Version Description
- BuddyPress login error compatibility implemented.
- UltimateMember compatibility implemented.
- A PHP warning fixed.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.14.0 |
Comparing to | |
See all releases |
Code changes from version 2.13.0 to 2.14.0
- core/LimitLoginAttempts.php +42 -9
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +6 -1
- views/tab-dashboard.php +2 -2
core/LimitLoginAttempts.php
CHANGED
@@ -55,6 +55,13 @@ class Limit_Login_Attempts
|
|
55 |
*/
|
56 |
public $_errors = array();
|
57 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
58 |
/**
|
59 |
* @var null
|
60 |
*/
|
@@ -140,7 +147,7 @@ class Limit_Login_Attempts
|
|
140 |
* later versions of WP.
|
141 |
*/
|
142 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
143 |
-
add_action( 'authenticate', array( $this, 'authenticate_filter' ),
|
144 |
|
145 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
146 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
@@ -433,6 +440,11 @@ class Limit_Login_Attempts
|
|
433 |
|
434 |
if ( ! empty( $username ) && ! empty( $password ) ) {
|
435 |
|
|
|
|
|
|
|
|
|
|
|
436 |
$ip = $this->get_address();
|
437 |
|
438 |
// Check if username is blacklisted
|
@@ -735,6 +747,10 @@ class Limit_Login_Attempts
|
|
735 |
public function notify( $user ) {
|
736 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
737 |
|
|
|
|
|
|
|
|
|
738 |
// TODO: Maybe temporarily
|
739 |
if(!in_array('log', $args)) {
|
740 |
$args[] = 'log';
|
@@ -956,9 +972,17 @@ class Limit_Login_Attempts
|
|
956 |
*/
|
957 |
public function wp_authenticate_user( $user, $password ) {
|
958 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
959 |
if ( is_wp_error( $user ) ||
|
960 |
$this->check_whitelist_ips( false, $this->get_address() ) ||
|
961 |
-
$this->check_whitelist_usernames( false, $
|
962 |
$this->is_limit_login_ok()
|
963 |
) {
|
964 |
|
@@ -970,7 +994,7 @@ class Limit_Login_Attempts
|
|
970 |
global $limit_login_my_error_shown;
|
971 |
$limit_login_my_error_shown = true;
|
972 |
|
973 |
-
if ( $this->is_username_blacklisted( $
|
974 |
$error->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
975 |
} else {
|
976 |
// This error should be the same as in "shake it" filter below
|
@@ -1123,12 +1147,21 @@ class Limit_Login_Attempts
|
|
1123 |
|
1124 |
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
1125 |
|
1126 |
-
|
1127 |
-
|
1128 |
-
|
1129 |
-
|
1130 |
-
|
1131 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1132 |
|
1133 |
if ( $limit_login_my_error_shown || $this->get_message() ) {
|
1134 |
$content .= "<br />\n" . $this->get_message() . "<br />\n";
|
55 |
*/
|
56 |
public $_errors = array();
|
57 |
|
58 |
+
/**
|
59 |
+
* Additional login errors messages that we need to show
|
60 |
+
*
|
61 |
+
* @var array
|
62 |
+
*/
|
63 |
+
public $other_login_errors = array();
|
64 |
+
|
65 |
/**
|
66 |
* @var null
|
67 |
*/
|
147 |
* later versions of WP.
|
148 |
*/
|
149 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
150 |
+
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 35, 3 );
|
151 |
|
152 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
153 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
440 |
|
441 |
if ( ! empty( $username ) && ! empty( $password ) ) {
|
442 |
|
443 |
+
if(is_wp_error($user) && in_array('bp_account_not_activated', $user->get_error_codes()) ) {
|
444 |
+
|
445 |
+
$this->other_login_errors[] = $user->get_error_message('bp_account_not_activated');
|
446 |
+
}
|
447 |
+
|
448 |
$ip = $this->get_address();
|
449 |
|
450 |
// Check if username is blacklisted
|
747 |
public function notify( $user ) {
|
748 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
749 |
|
750 |
+
if( is_object( $user ) ) {
|
751 |
+
return false;
|
752 |
+
}
|
753 |
+
|
754 |
// TODO: Maybe temporarily
|
755 |
if(!in_array('log', $args)) {
|
756 |
$args[] = 'log';
|
972 |
*/
|
973 |
public function wp_authenticate_user( $user, $password ) {
|
974 |
|
975 |
+
$user_login = '';
|
976 |
+
|
977 |
+
if( is_a( $user, 'WP_User' ) ) {
|
978 |
+
$user_login = $user->user_login;
|
979 |
+
} else if( !empty($user) && !is_wp_error($user) ) {
|
980 |
+
$user_login = $user;
|
981 |
+
}
|
982 |
+
|
983 |
if ( is_wp_error( $user ) ||
|
984 |
$this->check_whitelist_ips( false, $this->get_address() ) ||
|
985 |
+
$this->check_whitelist_usernames( false, $user_login ) ||
|
986 |
$this->is_limit_login_ok()
|
987 |
) {
|
988 |
|
994 |
global $limit_login_my_error_shown;
|
995 |
$limit_login_my_error_shown = true;
|
996 |
|
997 |
+
if ( $this->is_username_blacklisted( $user_login ) || $this->is_ip_blacklisted( $this->get_address() ) ) {
|
998 |
$error->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
999 |
} else {
|
1000 |
// This error should be the same as in "shake it" filter below
|
1147 |
|
1148 |
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
1149 |
|
1150 |
+
if($this->other_login_errors) {
|
1151 |
+
|
1152 |
+
$content = '';
|
1153 |
+
foreach ($this->other_login_errors as $msg) {
|
1154 |
+
$content .= $msg . "<br />\n";
|
1155 |
+
}
|
1156 |
+
} else {
|
1157 |
+
|
1158 |
+
/* Replace error message, including ours if necessary */
|
1159 |
+
if( !empty( $_REQUEST['log'] ) && is_email( $_REQUEST['log'] ) ) {
|
1160 |
+
$content = __( '<strong>ERROR</strong>: Incorrect email address or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
1161 |
+
} else{
|
1162 |
+
$content = __( '<strong>ERROR</strong>: Incorrect username or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
1163 |
+
}
|
1164 |
+
}
|
1165 |
|
1166 |
if ( $limit_login_my_error_shown || $this->get_message() ) {
|
1167 |
$content .= "<br />\n" . $this->get_message() . "<br />\n";
|
limit-login-attempts-reloaded.php
CHANGED
@@ -5,7 +5,7 @@ Description: Limit the rate of login attempts for each IP address.
|
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
-
Version: 2.
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 WPChef
|
11 |
*/
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
+
Version: 2.14.0
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 WPChef
|
11 |
*/
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: wpchefgadget
|
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
Tested up to: 5.4
|
6 |
-
Stable tag: 2.
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
@@ -50,6 +50,11 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
50 |
|
51 |
== Changelog ==
|
52 |
|
|
|
|
|
|
|
|
|
|
|
53 |
= 2.13.0 =
|
54 |
* Fixed incompatibility with PHP < 5.6.
|
55 |
* Settings page layout refactored.
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
Tested up to: 5.4
|
6 |
+
Stable tag: 2.14.0
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
50 |
|
51 |
== Changelog ==
|
52 |
|
53 |
+
= 2.14.0 =
|
54 |
+
* BuddyPress login error compatibility implemented.
|
55 |
+
* UltimateMember compatibility implemented.
|
56 |
+
* A PHP warning fixed.
|
57 |
+
|
58 |
= 2.13.0 =
|
59 |
* Fixed incompatibility with PHP < 5.6.
|
60 |
* Settings page layout refactored.
|
views/tab-dashboard.php
CHANGED
@@ -60,7 +60,7 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
60 |
<table class="form-table">
|
61 |
<tr>
|
62 |
<th scope="row"
|
63 |
-
valign="top"><?php echo __( '
|
64 |
<td>
|
65 |
<div class="field-col">
|
66 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
@@ -74,7 +74,7 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
74 |
</tr>
|
75 |
<tr>
|
76 |
<th scope="row"
|
77 |
-
valign="top"><?php echo __( '
|
78 |
<td>
|
79 |
<div class="field-col">
|
80 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
60 |
<table class="form-table">
|
61 |
<tr>
|
62 |
<th scope="row"
|
63 |
+
valign="top"><?php echo __( 'Allow Rules', 'limit-login-attempts-reloaded' ); ?></th>
|
64 |
<td>
|
65 |
<div class="field-col">
|
66 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
74 |
</tr>
|
75 |
<tr>
|
76 |
<th scope="row"
|
77 |
+
valign="top"><?php echo __( 'Deny Rules', 'limit-login-attempts-reloaded' ); ?></th>
|
78 |
<td>
|
79 |
<div class="field-col">
|
80 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|