Version Description
- Use POST value for
$user_name
inlogin_errors()
because global value isn't always set. - Add some more (commented out) log() calls to help users help me help them.
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.11.0 |
Comparing to | |
See all releases |
Code changes from version 0.10.0 to 0.11.0
- login-security-solution.php +6 -2
- readme.txt +22 -2
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
@@ -455,8 +455,12 @@ class login_security_solution {
|
|
455 |
|
456 |
$codes_to_cloak = array('incorrect_password', 'invalid_username');
|
457 |
if (array_intersect($error_codes, $codes_to_cloak)) {
|
458 |
-
|
|
|
459 |
$user_pass = empty($_POST['pwd']) ? '' : $_POST['pwd'];
|
|
|
|
|
|
|
460 |
$this->process_login_fail($user_name, $user_pass);
|
461 |
$this->load_plugin_textdomain();
|
462 |
return $this->hsc_utf8(__('Invalid username or password.', self::ID));
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.11.0
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
455 |
|
456 |
$codes_to_cloak = array('incorrect_password', 'invalid_username');
|
457 |
if (array_intersect($error_codes, $codes_to_cloak)) {
|
458 |
+
// Use POST value, global $user_name isn't always set.
|
459 |
+
$user_name = empty($_POST['log']) ? '' : $_POST['log'];
|
460 |
$user_pass = empty($_POST['pwd']) ? '' : $_POST['pwd'];
|
461 |
+
// Unset user name to avoid information disclosure.
|
462 |
+
unset($_POST['log']);
|
463 |
+
###$this->log("login_fail(): user_name: $user_name, user_pass: $user_pass.");
|
464 |
$this->process_login_fail($user_name, $user_pass);
|
465 |
$this->load_plugin_textdomain();
|
466 |
return $this->hsc_utf8(__('Invalid username or password.', self::ID));
|
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: convissor
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
|
5 |
Requires at least: 3.3
|
6 |
-
Tested up to: 3.4
|
7 |
-
Stable tag: 0.
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
10 |
|
@@ -105,9 +105,16 @@ and worst of all, you've inadvertently helped infect the computers of your
|
|
105 |
clients and friends. Oh, and that malware has possibly gotten itself
|
106 |
into the browser/computer you use for administering your website.
|
107 |
|
|
|
|
|
|
|
|
|
|
|
108 |
|
109 |
== Installation ==
|
110 |
|
|
|
|
|
111 |
1. Download the Login Security Solution zip file from WordPress' plugin
|
112 |
site: `http://wordpress.org/extend/plugins/login-security-solution/`
|
113 |
|
@@ -214,6 +221,14 @@ are not using the `InnoDB` storage engine.
|
|
214 |
|
215 |
== Frequently Asked Questions ==
|
216 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
217 |
= Where should I report bugs and feature requests? =
|
218 |
|
219 |
Report bugs and submit feature requests by opening a ticket in WordPress'
|
@@ -256,6 +271,11 @@ then `cd` into that directory and run:
|
|
256 |
|
257 |
== Changelog ==
|
258 |
|
|
|
|
|
|
|
|
|
|
|
259 |
= 0.10.0 =
|
260 |
* Catch $user_ID not being set during "Change All Passwords" submission.
|
261 |
* Add (commented out) log() calls in important spots. Enables users to
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
|
5 |
Requires at least: 3.3
|
6 |
+
Tested up to: 3.4.1
|
7 |
+
Stable tag: 0.11.0
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
10 |
|
105 |
clients and friends. Oh, and that malware has possibly gotten itself
|
106 |
into the browser/computer you use for administering your website.
|
107 |
|
108 |
+
= Compatability with Other Plugins =
|
109 |
+
|
110 |
+
Some plugins provide similar functionality. These overlaps can lead to
|
111 |
+
conflicts during program execution. Please read the FAQ!
|
112 |
+
|
113 |
|
114 |
== Installation ==
|
115 |
|
116 |
+
1. Before installing this plugin, read the FAQ!
|
117 |
+
|
118 |
1. Download the Login Security Solution zip file from WordPress' plugin
|
119 |
site: `http://wordpress.org/extend/plugins/login-security-solution/`
|
120 |
|
221 |
|
222 |
== Frequently Asked Questions ==
|
223 |
|
224 |
+
= Compatibility with Other Plugins =
|
225 |
+
|
226 |
+
* __Better WP Security__: Their "Enable Login Limits" and "Enable strong
|
227 |
+
password enforcement" functionality conflict with our features. The good
|
228 |
+
news is we provide more robust protection in those areas and the Better WP
|
229 |
+
Security "Settings" page lets you disable those features in their plugin.
|
230 |
+
This way you get to enjoy even better security than either plugin alone.
|
231 |
+
|
232 |
= Where should I report bugs and feature requests? =
|
233 |
|
234 |
Report bugs and submit feature requests by opening a ticket in WordPress'
|
271 |
|
272 |
== Changelog ==
|
273 |
|
274 |
+
= 0.11.0 =
|
275 |
+
* Use POST value for `$user_name` in `login_errors()` because global value
|
276 |
+
isn't always set.
|
277 |
+
* Add some more (commented out) log() calls to help users help me help them.
|
278 |
+
|
279 |
= 0.10.0 =
|
280 |
* Catch $user_ID not being set during "Change All Passwords" submission.
|
281 |
* Add (commented out) log() calls in important spots. Enables users to
|