Login LockDown - Version 1.3

Version Description

Release Info

Developer	mvandemar
Plugin	Login LockDown
Version	1.3
Comparing to
See all releases

Code changes from version 1.1 to 1.3

Files changed (3) hide show

loginlockdown.php +56 -35
readme.txt +4 -4
version.txt +1 -1

loginlockdown.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Login LockDown
4	Plugin URI: http://www.bad-neighborhood.com/
5	- Version: v1.1
6	Author: Michael VanDeMar
7	Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8	*/
	@@ -10,17 +10,24 @@ Description: Adds some extra security to WordPress by restricting the rate at wh
10	/*
11	* Change Log
12	*
13	- * ver. 1.0 29-~~Aug~~-~~2007~~
14	- * - ~~released~~




15	*
16	* ver. 1.1 01-Sep-2007
17	* - revised time query to MySQL 4.0 compatability



18	*/
19
20	/*
21	== Installation ==
22
23	- 1. Extract ~~loginlockdown-1.0.~~zip into your ~~wp-content/~~plugins directory into its own folder.
24	2. Activate the plugin in the Plugin options.
25	3. Customize the settings from the Options panel, if desired.
26
	@@ -252,57 +259,71 @@ function loginlockdown_ap() {
252	}
253	}
254




255	//Actions and Filters
256	if ( isset($loginlockdown_db_version) ) {
257	//Actions
258	add_action('admin_menu', 'loginlockdown_ap');
259	- ~~add_action~~('~~activate_loginlockdown/loginlockdown.php~~'~~, 'loginLockdown_install'~~);





260	//Filters
261	//Functions
262	- if ( !function_exists('~~wp_login~~') ) :
263	- function ~~wp_login~~($username, $password~~, $already_md5 = false~~) {
264	global $wpdb, $error;
265	global $loginlockdownOptions;
266
267	if ( 0 < isLockedDown() ) {
268	- ~~$error~~ = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
269	"failed login attempts.<br /><br />Please try again later.");
270	- $pwd = '';
271	- return false;
272	}
273
274	if ( '' == $username )
275	- return ~~false~~;
276
277	if ( '' == $password ) {
278	- ~~$error~~ = __('<strong>ERROR</strong>: The password field is empty.');
279	- return false;
280	}
281
282	- $~~login~~ = get_userdatabylogin($username);
283	- ~~//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");~~
284	-
285	- if ~~(!$login~~) {
286	- ~~$error~~ = __('<strong>ERROR</strong>: Invalid username.');
287	- ~~return false;~~
288	- ~~} else {~~
289	- // If ~~the~~ ~~password is already_md5~~, ~~it has been double hashed.~~
290	- // ~~Otherwise,~~ it is ~~plain text.~~
291	- if ( ($~~already_md5 && md5($login->user_pass) == $password) \|\| ($login->user_login == $~~username ~~&& $login->user_pass == md5($password~~)~~) ) {~~
292	- ~~return~~ ~~true;~~
293	- ~~} else {~~
294	- ~~incrementFails~~(~~$username);~~
295	- ~~$error~~ = ~~__('<strong>ERROR</strong>:~~ ~~Incorrect~~ ~~password~~.');
296	- ~~if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {~~
297	- ~~lockDown~~($username);
298	- $~~error = __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .~~
299	- ~~"failed login attempts.<br /><br />Please try again later.");~~
300	- }
301	-
302	- $~~pwd = ''~~;
303	- ~~return~~ ~~false;~~



304	}


305	}



306	}
307	endif;
308	}


2	/*
3	Plugin Name: Login LockDown
4	Plugin URI: http://www.bad-neighborhood.com/
5	+ Version: v1.3
6	Author: Michael VanDeMar
7	Description: Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through <a href="http://www.bad-neighborhood.com/" target="_blank">Bad Neighborhood</a>.
8	*/

10	/*
11	* Change Log
12	*
13	+ * ver. 1.3 23-Feb-2009
14	+ * - adjusted positioning of plugin byline
15	+ * - allowed for dynamic location of plugin files
16	+ *
17	+ * ver. 1.2 15-Jun-2008
18	+ * - now compatible with WordPress 2.5 and up only
19	*
20	* ver. 1.1 01-Sep-2007
21	* - revised time query to MySQL 4.0 compatability
22	+ *
23	+ * ver. 1.0 29-Aug-2007
24	+ * - released
25	*/
26
27	/*
28	== Installation ==
29
30	+ 1. Extract the zip file into your plugins directory into its own folder.
31	2. Activate the plugin in the Plugin options.
32	3. Customize the settings from the Options panel, if desired.
33

259	}
260	}
261
262	+ function ll_credit_link(){
263	+ echo "<p>Login form protected by <a href='http://www.bad-neighborhood.com/login-lockdown.html'>Login LockDown</a>.<br /><br /><br /></p>";
264	+ }
265	+
266	//Actions and Filters
267	if ( isset($loginlockdown_db_version) ) {
268	//Actions
269	add_action('admin_menu', 'loginlockdown_ap');
270	+ if(!defined('PLUGINDIR')){
271	+ define('PLUGINDIR', 'wp-content/plugins');
272	+ }
273	+ $activatestr = str_replace(ABSPATH.PLUGINDIR."/", "activate_", __FILE__);
274	+ add_action($activatestr, 'loginLockdown_install');
275	+ add_action('login_form', 'll_credit_link');
276	//Filters
277	//Functions
278	+ if ( !function_exists('wp_authenticate') ) :
279	+ function wp_authenticate($username, $password) {
280	global $wpdb, $error;
281	global $loginlockdownOptions;
282
283	if ( 0 < isLockedDown() ) {
284	+ return new WP_Error('incorrect_password', "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
285	"failed login attempts.<br /><br />Please try again later.");


286	}
287
288	if ( '' == $username )
289	+ return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
290
291	if ( '' == $password ) {
292	+ return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));

293	}
294
295	+ $user = get_userdatabylogin($username);
296	+
297	+ if ( !$user \|\| ($user->user_login != $username) ) {
298	+ do_action( 'wp_login_failed', $username );
299	+ return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
300	+ }
301	+
302	+ $user = apply_filters('wp_authenticate_user', $user, $password);
303	+ if ( is_wp_error($user) ) {
304	+ incrementFails($username);
305	+ if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
306	+ lockDown($username);
307	+ return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
308	+ "failed login attempts.<br /><br />Please try again later."));
309	+ }
310	+ do_action( 'wp_login_failed', $username );
311	+ return $user;
312	+ }
313	+
314	+ if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
315	+ incrementFails($username);
316	+ if ( $loginlockdownOptions['max_login_retries'] <= countFails($username) ) {
317	+ lockDown($username);
318	+ return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " .
319	+ "failed login attempts.<br /><br />Please try again later."));
320	}
321	+ do_action( 'wp_login_failed', $username );
322	+ return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
323	}
324	+
325	+ return new WP_User($user->ID);
326	+
327	}
328	endif;
329	}

readme.txt CHANGED Viewed

	@@ -1,9 +1,9 @@
1	=== Login LockDown ===
2	Developer: Michael VanDeMar (michael@endlesspoetry.com)
3	Tags: security, login
4	- Requires at least: 2.1
5	- Tested up to: 2.2
6	- Stable Tag: 1.1
7
8	Limits the number of login attempts from a given IP range within a certain time period.
9
	@@ -18,7 +18,7 @@ via the Options panel. Admisitrators can release locked out IP ranges manually f
18
19	== Installation ==
20
21	- 1. Extract ~~loginlockdown-1.1.~~zip into your ~~wp-content/~~plugins directory into its own folder.
22	2. Activate the plugin in the Plugin options.
23	3. Customize the settings from the Options panel, if desired.
24


1	=== Login LockDown ===
2	Developer: Michael VanDeMar (michael@endlesspoetry.com)
3	Tags: security, login
4	+ Requires at least: 2.5
5	+ Tested up to: 2.7.1
6	+ Stable Tag: 1.3
7
8	Limits the number of login attempts from a given IP range within a certain time period.
9

18
19	== Installation ==
20
21	+ 1. Extract the zip file into your plugins directory into its own folder.
22	2. Activate the plugin in the Plugin options.
23	3. Customize the settings from the Options panel, if desired.
24

version.txt CHANGED Viewed

	@@ -1 +1 @@
1	- 1.1


1	+ 1.3