Limit Login Attempts Reloaded

Version Description

Improved compatibility with WordFence.
Better handling of HTTP_X_FORWARDED_FOR on Debug tab.
Added option to hide warning badge.

Release Info

Developer	wpchefgadget
Plugin	Limit Login Attempts Reloaded
Version	2.25.3
Comparing to
See all releases

Code changes from version 2.25.2 to 2.25.3

Files changed (5) hide show

core/LimitLoginAttempts.php +32 -13
limit-login-attempts-reloaded.php +1 -1
readme.txt +7 -2
views/tab-debug.php +20 -12
views/tab-settings.php +8 -0

core/LimitLoginAttempts.php CHANGED Viewed

	@@ -46,8 +46,9 @@ class Limit_Login_Attempts {
46
47	'active_app' => 'local',
48	'app_config' => '',
49	- 'show_top_level_menu_item' => true,
50	- 'hide_dashboard_widget' => false,

51	);
52	/**
53	* Admin options page slug
	@@ -255,12 +256,16 @@ class Limit_Login_Attempts {
255
256	if ( $this->network_mode ) {
257	add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
258	- ~~add_action( 'network_admin_menu', array( $this, 'network_setting_menu_alert_icon' ) );~~


259	}
260
261	if ( $this->allow_local_options ) {
262	add_action( 'admin_menu', array( $this, 'admin_menu' ) );
263	- ~~add_action( 'admin_menu', array( $this, 'setting_menu_alert_icon' ) );~~


264	}
265
266	// Add notices for XMLRPC request
	@@ -278,9 +283,10 @@ class Limit_Login_Attempts {
278	add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
279
280	/**
281	- * BuddyPress unactivated user account message

282	*/
283	- add_action( 'authenticate', array( $this, '~~bp_authenticate_filter~~' ), 35, 3 );
284
285	add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
286
	@@ -559,21 +565,31 @@ class Limit_Login_Attempts {
559	}
560
561	/**
562	- * ~~BuddyPress~~ ~~unactivated~~ ~~user~~ ~~account~~ ~~message~~ ~~fix~~
563	- *
564	* @param $user
565	* @param $username
566	* @param $password
567	* @return mixed
568	*/
569	- public function ~~bp_authenticate_filter~~( $user, $username, $password ) {
570
571	if ( ! empty( $username ) && ! empty( $password ) ) {
572
573	- if(is_wp_error($user) ~~&& in_array('bp_account_not_activated', $user->get_error_codes(~~)) ) {



574
575	- $this->other_login_errors[] = $user->get_error_message('bp_account_not_activated');






576	}

577	}
578	return $user;
579	}
	@@ -682,8 +698,10 @@ class Limit_Login_Attempts {
682
683	private function menu_alert_icon() {
684
685	- if( !empty( $_COOKIE['llar_menu_alert_icon_shown'] ) \|\| ~~$this->get_option( 'active_app' ) !== 'local')~~
686	- ~~return~~ '';


687
688	$retries_count = 0;
689	$retries_stats = $this->get_option( 'retries_stats' );
	@@ -1745,6 +1763,7 @@ into a must-use (MU) folder. You can read more <a href="%s" target="_blank">here
1745
1746	$this->update_option('show_top_level_menu_item', ( isset( $_POST['show_top_level_menu_item'] ) ? 1 : 0 ) );
1747	$this->update_option('hide_dashboard_widget', ( isset( $_POST['hide_dashboard_widget'] ) ? 1 : 0 ) );

1748
1749	$this->update_option('allowed_retries', (int)$_POST['allowed_retries'] );
1750	$this->update_option('lockout_duration', (int)$_POST['lockout_duration'] * 60 );


46
47	'active_app' => 'local',
48	'app_config' => '',
49	+ 'show_top_level_menu_item' => true,
50	+ 'hide_dashboard_widget' => false,
51	+ 'show_warning_badge' => true,
52	);
53	/**
54	* Admin options page slug

256
257	if ( $this->network_mode ) {
258	add_action( 'network_admin_menu', array( $this, 'network_admin_menu' ) );
259	+
260	+ if( $this->get_option( 'show_warning_badge' ) )
261	+ add_action( 'network_admin_menu', array( $this, 'network_setting_menu_alert_icon' ) );
262	}
263
264	if ( $this->allow_local_options ) {
265	add_action( 'admin_menu', array( $this, 'admin_menu' ) );
266	+
267	+ if( $this->get_option( 'show_warning_badge' ) )
268	+ add_action( 'admin_menu', array( $this, 'setting_menu_alert_icon' ) );
269	}
270
271	// Add notices for XMLRPC request

283	add_action( 'authenticate', array( $this, 'authenticate_filter' ), 5, 3 );
284
285	/**
286	+ * BuddyPress unactivated user account message fix
287	+ * Wordfence error message fix
288	*/
289	+ add_action( 'authenticate', array( $this, 'authenticate_filter_errors_fix' ), 35, 3 );
290
291	add_action('wp_ajax_limit-login-unlock', array( $this, 'ajax_unlock' ) );
292

565	}
566
567	/**
568	+ * Fix displaying the errors of other plugins
569	+ *
570	* @param $user
571	* @param $username
572	* @param $password
573	* @return mixed
574	*/
575	+ public function authenticate_filter_errors_fix( $user, $username, $password ) {
576
577	if ( ! empty( $username ) && ! empty( $password ) ) {
578
579	+ if( is_wp_error($user) ) {
580	+
581	+ // BuddyPress errors
582	+ if( in_array('bp_account_not_activated', $user->get_error_codes() ) ) {
583
584	+ $this->other_login_errors[] = $user->get_error_message('bp_account_not_activated');
585	+ }
586	+ // Wordfence errors
587	+ else if( in_array('wfls_captcha_verify', $user->get_error_codes() ) ) {
588	+
589	+ $this->other_login_errors[] = $user->get_error_message('wfls_captcha_verify');
590	+ }
591	}
592	+
593	}
594	return $user;
595	}

698
699	private function menu_alert_icon() {
700
701	+ if( !empty( $_COOKIE['llar_menu_alert_icon_shown'] ) \|\|
702	+ $this->get_option( 'active_app' ) !== 'local' \|\|
703	+ !$this->get_option( 'show_warning_badge' ) )
704	+ return '';
705
706	$retries_count = 0;
707	$retries_stats = $this->get_option( 'retries_stats' );

1763
1764	$this->update_option('show_top_level_menu_item', ( isset( $_POST['show_top_level_menu_item'] ) ? 1 : 0 ) );
1765	$this->update_option('hide_dashboard_widget', ( isset( $_POST['hide_dashboard_widget'] ) ? 1 : 0 ) );
1766	+ $this->update_option('show_warning_badge', ( isset( $_POST['show_warning_badge'] ) ? 1 : 0 ) );
1767
1768	$this->update_option('allowed_retries', (int)$_POST['allowed_retries'] );
1769	$this->update_option('lockout_duration', (int)$_POST['lockout_duration'] * 60 );

limit-login-attempts-reloaded.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Description: Block excessive login attempts and protect your site against brute
5	Author: Limit Login Attempts Reloaded
6	Author URI: https://www.limitloginattempts.com/
7	Text Domain: limit-login-attempts-reloaded
8	- Version: 2.25.2
9
10	Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2022 Limit Login Attempts Reloaded
11	*/


5	Author: Limit Login Attempts Reloaded
6	Author URI: https://www.limitloginattempts.com/
7	Text Domain: limit-login-attempts-reloaded
8	+ Version: 2.25.3
9
10	Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2022 Limit Login Attempts Reloaded
11	*/

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: wpchefgadget
3	Donate link: https://www.paypal.com/donate?hosted_button_id=FKD4MYFCMNVQQ
4	Tags: brute force, login, security, firewall, protection
5	Requires at least: 3.0
6	- Tested up to: 5.9
7	- Stable tag: 2.25.2
8
9	Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.
10
	@@ -98,6 +98,11 @@ Please follow this link: <a href="https://www.limitloginattempts.com/resources/"
98
99	== Changelog ==
100





101	= 2.25.2 =
102	* Security indicator fixed for multisite.
103


3	Donate link: https://www.paypal.com/donate?hosted_button_id=FKD4MYFCMNVQQ
4	Tags: brute force, login, security, firewall, protection
5	Requires at least: 3.0
6	+ Tested up to: 6.0
7	+ Stable tag: 2.25.3
8
9	Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.
10

98
99	== Changelog ==
100
101	+ = 2.25.3 =
102	+ * Improved compatibility with WordFence.
103	+ * Better handling of HTTP_X_FORWARDED_FOR on Debug tab.
104	+ * Added option to hide warning badge.
105	+
106	= 2.25.2 =
107	* Security indicator fixed for multisite.
108

views/tab-debug.php CHANGED Viewed

	@@ -9,26 +9,34 @@ if( !defined( 'ABSPATH' ) ) exit();
9	$debug_info = '';
10
11	$ips = $server = array();

12	foreach ($_SERVER as $key => $value) {
13
14	- if( in_array( $key, array( 'SERVER_ADDR' ) ) ) continue;
15
16	- if( ~~$this->is_ip_valid~~( $value ) ) {

17
18	- if(~~!in_array~~($~~value,~~ ~~$ips~~)) {
19
20	- $ips[] = ~~$value;~~
21	- }

22
23	- if( ~~in_array~~( $~~value,~~ ~~array( '127.0.0.1', '0.0.0.0'~~ ) ) )
24	- $server[$key] = ~~$value~~;
25	- ~~else~~
26	- ~~$server[$key] = 'IP'.array_search($value, $ips);~~
27	- }





28	}
29
30	- foreach ($server as $server_key => $ip ) {
31	- $debug_info .= $server_key . ' = ' . $ip . "\n";
32	}
33	?>
34


9	$debug_info = '';
10
11	$ips = $server = array();
12	+
13	foreach ($_SERVER as $key => $value) {
14
15	+ if( in_array( $key, array( 'SERVER_ADDR' ) ) \|\| is_array( $value ) ) continue;
16
17	+ $ips_for_check = array_map( 'trim', explode( ',', $value ) );
18	+ foreach ( $ips_for_check as $ip ) {
19
20	+ if( $this->is_ip_valid( $ip ) ) {
21
22	+ if( !in_array( $ip, $ips ) ) {
23	+ $ips[] = $ip;
24	+ }
25
26	+ if( !isset( $server[$key] ) ) {
27	+ $server[$key] = '';
28	+ }
29	+
30	+ if( in_array( $ip, array( '127.0.0.1', '0.0.0.0' ) ) )
31	+ $server[$key] = $ip;
32	+ else
33	+ $server[$key] .= 'IP'.array_search( $ip, $ips ) . ',';
34	+ }
35	+ }
36	}
37
38	+ foreach ($server as $server_key => $ips ) {
39	+ $debug_info .= $server_key . ' = ' . trim( $ips, ',' ) . "\n";
40	}
41	?>
42

views/tab-settings.php CHANGED Viewed

	@@ -14,6 +14,7 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
14
15	$show_top_level_menu_item = $this->get_option( 'show_top_level_menu_item' );
16	$hide_dashboard_widget = $this->get_option( 'hide_dashboard_widget' );

17
18	$admin_notify_email = $this->get_option( 'admin_notify_email' );
19	$admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get_site_option( 'admin_email' );
	@@ -108,6 +109,13 @@ $active_app_config = $this->get_custom_app_config();
108	<input type="checkbox" name="hide_dashboard_widget" <?php checked( $hide_dashboard_widget ); ?>>
109	</td>
110	</tr>







111	<tr>
112	<th scope="row"
113	valign="top"><?php echo __( 'Active App', 'limit-login-attempts-reloaded' ); ?></th>


14
15	$show_top_level_menu_item = $this->get_option( 'show_top_level_menu_item' );
16	$hide_dashboard_widget = $this->get_option( 'hide_dashboard_widget' );
17	+ $show_warning_badge = $this->get_option( 'show_warning_badge' );
18
19	$admin_notify_email = $this->get_option( 'admin_notify_email' );
20	$admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get_site_option( 'admin_email' );

109	<input type="checkbox" name="hide_dashboard_widget" <?php checked( $hide_dashboard_widget ); ?>>
110	</td>
111	</tr>
112	+ <tr>
113	+ <th scope="row"
114	+ valign="top"><?php echo __( 'Show Warning Badge', 'limit-login-attempts-reloaded' ); ?></th>
115	+ <td>
116	+ <input type="checkbox" name="show_warning_badge" <?php checked( $show_warning_badge ); ?>> <?php _e( '(Reload the page to see the changes)', 'limit-login-attempts-reloaded' ) ?>
117	+ </td>
118	+ </tr>
119	<tr>
120	<th scope="row"
121	valign="top"><?php echo __( 'Active App', 'limit-login-attempts-reloaded' ); ?></th>

Limit Login Attempts Reloaded - Version 2.25.3

Version Description

Release Info

Code changes from version 2.25.2 to 2.25.3