Version Description
- Fix emails being mistakenly sent in multisite mode that say "There have been at least 0 failed attempts to log in". (Bug #1548, deanmarktaylor)
- Add an
.htaccessfile that blocks access to this plugin's directory.
Download this release
Release Info
| Developer | convissor |
| Plugin |  Login Security Solution |
| Version | 0.14.0 |
| Comparing to | |
| See all releases | |
Code changes from version 0.13.0 to 0.14.0
- .htaccess +2 -0
- login-security-solution.php +20 -10
- readme.txt +6 -1
- utilities/disable_logins_setter.php +6 -6
.htaccess
ADDED
|
@@ -0,0 +1,2 @@
|
|
|
|
|
|
|
| 1 |
+
Satisfy all
|
| 2 |
+
Deny from all
|
login-security-solution.php
CHANGED
|
@@ -6,7 +6,7 @@
|
|
| 6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
| 7 |
*
|
| 8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
| 9 |
-
* Version: 0.
|
| 10 |
* Author: Daniel Convissor
|
| 11 |
* Author URI: http://www.analysisandsolutions.com/
|
| 12 |
* License: GPLv2
|
|
@@ -164,6 +164,12 @@ class login_security_solution {
|
|
| 164 |
*/
|
| 165 |
protected $umk_last_active;
|
| 166 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 167 |
|
| 168 |
/**
|
| 169 |
* Declares the WordPress action and filter callbacks
|
|
@@ -253,7 +259,7 @@ class login_security_solution {
|
|
| 253 |
protected function initialize() {
|
| 254 |
global $wpdb;
|
| 255 |
|
| 256 |
-
$this->table_fail = $wpdb->
|
| 257 |
|
| 258 |
$this->key_login_msg = self::ID . '-login-msg-id';
|
| 259 |
$this->option_name = self::ID . '-options';
|
|
@@ -538,7 +544,7 @@ class login_security_solution {
|
|
| 538 |
* NOTE: This method is automatically called by WordPress when users
|
| 539 |
* provide their new password via the password reset functionality.
|
| 540 |
*
|
| 541 |
-
* @param WP_User the user object being edited
|
| 542 |
* @param string $user_pass the unhashed new password
|
| 543 |
* @return mixed return values provided for unit testing
|
| 544 |
*
|
|
@@ -569,9 +575,9 @@ class login_security_solution {
|
|
| 569 |
* their profile information or when admins add a user. The callback
|
| 570 |
* is activated in the edit_user() function in wp-admin/includes/user.php.
|
| 571 |
*
|
| 572 |
-
* @param
|
| 573 |
* @param bool $update is this an existing user?
|
| 574 |
-
* @param
|
| 575 |
* @return bool|null return values provided for unit testing
|
| 576 |
*
|
| 577 |
* @uses login_security_solution::is_pw_reused() to know if it's an old
|
|
@@ -1013,7 +1019,7 @@ class login_security_solution {
|
|
| 1013 |
* Saves the failed login's info in the database
|
| 1014 |
*
|
| 1015 |
* @param string $ip a prior result from get_ip()
|
| 1016 |
-
* @param string $
|
| 1017 |
* @param string $pass_md5 the md5 hashed new password
|
| 1018 |
* @return void
|
| 1019 |
*/
|
|
@@ -1213,6 +1219,7 @@ class login_security_solution {
|
|
| 1213 |
* Does the password contain data from the user's profile?
|
| 1214 |
*
|
| 1215 |
* @param string $pw the password to examine
|
|
|
|
| 1216 |
* @return bool
|
| 1217 |
*/
|
| 1218 |
protected function is_pw_like_user_data($pw, $user) {
|
|
@@ -1336,6 +1343,7 @@ class login_security_solution {
|
|
| 1336 |
* Is the user's password the same as one they've used earlier?
|
| 1337 |
*
|
| 1338 |
* @param string $pw the password to examine
|
|
|
|
| 1339 |
* @return mixed true if reused. Other replies all evaluate to empty
|
| 1340 |
* but use different types to aid unit testing.
|
| 1341 |
*/
|
|
@@ -1627,6 +1635,7 @@ class login_security_solution {
|
|
| 1627 |
* @param string $network_ip a prior result from get_network_ip()
|
| 1628 |
* @param string $user_name the user name from the current login form
|
| 1629 |
* @param string $pass_md5 the md5 hashed new password
|
|
|
|
| 1630 |
* @return bool
|
| 1631 |
*
|
| 1632 |
* @uses login_security_solution::get_notify_counts() for some shared text
|
|
@@ -1664,6 +1673,7 @@ class login_security_solution {
|
|
| 1664 |
* @param string $network_ip a prior result from get_network_ip()
|
| 1665 |
* @param string $user_name the user name from the current login form
|
| 1666 |
* @param string $pass_md5 the md5 hashed new password
|
|
|
|
| 1667 |
* @return bool
|
| 1668 |
*
|
| 1669 |
* @uses login_security_solution::get_notify_counts() for some shared text
|
|
@@ -1789,7 +1799,7 @@ class login_security_solution {
|
|
| 1789 |
* @param string $login_msg_id the ID representing the message to
|
| 1790 |
* display above the login form
|
| 1791 |
* @param bool $use_rt use WP's "redirect_to" on successful login?
|
| 1792 |
-
* @param
|
| 1793 |
* @return void
|
| 1794 |
*
|
| 1795 |
* @uses login_security_solution::$key_login_msg to know which $_GET
|
|
@@ -1972,8 +1982,8 @@ class login_security_solution {
|
|
| 1972 |
/**
|
| 1973 |
* Reverses a string in a multibyte safe way
|
| 1974 |
*
|
| 1975 |
-
* @param
|
| 1976 |
-
* @return
|
| 1977 |
*/
|
| 1978 |
protected function strrev($pw) {
|
| 1979 |
return implode('', array_reverse($this->split($pw)));
|
|
@@ -1999,7 +2009,7 @@ class login_security_solution {
|
|
| 1999 |
* Is the password valid?
|
| 2000 |
*
|
| 2001 |
* @param WP_User|string the user object or password to be examined
|
| 2002 |
-
* @param WP_Error the means to provide specific error messages
|
| 2003 |
* @return bool
|
| 2004 |
*/
|
| 2005 |
public function validate_pw($user, &$errors = null) {
|
| 6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
| 7 |
*
|
| 8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
| 9 |
+
* Version: 0.14.0
|
| 10 |
* Author: Daniel Convissor
|
| 11 |
* Author URI: http://www.analysisandsolutions.com/
|
| 12 |
* License: GPLv2
|
| 164 |
*/
|
| 165 |
protected $umk_last_active;
|
| 166 |
|
| 167 |
+
/**
|
| 168 |
+
* Our usermeta key for tracking if a user's password needs to be changed
|
| 169 |
+
* @var string
|
| 170 |
+
*/
|
| 171 |
+
protected $umk_pw_force_change;
|
| 172 |
+
|
| 173 |
|
| 174 |
/**
|
| 175 |
* Declares the WordPress action and filter callbacks
|
| 259 |
protected function initialize() {
|
| 260 |
global $wpdb;
|
| 261 |
|
| 262 |
+
$this->table_fail = $wpdb->get_blog_prefix(0) . $this->prefix . 'fail';
|
| 263 |
|
| 264 |
$this->key_login_msg = self::ID . '-login-msg-id';
|
| 265 |
$this->option_name = self::ID . '-options';
|
| 544 |
* NOTE: This method is automatically called by WordPress when users
|
| 545 |
* provide their new password via the password reset functionality.
|
| 546 |
*
|
| 547 |
+
* @param WP_User $user the user object being edited
|
| 548 |
* @param string $user_pass the unhashed new password
|
| 549 |
* @return mixed return values provided for unit testing
|
| 550 |
*
|
| 575 |
* their profile information or when admins add a user. The callback
|
| 576 |
* is activated in the edit_user() function in wp-admin/includes/user.php.
|
| 577 |
*
|
| 578 |
+
* @param WP_Error $errors the means to provide specific error messages
|
| 579 |
* @param bool $update is this an existing user?
|
| 580 |
+
* @param WP_User $user the user object being edited
|
| 581 |
* @return bool|null return values provided for unit testing
|
| 582 |
*
|
| 583 |
* @uses login_security_solution::is_pw_reused() to know if it's an old
|
| 1019 |
* Saves the failed login's info in the database
|
| 1020 |
*
|
| 1021 |
* @param string $ip a prior result from get_ip()
|
| 1022 |
+
* @param string $user_login the user name from the current login form
|
| 1023 |
* @param string $pass_md5 the md5 hashed new password
|
| 1024 |
* @return void
|
| 1025 |
*/
|
| 1219 |
* Does the password contain data from the user's profile?
|
| 1220 |
*
|
| 1221 |
* @param string $pw the password to examine
|
| 1222 |
+
* @param WP_User $user the current user
|
| 1223 |
* @return bool
|
| 1224 |
*/
|
| 1225 |
protected function is_pw_like_user_data($pw, $user) {
|
| 1343 |
* Is the user's password the same as one they've used earlier?
|
| 1344 |
*
|
| 1345 |
* @param string $pw the password to examine
|
| 1346 |
+
* @param int $user_ID the user's id number
|
| 1347 |
* @return mixed true if reused. Other replies all evaluate to empty
|
| 1348 |
* but use different types to aid unit testing.
|
| 1349 |
*/
|
| 1635 |
* @param string $network_ip a prior result from get_network_ip()
|
| 1636 |
* @param string $user_name the user name from the current login form
|
| 1637 |
* @param string $pass_md5 the md5 hashed new password
|
| 1638 |
+
* @param array $fails the data from get_login_fail()
|
| 1639 |
* @return bool
|
| 1640 |
*
|
| 1641 |
* @uses login_security_solution::get_notify_counts() for some shared text
|
| 1673 |
* @param string $network_ip a prior result from get_network_ip()
|
| 1674 |
* @param string $user_name the user name from the current login form
|
| 1675 |
* @param string $pass_md5 the md5 hashed new password
|
| 1676 |
+
* @param array $fails the data from get_login_fail()
|
| 1677 |
* @return bool
|
| 1678 |
*
|
| 1679 |
* @uses login_security_solution::get_notify_counts() for some shared text
|
| 1799 |
* @param string $login_msg_id the ID representing the message to
|
| 1800 |
* display above the login form
|
| 1801 |
* @param bool $use_rt use WP's "redirect_to" on successful login?
|
| 1802 |
+
* @param string $action "login" (default), "rp", or "retrievepassword"
|
| 1803 |
* @return void
|
| 1804 |
*
|
| 1805 |
* @uses login_security_solution::$key_login_msg to know which $_GET
|
| 1982 |
/**
|
| 1983 |
* Reverses a string in a multibyte safe way
|
| 1984 |
*
|
| 1985 |
+
* @param string $pw the string to examine
|
| 1986 |
+
* @return string the reversed string
|
| 1987 |
*/
|
| 1988 |
protected function strrev($pw) {
|
| 1989 |
return implode('', array_reverse($this->split($pw)));
|
| 2009 |
* Is the password valid?
|
| 2010 |
*
|
| 2011 |
* @param WP_User|string the user object or password to be examined
|
| 2012 |
+
* @param WP_Error $errors the means to provide specific error messages
|
| 2013 |
* @return bool
|
| 2014 |
*/
|
| 2015 |
public function validate_pw($user, &$errors = null) {
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danie
|
|
| 4 |
Tags: login, password, passwords, strength, strong, idle, timeout, maintenance, security, attack, hack, lock, ban
|
| 5 |
Requires at least: 3.3
|
| 6 |
Tested up to: 3.4.1
|
| 7 |
-
Stable tag: 0.
|
| 8 |
|
| 9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
| 10 |
|
|
@@ -273,6 +273,11 @@ then `cd` into that directory and run:
|
|
| 273 |
|
| 274 |
== Changelog ==
|
| 275 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 276 |
= 0.13.0 =
|
| 277 |
* Add a script for turning our "Disable Logins" feature on and off from the
|
| 278 |
command line.
|
| 4 |
Tags: login, password, passwords, strength, strong, idle, timeout, maintenance, security, attack, hack, lock, ban
|
| 5 |
Requires at least: 3.3
|
| 6 |
Tested up to: 3.4.1
|
| 7 |
+
Stable tag: 0.14.0
|
| 8 |
|
| 9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. Multisite ready!
|
| 10 |
|
| 273 |
|
| 274 |
== Changelog ==
|
| 275 |
|
| 276 |
+
= 0.14.0 =
|
| 277 |
+
* Fix emails being mistakenly sent in multisite mode that say "There have
|
| 278 |
+
been at least 0 failed attempts to log in". (Bug #1548, deanmarktaylor)
|
| 279 |
+
* Add an `.htaccess` file that blocks access to this plugin's directory.
|
| 280 |
+
|
| 281 |
= 0.13.0 =
|
| 282 |
* Add a script for turning our "Disable Logins" feature on and off from the
|
| 283 |
command line.
|
utilities/disable_logins_setter.php
CHANGED
|
@@ -15,10 +15,10 @@ $option_name = 'login-security-solution-options';
|
|
| 15 |
|
| 16 |
|
| 17 |
function usage() {
|
| 18 |
-
echo "Usage: disable_logins_setter.php <
|
| 19 |
-
echo " @param int
|
| 20 |
echo "\nAuthor: Daniel Convissor <danielc@analysisandsolutions.com>\n";
|
| 21 |
-
echo "License: http://www.
|
| 22 |
echo "Link: http://wordpress.org/extend/plugins/login-security-solution/\n";
|
| 23 |
exit(1);
|
| 24 |
}
|
|
@@ -26,8 +26,8 @@ function usage() {
|
|
| 26 |
if (!isset($_SERVER['argv'][1])) {
|
| 27 |
usage();
|
| 28 |
} else {
|
| 29 |
-
$
|
| 30 |
-
if ($
|
| 31 |
usage();
|
| 32 |
}
|
| 33 |
}
|
|
@@ -44,7 +44,7 @@ $root_dir = "$util_dir/../../../..";
|
|
| 44 |
require_once "$root_dir/wp-load.php";
|
| 45 |
|
| 46 |
$option_value = get_option($option_name);
|
| 47 |
-
$option_value['disable_logins'] = $
|
| 48 |
if (!update_option($option_name, $option_value)) {
|
| 49 |
echo "ERROR: updating the option had a problem.\n";
|
| 50 |
exit(1);
|
| 15 |
|
| 16 |
|
| 17 |
function usage() {
|
| 18 |
+
echo "Usage: disable_logins_setter.php <input>\n";
|
| 19 |
+
echo " @param int input 1 = disable logins, 0 = enable logins\n";
|
| 20 |
echo "\nAuthor: Daniel Convissor <danielc@analysisandsolutions.com>\n";
|
| 21 |
+
echo "License: http://www.gnu.org/licenses/gpl-2.0.html\n";
|
| 22 |
echo "Link: http://wordpress.org/extend/plugins/login-security-solution/\n";
|
| 23 |
exit(1);
|
| 24 |
}
|
| 26 |
if (!isset($_SERVER['argv'][1])) {
|
| 27 |
usage();
|
| 28 |
} else {
|
| 29 |
+
$input = $_SERVER['argv'][1];
|
| 30 |
+
if ($input !== '0' && $input !== '1') {
|
| 31 |
usage();
|
| 32 |
}
|
| 33 |
}
|
| 44 |
require_once "$root_dir/wp-load.php";
|
| 45 |
|
| 46 |
$option_value = get_option($option_name);
|
| 47 |
+
$option_value['disable_logins'] = $input;
|
| 48 |
if (!update_option($option_name, $option_value)) {
|
| 49 |
echo "ERROR: updating the option had a problem.\n";
|
| 50 |
exit(1);
|
