Version Description
Download this release
Release Info
Developer | mvandemar |
Plugin | Login LockDown |
Version | 1.1 |
Comparing to | |
See all releases |
Code changes from version 1.2 to 1.1
- loginlockdown.php +32 -45
- readme.txt +4 -4
- version.txt +1 -1
loginlockdown.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
/*
|
3 |
Plugin Name: Login LockDown
|
4 |
Plugin URI: http://www.bad-neighborhood.com/
|
5 |
-
Version: v1.
|
6 |
Author: Michael VanDeMar
|
7 |
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
|
8 |
*/
|
@@ -15,15 +15,12 @@ Description: Adds some extra security to WordPress by restricting the rate at wh
|
|
15 |
*
|
16 |
* ver. 1.1 01-Sep-2007
|
17 |
* - revised time query to MySQL 4.0 compatability
|
18 |
-
*
|
19 |
-
* ver. 1.2 15-Jun-2008
|
20 |
-
* - now compatible with WordPress 2.5 and up only
|
21 |
*/
|
22 |
|
23 |
/*
|
24 |
== Installation ==
|
25 |
|
26 |
-
1. Extract loginlockdown-1.
|
27 |
2. Activate the plugin in the Plugin options.
|
28 |
3. Customize the settings from the Options panel, if desired.
|
29 |
|
@@ -255,67 +252,57 @@ function loginlockdown_ap() {
|
|
255 |
}
|
256 |
}
|
257 |
|
258 |
-
function ll_credit_link(){
|
259 |
-
echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.</p>";
|
260 |
-
}
|
261 |
-
|
262 |
//Actions and Filters
|
263 |
if ( isset($loginlockdown_db_version) ) {
|
264 |
//Actions
|
265 |
add_action('admin_menu', 'loginlockdown_ap');
|
266 |
add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');
|
267 |
-
add_action('login_form', 'll_credit_link');
|
268 |
//Filters
|
269 |
//Functions
|
270 |
-
if ( !function_exists('
|
271 |
-
function
|
272 |
global $wpdb, $error;
|
273 |
global $loginlockdownOptions;
|
274 |
|
275 |
if ( 0 < isLockedDown() ) {
|
276 |
-
|
277 |
"failed login attempts.<br /><br />Please try again later.");
|
|
|
|
|
278 |
}
|
279 |
|
280 |
if ( '' == $username )
|
281 |
-
return
|
282 |
|
283 |
if ( '' == $password ) {
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
$user = get_userdatabylogin($username);
|
288 |
-
|
289 |
-
if ( !$user || ($user->user_login != $username) ) {
|
290 |
-
do_action( 'wp_login_failed', $username );
|
291 |
-
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
|
292 |
}
|
293 |
|
294 |
-
$
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
301 |
}
|
302 |
-
do_action( 'wp_login_failed', $username );
|
303 |
-
return $user;
|
304 |
}
|
305 |
-
|
306 |
-
if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
|
307 |
-
incrementFails($username);
|
308 |
-
if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
|
309 |
-
lockDown($username);
|
310 |
-
return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
|
311 |
-
"failed login attempts.<br /><br />Please try again later."));
|
312 |
-
}
|
313 |
-
do_action( 'wp_login_failed', $username );
|
314 |
-
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
|
315 |
-
}
|
316 |
-
|
317 |
-
return new WP_User($user->ID);
|
318 |
-
|
319 |
}
|
320 |
endif;
|
321 |
}
|
2 |
/*
|
3 |
Plugin Name: Login LockDown
|
4 |
Plugin URI: http://www.bad-neighborhood.com/
|
5 |
+
Version: v1.1
|
6 |
Author: Michael VanDeMar
|
7 |
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
|
8 |
*/
|
15 |
*
|
16 |
* ver. 1.1 01-Sep-2007
|
17 |
* - revised time query to MySQL 4.0 compatability
|
|
|
|
|
|
|
18 |
*/
|
19 |
|
20 |
/*
|
21 |
== Installation ==
|
22 |
|
23 |
+
1. Extract loginlockdown-1.0.zip into your wp-content/plugins directory into its own folder.
|
24 |
2. Activate the plugin in the Plugin options.
|
25 |
3. Customize the settings from the Options panel, if desired.
|
26 |
|
252 |
}
|
253 |
}
|
254 |
|
|
|
|
|
|
|
|
|
255 |
//Actions and Filters
|
256 |
if ( isset($loginlockdown_db_version) ) {
|
257 |
//Actions
|
258 |
add_action('admin_menu', 'loginlockdown_ap');
|
259 |
add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');
|
|
|
260 |
//Filters
|
261 |
//Functions
|
262 |
+
if ( !function_exists('wp_login') ) :
|
263 |
+
function wp_login($username, $password, $already_md5 = false) {
|
264 |
global $wpdb, $error;
|
265 |
global $loginlockdownOptions;
|
266 |
|
267 |
if ( 0 < isLockedDown() ) {
|
268 |
+
$error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
|
269 |
"failed login attempts.<br /><br />Please try again later.");
|
270 |
+
$pwd = '';
|
271 |
+
return false;
|
272 |
}
|
273 |
|
274 |
if ( '' == $username )
|
275 |
+
return false;
|
276 |
|
277 |
if ( '' == $password ) {
|
278 |
+
$error = __('<strong>ERROR</strong>: The password field is empty.');
|
279 |
+
return false;
|
|
|
|
|
|
|
|
|
|
|
|
|
280 |
}
|
281 |
|
282 |
+
$login = get_userdatabylogin($username);
|
283 |
+
//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
|
284 |
+
|
285 |
+
if (!$login) {
|
286 |
+
$error = __('<strong>ERROR</strong>: Invalid username.');
|
287 |
+
return false;
|
288 |
+
} else {
|
289 |
+
// If the password is already_md5, it has been double hashed.
|
290 |
+
// Otherwise, it is plain text.
|
291 |
+
if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
|
292 |
+
return true;
|
293 |
+
} else {
|
294 |
+
incrementFails($username);
|
295 |
+
$error = __('<strong>ERROR</strong>: Incorrect password.');
|
296 |
+
if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
|
297 |
+
lockDown($username);
|
298 |
+
$error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
|
299 |
+
"failed login attempts.<br /><br />Please try again later.");
|
300 |
+
}
|
301 |
+
|
302 |
+
$pwd = '';
|
303 |
+
return false;
|
304 |
}
|
|
|
|
|
305 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
306 |
}
|
307 |
endif;
|
308 |
}
|
readme.txt
CHANGED
@@ -1,9 +1,9 @@
|
|
1 |
=== Login LockDown ===
|
2 |
Developer: Michael VanDeMar (michael@endlesspoetry.com)
|
3 |
Tags: security, login
|
4 |
-
Requires at least: 2.
|
5 |
-
Tested up to: 2.
|
6 |
-
Stable Tag: 1.
|
7 |
|
8 |
Limits the number of login attempts from a given IP range within a certain time period.
|
9 |
|
@@ -18,7 +18,7 @@ via the Options panel. Admisitrators can release locked out IP ranges manually f
|
|
18 |
|
19 |
== Installation ==
|
20 |
|
21 |
-
1. Extract loginlockdown-1.
|
22 |
2. Activate the plugin in the Plugin options.
|
23 |
3. Customize the settings from the Options panel, if desired.
|
24 |
|
1 |
=== Login LockDown ===
|
2 |
Developer: Michael VanDeMar (michael@endlesspoetry.com)
|
3 |
Tags: security, login
|
4 |
+
Requires at least: 2.1
|
5 |
+
Tested up to: 2.2
|
6 |
+
Stable Tag: 1.1
|
7 |
|
8 |
Limits the number of login attempts from a given IP range within a certain time period.
|
9 |
|
18 |
|
19 |
== Installation ==
|
20 |
|
21 |
+
1. Extract loginlockdown-1.1.zip into your wp-content/plugins directory into its own folder.
|
22 |
2. Activate the plugin in the Plugin options.
|
23 |
3. Customize the settings from the Options panel, if desired.
|
24 |
|
version.txt
CHANGED
@@ -1 +1 @@
|
|
1 |
-
1.
|
1 |
+
1.1
|