Version Description
- Minor wording adjustments.
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.6.1 |
Comparing to | |
See all releases |
Code changes from version 0.6.0 to 0.6.1
- admin.inc +17 -12
- login-security-solution.php +1 -1
- readme.txt +21 -1
admin.inc
CHANGED
@@ -40,6 +40,22 @@ class login_security_solution_admin extends login_security_solution {
|
|
40 |
*/
|
41 |
protected $form_action;
|
42 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
/**
|
44 |
* Key for the change password "don't remind me" checkbox
|
45 |
* @var string
|
@@ -58,12 +74,6 @@ class login_security_solution_admin extends login_security_solution {
|
|
58 |
*/
|
59 |
protected $option_pw_force_change_name;
|
60 |
|
61 |
-
/**
|
62 |
-
* Name of the page holding the options
|
63 |
-
* @var string
|
64 |
-
*/
|
65 |
-
protected $page_options;
|
66 |
-
|
67 |
/**
|
68 |
* Text for the plugin's password change page "don't remind me" button
|
69 |
* @var string
|
@@ -76,17 +86,12 @@ class login_security_solution_admin extends login_security_solution {
|
|
76 |
*/
|
77 |
protected $text_button_require;
|
78 |
|
79 |
-
/**
|
80 |
-
* Title for the plugin's settings page
|
81 |
-
* @var string
|
82 |
-
*/
|
83 |
-
protected $text_settings;
|
84 |
-
|
85 |
/**
|
86 |
* Title for the plugin's password change page
|
87 |
* @var string
|
88 |
*/
|
89 |
protected $text_pw_force_change;
|
|
|
90 |
|
91 |
|
92 |
/**
|
40 |
*/
|
41 |
protected $form_action;
|
42 |
|
43 |
+
/**
|
44 |
+
* Name of the page holding the options
|
45 |
+
* @var string
|
46 |
+
*/
|
47 |
+
protected $page_options;
|
48 |
+
|
49 |
+
/**
|
50 |
+
* Title for the plugin's settings page
|
51 |
+
* @var string
|
52 |
+
*/
|
53 |
+
protected $text_settings;
|
54 |
+
|
55 |
+
|
56 |
+
/**#@+
|
57 |
+
* NON-STANDARD: These properties are for the password change page.
|
58 |
+
*/
|
59 |
/**
|
60 |
* Key for the change password "don't remind me" checkbox
|
61 |
* @var string
|
74 |
*/
|
75 |
protected $option_pw_force_change_name;
|
76 |
|
|
|
|
|
|
|
|
|
|
|
|
|
77 |
/**
|
78 |
* Text for the plugin's password change page "don't remind me" button
|
79 |
* @var string
|
86 |
*/
|
87 |
protected $text_button_require;
|
88 |
|
|
|
|
|
|
|
|
|
|
|
|
|
89 |
/**
|
90 |
* Title for the plugin's password change page
|
91 |
* @var string
|
92 |
*/
|
93 |
protected $text_pw_force_change;
|
94 |
+
/**#@-*/
|
95 |
|
96 |
|
97 |
/**
|
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.6.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.6.1
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
readme.txt
CHANGED
@@ -224,7 +224,24 @@ interface:
|
|
224 |
* Regular sites: Plugins
|
225 |
* Sites using multisite networks: My Sites | Network Admin | Plugins
|
226 |
|
227 |
-
=
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
228 |
|
229 |
Get the translation tools from `http://i18n.svn.wordpress.org/tools/trunk/`
|
230 |
then `cd` into that directory and run:
|
@@ -235,6 +252,9 @@ then `cd` into that directory and run:
|
|
235 |
|
236 |
== Changelog ==
|
237 |
|
|
|
|
|
|
|
238 |
= 0.6.0 =
|
239 |
* Use `ENT_QUOTES` instead of `ENT_COMPAT` in `htmlspecialchars()` calls
|
240 |
because WordPress mixes and matches the double and single quotes to
|
224 |
* Regular sites: Plugins
|
225 |
* Sites using multisite networks: My Sites | Network Admin | Plugins
|
226 |
|
227 |
+
= Why use slowdowns instead of lockouts? =
|
228 |
+
|
229 |
+
The best way to go here is a subject open to debate. (Hey what isn't?)
|
230 |
+
I chose the slowdown approach because it keeps legitimate users and
|
231 |
+
administrators from being inconvenienced. Plus it provides a quick sand
|
232 |
+
trap that ties up attackers' resources instead of immediately tipping them
|
233 |
+
off that the jig is up.
|
234 |
+
|
235 |
+
= Won't the slowdowns open my website to Denial of Serivice (DOS) attacks? =
|
236 |
+
|
237 |
+
Yeah, the DOS potential is there. I mitigated it for the most part by
|
238 |
+
disconnecting the database link (the most precious resorce in most
|
239 |
+
situations) before sleeping. But remember, distributed deinal of service
|
240 |
+
attacks are fairly easy to initiate these days. If someone really wants to
|
241 |
+
shut down your site, they'll be able to do it without even touching this
|
242 |
+
plugin's login failure process.
|
243 |
+
|
244 |
+
= How do developers generate the POT translation file? =
|
245 |
|
246 |
Get the translation tools from `http://i18n.svn.wordpress.org/tools/trunk/`
|
247 |
then `cd` into that directory and run:
|
252 |
|
253 |
== Changelog ==
|
254 |
|
255 |
+
= 0.6.1 =
|
256 |
+
* Minor wording adjustments.
|
257 |
+
|
258 |
= 0.6.0 =
|
259 |
* Use `ENT_QUOTES` instead of `ENT_COMPAT` in `htmlspecialchars()` calls
|
260 |
because WordPress mixes and matches the double and single quotes to
|