Limit Login Attempts Reloaded - Version 2.19.0

Version Description

  • Refactoring.
  • Feedback message location fixed.
  • Text changes.
Download this release

Release Info

Developer wpchefgadget
Plugin Icon 128x128 Limit Login Attempts Reloaded
Version 2.19.0
Comparing to
See all releases

Code changes from version 2.18.0 to 2.19.0

Files changed (6) hide show
  1. assets/css/limit-login-attempts.css +1 -1
  2. assets/sass/limit-login-attempts.scss +1 -1
  3. core/LimitLoginAttempts.php +21 -36
  4. limit-login-attempts-reloaded.php +2 -2
  5. readme.txt +37 -26
  6. views/tab-settings.php +3 -9
assets/css/limit-login-attempts.css CHANGED
@@ -1 +1 @@
1
- .limit-login-page-settings .field-col{display:inline-block;margin-right:20px}.limit-login-page-settings .limit-login-log table{background-color:#fff}.limit-login-page-settings .limit-login-log table th,.limit-login-page-settings .limit-login-log table td{padding:10px}.limit-login-page-settings .limit-login-log table tr:nth-child(even){background-color:rgba(0,0,0,0.09)}.limit-login-page-settings #limit-login-app-setup-link{width:85%}.limit-login-page-settings .nav-tab-wrapper{position:relative}.limit-login-page-settings .nav-tab-wrapper .llar-failover-link{font-size:14px;float:right;line-height:2}.limit-login-page-settings .limit-login-app-dashboard .llar-table-scroll-wrap{max-height:400px;overflow-y:auto}.limit-login-page-settings .limit-login-app-dashboard .form-table{background-color:#fff;border:1px solid #f4f4f4;border-top:3px solid #3c8dbc;position:relative}.limit-login-page-settings .limit-login-app-dashboard .form-table.llar-preloader:before{content:"";display:block;width:100%;height:100%;background-color:rgba(255,255,255,0.7);z-index:999;position:absolute;top:0;left:0}.limit-login-page-settings .limit-login-app-dashboard .form-table th{font-weight:bold;border-bottom:1px solid #dbdbdb !important}.limit-login-page-settings .limit-login-app-dashboard .form-table th,.limit-login-page-settings .limit-login-app-dashboard .form-table td{padding:10px;border:1px solid #b9b9b9}.limit-login-page-settings .limit-login-app-dashboard .form-table th.llar-col-nowrap,.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-col-nowrap{white-space:nowrap}.limit-login-page-settings .limit-login-app-dashboard .form-table td button{line-height:1;margin-right:5px}.limit-login-page-settings .limit-login-app-dashboard .form-table td button:last-child{margin-right:0}.limit-login-page-settings .limit-login-app-dashboard .form-table td button .dashicons{vertical-align:middle}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions{text-align:center}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn{display:inline-block;line-height:20px;cursor:pointer}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn i{vertical-align:middle}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn:hover i{color:#3c8dbc}.limit-login-page-settings .limit-login-app-dashboard .form-table tr:nth-child(even){background-color:#f9f9f9}.limit-login-page-settings .limit-login-app-dashboard .llar-app-log-pagination>a{font-size:16px;line-height:1.625}.limit-login-page-settings .limit-login-app-dashboard .llar-app-log-pagination .spinner{float:none}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col{-webkit-box-flex:0;-ms-flex:0 0 49%;flex:0 0 49%}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table select{width:100%}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-acl-action-col{text-align:center}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-pass{background-color:#cffbe8}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-allow{background-color:#abdfff}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-deny{background-color:#fd2c2c3d}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-acl-remove{color:crimson;border-color:crimson}.limit-login-page-settings .llar-app-notice{background-color:#fff;-webkit-box-shadow:0 1px 1px 0 rgba(0,0,0,0.1);box-shadow:0 1px 1px 0 rgba(0,0,0,0.1);padding:15px;border-radius:3px;margin-top:20px;margin-bottom:20px;font-size:14px;border-left:5px solid #ffba00}.limit-login-page-settings .llar-app-notice.success{border-color:#46b450}.limit-login-page-settings .llar-app-notice p{font-size:inherit;margin:0 0 20px}.limit-login-page-settings .llar-app-notice p:last-child{margin-bottom:0}.limit-login-page-settings input[name="admin_notify_email"]{min-width:243px}.limit-login-page-settings .llar-protect-notice{font-size:15px;color:#848484;margin-left:10px}.limit-login-page-settings .llar-protect-notice a{color:#222222;text-decoration:none;border-bottom:1px dashed}.limit-login-page-settings .llar-show-app-fields{position:absolute;right:15px;top:15px;color:#bdbdbd}.limit-login-page-settings .llar-show-app-fields:hover{color:#222}.limit-login-page-settings .llar-app-field{display:none}.limit-login-page-settings .llar-app-field.active{display:table-row}.llar-notice-review,.llar-notice-notify{display:-webkit-box;display:-ms-flexbox;display:flex;padding:15px 20px 0 !important;border-left:4px solid #333 !important}.llar-notice-review .llar-review-image img,.llar-notice-notify .llar-review-image img{margin-top:10px;margin-bottom:20px}.llar-notice-review .llar-review-image span,.llar-notice-notify .llar-review-image span{font-size:80px;color:orange;width:80px;height:auto;margin-bottom:20px}.llar-notice-review .llar-review-info,.llar-notice-notify .llar-review-info{-webkit-box-flex:1;-ms-flex:1;flex:1;margin-left:30px}.llar-notice-review .llar-review-info .llar-buttons,.llar-notice-notify .llar-review-info .llar-buttons{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.llar-notice-review .llar-review-info .llar-buttons li,.llar-notice-notify .llar-review-info .llar-buttons li{margin-right:10px}.llar-notice-review .llar-review-info .llar-buttons li .dashicons,.llar-notice-notify .llar-review-info .llar-buttons li .dashicons{margin-right:5px}.llar-accordion .ui-accordion-header{font-weight:bold;background:#778899;color:#fff}.llar-accordion .ui-accordion-header.ui-accordion-header-active{background:#87CEFA}.custom-app-tab{position:relative}.custom-app-tab .spinner{float:none}.custom-app-tab .llar-app-ajax-msg{font-size:13px;margin-top:5px;display:block}.custom-app-tab .llar-app-ajax-msg.error{color:red}.custom-app-tab .llar-app-ajax-msg.success{color:green}.custom-app-tab .llar-delete-app{color:#dc3232;position:absolute;bottom:15px;right:15px}.custom-app-tab .llar-delete-app:hover{opacity:0.8}.custom-app-tab .llar-why-use-premium-text{margin-top:20px}.custom-app-tab .llar-why-use-premium-text .title{font-weight:bold;font-size:16px;color:#4d4d4d}.custom-app-tab .llar-why-use-premium-text ul li .dashicons{color:#3ab54a;font-size:25px;width:25px;top:-2px;position:relative}#llar-progress-bar{position:fixed;top:0;height:6px;left:0;width:100%;z-index:999999;background-color:#eee}#llar-progress-bar span{height:100%;position:absolute;display:block;width:0;background-color:#00b357;-webkit-transition:width 0.4s;transition:width 0.4s}#llar-header-upgrade-message{text-align:center;background-color:#f5f0c0;color:#222;padding:10px;margin-left:-20px;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.2);box-shadow:0 0 3px rgba(0,0,0,0.2)}#llar-header-upgrade-message p{margin:0}#llar-header-upgrade-message p .dashicons{color:#f2a64c;margin-right:5px}.settings_page_limit-login-attempts .update-nag{display:none}.llar-chart-wrap{width:100%;max-width:900px;margin:0 auto;clear:both}
1
+ .limit-login-page-settings .field-col{display:inline-block;margin-right:20px}.limit-login-page-settings .limit-login-log table{background-color:#fff}.limit-login-page-settings .limit-login-log table th,.limit-login-page-settings .limit-login-log table td{padding:10px}.limit-login-page-settings .limit-login-log table tr:nth-child(even){background-color:rgba(0,0,0,0.09)}.limit-login-page-settings #limit-login-app-setup-code{width:85%}.limit-login-page-settings .nav-tab-wrapper{position:relative}.limit-login-page-settings .nav-tab-wrapper .llar-failover-link{font-size:14px;float:right;line-height:2}.limit-login-page-settings .limit-login-app-dashboard .llar-table-scroll-wrap{max-height:400px;overflow-y:auto}.limit-login-page-settings .limit-login-app-dashboard .form-table{background-color:#fff;border:1px solid #f4f4f4;border-top:3px solid #3c8dbc;position:relative}.limit-login-page-settings .limit-login-app-dashboard .form-table.llar-preloader:before{content:"";display:block;width:100%;height:100%;background-color:rgba(255,255,255,0.7);z-index:999;position:absolute;top:0;left:0}.limit-login-page-settings .limit-login-app-dashboard .form-table th{font-weight:bold;border-bottom:1px solid #dbdbdb !important}.limit-login-page-settings .limit-login-app-dashboard .form-table th,.limit-login-page-settings .limit-login-app-dashboard .form-table td{padding:10px;border:1px solid #b9b9b9}.limit-login-page-settings .limit-login-app-dashboard .form-table th.llar-col-nowrap,.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-col-nowrap{white-space:nowrap}.limit-login-page-settings .limit-login-app-dashboard .form-table td button{line-height:1;margin-right:5px}.limit-login-page-settings .limit-login-app-dashboard .form-table td button:last-child{margin-right:0}.limit-login-page-settings .limit-login-app-dashboard .form-table td button .dashicons{vertical-align:middle}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions{text-align:center}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn{display:inline-block;line-height:20px;cursor:pointer}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn i{vertical-align:middle}.limit-login-page-settings .limit-login-app-dashboard .form-table td.llar-app-log-actions .llar-app-log-action-btn:hover i{color:#3c8dbc}.limit-login-page-settings .limit-login-app-dashboard .form-table tr:nth-child(even){background-color:#f9f9f9}.limit-login-page-settings .limit-login-app-dashboard .llar-app-log-pagination>a{font-size:16px;line-height:1.625}.limit-login-page-settings .limit-login-app-dashboard .llar-app-log-pagination .spinner{float:none}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col{-webkit-box-flex:0;-ms-flex:0 0 49%;flex:0 0 49%}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table select{width:100%}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-acl-action-col{text-align:center}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-pass{background-color:#cffbe8}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-allow{background-color:#abdfff}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-rule-deny{background-color:#fd2c2c3d}.limit-login-page-settings .limit-login-app-dashboard .llar-app-acl-rules .app-rules-col .form-table .llar-app-acl-remove{color:crimson;border-color:crimson}.limit-login-page-settings .llar-app-notice{background-color:#fff;-webkit-box-shadow:0 1px 1px 0 rgba(0,0,0,0.1);box-shadow:0 1px 1px 0 rgba(0,0,0,0.1);padding:15px;border-radius:3px;margin-top:20px;margin-bottom:20px;font-size:14px;border-left:5px solid #ffba00}.limit-login-page-settings .llar-app-notice.success{border-color:#46b450}.limit-login-page-settings .llar-app-notice p{font-size:inherit;margin:0 0 20px}.limit-login-page-settings .llar-app-notice p:last-child{margin-bottom:0}.limit-login-page-settings input[name="admin_notify_email"]{min-width:243px}.limit-login-page-settings .llar-protect-notice{font-size:15px;color:#848484;margin-left:10px}.limit-login-page-settings .llar-protect-notice a{color:#222222;text-decoration:none;border-bottom:1px dashed}.limit-login-page-settings .llar-show-app-fields{position:absolute;right:15px;top:15px;color:#bdbdbd}.limit-login-page-settings .llar-show-app-fields:hover{color:#222}.limit-login-page-settings .llar-app-field{display:none}.limit-login-page-settings .llar-app-field.active{display:table-row}.llar-notice-review,.llar-notice-notify{display:-webkit-box;display:-ms-flexbox;display:flex;padding:15px 20px 0 !important;border-left:4px solid #333 !important}.llar-notice-review .llar-review-image img,.llar-notice-notify .llar-review-image img{margin-top:10px;margin-bottom:20px}.llar-notice-review .llar-review-image span,.llar-notice-notify .llar-review-image span{font-size:80px;color:orange;width:80px;height:auto;margin-bottom:20px}.llar-notice-review .llar-review-info,.llar-notice-notify .llar-review-info{-webkit-box-flex:1;-ms-flex:1;flex:1;margin-left:30px}.llar-notice-review .llar-review-info .llar-buttons,.llar-notice-notify .llar-review-info .llar-buttons{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.llar-notice-review .llar-review-info .llar-buttons li,.llar-notice-notify .llar-review-info .llar-buttons li{margin-right:10px}.llar-notice-review .llar-review-info .llar-buttons li .dashicons,.llar-notice-notify .llar-review-info .llar-buttons li .dashicons{margin-right:5px}.llar-accordion .ui-accordion-header{font-weight:bold;background:#778899;color:#fff}.llar-accordion .ui-accordion-header.ui-accordion-header-active{background:#87CEFA}.custom-app-tab{position:relative}.custom-app-tab .spinner{float:none}.custom-app-tab .llar-app-ajax-msg{font-size:13px;margin-top:5px;display:block}.custom-app-tab .llar-app-ajax-msg.error{color:red}.custom-app-tab .llar-app-ajax-msg.success{color:green}.custom-app-tab .llar-delete-app{color:#dc3232;position:absolute;bottom:15px;right:15px}.custom-app-tab .llar-delete-app:hover{opacity:0.8}.custom-app-tab .llar-why-use-premium-text{margin-top:20px}.custom-app-tab .llar-why-use-premium-text .title{font-weight:bold;font-size:16px;color:#4d4d4d}.custom-app-tab .llar-why-use-premium-text ul li .dashicons{color:#3ab54a;font-size:25px;width:25px;top:-2px;position:relative}#llar-progress-bar{position:fixed;top:0;height:6px;left:0;width:100%;z-index:999999;background-color:#eee}#llar-progress-bar span{height:100%;position:absolute;display:block;width:0;background-color:#00b357;-webkit-transition:width 0.4s;transition:width 0.4s}#llar-header-upgrade-message{text-align:center;background-color:#f5f0c0;color:#222;padding:10px;margin-left:-20px;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.2);box-shadow:0 0 3px rgba(0,0,0,0.2)}#llar-header-upgrade-message p{margin:0}#llar-header-upgrade-message p .dashicons{color:#f2a64c;margin-right:5px}.settings_page_limit-login-attempts .update-nag{display:none}.llar-chart-wrap{width:100%;max-width:900px;margin:0 auto;clear:both}
assets/sass/limit-login-attempts.scss CHANGED
@@ -15,7 +15,7 @@
15
  }
16
  }
17
 
18
- #limit-login-app-setup-link {
19
  width: 85%;
20
  }
21
 
15
  }
16
  }
17
 
18
+ #limit-login-app-setup-code {
19
  width: 85%;
20
  }
21
 
core/LimitLoginAttempts.php CHANGED
@@ -30,7 +30,7 @@ class Limit_Login_Attempts {
30
  'cookies' => true,
31
 
32
  /* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
33
- 'lockout_notify' => 'log,email',
34
 
35
  /* If notify by email, do so after this number of lockouts */
36
  'notify_email_after' => 3,
@@ -95,7 +95,10 @@ class Limit_Login_Attempts {
95
  add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
96
 
97
  add_filter( 'illegal_user_logins', array( $this, 'register_user_blacklist' ), 999 );
98
- add_action( 'admin_notices', array( $this, 'show_enable_notify_notice' ) );
 
 
 
99
  add_action( 'admin_notices', array( $this, 'show_leave_review_notice' ) );
100
  add_action( 'wp_ajax_dismiss_review_notice', array( $this, 'dismiss_review_notice_callback' ) );
101
  add_action( 'wp_ajax_dismiss_notify_notice', array( $this, 'dismiss_notify_notice_callback' ) );
@@ -190,16 +193,6 @@ class Limit_Login_Attempts {
190
  add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
191
 
192
  add_filter( 'plugin_action_links_' . LLA_PLUGIN_BASENAME, array( $this, 'add_action_links' ) );
193
-
194
- /**
195
- * Transform setup link to setup code.
196
- */
197
- if( ( $setup_link = $this->get_option( 'app_setup_link' ) ) && empty( $this->get_option( 'app_setup_code' ) ) ) {
198
-
199
- $setup_link = str_replace( array( 'http://', 'https://' ), '', $setup_link );
200
- $this->update_option( 'app_setup_code', strrev( $setup_link ) );
201
- $this->delete_option( 'app_setup_link' );
202
- }
203
  }
204
 
205
  public function add_action_links( $actions ) {
@@ -792,32 +785,21 @@ class Limit_Login_Attempts {
792
  * @return bool|void
793
  */
794
  public function notify( $user ) {
795
- $args = explode( ',', $this->get_option( 'lockout_notify' ) );
796
 
797
  if( is_object( $user ) ) {
798
  return false;
799
  }
800
 
801
- // TODO: Maybe temporarily
802
- if(!in_array('log', $args)) {
803
- $args[] = 'log';
804
- }
805
 
806
  if ( empty( $args ) ) {
807
  return;
808
  }
809
 
810
- foreach ( $args as $mode ) {
811
-
812
- $mode = trim( $mode );
813
-
814
- if( $mode === 'log' ) {
815
- $this->notify_log( $user );
816
- }
817
-
818
- if( $mode === 'email' ) {
819
- $this->notify_email( $user );
820
- }
821
  }
822
  }
823
 
@@ -894,8 +876,10 @@ class Limit_Login_Attempts {
894
  $message = __( '<p>Hello%1$s,</p>' .
895
  '<p>%2$d failed login attempts (%3$d lockout(s)) from IP <b>%4$s</b> and it was blocked for %5$s<br>' .
896
  'Last user attempted: <b>%6$s</b></p>' .
897
- '<p>Under Attack? <a href="%7$s" target="_blank">Learn more</a> about brute force attacks and how to enhance your protection.<br>' .
898
- '<a href="%8$s" target="_blank">Unsubscribe</a> from these notifications.</p>', 'limit-login-attempts-reloaded' );
 
 
899
 
900
  $message = sprintf(
901
  $message,
@@ -906,6 +890,7 @@ class Limit_Login_Attempts {
906
  $when,
907
  $user,
908
  'https://www.limitloginattempts.com/info.php?from=plugin-lockout-email',
 
909
  admin_url( 'options-general.php?page=limit-login-attempts&tab=settings' )
910
  );
911
 
@@ -1524,9 +1509,7 @@ class Limit_Login_Attempts {
1524
  $this->update_option('trusted_ip_origins', $trusted_ip_origins );
1525
 
1526
  $notify_methods = array();
1527
- if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
1528
- $notify_methods[] = 'log';
1529
- }
1530
  if( isset( $_POST[ 'lockout_notify_email' ] ) ) {
1531
  $notify_methods[] = 'email';
1532
  }
@@ -1636,7 +1619,9 @@ class Limit_Login_Attempts {
1636
  @setcookie('llar_review_notice_shown', '', time() - 3600, '/');
1637
  }
1638
 
1639
- if ( !current_user_can('manage_options') || $this->get_option('review_notice_shown') || $screen->parent_base === 'edit' ) return;
 
 
1640
 
1641
  $activation_timestamp = $this->get_option('activation_timestamp');
1642
 
@@ -1883,9 +1868,9 @@ class Limit_Login_Attempts {
1883
 
1884
  check_ajax_referer('llar-action', 'sec');
1885
 
1886
- if( !empty( $_POST['link'] ) ) {
1887
 
1888
- $setup_code = sanitize_text_field( $_POST['link'] );
1889
  $link = strrev( $setup_code );
1890
 
1891
  if( $setup_result = LLAR_App::setup( $link ) ) {
30
  'cookies' => true,
31
 
32
  /* Notify on lockout. Values: '', 'log', 'email', 'log,email' */
33
+ 'lockout_notify' => 'email',
34
 
35
  /* If notify by email, do so after this number of lockouts */
36
  'notify_email_after' => 3,
95
  add_filter( 'limit_login_blacklist_usernames', array( $this, 'check_blacklist_usernames' ), 10, 2 );
96
 
97
  add_filter( 'illegal_user_logins', array( $this, 'register_user_blacklist' ), 999 );
98
+
99
+ // TODO: Temporary turn off the holiday warning.
100
+ //add_action( 'admin_notices', array( $this, 'show_enable_notify_notice' ) );
101
+
102
  add_action( 'admin_notices', array( $this, 'show_leave_review_notice' ) );
103
  add_action( 'wp_ajax_dismiss_review_notice', array( $this, 'dismiss_review_notice_callback' ) );
104
  add_action( 'wp_ajax_dismiss_notify_notice', array( $this, 'dismiss_notify_notice_callback' ) );
193
  add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
194
 
195
  add_filter( 'plugin_action_links_' . LLA_PLUGIN_BASENAME, array( $this, 'add_action_links' ) );
 
 
 
 
 
 
 
 
 
 
196
  }
197
 
198
  public function add_action_links( $actions ) {
785
  * @return bool|void
786
  */
787
  public function notify( $user ) {
 
788
 
789
  if( is_object( $user ) ) {
790
  return false;
791
  }
792
 
793
+ $this->notify_log( $user );
794
+
795
+ $args = explode( ',', $this->get_option( 'lockout_notify' ) );
 
796
 
797
  if ( empty( $args ) ) {
798
  return;
799
  }
800
 
801
+ if( in_array( 'email', $args ) ) {
802
+ $this->notify_email( $user );
 
 
 
 
 
 
 
 
 
803
  }
804
  }
805
 
876
  $message = __( '<p>Hello%1$s,</p>' .
877
  '<p>%2$d failed login attempts (%3$d lockout(s)) from IP <b>%4$s</b> and it was blocked for %5$s<br>' .
878
  'Last user attempted: <b>%6$s</b></p>' .
879
+ '<p>Under Attack? Learn more about <a href="%7$s" target="_blank">brute force attacks</a>. ' .
880
+ 'Have Questions? Visit our <a href="%8$s" target="_blank">help section</a>.<br>' .
881
+ '<a href="%9$s">Unsubscribe</a> from these notifications.</p>' .
882
+ "<hr><p>This notification was sent automatically via <b>Limit Login Attempts Reloaded Plugin</b>.</p>", 'limit-login-attempts-reloaded' );
883
 
884
  $message = sprintf(
885
  $message,
890
  $when,
891
  $user,
892
  'https://www.limitloginattempts.com/info.php?from=plugin-lockout-email',
893
+ 'https://www.limitloginattempts.com/resources/?from=plugin-lockout-email',
894
  admin_url( 'options-general.php?page=limit-login-attempts&tab=settings' )
895
  );
896
 
1509
  $this->update_option('trusted_ip_origins', $trusted_ip_origins );
1510
 
1511
  $notify_methods = array();
1512
+
 
 
1513
  if( isset( $_POST[ 'lockout_notify_email' ] ) ) {
1514
  $notify_methods[] = 'email';
1515
  }
1619
  @setcookie('llar_review_notice_shown', '', time() - 3600, '/');
1620
  }
1621
 
1622
+ if ( !current_user_can('manage_options') ||
1623
+ $this->get_option('review_notice_shown') ||
1624
+ !in_array( $screen->base, array( 'dashboard', 'plugins', 'settings_page_limit-login-attempts' ) ) ) return;
1625
 
1626
  $activation_timestamp = $this->get_option('activation_timestamp');
1627
 
1868
 
1869
  check_ajax_referer('llar-action', 'sec');
1870
 
1871
+ if( !empty( $_POST['code'] ) ) {
1872
 
1873
+ $setup_code = sanitize_text_field( $_POST['code'] );
1874
  $link = strrev( $setup_code );
1875
 
1876
  if( $setup_result = LLAR_App::setup( $link ) ) {
limit-login-attempts-reloaded.php CHANGED
@@ -5,9 +5,9 @@ Description: Limit the rate of login attempts for each IP address.
5
  Author: Limit Login Attempts Reloaded
6
  Author URI: https://limitloginattempts.com/
7
  Text Domain: limit-login-attempts-reloaded
8
- Version: 2.18.0
9
 
10
- Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2020 Limit Login Attempts Reloaded
11
  */
12
 
13
  /***************************************************************************************
5
  Author: Limit Login Attempts Reloaded
6
  Author URI: https://limitloginattempts.com/
7
  Text Domain: limit-login-attempts-reloaded
8
+ Version: 2.19.0
9
 
10
+ Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2021 Limit Login Attempts Reloaded
11
  */
12
 
13
  /***************************************************************************************
readme.txt CHANGED
@@ -4,28 +4,31 @@ Donate link: https://www.paypal.com/donate?hosted_button_id=FKD4MYFCMNVQQ
4
  Tags: brute force, login, security, firewall, protection
5
  Requires at least: 3.0
6
  Tested up to: 5.6
7
- Stable tag: 2.18.0
8
 
9
  Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
10
 
11
  == Description ==
12
 
13
- Limit the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages.
14
 
15
- WordPress by default allows unlimited login attempts. This can lead to passwords being easily cracked via brute-force.
16
 
17
- Limit Login Attempts Reloaded blocks an Internet address (IP) from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
18
 
19
- > <strong>Limit Login Attempts Reloaded Cloud App</strong><br>
20
- > Enables cloud protection app for Limit Login Attempts Reloaded plugin. It comes with all the great features you'll need to stop hackers and bots from brute-force attacks. The cloud app <a href="https://www.limitloginattempts.com/features/">offers several features</a> including advanced protection out of the box, and the ability for site admins and agencies to sync allow/deny/pass lists across multiple domains. <a href="https://app.limitloginattempts.com/network/create">Click here to activate the cloud app for the best WordPress security plugin now!</a>
 
21
 
22
  https://www.youtube.com/watch?v=IsotthPWCPA
23
 
24
  = Features: =
25
- * Limit the number of retry attempts when logging in (per each IP). This is fully customizable.
 
26
  * Informs the user about the remaining retries or lockout time on the login page.
27
- * Logging and optional email notification.
28
- * It is possible to allow/deny IPs and Usernames.
 
29
  * Sucuri Website Firewall compatibility.
30
  * **XMLRPC** gateway protection.
31
  * **Woocommerce** login page protection.
@@ -33,24 +36,28 @@ https://www.youtube.com/watch?v=IsotthPWCPA
33
  * **GDPR** compliant.
34
  * **Custom IP origins** support (Cloudflare, Sucuri, etc.)
35
 
36
- = Features (Cloud app): =
37
- * **Outsource the site load** - All calculations and database queries are done in the cloud
38
- * **Throttling** - Longer lockout intervals each time a hacker/bot tries to login unsuccessfully
39
- * **Auto backups of all data**
40
- * **Autofix diverse origin IPs (e.g. Cloudflare)** - Securely trust certain popular IP origins out of the box
41
- * **Synced lockout & deny/pass lists check** - Lockouts can be shared between sites of the same admin
42
- * **Synchronized allow/deny/pass lists** - Allow/Deny/Pass lists can be shared between sites of the same admin
43
- * **Premium forum support** - Get answers within 1-2 business days.
44
- * **Enhanced lockout logs** - A log of lockouts with extra features
 
 
 
45
 
46
  = Upgrading from the old Limit Login Attempts plugin? =
47
  1. Go to the Plugins section in your site's backend.
48
  1. Remove the Limit Login Attempts plugin.
49
  1. Install the Limit Login Attempts Reloaded plugin.
50
 
51
- All your settings will be kept in tact!
52
 
53
  Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.
 
54
  Help us bring Limit Login Attempts Reloaded to even more countries.
55
 
56
  Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
@@ -66,21 +73,21 @@ Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When wr
66
 
67
  == Screenshots ==
68
 
69
- 1. Loginscreen after a failed login with remaining retries
70
- 2. Lockout loginscreen
71
  3. Administration interface in WordPress 5.2.1
72
 
73
  == Frequently Asked Questions ==
74
 
75
  = What do I do if all users get blocked? =
76
 
77
- If you are using contemporary hosting, it's likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user's IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. If the plugin is not using our <a href="https://www.limitloginattempts.com/">Cloud App</a>, this can be adjusted using the Trusted IP Origin setting. The cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.
78
 
79
- = What settings should I use In The Plugin? =
80
 
81
  The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.
82
 
83
- = Can I share the allow/deny/pass lists throughout all of my sites?=
84
 
85
  By default, you will need to copy and paste the lists to each site manually. For the <a href="https://www.limitloginattempts.com/features/">premium service</a>, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin's interface. The default options are recommended.
86
 
@@ -90,8 +97,12 @@ Please follow this link: <a href="https://www.limitloginattempts.com/resources/"
90
 
91
  == Changelog ==
92
 
 
 
 
 
 
93
  = 2.18.0 =
94
- *
95
  * Cloud API: usage chart added.
96
  * Text changes.
97
 
@@ -234,4 +245,4 @@ https://wordpress.org/support/topic/using-deprecated-function
234
  * Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
235
  * added time stamp to unsuccessful tries on the plugin configuration page.
236
  * fixed .po translation files issue.
237
- * code refactoring and optimization.
4
  Tags: brute force, login, security, firewall, protection
5
  Requires at least: 3.0
6
  Tested up to: 5.6
7
+ Stable tag: 2.19.0
8
 
9
  Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
10
 
11
  == Description ==
12
 
13
+ Limit Login Attempts Reloaded stops brute-force attacks and optimizes your site performance by limiting the number of login attempts that are possible through the normal login as well as XMLRPC, Woocommerce and custom login pages.
14
 
15
+ This plugin will block an Internet address (IP) and/or username from making further attempts after a specified limit on retries has been reached, making a brute-force attack difficult or impossible.
16
 
17
+ WordPress by default allows unlimited login attempts. This can lead to passwords being easily cracked via brute-force.
18
 
19
+ Limit Login Attempts Reloaded
20
+ > <strong>Limit Login Attempts Reloaded Premium Cloud App</strong><br>
21
+ > Enables cloud protection for Limit Login Attempts Reloaded plugin. It comes with all the great features you'll need to stop hackers and bots from brute-force attacks. The cloud app <a href="https://www.limitloginattempts.com/features/">offers several features</a> including advanced protection out of the box, and the ability for site admins and agencies to sync safelists/blocklists across multiple domains. <a href="https://app.limitloginattempts.com/network/create">Click here to activate the cloud app for the best WordPress security plugin now!</a>
22
 
23
  https://www.youtube.com/watch?v=IsotthPWCPA
24
 
25
  = Features: =
26
+ * Limit the number of retry attempts when logging in (per each IP).
27
+ * Configurable lockout timings.
28
  * Informs the user about the remaining retries or lockout time on the login page.
29
+ * Email notification of blocked attempts.
30
+ * Logging of blocked attempts.
31
+ * Safelist/Blocklist of IPs and Usernames (Support IP ranges).
32
  * Sucuri Website Firewall compatibility.
33
  * **XMLRPC** gateway protection.
34
  * **Woocommerce** login page protection.
36
  * **GDPR** compliant.
37
  * **Custom IP origins** support (Cloudflare, Sucuri, etc.)
38
 
39
+ = Features (Premium Cloud App): =
40
+ * **Performance Optimizer** - Brute-force attacks absorbed in the cloud (Up to 100k requests monthly).
41
+ * **Throttling** - Longer lockout intervals each time a hacker/bot tries to login unsuccessfully.
42
+ * **Auto Backups of All Data**
43
+ * **Intelligent IP Blocking/Unblocking** - Make sure the legitimate IP’s are allowed automatically.
44
+ * **Synchronized Lockouts** - Lockouts can be shared between multiple domains.
45
+ * **Synchronized Safelist/Blocklist** - Safelist/Blocklist can be shared between multiple domains.
46
+ * **Premium Support** - Get answers within 24 hours in our support forum.
47
+ * **Enhanced lockout logs** - A log of lockouts with extra features.
48
+ * **CSV Download of IP Data**
49
+ * **Supports IPV6 Ranges For Safelist/Blocklist**
50
+ * **Unlock The Locked Admin** - Easily unlock the locked admin through the cloud.
51
 
52
  = Upgrading from the old Limit Login Attempts plugin? =
53
  1. Go to the Plugins section in your site's backend.
54
  1. Remove the Limit Login Attempts plugin.
55
  1. Install the Limit Login Attempts Reloaded plugin.
56
 
57
+ All your settings will be kept intact!
58
 
59
  Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.
60
+
61
  Help us bring Limit Login Attempts Reloaded to even more countries.
62
 
63
  Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish
73
 
74
  == Screenshots ==
75
 
76
+ 1. Login screen after a failed login with remaining retries
77
+ 2. Lockout login screen
78
  3. Administration interface in WordPress 5.2.1
79
 
80
  == Frequently Asked Questions ==
81
 
82
  = What do I do if all users get blocked? =
83
 
84
+ If you are using contemporary hosting, it's likely your site uses a proxy domain service like CloudFlare, Sucuri, Nginx, etc. They replace your user's IP address with their own. If the server where your site runs is not configured properly (this happens a lot) all users will get the same IP address. This also applies to bots and hackers. Therefore, locking one user will lead to locking everybody else out. If the plugin is not using our <a href="https://www.limitloginattempts.com/features/">Cloud App</a>, this can be adjusted using the Trusted IP Origin setting. The cloud service intelligently recognizes the non-standard IP origins and handles them correctly, even if your hosting provider does not.
85
 
86
+ = What settings should I use In the plugin? =
87
 
88
  The settings are explained within the plugin in great detail. If you are unsure, use the default settings as they are the recommended ones.
89
 
90
+ = Can I share the safelist/blocklist throughout all of my sites?=
91
 
92
  By default, you will need to copy and paste the lists to each site manually. For the <a href="https://www.limitloginattempts.com/features/">premium service</a>, sites are grouped within the same private cloud account. Each site within that group can be configured if it shares its lockouts and access lists with other group members. The setting is located in the plugin's interface. The default options are recommended.
93
 
97
 
98
  == Changelog ==
99
 
100
+ = 2.19.0 =
101
+ * Refactoring.
102
+ * Feedback message location fixed.
103
+ * Text changes.
104
+
105
  = 2.18.0 =
 
106
  * Cloud API: usage chart added.
107
  * Text changes.
108
 
245
  * Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
246
  * added time stamp to unsuccessful tries on the plugin configuration page.
247
  * fixed .po translation files issue.
248
+ * code refactoring and optimization.
views/tab-settings.php CHANGED
@@ -9,7 +9,6 @@ if( !defined( 'ABSPATH' ) ) exit();
9
  $gdpr = $this->get_option( 'gdpr' );
10
 
11
  $v = explode( ',', $this->get_option( 'lockout_notify' ) );
12
- $log_checked = in_array( 'log', $v ) ? ' checked ' : '';
13
  $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
14
 
15
  $admin_notify_email = $this->get_option( 'admin_notify_email' );
@@ -74,11 +73,6 @@ $active_app_config = $this->get_custom_app_config();
74
  <th scope="row"
75
  valign="top"><?php echo __( 'Notify on lockout', 'limit-login-attempts-reloaded' ); ?></th>
76
  <td>
77
- <?php /*
78
- <input type="checkbox" name="lockout_notify_log" <?php echo $log_checked; ?>
79
- value="log"/> <?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?><br/>
80
- */ ?>
81
-
82
  <input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?>
83
  value="email"/> <?php echo __( 'Email to', 'limit-login-attempts-reloaded' ); ?>
84
  <input type="email" name="admin_notify_email"
@@ -162,7 +156,7 @@ $active_app_config = $this->get_custom_app_config();
162
  <th scope="row"
163
  valign="top"><?php echo __( 'Setup Code', 'limit-login-attempts-reloaded' ); ?></th>
164
  <td>
165
- <input type="text" class="regular-text" id="limit-login-app-setup-link" value="<?php echo ( !empty( $app_setup_code ) ) ? esc_attr( $app_setup_code ) : ''; ?>">
166
  <button class="button" id="limit-login-app-setup"><?php echo __( 'Submit', 'limit-login-attempts-reloaded' ); ?></button>
167
  <span class="spinner llar-app-ajax-spinner"></span><br>
168
  <span class="llar-app-ajax-msg"></span>
@@ -250,11 +244,11 @@ $active_app_config = $this->get_custom_app_config();
250
  $app_ajax_msg.text('').removeClass('success error');
251
  $app_ajax_spinner.css('visibility', 'visible');
252
 
253
- var setup_link = $('#limit-login-app-setup-link').val();
254
 
255
  $.post(ajaxurl, {
256
  action: 'app_setup',
257
- link: setup_link,
258
  sec: '<?php echo esc_js( wp_create_nonce( "llar-action" ) ); ?>'
259
  }, function(response){
260
 
9
  $gdpr = $this->get_option( 'gdpr' );
10
 
11
  $v = explode( ',', $this->get_option( 'lockout_notify' ) );
 
12
  $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
13
 
14
  $admin_notify_email = $this->get_option( 'admin_notify_email' );
73
  <th scope="row"
74
  valign="top"><?php echo __( 'Notify on lockout', 'limit-login-attempts-reloaded' ); ?></th>
75
  <td>
 
 
 
 
 
76
  <input type="checkbox" name="lockout_notify_email" <?php echo $email_checked; ?>
77
  value="email"/> <?php echo __( 'Email to', 'limit-login-attempts-reloaded' ); ?>
78
  <input type="email" name="admin_notify_email"
156
  <th scope="row"
157
  valign="top"><?php echo __( 'Setup Code', 'limit-login-attempts-reloaded' ); ?></th>
158
  <td>
159
+ <input type="text" class="regular-text" id="limit-login-app-setup-code" value="<?php echo ( !empty( $app_setup_code ) ) ? esc_attr( $app_setup_code ) : ''; ?>">
160
  <button class="button" id="limit-login-app-setup"><?php echo __( 'Submit', 'limit-login-attempts-reloaded' ); ?></button>
161
  <span class="spinner llar-app-ajax-spinner"></span><br>
162
  <span class="llar-app-ajax-msg"></span>
244
  $app_ajax_msg.text('').removeClass('success error');
245
  $app_ajax_spinner.css('visibility', 'visible');
246
 
247
+ var setup_code = $('#limit-login-app-setup-code').val();
248
 
249
  $.post(ajaxurl, {
250
  action: 'app_setup',
251
+ code: setup_code,
252
  sec: '<?php echo esc_js( wp_create_nonce( "llar-action" ) ); ?>'
253
  }, function(response){
254