Version Description
- Keep the password strength indicator from being enabled.
- Narrow down when the password policy text filter is enabled.
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.24.0 |
Comparing to | |
See all releases |
Code changes from version 0.23.0 to 0.24.0
- languages/login-security-solution.pot +104 -104
- login-security-solution.php +9 -7
- readme.txt +62 -29
languages/login-security-solution.pot
CHANGED
@@ -2,10 +2,10 @@
|
|
2 |
# This file is distributed under the same license as the Login Security Solution package.
|
3 |
msgid ""
|
4 |
msgstr ""
|
5 |
-
"Project-Id-Version: Login Security Solution 0.
|
6 |
"Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-"
|
7 |
"solution\n"
|
8 |
-
"POT-Creation-Date: 2012-08-
|
9 |
"MIME-Version: 1.0\n"
|
10 |
"Content-Type: text/plain; charset=UTF-8\n"
|
11 |
"Content-Transfer-Encoding: 8bit\n"
|
@@ -13,308 +13,308 @@ msgstr ""
|
|
13 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
14 |
"Language-Team: LANGUAGE <LL@li.org>\n"
|
15 |
|
16 |
-
#: admin.php:
|
17 |
msgid "Settings"
|
18 |
msgstr ""
|
19 |
|
20 |
-
#: admin.php:
|
21 |
msgid "Change All Passwords"
|
22 |
msgstr ""
|
23 |
|
24 |
-
#: admin.php:
|
25 |
msgid "Do not remind me about this"
|
26 |
msgstr ""
|
27 |
|
28 |
-
#: admin.php:
|
29 |
msgid "Require All Passwords Be Changed"
|
30 |
msgstr ""
|
31 |
|
32 |
-
#: admin.php:
|
33 |
msgid ""
|
34 |
"%s must be activated via the Network Admin interface when WordPress is in "
|
35 |
"multistie network mode."
|
36 |
msgstr ""
|
37 |
|
38 |
-
#: admin.php:
|
39 |
msgid "Idle Timeout"
|
40 |
msgstr ""
|
41 |
|
42 |
-
#: admin.php:
|
43 |
msgid ""
|
44 |
"Close inactive sessions after this many minutes. 0 disables this feature."
|
45 |
msgstr ""
|
46 |
|
47 |
-
#: admin.php:
|
48 |
msgid "Maintenance Mode"
|
49 |
msgstr ""
|
50 |
|
51 |
-
#: admin.php:
|
52 |
msgid ""
|
53 |
"Disable logins from users who are not administrators and disable posting of "
|
54 |
"comments?"
|
55 |
msgstr ""
|
56 |
|
57 |
-
#: admin.php:
|
58 |
msgid "Off, let all users log in."
|
59 |
msgstr ""
|
60 |
|
61 |
-
#: admin.php:
|
62 |
msgid "On, disable comments and only let administrators log in."
|
63 |
msgstr ""
|
64 |
|
65 |
-
#: admin.php:
|
66 |
msgid "Deactivation"
|
67 |
msgstr ""
|
68 |
|
69 |
-
#: admin.php:
|
70 |
msgid ""
|
71 |
"Should deactivating the plugin remove all of the plugin's data and settings?"
|
72 |
msgstr ""
|
73 |
|
74 |
-
#: admin.php:
|
75 |
msgid "No, preserve the data for future use."
|
76 |
msgstr ""
|
77 |
|
78 |
-
#: admin.php:
|
79 |
msgid "Yes, delete the damn data."
|
80 |
msgstr ""
|
81 |
|
82 |
-
#: admin.php:
|
83 |
msgid "Match Time"
|
84 |
msgstr ""
|
85 |
|
86 |
-
#: admin.php:
|
87 |
msgid "How far back, in minutes, should login failures look for matching data?"
|
88 |
msgstr ""
|
89 |
|
90 |
-
#: admin.php:
|
91 |
msgid "Delay Tier 2"
|
92 |
msgstr ""
|
93 |
|
94 |
-
#: admin.php:
|
95 |
msgid ""
|
96 |
"How many matching login failures should it take to get into this (%d - %d "
|
97 |
"second) Delay Tier? Must be >= %d."
|
98 |
msgstr ""
|
99 |
|
100 |
-
#: admin.php:
|
101 |
msgid "Delay Tier 3"
|
102 |
msgstr ""
|
103 |
|
104 |
-
#: admin.php:
|
105 |
msgid ""
|
106 |
"How many matching login failures should it take to get into this (%d - %d "
|
107 |
"second) Delay Tier? Must be > Delay Tier 2."
|
108 |
msgstr ""
|
109 |
|
110 |
-
#: admin.php:
|
111 |
msgid "Notifications To"
|
112 |
msgstr ""
|
113 |
|
114 |
-
#: admin.php:
|
115 |
msgid ""
|
116 |
"The email address(es) the failure and breach notifications should be sent "
|
117 |
"to. For multiple addresses, separate them with commas. WordPress' "
|
118 |
"'admin_email' setting is used if none is provided here."
|
119 |
msgstr ""
|
120 |
|
121 |
-
#: admin.php:
|
122 |
msgid "Failure Notification"
|
123 |
msgstr ""
|
124 |
|
125 |
-
#: admin.php:
|
126 |
msgid ""
|
127 |
"Notify the administrator upon every x matching login failures. 0 disables "
|
128 |
"this feature."
|
129 |
msgstr ""
|
130 |
|
131 |
-
#: admin.php:
|
132 |
msgid "Breach Notification"
|
133 |
msgstr ""
|
134 |
|
135 |
-
#: admin.php:
|
136 |
msgid ""
|
137 |
"Notify the administrator if a successful login uses data matching x login "
|
138 |
"failures. 0 disables this feature."
|
139 |
msgstr ""
|
140 |
|
141 |
-
#: admin.php:
|
142 |
msgid "Breach Email Confirm"
|
143 |
msgstr ""
|
144 |
|
145 |
-
#: admin.php:
|
146 |
msgid ""
|
147 |
"If a successful login uses data matching x login failures, immediately log "
|
148 |
"the user out and require them to use WordPress' lost password process. 0 "
|
149 |
"disables this feature."
|
150 |
msgstr ""
|
151 |
|
152 |
-
#: admin.php:
|
153 |
msgid "Length"
|
154 |
msgstr ""
|
155 |
|
156 |
-
#: admin.php:
|
157 |
msgid "How long must passwords be? Must be >= %d."
|
158 |
msgstr ""
|
159 |
|
160 |
-
#: admin.php:
|
161 |
msgid "Complexity Exemption"
|
162 |
msgstr ""
|
163 |
|
164 |
-
#: admin.php:
|
165 |
msgid ""
|
166 |
"How long must passwords be to be exempt from the complexity requirements? "
|
167 |
"Must be >= %d."
|
168 |
msgstr ""
|
169 |
|
170 |
-
#: admin.php:
|
171 |
msgid "Aging"
|
172 |
msgstr ""
|
173 |
|
174 |
-
#: admin.php:
|
175 |
msgid ""
|
176 |
"How many days old can a password be before requiring it be changed? Not "
|
177 |
"recommended. 0 disables this feature."
|
178 |
msgstr ""
|
179 |
|
180 |
-
#: admin.php:
|
181 |
msgid "Grace Period"
|
182 |
msgstr ""
|
183 |
|
184 |
-
#: admin.php:
|
185 |
msgid ""
|
186 |
"How many minutes should a user have to change their password once they know "
|
187 |
"it has expired? Must be >= %d."
|
188 |
msgstr ""
|
189 |
|
190 |
-
#: admin.php:
|
191 |
msgid "History"
|
192 |
msgstr ""
|
193 |
|
194 |
-
#: admin.php:
|
195 |
msgid ""
|
196 |
"How many passwords should be remembered? Prevents reuse of old passwords. 0 "
|
197 |
"disables this feature."
|
198 |
msgstr ""
|
199 |
|
200 |
-
#: admin.php:
|
201 |
msgid "Login Failure Policies"
|
202 |
msgstr ""
|
203 |
|
204 |
-
#: admin.php:
|
205 |
msgid "Password Policies"
|
206 |
msgstr ""
|
207 |
|
208 |
-
#: admin.php:
|
209 |
msgid "Miscellaneous Policies"
|
210 |
msgstr ""
|
211 |
|
212 |
-
#: admin.php:
|
213 |
msgid ""
|
214 |
"This plugin stores the IP address, username and password for each failed log "
|
215 |
"in attempt."
|
216 |
msgstr ""
|
217 |
|
218 |
-
#: admin.php:
|
219 |
msgid ""
|
220 |
"The data from future login failures are compared against the historical data."
|
221 |
msgstr ""
|
222 |
|
223 |
-
#: admin.php:
|
224 |
msgid ""
|
225 |
"If any of the data points match, the plugin delays printing out the failure "
|
226 |
"message."
|
227 |
msgstr ""
|
228 |
|
229 |
-
#: admin.php:
|
230 |
msgid ""
|
231 |
"The goal is for the responses to take so long that the attackers give up and "
|
232 |
"go find an easier target."
|
233 |
msgstr ""
|
234 |
|
235 |
-
#: admin.php:
|
236 |
msgid "The length of the delay is broken up into three tiers."
|
237 |
msgstr ""
|
238 |
|
239 |
-
#: admin.php:
|
240 |
msgid "The amount of the delay increases in higher tiers."
|
241 |
msgstr ""
|
242 |
|
243 |
-
#: admin.php:
|
244 |
msgid ""
|
245 |
"The delay time within each tier is randomized to complicate profiling by "
|
246 |
"attackers."
|
247 |
msgstr ""
|
248 |
|
249 |
-
#: admin.php:
|
250 |
msgid "Default:"
|
251 |
msgstr ""
|
252 |
|
253 |
-
#: admin.php:
|
254 |
msgid "must be >= '%s',"
|
255 |
msgstr ""
|
256 |
|
257 |
-
#: admin.php:
|
258 |
msgid "so we used the default value instead."
|
259 |
msgstr ""
|
260 |
|
261 |
-
#: admin.php:
|
262 |
msgid "must be an integer,"
|
263 |
msgstr ""
|
264 |
|
265 |
-
#: admin.php:
|
266 |
msgid "There may be cases where everyone's password should be reset."
|
267 |
msgstr ""
|
268 |
|
269 |
-
#: admin.php:
|
270 |
msgid "This page, provided by the %s plugin, offers that functionality."
|
271 |
msgstr ""
|
272 |
|
273 |
-
#: admin.php:
|
274 |
msgid ""
|
275 |
"Submitting this form sets a flag that forces all users to utilize WordPress' "
|
276 |
"built in password reset functionality."
|
277 |
msgstr ""
|
278 |
|
279 |
-
#: admin.php:
|
280 |
msgid ""
|
281 |
"Users who are presently logged in will be logged out the next time they view "
|
282 |
"a page that requires authentication."
|
283 |
msgstr ""
|
284 |
|
285 |
-
#: admin.php:
|
286 |
msgid ""
|
287 |
"Confirm that you want to force all users to change their passwords by "
|
288 |
"checking this box, then click the button, below."
|
289 |
msgstr ""
|
290 |
|
291 |
-
#: admin.php:
|
292 |
msgid "No thanks. I know what I'm doing. Please don't remind me about this."
|
293 |
msgstr ""
|
294 |
|
295 |
-
#: admin.php:
|
296 |
msgid ""
|
297 |
"You have checked a box that does not correspond with the button you pressed. "
|
298 |
"Please check and press buttons inside the same section."
|
299 |
msgstr ""
|
300 |
|
301 |
-
#: admin.php:
|
302 |
msgid ""
|
303 |
"Please confirm that you really want to do this. Put a check in the '%s' box "
|
304 |
"before hitting the submit button."
|
305 |
msgstr ""
|
306 |
|
307 |
-
#: admin.php:
|
308 |
msgid "Success!"
|
309 |
msgstr ""
|
310 |
|
311 |
-
#: admin.php:
|
312 |
msgid ""
|
313 |
"WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
|
314 |
"changes may get overwritten!"
|
315 |
msgstr ""
|
316 |
|
317 |
-
#: admin.php:
|
318 |
msgid ""
|
319 |
"You have not asked your users to change their passwords since the plugin was "
|
320 |
"activated. Most users have weak passwords. This plugin's password policies "
|
@@ -322,23 +322,23 @@ msgid ""
|
|
322 |
"everyone on the Internet by making all users pick new, strong, passwords."
|
323 |
msgstr ""
|
324 |
|
325 |
-
#: admin.php:
|
326 |
msgid ""
|
327 |
"Speaking of which, do YOU have a strong password? Make sure by changing "
|
328 |
"yours too."
|
329 |
msgstr ""
|
330 |
|
331 |
-
#: admin.php:
|
332 |
msgid ""
|
333 |
"The following link leads to a user interface where you can either require "
|
334 |
"all passwords to be reset or disable this notice."
|
335 |
msgstr ""
|
336 |
|
337 |
-
#: admin.php:
|
338 |
msgid "You do not have sufficient permissions to access this page."
|
339 |
msgstr ""
|
340 |
|
341 |
-
#: admin.php:
|
342 |
msgid "$user_ID variable not set. Another plugin is misbehaving."
|
343 |
msgstr ""
|
344 |
|
@@ -398,22 +398,22 @@ msgstr ""
|
|
398 |
msgid "Please try again later."
|
399 |
msgstr ""
|
400 |
|
401 |
-
#: login-security-solution.php:
|
402 |
msgid ""
|
403 |
"The password should either be: A) at least %d characters long and contain "
|
404 |
-
"upper and lower case letters
|
405 |
-
"characters long."
|
406 |
msgstr ""
|
407 |
|
408 |
-
#: login-security-solution.php:
|
409 |
msgid "Passwords can not be reused."
|
410 |
msgstr ""
|
411 |
|
412 |
-
#: login-security-solution.php:
|
413 |
msgid "ERROR"
|
414 |
msgstr ""
|
415 |
|
416 |
-
#: login-security-solution.php:
|
417 |
msgid ""
|
418 |
"\n"
|
419 |
"Component Count Value from Current Attempt\n"
|
@@ -423,22 +423,22 @@ msgid ""
|
|
423 |
"Password MD5 %5d %s\n"
|
424 |
msgstr ""
|
425 |
|
426 |
-
#: login-security-solution.php:
|
427 |
msgid "POTENTIAL INTRUSION AT %s"
|
428 |
msgstr ""
|
429 |
|
430 |
-
#: login-security-solution.php:
|
431 |
msgid "Your website, %s, may have been broken in to."
|
432 |
msgstr ""
|
433 |
|
434 |
-
#: login-security-solution.php:
|
435 |
msgid ""
|
436 |
"Someone just logged in using the following components. Prior to that, some "
|
437 |
"combination of those components were a part of %d failed attempts to log in "
|
438 |
"during the past %d minutes:"
|
439 |
msgstr ""
|
440 |
|
441 |
-
#: login-security-solution.php:
|
442 |
msgid ""
|
443 |
"The user's current IP address is one they have verified with your site in "
|
444 |
"the past. Therefore, the user will NOT be required to confirm their "
|
@@ -446,105 +446,105 @@ msgid ""
|
|
446 |
"just in case this actually was a breach."
|
447 |
msgstr ""
|
448 |
|
449 |
-
#: login-security-solution.php:
|
450 |
msgid ""
|
451 |
"The user has been logged out and will be required to confirm their identity "
|
452 |
"via the password reset functionality."
|
453 |
msgstr ""
|
454 |
|
455 |
-
#: login-security-solution.php:
|
456 |
msgid ""
|
457 |
"Someone just logged into your '%s' account at %s. Was it you that logged "
|
458 |
"in? We are asking because the site is being attacked."
|
459 |
msgstr ""
|
460 |
|
461 |
-
#: login-security-solution.php:
|
462 |
msgid "IF IT WAS NOT YOU, please do the following right away:"
|
463 |
msgstr ""
|
464 |
|
465 |
-
#: login-security-solution.php:
|
466 |
msgid "1) Log into %s and change your password."
|
467 |
msgstr ""
|
468 |
|
469 |
-
#: login-security-solution.php:
|
470 |
msgid "2) Send an email to %s letting them know it was not you who logged in."
|
471 |
msgstr ""
|
472 |
|
473 |
-
#: login-security-solution.php:
|
474 |
msgid "ATTACK HAPPENING TO %s"
|
475 |
msgstr ""
|
476 |
|
477 |
-
#: login-security-solution.php:
|
478 |
msgid "Your website, %s, is undergoing a brute force attack."
|
479 |
msgstr ""
|
480 |
|
481 |
-
#: login-security-solution.php:
|
482 |
msgid ""
|
483 |
"There have been at least %d failed attempts to log in during the past %d "
|
484 |
"minutes that used one or more of the following components:"
|
485 |
msgstr ""
|
486 |
|
487 |
-
#: login-security-solution.php:
|
488 |
msgid ""
|
489 |
"The %s plugin for WordPress is repelling the attack by making their login "
|
490 |
"failures take a very long time."
|
491 |
msgstr ""
|
492 |
|
493 |
-
#: login-security-solution.php:
|
494 |
msgid "Password not set."
|
495 |
msgstr ""
|
496 |
|
497 |
-
#: login-security-solution.php:
|
498 |
msgid "Passwords must be strings."
|
499 |
msgstr ""
|
500 |
|
501 |
-
#: login-security-solution.php:
|
502 |
msgid "Passwords must use ASCII characters."
|
503 |
msgstr ""
|
504 |
|
505 |
-
#: login-security-solution.php:
|
506 |
-
#: tests/PasswordValidationTest.php:
|
507 |
msgid "Password is too short."
|
508 |
msgstr ""
|
509 |
|
510 |
-
#: login-security-solution.php:
|
511 |
msgid "Passwords must either contain numbers or be %d characters long."
|
512 |
msgstr ""
|
513 |
|
514 |
-
#: login-security-solution.php:
|
515 |
msgid ""
|
516 |
"Passwords must either contain punctuation marks / symbols or be %d "
|
517 |
"characters long."
|
518 |
msgstr ""
|
519 |
|
520 |
-
#: login-security-solution.php:
|
521 |
msgid ""
|
522 |
"Passwords must either contain upper-case and lower-case letters or be %d "
|
523 |
"characters long."
|
524 |
msgstr ""
|
525 |
|
526 |
-
#: login-security-solution.php:
|
527 |
msgid "Passwords can't be sequential keys."
|
528 |
msgstr ""
|
529 |
|
530 |
-
#: login-security-solution.php:
|
531 |
msgid "Passwords can't have that many sequential characters."
|
532 |
msgstr ""
|
533 |
|
534 |
-
#: login-security-solution.php:
|
535 |
-
#: tests/PasswordValidationTest.php:
|
536 |
msgid "Passwords can't contain user data."
|
537 |
msgstr ""
|
538 |
|
539 |
-
#: login-security-solution.php:
|
540 |
msgid "Passwords can't contain site info."
|
541 |
msgstr ""
|
542 |
|
543 |
-
#: login-security-solution.php:
|
544 |
msgid "Password is too common."
|
545 |
msgstr ""
|
546 |
|
547 |
-
#: login-security-solution.php:
|
548 |
msgid "Passwords can't be variations of dictionary words."
|
549 |
msgstr ""
|
550 |
|
2 |
# This file is distributed under the same license as the Login Security Solution package.
|
3 |
msgid ""
|
4 |
msgstr ""
|
5 |
+
"Project-Id-Version: Login Security Solution 0.24.0\n"
|
6 |
"Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-"
|
7 |
"solution\n"
|
8 |
+
"POT-Creation-Date: 2012-08-29 04:18:39+00:00\n"
|
9 |
"MIME-Version: 1.0\n"
|
10 |
"Content-Type: text/plain; charset=UTF-8\n"
|
11 |
"Content-Transfer-Encoding: 8bit\n"
|
13 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
14 |
"Language-Team: LANGUAGE <LL@li.org>\n"
|
15 |
|
16 |
+
#: admin.php:112 admin.php:362
|
17 |
msgid "Settings"
|
18 |
msgstr ""
|
19 |
|
20 |
+
#: admin.php:126
|
21 |
msgid "Change All Passwords"
|
22 |
msgstr ""
|
23 |
|
24 |
+
#: admin.php:127
|
25 |
msgid "Do not remind me about this"
|
26 |
msgstr ""
|
27 |
|
28 |
+
#: admin.php:128
|
29 |
msgid "Require All Passwords Be Changed"
|
30 |
msgstr ""
|
31 |
|
32 |
+
#: admin.php:143
|
33 |
msgid ""
|
34 |
"%s must be activated via the Network Admin interface when WordPress is in "
|
35 |
"multistie network mode."
|
36 |
msgstr ""
|
37 |
|
38 |
+
#: admin.php:249
|
39 |
msgid "Idle Timeout"
|
40 |
msgstr ""
|
41 |
|
42 |
+
#: admin.php:250
|
43 |
msgid ""
|
44 |
"Close inactive sessions after this many minutes. 0 disables this feature."
|
45 |
msgstr ""
|
46 |
|
47 |
+
#: admin.php:255
|
48 |
msgid "Maintenance Mode"
|
49 |
msgstr ""
|
50 |
|
51 |
+
#: admin.php:256
|
52 |
msgid ""
|
53 |
"Disable logins from users who are not administrators and disable posting of "
|
54 |
"comments?"
|
55 |
msgstr ""
|
56 |
|
57 |
+
#: admin.php:258
|
58 |
msgid "Off, let all users log in."
|
59 |
msgstr ""
|
60 |
|
61 |
+
#: admin.php:259
|
62 |
msgid "On, disable comments and only let administrators log in."
|
63 |
msgstr ""
|
64 |
|
65 |
+
#: admin.php:263
|
66 |
msgid "Deactivation"
|
67 |
msgstr ""
|
68 |
|
69 |
+
#: admin.php:264
|
70 |
msgid ""
|
71 |
"Should deactivating the plugin remove all of the plugin's data and settings?"
|
72 |
msgstr ""
|
73 |
|
74 |
+
#: admin.php:266
|
75 |
msgid "No, preserve the data for future use."
|
76 |
msgstr ""
|
77 |
|
78 |
+
#: admin.php:267
|
79 |
msgid "Yes, delete the damn data."
|
80 |
msgstr ""
|
81 |
|
82 |
+
#: admin.php:272
|
83 |
msgid "Match Time"
|
84 |
msgstr ""
|
85 |
|
86 |
+
#: admin.php:273
|
87 |
msgid "How far back, in minutes, should login failures look for matching data?"
|
88 |
msgstr ""
|
89 |
|
90 |
+
#: admin.php:278
|
91 |
msgid "Delay Tier 2"
|
92 |
msgstr ""
|
93 |
|
94 |
+
#: admin.php:279
|
95 |
msgid ""
|
96 |
"How many matching login failures should it take to get into this (%d - %d "
|
97 |
"second) Delay Tier? Must be >= %d."
|
98 |
msgstr ""
|
99 |
|
100 |
+
#: admin.php:285
|
101 |
msgid "Delay Tier 3"
|
102 |
msgstr ""
|
103 |
|
104 |
+
#: admin.php:286
|
105 |
msgid ""
|
106 |
"How many matching login failures should it take to get into this (%d - %d "
|
107 |
"second) Delay Tier? Must be > Delay Tier 2."
|
108 |
msgstr ""
|
109 |
|
110 |
+
#: admin.php:291
|
111 |
msgid "Notifications To"
|
112 |
msgstr ""
|
113 |
|
114 |
+
#: admin.php:292
|
115 |
msgid ""
|
116 |
"The email address(es) the failure and breach notifications should be sent "
|
117 |
"to. For multiple addresses, separate them with commas. WordPress' "
|
118 |
"'admin_email' setting is used if none is provided here."
|
119 |
msgstr ""
|
120 |
|
121 |
+
#: admin.php:297
|
122 |
msgid "Failure Notification"
|
123 |
msgstr ""
|
124 |
|
125 |
+
#: admin.php:298
|
126 |
msgid ""
|
127 |
"Notify the administrator upon every x matching login failures. 0 disables "
|
128 |
"this feature."
|
129 |
msgstr ""
|
130 |
|
131 |
+
#: admin.php:303
|
132 |
msgid "Breach Notification"
|
133 |
msgstr ""
|
134 |
|
135 |
+
#: admin.php:304
|
136 |
msgid ""
|
137 |
"Notify the administrator if a successful login uses data matching x login "
|
138 |
"failures. 0 disables this feature."
|
139 |
msgstr ""
|
140 |
|
141 |
+
#: admin.php:309
|
142 |
msgid "Breach Email Confirm"
|
143 |
msgstr ""
|
144 |
|
145 |
+
#: admin.php:310
|
146 |
msgid ""
|
147 |
"If a successful login uses data matching x login failures, immediately log "
|
148 |
"the user out and require them to use WordPress' lost password process. 0 "
|
149 |
"disables this feature."
|
150 |
msgstr ""
|
151 |
|
152 |
+
#: admin.php:316
|
153 |
msgid "Length"
|
154 |
msgstr ""
|
155 |
|
156 |
+
#: admin.php:317
|
157 |
msgid "How long must passwords be? Must be >= %d."
|
158 |
msgstr ""
|
159 |
|
160 |
+
#: admin.php:323
|
161 |
msgid "Complexity Exemption"
|
162 |
msgstr ""
|
163 |
|
164 |
+
#: admin.php:324
|
165 |
msgid ""
|
166 |
"How long must passwords be to be exempt from the complexity requirements? "
|
167 |
"Must be >= %d."
|
168 |
msgstr ""
|
169 |
|
170 |
+
#: admin.php:330
|
171 |
msgid "Aging"
|
172 |
msgstr ""
|
173 |
|
174 |
+
#: admin.php:331
|
175 |
msgid ""
|
176 |
"How many days old can a password be before requiring it be changed? Not "
|
177 |
"recommended. 0 disables this feature."
|
178 |
msgstr ""
|
179 |
|
180 |
+
#: admin.php:336
|
181 |
msgid "Grace Period"
|
182 |
msgstr ""
|
183 |
|
184 |
+
#: admin.php:337
|
185 |
msgid ""
|
186 |
"How many minutes should a user have to change their password once they know "
|
187 |
"it has expired? Must be >= %d."
|
188 |
msgstr ""
|
189 |
|
190 |
+
#: admin.php:343
|
191 |
msgid "History"
|
192 |
msgstr ""
|
193 |
|
194 |
+
#: admin.php:344
|
195 |
msgid ""
|
196 |
"How many passwords should be remembered? Prevents reuse of old passwords. 0 "
|
197 |
"disables this feature."
|
198 |
msgstr ""
|
199 |
|
200 |
+
#: admin.php:405
|
201 |
msgid "Login Failure Policies"
|
202 |
msgstr ""
|
203 |
|
204 |
+
#: admin.php:411
|
205 |
msgid "Password Policies"
|
206 |
msgstr ""
|
207 |
|
208 |
+
#: admin.php:417
|
209 |
msgid "Miscellaneous Policies"
|
210 |
msgstr ""
|
211 |
|
212 |
+
#: admin.php:467
|
213 |
msgid ""
|
214 |
"This plugin stores the IP address, username and password for each failed log "
|
215 |
"in attempt."
|
216 |
msgstr ""
|
217 |
|
218 |
+
#: admin.php:469
|
219 |
msgid ""
|
220 |
"The data from future login failures are compared against the historical data."
|
221 |
msgstr ""
|
222 |
|
223 |
+
#: admin.php:471
|
224 |
msgid ""
|
225 |
"If any of the data points match, the plugin delays printing out the failure "
|
226 |
"message."
|
227 |
msgstr ""
|
228 |
|
229 |
+
#: admin.php:473
|
230 |
msgid ""
|
231 |
"The goal is for the responses to take so long that the attackers give up and "
|
232 |
"go find an easier target."
|
233 |
msgstr ""
|
234 |
|
235 |
+
#: admin.php:475
|
236 |
msgid "The length of the delay is broken up into three tiers."
|
237 |
msgstr ""
|
238 |
|
239 |
+
#: admin.php:477
|
240 |
msgid "The amount of the delay increases in higher tiers."
|
241 |
msgstr ""
|
242 |
|
243 |
+
#: admin.php:479
|
244 |
msgid ""
|
245 |
"The delay time within each tier is randomized to complicate profiling by "
|
246 |
"attackers."
|
247 |
msgstr ""
|
248 |
|
249 |
+
#: admin.php:538 admin.php:553
|
250 |
msgid "Default:"
|
251 |
msgstr ""
|
252 |
|
253 |
+
#: admin.php:577
|
254 |
msgid "must be >= '%s',"
|
255 |
msgstr ""
|
256 |
|
257 |
+
#: admin.php:578
|
258 |
msgid "so we used the default value instead."
|
259 |
msgstr ""
|
260 |
|
261 |
+
#: admin.php:611
|
262 |
msgid "must be an integer,"
|
263 |
msgstr ""
|
264 |
|
265 |
+
#: admin.php:714
|
266 |
msgid "There may be cases where everyone's password should be reset."
|
267 |
msgstr ""
|
268 |
|
269 |
+
#: admin.php:716
|
270 |
msgid "This page, provided by the %s plugin, offers that functionality."
|
271 |
msgstr ""
|
272 |
|
273 |
+
#: admin.php:720
|
274 |
msgid ""
|
275 |
"Submitting this form sets a flag that forces all users to utilize WordPress' "
|
276 |
"built in password reset functionality."
|
277 |
msgstr ""
|
278 |
|
279 |
+
#: admin.php:722
|
280 |
msgid ""
|
281 |
"Users who are presently logged in will be logged out the next time they view "
|
282 |
"a page that requires authentication."
|
283 |
msgstr ""
|
284 |
|
285 |
+
#: admin.php:734
|
286 |
msgid ""
|
287 |
"Confirm that you want to force all users to change their passwords by "
|
288 |
"checking this box, then click the button, below."
|
289 |
msgstr ""
|
290 |
|
291 |
+
#: admin.php:753
|
292 |
msgid "No thanks. I know what I'm doing. Please don't remind me about this."
|
293 |
msgstr ""
|
294 |
|
295 |
+
#: admin.php:785
|
296 |
msgid ""
|
297 |
"You have checked a box that does not correspond with the button you pressed. "
|
298 |
"Please check and press buttons inside the same section."
|
299 |
msgstr ""
|
300 |
|
301 |
+
#: admin.php:787
|
302 |
msgid ""
|
303 |
"Please confirm that you really want to do this. Put a check in the '%s' box "
|
304 |
"before hitting the submit button."
|
305 |
msgstr ""
|
306 |
|
307 |
+
#: admin.php:803 admin.php:823
|
308 |
msgid "Success!"
|
309 |
msgstr ""
|
310 |
|
311 |
+
#: admin.php:855
|
312 |
msgid ""
|
313 |
"WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
|
314 |
"changes may get overwritten!"
|
315 |
msgstr ""
|
316 |
|
317 |
+
#: admin.php:879
|
318 |
msgid ""
|
319 |
"You have not asked your users to change their passwords since the plugin was "
|
320 |
"activated. Most users have weak passwords. This plugin's password policies "
|
322 |
"everyone on the Internet by making all users pick new, strong, passwords."
|
323 |
msgstr ""
|
324 |
|
325 |
+
#: admin.php:883
|
326 |
msgid ""
|
327 |
"Speaking of which, do YOU have a strong password? Make sure by changing "
|
328 |
"yours too."
|
329 |
msgstr ""
|
330 |
|
331 |
+
#: admin.php:887
|
332 |
msgid ""
|
333 |
"The following link leads to a user interface where you can either require "
|
334 |
"all passwords to be reset or disable this notice."
|
335 |
msgstr ""
|
336 |
|
337 |
+
#: admin.php:917
|
338 |
msgid "You do not have sufficient permissions to access this page."
|
339 |
msgstr ""
|
340 |
|
341 |
+
#: admin.php:923
|
342 |
msgid "$user_ID variable not set. Another plugin is misbehaving."
|
343 |
msgstr ""
|
344 |
|
398 |
msgid "Please try again later."
|
399 |
msgstr ""
|
400 |
|
401 |
+
#: login-security-solution.php:643
|
402 |
msgid ""
|
403 |
"The password should either be: A) at least %d characters long and contain "
|
404 |
+
"upper and lower case letters (except languages that only have one case) plus "
|
405 |
+
"numbers and punctuation, or B) at least %d characters long."
|
406 |
msgstr ""
|
407 |
|
408 |
+
#: login-security-solution.php:677 tests/PasswordChangeTest.php:277
|
409 |
msgid "Passwords can not be reused."
|
410 |
msgstr ""
|
411 |
|
412 |
+
#: login-security-solution.php:852
|
413 |
msgid "ERROR"
|
414 |
msgstr ""
|
415 |
|
416 |
+
#: login-security-solution.php:989
|
417 |
msgid ""
|
418 |
"\n"
|
419 |
"Component Count Value from Current Attempt\n"
|
423 |
"Password MD5 %5d %s\n"
|
424 |
msgstr ""
|
425 |
|
426 |
+
#: login-security-solution.php:1805 login-security-solution.php:1842
|
427 |
msgid "POTENTIAL INTRUSION AT %s"
|
428 |
msgstr ""
|
429 |
|
430 |
+
#: login-security-solution.php:1809
|
431 |
msgid "Your website, %s, may have been broken in to."
|
432 |
msgstr ""
|
433 |
|
434 |
+
#: login-security-solution.php:1812
|
435 |
msgid ""
|
436 |
"Someone just logged in using the following components. Prior to that, some "
|
437 |
"combination of those components were a part of %d failed attempts to log in "
|
438 |
"during the past %d minutes:"
|
439 |
msgstr ""
|
440 |
|
441 |
+
#: login-security-solution.php:1818
|
442 |
msgid ""
|
443 |
"The user's current IP address is one they have verified with your site in "
|
444 |
"the past. Therefore, the user will NOT be required to confirm their "
|
446 |
"just in case this actually was a breach."
|
447 |
msgstr ""
|
448 |
|
449 |
+
#: login-security-solution.php:1820
|
450 |
msgid ""
|
451 |
"The user has been logged out and will be required to confirm their identity "
|
452 |
"via the password reset functionality."
|
453 |
msgstr ""
|
454 |
|
455 |
+
#: login-security-solution.php:1846
|
456 |
msgid ""
|
457 |
"Someone just logged into your '%s' account at %s. Was it you that logged "
|
458 |
"in? We are asking because the site is being attacked."
|
459 |
msgstr ""
|
460 |
|
461 |
+
#: login-security-solution.php:1847
|
462 |
msgid "IF IT WAS NOT YOU, please do the following right away:"
|
463 |
msgstr ""
|
464 |
|
465 |
+
#: login-security-solution.php:1848
|
466 |
msgid "1) Log into %s and change your password."
|
467 |
msgstr ""
|
468 |
|
469 |
+
#: login-security-solution.php:1849
|
470 |
msgid "2) Send an email to %s letting them know it was not you who logged in."
|
471 |
msgstr ""
|
472 |
|
473 |
+
#: login-security-solution.php:1875
|
474 |
msgid "ATTACK HAPPENING TO %s"
|
475 |
msgstr ""
|
476 |
|
477 |
+
#: login-security-solution.php:1879
|
478 |
msgid "Your website, %s, is undergoing a brute force attack."
|
479 |
msgstr ""
|
480 |
|
481 |
+
#: login-security-solution.php:1882
|
482 |
msgid ""
|
483 |
"There have been at least %d failed attempts to log in during the past %d "
|
484 |
"minutes that used one or more of the following components:"
|
485 |
msgstr ""
|
486 |
|
487 |
+
#: login-security-solution.php:1887
|
488 |
msgid ""
|
489 |
"The %s plugin for WordPress is repelling the attack by making their login "
|
490 |
"failures take a very long time."
|
491 |
msgstr ""
|
492 |
|
493 |
+
#: login-security-solution.php:2294 tests/PasswordValidationTest.php:483
|
494 |
msgid "Password not set."
|
495 |
msgstr ""
|
496 |
|
497 |
+
#: login-security-solution.php:2309 tests/PasswordValidationTest.php:494
|
498 |
msgid "Passwords must be strings."
|
499 |
msgstr ""
|
500 |
|
501 |
+
#: login-security-solution.php:2327 tests/PasswordValidationTest.php:507
|
502 |
msgid "Passwords must use ASCII characters."
|
503 |
msgstr ""
|
504 |
|
505 |
+
#: login-security-solution.php:2346 tests/PasswordChangeTest.php:310
|
506 |
+
#: tests/PasswordValidationTest.php:524 tests/PasswordValidationTest.php:538
|
507 |
msgid "Password is too short."
|
508 |
msgstr ""
|
509 |
|
510 |
+
#: login-security-solution.php:2355 tests/PasswordValidationTest.php:564
|
511 |
msgid "Passwords must either contain numbers or be %d characters long."
|
512 |
msgstr ""
|
513 |
|
514 |
+
#: login-security-solution.php:2364 tests/PasswordValidationTest.php:551
|
515 |
msgid ""
|
516 |
"Passwords must either contain punctuation marks / symbols or be %d "
|
517 |
"characters long."
|
518 |
msgstr ""
|
519 |
|
520 |
+
#: login-security-solution.php:2373 tests/PasswordValidationTest.php:577
|
521 |
msgid ""
|
522 |
"Passwords must either contain upper-case and lower-case letters or be %d "
|
523 |
"characters long."
|
524 |
msgstr ""
|
525 |
|
526 |
+
#: login-security-solution.php:2383 tests/PasswordValidationTest.php:590
|
527 |
msgid "Passwords can't be sequential keys."
|
528 |
msgstr ""
|
529 |
|
530 |
+
#: login-security-solution.php:2392 tests/PasswordValidationTest.php:603
|
531 |
msgid "Passwords can't have that many sequential characters."
|
532 |
msgstr ""
|
533 |
|
534 |
+
#: login-security-solution.php:2408 tests/PasswordValidationTest.php:616
|
535 |
+
#: tests/PasswordValidationTest.php:629
|
536 |
msgid "Passwords can't contain user data."
|
537 |
msgstr ""
|
538 |
|
539 |
+
#: login-security-solution.php:2419 tests/PasswordValidationTest.php:642
|
540 |
msgid "Passwords can't contain site info."
|
541 |
msgstr ""
|
542 |
|
543 |
+
#: login-security-solution.php:2428 tests/PasswordValidationTest.php:655
|
544 |
msgid "Password is too common."
|
545 |
msgstr ""
|
546 |
|
547 |
+
#: login-security-solution.php:2437 tests/PasswordValidationTest.php:671
|
548 |
msgid "Passwords can't be variations of dictionary words."
|
549 |
msgstr ""
|
550 |
|
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
@@ -189,9 +189,7 @@ class login_security_solution {
|
|
189 |
add_action('user_profile_update_errors',
|
190 |
array(&$this, 'user_profile_update_errors'), 999, 3);
|
191 |
|
192 |
-
add_action('
|
193 |
-
add_action('user_new_form_tag', array(&$this, 'pw_policy_add_filter'));
|
194 |
-
add_action('login_init', array(&$this, 'pw_policy_add_filter'));
|
195 |
|
196 |
add_filter('login_errors', array(&$this, 'login_errors'));
|
197 |
add_filter('login_message', array(&$this, 'login_message'));
|
@@ -231,6 +229,8 @@ class login_security_solution {
|
|
231 |
add_action($admin_menu, array(&$admin, 'admin_menu'));
|
232 |
add_action('admin_init', array(&$admin, 'admin_init'));
|
233 |
add_filter($plugin_action_links, array(&$admin, 'plugin_action_links'));
|
|
|
|
|
234 |
|
235 |
if ($this->options['disable_logins']) {
|
236 |
add_action('admin_notices', array(&$admin, 'admin_notices_disable_logins'));
|
@@ -610,15 +610,17 @@ class login_security_solution {
|
|
610 |
}
|
611 |
|
612 |
/**
|
613 |
-
* Declares our password policy gettext filter
|
|
|
614 |
*
|
615 |
* NOTE: This method is automatically called by WordPress
|
616 |
* on the wp-login.php, user-new.php, and user-edit.php pages.
|
617 |
*
|
618 |
* @return void
|
619 |
*/
|
620 |
-
public function
|
621 |
add_filter('gettext', array(&$this, 'pw_policy_rewrite'), 11, 2);
|
|
|
622 |
}
|
623 |
|
624 |
/**
|
@@ -638,7 +640,7 @@ class login_security_solution {
|
|
638 |
$policy = 'Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).';
|
639 |
|
640 |
if ($original == $policy) {
|
641 |
-
$translated = sprintf(__("The password should either be: A) at least %d characters long and contain upper and lower case letters plus numbers and punctuation, or B) at least %d characters long.", self::ID), $this->options['pw_length'], $this->options['pw_complexity_exemption_length']);
|
642 |
}
|
643 |
|
644 |
return $translated;
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.24.0
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
189 |
add_action('user_profile_update_errors',
|
190 |
array(&$this, 'user_profile_update_errors'), 999, 3);
|
191 |
|
192 |
+
add_action('login_form_resetpass', array(&$this, 'pw_policy_establish'));
|
|
|
|
|
193 |
|
194 |
add_filter('login_errors', array(&$this, 'login_errors'));
|
195 |
add_filter('login_message', array(&$this, 'login_message'));
|
229 |
add_action($admin_menu, array(&$admin, 'admin_menu'));
|
230 |
add_action('admin_init', array(&$admin, 'admin_init'));
|
231 |
add_filter($plugin_action_links, array(&$admin, 'plugin_action_links'));
|
232 |
+
add_action('personal_options', array(&$admin, 'pw_policy_establish'));
|
233 |
+
add_action('user_new_form_tag', array(&$admin, 'pw_policy_establish'));
|
234 |
|
235 |
if ($this->options['disable_logins']) {
|
236 |
add_action('admin_notices', array(&$admin, 'admin_notices_disable_logins'));
|
610 |
}
|
611 |
|
612 |
/**
|
613 |
+
* Declares our password policy gettext filter and deactivates the
|
614 |
+
* password strength indicator script
|
615 |
*
|
616 |
* NOTE: This method is automatically called by WordPress
|
617 |
* on the wp-login.php, user-new.php, and user-edit.php pages.
|
618 |
*
|
619 |
* @return void
|
620 |
*/
|
621 |
+
public function pw_policy_establish() {
|
622 |
add_filter('gettext', array(&$this, 'pw_policy_rewrite'), 11, 2);
|
623 |
+
wp_deregister_script('password-strength-meter');
|
624 |
}
|
625 |
|
626 |
/**
|
640 |
$policy = 'Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).';
|
641 |
|
642 |
if ($original == $policy) {
|
643 |
+
$translated = sprintf($this->hsc_utf8(__("The password should either be: A) at least %d characters long and contain upper and lower case letters (except languages that only have one case) plus numbers and punctuation, or B) at least %d characters long.", self::ID)), $this->options['pw_length'], $this->options['pw_complexity_exemption_length']);
|
644 |
}
|
645 |
|
646 |
return $translated;
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danie
|
|
4 |
Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, lockdown, ban, brute force, brute, force, authentication, auth, cookie, users
|
5 |
Requires at least: 3.3
|
6 |
Tested up to: 3.4.1
|
7 |
-
Stable tag: 0.
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
|
10 |
|
@@ -38,7 +38,9 @@ The tests have caught every password dictionary entry I've tried.
|
|
38 |
+ Doesn't match blog info
|
39 |
+ Doesn't match user data
|
40 |
+ Must either have numbers, punctuation, upper and lower case characters
|
41 |
-
or be very long
|
|
|
|
|
42 |
+ Non-sequential codepoints
|
43 |
+ Non-sequential keystrokes (custom sequence files can be added)
|
44 |
+ Not in the password dictionary files you've provided (if any)
|
@@ -71,6 +73,8 @@ The tests have caught every password dictionary entry I've tried.
|
|
71 |
= Improvements Over Similar WordPress Plugins =
|
72 |
|
73 |
* Multisite network support
|
|
|
|
|
74 |
* Takes security seriously so the plugin itself does not open your site
|
75 |
to SQL, HTML, or header injection vulnerabilities
|
76 |
* Notice-free code means no information disclosures if `display_errors`
|
@@ -82,7 +86,6 @@ The tests have caught every password dictionary entry I've tried.
|
|
82 |
* Uses WordPress' features rather than fighting or overriding them
|
83 |
* No advertising, promotions, or beacons
|
84 |
* Proper internationalization support
|
85 |
-
* Monitors auth cookie failures
|
86 |
* Clean, documented code
|
87 |
* Unit tests covering 100% of the main class
|
88 |
* Internationalized unit tests
|
@@ -90,14 +93,22 @@ The tests have caught every password dictionary entry I've tried.
|
|
90 |
For reference, the similar plugins include:
|
91 |
|
92 |
* [Better WP Security](http://wordpress.org/extend/plugins/better-wp-security/)
|
|
|
93 |
* [Login Lock](http://wordpress.org/extend/plugins/login-lock/)
|
|
|
94 |
* [PMC Lockdown](http://wordpress.org/extend/plugins/pmc-lockdown/)
|
95 |
* [Simple Login Lockdown](http://wordpress.org/extend/plugins/simple-login-lockdown/)
|
96 |
|
97 |
|
|
|
|
|
|
|
|
|
|
|
|
|
98 |
= Translations =
|
99 |
|
100 |
-
* Français, français (French, France) (fr_FR) by mermouy
|
101 |
|
102 |
|
103 |
= Securing Your WordPress Site is Important =
|
@@ -122,10 +133,24 @@ clients and friends. Oh, and if the attack involves malware, that malware
|
|
122 |
has probably gotten itself into your computer.
|
123 |
|
124 |
|
125 |
-
=
|
126 |
|
127 |
-
|
128 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
129 |
|
130 |
|
131 |
== Installation ==
|
@@ -317,6 +342,10 @@ implementation, use the script I made for generating all of the .mo files:
|
|
317 |
|
318 |
== Changelog ==
|
319 |
|
|
|
|
|
|
|
|
|
320 |
= 0.23.0 =
|
321 |
* Split user and site info into components before comparing them.
|
322 |
* Increase minimum password length to 10 characters.
|
@@ -325,7 +354,8 @@ implementation, use the script I made for generating all of the .mo files:
|
|
325 |
* Track a given IP, user name, password combination only once.
|
326 |
* Prevent "not a valid MySQL-Link resource" on auth cookie failure.
|
327 |
* Increase default value of login_fail_notify from 20 to 50.
|
328 |
-
* Add partial French translation. Settings page needs doing. Thanks
|
|
|
329 |
|
330 |
= 0.21.0 =
|
331 |
* Fix is_pw_outside_ascii() to permit spaces.
|
@@ -358,19 +388,23 @@ the failure and breach notifications get sent to. (Request #1560)
|
|
358 |
against their user name.
|
359 |
|
360 |
= 0.17.0 =
|
361 |
-
* Fix network IP query in get_login_fail(). (Bug #1553,
|
362 |
-
|
|
|
|
|
363 |
|
364 |
= 0.16.0 =
|
365 |
* Have shell script gracefully handle value already being the desired value.
|
366 |
|
367 |
= 0.15.0 =
|
368 |
* Log auth cookie failures too.
|
369 |
-
* Clean up sleep logic. (Bug #1549,
|
|
|
370 |
|
371 |
= 0.14.0 =
|
372 |
* Fix emails being mistakenly sent in multisite mode that say "There have
|
373 |
-
been at least 0 failed attempts to log in". (Bug #1548,
|
|
|
374 |
* Add an `.htaccess` file that blocks access to this plugin's directory.
|
375 |
|
376 |
= 0.13.0 =
|
@@ -381,7 +415,7 @@ command line.
|
|
381 |
* Display a notice on top of admin pages when our maintenance mode is enabled.
|
382 |
|
383 |
= 0.11.0 =
|
384 |
-
* Use POST value for `$user_name` in `login_errors()` because global value
|
385 |
isn't always set.
|
386 |
* Add some more (commented out) log() calls to help users help me help them.
|
387 |
|
@@ -476,30 +510,17 @@ problems under PHP 5.4.
|
|
476 |
* Tested under WordPress 3.3.1.
|
477 |
|
478 |
|
479 |
-
==
|
480 |
-
|
481 |
-
* Delete old data in the `fail` table.
|
482 |
-
* Add some JS/AJAX magic to make users' lives easier by also validating
|
483 |
-
passwords on the front end prior to submission. Patches welcome!
|
484 |
-
|
485 |
-
|
486 |
-
== Bugs and Feature Requests ==
|
487 |
-
|
488 |
-
Report bugs and submit feature requests by opening a ticket in WordPress'
|
489 |
-
[plugins Trac website](https://plugins.trac.wordpress.org/newticket?component=login-security-solution).
|
490 |
-
|
491 |
-
You can also [view our existing tickets](https://plugins.trac.wordpress.org/query?status=assigned&status=closed&status=new&status=reopened&component=login-security-solution&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=component&desc=1&order=id) there.
|
492 |
|
493 |
-
|
494 |
-
== Inspiration and References ==
|
495 |
|
496 |
* Password Research
|
|
|
497 |
+ [You can never have too many passwords: techniques for evaluating a huge corpus](http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-evaluating_a_huge_password_corpus.pdf), Joseph Bonneau
|
498 |
+ [Analyzing Password Strength](http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf), Martin Devillers
|
499 |
+ [Consumer Password Worst Practices](http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf), Imperva
|
500 |
+ [Preventing Brute Force Attacks on your Web Login](http://www.bryanrite.com/preventing-brute-force-attacks-on-your-web-login/), Bryan Rite
|
501 |
+ [Password Strength](http://xkcd.com/936/), Randall Munroe
|
502 |
-
+ [Why passwords have never been weaker -- and crackers have never been stronger](http://arstechnica.com/security/2012/08/passwords-under-assault/), Dan Goodin
|
503 |
|
504 |
* Technical Info
|
505 |
+ [The Extreme UTF-8 Table](http://doc.infosnel.nl/extreme_utf-8.html), infosnel.nl
|
@@ -509,3 +530,15 @@ You can also [view our existing tickets](https://plugins.trac.wordpress.org/quer
|
|
509 |
+ [Dazzlepod Password List](http://dazzlepod.com/site_media/txt/passwords.txt), Dazzlepod
|
510 |
+ [Common Passwords](http://www.searchlores.org/commonpass1.htm), Fravia
|
511 |
+ [The Top 500 Worst Passwords of All Time](http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time), Mark Burnett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, lockdown, ban, brute force, brute, force, authentication, auth, cookie, users
|
5 |
Requires at least: 3.3
|
6 |
Tested up to: 3.4.1
|
7 |
+
Stable tag: 0.24.0
|
8 |
|
9 |
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
|
10 |
|
38 |
+ Doesn't match blog info
|
39 |
+ Doesn't match user data
|
40 |
+ Must either have numbers, punctuation, upper and lower case characters
|
41 |
+
or be very long. Note: alphabets with only one case (e.g. Arabic,
|
42 |
+
Hebrew, etc.) are automatically exempted from the upper/lower case
|
43 |
+
requirement.
|
44 |
+ Non-sequential codepoints
|
45 |
+ Non-sequential keystrokes (custom sequence files can be added)
|
46 |
+ Not in the password dictionary files you've provided (if any)
|
73 |
= Improvements Over Similar WordPress Plugins =
|
74 |
|
75 |
* Multisite network support
|
76 |
+
* Monitors auth cookies for bad user names and hashes
|
77 |
+
* Adjusts WordPress' password policy user interfaces
|
78 |
* Takes security seriously so the plugin itself does not open your site
|
79 |
to SQL, HTML, or header injection vulnerabilities
|
80 |
* Notice-free code means no information disclosures if `display_errors`
|
86 |
* Uses WordPress' features rather than fighting or overriding them
|
87 |
* No advertising, promotions, or beacons
|
88 |
* Proper internationalization support
|
|
|
89 |
* Clean, documented code
|
90 |
* Unit tests covering 100% of the main class
|
91 |
* Internationalized unit tests
|
93 |
For reference, the similar plugins include:
|
94 |
|
95 |
* [Better WP Security](http://wordpress.org/extend/plugins/better-wp-security/)
|
96 |
+
* [Limit Login Attempts](http://wordpress.org/extend/plugins/limit-login-attempts/)
|
97 |
* [Login Lock](http://wordpress.org/extend/plugins/login-lock/)
|
98 |
+
* [Login LockDown](http://wordpress.org/extend/plugins/login-lockdown/)
|
99 |
* [PMC Lockdown](http://wordpress.org/extend/plugins/pmc-lockdown/)
|
100 |
* [Simple Login Lockdown](http://wordpress.org/extend/plugins/simple-login-lockdown/)
|
101 |
|
102 |
|
103 |
+
= Compatability with Other Plugins =
|
104 |
+
|
105 |
+
Some plugins provide similar functionality. These overlaps can lead to
|
106 |
+
conflicts during program execution. Please read the FAQ!
|
107 |
+
|
108 |
+
|
109 |
= Translations =
|
110 |
|
111 |
+
* Français, français (French, France) (fr_FR) by [mermouy](http://wordpress.org/support/profile/mermouy)
|
112 |
|
113 |
|
114 |
= Securing Your WordPress Site is Important =
|
133 |
has probably gotten itself into your computer.
|
134 |
|
135 |
|
136 |
+
= Why Strong, Unique Passwords Are Important =
|
137 |
|
138 |
+
Yeah, creating, storing/remembering, and using a _different_, _strong_
|
139 |
+
password for each site you use is a hassle. _But it is absolutely
|
140 |
+
necessary._
|
141 |
+
|
142 |
+
Password lists get stolen on a regular basis from big name sites (like
|
143 |
+
Linkedin for example!). Criminals then have unlimited time to decode the
|
144 |
+
passwords. In general, 50% of those passwords are so weak they get figured
|
145 |
+
out in a matter of seconds. Plus there are computers on the Internet
|
146 |
+
dedicated to pounding the sites with login attempts, hoping to get lucky.
|
147 |
+
|
148 |
+
Many people use the same password for multiple sites. Once an attacker
|
149 |
+
figures out your password on one site, they'll try it on your accounts at
|
150 |
+
other sites. It gets ugly very fast.
|
151 |
+
|
152 |
+
But don't despair! There are good, free tools that make doing the right
|
153 |
+
thing a piece of cake. For example, [KeePass](http://keepass.info/).
|
154 |
|
155 |
|
156 |
== Installation ==
|
342 |
|
343 |
== Changelog ==
|
344 |
|
345 |
+
= 0.24.0 =
|
346 |
+
* Keep the password strength indicator from being enabled.
|
347 |
+
* Narrow down when the password policy text filter is enabled.
|
348 |
+
|
349 |
= 0.23.0 =
|
350 |
* Split user and site info into components before comparing them.
|
351 |
* Increase minimum password length to 10 characters.
|
354 |
* Track a given IP, user name, password combination only once.
|
355 |
* Prevent "not a valid MySQL-Link resource" on auth cookie failure.
|
356 |
* Increase default value of login_fail_notify from 20 to 50.
|
357 |
+
* Add partial French translation. Settings page needs doing. Thanks
|
358 |
+
[mermouy](http://wordpress.org/support/profile/mermouy)!
|
359 |
|
360 |
= 0.21.0 =
|
361 |
* Fix is_pw_outside_ascii() to permit spaces.
|
388 |
against their user name.
|
389 |
|
390 |
= 0.17.0 =
|
391 |
+
* Fix network IP query in get_login_fail(). (Bug #1553,
|
392 |
+
[deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
|
393 |
+
* Rename files holding expected test results. (Bug #1552,
|
394 |
+
[deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
|
395 |
|
396 |
= 0.16.0 =
|
397 |
* Have shell script gracefully handle value already being the desired value.
|
398 |
|
399 |
= 0.15.0 =
|
400 |
* Log auth cookie failures too.
|
401 |
+
* Clean up sleep logic. (Bug #1549,
|
402 |
+
[deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
|
403 |
|
404 |
= 0.14.0 =
|
405 |
* Fix emails being mistakenly sent in multisite mode that say "There have
|
406 |
+
been at least 0 failed attempts to log in". (Bug #1548,
|
407 |
+
[deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
|
408 |
* Add an `.htaccess` file that blocks access to this plugin's directory.
|
409 |
|
410 |
= 0.13.0 =
|
415 |
* Display a notice on top of admin pages when our maintenance mode is enabled.
|
416 |
|
417 |
= 0.11.0 =
|
418 |
+
* Use `POST` value for `$user_name` in `login_errors()` because global value
|
419 |
isn't always set.
|
420 |
* Add some more (commented out) log() calls to help users help me help them.
|
421 |
|
510 |
* Tested under WordPress 3.3.1.
|
511 |
|
512 |
|
513 |
+
== Other Notes ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
514 |
|
515 |
+
= Inspiration and References =
|
|
|
516 |
|
517 |
* Password Research
|
518 |
+
+ [Why passwords have never been weaker -- and crackers have never been stronger](http://arstechnica.com/security/2012/08/passwords-under-assault/), Dan Goodin
|
519 |
+ [You can never have too many passwords: techniques for evaluating a huge corpus](http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-evaluating_a_huge_password_corpus.pdf), Joseph Bonneau
|
520 |
+ [Analyzing Password Strength](http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf), Martin Devillers
|
521 |
+ [Consumer Password Worst Practices](http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf), Imperva
|
522 |
+ [Preventing Brute Force Attacks on your Web Login](http://www.bryanrite.com/preventing-brute-force-attacks-on-your-web-login/), Bryan Rite
|
523 |
+ [Password Strength](http://xkcd.com/936/), Randall Munroe
|
|
|
524 |
|
525 |
* Technical Info
|
526 |
+ [The Extreme UTF-8 Table](http://doc.infosnel.nl/extreme_utf-8.html), infosnel.nl
|
530 |
+ [Dazzlepod Password List](http://dazzlepod.com/site_media/txt/passwords.txt), Dazzlepod
|
531 |
+ [Common Passwords](http://www.searchlores.org/commonpass1.htm), Fravia
|
532 |
+ [The Top 500 Worst Passwords of All Time](http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time), Mark Burnett
|
533 |
+
|
534 |
+
= To Do =
|
535 |
+
|
536 |
+
* Delete old data in the `fail` table.
|
537 |
+
* Provide a user interface to the `fail` table.
|
538 |
+
|
539 |
+
= Bugs and Feature Requests =
|
540 |
+
|
541 |
+
Report bugs and submit feature requests by opening a ticket in WordPress'
|
542 |
+
[plugins Trac website](https://plugins.trac.wordpress.org/newticket?component=login-security-solution).
|
543 |
+
|
544 |
+
You can also [view our existing tickets](https://plugins.trac.wordpress.org/query?status=assigned&status=closed&status=new&status=reopened&component=login-security-solution&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=component&desc=1&order=id) there.
|