Lockdown WP Admin - Version 1.9

Version Description

A very late update, sorry! Worked to fix many issues with the admin bar and the "get_current_screen()" error. If you still see issues, please contact me!

Download this release

Release Info

Developer sean212
Plugin Icon wp plugin Lockdown WP Admin
Version 1.9
Comparing to
See all releases

Code changes from version 1.8 to 1.9

Files changed (3) hide show
  1. admin.php +3 -2
  2. lockdown-wp-admin.php +69 -52
  3. readme.txt +9 -6
admin.php CHANGED
@@ -17,8 +17,9 @@ if ( defined('LD_DIS_BASE') && LD_DIS_BASE == TRUE )
17
  }
18
  ?>
19
  <p>We are going to help make WordPress a bit more secure.</p>
20
- <p><a href="http://twitter.com/talkingwithsean"><img src="http://twitter-badges.s3.amazonaws.com/follow_me-c.png" width="160" height="27" /></a><br />
21
- I tweet a lot of cool things and often post whenever I update this plugin. <a href="http://twitter.com/talkingwithsean">@talkingwithsean</a></p>
 
22
  <form method="POST" action="<?php echo admin_url('admin.php?page=lockdown-wp-admin'); ?>">
23
  <?php
24
  // Nonces
17
  }
18
  ?>
19
  <p>We are going to help make WordPress a bit more secure.</p>
20
+ <p><a href="https://twitter.com/srtfisher" class="twitter-follow-button" data-show-count="false">Follow @srtfisher</a>
21
+ <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script><br />
22
+ I tweet a lot of cool things and often post whenever I update this plugin. <a href="http://twitter.com/srtfisher">@srtfisher</a></p>
23
  <form method="POST" action="<?php echo admin_url('admin.php?page=lockdown-wp-admin'); ?>">
24
  <?php
25
  // Nonces
lockdown-wp-admin.php CHANGED
@@ -1,11 +1,11 @@
1
  <?php if (! defined('ABSPATH')) exit;
2
  /*
3
  Plugin Name: Lockdown WordPress Admin
4
- Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5
  Description: Securing the WordPress Administration interface.
6
- Version: 1.8
7
  Author: Sean Fisher
8
- Author URI: http://talkingwithsean.com/
9
  License: GPL
10
  */
11
 
@@ -15,49 +15,49 @@ define('LD_FILE_NAME', __FILE__ );
15
  /**
16
  * This is the plugin that will add security to our site
17
  *
18
- * @author Sean Fisher <sean@talkingwithsean.com>
19
- * @version 1.8
20
- * @license GPL
21
  **/
22
- class WP_LockAuth {
23
-
24
  /**
25
  * The version of lockdown WP Admin
26
  *
27
  * @param string
28
  * @access private
29
  **/
30
- private $ld_admin_version = '1.8';
31
 
32
  /**
33
  * The HTTP Auth name for the protected area
34
  * Change this via calling the object, not by editing the file.
35
  *
36
- * @access public
37
- * @global string
38
  **/
39
  public $relm = "Secure Area";
40
 
41
  /**
42
  * The current user ID from our internal array
43
  *
44
- * @access private
45
  **/
46
  private $current_user = FALSE;
47
 
48
  /**
49
  * The base to get the login url
50
  *
51
- * @access private
52
  **/
53
  private $login_base = FALSE;
54
 
55
  function WP_LockAuth()
56
  {
57
- // We don't like adding network wide WordPress plugins.
58
  require_once( dirname( __FILE__ ) .'/no-wpmu.php' );
59
 
60
- // Add the action to setup the menu.
61
  add_action('admin_menu', array( &$this, 'add_admin_menu'));
62
 
63
  // Setup the plugin.
@@ -65,8 +65,6 @@ class WP_LockAuth {
65
 
66
  // Hide the login form
67
  $this->redo_login_form();
68
-
69
- // We no longer update the options here, but rather when we call on the callback function from the menu, more secure.
70
  }
71
 
72
  /**
@@ -83,8 +81,8 @@ class WP_LockAuth {
83
  // mod_php
84
  if (isset($_SERVER['PHP_AUTH_USER']))
85
  {
86
- $username = $_SERVER['PHP_AUTH_USER'];
87
- $password = $_SERVER['PHP_AUTH_PW'];
88
  }
89
 
90
  // most other servers
@@ -110,7 +108,7 @@ class WP_LockAuth {
110
  **/
111
  function update_users()
112
  {
113
- if ( !isset( $_GET['page'] ) )
114
  return;
115
 
116
  if ( $_GET['page'] !== 'lockdown-private-users' )
@@ -309,32 +307,10 @@ class WP_LockAuth {
309
  // We only will hide it if we are in admin (/wp-admin/)
310
  if ( is_admin() )
311
  {
312
- // Non logged in users.
313
  if ( ! is_user_logged_in() )
314
- {
315
- // If they AREN'T logged in and they tried to access wp-admin
316
- // we'll just serve them a 404!
317
- status_header(404);
318
- $four_tpl = get_404_template();
319
- if ( empty($four_tpl) OR !file_exists($four_tpl) )
320
- {
321
- // We're gonna try and get TwentyTen's one
322
- $twenty_ten_tpl = WP_CONTENT_DIR . '/themes/twentyten/404.php';
323
- if (file_exists($twenty_ten_tpl))
324
- require($twenty_ten_tpl);
325
- else
326
- wp_die('404 - File not found!', '', array('response' => 404));
327
- }
328
- else
329
- {
330
- // Their theme has a template!
331
- require( $four_tpl );
332
- }
333
-
334
- // Either way, it's gonna stop right here.
335
- exit;
336
- }
337
-
338
  // Setup HTTP auth.
339
  $this->setup_http_area();
340
  }
@@ -579,22 +555,20 @@ class WP_LockAuth {
579
 
580
  // Are they visiting wp-login.php?
581
  if ( $super_base == 'wp-login.php')
582
- {
583
- status_header(404);
584
- require( get_404_template() );
585
-
586
- exit;
587
- }
588
 
589
  // Is this the "login" url?
590
  if ( $base !== $this->login_base )
591
  return FALSE;
592
 
593
- // We dont' want a WP plugin caching this page
594
  @define('NO_CACHE', TRUE);
595
  @define('WTC_IN_MINIFY', TRUE);
596
  @define('WP_CACHE', FALSE);
597
 
 
 
 
598
  include ABSPATH . "/wp-login.php";
599
  exit;
600
  }
@@ -608,6 +582,49 @@ class WP_LockAuth {
608
  {
609
  return str_replace('wp-login.php', $this->login_base, $str);
610
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
611
  }
612
 
613
  /**
1
  <?php if (! defined('ABSPATH')) exit;
2
  /*
3
  Plugin Name: Lockdown WordPress Admin
4
+ Plugin URI: http://seanfisher.co/2011/01/lockdown-wp-admin/
5
  Description: Securing the WordPress Administration interface.
6
+ Version: 1.9
7
  Author: Sean Fisher
8
+ Author URI: http://seanfisher.co/
9
  License: GPL
10
  */
11
 
15
  /**
16
  * This is the plugin that will add security to our site
17
  *
18
+ * @author Sean Fisher <me@seanfisher.co>
19
+ * @version 1.9
20
+ * @license GPL
21
  **/
22
+ class WP_LockAuth
23
+ {
24
  /**
25
  * The version of lockdown WP Admin
26
  *
27
  * @param string
28
  * @access private
29
  **/
30
+ private $ld_admin_version = '1.9';
31
 
32
  /**
33
  * The HTTP Auth name for the protected area
34
  * Change this via calling the object, not by editing the file.
35
  *
36
+ * @access public
37
+ * @global string
38
  **/
39
  public $relm = "Secure Area";
40
 
41
  /**
42
  * The current user ID from our internal array
43
  *
44
+ * @access private
45
  **/
46
  private $current_user = FALSE;
47
 
48
  /**
49
  * The base to get the login url
50
  *
51
+ * @access private
52
  **/
53
  private $login_base = FALSE;
54
 
55
  function WP_LockAuth()
56
  {
57
+ // We don't like adding network wide WordPress plugins.
58
  require_once( dirname( __FILE__ ) .'/no-wpmu.php' );
59
 
60
+ // Add the action to setup the menu.
61
  add_action('admin_menu', array( &$this, 'add_admin_menu'));
62
 
63
  // Setup the plugin.
65
 
66
  // Hide the login form
67
  $this->redo_login_form();
 
 
68
  }
69
 
70
  /**
81
  // mod_php
82
  if (isset($_SERVER['PHP_AUTH_USER']))
83
  {
84
+ $username = (isset($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : NULL;
85
+ $password = (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : NULL;
86
  }
87
 
88
  // most other servers
108
  **/
109
  function update_users()
110
  {
111
+ if (! isset( $_GET['page'] ) )
112
  return;
113
 
114
  if ( $_GET['page'] !== 'lockdown-private-users' )
307
  // We only will hide it if we are in admin (/wp-admin/)
308
  if ( is_admin() )
309
  {
310
+ // Non logged in users.
311
  if ( ! is_user_logged_in() )
312
+ $this->throw_404();
313
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
314
  // Setup HTTP auth.
315
  $this->setup_http_area();
316
  }
555
 
556
  // Are they visiting wp-login.php?
557
  if ( $super_base == 'wp-login.php')
558
+ $this->throw_404();
 
 
 
 
 
559
 
560
  // Is this the "login" url?
561
  if ( $base !== $this->login_base )
562
  return FALSE;
563
 
564
+ // We dont' want a WP plugin caching this page
565
  @define('NO_CACHE', TRUE);
566
  @define('WTC_IN_MINIFY', TRUE);
567
  @define('WP_CACHE', FALSE);
568
 
569
+ // Hook onto this
570
+ do_action('ld_login_page');
571
+
572
  include ABSPATH . "/wp-login.php";
573
  exit;
574
  }
582
  {
583
  return str_replace('wp-login.php', $this->login_base, $str);
584
  }
585
+
586
+ /**
587
+ * Launch and display the 404 page depending upon the template
588
+ *
589
+ * @param void
590
+ * @return void
591
+ **/
592
+ public function throw_404()
593
+ {
594
+ // Admin Bar
595
+ add_filter('show_admin_bar', '__return_false');
596
+ remove_action( 'admin_footer', 'wp_admin_bar_render', 10);
597
+ remove_action('wp_head', 'wp_admin_bar_header', 10);
598
+ remove_action('wp_head', '_admin_bar_bump_cb', 10);
599
+ wp_dequeue_script( 'admin-bar' );
600
+ wp_dequeue_style( 'admin-bar' );
601
+
602
+
603
+ status_header(404);
604
+ $four_tpl = get_404_template();
605
+
606
+ // Handle the admin bar
607
+ @define('APP_REQUEST', TRUE);
608
+
609
+ if ( empty($four_tpl) OR ! file_exists($four_tpl) )
610
+ {
611
+ // We're gonna try and get TwentyTen's one
612
+ $twenty_ten_tpl = apply_filters('LD_404_FALLBACK', WP_CONTENT_DIR . '/themes/twentyten/404.php');
613
+
614
+ if (file_exists($twenty_ten_tpl))
615
+ require($twenty_ten_tpl);
616
+ else
617
+ wp_die('404 - File not found!', '', array('response' => 404));
618
+ }
619
+ else
620
+ {
621
+ // Their theme has a template!
622
+ require( $four_tpl );
623
+ }
624
+
625
+ // Either way, it's gonna stop right here.
626
+ exit;
627
+ }
628
  }
629
 
630
  /**
readme.txt CHANGED
@@ -1,11 +1,11 @@
1
  === Lockdown WP Admin ===
2
  Contributors: sean212
3
- Donate link: http://talkingwithsean.com/donate/
4
- Link: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5
- Tags: security, wp-admin, login, hide login, rename login, http auth, 404, lockdown, talkingwithsean, secure
6
  Requires at least: 3.0
7
- Tested up to: 3.2
8
- Stable tag: 1.8
9
 
10
  This plugin will lockdown WP Admin. It can hide wp-admin and wp-login as well as add HTTP auth to the login system. It can change the login URL.
11
 
@@ -79,4 +79,7 @@ You can create a .txt file named 'disable_auth.txt' in your wp-content/plugins/l
79
 
80
  = 1.8 =
81
  * Finally discovered why so many users had HTTP auth errors. Fixed it to support almost 80% of hosts out there.
82
- * If you still have problems, shoot me an email.
 
 
 
1
  === Lockdown WP Admin ===
2
  Contributors: sean212
3
+ Donate link: http://seanfisher.co/donate/
4
+ Link: http://seanfisher.co/lockdown-wp-admin/
5
+ Tags: security, wp-admin, login, hide login, rename login, http auth, 404, lockdown, srtfisher, secure
6
  Requires at least: 3.0
7
+ Tested up to: 3.4.2
8
+ Stable tag: 1.9
9
 
10
  This plugin will lockdown WP Admin. It can hide wp-admin and wp-login as well as add HTTP auth to the login system. It can change the login URL.
11
 
79
 
80
  = 1.8 =
81
  * Finally discovered why so many users had HTTP auth errors. Fixed it to support almost 80% of hosts out there.
82
+ * If you still have problems, shoot me an email.
83
+
84
+ = 1.9 =
85
+ A very late update, sorry! Worked to fix many issues with the admin bar and the "get_current_screen()" error. If you still see issues, please contact me!