Version Description
Download this release
Release Info
Developer | mvandemar |
Plugin | Login LockDown |
Version | 1.3 |
Comparing to | |
See all releases |
Code changes from version 1.1 to 1.3
- loginlockdown.php +56 -35
- readme.txt +4 -4
- version.txt +1 -1
loginlockdown.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
/*
|
3 |
Plugin Name: Login LockDown
|
4 |
Plugin URI: http://www.bad-neighborhood.com/
|
5 |
-
Version: v1.
|
6 |
Author: Michael VanDeMar
|
7 |
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
|
8 |
*/
|
@@ -10,17 +10,24 @@ Description: Adds some extra security to WordPress by restricting the rate at wh
|
|
10 |
/*
|
11 |
* Change Log
|
12 |
*
|
13 |
-
* ver. 1.
|
14 |
-
* -
|
|
|
|
|
|
|
|
|
15 |
*
|
16 |
* ver. 1.1 01-Sep-2007
|
17 |
* - revised time query to MySQL 4.0 compatability
|
|
|
|
|
|
|
18 |
*/
|
19 |
|
20 |
/*
|
21 |
== Installation ==
|
22 |
|
23 |
-
1. Extract
|
24 |
2. Activate the plugin in the Plugin options.
|
25 |
3. Customize the settings from the Options panel, if desired.
|
26 |
|
@@ -252,57 +259,71 @@ function loginlockdown_ap() {
|
|
252 |
}
|
253 |
}
|
254 |
|
|
|
|
|
|
|
|
|
255 |
//Actions and Filters
|
256 |
if ( isset($loginlockdown_db_version) ) {
|
257 |
//Actions
|
258 |
add_action('admin_menu', 'loginlockdown_ap');
|
259 |
-
|
|
|
|
|
|
|
|
|
|
|
260 |
//Filters
|
261 |
//Functions
|
262 |
-
if ( !function_exists('
|
263 |
-
function
|
264 |
global $wpdb, $error;
|
265 |
global $loginlockdownOptions;
|
266 |
|
267 |
if ( 0 < isLockedDown() ) {
|
268 |
-
|
269 |
"failed login attempts.<br /><br />Please try again later.");
|
270 |
-
$pwd = '';
|
271 |
-
return false;
|
272 |
}
|
273 |
|
274 |
if ( '' == $username )
|
275 |
-
return
|
276 |
|
277 |
if ( '' == $password ) {
|
278 |
-
|
279 |
-
return false;
|
280 |
}
|
281 |
|
282 |
-
$
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
288 |
-
|
289 |
-
|
290 |
-
|
291 |
-
|
292 |
-
|
293 |
-
|
294 |
-
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
|
|
|
|
|
|
304 |
}
|
|
|
|
|
305 |
}
|
|
|
|
|
|
|
306 |
}
|
307 |
endif;
|
308 |
}
|
2 |
/*
|
3 |
Plugin Name: Login LockDown
|
4 |
Plugin URI: http://www.bad-neighborhood.com/
|
5 |
+
Version: v1.3
|
6 |
Author: Michael VanDeMar
|
7 |
Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
|
8 |
*/
|
10 |
/*
|
11 |
* Change Log
|
12 |
*
|
13 |
+
* ver. 1.3 23-Feb-2009
|
14 |
+
* - adjusted positioning of plugin byline
|
15 |
+
* - allowed for dynamic location of plugin files
|
16 |
+
*
|
17 |
+
* ver. 1.2 15-Jun-2008
|
18 |
+
* - now compatible with WordPress 2.5 and up only
|
19 |
*
|
20 |
* ver. 1.1 01-Sep-2007
|
21 |
* - revised time query to MySQL 4.0 compatability
|
22 |
+
*
|
23 |
+
* ver. 1.0 29-Aug-2007
|
24 |
+
* - released
|
25 |
*/
|
26 |
|
27 |
/*
|
28 |
== Installation ==
|
29 |
|
30 |
+
1. Extract the zip file into your plugins directory into its own folder.
|
31 |
2. Activate the plugin in the Plugin options.
|
32 |
3. Customize the settings from the Options panel, if desired.
|
33 |
|
259 |
}
|
260 |
}
|
261 |
|
262 |
+
function ll_credit_link(){
|
263 |
+
echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.<br /><br /><br /></p>";
|
264 |
+
}
|
265 |
+
|
266 |
//Actions and Filters
|
267 |
if ( isset($loginlockdown_db_version) ) {
|
268 |
//Actions
|
269 |
add_action('admin_menu', 'loginlockdown_ap');
|
270 |
+
if(!defined('PLUGINDIR')){
|
271 |
+
define('PLUGINDIR', 'wp-content/plugins');
|
272 |
+
}
|
273 |
+
$activatestr = str_replace(ABSPATH.PLUGINDIR."/", "activate_", __FILE__);
|
274 |
+
add_action($activatestr, 'loginLockdown_install');
|
275 |
+
add_action('login_form', 'll_credit_link');
|
276 |
//Filters
|
277 |
//Functions
|
278 |
+
if ( !function_exists('wp_authenticate') ) :
|
279 |
+
function wp_authenticate($username, $password) {
|
280 |
global $wpdb, $error;
|
281 |
global $loginlockdownOptions;
|
282 |
|
283 |
if ( 0 < isLockedDown() ) {
|
284 |
+
return new WP_Error('incorrect_password', "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
|
285 |
"failed login attempts.<br /><br />Please try again later.");
|
|
|
|
|
286 |
}
|
287 |
|
288 |
if ( '' == $username )
|
289 |
+
return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
|
290 |
|
291 |
if ( '' == $password ) {
|
292 |
+
return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
|
|
|
293 |
}
|
294 |
|
295 |
+
$user = get_userdatabylogin($username);
|
296 |
+
|
297 |
+
if ( !$user || ($user->user_login != $username) ) {
|
298 |
+
do_action( 'wp_login_failed', $username );
|
299 |
+
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
|
300 |
+
}
|
301 |
+
|
302 |
+
$user = apply_filters('wp_authenticate_user', $user, $password);
|
303 |
+
if ( is_wp_error($user) ) {
|
304 |
+
incrementFails($username);
|
305 |
+
if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
|
306 |
+
lockDown($username);
|
307 |
+
return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
|
308 |
+
"failed login attempts.<br /><br />Please try again later."));
|
309 |
+
}
|
310 |
+
do_action( 'wp_login_failed', $username );
|
311 |
+
return $user;
|
312 |
+
}
|
313 |
+
|
314 |
+
if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
|
315 |
+
incrementFails($username);
|
316 |
+
if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
|
317 |
+
lockDown($username);
|
318 |
+
return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
|
319 |
+
"failed login attempts.<br /><br />Please try again later."));
|
320 |
}
|
321 |
+
do_action( 'wp_login_failed', $username );
|
322 |
+
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
|
323 |
}
|
324 |
+
|
325 |
+
return new WP_User($user->ID);
|
326 |
+
|
327 |
}
|
328 |
endif;
|
329 |
}
|
readme.txt
CHANGED
@@ -1,9 +1,9 @@
|
|
1 |
=== Login LockDown ===
|
2 |
Developer: Michael VanDeMar (michael@endlesspoetry.com)
|
3 |
Tags: security, login
|
4 |
-
Requires at least: 2.
|
5 |
-
Tested up to: 2.
|
6 |
-
Stable Tag: 1.
|
7 |
|
8 |
Limits the number of login attempts from a given IP range within a certain time period.
|
9 |
|
@@ -18,7 +18,7 @@ via the Options panel. Admisitrators can release locked out IP ranges manually f
|
|
18 |
|
19 |
== Installation ==
|
20 |
|
21 |
-
1. Extract
|
22 |
2. Activate the plugin in the Plugin options.
|
23 |
3. Customize the settings from the Options panel, if desired.
|
24 |
|
1 |
=== Login LockDown ===
|
2 |
Developer: Michael VanDeMar (michael@endlesspoetry.com)
|
3 |
Tags: security, login
|
4 |
+
Requires at least: 2.5
|
5 |
+
Tested up to: 2.7.1
|
6 |
+
Stable Tag: 1.3
|
7 |
|
8 |
Limits the number of login attempts from a given IP range within a certain time period.
|
9 |
|
18 |
|
19 |
== Installation ==
|
20 |
|
21 |
+
1. Extract the zip file into your plugins directory into its own folder.
|
22 |
2. Activate the plugin in the Plugin options.
|
23 |
3. Customize the settings from the Options panel, if desired.
|
24 |
|
version.txt
CHANGED
@@ -1 +1 @@
|
|
1 |
-
1.
|
1 |
+
1.3
|