Version Description
- Catch $user_ID not being set during "Change All Passwords" submission.
- Add (commented out) log() calls in important spots. Enables users to help me help them.
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.10.0 |
Comparing to | |
See all releases |
Code changes from version 0.9.0 to 0.10.0
- admin.inc +6 -0
- languages/login-security-solution.pot +39 -39
- login-security-solution.php +12 -3
- readme.txt +8 -5
admin.inc
CHANGED
@@ -865,6 +865,12 @@ class login_security_solution_admin extends login_security_solution {
|
|
865 |
return __('You do not have sufficient permissions to access this page.');
|
866 |
}
|
867 |
|
|
|
|
|
|
|
|
|
|
|
|
|
868 |
$sql = "INSERT INTO `$wpdb->usermeta`
|
869 |
(user_id, meta_key, meta_value)
|
870 |
SELECT ID, %s, 1
|
865 |
return __('You do not have sufficient permissions to access this page.');
|
866 |
}
|
867 |
|
868 |
+
if (empty($user_ID)) {
|
869 |
+
###$this->log("force_change_for_all() user_ID not set.");
|
870 |
+
###$this->log(debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS));
|
871 |
+
return __("\$user_ID variable not set. Another plugin is misbehaving.", self::ID);
|
872 |
+
}
|
873 |
+
|
874 |
$sql = "INSERT INTO `$wpdb->usermeta`
|
875 |
(user_id, meta_key, meta_value)
|
876 |
SELECT ID, %s, 1
|
languages/login-security-solution.pot
CHANGED
@@ -4,7 +4,7 @@ msgid ""
|
|
4 |
msgstr ""
|
5 |
"Project-Id-Version: Login Security Solution 0.9.0\n"
|
6 |
"Report-Msgid-Bugs-To: http://wordpress.org/tag/login-security-solution\n"
|
7 |
-
"POT-Creation-Date: 2012-06-
|
8 |
"MIME-Version: 1.0\n"
|
9 |
"Content-Type: text/plain; charset=UTF-8\n"
|
10 |
"Content-Transfer-Encoding: 8bit\n"
|
@@ -12,171 +12,171 @@ msgstr ""
|
|
12 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
13 |
"Language-Team: LANGUAGE <LL@li.org>\n"
|
14 |
|
15 |
-
#: login-security-solution.php:
|
16 |
msgid "Invalid username or password."
|
17 |
msgstr ""
|
18 |
|
19 |
-
#: login-security-solution.php:
|
20 |
#: tests/LoginErrorsTest.php:129
|
21 |
msgid "Password reset is not allowed for this user"
|
22 |
msgstr ""
|
23 |
|
24 |
-
#: login-security-solution.php:
|
25 |
msgid "It has been over %d minutes since your last action."
|
26 |
msgstr ""
|
27 |
|
28 |
-
#: login-security-solution.php:
|
29 |
msgid "Please log back in."
|
30 |
msgstr ""
|
31 |
|
32 |
-
#: login-security-solution.php:
|
33 |
msgid "The grace period for changing your password has expired."
|
34 |
msgstr ""
|
35 |
|
36 |
-
#: login-security-solution.php:
|
37 |
msgid "Please submit this form to reset your password."
|
38 |
msgstr ""
|
39 |
|
40 |
-
#: login-security-solution.php:
|
41 |
msgid "Your password must be reset."
|
42 |
msgstr ""
|
43 |
|
44 |
-
#: login-security-solution.php:
|
45 |
msgid "Please submit this form to reset it."
|
46 |
msgstr ""
|
47 |
|
48 |
-
#: login-security-solution.php:
|
49 |
msgid "Your password has expired. Please log and change it."
|
50 |
msgstr ""
|
51 |
|
52 |
-
#: login-security-solution.php:
|
53 |
msgid "We provide a %d minute grace period to do so."
|
54 |
msgstr ""
|
55 |
|
56 |
-
#: login-security-solution.php:
|
57 |
msgid "The password you tried to create is not secure. Please try again."
|
58 |
msgstr ""
|
59 |
|
60 |
-
#: login-security-solution.php:
|
61 |
#: tests/LoginMessageTest.php:144
|
62 |
msgid "The site is undergoing maintenance."
|
63 |
msgstr ""
|
64 |
|
65 |
-
#: login-security-solution.php:
|
66 |
#: tests/LoginMessageTest.php:145
|
67 |
msgid "Please try again later."
|
68 |
msgstr ""
|
69 |
|
70 |
-
#: login-security-solution.php:
|
71 |
msgid "Passwords can not be reused."
|
72 |
msgstr ""
|
73 |
|
74 |
-
#: login-security-solution.php:
|
75 |
msgid "ERROR"
|
76 |
msgstr ""
|
77 |
|
78 |
-
#: login-security-solution.php:
|
79 |
msgid "Component Count Value from Current Attempt"
|
80 |
msgstr ""
|
81 |
|
82 |
-
#: login-security-solution.php:
|
83 |
msgid "Network IP %5d %s"
|
84 |
msgstr ""
|
85 |
|
86 |
-
#: login-security-solution.php:
|
87 |
msgid "Username %5d %s"
|
88 |
msgstr ""
|
89 |
|
90 |
-
#: login-security-solution.php:
|
91 |
msgid "Password MD5 %5d %s"
|
92 |
msgstr ""
|
93 |
|
94 |
-
#: login-security-solution.php:
|
95 |
msgid "Your website, %s, may have been broken in to."
|
96 |
msgstr ""
|
97 |
|
98 |
-
#: login-security-solution.php:
|
99 |
msgid ""
|
100 |
"Someone just logged in using the following components. Prior to that, some "
|
101 |
"combination of those components were a part of %d failed attempts to log in "
|
102 |
"during the past %d minutes:"
|
103 |
msgstr ""
|
104 |
|
105 |
-
#: login-security-solution.php:
|
106 |
msgid ""
|
107 |
"The user has been logged out and will be required to confirm their identity "
|
108 |
"via the password reset functionality."
|
109 |
msgstr ""
|
110 |
|
111 |
-
#: login-security-solution.php:
|
112 |
msgid "Your website, %s, is undergoing a brute force attack."
|
113 |
msgstr ""
|
114 |
|
115 |
-
#: login-security-solution.php:
|
116 |
msgid ""
|
117 |
"There have been at least %d failed attempts to log in during the past %d "
|
118 |
"minutes that used one or more of the following components:"
|
119 |
msgstr ""
|
120 |
|
121 |
-
#: login-security-solution.php:
|
122 |
msgid ""
|
123 |
"The %s plugin for WordPress is repelling the attack by making their login "
|
124 |
"failures take a very long time."
|
125 |
msgstr ""
|
126 |
|
127 |
-
#: login-security-solution.php:
|
128 |
msgid "Password not set."
|
129 |
msgstr ""
|
130 |
|
131 |
-
#: login-security-solution.php:
|
132 |
msgid "Passwords must be strings."
|
133 |
msgstr ""
|
134 |
|
135 |
-
#: login-security-solution.php:
|
136 |
msgid "Passwords must use ASCII characters."
|
137 |
msgstr ""
|
138 |
|
139 |
-
#: login-security-solution.php:
|
140 |
msgid "Password is too short."
|
141 |
msgstr ""
|
142 |
|
143 |
-
#: login-security-solution.php:
|
144 |
msgid "Passwords must either contain numbers or be %d characters long."
|
145 |
msgstr ""
|
146 |
|
147 |
-
#: login-security-solution.php:
|
148 |
msgid ""
|
149 |
"Passwords must either contain punctuation marks / symbols or be %d "
|
150 |
"characters long."
|
151 |
msgstr ""
|
152 |
|
153 |
-
#: login-security-solution.php:
|
154 |
msgid ""
|
155 |
"Passwords must either contain upper-case and lower-case letters or be %d "
|
156 |
"characters long."
|
157 |
msgstr ""
|
158 |
|
159 |
-
#: login-security-solution.php:
|
160 |
msgid "Passwords can't be sequential keys."
|
161 |
msgstr ""
|
162 |
|
163 |
-
#: login-security-solution.php:
|
164 |
msgid "Passwords can't have that many sequential characters."
|
165 |
msgstr ""
|
166 |
|
167 |
-
#: login-security-solution.php:
|
168 |
msgid "Passwords can't contain user data."
|
169 |
msgstr ""
|
170 |
|
171 |
-
#: login-security-solution.php:
|
172 |
msgid "Passwords can't contain site info."
|
173 |
msgstr ""
|
174 |
|
175 |
-
#: login-security-solution.php:
|
176 |
msgid "Password is too common."
|
177 |
msgstr ""
|
178 |
|
179 |
-
#: login-security-solution.php:
|
180 |
msgid "Passwords can't be variations of dictionary words."
|
181 |
msgstr ""
|
182 |
|
4 |
msgstr ""
|
5 |
"Project-Id-Version: Login Security Solution 0.9.0\n"
|
6 |
"Report-Msgid-Bugs-To: http://wordpress.org/tag/login-security-solution\n"
|
7 |
+
"POT-Creation-Date: 2012-06-16 19:52:08+00:00\n"
|
8 |
"MIME-Version: 1.0\n"
|
9 |
"Content-Type: text/plain; charset=UTF-8\n"
|
10 |
"Content-Transfer-Encoding: 8bit\n"
|
12 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
13 |
"Language-Team: LANGUAGE <LL@li.org>\n"
|
14 |
|
15 |
+
#: login-security-solution.php:462
|
16 |
msgid "Invalid username or password."
|
17 |
msgstr ""
|
18 |
|
19 |
+
#: login-security-solution.php:468 tests/LoginErrorsTest.php:117
|
20 |
#: tests/LoginErrorsTest.php:129
|
21 |
msgid "Password reset is not allowed for this user"
|
22 |
msgstr ""
|
23 |
|
24 |
+
#: login-security-solution.php:493 tests/LoginMessageTest.php:66
|
25 |
msgid "It has been over %d minutes since your last action."
|
26 |
msgstr ""
|
27 |
|
28 |
+
#: login-security-solution.php:494 tests/LoginMessageTest.php:67
|
29 |
msgid "Please log back in."
|
30 |
msgstr ""
|
31 |
|
32 |
+
#: login-security-solution.php:497 tests/LoginMessageTest.php:77
|
33 |
msgid "The grace period for changing your password has expired."
|
34 |
msgstr ""
|
35 |
|
36 |
+
#: login-security-solution.php:498 tests/LoginMessageTest.php:78
|
37 |
msgid "Please submit this form to reset your password."
|
38 |
msgstr ""
|
39 |
|
40 |
+
#: login-security-solution.php:501 tests/LoginMessageTest.php:88
|
41 |
msgid "Your password must be reset."
|
42 |
msgstr ""
|
43 |
|
44 |
+
#: login-security-solution.php:502 tests/LoginMessageTest.php:89
|
45 |
msgid "Please submit this form to reset it."
|
46 |
msgstr ""
|
47 |
|
48 |
+
#: login-security-solution.php:505 tests/LoginMessageTest.php:104
|
49 |
msgid "Your password has expired. Please log and change it."
|
50 |
msgstr ""
|
51 |
|
52 |
+
#: login-security-solution.php:506 tests/LoginMessageTest.php:105
|
53 |
msgid "We provide a %d minute grace period to do so."
|
54 |
msgstr ""
|
55 |
|
56 |
+
#: login-security-solution.php:509 tests/LoginMessageTest.php:115
|
57 |
msgid "The password you tried to create is not secure. Please try again."
|
58 |
msgstr ""
|
59 |
|
60 |
+
#: login-security-solution.php:515 tests/LoginMessageTest.php:129
|
61 |
#: tests/LoginMessageTest.php:144
|
62 |
msgid "The site is undergoing maintenance."
|
63 |
msgstr ""
|
64 |
|
65 |
+
#: login-security-solution.php:516 tests/LoginMessageTest.php:130
|
66 |
#: tests/LoginMessageTest.php:145
|
67 |
msgid "Please try again later."
|
68 |
msgstr ""
|
69 |
|
70 |
+
#: login-security-solution.php:585
|
71 |
msgid "Passwords can not be reused."
|
72 |
msgstr ""
|
73 |
|
74 |
+
#: login-security-solution.php:732
|
75 |
msgid "ERROR"
|
76 |
msgstr ""
|
77 |
|
78 |
+
#: login-security-solution.php:852
|
79 |
msgid "Component Count Value from Current Attempt"
|
80 |
msgstr ""
|
81 |
|
82 |
+
#: login-security-solution.php:854
|
83 |
msgid "Network IP %5d %s"
|
84 |
msgstr ""
|
85 |
|
86 |
+
#: login-security-solution.php:856
|
87 |
msgid "Username %5d %s"
|
88 |
msgstr ""
|
89 |
|
90 |
+
#: login-security-solution.php:858
|
91 |
msgid "Password MD5 %5d %s"
|
92 |
msgstr ""
|
93 |
|
94 |
+
#: login-security-solution.php:1639
|
95 |
msgid "Your website, %s, may have been broken in to."
|
96 |
msgstr ""
|
97 |
|
98 |
+
#: login-security-solution.php:1642
|
99 |
msgid ""
|
100 |
"Someone just logged in using the following components. Prior to that, some "
|
101 |
"combination of those components were a part of %d failed attempts to log in "
|
102 |
"during the past %d minutes:"
|
103 |
msgstr ""
|
104 |
|
105 |
+
#: login-security-solution.php:1647
|
106 |
msgid ""
|
107 |
"The user has been logged out and will be required to confirm their identity "
|
108 |
"via the password reset functionality."
|
109 |
msgstr ""
|
110 |
|
111 |
+
#: login-security-solution.php:1676
|
112 |
msgid "Your website, %s, is undergoing a brute force attack."
|
113 |
msgstr ""
|
114 |
|
115 |
+
#: login-security-solution.php:1679
|
116 |
msgid ""
|
117 |
"There have been at least %d failed attempts to log in during the past %d "
|
118 |
"minutes that used one or more of the following components:"
|
119 |
msgstr ""
|
120 |
|
121 |
+
#: login-security-solution.php:1684
|
122 |
msgid ""
|
123 |
"The %s plugin for WordPress is repelling the attack by making their login "
|
124 |
"failures take a very long time."
|
125 |
msgstr ""
|
126 |
|
127 |
+
#: login-security-solution.php:2006
|
128 |
msgid "Password not set."
|
129 |
msgstr ""
|
130 |
|
131 |
+
#: login-security-solution.php:2021
|
132 |
msgid "Passwords must be strings."
|
133 |
msgstr ""
|
134 |
|
135 |
+
#: login-security-solution.php:2039
|
136 |
msgid "Passwords must use ASCII characters."
|
137 |
msgstr ""
|
138 |
|
139 |
+
#: login-security-solution.php:2058
|
140 |
msgid "Password is too short."
|
141 |
msgstr ""
|
142 |
|
143 |
+
#: login-security-solution.php:2067
|
144 |
msgid "Passwords must either contain numbers or be %d characters long."
|
145 |
msgstr ""
|
146 |
|
147 |
+
#: login-security-solution.php:2076
|
148 |
msgid ""
|
149 |
"Passwords must either contain punctuation marks / symbols or be %d "
|
150 |
"characters long."
|
151 |
msgstr ""
|
152 |
|
153 |
+
#: login-security-solution.php:2085
|
154 |
msgid ""
|
155 |
"Passwords must either contain upper-case and lower-case letters or be %d "
|
156 |
"characters long."
|
157 |
msgstr ""
|
158 |
|
159 |
+
#: login-security-solution.php:2095
|
160 |
msgid "Passwords can't be sequential keys."
|
161 |
msgstr ""
|
162 |
|
163 |
+
#: login-security-solution.php:2104
|
164 |
msgid "Passwords can't have that many sequential characters."
|
165 |
msgstr ""
|
166 |
|
167 |
+
#: login-security-solution.php:2120
|
168 |
msgid "Passwords can't contain user data."
|
169 |
msgstr ""
|
170 |
|
171 |
+
#: login-security-solution.php:2131
|
172 |
msgid "Passwords can't contain site info."
|
173 |
msgstr ""
|
174 |
|
175 |
+
#: login-security-solution.php:2140
|
176 |
msgid "Password is too common."
|
177 |
msgstr ""
|
178 |
|
179 |
+
#: login-security-solution.php:2149
|
180 |
msgid "Passwords can't be variations of dictionary words."
|
181 |
msgstr ""
|
182 |
|
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
@@ -344,6 +344,7 @@ class login_security_solution {
|
|
344 |
*/
|
345 |
|
346 |
if ($this->is_idle($user->ID)) {
|
|
|
347 |
$this->redirect_to_login('idle', true);
|
348 |
return -5;
|
349 |
}
|
@@ -351,11 +352,11 @@ class login_security_solution {
|
|
351 |
if ($this->is_pw_expired($user->ID)) {
|
352 |
$grace = $this->check_pw_grace_period($user->ID);
|
353 |
if ($grace === true) {
|
354 |
-
|
355 |
$this->redirect_to_login('pw_grace', true);
|
356 |
return -1;
|
357 |
} elseif ($grace === false) {
|
358 |
-
|
359 |
$this->redirect_to_login('pw_expired', false, 'retrievepassword');
|
360 |
return -2;
|
361 |
}
|
@@ -363,6 +364,7 @@ class login_security_solution {
|
|
363 |
}
|
364 |
|
365 |
if ($this->get_pw_force_change($user->ID)) {
|
|
|
366 |
$this->redirect_to_login('pw_force', false, 'retrievepassword');
|
367 |
return -3;
|
368 |
}
|
@@ -370,6 +372,7 @@ class login_security_solution {
|
|
370 |
if ($this->options['disable_logins']
|
371 |
&& !current_user_can('administrator'))
|
372 |
{
|
|
|
373 |
$this->redirect_to_login();
|
374 |
return -4;
|
375 |
}
|
@@ -403,10 +406,12 @@ class login_security_solution {
|
|
403 |
|
404 |
if (empty($user_ID)) {
|
405 |
if (empty($user_name)) {
|
|
|
406 |
return;
|
407 |
}
|
408 |
$user = get_user_by('login', $user_name);
|
409 |
if (! $user instanceof WP_User) {
|
|
|
410 |
return -1;
|
411 |
}
|
412 |
$user_ID = $user->ID;
|
@@ -534,11 +539,13 @@ class login_security_solution {
|
|
534 |
*/
|
535 |
public function password_reset($user, $user_pass) {
|
536 |
if (empty($user->ID)) {
|
|
|
537 |
return false;
|
538 |
}
|
539 |
|
540 |
$user->user_pass = $user_pass;
|
541 |
if (!$this->validate_pw($user)) {
|
|
|
542 |
$this->set_pw_force_change($user->ID);
|
543 |
$this->redirect_to_login('pw_reset_bad', false, 'rp');
|
544 |
return -1;
|
@@ -633,6 +640,7 @@ class login_security_solution {
|
|
633 |
if ($this->options['login_fail_breach_pw_force_change']
|
634 |
&& $fails['total'] >= $this->options['login_fail_breach_pw_force_change'])
|
635 |
{
|
|
|
636 |
$this->set_pw_force_change($user->ID);
|
637 |
$return += 2;
|
638 |
}
|
@@ -640,6 +648,7 @@ class login_security_solution {
|
|
640 |
if ($this->options['login_fail_breach_notify']
|
641 |
&& $fails['total'] >= $this->options['login_fail_breach_notify'])
|
642 |
{
|
|
|
643 |
$this->notify_breach($network_ip, $user_name, $pass_md5, $fails);
|
644 |
$return += 4;
|
645 |
}
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.10.0
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
344 |
*/
|
345 |
|
346 |
if ($this->is_idle($user->ID)) {
|
347 |
+
###$this->log("check(): Idle.");
|
348 |
$this->redirect_to_login('idle', true);
|
349 |
return -5;
|
350 |
}
|
352 |
if ($this->is_pw_expired($user->ID)) {
|
353 |
$grace = $this->check_pw_grace_period($user->ID);
|
354 |
if ($grace === true) {
|
355 |
+
###$this->log("check(): First time here since password expired.");
|
356 |
$this->redirect_to_login('pw_grace', true);
|
357 |
return -1;
|
358 |
} elseif ($grace === false) {
|
359 |
+
###$this->log("check(): Grace period expired.");
|
360 |
$this->redirect_to_login('pw_expired', false, 'retrievepassword');
|
361 |
return -2;
|
362 |
}
|
364 |
}
|
365 |
|
366 |
if ($this->get_pw_force_change($user->ID)) {
|
367 |
+
###$this->log("check(): Password force change.");
|
368 |
$this->redirect_to_login('pw_force', false, 'retrievepassword');
|
369 |
return -3;
|
370 |
}
|
372 |
if ($this->options['disable_logins']
|
373 |
&& !current_user_can('administrator'))
|
374 |
{
|
375 |
+
###$this->log("check(): Disable logins.");
|
376 |
$this->redirect_to_login();
|
377 |
return -4;
|
378 |
}
|
406 |
|
407 |
if (empty($user_ID)) {
|
408 |
if (empty($user_name)) {
|
409 |
+
###$this->log("delete_last_active(): Empty user_ID, user_name.");
|
410 |
return;
|
411 |
}
|
412 |
$user = get_user_by('login', $user_name);
|
413 |
if (! $user instanceof WP_User) {
|
414 |
+
###$this->log("delete_last_active(): Unknown user_name.");
|
415 |
return -1;
|
416 |
}
|
417 |
$user_ID = $user->ID;
|
539 |
*/
|
540 |
public function password_reset($user, $user_pass) {
|
541 |
if (empty($user->ID)) {
|
542 |
+
###$this->log("password_reset(): user->ID not set.");
|
543 |
return false;
|
544 |
}
|
545 |
|
546 |
$user->user_pass = $user_pass;
|
547 |
if (!$this->validate_pw($user)) {
|
548 |
+
###$this->log("password_reset(): Invalid password chosen.");
|
549 |
$this->set_pw_force_change($user->ID);
|
550 |
$this->redirect_to_login('pw_reset_bad', false, 'rp');
|
551 |
return -1;
|
640 |
if ($this->options['login_fail_breach_pw_force_change']
|
641 |
&& $fails['total'] >= $this->options['login_fail_breach_pw_force_change'])
|
642 |
{
|
643 |
+
###$this->log("wp_login(): Breach force change.");
|
644 |
$this->set_pw_force_change($user->ID);
|
645 |
$return += 2;
|
646 |
}
|
648 |
if ($this->options['login_fail_breach_notify']
|
649 |
&& $fails['total'] >= $this->options['login_fail_breach_notify'])
|
650 |
{
|
651 |
+
###$this->log("wp_login(): Breach notify.");
|
652 |
$this->notify_breach($network_ip, $user_name, $pass_md5, $fails);
|
653 |
$return += 4;
|
654 |
}
|
readme.txt
CHANGED
@@ -3,12 +3,10 @@ Contributors: convissor
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
|
5 |
Requires at least: 3.3
|
6 |
-
Tested up to: 3.
|
7 |
-
Stable tag: 0.
|
8 |
|
9 |
-
Security against brute force attacks by tracking IP, name, password;
|
10 |
-
requiring very strong passwords. Idle timeout. Maintenance mode. Multisite
|
11 |
-
ready!
|
12 |
|
13 |
|
14 |
== Description ==
|
@@ -258,6 +256,11 @@ then `cd` into that directory and run:
|
|
258 |
|
259 |
== Changelog ==
|
260 |
|
|
|
|
|
|
|
|
|
|
|
261 |
= 0.9.0 =
|
262 |
* Fix change that prevented users from logging in after using the password
|
263 |
reset process with an insecure password. Users can now pick a better
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
|
5 |
Requires at least: 3.3
|
6 |
+
Tested up to: 3.4
|
7 |
+
Stable tag: 0.10.0
|
8 |
|
9 |
+
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
|
|
|
|
10 |
|
11 |
|
12 |
== Description ==
|
256 |
|
257 |
== Changelog ==
|
258 |
|
259 |
+
= 0.10.0 =
|
260 |
+
* Catch $user_ID not being set during "Change All Passwords" submission.
|
261 |
+
* Add (commented out) log() calls in important spots. Enables users to
|
262 |
+
help me help them.
|
263 |
+
|
264 |
= 0.9.0 =
|
265 |
* Fix change that prevented users from logging in after using the password
|
266 |
reset process with an insecure password. Users can now pick a better
|