Login LockDown - Version 1.3

Version Description

Download this release

Release Info

Developer mvandemar
Plugin Icon 128x128 Login LockDown
Version 1.3
Comparing to
See all releases

Code changes from version 1.1 to 1.3

Files changed (3) hide show
  1. loginlockdown.php +56 -35
  2. readme.txt +4 -4
  3. version.txt +1 -1
loginlockdown.php CHANGED
@@ -2,7 +2,7 @@
2
/*
3
Plugin Name: Login LockDown
4
Plugin URI: http://www.bad-neighborhood.com/
5
- Version: v1.1
6
Author: Michael VanDeMar
7
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8
*/
@@ -10,17 +10,24 @@ Description: Adds some extra security to WordPress by restricting the rate at wh
10
/*
11
* Change Log
12
*
13
- * ver. 1.0 29-Aug-2007
14
- * - released
15
*
16
* ver. 1.1 01-Sep-2007
17
* - revised time query to MySQL 4.0 compatability
18
*/
19
20
/*
21
== Installation ==
22
23
- 1. Extract loginlockdown-1.0.zip into your wp-content/plugins directory into its own folder.
24
2. Activate the plugin in the Plugin options.
25
3. Customize the settings from the Options panel, if desired.
26
@@ -252,57 +259,71 @@ function loginlockdown_ap() {
252
}
253
}
254
255
//Actions and Filters
256
if ( isset($loginlockdown_db_version) ) {
257
//Actions
258
add_action('admin_menu', 'loginlockdown_ap');
259
- add_action('activate_loginlockdown/loginlockdown.php', 'loginLockdown_install');
260
//Filters
261
//Functions
262
- if ( !function_exists('wp_login') ) :
263
- function wp_login($username, $password, $already_md5 = false) {
264
global $wpdb, $error;
265
global $loginlockdownOptions;
266
267
if ( 0 < isLockedDown() ) {
268
- $error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
269
"failed login attempts.<br /><br />Please try again later.");
270
- $pwd = '';
271
- return false;
272
}
273
274
if ( '' == $username )
275
- return false;
276
277
if ( '' == $password ) {
278
- $error = __('<strong>ERROR</strong>: The password field is empty.');
279
- return false;
280
}
281
282
- $login = get_userdatabylogin($username);
283
- //$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
284
-
285
- if (!$login) {
286
- $error = __('<strong>ERROR</strong>: Invalid username.');
287
- return false;
288
- } else {
289
- // If the password is already_md5, it has been double hashed.
290
- // Otherwise, it is plain text.
291
- if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
292
- return true;
293
- } else {
294
- incrementFails($username);
295
- $error = __('<strong>ERROR</strong>: Incorrect password.');
296
- if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
297
- lockDown($username);
298
- $error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
299
- "failed login attempts.<br /><br />Please try again later.");
300
- }
301
-
302
- $pwd = '';
303
- return false;
304
}
305
}
306
}
307
endif;
308
}
2
/*
3
Plugin Name: Login LockDown
4
Plugin URI: http://www.bad-neighborhood.com/
5
+ Version: v1.3
6
Author: Michael VanDeMar
7
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8
*/
10
/*
11
* Change Log
12
*
13
+ * ver. 1.3 23-Feb-2009
14
+ * - adjusted positioning of plugin byline
15
+ * - allowed for dynamic location of plugin files
16
+ *
17
+ * ver. 1.2 15-Jun-2008
18
+ * - now compatible with WordPress 2.5 and up only
19
*
20
* ver. 1.1 01-Sep-2007
21
* - revised time query to MySQL 4.0 compatability
22
+ *
23
+ * ver. 1.0 29-Aug-2007
24
+ * - released
25
*/
26
27
/*
28
== Installation ==
29
30
+ 1. Extract the zip file into your plugins directory into its own folder.
31
2. Activate the plugin in the Plugin options.
32
3. Customize the settings from the Options panel, if desired.
33
259
}
260
}
261
262
+ function ll_credit_link(){
263
+ echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.<br /><br /><br /></p>";
264
+ }
265
+
266
//Actions and Filters
267
if ( isset($loginlockdown_db_version) ) {
268
//Actions
269
add_action('admin_menu', 'loginlockdown_ap');
270
+ if(!defined('PLUGINDIR')){
271
+ define('PLUGINDIR', 'wp-content/plugins');
272
+ }
273
+ $activatestr = str_replace(ABSPATH.PLUGINDIR."/", "activate_", __FILE__);
274
+ add_action($activatestr, 'loginLockdown_install');
275
+ add_action('login_form', 'll_credit_link');
276
//Filters
277
//Functions
278
+ if ( !function_exists('wp_authenticate') ) :
279
+ function wp_authenticate($username, $password) {
280
global $wpdb, $error;
281
global $loginlockdownOptions;
282
283
if ( 0 < isLockedDown() ) {
284
+ return new WP_Error('incorrect_password', "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
285
"failed login attempts.<br /><br />Please try again later.");
286
}
287
288
if ( '' == $username )
289
+ return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
290
291
if ( '' == $password ) {
292
+ return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
293
}
294
295
+ $user = get_userdatabylogin($username);
296
+
297
+ if ( !$user || ($user->user_login != $username) ) {
298
+ do_action( 'wp_login_failed', $username );
299
+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
300
+ }
301
+
302
+ $user = apply_filters('wp_authenticate_user', $user, $password);
303
+ if ( is_wp_error($user) ) {
304
+ incrementFails($username);
305
+ if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
306
+ lockDown($username);
307
+ return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
308
+ "failed login attempts.<br /><br />Please try again later."));
309
+ }
310
+ do_action( 'wp_login_failed', $username );
311
+ return $user;
312
+ }
313
+
314
+ if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
315
+ incrementFails($username);
316
+ if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
317
+ lockDown($username);
318
+ return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
319
+ "failed login attempts.<br /><br />Please try again later."));
320
}
321
+ do_action( 'wp_login_failed', $username );
322
+ return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
323
}
324
+
325
+ return new WP_User($user->ID);
326
+
327
}
328
endif;
329
}
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
=== Login LockDown ===
2
Developer: Michael VanDeMar (michael@endlesspoetry.com)
3
Tags: security, login
4
- Requires at least: 2.1
5
- Tested up to: 2.2
6
- Stable Tag: 1.1
7
8
Limits the number of login attempts from a given IP range within a certain time period.
9
@@ -18,7 +18,7 @@ via the Options panel. Admisitrators can release locked out IP ranges manually f
18
19
== Installation ==
20
21
- 1. Extract loginlockdown-1.1.zip into your wp-content/plugins directory into its own folder.
22
2. Activate the plugin in the Plugin options.
23
3. Customize the settings from the Options panel, if desired.
24
1
=== Login LockDown ===
2
Developer: Michael VanDeMar (michael@endlesspoetry.com)
3
Tags: security, login
4
+ Requires at least: 2.5
5
+ Tested up to: 2.7.1
6
+ Stable Tag: 1.3
7
8
Limits the number of login attempts from a given IP range within a certain time period.
9
18
19
== Installation ==
20
21
+ 1. Extract the zip file into your plugins directory into its own folder.
22
2. Activate the plugin in the Plugin options.
23
3. Customize the settings from the Options panel, if desired.
24
version.txt CHANGED
@@ -1 +1 @@
1
- 1.1
1
+ 1.3