Login Security Solution - Version 0.22.0

Version Description

Track a given IP, user name, password combination only once.
Prevent "not a valid MySQL-Link resource" on auth cookie failure.
Increase default value of login_fail_notify from 20 to 50.
Add partial French translation. Settings page needs doing. Thanks mermouy!

Release Info

Developer	convissor
Plugin	Login Security Solution
Version	0.22.0
Comparing to
See all releases

Code changes from version 0.21.0 to 0.22.0

Files changed (8) hide show

languages/login-security-solution-fr_FR.mo +0 -0
languages/login-security-solution-fr_FR.po +660 -0
languages/login-security-solution.pot +115 -114
languages/updatepos.sh +8 -0
login-security-solution.php +63 -7
readme.txt +35 -3
tests/AuthCookieBadTest.php +18 -0
tests/LoginFailTest.php +22 -1

languages/login-security-solution-fr_FR.mo ADDED Viewed

Binary file

languages/login-security-solution-fr_FR.po ADDED Viewed

	@@ -0,0 +1,660 @@


1	+ msgid ""
2	+ msgstr ""
3	+ "Project-Id-Version: Login Security Solution 0.22.0\n"
4	+ "Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-"
5	+ "solution\n"
6	+ "POT-Creation-Date: 2012-08-17 00:42:14+00:00\n"
7	+ "PO-Revision-Date: 2012-07-14 09:16:30+0000\n"
8	+ "Last-Translator: mermouy <mermouy@gmail.com>\n"
9	+ "Language-Team: \n"
10	+ "MIME-Version: 1.0\n"
11	+ "Content-Type: text/plain; charset=UTF-8\n"
12	+ "Content-Transfer-Encoding: 8bit\n"
13	+ "Plural-Forms: nplurals=2; plural=n != 1;\n"
14	+ "X-Poedit-Language: French\n"
15	+ "X-Poedit-Country: FRANCE\n"
16	+ "X-Poedit-SourceCharset: utf-8\n"
17	+ "X-Poedit-KeywordsList: __;_e;__ngettext:1,2;_n:1,2;__ngettext_noop:1,2;"
18	+ "_n_noop:1,2;_c,_nc:4c,1,2;_x:1,2c;_ex:1,2c;_nx:4c,1,2;_nx_noop:4c,1,2;\n"
19	+ "X-Poedit-Basepath: ../\n"
20	+ "X-Poedit-Bookmarks: \n"
21	+ "X-Poedit-SearchPath-0: .\n"
22	+ "X-Textdomain-Support: yes\n"
23	+
24	+ #: admin.php:113 admin.php:363
25	+ msgid "Settings"
26	+ msgstr ""
27	+
28	+ #: admin.php:127
29	+ msgid "Change All Passwords"
30	+ msgstr ""
31	+
32	+ #: admin.php:128
33	+ msgid "Do not remind me about this"
34	+ msgstr ""
35	+
36	+ #: admin.php:129
37	+ msgid "Require All Passwords Be Changed"
38	+ msgstr ""
39	+
40	+ #: admin.php:144
41	+ msgid ""
42	+ "%s must be activated via the Network Admin interface when WordPress is in "
43	+ "multistie network mode."
44	+ msgstr ""
45	+
46	+ #: admin.php:250
47	+ msgid "Idle Timeout"
48	+ msgstr ""
49	+
50	+ #: admin.php:251
51	+ msgid ""
52	+ "Close inactive sessions after this many minutes. 0 disables this feature."
53	+ msgstr ""
54	+
55	+ #: admin.php:256
56	+ msgid "Maintenance Mode"
57	+ msgstr ""
58	+
59	+ #: admin.php:257
60	+ msgid ""
61	+ "Disable logins from users who are not administrators and disable posting of "
62	+ "comments?"
63	+ msgstr ""
64	+
65	+ #: admin.php:259
66	+ msgid "Off, let all users log in."
67	+ msgstr ""
68	+
69	+ #: admin.php:260
70	+ msgid "On, disable comments and only let administrators log in."
71	+ msgstr ""
72	+
73	+ #: admin.php:264
74	+ msgid "Deactivation"
75	+ msgstr ""
76	+
77	+ #: admin.php:265
78	+ msgid ""
79	+ "Should deactivating the plugin remove all of the plugin's data and settings?"
80	+ msgstr ""
81	+
82	+ #: admin.php:267
83	+ msgid "No, preserve the data for future use."
84	+ msgstr ""
85	+
86	+ #: admin.php:268
87	+ msgid "Yes, delete the damn data."
88	+ msgstr ""
89	+
90	+ #: admin.php:273
91	+ msgid "Match Time"
92	+ msgstr ""
93	+
94	+ #: admin.php:274
95	+ msgid "How far back, in minutes, should login failures look for matching data?"
96	+ msgstr ""
97	+
98	+ #: admin.php:279
99	+ msgid "Delay Tier 2"
100	+ msgstr ""
101	+
102	+ #: admin.php:280
103	+ msgid ""
104	+ "How many matching login failures should it take to get into this (%d - %d "
105	+ "second) Delay Tier? Must be >= %d."
106	+ msgstr ""
107	+
108	+ #: admin.php:286
109	+ msgid "Delay Tier 3"
110	+ msgstr ""
111	+
112	+ #: admin.php:287
113	+ msgid ""
114	+ "How many matching login failures should it take to get into this (%d - %d "
115	+ "second) Delay Tier? Must be > Delay Tier 2."
116	+ msgstr ""
117	+
118	+ #: admin.php:292
119	+ msgid "Notifications To"
120	+ msgstr ""
121	+
122	+ #: admin.php:293
123	+ msgid ""
124	+ "The email address(es) the failure and breach notifications should be sent "
125	+ "to. For multiple addresses, separate them with commas. WordPress' "
126	+ "'admin_email' setting is used if none is provided here."
127	+ msgstr ""
128	+
129	+ #: admin.php:298
130	+ msgid "Failure Notification"
131	+ msgstr ""
132	+
133	+ #: admin.php:299
134	+ msgid ""
135	+ "Notify the administrator upon every x matching login failures. 0 disables "
136	+ "this feature."
137	+ msgstr ""
138	+
139	+ #: admin.php:304
140	+ msgid "Breach Notification"
141	+ msgstr ""
142	+
143	+ #: admin.php:305
144	+ msgid ""
145	+ "Notify the administrator if a successful login uses data matching x login "
146	+ "failures. 0 disables this feature."
147	+ msgstr ""
148	+
149	+ #: admin.php:310
150	+ msgid "Breach Email Confirm"
151	+ msgstr ""
152	+
153	+ #: admin.php:311
154	+ msgid ""
155	+ "If a successful login uses data matching x login failures, immediately log "
156	+ "the user out and require them to use WordPress' lost password process. 0 "
157	+ "disables this feature."
158	+ msgstr ""
159	+
160	+ #: admin.php:317
161	+ msgid "Length"
162	+ msgstr ""
163	+
164	+ #: admin.php:318
165	+ msgid "How long must passwords be? Must be >= %d."
166	+ msgstr ""
167	+
168	+ #: admin.php:324
169	+ msgid "Complexity Exemption"
170	+ msgstr ""
171	+
172	+ #: admin.php:325
173	+ msgid ""
174	+ "How long must passwords be to be exempt from the complexity requirements? "
175	+ "Must be >= %d."
176	+ msgstr ""
177	+
178	+ #: admin.php:331
179	+ msgid "Aging"
180	+ msgstr ""
181	+
182	+ #: admin.php:332
183	+ msgid ""
184	+ "How many days old can a password be before requiring it be changed? Not "
185	+ "recommended. 0 disables this feature."
186	+ msgstr ""
187	+
188	+ #: admin.php:337
189	+ msgid "Grace Period"
190	+ msgstr ""
191	+
192	+ #: admin.php:338
193	+ msgid ""
194	+ "How many minutes should a user have to change their password once they know "
195	+ "it has expired? Must be >= %d."
196	+ msgstr ""
197	+
198	+ #: admin.php:344
199	+ msgid "History"
200	+ msgstr ""
201	+
202	+ #: admin.php:345
203	+ msgid ""
204	+ "How many passwords should be remembered? Prevents reuse of old passwords. 0 "
205	+ "disables this feature."
206	+ msgstr ""
207	+
208	+ #: admin.php:406
209	+ msgid "Login Failure Policies"
210	+ msgstr ""
211	+
212	+ # @ login-security-solution
213	+ #: admin.php:412
214	+ msgid "Password Policies"
215	+ msgstr ""
216	+
217	+ #: admin.php:418
218	+ msgid "Miscellaneous Policies"
219	+ msgstr ""
220	+
221	+ #: admin.php:468
222	+ msgid ""
223	+ "This plugin stores the IP address, username and password for each failed log "
224	+ "in attempt."
225	+ msgstr ""
226	+
227	+ #: admin.php:470
228	+ msgid ""
229	+ "The data from future login failures are compared against the historical data."
230	+ msgstr ""
231	+
232	+ #: admin.php:472
233	+ msgid ""
234	+ "If any of the data points match, the plugin delays printing out the failure "
235	+ "message."
236	+ msgstr ""
237	+
238	+ #: admin.php:474
239	+ msgid ""
240	+ "The goal is for the responses to take so long that the attackers give up and "
241	+ "go find an easier target."
242	+ msgstr ""
243	+
244	+ #: admin.php:476
245	+ msgid "The length of the delay is broken up into three tiers."
246	+ msgstr ""
247	+
248	+ #: admin.php:478
249	+ msgid "The amount of the delay increases in higher tiers."
250	+ msgstr ""
251	+
252	+ #: admin.php:480
253	+ msgid ""
254	+ "The delay time within each tier is randomized to complicate profiling by "
255	+ "attackers."
256	+ msgstr ""
257	+
258	+ #: admin.php:539 admin.php:554
259	+ msgid "Default:"
260	+ msgstr ""
261	+
262	+ #: admin.php:578
263	+ msgid "must be >= '%s',"
264	+ msgstr ""
265	+
266	+ #: admin.php:579
267	+ msgid "so we used the default value instead."
268	+ msgstr ""
269	+
270	+ #: admin.php:612
271	+ msgid "must be an integer,"
272	+ msgstr ""
273	+
274	+ #: admin.php:715
275	+ msgid "There may be cases where everyone's password should be reset."
276	+ msgstr ""
277	+
278	+ #: admin.php:717
279	+ msgid "This page, provided by the %s plugin, offers that functionality."
280	+ msgstr ""
281	+
282	+ #: admin.php:721
283	+ msgid ""
284	+ "Submitting this form sets a flag that forces all users to utilize WordPress' "
285	+ "built in password reset functionality."
286	+ msgstr ""
287	+
288	+ #: admin.php:723
289	+ msgid ""
290	+ "Users who are presently logged in will be logged out the next time they view "
291	+ "a page that requires authentication."
292	+ msgstr ""
293	+
294	+ #: admin.php:735
295	+ msgid ""
296	+ "Confirm that you want to force all users to change their passwords by "
297	+ "checking this box, then click the button, below."
298	+ msgstr ""
299	+
300	+ #: admin.php:754
301	+ msgid "No thanks. I know what I'm doing. Please don't remind me about this."
302	+ msgstr ""
303	+
304	+ #: admin.php:786
305	+ msgid ""
306	+ "You have checked a box that does not correspond with the button you pressed. "
307	+ "Please check and press buttons inside the same section."
308	+ msgstr ""
309	+
310	+ #: admin.php:788
311	+ msgid ""
312	+ "Please confirm that you really want to do this. Put a check in the '%s' box "
313	+ "before hitting the submit button."
314	+ msgstr ""
315	+
316	+ #: admin.php:804 admin.php:824
317	+ msgid "Success!"
318	+ msgstr ""
319	+
320	+ #: admin.php:856
321	+ msgid ""
322	+ "WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
323	+ "changes may get overwritten!"
324	+ msgstr ""
325	+
326	+ #: admin.php:880
327	+ msgid ""
328	+ "You have not asked your users to change their passwords since the plugin was "
329	+ "activated. Most users have weak passwords. This plugin's password policies "
330	+ "protect your site from brute force attacks. Please improve security for "
331	+ "everyone on the Internet by making all users pick new, strong, passwords."
332	+ msgstr ""
333	+
334	+ #: admin.php:884
335	+ msgid ""
336	+ "Speaking of which, do YOU have a strong password? Make sure by changing "
337	+ "yours too."
338	+ msgstr ""
339	+
340	+ #: admin.php:888
341	+ msgid ""
342	+ "The following link leads to a user interface where you can either require "
343	+ "all passwords to be reset or disable this notice."
344	+ msgstr ""
345	+
346	+ #: admin.php:918
347	+ msgid "You do not have sufficient permissions to access this page."
348	+ msgstr ""
349	+
350	+ #: admin.php:924
351	+ msgid "$user_ID variable not set. Another plugin is misbehaving."
352	+ msgstr ""
353	+
354	+ # @ login-security-solution
355	+ #: login-security-solution.php:516 tests/LoginErrorsTest.php:97
356	+ #: tests/LoginErrorsTest.php:111
357	+ msgid "Invalid username or password."
358	+ msgstr "Identifiant ou mot de passe incorrect."
359	+
360	+ # @ default
361	+ #: login-security-solution.php:522 tests/LoginErrorsTest.php:125
362	+ #: tests/LoginErrorsTest.php:139
363	+ msgid "Password reset is not allowed for this user"
364	+ msgstr ""
365	+
366	+ # @ login-security-solution
367	+ #: login-security-solution.php:547 tests/LoginMessageTest.php:66
368	+ msgid "It has been over %d minutes since your last action."
369	+ msgstr "Vous êtes inactif depuis %d minutes."
370	+
371	+ # @ login-security-solution
372	+ #: login-security-solution.php:548 tests/LoginMessageTest.php:67
373	+ msgid "Please log back in."
374	+ msgstr "Veuillez vous reconnecter."
375	+
376	+ # @ login-security-solution
377	+ #: login-security-solution.php:551 tests/LoginMessageTest.php:77
378	+ msgid "The grace period for changing your password has expired."
379	+ msgstr "La période allouée pour changer votre mot de passe est écoulée."
380	+
381	+ # @ login-security-solution
382	+ #: login-security-solution.php:552 tests/LoginMessageTest.php:78
383	+ msgid "Please submit this form to reset your password."
384	+ msgstr "Veuillez remplir ce formulaire pour ré-initialiser votre mor de passe."
385	+
386	+ # @ login-security-solution
387	+ #: login-security-solution.php:555 tests/LoginMessageTest.php:88
388	+ msgid "Your password must be reset."
389	+ msgstr "Votre mot de passe doit être changé."
390	+
391	+ # @ login-security-solution
392	+ #: login-security-solution.php:556 tests/LoginMessageTest.php:89
393	+ msgid "Please submit this form to reset it."
394	+ msgstr "Veuillez remplir ce formulaire pour le ré-initialiser"
395	+
396	+ # @ login-security-solution
397	+ #: login-security-solution.php:559 tests/LoginMessageTest.php:104
398	+ msgid "Your password has expired. Please log and change it."
399	+ msgstr "Votre mot de passe a expiré. Veuillez vous connecter et le changer."
400	+
401	+ # @ login-security-solution
402	+ #: login-security-solution.php:560 tests/LoginMessageTest.php:105
403	+ msgid "We provide a %d minute grace period to do so."
404	+ msgstr "Une période de %d minutes vous est allouée pour cela."
405	+
406	+ # @ login-security-solution
407	+ #: login-security-solution.php:563 tests/LoginMessageTest.php:115
408	+ msgid "The password you tried to create is not secure. Please try again."
409	+ msgstr ""
410	+ "Le mot de passe que vous voulez utiliser n'est pas suffisamment robuste. "
411	+ "Veuillez ré-essayer."
412	+
413	+ # @ login-security-solution
414	+ #: login-security-solution.php:569 tests/LoginMessageTest.php:129
415	+ #: tests/LoginMessageTest.php:144
416	+ msgid "The site is undergoing maintenance."
417	+ msgstr "Le site est en maintenance."
418	+
419	+ # @ login-security-solution
420	+ #: login-security-solution.php:570 tests/LoginMessageTest.php:130
421	+ #: tests/LoginMessageTest.php:145
422	+ msgid "Please try again later."
423	+ msgstr "Veuillez ré-essayer un peu plus tard."
424	+
425	+ # @ login-security-solution
426	+ #: login-security-solution.php:641
427	+ msgid ""
428	+ "The password should either be: A) at least %d characters long and contain "
429	+ "upper and lower case letters plus numbers and punctuation, or B) at least %d "
430	+ "characters long."
431	+ msgstr ""
432	+ "Le mot de passe doit, soit A) comporter au moins %d caractères et contenir à "
433	+ "la fois des majuscules, des minuscules, des chiffres et de la ponctuation; "
434	+ "soit B) comporter %d caractères."
435	+
436	+ # @ login-security-solution
437	+ #: login-security-solution.php:675 tests/PasswordChangeTest.php:277
438	+ msgid "Passwords can not be reused."
439	+ msgstr "D'anciens mots de passe ne peuvent être ré-utilisés."
440	+
441	+ # @ default
442	+ #: login-security-solution.php:850
443	+ msgid "ERROR"
444	+ msgstr ""
445	+
446	+ # @ login-security-solution
447	+ #: login-security-solution.php:987
448	+ msgid ""
449	+ "\n"
450	+ "Component Count Value from Current Attempt\n"
451	+ "------------------------ ----- --------------------------------\n"
452	+ "Network IP %5d %s\n"
453	+ "Username %5d %s\n"
454	+ "Password MD5 %5d %s\n"
455	+ msgstr ""
456	+ "\n"
457	+ "Composant Nombre Valeur de la tentative courante\n"
458	+ "------------------------ ----- --------------------------------\n"
459	+ "Réseau IP %5d %s\n"
460	+ "Identifiant %5d %s\n"
461	+ "MD5 du mot de passe %5d %s\n"
462	+
463	+ # @ login-security-solution
464	+ #: login-security-solution.php:1822 login-security-solution.php:1859
465	+ msgid "POTENTIAL INTRUSION AT %s"
466	+ msgstr "INTRUSION POSSIBLE A %s"
467	+
468	+ # @ login-security-solution
469	+ #: login-security-solution.php:1826
470	+ msgid "Your website, %s, may have been broken in to."
471	+ msgstr "Votre site, %s, a peut-être été corrompu."
472	+
473	+ # @ login-security-solution
474	+ #: login-security-solution.php:1829
475	+ msgid ""
476	+ "Someone just logged in using the following components. Prior to that, some "
477	+ "combination of those components were a part of %d failed attempts to log in "
478	+ "during the past %d minutes:"
479	+ msgstr ""
480	+ "Quelqu'un vient de se connecter avec les données qui suivent. Avant cela, "
481	+ "plusieurs de ces éléments ont été utilisés parmi les %d tentatives de "
482	+ "connexion au cours des %d dernières minutes:"
483	+
484	+ # @ login-security-solution
485	+ #: login-security-solution.php:1835
486	+ msgid ""
487	+ "The user's current IP address is one they have verified with your site in "
488	+ "the past. Therefore, the user will NOT be required to confirm their "
489	+ "identity via the password reset process. An email will be sent to them, "
490	+ "just in case this actually was a breach."
491	+ msgstr ""
492	+ "L'adresse IP utilisée à déjà été vérifiée auparavant. C'est pourquoi "
493	+ "l'utilisateur ne devra PAS nécessairement confirmer son identité via le "
494	+ "processus de changement de mot de passe. Un email lui sera envoyé, au cas où "
495	+ "ce serait effectivement un intrusion."
496	+
497	+ # @ login-security-solution
498	+ #: login-security-solution.php:1837
499	+ msgid ""
500	+ "The user has been logged out and will be required to confirm their identity "
501	+ "via the password reset functionality."
502	+ msgstr ""
503	+ "L'utilisateur à été déconnecté et il devra confirmer son identité via le "
504	+ "processus de changement de mot de passe."
505	+
506	+ # @ login-security-solution
507	+ #: login-security-solution.php:1863
508	+ msgid ""
509	+ "Someone just logged into your '%s' account at %s. Was it you that logged "
510	+ "in? We are asking because the site is being attacked."
511	+ msgstr ""
512	+ "Quelqu'un a %s vient de se connecter en tant que '%s'. Était-ce vous? Nous "
513	+ "vous posons la question parce que le site semble subir une attaque."
514	+
515	+ # @ login-security-solution
516	+ #: login-security-solution.php:1864
517	+ msgid "IF IT WAS NOT YOU, please do the following right away:"
518	+ msgstr "SI CE N'ÉTAIT PAS VOUS, veuillez suivre ces consignes au plus vite:"
519	+
520	+ # @ login-security-solution
521	+ #: login-security-solution.php:1865
522	+ msgid "1) Log into %s and change your password."
523	+ msgstr "1) Connectez vous à %s et changez votre mot de passe."
524	+
525	+ # @ login-security-solution
526	+ #: login-security-solution.php:1866
527	+ msgid "2) Send an email to %s letting them know it was not you who logged in."
528	+ msgstr ""
529	+ "2) Envoyez un message à %s pour les prévenir que ce n'était pas vous qui "
530	+ "vous êtes connecté récemment."
531	+
532	+ # @ login-security-solution
533	+ #: login-security-solution.php:1892
534	+ msgid "ATTACK HAPPENING TO %s"
535	+ msgstr "ATTAQUE SUR %s"
536	+
537	+ # @ login-security-solution
538	+ #: login-security-solution.php:1896
539	+ msgid "Your website, %s, is undergoing a brute force attack."
540	+ msgstr "Votre site, %s, subi une attaque de type brute force."
541	+
542	+ # @ login-security-solution
543	+ #: login-security-solution.php:1899
544	+ msgid ""
545	+ "There have been at least %d failed attempts to log in during the past %d "
546	+ "minutes that used one or more of the following components:"
547	+ msgstr ""
548	+ "Au moins %d tentatives infructueuses de connexion au cours des dernières %d "
549	+ "minutes ont utilisées les données suivantes:"
550	+
551	+ # @ login-security-solution
552	+ #: login-security-solution.php:1904
553	+ msgid ""
554	+ "The %s plugin for WordPress is repelling the attack by making their login "
555	+ "failures take a very long time."
556	+ msgstr ""
557	+ "Le plugin %s pour WordPress pare l'attaque en ralentissant la réponse à "
558	+ "chaque tentative échouée."
559	+
560	+ # @ login-security-solution
561	+ #: login-security-solution.php:2265 tests/PasswordValidationTest.php:450
562	+ msgid "Password not set."
563	+ msgstr "Mot de passe non défini."
564	+
565	+ # @ login-security-solution
566	+ #: login-security-solution.php:2280 tests/PasswordValidationTest.php:461
567	+ msgid "Passwords must be strings."
568	+ msgstr "Les mots de passe ne peuvent comporter d'espace."
569	+
570	+ # @ login-security-solution
571	+ #: login-security-solution.php:2298 tests/PasswordValidationTest.php:474
572	+ msgid "Passwords must use ASCII characters."
573	+ msgstr "Les mots de passe ne doivent comporter que des caractères ASCII."
574	+
575	+ # @ login-security-solution
576	+ #: login-security-solution.php:2317 tests/PasswordChangeTest.php:310
577	+ #: tests/PasswordValidationTest.php:491 tests/PasswordValidationTest.php:505
578	+ msgid "Password is too short."
579	+ msgstr "Le mot de passe est trop court."
580	+
581	+ # @ login-security-solution
582	+ #: login-security-solution.php:2326 tests/PasswordValidationTest.php:531
583	+ msgid "Passwords must either contain numbers or be %d characters long."
584	+ msgstr ""
585	+ "Le mot de passe doit, soit comporter des chiffres soit comporter %d "
586	+ "caractères."
587	+
588	+ # @ login-security-solution
589	+ #: login-security-solution.php:2335 tests/PasswordValidationTest.php:518
590	+ msgid ""
591	+ "Passwords must either contain punctuation marks / symbols or be %d "
592	+ "characters long."
593	+ msgstr ""
594	+ "Les mots de passe doivent contenir des symboles/ponctuation ou comporter %d "
595	+ "caractères."
596	+
597	+ # @ login-security-solution
598	+ #: login-security-solution.php:2344 tests/PasswordValidationTest.php:544
599	+ msgid ""
600	+ "Passwords must either contain upper-case and lower-case letters or be %d "
601	+ "characters long."
602	+ msgstr ""
603	+ "Les mots de passe doivent contenir des majuscules et des minuscules ou "
604	+ "contenir %d caractères."
605	+
606	+ # @ login-security-solution
607	+ #: login-security-solution.php:2354 tests/PasswordValidationTest.php:557
608	+ msgid "Passwords can't be sequential keys."
609	+ msgstr "Les mots de passe ne peuvent être une séquence."
610	+
611	+ # @ login-security-solution
612	+ #: login-security-solution.php:2363 tests/PasswordValidationTest.php:570
613	+ msgid "Passwords can't have that many sequential characters."
614	+ msgstr ""
615	+ "Les mots de passe ne peuvent contenir autant de caractères séquentiels."
616	+
617	+ # @ login-security-solution
618	+ #: login-security-solution.php:2379 tests/PasswordValidationTest.php:583
619	+ #: tests/PasswordValidationTest.php:596
620	+ msgid "Passwords can't contain user data."
621	+ msgstr "Les mots de passe ne peuvent contenir des informations utilisateur."
622	+
623	+ # @ login-security-solution
624	+ #: login-security-solution.php:2390 tests/PasswordValidationTest.php:609
625	+ msgid "Passwords can't contain site info."
626	+ msgstr "Les mots de passe ne peuvent contenir des information du site."
627	+
628	+ # @ login-security-solution
629	+ #: login-security-solution.php:2399 tests/PasswordValidationTest.php:622
630	+ msgid "Password is too common."
631	+ msgstr "Le mot de passe est trop banal."
632	+
633	+ # @ login-security-solution
634	+ #: login-security-solution.php:2408 tests/PasswordValidationTest.php:638
635	+ msgid "Passwords can't be variations of dictionary words."
636	+ msgstr "Les mots de passe ne peuvent être issus du dictionnaire."
637	+
638	+ #. Plugin Name of the plugin/theme
639	+ msgid "Login Security Solution"
640	+ msgstr ""
641	+
642	+ #. Plugin URI of the plugin/theme
643	+ msgid "http://wordpress.org/extend/plugins/login-security-solution/"
644	+ msgstr ""
645	+
646	+ #. Description of the plugin/theme
647	+ msgid ""
648	+ "Requires very strong passwords, repels brute force login attacks, prevents "
649	+ "login information disclosures, expires idle sessions, notifies admins of "
650	+ "attacks and breaches, permits administrators to disable logins for "
651	+ "maintenance or emergency reasons and reset all passwords."
652	+ msgstr ""
653	+
654	+ #. Author of the plugin/theme
655	+ msgid "Daniel Convissor"
656	+ msgstr ""
657	+
658	+ #. Author URI of the plugin/theme
659	+ msgid "http://www.analysisandsolutions.com/"
660	+ msgstr ""

languages/login-security-solution.pot CHANGED Viewed

	@@ -2,9 +2,10 @@
2	# This file is distributed under the same license as the Login Security Solution package.
3	msgid ""
4	msgstr ""
5	- "Project-Id-Version: Login Security Solution 0.21.0\n"
6	- "Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-~~solution\n~~"
7	- "~~POT-Creation-Date: 2012-08-07 15:10:37+00:00~~\n"

8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=UTF-8\n"
10	"Content-Transfer-Encoding: 8bit\n"
	@@ -12,308 +13,308 @@ msgstr ""
12	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13	"Language-Team: LANGUAGE <LL@li.org>\n"
14
15	- #: admin.php:~~112~~ admin.php:~~362~~
16	msgid "Settings"
17	msgstr ""
18
19	- #: admin.php:~~126~~
20	msgid "Change All Passwords"
21	msgstr ""
22
23	- #: admin.php:~~127~~
24	msgid "Do not remind me about this"
25	msgstr ""
26
27	- #: admin.php:~~128~~
28	msgid "Require All Passwords Be Changed"
29	msgstr ""
30
31	- #: admin.php:~~143~~
32	msgid ""
33	"%s must be activated via the Network Admin interface when WordPress is in "
34	"multistie network mode."
35	msgstr ""
36
37	- #: admin.php:~~249~~
38	msgid "Idle Timeout"
39	msgstr ""
40
41	- #: admin.php:~~250~~
42	msgid ""
43	"Close inactive sessions after this many minutes. 0 disables this feature."
44	msgstr ""
45
46	- #: admin.php:~~255~~
47	msgid "Maintenance Mode"
48	msgstr ""
49
50	- #: admin.php:~~256~~
51	msgid ""
52	"Disable logins from users who are not administrators and disable posting of "
53	"comments?"
54	msgstr ""
55
56	- #: admin.php:~~258~~
57	msgid "Off, let all users log in."
58	msgstr ""
59
60	- #: admin.php:~~259~~
61	msgid "On, disable comments and only let administrators log in."
62	msgstr ""
63
64	- #: admin.php:~~263~~
65	msgid "Deactivation"
66	msgstr ""
67
68	- #: admin.php:~~264~~
69	msgid ""
70	"Should deactivating the plugin remove all of the plugin's data and settings?"
71	msgstr ""
72
73	- #: admin.php:~~266~~
74	msgid "No, preserve the data for future use."
75	msgstr ""
76
77	- #: admin.php:~~267~~
78	msgid "Yes, delete the damn data."
79	msgstr ""
80
81	- #: admin.php:~~272~~
82	msgid "Match Time"
83	msgstr ""
84
85	- #: admin.php:~~273~~
86	msgid "How far back, in minutes, should login failures look for matching data?"
87	msgstr ""
88
89	- #: admin.php:~~278~~
90	msgid "Delay Tier 2"
91	msgstr ""
92
93	- #: admin.php:~~279~~
94	msgid ""
95	"How many matching login failures should it take to get into this (%d - %d "
96	"second) Delay Tier? Must be >= %d."
97	msgstr ""
98
99	- #: admin.php:~~285~~
100	msgid "Delay Tier 3"
101	msgstr ""
102
103	- #: admin.php:~~286~~
104	msgid ""
105	"How many matching login failures should it take to get into this (%d - %d "
106	"second) Delay Tier? Must be > Delay Tier 2."
107	msgstr ""
108
109	- #: admin.php:~~291~~
110	msgid "Notifications To"
111	msgstr ""
112
113	- #: admin.php:~~292~~
114	msgid ""
115	"The email address(es) the failure and breach notifications should be sent "
116	"to. For multiple addresses, separate them with commas. WordPress' "
117	"'admin_email' setting is used if none is provided here."
118	msgstr ""
119
120	- #: admin.php:~~297~~
121	msgid "Failure Notification"
122	msgstr ""
123
124	- #: admin.php:~~298~~
125	msgid ""
126	"Notify the administrator upon every x matching login failures. 0 disables "
127	"this feature."
128	msgstr ""
129
130	- #: admin.php:~~303~~
131	msgid "Breach Notification"
132	msgstr ""
133
134	- #: admin.php:~~304~~
135	msgid ""
136	"Notify the administrator if a successful login uses data matching x login "
137	"failures. 0 disables this feature."
138	msgstr ""
139
140	- #: admin.php:~~309~~
141	msgid "Breach Email Confirm"
142	msgstr ""
143
144	- #: admin.php:~~310~~
145	msgid ""
146	"If a successful login uses data matching x login failures, immediately log "
147	"the user out and require them to use WordPress' lost password process. 0 "
148	"disables this feature."
149	msgstr ""
150
151	- #: admin.php:~~316~~
152	msgid "Length"
153	msgstr ""
154
155	- #: admin.php:~~317~~
156	msgid "How long must passwords be? Must be >= %d."
157	msgstr ""
158
159	- #: admin.php:~~323~~
160	msgid "Complexity Exemption"
161	msgstr ""
162
163	- #: admin.php:~~324~~
164	msgid ""
165	"How long must passwords be to be exempt from the complexity requirements? "
166	"Must be >= %d."
167	msgstr ""
168
169	- #: admin.php:~~330~~
170	msgid "Aging"
171	msgstr ""
172
173	- #: admin.php:~~331~~
174	msgid ""
175	"How many days old can a password be before requiring it be changed? Not "
176	"recommended. 0 disables this feature."
177	msgstr ""
178
179	- #: admin.php:~~336~~
180	msgid "Grace Period"
181	msgstr ""
182
183	- #: admin.php:~~337~~
184	msgid ""
185	"How many minutes should a user have to change their password once they know "
186	"it has expired? Must be >= %d."
187	msgstr ""
188
189	- #: admin.php:~~343~~
190	msgid "History"
191	msgstr ""
192
193	- #: admin.php:~~344~~
194	msgid ""
195	"How many passwords should be remembered? Prevents reuse of old passwords. 0 "
196	"disables this feature."
197	msgstr ""
198
199	- #: admin.php:~~405~~
200	msgid "Login Failure Policies"
201	msgstr ""
202
203	- #: admin.php:~~411~~
204	msgid "Password Policies"
205	msgstr ""
206
207	- #: admin.php:~~417~~
208	msgid "Miscellaneous Policies"
209	msgstr ""
210
211	- #: admin.php:~~467~~
212	msgid ""
213	"This plugin stores the IP address, username and password for each failed log "
214	"in attempt."
215	msgstr ""
216
217	- #: admin.php:~~469~~
218	msgid ""
219	"The data from future login failures are compared against the historical data."
220	msgstr ""
221
222	- #: admin.php:~~471~~
223	msgid ""
224	"If any of the data points match, the plugin delays printing out the failure "
225	"message."
226	msgstr ""
227
228	- #: admin.php:~~473~~
229	msgid ""
230	"The goal is for the responses to take so long that the attackers give up and "
231	"go find an easier target."
232	msgstr ""
233
234	- #: admin.php:~~475~~
235	msgid "The length of the delay is broken up into three tiers."
236	msgstr ""
237
238	- #: admin.php:~~477~~
239	msgid "The amount of the delay increases in higher tiers."
240	msgstr ""
241
242	- #: admin.php:~~479~~
243	msgid ""
244	"The delay time within each tier is randomized to complicate profiling by "
245	"attackers."
246	msgstr ""
247
248	- #: admin.php:~~538~~ admin.php:~~553~~
249	msgid "Default:"
250	msgstr ""
251
252	- #: admin.php:~~577~~
253	msgid "must be >= '%s',"
254	msgstr ""
255
256	- #: admin.php:~~578~~
257	msgid "so we used the default value instead."
258	msgstr ""
259
260	- #: admin.php:~~611~~
261	msgid "must be an integer,"
262	msgstr ""
263
264	- #: admin.php:~~714~~
265	msgid "There may be cases where everyone's password should be reset."
266	msgstr ""
267
268	- #: admin.php:~~716~~
269	msgid "This page, provided by the %s plugin, offers that functionality."
270	msgstr ""
271
272	- #: admin.php:~~720~~
273	msgid ""
274	"Submitting this form sets a flag that forces all users to utilize WordPress' "
275	"built in password reset functionality."
276	msgstr ""
277
278	- #: admin.php:~~722~~
279	msgid ""
280	"Users who are presently logged in will be logged out the next time they view "
281	"a page that requires authentication."
282	msgstr ""
283
284	- #: admin.php:~~734~~
285	msgid ""
286	"Confirm that you want to force all users to change their passwords by "
287	"checking this box, then click the button, below."
288	msgstr ""
289
290	- #: admin.php:~~753~~
291	msgid "No thanks. I know what I'm doing. Please don't remind me about this."
292	msgstr ""
293
294	- #: admin.php:~~785~~
295	msgid ""
296	"You have checked a box that does not correspond with the button you pressed. "
297	"Please check and press buttons inside the same section."
298	msgstr ""
299
300	- #: admin.php:~~787~~
301	msgid ""
302	"Please confirm that you really want to do this. Put a check in the '%s' box "
303	"before hitting the submit button."
304	msgstr ""
305
306	- #: admin.php:~~803~~ admin.php:~~823~~
307	msgid "Success!"
308	msgstr ""
309
310	- #: admin.php:~~855~~
311	msgid ""
312	"WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
313	"changes may get overwritten!"
314	msgstr ""
315
316	- #: admin.php:~~879~~
317	msgid ""
318	"You have not asked your users to change their passwords since the plugin was "
319	"activated. Most users have weak passwords. This plugin's password policies "
	@@ -321,98 +322,98 @@ msgid ""
321	"everyone on the Internet by making all users pick new, strong, passwords."
322	msgstr ""
323
324	- #: admin.php:~~883~~
325	msgid ""
326	"Speaking of which, do YOU have a strong password? Make sure by changing "
327	"yours too."
328	msgstr ""
329
330	- #: admin.php:~~887~~
331	msgid ""
332	"The following link leads to a user interface where you can either require "
333	"all passwords to be reset or disable this notice."
334	msgstr ""
335
336	- #: admin.php:~~917~~
337	msgid "You do not have sufficient permissions to access this page."
338	msgstr ""
339
340	- #: admin.php:~~923~~
341	msgid "$user_ID variable not set. Another plugin is misbehaving."
342	msgstr ""
343
344	- #: login-security-solution.php:~~500~~ tests/LoginErrorsTest.php:97
345	#: tests/LoginErrorsTest.php:111
346	msgid "Invalid username or password."
347	msgstr ""
348
349	- #: login-security-solution.php:~~506~~ tests/LoginErrorsTest.php:125
350	#: tests/LoginErrorsTest.php:139
351	msgid "Password reset is not allowed for this user"
352	msgstr ""
353
354	- #: login-security-solution.php:~~531~~ tests/LoginMessageTest.php:66
355	msgid "It has been over %d minutes since your last action."
356	msgstr ""
357
358	- #: login-security-solution.php:~~532~~ tests/LoginMessageTest.php:67
359	msgid "Please log back in."
360	msgstr ""
361
362	- #: login-security-solution.php:~~535~~ tests/LoginMessageTest.php:77
363	msgid "The grace period for changing your password has expired."
364	msgstr ""
365
366	- #: login-security-solution.php:~~536~~ tests/LoginMessageTest.php:78
367	msgid "Please submit this form to reset your password."
368	msgstr ""
369
370	- #: login-security-solution.php:~~539~~ tests/LoginMessageTest.php:88
371	msgid "Your password must be reset."
372	msgstr ""
373
374	- #: login-security-solution.php:~~540~~ tests/LoginMessageTest.php:89
375	msgid "Please submit this form to reset it."
376	msgstr ""
377
378	- #: login-security-solution.php:~~543~~ tests/LoginMessageTest.php:104
379	msgid "Your password has expired. Please log and change it."
380	msgstr ""
381
382	- #: login-security-solution.php:~~544~~ tests/LoginMessageTest.php:105
383	msgid "We provide a %d minute grace period to do so."
384	msgstr ""
385
386	- #: login-security-solution.php:~~547~~ tests/LoginMessageTest.php:115
387	msgid "The password you tried to create is not secure. Please try again."
388	msgstr ""
389
390	- #: login-security-solution.php:~~553~~ tests/LoginMessageTest.php:129
391	#: tests/LoginMessageTest.php:144
392	msgid "The site is undergoing maintenance."
393	msgstr ""
394
395	- #: login-security-solution.php:~~554~~ tests/LoginMessageTest.php:130
396	#: tests/LoginMessageTest.php:145
397	msgid "Please try again later."
398	msgstr ""
399
400	- #: login-security-solution.php:~~625~~
401	msgid ""
402	"The password should either be: A) at least %d characters long and contain "
403	"upper and lower case letters plus numbers and punctuation, or B) at least %d "
404	"characters long."
405	msgstr ""
406
407	- #: login-security-solution.php:~~659~~ tests/PasswordChangeTest.php:277
408	msgid "Passwords can not be reused."
409	msgstr ""
410
411	- #: login-security-solution.php:~~834~~
412	msgid "ERROR"
413	msgstr ""
414
415	- #: login-security-solution.php:~~971~~
416	msgid ""
417	"\n"
418	"Component Count Value from Current Attempt\n"
	@@ -422,22 +423,22 @@ msgid ""
422	"Password MD5 %5d %s\n"
423	msgstr ""
424
425	- #: login-security-solution.php:~~1776~~ login-security-solution.php:~~1813~~
426	msgid "POTENTIAL INTRUSION AT %s"
427	msgstr ""
428
429	- #: login-security-solution.php:~~1780~~
430	msgid "Your website, %s, may have been broken in to."
431	msgstr ""
432
433	- #: login-security-solution.php:~~1783~~
434	msgid ""
435	"Someone just logged in using the following components. Prior to that, some "
436	"combination of those components were a part of %d failed attempts to log in "
437	"during the past %d minutes:"
438	msgstr ""
439
440	- #: login-security-solution.php:~~1789~~
441	msgid ""
442	"The user's current IP address is one they have verified with your site in "
443	"the past. Therefore, the user will NOT be required to confirm their "
	@@ -445,105 +446,105 @@ msgid ""
445	"just in case this actually was a breach."
446	msgstr ""
447
448	- #: login-security-solution.php:~~1791~~
449	msgid ""
450	"The user has been logged out and will be required to confirm their identity "
451	"via the password reset functionality."
452	msgstr ""
453
454	- #: login-security-solution.php:~~1817~~
455	msgid ""
456	"Someone just logged into your '%s' account at %s. Was it you that logged "
457	"in? We are asking because the site is being attacked."
458	msgstr ""
459
460	- #: login-security-solution.php:~~1818~~
461	msgid "IF IT WAS NOT YOU, please do the following right away:"
462	msgstr ""
463
464	- #: login-security-solution.php:~~1819~~
465	msgid "1) Log into %s and change your password."
466	msgstr ""
467
468	- #: login-security-solution.php:~~1820~~
469	msgid "2) Send an email to %s letting them know it was not you who logged in."
470	msgstr ""
471
472	- #: login-security-solution.php:~~1846~~
473	msgid "ATTACK HAPPENING TO %s"
474	msgstr ""
475
476	- #: login-security-solution.php:~~1850~~
477	msgid "Your website, %s, is undergoing a brute force attack."
478	msgstr ""
479
480	- #: login-security-solution.php:~~1853~~
481	msgid ""
482	"There have been at least %d failed attempts to log in during the past %d "
483	"minutes that used one or more of the following components:"
484	msgstr ""
485
486	- #: login-security-solution.php:~~1858~~
487	msgid ""
488	"The %s plugin for WordPress is repelling the attack by making their login "
489	"failures take a very long time."
490	msgstr ""
491
492	- #: login-security-solution.php:~~2209~~ tests/PasswordValidationTest.php:450
493	msgid "Password not set."
494	msgstr ""
495
496	- #: login-security-solution.php:~~2224~~ tests/PasswordValidationTest.php:461
497	msgid "Passwords must be strings."
498	msgstr ""
499
500	- #: login-security-solution.php:~~2242~~ tests/PasswordValidationTest.php:474
501	msgid "Passwords must use ASCII characters."
502	msgstr ""
503
504	- #: login-security-solution.php:~~2261~~ tests/PasswordChangeTest.php:310
505	#: tests/PasswordValidationTest.php:491 tests/PasswordValidationTest.php:505
506	msgid "Password is too short."
507	msgstr ""
508
509	- #: login-security-solution.php:~~2270~~ tests/PasswordValidationTest.php:531
510	msgid "Passwords must either contain numbers or be %d characters long."
511	msgstr ""
512
513	- #: login-security-solution.php:~~2279~~ tests/PasswordValidationTest.php:518
514	msgid ""
515	"Passwords must either contain punctuation marks / symbols or be %d "
516	"characters long."
517	msgstr ""
518
519	- #: login-security-solution.php:~~2288~~ tests/PasswordValidationTest.php:544
520	msgid ""
521	"Passwords must either contain upper-case and lower-case letters or be %d "
522	"characters long."
523	msgstr ""
524
525	- #: login-security-solution.php:~~2298~~ tests/PasswordValidationTest.php:557
526	msgid "Passwords can't be sequential keys."
527	msgstr ""
528
529	- #: login-security-solution.php:~~2307~~ tests/PasswordValidationTest.php:570
530	msgid "Passwords can't have that many sequential characters."
531	msgstr ""
532
533	- #: login-security-solution.php:~~2323~~ tests/PasswordValidationTest.php:583
534	#: tests/PasswordValidationTest.php:596
535	msgid "Passwords can't contain user data."
536	msgstr ""
537
538	- #: login-security-solution.php:~~2334~~ tests/PasswordValidationTest.php:609
539	msgid "Passwords can't contain site info."
540	msgstr ""
541
542	- #: login-security-solution.php:~~2343~~ tests/PasswordValidationTest.php:622
543	msgid "Password is too common."
544	msgstr ""
545
546	- #: login-security-solution.php:~~2352~~ tests/PasswordValidationTest.php:638
547	msgid "Passwords can't be variations of dictionary words."
548	msgstr ""
549


2	# This file is distributed under the same license as the Login Security Solution package.
3	msgid ""
4	msgstr ""
5	+ "Project-Id-Version: Login Security Solution 0.22.0\n"
6	+ "Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-"
7	+ "solution\n"
8	+ "POT-Creation-Date: 2012-08-17 00:42:14+00:00\n"
9	"MIME-Version: 1.0\n"
10	"Content-Type: text/plain; charset=UTF-8\n"
11	"Content-Transfer-Encoding: 8bit\n"

13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
15
16	+ #: admin.php:113 admin.php:363
17	msgid "Settings"
18	msgstr ""
19
20	+ #: admin.php:127
21	msgid "Change All Passwords"
22	msgstr ""
23
24	+ #: admin.php:128
25	msgid "Do not remind me about this"
26	msgstr ""
27
28	+ #: admin.php:129
29	msgid "Require All Passwords Be Changed"
30	msgstr ""
31
32	+ #: admin.php:144
33	msgid ""
34	"%s must be activated via the Network Admin interface when WordPress is in "
35	"multistie network mode."
36	msgstr ""
37
38	+ #: admin.php:250
39	msgid "Idle Timeout"
40	msgstr ""
41
42	+ #: admin.php:251
43	msgid ""
44	"Close inactive sessions after this many minutes. 0 disables this feature."
45	msgstr ""
46
47	+ #: admin.php:256
48	msgid "Maintenance Mode"
49	msgstr ""
50
51	+ #: admin.php:257
52	msgid ""
53	"Disable logins from users who are not administrators and disable posting of "
54	"comments?"
55	msgstr ""
56
57	+ #: admin.php:259
58	msgid "Off, let all users log in."
59	msgstr ""
60
61	+ #: admin.php:260
62	msgid "On, disable comments and only let administrators log in."
63	msgstr ""
64
65	+ #: admin.php:264
66	msgid "Deactivation"
67	msgstr ""
68
69	+ #: admin.php:265
70	msgid ""
71	"Should deactivating the plugin remove all of the plugin's data and settings?"
72	msgstr ""
73
74	+ #: admin.php:267
75	msgid "No, preserve the data for future use."
76	msgstr ""
77
78	+ #: admin.php:268
79	msgid "Yes, delete the damn data."
80	msgstr ""
81
82	+ #: admin.php:273
83	msgid "Match Time"
84	msgstr ""
85
86	+ #: admin.php:274
87	msgid "How far back, in minutes, should login failures look for matching data?"
88	msgstr ""
89
90	+ #: admin.php:279
91	msgid "Delay Tier 2"
92	msgstr ""
93
94	+ #: admin.php:280
95	msgid ""
96	"How many matching login failures should it take to get into this (%d - %d "
97	"second) Delay Tier? Must be >= %d."
98	msgstr ""
99
100	+ #: admin.php:286
101	msgid "Delay Tier 3"
102	msgstr ""
103
104	+ #: admin.php:287
105	msgid ""
106	"How many matching login failures should it take to get into this (%d - %d "
107	"second) Delay Tier? Must be > Delay Tier 2."
108	msgstr ""
109
110	+ #: admin.php:292
111	msgid "Notifications To"
112	msgstr ""
113
114	+ #: admin.php:293
115	msgid ""
116	"The email address(es) the failure and breach notifications should be sent "
117	"to. For multiple addresses, separate them with commas. WordPress' "
118	"'admin_email' setting is used if none is provided here."
119	msgstr ""
120
121	+ #: admin.php:298
122	msgid "Failure Notification"
123	msgstr ""
124
125	+ #: admin.php:299
126	msgid ""
127	"Notify the administrator upon every x matching login failures. 0 disables "
128	"this feature."
129	msgstr ""
130
131	+ #: admin.php:304
132	msgid "Breach Notification"
133	msgstr ""
134
135	+ #: admin.php:305
136	msgid ""
137	"Notify the administrator if a successful login uses data matching x login "
138	"failures. 0 disables this feature."
139	msgstr ""
140
141	+ #: admin.php:310
142	msgid "Breach Email Confirm"
143	msgstr ""
144
145	+ #: admin.php:311
146	msgid ""
147	"If a successful login uses data matching x login failures, immediately log "
148	"the user out and require them to use WordPress' lost password process. 0 "
149	"disables this feature."
150	msgstr ""
151
152	+ #: admin.php:317
153	msgid "Length"
154	msgstr ""
155
156	+ #: admin.php:318
157	msgid "How long must passwords be? Must be >= %d."
158	msgstr ""
159
160	+ #: admin.php:324
161	msgid "Complexity Exemption"
162	msgstr ""
163
164	+ #: admin.php:325
165	msgid ""
166	"How long must passwords be to be exempt from the complexity requirements? "
167	"Must be >= %d."
168	msgstr ""
169
170	+ #: admin.php:331
171	msgid "Aging"
172	msgstr ""
173
174	+ #: admin.php:332
175	msgid ""
176	"How many days old can a password be before requiring it be changed? Not "
177	"recommended. 0 disables this feature."
178	msgstr ""
179
180	+ #: admin.php:337
181	msgid "Grace Period"
182	msgstr ""
183
184	+ #: admin.php:338
185	msgid ""
186	"How many minutes should a user have to change their password once they know "
187	"it has expired? Must be >= %d."
188	msgstr ""
189
190	+ #: admin.php:344
191	msgid "History"
192	msgstr ""
193
194	+ #: admin.php:345
195	msgid ""
196	"How many passwords should be remembered? Prevents reuse of old passwords. 0 "
197	"disables this feature."
198	msgstr ""
199
200	+ #: admin.php:406
201	msgid "Login Failure Policies"
202	msgstr ""
203
204	+ #: admin.php:412
205	msgid "Password Policies"
206	msgstr ""
207
208	+ #: admin.php:418
209	msgid "Miscellaneous Policies"
210	msgstr ""
211
212	+ #: admin.php:468
213	msgid ""
214	"This plugin stores the IP address, username and password for each failed log "
215	"in attempt."
216	msgstr ""
217
218	+ #: admin.php:470
219	msgid ""
220	"The data from future login failures are compared against the historical data."
221	msgstr ""
222
223	+ #: admin.php:472
224	msgid ""
225	"If any of the data points match, the plugin delays printing out the failure "
226	"message."
227	msgstr ""
228
229	+ #: admin.php:474
230	msgid ""
231	"The goal is for the responses to take so long that the attackers give up and "
232	"go find an easier target."
233	msgstr ""
234
235	+ #: admin.php:476
236	msgid "The length of the delay is broken up into three tiers."
237	msgstr ""
238
239	+ #: admin.php:478
240	msgid "The amount of the delay increases in higher tiers."
241	msgstr ""
242
243	+ #: admin.php:480
244	msgid ""
245	"The delay time within each tier is randomized to complicate profiling by "
246	"attackers."
247	msgstr ""
248
249	+ #: admin.php:539 admin.php:554
250	msgid "Default:"
251	msgstr ""
252
253	+ #: admin.php:578
254	msgid "must be >= '%s',"
255	msgstr ""
256
257	+ #: admin.php:579
258	msgid "so we used the default value instead."
259	msgstr ""
260
261	+ #: admin.php:612
262	msgid "must be an integer,"
263	msgstr ""
264
265	+ #: admin.php:715
266	msgid "There may be cases where everyone's password should be reset."
267	msgstr ""
268
269	+ #: admin.php:717
270	msgid "This page, provided by the %s plugin, offers that functionality."
271	msgstr ""
272
273	+ #: admin.php:721
274	msgid ""
275	"Submitting this form sets a flag that forces all users to utilize WordPress' "
276	"built in password reset functionality."
277	msgstr ""
278
279	+ #: admin.php:723
280	msgid ""
281	"Users who are presently logged in will be logged out the next time they view "
282	"a page that requires authentication."
283	msgstr ""
284
285	+ #: admin.php:735
286	msgid ""
287	"Confirm that you want to force all users to change their passwords by "
288	"checking this box, then click the button, below."
289	msgstr ""
290
291	+ #: admin.php:754
292	msgid "No thanks. I know what I'm doing. Please don't remind me about this."
293	msgstr ""
294
295	+ #: admin.php:786
296	msgid ""
297	"You have checked a box that does not correspond with the button you pressed. "
298	"Please check and press buttons inside the same section."
299	msgstr ""
300
301	+ #: admin.php:788
302	msgid ""
303	"Please confirm that you really want to do this. Put a check in the '%s' box "
304	"before hitting the submit button."
305	msgstr ""
306
307	+ #: admin.php:804 admin.php:824
308	msgid "Success!"
309	msgstr ""
310
311	+ #: admin.php:856
312	msgid ""
313	"WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
314	"changes may get overwritten!"
315	msgstr ""
316
317	+ #: admin.php:880
318	msgid ""
319	"You have not asked your users to change their passwords since the plugin was "
320	"activated. Most users have weak passwords. This plugin's password policies "

322	"everyone on the Internet by making all users pick new, strong, passwords."
323	msgstr ""
324
325	+ #: admin.php:884
326	msgid ""
327	"Speaking of which, do YOU have a strong password? Make sure by changing "
328	"yours too."
329	msgstr ""
330
331	+ #: admin.php:888
332	msgid ""
333	"The following link leads to a user interface where you can either require "
334	"all passwords to be reset or disable this notice."
335	msgstr ""
336
337	+ #: admin.php:918
338	msgid "You do not have sufficient permissions to access this page."
339	msgstr ""
340
341	+ #: admin.php:924
342	msgid "$user_ID variable not set. Another plugin is misbehaving."
343	msgstr ""
344
345	+ #: login-security-solution.php:516 tests/LoginErrorsTest.php:97
346	#: tests/LoginErrorsTest.php:111
347	msgid "Invalid username or password."
348	msgstr ""
349
350	+ #: login-security-solution.php:522 tests/LoginErrorsTest.php:125
351	#: tests/LoginErrorsTest.php:139
352	msgid "Password reset is not allowed for this user"
353	msgstr ""
354
355	+ #: login-security-solution.php:547 tests/LoginMessageTest.php:66
356	msgid "It has been over %d minutes since your last action."
357	msgstr ""
358
359	+ #: login-security-solution.php:548 tests/LoginMessageTest.php:67
360	msgid "Please log back in."
361	msgstr ""
362
363	+ #: login-security-solution.php:551 tests/LoginMessageTest.php:77
364	msgid "The grace period for changing your password has expired."
365	msgstr ""
366
367	+ #: login-security-solution.php:552 tests/LoginMessageTest.php:78
368	msgid "Please submit this form to reset your password."
369	msgstr ""
370
371	+ #: login-security-solution.php:555 tests/LoginMessageTest.php:88
372	msgid "Your password must be reset."
373	msgstr ""
374
375	+ #: login-security-solution.php:556 tests/LoginMessageTest.php:89
376	msgid "Please submit this form to reset it."
377	msgstr ""
378
379	+ #: login-security-solution.php:559 tests/LoginMessageTest.php:104
380	msgid "Your password has expired. Please log and change it."
381	msgstr ""
382
383	+ #: login-security-solution.php:560 tests/LoginMessageTest.php:105
384	msgid "We provide a %d minute grace period to do so."
385	msgstr ""
386
387	+ #: login-security-solution.php:563 tests/LoginMessageTest.php:115
388	msgid "The password you tried to create is not secure. Please try again."
389	msgstr ""
390
391	+ #: login-security-solution.php:569 tests/LoginMessageTest.php:129
392	#: tests/LoginMessageTest.php:144
393	msgid "The site is undergoing maintenance."
394	msgstr ""
395
396	+ #: login-security-solution.php:570 tests/LoginMessageTest.php:130
397	#: tests/LoginMessageTest.php:145
398	msgid "Please try again later."
399	msgstr ""
400
401	+ #: login-security-solution.php:641
402	msgid ""
403	"The password should either be: A) at least %d characters long and contain "
404	"upper and lower case letters plus numbers and punctuation, or B) at least %d "
405	"characters long."
406	msgstr ""
407
408	+ #: login-security-solution.php:675 tests/PasswordChangeTest.php:277
409	msgid "Passwords can not be reused."
410	msgstr ""
411
412	+ #: login-security-solution.php:850
413	msgid "ERROR"
414	msgstr ""
415
416	+ #: login-security-solution.php:987
417	msgid ""
418	"\n"
419	"Component Count Value from Current Attempt\n"

423	"Password MD5 %5d %s\n"
424	msgstr ""
425
426	+ #: login-security-solution.php:1822 login-security-solution.php:1859
427	msgid "POTENTIAL INTRUSION AT %s"
428	msgstr ""
429
430	+ #: login-security-solution.php:1826
431	msgid "Your website, %s, may have been broken in to."
432	msgstr ""
433
434	+ #: login-security-solution.php:1829
435	msgid ""
436	"Someone just logged in using the following components. Prior to that, some "
437	"combination of those components were a part of %d failed attempts to log in "
438	"during the past %d minutes:"
439	msgstr ""
440
441	+ #: login-security-solution.php:1835
442	msgid ""
443	"The user's current IP address is one they have verified with your site in "
444	"the past. Therefore, the user will NOT be required to confirm their "

446	"just in case this actually was a breach."
447	msgstr ""
448
449	+ #: login-security-solution.php:1837
450	msgid ""
451	"The user has been logged out and will be required to confirm their identity "
452	"via the password reset functionality."
453	msgstr ""
454
455	+ #: login-security-solution.php:1863
456	msgid ""
457	"Someone just logged into your '%s' account at %s. Was it you that logged "
458	"in? We are asking because the site is being attacked."
459	msgstr ""
460
461	+ #: login-security-solution.php:1864
462	msgid "IF IT WAS NOT YOU, please do the following right away:"
463	msgstr ""
464
465	+ #: login-security-solution.php:1865
466	msgid "1) Log into %s and change your password."
467	msgstr ""
468
469	+ #: login-security-solution.php:1866
470	msgid "2) Send an email to %s letting them know it was not you who logged in."
471	msgstr ""
472
473	+ #: login-security-solution.php:1892
474	msgid "ATTACK HAPPENING TO %s"
475	msgstr ""
476
477	+ #: login-security-solution.php:1896
478	msgid "Your website, %s, is undergoing a brute force attack."
479	msgstr ""
480
481	+ #: login-security-solution.php:1899
482	msgid ""
483	"There have been at least %d failed attempts to log in during the past %d "
484	"minutes that used one or more of the following components:"
485	msgstr ""
486
487	+ #: login-security-solution.php:1904
488	msgid ""
489	"The %s plugin for WordPress is repelling the attack by making their login "
490	"failures take a very long time."
491	msgstr ""
492
493	+ #: login-security-solution.php:2265 tests/PasswordValidationTest.php:450
494	msgid "Password not set."
495	msgstr ""
496
497	+ #: login-security-solution.php:2280 tests/PasswordValidationTest.php:461
498	msgid "Passwords must be strings."
499	msgstr ""
500
501	+ #: login-security-solution.php:2298 tests/PasswordValidationTest.php:474
502	msgid "Passwords must use ASCII characters."
503	msgstr ""
504
505	+ #: login-security-solution.php:2317 tests/PasswordChangeTest.php:310
506	#: tests/PasswordValidationTest.php:491 tests/PasswordValidationTest.php:505
507	msgid "Password is too short."
508	msgstr ""
509
510	+ #: login-security-solution.php:2326 tests/PasswordValidationTest.php:531
511	msgid "Passwords must either contain numbers or be %d characters long."
512	msgstr ""
513
514	+ #: login-security-solution.php:2335 tests/PasswordValidationTest.php:518
515	msgid ""
516	"Passwords must either contain punctuation marks / symbols or be %d "
517	"characters long."
518	msgstr ""
519
520	+ #: login-security-solution.php:2344 tests/PasswordValidationTest.php:544
521	msgid ""
522	"Passwords must either contain upper-case and lower-case letters or be %d "
523	"characters long."
524	msgstr ""
525
526	+ #: login-security-solution.php:2354 tests/PasswordValidationTest.php:557
527	msgid "Passwords can't be sequential keys."
528	msgstr ""
529
530	+ #: login-security-solution.php:2363 tests/PasswordValidationTest.php:570
531	msgid "Passwords can't have that many sequential characters."
532	msgstr ""
533
534	+ #: login-security-solution.php:2379 tests/PasswordValidationTest.php:583
535	#: tests/PasswordValidationTest.php:596
536	msgid "Passwords can't contain user data."
537	msgstr ""
538
539	+ #: login-security-solution.php:2390 tests/PasswordValidationTest.php:609
540	msgid "Passwords can't contain site info."
541	msgstr ""
542
543	+ #: login-security-solution.php:2399 tests/PasswordValidationTest.php:622
544	msgid "Password is too common."
545	msgstr ""
546
547	+ #: login-security-solution.php:2408 tests/PasswordValidationTest.php:638
548	msgid "Passwords can't be variations of dictionary words."
549	msgstr ""
550

languages/updatepos.sh ADDED Viewed

	@@ -0,0 +1,8 @@


1	+ #! /bin/bash -e
2	+
3	+ cd "`dirname "$0"`"
4	+
5	+ while read file ; do
6	+ echo "Merging $file..."
7	+ msgmerge -vUN --backup=off $file login-security-solution.pot
8	+ done < <(ls *po)

	@@ -6,7 +6,7 @@
6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	- * Version: 0.21.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2
	@@ -113,7 +113,7 @@ class login_security_solution {
113	'login_fail_minutes' => 120,
114	'login_fail_tier_2' => 5,
115	'login_fail_tier_3' => 10,
116	- 'login_fail_notify' => 20,
117	'login_fail_breach_notify' => 6,
118	'login_fail_breach_pw_force_change' => 6,
119	'pw_change_days' => 0,
	@@ -317,8 +317,24 @@ class login_security_solution {
317	* and slow down the response as necessary
318	*/
319	public function auth_cookie_bad($cookie_elements) {
320	- $~~this->process_login_fail(@$~~cookie_elements['username'],
321	- ~~@$cookie_elements[~~'~~hmac~~']);
















322	}
323
324	/**
	@@ -494,7 +510,7 @@ class login_security_solution {
494	$user_pass = empty($_POST['pwd']) ? '' : $_POST['pwd'];
495	// Unset user name to avoid information disclosure.
496	unset($_POST['log']);
497	- ###$this->log("login_fail(): ~~user_name:~~ $user_name, ~~user_pass:~~ $user_pass.");
498	$this->process_login_fail($user_name, $user_pass);
499	$this->load_plugin_textdomain();
500	return $this->hsc_utf8(__('Invalid username or password.', self::ID));
	@@ -1194,6 +1210,36 @@ Password MD5 %5d %s
1194	return false;
1195	}
1196






























1197	/**
1198	* Does this password show up in the "dict" program?
1199	*
	@@ -1867,6 +1913,7 @@ Password MD5 %5d %s
1867	*
1868	* @param string $user_name the user name from the current login form
1869	* @param string $user_pass the unhashed new password

1870	* @return int the number of seconds sleep()'ed (for use by unit tests)
1871	*
1872	* @uses login_security_solution::get_ip() to get the IP address
	@@ -1877,13 +1924,20 @@ Password MD5 %5d %s
1877	* they're over the limit
1878	* @uses login_security_solution::notify_fail() to warn of an attack
1879	*/
1880	- protected function process_login_fail($user_name, $user_pass~~) {~~


1881	global $wpdb;
1882
1883	$ip = $this->get_ip();
1884	$network_ip = $this->get_network_ip($ip);
1885	$pass_md5 = $this->md5($user_pass);
1886





1887	$this->insert_fail($ip, $user_name, $pass_md5);
1888
1889	$fails = $this->get_login_fail($network_ip, $user_name, $pass_md5);
	@@ -1910,7 +1964,9 @@ Password MD5 %5d %s
1910	}
1911
1912	// Keep login failures from becoming denial of service attacks.
1913	- ~~mysql_close~~($~~wpdb->dbh~~);


1914
1915	// Increasingly slow down attackers to the point they'll give up.
1916	sleep($sleep);


6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	+ * Version: 0.22.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2

113	'login_fail_minutes' => 120,
114	'login_fail_tier_2' => 5,
115	'login_fail_tier_3' => 10,
116	+ 'login_fail_notify' => 50,
117	'login_fail_breach_notify' => 6,
118	'login_fail_breach_pw_force_change' => 6,
119	'pw_change_days' => 0,

317	* and slow down the response as necessary
318	*/
319	public function auth_cookie_bad($cookie_elements) {
320	+ if (empty($cookie_elements['username'])) {
321	+ $username = '';
322	+ } else {
323	+ $username = $cookie_elements['username'];
324	+ }
325	+ if (empty($cookie_elements['hmac'])) {
326	+ $hmac = '';
327	+ } else {
328	+ $hmac = $cookie_elements['hmac'];
329	+ }
330	+ ###$this->log("auth_cookie_bad: $username, $hmac");
331	+
332	+ // Remove cookies to prevent further mayhem.
333	+ wp_clear_auth_cookie();
334	+
335	+ // The auth cookie process happens so early that we can't close the
336	+ // database connection yet.
337	+ $this->process_login_fail($username, $hmac, false);
338	}
339
340	/**

510	$user_pass = empty($_POST['pwd']) ? '' : $_POST['pwd'];
511	// Unset user name to avoid information disclosure.
512	unset($_POST['log']);
513	+ ###$this->log("login_fail(): $user_name, $user_pass.");
514	$this->process_login_fail($user_name, $user_pass);
515	$this->load_plugin_textdomain();
516	return $this->hsc_utf8(__('Invalid username or password.', self::ID));

1210	return false;
1211	}
1212
1213	+ /**
1214	+ * Does the current login failure exactly match an earlier failure
1215	+ * in the period specified by login_fail_minutes?
1216	+ *
1217	+ * @param string $ip a prior result from get_ip()
1218	+ * @param string $user_name the user name from the current login form
1219	+ * @param string $pass_md5 the md5 hashed new password
1220	+ * @return bool
1221	+ *
1222	+ * @uses login_security_solution::$options for the login_fail_minutes
1223	+ * setting
1224	+ */
1225	+ protected function is_login_fail_exact_match($ip, $user_name, $pass_md5) {
1226	+ global $wpdb;
1227	+
1228	+ $wpdb->escape_by_ref($ip);
1229	+ $wpdb->escape_by_ref($user_name);
1230	+ $wpdb->escape_by_ref($pass_md5);
1231	+
1232	+ $sql = "SELECT COUNT(*) AS total
1233	+ FROM `$this->table_fail`
1234	+ WHERE (ip = '$ip'
1235	+ AND user_login = '$user_name'
1236	+ AND pass_md5 = '$pass_md5')
1237	+ AND date_failed > DATE_SUB(NOW(), INTERVAL "
1238	+ . (int) $this->options['login_fail_minutes'] . " MINUTE)";
1239	+
1240	+ return (bool) $wpdb->get_var($sql);
1241	+ }
1242	+
1243	/**
1244	* Does this password show up in the "dict" program?
1245	*

1913	*
1914	* @param string $user_name the user name from the current login form
1915	* @param string $user_pass the unhashed new password
1916	+ * @param bool $close_db should mysql_close() be called?
1917	* @return int the number of seconds sleep()'ed (for use by unit tests)
1918	*
1919	* @uses login_security_solution::get_ip() to get the IP address

1924	* they're over the limit
1925	* @uses login_security_solution::notify_fail() to warn of an attack
1926	*/
1927	+ protected function process_login_fail($user_name, $user_pass,
1928	+ $close_db = true)
1929	+ {
1930	global $wpdb;
1931
1932	$ip = $this->get_ip();
1933	$network_ip = $this->get_network_ip($ip);
1934	$pass_md5 = $this->md5($user_pass);
1935
1936	+ if ($this->is_login_fail_exact_match($ip, $user_name, $pass_md5)) {
1937	+ // Don't track duplicates, user is trying bad pw over and over.
1938	+ return -1;
1939	+ }
1940	+
1941	$this->insert_fail($ip, $user_name, $pass_md5);
1942
1943	$fails = $this->get_login_fail($network_ip, $user_name, $pass_md5);

1964	}
1965
1966	// Keep login failures from becoming denial of service attacks.
1967	+ if ($close_db) {
1968	+ mysql_close($wpdb->dbh);
1969	+ }
1970
1971	// Increasingly slow down attackers to the point they'll give up.
1972	sleep($sleep);

readme.txt CHANGED Viewed

	@@ -1,12 +1,12 @@
1	=== Login Security Solution ===
2	Contributors: convissor
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	- Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, ban, brute force, brute, force, authentication, auth, cookie, users
5	Requires at least: 3.3
6	Tested up to: 3.4.1
7	- Stable tag: 0.21.0
8
9	- Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode. ~~Multisite ready!~~
10
11
12	== Description ==
	@@ -89,6 +89,11 @@ The tests have caught every password dictionary entry I've tried.
89	* Internationalized unit tests
90
91





92	= Securing Your WordPress Site is Important =
93
94	You're probably thinking "There's nothing valuable on my website. No one
	@@ -121,6 +126,16 @@ conflicts during program execution. Please read the FAQ!
121
122	1. Before installing this plugin, read the FAQ!
123










124	1. Download the Login Security Solution zip file from WordPress' plugin
125	site: `http://wordpress.org/extend/plugins/login-security-solution/`
126
	@@ -235,6 +250,17 @@ news is we provide more robust protection in those areas and the Better WP
235	Security "Settings" page lets you disable those features in their plugin.
236	This way you get to enjoy even better security than either plugin alone.
237











238	= Where should I report bugs and feature requests? =
239
240	Report bugs and submit feature requests by opening a ticket in WordPress'
	@@ -285,6 +311,12 @@ implementation, use the script I made for generating all of the .mo files:
285
286	== Changelog ==
287






288	= 0.21.0 =
289	* Fix is_pw_outside_ascii() to permit spaces.
290	* In multisite mode, send notifications to network admin, not blog admin.


1	=== Login Security Solution ===
2	Contributors: convissor
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	+ Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, lockdown, ban, brute force, brute, force, authentication, auth, cookie, users
5	Requires at least: 3.3
6	Tested up to: 3.4.1
7	+ Stable tag: 0.22.0
8
9	+ Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
10
11
12	== Description ==

89	* Internationalized unit tests
90
91
92	+ = Translations =
93	+
94	+ * Français, français (French, France) (fr_FR) by mermouy
95	+
96	+
97	= Securing Your WordPress Site is Important =
98
99	You're probably thinking "There's nothing valuable on my website. No one

126
127	1. Before installing this plugin, read the FAQ!
128
129	+ 1. If your WP install is behind a proxy or load balancer, please be aware
130	+ that this plugin uses the `REMOTE_ADDR` provided by the web server
131	+ (as does WordPress' new comment functionality and the Akismet plugin).
132	+ If you want our brute force tracking to work, we advise adjusting your
133	+ `wp-config.php` file to manually set the `REMOTE_ADDR` to a data
134	+ source appropriate for your environment. For example:
135	+
136	+ $_SERVER['REMOTE_ADDR'] = preg_replace('/^([^,]+).*$/', '\1',
137	+ $_SERVER['HTTP_X_FORWARDED_FOR']);
138	+
139	1. Download the Login Security Solution zip file from WordPress' plugin
140	site: `http://wordpress.org/extend/plugins/login-security-solution/`
141

250	Security "Settings" page lets you disable those features in their plugin.
251	This way you get to enjoy even better security than either plugin alone.
252
253	+ = Why should I pick a user name other than "admin"? =
254	+
255	+ The WordPress installation process (currently) defaults to having the
256	+ main administrator's user's name be "admin." Many people don't change it.
257	+ Attackers know this, so now all they need to do to get into such sites is
258	+ guess the password.
259	+
260	+ In addition, if you try to log in while your site is being attacked, this
261	+ plugin will send you through the password reset process in order to verify
262	+ your identity. While not the end of the world, it's inconvenient.
263	+
264	= Where should I report bugs and feature requests? =
265
266	Report bugs and submit feature requests by opening a ticket in WordPress'

311
312	== Changelog ==
313
314	+ = 0.22.0 =
315	+ * Track a given IP, user name, password combination only once.
316	+ * Prevent "not a valid MySQL-Link resource" on auth cookie failure.
317	+ * Increase default value of login_fail_notify from 20 to 50.
318	+ * Add partial French translation. Settings page needs doing. Thanks mermouy!
319	+
320	= 0.21.0 =
321	* Fix is_pw_outside_ascii() to permit spaces.
322	* In multisite mode, send notifications to network admin, not blog admin.

tests/AuthCookieBadTest.php CHANGED Viewed

	@@ -60,6 +60,9 @@ class AuthCookieBadTest extends TestCase {
60
61
62	public function test_direct() {



63	$input = array(
64	'username' => $this->user_name,
65	'hmac' => $this->pass_md5,
	@@ -67,6 +70,9 @@ class AuthCookieBadTest extends TestCase {
67	self::$lss->auth_cookie_bad($input);
68	$pass = self::$lss->md5($this->pass_md5);
69	$this->check_fail_record($this->ip, $this->user_name, $pass);



70	}
71
72	/**
	@@ -79,11 +85,17 @@ class AuthCookieBadTest extends TestCase {
79	$parts[0] = 'thisusercannotpossiblyexist';
80	$_COOKIE[AUTH_COOKIE] = implode('\|', $parts);
81



82	$result = wp_validate_auth_cookie();
83	$this->assertFalse($result);
84
85	$pass = self::$lss->md5($parts[2]);
86	$this->check_fail_record($this->ip, $parts[0], $pass);



87	}
88
89	/**
	@@ -96,10 +108,16 @@ class AuthCookieBadTest extends TestCase {
96	$parts[2] = 'badpassword';
97	$_COOKIE[AUTH_COOKIE] = implode('\|', $parts);
98



99	$result = wp_validate_auth_cookie();
100	$this->assertFalse($result);
101
102	$pass = self::$lss->md5($parts[2]);
103	$this->check_fail_record($this->ip, $parts[0], $pass);



104	}
105	}


60
61
62	public function test_direct() {
63	+ $expected_error = 'Cannot modify header information';
64	+ $this->expected_errors($expected_error);
65	+
66	$input = array(
67	'username' => $this->user_name,
68	'hmac' => $this->pass_md5,

70	self::$lss->auth_cookie_bad($input);
71	$pass = self::$lss->md5($this->pass_md5);
72	$this->check_fail_record($this->ip, $this->user_name, $pass);
73	+
74	+ $this->assertTrue($this->were_expected_errors_found(),
75	+ "Expected error not found: '$expected_error'");
76	}
77
78	/**

85	$parts[0] = 'thisusercannotpossiblyexist';
86	$_COOKIE[AUTH_COOKIE] = implode('\|', $parts);
87
88	+ $expected_error = 'Cannot modify header information';
89	+ $this->expected_errors($expected_error);
90	+
91	$result = wp_validate_auth_cookie();
92	$this->assertFalse($result);
93
94	$pass = self::$lss->md5($parts[2]);
95	$this->check_fail_record($this->ip, $parts[0], $pass);
96	+
97	+ $this->assertTrue($this->were_expected_errors_found(),
98	+ "Expected error not found: '$expected_error'");
99	}
100
101	/**

108	$parts[2] = 'badpassword';
109	$_COOKIE[AUTH_COOKIE] = implode('\|', $parts);
110
111	+ $expected_error = 'Cannot modify header information';
112	+ $this->expected_errors($expected_error);
113	+
114	$result = wp_validate_auth_cookie();
115	$this->assertFalse($result);
116
117	$pass = self::$lss->md5($parts[2]);
118	$this->check_fail_record($this->ip, $parts[0], $pass);
119	+
120	+ $this->assertTrue($this->were_expected_errors_found(),
121	+ "Expected error not found: '$expected_error'");
122	}
123	}

tests/LoginFailTest.php CHANGED Viewed

	@@ -71,6 +71,17 @@ class LoginFailTest extends TestCase {
71	$this->check_fail_record($this->ip, $this->user_name, 'other md5');
72	}
73











74	/**
75	* @depends test_insert_fail
76	*/
	@@ -140,12 +151,22 @@ class LoginFailTest extends TestCase {
140	public function test_process_login_fail__pre_threshold() {
141	global $wpdb;
142
143	- self::$lss->process_login_fail($this->user_name, ~~$this->pass_md5~~);
144
145	$this->assertInternalType('integer', $wpdb->insert_id,
146	'This should be an insert id.');
147	}
148










149	public function test_wp_login__null() {
150	$actual = self::$lss->wp_login(null, null);
151	$this->assertNull($actual, 'Bad return value.');


71	$this->check_fail_record($this->ip, $this->user_name, 'other md5');
72	}
73
74	+ /**
75	+ * @depends test_insert_fail
76	+ */
77	+ public function test_is_login_fail_exact_match() {
78	+ $actual = self::$lss->is_login_fail_exact_match($this->ip, $this->user_name, $this->pass_md5);
79	+ $this->assertTrue($actual, 'Expect match.');
80	+
81	+ $actual = self::$lss->is_login_fail_exact_match($this->ip, $this->user_name, 'no match');
82	+ $this->assertFalse($actual, 'Expect no match.');
83	+ }
84	+
85	/**
86	* @depends test_insert_fail
87	*/

151	public function test_process_login_fail__pre_threshold() {
152	global $wpdb;
153
154	+ self::$lss->process_login_fail($this->user_name, 'reed');
155
156	$this->assertInternalType('integer', $wpdb->insert_id,
157	'This should be an insert id.');
158	}
159
160	+ /**
161	+ * @depends test_get_login_fail
162	+ */
163	+ public function test_process_login_fail__exact_match() {
164	+ global $wpdb;
165	+
166	+ $actual = self::$lss->process_login_fail($this->user_name, 'reed');
167	+ $this->assertEquals(-1, $actual);
168	+ }
169	+
170	public function test_wp_login__null() {
171	$actual = self::$lss->wp_login(null, null);
172	$this->assertNull($actual, 'Bad return value.');