Version Description
Download this release
Release Info
| Developer | sean212 |
| Plugin |  Lockdown WP Admin |
| Version | 1.3.5 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.2 to 1.3.5
- admin.php +4 -0
- lockdown-wp-admin.php +42 -6
- no-wpmu.php +1 -1
- readme.txt +1 -1
admin.php
CHANGED
|
@@ -12,6 +12,7 @@ if ( defined('LD_DIS_BASE') && LD_DIS_BASE == TRUE )
|
|
| 12 |
?>
|
| 13 |
|
| 14 |
<p>We are going to help make WordPress a bit more secure.</p>
|
|
|
|
| 15 |
|
| 16 |
|
| 17 |
|
|
@@ -37,6 +38,9 @@ global $auth_obj;
|
|
| 37 |
$url = wp_guess_url() . '/'. $this->login_base;
|
| 38 |
?>
|
| 39 |
<p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>
|
|
|
|
|
|
|
|
|
|
| 40 |
|
| 41 |
|
| 42 |
<h3>HTTP Authentication</h3>
|
| 12 |
?>
|
| 13 |
|
| 14 |
<p>We are going to help make WordPress a bit more secure.</p>
|
| 15 |
+
<p><a href="http://twitter.com/talkingwithsean"><img src="http://twitter-badges.s3.amazonaws.com/follow_me-c.png" width="160" height="27" /></a></p>
|
| 16 |
|
| 17 |
|
| 18 |
|
| 38 |
$url = wp_guess_url() . '/'. $this->login_base;
|
| 39 |
?>
|
| 40 |
<p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>
|
| 41 |
+
|
| 42 |
+
<h4>Please Note Something!</h4>
|
| 43 |
+
<p>If you are using a cache plugin (WTC, WP Super Cache, etc), you need to enable it to not cache the above base. That means (for most caching plugins) adding whatever you enter into the box above into your plugins Caching Whitelist, that is the list of URLs that your plugin doesn't cache. If you have any questions, tweet me @talkingwithsean.</p>
|
| 44 |
|
| 45 |
|
| 46 |
<h3>HTTP Authentication</h3>
|
lockdown-wp-admin.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Lockdown WordPress Admin
|
| 4 |
Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
|
| 5 |
Description: Securing the WordPress Administration interface.
|
| 6 |
-
Version: 1.3.
|
| 7 |
Author: Sean Fisher
|
| 8 |
Author URI: http://talkingwithsean.com/
|
| 9 |
License: GPL v3
|
|
@@ -183,11 +183,13 @@ class WP_LockAuth {
|
|
| 183 |
|
| 184 |
if ( isset( $_POST['login_base'] ) )
|
| 185 |
{
|
| 186 |
-
$
|
|
|
|
|
|
|
| 187 |
$base = str_replace('/', '', $base);
|
| 188 |
|
| 189 |
$disallowed = array(
|
| 190 |
-
'user', 'wp-admin', 'wp-content', 'wp-includes', 'wp-feed.php', 'index', 'feed', 'rss', 'robots', 'robots.txt'
|
| 191 |
);
|
| 192 |
if ( in_array( $base, $disallowed ) )
|
| 193 |
{
|
|
@@ -510,6 +512,8 @@ class WP_LockAuth {
|
|
| 510 |
return;
|
| 511 |
|
| 512 |
$this->login_base = $login_base;
|
|
|
|
|
|
|
| 513 |
unset( $login_base );
|
| 514 |
|
| 515 |
// Setup the filters for the new login form
|
|
@@ -517,10 +521,25 @@ class WP_LockAuth {
|
|
| 517 |
add_filter('network_site_url', array( &$this, 'filter_wp_login'));
|
| 518 |
add_filter('site_url', array( &$this, 'filter_wp_login'));
|
| 519 |
|
| 520 |
-
//
|
| 521 |
-
|
|
|
|
|
|
|
| 522 |
|
| 523 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 524 |
|
| 525 |
// Are they visiting wp-login.php?
|
| 526 |
if ( $base == 'wp-login.php')
|
|
@@ -535,6 +554,11 @@ class WP_LockAuth {
|
|
| 535 |
if ( $base !== $this->login_base )
|
| 536 |
return FALSE;
|
| 537 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 538 |
include ABSPATH . "/wp-login.php";
|
| 539 |
exit;
|
| 540 |
}
|
|
@@ -566,4 +590,16 @@ function ld_setup_auth()
|
|
| 566 |
$auth_obj = new WP_LockAuth();
|
| 567 |
}
|
| 568 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 569 |
add_action('init', 'ld_setup_auth');
|
| 3 |
Plugin Name: Lockdown WordPress Admin
|
| 4 |
Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
|
| 5 |
Description: Securing the WordPress Administration interface.
|
| 6 |
+
Version: 1.3.5
|
| 7 |
Author: Sean Fisher
|
| 8 |
Author URI: http://talkingwithsean.com/
|
| 9 |
License: GPL v3
|
| 183 |
|
| 184 |
if ( isset( $_POST['login_base'] ) )
|
| 185 |
{
|
| 186 |
+
$exp = explode('/', $_POST['login_base'], 2);
|
| 187 |
+
$base = reset( $exp );
|
| 188 |
+
$base = sanitize_title_with_dashes( base);
|
| 189 |
$base = str_replace('/', '', $base);
|
| 190 |
|
| 191 |
$disallowed = array(
|
| 192 |
+
'user', 'wp-admin', 'wp-content', 'wp-includes', 'wp-feed.php', 'index', 'feed', 'rss', 'robots', 'robots.txt', 'wp-login.php',
|
| 193 |
);
|
| 194 |
if ( in_array( $base, $disallowed ) )
|
| 195 |
{
|
| 512 |
return;
|
| 513 |
|
| 514 |
$this->login_base = $login_base;
|
| 515 |
+
//var_dump( $this->login_base );
|
| 516 |
+
//die();
|
| 517 |
unset( $login_base );
|
| 518 |
|
| 519 |
// Setup the filters for the new login form
|
| 521 |
add_filter('network_site_url', array( &$this, 'filter_wp_login'));
|
| 522 |
add_filter('site_url', array( &$this, 'filter_wp_login'));
|
| 523 |
|
| 524 |
+
// We need to get the URL
|
| 525 |
+
// This means we need to take the current URL,
|
| 526 |
+
// strip it of an WordPress path (if the blog is located @ /blog/)
|
| 527 |
+
// And then remove the query string
|
| 528 |
|
| 529 |
+
// The blog's URL
|
| 530 |
+
$blog_url = trailingslashit( get_bloginfo('url') );
|
| 531 |
+
|
| 532 |
+
// The Current URL
|
| 533 |
+
$schema = is_ssl() ? 'https://' : 'http://';
|
| 534 |
+
$current_url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
| 535 |
+
|
| 536 |
+
$request_url = str_replace( $blog_url, '', $current_url );
|
| 537 |
+
list( $base, $query ) = explode( '?', $request_url, 2 );
|
| 538 |
+
|
| 539 |
+
// Remove trailing slash
|
| 540 |
+
$base = rtrim($base,"/");
|
| 541 |
+
$exp = explode( '/', $base, 2 );
|
| 542 |
+
$base = reset( $exp );
|
| 543 |
|
| 544 |
// Are they visiting wp-login.php?
|
| 545 |
if ( $base == 'wp-login.php')
|
| 554 |
if ( $base !== $this->login_base )
|
| 555 |
return FALSE;
|
| 556 |
|
| 557 |
+
// We dont' want a WP plugin caching this page
|
| 558 |
+
@define('NO_CACHE', TRUE);
|
| 559 |
+
@define('WTC_IN_MINIFY', TRUE);
|
| 560 |
+
@define('WP_CACHE', FALSE);
|
| 561 |
+
|
| 562 |
include ABSPATH . "/wp-login.php";
|
| 563 |
exit;
|
| 564 |
}
|
| 590 |
$auth_obj = new WP_LockAuth();
|
| 591 |
}
|
| 592 |
|
| 593 |
+
|
| 594 |
+
function ld_get_url_path()
|
| 595 |
+
{
|
| 596 |
+
if ( defined('WP_SITEURL') && '' != WP_SITEURL ) {
|
| 597 |
+
$url = WP_SITEURL;
|
| 598 |
+
} else {
|
| 599 |
+
$schema = is_ssl() ? 'https://' : 'http://';
|
| 600 |
+
$url = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
| 601 |
+
}
|
| 602 |
+
return rtrim($url, '/');
|
| 603 |
+
}
|
| 604 |
+
|
| 605 |
add_action('init', 'ld_setup_auth');
|
no-wpmu.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* We don't want to allow for this plugin to be used in WP-MS or network wide.
|
| 4 |
*
|
| 5 |
* @author Sean Fisher
|
| 6 |
-
* @version 1.
|
| 7 |
**/
|
| 8 |
class Disable_WPMS_Plugin_LD
|
| 9 |
{
|
| 3 |
* We don't want to allow for this plugin to be used in WP-MS or network wide.
|
| 4 |
*
|
| 5 |
* @author Sean Fisher
|
| 6 |
+
* @version 1.3.5
|
| 7 |
**/
|
| 8 |
class Disable_WPMS_Plugin_LD
|
| 9 |
{
|
readme.txt
CHANGED
|
@@ -5,7 +5,7 @@ Link: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
|
|
| 5 |
Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
|
| 6 |
Requires at least: 3.0
|
| 7 |
Tested up to: 3.2
|
| 8 |
-
Stable tag: 1.3.
|
| 9 |
|
| 10 |
This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
|
| 11 |
|
| 5 |
Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
|
| 6 |
Requires at least: 3.0
|
| 7 |
Tested up to: 3.2
|
| 8 |
+
Stable tag: 1.3.5
|
| 9 |
|
| 10 |
This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
|
| 11 |
|
