Lockdown WP Admin - Version 1.0

Version Description

Initial release

Release Info

Developer	sean212
Plugin	Lockdown WP Admin
Version	1.0
Comparing to
See all releases

Version 1.0

Files changed (5) hide show

admin-private-users.php +67 -0
admin.php +39 -0
lockdown-wp-admin.php +473 -0
no-wpmu.php +111 -0
readme.txt +44 -0

admin-private-users.php ADDED Viewed

	@@ -0,0 +1,67 @@


1	+ <div class="wrap">
2	+ <div id="icon-options-general" class="icon32"></div><h2>HTTP Authentication Private Users</h2>
3	+
4	+ <?php
5	+ // Did we update?
6	+ if ( isset( $_GET['updated'] ) ) { ?>
7	+ <div class="updated fade"><p>Updated!</p></div>
8	+ <?php }
9	+
10	+ // Error message?
11	+ if ( isset( $_GET['error'] ) && $_GET['error'] == 'delete-self') { ?>
12	+ <div class="error fade"><p>You can't delete yourself!</p></div>
13	+ <?php } ?>
14	+
15	+ <form method="POST" action="<?php echo admin_url('admin.php?page=lockdown-private-users'); ?>"> <p>Adding users below will <em>only</em> work if you have "Private Usernames/Passwords" selected for HTTP Authentication.</p>
16	+
17	+ <p><strong>Please note a few things:</strong>
18	+ <ul>
19	+ <li>1. If you are ever locked out, you can just delete the plugin files via FTP (<code>/wp-content/plugins/lockdown-wp-admin/</code>) and you will be able to login again.</li>
20	+ <li>2. You cannot delete the current HTTP Authentication username you are using right now.</li>
21	+
22	+ <li>3. Private user HTTP Authentication will not work if you don't have a username added below.</li>
23	+ </ul>
24	+ </p>
25	+
26	+ <table class="widefat">
27	+ <thead>
28	+ <tr>
29	+ <th>Username</th>
30	+ <th>Action</th>
31	+
32	+ </tr>
33	+ </thead>
34	+
35	+ <tfoot>
36	+
37	+ <tr>
38	+ <th>Username</th>
39	+ <th>Action</th>
40	+ </tr>
41	+
42	+ </tfoot>
43	+ <tbody>
44	+ <?php if ( isset( $private_users ) && count( $private_users ) > 0 ) : ?>
45	+ <?php foreach( $private_users as $key => $user ) { ?>
46	+ <tr>
47	+ <td><?php echo $user['user']; ?></td>
48	+ <td><a href="admin.php?page=<?php echo $_GET['page']; ?>&delete=<?php echo $key; ?>&hash=<?php echo wp_hash(get_current_user_id()); ?>">Delete</a></td>
49	+ </tr><?php } endif; ?>
50	+ </tbody>
51	+ </table>
52	+
53	+ <h4>Add a Private User</h4>
54	+ <p>To add a user, fill out the username and password below and click "Save Options" below.</p>
55	+ <label><input type="text" name="private_username" /> New Username</label><br />
56	+ <label><input type="password" name="private_password" /> New Password</label>
57	+
58	+ <div class="clear"></div><br />
59	+
60	+
61	+ <input type="hidden" name="did_update" value="yes_we_did">
62	+
63	+ <input class='button-primary' type='submit' name='Save' value='<?php _e('Save Options'); ?>' id='submitbutton' />
64	+
65	+
66	+ </form>
67	+ </div>

admin.php ADDED Viewed

	@@ -0,0 +1,39 @@


1	+ <div class="wrap">
2	+ <div id="icon-options-general" class="icon32"></div><h2>Lockdown WordPress Admin</h2>
3	+
4	+ <?php if ( isset( $_GET['updated'] ) ) { ?>
5	+ <div class="updated fade"><p>Options updated!</p></div>
6	+ <?php } ?>
7	+
8	+ <p>We are going to help make WordPress a bit more secure.</p>
9	+ <form method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
10	+
11	+ <h3>Hide WP Admin</h3>
12	+ <p>We can "hide" WordPress's administration interface from the public. If you enable this, when you access <code><?php echo admin_url(); ?></code> when you <strong>aren't</strong> logged in, you will recieve a <a href="http://en.wikipedia.org/wiki/HTTP_404">404 error page</a> instead of redirecting to the login page.</p>
13	+
14	+ <label><input type="checkbox" name="hide_wp_admin" value="yep" <?php if ( get_option('ld_hide_wp_admin') === 'yep' ) { ?> checked <?php } ?>> Yes, please hide WP Admin from the user when they aren't logged in.</label>
15	+
16	+ <h3>HTTP Authentication</h3>
17	+ <p>Please read about HTTP Authentication on <a href="http://en.wikipedia.org/wiki/Basic_access_authentication">http://en.wikipedia.org/wiki/Basic_access_authentication</a>.</p>
18	+
19	+ <?php $http_auth_type = get_option('ld_http_auth'); ?>
20	+ <label><input name="http_auth" type="radio" value="none" <?php if ( $http_auth_type === '' \|\| $http_auth_type === 'none' \|\| !$http_auth_type ) { ?>checked<?php } ?>> Disable HTTP Auth.</label>
21	+ <div class="clear"></div>
22	+ <label><input type="radio" name="http_auth" <?php if ( $http_auth_type === 'wp_creds' ) { ?>checked<?php } ?> value="wp_creds"> WordPress Login Credentials</label>
23	+ <div class="clear"></div>
24	+ <label><input type="radio" name="http_auth" <?php if ( $http_auth_type === 'private' ) { ?>checked<?php } ?> value="private"> Private Usernames/Passwords</label>
25	+ <div class="clear"></div>
26	+
27	+ <br>
28	+
29	+
30	+
31	+
32	+ <input type="hidden" name="did_update" value="yes_we_did">
33	+
34	+ <input class='button-primary' type='submit' name='Save' value='<?php _e('Save Options'); ?>' id='submitbutton' />
35	+
36	+
37	+ </form>
38	+
39	+ </div>

lockdown-wp-admin.php ADDED Viewed

	@@ -0,0 +1,473 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: Lockdown WordPress Admin
4	+ Plugin URI: http://talkingwithsean.com/lockdown/
5	+ Description: Securing the WordPress Administration interface.
6	+ Version: 1.0
7	+ Author: Sean Fisher
8	+ Author URI: http://talkingwithsean.com/
9	+ License: GPL v3
10	+ */
11	+
12	+ // This file name
13	+ define('LD_FILE_NAME', __FILE__ );
14	+
15	+ /**
16	+ * This is the plugin that will add security to our site
17	+ *
18	+ * @author Sean Fisher <me@tlksean.me>
19	+ * @version 1.0
20	+ * @license GPL v3
21	+ **/
22	+ class WP_LockAuth {
23	+ /**
24	+ * The HTTP Auth name for the protected area
25	+ *
26	+ * @access public
27	+ **/
28	+ public $relm = "Secure Area";
29	+
30	+ private $current_user = FALSE;
31	+
32	+ function WP_LockAuth()
33	+ {
34	+ require_once( dirname( __FILE__ ) .'/no-wpmu.php' );
35	+
36	+ add_action('admin_menu', array( &$this, 'add_admin_menu'));
37	+
38	+ $this->setup_hide_admin();
39	+
40	+ // Update options
41	+ $this->update_options();
42	+ $this->update_users();
43	+
44	+ }
45	+
46	+ /**
47	+ * Update the users
48	+ *
49	+ * @access private
50	+ **/
51	+ function update_users()
52	+ {
53	+ if ( !isset( $_GET['page'] ) )
54	+ return;
55	+
56	+ if ( $_GET['page'] !== 'lockdown-private-users' )
57	+ return;
58	+
59	+ // Add a user
60	+ if ( isset( $_POST['private_username'] ) && isset( $_POST['private_password'] ) )
61	+ {
62	+ if ( $_POST['private_username'] !== '' && $_POST['private_password'] !== '' )
63	+ {
64	+ // Adding a user.
65	+ $users = $this->get_private_users();
66	+ $add['user'] = sanitize_user( $_POST['private_username'] );
67	+ $add['pass'] = trim( md5( $_POST['private_password'] ) );
68	+
69	+ $users[] = $add;
70	+
71	+ update_option('ld_private_users', $users);
72	+
73	+ wp_redirect( admin_url('admin.php?page=lockdown-private-users&updated=true'));
74	+ return;
75	+ }
76	+ }
77	+
78	+ // Deleting a user.
79	+ if ( isset( $_GET['delete'] ) && isset( $_GET['hash'] ) )
80	+ {
81	+ // Check hash
82	+ if ( $_GET['hash'] !== wp_hash(get_current_user_id()) )
83	+ return;
84	+
85	+ // Delete the user.
86	+ unset( $users );
87	+ $users = $this->get_private_users();
88	+ $to_delete = (int) $_GET['delete'];
89	+
90	+ if ( count( $users ) > 0 )
91	+ {
92	+ foreach( $users as $key => $val )
93	+ {
94	+ if ( $key === $to_delete ) :
95	+ if( $this->current_user !== '' && $to_delete === $this->current_user )
96	+ {
97	+ // They can't delete themselves!
98	+ wp_redirect( admin_url('admin.php?page=lockdown-private-users&error=delete-self'));
99	+ return;
100	+ }
101	+
102	+ unset( $users[$key] );
103	+ endif;
104	+ }
105	+ }
106	+
107	+ update_option('ld_private_users', $users);
108	+
109	+ wp_redirect( admin_url('admin.php?page=lockdown-private-users&updated=true'));
110	+ return;
111	+ }
112	+ }
113	+
114	+ /**
115	+ * Update the options
116	+ *
117	+ * @access private
118	+ **/
119	+ function update_options()
120	+ {
121	+ if ( !isset( $_GET['page'] ) )
122	+ return;
123	+
124	+ if ( $_GET['page'] !== 'lockdown-wp-admin' )
125	+ return;
126	+
127	+ if ( !isset( $_POST['did_update'] ) )
128	+ return;
129	+
130	+ // They're updating.
131	+ if ( isset( $_POST['http_auth'] ) )
132	+ update_option('ld_http_auth', trim( strtolower( $_POST['http_auth'] ) ) );
133	+ else
134	+ update_option('ld_http_auth', 'none' );
135	+
136	+ if ( !isset( $_POST['hide_wp_admin'] ) )
137	+ {
138	+ update_option('ld_hide_wp_admin', 'nope');
139	+ }
140	+ else
141	+ {
142	+ if ( $_POST['hide_wp_admin'] === 'yep' )
143	+ update_option('ld_hide_wp_admin', 'yep');
144	+ else
145	+ update_option('ld_hide_wp_admin', 'nope');
146	+ }
147	+
148	+ // Redirect
149	+ wp_redirect( admin_url( 'plugins.php?page=lockdown-wp-admin&updated=true' ) );
150	+ return;
151	+ }
152	+
153	+ /**
154	+ * Send headers to the browser that are going to ask for a username/pass
155	+ * from the browser.
156	+ *
157	+ * @access private
158	+ * @return void
159	+ **/
160	+ private function inauth_headers()
161	+ {
162	+ header('WWW-Authenticate: Basic realm="'.$this->relm.'"');
163	+ header('HTTP/1.0 401 Unauthorized');
164	+ echo '<h1>Authorization Required.</h1>';
165	+ exit;
166	+ }
167	+
168	+ /**
169	+ * Check for a HTTP auth session
170	+ *
171	+ * If they find one, we will setup the 'INTERNAL_AUTH_PASSED' constant.
172	+ * If they failed, it will send the HTTP auth headers to get the username/
173	+ * password.
174	+ *
175	+ * @uses self::inauth_headers() When we need the username/pass
176	+ * @access public
177	+ **/
178	+ public function setup()
179	+ {
180	+ /* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
181	+ if ((!isset($_SERVER['PHP_AUTH_USER'])) \|\| (!isset($_SERVER['PHP_AUTH_PW']))) {
182	+ $this->inauth_headers();
183	+
184	+ } else if ((isset($_SERVER['PHP_AUTH_USER'])) && (isset($_SERVER['PHP_AUTH_PW']))){
185	+
186	+ /* Values contain some values, so check to see if they're correct */
187	+
188	+ if (($_SERVER['PHP_AUTH_USER'] != $this->current_user) \|\| (md5($_SERVER['PHP_AUTH_PW']) != $this->current_pass)) {
189	+ /* If either the username entered is incorrect, or the password entered is incorrect, send the headers causing dialog box to appear */
190	+ $this->inauth_headers();
191	+
192	+ } else if (($_SERVER['PHP_AUTH_USER'] === $this->current_user) \|\| ( md5($_SERVER['PHP_AUTH_PW'] ) === $this->current_pass)) {
193	+
194	+ /* if both values are correct, print success message */
195	+ // We're good here!
196	+ define('INTERNAL_AUTH_PASSED', TRUE);
197	+ }
198	+ }
199	+ }
200	+
201	+ /**
202	+ * Get the users for the private creds
203	+ *
204	+ * @access private
205	+ **/
206	+ function get_private_users()
207	+ {
208	+ $opt = get_option('ld_private_users');
209	+ if ( !is_array( $opt ) )
210	+ return array();
211	+
212	+ return $opt;
213	+ }
214	+
215	+ /**
216	+ * Setup hiding wp-admin
217	+ *
218	+ * @access void
219	+ **/
220	+ function setup_hide_admin()
221	+ {
222	+ $opt = get_option('ld_hide_wp_admin');
223	+
224	+ // Nope!
225	+ if ( $opt !== 'yep' )
226	+ return;
227	+
228	+ // We're gonna hide it.
229	+ $no_check_files = array('async-upload.php');
230	+ $no_check_files = apply_filters('no_check_files', $no_check_files);
231	+
232	+ $explode = explode('/', $_SERVER['SCRIPT_FILENAME'] );
233	+ $file = end( $explode );
234	+ if ( in_array( $file, $no_check_files ) )
235	+ {
236	+ define('INTERNAL_AUTH_PASSED', TRUE);
237	+ return;
238	+ }
239	+
240	+ if ( is_admin() )
241	+ {
242	+ if ( !is_user_logged_in() )
243	+ {
244	+ // If they AREN'T logged in and they tried to access wp-admin
245	+ // we'll just serve them a 404!
246	+ status_header(404);
247	+ require( get_404_template() );
248	+ exit;
249	+ }
250	+
251	+
252	+ }
253	+
254	+ if ( is_admin() )
255	+ $this->setup_http_area();
256	+ }
257	+
258	+ function get_file()
259	+ {
260	+ // We're gonna hide it.
261	+ $no_check_files = array('async-upload.php');
262	+ $no_check_files = apply_filters('no_check_files', $no_check_files);
263	+
264	+ $explode = explode('/', $_SERVER['SCRIPT_FILENAME'] );
265	+ return end( $explode );
266	+ }
267	+
268	+ /**
269	+ * Setting up the HTTP Auth
270	+ *
271	+ * Here, we only check if it's enabled
272	+ *
273	+ * @access private
274	+ **/
275	+ function setup_http_area()
276	+ {
277	+ $opt = get_option('ld_http_auth');
278	+
279	+ switch( $opt )
280	+ {
281	+ // HTTP auth is going to ask for their WordPress creds.
282	+ case('wp_creds');
283	+
284	+ /* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
285	+ if ((!isset($_SERVER['PHP_AUTH_USER'])) \|\| (!isset($_SERVER['PHP_AUTH_PW']))) {
286	+ $this->inauth_headers();
287	+
288	+ } else if ((isset($_SERVER['PHP_AUTH_USER'])) && (isset($_SERVER['PHP_AUTH_PW']))){
289	+
290	+ // Are they already logged in as this?
291	+ $current_uid = get_current_user_id();
292	+ $requested_uid = get_user_id_from_string($_SERVER['PHP_AUTH_USER']);
293	+
294	+ // Not a valid user.
295	+ if ( $requested_uid === null \|\| !$requested_uid )
296	+ $this->inauth_headers();
297	+
298	+ // Already logged in?
299	+ //var_dump( $current_uid, $requested_uid, is_user_logged_in() );
300	+ if ($current_uid == $requested_uid && is_user_logged_in() )
301	+ {
302	+ define('INTERNAL_AUTH_PASSED', TRUE);
303	+ return;
304	+ }
305	+
306	+ // Try it via wp_signon
307	+ $creds = array();
308	+ $creds['user_login'] = $_SERVER['PHP_AUTH_USER'];
309	+ $creds['user_password'] = $_SERVER['PHP_AUTH_PW'];
310	+ $creds['remember'] = true;
311	+ $user = wp_signon( $creds, false );
312	+
313	+ // In error
314	+ if ( is_wp_error($user) )
315	+ $this->inauth_headers();
316	+
317	+ // They passed!
318	+ define('INTERNAL_AUTH_PASSED', TRUE);
319	+ }
320	+ break;
321	+
322	+ case('private');
323	+ $users = $this->get_private_users();
324	+
325	+ // We want a user to exist
326	+ // If nobody is found, we won't lock them out!
327	+ if ( !$users \|\| !is_array( $users ) )
328	+ return;
329	+
330	+ // Let's NOT lock everybody out
331	+ if ( count( $users ) === 0 )
332	+ return;
333	+
334	+ /* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
335	+ if ( !isset( $_SERVER['PHP_AUTH_USER'] ) \|\| !isset( $_SERVER['PHP_AUTH_PW'] ) )
336	+ $this->inauth_headers();
337	+
338	+ // Did they enter a valid user?
339	+ if ( $this->user_array_check( $users, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) )
340	+ {
341	+ // Yes!!
342	+ define('INTERNAL_AUTH_PASSED', TRUE);
343	+ $this->set_current_user( $users, $_SERVER['PHP_AUTH_USER'] );
344	+ return;
345	+ }
346	+ else
347	+ {
348	+ // Nope
349	+ $this->inauth_headers();
350	+ return;
351	+ }
352	+
353	+ break;
354	+ }
355	+
356	+ }
357	+ /**
358	+ * Check an internal array of users against a passed user and pass
359	+ *
360	+ * @access private
361	+ **/
362	+ function user_array_check( $array, $user, $pass )
363	+ {
364	+ foreach( $array as $key => $val )
365	+ {
366	+ if ( $val['user'] === $user && md5( $pass ) === $val['pass'] )
367	+ return TRUE;
368	+ }
369	+
370	+ return FALSE;
371	+ }
372	+
373	+ /**
374	+ * Set the current user
375	+ *
376	+ * @access private
377	+ **/
378	+ function set_current_user( $array, $user )
379	+ {
380	+ foreach( $array as $key => $val )
381	+ {
382	+ if ( $val['user'] === $user )
383	+ $this->current_user = $key;
384	+ }
385	+ }
386	+
387	+ /**
388	+ * Adds the admin menu
389	+ *
390	+ * @acces private
391	+ **/
392	+ function add_admin_menu()
393	+ {
394	+ add_menu_page('Lockdown WP', 'Lockdown WP', 'manage_options', 'lockdown-wp-admin', array( &$this, 'admin_callback'));
395	+ add_submenu_page( 'lockdown-wp-admin', 'Private Users', 'Private Users', 'manage_options', 'lockdown-private-users', array( &$this, 'sub_admin_callback'));
396	+ //add_plugins_page( 'Lockdown WP Admin', 'Lockdown WP Admin', 'manage_options', 'lockdown-wp-admin', array( &$this, 'admin_callback'));
397	+ }
398	+
399	+ /**
400	+ * The callback for the admin area
401	+ *
402	+ * @access private
403	+ **/
404	+ function admin_callback()
405	+ {
406	+ require_once( dirname( __FILE__ ) . '/admin.php' );
407	+ }
408	+
409	+ function sub_admin_callback()
410	+ {
411	+ $private_users = $this->get_private_users();
412	+ require_once( dirname( __FILE__ ) . '/admin-private-users.php' );
413	+ }
414	+ }
415	+
416	+ /**
417	+ * The function called at 'init'.
418	+ *
419	+ * Sets up the object
420	+ *
421	+ * @return void
422	+ * @access private
423	+ * @version 1.0
424	+ * @see do_action() Called by the 'init' hook'
425	+ **/
426	+ function ld_setup_auth()
427	+ {
428	+ // Setup the object.
429	+ $auth_obj = new WP_LockAuth();
430	+
431	+ // Is wp-login.php
432	+ $explode = explode('/', $_SERVER['SCRIPT_FILENAME'] );
433	+ $file = end( $explode );
434	+ if ( $file === 'async-upload.php' )
435	+ {
436	+ define('INTERNAL_AUTH_PASSED', TRUE);
437	+ return;
438	+
439	+ }
440	+
441	+ return;
442	+ if ( is_admin() )
443	+ {
444	+ if ( !is_user_logged_in() )
445	+ {
446	+ // If they AREN'T logged in and they tried to access wp-admin
447	+ // we'll just serve them a 404!
448	+ status_header(404);
449	+ require( get_404_template() );
450	+ exit;
451	+ }
452	+
453	+ $auth_obj->setup();
454	+ }
455	+
456	+ //add_filter('admin_url', array( $auth_obj, 'filter_wp_admin') );
457	+ //add_filter('site_url', array( $auth_obj, 'filter_wp_login') );
458	+ }
459	+
460	+
461	+ function filter_tb_login_redirect( $str )
462	+ {
463	+ return str_replace('wp-login.php', 'login-area.php', $str);
464	+ }
465	+
466	+ add_action('init', 'ld_setup_auth');
467	+
468	+ //add_filter('wp_redirect', 'filter_tb_login_redirect');
469	+ //add_filter('network_site_url', 'filter_tb_login_redirect');
470	+ //add_action('login_head', 'tnt_login_head');
471	+ //add_action('init', 'tnt_setup_auth');
472	+ //add_action('setup_theme', 'change_tnt_theme');
473	+ // add_filter('option_current_theme', 'change_tnt_theme', 100000);

no-wpmu.php ADDED Viewed

	@@ -0,0 +1,111 @@


1	+ <?php
2	+ /**
3	+ * We don't want to allow for this plugin to be used in WP-MS or network wide
4	+ *
5	+ * @author Sean Fisher
6	+ * @version 1.0
7	+ **/
8	+ class Disable_WPMS_Plugin_LD
9	+ {
10	+ /**
11	+ * PHP 4 style constructor
12	+ *
13	+ * @access private
14	+ * @return void
15	+ **/
16	+ function Disable_WPMS_Plugin_LD()
17	+ {
18	+ register_activation_hook(LD_FILE_NAME, array( &$this, 'on_activate') );
19	+ }
20	+
21	+ /**
22	+ * Called when activating the plugin
23	+ *
24	+ * @access private
25	+ **/
26	+ function on_activate()
27	+ {
28	+ /**
29	+ * Disable buggy sitewide activation in WPMU and WP 3.0
30	+ */
31	+ if ((is_multisite() && isset($_GET['sitewide'])) \|\| ($this->is_network_mode() && isset($_GET['networkwide']))) {
32	+ $this->network_activate_error();
33	+ }
34	+
35	+ // Default options
36	+ update_option('ld_http_auth', 'none');
37	+ update_option('ld_hide_wp_admin', 'no');
38	+ }
39	+
40	+ /**
41	+ * De-activate a plugin
42	+ *
43	+ * @access private
44	+ **/
45	+ function network_activate_error()
46	+ {
47	+ // De-activate the plugin
48	+ $active_plugins = (array) get_option('active_plugins');
49	+ $active_plugins_network = (array) get_site_option('active_sitewide_plugins');
50	+
51	+ // workaround for WPMU deactivation bug
52	+ remove_action('deactivate_' . LD_FILE_NAME, 'deactivate_sitewide_plugin');
53	+
54	+ do_action('deactivate_plugin', LD_FILE_NAME);
55	+
56	+ $key = array_search(LD_FILE_NAME, $active_plugins);
57	+
58	+ if ($key !== false) {
59	+ array_splice($active_plugins, $key, 1);
60	+ }
61	+
62	+ unset($active_plugins_network[LD_FILE_NAME]);
63	+
64	+ do_action('deactivate_' . LD_FILE_NAME);
65	+ do_action('deactivated_plugin', LD_FILE_NAME);
66	+
67	+ update_option('active_plugins', $active_plugins);
68	+ update_site_option('active_sitewide_plugins', $active_plugins_network);
69	+
70	+ ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
71	+ <html xmlns="http://www.w3.org/1999/xhtml">
72	+ <head>
73	+ <title>Network Activation Error</title>
74	+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
75	+ </head>
76	+ <body>
77	+ <p>
78	+ <strong>Error:</strong> This plugin cannot be activated network-wide.
79	+ </p>
80	+ <p>
81	+ <a href="javascript:history.back(-1);">Back</a>
82	+ </p>
83	+ </body>
84	+ </html>
85	+ <?php
86	+ exit();
87	+ }
88	+
89	+ /**
90	+ * Returns true if it's WP with enabled Network mode
91	+ *
92	+ * @return boolean
93	+ * @author W3 Total Cache
94	+ */
95	+ function is_network_mode()
96	+ {
97	+ static $network_mode = null;
98	+
99	+ if ($network_mode === null) {
100	+ $network_mode = (defined('MULTISITE') && MULTISITE);
101	+ }
102	+
103	+ return $network_mode;
104	+ }
105	+ }
106	+
107	+ function setup_disable_network_wide()
108	+ {
109	+ return new Disable_WPMS_Plugin_LD();
110	+ }
111	+ setup_disable_network_wide();

readme.txt ADDED Viewed

	@@ -0,0 +1,44 @@


1	+ === Lockdown WP Admin ===
2	+ Contributors: sean212
3	+ Donate link: http://talkingwithsean.com/donate/
4	+ Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
5	+ Requires at least: 3.0
6	+ Tested up to: 3.1
7	+ Stable tag: 1.0
8	+
9	+ This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
10	+
11	+ Also, you can add HTTP authentication directly from WP admin and add custom username/password combinations for the HTTP auth, or use the WordPress credentials.
12	+
13	+ This doesn't touch any .htaccess files or change the WordPress core files. All the CSS/Images under /wp-admin/ are still accessible, just not the .php ones.
14	+
15	+ If you enable HTTP authencation, it will add HTTP auth to wthe PHP files in /wp-admin/
16	+
17	+ == Description ==
18	+
19	+ This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
20	+
21	+ Also, you can add HTTP authentication directly from WP admin and add custom username/password combinations for the HTTP auth, or use the WordPress credentials.
22	+
23	+ This doesn't touch any .htaccess files or change the WordPress core files. All the CSS/Images under /wp-admin/ are still accessible, just not the .php ones.
24	+
25	+ If you enable HTTP authencation, it will add HTTP auth to the PHP files in /wp-admin/
26	+
27	+ == Installation ==
28	+
29	+ 1. Upload `/lockdown-wp-admin/` to the `/wp-content/plugins/` directory
30	+ 2. Activate the plugin through the 'Plugins' menu in WordPress
31	+ 3. Navigate to the "Lockdown WP" menu
32	+
33	+ == Frequently Asked Questions ==
34	+
35	+ None yet.
36	+
37	+ == Screenshots ==
38	+
39	+ None yet.
40	+
41	+ == Changelog ==
42	+
43	+ = 1.0 =
44	+ * Initial release