Version Description
- TOTALLY re-worked mehodology. It is backwards compatible.
- WordPress 3.6 compatibility.
- Complete re-build of the structure, code, and methodology of its security.
Download this release
Release Info
Developer | peterdog |
Plugin | Stealth Login Page |
Version | 4.0.0 |
Comparing to | |
See all releases |
Code changes from version 3.0.0 to 4.0.0
- includes/actions.php +33 -0
- includes/documentation.php +0 -41
- includes/functions-auth-key.php +41 -0
- includes/{wp-config-functions.php → functions-oldfile.php} +2 -4
- includes/{settings-functions.php → functions-oldsql.php} +3 -3
- includes/globals.php +2 -0
- includes/install.php +108 -0
- includes/settings-page.php +17 -29
- plugin.php +169 -159
- readme.txt +41 -19
- uninstall.php +11 -1
includes/actions.php
ADDED
@@ -0,0 +1,33 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* Front-End Actions
|
4 |
+
*
|
5 |
+
* @package SLP
|
6 |
+
* @subpackage Functions
|
7 |
+
* @copyright Copyright (c) 2013, Jesse Petersen
|
8 |
+
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
|
9 |
+
* @since 4.0.0
|
10 |
+
*/
|
11 |
+
|
12 |
+
// Exit if accessed directly
|
13 |
+
if ( ! defined( 'ABSPATH' ) ) exit;
|
14 |
+
|
15 |
+
add_action('admin_init', 'slp_register_settings'); // create settings in database
|
16 |
+
function slp_register_settings() {
|
17 |
+
register_setting('slp_settings_group', 'slp_settings');
|
18 |
+
}
|
19 |
+
|
20 |
+
add_action( 'login_init', 'which_settings', 1);
|
21 |
+
function which_settings() {
|
22 |
+
global $slp_auth_key, $slp_redirect, $slp_question, $slp_answer;
|
23 |
+
|
24 |
+
if ( isset( $slp_auth_key ) ) {
|
25 |
+
require_once SLP_PLUGIN_DIR . 'includes/functions-auth-key.php'; // loads the new 4.0.0 auth key functions
|
26 |
+
}
|
27 |
+
elseif ( isset( $slp_question ) && isset( $slp_answer ) && isset( $slp_redirect ) ) {
|
28 |
+
require_once SLP_PLUGIN_DIR . 'includes/functions-oldfile.php'; // loads the wp-config.php functions
|
29 |
+
}
|
30 |
+
else {
|
31 |
+
require_once SLP_PLUGIN_DIR . 'includes/functions-oldsql.php'; // loads the settings page functions
|
32 |
+
}
|
33 |
+
}
|
includes/documentation.php
DELETED
@@ -1,41 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* Documentation page
|
5 |
-
*
|
6 |
-
* @since 3.0.0
|
7 |
-
*/
|
8 |
-
function slp_documentation() {
|
9 |
-
|
10 |
-
global $slp_options, $custom_url;
|
11 |
-
|
12 |
-
ob_start(); ?>
|
13 |
-
<div class="wrap">
|
14 |
-
<h2><?php _e( 'Stealth Login Page Documentation', 'stealth-login-page' ); ?></h2>
|
15 |
-
|
16 |
-
<h3><?php _e( 'Network (multi-site) Activation', 'stealth-login-page' ); ?></h3>
|
17 |
-
<p><?php _e( 'Version 3.0.0 added full multi-site capabilities. Previously, the plugin needed each site to have the settings page filled out and the enable checkbox checked. Now, for v3.0.0 and above, Network Activate the plugin.' ); ?></p>
|
18 |
-
<p><?php _e( 'Add the following 3 lines to wp-config.php (right after the $table_prefix variable is good placement) to fully engage the plugin across the network:', 'stealth-login-page' ); ?></p>
|
19 |
-
<ul>
|
20 |
-
<li>$slp_redirect = "URL"</li>
|
21 |
-
<li>$slp_question = "question";</li>
|
22 |
-
<li>$slp_answer = "answer";</li>
|
23 |
-
</ul>
|
24 |
-
<p><?php _e( 'Change each variable to customize the redirect URL, question, and answer settings. If one of the variable entries (not the custom "answer" for each) is missing, the plugin will not activate the redirect function. All three are required to be in the file.', 'stealth-login-page' ); ?></p>
|
25 |
-
<p><strong><?php _e( 'Note: Adding these to wp-config.php will override any and all settings on any site (single or multi-site install both) and put that custom URL and redirect URL in play.', 'stealth-login-page' ); ?></strong></p>
|
26 |
-
<p><?php _e( 'There is no e-mail URL for the wp-config.php route because (obviously) if you have the ability to put those in place, you also have the ability to change settings or disable it.', 'stealth-login-page' ); ?></p>
|
27 |
-
<p><?php _e( 'If you remove the wp-config.php variables, then any site that has the settings page filled out and the "enable" checkbox checked will revert to the settings page behavior.', 'stealth-login-page' ); ?></p>
|
28 |
-
<h3><?php _e( 'Lost Password/Logout', 'stealth-login-page' ); ?></h3>
|
29 |
-
<p><?php _e( 'Due to the number of support requests involving the lost password function or logouts (or anything else that happens aside from purely attempting to visit the login page from direct navigation), the URL filter that was in place in v2.1.2 has been removed. While it solved many issues, it created more than it solved.', 'stealth-login-page' ); ?></p>
|
30 |
-
<h4><?php _e( 'To make up for that...', 'stealth-login-page' ); ?></h4>
|
31 |
-
<p><?php _e( 'The redirect function is bypassed if the system recognizes you as being in a logged in session. As of yet, it is not certain how this will behave in 3.6 when a session times out and the pop-up appears, but hopefully nothing will need to be altered.', 'stealth-login-page' ); ?></p>
|
32 |
-
<h3><?php _e( 'Donations', 'stealth-login-page' ); ?></h3>
|
33 |
-
<p><?php _e( 'An additional 15 hours of programming went into v3.0.0 to enable multi-site, streamline the code, and rebuild the redirect functions from the ground up to eliminate as many potential scenarios as possible.', 'stealth-login-page' ); ?></p>
|
34 |
-
<p><?php _e( 'Any donations will allow this to continue to be developed and supported, as there are several new features that should be included, but there is not enough funding to neglect paid projects.', 'stealth-login-page' ); ?></p>
|
35 |
-
<p><strong><?php _e('Like the plugin? Please ', 'stealth-login-page'); ?> <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank"> <?php _e('rate and review', 'stealth-login-page'); ?></a> <?php _e(' it', 'stealth-login-page'); ?>.</strong></p>
|
36 |
-
<br />
|
37 |
-
<p><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></p>
|
38 |
-
</div><!-- .wrap -->
|
39 |
-
<?php
|
40 |
-
echo ob_get_clean();
|
41 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
includes/functions-auth-key.php
ADDED
@@ -0,0 +1,41 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
/**
|
4 |
+
* Authorization Key Function
|
5 |
+
*
|
6 |
+
* @package SLP
|
7 |
+
* @subpackage Functions/Auth_Key
|
8 |
+
* @copyright Copyright (c) 2013, Jesse Petersen
|
9 |
+
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
|
10 |
+
* @since 4.0.0
|
11 |
+
*/
|
12 |
+
|
13 |
+
add_filter( 'login_form', 'custom_login_stuff', 1 );
|
14 |
+
function custom_login_stuff() {
|
15 |
+
global $slp_options;
|
16 |
+
$new_SLP_login_field = '
|
17 |
+
<p class="login-authenticate">
|
18 |
+
<label for="auth_key">Authorization code</label>
|
19 |
+
<input type="text" name="auth_key" id="auth_key" class="input" value="" size="20" />
|
20 |
+
</p>';
|
21 |
+
echo $new_SLP_login_field;
|
22 |
+
}
|
23 |
+
|
24 |
+
add_action( 'wp_authenticate', 'slp_auth_key_check', 5 );
|
25 |
+
function slp_auth_key_check($username) {
|
26 |
+
|
27 |
+
global $wpdb, $slp_options, $slp_auth_key;
|
28 |
+
|
29 |
+
if ( !username_exists( $username ) ) {
|
30 |
+
return;
|
31 |
+
}
|
32 |
+
|
33 |
+
$set_key = $slp_options['auth_key'];
|
34 |
+
$submit_key = $_POST['auth_key'];
|
35 |
+
|
36 |
+
if ( ! ( $set_key == $_POST['auth_key'] ) ) {
|
37 |
+
wp_redirect( esc_url_raw ($slp_options['redirect_url']), 302 );
|
38 |
+
die;
|
39 |
+
}
|
40 |
+
|
41 |
+
}
|
includes/{wp-config-functions.php → functions-oldfile.php}
RENAMED
@@ -3,11 +3,11 @@
|
|
3 |
add_action( 'login_init', 'slp_wpconfig_login_stringcheck' );
|
4 |
function slp_wpconfig_login_stringcheck() {
|
5 |
|
6 |
-
global $slp_redirect, $slp_question, $slp_answer
|
7 |
|
8 |
-
// get the requested URL
|
9 |
$form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
10 |
$form_request = $_SERVER['HTTP_REFERER'];
|
|
|
11 |
|
12 |
if ( (is_user_logged_in(TRUE)) ) {
|
13 |
return;
|
@@ -15,8 +15,6 @@ function slp_wpconfig_login_stringcheck() {
|
|
15 |
elseif (! ( ($form_request_local == $custom_wp_config) || ($form_request == $custom_wp_config) ) ) {
|
16 |
|
17 |
wp_redirect( esc_url_raw ($slp_redirect), 302 );
|
18 |
-
echo $message;
|
19 |
die;
|
20 |
-
|
21 |
}
|
22 |
}
|
3 |
add_action( 'login_init', 'slp_wpconfig_login_stringcheck' );
|
4 |
function slp_wpconfig_login_stringcheck() {
|
5 |
|
6 |
+
global $slp_redirect, $slp_question, $slp_answer;
|
7 |
|
|
|
8 |
$form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
9 |
$form_request = $_SERVER['HTTP_REFERER'];
|
10 |
+
$custom_wp_config = site_url() . '/wp-login.php?' . $slp_question . '=' . $slp_answer;
|
11 |
|
12 |
if ( (is_user_logged_in(TRUE)) ) {
|
13 |
return;
|
15 |
elseif (! ( ($form_request_local == $custom_wp_config) || ($form_request == $custom_wp_config) ) ) {
|
16 |
|
17 |
wp_redirect( esc_url_raw ($slp_redirect), 302 );
|
|
|
18 |
die;
|
|
|
19 |
}
|
20 |
}
|
includes/{settings-functions.php → functions-oldsql.php}
RENAMED
@@ -3,19 +3,19 @@
|
|
3 |
add_action( 'login_init', 'slp_settings_login_stringcheck' );
|
4 |
function slp_settings_login_stringcheck() {
|
5 |
|
6 |
-
global $slp_options
|
7 |
|
8 |
-
// get the requested URL
|
9 |
$form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
10 |
$form_request = $_SERVER['HTTP_REFERER'];
|
|
|
11 |
|
12 |
if ( (is_user_logged_in(TRUE)) ) {
|
13 |
return;
|
14 |
}
|
15 |
|
16 |
elseif (! ( ($form_request_local == $custom_url) || ($form_request == $custom_url) ) ) {
|
|
|
17 |
wp_redirect( esc_url_raw ($slp_options['redirect_url']), 302 );
|
18 |
-
echo $message;
|
19 |
die;
|
20 |
}
|
21 |
|
3 |
add_action( 'login_init', 'slp_settings_login_stringcheck' );
|
4 |
function slp_settings_login_stringcheck() {
|
5 |
|
6 |
+
global $slp_options;
|
7 |
|
|
|
8 |
$form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
9 |
$form_request = $_SERVER['HTTP_REFERER'];
|
10 |
+
$custom_url = site_url() . '/wp-login.php?' . $slp_options['question'] . '=' . $slp_options['answer'];
|
11 |
|
12 |
if ( (is_user_logged_in(TRUE)) ) {
|
13 |
return;
|
14 |
}
|
15 |
|
16 |
elseif (! ( ($form_request_local == $custom_url) || ($form_request == $custom_url) ) ) {
|
17 |
+
|
18 |
wp_redirect( esc_url_raw ($slp_options['redirect_url']), 302 );
|
|
|
19 |
die;
|
20 |
}
|
21 |
|
includes/globals.php
ADDED
@@ -0,0 +1,2 @@
|
|
|
|
|
1 |
+
<?php
|
2 |
+
// silence is golden
|
includes/install.php
ADDED
@@ -0,0 +1,108 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* Install Function
|
4 |
+
*
|
5 |
+
* @package SLP
|
6 |
+
* @subpackage Functions/Install
|
7 |
+
* @copyright Copyright (c) 2013, Jesse Petersen
|
8 |
+
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
|
9 |
+
* @since 3.0.0
|
10 |
+
*/
|
11 |
+
|
12 |
+
// Exit if accessed directly
|
13 |
+
if ( ! defined( 'ABSPATH' ) ) exit;
|
14 |
+
|
15 |
+
register_activation_hook( SLP_PLUGIN_FILE, 'slp_activate' );
|
16 |
+
register_deactivation_hook( SLP_PLUGIN_FILE, 'slp_deactivate' );
|
17 |
+
|
18 |
+
function slp_activate($networkwide) {
|
19 |
+
global $wpdb;
|
20 |
+
|
21 |
+
if (function_exists('is_multisite') && is_multisite()) {
|
22 |
+
// check if it is a network activation - if so, run the activation function for each blog id
|
23 |
+
if ($networkwide) {
|
24 |
+
$old_blog = $wpdb->blogid;
|
25 |
+
// Get all blog ids
|
26 |
+
$blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
|
27 |
+
foreach ($blogids as $blog_id) {
|
28 |
+
switch_to_blog($blog_id);
|
29 |
+
return _slp_activate($networkwide);
|
30 |
+
}
|
31 |
+
switch_to_blog($old_blog);
|
32 |
+
return;
|
33 |
+
}
|
34 |
+
}
|
35 |
+
return _slp_activate($networkwide);
|
36 |
+
}
|
37 |
+
|
38 |
+
function slp_network_propagate($pfunction, $networkwide) {
|
39 |
+
global $wpdb;
|
40 |
+
|
41 |
+
if (function_exists('is_multisite') && is_multisite()) {
|
42 |
+
// check if it is a network activation - if so, run the activation function
|
43 |
+
// for each blog id
|
44 |
+
if ($networkwide) {
|
45 |
+
$old_blog = $wpdb->blogid;
|
46 |
+
// Get all blog ids
|
47 |
+
$blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
|
48 |
+
foreach ($blogids as $blog_id) {
|
49 |
+
switch_to_blog($blog_id);
|
50 |
+
call_user_func($pfunction, $networkwide);
|
51 |
+
}
|
52 |
+
switch_to_blog($old_blog);
|
53 |
+
return;
|
54 |
+
}
|
55 |
+
}
|
56 |
+
call_user_func($pfunction, $networkwide);
|
57 |
+
}
|
58 |
+
|
59 |
+
|
60 |
+
function slp_deactivate($networkwide) {
|
61 |
+
slp_network_propagate('_slp_deactivate', $networkwide);
|
62 |
+
}
|
63 |
+
|
64 |
+
add_action( 'wpmu_new_blog', 'slp_new_blog', 10, 6);
|
65 |
+
|
66 |
+
function slp_new_blog($blog_id, $user_id, $domain, $path, $site_id, $meta ) {
|
67 |
+
global $wpdb;
|
68 |
+
|
69 |
+
if (is_plugin_active_for_network('stealth-login-page/stealth-login-page.php')) {
|
70 |
+
$old_blog = $wpdb->blogid;
|
71 |
+
switch_to_blog($blog_id);
|
72 |
+
_slp_activate(TRUE);
|
73 |
+
switch_to_blog($old_blog);
|
74 |
+
}
|
75 |
+
}
|
76 |
+
|
77 |
+
function _slp_activate($networkwide) {
|
78 |
+
return ;
|
79 |
+
}
|
80 |
+
|
81 |
+
function _slp_deactivate($networkwide) {
|
82 |
+
return ;
|
83 |
+
}
|
84 |
+
|
85 |
+
add_action('admin_menu', 'slp_plugin_menu');
|
86 |
+
function slp_plugin_menu() {
|
87 |
+
add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
|
88 |
+
return;
|
89 |
+
}
|
90 |
+
|
91 |
+
/**
|
92 |
+
* Add settings link on plugin page
|
93 |
+
*
|
94 |
+
* @since 3.0.0
|
95 |
+
* @param array $links
|
96 |
+
* @param string $file
|
97 |
+
* @return array
|
98 |
+
*/
|
99 |
+
add_filter( 'plugin_action_links', 'slp_admin_settings_link', 10, 2 );
|
100 |
+
function slp_admin_settings_link( $links, $file ) {
|
101 |
+
|
102 |
+
if ( plugin_basename(__FILE__) == $file ) {
|
103 |
+
$settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
|
104 |
+
}
|
105 |
+
|
106 |
+
return $links;
|
107 |
+
|
108 |
+
}
|
includes/settings-page.php
CHANGED
@@ -1,17 +1,12 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
add_action('admin_init', 'slp_register_settings'); // create settings in database
|
4 |
-
function slp_register_settings() {
|
5 |
-
register_setting('slp_settings_group', 'slp_settings');
|
6 |
-
}
|
7 |
-
|
8 |
add_action( 'admin_init', 'slp_email_admin' );
|
9 |
function slp_email_admin() {
|
10 |
-
|
11 |
-
if ( isset( $slp_options['enable'] ) && $slp_options['
|
12 |
$to = get_bloginfo( 'admin_email' );
|
13 |
-
$subject = sprintf( __( '
|
14 |
-
$message = sprintf( __( 'Your
|
15 |
wp_mail( $to, $subject, $message );
|
16 |
}
|
17 |
}
|
@@ -23,44 +18,37 @@ function slp_email_admin() {
|
|
23 |
*/
|
24 |
function slp_admin() {
|
25 |
|
26 |
-
global $slp_options
|
27 |
|
28 |
ob_start(); ?>
|
29 |
<div class="wrap">
|
30 |
<h2><?php _e( 'Stealth Login Page Options', 'stealth-login-page' ); ?></h2>
|
31 |
<form method="post" action="options.php">
|
32 |
|
33 |
-
<?php settings_fields('slp_settings_group');
|
34 |
-
slp_credits(); ?>
|
35 |
|
36 |
-
<
|
37 |
|
38 |
<input id="slp_settings[enable]" type="checkbox" name="slp_settings[enable]" value="1" <?php checked(1, isset( $slp_options['enable'] ) ); ?> />
|
39 |
|
40 |
<label class="description" for="slp_settings[enable]"><?php _e( 'Enable Stealth Mode', 'stealth-login-page' ); ?></label>
|
41 |
|
42 |
-
<p><?php _e( '
|
43 |
|
44 |
-
<label class="description" for="slp_settings[
|
45 |
-
|
46 |
-
<input type="text" required id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
|
47 |
|
48 |
-
|
49 |
|
50 |
-
|
51 |
|
52 |
-
<
|
53 |
-
|
54 |
-
<p><?php _e( 'The second part of the new URL string to reach your login form is the "answer." It is also just an arbitrary word or code.', 'stealth-login-page' ); ?></p>
|
55 |
-
|
56 |
-
<label class="description" for="slp_settings[answer]"><?php _e( 'String used for the "answer"', 'stealth-login-page' ); ?></label>
|
57 |
|
58 |
-
<input type="text" required id="slp_settings[
|
59 |
|
60 |
<p>
|
61 |
<input id="email-admin" type="checkbox" name="email-admin" value="0" />
|
62 |
|
63 |
-
<label class="description" for="email-admin"><?php _e( 'Email
|
64 |
</p>
|
65 |
|
66 |
<p class="submit">
|
@@ -70,9 +58,9 @@ function slp_admin() {
|
|
70 |
|
71 |
<?php
|
72 |
|
73 |
-
if ( isset( $slp_options['enable'] ) && $slp_options['
|
74 |
-
<div class="
|
75 |
-
<p><?php _e( 'Your
|
76 |
</div>
|
77 |
<?php } ?>
|
78 |
|
1 |
<?php
|
2 |
|
|
|
|
|
|
|
|
|
|
|
3 |
add_action( 'admin_init', 'slp_email_admin' );
|
4 |
function slp_email_admin() {
|
5 |
+
global $slp_options, $custom_url;
|
6 |
+
if ( isset( $slp_options['enable'] ) && $slp_options['auth_key'] && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
|
7 |
$to = get_bloginfo( 'admin_email' );
|
8 |
+
$subject = sprintf( __( 'Authorization code for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
|
9 |
+
$message = sprintf( __( 'Your authorization code for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $slp_options['auth_key'] );
|
10 |
wp_mail( $to, $subject, $message );
|
11 |
}
|
12 |
}
|
18 |
*/
|
19 |
function slp_admin() {
|
20 |
|
21 |
+
global $slp_options;
|
22 |
|
23 |
ob_start(); ?>
|
24 |
<div class="wrap">
|
25 |
<h2><?php _e( 'Stealth Login Page Options', 'stealth-login-page' ); ?></h2>
|
26 |
<form method="post" action="options.php">
|
27 |
|
28 |
+
<?php settings_fields('slp_settings_group'); ?>
|
|
|
29 |
|
30 |
+
<h3><?php _e( 'Enable/Disable Stealth Login Page', 'stealth-login-page' ); ?></h3>
|
31 |
|
32 |
<input id="slp_settings[enable]" type="checkbox" name="slp_settings[enable]" value="1" <?php checked(1, isset( $slp_options['enable'] ) ); ?> />
|
33 |
|
34 |
<label class="description" for="slp_settings[enable]"><?php _e( 'Enable Stealth Mode', 'stealth-login-page' ); ?></label>
|
35 |
|
36 |
+
<p><?php _e( 'Enter an authorization code below. Think of it as another password or a PIN. Without a proper entry from the login form, the login form will redirect.', 'stealth-login-page' ); ?></p>
|
37 |
|
38 |
+
<label class="description" for="slp_settings[auth_key]"><?php _e( 'Enter an authorization code', 'stealth-login-page' ); ?></label>
|
|
|
|
|
39 |
|
40 |
+
<input type="text" required id="slp_settings[auth_key]" name="slp_settings[auth_key]" value="<?php echo $slp_options['auth_key']; ?>" />
|
41 |
|
42 |
+
<p><?php _e( 'Unsuccessful attempts to gain access to your dashboard will be automatically redirected to a customizable URL. Enter that URL below.', 'stealth-login-page' ); ?></p>
|
43 |
|
44 |
+
<label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
|
|
|
|
|
|
|
|
|
45 |
|
46 |
+
<input type="text" required id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
|
47 |
|
48 |
<p>
|
49 |
<input id="email-admin" type="checkbox" name="email-admin" value="0" />
|
50 |
|
51 |
+
<label class="description" for="email-admin"><?php _e( 'Email authorization code to admin', 'stealth-login-page' ); ?></label>
|
52 |
</p>
|
53 |
|
54 |
<p class="submit">
|
58 |
|
59 |
<?php
|
60 |
|
61 |
+
if ( isset( $slp_options['enable'] ) && $slp_options['auth_key'] ) { ?>
|
62 |
+
<div class="auth-key-email">
|
63 |
+
<p><?php _e( 'Your authorization code is: ', 'stealth-login-page' ); ?><?php echo $slp_options['auth_key']; ?></p>
|
64 |
</div>
|
65 |
<?php } ?>
|
66 |
|
plugin.php
CHANGED
@@ -2,17 +2,18 @@
|
|
2 |
/*
|
3 |
Plugin Name: Stealth Login Page
|
4 |
Plugin URI: http://wordpress.org/extend/plugins/stealth-login-page/
|
5 |
-
Version:
|
6 |
Author: Jesse Petersen
|
7 |
Author URI: http://www.petersenmediagroup.com
|
8 |
-
Description: Protect your
|
9 |
-
Text Domain: stealth-login-page
|
10 |
Domain Path: /languages/
|
11 |
*/
|
12 |
/*
|
13 |
Copyright 2013 Jesse Petersen
|
14 |
|
15 |
-
Thanks to Andrew Norcross (@norcross) for the redirect code
|
|
|
|
|
16 |
|
17 |
Thanks to David Decker for DE localization: http://deckerweb.de/kontakt/
|
18 |
|
@@ -45,180 +46,189 @@
|
|
45 |
*/
|
46 |
|
47 |
/* Prevent direct access to the plugin */
|
48 |
-
if ( !defined( 'ABSPATH' ) )
|
49 |
-
|
50 |
-
|
51 |
|
52 |
-
add_action( 'init', 'slp_load_plugin_translations', 1 );
|
53 |
/**
|
54 |
-
*
|
|
|
|
|
55 |
*/
|
56 |
-
|
57 |
-
|
58 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
59 |
|
60 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
61 |
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
// Get all blog ids
|
73 |
-
$blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
|
74 |
-
foreach ($blogids as $blog_id) {
|
75 |
-
switch_to_blog($blog_id);
|
76 |
-
return _slp_activate($networkwide);
|
77 |
-
}
|
78 |
-
switch_to_blog($old_blog);
|
79 |
-
return;
|
80 |
-
}
|
81 |
-
}
|
82 |
-
return _slp_activate($networkwide);
|
83 |
}
|
84 |
-
|
85 |
-
function slp_network_propagate($pfunction, $networkwide) {
|
86 |
-
global $wpdb;
|
87 |
-
|
88 |
-
if (function_exists('is_multisite') && is_multisite()) {
|
89 |
-
// check if it is a network activation - if so, run the activation function
|
90 |
-
// for each blog id
|
91 |
-
if ($networkwide) {
|
92 |
-
$old_blog = $wpdb->blogid;
|
93 |
-
// Get all blog ids
|
94 |
-
$blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
|
95 |
-
foreach ($blogids as $blog_id) {
|
96 |
-
switch_to_blog($blog_id);
|
97 |
-
call_user_func($pfunction, $networkwide);
|
98 |
-
}
|
99 |
-
switch_to_blog($old_blog);
|
100 |
-
return;
|
101 |
-
}
|
102 |
-
}
|
103 |
-
call_user_func($pfunction, $networkwide);
|
104 |
-
}
|
105 |
-
|
106 |
-
|
107 |
-
function slp_deactivate($networkwide) {
|
108 |
-
slp_network_propagate('_slp_deactivate', $networkwide);
|
109 |
-
}
|
110 |
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
|
115 |
-
|
116 |
-
|
117 |
-
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
123 |
|
124 |
-
|
125 |
-
|
126 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
127 |
|
128 |
-
|
129 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
130 |
}
|
131 |
|
132 |
-
|
133 |
-
function slp_plugin_menu() {
|
134 |
-
add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
|
135 |
-
add_options_page( __( 'Stealth Login Page Documentation', 'stealth-login-page' ), __( 'Stealth Login Page Documentation', 'stealth-login-page' ), 'activate_plugins', 'stealth-login-page-documentation', 'slp_documentation' );
|
136 |
-
return;
|
137 |
-
}
|
138 |
|
139 |
/**
|
140 |
-
*
|
|
|
|
|
|
|
|
|
|
|
|
|
141 |
*
|
142 |
-
* @since
|
143 |
-
* @
|
144 |
-
* @param string $file
|
145 |
-
* @return array
|
146 |
*/
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
if ( plugin_basename(__FILE__) == $file ) {
|
151 |
-
$settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
|
152 |
-
$documentation_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page-documentation' ) . '">' . __( 'Documentation', 'stealth-login-page' ) . '</a>';
|
153 |
-
array_unshift( $links, $settings_link, $documentation_link );
|
154 |
-
}
|
155 |
-
|
156 |
-
return $links;
|
157 |
-
|
158 |
}
|
159 |
|
160 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
161 |
$slp_prefix = 'slp_';
|
|
|
|
|
162 |
$slp_plugin_name = 'Stealth Login Page';
|
163 |
-
|
|
|
|
|
164 |
$slp_options = get_option('slp_settings');
|
165 |
-
$custom_url = site_url() . '/wp-login.php?' . $slp_options['question'] . '=' . $slp_options['answer'];
|
166 |
-
if ( isset($slp_question) && isset($slp_answer) && isset($slp_redirect) ) {
|
167 |
-
$custom_wp_config = site_url() . '/wp-login.php?' . $slp_question . '=' . $slp_answer;
|
168 |
-
}
|
169 |
-
$message = '<h2 style="text-align: center; margin-top: 4em;">You suck! Go hack someone else.</h2>';
|
170 |
-
|
171 |
-
/*-------------------------------------------------------------
|
172 |
-
Name: slp_credits
|
173 |
-
|
174 |
-
Purpose: Promotional stuff shown throughout the plugin
|
175 |
-
Since: 1.1.3
|
176 |
-
-------------------------------------------------------------*/
|
177 |
-
function slp_credits() {
|
178 |
-
|
179 |
-
echo '<table class="widefat" style="margin-top: .5em">';
|
180 |
-
|
181 |
-
echo '<thead>';
|
182 |
-
echo '<tr valign="top">';
|
183 |
-
echo ' <th width="27%">'.__('Your support makes a difference', 'stealth-login-page').'</th>';
|
184 |
-
echo ' <th>'.__('Useful links', 'stealth-login-page').'</th>';
|
185 |
-
echo ' <th width="35%">'.__('Brought to you by', 'stealth-login-page').'</th>';
|
186 |
-
echo '</tr>';
|
187 |
-
echo '</thead>';
|
188 |
-
|
189 |
-
echo '<tbody>';
|
190 |
-
echo '<tr>';
|
191 |
-
echo '<td><ul>';
|
192 |
-
echo ' <li>'.__('Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features. Thank you for your consideration!', 'stealth-login-page').'</li>';
|
193 |
-
|
194 |
-
echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
|
195 |
-
echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> '.__('it', 'stealth-login-page').'.</li>';
|
196 |
-
echo '</ul></td>';
|
197 |
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
echo ' <li>'.__('Find my website at', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com" target="_blank">petersenmediagroup.com</a>.</li>';
|
202 |
-
echo ' <li>'.__('Beef up your security even more with', 'stealth-login-page').' <a href="http://wordpress.org/extend/plugins/limit-login-attempts/" target="_blank">'.__('Limit Login Attempts','stealth-login-page').'</a>.</li>';
|
203 |
-
echo ' <li>'.__('Learn more about secure WordPress hosting with a ', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com/wordpress-hosting/" target="_blank">'.__('managed host', 'stealth-login-page').'</a>.</li>';
|
204 |
-
echo '</ul></td>';
|
205 |
-
|
206 |
-
echo '<td style="border-left:1px #ddd solid;"><ul>';
|
207 |
-
echo ' <li><a href="http://www.petersenmediagroup.com" title="Petersen Media Group"><img src="'. plugins_url( 'images/pmg-logo.png' , __FILE__ ) .'" alt="pmg-logo" width="150" height="67" align="left" style="padding: 0 10px 10px 0;" /></a>';
|
208 |
-
echo ' <a href="http://www.petersenmediagroup.com" title="Petersen Media Group">Petersen Media Group</a> - '.__('I’m a straight-shooter and listen to what my clients want, run it through my filters, and come up with what they need. Not a "yes man" by any stretch of the imagination, I don’t consider a project a success unless it serves my client well. I have a "do no harm" policy to protect them from mis-information and trying things I’ve already learned about the hard way.', 'stealth-login-page').' '.__('Visit the', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com" target="_blank">'.__('Petersen Media Group', 'stealth-login-page').'</a> '.__('website', 'stealth-login-page').'.</li>';
|
209 |
-
echo '</ul></td>';
|
210 |
-
echo '</tr>';
|
211 |
-
echo '</tbody>';
|
212 |
-
|
213 |
-
echo '</table>';
|
214 |
-
}
|
215 |
|
216 |
-
//
|
217 |
-
|
218 |
-
include('includes/documentation.php'); // loads the admin settings page
|
219 |
-
if ( $slp_options['enable'] ) {
|
220 |
-
include('includes/settings-functions.php'); // loads the settings page functions
|
221 |
-
}
|
222 |
-
elseif ( isset($custom_wp_config) ) {
|
223 |
-
include('includes/wp-config-functions.php'); // loads the wp-config.php functions
|
224 |
-
}
|
2 |
/*
|
3 |
Plugin Name: Stealth Login Page
|
4 |
Plugin URI: http://wordpress.org/extend/plugins/stealth-login-page/
|
5 |
+
Version: 4.0.0
|
6 |
Author: Jesse Petersen
|
7 |
Author URI: http://www.petersenmediagroup.com
|
8 |
+
Description: Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.
|
|
|
9 |
Domain Path: /languages/
|
10 |
*/
|
11 |
/*
|
12 |
Copyright 2013 Jesse Petersen
|
13 |
|
14 |
+
Thanks to Andrew Norcross (@norcross) for the original redirect code through v3.0.0
|
15 |
+
https://gist.github.com/norcross/4342231) and Billy Fairbank
|
16 |
+
(@billyfairbank) for the idea to turn it into a plugin.
|
17 |
|
18 |
Thanks to David Decker for DE localization: http://deckerweb.de/kontakt/
|
19 |
|
46 |
*/
|
47 |
|
48 |
/* Prevent direct access to the plugin */
|
49 |
+
if ( ! defined( 'ABSPATH' ) ) exit;
|
50 |
+
|
51 |
+
if ( ! class_exists( 'Stealth_Login_Page' ) ) :
|
52 |
|
|
|
53 |
/**
|
54 |
+
* Main Stealth_Login_Page Class
|
55 |
+
*
|
56 |
+
* @since 4.0.0
|
57 |
*/
|
58 |
+
final class Stealth_Login_Page {
|
59 |
+
|
60 |
+
/**
|
61 |
+
* @var Stealth_Login_Page The one true Stealth_Login_Page
|
62 |
+
* @since 4.0.0
|
63 |
+
*/
|
64 |
+
private static $instance;
|
65 |
+
|
66 |
+
/**
|
67 |
+
* Main Stealth_Login_Page Instance
|
68 |
+
*
|
69 |
+
* Ensures that only one instance of Stealth_Login_Page exists in memory at
|
70 |
+
* any one time. Also prevents needing to define globals all over the place.
|
71 |
+
*
|
72 |
+
* @since 4.0.0
|
73 |
+
* @static
|
74 |
+
* @staticvar array $instance
|
75 |
+
* @uses Stealth_Login_Page::setup_globals() Setup the globals needed
|
76 |
+
* @uses Stealth_Login_Page::includes() Include the required files
|
77 |
+
* @uses Stealth_Login_Page::setup_actions() Setup the hooks and actions
|
78 |
+
* @see SLP()
|
79 |
+
* @return The one true Stealth_Login_Page
|
80 |
+
*/
|
81 |
+
public static function instance() {
|
82 |
+
if ( ! isset( self::$instance ) && ! ( self::$instance instanceof Stealth_Login_Page ) ) {
|
83 |
+
self::$instance = new Stealth_Login_Page;
|
84 |
+
self::$instance->setup_constants();
|
85 |
+
self::$instance->includes();
|
86 |
+
self::$instance->load_textdomain();
|
87 |
+
}
|
88 |
+
return self::$instance;
|
89 |
+
}
|
90 |
|
91 |
+
/**
|
92 |
+
* Throw error on object clone
|
93 |
+
*
|
94 |
+
* The whole idea of the singleton design pattern is that there is a single
|
95 |
+
* object therefore, we don't want the object to be cloned.
|
96 |
+
*
|
97 |
+
* @since 4.0.0
|
98 |
+
* @access protected
|
99 |
+
* @return void
|
100 |
+
*/
|
101 |
+
public function __clone() {
|
102 |
+
// Cloning instances of the class is forbidden
|
103 |
+
_doing_it_wrong( __FUNCTION__, __( 'Cheatin’ huh?', 'slp' ), '1.6' );
|
104 |
+
}
|
105 |
|
106 |
+
/**
|
107 |
+
* Disable unserializing of the class
|
108 |
+
*
|
109 |
+
* @since 4.0.0
|
110 |
+
* @access protected
|
111 |
+
* @return void
|
112 |
+
*/
|
113 |
+
public function __wakeup() {
|
114 |
+
// Unserializing instances of the class is forbidden
|
115 |
+
_doing_it_wrong( __FUNCTION__, __( 'Cheatin’ huh?', 'slp' ), '1.6' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
116 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
|
118 |
+
/**
|
119 |
+
* Setup plugin constants
|
120 |
+
*
|
121 |
+
* @access private
|
122 |
+
* @since 4.0.0
|
123 |
+
* @return void
|
124 |
+
*/
|
125 |
+
private function setup_constants() {
|
126 |
+
// Plugin version
|
127 |
+
if ( ! defined( 'SLP_VERSION' ) )
|
128 |
+
define( 'SLP_VERSION', '4.0.0 ' );
|
129 |
+
|
130 |
+
// Plugin Folder Path
|
131 |
+
if ( ! defined( 'SLP_PLUGIN_DIR' ) )
|
132 |
+
define( 'SLP_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
133 |
+
|
134 |
+
// Plugin Folder URL
|
135 |
+
if ( ! defined( 'SLP_PLUGIN_URL' ) )
|
136 |
+
define( 'SLP_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
|
137 |
+
|
138 |
+
// Plugin Root File
|
139 |
+
if ( ! defined( 'SLP_PLUGIN_FILE' ) )
|
140 |
+
define( 'SLP_PLUGIN_FILE', __FILE__ );
|
141 |
+
}
|
142 |
|
143 |
+
/**
|
144 |
+
* Include required files
|
145 |
+
*
|
146 |
+
* @access private
|
147 |
+
* @since 4.0.0
|
148 |
+
* @return void
|
149 |
+
*/
|
150 |
+
private function includes() {
|
151 |
+
|
152 |
+
include( SLP_PLUGIN_DIR . 'includes/install.php' );
|
153 |
+
include( SLP_PLUGIN_DIR . 'includes/actions.php' );
|
154 |
+
|
155 |
+
if( is_admin() ) {
|
156 |
+
include( SLP_PLUGIN_DIR . 'includes/settings-page.php' );
|
157 |
+
}
|
158 |
+
else {
|
159 |
+
}
|
160 |
+
}
|
161 |
|
162 |
+
/**
|
163 |
+
* Loads the plugin language files
|
164 |
+
*
|
165 |
+
* @access public
|
166 |
+
* @since 4.0.0
|
167 |
+
* @return void
|
168 |
+
*/
|
169 |
+
public function load_textdomain() {
|
170 |
+
// Set filter for plugin's languages directory
|
171 |
+
$slp_lang_dir = dirname( plugin_basename( SLP_PLUGIN_FILE ) ) . '/languages/';
|
172 |
+
$slp_lang_dir = apply_filters( 'slp_languages_directory', $slp_lang_dir );
|
173 |
+
|
174 |
+
// Traditional WordPress plugin locale filter
|
175 |
+
$locale = apply_filters( 'plugin_locale', get_locale(), 'slp' );
|
176 |
+
$mofile = sprintf( '%1$s-%2$s.mo', 'slp', $locale );
|
177 |
+
|
178 |
+
// Setup paths to current locale file
|
179 |
+
$mofile_local = $slp_lang_dir . $mofile;
|
180 |
+
$mofile_global = WP_LANG_DIR . '/slp/' . $mofile;
|
181 |
+
|
182 |
+
if ( file_exists( $mofile_global ) ) {
|
183 |
+
// Look in global /wp-content/languages/slp folder
|
184 |
+
load_textdomain( 'slp', $mofile_global );
|
185 |
+
} elseif ( file_exists( $mofile_local ) ) {
|
186 |
+
// Look in local /wp-content/plugins/stealth-login-page/languages/ folder
|
187 |
+
load_textdomain( 'slp', $mofile_local );
|
188 |
+
} else {
|
189 |
+
// Load the default language files
|
190 |
+
load_plugin_textdomain( 'slp', false, $slp_lang_dir );
|
191 |
+
}
|
192 |
+
}
|
193 |
}
|
194 |
|
195 |
+
endif; // End if class_exists check
|
|
|
|
|
|
|
|
|
|
|
196 |
|
197 |
/**
|
198 |
+
* The main function responsible for returning the one true Stealth_Login_Page
|
199 |
+
* Instance to functions everywhere.
|
200 |
+
*
|
201 |
+
* Use this function like you would a global variable, except without needing
|
202 |
+
* to declare the global.
|
203 |
+
*
|
204 |
+
* Example: <?php $slp = SLP(); ?>
|
205 |
*
|
206 |
+
* @since 4.0.0
|
207 |
+
* @return object The one true Stealth_Login_Page Instance
|
|
|
|
|
208 |
*/
|
209 |
+
function SLP() {
|
210 |
+
return Stealth_Login_Page::instance();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
211 |
}
|
212 |
|
213 |
+
/**
|
214 |
+
* Global Variables
|
215 |
+
*
|
216 |
+
* @since 4.0.0
|
217 |
+
*/
|
218 |
+
|
219 |
+
global $slp_prefix;
|
220 |
$slp_prefix = 'slp_';
|
221 |
+
|
222 |
+
global $slp_plugin_name;
|
223 |
$slp_plugin_name = 'Stealth Login Page';
|
224 |
+
|
225 |
+
/* retrieve plugin settings from options table */
|
226 |
+
global $slp_options;
|
227 |
$slp_options = get_option('slp_settings');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
228 |
|
229 |
+
/* retrieve question from options table */
|
230 |
+
global $slp_auth_key;
|
231 |
+
$slp_auth_key = $slp_options['auth_key'];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
232 |
|
233 |
+
// Get SLP Running
|
234 |
+
SLP();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
readme.txt
CHANGED
@@ -1,28 +1,28 @@
|
|
1 |
=== Stealth Login Page ===
|
2 |
-
Contributors: peterdog
|
3 |
-
Donate link: https://www.
|
4 |
-
Tags: login, wp-admin, redirect, security
|
5 |
Requires at least: 3.4.2
|
6 |
-
Tested up to:
|
7 |
-
Stable tag:
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
11 |
-
Protect your
|
12 |
|
13 |
== Description ==
|
14 |
|
15 |
-
Protect your
|
16 |
|
17 |
= What it does =
|
18 |
|
19 |
-
Without locking down access via IP address or file permissions, this plugin creates a secret
|
20 |
|
21 |
-
This is the first plugin that blocks external bot login requests - login requests must
|
22 |
|
23 |
= Why it exists =
|
24 |
|
25 |
-
|
26 |
|
27 |
= NOTE =
|
28 |
|
@@ -32,17 +32,28 @@ This does NOT replace the need for security "best practices" such as a strong pa
|
|
32 |
|
33 |
1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
|
34 |
1. Activate the plugin through the 'Plugins' menu in WordPress
|
35 |
-
1. Configure the settings to create the secret
|
36 |
-
1. Verify it works by going to your
|
37 |
|
38 |
Add the following variables to wp-config.php if you are on a MU site and want to globally activate it with the same settings on all sites (change what is in quotes to your liking):
|
39 |
|
40 |
-
$slp_redirect
|
41 |
-
$
|
42 |
-
$slp_answer = "answer";
|
43 |
|
44 |
== Frequently Asked Questions ==
|
45 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46 |
= Does this work on MU sites? =
|
47 |
|
48 |
Version 3.0.0 and greater is fully network-activated, includes uninstall, and bypasses all the settings pages with wp-config.php variables. See the Intallation tab or above in this file for instructions.
|
@@ -55,18 +66,23 @@ We've realized that bots (or really bored people) can enter a URL string in the
|
|
55 |
|
56 |
Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.
|
57 |
|
58 |
-
= What do I do if I forget my
|
59 |
|
60 |
-
You'll need FTP access to your site. Renaming the stealth-login-page folder in /wp-content/plugins/ will remove the stealth security and allow you back into your dashboard.
|
61 |
|
62 |
== Screenshots ==
|
63 |
|
64 |
1. The options page.
|
65 |
-
|
66 |
-
|
67 |
|
68 |
== Changelog ==
|
69 |
|
|
|
|
|
|
|
|
|
|
|
70 |
= 3.0.0 =
|
71 |
* Added full MU support.
|
72 |
* Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
|
@@ -116,6 +132,12 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
|
|
116 |
|
117 |
== Upgrade Notice ==
|
118 |
|
|
|
|
|
|
|
|
|
|
|
|
|
119 |
= 3.0.0 =
|
120 |
* Added full MU support.
|
121 |
* Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
|
1 |
=== Stealth Login Page ===
|
2 |
+
Contributors: PMGLLC, peterdog
|
3 |
+
Donate link: https://www.petersenmediagroup.com/contribute
|
4 |
+
Tags: login, wp-login.php, two-form-factor, wp-admin, redirect, security
|
5 |
Requires at least: 3.4.2
|
6 |
+
Tested up to: 4.0.1
|
7 |
+
Stable tag: 4.0.0
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
11 |
+
Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.
|
12 |
|
13 |
== Description ==
|
14 |
|
15 |
+
Protect your dashboard with a game-changing authorization code. The login form will never be the same again.
|
16 |
|
17 |
= What it does =
|
18 |
|
19 |
+
Without locking down access via IP address or file permissions, this plugin creates a secret login authorizaiton code. Those who do not enter this additional authorization will be automatcally redirected to a customizable URL.
|
20 |
|
21 |
+
This is the first plugin that blocks external bot login requests - login requests must comply with the full login sequence or the request is rejected.
|
22 |
|
23 |
= Why it exists =
|
24 |
|
25 |
+
To screw with hackers, brute-force attacks, and bot-nets. Screw with them, too.
|
26 |
|
27 |
= NOTE =
|
28 |
|
32 |
|
33 |
1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
|
34 |
1. Activate the plugin through the 'Plugins' menu in WordPress
|
35 |
+
1. Configure the settings to create the secret authorization code and redirect URL.
|
36 |
+
1. Verify it works by going to your login form.
|
37 |
|
38 |
Add the following variables to wp-config.php if you are on a MU site and want to globally activate it with the same settings on all sites (change what is in quotes to your liking):
|
39 |
|
40 |
+
$slp_redirect "URL";
|
41 |
+
$slp_authorization "string";
|
|
|
42 |
|
43 |
== Frequently Asked Questions ==
|
44 |
|
45 |
+
= I've been locked out! HELP! =
|
46 |
+
|
47 |
+
Step 1: breathe
|
48 |
+
Step 2: login to FTP or hosting and rename the stealth-login-page folder in /wp-content/plugins
|
49 |
+
Step 3: login
|
50 |
+
|
51 |
+
If those steps don't work, then it's possible you have a server caching or a caching plugin or a CDN that is still delivering the plugin files. Clear all caches (not your browser cache).
|
52 |
+
|
53 |
+
= I never got an e-mail of the code when I clicked the checkbox. =
|
54 |
+
|
55 |
+
Ensure that you clicked the Save Settings button after the box was checked. In every case I've seen, clicking it a second time always sends it.
|
56 |
+
|
57 |
= Does this work on MU sites? =
|
58 |
|
59 |
Version 3.0.0 and greater is fully network-activated, includes uninstall, and bypasses all the settings pages with wp-config.php variables. See the Intallation tab or above in this file for instructions.
|
66 |
|
67 |
Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.
|
68 |
|
69 |
+
= What do I do if I forget my code and can't find the e-mail the plugin sent me? =
|
70 |
|
71 |
+
You'll need FTP access to your site. Renaming the stealth-login-page folder in /wp-content/plugins/ will remove the stealth security and allow you back into your dashboard. If you have used variables in the wp-config.php file, delete or comment out those lines.
|
72 |
|
73 |
== Screenshots ==
|
74 |
|
75 |
1. The options page.
|
76 |
+
2. Before.
|
77 |
+
3. After.
|
78 |
|
79 |
== Changelog ==
|
80 |
|
81 |
+
= 4.0.0 =
|
82 |
+
* TOTALLY re-worked mehodology. It is backwards compatible.
|
83 |
+
* WordPress 3.6 compatibility.
|
84 |
+
* Complete re-build of the structure, code, and methodology of its security.
|
85 |
+
|
86 |
= 3.0.0 =
|
87 |
* Added full MU support.
|
88 |
* Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
|
132 |
|
133 |
== Upgrade Notice ==
|
134 |
|
135 |
+
= 4.0.0 =
|
136 |
+
* Visit the settings page to enable NEW settings.
|
137 |
+
* TOTALLY re-worked mehodology. It is backwards compatible, so if you don't change anything, it will still work, but you WON'T see new benefits.
|
138 |
+
* WordPress 3.6 compatibility.
|
139 |
+
* Complete re-build of the structure, code, and methodology of its security.
|
140 |
+
|
141 |
= 3.0.0 =
|
142 |
* Added full MU support.
|
143 |
* Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
|
uninstall.php
CHANGED
@@ -1,4 +1,14 @@
|
|
1 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
if (!defined('WP_UNINSTALL_PLUGIN')) {
|
3 |
header('Status: 403 Forbidden');
|
4 |
header('HTTP/1.1 403 Forbidden');
|
@@ -13,7 +23,7 @@ if ( !current_user_can( 'install_plugins' ) )
|
|
13 |
wp_die( 'You do not have permission to run this script.' );
|
14 |
|
15 |
function slp_uninstall() {
|
16 |
-
delete_option('
|
17 |
}
|
18 |
|
19 |
global $wpdb;
|
1 |
<?php
|
2 |
+
/**
|
3 |
+
* Uninstall
|
4 |
+
*
|
5 |
+
* @package SLP
|
6 |
+
* @subpackage Uninstall
|
7 |
+
* @copyright Copyright (c) 2013, Jesse Petersen
|
8 |
+
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
|
9 |
+
* @since 3.0.0
|
10 |
+
*/
|
11 |
+
|
12 |
if (!defined('WP_UNINSTALL_PLUGIN')) {
|
13 |
header('Status: 403 Forbidden');
|
14 |
header('HTTP/1.1 403 Forbidden');
|
23 |
wp_die( 'You do not have permission to run this script.' );
|
24 |
|
25 |
function slp_uninstall() {
|
26 |
+
delete_option('slp_settings');
|
27 |
}
|
28 |
|
29 |
global $wpdb;
|