Version Description
Download this release
Release Info
| Developer | sean212 |
| Plugin |  Lockdown WP Admin |
| Version | 1.1.2 |
| Comparing to | |
| See all releases | |
Code changes from version 1.1 to 1.1.2
- lockdown-wp-admin.php +30 -24
- readme.txt +1 -1
lockdown-wp-admin.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Lockdown WordPress Admin
|
| 4 |
Plugin URI: http://talkingwithsean.com/lockdown/
|
| 5 |
Description: Securing the WordPress Administration interface.
|
| 6 |
-
Version: 1.1
|
| 7 |
Author: Sean Fisher
|
| 8 |
Author URI: http://talkingwithsean.com/
|
| 9 |
License: GPL v3
|
|
@@ -16,7 +16,7 @@ define('LD_FILE_NAME', __FILE__ );
|
|
| 16 |
* This is the plugin that will add security to our site
|
| 17 |
*
|
| 18 |
* @author Sean Fisher <me@tlksean.me>
|
| 19 |
-
* @version 1.1
|
| 20 |
* @license GPL v3
|
| 21 |
**/
|
| 22 |
class WP_LockAuth {
|
|
@@ -25,6 +25,7 @@ class WP_LockAuth {
|
|
| 25 |
* Change this via calling the object, not by editing the file.
|
| 26 |
*
|
| 27 |
* @access public
|
|
|
|
| 28 |
**/
|
| 29 |
public $relm = "Secure Area";
|
| 30 |
|
|
@@ -298,26 +299,31 @@ class WP_LockAuth {
|
|
| 298 |
case('wp_creds');
|
| 299 |
|
| 300 |
/* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
|
| 301 |
-
if (
|
| 302 |
$this->inauth_headers();
|
| 303 |
|
| 304 |
-
|
| 305 |
-
|
| 306 |
-
|
| 307 |
-
|
| 308 |
-
|
| 309 |
-
|
| 310 |
-
|
| 311 |
-
|
| 312 |
-
|
| 313 |
-
|
| 314 |
-
|
| 315 |
-
|
| 316 |
-
|
| 317 |
-
|
| 318 |
-
|
| 319 |
-
|
| 320 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 321 |
// Try it via wp_signon
|
| 322 |
$creds = array();
|
| 323 |
$creds['user_login'] = $_SERVER['PHP_AUTH_USER'];
|
|
@@ -328,10 +334,10 @@ class WP_LockAuth {
|
|
| 328 |
// In error :(
|
| 329 |
if ( is_wp_error($user) )
|
| 330 |
$this->inauth_headers();
|
| 331 |
-
|
| 332 |
-
|
| 333 |
-
|
| 334 |
-
|
| 335 |
break;
|
| 336 |
|
| 337 |
case('private');
|
| 3 |
Plugin Name: Lockdown WordPress Admin
|
| 4 |
Plugin URI: http://talkingwithsean.com/lockdown/
|
| 5 |
Description: Securing the WordPress Administration interface.
|
| 6 |
+
Version: 1.1.2
|
| 7 |
Author: Sean Fisher
|
| 8 |
Author URI: http://talkingwithsean.com/
|
| 9 |
License: GPL v3
|
| 16 |
* This is the plugin that will add security to our site
|
| 17 |
*
|
| 18 |
* @author Sean Fisher <me@tlksean.me>
|
| 19 |
+
* @version 1.1.2
|
| 20 |
* @license GPL v3
|
| 21 |
**/
|
| 22 |
class WP_LockAuth {
|
| 25 |
* Change this via calling the object, not by editing the file.
|
| 26 |
*
|
| 27 |
* @access public
|
| 28 |
+
* @global string
|
| 29 |
**/
|
| 30 |
public $relm = "Secure Area";
|
| 31 |
|
| 299 |
case('wp_creds');
|
| 300 |
|
| 301 |
/* Check for values in $PHP_AUTH_USER and $PHP_AUTH_PW */
|
| 302 |
+
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
|
| 303 |
$this->inauth_headers();
|
| 304 |
|
| 305 |
+
// Are they already logged in as this?
|
| 306 |
+
$current_uid = get_current_user_id();
|
| 307 |
+
|
| 308 |
+
// We fixed this for use with non WP-MS sites
|
| 309 |
+
$requested_user = get_user_by('login', $_SERVER['PHP_AUTH_USER']);
|
| 310 |
+
|
| 311 |
+
// Not a valid user.
|
| 312 |
+
if ( !$requested_user )
|
| 313 |
+
$this->inauth_headers();
|
| 314 |
+
|
| 315 |
+
// The correct User ID.
|
| 316 |
+
$requested_uid = (int) $requested_user->ID;
|
| 317 |
+
|
| 318 |
+
// Already logged in?
|
| 319 |
+
if ( $current_uid === $requested_uid )
|
| 320 |
+
{
|
| 321 |
+
define('INTERNAL_AUTH_PASSED', TRUE);
|
| 322 |
+
return;
|
| 323 |
+
}
|
| 324 |
+
|
| 325 |
+
// Attempt to sign them in if they aren't alerady
|
| 326 |
+
if ( !is_user_logged_in() ) :
|
| 327 |
// Try it via wp_signon
|
| 328 |
$creds = array();
|
| 329 |
$creds['user_login'] = $_SERVER['PHP_AUTH_USER'];
|
| 334 |
// In error :(
|
| 335 |
if ( is_wp_error($user) )
|
| 336 |
$this->inauth_headers();
|
| 337 |
+
endif;
|
| 338 |
+
|
| 339 |
+
// They passed!
|
| 340 |
+
define('INTERNAL_AUTH_PASSED', TRUE);
|
| 341 |
break;
|
| 342 |
|
| 343 |
case('private');
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: http://talkingwithsean.com/donate/
|
|
| 4 |
Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 3.1
|
| 7 |
-
Stable tag: 1.1
|
| 8 |
|
| 9 |
This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
|
| 10 |
|
| 4 |
Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 3.1
|
| 7 |
+
Stable tag: 1.1.2
|
| 8 |
|
| 9 |
This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
|
| 10 |
|
