Version Description
- BuddyPress login error compatibility implemented.
- UltimateMember compatibility implemented.
- A PHP warning fixed.
Download this release
Release Info
| Developer | wpchefgadget |
| Plugin |  Limit Login Attempts Reloaded |
| Version | 2.14.0 |
| Comparing to | |
| See all releases | |
Code changes from version 2.13.0 to 2.14.0
- core/LimitLoginAttempts.php +42 -9
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +6 -1
- views/tab-dashboard.php +2 -2
core/LimitLoginAttempts.php
CHANGED
|
@@ -55,6 +55,13 @@ class Limit_Login_Attempts
|
|
| 55 |
*/
|
| 56 |
public $_errors = array();
|
| 57 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 58 |
/**
|
| 59 |
* @var null
|
| 60 |
*/
|
|
@@ -140,7 +147,7 @@ class Limit_Login_Attempts
|
|
| 140 |
* later versions of WP.
|
| 141 |
*/
|
| 142 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
| 143 |
-
add_action( 'authenticate', array( $this, 'authenticate_filter' ),
|
| 144 |
|
| 145 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
| 146 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
|
@@ -433,6 +440,11 @@ class Limit_Login_Attempts
|
|
| 433 |
|
| 434 |
if ( ! empty( $username ) && ! empty( $password ) ) {
|
| 435 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 436 |
$ip = $this->get_address();
|
| 437 |
|
| 438 |
// Check if username is blacklisted
|
|
@@ -735,6 +747,10 @@ class Limit_Login_Attempts
|
|
| 735 |
public function notify( $user ) {
|
| 736 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
| 737 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 738 |
// TODO: Maybe temporarily
|
| 739 |
if(!in_array('log', $args)) {
|
| 740 |
$args[] = 'log';
|
|
@@ -956,9 +972,17 @@ class Limit_Login_Attempts
|
|
| 956 |
*/
|
| 957 |
public function wp_authenticate_user( $user, $password ) {
|
| 958 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 959 |
if ( is_wp_error( $user ) ||
|
| 960 |
$this->check_whitelist_ips( false, $this->get_address() ) ||
|
| 961 |
-
$this->check_whitelist_usernames( false, $
|
| 962 |
$this->is_limit_login_ok()
|
| 963 |
) {
|
| 964 |
|
|
@@ -970,7 +994,7 @@ class Limit_Login_Attempts
|
|
| 970 |
global $limit_login_my_error_shown;
|
| 971 |
$limit_login_my_error_shown = true;
|
| 972 |
|
| 973 |
-
if ( $this->is_username_blacklisted( $
|
| 974 |
$error->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
| 975 |
} else {
|
| 976 |
// This error should be the same as in "shake it" filter below
|
|
@@ -1123,12 +1147,21 @@ class Limit_Login_Attempts
|
|
| 1123 |
|
| 1124 |
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
| 1125 |
|
| 1126 |
-
|
| 1127 |
-
|
| 1128 |
-
|
| 1129 |
-
|
| 1130 |
-
|
| 1131 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1132 |
|
| 1133 |
if ( $limit_login_my_error_shown || $this->get_message() ) {
|
| 1134 |
$content .= "<br />\n" . $this->get_message() . "<br />\n";
|
| 55 |
*/
|
| 56 |
public $_errors = array();
|
| 57 |
|
| 58 |
+
/**
|
| 59 |
+
* Additional login errors messages that we need to show
|
| 60 |
+
*
|
| 61 |
+
* @var array
|
| 62 |
+
*/
|
| 63 |
+
public $other_login_errors = array();
|
| 64 |
+
|
| 65 |
/**
|
| 66 |
* @var null
|
| 67 |
*/
|
| 147 |
* later versions of WP.
|
| 148 |
*/
|
| 149 |
add_action( 'wp_authenticate', array( $this, 'track_credentials' ), 10, 2 );
|
| 150 |
+
add_action( 'authenticate', array( $this, 'authenticate_filter' ), 35, 3 );
|
| 151 |
|
| 152 |
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
| 153 |
add_action( 'init', array( $this, 'check_xmlrpc_lock' ) );
|
| 440 |
|
| 441 |
if ( ! empty( $username ) && ! empty( $password ) ) {
|
| 442 |
|
| 443 |
+
if(is_wp_error($user) && in_array('bp_account_not_activated', $user->get_error_codes()) ) {
|
| 444 |
+
|
| 445 |
+
$this->other_login_errors[] = $user->get_error_message('bp_account_not_activated');
|
| 446 |
+
}
|
| 447 |
+
|
| 448 |
$ip = $this->get_address();
|
| 449 |
|
| 450 |
// Check if username is blacklisted
|
| 747 |
public function notify( $user ) {
|
| 748 |
$args = explode( ',', $this->get_option( 'lockout_notify' ) );
|
| 749 |
|
| 750 |
+
if( is_object( $user ) ) {
|
| 751 |
+
return false;
|
| 752 |
+
}
|
| 753 |
+
|
| 754 |
// TODO: Maybe temporarily
|
| 755 |
if(!in_array('log', $args)) {
|
| 756 |
$args[] = 'log';
|
| 972 |
*/
|
| 973 |
public function wp_authenticate_user( $user, $password ) {
|
| 974 |
|
| 975 |
+
$user_login = '';
|
| 976 |
+
|
| 977 |
+
if( is_a( $user, 'WP_User' ) ) {
|
| 978 |
+
$user_login = $user->user_login;
|
| 979 |
+
} else if( !empty($user) && !is_wp_error($user) ) {
|
| 980 |
+
$user_login = $user;
|
| 981 |
+
}
|
| 982 |
+
|
| 983 |
if ( is_wp_error( $user ) ||
|
| 984 |
$this->check_whitelist_ips( false, $this->get_address() ) ||
|
| 985 |
+
$this->check_whitelist_usernames( false, $user_login ) ||
|
| 986 |
$this->is_limit_login_ok()
|
| 987 |
) {
|
| 988 |
|
| 994 |
global $limit_login_my_error_shown;
|
| 995 |
$limit_login_my_error_shown = true;
|
| 996 |
|
| 997 |
+
if ( $this->is_username_blacklisted( $user_login ) || $this->is_ip_blacklisted( $this->get_address() ) ) {
|
| 998 |
$error->add( 'username_blacklisted', "<strong>ERROR:</strong> Too many failed login attempts." );
|
| 999 |
} else {
|
| 1000 |
// This error should be the same as in "shake it" filter below
|
| 1147 |
|
| 1148 |
if ( $limit_login_nonempty_credentials && $count > $my_warn_count ) {
|
| 1149 |
|
| 1150 |
+
if($this->other_login_errors) {
|
| 1151 |
+
|
| 1152 |
+
$content = '';
|
| 1153 |
+
foreach ($this->other_login_errors as $msg) {
|
| 1154 |
+
$content .= $msg . "<br />\n";
|
| 1155 |
+
}
|
| 1156 |
+
} else {
|
| 1157 |
+
|
| 1158 |
+
/* Replace error message, including ours if necessary */
|
| 1159 |
+
if( !empty( $_REQUEST['log'] ) && is_email( $_REQUEST['log'] ) ) {
|
| 1160 |
+
$content = __( '<strong>ERROR</strong>: Incorrect email address or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
| 1161 |
+
} else{
|
| 1162 |
+
$content = __( '<strong>ERROR</strong>: Incorrect username or password.', 'limit-login-attempts-reloaded' ) . "<br />\n";
|
| 1163 |
+
}
|
| 1164 |
+
}
|
| 1165 |
|
| 1166 |
if ( $limit_login_my_error_shown || $this->get_message() ) {
|
| 1167 |
$content .= "<br />\n" . $this->get_message() . "<br />\n";
|
limit-login-attempts-reloaded.php
CHANGED
|
@@ -5,7 +5,7 @@ Description: Limit the rate of login attempts for each IP address.
|
|
| 5 |
Author: WPChef
|
| 6 |
Author URI: https://wpchef.org
|
| 7 |
Text Domain: limit-login-attempts-reloaded
|
| 8 |
-
Version: 2.
|
| 9 |
|
| 10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 WPChef
|
| 11 |
*/
|
| 5 |
Author: WPChef
|
| 6 |
Author URI: https://wpchef.org
|
| 7 |
Text Domain: limit-login-attempts-reloaded
|
| 8 |
+
Version: 2.14.0
|
| 9 |
|
| 10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 WPChef
|
| 11 |
*/
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: wpchefgadget
|
|
| 3 |
Tags: brute force, login, security, GDPR, protection
|
| 4 |
Requires at least: 3.0
|
| 5 |
Tested up to: 5.4
|
| 6 |
-
Stable tag: 2.
|
| 7 |
|
| 8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
| 9 |
|
|
@@ -50,6 +50,11 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
| 50 |
|
| 51 |
== Changelog ==
|
| 52 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 53 |
= 2.13.0 =
|
| 54 |
* Fixed incompatibility with PHP < 5.6.
|
| 55 |
* Settings page layout refactored.
|
| 3 |
Tags: brute force, login, security, GDPR, protection
|
| 4 |
Requires at least: 3.0
|
| 5 |
Tested up to: 5.4
|
| 6 |
+
Stable tag: 2.14.0
|
| 7 |
|
| 8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
| 9 |
|
| 50 |
|
| 51 |
== Changelog ==
|
| 52 |
|
| 53 |
+
= 2.14.0 =
|
| 54 |
+
* BuddyPress login error compatibility implemented.
|
| 55 |
+
* UltimateMember compatibility implemented.
|
| 56 |
+
* A PHP warning fixed.
|
| 57 |
+
|
| 58 |
= 2.13.0 =
|
| 59 |
* Fixed incompatibility with PHP < 5.6.
|
| 60 |
* Settings page layout refactored.
|
views/tab-dashboard.php
CHANGED
|
@@ -60,7 +60,7 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
| 60 |
<table class="form-table">
|
| 61 |
<tr>
|
| 62 |
<th scope="row"
|
| 63 |
-
valign="top"><?php echo __( '
|
| 64 |
<td>
|
| 65 |
<div class="field-col">
|
| 66 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
|
@@ -74,7 +74,7 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
| 74 |
</tr>
|
| 75 |
<tr>
|
| 76 |
<th scope="row"
|
| 77 |
-
valign="top"><?php echo __( '
|
| 78 |
<td>
|
| 79 |
<div class="field-col">
|
| 80 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
| 60 |
<table class="form-table">
|
| 61 |
<tr>
|
| 62 |
<th scope="row"
|
| 63 |
+
valign="top"><?php echo __( 'Allow Rules', 'limit-login-attempts-reloaded' ); ?></th>
|
| 64 |
<td>
|
| 65 |
<div class="field-col">
|
| 66 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
| 74 |
</tr>
|
| 75 |
<tr>
|
| 76 |
<th scope="row"
|
| 77 |
+
valign="top"><?php echo __( 'Deny Rules', 'limit-login-attempts-reloaded' ); ?></th>
|
| 78 |
<td>
|
| 79 |
<div class="field-col">
|
| 80 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
