Lockdown WP Admin - Version 1.1

Version Description

Fixed a bug on activating the plugin network wide, we disabled network wide activation.
Cleaned up the plugin and prevented a double loop of the HTTP check, unnecessary.

Release Info

Developer	sean212
Plugin	Lockdown WP Admin
Version	1.1
Comparing to
See all releases

Code changes from version 1.0.2 to 1.1

Files changed (3) hide show

lockdown-wp-admin.php +37 -54
no-wpmu.php +4 -7
readme.txt +6 -2

lockdown-wp-admin.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Lockdown WordPress Admin
4	Plugin URI: http://talkingwithsean.com/lockdown/
5	Description: Securing the WordPress Administration interface.
6	- Version: 1.~~0.2~~
7	Author: Sean Fisher
8	Author URI: http://talkingwithsean.com/
9	License: GPL v3
	@@ -16,28 +16,37 @@ define('LD_FILE_NAME', __FILE__ );
16	* This is the plugin that will add security to our site
17	*
18	* @author Sean Fisher <me@tlksean.me>
19	- * @version 1.0
20	* @license GPL v3
21	**/
22	class WP_LockAuth {
23	/**
24	* The HTTP Auth name for the protected area

25	*
26	* @access public
27	**/
28	public $relm = "Secure Area";
29





30	private $current_user = FALSE;
31
32	function WP_LockAuth()
33	{

34	require_once( dirname( __FILE__ ) .'/no-wpmu.php' );
35

36	add_action('admin_menu', array( &$this, 'add_admin_menu'));
37

38	$this->setup_hide_admin();
39
40	- // ~~Update~~ options
41	$this->update_options();
42	$this->update_users();
43
	@@ -236,25 +245,31 @@ class WP_LockAuth {
236	define('INTERNAL_AUTH_PASSED', TRUE);
237	return;
238	}
239	-

240	if ( is_admin() )
241	{

242	if ( !is_user_logged_in() )
243	{
244	// If they AREN'T logged in and they tried to access wp-admin
245	// we'll just serve them a 404!
246	status_header(404);
247	require( get_404_template() );

248	exit;
249	}
250
251	-
252	- }
253	-
254	- if ( is_admin() )
255	$this->setup_http_area();

256	}
257





258	function get_file()
259	{
260	// We're gonna hide it.
	@@ -274,6 +289,7 @@ class WP_LockAuth {
274	**/
275	function setup_http_area()
276	{

277	$opt = get_option('ld_http_auth');
278
279	switch( $opt )
	@@ -296,7 +312,6 @@ class WP_LockAuth {
296	$this->inauth_headers();
297
298	// Already logged in?
299	- //var_dump( $current_uid, $requested_uid, is_user_logged_in() );
300	if ($current_uid == $requested_uid && is_user_logged_in() )
301	{
302	define('INTERNAL_AUTH_PASSED', TRUE);
	@@ -310,7 +325,7 @@ class WP_LockAuth {
310	$creds['remember'] = true;
311	$user = wp_signon( $creds, false );
312
313	- // In error
314	if ( is_wp_error($user) )
315	$this->inauth_headers();
316
	@@ -357,7 +372,12 @@ class WP_LockAuth {
357	/**
358	* Check an internal array of users against a passed user and pass
359	*
360	- * @access ~~private~~





361	**/
362	function user_array_check( $array, $user, $pass )
363	{
	@@ -393,7 +413,6 @@ class WP_LockAuth {
393	{
394	add_menu_page('Lockdown WP', 'Lockdown WP', 'manage_options', 'lockdown-wp-admin', array( &$this, 'admin_callback'));
395	add_submenu_page( 'lockdown-wp-admin', 'Private Users', 'Private Users', 'manage_options', 'lockdown-private-users', array( &$this, 'sub_admin_callback'));
396	- //add_plugins_page( 'Lockdown WP Admin', 'Lockdown WP Admin', 'manage_options', 'lockdown-wp-admin', array( &$this, 'admin_callback'));
397	}
398
399	/**
	@@ -406,6 +425,11 @@ class WP_LockAuth {
406	require_once( dirname( __FILE__ ) . '/admin.php' );
407	}
408





409	function sub_admin_callback()
410	{
411	$private_users = $this->get_private_users();
	@@ -427,47 +451,6 @@ function ld_setup_auth()
427	{
428	// Setup the object.
429	$auth_obj = new WP_LockAuth();
430	-
431	- // Is wp-login.php
432	- $explode = explode('/', $_SERVER['SCRIPT_FILENAME'] );
433	- $file = end( $explode );
434	- if ( $file === 'async-upload.php' )
435	- {
436	- define('INTERNAL_AUTH_PASSED', TRUE);
437	- return;
438	-
439	- }
440	-
441	- return;
442	- if ( is_admin() )
443	- {
444	- if ( !is_user_logged_in() )
445	- {
446	- // If they AREN'T logged in and they tried to access wp-admin
447	- // we'll just serve them a 404!
448	- status_header(404);
449	- require( get_404_template() );
450	- exit;
451	- }
452	-
453	- $auth_obj->setup();
454	- }
455	-
456	- //add_filter('admin_url', array( $auth_obj, 'filter_wp_admin') );
457	- //add_filter('site_url', array( $auth_obj, 'filter_wp_login') );
458	- }
459	-
460	-
461	- function filter_tb_login_redirect( $str )
462	- {
463	- return str_replace('wp-login.php', 'login-area.php', $str);
464	}
465
466	- add_action('init', 'ld_setup_auth');
467	-
468	- //add_filter('wp_redirect', 'filter_tb_login_redirect');
469	- //add_filter('network_site_url', 'filter_tb_login_redirect');
470	- //add_action('login_head', 'tnt_login_head');
471	- //add_action('init', 'tnt_setup_auth');
472	- //add_action('setup_theme', 'change_tnt_theme');
473	- // add_filter('option_current_theme', 'change_tnt_theme', 100000);


3	Plugin Name: Lockdown WordPress Admin
4	Plugin URI: http://talkingwithsean.com/lockdown/
5	Description: Securing the WordPress Administration interface.
6	+ Version: 1.1
7	Author: Sean Fisher
8	Author URI: http://talkingwithsean.com/
9	License: GPL v3

16	* This is the plugin that will add security to our site
17	*
18	* @author Sean Fisher <me@tlksean.me>
19	+ * @version 1.1
20	* @license GPL v3
21	**/
22	class WP_LockAuth {
23	/**
24	* The HTTP Auth name for the protected area
25	+ * Change this via calling the object, not by editing the file.
26	*
27	* @access public
28	**/
29	public $relm = "Secure Area";
30
31	+ /**
32	+ * The current user ID from our internal array
33	+ *
34	+ * @access private
35	+ **/
36	private $current_user = FALSE;
37
38	function WP_LockAuth()
39	{
40	+ // We don't like adding network wide WordPress plugins.
41	require_once( dirname( __FILE__ ) .'/no-wpmu.php' );
42
43	+ // Add the action to setup the menu.
44	add_action('admin_menu', array( &$this, 'add_admin_menu'));
45
46	+ // Setup the plugin.
47	$this->setup_hide_admin();
48
49	+ // Should we update options here?
50	$this->update_options();
51	$this->update_users();
52

245	define('INTERNAL_AUTH_PASSED', TRUE);
246	return;
247	}
248	+
249	+ // We only will hide it if we are in admin (/wp-admin/)
250	if ( is_admin() )
251	{
252	+ // Non logged in users.
253	if ( !is_user_logged_in() )
254	{
255	// If they AREN'T logged in and they tried to access wp-admin
256	// we'll just serve them a 404!
257	status_header(404);
258	require( get_404_template() );
259	+
260	exit;
261	}
262
263	+ // Setup HTTP auth.



264	$this->setup_http_area();
265	+ }
266	}
267
268	+ /**
269	+ * Get the current file name
270	+ *
271	+ * @return string JUST the file name
272	+ **/
273	function get_file()
274	{
275	// We're gonna hide it.

289	**/
290	function setup_http_area()
291	{
292	+ // We save what type of auth we're doing here.
293	$opt = get_option('ld_http_auth');
294
295	switch( $opt )

312	$this->inauth_headers();
313
314	// Already logged in?

315	if ($current_uid == $requested_uid && is_user_logged_in() )
316	{
317	define('INTERNAL_AUTH_PASSED', TRUE);

325	$creds['remember'] = true;
326	$user = wp_signon( $creds, false );
327
328	+ // In error :(
329	if ( is_wp_error($user) )
330	$this->inauth_headers();
331

372	/**
373	* Check an internal array of users against a passed user and pass
374	*
375	+ * @access public
376	+ * @return bool
377	+ *
378	+ * @param array $array The array of users
379	+ * @param string $user The username to check for
380	+ * @param string $pass The password to check for (plain text)
381	**/
382	function user_array_check( $array, $user, $pass )
383	{

413	{
414	add_menu_page('Lockdown WP', 'Lockdown WP', 'manage_options', 'lockdown-wp-admin', array( &$this, 'admin_callback'));
415	add_submenu_page( 'lockdown-wp-admin', 'Private Users', 'Private Users', 'manage_options', 'lockdown-private-users', array( &$this, 'sub_admin_callback'));

416	}
417
418	/**

425	require_once( dirname( __FILE__ ) . '/admin.php' );
426	}
427
428	+ /**
429	+ * The callback for ther private users management.
430	+ *
431	+ * @access private
432	+ **/
433	function sub_admin_callback()
434	{
435	$private_users = $this->get_private_users();

451	{
452	// Setup the object.
453	$auth_obj = new WP_LockAuth();


































454	}
455
456	+ add_action('init', 'ld_setup_auth');

no-wpmu.php CHANGED Viewed

	@@ -1,9 +1,9 @@
1	<?php
2	/**
3	- * We don't want to allow for this plugin to be used in WP-MS or network wide
4	*
5	* @author Sean Fisher
6	- * @version 1.0
7	**/
8	class Disable_WPMS_Plugin_LD
9	{
	@@ -104,8 +104,5 @@ class Disable_WPMS_Plugin_LD
104	}
105	}
106
107	- ~~function~~ ~~setup_disable_network_wide()~~
108	- {
109	- return new Disable_WPMS_Plugin_LD();
110	- }
111	- setup_disable_network_wide();


1	<?php
2	/**
3	+ * We don't want to allow for this plugin to be used in WP-MS or network wide.
4	*
5	* @author Sean Fisher
6	+ * @version 1.1
7	**/
8	class Disable_WPMS_Plugin_LD
9	{

104	}
105	}
106
107	+ // The object.
108	+ $setup_no_wpmu = new Disable_WPMS_Plugin_LD();

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://talkingwithsean.com/donate/
4	Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
5	Requires at least: 3.0
6	Tested up to: 3.1
7	- Stable tag: 1.~~0.2~~
8
9	This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
10
	@@ -44,4 +44,8 @@ None yet.
44	* Initial release
45
46	= 1.0.1 =
47	- * Fixed a link to a broken file


4	Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
5	Requires at least: 3.0
6	Tested up to: 3.1
7	+ Stable tag: 1.1
8
9	This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
10

44	* Initial release
45
46	= 1.0.1 =
47	+ * Fixed a link to a broken file
48	+
49	+ = 1.1 =
50	+ * Fixed a bug on activating the plugin network wide, we disabled network wide activation.
51	+ * Cleaned up the plugin and prevented a double loop of the HTTP check, unnecessary.