Defender Security – Malware Scanner, Login Security & Firewall - Version 2.5.7

Version Description

( 2021-08-25 ) =

  • Fix: Firewall Locations ban issue
Download this release

Release Info

Developer BigTonny
Plugin Icon 128x128 Defender Security – Malware Scanner, Login Security & Firewall
Version 2.5.7
Comparing to
See all releases

Code changes from version 2.5.6 to 2.5.7

Files changed (7) hide show
  1. languages/wpdef-default.pot +14 -14
  2. readme.txt +6 -28
  3. src/component/security-tweaks/servers/apache.php +31 -30
  4. src/component/security-tweaks/servers/iis-7.php +14 -14
  5. src/component/security-tweaks/servers/server-factory.php +9 -9
  6. src/model/setting/blacklist-lockout.php +23 -21
  7. wp-defender.php +3 -3
languages/wpdef-default.pot CHANGED
@@ -6,9 +6,9 @@
6
  #, fuzzy
7
  msgid ""
8
  msgstr ""
9
- "Project-Id-Version: wp-defender 2.5.6\n"
10
  "Report-Msgid-Bugs-To: \n"
11
- "POT-Creation-Date: 2021-08-20 16:03+0300\n"
12
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1288,7 +1288,7 @@ msgstr ""
1288
 
1289
  #: src/component/backup-settings.php:375
1290
  #: src/component/config/config-adapter.php:276
1291
- #: src/model/setting/blacklist-lockout.php:69
1292
  msgid "The administrator has blocked your IP from accessing this website."
1293
  msgstr ""
1294
 
@@ -1865,12 +1865,12 @@ msgstr ""
1865
  #: src/component/security-tweaks/security-key.php:95
1866
  #: src/component/security-tweaks/servers/apache.php:91
1867
  #: src/component/security-tweaks/servers/apache.php:177
1868
- #: src/component/security-tweaks/servers/apache.php:394
1869
- #: src/component/security-tweaks/servers/apache.php:399
1870
- #: src/component/security-tweaks/servers/apache.php:438
1871
- #: src/component/security-tweaks/servers/apache.php:443
1872
- #: src/component/security-tweaks/servers/apache.php:519
1873
- #: src/component/security-tweaks/servers/apache.php:537
1874
  #, php-format
1875
  msgid "The file %s is not writable"
1876
  msgstr ""
@@ -3146,23 +3146,23 @@ msgstr ""
3146
  msgid "Storage for"
3147
  msgstr ""
3148
 
3149
- #: src/model/setting/blacklist-lockout.php:238
3150
  msgid "IP Banning - IP Addresses Blocklist"
3151
  msgstr ""
3152
 
3153
- #: src/model/setting/blacklist-lockout.php:239
3154
  msgid "IP Banning - IP Addresses Allowlist"
3155
  msgstr ""
3156
 
3157
- #: src/model/setting/blacklist-lockout.php:240
3158
  msgid "IP Banning - Country Allowlist"
3159
  msgstr ""
3160
 
3161
- #: src/model/setting/blacklist-lockout.php:241
3162
  msgid "IP Banning - Country Blocklist"
3163
  msgstr ""
3164
 
3165
- #: src/model/setting/blacklist-lockout.php:242
3166
  msgid "IP Banning - Lockout Message"
3167
  msgstr ""
3168
 
6
  #, fuzzy
7
  msgid ""
8
  msgstr ""
9
+ "Project-Id-Version: wp-defender 2.5.7\n"
10
  "Report-Msgid-Bugs-To: \n"
11
+ "POT-Creation-Date: 2021-08-25 12:08+0300\n"
12
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14
  "Language-Team: LANGUAGE <LL@li.org>\n"
1288
 
1289
  #: src/component/backup-settings.php:375
1290
  #: src/component/config/config-adapter.php:276
1291
+ #: src/model/setting/blacklist-lockout.php:71
1292
  msgid "The administrator has blocked your IP from accessing this website."
1293
  msgstr ""
1294
 
1865
  #: src/component/security-tweaks/security-key.php:95
1866
  #: src/component/security-tweaks/servers/apache.php:91
1867
  #: src/component/security-tweaks/servers/apache.php:177
1868
+ #: src/component/security-tweaks/servers/apache.php:395
1869
+ #: src/component/security-tweaks/servers/apache.php:400
1870
+ #: src/component/security-tweaks/servers/apache.php:439
1871
+ #: src/component/security-tweaks/servers/apache.php:444
1872
+ #: src/component/security-tweaks/servers/apache.php:520
1873
+ #: src/component/security-tweaks/servers/apache.php:538
1874
  #, php-format
1875
  msgid "The file %s is not writable"
1876
  msgstr ""
3146
  msgid "Storage for"
3147
  msgstr ""
3148
 
3149
+ #: src/model/setting/blacklist-lockout.php:240
3150
  msgid "IP Banning - IP Addresses Blocklist"
3151
  msgstr ""
3152
 
3153
+ #: src/model/setting/blacklist-lockout.php:241
3154
  msgid "IP Banning - IP Addresses Allowlist"
3155
  msgstr ""
3156
 
3157
+ #: src/model/setting/blacklist-lockout.php:242
3158
  msgid "IP Banning - Country Allowlist"
3159
  msgstr ""
3160
 
3161
+ #: src/model/setting/blacklist-lockout.php:243
3162
  msgid "IP Banning - Country Blocklist"
3163
  msgstr ""
3164
 
3165
+ #: src/model/setting/blacklist-lockout.php:244
3166
  msgid "IP Banning - Lockout Message"
3167
  msgstr ""
3168
 
readme.txt CHANGED
@@ -1,13 +1,13 @@
1
  === Defender Security - Malware Scanner, Login Security & Firewall ===
2
  Plugin Name: Defender Security - Malware Scanner, Login Security & Firewall
3
- Version: 2.5.6
4
  Author: WPMU DEV
5
  Author URI: https://wpmudev.com/
6
  Contributors: WPMUDEV
7
  Tags: security plugin, security, firewall, malware, malware scanner, antivirus, ip blocking, login security, brute force attacks, two-factor authentication, activity log, audit logs, block hackers, 2fa, hack
8
  Requires at least: 5.2
9
  Tested up to: 5.8
10
- Stable tag: 2.5.6
11
  License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
12
 
13
  Security plugin with malware scanner, IP blocking, audit logs, activity logs, firewall, login security & more.
@@ -222,6 +222,10 @@ Please open a new thread in Defender’s [support forum](https://wordpress.org/s
222
 
223
  == Changelog ==
224
 
 
 
 
 
225
  = 2.5.6 ( 2021-08-23 ) =
226
 
227
  - New: reCAPTCHA for comments
@@ -315,32 +319,6 @@ Please open a new thread in Defender’s [support forum](https://wordpress.org/s
315
 
316
  - Fix: Fatal error after an update from older versions
317
 
318
- = 2.5.0 ( 2021-05-06 ) =
319
-
320
- - New: Check passwords against Pwned database
321
- - New: Highlight new features in welcome modal
322
- - Enhance: Automatically remove old logs after 30 days
323
- - Enhance: Malware scanning security enhancements
324
- - Enhance: Detect suspicious code with 'WPTemplatesOptions'
325
- - Enhance: Detect suspicious code in themes
326
- - Enhance: Some suspicious code threats missed by Defender
327
- - Enhance: Better descriptions for Malware scanning reports
328
- - Enhance: Set 'Scan plugin files' option unchecked by default
329
- - Enhance: Remove 'Scan theme files' option from File change detection
330
- - Enhance: Remove 'Allow From' option from X-Frame-Options header
331
- - Enhance: Platform compatibility with Defender
332
- - Enhance: Rename Advanced Tools to Tools
333
- - Enhance: Documentation links tracking
334
- - Fix: Malware scanning stuck on analyzing theme
335
- - Fix: Translation files not applied
336
- - Fix: Reset not removing all data
337
- - Fix: Send data in persistent date format to Hub
338
- - Fix: Resetting or Uninstalling does not completely remove Defender settings
339
- - Fix: Check all files from scan Issues and Ignored tabs for bulk actions
340
- - Fix: Scrolling Up issue in Active lockouts
341
- - Fix: Update SUI to the latest version
342
- - Fix: Revert button in Prevent User Enumeration recommendation
343
-
344
 
345
  [Changelog for previous versions](https://wpmudev.com/project/wp-defender/#view-changelog).
346
 
1
  === Defender Security - Malware Scanner, Login Security & Firewall ===
2
  Plugin Name: Defender Security - Malware Scanner, Login Security & Firewall
3
+ Version: 2.5.7
4
  Author: WPMU DEV
5
  Author URI: https://wpmudev.com/
6
  Contributors: WPMUDEV
7
  Tags: security plugin, security, firewall, malware, malware scanner, antivirus, ip blocking, login security, brute force attacks, two-factor authentication, activity log, audit logs, block hackers, 2fa, hack
8
  Requires at least: 5.2
9
  Tested up to: 5.8
10
+ Stable tag: 2.5.7
11
  License: GPL v2 - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
12
 
13
  Security plugin with malware scanner, IP blocking, audit logs, activity logs, firewall, login security & more.
222
 
223
  == Changelog ==
224
 
225
+ = 2.5.7 ( 2021-08-25 ) =
226
+
227
+ - Fix: Firewall Locations ban issue
228
+
229
  = 2.5.6 ( 2021-08-23 ) =
230
 
231
  - New: reCAPTCHA for comments
319
 
320
  - Fix: Fatal error after an update from older versions
321
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
322
 
323
  [Changelog for previous versions](https://wpmudev.com/project/wp-defender/#view-changelog).
324
 
src/component/security-tweaks/servers/apache.php CHANGED
@@ -7,42 +7,42 @@ use WP_Error;
7
  class Apache {
8
 
9
  /**
10
- * Exclude file paths
11
  *
12
- * @var array|bool|mixed
13
  */
14
  public $exclude_file_paths = [];
15
 
16
  /**
17
- * Exclude file paths
18
  *
19
- * @var array|bool|mixed
20
  */
21
  public $new_htaccess_config = [];
22
 
23
  /**
24
- * The htaccess inside wp-content
25
  *
26
  * @var string
27
  */
28
  public $contentdir_path = null;
29
 
30
  /**
31
- * The htaccess path inside wp-includes
32
  *
33
  * @var null
34
  */
35
  public $includedir_path = null;
36
 
37
  /**
38
- * Service type
39
  *
40
  * @var string
41
  */
42
  private $type = null;
43
 
44
  /**
45
- * Constructor method
46
  *
47
  * @param void
48
  */
@@ -51,7 +51,7 @@ class Apache {
51
  }
52
 
53
  /**
54
- * Check whether the issue has been resolved or not
55
  *
56
  * @return bool
57
  */
@@ -71,7 +71,7 @@ class Apache {
71
  }
72
 
73
  /**
74
- * Process the rule
75
  * @param bool|string $file_paths
76
  *
77
  * @return bool|\WP_Error
@@ -162,7 +162,7 @@ class Apache {
162
  }
163
 
164
  /**
165
- * Revert the rules
166
  *
167
  * @return bool|\WP_Error
168
  */
@@ -224,8 +224,9 @@ class Apache {
224
  return delete_site_option( "defender_security_tweeks_{$this->type}" );
225
  }
226
  }
 
227
  /**
228
- * Get Apache rule depending on the version
229
  *
230
  * @return array
231
  */
@@ -265,7 +266,7 @@ class Apache {
265
  }
266
 
267
  /**
268
- * Get Apache rule depending on the version for instruction on browser
269
  *
270
  * @return string
271
  */
@@ -334,10 +335,10 @@ class Apache {
334
  }
335
 
336
  /**
337
- * Determine the Apache version
338
- * Most web servers have apache_get_version disabled, so we just get a simple curl of the headers
339
  *
340
- * @return String
341
  */
342
  public function get_version() {
343
  if ( ! function_exists( 'apache_get_version' ) ) {
@@ -377,7 +378,7 @@ class Apache {
377
  }
378
 
379
  /**
380
- * Protect content directory
381
  *
382
  * @return void
383
  */
@@ -421,7 +422,7 @@ class Apache {
421
  }
422
 
423
  /**
424
- * Protect includes directory
425
  *
426
  * @return void
427
  */
@@ -464,7 +465,7 @@ class Apache {
464
  }
465
 
466
  /**
467
- * Return the correct apache rules for allow/deny
468
  *
469
  * @return String
470
  */
@@ -486,8 +487,8 @@ class Apache {
486
  }
487
 
488
  /**
489
- * Protect uploads directory
490
- * This only when user provide a custom uploads
491
  *
492
  * @return void
493
  */
@@ -499,7 +500,7 @@ class Apache {
499
  }
500
 
501
  /**
502
- * UnProtect content directory
503
  *
504
  * @return void
505
  */
@@ -543,7 +544,7 @@ class Apache {
543
  }
544
 
545
  /**
546
- * UnProtect upload directory
547
  *
548
  * @return void
549
  */
@@ -555,18 +556,18 @@ class Apache {
555
  }
556
 
557
  /**
558
- * Get the exclude file paths
559
  *
560
- * @return Array - $exclude_file_paths
561
  */
562
  public function get_excluded_file_paths() {
563
  return $this->exclude_file_paths;
564
  }
565
 
566
  /**
567
- * Set the exclude file paths
568
  *
569
- * @param String $paths
570
  */
571
  public function set_exclude_file_paths( $paths ) {
572
  if ( ! empty( $paths ) ) {
@@ -575,9 +576,9 @@ class Apache {
575
  }
576
 
577
  /**
578
- * Set the exclude file paths
579
  *
580
- * @param String $paths
581
  */
582
  public function get_new_htaccess_config( $config = [] ) {
583
  if ( ! empty( $config ) ) {
@@ -586,7 +587,7 @@ class Apache {
586
  }
587
 
588
  /**
589
- * Get the new HT config
590
  *
591
  * @return Array - $new_htaccess_config
592
  */
7
  class Apache {
8
 
9
  /**
10
+ * Exclude file paths.
11
  *
12
+ * @var array
13
  */
14
  public $exclude_file_paths = [];
15
 
16
  /**
17
+ * Exclude file paths.
18
  *
19
+ * @var array
20
  */
21
  public $new_htaccess_config = [];
22
 
23
  /**
24
+ * The htaccess inside wp-content.
25
  *
26
  * @var string
27
  */
28
  public $contentdir_path = null;
29
 
30
  /**
31
+ * The htaccess path inside wp-includes.
32
  *
33
  * @var null
34
  */
35
  public $includedir_path = null;
36
 
37
  /**
38
+ * Service type.
39
  *
40
  * @var string
41
  */
42
  private $type = null;
43
 
44
  /**
45
+ * Constructor method.
46
  *
47
  * @param void
48
  */
51
  }
52
 
53
  /**
54
+ * Check whether the issue has been resolved or not.
55
  *
56
  * @return bool
57
  */
71
  }
72
 
73
  /**
74
+ * Process the rule.
75
  * @param bool|string $file_paths
76
  *
77
  * @return bool|\WP_Error
162
  }
163
 
164
  /**
165
+ * Revert the rules.
166
  *
167
  * @return bool|\WP_Error
168
  */
224
  return delete_site_option( "defender_security_tweeks_{$this->type}" );
225
  }
226
  }
227
+
228
  /**
229
+ * Get Apache rule depending on the version.
230
  *
231
  * @return array
232
  */
266
  }
267
 
268
  /**
269
+ * Get Apache rule depending on the version for instruction on browser.
270
  *
271
  * @return string
272
  */
335
  }
336
 
337
  /**
338
+ * Determine the Apache version.
339
+ * Most web servers have apache_get_version disabled, so we just get a simple curl of the headers.
340
  *
341
+ * @return string
342
  */
343
  public function get_version() {
344
  if ( ! function_exists( 'apache_get_version' ) ) {
378
  }
379
 
380
  /**
381
+ * Protect content directory.
382
  *
383
  * @return void
384
  */
422
  }
423
 
424
  /**
425
+ * Protect includes directory.
426
  *
427
  * @return void
428
  */
465
  }
466
 
467
  /**
468
+ * Return the correct apache rules for allow/deny.
469
  *
470
  * @return String
471
  */
487
  }
488
 
489
  /**
490
+ * Protect uploads directory.
491
+ * This only when user provide a custom uploads.
492
  *
493
  * @return void
494
  */
500
  }
501
 
502
  /**
503
+ * UnProtect content directory.
504
  *
505
  * @return void
506
  */
544
  }
545
 
546
  /**
547
+ * UnProtect upload directory.
548
  *
549
  * @return void
550
  */
556
  }
557
 
558
  /**
559
+ * Get the exclude file paths.
560
  *
561
+ * @return array - $exclude_file_paths
562
  */
563
  public function get_excluded_file_paths() {
564
  return $this->exclude_file_paths;
565
  }
566
 
567
  /**
568
+ * Set the exclude file paths.
569
  *
570
+ * @param string $paths
571
  */
572
  public function set_exclude_file_paths( $paths ) {
573
  if ( ! empty( $paths ) ) {
576
  }
577
 
578
  /**
579
+ * Set the exclude file paths.
580
  *
581
+ * @param string $paths
582
  */
583
  public function get_new_htaccess_config( $config = [] ) {
584
  if ( ! empty( $config ) ) {
587
  }
588
 
589
  /**
590
+ * Get the new HT config.
591
  *
592
  * @return Array - $new_htaccess_config
593
  */
src/component/security-tweaks/servers/iis-7.php CHANGED
@@ -8,28 +8,28 @@ use DOMDocument;
8
 
9
  class IIS_7 {
10
  /**
11
- * New htaccess file
12
  *
13
- * @var array|bool|mixed
14
  */
15
  private $new_htaccess_config = [];
16
 
17
  /**
18
- * Exclude file paths
19
  *
20
- * @var array|bool|mixed
21
  */
22
  private $exclude_file_paths = [];
23
 
24
  /**
25
- * Service type
26
  *
27
  * @var string
28
  */
29
  private $type = null;
30
 
31
  /**
32
- * Constructor method
33
  *
34
  * @param void
35
  */
@@ -38,7 +38,7 @@ class IIS_7 {
38
  }
39
 
40
  /**
41
- * Check whether the issue has been resolved or not
42
  *
43
  * @return bool
44
  */
@@ -58,7 +58,7 @@ class IIS_7 {
58
  }
59
 
60
  /**
61
- * Process the rule
62
  *
63
  * @return bool
64
  */
@@ -145,7 +145,7 @@ class IIS_7 {
145
 
146
 
147
  /**
148
- * Revert the rule
149
  *
150
  * @return bool
151
  */
@@ -179,20 +179,20 @@ class IIS_7 {
179
  }
180
 
181
  /**
182
- * Get the new HT config
183
  *
184
- * @return Array - $new_htaccess_config
185
  */
186
  public function get_new_htaccess_config() {
187
  return $this->new_htaccess_config;
188
  }
189
 
190
  /**
191
- * Get the exclude file paths
192
  *
193
- * @return Array - $exclude_file_paths
194
  */
195
  public function get_excluded_file_paths() {
196
  return $this->exclude_file_paths;
197
  }
198
- }
8
 
9
  class IIS_7 {
10
  /**
11
+ * New htaccess file.
12
  *
13
+ * @var array
14
  */
15
  private $new_htaccess_config = [];
16
 
17
  /**
18
+ * Exclude file paths.
19
  *
20
+ * @var array
21
  */
22
  private $exclude_file_paths = [];
23
 
24
  /**
25
+ * Service type.
26
  *
27
  * @var string
28
  */
29
  private $type = null;
30
 
31
  /**
32
+ * Constructor method.
33
  *
34
  * @param void
35
  */
38
  }
39
 
40
  /**
41
+ * Check whether the issue has been resolved or not.
42
  *
43
  * @return bool
44
  */
58
  }
59
 
60
  /**
61
+ * Process the rule.
62
  *
63
  * @return bool
64
  */
145
 
146
 
147
  /**
148
+ * Revert the rule.
149
  *
150
  * @return bool
151
  */
179
  }
180
 
181
  /**
182
+ * Get the new HT config.
183
  *
184
+ * @return array - $new_htaccess_config
185
  */
186
  public function get_new_htaccess_config() {
187
  return $this->new_htaccess_config;
188
  }
189
 
190
  /**
191
+ * Get the exclude file paths.
192
  *
193
+ * @return array - $exclude_file_paths
194
  */
195
  public function get_excluded_file_paths() {
196
  return $this->exclude_file_paths;
197
  }
198
+ }
src/component/security-tweaks/servers/server-factory.php CHANGED
@@ -8,28 +8,28 @@ use Exception;
8
  class Server_Factory {
9
 
10
  /**
11
- * Server name holder for showing notice
12
  *
13
- * @var string|null
14
  */
15
  private $requested_server;
16
 
17
  /**
18
- * Server name holder
19
  *
20
- * @var string|default null
21
  */
22
  private $server = null;
23
 
24
  /**
25
- * Supported server list holder
26
  *
27
- * @var string|default null
28
  */
29
  private $servers = [];
30
 
31
  /**
32
- * Constructor method
33
  *
34
  * @param string $server
35
  *
@@ -56,7 +56,7 @@ class Server_Factory {
56
  }
57
 
58
  /**
59
- * Get supported servers
60
  *
61
  * @return array
62
  */
@@ -72,7 +72,7 @@ class Server_Factory {
72
  }
73
 
74
  /**
75
- * Get the server for specific service
76
  *
77
  * @param string
78
  *
8
  class Server_Factory {
9
 
10
  /**
11
+ * Server name holder for showing notice.
12
  *
13
+ * @var string
14
  */
15
  private $requested_server;
16
 
17
  /**
18
+ * Server name holder.
19
  *
20
+ * @var string
21
  */
22
  private $server = null;
23
 
24
  /**
25
+ * Supported server list holder.
26
  *
27
+ * @var array
28
  */
29
  private $servers = [];
30
 
31
  /**
32
+ * Constructor method.
33
  *
34
  * @param string $server
35
  *
56
  }
57
 
58
  /**
59
+ * Get supported servers.
60
  *
61
  * @return array
62
  */
72
  }
73
 
74
  /**
75
+ * Get the server for specific service.
76
  *
77
  * @param string
78
  *
src/model/setting/blacklist-lockout.php CHANGED
@@ -15,14 +15,14 @@ class Blacklist_Lockout extends Setting {
15
 
16
  protected $table = 'wd_blacklist_lockout_settings';
17
  /**
18
- * Store a list of IPs blocked from the site, the priority of this list is lower than whitelist
19
  *
20
  * @var string
21
  * @defender_property
22
  */
23
  public $ip_blacklist = '';
24
  /**
25
- * Top priority, if an IP in this list, mean we never check any on them
26
  *
27
  * @var string
28
  * @defender_property
@@ -30,7 +30,7 @@ class Blacklist_Lockout extends Setting {
30
  public $ip_whitelist = '';
31
  /**
32
  * The message to show on frontend when an blocklisted IP access the site, recommend to use something generic,
33
- * so we don't expose our intention
34
  *
35
  * @var string
36
  * @defender_property
@@ -38,8 +38,8 @@ class Blacklist_Lockout extends Setting {
38
  public $ip_lockout_message = '';
39
 
40
  /**
41
- * This should be use if you don't want an IP from some country to access your site, the error message will refer to
42
- * $ip_lockout_message
43
  *
44
  * @var array
45
  * @defender_property
@@ -47,7 +47,8 @@ class Blacklist_Lockout extends Setting {
47
  public $country_blacklist = array();
48
 
49
  /**
50
- * This mostly use when you want to block all and allow some countries, it will have less priority than the IP white/black above
 
51
  *
52
  * @var array
53
  * @defender_property
@@ -55,9 +56,10 @@ class Blacklist_Lockout extends Setting {
55
  public $country_whitelist = array();
56
 
57
  /**
58
- * Path to downloaded GeoDB
 
59
  *
60
- * @var string|null
61
  * @defender_property
62
  */
63
  public $geodb_path = null;
@@ -70,7 +72,7 @@ class Blacklist_Lockout extends Setting {
70
  }
71
 
72
  /**
73
- * Add an IP to the list, this should be the **ONLY** way to add an IP to a list
74
  *
75
  * @param $ip
76
  * @param null $list blocklist|allowlist
@@ -93,8 +95,8 @@ class Blacklist_Lockout extends Setting {
93
  }
94
 
95
  /**
96
- * @param $ip
97
- * @param $list
98
  *
99
  * @return bool
100
  */
@@ -110,8 +112,8 @@ class Blacklist_Lockout extends Setting {
110
  /**
111
  * Remove an ip from a list
112
  *
113
- * @param $ip
114
- * @param null $list blocklist|allowlist
115
  *
116
  * @return void
117
  */
@@ -131,7 +133,7 @@ class Blacklist_Lockout extends Setting {
131
  }
132
 
133
  /**
134
- * Check downloaded GeoDB
135
  *
136
  * @return bool
137
  */
@@ -156,7 +158,7 @@ class Blacklist_Lockout extends Setting {
156
 
157
  return true;
158
  } elseif ( ! empty( $this->geodb_path ) && file_exists( $this->geodb_path ) ) {
159
- //the case if ABSPATH was changed e.g. in wp-config.php
160
  return true;
161
  }
162
 
@@ -174,7 +176,7 @@ class Blacklist_Lockout extends Setting {
174
 
175
  /**
176
  * We going to use this for filter the IPs, as we use textarea to submit so it can contains
177
- * some un-valid IPs
178
  */
179
  public function after_validate() {
180
  $lists = [
@@ -192,14 +194,14 @@ class Blacklist_Lockout extends Setting {
192
  }
193
 
194
  /**
195
- * Get list of blocklisted or allowlisted IPs
196
  *
197
  * @param string $type blocklist|allowlist
198
  *
199
  * @return array
200
  */
201
  public function get_list( $type = 'blocklist' ) {
202
- // the list should be always strings
203
  $list = ( 'blocklist' === $type ) ? $this->ip_blacklist : $this->ip_whitelist;
204
  $arr = array_filter( explode( PHP_EOL, $list ) );
205
  $arr = array_map( 'trim', $arr );
@@ -209,7 +211,7 @@ class Blacklist_Lockout extends Setting {
209
  }
210
 
211
  /**
212
- * Get list of blacklisted countries
213
  *
214
  * @return array
215
  */
@@ -218,7 +220,7 @@ class Blacklist_Lockout extends Setting {
218
  }
219
 
220
  /**
221
- * Get list of whitelisted countries
222
  *
223
  * @return array
224
  */
@@ -227,7 +229,7 @@ class Blacklist_Lockout extends Setting {
227
  }
228
 
229
  /**
230
- * Define labels for settings key
231
  *
232
  * @param string|null $key
233
  *
15
 
16
  protected $table = 'wd_blacklist_lockout_settings';
17
  /**
18
+ * Store a list of IPs blocked from the site, the priority of this list is lower than whitelist.
19
  *
20
  * @var string
21
  * @defender_property
22
  */
23
  public $ip_blacklist = '';
24
  /**
25
+ * Top priority, if an IP in this list, mean we never check any on them.
26
  *
27
  * @var string
28
  * @defender_property
30
  public $ip_whitelist = '';
31
  /**
32
  * The message to show on frontend when an blocklisted IP access the site, recommend to use something generic,
33
+ * so we don't expose our intention.
34
  *
35
  * @var string
36
  * @defender_property
38
  public $ip_lockout_message = '';
39
 
40
  /**
41
+ * This should be use if you don't want an IP from some country to access your site, the error message will refer to
42
+ * $ip_lockout_message.
43
  *
44
  * @var array
45
  * @defender_property
47
  public $country_blacklist = array();
48
 
49
  /**
50
+ * This uses when you want to block all and allow some countries, it will have less priority than the IP
51
+ * white/black above.
52
  *
53
  * @var array
54
  * @defender_property
56
  public $country_whitelist = array();
57
 
58
  /**
59
+ * Path to downloaded GeoDB.
60
+ * Important: This var doesn't support Union Types. So just 'string'.
61
  *
62
+ * @var string
63
  * @defender_property
64
  */
65
  public $geodb_path = null;
72
  }
73
 
74
  /**
75
+ * Add an IP to the list, this should be the **ONLY** way to add an IP to a list.
76
  *
77
  * @param $ip
78
  * @param null $list blocklist|allowlist
95
  }
96
 
97
  /**
98
+ * @param string $ip
99
+ * @param string $list
100
  *
101
  * @return bool
102
  */
112
  /**
113
  * Remove an ip from a list
114
  *
115
+ * @param string $ip
116
+ * @param string $list blocklist|allowlist
117
  *
118
  * @return void
119
  */
133
  }
134
 
135
  /**
136
+ * Check downloaded GeoDB.
137
  *
138
  * @return bool
139
  */
158
 
159
  return true;
160
  } elseif ( ! empty( $this->geodb_path ) && file_exists( $this->geodb_path ) ) {
161
+ // The case if ABSPATH was changed e.g. in wp-config.php.
162
  return true;
163
  }
164
 
176
 
177
  /**
178
  * We going to use this for filter the IPs, as we use textarea to submit so it can contains
179
+ * some un-valid IPs.
180
  */
181
  public function after_validate() {
182
  $lists = [
194
  }
195
 
196
  /**
197
+ * Get list of blocklisted or allowlisted IPs.
198
  *
199
  * @param string $type blocklist|allowlist
200
  *
201
  * @return array
202
  */
203
  public function get_list( $type = 'blocklist' ) {
204
+ // The list should be always strings.
205
  $list = ( 'blocklist' === $type ) ? $this->ip_blacklist : $this->ip_whitelist;
206
  $arr = array_filter( explode( PHP_EOL, $list ) );
207
  $arr = array_map( 'trim', $arr );
211
  }
212
 
213
  /**
214
+ * Get list of blacklisted countries.
215
  *
216
  * @return array
217
  */
220
  }
221
 
222
  /**
223
+ * Get list of whitelisted countries.
224
  *
225
  * @return array
226
  */
229
  }
230
 
231
  /**
232
+ * Define labels for settings key.
233
  *
234
  * @param string|null $key
235
  *
wp-defender.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * Plugin Name: Defender
4
  * Plugin URI: https://wpmudev.com/project/wp-defender/
5
- * Version: 2.5.6
6
  * Description: Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
7
  * Author: WPMU DEV
8
  * Author URI: https://wpmudev.com/
@@ -15,10 +15,10 @@ if ( ! defined( 'ABSPATH' ) ) {
15
  die;
16
  }
17
  if ( ! defined( 'DEFENDER_VERSION' ) ) {
18
- define( 'DEFENDER_VERSION', '2.5.6' );
19
  }
20
  if ( ! defined( 'DEFENDER_DB_VERSION' ) ) {
21
- define( 'DEFENDER_DB_VERSION', '2.5.6' );
22
  }
23
  if ( ! defined( 'DEFENDER_SUI' ) ) {
24
  define( 'DEFENDER_SUI', '2-10-7' );
2
  /**
3
  * Plugin Name: Defender
4
  * Plugin URI: https://wpmudev.com/project/wp-defender/
5
+ * Version: 2.5.7
6
  * Description: Get regular security scans, vulnerability reports, safety recommendations and customized hardening for your site in just a few clicks. Defender is the analyst and enforcer who never sleeps.
7
  * Author: WPMU DEV
8
  * Author URI: https://wpmudev.com/
15
  die;
16
  }
17
  if ( ! defined( 'DEFENDER_VERSION' ) ) {
18
+ define( 'DEFENDER_VERSION', '2.5.7' );
19
  }
20
  if ( ! defined( 'DEFENDER_DB_VERSION' ) ) {
21
+ define( 'DEFENDER_DB_VERSION', '2.5.7' );
22
  }
23
  if ( ! defined( 'DEFENDER_SUI' ) ) {
24
  define( 'DEFENDER_SUI', '2-10-7' );