SiteGuard WP Plugin - Version 1.0.6

Version Description

Supported with Apache 1.3
Fix garbling of CAPTCHA by environment
Fix input check of Rename login path
Fix some other bugs

Release Info

Developer	jp-secure
Plugin	SiteGuard WP Plugin
Version	1.0.6
Comparing to
See all releases

Code changes from version 1.0.5 to 1.0.6

Files changed (10) hide show

admin/siteguard-menu-rename-login.php +7 -0
classes/siteguard-admin-filter.php +8 -5
classes/siteguard-htaccess.php +6 -6
classes/siteguard-rename-login.php +3 -3
classes/siteguard-waf-exclude-rule.php +2 -2
languages/siteguard-ja.mo +0 -0
languages/siteguard-ja.po +4 -0
readme.txt +7 -2
really-simple-captcha/siteguard-really-simple-captcha.php +7 -1
siteguard.php +11 -4

admin/siteguard-menu-rename-login.php CHANGED Viewed

	@@ -51,6 +51,13 @@ class SiteGuard_Menu_Rename_Login extends SiteGuard_Base {
51	$opt_val_rename_login_path = stripslashes( $_POST[ $opt_name_rename_login_path ] );
52	$error = true;
53	}







54	if ( false == $error ) {
55	$opt_val_feature = $_POST[ $opt_name_feature ];
56	$opt_val_rename_login_path = $_POST[ $opt_name_rename_login_path ];


51	$opt_val_rename_login_path = stripslashes( $_POST[ $opt_name_rename_login_path ] );
52	$error = true;
53	}
54	+ if ( 1 == preg_match( '/^(wp-admin\|wp-login$\|login$)/', $_POST[ $opt_name_rename_login_path ], $matches ) ) {
55	+ echo '<div class="error settings-error"><p><strong>';
56	+ echo esc_html( $matches[0] ) . esc_html__( ' can not be used for New Login Path.', 'siteguard' );
57	+ echo '</strong></p></div>';
58	+ $opt_val_rename_login_path = stripslashes( $_POST[ $opt_name_rename_login_path ] );
59	+ $error = true;
60	+ }
61	if ( false == $error ) {
62	$opt_val_feature = $_POST[ $opt_name_feature ];
63	$opt_val_rename_login_path = $_POST[ $opt_name_rename_login_path ];

classes/siteguard-admin-filter.php CHANGED Viewed

	@@ -7,7 +7,7 @@ class SiteGuard_AdminFilter extends SiteGuard_Base {
7	define( 'SITEGUARD_TABLE_LOGIN', 'siteguard_login' );
8	add_action( 'wp_login', array( $this, 'handler_wp_login' ), 1, 2 );
9	}
10	- function get_mark( ) {
11	return SiteGuard_AdminFilter::$htaccess_mark;
12	}
13	function init( ) {
	@@ -50,7 +50,7 @@ class SiteGuard_AdminFilter extends SiteGuard_Base {
50	global $wpdb, $config;
51	$htaccess_str = '';
52	$table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN;
53	- $~~exclude_path~~ = $config->get( 'admin_filter_exclude_path' );
54
55	$now_str = current_time( 'mysql' );
56	$now_bin = strtotime( $now_str );
	@@ -82,7 +82,10 @@ class SiteGuard_AdminFilter extends SiteGuard_Base {
82	$htaccess_str .= "<IfModule mod_rewrite.c>\n";
83	$htaccess_str .= " RewriteEngine on\n";
84	$htaccess_str .= " RewriteBase $base\n";
85	- $htaccess_str .= " RewriteRule ^404-siteguard - [L] /\n";



86	$htaccess_str .= ' RewriteCond %{REMOTE_ADDR} !(127.0.0.1\|'. $_SERVER['SERVER_ADDR'] . ")\n";
87	$results = $wpdb->get_col( "SELECT ip_address FROM $table_name;" );
88	if ( $results ) {
	@@ -90,7 +93,7 @@ class SiteGuard_AdminFilter extends SiteGuard_Base {
90	$htaccess_str .= ' RewriteCond %{REMOTE_ADDR} !' . $ip . "\n";
91	}
92	}
93	- $htaccess_str .= ' RewriteRule wp-admin~~/(?!'.$this->cvt_exclude(~~ ~~$exclude_path ).")(.*)~~ 404-siteguard [L]\n";
94	$htaccess_str .= "</IfModule>\n";
95
96	$wpdb->query( 'COMMIT' );
	@@ -103,7 +106,7 @@ class SiteGuard_AdminFilter extends SiteGuard_Base {
103	$data = $this->update_settings( $ip_addres );
104	$htaccess->update_settings( $mark, $data );
105	}
106	- function feature_off( ) {
107	$mark = SiteGuard_AdminFilter::get_mark( );
108	SiteGuard_Htaccess::clear_settings( $mark );
109	}


7	define( 'SITEGUARD_TABLE_LOGIN', 'siteguard_login' );
8	add_action( 'wp_login', array( $this, 'handler_wp_login' ), 1, 2 );
9	}
10	+ static function get_mark( ) {
11	return SiteGuard_AdminFilter::$htaccess_mark;
12	}
13	function init( ) {

50	global $wpdb, $config;
51	$htaccess_str = '';
52	$table_name = $wpdb->prefix . SITEGUARD_TABLE_LOGIN;
53	+ $exclude_paths = preg_split( '/,/', $config->get( 'admin_filter_exclude_path' ) );
54
55	$now_str = current_time( 'mysql' );
56	$now_bin = strtotime( $now_str );

82	$htaccess_str .= "<IfModule mod_rewrite.c>\n";
83	$htaccess_str .= " RewriteEngine on\n";
84	$htaccess_str .= " RewriteBase $base\n";
85	+ $htaccess_str .= " RewriteRule ^404-siteguard - [L]\n";
86	+ foreach( $exclude_paths as $path ) {
87	+ $htaccess_str .= ' RewriteRule ^wp-admin/' . trim( $path ) . " - [L]\n";
88	+ }
89	$htaccess_str .= ' RewriteCond %{REMOTE_ADDR} !(127.0.0.1\|'. $_SERVER['SERVER_ADDR'] . ")\n";
90	$results = $wpdb->get_col( "SELECT ip_address FROM $table_name;" );
91	if ( $results ) {

93	$htaccess_str .= ' RewriteCond %{REMOTE_ADDR} !' . $ip . "\n";
94	}
95	}
96	+ $htaccess_str .= " RewriteRule ^wp-admin 404-siteguard [L]\n";
97	$htaccess_str .= "</IfModule>\n";
98
99	$wpdb->query( 'COMMIT' );

106	$data = $this->update_settings( $ip_addres );
107	$htaccess->update_settings( $mark, $data );
108	}
109	+ static function feature_off( ) {
110	$mark = SiteGuard_AdminFilter::get_mark( );
111	SiteGuard_Htaccess::clear_settings( $mark );
112	}

classes/siteguard-htaccess.php CHANGED Viewed

	@@ -35,7 +35,7 @@ class SiteGuard_Htaccess extends SiteGuard_Base {
35
36	return true;
37	}
38	- function clear_settings( $mark ) {
39	if ( ! SiteGuard_Htaccess::make_tmp_dir( ) ) {
40	return false;
41	}
	@@ -140,7 +140,7 @@ class SiteGuard_Htaccess extends SiteGuard_Base {
140
141	if ( false !== strpos( $line, $mark_start ) ) {
142	fwrite( $fw, $line , strlen( $line ) );
143	- fwrite( $fw, $data, strlen( $data ) );
144	$flag_write = true;
145	$flag_through = false;
146	continue;
	@@ -162,7 +162,7 @@ class SiteGuard_Htaccess extends SiteGuard_Base {
162	}
163	}
164	if ( false == $flag_write ) {
165	- fwrite( $fw, SiteGuard_Htaccess::$htaccess_mark_start . "\n", strlen( SiteGuard_Htaccess::$htaccess_mark_start ) + 1 );
166	fwrite( $fw, $mark_start . "\n", strlen( $mark_start ) + 1 );
167	fwrite( $fw, $data, strlen( $data ) );
168	fwrite( $fw, $mark_end . "\n", strlen( $mark_end ) + 1 );
	@@ -171,13 +171,13 @@ class SiteGuard_Htaccess extends SiteGuard_Base {
171	// Write saved WordPress Settings
172	if ( '' != $wp_settings ) {
173	fwrite( $fw, "\n", 1 );
174	- fwrite( $fw, $wp_settings, strlen ( $wp_settings ) );
175	fwrite( $fw, "\n", 1 );
176	// Write empty WordPress Settings
177	} else if ( false == $flag_wp ) {
178	fwrite( $fw, "\n", 1 );
179	- fwrite( $fw, $mark_wp_start . "\n", strlen ( $mark_wp_start ) + 1 );
180	- fwrite( $fw, $mark_wp_end . "\n", strlen ( $mark_wp_end ) + 1 );
181	fwrite( $fw, "\n", 1 );
182	}
183	fclose( $fr );


35
36	return true;
37	}
38	+ static function clear_settings( $mark ) {
39	if ( ! SiteGuard_Htaccess::make_tmp_dir( ) ) {
40	return false;
41	}

140
141	if ( false !== strpos( $line, $mark_start ) ) {
142	fwrite( $fw, $line , strlen( $line ) );
143	+ fwrite( $fw, $data, strlen( $data ) );
144	$flag_write = true;
145	$flag_through = false;
146	continue;

162	}
163	}
164	if ( false == $flag_write ) {
165	+ fwrite( $fw, "\n" . SiteGuard_Htaccess::$htaccess_mark_start . "\n", strlen( SiteGuard_Htaccess::$htaccess_mark_start ) + 2 );
166	fwrite( $fw, $mark_start . "\n", strlen( $mark_start ) + 1 );
167	fwrite( $fw, $data, strlen( $data ) );
168	fwrite( $fw, $mark_end . "\n", strlen( $mark_end ) + 1 );

171	// Write saved WordPress Settings
172	if ( '' != $wp_settings ) {
173	fwrite( $fw, "\n", 1 );
174	+ fwrite( $fw, $wp_settings, strlen( $wp_settings ) );
175	fwrite( $fw, "\n", 1 );
176	// Write empty WordPress Settings
177	} else if ( false == $flag_wp ) {
178	fwrite( $fw, "\n", 1 );
179	+ fwrite( $fw, $mark_wp_start . "\n", strlen( $mark_wp_start ) + 1 );
180	+ fwrite( $fw, $mark_wp_end . "\n", strlen( $mark_wp_end ) + 1 );
181	fwrite( $fw, "\n", 1 );
182	}
183	fclose( $fr );

classes/siteguard-rename-login.php CHANGED Viewed

	@@ -16,7 +16,7 @@ class SiteGuard_RenameLogin extends SiteGuard_Base {
16	$this->add_filter( );
17	}
18	}
19	- function get_mark( ) {
20	return SiteGuard_RenameLogin::$htaccess_mark;
21	}
22	function init( ) {
	@@ -114,7 +114,7 @@ class SiteGuard_RenameLogin extends SiteGuard_Base {
114	$htaccess_str = "<IfModule mod_rewrite.c>\n";
115	$htaccess_str .= " RewriteEngine on\n";
116	$htaccess_str .= " RewriteBase $base\n";
117	- $htaccess_str .= " RewriteRule $custom_login_url(.*)$ wp-login.php$1 [L]\n";
118	$htaccess_str .= "</IfModule>\n";
119
120	return $htaccess_str;
	@@ -125,7 +125,7 @@ class SiteGuard_RenameLogin extends SiteGuard_Base {
125	$mark = $this->get_mark( );
126	return $htaccess->update_settings( $mark, $data );
127	}
128	- function feature_off( ) {
129	$mark = SiteGuard_RenameLogin::get_mark( );
130	return SiteGuard_Htaccess::clear_settings( $mark );
131	}


16	$this->add_filter( );
17	}
18	}
19	+ static function get_mark( ) {
20	return SiteGuard_RenameLogin::$htaccess_mark;
21	}
22	function init( ) {

114	$htaccess_str = "<IfModule mod_rewrite.c>\n";
115	$htaccess_str .= " RewriteEngine on\n";
116	$htaccess_str .= " RewriteBase $base\n";
117	+ $htaccess_str .= " RewriteRule ^$custom_login_url(.*)$ wp-login.php$1 [L]\n";
118	$htaccess_str .= "</IfModule>\n";
119
120	return $htaccess_str;

125	$mark = $this->get_mark( );
126	return $htaccess->update_settings( $mark, $data );
127	}
128	+ static function feature_off( ) {
129	$mark = SiteGuard_RenameLogin::get_mark( );
130	return SiteGuard_Htaccess::clear_settings( $mark );
131	}

classes/siteguard-waf-exclude-rule.php CHANGED Viewed

	@@ -7,7 +7,7 @@ class SiteGuard_WAF_Exclude_Rule extends SiteGuard_Base {
7
8	function __construct( ) {
9	}
10	- function get_mark( ) {
11	return SiteGuard_WAF_Exclude_Rule::$htaccess_mark;
12	}
13	function init( ) {
	@@ -224,7 +224,7 @@ class SiteGuard_WAF_Exclude_Rule extends SiteGuard_Base {
224	$mark = $this->get_mark( );
225	$htaccess->update_settings( $mark, $data );
226	}
227	- function feature_off( ) {
228	$mark = SiteGuard_WAF_Exclude_Rule::get_mark( );
229	SiteGuard_Htaccess::clear_settings( $mark );
230	}


7
8	function __construct( ) {
9	}
10	+ static function get_mark( ) {
11	return SiteGuard_WAF_Exclude_Rule::$htaccess_mark;
12	}
13	function init( ) {

224	$mark = $this->get_mark( );
225	$htaccess->update_settings( $mark, $data );
226	}
227	+ static function feature_off( ) {
228	$mark = SiteGuard_WAF_Exclude_Rule::get_mark( );
229	SiteGuard_Htaccess::clear_settings( $mark );
230	}

languages/siteguard-ja.mo CHANGED Viewed

Binary file

languages/siteguard-ja.po CHANGED Viewed

	@@ -336,6 +336,10 @@ msgid ""
336	msgstr ""
337	"英数字、ハイフン、アンダーバーが使用できます。"
338




339	#: admin/siteguard-menu-rename-login.php:57
340	msgid ""
341	"It is the function to decrease the vulnerability against an illegal login "


336	msgstr ""
337	"英数字、ハイフン、アンダーバーが使用できます。"
338
339	+ msgid " can not be used for New Login Path."
340	+ msgstr ""
341	+ "は、変更後のログインページ名に指定できません。"
342	+
343	#: admin/siteguard-menu-rename-login.php:57
344	msgid ""
345	"It is the function to decrease the vulnerability against an illegal login "

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: -
4	Tags: security, waf
5	Requires at least: 3.9
6	Tested up to: 4.0
7	- Stable tag: 1.0.5
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -18,7 +18,7 @@ This plugin is a security plugin that specializes in the login attack of brute f
18	Notes
19
20	* It does not support the multisite function of WordPress.
21	- * It only supports Apache 2.x for Web servers.
22	* To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.
23	* To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.
24	* To use the WAF Tuning Support, WAF ( SiteGuard Lite ) should be installed on Apache.
	@@ -81,6 +81,11 @@ By creating the WAF exclude rule, the WAF protection function can be activated w
81	http://www.jp-secure.com/cont/products/siteguard_wp_plugin/faq_en.html
82
83	== Changelog ==





84	= 1.0.5 =
85	* Add display a warning about changing the login page URL, when activate the plugin
86	= 1.0.4 =


4	Tags: security, waf
5	Requires at least: 3.9
6	Tested up to: 4.0
7	+ Stable tag: 1.0.6
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

18	Notes
19
20	* It does not support the multisite function of WordPress.
21	+ * It only supports Apache 1.3, 2.x for Web servers.
22	* To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.
23	* To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.
24	* To use the WAF Tuning Support, WAF ( SiteGuard Lite ) should be installed on Apache.

81	http://www.jp-secure.com/cont/products/siteguard_wp_plugin/faq_en.html
82
83	== Changelog ==
84	+ = 1.0.6 =
85	+ * Supported with Apache 1.3
86	+ * Fix garbling of CAPTCHA by environment
87	+ * Fix input check of Rename login path
88	+ * Fix some other bugs
89	= 1.0.5 =
90	* Add display a warning about changing the login page URL, when activate the plugin
91	= 1.0.4 =

really-simple-captcha/siteguard-really-simple-captcha.php CHANGED Viewed

	@@ -188,11 +188,17 @@ class SiteGuardReallySimpleCaptcha extends SiteGuard_Base {
188
189	$x = $this->base[0] + mt_rand( -2, 2 );
190

191	for ( $i = 0; $i < mb_strlen( $word ); $i++ ) {
192	$font = $this->fonts[array_rand( $this->fonts )];
193	$font = $this->normalize_path( $font );





194	imagettftext( $im, $this->font_size, mt_rand( -12, 12 ), $x,
195	- $this->base[1] + mt_rand( -2, 2 ), $fg, $font, ~~mb_substr(~~ $~~word,~~ ~~$i, 1~~ ) );
196	$x += $this->font_char_width;
197	}
198


188
189	$x = $this->base[0] + mt_rand( -2, 2 );
190
191	+ $gd_info = gd_info( );
192	for ( $i = 0; $i < mb_strlen( $word ); $i++ ) {
193	$font = $this->fonts[array_rand( $this->fonts )];
194	$font = $this->normalize_path( $font );
195	+ if ( $gd_info['JIS-mapped Japanese Font Support'] ) {
196	+ $char = mb_convert_encoding( mb_substr( $word, $i, 1 ), 'SJIS', 'UTF-8' );
197	+ } else {
198	+ $char = mb_substr( $word, $i, 1 );
199	+ }
200	imagettftext( $im, $this->font_size, mt_rand( -12, 12 ), $x,
201	+ $this->base[1] + mt_rand( -2, 2 ), $fg, $font, $char );
202	$x += $this->font_char_width;
203	}
204

siteguard.php CHANGED Viewed

	@@ -7,7 +7,7 @@ Author: JP-Secure
7	Author URI: http://www.jp-secure.com/eng/
8	Text Domain: siteguard
9	Domain Path: /languages/
10	- Version: 1.0.5
11	*/
12
13	/* Copyright 2014 JP-Secure Inc
	@@ -30,7 +30,7 @@ if ( ! defined( 'ABSPATH' ) ) {
30	exit;
31	}
32
33	- define( 'SITEGUARD_VERSION', '1.0.5' );
34
35	define( 'SITEGUARD_PATH', plugin_dir_path( __FILE__ ) );
36	define( 'SITEGUARD_URL_PATH', plugin_dir_url( __FILE__ ) );
	@@ -117,7 +117,7 @@ class SiteGuard extends SiteGuard_Base {
117	}
118	function admin_notices( ) {
119	global $config;
120	- if ( '1' != $config->get( 'show_admin_notices' ) ) {
121	echo '<div class="updated" style="background-color:#719f1d;"><p><span style="border: 4px solid #def1b8;padding: 4px 4px;color:#fff;font-weight:bold;background-color:#038bc3;">';
122	echo esc_html__( 'Login page URL was changed.', 'siteguard' ) . '</span>';
123	echo '<span style="color:#eee;">';
	@@ -131,7 +131,7 @@ class SiteGuard extends SiteGuard_Base {
131	}
132	}
133	function upgrade( ) {
134	- global $config, $rename_login;
135	$upgrade_ok = true;
136	$old_version = $config->get( 'version' );
137	if ( '' == $old_version ) {
	@@ -144,6 +144,13 @@ class SiteGuard extends SiteGuard_Base {
144	}
145	}
146	}







147	if ( $upgrade_ok && $old_version != SITEGUARD_VERSION ) {
148	$config->set( 'version', SITEGUARD_VERSION );
149	}


7	Author URI: http://www.jp-secure.com/eng/
8	Text Domain: siteguard
9	Domain Path: /languages/
10	+ Version: 1.0.6
11	*/
12
13	/* Copyright 2014 JP-Secure Inc

30	exit;
31	}
32
33	+ define( 'SITEGUARD_VERSION', '1.0.6' );
34
35	define( 'SITEGUARD_PATH', plugin_dir_path( __FILE__ ) );
36	define( 'SITEGUARD_URL_PATH', plugin_dir_url( __FILE__ ) );

117	}
118	function admin_notices( ) {
119	global $config;
120	+ if ( '1' != $config->get( 'show_admin_notices' ) && '1' == $config->get( 'renamelogin_enable' ) ) {
121	echo '<div class="updated" style="background-color:#719f1d;"><p><span style="border: 4px solid #def1b8;padding: 4px 4px;color:#fff;font-weight:bold;background-color:#038bc3;">';
122	echo esc_html__( 'Login page URL was changed.', 'siteguard' ) . '</span>';
123	echo '<span style="color:#eee;">';

131	}
132	}
133	function upgrade( ) {
134	+ global $config, $rename_login, $admin_filter;
135	$upgrade_ok = true;
136	$old_version = $config->get( 'version' );
137	if ( '' == $old_version ) {

144	}
145	}
146	}
147	+ if ( version_compare( $old_version, '1.0.6' ) < 0 ) {
148	+ if ( '1' == $config->get( 'admin_filter_enable' ) ) {
149	+ if ( true != $admin_filter->feature_on( $_SERVER['REMOTE_ADDR'] ) ) {
150	+ $upgrade_ok = false;
151	+ }
152	+ }
153	+ }
154	if ( $upgrade_ok && $old_version != SITEGUARD_VERSION ) {
155	$config->set( 'version', SITEGUARD_VERSION );
156	}