Protect Your Admin - Version 1.2

Version Description

  • Added new option for allow admin access to non-admin users
    • Added condition for check permalink is updated or not
    • Fixed a minor issues (logout issues after add/update admin new url)
Download this release

Release Info

Developer india-web-developer
Plugin Icon 128x128 Protect Your Admin
Version 1.2
Comparing to
See all releases

Code changes from version 1.1 to 1.2

Files changed (3) hide show
  1. protect-wp-admin.php +73 -11
  2. pwa-class.php +20 -18
  3. readme.txt +42 -8
protect-wp-admin.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: http://www.mrwebsolution.in/
5
  Description: "protect-wp-admin" is a very help full plugin to make wordpress admin more secure. Protect WP-Admin plugin is provide the options for change the wp-admin url and make the login page private(directly user can't access the login page).
6
  Author: Raghunath
7
  Author URI: http://www.mrwebsolution.in/
8
- Version: 1.1
9
  */
10
 
11
  /*** Copyright 2014 Raghunath (email : raghunath.0087@gmail.com)
@@ -46,6 +46,7 @@ function init_pwa_options_fields(){
46
  register_setting('pwa_setting_options','pwa_rewrite_text');
47
  register_setting('pwa_setting_options','pwa_restrict');
48
  register_setting('pwa_setting_options','pwa_logout');
 
49
  }
50
 
51
 
@@ -56,30 +57,48 @@ function pwa_action_links( $links ) {
56
  return $links;
57
  }
58
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
59
  /** Options Form HTML for "Protect WP-Admin" plugin */
60
- function init_pwa_admin_option_page(){ ?>
 
 
 
61
  <div style="width: 80%; padding: 10px; margin: 10px;">
 
62
  <h1>Protect WP-Admin Settings</h1>
63
  <!-- Start Options Form -->
64
  <form action="options.php" method="post" id="pwa-settings-form-admin">
65
-
66
  <div id="pwa-tab-menu"><a id="pwa-general" class="pwa-tab-links active" >General</a> <a id="pwa-advance" class="pwa-tab-links">Advance Settings</a> <a id="pwa-support" class="pwa-tab-links">Support</a> </div>
67
 
68
  <div class="pwa-setting">
69
- <!-- General Setting -->
70
  <div class="first pwa-tab" id="div-pwa-general">
71
  <h2>General Settings</h2>
72
- <p><strong>Note!:</strong> After update the new admin url,if nothing happen then you can re-check it after update the site permalink!</p>
73
- <p><label>Enable:</label><input type="checkbox" id="pwa_active" name="pwa_active" value='1' <?php if(get_option('pwa_active')!=''){ echo ' checked="checked"'; }?>/></p>
74
- <p><label>Add New Admin URL:</label><input type="text" id="pwa_rewrite_text" name="pwa_rewrite_text" value="<?php echo esc_attr(get_option('pwa_rewrite_text')); ?>" placeholder="wp-admin"></p>
75
  </div>
76
 
77
  <!-- Advance Setting -->
78
  <div class="pwa-tab" id="div-pwa-advance">
79
  <h2>Advance Settings</h2>
80
 
81
- <p><label>Restrict registered users from wp-admin :</label><input type="checkbox" id="pwa_restrict" name="pwa_restrict" value='1' <?php if(get_option('pwa_restrict')!=''){ echo ' checked="checked"'; }?>/></p>
82
- <p><label>Logout Admin After Add/Update New Admin URL(Optional) :</label><input type="checkbox" id="pwa_logout" name="pwa_logout" value='1' <?php if(get_option('pwa_logout')==''){ echo ''; }else{echo 'checked="checked"';}?>/> (This is only for security purpose)</p>
 
83
 
84
  </div>
85
 
@@ -103,7 +122,8 @@ function init_pwa_admin_option_page(){ ?>
103
 
104
  </div>
105
  <span class="submit-btn"><?php echo get_submit_button('Save Settings','button-primary','submit','','');?></span>
106
-
 
107
  <?php settings_fields('pwa_setting_options'); ?>
108
 
109
  </form>
@@ -132,13 +152,54 @@ echo $script='<script type="text/javascript">
132
  jQuery(".pwa-tab").hide();
133
  jQuery("#"+divid).addClass("active");
134
  jQuery("#div-"+divid).fadeIn();
135
- })
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
136
  })
137
  </script>';
138
 
139
  }
140
 
141
 
 
 
 
 
 
 
 
 
 
 
 
 
 
142
  /** register_install_hook */
143
  if( function_exists('register_install_hook') ){
144
  register_uninstall_hook(__FILE__,'init_install_pwa_plugins');
@@ -159,6 +220,7 @@ function init_uninstall_pwa_plugins(){
159
  delete_option('pwa_rewrite_text');
160
  delete_option('pwa_restrict');
161
  delete_option('pwa_logout');
 
162
  }
163
  require dirname(__FILE__).'/pwa-class.php';
164
 
5
  Description: "protect-wp-admin" is a very help full plugin to make wordpress admin more secure. Protect WP-Admin plugin is provide the options for change the wp-admin url and make the login page private(directly user can't access the login page).
6
  Author: Raghunath
7
  Author URI: http://www.mrwebsolution.in/
8
+ Version: 1.2
9
  */
10
 
11
  /*** Copyright 2014 Raghunath (email : raghunath.0087@gmail.com)
46
  register_setting('pwa_setting_options','pwa_rewrite_text');
47
  register_setting('pwa_setting_options','pwa_restrict');
48
  register_setting('pwa_setting_options','pwa_logout');
49
+ register_setting('pwa_setting_options','pwa_allow_custom_users');
50
  }
51
 
52
 
57
  return $links;
58
  }
59
 
60
+ /** Check Permalink enable or not*/
61
+ function get_pwa_setting_optionsa() {
62
+ global $wpdb;
63
+ $pwaOptions1 = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE option_name = 'rewrite_rules'");
64
+
65
+ foreach ($pwaOptions1 as $option) {
66
+ $pwaOptions1[$option->option_name] = $option->option_value;
67
+ }
68
+ return $pwaOptions1;
69
+
70
+ }
71
+
72
+
73
+
74
  /** Options Form HTML for "Protect WP-Admin" plugin */
75
+ function init_pwa_admin_option_page(){
76
+
77
+ $tt=get_pwa_setting_optionsa();
78
+ ?>
79
  <div style="width: 80%; padding: 10px; margin: 10px;">
80
+
81
  <h1>Protect WP-Admin Settings</h1>
82
  <!-- Start Options Form -->
83
  <form action="options.php" method="post" id="pwa-settings-form-admin">
84
+ <input type="hidden" id="check_permalink" value="<?php echo count($tt);?>">
85
  <div id="pwa-tab-menu"><a id="pwa-general" class="pwa-tab-links active" >General</a> <a id="pwa-advance" class="pwa-tab-links">Advance Settings</a> <a id="pwa-support" class="pwa-tab-links">Support</a> </div>
86
 
87
  <div class="pwa-setting">
88
+ <!-- General Setting -->
89
  <div class="first pwa-tab" id="div-pwa-general">
90
  <h2>General Settings</h2>
91
+ <p><label>Enable: </label><input type="checkbox" id="pwa_active" name="pwa_active" value='1' <?php if(get_option('pwa_active')!=''){ echo ' checked="checked"'; }?>/></p>
92
+ <p id="adminurl"><label>Admin Slug: </label><input type="text" id="pwa_rewrite_text" name="pwa_rewrite_text" value="<?php echo esc_attr(get_option('pwa_rewrite_text')); ?>" placeholder="Add New Secure Admin URL Slug ( i.e /myadmin )" size="30"></p>
 
93
  </div>
94
 
95
  <!-- Advance Setting -->
96
  <div class="pwa-tab" id="div-pwa-advance">
97
  <h2>Advance Settings</h2>
98
 
99
+ <p><input type="checkbox" id="pwa_restrict" name="pwa_restrict" value='1' <?php if(get_option('pwa_restrict')!=''){ echo ' checked="checked"'; }?>/> <label>Restrict registered non-admin users from wp-admin :</label></p>
100
+ <p><input type="checkbox" id="pwa_logout" name="pwa_logout" value='1' <?php if(get_option('pwa_logout')==''){ echo ''; }else{echo 'checked="checked"';}?>/> <label>Logout Admin After Add/Update New Admin URL(Optional) :</label> (This is only for security purpose)</p>
101
+ <p><label>Allow access to non-admin users:</label><input type="text" id="pwa_allow_custom_users" name="pwa_allow_custom_users" value="<?php echo esc_attr(get_option('pwa_allow_custom_users')); ?>" placeholder="1,2,3"> (<i>Add comma seprated ids</i>)</p>
102
 
103
  </div>
104
 
122
 
123
  </div>
124
  <span class="submit-btn"><?php echo get_submit_button('Save Settings','button-primary','submit','','');?></span>
125
+ <div style="color:red;"><strong>Important!:</strong> Please update permalinks before activate the plugin. Permalinks option should not be default.</div>
126
+
127
  <?php settings_fields('pwa_setting_options'); ?>
128
 
129
  </form>
152
  jQuery(".pwa-tab").hide();
153
  jQuery("#"+divid).addClass("active");
154
  jQuery("#div-"+divid).fadeIn();
155
+ });
156
+
157
+ jQuery("#pwa-settings-form-admin .button-primary").click(function(){
158
+ var seoUrlVal=jQuery("#check_permalink").val();
159
+ if(seoUrlVal==0)
160
+ {
161
+ alert("Please update permalinks before activate the plugin. Permalinks option should not be default");
162
+ document.location.href="'.admin_url('options-permalink.php').'";
163
+ return false;
164
+ }else
165
+ {
166
+ return true;
167
+ }
168
+ });
169
+
170
+ jQuery("#submit").click(function(){
171
+ var $el = jQuery("#pwa_active");
172
+ var $vlue = jQuery("#pwa_rewrite_text").val();
173
+
174
+ if(($el[0].checked) && $vlue=="")
175
+ {
176
+ jQuery("#pwa_rewrite_text").css("border","1px solid red");
177
+ jQuery("#adminurl").append(" <strong style=\'color:red;\'>Please enter admin url slug</strong>");
178
+ return false;
179
+ }
180
+ return true;
181
+
182
+ })
183
+
184
  })
185
  </script>';
186
 
187
  }
188
 
189
 
190
+
191
+ // Add Check if permalinks are set on plugin activation
192
+ register_activation_hook( __FILE__, 'is_permalink_activate' );
193
+ function is_permalink_activate() {
194
+ //add notice if user needs to enable permalinks
195
+ if (! get_option('permalink_structure') )
196
+ add_action('admin_notices', 'permalink_structure_admin_notice');
197
+ }
198
+
199
+ function permalink_structure_admin_notice(){
200
+ echo '<div id="message" class="error"><p>Please Make sure to enable <a href="options-permalink.php">Permalinks</a>.</p></div>';
201
+ }
202
+
203
  /** register_install_hook */
204
  if( function_exists('register_install_hook') ){
205
  register_uninstall_hook(__FILE__,'init_install_pwa_plugins');
220
  delete_option('pwa_rewrite_text');
221
  delete_option('pwa_restrict');
222
  delete_option('pwa_logout');
223
+ delete_option('pwa_allow_custom_users');
224
  }
225
  require dirname(__FILE__).'/pwa-class.php';
226
 
pwa-class.php CHANGED
@@ -24,7 +24,7 @@ $getPwaOptions=get_pwa_setting_options();
24
 
25
  if(isset($getPwaOptions['pwa_active']) && '1'==$getPwaOptions['pwa_active'])
26
  {
27
- add_action('init', 'pwa_flush_rewrite');
28
  add_action('init', 'init_pwa_admin_rewrite_rules' );
29
  add_action('init', 'pwa_admin_url_redirect_conditions' );
30
 
@@ -48,7 +48,6 @@ function pwa_logout_user_after_settings_save()
48
  if(isset($_GET['settings-updated']) && $_GET['settings-updated'] && isset($_GET['page']) && $_GET['page']=='pwa-settings' && isset($getPwaOptions['pwa_logout']) && $getPwaOptions['pwa_logout']==1)
49
  {
50
  $URL=str_replace('&amp;','&',wp_logout_url());
51
- session_destroy();
52
  if(isset($getPwaOptions['pwa_rewrite_text']) && isset($getPwaOptions['pwa_logout']) && $getPwaOptions['pwa_logout']==1 && $getPwaOptions['pwa_rewrite_text']!=''){
53
  wp_redirect(home_url('/'.$getPwaOptions['pwa_rewrite_text']));
54
  }else
@@ -58,23 +57,8 @@ function pwa_logout_user_after_settings_save()
58
  //wp_redirect($URL);
59
  }
60
 
61
- /* $request_url = pwa_get_current_page_url($_SERVER);
62
- if(isset($getPwaOptions['pwa_rewrite_text']) && $getPwaOptions['pwa_logout']==1 && $request_url==home_url('/wp-login.php?loggedout=true'))
63
- {
64
- echo "helloss";
65
- wp_redirect(home_url('/'.$getPwaOptions['pwa_rewrite_text']));
66
-
67
- }
68
- */
69
-
70
  }
71
 
72
- /** Flush rewrite rules after update the permalink */
73
- function pwa_flush_rewrite() {
74
- global $wp_rewrite;
75
- $wp_rewrite->flush_rules();
76
-
77
- }
78
  /** Create a new rewrite rule for change to wp-admin url */
79
  function init_pwa_admin_rewrite_rules() {
80
  $getPwaOptions=get_pwa_setting_options();
@@ -100,8 +84,26 @@ function pwa_admin_url_redirect_conditions()
100
  {
101
  global $current_user;
102
  $user_roles = $current_user->roles;
 
103
  $user_role = array_shift($user_roles);
104
- if($user_role=='administrator')
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
105
  {
106
  //silent is gold
107
  }else
24
 
25
  if(isset($getPwaOptions['pwa_active']) && '1'==$getPwaOptions['pwa_active'])
26
  {
27
+
28
  add_action('init', 'init_pwa_admin_rewrite_rules' );
29
  add_action('init', 'pwa_admin_url_redirect_conditions' );
30
 
48
  if(isset($_GET['settings-updated']) && $_GET['settings-updated'] && isset($_GET['page']) && $_GET['page']=='pwa-settings' && isset($getPwaOptions['pwa_logout']) && $getPwaOptions['pwa_logout']==1)
49
  {
50
  $URL=str_replace('&amp;','&',wp_logout_url());
 
51
  if(isset($getPwaOptions['pwa_rewrite_text']) && isset($getPwaOptions['pwa_logout']) && $getPwaOptions['pwa_logout']==1 && $getPwaOptions['pwa_rewrite_text']!=''){
52
  wp_redirect(home_url('/'.$getPwaOptions['pwa_rewrite_text']));
53
  }else
57
  //wp_redirect($URL);
58
  }
59
 
 
 
 
 
 
 
 
 
 
60
  }
61
 
 
 
 
 
 
 
62
  /** Create a new rewrite rule for change to wp-admin url */
63
  function init_pwa_admin_rewrite_rules() {
64
  $getPwaOptions=get_pwa_setting_options();
84
  {
85
  global $current_user;
86
  $user_roles = $current_user->roles;
87
+ $user_ID = $current_user->ID;
88
  $user_role = array_shift($user_roles);
89
+
90
+ if(isset($getPwaOptions['pwa_allow_custom_users']) && $getPwaOptions['pwa_allow_custom_users']!='')
91
+ {
92
+ $userids=explode(',' ,$getPwaOptions['pwa_allow_custom_users']);
93
+
94
+ if(is_array($userids))
95
+ {
96
+ $userids=explode(',' ,$getPwaOptions['pwa_allow_custom_users']);
97
+ }else
98
+ {
99
+ $userids[]=$getPwaOptions['pwa_allow_custom_users'];
100
+ }
101
+ }else
102
+ {
103
+ $userids=array();
104
+ }
105
+
106
+ if($user_role=='administrator' || in_array($user_ID,$userids))
107
  {
108
  //silent is gold
109
  }else
readme.txt CHANGED
@@ -3,20 +3,30 @@ Contributors:india-web-developer
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=WN785E5V492L4
4
  Tags: Protect WP-Admin,wp-admin,Protect wordpress admin,Secure Admin,Admin,Scure Wordpress Admin,Rename Admin URL, Rename Wordpress Admin URL,Change wp-admin url,Change Admin URL,Change Admin Path,Restrict wp-admin
5
  Requires at least: 3.0
6
- Tested up to: 4.0
7
- Stable tag: 1.1
8
 
9
- Protect Your Website Admin Against Hackers By Change Default Admin URL To Secure Admin URL (i.e http://yourdomain.com/myadmin)
10
 
11
  == Description ==
12
 
13
- If you run a WordPress website, you should absolutely use "protect-wp-admin" to secure it against hackers. "protect-wp-admin" will be help you to make your site admin more secure. Protect WP-Admin plugin is provide the option for change the wp-admin url to new secure url (i.e http://yourdomain.com/myadmin).This plugin is provide an option to restrict the wp-admin OR wp-login.php page from Guest user.
 
 
 
 
 
 
 
 
 
 
14
 
15
  = Features =
16
 
17
  * Rename/Change wp-admin url to new url (i.e http://yourdomain.com/myadmin)
18
  * Restrict guest users for access to wp-admin
19
- * Restrict registered users from wp-admin
20
 
21
 
22
  == Installation ==
@@ -27,9 +37,29 @@ If you run a WordPress website, you should absolutely use "protect-wp-admin" to
27
 
28
  == Frequently Asked Questions ==
29
 
30
- * 1.Nothing happen after enable and add the new wordpress admin url?
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
31
 
32
- Don't worry, Just update the site permalink ("Settings" >> "Permalinks") and re-check,Now this time it will be work fine
33
  == Screenshots ==
34
 
35
  1. screenshot-1.png
@@ -39,9 +69,13 @@ If you run a WordPress website, you should absolutely use "protect-wp-admin" to
39
 
40
  == Changelog ==
41
 
 
 
 
 
 
42
  = 1.1 =
43
  * Add new option for restrict registered users from wp-admin
44
- * Add logout options after add/update admin new url
45
  * Fixed permalink update issue after add/update admin new url. Now no need to update your permalink
46
  * Add option for redirect user to new admin url after update the new admin url
47
 
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=WN785E5V492L4
4
  Tags: Protect WP-Admin,wp-admin,Protect wordpress admin,Secure Admin,Admin,Scure Wordpress Admin,Rename Admin URL, Rename Wordpress Admin URL,Change wp-admin url,Change Admin URL,Change Admin Path,Restrict wp-admin
5
  Requires at least: 3.0
6
+ Tested up to: 4.1
7
+ Stable tag: 1.2
8
 
9
+ Protect Your Website Admin Against Hackers!. Change default Admin URL To Secure Admin URL (i.e http://yourdomain.com/myadmin)
10
 
11
  == Description ==
12
 
13
+ If you run a WordPress website, you should absolutely use "protect-wp-admin" to secure it against hackers.
14
+
15
+ Protect WP-Admin fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.
16
+ Everyone knows where the admin panel, and this includes hackers as well.
17
+
18
+ Protect WP-Admin helps solve this problem by allowing webmasters to customize their admin panel URL and blocking the default links.
19
+
20
+ After you setup Protect WP-Admin, webmasters will be able to change the "sitename.com/wp-admin" link into something like "sitename.com/custom-string".
21
+ All queries for the classic "/wp-admin/" and "wp-login.php" files will be redirected to the homepage, while access to the WP backend will be allowed only for the custom URL.
22
+
23
+ The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.
24
 
25
  = Features =
26
 
27
  * Rename/Change wp-admin url to new url (i.e http://yourdomain.com/myadmin)
28
  * Restrict guest users for access to wp-admin
29
+ * Restrict registered non-admin users from wp-admin
30
 
31
 
32
  == Installation ==
37
 
38
  == Frequently Asked Questions ==
39
 
40
+ * 1.Nothing happen after enable and add the new wordpress admin url?
41
+
42
+ Don't worry, Just update the site permalink ("Settings" >> "Permalinks") and re-check,Now this time it will be work fine
43
+
44
+ * 2.Was not able to login after installation
45
+
46
+ Basicaly issues can come only in case when you will use default permalink settings.
47
+ If your permalink will be update to any other option except default then it will be work fine. Anyway Dont' worry,add code give below into your site .htaccess file.
48
+
49
+ # BEGIN WordPress
50
+ <IfModule mod_rewrite.c>
51
+ RewriteEngine On
52
+ RewriteBase /
53
+ RewriteRule ^index\.php$ - [L]
54
+ RewriteRule ^newadmin/?$ /wp-login.php [QSA,L]
55
+ RewriteCond %{REQUEST_FILENAME} !-f
56
+ RewriteCond %{REQUEST_FILENAME} !-d
57
+ RewriteRule . /index.php [L]
58
+ </IfModule>
59
+ # END WordPress
60
+
61
+ Don not forgot to update the "newadmin" slug with your new admin slug (that you were added during update the plugin settings) :-)
62
 
 
63
  == Screenshots ==
64
 
65
  1. screenshot-1.png
69
 
70
  == Changelog ==
71
 
72
+ = 1.2 =
73
+ * Added new option for allow admin access to non-admin users
74
+ * Added condition for check permalink is updated or not
75
+ * Fixed a minor issues (logout issues after add/update admin new url)
76
+
77
  = 1.1 =
78
  * Add new option for restrict registered users from wp-admin
 
79
  * Fixed permalink update issue after add/update admin new url. Now no need to update your permalink
80
  * Add option for redirect user to new admin url after update the new admin url
81