Version Description
- A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.7.1 |
Comparing to | |
See all releases |
Code changes from version 2.7.0 to 2.7.1
- core/LimitLoginAttempts.php +3 -2
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +5 -2
- views/options-page.php +7 -7
core/LimitLoginAttempts.php
CHANGED
@@ -1037,10 +1037,10 @@ class Limit_Login_Attempts
|
|
1037 |
*/
|
1038 |
public function get_address() {
|
1039 |
|
1040 |
-
if ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
|
1041 |
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
1042 |
|
1043 |
-
elseif ( !empty( $_SERVER['HTTP_X_SUCURI_CLIENTIP'] ) )
|
1044 |
$ip = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
|
1045 |
|
1046 |
elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
|
@@ -1050,6 +1050,7 @@ class Limit_Login_Attempts
|
|
1050 |
$ip = '';
|
1051 |
|
1052 |
$ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
|
|
|
1053 |
return $ip;
|
1054 |
}
|
1055 |
|
1037 |
*/
|
1038 |
public function get_address() {
|
1039 |
|
1040 |
+
if ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && filter_var( $_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP ) )
|
1041 |
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
1042 |
|
1043 |
+
elseif ( !empty( $_SERVER['HTTP_X_SUCURI_CLIENTIP'] ) && filter_var( $_SERVER['HTTP_X_SUCURI_CLIENTIP'], FILTER_VALIDATE_IP ) )
|
1044 |
$ip = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
|
1045 |
|
1046 |
elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
|
1050 |
$ip = '';
|
1051 |
|
1052 |
$ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
|
1053 |
+
|
1054 |
return $ip;
|
1055 |
}
|
1056 |
|
limit-login-attempts-reloaded.php
CHANGED
@@ -4,7 +4,7 @@
|
|
4 |
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
5 |
Author: wpchefgadget
|
6 |
Text Domain: limit-login-attempts-reloaded
|
7 |
-
Version: 2.7.
|
8 |
|
9 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2017 WPChef
|
10 |
|
4 |
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
5 |
Author: wpchefgadget
|
6 |
Text Domain: limit-login-attempts-reloaded
|
7 |
+
Version: 2.7.1
|
8 |
|
9 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2017 WPChef
|
10 |
|
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: wpchefgadget
|
3 |
Tags: login, security, authentication, Limit Login Attempts, GDPR, brute-force attack, brute force, login abuse, ddos protection
|
4 |
Requires at least: 3.0
|
5 |
-
Tested up to: 4.9.
|
6 |
-
Stable tag: 2.7.
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
@@ -51,6 +51,9 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
51 |
|
52 |
== Changelog ==
|
53 |
|
|
|
|
|
|
|
54 |
= 2.7.0 =
|
55 |
* GDPR compliance implemented.
|
56 |
|
2 |
Contributors: wpchefgadget
|
3 |
Tags: login, security, authentication, Limit Login Attempts, GDPR, brute-force attack, brute force, login abuse, ddos protection
|
4 |
Requires at least: 3.0
|
5 |
+
Tested up to: 4.9.7
|
6 |
+
Stable tag: 2.7.1
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
51 |
|
52 |
== Changelog ==
|
53 |
|
54 |
+
= 2.7.1 =
|
55 |
+
* A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
|
56 |
+
|
57 |
= 2.7.0 =
|
58 |
* GDPR compliance implemented.
|
59 |
|
views/options-page.php
CHANGED
@@ -138,11 +138,11 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
138 |
<td>
|
139 |
<div class="field-col">
|
140 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
141 |
-
<textarea name="lla_whitelist_ips" rows="10" cols="50"><?php echo $white_list_ips; ?></textarea>
|
142 |
</div>
|
143 |
<div class="field-col">
|
144 |
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
145 |
-
<textarea name="lla_whitelist_usernames" rows="10" cols="50"><?php echo $white_list_usernames; ?></textarea>
|
146 |
</div>
|
147 |
</td>
|
148 |
</tr>
|
@@ -152,11 +152,11 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
152 |
<td>
|
153 |
<div class="field-col">
|
154 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
155 |
-
<textarea name="lla_blacklist_ips" rows="10" cols="50"><?php echo $black_list_ips; ?></textarea>
|
156 |
</div>
|
157 |
<div class="field-col">
|
158 |
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
159 |
-
<textarea name="lla_blacklist_usernames" rows="10" cols="50"><?php echo $black_list_usernames; ?></textarea>
|
160 |
</div>
|
161 |
</td>
|
162 |
</tr>
|
@@ -197,10 +197,10 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
197 |
<tr>
|
198 |
<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $date ); ?></td>
|
199 |
<td class="limit-login-ip">
|
200 |
-
<?php echo $user_info['ip']; ?>
|
201 |
</td>
|
202 |
-
<td class="limit-login-max"><?php echo $user_info['username'] . ' (' . $user_info['counter'] .' lockouts)'; ?></td>
|
203 |
-
<td class="limit-login-gateway"><?php echo $user_info['gateway']; ?></td>
|
204 |
<td>
|
205 |
<?php if ( !empty( $lockouts[ $user_info['ip'] ] ) && $lockouts[ $user_info['ip'] ] > time() ) : ?>
|
206 |
<a href="#" class="button limit-login-unlock" data-ip="<?=esc_attr($user_info['ip'])?>" data-username="<?=esc_attr($user_info['username'])?>">Unlock</a>
|
138 |
<td>
|
139 |
<div class="field-col">
|
140 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
141 |
+
<textarea name="lla_whitelist_ips" rows="10" cols="50"><?php echo esc_textarea( $white_list_ips ); ?></textarea>
|
142 |
</div>
|
143 |
<div class="field-col">
|
144 |
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
145 |
+
<textarea name="lla_whitelist_usernames" rows="10" cols="50"><?php echo esc_textarea( $white_list_usernames ); ?></textarea>
|
146 |
</div>
|
147 |
</td>
|
148 |
</tr>
|
152 |
<td>
|
153 |
<div class="field-col">
|
154 |
<p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
|
155 |
+
<textarea name="lla_blacklist_ips" rows="10" cols="50"><?php echo esc_textarea( $black_list_ips ); ?></textarea>
|
156 |
</div>
|
157 |
<div class="field-col">
|
158 |
<p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
|
159 |
+
<textarea name="lla_blacklist_usernames" rows="10" cols="50"><?php echo esc_textarea( $black_list_usernames ); ?></textarea>
|
160 |
</div>
|
161 |
</td>
|
162 |
</tr>
|
197 |
<tr>
|
198 |
<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $date ); ?></td>
|
199 |
<td class="limit-login-ip">
|
200 |
+
<?php echo esc_html( $user_info['ip'] ); ?>
|
201 |
</td>
|
202 |
+
<td class="limit-login-max"><?php echo esc_html( $user_info['username'] ) . ' (' . esc_html( $user_info['counter'] ) .' lockouts)'; ?></td>
|
203 |
+
<td class="limit-login-gateway"><?php echo esc_html( $user_info['gateway'] ); ?></td>
|
204 |
<td>
|
205 |
<?php if ( !empty( $lockouts[ $user_info['ip'] ] ) && $lockouts[ $user_info['ip'] ] > time() ) : ?>
|
206 |
<a href="#" class="button limit-login-unlock" data-ip="<?=esc_attr($user_info['ip'])?>" data-username="<?=esc_attr($user_info['username'])?>">Unlock</a>
|