send regular email report", "defender-security" ) ?>
34
  </label>
35
  <div class="clear mline"></div>
app/module/ip-lockout/view/notification/report.php CHANGED
@@ -24,7 +24,7 @@
24
  id="toggle_report"/>
25
  <label class="toggle-label" for="toggle_report"></label>
26
  </span>
27
- <label>
28
  <?php esc_html_e( "Send regular email report", "defender-security" ) ?>
29
  </label>
30
  <div class="clear mline"></div>
@@ -83,4 +83,4 @@
83
  <div class="clear"></div>
84
  </form>
85
  </div>
86
- </div>
24
  id="toggle_report"/>
25
  <label class="toggle-label" for="toggle_report"></label>
26
  </span>
27
+ <label for="toggle_report" role="checkbox" aria-checked="true">
28
  <?php esc_html_e( "Send regular email report", "defender-security" ) ?>
29
  </label>
30
  <div class="clear mline"></div>
83
  <div class="clear"></div>
84
  </form>
85
  </div>
86
+ </div>
app/module/scan/behavior/core-result.php CHANGED
@@ -199,10 +199,10 @@ class Core_Result extends Behavior {
199
  <span><?php _e( "This will permanently remove the selected file/folder. Are you sure you want to continue?", "defender-security" ) ?></span>
200
  <div>
201
  <button type="submit" class="button button-small button-grey">
202
- <?php _e( "Yes", "defender-security" ) ?>
203
  </button>
204
  <button type="button" class="button button-small button-secondary">
205
- <?php _e( "No", "defender-security" ) ?>
206
  </button>
207
  </div>
208
  </div>
@@ -345,7 +345,10 @@ class Core_Result extends Behavior {
345
 
346
  $left_lines = explode( "\n", $left_string );
347
  $right_lines = explode( "\n", $right_string );
348
- $text_diff = new \Text_Diff( $left_lines, $right_lines );
 
 
 
349
  $renderer = new \Text_Diff_Renderer_inline();
350
 
351
  return $renderer->render( $text_diff );
199
  <span><?php _e( "This will permanently remove the selected file/folder. Are you sure you want to continue?", "defender-security" ) ?></span>
200
  <div>
201
  <button type="submit" class="button button-small button-grey">
202
+ <?php _e( "Yes", "defender-security" ) ?>
203
  </button>
204
  <button type="button" class="button button-small button-secondary">
205
+ <?php _e( "No", "defender-security" ) ?>
206
  </button>
207
  </div>
208
  </div>
345
 
346
  $left_lines = explode( "\n", $left_string );
347
  $right_lines = explode( "\n", $right_string );
348
+ $text_diff = new \Text_Diff( 'auto', array(
349
+ $right_lines,
350
+ $left_lines
351
+ ) );
352
  $renderer = new \Text_Diff_Renderer_inline();
353
 
354
  return $renderer->render( $text_diff );
app/module/scan/component/scan-api.php CHANGED
@@ -121,7 +121,6 @@ class Scan_Api extends Component {
121
  ABSPATH . 'wp-includes',
122
  )
123
  ), true, $settings->max_filesize );
124
-
125
  $cache->set( self::CACHE_CORE, array_merge( $firstLevelFiles, $coreFiles ), 0 );
126
 
127
  return array_merge( $firstLevelFiles, $coreFiles );
@@ -131,6 +130,10 @@ class Scan_Api extends Component {
131
  * @return array
132
  */
133
  public static function getContentFiles() {
 
 
 
 
134
  $cache = Container::instance()->get( 'cache' );
135
  $cached = $cache->get( self::CACHE_CONTENT, false );
136
  if ( is_array( $cached ) && ! empty( $cached ) ) {
@@ -140,7 +143,7 @@ class Scan_Api extends Component {
140
  $files = File_Helper::findFiles( WP_CONTENT_DIR, true, false, array(), array(
141
  'ext' => array( 'php' )
142
  ), true, $settings->max_filesize );
143
- // $files = File_Helper::findFiles( ABSPATH . 'trash', true, false, array(), array(
144
  // 'ext' => array( 'php' )
145
  // ), true, $settings->max_filesize );
146
  //include wp-config.php here
@@ -624,6 +627,7 @@ class Scan_Api extends Component {
624
  $patterns = array();
625
  }
626
 
 
627
  update_site_option( Scan_Api::SCAN_PATTERN, $patterns );
628
 
629
  return $patterns;
121
  ABSPATH . 'wp-includes',
122
  )
123
  ), true, $settings->max_filesize );
 
124
  $cache->set( self::CACHE_CORE, array_merge( $firstLevelFiles, $coreFiles ), 0 );
125
 
126
  return array_merge( $firstLevelFiles, $coreFiles );
130
  * @return array
131
  */
132
  public static function getContentFiles() {
133
+ // return array(
134
+ // ABSPATH . 'trash/sample/content-image.php',
135
+ // //ABSPATH . 'trash/antispam-bee/inc/columns.class.php'
136
+ // );
137
  $cache = Container::instance()->get( 'cache' );
138
  $cached = $cache->get( self::CACHE_CONTENT, false );
139
  if ( is_array( $cached ) && ! empty( $cached ) ) {
143
  $files = File_Helper::findFiles( WP_CONTENT_DIR, true, false, array(), array(
144
  'ext' => array( 'php' )
145
  ), true, $settings->max_filesize );
146
+ // $files = File_Helper::findFiles( ABSPATH . 'wp-content/trash/sample', true, false, array(), array(
147
  // 'ext' => array( 'php' )
148
  // ), true, $settings->max_filesize );
149
  //include wp-config.php here
627
  $patterns = array();
628
  }
629
 
630
+
631
  update_site_option( Scan_Api::SCAN_PATTERN, $patterns );
632
 
633
  return $patterns;
app/module/scan/component/token-utils.php ADDED
@@ -0,0 +1,333 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Author: Hoang Ngo
4
+ */
5
+
6
+ namespace WP_Defender\Module\Scan\Component;
7
+
8
+
9
+ use Hammer\Base\Component;
10
+
11
+ class Token_Utils extends Component {
12
+ /**
13
+ * @var array
14
+ */
15
+ static $tokens = array();
16
+
17
+ /**
18
+ * @param $token
19
+ * @param $from
20
+ * @param null $end
21
+ *
22
+ * @return bool
23
+ */
24
+ public static function findPrevious( $token, $from, $end = null ) {
25
+ for ( $i = $from; $i >= $end; $i -- ) {
26
+ if ( isset( self::$tokens[ $i ] ) && self::$tokens[ $i ]['code'] == $token ) {
27
+ return $i;
28
+ }
29
+ }
30
+
31
+ return false;
32
+ }
33
+
34
+ /**
35
+ * @param $token
36
+ * @param $from
37
+ * @param $end
38
+ *
39
+ * @return bool|int|string
40
+ */
41
+ public static function findNext( $token, $from, $end = null ) {
42
+ if ( $end == null ) {
43
+ $end = count( self::$tokens ) - 1;
44
+ }
45
+
46
+ if ( ! is_array( $token ) ) {
47
+ $token = array( $token );
48
+ }
49
+
50
+ for ( $i = $from; $i < $end; $i ++ ) {
51
+ if ( ! isset( self::$tokens[ $i ] ) ) {
52
+ return false;
53
+ }
54
+
55
+ if ( self::$tokens[ $i ]['code'] == T_SEMICOLON && ! in_array( T_SEMICOLON, $token ) ) {
56
+ return false;
57
+ }
58
+
59
+ if ( in_array( self::$tokens[ $i ]['code'], $token ) ) {
60
+ return $i;
61
+ }
62
+ }
63
+ }
64
+
65
+ /**
66
+ * @param $start
67
+ * @param $length
68
+ *
69
+ * @return string
70
+ * code borrow from @PHP_CodeSniffer_File
71
+ */
72
+ public static function getTokensAsString( $start, $length ) {
73
+ $str = '';
74
+ $end = ( $start + $length );
75
+
76
+ for ( $i = $start; $i < $end; $i ++ ) {
77
+ $str .= self::$tokens[ $i ]['content'];
78
+ }
79
+
80
+ return $str;
81
+ }
82
+
83
+ /**
84
+ * @param $start
85
+ * @param $end
86
+ *
87
+ * @return array
88
+ */
89
+ public static function findParams( $start, $end ) {
90
+ $params = array();
91
+ for ( $i = $start; $i < $end; $i ++ ) {
92
+ $params[] = self::$tokens[ $i ];
93
+ }
94
+
95
+ return $params;
96
+ }
97
+
98
+ /**
99
+ * @param $token
100
+ *
101
+ * @return bool
102
+ */
103
+ public static function isUserInput( $token ) {
104
+ if ( $token['code'] == T_VARIABLE
105
+ && preg_match( '/\$\{?_(GET|POST|REQUEST|COOKIE|SERVER|FILES|ENV)/', $token['content'] ) ) {
106
+ return true;
107
+ }
108
+
109
+ return false;
110
+ }
111
+
112
+ //Borrow from https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/Utils.php
113
+ //Point to RIPs and SO https://stackoverflow.com/questions/3115559/exploitable-php-functions
114
+ public static function getCallbackFunctions() {
115
+ return array(
116
+ 'ob_start',
117
+ 'array_diff_uassoc',
118
+ 'array_diff_ukey',
119
+ 'array_filter',
120
+ 'array_intersect_uassoc',
121
+ 'array_intersect_ukey',
122
+ 'array_map',
123
+ 'array_reduce',
124
+ 'array_udiff_assoc',
125
+ 'array_udiff_uassoc',
126
+ 'array_udiff',
127
+ 'array_uintersect_assoc',
128
+ 'array_uintersect_uassoc',
129
+ 'array_uintersect',
130
+ 'array_walk_recursive',
131
+ 'array_walk',
132
+ 'assert_options',
133
+ 'uasort',
134
+ 'uksort',
135
+ 'usort',
136
+ 'preg_replace_callback',
137
+ 'spl_autoload_register',
138
+ 'iterator_apply',
139
+ 'call_user_func',
140
+ 'call_user_func_array',
141
+ 'register_shutdown_function',
142
+ 'register_tick_function',
143
+ 'set_error_handler',
144
+ 'set_exception_handler',
145
+ 'session_set_save_handler',
146
+ 'sqlite_create_aggregate',
147
+ 'sqlite_create_function'
148
+ );
149
+ }
150
+
151
+ // From http://www.php.net/manual/en/ref.funchand.php
152
+ public static function getCreateFuncs() {
153
+ return array(
154
+ 'create_function',
155
+ 'call_user_func',
156
+ 'call_user_func_array',
157
+ 'forward_static_call',
158
+ 'forward_static_call_array',
159
+ 'function_exists',
160
+ 'register_shutdown_function',
161
+ 'register_tick_function'
162
+ );
163
+ }
164
+
165
+ /**
166
+ * @return array
167
+ */
168
+ public static function getsuspiciousFunctions() {
169
+ return array_merge( self::getCryptoFunctions(), array(
170
+ 'assert',
171
+ 'eval',
172
+ 'gzinflate'
173
+ ) );
174
+ }
175
+
176
+ /**
177
+ * Borrow from https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/Utils.php
178
+ * @return array
179
+ */
180
+ public static function getCryptoFunctions() {
181
+ return array(
182
+ // Officials
183
+ 'crypt',
184
+ 'md5',
185
+ 'md5_file',
186
+ 'sha1',
187
+ 'sha1_file',
188
+ 'str_rot13',
189
+ 'base64_decode',
190
+ 'base64_encode',
191
+ 'convert_uudecode',
192
+ 'convert_uuencode',
193
+ // http://php.net/manual/en/book.mcrypt.php
194
+ 'mcrypt_cbc',
195
+ 'mcrypt_cfb',
196
+ 'mcrypt_create_iv',
197
+ 'mcrypt_decrypt',
198
+ 'mcrypt_ecb',
199
+ 'mcrypt_enc_get_algorithms_name',
200
+ 'mcrypt_enc_get_block_size',
201
+ 'mcrypt_enc_get_iv_size',
202
+ 'mcrypt_enc_get_key_size',
203
+ 'mcrypt_enc_get_modes_name',
204
+ 'mcrypt_enc_get_supported_key_sizes',
205
+ 'mcrypt_enc_is_block_algorithm_mode',
206
+ 'mcrypt_enc_is_block_algorithm',
207
+ 'mcrypt_enc_is_block_mode',
208
+ 'mcrypt_enc_self_test',
209
+ 'mcrypt_encrypt',
210
+ 'mcrypt_generic_deinit',
211
+ 'mcrypt_generic_end',
212
+ 'mcrypt_generic_init',
213
+ 'mcrypt_generic',
214
+ 'mcrypt_get_block_size',
215
+ 'mcrypt_get_cipher_name',
216
+ 'mcrypt_get_iv_size',
217
+ 'mcrypt_get_key_size',
218
+ 'mcrypt_list_algorithms',
219
+ 'mcrypt_list_modes',
220
+ 'mcrypt_module_close',
221
+ 'mcrypt_module_get_algo_block_size',
222
+ 'mcrypt_module_get_algo_key_size',
223
+ 'mcrypt_module_get_supported_key_sizes',
224
+ 'mcrypt_module_is_block_algorithm_mode',
225
+ 'mcrypt_module_is_block_algorithm',
226
+ 'mcrypt_module_is_block_mode',
227
+ 'mcrypt_module_open',
228
+ 'mcrypt_module_self_test',
229
+ 'mcrypt_ofb',
230
+ 'mdecrypt_generic',
231
+ // http://php.net/manual/en/book.mhash.php
232
+ 'mhash_count',
233
+ 'mhash_get_block_size',
234
+ 'mhash_get_hash_name',
235
+ 'mhash_keygen_s2k',
236
+ 'mhash',
237
+ // http://php.net/manual/en/book.crack.php
238
+ 'crack_check',
239
+ 'crack_closedict',
240
+ 'crack_getlastmessage',
241
+ 'crack_opendict',
242
+ // http://php.net/manual/en/book.hash.php
243
+ 'hash_algos',
244
+ 'hash_copy',
245
+ 'hash_file',
246
+ 'hash_final',
247
+ 'hash_hmac_file',
248
+ 'hash_hmac',
249
+ 'hash_init',
250
+ 'hash_pbkdf2',
251
+ 'hash_update_file',
252
+ 'hash_update_stream',
253
+ 'hash_update',
254
+ //'hash',
255
+ // http://php.net/manual/en/book.openssl.php
256
+ 'openssl_cipher_iv_length',
257
+ 'openssl_csr_export_to_file',
258
+ 'openssl_csr_export',
259
+ 'openssl_csr_get_public_key',
260
+ 'openssl_csr_get_subject',
261
+ 'openssl_csr_new',
262
+ 'openssl_csr_sign',
263
+ 'openssl_decrypt',
264
+ 'openssl_dh_compute_key',
265
+ 'openssl_digest',
266
+ 'openssl_encrypt',
267
+ 'openssl_error_string',
268
+ 'openssl_free_key',
269
+ 'openssl_get_cipher_methods',
270
+ 'openssl_get_md_methods',
271
+ 'openssl_get_privatekey',
272
+ 'openssl_get_publickey',
273
+ 'openssl_open',
274
+ 'openssl_pbkdf2',
275
+ 'openssl_pkcs12_export_to_file',
276
+ 'openssl_pkcs12_export',
277
+ 'openssl_pkcs12_read',
278
+ 'openssl_pkcs7_decrypt',
279
+ 'openssl_pkcs7_encrypt',
280
+ 'openssl_pkcs7_sign',
281
+ 'openssl_pkcs7_verify',
282
+ 'openssl_pkey_export_to_file',
283
+ 'openssl_pkey_export',
284
+ 'openssl_pkey_free',
285
+ 'openssl_pkey_get_details',
286
+ 'openssl_pkey_get_private',
287
+ 'openssl_pkey_get_public',
288
+ 'openssl_pkey_new',
289
+ 'openssl_private_decrypt',
290
+ 'openssl_private_encrypt',
291
+ 'openssl_public_decrypt',
292
+ 'openssl_public_encrypt',
293
+ 'openssl_random_pseudo_bytes',
294
+ 'openssl_seal',
295
+ 'openssl_sign',
296
+ 'openssl_spki_export_challenge',
297
+ 'openssl_spki_export',
298
+ 'openssl_spki_new',
299
+ 'openssl_spki_verify',
300
+ 'openssl_verify',
301
+ 'openssl_x509_check_private_key',
302
+ 'openssl_x509_checkpurpose',
303
+ 'openssl_x509_export_to_file',
304
+ 'openssl_x509_export',
305
+ 'openssl_x509_free',
306
+ 'openssl_x509_parse',
307
+ 'openssl_x509_read',
308
+ // http://php.net/manual/en/book.password.php
309
+ 'password_get_info',
310
+ 'password_hash',
311
+ 'password_needs_rehash',
312
+ 'password_verify',
313
+ // Guesses
314
+ 'encrypt',
315
+ 'decrypt',
316
+ 'mc_encrypt',
317
+ 'mc_decrypt',
318
+ 'crypto',
319
+ 'scrypt',
320
+ 'bcrypt',
321
+ 'password_crypt',
322
+ 'sha256',
323
+ 'sha128',
324
+ 'sha512',
325
+ 'hmac',
326
+ 'pbkdf2',
327
+ 'aes',
328
+ 'encipher',
329
+ 'decipher',
330
+ 'crc32',
331
+ );
332
+ }
333
+ }
app/module/scan/js/script.js CHANGED
@@ -16,19 +16,22 @@ jQuery(function ($) {
16
  });
17
  var current_issue = null;
18
  $('body').on('click', '#next_issue', function () {
19
- var parent = $(this).parent().find('.inner-sourcecode').first();
 
 
 
 
20
  if (current_issue === null) {
21
- current_issue = parent.find('del').first();
22
  } else {
23
- current_issue = current_issue.next('del').first();
24
- }
25
- console.log(parent);
26
- if (current_issue.size() > 0) {
27
- var pos = current_issue.position();
28
- console.log(current_issue.offset());
29
- console.log(current_issue.position());
30
- parent.scrollTop(pos.top);
31
  }
 
 
 
32
  })
33
  //processing scan
34
  if ($('#scanning').size() > 0) {
16
  });
17
  var current_issue = null;
18
  $('body').on('click', '#next_issue', function () {
19
+ var parent = $(this).parent().parent().find('.inner-sourcecode').first();
20
+ var issues = parent.find('del');
21
+ if (issues.size() == 0) {
22
+ return;
23
+ }
24
  if (current_issue === null) {
25
+ current_issue = 0;
26
  } else {
27
+ current_issue = current_issue + 1;
28
+ if (issues[current_issue] === undefined) {
29
+ current_issue = 0;
30
+ }
 
 
 
 
31
  }
32
+ console.log($(issues[current_issue]).text());
33
+ var pos = $(issues[current_issue]).position();
34
+ parent.scrollTop(pos.top);
35
  })
36
  //processing scan
37
  if ($('#scanning').size() > 0) {
assets/css/styles.css CHANGED
@@ -2494,6 +2494,11 @@
2494
  text-transform: uppercase; }
2495
  .wp-defender .advanced-tools .at-line .well.well-yellow a:hover {
2496
  opacity: 1; }
 
 
 
 
 
2497
  .wp-defender .toggle-row {
2498
  display: none; }
2499
  @media screen and (min-width: 769px) and (max-width: 979px) {
2494
  text-transform: uppercase; }
2495
  .wp-defender .advanced-tools .at-line .well.well-yellow a:hover {
2496
  opacity: 1; }
2497
+ .wp-defender .advanced-tools .well.well-white label {
2498
+ color: #666;
2499
+ font-size: 13px;
2500
+ font-weight: 500;
2501
+ display: inline; }
2502
  .wp-defender .toggle-row {
2503
  display: none; }
2504
  @media screen and (min-width: 769px) and (max-width: 979px) {
assets/js/scripts.js CHANGED
@@ -1,4 +1,12 @@
1
  jQuery(function ($) {
 
 
 
 
 
 
 
 
2
  //blacklist helper
3
  if ($('.blacklist-widget').size() > 0) {
4
  $('.blacklist-widget').submit(function () {
1
  jQuery(function ($) {
2
+ $('body').on('change', '.toggle-checkbox', function (e) {
3
+ if ($(this).prop('checked') == true) {
4
+ $('label[for="'+$(this).attr('id')+'"]').attr('aria-checked',true);
5
+ } else {
6
+ $('label[for="'+$(this).attr('id')+'"]').attr('aria-checked',false);
7
+ }
8
+ });
9
+
10
  //blacklist helper
11
  if ($('.blacklist-widget').size() > 0) {
12
  $('.blacklist-widget').submit(function () {
changelog.txt CHANGED
@@ -4,6 +4,36 @@ Tested up to: 4.7.4
4
 
5
  Change Log:
6
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  1.8 - 2018-10-04
8
  ----------------------------------------------------------------------
9
  - New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
4
 
5
  Change Log:
6
 
7
+ 2.0 - 2018-04-09
8
+ ----------------------------------------------------------------------
9
+ - New: added tweak “Disable XML-RPC”
10
+ - Improvement: Two factor authentication can now be force enabled by role.
11
+ - Improvement: better clarification on Mask Login Area page
12
+ - Fix: Compatibility with Appointments login when Mask Login enabled.
13
+ - Fix: /login/ will be blocked instead of redirect to right login URL
14
+ - Fix: new site registration emails login URL now show right Login URL instead of the original one if Mask URL enabled.
15
+ - Fix: Accessibility fix for factor authentication
16
+ - Changes: Show Admin Pointer when first activate Defender and remove the redirect behavior
17
+
18
+ 1.9.1 - 2018-09-07
19
+ ----------------------------------------------------------------------
20
+ - Fix: Mask Login Area description text is misleading
21
+ - Fix: wp-admin link of sub-sites in networks link to wrong admin URL
22
+ - Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
23
+ - Fix: Dashboard reporting section mis-alignment
24
+ - Other minor enhancements and fixes
25
+
26
+ 1.9 - 2018-24-05
27
+ ----------------------------------------------------------------------
28
+ - New: Ability to edit default two-factor authentication email notifications
29
+ - New: Added Privacy Policy in privacy guideline page
30
+ - Improvements for lockout logs interface
31
+ - Improvement: Smarter report default time.
32
+ - Fix: Defender auto redirect issue when bulk activating plugins
33
+ - Fix: saving 404 redirect URL issue
34
+ - Fix: Some layouts are shifted on mobile devices
35
+ - Other minor enhancements and fixes
36
+
37
  1.8 - 2018-10-04
38
  ----------------------------------------------------------------------
39
  - New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
languages/wpdef-default.pot CHANGED
@@ -2,16 +2,16 @@
2
  # This file is distributed under the GNU General Public License (Version 2 - GPLv2).
3
  msgid ""
4
  msgstr ""
5
- "Project-Id-Version: Defender Pro 1.9.1-beta5\n"
6
  "Report-Msgid-Bugs-To: https://wpmudev.org\n"
7
- "POT-Creation-Date: 2018-07-03 16:10:03+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=utf-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
11
  "PO-Revision-Date: 2018-MO-DA HO:MI+ZONE\n"
12
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
  "Language-Team: LANGUAGE <EMAIL@ADDRESS>\n"
14
- "X-Generator: grunt-wp-i18n1.0.0\n"
15
 
16
  #: app/behavior/blacklist-free.php:21 app/behavior/blacklist.php:58
17
  #: app/behavior/blacklist.php:116 app/behavior/blacklist.php:141
@@ -96,7 +96,7 @@ msgstr ""
96
  msgid "Your domain is currently clean."
97
  msgstr ""
98
 
99
- #: app/behavior/blacklist.php:261
100
  msgid "Something wrong happened, please try again."
101
  msgstr ""
102
 
@@ -152,17 +152,17 @@ msgid "Lockout reports are active scheduled to send %s"
152
  msgstr ""
153
 
154
  #: app/behavior/report-free.php:129 app/behavior/report.php:224
155
- #: app/behavior/utils.php:917 free/utils.php:709
156
  msgid "daily"
157
  msgstr ""
158
 
159
  #: app/behavior/report-free.php:132 app/behavior/report.php:227
160
- #: app/behavior/utils.php:920 free/utils.php:712
161
  msgid "weekly"
162
  msgstr ""
163
 
164
  #: app/behavior/report-free.php:135 app/behavior/report.php:230
165
- #: app/behavior/utils.php:923 free/utils.php:715
166
  msgid "monthly"
167
  msgstr ""
168
 
@@ -204,47 +204,57 @@ msgstr ""
204
  msgid "To activate this report you must first enable the Audit Logging module."
205
  msgstr ""
206
 
207
- #: app/behavior/utils.php:77 free/utils.php:78
208
  msgid ""
209
  "WPMU DEV Dashboard will be required for this action. Please visit <a "
210
  "href=\"%s\">here</a> and install the WPMU DEV Dashboard"
211
  msgstr ""
212
 
213
- #: app/behavior/utils.php:178 app/behavior/utils.php:187
214
  #: app/module/audit/view/table.php:78 app/module/audit/view/table.php:136
215
  #: free/utils.php:179 free/utils.php:188
216
  msgid "Guest"
217
  msgstr ""
218
 
219
- #: app/behavior/utils.php:741
220
  msgid "WordPress Core Integrity"
221
  msgstr ""
222
 
223
- #: app/behavior/utils.php:742
224
  msgid "Plugins & Themes vulnerability"
225
  msgstr ""
226
 
227
- #: app/behavior/utils.php:743 app/module/scan/behavior/scan.php:145
228
  #: app/module/scan/view/layouts/layout.php:70
229
  #: app/module/scan/view/setting-free.php:50 app/module/scan/view/setting.php:43
230
  #: app/view/settings.php:98
231
  msgid "Suspicious Code"
232
  msgstr ""
233
 
234
- #: app/behavior/utils.php:772 app/module/audit/controller/main.php:144
235
  #: app/module/ip-lockout/controller/main.php:93
236
  msgid "Never"
237
  msgstr ""
238
 
239
- #: app/behavior/utils.php:900 free/utils.php:692
240
  msgid "Please upgrade to 5.3 or later"
241
  msgstr ""
242
 
243
- #: app/controller/dashboard.php:60 app/view/dashboard.php:4
 
 
 
 
 
 
 
 
 
 
244
  msgid "Dashboard"
245
  msgstr ""
246
 
247
- #: app/controller/dashboard.php:324 app/controller/gdpr.php:16
248
  #: app/controller/requirement.php:69 app/module/ip-lockout/view/locked.php:75
249
  msgid "Defender"
250
  msgstr ""
@@ -253,27 +263,27 @@ msgstr ""
253
  msgid "Defender Pro"
254
  msgstr ""
255
 
256
- #: app/controller/dashboard.php:358
257
  msgid "QUICK SETUP"
258
  msgstr ""
259
 
260
- #: app/controller/dashboard.php:358
261
  msgid "Skip"
262
  msgstr ""
263
 
264
- #: app/controller/dashboard.php:359
265
  msgid "Activating File Scanning..."
266
  msgstr ""
267
 
268
- #: app/controller/dashboard.php:360
269
  msgid "Activating Audit Module..."
270
  msgstr ""
271
 
272
- #: app/controller/dashboard.php:361
273
  msgid "Activating IP Lockouts Module..."
274
  msgstr ""
275
 
276
- #: app/controller/dashboard.php:362
277
  msgid "Activating Blacklist Monitoring..."
278
  msgstr ""
279
 
@@ -340,7 +350,7 @@ msgid "Defender%s"
340
  msgstr ""
341
 
342
  #: app/module/advanced-tools/behavior/at-widget.php:18
343
- #: app/module/advanced-tools/controller/main.php:479
344
  #: app/module/advanced-tools/view/layouts/layout.php:5
345
  msgid "Advanced Tools"
346
  msgstr ""
@@ -433,88 +443,88 @@ msgid ""
433
  msgstr ""
434
 
435
  #: app/module/advanced-tools/controller/main.php:60
436
- #: app/module/advanced-tools/controller/mask-login.php:49
437
  msgid ""
438
  "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. "
439
  "Please disable it and return to this page to continue setup."
440
  msgstr ""
441
 
442
  #: app/module/advanced-tools/controller/main.php:63
443
- #: app/module/advanced-tools/controller/mask-login.php:52
444
  msgid ""
445
  "We’ve detected a conflict with Theme my login. Please disable it and return "
446
  "to this page to continue setup."
447
  msgstr ""
448
 
449
- #: app/module/advanced-tools/controller/main.php:205
450
  msgid "Two Factor"
451
  msgstr ""
452
 
453
- #: app/module/advanced-tools/controller/main.php:228
454
  msgid "Your token is invalid"
455
  msgstr ""
456
 
457
- #: app/module/advanced-tools/controller/main.php:239
458
- #: app/module/advanced-tools/controller/main.php:574
459
- #: app/module/advanced-tools/controller/main.php:618
460
  #: app/module/advanced-tools/view/2factor-otp-email-edit-from.php:3
461
  msgid "Your OTP code"
462
  msgstr ""
463
 
464
- #: app/module/advanced-tools/controller/main.php:256
465
  msgid "Your code has been sent to your email."
466
  msgstr ""
467
 
468
- #: app/module/advanced-tools/controller/main.php:300
469
  msgid "Please input a valid OTP code"
470
  msgstr ""
471
 
472
- #: app/module/advanced-tools/controller/main.php:315
473
  msgid "Your OTP code is incorrect. Please try again."
474
  msgstr ""
475
 
476
- #: app/module/advanced-tools/controller/main.php:376
477
  msgid "Some error happen"
478
  msgstr ""
479
 
480
- #: app/module/advanced-tools/controller/main.php:413
481
  msgid "Whoops, the passcode you entered was incorrect or expired."
482
  msgstr ""
483
 
484
- #: app/module/advanced-tools/controller/main.php:527
485
  msgid "Edit Email"
486
  msgstr ""
487
 
488
- #: app/module/advanced-tools/controller/main.php:554
489
- #: app/module/advanced-tools/controller/mask-login.php:251
490
  #: app/module/audit/controller/main.php:197
491
  #: app/module/ip-lockout/controller/main.php:739
492
  #: app/module/scan/controller/main.php:306
493
  msgid "Your settings have been updated."
494
  msgstr ""
495
 
496
- #: app/module/advanced-tools/controller/main.php:580
497
- #: app/module/advanced-tools/controller/main.php:624
498
  msgid "%s variable was not found in mail body."
499
  msgstr ""
500
 
501
- #: app/module/advanced-tools/controller/main.php:592
502
  msgid "Email settings has been saved."
503
  msgstr ""
504
 
505
- #: app/module/advanced-tools/controller/main.php:641
506
  msgid "Test email has been sent to your email."
507
  msgstr ""
508
 
509
- #: app/module/advanced-tools/controller/main.php:645
510
  msgid "Test email failed."
511
  msgstr ""
512
 
513
- #: app/module/advanced-tools/controller/mask-login.php:197
514
  msgid "This feature is disabled"
515
  msgstr ""
516
 
517
- #: app/module/advanced-tools/controller/mask-login.php:243
518
  msgid "Login and 404 redirect URLs can't be the same. Please use different URLs."
519
  msgstr ""
520
 
@@ -685,7 +695,9 @@ msgid ""
685
  msgstr ""
686
 
687
  #: app/module/advanced-tools/view/main-free.php:41
 
688
  #: app/module/advanced-tools/view/main.php:41
 
689
  msgid "User Roles"
690
  msgstr ""
691
 
@@ -702,58 +714,58 @@ msgstr ""
702
  msgid "User role"
703
  msgstr ""
704
 
705
- #: app/module/advanced-tools/view/main-free.php:82
706
- #: app/module/advanced-tools/view/main.php:82
707
  msgid "Lost Phone"
708
  msgstr ""
709
 
710
- #: app/module/advanced-tools/view/main-free.php:84
711
- #: app/module/advanced-tools/view/main.php:84
712
  msgid ""
713
  "If a user is unable to access their phone, you can allow an option to send "
714
  "the one time password to their registered email."
715
  msgstr ""
716
 
717
- #: app/module/advanced-tools/view/main-free.php:94
718
- #: app/module/advanced-tools/view/main.php:94
719
  msgid "Enable lost phone option"
720
  msgstr ""
721
 
722
- #: app/module/advanced-tools/view/main-free.php:99
723
- #: app/module/advanced-tools/view/main.php:99
724
  msgid "Force Authentication"
725
  msgstr ""
726
 
727
- #: app/module/advanced-tools/view/main-free.php:101
728
- #: app/module/advanced-tools/view/main.php:101
729
  msgid ""
730
  "By default, two-factor authentication is optional for users. This setting "
731
  "forces users to activate two-factor."
732
  msgstr ""
733
 
734
- #: app/module/advanced-tools/view/main-free.php:111
735
- #: app/module/advanced-tools/view/main.php:111
736
  msgid "Force users to log in with two-factor authentication"
737
  msgstr ""
738
 
739
- #: app/module/advanced-tools/view/main-free.php:112
740
- #: app/module/advanced-tools/view/main.php:112
741
  msgid "Note: Users will be forced to set up two-factor when they next login."
742
  msgstr ""
743
 
744
- #: app/module/advanced-tools/view/main-free.php:115
745
- #: app/module/advanced-tools/view/main.php:115
746
  msgid "Custom warning message"
747
  msgstr ""
748
 
749
- #: app/module/advanced-tools/view/main-free.php:119
750
- #: app/module/advanced-tools/view/main.php:119
751
  msgid ""
752
  "Note: This is shown in the users Profile area indicating they must use "
753
  "two-factor authentication."
754
  msgstr ""
755
 
756
- #: app/module/advanced-tools/view/main-free.php:127
757
  #: app/module/scan/behavior/scan.php:137 app/module/scan/behavior/scan.php:152
758
  #: app/module/scan/view/layouts/layout.php:62
759
  #: app/module/scan/view/layouts/layout.php:78
@@ -762,92 +774,92 @@ msgstr ""
762
  msgid "Pro Feature"
763
  msgstr ""
764
 
765
- #: app/module/advanced-tools/view/main-free.php:129
766
- #: app/module/advanced-tools/view/main.php:126
767
- #: app/module/advanced-tools/view/main.php:143
768
  msgid "Custom Graphic"
769
  msgstr ""
770
 
771
- #: app/module/advanced-tools/view/main-free.php:131
772
- #: app/module/advanced-tools/view/main.php:128
773
  msgid ""
774
  "By default, Defender’s icon appears above the login fields. You can upload "
775
  "your own branding, or turn this feature off."
776
  msgstr ""
777
 
778
- #: app/module/advanced-tools/view/main-free.php:139
779
- #: app/module/advanced-tools/view/main.php:139
780
  msgid "Enable custom graphics above login fields"
781
  msgstr ""
782
 
783
- #: app/module/advanced-tools/view/main-free.php:147
784
- #: app/module/advanced-tools/view/main.php:157
785
  msgid "Emails"
786
  msgstr ""
787
 
788
- #: app/module/advanced-tools/view/main-free.php:149
789
- #: app/module/advanced-tools/view/main.php:159
790
  msgid "Customize the default copy for emails the two-factor feature sends to users."
791
  msgstr ""
792
 
793
- #: app/module/advanced-tools/view/main-free.php:155
794
- #: app/module/advanced-tools/view/main.php:165
795
  msgid "Email"
796
  msgstr ""
797
 
798
- #: app/module/advanced-tools/view/main-free.php:157
799
- #: app/module/advanced-tools/view/main.php:167
800
  msgid "Lost phone one time password"
801
  msgstr ""
802
 
803
- #: app/module/advanced-tools/view/main-free.php:164
804
- #: app/module/advanced-tools/view/main.php:174
805
  msgid "App Download"
806
  msgstr ""
807
 
808
- #: app/module/advanced-tools/view/main-free.php:166
809
- #: app/module/advanced-tools/view/main.php:176
810
  msgid "Need the app? Here’s links to the official Google Authenticator apps."
811
  msgstr ""
812
 
813
- #: app/module/advanced-tools/view/main-free.php:180
814
- #: app/module/advanced-tools/view/main.php:190
815
  msgid "Active Users"
816
  msgstr ""
817
 
818
- #: app/module/advanced-tools/view/main-free.php:182
819
- #: app/module/advanced-tools/view/main.php:192
820
  msgid ""
821
  "Here’s a quick link to see which of your users have enabled two-factor "
822
  "verification."
823
  msgstr ""
824
 
825
- #: app/module/advanced-tools/view/main-free.php:186
826
- #: app/module/advanced-tools/view/main.php:196
827
  msgid "<a href=\"%s\">View users</a> who have enabled this feature."
828
  msgstr ""
829
 
830
- #: app/module/advanced-tools/view/main-free.php:191
831
- #: app/module/advanced-tools/view/main-free.php:198
832
- #: app/module/advanced-tools/view/main.php:201
833
- #: app/module/advanced-tools/view/main.php:208
834
  #: app/module/advanced-tools/view/mask-login/enabled.php:78
835
  #: app/module/advanced-tools/view/mask-login/enabled.php:82
836
  #: app/module/audit/view/settings.php:10
837
  msgid "Deactivate"
838
  msgstr ""
839
 
840
- #: app/module/advanced-tools/view/main-free.php:193
841
- #: app/module/advanced-tools/view/main.php:203
842
  msgid "Disable two-factor authentication on your website."
843
  msgstr ""
844
 
845
- #: app/module/advanced-tools/view/main-free.php:206
846
- #: app/module/advanced-tools/view/main.php:216
847
  msgid "SAVE SETTINGS"
848
  msgstr ""
849
 
850
- #: app/module/advanced-tools/view/main.php:144
851
  msgid "For best results use a 168x168px JPG or PNG."
852
  msgstr ""
853
 
@@ -870,27 +882,35 @@ msgid ""
870
  msgstr ""
871
 
872
  #: app/module/advanced-tools/view/mask-login/enabled.php:33
873
- msgid "Masking URLs"
874
  msgstr ""
875
 
876
  #: app/module/advanced-tools/view/mask-login/enabled.php:35
877
  msgid ""
878
- "Choose the new URL slug where users of your website will now navigate to "
879
- "log in or register."
880
  msgstr ""
881
 
882
  #: app/module/advanced-tools/view/mask-login/enabled.php:39
883
  msgid ""
884
- "You can specify any URLs. For security reasons, less obvious URLs are "
885
- "recommended as they are harder for bots to guess."
 
886
  msgstr ""
887
 
888
  #: app/module/advanced-tools/view/mask-login/enabled.php:40
889
- msgid "New Login URL"
 
 
 
 
890
  msgstr ""
891
 
892
  #: app/module/advanced-tools/view/mask-login/enabled.php:42
893
- msgid "Users will login at <strong>%s</strong>"
 
 
 
894
  msgstr ""
895
 
896
  #: app/module/advanced-tools/view/mask-login/enabled.php:47
@@ -1492,7 +1512,7 @@ msgstr ""
1492
  #: app/module/scan/view/layouts/layout.php:132
1493
  #: app/module/scan/view/layouts/layout.php:149
1494
  #: app/module/scan/view/setting-free.php:3 app/module/scan/view/setting.php:3
1495
- #: app/view/settings.php:6 free/main-activator.php:161 main-activator.php:102
1496
  msgid "Settings"
1497
  msgstr ""
1498
 
@@ -2181,6 +2201,10 @@ msgstr ""
2181
  msgid "Disable trackbacks and pingbacks"
2182
  msgstr ""
2183
 
 
 
 
 
2184
  #: app/module/hardener/component/hide-error-service.php:103
2185
  msgid "WP_DEBUG get override somewhere, please check with your host provider"
2186
  msgstr ""
@@ -2271,7 +2295,7 @@ msgstr ""
2271
 
2272
  #: app/module/hardener/rule.php:111
2273
  #: app/module/scan/behavior/core-result.php:189
2274
- #: app/module/scan/behavior/pro/content-result.php:107
2275
  #: app/module/scan/behavior/pro/vuln-result.php:156
2276
  #: app/module/scan/component/result-table.php:199
2277
  msgid "Ignore"
@@ -2360,6 +2384,7 @@ msgstr ""
2360
  #: app/module/hardener/view/rules/db-prefix.php:11
2361
  #: app/module/hardener/view/rules/disable-file-editor.php:11
2362
  #: app/module/hardener/view/rules/disable-trackback.php:11
 
2363
  #: app/module/hardener/view/rules/hide-error.php:11
2364
  #: app/module/hardener/view/rules/login-duration.php:11
2365
  #: app/module/hardener/view/rules/php-version.php:11
@@ -2384,6 +2409,7 @@ msgstr ""
2384
  #: app/module/hardener/view/rules/db-prefix.php:16
2385
  #: app/module/hardener/view/rules/disable-file-editor.php:16
2386
  #: app/module/hardener/view/rules/disable-trackback.php:16
 
2387
  #: app/module/hardener/view/rules/hide-error.php:16
2388
  #: app/module/hardener/view/rules/login-duration.php:16
2389
  #: app/module/hardener/view/rules/php-version.php:34
@@ -2452,6 +2478,7 @@ msgstr ""
2452
 
2453
  #: app/module/hardener/view/rules/disable-file-editor.php:26
2454
  #: app/module/hardener/view/rules/disable-trackback.php:26
 
2455
  #: app/module/hardener/view/rules/login-duration.php:29
2456
  #: app/module/hardener/view/rules/prevent-php-executed.php:52
2457
  #: app/module/hardener/view/rules/protect-information.php:26
@@ -2497,6 +2524,34 @@ msgstr ""
2497
  msgid "Disable Pingbacks"
2498
  msgstr ""
2499
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2500
  #: app/module/hardener/view/rules/hide-error.php:13
2501
  msgid ""
2502
  "In addition to hiding error logs, developers often use the built-in "
@@ -3716,11 +3771,11 @@ msgid "This WordPress core file appears modified"
3716
  msgstr ""
3717
 
3718
  #: app/module/scan/behavior/core-result.php:75
3719
- #: app/module/scan/behavior/core-result.php:406
3720
- #: app/module/scan/behavior/core-result.php:411
3721
- #: app/module/scan/behavior/pro/content-result.php:214
3722
- #: app/module/scan/behavior/pro/content-result.php:235
3723
- #: app/module/scan/behavior/pro/content-result.php:240
3724
  msgid "Defender doesn't have enough permission to remove this file"
3725
  msgstr ""
3726
 
@@ -3759,7 +3814,7 @@ msgid "Date Added"
3759
  msgstr ""
3760
 
3761
  #: app/module/scan/behavior/core-result.php:197
3762
- #: app/module/scan/behavior/pro/content-result.php:128
3763
  msgid "Delete"
3764
  msgstr ""
3765
 
@@ -3770,12 +3825,12 @@ msgid ""
3770
  msgstr ""
3771
 
3772
  #: app/module/scan/behavior/core-result.php:202
3773
- #: app/module/scan/behavior/pro/content-result.php:133
3774
  msgid "Yes"
3775
  msgstr ""
3776
 
3777
  #: app/module/scan/behavior/core-result.php:205
3778
- #: app/module/scan/behavior/pro/content-result.php:136
3779
  msgid "No"
3780
  msgstr ""
3781
 
@@ -3795,7 +3850,7 @@ msgstr ""
3795
  #: app/module/scan/behavior/core-result.php:281
3796
  #: app/module/scan/behavior/core-result.php:303
3797
  #: app/module/scan/behavior/core-result.php:325
3798
- #: app/module/scan/behavior/pro/content-result.php:94
3799
  msgid "Pulling source file..."
3800
  msgstr ""
3801
 
@@ -3827,26 +3882,50 @@ msgid ""
3827
  "recommend backing up your website."
3828
  msgstr ""
3829
 
3830
- #: app/module/scan/behavior/pro/content-result.php:114
 
 
 
 
 
 
 
 
3831
  msgid ""
3832
  "This will permanent delete the whole plugin containing this file, do you "
3833
  "want to do this?"
3834
  msgstr ""
3835
 
3836
- #: app/module/scan/behavior/pro/content-result.php:117
3837
  msgid ""
3838
  "This will permanent delete the whole theme containing this file, do you "
3839
  "want to do this?"
3840
  msgstr ""
3841
 
3842
- #: app/module/scan/behavior/pro/content-result.php:120
3843
  msgid "This will permanent delete this file, do you want to do this?"
3844
  msgstr ""
3845
 
3846
- #: app/module/scan/behavior/pro/content-result.php:208
3847
  msgid "wp-config.php can't be removed. Please remove the suspicious code manually."
3848
  msgstr ""
3849
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3850
  #: app/module/scan/behavior/pro/vuln-result.php:33
3851
  msgid "WordPress Vulnerability"
3852
  msgstr ""
@@ -3999,19 +4078,19 @@ msgstr ""
3999
  msgid "A scan is already in progress"
4000
  msgstr ""
4001
 
4002
- #: app/module/scan/component/scan-api.php:195
4003
  msgid "No scan record exists"
4004
  msgstr ""
4005
 
4006
- #: app/module/scan/component/scan-api.php:235
4007
  msgid "Analyzing WordPress Core..."
4008
  msgstr ""
4009
 
4010
- #: app/module/scan/component/scan-api.php:238
4011
  msgid "Analyzing WordPress Content..."
4012
  msgstr ""
4013
 
4014
- #: app/module/scan/component/scan-api.php:241
4015
  msgid "Checking for any published vulnerabilities your plugins & themes..."
4016
  msgstr ""
4017
 
@@ -4591,7 +4670,7 @@ msgstr ""
4591
  msgid "<br/>Something went wrong. Please try again later!"
4592
  msgstr ""
4593
 
4594
- #: free/main-activator.php:166 main-activator.php:107
4595
  msgid "Docs"
4596
  msgstr ""
4597
 
@@ -4631,7 +4710,7 @@ msgstr ""
4631
  msgid "Rate %s"
4632
  msgstr ""
4633
 
4634
- #: main-activator.php:91
4635
  msgid ""
4636
  "We noticed you have both the free and pro versions of Defender installed, "
4637
  "so we've automatically deactivated the free version for you."
2
  # This file is distributed under the GNU General Public License (Version 2 - GPLv2).
3
  msgid ""
4
  msgstr ""
5
+ "Project-Id-Version: Defender Pro 2.0\n"
6
  "Report-Msgid-Bugs-To: https://wpmudev.org\n"
7
+ "POT-Creation-Date: 2018-09-04 10:26:31+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=utf-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
11
  "PO-Revision-Date: 2018-MO-DA HO:MI+ZONE\n"
12
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
  "Language-Team: LANGUAGE <EMAIL@ADDRESS>\n"
14
+ "X-Generator: grunt-wp-i18n1.0.2\n"
15
 
16
  #: app/behavior/blacklist-free.php:21 app/behavior/blacklist.php:58
17
  #: app/behavior/blacklist.php:116 app/behavior/blacklist.php:141
96
  msgid "Your domain is currently clean."
97
  msgstr ""
98
 
99
+ #: app/behavior/blacklist.php:260
100
  msgid "Something wrong happened, please try again."
101
  msgstr ""
102
 
152
  msgstr ""
153
 
154
  #: app/behavior/report-free.php:129 app/behavior/report.php:224
155
+ #: app/behavior/utils.php:916 free/utils.php:709
156
  msgid "daily"
157
  msgstr ""
158
 
159
  #: app/behavior/report-free.php:132 app/behavior/report.php:227
160
+ #: app/behavior/utils.php:919 free/utils.php:712
161
  msgid "weekly"
162
  msgstr ""
163
 
164
  #: app/behavior/report-free.php:135 app/behavior/report.php:230
165
+ #: app/behavior/utils.php:922 free/utils.php:715
166
  msgid "monthly"
167
  msgstr ""
168
 
204
  msgid "To activate this report you must first enable the Audit Logging module."
205
  msgstr ""
206
 
207
+ #: app/behavior/utils.php:76 free/utils.php:78
208
  msgid ""
209
  "WPMU DEV Dashboard will be required for this action. Please visit <a "
210
  "href=\"%s\">here</a> and install the WPMU DEV Dashboard"
211
  msgstr ""
212
 
213
+ #: app/behavior/utils.php:177 app/behavior/utils.php:186
214
  #: app/module/audit/view/table.php:78 app/module/audit/view/table.php:136
215
  #: free/utils.php:179 free/utils.php:188
216
  msgid "Guest"
217
  msgstr ""
218
 
219
+ #: app/behavior/utils.php:740
220
  msgid "WordPress Core Integrity"
221
  msgstr ""
222
 
223
+ #: app/behavior/utils.php:741
224
  msgid "Plugins & Themes vulnerability"
225
  msgstr ""
226
 
227
+ #: app/behavior/utils.php:742 app/module/scan/behavior/scan.php:145
228
  #: app/module/scan/view/layouts/layout.php:70
229
  #: app/module/scan/view/setting-free.php:50 app/module/scan/view/setting.php:43
230
  #: app/view/settings.php:98
231
  msgid "Suspicious Code"
232
  msgstr ""
233
 
234
+ #: app/behavior/utils.php:771 app/module/audit/controller/main.php:144
235
  #: app/module/ip-lockout/controller/main.php:93
236
  msgid "Never"
237
  msgstr ""
238
 
239
+ #: app/behavior/utils.php:899 free/utils.php:692
240
  msgid "Please upgrade to 5.3 or later"
241
  msgstr ""
242
 
243
+ #: app/controller/dashboard.php:115
244
+ msgid "Get Secure"
245
+ msgstr ""
246
+
247
+ #: app/controller/dashboard.php:116
248
+ msgid ""
249
+ "Enable security tweaks, activate monitoring and start protecting your login "
250
+ "are and files here."
251
+ msgstr ""
252
+
253
+ #: app/controller/dashboard.php:147 app/view/dashboard.php:4
254
  msgid "Dashboard"
255
  msgstr ""
256
 
257
+ #: app/controller/dashboard.php:411 app/controller/gdpr.php:16
258
  #: app/controller/requirement.php:69 app/module/ip-lockout/view/locked.php:75
259
  msgid "Defender"
260
  msgstr ""
263
  msgid "Defender Pro"
264
  msgstr ""
265
 
266
+ #: app/controller/dashboard.php:445
267
  msgid "QUICK SETUP"
268
  msgstr ""
269
 
270
+ #: app/controller/dashboard.php:445
271
  msgid "Skip"
272
  msgstr ""
273
 
274
+ #: app/controller/dashboard.php:446
275
  msgid "Activating File Scanning..."
276
  msgstr ""
277
 
278
+ #: app/controller/dashboard.php:447
279
  msgid "Activating Audit Module..."
280
  msgstr ""
281
 
282
+ #: app/controller/dashboard.php:448
283
  msgid "Activating IP Lockouts Module..."
284
  msgstr ""
285
 
286
+ #: app/controller/dashboard.php:449
287
  msgid "Activating Blacklist Monitoring..."
288
  msgstr ""
289
 
350
  msgstr ""
351
 
352
  #: app/module/advanced-tools/behavior/at-widget.php:18
353
+ #: app/module/advanced-tools/controller/main.php:486
354
  #: app/module/advanced-tools/view/layouts/layout.php:5
355
  msgid "Advanced Tools"
356
  msgstr ""
443
  msgstr ""
444
 
445
  #: app/module/advanced-tools/controller/main.php:60
446
+ #: app/module/advanced-tools/controller/mask-login.php:54
447
  msgid ""
448
  "We’ve detected a conflict with Jetpack’s Wordpress.com Log In feature. "
449
  "Please disable it and return to this page to continue setup."
450
  msgstr ""
451
 
452
  #: app/module/advanced-tools/controller/main.php:63
453
+ #: app/module/advanced-tools/controller/mask-login.php:57
454
  msgid ""
455
  "We’ve detected a conflict with Theme my login. Please disable it and return "
456
  "to this page to continue setup."
457
  msgstr ""
458
 
459
+ #: app/module/advanced-tools/controller/main.php:212
460
  msgid "Two Factor"
461
  msgstr ""
462
 
463
+ #: app/module/advanced-tools/controller/main.php:235
464
  msgid "Your token is invalid"
465
  msgstr ""
466
 
467
+ #: app/module/advanced-tools/controller/main.php:246
468
+ #: app/module/advanced-tools/controller/main.php:585
469
+ #: app/module/advanced-tools/controller/main.php:629
470
  #: app/module/advanced-tools/view/2factor-otp-email-edit-from.php:3
471
  msgid "Your OTP code"
472
  msgstr ""
473
 
474
+ #: app/module/advanced-tools/controller/main.php:263
475
  msgid "Your code has been sent to your email."
476
  msgstr ""
477
 
478
+ #: app/module/advanced-tools/controller/main.php:307
479
  msgid "Please input a valid OTP code"
480
  msgstr ""
481
 
482
+ #: app/module/advanced-tools/controller/main.php:322
483
  msgid "Your OTP code is incorrect. Please try again."
484
  msgstr ""
485
 
486
+ #: app/module/advanced-tools/controller/main.php:383
487
  msgid "Some error happen"
488
  msgstr ""
489
 
490
+ #: app/module/advanced-tools/controller/main.php:420
491
  msgid "Whoops, the passcode you entered was incorrect or expired."
492
  msgstr ""
493
 
494
+ #: app/module/advanced-tools/controller/main.php:534
495
  msgid "Edit Email"
496
  msgstr ""
497
 
498
+ #: app/module/advanced-tools/controller/main.php:565
499
+ #: app/module/advanced-tools/controller/mask-login.php:272
500
  #: app/module/audit/controller/main.php:197
501
  #: app/module/ip-lockout/controller/main.php:739
502
  #: app/module/scan/controller/main.php:306
503
  msgid "Your settings have been updated."
504
  msgstr ""
505
 
506
+ #: app/module/advanced-tools/controller/main.php:591
507
+ #: app/module/advanced-tools/controller/main.php:635
508
  msgid "%s variable was not found in mail body."
509
  msgstr ""
510
 
511
+ #: app/module/advanced-tools/controller/main.php:603
512
  msgid "Email settings has been saved."
513
  msgstr ""
514
 
515
+ #: app/module/advanced-tools/controller/main.php:652
516
  msgid "Test email has been sent to your email."
517
  msgstr ""
518
 
519
+ #: app/module/advanced-tools/controller/main.php:656
520
  msgid "Test email failed."
521
  msgstr ""
522
 
523
+ #: app/module/advanced-tools/controller/mask-login.php:219
524
  msgid "This feature is disabled"
525
  msgstr ""
526
 
527
+ #: app/module/advanced-tools/controller/mask-login.php:265
528
  msgid "Login and 404 redirect URLs can't be the same. Please use different URLs."
529
  msgstr ""
530
 
695
  msgstr ""
696
 
697
  #: app/module/advanced-tools/view/main-free.php:41
698
+ #: app/module/advanced-tools/view/main-free.php:117
699
  #: app/module/advanced-tools/view/main.php:41
700
+ #: app/module/advanced-tools/view/main.php:117
701
  msgid "User Roles"
702
  msgstr ""
703
 
714
  msgid "User role"
715
  msgstr ""
716
 
717
+ #: app/module/advanced-tools/view/main-free.php:84
718
+ #: app/module/advanced-tools/view/main.php:84
719
  msgid "Lost Phone"
720
  msgstr ""
721
 
722
+ #: app/module/advanced-tools/view/main-free.php:86
723
+ #: app/module/advanced-tools/view/main.php:86
724
  msgid ""
725
  "If a user is unable to access their phone, you can allow an option to send "
726
  "the one time password to their registered email."
727
  msgstr ""
728
 
729
+ #: app/module/advanced-tools/view/main-free.php:96
730
+ #: app/module/advanced-tools/view/main.php:96
731
  msgid "Enable lost phone option"
732
  msgstr ""
733
 
734
+ #: app/module/advanced-tools/view/main-free.php:101
735
+ #: app/module/advanced-tools/view/main.php:101
736
  msgid "Force Authentication"
737
  msgstr ""
738
 
739
+ #: app/module/advanced-tools/view/main-free.php:103
740
+ #: app/module/advanced-tools/view/main.php:103
741
  msgid ""
742
  "By default, two-factor authentication is optional for users. This setting "
743
  "forces users to activate two-factor."
744
  msgstr ""
745
 
746
+ #: app/module/advanced-tools/view/main-free.php:113
747
+ #: app/module/advanced-tools/view/main.php:113
748
  msgid "Force users to log in with two-factor authentication"
749
  msgstr ""
750
 
751
+ #: app/module/advanced-tools/view/main-free.php:114
752
+ #: app/module/advanced-tools/view/main.php:114
753
  msgid "Note: Users will be forced to set up two-factor when they next login."
754
  msgstr ""
755
 
756
+ #: app/module/advanced-tools/view/main-free.php:131
757
+ #: app/module/advanced-tools/view/main.php:131
758
  msgid "Custom warning message"
759
  msgstr ""
760
 
761
+ #: app/module/advanced-tools/view/main-free.php:135
762
+ #: app/module/advanced-tools/view/main.php:135
763
  msgid ""
764
  "Note: This is shown in the users Profile area indicating they must use "
765
  "two-factor authentication."
766
  msgstr ""
767
 
768
+ #: app/module/advanced-tools/view/main-free.php:143
769
  #: app/module/scan/behavior/scan.php:137 app/module/scan/behavior/scan.php:152
770
  #: app/module/scan/view/layouts/layout.php:62
771
  #: app/module/scan/view/layouts/layout.php:78
774
  msgid "Pro Feature"
775
  msgstr ""
776
 
777
+ #: app/module/advanced-tools/view/main-free.php:145
778
+ #: app/module/advanced-tools/view/main.php:142
779
+ #: app/module/advanced-tools/view/main.php:159
780
  msgid "Custom Graphic"
781
  msgstr ""
782
 
783
+ #: app/module/advanced-tools/view/main-free.php:147
784
+ #: app/module/advanced-tools/view/main.php:144
785
  msgid ""
786
  "By default, Defender’s icon appears above the login fields. You can upload "
787
  "your own branding, or turn this feature off."
788
  msgstr ""
789
 
790
+ #: app/module/advanced-tools/view/main-free.php:155
791
+ #: app/module/advanced-tools/view/main.php:155
792
  msgid "Enable custom graphics above login fields"
793
  msgstr ""
794
 
795
+ #: app/module/advanced-tools/view/main-free.php:163
796
+ #: app/module/advanced-tools/view/main.php:173
797
  msgid "Emails"
798
  msgstr ""
799
 
800
+ #: app/module/advanced-tools/view/main-free.php:165
801
+ #: app/module/advanced-tools/view/main.php:175
802
  msgid "Customize the default copy for emails the two-factor feature sends to users."
803
  msgstr ""
804
 
805
+ #: app/module/advanced-tools/view/main-free.php:171
806
+ #: app/module/advanced-tools/view/main.php:181
807
  msgid "Email"
808
  msgstr ""
809
 
810
+ #: app/module/advanced-tools/view/main-free.php:173
811
+ #: app/module/advanced-tools/view/main.php:183
812
  msgid "Lost phone one time password"
813
  msgstr ""
814
 
815
+ #: app/module/advanced-tools/view/main-free.php:180
816
+ #: app/module/advanced-tools/view/main.php:191
817
  msgid "App Download"
818
  msgstr ""
819
 
820
+ #: app/module/advanced-tools/view/main-free.php:182
821
+ #: app/module/advanced-tools/view/main.php:193
822
  msgid "Need the app? Here’s links to the official Google Authenticator apps."
823
  msgstr ""
824
 
825
+ #: app/module/advanced-tools/view/main-free.php:196
826
+ #: app/module/advanced-tools/view/main.php:207
827
  msgid "Active Users"
828
  msgstr ""
829
 
830
+ #: app/module/advanced-tools/view/main-free.php:198
831
+ #: app/module/advanced-tools/view/main.php:209
832
  msgid ""
833
  "Here’s a quick link to see which of your users have enabled two-factor "
834
  "verification."
835
  msgstr ""
836
 
837
+ #: app/module/advanced-tools/view/main-free.php:202
838
+ #: app/module/advanced-tools/view/main.php:213
839
  msgid "<a href=\"%s\">View users</a> who have enabled this feature."
840
  msgstr ""
841
 
842
+ #: app/module/advanced-tools/view/main-free.php:207
843
+ #: app/module/advanced-tools/view/main-free.php:214
844
+ #: app/module/advanced-tools/view/main.php:218
845
+ #: app/module/advanced-tools/view/main.php:225
846
  #: app/module/advanced-tools/view/mask-login/enabled.php:78
847
  #: app/module/advanced-tools/view/mask-login/enabled.php:82
848
  #: app/module/audit/view/settings.php:10
849
  msgid "Deactivate"
850
  msgstr ""
851
 
852
+ #: app/module/advanced-tools/view/main-free.php:209
853
+ #: app/module/advanced-tools/view/main.php:220
854
  msgid "Disable two-factor authentication on your website."
855
  msgstr ""
856
 
857
+ #: app/module/advanced-tools/view/main-free.php:222
858
+ #: app/module/advanced-tools/view/main.php:233
859
  msgid "SAVE SETTINGS"
860
  msgstr ""
861
 
862
+ #: app/module/advanced-tools/view/main.php:160
863
  msgid "For best results use a 168x168px JPG or PNG."
864
  msgstr ""
865
 
882
  msgstr ""
883
 
884
  #: app/module/advanced-tools/view/mask-login/enabled.php:33
885
+ msgid "Masking URL"
886
  msgstr ""
887
 
888
  #: app/module/advanced-tools/view/mask-login/enabled.php:35
889
  msgid ""
890
+ "Choose a new slug where users of your website will now login instead of "
891
+ "visiting /wp-login."
892
  msgstr ""
893
 
894
  #: app/module/advanced-tools/view/mask-login/enabled.php:39
895
  msgid ""
896
+ "You can choose any slug you like using alphanumeric characters and '-'s "
897
+ "only. For security reasons, less obvious slugs are recommended as they are "
898
+ "harder for bots to guess."
899
  msgstr ""
900
 
901
  #: app/module/advanced-tools/view/mask-login/enabled.php:40
902
+ msgid "New Login Slug"
903
+ msgstr ""
904
+
905
+ #: app/module/advanced-tools/view/mask-login/enabled.php:41
906
+ msgid "I.e. dashboard"
907
  msgstr ""
908
 
909
  #: app/module/advanced-tools/view/mask-login/enabled.php:42
910
+ msgid ""
911
+ "Users will login at <strong>%s</strong>. Note: Registration and Password "
912
+ "Reset emails have hardcoded URLs in them. We will update them automatically "
913
+ "to match your new login URL."
914
  msgstr ""
915
 
916
  #: app/module/advanced-tools/view/mask-login/enabled.php:47
1512
  #: app/module/scan/view/layouts/layout.php:132
1513
  #: app/module/scan/view/layouts/layout.php:149
1514
  #: app/module/scan/view/setting-free.php:3 app/module/scan/view/setting.php:3
1515
+ #: app/view/settings.php:6 free/main-activator.php:161 main-activator.php:119
1516
  msgid "Settings"
1517
  msgstr ""
1518
 
2201
  msgid "Disable trackbacks and pingbacks"
2202
  msgstr ""
2203
 
2204
+ #: app/module/hardener/component/disable-xml-rpc.php:28
2205
+ msgid "Disable XML RPC"
2206
+ msgstr ""
2207
+
2208
  #: app/module/hardener/component/hide-error-service.php:103
2209
  msgid "WP_DEBUG get override somewhere, please check with your host provider"
2210
  msgstr ""
2295
 
2296
  #: app/module/hardener/rule.php:111
2297
  #: app/module/scan/behavior/core-result.php:189
2298
+ #: app/module/scan/behavior/pro/content-result.php:111
2299
  #: app/module/scan/behavior/pro/vuln-result.php:156
2300
  #: app/module/scan/component/result-table.php:199
2301
  msgid "Ignore"
2384
  #: app/module/hardener/view/rules/db-prefix.php:11
2385
  #: app/module/hardener/view/rules/disable-file-editor.php:11
2386
  #: app/module/hardener/view/rules/disable-trackback.php:11
2387
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:11
2388
  #: app/module/hardener/view/rules/hide-error.php:11
2389
  #: app/module/hardener/view/rules/login-duration.php:11
2390
  #: app/module/hardener/view/rules/php-version.php:11
2409
  #: app/module/hardener/view/rules/db-prefix.php:16
2410
  #: app/module/hardener/view/rules/disable-file-editor.php:16
2411
  #: app/module/hardener/view/rules/disable-trackback.php:16
2412
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:18
2413
  #: app/module/hardener/view/rules/hide-error.php:16
2414
  #: app/module/hardener/view/rules/login-duration.php:16
2415
  #: app/module/hardener/view/rules/php-version.php:34
2478
 
2479
  #: app/module/hardener/view/rules/disable-file-editor.php:26
2480
  #: app/module/hardener/view/rules/disable-trackback.php:26
2481
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:36
2482
  #: app/module/hardener/view/rules/login-duration.php:29
2483
  #: app/module/hardener/view/rules/prevent-php-executed.php:52
2484
  #: app/module/hardener/view/rules/protect-information.php:26
2524
  msgid "Disable Pingbacks"
2525
  msgstr ""
2526
 
2527
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:8
2528
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:47
2529
+ msgid "Disable XML-RPC"
2530
+ msgstr ""
2531
+
2532
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:13
2533
+ msgid ""
2534
+ "XML-RPC is a system that allows you to post on your WordPress blog using "
2535
+ "popular weblog clients like Windows Live Writer. Technically, it’s a remote "
2536
+ "procedure call which uses XML to encode its calls and HTTP as a transport "
2537
+ "mechanism.<br/><br/>\n"
2538
+ "If you are using the WordPress mobile app, want to make connections to "
2539
+ "services like IFTTT, or want to access and publish to your blog remotely, "
2540
+ "then you need XML-RPC enabled.<br/><br/>\n"
2541
+ "In the past, there were security concerns with XML-RPC so we recommend "
2542
+ "making sure this feature is fully disabled if you don’t need it active."
2543
+ msgstr ""
2544
+
2545
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:21
2546
+ msgid ""
2547
+ "Automatically disable this feature below. You can re-enable it at any time "
2548
+ "if you need to."
2549
+ msgstr ""
2550
+
2551
+ #: app/module/hardener/view/rules/disable-xml-rpc.php:27
2552
+ msgid "XML-RPC is disabled."
2553
+ msgstr ""
2554
+
2555
  #: app/module/hardener/view/rules/hide-error.php:13
2556
  msgid ""
2557
  "In addition to hiding error logs, developers often use the built-in "
3771
  msgstr ""
3772
 
3773
  #: app/module/scan/behavior/core-result.php:75
3774
+ #: app/module/scan/behavior/core-result.php:409
3775
+ #: app/module/scan/behavior/core-result.php:414
3776
+ #: app/module/scan/behavior/pro/content-result.php:249
3777
+ #: app/module/scan/behavior/pro/content-result.php:270
3778
+ #: app/module/scan/behavior/pro/content-result.php:275
3779
  msgid "Defender doesn't have enough permission to remove this file"
3780
  msgstr ""
3781
 
3814
  msgstr ""
3815
 
3816
  #: app/module/scan/behavior/core-result.php:197
3817
+ #: app/module/scan/behavior/pro/content-result.php:132
3818
  msgid "Delete"
3819
  msgstr ""
3820
 
3825
  msgstr ""
3826
 
3827
  #: app/module/scan/behavior/core-result.php:202
3828
+ #: app/module/scan/behavior/pro/content-result.php:137
3829
  msgid "Yes"
3830
  msgstr ""
3831
 
3832
  #: app/module/scan/behavior/core-result.php:205
3833
+ #: app/module/scan/behavior/pro/content-result.php:140
3834
  msgid "No"
3835
  msgstr ""
3836
 
3850
  #: app/module/scan/behavior/core-result.php:281
3851
  #: app/module/scan/behavior/core-result.php:303
3852
  #: app/module/scan/behavior/core-result.php:325
3853
+ #: app/module/scan/behavior/pro/content-result.php:98
3854
  msgid "Pulling source file..."
3855
  msgstr ""
3856
 
3882
  "recommend backing up your website."
3883
  msgstr ""
3884
 
3885
+ #: app/module/scan/behavior/pro/content-result.php:91
3886
+ msgid "Found %s issues."
3887
+ msgstr ""
3888
+
3889
+ #: app/module/scan/behavior/pro/content-result.php:93
3890
+ msgid "Show"
3891
+ msgstr ""
3892
+
3893
+ #: app/module/scan/behavior/pro/content-result.php:118
3894
  msgid ""
3895
  "This will permanent delete the whole plugin containing this file, do you "
3896
  "want to do this?"
3897
  msgstr ""
3898
 
3899
+ #: app/module/scan/behavior/pro/content-result.php:121
3900
  msgid ""
3901
  "This will permanent delete the whole theme containing this file, do you "
3902
  "want to do this?"
3903
  msgstr ""
3904
 
3905
+ #: app/module/scan/behavior/pro/content-result.php:124
3906
  msgid "This will permanent delete this file, do you want to do this?"
3907
  msgstr ""
3908
 
3909
+ #: app/module/scan/behavior/pro/content-result.php:243
3910
  msgid "wp-config.php can't be removed. Please remove the suspicious code manually."
3911
  msgstr ""
3912
 
3913
+ #: app/module/scan/behavior/pro/content-scan.php:189
3914
+ msgid "Suspicous concat"
3915
+ msgstr ""
3916
+
3917
+ #: app/module/scan/behavior/pro/content-scan.php:271
3918
+ msgid "Suspicious variable function call"
3919
+ msgstr ""
3920
+
3921
+ #: app/module/scan/behavior/pro/content-scan.php:334
3922
+ msgid "Possible XSS detected"
3923
+ msgstr ""
3924
+
3925
+ #: app/module/scan/behavior/pro/content-scan.php:407
3926
+ msgid "Eval function found, with suspicious parameters."
3927
+ msgstr ""
3928
+
3929
  #: app/module/scan/behavior/pro/vuln-result.php:33
3930
  msgid "WordPress Vulnerability"
3931
  msgstr ""
4078
  msgid "A scan is already in progress"
4079
  msgstr ""
4080
 
4081
+ #: app/module/scan/component/scan-api.php:198
4082
  msgid "No scan record exists"
4083
  msgstr ""
4084
 
4085
+ #: app/module/scan/component/scan-api.php:238
4086
  msgid "Analyzing WordPress Core..."
4087
  msgstr ""
4088
 
4089
+ #: app/module/scan/component/scan-api.php:241
4090
  msgid "Analyzing WordPress Content..."
4091
  msgstr ""
4092
 
4093
+ #: app/module/scan/component/scan-api.php:244
4094
  msgid "Checking for any published vulnerabilities your plugins & themes..."
4095
  msgstr ""
4096
 
4670
  msgid "<br/>Something went wrong. Please try again later!"
4671
  msgstr ""
4672
 
4673
+ #: free/main-activator.php:166 main-activator.php:124
4674
  msgid "Docs"
4675
  msgstr ""
4676
 
4710
  msgid "Rate %s"
4711
  msgstr ""
4712
 
4713
+ #: main-activator.php:108
4714
  msgid ""
4715
  "We noticed you have both the free and pro versions of Defender installed, "
4716
  "so we've automatically deactivated the free version for you."
main-activator.php CHANGED
@@ -11,7 +11,7 @@ class WD_Main_Activator {
11
  add_action( 'init', array( &$this, 'init' ) );
12
  add_action( 'wp_loaded', array( &$this, 'maybeShowNotice' ) );
13
  add_action( 'wp_ajax_hideDefenderNotice', array( &$this, 'hideNotice' ) );
14
- add_action( 'activated_plugin', array( &$this, 'redirectToDefender' ) );
15
  }
16
 
17
  /**
@@ -57,7 +57,6 @@ class WD_Main_Activator {
57
  \Hammer\Base\Container::instance()->set( 'audit', new \WP_Defender\Module\Audit() );
58
  \Hammer\Base\Container::instance()->set( 'lockout', new \WP_Defender\Module\IP_Lockout() );
59
  \Hammer\Base\Container::instance()->set( 'advanced_tool', new \WP_Defender\Module\Advanced_Tools() );
60
- \Hammer\Base\Container::instance()->set( 'gdpr', new \WP_Defender\Controller\GDPR() );
61
  //no need to set debug
62
  require_once $this->wp_defender->getPluginPath() . 'free-dashboard/module.php';
63
  add_filter( 'wdev-email-message-' . plugin_basename( __FILE__ ), array( &$this, 'defenderAdsMessage' ) );
11
  add_action( 'init', array( &$this, 'init' ) );
12
  add_action( 'wp_loaded', array( &$this, 'maybeShowNotice' ) );
13
  add_action( 'wp_ajax_hideDefenderNotice', array( &$this, 'hideNotice' ) );
14
+ //add_action( 'activated_plugin', array( &$this, 'redirectToDefender' ) );
15
  }
16
 
17
  /**
57
  \Hammer\Base\Container::instance()->set( 'audit', new \WP_Defender\Module\Audit() );
58
  \Hammer\Base\Container::instance()->set( 'lockout', new \WP_Defender\Module\IP_Lockout() );
59
  \Hammer\Base\Container::instance()->set( 'advanced_tool', new \WP_Defender\Module\Advanced_Tools() );
 
60
  //no need to set debug
61
  require_once $this->wp_defender->getPluginPath() . 'free-dashboard/module.php';
62
  add_filter( 'wdev-email-message-' . plugin_basename( __FILE__ ), array( &$this, 'defenderAdsMessage' ) );
readme.txt CHANGED
@@ -1,13 +1,13 @@
1
  === Defender Security, Monitoring, and Hack Protection ===
2
  Plugin Name: Defender Security, Monitoring, and Hack Protection
3
- Version: 1.9
4
  Author: WPMU DEV
5
  Author URI: http://premium.wpmudev.org/
6
  Contributors: WPMUDEV
7
  Tags: Security, Security Tweaks, Hardening, IP lockout, Monitoring, Blacklist, Site Protection, Hacked, Security Scan
8
  Requires at least: 4.6
9
  Tested up to: 4.9.7
10
- Stable tag: 1.9.1
11
  License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
12
 
13
  Protect WordPress from hackers with security tweaks, code scans, 2-Step Verification, IP lockouts, and monitoring.
@@ -64,7 +64,7 @@ Brute force attacks are no match for Defender. Limit login attempts to stop user
64
 
65
  = Login Screen Masking =
66
 
67
- Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, it lets you whitelable your login user experience and improves branding.
68
 
69
  = 404 Limiter =
70
  Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a user keeps visiting pages that do not exist.
@@ -97,7 +97,7 @@ However, if you'd like extra scanning, audits and monitoring, you can always tak
97
  Defender is built to add all the best hardening and security tweaks used by the pros without having to become a security expert. This means you get all the most effective and proven protection methods other services provide with fewer settings, on-click hardening and faster setup.
98
 
99
  = Is Defender the only step I need to take in securing my WordPress site? =
100
- Hackers and bot attacks are not the only threat to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors and accidentally lost or damaged data. We recomend <a href="https://premium.wpmudev.org/project/snapshot/">Snapshot</a>. Defender with scheduled managed backups is the best way to keep your site safe.
101
 
102
 
103
 
@@ -122,6 +122,17 @@ Hackers and bot attacks are not the only threat to your site. No matter what se
122
 
123
  == Changelog ==
124
 
 
 
 
 
 
 
 
 
 
 
 
125
  = 1.9.1 =
126
  - Fix: Mask Login Area description text is misleading
127
  - Fix: wp-admin link of sub-sites in networks link to wrong admin URL
1
  === Defender Security, Monitoring, and Hack Protection ===
2
  Plugin Name: Defender Security, Monitoring, and Hack Protection
3
+ Version: 2.0
4
  Author: WPMU DEV
5
  Author URI: http://premium.wpmudev.org/
6
  Contributors: WPMUDEV
7
  Tags: Security, Security Tweaks, Hardening, IP lockout, Monitoring, Blacklist, Site Protection, Hacked, Security Scan
8
  Requires at least: 4.6
9
  Tested up to: 4.9.7
10
+ Stable tag: 2.0
11
  License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
12
 
13
  Protect WordPress from hackers with security tweaks, code scans, 2-Step Verification, IP lockouts, and monitoring.
64
 
65
  = Login Screen Masking =
66
 
67
+ Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, it lets you white label your login user experience and improves branding.
68
 
69
  = 404 Limiter =
70
  Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a user keeps visiting pages that do not exist.
97
  Defender is built to add all the best hardening and security tweaks used by the pros without having to become a security expert. This means you get all the most effective and proven protection methods other services provide with fewer settings, on-click hardening and faster setup.
98
 
99
  = Is Defender the only step I need to take in securing my WordPress site? =
100
+ Hackers and bot attacks are not the only threat to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors and accidentally lost or damaged data. We recommend <a href="https://premium.wpmudev.org/project/snapshot/">Snapshot</a>. Defender with scheduled managed backups is the best way to keep your site safe.
101
 
102
 
103
 
122
 
123
  == Changelog ==
124
 
125
+ = 2.0 =
126
+ - New: added tweak “Disable XML-RPC”
127
+ - Improvement: Two factor authentication can now be force enabled by role.
128
+ - Improvement: Masking URL description.
129
+ - Fix: Compatibility with Appointments+ login when Mask Login is enabled.
130
+ - Fix: /login/ will be blocked instead of redirecting to right login URL
131
+ - Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
132
+ - Fix: Accessibility issue when activating 2FA.
133
+ - Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
134
+ - Other minor enhancements and fixes
135
+
136
  = 1.9.1 =
137
  - Fix: Mask Login Area description text is misleading
138
  - Fix: wp-admin link of sub-sites in networks link to wrong admin URL
wp-defender.php CHANGED
@@ -3,7 +3,7 @@
3
  /**
4
  * Plugin Name: Defender
5
  * Plugin URI: https://premium.wpmudev.org/project/wp-defender/
6
- * Version: 1.9.1
7
  * Description: Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
8
  * Author: WPMU DEV
9
  * Author URI: http://premium.wpmudev.org/
3
  /**
4
  * Plugin Name: Defender
5
  * Plugin URI: https://premium.wpmudev.org/project/wp-defender/
6
+ * Version: 2.0
7
  * Description: Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
8
  * Author: WPMU DEV
9
  * Author URI: http://premium.wpmudev.org/