Version Description
- Simplify code and deal with undefined request and other argument issues
Download this release
Release Info
Developer | llocally |
Plugin | Stop User Enumeration |
Version | 1.3.4 |
Comparing to | |
See all releases |
Code changes from version 1.3.3 to 1.3.4
- readme.txt +5 -2
- stop-user-enumeration.php +11 -33
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: fullworks
|
3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
4 |
Requires at least: 3.4
|
5 |
-
Tested up to: 4.
|
6 |
-
Stable tag: 1.3.
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
@@ -40,6 +40,9 @@ Adjusted to your own requirements.
|
|
40 |
|
41 |
== Changelog ==
|
42 |
=
|
|
|
|
|
|
|
43 |
= 1.3.3 =
|
44 |
|
45 |
* Correct issue of undefined index in certain conditions
|
2 |
Contributors: fullworks
|
3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
4 |
Requires at least: 3.4
|
5 |
+
Tested up to: 4.4.2
|
6 |
+
Stable tag: 1.3.4
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
40 |
|
41 |
== Changelog ==
|
42 |
=
|
43 |
+
= 1.3.4 =
|
44 |
+
|
45 |
+
* Simplify code and deal with undefined request and other argument issues
|
46 |
= 1.3.3 =
|
47 |
|
48 |
* Correct issue of undefined index in certain conditions
|
stop-user-enumeration.php
CHANGED
@@ -1,11 +1,11 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
-
Plugin URI: http://
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
-
Version: 1.3.
|
7 |
-
Author:
|
8 |
-
Author URI: http://
|
9 |
License: GPLv2 or later
|
10 |
*/
|
11 |
|
@@ -25,41 +25,19 @@ along with this program; if not, write to the Free Software
|
|
25 |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
26 |
*/
|
27 |
|
28 |
-
if ( ! is_admin()){
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
}
|
35 |
-
|
36 |
-
if(preg_match('/author=([0-9]*)/', $_SERVER['QUERY_STRING']) === 1)
|
37 |
-
ll_kill_enumeration();
|
38 |
-
|
39 |
-
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
40 |
-
}
|
41 |
-
}
|
42 |
-
|
43 |
-
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
44 |
-
function ll_detect_enumeration ($redirect_url, $requested_url) {
|
45 |
-
if (preg_match('/\?author(%00[0%]*)?=([0-9]*)(\/*)/', $requested_url)===1 | isset($_POST['author']) ) {
|
46 |
-
ll_kill_enumeration();
|
47 |
-
} else {
|
48 |
-
return $redirect_url;
|
49 |
-
}
|
50 |
}
|
51 |
|
52 |
-
function ll_kill_enumeration() {
|
53 |
-
openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
|
54 |
-
syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
|
55 |
-
closelog();
|
56 |
-
wp_die('forbidden');
|
57 |
-
}
|
58 |
add_action('plugin_row_meta', 'sue_plugin_row_meta', 10, 2 );
|
59 |
-
|
60 |
function sue_plugin_row_meta( $links, $file = '' ){
|
61 |
if( false !== strpos($file , '/stop-user-enumeration.php') ){
|
62 |
-
$links[] = '<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4EMTVFMKXRRYY"><strong>Donate</strong></a>';
|
63 |
}
|
64 |
return $links;
|
65 |
}
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
+
Plugin URI: http://fullworks.net/wordpress-plugins/stop-user-enumeration/
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
+
Version: 1.3.4
|
7 |
+
Author: Fullworks Digital Ltd
|
8 |
+
Author URI: http://fullworks.net
|
9 |
License: GPLv2 or later
|
10 |
*/
|
11 |
|
25 |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
26 |
*/
|
27 |
|
28 |
+
if ( ! is_admin() && isset($_SERVER['REQUEST_URI'])){
|
29 |
+
if(preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0 && !empty($_REQUEST['author']) ) {
|
30 |
+
openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
|
31 |
+
syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
|
32 |
+
closelog();
|
33 |
+
wp_die('forbidden');
|
34 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
}
|
36 |
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
add_action('plugin_row_meta', 'sue_plugin_row_meta', 10, 2 );
|
|
|
38 |
function sue_plugin_row_meta( $links, $file = '' ){
|
39 |
if( false !== strpos($file , '/stop-user-enumeration.php') ){
|
40 |
+
$links[] = '<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4EMTVFMKXRRYY"><strong>Please Donate (even 50 cents)</strong></a>';
|
41 |
}
|
42 |
return $links;
|
43 |
}
|