Version Description
- Reset password feature has been removed as unwanted.
- Small refactoring.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.15.0 |
Comparing to | |
See all releases |
Code changes from version 2.14.0 to 2.15.0
- core/LimitLoginAttempts.php +3 -131
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +6 -1
core/LimitLoginAttempts.php
CHANGED
@@ -77,7 +77,6 @@ class Limit_Login_Attempts
|
|
77 |
public function hooks_init() {
|
78 |
add_action( 'plugins_loaded', array( $this, 'setup' ), 9999 );
|
79 |
add_action( 'admin_enqueue_scripts', array( $this, 'enqueue' ) );
|
80 |
-
add_action( 'after_password_reset', array( $this, 'after_password_reset' ) );
|
81 |
add_filter( 'limit_login_whitelist_ip', array( $this, 'check_whitelist_ips' ), 10, 2 );
|
82 |
add_filter( 'limit_login_whitelist_usernames', array( $this, 'check_whitelist_usernames' ), 10, 2 );
|
83 |
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
@@ -161,131 +160,6 @@ class Limit_Login_Attempts
|
|
161 |
wp_enqueue_style('llar-jquery-ui', LLA_PLUGIN_URL.'assets/css/jquery-ui.css');
|
162 |
}
|
163 |
|
164 |
-
/**
|
165 |
-
* @param $user Wp_User
|
166 |
-
*/
|
167 |
-
public function after_password_reset( $user ) {
|
168 |
-
|
169 |
-
$lockouts = $this->get_option( 'lockouts' );
|
170 |
-
$lockouts_log = $this->get_option( 'logged' );
|
171 |
-
|
172 |
-
if( $user->has_cap( 'administrator' ) ) {
|
173 |
-
|
174 |
-
if( $this->is_ip_blacklisted() ) {
|
175 |
-
|
176 |
-
$black_list_ips = $this->get_option( 'blacklist' );
|
177 |
-
|
178 |
-
if( !empty( $black_list_ips ) ) {
|
179 |
-
|
180 |
-
foreach ( $black_list_ips as $key => $ip ) {
|
181 |
-
|
182 |
-
if( $ip === $this->get_address() ) {
|
183 |
-
|
184 |
-
unset($black_list_ips[$key]);
|
185 |
-
}
|
186 |
-
}
|
187 |
-
|
188 |
-
}
|
189 |
-
|
190 |
-
$this->update_option( 'blacklist', $black_list_ips );
|
191 |
-
}
|
192 |
-
|
193 |
-
if( $this->is_username_blacklisted( $user->data->user_login ) ) {
|
194 |
-
|
195 |
-
$black_list_usernames = $this->get_option( 'blacklist_usernames' );
|
196 |
-
|
197 |
-
if( !empty( $black_list_usernames ) ) {
|
198 |
-
|
199 |
-
foreach ( $black_list_usernames as $key => $login ) {
|
200 |
-
|
201 |
-
if( $login === $user->data->user_login ) {
|
202 |
-
|
203 |
-
unset($black_list_usernames[$key]);
|
204 |
-
}
|
205 |
-
}
|
206 |
-
|
207 |
-
}
|
208 |
-
|
209 |
-
$this->update_option( 'blacklist_usernames', $black_list_usernames );
|
210 |
-
}
|
211 |
-
|
212 |
-
$admin_ip = $this->get_address();
|
213 |
-
$admin_ip = ($this->get_option('gdpr') ? $this->getHash( $admin_ip ) : $admin_ip );
|
214 |
-
|
215 |
-
if ( is_array( $lockouts ) && isset( $lockouts[ $admin_ip ] ) ) {
|
216 |
-
|
217 |
-
unset( $lockouts[ $admin_ip ] );
|
218 |
-
|
219 |
-
$this->update_option( 'lockouts', $lockouts );
|
220 |
-
|
221 |
-
if( is_array( $lockouts_log ) && isset( $lockouts_log[ $admin_ip ] ) ) {
|
222 |
-
|
223 |
-
foreach ( $lockouts_log[ $admin_ip ] as $user_login => &$data ) {
|
224 |
-
|
225 |
-
$data['unlocked'] = true;
|
226 |
-
}
|
227 |
-
|
228 |
-
$this->update_option( 'logged', $lockouts_log );
|
229 |
-
}
|
230 |
-
}
|
231 |
-
|
232 |
-
$valid = $this->get_option( 'retries_valid' );
|
233 |
-
|
234 |
-
if ( is_array( $valid ) && isset( $valid[ $admin_ip ] ) ) {
|
235 |
-
|
236 |
-
unset( $valid[ $admin_ip ] );
|
237 |
-
|
238 |
-
$this->update_option( 'retries_valid', $valid );
|
239 |
-
}
|
240 |
-
|
241 |
-
$retries = $this->get_option( 'retries' );
|
242 |
-
|
243 |
-
if ( is_array( $retries ) && isset( $retries[ $admin_ip ] ) ) {
|
244 |
-
|
245 |
-
unset( $retries[ $admin_ip ] );
|
246 |
-
|
247 |
-
$this->update_option( 'retries', $retries );
|
248 |
-
}
|
249 |
-
|
250 |
-
} else {
|
251 |
-
|
252 |
-
$user_ip = $this->get_address();
|
253 |
-
$user_ip = ($this->get_option('gdpr') ? $this->getHash( $user_ip ) : $user_ip );
|
254 |
-
|
255 |
-
if ( isset( $lockouts_log[ $user_ip ] ) && is_array( $lockouts_log[ $user_ip ] ) ) {
|
256 |
-
|
257 |
-
$last_unlocked_time = 0;
|
258 |
-
foreach ( $lockouts_log[ $user_ip ] as $user_login => $data ) {
|
259 |
-
|
260 |
-
if( !isset( $data['unlocked'] ) || !$data['unlocked'] ) continue;
|
261 |
-
|
262 |
-
if( $data['date'] > $last_unlocked_time )
|
263 |
-
$last_unlocked_time = $data['date'];
|
264 |
-
}
|
265 |
-
|
266 |
-
if ( is_array( $lockouts ) && isset( $lockouts[ $user_ip ] ) &&
|
267 |
-
( $last_unlocked_time === 0 ||
|
268 |
-
( ( time() - $last_unlocked_time ) ) > ( $this->get_option( 'lockout_duration' ) ) ) ) {
|
269 |
-
|
270 |
-
unset( $lockouts[ $user_ip ] );
|
271 |
-
|
272 |
-
if( is_array( $lockouts_log ) && isset( $lockouts_log[ $user_ip ] ) ) {
|
273 |
-
|
274 |
-
foreach ( $lockouts_log[ $user_ip ] as $user_login => &$data ) {
|
275 |
-
|
276 |
-
$data['unlocked'] = true;
|
277 |
-
}
|
278 |
-
|
279 |
-
$this->update_option( 'logged', $lockouts_log );
|
280 |
-
}
|
281 |
-
|
282 |
-
$this->update_option( 'lockouts', $lockouts );
|
283 |
-
}
|
284 |
-
|
285 |
-
}
|
286 |
-
}
|
287 |
-
}
|
288 |
-
|
289 |
public function check_xmlrpc_lock()
|
290 |
{
|
291 |
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
@@ -413,7 +287,7 @@ class Limit_Login_Attempts
|
|
413 |
|
414 |
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
|
415 |
|
416 |
-
if ( ! function_exists( 'is_account_page' ) || ! function_exists( 'wc_add_notice' ) ) {
|
417 |
return;
|
418 |
}
|
419 |
|
@@ -1080,8 +954,6 @@ class Limit_Login_Attempts
|
|
1080 |
$msg .= sprintf( _n( 'Please try again in %d minute.', 'Please try again in %d minutes.', $when, 'limit-login-attempts-reloaded' ), $when );
|
1081 |
}
|
1082 |
|
1083 |
-
$msg .= '<br><br>'. sprintf( __( 'You can also try <a href="%s">resetting your password</a> and that should help you to log in.', 'limit-login-attempts-reloaded' ), wp_lostpassword_url() );
|
1084 |
-
|
1085 |
return $msg;
|
1086 |
}
|
1087 |
|
@@ -1089,9 +961,9 @@ class Limit_Login_Attempts
|
|
1089 |
* Add a message to login page when necessary
|
1090 |
*/
|
1091 |
public function add_error_message() {
|
1092 |
-
global $error, $limit_login_my_error_shown;
|
1093 |
|
1094 |
-
if ( ! $this->login_show_msg() || $limit_login_my_error_shown ) {
|
1095 |
return;
|
1096 |
}
|
1097 |
|
77 |
public function hooks_init() {
|
78 |
add_action( 'plugins_loaded', array( $this, 'setup' ), 9999 );
|
79 |
add_action( 'admin_enqueue_scripts', array( $this, 'enqueue' ) );
|
|
|
80 |
add_filter( 'limit_login_whitelist_ip', array( $this, 'check_whitelist_ips' ), 10, 2 );
|
81 |
add_filter( 'limit_login_whitelist_usernames', array( $this, 'check_whitelist_usernames' ), 10, 2 );
|
82 |
add_filter( 'limit_login_blacklist_ip', array( $this, 'check_blacklist_ips' ), 10, 2 );
|
160 |
wp_enqueue_style('llar-jquery-ui', LLA_PLUGIN_URL.'assets/css/jquery-ui.css');
|
161 |
}
|
162 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
163 |
public function check_xmlrpc_lock()
|
164 |
{
|
165 |
if ( is_user_logged_in() || $this->is_ip_whitelisted() )
|
287 |
|
288 |
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
|
289 |
|
290 |
+
if ( ! function_exists( 'is_account_page' ) || ! function_exists( 'wc_add_notice' ) || !$limit_login_nonempty_credentials ) {
|
291 |
return;
|
292 |
}
|
293 |
|
954 |
$msg .= sprintf( _n( 'Please try again in %d minute.', 'Please try again in %d minutes.', $when, 'limit-login-attempts-reloaded' ), $when );
|
955 |
}
|
956 |
|
|
|
|
|
957 |
return $msg;
|
958 |
}
|
959 |
|
961 |
* Add a message to login page when necessary
|
962 |
*/
|
963 |
public function add_error_message() {
|
964 |
+
global $error, $limit_login_my_error_shown, $limit_login_nonempty_credentials;
|
965 |
|
966 |
+
if ( ! $this->login_show_msg() || $limit_login_my_error_shown || !$limit_login_nonempty_credentials ) {
|
967 |
return;
|
968 |
}
|
969 |
|
limit-login-attempts-reloaded.php
CHANGED
@@ -5,7 +5,7 @@ Description: Limit the rate of login attempts for each IP address.
|
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
-
Version: 2.
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 WPChef
|
11 |
*/
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
+
Version: 2.15.0
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 WPChef
|
11 |
*/
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: wpchefgadget
|
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
Tested up to: 5.4
|
6 |
-
Stable tag: 2.
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
@@ -41,6 +41,7 @@ Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), C
|
|
41 |
Plugin uses standard actions and filters only.
|
42 |
|
43 |
Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
|
44 |
|
45 |
== Screenshots ==
|
46 |
|
@@ -50,6 +51,10 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
50 |
|
51 |
== Changelog ==
|
52 |
|
|
|
|
|
|
|
|
|
53 |
= 2.14.0 =
|
54 |
* BuddyPress login error compatibility implemented.
|
55 |
* UltimateMember compatibility implemented.
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
Tested up to: 5.4
|
6 |
+
Stable tag: 2.15.0
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
41 |
Plugin uses standard actions and filters only.
|
42 |
|
43 |
Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
44 |
+
[](http://coderisk.com/wp/plugin/limit-login-attempts-reloaded/RIPS-M7n4uQXa-G)
|
45 |
|
46 |
== Screenshots ==
|
47 |
|
51 |
|
52 |
== Changelog ==
|
53 |
|
54 |
+
= 2.15.0 =
|
55 |
+
* Reset password feature has been removed as unwanted.
|
56 |
+
* Small refactoring.
|
57 |
+
|
58 |
= 2.14.0 =
|
59 |
* BuddyPress login error compatibility implemented.
|
60 |
* UltimateMember compatibility implemented.
|