Version Description
- Trusted IP origins option has been added.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.9.0 |
Comparing to | |
See all releases |
Code changes from version 2.8.1 to 2.9.0
- core/LimitLoginAttempts.php +34 -1
- limit-login-attempts-reloaded.php +1 -1
- readme.txt +7 -3
- views/options-page.php +14 -0
core/LimitLoginAttempts.php
CHANGED
@@ -1175,7 +1175,27 @@ class Limit_Login_Attempts
|
|
1175 |
*/
|
1176 |
public function get_address() {
|
1177 |
|
1178 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1179 |
|
1180 |
$ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
|
1181 |
|
@@ -1346,6 +1366,19 @@ class Limit_Login_Attempts
|
|
1346 |
}
|
1347 |
$this->update_option('blacklist_usernames', $black_list_usernames );
|
1348 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1349 |
$notify_methods = array();
|
1350 |
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
1351 |
$notify_methods[] = 'log';
|
1175 |
*/
|
1176 |
public function get_address() {
|
1177 |
|
1178 |
+
$trusted_ip_origins = $this->get_option( 'trusted_ip_origins' );
|
1179 |
+
|
1180 |
+
if( empty( $trusted_ip_origins ) || !is_array( $trusted_ip_origins ) ) {
|
1181 |
+
|
1182 |
+
$trusted_ip_origins = array();
|
1183 |
+
}
|
1184 |
+
|
1185 |
+
if( !in_array( 'REMOTE_ADDR', $trusted_ip_origins ) ) {
|
1186 |
+
|
1187 |
+
$trusted_ip_origins[] = 'REMOTE_ADDR';
|
1188 |
+
}
|
1189 |
+
|
1190 |
+
$ip = '';
|
1191 |
+
foreach ( $trusted_ip_origins as $origin ) {
|
1192 |
+
|
1193 |
+
if( isset( $_SERVER[$origin] ) && !empty( $_SERVER[$origin] ) ) {
|
1194 |
+
|
1195 |
+
$ip = $_SERVER[$origin];
|
1196 |
+
break;
|
1197 |
+
}
|
1198 |
+
}
|
1199 |
|
1200 |
$ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
|
1201 |
|
1366 |
}
|
1367 |
$this->update_option('blacklist_usernames', $black_list_usernames );
|
1368 |
|
1369 |
+
|
1370 |
+
$trusted_ip_origins = ( !empty( $_POST['lla_trusted_ip_origins'] ) )
|
1371 |
+
? array_map( 'trim', explode( ',', sanitize_text_field( $_POST['lla_trusted_ip_origins'] ) ) )
|
1372 |
+
: array();
|
1373 |
+
|
1374 |
+
if( !in_array( 'REMOTE_ADDR', $trusted_ip_origins ) ) {
|
1375 |
+
|
1376 |
+
$trusted_ip_origins[] = 'REMOTE_ADDR';
|
1377 |
+
}
|
1378 |
+
|
1379 |
+
$this->update_option('trusted_ip_origins', $trusted_ip_origins );
|
1380 |
+
|
1381 |
+
|
1382 |
$notify_methods = array();
|
1383 |
if( isset( $_POST[ 'lockout_notify_log' ] ) ) {
|
1384 |
$notify_methods[] = 'log';
|
limit-login-attempts-reloaded.php
CHANGED
@@ -5,7 +5,7 @@ Description: Limit the rate of login attempts, including by way of cookies and f
|
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
-
Version: 2.
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2019 WPChef
|
11 |
*/
|
5 |
Author: WPChef
|
6 |
Author URI: https://wpchef.org
|
7 |
Text Domain: limit-login-attempts-reloaded
|
8 |
+
Version: 2.9.0
|
9 |
|
10 |
Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2019 WPChef
|
11 |
*/
|
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: wpchefgadget
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
-
Tested up to: 5.
|
6 |
-
Stable tag: 2.
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
@@ -25,6 +25,7 @@ Features:
|
|
25 |
* **Woocommerce** login page protection.
|
26 |
* **Multi-site** compatibility with extra MU settings.
|
27 |
* **GDPR** compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).
|
|
|
28 |
|
29 |
= Upgrading from the old Limit Login Attempts plugin =
|
30 |
1. Go to the Plugins section in your site's backend.
|
@@ -46,10 +47,13 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
46 |
|
47 |
1. Loginscreen after a failed login with remaining retries
|
48 |
2. Lockout loginscreen
|
49 |
-
3. Administration interface in WordPress
|
50 |
|
51 |
== Changelog ==
|
52 |
|
|
|
|
|
|
|
53 |
= 2.8.1 =
|
54 |
* Extra lockout options are back.
|
55 |
|
2 |
Contributors: wpchefgadget
|
3 |
Tags: brute force, login, security, GDPR, protection
|
4 |
Requires at least: 3.0
|
5 |
+
Tested up to: 5.2.1
|
6 |
+
Stable tag: 2.9.0
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
|
9 |
|
25 |
* **Woocommerce** login page protection.
|
26 |
* **Multi-site** compatibility with extra MU settings.
|
27 |
* **GDPR** compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).
|
28 |
+
* **Custom IP origins** support (Cloudflare, Sucuri, etc.)
|
29 |
|
30 |
= Upgrading from the old Limit Login Attempts plugin =
|
31 |
1. Go to the Plugins section in your site's backend.
|
47 |
|
48 |
1. Loginscreen after a failed login with remaining retries
|
49 |
2. Lockout loginscreen
|
50 |
+
3. Administration interface in WordPress 5.2.1
|
51 |
|
52 |
== Changelog ==
|
53 |
|
54 |
+
= 2.9.0 =
|
55 |
+
* Trusted IP origins option has been added.
|
56 |
+
|
57 |
= 2.8.1 =
|
58 |
* Extra lockout options are back.
|
59 |
|
views/options-page.php
CHANGED
@@ -31,6 +31,10 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
|
|
31 |
|
32 |
$admin_notify_email = $this->get_option( 'admin_notify_email' );
|
33 |
$admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get_site_option( 'admin_email' );
|
|
|
|
|
|
|
|
|
34 |
?>
|
35 |
<div class="wrap limit-login-page-settings">
|
36 |
<h2><?php echo __( 'Limit Login Attempts Settings', 'limit-login-attempts-reloaded' ); ?></h2>
|
@@ -166,6 +170,16 @@ $admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get
|
|
166 |
</div>
|
167 |
</td>
|
168 |
</tr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
169 |
</table>
|
170 |
<p class="submit">
|
171 |
<input class="button button-primary" name="update_options" value="<?php echo __( 'Save Options', 'limit-login-attempts-reloaded' ); ?>"
|
31 |
|
32 |
$admin_notify_email = $this->get_option( 'admin_notify_email' );
|
33 |
$admin_email_placeholder = (!is_multisite()) ? get_option( 'admin_email' ) : get_site_option( 'admin_email' );
|
34 |
+
|
35 |
+
$trusted_ip_origins = $this->get_option( 'trusted_ip_origins' );
|
36 |
+
$trusted_ip_origins = ( is_array( $trusted_ip_origins ) && !empty( $trusted_ip_origins ) ) ? implode( ", ", $trusted_ip_origins ) : 'REMOTE_ADDR';
|
37 |
+
|
38 |
?>
|
39 |
<div class="wrap limit-login-page-settings">
|
40 |
<h2><?php echo __( 'Limit Login Attempts Settings', 'limit-login-attempts-reloaded' ); ?></h2>
|
170 |
</div>
|
171 |
</td>
|
172 |
</tr>
|
173 |
+
<tr>
|
174 |
+
<th scope="row"
|
175 |
+
valign="top"><?php echo __( 'Trusted IP Origins', 'limit-login-attempts-reloaded' ); ?></th>
|
176 |
+
<td>
|
177 |
+
<div class="field-col">
|
178 |
+
<input type="text" class="regular-text" style="width: 100%;max-width: 431px;" name="lla_trusted_ip_origins" value="<?php echo esc_attr( $trusted_ip_origins ); ?>">
|
179 |
+
<p class="description"><?php _e( 'Specify the origins you trust in order of priority, separated by commas. We strongly recommend that you <b>do not</b> use anything other than REMOTE_ADDR since other origins can be easily faked. Examples: HTTP_X_FORWARDED_FOR, HTTP_CF_CONNECTING_IP, HTTP_X_SUCURI_CLIENTIP', 'limit-login-attempts-reloaded' ); ?></p>
|
180 |
+
</div>
|
181 |
+
</td>
|
182 |
+
</tr>
|
183 |
</table>
|
184 |
<p class="submit">
|
185 |
<input class="button button-primary" name="update_options" value="<?php echo __( 'Save Options', 'limit-login-attempts-reloaded' ); ?>"
|