MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 4.65

Version Description

  • Making Login Protection more configurable.
  • Robust handling of requests params.
  • Callback wing versioning.
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 4.65
Comparing to
See all releases

Code changes from version 4.63 to 4.65

Files changed (17) hide show
  1. callback/base.php +14 -0
  2. callback/request.php +47 -5
  3. callback/wings/account.php +2 -0
  4. callback/wings/actlog.php +2 -0
  5. callback/wings/brand.php +2 -0
  6. callback/wings/db.php +28 -0
  7. callback/wings/fs.php +1 -0
  8. callback/wings/fs_write.php +1 -0
  9. callback/wings/info.php +4 -5
  10. callback/wings/misc.php +68 -0
  11. callback/wings/protect.php +2 -0
  12. callback/wings/watch.php +2 -0
  13. info.php +8 -3
  14. malcare.php +3 -1
  15. protect/wp/lp/config.php +6 -0
  16. protect/wp/lp/lp.php +15 -3
  17. readme.txt +6 -1
callback/base.php CHANGED
@@ -4,6 +4,20 @@ if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVCallbackBase')) :
5
 
6
  class BVCallbackBase {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  public function objectToArray($obj) {
8
  return json_decode(json_encode($obj), true);
9
  }
4
  if (!class_exists('BVCallbackBase')) :
5
 
6
  class BVCallbackBase {
7
+
8
+ const WING_INFOS = array("ACTLOG_WING_VERSION" => '1.0',
9
+ "BRAND_WING_VERSION" => '1.0',
10
+ "DB_WING_VERSION" => '1.0',
11
+ "ACCOUNT_WING_VERSION" => '1.0',
12
+ "MISC_WING_VERSION" => '1.0',
13
+ "FS_WING_VERSION" => '1.0',
14
+ "INFO_WING_VERSION" => '1.0',
15
+ "WATCH_WING_VERSION" => '1.0',
16
+ "FS_WRITE_WING_VERSION" => '1.0',
17
+ "IPSTORE_WING_VERSION" => '1.0',
18
+ "PROTECT_WING_VERSION" => '1.0',
19
+ );
20
+
21
  public function objectToArray($obj) {
22
  return json_decode(json_encode($obj), true);
23
  }
callback/request.php CHANGED
@@ -40,6 +40,46 @@ if (!class_exists('BVCallbackRequest')) :
40
  return array_key_exists('apicall', $this->params);
41
  }
42
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
43
  public function info() {
44
  $info = array(
45
  "requestedsig" => $this->sig,
@@ -70,11 +110,6 @@ if (!class_exists('BVCallbackRequest')) :
70
  if (array_key_exists('op_reset', $in_params) && function_exists('output_reset_rewrite_vars'))
71
  @output_reset_rewrite_vars();
72
 
73
- if (array_key_exists('binhead', $in_params)) {
74
- header("Content-type: application/binary");
75
- header('Content-Transfer-Encoding: binary');
76
- }
77
-
78
  if (array_key_exists('concat', $in_params)) {
79
  foreach ($in_params['concat'] as $key) {
80
  $concated = '';
@@ -86,6 +121,13 @@ if (!class_exists('BVCallbackRequest')) :
86
  }
87
  }
88
 
 
 
 
 
 
 
 
89
  if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
90
  array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
91
  $digest_algo = 'SHA1';
40
  return array_key_exists('apicall', $this->params);
41
  }
42
 
43
+ public function curlRequest($url, $body) {
44
+ $ch = curl_init($url);
45
+ curl_setopt($ch, CURLOPT_POST, 1);
46
+ curl_setopt($ch, CURLOPT_TIMEOUT, 15);
47
+ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($body));
48
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
49
+ return curl_exec($ch);
50
+ }
51
+
52
+ public function fileGetContentRequest($url, $body) {
53
+ $options = array(
54
+ 'http' => array(
55
+ 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
56
+ 'method' => 'POST',
57
+ 'content' => http_build_query($body)
58
+ )
59
+ );
60
+
61
+ $context = stream_context_create($options);
62
+ return file_get_contents($url, false, $context);
63
+ }
64
+
65
+ public function http_request($url, $body) {
66
+ if (in_array('curl', get_loaded_extensions())) {
67
+ return $this->curlRequest($url, $body);
68
+ } else {
69
+ return $this->fileGetContentRequest($url, $body);
70
+ }
71
+ }
72
+
73
+ public function get_params_via_api($params_key, $apiurl) {
74
+ $res = $this->http_request($apiurl, array('bvkey' => $params_key));
75
+
76
+ if ($res === FALSE) {
77
+ return false;
78
+ }
79
+
80
+ return $res;
81
+ }
82
+
83
  public function info() {
84
  $info = array(
85
  "requestedsig" => $this->sig,
110
  if (array_key_exists('op_reset', $in_params) && function_exists('output_reset_rewrite_vars'))
111
  @output_reset_rewrite_vars();
112
 
 
 
 
 
 
113
  if (array_key_exists('concat', $in_params)) {
114
  foreach ($in_params['concat'] as $key) {
115
  $concated = '';
121
  }
122
  }
123
 
124
+ if (isset($in_params['bvpdataviaapi']) && isset($in_params['bvapiurl'])) {
125
+ $pdata = $this->get_params_via_api($in_params['bvpdataviaapi'], $in_params['bvapiurl']);
126
+ if ($pdata !== false) {
127
+ $in_params["bvprms"] = $pdata;
128
+ }
129
+ }
130
+
131
  if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
132
  array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
133
  $digest_algo = 'SHA1';
callback/wings/account.php CHANGED
@@ -5,6 +5,8 @@ if (!class_exists('BVAccountCallback')) :
5
  class BVAccountCallback extends BVCallbackBase {
6
  public $account;
7
  public $settings;
 
 
8
 
9
  public function __construct($callback_handler) {
10
  $this->account = $callback_handler->account;
5
  class BVAccountCallback extends BVCallbackBase {
6
  public $account;
7
  public $settings;
8
+
9
+ const ACCOUNT_WING_VERSION = 1.0;
10
 
11
  public function __construct($callback_handler) {
12
  $this->account = $callback_handler->account;
callback/wings/actlog.php CHANGED
@@ -9,6 +9,8 @@ class BVActLogCallback extends BVCallbackBase {
9
  public $db;
10
  public $settings;
11
 
 
 
12
  public function __construct($callback_handler) {
13
  $this->db = $callback_handler->db;
14
  $this->settings = $callback_handler->settings;
9
  public $db;
10
  public $settings;
11
 
12
+ const ACTLOG_WING_VERSION = 1.0;
13
+
14
  public function __construct($callback_handler) {
15
  $this->db = $callback_handler->db;
16
  $this->settings = $callback_handler->settings;
callback/wings/brand.php CHANGED
@@ -6,6 +6,8 @@ if (!class_exists('BVBrandCallback')) :
6
  class BVBrandCallback extends BVCallbackBase {
7
  public $settings;
8
 
 
 
9
  public function __construct($callback_handler) {
10
  $this->settings = $callback_handler->settings;
11
  }
6
  class BVBrandCallback extends BVCallbackBase {
7
  public $settings;
8
 
9
+ const BRAND_WING_VERSION = 1.0;
10
+
11
  public function __construct($callback_handler) {
12
  $this->settings = $callback_handler->settings;
13
  }
callback/wings/db.php CHANGED
@@ -11,6 +11,8 @@ class BVDBCallback extends BVCallbackBase {
11
 
12
  public static $bvTables = array("fw_requests", "lp_requests", "ip_store");
13
 
 
 
14
  public function __construct($callback_handler) {
15
  $this->db = $callback_handler->db;
16
  $this->account = $callback_handler->account;
@@ -203,6 +205,32 @@ class BVDBCallback extends BVCallbackBase {
203
  $result["rows"] = $rows;
204
  $resp = $result;
205
  break;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
206
  case "tableinfo":
207
  $table = urldecode($params['table']);
208
  $offset = intval(urldecode($params['offset']));
11
 
12
  public static $bvTables = array("fw_requests", "lp_requests", "ip_store");
13
 
14
+ const DB_WING_VERSION = 1.0;
15
+
16
  public function __construct($callback_handler) {
17
  $this->db = $callback_handler->db;
18
  $this->account = $callback_handler->account;
205
  $result["rows"] = $rows;
206
  $resp = $result;
207
  break;
208
+ case "multitablecontent":
209
+ $tableParams = $params['table_params'];
210
+ $resp = array();
211
+ foreach($tableParams as $tableParam) {
212
+ $result = array();
213
+ $identifier = $tableParam['identifier'];
214
+ $table = $tableParam['table'];
215
+ $tname = $tableParam['tname'];
216
+ $fields = $tableParam['fields'];
217
+ $filter = (array_key_exists('filter', $tableParam)) ? $tableParam['filter'] : "";
218
+ $limit = $tableParam['limit'];
219
+ $offset = $tableParam['offset'];
220
+ $pkeys = (array_key_exists('pkeys', $tableParam)) ? $tableParam['pkeys'] : array();
221
+ $result['timestamp'] = time();
222
+ $result['table_name'] = $tname;
223
+ $rows = $db->getTableContent($table, $fields, $filter, $limit, $offset);
224
+ $srows = sizeof($rows);
225
+ if (!empty($pkeys) && $srows > 0) {
226
+ $end_row = end($rows);
227
+ $result['last_ids'] = $this->getLastID($pkeys, $end_row);
228
+ }
229
+ $result["rows"] = $rows;
230
+ $result["size"] = $srows;
231
+ $resp[$identifier] = $result;
232
+ }
233
+ break;
234
  case "tableinfo":
235
  $table = urldecode($params['table']);
236
  $offset = intval(urldecode($params['offset']));
callback/wings/fs.php CHANGED
@@ -9,6 +9,7 @@ class BVFSCallback extends BVCallbackBase {
9
  public $account;
10
 
11
  public static $cwAllowedFiles = array(".htaccess", ".user.ini", "malcare-waf.php");
 
12
 
13
  public function __construct($callback_handler) {
14
  $this->account = $callback_handler->account;
9
  public $account;
10
 
11
  public static $cwAllowedFiles = array(".htaccess", ".user.ini", "malcare-waf.php");
12
+ const FS_WING_VERSION = 1.0;
13
 
14
  public function __construct($callback_handler) {
15
  $this->account = $callback_handler->account;
callback/wings/fs_write.php CHANGED
@@ -6,6 +6,7 @@ if (!class_exists('BVFSWriteCallback')) :
6
  class BVFSWriteCallback extends BVCallbackBase {
7
 
8
  const MEGABYTE = 1048576;
 
9
 
10
  public function __construct() {
11
  }
6
  class BVFSWriteCallback extends BVCallbackBase {
7
 
8
  const MEGABYTE = 1048576;
9
+ const FS_WRITE_WING_VERSION = 1.0;
10
 
11
  public function __construct() {
12
  }
callback/wings/info.php CHANGED
@@ -8,6 +8,8 @@ class BVInfoCallback extends BVCallbackBase {
8
  public $settings;
9
  public $siteinfo;
10
  public $bvinfo;
 
 
11
 
12
  public function __construct($callback_handler) {
13
  $this->db = $callback_handler->db;
@@ -156,7 +158,7 @@ class BVInfoCallback extends BVCallbackBase {
156
  return array("wp" => $wp_info);
157
  }
158
 
159
- public function getUsers($args = array(), $full) {
160
  $results = array();
161
  $users = get_users($args);
162
  if ('true' == $full) {
@@ -205,9 +207,6 @@ class BVInfoCallback extends BVCallbackBase {
205
 
206
  public function servicesInfo(&$data) {
207
  $settings = $this->settings;
208
- $data['dynsync'] = $settings->getOption('bvDynSyncActive');
209
- $data['woodyn'] = $settings->getOption('bvWooDynSync');
210
- $data['dynplug'] = $settings->getOption('bvdynplug');
211
  $data['protect'] = $settings->getOption('bvptconf');
212
  $data['brand'] = $settings->getOption($this->bvinfo->brand_option);
213
  $data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
@@ -304,7 +303,7 @@ class BVInfoCallback extends BVCallbackBase {
304
  $full = false;
305
  if (array_key_exists('full', $params))
306
  $full = true;
307
- $resp = $this->getUsers($params['args'], $full);
308
  break;
309
  case "gttrnsnt":
310
  $transient = $this->settings->getTransient($params['name']);
8
  public $settings;
9
  public $siteinfo;
10
  public $bvinfo;
11
+
12
+ const INFO_WING_VERSION = 1.0;
13
 
14
  public function __construct($callback_handler) {
15
  $this->db = $callback_handler->db;
158
  return array("wp" => $wp_info);
159
  }
160
 
161
+ public function getUsers($full, $args = array()) {
162
  $results = array();
163
  $users = get_users($args);
164
  if ('true' == $full) {
207
 
208
  public function servicesInfo(&$data) {
209
  $settings = $this->settings;
 
 
 
210
  $data['protect'] = $settings->getOption('bvptconf');
211
  $data['brand'] = $settings->getOption($this->bvinfo->brand_option);
212
  $data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
303
  $full = false;
304
  if (array_key_exists('full', $params))
305
  $full = true;
306
+ $resp = $this->getUsers($full, $params['args']);
307
  break;
308
  case "gttrnsnt":
309
  $transient = $this->settings->getTransient($params['name']);
callback/wings/misc.php CHANGED
@@ -9,11 +9,15 @@ class BVMiscCallback extends BVCallbackBase {
9
  public $siteinfo;
10
  public $account;
11
  public $bvapi;
 
 
 
12
 
13
  public function __construct($callback_handler) {
14
  $this->settings = $callback_handler->settings;
15
  $this->siteinfo = $callback_handler->siteinfo;
16
  $this->account = $callback_handler->account;
 
17
  $this->bvinfo = new MCInfo($callback_handler->settings);
18
  $this->bvapi = new MCWPAPI($callback_handler->settings);
19
  }
@@ -44,6 +48,54 @@ class BVMiscCallback extends BVCallbackBase {
44
  return array("wpupdatethemes" => true);
45
  }
46
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
47
  public function process($request) {
48
  $bvinfo = $this->bvinfo;
49
  $settings = $this->settings;
@@ -54,6 +106,7 @@ class BVMiscCallback extends BVCallbackBase {
54
  $resp = array_merge($resp, $this->siteinfo->info());
55
  $resp = array_merge($resp, $this->account->info());
56
  $resp = array_merge($resp, $this->bvinfo->info());
 
57
  break;
58
  case "pngbv":
59
  $info = array();
@@ -123,6 +176,21 @@ class BVMiscCallback extends BVCallbackBase {
123
  $resp["updated_configs"] = $updated_configs;
124
  $resp["deleted_configs"] = $deleted_configs;
125
  break;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
126
  default:
127
  $resp = false;
128
  }
9
  public $siteinfo;
10
  public $account;
11
  public $bvapi;
12
+ public $db;
13
+
14
+ const MISC_WING_VERSION = 1.0;
15
 
16
  public function __construct($callback_handler) {
17
  $this->settings = $callback_handler->settings;
18
  $this->siteinfo = $callback_handler->siteinfo;
19
  $this->account = $callback_handler->account;
20
+ $this->db = $callback_handler->db;
21
  $this->bvinfo = new MCInfo($callback_handler->settings);
22
  $this->bvapi = new MCWPAPI($callback_handler->settings);
23
  }
48
  return array("wpupdatethemes" => true);
49
  }
50
 
51
+ public function getWingInfo() {
52
+ return array('wing_info' => self::WING_INFOS);
53
+ }
54
+
55
+ public function post_types_data($post_params) {
56
+ $result = array();
57
+ $get_post_types_args = $post_params['get_post_types_args'];
58
+ $post_types = get_post_types($get_post_types_args);
59
+ $post_types = array_merge($post_types, $post_params['include_post_types']);
60
+ $post_types = array_diff( $post_types, $post_params['exclude_post_types']);
61
+ $result['post_types'] = $post_types;
62
+ $post_types = esc_sql($post_types);
63
+ $post_types = "'" . implode("','", $post_types) . "'";
64
+ $post_table = $post_params['table'];
65
+ $post_select_columns = implode(", ", $post_params['select_column']);
66
+ $post_query = "SELECT MAX(ID) as $post_select_columns FROM ( SELECT
67
+ $post_select_columns FROM $post_table WHERE post_type IN ( $post_types )
68
+ AND post_status='publish' ORDER BY post_date DESC ) AS posts GROUP BY post_type";
69
+ $posts = $this->db->getResult($post_query);
70
+ foreach ( $posts as $key => $post ) {
71
+ $posts[$key]['url'] = get_permalink($post);
72
+ }
73
+ $result['posts'] = $posts;
74
+ return $result;
75
+ }
76
+
77
+ public function taxonomy_data($taxonomy_params) {
78
+ $result = array();
79
+ $get_taxonomies_args = $taxonomy_params['get_taxonomies_args'];
80
+ $taxonomies = get_taxonomies($get_taxonomies_args);
81
+ $taxonomies = array_diff($taxonomies, $taxonomy_params['exclude_taxonomies']);
82
+ $result['taxonomies'] = $taxonomies;
83
+ $taxonomies = esc_sql( $taxonomies );
84
+ $taxonomies = "'" . implode( "','", $taxonomies ) . "'";
85
+ $taxonomy_table = $taxonomy_params['table'];
86
+ $taxonomy_select_columns = implode(", ", $taxonomy_params['select_column']);
87
+ $taxonomy_query = "SELECT MAX( term_id ) AS $taxonomy_select_columns FROM (
88
+ SELECT $taxonomy_select_columns FROM $taxonomy_table WHERE taxonomy IN (
89
+ $taxonomies ) AND count > 0) AS taxonomies GROUP BY taxonomy";
90
+
91
+ $taxonomies = $this->db->getResult($taxonomy_query);
92
+ foreach($taxonomies as $key => $taxonomy) {
93
+ $taxonomies[$key]['url'] = get_term_link((int)$taxonomy['term_id'], $taxonomy['taxonomy']);
94
+ }
95
+ $result['taxonomy_data'] = $taxonomies;
96
+ return $result;
97
+ }
98
+
99
  public function process($request) {
100
  $bvinfo = $this->bvinfo;
101
  $settings = $this->settings;
106
  $resp = array_merge($resp, $this->siteinfo->info());
107
  $resp = array_merge($resp, $this->account->info());
108
  $resp = array_merge($resp, $this->bvinfo->info());
109
+ $resp = array_merge($resp, $this->getWingInfo());
110
  break;
111
  case "pngbv":
112
  $info = array();
176
  $resp["updated_configs"] = $updated_configs;
177
  $resp["deleted_configs"] = $deleted_configs;
178
  break;
179
+ case "critical_css_data":
180
+ $resp = array();
181
+ if (array_key_exists('fetch_post_data', $params) && $params['fetch_post_data'] == true) {
182
+ $post_params = $params['post_params'];
183
+ $post_result = $this->post_types_data($post_params);
184
+ $resp['post_cp_results'] = $post_result['posts'];
185
+ $resp['post_types'] = $post_result['post_types'];
186
+ }
187
+ if (array_key_exists('fetch_taxonomy_data', $params) && $params['fetch_taxonomy_data'] == true) {
188
+ $taxonomy_params = $params['taxonomy_params'];
189
+ $taxonomy_result = $this->taxonomy_data($taxonomy_params);
190
+ $resp['taxonomy_cp_results'] = $taxonomy_result['taxonomy_data'];
191
+ $resp['taxonomies'] = $taxonomy_result['taxonomies'];
192
+ }
193
+ break;
194
  default:
195
  $resp = false;
196
  }
callback/wings/protect.php CHANGED
@@ -11,6 +11,8 @@ class BVProtectCallback extends BVCallbackBase {
11
  public $db;
12
  public $settings;
13
 
 
 
14
  public function __construct($callback_handler) {
15
  $this->db = $callback_handler->db;
16
  $this->settings = $callback_handler->settings;
11
  public $db;
12
  public $settings;
13
 
14
+ const PROTECT_WING_VERSION = 1.0;
15
+
16
  public function __construct($callback_handler) {
17
  $this->db = $callback_handler->db;
18
  $this->settings = $callback_handler->settings;
callback/wings/watch.php CHANGED
@@ -7,6 +7,8 @@ class BVWatchCallback extends BVCallbackBase {
7
  public $db;
8
  public $settings;
9
 
 
 
10
  public function __construct($callback_handler) {
11
  $this->db = $callback_handler->db;
12
  $this->settings = $callback_handler->settings;
7
  public $db;
8
  public $settings;
9
 
10
+ const WATCH_WING_VERSION = 1.0;
11
+
12
  public function __construct($callback_handler) {
13
  $this->db = $callback_handler->db;
14
  $this->settings = $callback_handler->settings;
info.php CHANGED
@@ -10,7 +10,7 @@ if (!class_exists('MCInfo')) :
10
  public $badgeinfo = 'mcbadge';
11
  public $ip_header_option = 'mcipheader';
12
  public $brand_option = 'mcbrand';
13
- public $version = '4.63';
14
  public $webpage = 'https://www.malcare.com';
15
  public $appurl = 'https://app.malcare.com';
16
  public $slug = 'malcare-security/malcare.php';
@@ -112,8 +112,13 @@ if ($bvinfo->canSetCWBranding()) {
112
  }
113
 
114
  public function isDynSyncModuleEnabled() {
115
- return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
116
- $this->isActivePlugin();
 
 
 
 
 
117
  }
118
 
119
  public function isServiceActive($service) {
10
  public $badgeinfo = 'mcbadge';
11
  public $ip_header_option = 'mcipheader';
12
  public $brand_option = 'mcbrand';
13
+ public $version = '4.65';
14
  public $webpage = 'https://www.malcare.com';
15
  public $appurl = 'https://app.malcare.com';
16
  public $slug = 'malcare-security/malcare.php';
112
  }
113
 
114
  public function isDynSyncModuleEnabled() {
115
+ if ($this->isServiceActive("dynsync")) {
116
+ $dynconfig = $this->config['dynsync'];
117
+ if (array_key_exists('dynplug', $dynconfig) && ($dynconfig['dynplug'] === $this->plugname)) {
118
+ return true;
119
+ }
120
+ }
121
+ return false;
122
  }
123
 
124
  public function isServiceActive($service) {
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: MalCare Security - Free Malware Scanner, Protection & Security for WordPress
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 4.63
9
  Network: True
10
  */
11
 
@@ -28,6 +28,7 @@ Network: True
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
 
31
 
32
  require_once dirname( __FILE__ ) . '/wp_settings.php';
33
  require_once dirname( __FILE__ ) . '/wp_site_info.php';
@@ -104,6 +105,7 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
104
 
105
 
106
  require_once dirname( __FILE__ ) . '/callback/handler.php';
 
107
  $params = $request->processParams($_REQUEST);
108
  if ($params === false) {
109
  $resp = array(
5
  Description: MalCare Security - Free Malware Scanner, Protection & Security for WordPress
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 4.65
9
  Network: True
10
  */
11
 
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
+ ##OLDWPR##
32
 
33
  require_once dirname( __FILE__ ) . '/wp_settings.php';
34
  require_once dirname( __FILE__ ) . '/wp_site_info.php';
105
 
106
 
107
  require_once dirname( __FILE__ ) . '/callback/handler.php';
108
+
109
  $params = $request->processParams($_REQUEST);
110
  if ($params === false) {
111
  $resp = array(
protect/wp/lp/config.php CHANGED
@@ -7,6 +7,9 @@ class BVWPLPConfig {
7
  public $captchaLimit;
8
  public $tempBlockLimit;
9
  public $blockAllLimit;
 
 
 
10
 
11
  public static $requests_table = 'lp_requests';
12
 
@@ -20,6 +23,9 @@ class BVWPLPConfig {
20
  $this->captchaLimit = array_key_exists('captchalimit', $confHash) ? intval($confHash['captchalimit']) : 3;
21
  $this->tempBlockLimit = array_key_exists('tempblocklimit', $confHash) ? intval($confHash['tempblocklimit']) : 10;
22
  $this->blockAllLimit = array_key_exists('blockalllimit', $confHash) ? intval($confHash['blockalllimit']) : 100;
 
 
 
23
  }
24
  }
25
  endif;
7
  public $captchaLimit;
8
  public $tempBlockLimit;
9
  public $blockAllLimit;
10
+ public $failedLoginGap;
11
+ public $successLoginGap;
12
+ public $allBlockedGap;
13
 
14
  public static $requests_table = 'lp_requests';
15
 
23
  $this->captchaLimit = array_key_exists('captchalimit', $confHash) ? intval($confHash['captchalimit']) : 3;
24
  $this->tempBlockLimit = array_key_exists('tempblocklimit', $confHash) ? intval($confHash['tempblocklimit']) : 10;
25
  $this->blockAllLimit = array_key_exists('blockalllimit', $confHash) ? intval($confHash['blockalllimit']) : 100;
26
+ $this->failedLoginGap = array_key_exists('failedlogingap', $confHash) ? intval($confHash['failedlogingap']) : 1800;
27
+ $this->successLoginGap = array_key_exists('successlogingap', $confHash) ? intval($confHash['successlogingap']) : 1800;
28
+ $this->allBlockedGap = array_key_exists('allblockedgap', $confHash) ? intval($confHash['allblockedgap']) : 1800;
29
  }
30
  }
31
  endif;
protect/wp/lp/lp.php CHANGED
@@ -83,6 +83,18 @@ class BVWPLP {
83
  return $this->config->captchaLimit;
84
  }
85
 
 
 
 
 
 
 
 
 
 
 
 
 
86
  public function getTempBlockLimit() {
87
  return $this->config->tempBlockLimit;
88
  }
@@ -149,7 +161,7 @@ class BVWPLP {
149
 
150
  public function isLoginBlocked() {
151
  if ($this->getAllowLoginsTransient() ||
152
- ($this->getLoginCount(BVWPLP::LOGINFAILURE) < $this->getBlockAllLimit())) {
153
  return false;
154
  }
155
  return true;
@@ -184,7 +196,7 @@ class BVWPLP {
184
  if ($this->isUnBlockedIP()) {
185
  $this->setCategory(BVWPLP::UNBLOCKED);
186
  } else {
187
- $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip);
188
  if ($this->isWhitelistedIP()) {
189
  $this->setCategory(BVWPLP::BYPASSED);
190
  } else if ($this->isBlacklistedIP()) {
@@ -221,7 +233,7 @@ class BVWPLP {
221
  }
222
 
223
  public function isKnownLogin() {
224
- return $this->getLoginCount(BVWPLP::LOGINSUCCESS, $this->ip, 3600) > 0;
225
  }
226
 
227
  public function getLoginCount($status, $ip = null, $gap = 1800) {
83
  return $this->config->captchaLimit;
84
  }
85
 
86
+ public function getFailedLoginGap() {
87
+ return $this->config->failedLoginGap;
88
+ }
89
+
90
+ public function getSuccessLoginGap() {
91
+ return $this->config->successLoginGap;
92
+ }
93
+
94
+ public function getAllBlockedGap() {
95
+ return $this->config->allBlockedGap;
96
+ }
97
+
98
  public function getTempBlockLimit() {
99
  return $this->config->tempBlockLimit;
100
  }
161
 
162
  public function isLoginBlocked() {
163
  if ($this->getAllowLoginsTransient() ||
164
+ ($this->getLoginCount(BVWPLP::LOGINFAILURE, null, $this->getAllBlockedGap()) < $this->getBlockAllLimit())) {
165
  return false;
166
  }
167
  return true;
196
  if ($this->isUnBlockedIP()) {
197
  $this->setCategory(BVWPLP::UNBLOCKED);
198
  } else {
199
+ $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip, $this->getFailedLoginGap());
200
  if ($this->isWhitelistedIP()) {
201
  $this->setCategory(BVWPLP::BYPASSED);
202
  } else if ($this->isBlacklistedIP()) {
233
  }
234
 
235
  public function isKnownLogin() {
236
+ return $this->getLoginCount(BVWPLP::LOGINSUCCESS, $this->ip, $this->getSuccessLoginGap()) > 0;
237
  }
238
 
239
  public function getLoginCount($status, $ip = null, $gap = 1800) {
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.8
8
  Requires PHP: 5.4.0
9
- Stable tag: 4.63
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -397,6 +397,11 @@ These are available on our website: [Terms of Service](https://www.malcare.com/t
397
  8. MalCare’s Uptime Monitoring notifies if a website goes down so that you can handle the situation before starting to lose visitors.
398
 
399
  == CHANGELOG ==
 
 
 
 
 
400
  = 4.63 =
401
  * Updated the logos
402
 
6
  Requires at least: 4.0
7
  Tested up to: 5.8
8
  Requires PHP: 5.4.0
9
+ Stable tag: 4.65
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
397
  8. MalCare’s Uptime Monitoring notifies if a website goes down so that you can handle the situation before starting to lose visitors.
398
 
399
  == CHANGELOG ==
400
+ = 4.65 =
401
+ * Making Login Protection more configurable.
402
+ * Robust handling of requests params.
403
+ * Callback wing versioning.
404
+
405
  = 4.63 =
406
  * Updated the logos
407