Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.5

Version Description

This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.

=

Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.5
Comparing to
See all releases

Code changes from version 1.8.4 to 1.8.5

Files changed (74) hide show
  1. inc/tpl/auditlogs-report.html.tpl +6 -11
  2. inc/tpl/auditlogs.html.tpl +5 -15
  3. inc/tpl/dashboard.html.tpl +2 -2
  4. inc/tpl/firewall-auditlogs.html.tpl +8 -17
  5. inc/tpl/firewall-clearcache.html.tpl +5 -44
  6. inc/tpl/firewall-settings.html.tpl +10 -28
  7. inc/tpl/firewall.html.tpl +3 -3
  8. inc/tpl/integrity-correct.html.tpl +5 -17
  9. inc/tpl/integrity-diff-utility.html.tpl +2 -14
  10. inc/tpl/integrity-incorrect.html.tpl +16 -35
  11. inc/tpl/integrity-notification.html.tpl +7 -31
  12. inc/tpl/integrity.html.tpl +3 -9
  13. inc/tpl/lastlogins-admins.html.tpl +5 -7
  14. inc/tpl/lastlogins-admins.snippet.tpl +4 -4
  15. inc/tpl/lastlogins-all.html.tpl +8 -10
  16. inc/tpl/lastlogins-all.snippet.tpl +1 -1
  17. inc/tpl/lastlogins-blockedusers.html.tpl +10 -25
  18. inc/tpl/lastlogins-failedlogins.html.tpl +9 -31
  19. inc/tpl/lastlogins-loggedin.html.tpl +7 -9
  20. inc/tpl/lastlogins-loggedin.snippet.tpl +1 -1
  21. inc/tpl/lastlogins.html.tpl +5 -5
  22. inc/tpl/notification-pretty.html.tpl +5 -5
  23. inc/tpl/notification-simple.html.tpl +5 -5
  24. inc/tpl/register-site.html.tpl +7 -22
  25. inc/tpl/settings-alerts-bruteforce.html.tpl +4 -20
  26. inc/tpl/settings-alerts-events.html.tpl +3 -19
  27. inc/tpl/settings-alerts-ignore-posts.html.tpl +9 -29
  28. inc/tpl/settings-alerts-perhour.html.tpl +4 -20
  29. inc/tpl/settings-alerts-recipients.html.tpl +7 -24
  30. inc/tpl/settings-alerts-subject.html.tpl +4 -10
  31. inc/tpl/settings-alerts-trustedips.html.tpl +9 -15
  32. inc/tpl/settings-apirecovery.html.tpl +4 -18
  33. inc/tpl/settings-apiregistered.html.tpl +4 -16
  34. inc/tpl/settings-apiservice-proxy.html.tpl +6 -15
  35. inc/tpl/settings-apiservice-status.html.tpl +4 -28
  36. inc/tpl/settings-apiservice-timeout.html.tpl +5 -24
  37. inc/tpl/settings-general-apikey.html.tpl +9 -38
  38. inc/tpl/settings-general-auditlogstats.html.tpl +4 -17
  39. inc/tpl/settings-general-commentmonitor.html.tpl +3 -19
  40. inc/tpl/settings-general-cronjobs.html.tpl +8 -23
  41. inc/tpl/settings-general-datastorage.html.tpl +30 -58
  42. inc/tpl/settings-general-importexport.html.tpl +4 -18
  43. inc/tpl/settings-general-ipdiscoverer.html.tpl +9 -35
  44. inc/tpl/settings-general-resetoptions.html.tpl +4 -11
  45. inc/tpl/settings-general-reverseproxy.html.tpl +3 -30
  46. inc/tpl/settings-general-selfhosting.html.tpl +5 -30
  47. inc/tpl/settings-hardening-whitelist-phpfiles.html.tpl +9 -38
  48. inc/tpl/settings-posthack-available-updates-alert.html.tpl +5 -24
  49. inc/tpl/settings-posthack-available-updates.html.tpl +7 -13
  50. inc/tpl/settings-posthack-available-updates.snippet.tpl +1 -1
  51. inc/tpl/settings-posthack-reset-password-alert.html.tpl +1 -5
  52. inc/tpl/settings-posthack-reset-password.html.tpl +8 -22
  53. inc/tpl/settings-posthack-reset-plugins.html.tpl +11 -30
  54. inc/tpl/settings-posthack-security-keys.html.tpl +8 -16
  55. inc/tpl/settings-scanner-ignore-folders.html.tpl +11 -18
  56. inc/tpl/settings-scanner-integrity-cache.html.tpl +7 -17
  57. inc/tpl/settings-scanner-integrity-diff-utility.html.tpl +3 -19
  58. inc/tpl/settings-scanner-integrity-language.html.tpl +4 -18
  59. inc/tpl/settings-scanner-options.html.tpl +5 -23
  60. inc/tpl/settings-webinfo-details.html.tpl +1 -1
  61. inc/tpl/settings-webinfo-htaccess.html.tpl +6 -19
  62. inc/tpl/settings-webinfo-wpconfig.html.tpl +3 -3
  63. inc/tpl/settings.html.tpl +7 -7
  64. inc/tpl/sitecheck-malware.html.tpl +1 -7
  65. inc/tpl/sitecheck-malware.snippet.tpl +1 -1
  66. inc/tpl/sitecheck-recommendations.html.tpl +1 -1
  67. languages/sucuri-scanner-en_US.mo +0 -0
  68. languages/sucuri-scanner-en_US.po +642 -9
  69. languages/sucuri-scanner-es_ES.mo +0 -0
  70. languages/sucuri-scanner-es_ES.po +1488 -0
  71. readme.txt +7 -2
  72. src/settings-general.php +2 -2
  73. src/settings-hardening.php +8 -4
  74. sucuri.php +2 -2
inc/tpl/auditlogs-report.html.tpl CHANGED
@@ -74,35 +74,30 @@ jQuery(function ($) {
74
75
<div class="sucuriscan-audit-report">
76
<div class="sucuriscan-inline-alert-info">
77
- <p>
78
- The data used to generate these charts comes from the last
79
- <strong>%%SUCURI.AuditReport.Logs4Report%% audit logs</strong>, you can
80
- configure this number from the plugin settings page, you can also disable
81
- and enable this panel from there at any time.
82
- </p>
83
</div>
84
85
<div id="sucuriscan-audit-report-response">
86
- <p>Loading...</p>
87
</div>
88
89
<div class="sucuriscan-report-chart sucuriscan-hidden">
90
- <h4>Audit Logs per Event</h4>
91
<div id="sucuriscan-report-events-per-type"></div>
92
</div>
93
94
<div class="sucuriscan-report-chart sucuriscan-hidden">
95
- <h4>Successful/Failed Logins</h4>
96
<div id="sucuriscan-report-events-per-login"></div>
97
</div>
98
99
<div class="sucuriscan-report-chart sucuriscan-hidden">
100
- <h4>Audit Logs per User</h4>
101
<div id="sucuriscan-report-events-per-user"></div>
102
</div>
103
104
<div class="sucuriscan-report-chart sucuriscan-hidden">
105
- <h4>Audit Logs per IP Address</h4>
106
<div id="sucuriscan-report-events-per-ipaddress"></div>
107
</div>
108
</div>
74
75
<div class="sucuriscan-audit-report">
76
<div class="sucuriscan-inline-alert-info">
77
+ <p>@@SUCURI.LogsReportInfo@@</p>
78
</div>
79
80
<div id="sucuriscan-audit-report-response">
81
+ <p>@@SUCURI.Loading@@</p>
82
</div>
83
84
<div class="sucuriscan-report-chart sucuriscan-hidden">
85
+ <h4>@@SUCURI.LogsPerEvent@@</h4>
86
<div id="sucuriscan-report-events-per-type"></div>
87
</div>
88
89
<div class="sucuriscan-report-chart sucuriscan-hidden">
90
+ <h4>@@SUCURI.LogsForLogins@@</h4>
91
<div id="sucuriscan-report-events-per-login"></div>
92
</div>
93
94
<div class="sucuriscan-report-chart sucuriscan-hidden">
95
+ <h4>@@SUCURI.LogsPerUser@@</h4>
96
<div id="sucuriscan-report-events-per-user"></div>
97
</div>
98
99
<div class="sucuriscan-report-chart sucuriscan-hidden">
100
+ <h4>@@SUCURI.LogsPerIP@@</h4>
101
<div id="sucuriscan-report-events-per-ipaddress"></div>
102
</div>
103
</div>
inc/tpl/auditlogs.html.tpl CHANGED
@@ -11,10 +11,10 @@ jQuery(function ($) {
11
}
12
13
if (reset === true) {
14
- $('.sucuriscan-auditlog-response').html('<em>Loading...</em>');
15
}
16
17
- $('.sucuriscan-pagination-loading').html('Loading...');
18
19
$.post(url, {
20
action: 'sucuriscan_ajax',
@@ -70,25 +70,15 @@ jQuery(function ($) {
70
71
<div class="sucuriscan-auditlog-table">
72
<div id="sucuriscan-auditlog-selfhosting" class="sucuriscan-inline-alert-info sucuriscan-hidden">
73
- <p>
74
- You don't have a valid API key to communicate with the remote API
75
- service. However, the self-hosting monitor is enabled, the plugin
76
- will read the logs from that file and display the data here. Notice
77
- that only the latest logs will be processed to keep a low memory
78
- footprint. Consider to generate a free API key to get a better
79
- coverage of the activity in your website.
80
- </p>
81
</div>
82
83
<div class="sucuriscan-auditlog-response">
84
- <em>Loading...</em>
85
</div>
86
87
<div>
88
- <small>
89
- This data is cached for %%SUCURI.AuditLogs.Lifetime%% seconds
90
- &mdash; <a href="#" class="sucuriscan-reset-auditlogs">refresh</a>
91
- </small>
92
</div>
93
94
<div class="sucuriscan-clearfix">
11
}
12
13
if (reset === true) {
14
+ $('.sucuriscan-auditlog-response').html('<em>@@SUCURI.Loading@@</em>');
15
}
16
17
+ $('.sucuriscan-pagination-loading').html('@@SUCURI.Loading@@');
18
19
$.post(url, {
20
action: 'sucuriscan_ajax',
70
71
<div class="sucuriscan-auditlog-table">
72
<div id="sucuriscan-auditlog-selfhosting" class="sucuriscan-inline-alert-info sucuriscan-hidden">
73
+ <p>@@SUCURI.SelfHostingFallback@@</p>
74
</div>
75
76
<div class="sucuriscan-auditlog-response">
77
+ <em>@@SUCURI.Loading@@</em>
78
</div>
79
80
<div>
81
+ <small>@@SUCURI.AuditLogsCache@@ &mdash; <a href="#" class="sucuriscan-reset-auditlogs">@@SUCURI.Refresh@@</a></small>
82
</div>
83
84
<div class="sucuriscan-clearfix">
inc/tpl/dashboard.html.tpl CHANGED
@@ -30,8 +30,8 @@ jQuery(function ($) {
30
<div class="sucuriscan-panel">
31
<div class="sucuriscan-tabs">
32
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
33
- <li><a href="%%SUCURI.URL.Dashboard%%#auditlogs">Audit Logs</a></li>
34
- <li><a href="%%SUCURI.URL.Dashboard%%#stats">Statistics</a></li>
35
<li><a href="%%SUCURI.URL.Dashboard%%#iframes" id="sucuriscan-title-iframes">%%SUCURI.SiteCheck.iFramesTitle%%</a></li>
36
<li><a href="%%SUCURI.URL.Dashboard%%#links" id="sucuriscan-title-links">%%SUCURI.SiteCheck.LinksTitle%%</a></li>
37
<li><a href="%%SUCURI.URL.Dashboard%%#scripts" id="sucuriscan-title-scripts">%%SUCURI.SiteCheck.ScriptsTitle%%</a></li>
30
<div class="sucuriscan-panel">
31
<div class="sucuriscan-tabs">
32
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
33
+ <li><a href="%%SUCURI.URL.Dashboard%%#auditlogs">@@SUCURI.AuditLogs@@</a></li>
34
+ <li><a href="%%SUCURI.URL.Dashboard%%#stats">@@SUCURI.Statistics@@</a></li>
35
<li><a href="%%SUCURI.URL.Dashboard%%#iframes" id="sucuriscan-title-iframes">%%SUCURI.SiteCheck.iFramesTitle%%</a></li>
36
<li><a href="%%SUCURI.URL.Dashboard%%#links" id="sucuriscan-title-links">%%SUCURI.SiteCheck.LinksTitle%%</a></li>
37
<li><a href="%%SUCURI.URL.Dashboard%%#scripts" id="sucuriscan-title-scripts">%%SUCURI.SiteCheck.ScriptsTitle%%</a></li>
inc/tpl/firewall-auditlogs.html.tpl CHANGED
@@ -1,21 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Firewall Audit Logs</h3>
4
5
<div class="inside">
6
- <p>
7
- The firewall logs every request involved in an attack and separates
8
- them from the legitimate requests. You can analyze the data from the
9
- latest entries in the logs using this tool and take action either
10
- enabling the advanced features of the IDS <em>(Intrusion Detection
11
- System)</em> from the <a target="_blank" href="https://waf.sucuri.net/?settings">
12
- Firewall Dashboard</a> and/or blocking IP addresses and URL paths
13
- directly from the <a href="https://waf.sucuri.net/?audit" target="_blank">
14
- Firewall Audit Trails</a> page.
15
- </p>
16
17
<div class="sucuriscan-inline-alert-info">
18
- <p>Note that non-blocked requests are hidden from the logs, this is intentional.</p>
19
</div>
20
21
<script type="text/javascript">
@@ -28,7 +19,7 @@
28
var params = {};
29
30
$('.sucuriscan-firewall-auditlogs tbody')
31
- .html('<tr><td><em>Loading...</em></td></tr>');
32
33
params.action = 'sucuriscan_ajax';
34
params.form_action = 'get_firewall_logs';
@@ -53,24 +44,24 @@
53
54
<form action="%%SUCURI.URL.Firewall%%#auditlogs" method="post">
55
<fieldset class="sucuriscan-clearfix">
56
- <label>Filter Audit Logs:</label>
57
<input type="text" id="sucuriscan_firewall_query" />
58
<select id="sucuriscan_firewall_day">%%%SUCURI.AuditLogs.DateDays%%%</select>
59
<select id="sucuriscan_firewall_month">%%%SUCURI.AuditLogs.DateMonths%%%</select>
60
<select id="sucuriscan_firewall_year">%%%SUCURI.AuditLogs.DateYears%%%</select>
61
- <button id="sucuriscan-firewall-auditlogs-button" class="button button-primary">Retrieve Logs</button>
62
</fieldset>
63
64
<table class="wp-list-table widefat sucuriscan-table sucuriscan-firewall-auditlogs">
65
<thead>
66
<tr>
67
- <th>Audit Logs</th>
68
</tr>
69
</thead>
70
71
<tbody>
72
<tr>
73
- <td><em>Loading...</em></td>
74
</tr>
75
</tbody>
76
</table>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.FirewallLogsTitle@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.FirewallLogsInfo@@</p>
7
8
<div class="sucuriscan-inline-alert-info">
9
+ <p>@@SUCURI.FirewallLogsNote@@</p>
10
</div>
11
12
<script type="text/javascript">
19
var params = {};
20
21
$('.sucuriscan-firewall-auditlogs tbody')
22
+ .html('<tr><td><em>@@SUCURI.Loading@@</em></td></tr>');
23
24
params.action = 'sucuriscan_ajax';
25
params.form_action = 'get_firewall_logs';
44
45
<form action="%%SUCURI.URL.Firewall%%#auditlogs" method="post">
46
<fieldset class="sucuriscan-clearfix">
47
+ <label>@@SUCURI.Search@@:</label>
48
<input type="text" id="sucuriscan_firewall_query" />
49
<select id="sucuriscan_firewall_day">%%%SUCURI.AuditLogs.DateDays%%%</select>
50
<select id="sucuriscan_firewall_month">%%%SUCURI.AuditLogs.DateMonths%%%</select>
51
<select id="sucuriscan_firewall_year">%%%SUCURI.AuditLogs.DateYears%%%</select>
52
+ <button id="sucuriscan-firewall-auditlogs-button" class="button button-primary">@@SUCURI.Submit@@</button>
53
</fieldset>
54
55
<table class="wp-list-table widefat sucuriscan-table sucuriscan-firewall-auditlogs">
56
<thead>
57
<tr>
58
+ <th>@@SUCURI.FirewallLogsTitle@@</th>
59
</tr>
60
</thead>
61
62
<tbody>
63
<tr>
64
+ <td><em>@@SUCURI.Loading@@</em></td>
65
</tr>
66
</tbody>
67
</table>
inc/tpl/firewall-clearcache.html.tpl CHANGED
@@ -1,59 +1,20 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Clear Cache</h3>
4
5
<div class="inside">
6
- <p>
7
- The firewall offers multiple options to configure the cache level
8
- applied to your website. You can either enable the full cache which
9
- is the recommended setting, or you can set the cache level to minimal
10
- which will keep the pages static for a couple of minutes, or force
11
- the usage of the website headers <em>(only for advanced users)</em>,
12
- or in extreme cases where you do not need the cache you can simply
13
- disable it. Find more information about it in the <a target="_blank"
14
- href="https://kb.sucuri.net/cloudproxy/Performance/caching-options">
15
- Sucuri Knowledge Base</a> website.
16
- </p>
17
18
<div class="sucuriscan-inline-alert-info">
19
- <p>
20
- Note that the firewall has <a href="https://kb.sucuri.net/cloudproxy/Performance/cache-exceptions"
21
- target="_blank">special caching rules</a> for Images, CSS, PDF,
22
- TXT, JavaScript, media files and a few more extensions that are
23
- stored on our <a href="https://en.wikipedia.org/wiki/Edge_device"
24
- target="_blank" rel="noopener">edge</a>. The only way to flush the cache for
25
- these files is by clearing the firewall's cache completely
26
- <em>(for the whole website)</em>.
27
- </p>
28
</div>
29
30
- <div class="sucuriscan-inline-alert-error">
31
- <p>
32
- Due to our caching of JavaScript and CSS files, often, as is best practice, the
33
- use of versioning during development will ensure updates going live as expected.
34
- This is done by adding a query string such as <code>?ver=1.2.3</code> and
35
- incrementing on each update.
36
- </p>
37
- </div>
38
-
39
- <p>
40
- A web cache (or HTTP cache) is an information technology for the temporary
41
- storage (caching) of web documents, such as HTML pages and images, to reduce
42
- bandwidth usage, server load, and perceived lag. A web cache system stores
43
- copies of documents passing through it; subsequent requests may be satisfied
44
- from the cache if certain conditions are met. A web cache system can refer
45
- either to an appliance, or to a computer program.
46
- </p>
47
-
48
- <p>
49
- More info at <a href="https://en.wikipedia.org/wiki/Web_cache" target="_blank" rel="noopener">
50
- WikiPedia - Web Cache</a>
51
- </p>
52
53
<form action="%%SUCURI.URL.Firewall%%#clearcache" method="post">
54
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
55
<input type="hidden" name="sucuriscan_clear_cache" value="1" />
56
- <input type="submit" value="Clear Cache" class="button button-primary" />
57
</form>
58
</div>
59
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.FirewallCacheTitle@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.FirewallCacheInfo@@</p>
7
8
<div class="sucuriscan-inline-alert-info">
9
+ <p>@@SUCURI.FirewallCacheNote@@</p>
10
</div>
11
12
+ <p>@@SUCURI.FirewallCacheWiki@@</p>
13
14
<form action="%%SUCURI.URL.Firewall%%#clearcache" method="post">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
<input type="hidden" name="sucuriscan_clear_cache" value="1" />
17
+ <input type="submit" value="@@SUCURI.FirewallCacheButton@@" class="button button-primary" />
18
</form>
19
</div>
20
</div>
inc/tpl/firewall-settings.html.tpl CHANGED
@@ -1,48 +1,37 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Firewall Settings</h3>
4
5
<div class="inside">
6
- <p>
7
- A powerful Web Application Firewall and <b>Intrusion Detection System</b>
8
- for any WordPress user and many other platforms. This page will help you
9
- to configure and monitor your site through the <b>Sucuri Firewall</b>.
10
- Once enabled, our firewall will act as a shield, protecting your site
11
- from attacks and preventing malware infections and reinfections. It
12
- will block SQL injection attempts, brute force attacks, XSS, RFI,
13
- backdoors and many other threats against your site.
14
- </p>
15
16
<div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
17
- <p>
18
- Add your <a href="https://waf.sucuri.net/?settings&panel=api"
19
- target="_blank">Firewall API key</a> in the form below to start
20
- communicating with the firewall API service.
21
- </p>
22
</div>
23
24
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-firewall-apikey sucuriscan-%%SUCURI.Firewall.APIKeyVisibility%%">
25
<span class="sucuriscan-monospace">%%SUCURI.Firewall.APIKey%%</span>
26
<form action="%%SUCURI.URL.Firewall%%" method="post">
27
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
28
- <button type="submit" name="sucuriscan_delete_wafkey" class="button button-primary">Delete</button>
29
</form>
30
</div>
31
32
<form action="%%SUCURI.URL.Firewall%%" method="post" class="sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
33
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
34
<fieldset class="sucuriscan-clearfix">
35
- <label>Firewall API Key:</label>
36
<input type="text" name="sucuriscan_cloudproxy_apikey" />
37
- <button type="submit" class="button button-primary">Save</button>
38
</fieldset>
39
</form>
40
41
<table class="wp-list-table widefat sucuriscan-table sucuriscan-firewall-settings sucuriscan-%%SUCURI.Firewall.SettingsVisibility%%">
42
<thead>
43
<tr>
44
- <th>Setting Name</th>
45
- <th>Setting Value</th>
46
</tr>
47
</thead>
48
@@ -51,13 +40,6 @@
51
</tbody>
52
</table>
53
54
- <p>
55
- <em>[1]</em> More information about the <a href="https://sucuri.net/website-firewall/"
56
- target="_blank">Sucuri Firewall</a>, features and pricing.<br>
57
- <em>[2]</em> Instructions and videos in the official <a href="https://kb.sucuri.net/cloudproxy"
58
- target="_blank">Knowledge Base</a> site.<br>
59
- <em>[3]</em> <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank">
60
- Sign up</a> for a new account and start protecting your site.
61
- </p>
62
</div>
63
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.FirewallSettingsTitle@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.FirewallSettingsInfo@@</p>
7
8
<div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
9
+ <p>@@SUCURI.FirewallAddKey@@</p>
10
</div>
11
12
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-firewall-apikey sucuriscan-%%SUCURI.Firewall.APIKeyVisibility%%">
13
<span class="sucuriscan-monospace">%%SUCURI.Firewall.APIKey%%</span>
14
<form action="%%SUCURI.URL.Firewall%%" method="post">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
+ <button type="submit" name="sucuriscan_delete_wafkey" class="button button-primary">@@SUCURI.Delete@@</button>
17
</form>
18
</div>
19
20
<form action="%%SUCURI.URL.Firewall%%" method="post" class="sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
21
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
22
<fieldset class="sucuriscan-clearfix">
23
+ <label>@@SUCURI.FirewallKey@@:</label>
24
<input type="text" name="sucuriscan_cloudproxy_apikey" />
25
+ <button type="submit" class="button button-primary">@@SUCURI.Save@@</button>
26
</fieldset>
27
+ <br>
28
</form>
29
30
<table class="wp-list-table widefat sucuriscan-table sucuriscan-firewall-settings sucuriscan-%%SUCURI.Firewall.SettingsVisibility%%">
31
<thead>
32
<tr>
33
+ <th>@@SUCURI.Name@@</th>
34
+ <th>@@SUCURI.Value@@</th>
35
</tr>
36
</thead>
37
40
</tbody>
41
</table>
42
43
+ <p>@@SUCURI.FirewallFootNote@@</p>
44
</div>
45
</div>
inc/tpl/firewall.html.tpl CHANGED
@@ -1,9 +1,9 @@
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
- <li><a href="%%SUCURI.URL.Firewall%%#settings">Settings</a></li>
5
- <li><a href="%%SUCURI.URL.Firewall%%#auditlogs">Audit Logs</a></li>
6
- <li><a href="%%SUCURI.URL.Firewall%%#clearcache">Clear Cache</a></li>
7
</ul>
8
9
<div class="sucuriscan-tabs-containers">
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
+ <li><a href="%%SUCURI.URL.Firewall%%#settings">@@SUCURI.Settings@@</a></li>
5
+ <li><a href="%%SUCURI.URL.Firewall%%#auditlogs">@@SUCURI.AuditLogs@@</a></li>
6
+ <li><a href="%%SUCURI.URL.Firewall%%#clearcache">@@SUCURI.ClearCache@@</a></li>
7
</ul>
8
9
<div class="sucuriscan-tabs-containers">
inc/tpl/integrity-correct.html.tpl CHANGED
@@ -2,29 +2,17 @@
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-correct">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
- <h2 class="sucuriscan-title">WordPress Integrity</h2>
6
7
- <p>
8
- We inspect your WordPress installation and look for modifications
9
- on the core files as provided by WordPress.org. Files located in
10
- the root directory, wp-admin and wp-includes will be compared against
11
- the files distributed with v%%SUCURI.WordPressVersion%%; all files with
12
- inconsistencies will be listed here. Any changes might indicate a hack.
13
- </p>
14
</div>
15
16
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
17
- <h2 class="sucuriscan-subtitle">All Core WordPress Files Are Correct</h2>
18
19
- <p>
20
- We have not identified additional files, deleted files, or relevant
21
- changes to the core files in your WordPress installation. If you are
22
- experiencing other malware issues, please use a <a target="_blank"
23
- href="https://sucuri.net/website-security/malware-removal">Server
24
- Side Scanner</a>.
25
- </p>
26
27
- <p><a href="%%SUCURI.URL.Settings%%#scanner">Review False/Positives</a></p>
28
</div>
29
</div>
30
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-correct">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
+ <h2 class="sucuriscan-title">@@SUCURI.IntegrityTitle@@</h2>
6
7
+ <p>@@SUCURI.IntegrityDescription@@</p>
8
</div>
9
10
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
11
+ <h2 class="sucuriscan-subtitle">@@SUCURI.IntegrityGoodTitle@@</h2>
12
13
+ <p>@@SUCURI.IntegrityGoodDescription@@</p>
14
15
+ <p><a href="%%SUCURI.URL.Settings%%#scanner">@@SUCURI.ReviewFalsePositives@@</a></p>
16
</div>
17
</div>
18
inc/tpl/integrity-diff-utility.html.tpl CHANGED
@@ -1,23 +1,11 @@
1
2
<div class="sucuriscan-integrity-diff-utility">
3
<div class="sucuriscan-inline-alert-info">
4
- <p>
5
- The Unix Diff Utility is enabled. You can click the files marked
6
- as modified <em>(the ones with the purple flag)</em> to see the
7
- differences detected by the scanner. If you consider the differences
8
- to be harmless you can mark the file as fixed, otherwise it is adviced
9
- to restore the original content immediately.
10
- </p>
11
</div>
12
13
<div class="sucuriscan-hidden sucuriscan-diff-instructions">
14
- <p>
15
- Lines with a <b>minus</b> sign as the prefix <em>(here in red)</em>
16
- show the original code. Lines with a <b>plus</b> sign as the prefix
17
- <em>(here in green)</em> show the modified code. You can read more
18
- about the DIFF format from the WikiPedia article about the <a target="_blank"
19
- href="https://en.wikipedia.org/wiki/Diff_utility" rel="noopener">Unix Diff Utility</a>.
20
- </p>
21
</div>
22
23
%%%SUCURI.DiffUtility.Modal%%%
1
2
<div class="sucuriscan-integrity-diff-utility">
3
<div class="sucuriscan-inline-alert-info">
4
+ <p>@@SUCURI.DiffUtilityInfo@@</p>
5
</div>
6
7
<div class="sucuriscan-hidden sucuriscan-diff-instructions">
8
+ <p>@@SUCURI.DiffUtilityInstructions@@</p>
9
</div>
10
11
%%%SUCURI.DiffUtility.Modal%%%
inc/tpl/integrity-incorrect.html.tpl CHANGED
@@ -2,29 +2,17 @@
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-incorrect">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
- <h2 class="sucuriscan-title">WordPress Integrity</h2>
6
7
- <p>
8
- We inspect your WordPress installation and look for modifications
9
- on the core files as provided by WordPress.org. Files located in
10
- the root directory, wp-admin and wp-includes will be compared against
11
- the files distributed with v%%SUCURI.WordPressVersion%%; all files with
12
- inconsistencies will be listed here. Any changes might indicate a hack.
13
- </p>
14
</div>
15
16
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
17
- <h2 class="sucuriscan-subtitle">Core WordPress Files Were Modified</h2>
18
19
- <p>
20
- We identified that some of your WordPress core files were modified.
21
- That might indicate a hack or a broken file on your installation.
22
- If you are experiencing other malware issues, please use a
23
- <a href="https://sucuri.net/website-security/malware-removal"
24
- target="_blank">Server Side Scanner</a>.
25
- </p>
26
27
- <p><a href="%%SUCURI.URL.Settings%%#scanner">Review False/Positives</a></p>
28
</div>
29
</div>
30
@@ -38,7 +26,7 @@
38
<table class="wp-list-table widefat sucuriscan-table sucuriscan-integrity-table">
39
<thead>
40
<tr>
41
- <th colspan="5">WordPress Integrity (%%SUCURI.Integrity.ListCount%% files)</th>
42
</tr>
43
44
<tr>
@@ -47,9 +35,9 @@
47
<input id="cb-select-all-1" type="checkbox">
48
</td>
49
<th width="20" class="manage-column">&nbsp;</th>
50
- <th width="100" class="manage-column">File Size</th>
51
- <th width="200" class="manage-column">Modified At</th>
52
- <th class="manage-column">File Path</th>
53
</tr>
54
</thead>
55
@@ -59,32 +47,25 @@
59
</table>
60
61
<div class="sucuriscan-inline-alert-info">
62
- <p>
63
- Marking one or more files as fixed will force the plugin to ignore them during
64
- the next scan, very useful when you find false positives. Additionally you can
65
- restore the original content of the core files that appear as modified or deleted,
66
- this will tell the plugin to download a copy of the original files from the official
67
- <a href="https://core.svn.wordpress.org/tags/" target="_blank" rel="noopener">WordPress repository</a>.
68
- Deleting a file is an irreversible action, be careful.
69
- </p>
70
</div>
71
72
<p>
73
<label>
74
<input type="hidden" name="sucuriscan_process_form" value="0" />
75
<input type="checkbox" name="sucuriscan_process_form" value="1" />
76
- <span>I understand that this operation can not be reverted.</span>
77
</label>
78
</p>
79
80
<fieldset class="sucuriscan-clearfix">
81
- <label>Integrity Action:</label>
82
<select name="sucuriscan_integrity_action">
83
- <option value="fixed">Mark as Fixed</option>
84
- <option value="restore">Restore File</option>
85
- <option value="delete">Delete File</option>
86
</select>
87
- <button type="submit" class="button button-primary">Proceed</button>
88
</fieldset>
89
</form>
90
</div>
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-incorrect">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
+ <h2 class="sucuriscan-title">@@SUCURI.IntegrityTitle@@</h2>
6
7
+ <p>@@SUCURI.IntegrityDescription@@</p>
8
</div>
9
10
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
11
+ <h2 class="sucuriscan-subtitle">@@SUCURI.IntegrityBadTitle@@</h2>
12
13
+ <p>@@SUCURI.IntegrityBadDescription@@</p>
14
15
+ <p><a href="%%SUCURI.URL.Settings%%#scanner">@@SUCURI.ReviewFalsePositives@@</a></p>
16
</div>
17
</div>
18
26
<table class="wp-list-table widefat sucuriscan-table sucuriscan-integrity-table">
27
<thead>
28
<tr>
29
+ <th colspan="5">@@SUCURI.IntegrityTitle@@ (%%SUCURI.Integrity.ListCount%%)</th>
30
</tr>
31
32
<tr>
35
<input id="cb-select-all-1" type="checkbox">
36
</td>
37
<th width="20" class="manage-column">&nbsp;</th>
38
+ <th width="100" class="manage-column">@@SUCURI.FileSize@@</th>
39
+ <th width="200" class="manage-column">@@SUCURI.ModifiedAt@@</th>
40
+ <th class="manage-column">@@SUCURI.FilePath@@</th>
41
</tr>
42
</thead>
43
47
</table>
48
49
<div class="sucuriscan-inline-alert-info">
50
+ <p>@@SUCURI.MarkFixedDescription@@</p>
51
</div>
52
53
<p>
54
<label>
55
<input type="hidden" name="sucuriscan_process_form" value="0" />
56
<input type="checkbox" name="sucuriscan_process_form" value="1" />
57
+ <span>@@SUCURI.UnderstandTheRisk@@</span>
58
</label>
59
</p>
60
61
<fieldset class="sucuriscan-clearfix">
62
+ <label>@@SUCURI.Action@@:</label>
63
<select name="sucuriscan_integrity_action">
64
+ <option value="fixed">@@SUCURI.MarkFixed@@</option>
65
+ <option value="restore">@@SUCURI.RestoreFile@@</option>
66
+ <option value="delete">@@SUCURI.DeleteFile@@</option>
67
</select>
68
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
69
</fieldset>
70
</form>
71
</div>
inc/tpl/integrity-notification.html.tpl CHANGED
@@ -1,27 +1,18 @@
1
2
- <p>
3
- Changes in the integrity of your core files were detected, you may want to check
4
- each file to determine if they were infected with malicious code. The WordPress
5
- core directories <code>/&lt;root&gt;</code>, <code>/wp-admin</code> and <code>
6
- /wp-includes</code> are the only ones being scanned; the content, uploads, and
7
- custom directories are not part of the official archives so you have to check
8
- them manually.
9
- </p>
10
11
<table border="1" cellspacing="1" cellpadding="5">
12
<thead>
13
<tr>
14
- <th colspan="5">
15
- Core integrity (%%SUCURI.Integrity.ListCount%% files)
16
- </th>
17
</tr>
18
19
<tr>
20
<th>&nbsp;</th>
21
- <th width="80">Status</th>
22
- <th width="100">File Size</th>
23
- <th width="170">Modified At</th>
24
- <th>File Path</th>
25
</tr>
26
</thead>
27
@@ -32,22 +23,7 @@
32
<tfoot>
33
<tr>
34
<td colspan="5">
35
- <p>
36
- <b>Note:</b> This is not a malware scanner but an integrity checker, if
37
- you want to check if your site is generating malicious code then use the
38
- <a href="%%SUCURI.URL.Scanner%%">malware scan</a> tool. If you see the
39
- text <em>"must be fixed manually"</em> in any of these files that means
40
- that they do not have write permissions so you can not fix them using
41
- this tool. Access the <a href="%%SUCURI.URL.Dashboard%%">admin area</a> of
42
- your website to fix these files.
43
- </p>
44
-
45
- <p>
46
- <b>Note:</b> Disable the <em>"Receive email alerts for core integrity
47
- checks"</em> option from the "Alerts" panel located in the plugin'
48
- settings page to stop receiving these emails, but keep an eye on the
49
- flagged files to keep your website clean.
50
- </p>
51
</td>
52
</tr>
53
</tfoot>
1
2
+ <p>@@SUCURI.IntegrityBadDescription@@</p>
3
4
<table border="1" cellspacing="1" cellpadding="5">
5
<thead>
6
<tr>
7
+ <th colspan="5">@@SUCURI.IntegrityTitle@@ (%%SUCURI.Integrity.ListCount%%)</th>
8
</tr>
9
10
<tr>
11
<th>&nbsp;</th>
12
+ <th width="80">@@SUCURI.Status@@</th>
13
+ <th width="100">@@SUCURI.FileSize@@</th>
14
+ <th width="170">@@SUCURI.ModifiedAt@@</th>
15
+ <th>@@SUCURI.FilePath@@</th>
16
</tr>
17
</thead>
18
23
<tfoot>
24
<tr>
25
<td colspan="5">
26
+ <p>@@SUCURI.MarkFixedDescription@@</p>
27
</td>
28
</tr>
29
</tfoot>
inc/tpl/integrity.html.tpl CHANGED
@@ -19,15 +19,9 @@ jQuery(function ($) {
19
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-loading">
20
<div class="sucuriscan-clearfix">
21
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
22
- <h2 class="sucuriscan-title">WordPress Integrity</h2>
23
24
- <p>
25
- We inspect your WordPress installation and look for modifications
26
- on the core files as provided by WordPress.org. Files located in
27
- the root directory, wp-admin and wp-includes will be compared against
28
- the files distributed with v%%SUCURI.WordPressVersion%%; all files with
29
- inconsistencies will be listed here. Any changes might indicate a hack.
30
- </p>
31
</div>
32
33
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
@@ -37,6 +31,6 @@ jQuery(function ($) {
37
</div>
38
</div>
39
40
- <p>Loading...</p>
41
</div>
42
</div>
19
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-loading">
20
<div class="sucuriscan-clearfix">
21
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
22
+ <h2 class="sucuriscan-title">@@SUCURI.IntegrityTitle@@</h2>
23
24
+ <p>@@SUCURI.IntegrityDescription@@</p>
25
</div>
26
27
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
31
</div>
32
</div>
33
34
+ <p>@@SUCURI.Loading@@</p>
35
</div>
36
</div>
inc/tpl/lastlogins-admins.html.tpl CHANGED
@@ -1,18 +1,16 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Successful Logins (admins)</h3>
4
5
<div class="inside">
6
- <p>
7
- Here you can see a list of all the successful logins of accounts with admin privileges.
8
- </p>
9
10
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-adminusers">
11
<thead>
12
<tr>
13
- <th class="manage-column">User</th>
14
- <th class="manage-column">Registration</th>
15
- <th class="manage-column">Last Logins (newest to oldest)</th>
16
<th class="manage-column">&nbsp;</th>
17
</tr>
18
</thead>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.LoginsAdmins@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.LoginsAdminsInfo@@</p>
7
8
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-adminusers">
9
<thead>
10
<tr>
11
+ <th class="manage-column">@@SUCURI.Username@@</th>
12
+ <th class="manage-column">@@SUCURI.Registration@@</th>
13
+ <th class="manage-column">@@SUCURI.NewestLogins@@</th>
14
<th class="manage-column">&nbsp;</th>
15
</tr>
16
</thead>
inc/tpl/lastlogins-admins.snippet.tpl CHANGED
@@ -6,14 +6,14 @@
6
7
<td class="adminusers-lastlogin">
8
<div class="sucuriscan-%%SUCURI.AdminUsers.NoLastLogins%%">
9
- <i>No data available.</i>
10
</div>
11
12
<table class="widefat sucuriscan-admins-lastlogins sucuriscan-%%SUCURI.AdminUsers.NoLastLoginsTable%%">
13
<thead>
14
<tr>
15
- <th>IP Address</th>
16
- <th>Date &amp; Time</th>
17
</tr>
18
</thead>
19
@@ -24,6 +24,6 @@
24
</td>
25
26
<td>
27
- <a href="%%SUCURI.AdminUsers.UserURL%%" target="_blank" class="button button-primary">Edit</a>
28
</td>
29
</tr>
6
7
<td class="adminusers-lastlogin">
8
<div class="sucuriscan-%%SUCURI.AdminUsers.NoLastLogins%%">
9
+ <em>@@SUCURI.NoData@@</em>
10
</div>
11
12
<table class="widefat sucuriscan-admins-lastlogins sucuriscan-%%SUCURI.AdminUsers.NoLastLoginsTable%%">
13
<thead>
14
<tr>
15
+ <th>@@SUCURI.RemoteAddr@@</th>
16
+ <th>@@SUCURI.Datetime@@</th>
17
</tr>
18
</thead>
19
24
</td>
25
26
<td>
27
+ <a href="%%SUCURI.AdminUsers.UserURL%%" target="_blank" class="button button-primary">@@SUCURI.Edit@@</a>
28
</td>
29
</tr>
inc/tpl/lastlogins-all.html.tpl CHANGED
@@ -1,23 +1,21 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Successful Logins (all)</h3>
4
5
<div class="inside">
6
- <p>
7
- Here you can see a list of all the successful user logins.
8
- </p>
9
10
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-last-logins">
11
<thead>
12
<tr>
13
- <th colspan="5">User Last Logins (%%SUCURI.UserList.Total%%)</th>
14
</tr>
15
16
<tr>
17
- <th class="manage-column">User</th>
18
- <th class="manage-column">IP Address</th>
19
- <th class="manage-column">Hostname</th>
20
- <th class="manage-column">Date/Time</th>
21
<th class="manage-column">&nbsp;</th>
22
</tr>
23
</thead>
@@ -27,7 +25,7 @@
27
28
<tr class="sucuriscan-%%SUCURI.UserList.NoItemsVisibility%%">
29
<td colspan="5">
30
- <em>No logs so far.</em>
31
</td>
32
</tr>
33
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.LoginsAll@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.LoginsAllInfo@@</p>
7
8
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-last-logins">
9
<thead>
10
<tr>
11
+ <th colspan="5">@@SUCURI.LoginsAll@@</th>
12
</tr>
13
14
<tr>
15
+ <th class="manage-column">@@SUCURI.Username@@</th>
16
+ <th class="manage-column">@@SUCURI.RemoteAddr@@</th>
17
+ <th class="manage-column">@@SUCURI.Hostname@@</th>
18
+ <th class="manage-column">@@SUCURI.Datetime@@</th>
19
<th class="manage-column">&nbsp;</th>
20
</tr>
21
</thead>
25
26
<tr class="sucuriscan-%%SUCURI.UserList.NoItemsVisibility%%">
27
<td colspan="5">
28
+ <em>@@SUCURI.NoData@@</em>
29
</td>
30
</tr>
31
inc/tpl/lastlogins-all.snippet.tpl CHANGED
@@ -8,5 +8,5 @@
8
9
<td><span title="%%SUCURI.UserList.Datetime%%">%%SUCURI.UserList.TimeAgo%%</span></td>
10
11
- <td><a href="%%SUCURI.UserList.UserURL%%" target="_blank">Edit</a></td>
12
</tr>
8
9
<td><span title="%%SUCURI.UserList.Datetime%%">%%SUCURI.UserList.TimeAgo%%</span></td>
10
11
+ <td><a href="%%SUCURI.UserList.UserURL%%" target="_blank">@@SUCURI.Edit@@</a></td>
12
</tr>
inc/tpl/lastlogins-blockedusers.html.tpl CHANGED
@@ -1,31 +1,16 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Blocked Users</h3>
4
5
<div class="inside">
6
- <p>
7
- Any user login passing accross the built-in mechanism that WordPress
8
- provides to authentication the session will be intercepted by the
9
- plugin and analyzed to see if the username is in the list of blocked
10
- accounts, if yes then the request will be stopped. No logs will be
11
- registered and no alerts will be sent to your email.
12
- </p>
13
14
<div class="sucuriscan-inline-alert-info">
15
- <p>
16
- Take in consideration that this is not a 100% bulletproof mechanism
17
- to block unwanted user authentications from malicious users. Depending
18
- on the configuration of your website, installed plugins, installed
19
- themes, and even the version of WordPress there might still be weak
20
- points that automated tools can take advantage of to brute force the
21
- user accounts registered in your website. <a target="_blank"
22
- href="https://sucuri.net/website-firewall/?wp=bu">Install a firewall</a>
23
- to have full protection and mitigate this and a myriad of other attacks.
24
- </p>
25
</div>
26
27
<div class="sucuriscan-inline-alert-error">
28
- <p>Do not block existent accounts, they will lose access forever.</p>
29
</div>
30
31
<form action="%%SUCURI.URL.Lastlogins%%#blocked" method="post">
@@ -38,10 +23,10 @@
38
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
39
<input id="cb-select-all-1" type="checkbox">
40
</td>
41
- <th class="manage-column">Username</th>
42
- <th class="manage-column">Blocked At</th>
43
- <th class="manage-column">First Attempt</th>
44
- <th class="manage-column">Last Attempt</th>
45
</tr>
46
</thead>
47
@@ -50,13 +35,13 @@
50
51
<tr class="sucuriscan-%%SUCURI.BlockedUsers.NoItemsVisibility%%">
52
<td colspan="5">
53
- <em>The table is empty.</em>
54
</td>
55
</tr>
56
</tbody>
57
</table>
58
59
- <button type="submit" class="button button-primary">Unblock User</button>
60
</form>
61
</div>
62
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.BlockedUsers@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.BlockedUsersInfo@@</p>
7
8
<div class="sucuriscan-inline-alert-info">
9
+ <p>@@SUCURI.BlockedUsersNote@@</p>
10
</div>
11
12
<div class="sucuriscan-inline-alert-error">
13
+ <p>@@SUCURI.BlockedUsersByIP@@</p>
14
</div>
15
16
<form action="%%SUCURI.URL.Lastlogins%%#blocked" method="post">
23
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
24
<input id="cb-select-all-1" type="checkbox">
25
</td>
26
+ <th class="manage-column">@@SUCURI.Username@@</th>
27
+ <th class="manage-column">@@SUCURI.BlockedAt@@</th>
28
+ <th class="manage-column">@@SUCURI.FirstAttempt@@</th>
29
+ <th class="manage-column">@@SUCURI.LastAttempt@@</th>
30
</tr>
31
</thead>
32
35
36
<tr class="sucuriscan-%%SUCURI.BlockedUsers.NoItemsVisibility%%">
37
<td colspan="5">
38
+ <em>@@SUCURI.NoData@@</em>
39
</td>
40
</tr>
41
</tbody>
42
</table>
43
44
+ <button type="submit" class="button button-primary">@@SUCURI.Unblock@@</button>
45
</form>
46
</div>
47
</div>
inc/tpl/lastlogins-failedlogins.html.tpl CHANGED
@@ -1,31 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Failed logins</h3>
4
5
<div class="inside">
6
- <p>
7
- This information will be used to determine if your site is being victim of
8
- <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing"
9
- target="_blank">Password Guessing Brute Force Attacks</a>. These logs will be
10
- accumulated and the plugin will send a report via email if there are more than
11
- <code>%%SUCURI.FailedLogins.MaxFailedLogins%%</code> failed login attempts during
12
- the same hour, you can change this number from <a href="%%SUCURI.URL.Settings%%#general">here</a>.
13
- <strong>Note.</strong> Some <em>"Two-Factor Authentication"</em> plugins do not
14
- follow the same rules that WordPress have to report failed login attempts, so
15
- you may not see all the attempts in this panel if you have one of these plugins
16
- installed.
17
- </p>
18
-
19
- <div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.FailedLogins.WarningVisibility%%">
20
- <p>
21
- The option to alert possible <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing"
22
- target="_blank">Password Guessing Brute Force Attacks</a> is disabled, you will
23
- not receive email reports with the attempts collected during the attacks, but
24
- you will continue receiving the alerts of failed logins if you have enabled that
25
- option. Go to the <a href="%%SUCURI.URL.Settings%%#alerts">alert
26
- settings</a> panel to change this configuration.
27
- </p>
28
- </div>
29
30
<form action="%%SUCURI.URL.Lastlogins%%#blocked" method="post">
31
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -37,11 +15,11 @@
37
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
38
<input id="cb-select-all-1" type="checkbox">
39
</td>
40
- <th class="manage-column">User</th>
41
- <th class="manage-column">Password</th>
42
- <th class="manage-column">IP Address</th>
43
- <th class="manage-column">Date/Time</th>
44
- <th class="manage-column" width="300">User-Agent</th>
45
</tr>
46
</thead>
47
@@ -50,7 +28,7 @@
50
51
<tr class="sucuriscan-%%SUCURI.FailedLogins.NoItemsVisibility%%">
52
<td colspan="6">
53
- <em>No logs so far.</em>
54
</td>
55
</tr>
56
@@ -64,7 +42,7 @@
64
</tbody>
65
</table>
66
67
- <button type="submit" class="button button-primary">Block Selected Users</button>
68
</form>
69
</div>
70
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.FailedLogins@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.FailedLoginsInfo@@</p>
7
8
<form action="%%SUCURI.URL.Lastlogins%%#blocked" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
15
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
16
<input id="cb-select-all-1" type="checkbox">
17
</td>
18
+ <th class="manage-column">@@SUCURI.Username@@</th>
19
+ <th class="manage-column">@@SUCURI.Password@@</th>
20
+ <th class="manage-column">@@SUCURI.RemoteAddr@@</th>
21
+ <th class="manage-column">@@SUCURI.Datetime@@</th>
22
+ <th class="manage-column" width="300">@@SUCURI.Browser@@</th>
23
</tr>
24
</thead>
25
28
29
<tr class="sucuriscan-%%SUCURI.FailedLogins.NoItemsVisibility%%">
30
<td colspan="6">
31
+ <em>@@SUCURI.NoData@@</em>
32
</td>
33
</tr>
34
42
</tbody>
43
</table>
44
45
+ <button type="submit" class="button button-primary">@@SUCURI.Block@@</button>
46
</form>
47
</div>
48
</div>
inc/tpl/lastlogins-loggedin.html.tpl CHANGED
@@ -1,24 +1,22 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Logged-in Users</h3>
4
5
<div class="inside">
6
- <p>
7
- Here you can see a list of the users that are currently logged-in.
8
- </p>
9
10
<table class="wp-list-table widefat sucuriscan-loggedin-users">
11
<thead>
12
<tr>
13
- <th colspan="6">Logged-in Users (%%SUCURI.LoggedInUsers.Total%% users)</th>
14
</tr>
15
16
<tr>
17
<th>ID</th>
18
- <th>Username</th>
19
- <th>Last Activity</th>
20
- <th>Registered</th>
21
- <th>IP Address</th>
22
<th>&nbsp;</th>
23
</tr>
24
</thead>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.LoggedInUsers@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.LoggedInUsersInfo@@</p>
7
8
<table class="wp-list-table widefat sucuriscan-loggedin-users">
9
<thead>
10
<tr>
11
+ <th colspan="6">@@SUCURI.LoggedInUsers@@</th>
12
</tr>
13
14
<tr>
15
<th>ID</th>
16
+ <th>@@SUCURI.Username@@</th>
17
+ <th>@@SUCURI.LastActivity@@</th>
18
+ <th>@@SUCURI.Registered@@</th>
19
+ <th>@@SUCURI.RemoteAddr@@</th>
20
<th>&nbsp;</th>
21
</tr>
22
</thead>
inc/tpl/lastlogins-loggedin.snippet.tpl CHANGED
@@ -10,5 +10,5 @@
10
11
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
12
13
- <td><a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank">Edit</a></td>
14
</tr>
10
11
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
12
13
+ <td><a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank">@@SUCURI.Edit@@</a></td>
14
</tr>
inc/tpl/lastlogins.html.tpl CHANGED
@@ -1,11 +1,11 @@
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
- <li><a href="%%SUCURI.URL.Lastlogins%%#allusers">All Users</a></li>
5
- <li><a href="%%SUCURI.URL.Lastlogins%%#admins">Admin Users</a></li>
6
- <li><a href="%%SUCURI.URL.Lastlogins%%#loggedin">Logged-in Users</a></li>
7
- <li><a href="%%SUCURI.URL.Lastlogins%%#failed">Failed Logins</a></li>
8
- <li><a href="%%SUCURI.URL.Lastlogins%%#blocked">Blocked Users</a></li>
9
</ul>
10
11
<div class="sucuriscan-tabs-containers">
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
+ <li><a href="%%SUCURI.URL.Lastlogins%%#allusers">@@SUCURI.AllUsers@@</a></li>
5
+ <li><a href="%%SUCURI.URL.Lastlogins%%#admins">@@SUCURI.Admins@@</a></li>
6
+ <li><a href="%%SUCURI.URL.Lastlogins%%#loggedin">@@SUCURI.LoggedInUsers@@</a></li>
7
+ <li><a href="%%SUCURI.URL.Lastlogins%%#failed">@@SUCURI.FailedLogins@@</a></li>
8
+ <li><a href="%%SUCURI.URL.Lastlogins%%#blocked">@@SUCURI.BlockedUsers@@</a></li>
9
</ul>
10
11
<div class="sucuriscan-tabs-containers">
inc/tpl/notification-pretty.html.tpl CHANGED
@@ -14,14 +14,14 @@
14
<tbody>
15
<tr>
16
<td style="padding:20px 20px 10px 20px;border:1px solid #ccc;border-top:none">
17
- <h4 style="text-transform:uppercase;margin:0">Information:</h4>
18
<p style="margin:0 0 10px 0">
19
- Website: <a href="http://%%SUCURI.Website%%">%%SUCURI.Website%%</a><br>
20
- IP Address: %%SUCURI.RemoteAddress%%<br>
21
- Alert Time: %%SUCURI.Time%%<br>
22
%%SUCURI.User%%
23
</p>
24
- <h4 style="text-transform:uppercase;margin:0">Notification Message:</h4>
25
<p style="margin:0 0 10px 0">%%%SUCURI.Message%%%</p>
26
</td>
27
</tr>
14
<tbody>
15
<tr>
16
<td style="padding:20px 20px 10px 20px;border:1px solid #ccc;border-top:none">
17
+ <h4 style="text-transform:uppercase;margin:0">@@SUCURI.Information@@:</h4>
18
<p style="margin:0 0 10px 0">
19
+ @@SUCURI.Website@@: <a href="http://%%SUCURI.Website%%">%%SUCURI.Website%%</a><br>
20
+ @@SUCURI.RemoteAddr@@: %%SUCURI.RemoteAddress%%<br>
21
+ @@SUCURI.Datetime@@: %%SUCURI.Time%%<br>
22
%%SUCURI.User%%
23
</p>
24
+ <h4 style="text-transform:uppercase;margin:0">@@SUCURI.Message@@:</h4>
25
<p style="margin:0 0 10px 0">%%%SUCURI.Message%%%</p>
26
</td>
27
</tr>
inc/tpl/notification-simple.html.tpl CHANGED
@@ -1,8 +1,8 @@
1
2
- Event: %%SUCURI.Subject%%
3
- Website: http://%%SUCURI.Website%%
4
- IP Address: %%SUCURI.RemoteAddress%%
5
- Alert Time: %%SUCURI.Time%%
6
%%SUCURI.User%%
7
8
- Notification: %%SUCURI.Message%%
1
2
+ @@SUCURI.Event@@: %%SUCURI.Subject%%
3
+ @@SUCURI.Website@@: http://%%SUCURI.Website%%
4
+ @@SUCURI.RemoveAddr@@: %%SUCURI.RemoteAddress%%
5
+ @@SUCURI.Datetime@@: %%SUCURI.Time%%
6
%%SUCURI.User%%
7
8
+ @@SUCURI.Message@@: %%SUCURI.Message%%
inc/tpl/register-site.html.tpl CHANGED
@@ -1,20 +1,8 @@
1
2
- <p>
3
- An API key is required to activate some additional tools available in this
4
- plugin, the keys are free and you can virtually generate an unlimited number of
5
- them as long as the domain name and email address are different. The key is used
6
- to authenticate the HTTP requests sent by the plugin to a public API service
7
- managed by Sucuri Inc. Do not generate the key if you disagree with this.
8
- </p>
9
10
<div class="sucuriscan-inline-alert-info">
11
- <p>
12
- If you experience issues generating the API key you can request one sending the
13
- domain name and email address that you want to use to <a href="mailto:info@sucuri.net">
14
- info@sucuri.net</a>. Note that setting a key in a development environment does
15
- not makes sense, if you are trying to do that in a local or stage environment
16
- please consider to dismiss this alert.
17
- </p>
18
</div>
19
20
<form action="%%SUCURI.URL.Settings%%" method="post">
@@ -22,30 +10,27 @@
22
<input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
23
24
<fieldset class="sucuriscan-clearfix">
25
- <label>Website:</label>
26
<input type="text" value="%%SUCURI.CleanDomain%%" readonly="readonly">
27
</fieldset>
28
29
<fieldset class="sucuriscan-clearfix">
30
- <label>E-mail Address:</label>
31
<select name="sucuriscan_setup_user">
32
%%%SUCURI.AdminEmails%%%
33
</select>
34
</fieldset>
35
36
<fieldset class="sucuriscan-clearfix">
37
- <label>DNS Lookups</label>
38
<input type="hidden" name="sucuriscan_dns_lookups" value="disable" />
39
<input type="checkbox" name="sucuriscan_dns_lookups" value="enable" checked="checked" />
40
- <span class="sucuriscan-tooltip" content="Check the box if your website is
41
- behind a known firewall service, this guarantees that the IP address of
42
- your visitors will be detected correctly for the security logs. You can
43
- change this later from the settings.">Enable DNS Lookups On Startup</span>
44
</fieldset>
45
46
<div class="sucuriscan-clearfix">
47
<div class="sucuriscan-pull-left">
48
- <button type="submit" class="button button-primary">Proceed</button>
49
</div>
50
</div>
51
</form>
1
2
+ <p>@@SUCURI.APIKeyExplanation@@</p>
3
4
<div class="sucuriscan-inline-alert-info">
5
+ <p>@@SUCURI.APIKeyHelp@@</p>
6
</div>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
10
<input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
11
12
<fieldset class="sucuriscan-clearfix">
13
+ <label>@@SUCURI.Website@@:</label>
14
<input type="text" value="%%SUCURI.CleanDomain%%" readonly="readonly">
15
</fieldset>
16
17
<fieldset class="sucuriscan-clearfix">
18
+ <label>@@SUCURI.Email@@:</label>
19
<select name="sucuriscan_setup_user">
20
%%%SUCURI.AdminEmails%%%
21
</select>
22
</fieldset>
23
24
<fieldset class="sucuriscan-clearfix">
25
+ <label>@@SUCURI.DNSLookups@@</label>
26
<input type="hidden" name="sucuriscan_dns_lookups" value="disable" />
27
<input type="checkbox" name="sucuriscan_dns_lookups" value="enable" checked="checked" />
28
+ <span class="sucuriscan-tooltip" content="@@SUCURI.DNSLookupsText@@">@@SUCURI.DNSLookupsLabel@@</span>
29
</fieldset>
30
31
<div class="sucuriscan-clearfix">
32
<div class="sucuriscan-pull-left">
33
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
34
</div>
35
</div>
36
</form>
inc/tpl/settings-alerts-bruteforce.html.tpl CHANGED
@@ -1,34 +1,18 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Password Guessing Brute Force Attacks</h3>
4
5
<div class="inside">
6
- <p>
7
- Password guessing brute force attacks are very common against web sites and web
8
- servers. They are one of the most common vectors used to compromise web sites.
9
- The process is very simple and the attackers basically try multiple combinations
10
- of usernames and passwords until they find one that works. Once they get in,
11
- they can compromise the web site with malware, spam , phishing or anything else
12
- they want.
13
- </p>
14
-
15
- <p>
16
- More info at <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing"
17
- target="_blank">Sucuri KB - Password Guessing Brute Force Attacks</a>.
18
- </p>
19
-
20
- <div class="sucuriscan-inline-alert-error">
21
- <p>This option overrides the <em>"Alerts Per Hour"</em> setting.</p>
22
- </div>
23
24
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
25
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
26
<fieldset class="sucuriscan-clearfix">
27
- <label>Consider Brute-Force Attack After:</label>
28
<select name="sucuriscan_maximum_failed_logins">
29
%%%SUCURI.Alerts.BruteForce%%%
30
</select>
31
- <button type="submit" class="button button-primary">Save</button>
32
</fieldset>
33
</form>
34
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.PasswordAttack@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.PasswordAttackInfo@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>@@SUCURI.PasswordAttackAfter@@:</label>
12
<select name="sucuriscan_maximum_failed_logins">
13
%%%SUCURI.Alerts.BruteForce%%%
14
</select>
15
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
16
</fieldset>
17
</form>
18
</div>
inc/tpl/settings-alerts-events.html.tpl CHANGED
@@ -1,24 +1,8 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alert Events</h3>
4
5
<div class="inside">
6
- <p>
7
- Configure the alert settings to your needs, and make sure to read the purpose of
8
- each option below otherwise you will end up enabling and/or disabling things
9
- that will affect your personal inbox. If you experience issues with one or more
10
- of these options revert them to their original state.
11
- </p>
12
-
13
- <div class="sucuriscan-inline-alert-error">
14
- <p>
15
- Enabling the alerts for failed login attempts may become an indirect mail spam
16
- attack as you will receive tons of emails if your website is victim of a brute
17
- force attack. Disable this option and enable the brute force attack reports to
18
- get a summary of all the failed logins detected each hour.
19
- </p>
20
- </div>
21
-
22
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
23
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
24
@@ -29,7 +13,7 @@
29
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
30
<input id="cb-select-all-1" type="checkbox">
31
</td>
32
- <th class="manage-column">Event Description</th>
33
</tr>
34
</thead>
35
@@ -39,7 +23,7 @@
39
</table>
40
41
<div class="sucuriscan-recipient-form">
42
- <button type="submit" name="sucuriscan_save_alert_events" class="button button-primary">Save</button>
43
</div>
44
</form>
45
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.SecurityAlerts@@</h3>
4
5
<div class="inside">
6
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
7
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
8
13
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
14
<input id="cb-select-all-1" type="checkbox">
15
</td>
16
+ <th class="manage-column">@@SUCURI.Event@@</th>
17
</tr>
18
</thead>
19
23
</table>
24
25
<div class="sucuriscan-recipient-form">
26
+ <button type="submit" name="sucuriscan_save_alert_events" class="button button-primary">@@SUCURI.Submit@@</button>
27
</div>
28
</form>
29
</div>
inc/tpl/settings-alerts-ignore-posts.html.tpl CHANGED
@@ -1,44 +1,24 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Ignore Post Changes</h3>
4
5
<div class="inside">
6
<p class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.IgnoreRules.MessageVisibility%%">
7
- It seems that you disabled the email alerts for <b>new site
8
- content</b>, this panel is intended to provide a way to ignore
9
- specific events in your site and with that the alerts reported to
10
- your email. Since you have deactivated the <b>new site content</b>
11
- alerts, this panel will be disabled too.
12
</p>
13
14
- <p>
15
- This is a list of registered <a href="https://codex.wordpress.org/Post_Types"
16
- target="_blank" rel="noopener">Post Types</a>. You will receive an email alert when
17
- a custom page or post associated to any of these types is created or
18
- updated. Some of these are created by WordPress but the majority are
19
- created by 3rd-party plugins and themes to extend functionality from
20
- WordPress. If you don't want to receive alerts for certain posts you
21
- can stop them from here.
22
- </p>
23
24
- <p>
25
- If you are receiving alerts for post types that are not listed here it
26
- may be because the theme or plugin that is making these changes is
27
- registering the custom post-type on runtime, in this case our plugin
28
- will not be able to detect these changes and consequently you will
29
- not be able to ignore those alerts. However, if you know the unique
30
- identifier of the post-type you can type it in the form bellow and
31
- our plugin will do its best to skip the alerts associated to that.
32
- </p>
33
34
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
35
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
36
<input type="hidden" name="sucuriscan_ignorerule_action" value="add">
37
38
<fieldset class="sucuriscan-clearfix">
39
- <label>Stop Alerts For This Post-Type:</label>
40
<input type="text" name="sucuriscan_ignorerule" placeholder="e.g. unique_post_type_id" />
41
- <button type="submit" class="button button-primary">Proceed</button>
42
</fieldset>
43
</form>
44
@@ -47,9 +27,9 @@
47
<table class="wp-list-table widefat sucuriscan-table sucuriscan-settings-ignorerules">
48
<thead>
49
<tr>
50
- <th>Ignored At</th>
51
- <th>Ignored</th>
52
- <th>Post Type</th>
53
<th>&nbsp;</th>
54
</tr>
55
</thead>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.PostTypeAlerts@@</h3>
4
5
<div class="inside">
6
<p class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.IgnoreRules.MessageVisibility%%">
7
+ @@SUCURI.PostTypeAlertsDisabled@@
8
</p>
9
10
+ <p>@@SUCURI.PostTypeAlertsInfo@@</p>
11
12
+ <p>@@SUCURI.PostTypeAlertsInvisible@@</p>
13
14
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
<input type="hidden" name="sucuriscan_ignorerule_action" value="add">
17
18
<fieldset class="sucuriscan-clearfix">
19
+ <label>@@SUCURI.PostTypeAlertsStop@@:</label>
20
<input type="text" name="sucuriscan_ignorerule" placeholder="e.g. unique_post_type_id" />
21
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
22
</fieldset>
23
</form>
24
27
<table class="wp-list-table widefat sucuriscan-table sucuriscan-settings-ignorerules">
28
<thead>
29
<tr>
30
+ <th>@@SUCURI.IgnoredAt@@</th>
31
+ <th>@@SUCURI.Ignored@@</th>
32
+ <th>@@SUCURI.PostType@@</th>
33
<th>&nbsp;</th>
34
</tr>
35
</thead>
inc/tpl/settings-alerts-perhour.html.tpl CHANGED
@@ -1,34 +1,18 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alerts Per Hour</h3>
4
5
<div class="inside">
6
- <p>
7
- Depending on the number of yours registered in your website or the number of
8
- actions performed by these users the recipients of the alerts sent when the site
9
- triggers an action that the plugin monitors may become annoying or irrelevant
10
- after some time. You can use this option to configure the maximum number of
11
- alerts to receive during the same hour.
12
- </p>
13
-
14
- <div class="sucuriscan-inline-alert-error">
15
- <p>
16
- If you have enabled the alerts for <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing"
17
- target="_blank">password guessing brute force attacks</a> and lowered the number
18
- of alerts sent during the hour has reached its limit, the plugin will force the
19
- sending of the alert; you can consider the limit for alerts per hour a
20
- <em>"limit + one"</em> if the brute force attack summary is generated.
21
- </p>
22
- </div>
23
24
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
25
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
26
<fieldset class="sucuriscan-clearfix">
27
- <label>Maximum Alerts Per Hour:</label>
28
<select name="sucuriscan_emails_per_hour">
29
%%%SUCURI.Alerts.PerHour%%%
30
</select>
31
- <button type="submit" class="button button-primary">Save</button>
32
</fieldset>
33
</form>
34
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.AlertsPerHour@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.AlertsPerHourInfo@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>@@SUCURI.AlertsPerHourMaximum@@:</label>
12
<select name="sucuriscan_emails_per_hour">
13
%%%SUCURI.Alerts.PerHour%%%
14
</select>
15
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
16
</fieldset>
17
</form>
18
</div>
inc/tpl/settings-alerts-recipients.html.tpl CHANGED
@@ -1,34 +1,17 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alert Recipients</h3>
4
5
<div class="inside">
6
- <p>
7
- By default the plugin will send email alerts to the email address of the
8
- original user account created during the installation process of your website,
9
- you can change this adding a new address below and then deleting the old entry.
10
- Additionally, you are allowed to send a copy of the same alerts to other email
11
- addresses.
12
- </p>
13
-
14
- <div class="sucuriscan-inline-alert-info">
15
- <p>
16
- Make sure to check your spam folder if you do not see the alerts in your inbox,
17
- if at least one of the recipients listed below receives the alert it means that
18
- the message was delivered correctly, if you or one of the other recipients is
19
- not receiving the alerts is probably because of a filter in your email service.
20
- This is because the plugin only sends one single message per alert, so either
21
- everyone gets the message or no one gets it.
22
- </p>
23
- </div>
24
25
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
26
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
27
28
<fieldset class="sucuriscan-clearfix">
29
- <label>E-mail Address:</label>
30
<input type="text" name="sucuriscan_recipient" placeholder="e.g. user@example.com" />
31
- <button type="submit" name="sucuriscan_save_recipient" class="button button-primary">Add Recipient</button>
32
</fieldset>
33
34
<table class="wp-list-table widefat sucuriscan-table">
@@ -38,7 +21,7 @@
38
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
39
<input id="cb-select-all-1" type="checkbox">
40
</td>
41
- <th class="manage-column">E-mail Address</th>
42
</tr>
43
</thead>
44
@@ -47,8 +30,8 @@
47
</tbody>
48
</table>
49
50
- <button type="submit" name="sucuriscan_delete_recipients" class="button button-primary">Delete Selected</button>
51
- <button type="submit" name="sucuriscan_debug_email" value="1" class="button button-primary">Test Alert Delivery</button>
52
</form>
53
</div>
54
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.AlertsRecipient@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.AlertsRecipientInfo@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
11
<fieldset class="sucuriscan-clearfix">
12
+ <label>@@SUCURI.Email@@:</label>
13
<input type="text" name="sucuriscan_recipient" placeholder="e.g. user@example.com" />
14
+ <button type="submit" name="sucuriscan_save_recipient" class="button button-primary">@@SUCURI.Submit@@</button>
15
</fieldset>
16
17
<table class="wp-list-table widefat sucuriscan-table">
21
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
22
<input id="cb-select-all-1" type="checkbox">
23
</td>
24
+ <th class="manage-column">@@SUCURI.Email@@</th>
25
</tr>
26
</thead>
27
30
</tbody>
31
</table>
32
33
+ <button type="submit" name="sucuriscan_delete_recipients" class="button button-primary">@@SUCURI.Delete@@</button>
34
+ <button type="submit" name="sucuriscan_debug_email" value="1" class="button button-primary">@@SUCURI.TestAlerts@@</button>
35
</form>
36
</div>
37
</div>
inc/tpl/settings-alerts-subject.html.tpl CHANGED
@@ -1,15 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alert Subject</h3>
4
5
<div class="inside">
6
- <p>
7
- Format of the subject for the email alerts, by default the plugin will use the
8
- website name and the event identifier that is being reported, you can use this
9
- panel to include the IP address of that user that triggered the event and some
10
- additional data. You can create filters in your email client creating a custom
11
- email subject using the pseudo-tags shown below.
12
- </p>
13
14
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -20,14 +14,14 @@
20
<li>
21
<label>
22
<input type="radio" name="sucuriscan_email_subject" value="custom" %%SUCURI.Alerts.CustomChecked%% />
23
- <span>Custom format</span>
24
<input type="text" name="sucuriscan_custom_email_subject" value="%%SUCURI.Alerts.CustomValue%%" />
25
</label>
26
</li>
27
</ul>
28
29
<div class="sucuriscan-recipient-form">
30
- <button type="submit" class="button button-primary">Save</button>
31
</div>
32
</form>
33
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.AlertsSubject@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.AlertsSubjectInfo@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<li>
15
<label>
16
<input type="radio" name="sucuriscan_email_subject" value="custom" %%SUCURI.Alerts.CustomChecked%% />
17
+ <span>@@SUCURI.CustomFormat@@</span>
18
<input type="text" name="sucuriscan_custom_email_subject" value="%%SUCURI.Alerts.CustomValue%%" />
19
</label>
20
</li>
21
</ul>
22
23
<div class="sucuriscan-recipient-form">
24
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
25
</div>
26
</form>
27
</div>
inc/tpl/settings-alerts-trustedips.html.tpl CHANGED
@@ -1,23 +1,17 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Trusted IP Addresses</h3>
4
5
<div class="inside">
6
- <p>
7
- If you are working in a LAN <em>(Local Area Network)</em> you may want to
8
- include the IP addresses of all the nodes in the subnet, this will force the
9
- plugin to stop sending email alerts about actions executed from trusted
10
- IP addresses. Use the CIDR <em>(Classless Inter Domain Routing)</em> format to
11
- specify ranges of IP addresses <em>(only 8, 16, and 24)</em>.
12
- </p>
13
14
<form action="%%SUCURI.URL.Settings%%#alerts" method="POST">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
17
<fieldset class="sucuriscan-clearfix">
18
- <label>Trust New IP Address:</label>
19
<input type="text" name="sucuriscan_trust_ip" placeholder="e.g. 182.120.56.0/24" />
20
- <input type="submit" value="Add Entry" class="button button-primary" />
21
</fieldset>
22
</form>
23
@@ -33,9 +27,9 @@
33
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
34
<input id="cb-select-all-1" type="checkbox">
35
</td>
36
- <th class="manage-column">IP Address</th>
37
- <th class="manage-column">CIDR Format</th>
38
- <th class="manage-column">Added At</th>
39
</tr>
40
</thead>
41
@@ -44,13 +38,13 @@
44
45
<tr class="sucuriscan-%%SUCURI.TrustedIPs.NoItems.Visibility%%">
46
<td colspan="4">
47
- <em>List is empty.</em>
48
</td>
49
</tr>
50
</tbody>
51
</table>
52
53
- <button type="submit" class="button button-primary">Remove Trusted IP Addresses</button>
54
</form>
55
</div>
56
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.TrustedIPs@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.TrustedIPsInfo@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="POST">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
11
<fieldset class="sucuriscan-clearfix">
12
+ <label>@@SUCURI.RemoteAddr@@:</label>
13
<input type="text" name="sucuriscan_trust_ip" placeholder="e.g. 182.120.56.0/24" />
14
+ <input type="submit" value="@@SUCURI.Submit@@" class="button button-primary" />
15
</fieldset>
16
</form>
17
27
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
28
<input id="cb-select-all-1" type="checkbox">
29
</td>
30
+ <th class="manage-column">@@SUCURI.RemoteAddr@@</th>
31
+ <th class="manage-column">@@SUCURI.CIDRFormat@@</th>
32
+ <th class="manage-column">@@SUCURI.IPAddedAt@@</th>
33
</tr>
34
</thead>
35
38
39
<tr class="sucuriscan-%%SUCURI.TrustedIPs.NoItems.Visibility%%">
40
<td colspan="4">
41
+ <em>@@SUCURI.NoData@@</em>
42
</td>
43
</tr>
44
</tbody>
45
</table>
46
47
+ <button type="submit" class="button button-primary">@@SUCURI.Delete@@</button>
48
</form>
49
</div>
50
</div>
inc/tpl/settings-apirecovery.html.tpl CHANGED
@@ -1,29 +1,15 @@
1
2
<div class="sucuriscan-clearfix">
3
- <p>
4
- If this operation was successful you will receive a message in the email used
5
- during the registration of the API key <em>(usually the email of the main admin
6
- user)</em>, this message contains the key in plain text, copy and paste the key
7
- in the form field below. The plugin will verify the authenticity of the key
8
- sending an initial HTTP request to the API service, if this fails the key will
9
- be removed automatically and you will have to start the process all over again.
10
- </p>
11
12
- <p>
13
- There are cases where this operation can fail, an example would be when the
14
- email address is not associated with the domain anymore, this happens when the
15
- base URL changes <em>(from www to none or viceversa)</em>. There is also a limit
16
- on the number of recovery attempts that you may request during certain period of
17
- time, if you are having issues recovering the key please send an email explaining
18
- the situation to <a href="mailto:info@sucuri.net">info@sucuri.net</a>
19
- </p>
20
21
<form action="%%SUCURI.URL.Settings%%" method="post">
22
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
23
<fieldset class="sucuriscan-clearfix">
24
- <label>Plugin API Key:</label>
25
<input type="text" name="sucuriscan_manual_api_key" />
26
- <button type="submit" class="button button-primary">Proceed</button>
27
</fieldset>
28
</form>
29
</div>
1
2
<div class="sucuriscan-clearfix">
3
+ <p>@@SUCURI.APIKeyRecoveryExplanation@@</p>
4
5
+ <p>@@SUCURI.APIKeyRecoveryPossibleFailures@@</p>
6
7
<form action="%%SUCURI.URL.Settings%%" method="post">
8
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
9
<fieldset class="sucuriscan-clearfix">
10
+ <label>@@SUCURI.APIKey@@:</label>
11
<input type="text" name="sucuriscan_manual_api_key" />
12
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
13
</fieldset>
14
</form>
15
</div>
inc/tpl/settings-apiregistered.html.tpl CHANGED
@@ -3,25 +3,13 @@
3
<div class="sucuriscan-pull-left sucuriscan-sitelogo">&nbsp;</div>
4
5
<div class="sucuriscan-pull-right">
6
- <p>
7
- Thanks so much for enabling your <strong>Sucuri Security</strong> plugin. This
8
- product is designed to supplement existing security products. It's not a silver
9
- bullet for your security needs, but it'll give you greater security awareness
10
- and better posture, all with the intent of reducing risk.
11
- </p>
12
13
<div class="sucuriscan-inline-alert-success">
14
- <p>
15
- Your website has been granted a new API key and it was
16
- associated to the email address that you chose during the
17
- registration process. You can use the same email to recover the
18
- key if you happen to lose it sometime. We encourage you to check
19
- the rest of the settings page and configure the plugin to your
20
- own needs.
21
- </p>
22
</div>
23
24
- <a href="%%SUCURI.URL.Dashboard%%" class="button button-primary">Dashboard</a>
25
- <a href="%%SUCURI.URL.Settings%%" class="button button-primary">Settings</a>
26
</div>
27
</div>
3
<div class="sucuriscan-pull-left sucuriscan-sitelogo">&nbsp;</div>
4
5
<div class="sucuriscan-pull-right">
6
+ <p>@@SUCURI.APIKeyGenerated@@</p>
7
8
<div class="sucuriscan-inline-alert-success">
9
+ <p>@@SUCURI.APIKeyContinueSetup@@</p>
10
</div>
11
12
+ <a href="%%SUCURI.URL.Dashboard%%" class="button button-primary">@@SUCURI.Dashboard@@</a>
13
+ <a href="%%SUCURI.URL.Settings%%" class="button button-primary">@@SUCURI.Settings@@</a>
14
</div>
15
</div>
inc/tpl/settings-apiservice-proxy.html.tpl CHANGED
@@ -1,24 +1,15 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">API Communication via Proxy</h3>
4
5
<div class="inside">
6
- <p>
7
- All the HTTP requests used to communicate with the API service are
8
- being sent using the WordPress built-in functions, so (almost) all
9
- its official features are inherited, this is useful if you need to
10
- pass these HTTP requests through a proxy. According to the
11
- <a href="https://developer.wordpress.org/reference/classes/wp_http_proxy/"
12
- target="_blank" rel="noopener">official documentation</a> you have to add some
13
- constants to the main configuration file: <em>WP_PROXY_HOST,
14
- WP_PROXY_PORT, WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>.
15
- </p>
16
17
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
18
- <div>HTTP Proxy Hostname: %%SUCURI.APIProxy.Host%%</div>
19
- <div>HTTP Proxy Port num: %%SUCURI.APIProxy.Port%%</div>
20
- <div>HTTP Proxy Username: %%SUCURI.APIProxy.Username%%</div>
21
- <div>HTTP Proxy Password: <span class="sucuriscan-label-%%SUCURI.APIProxy.PasswordType%%">%%SUCURI.APIProxy.PasswordText%%</span></div>
22
</div>
23
</div>
24
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.APIViaProxy@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.APIViaProxyInfo@@</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
9
+ <div>@@SUCURI.ProxyHostname@@: %%SUCURI.APIProxy.Host%%</div>
10
+ <div>@@SUCURI.ProxyPort@@: %%SUCURI.APIProxy.Port%%</div>
11
+ <div>@@SUCURI.ProxyUsername@@: %%SUCURI.APIProxy.Username%%</div>
12
+ <div>@@SUCURI.ProxyPassword@@: <span class="sucuriscan-label-%%SUCURI.APIProxy.PasswordType%%">%%SUCURI.APIProxy.PasswordText%%</span></div>
13
</div>
14
</div>
15
</div>
inc/tpl/settings-apiservice-status.html.tpl CHANGED
@@ -1,40 +1,16 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">API Service Communication</h3>
4
5
<div class="inside">
6
- <p>
7
- Once the API key is generate the plugin will communicate with a remote API
8
- service that will act as a safe data storage for the audit logs generated when
9
- the website triggers certain events that the plugin monitors. If the website is
10
- hacked the attacker will not have access to these logs and that way you can
11
- investigate what was modified <em>(for malware infaction)</em> and/or how the
12
- malicious person was able to gain access to the website.
13
- </p>
14
-
15
- <div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.ApiStatus.WarningVisibility%%">
16
- <p>
17
- The latency of the HTTP requests may slow down the website depending on the
18
- location of the server that is hosting it. Additionally, if the API goes down
19
- the plugin will throw warnings that may affect your workflow, in this case you
20
- may want to stop the communication with the API service to keep the latency at
21
- zero and be able to continue working in the website without interruptions.
22
- </p>
23
- </div>
24
25
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.ApiStatus.ErrorVisibility%%">
26
- <p>
27
- Disabling the API service communication will stop the event monitoring, consider
28
- to enable the <a href="%%SUCURI.URL.Settings%%#general">Log Exporter</a> to
29
- keep the monitoring working while the HTTP requests are ignored, otherwise an
30
- attacker may execute an action that will not be registered in the security logs
31
- and you will not have a way to investigate the attack in the future.
32
- </p>
33
</div>
34
35
<div class="sucuriscan-hstatus sucuriscan-hstatus-%%SUCURI.ApiStatus.StatusNum%%">
36
- <span>API Service Communication is %%SUCURI.ApiStatus.Status%%</span>
37
- &mdash;
38
<span class="sucuriscan-monospace">%%SUCURI.ApiStatus.ServiceURL%%</span>
39
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
40
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.APICommunication@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.APICommunicationInfo@@</p>
7
8
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.ApiStatus.ErrorVisibility%%">
9
+ <p>@@SUCURI.APICommunicationDisabled@@</p>
10
</div>
11
12
<div class="sucuriscan-hstatus sucuriscan-hstatus-%%SUCURI.ApiStatus.StatusNum%%">
13
+ <span>@@SUCURI.APICommunication@@ &mdash; %%SUCURI.ApiStatus.Status%% &mdash;</span>
14
<span class="sucuriscan-monospace">%%SUCURI.ApiStatus.ServiceURL%%</span>
15
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
16
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
inc/tpl/settings-apiservice-timeout.html.tpl CHANGED
@@ -1,39 +1,20 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">API Request Timeout</h3>
4
5
<div class="inside">
6
- <p>
7
- The plugin sends the data associated to the events triggered by WordPress when
8
- it considers the action is suspicious, it sends this information via HTTP requests
9
- using the HTTP transport protocol available in the system and the <a target="_blank"
10
- href="https://developer.wordpress.org/reference/functions/wp_remote_post/" rel="noopener">built-in
11
- functions</a> provided by WordPress, then it waits for the response.
12
- </p>
13
-
14
- <div class="sucuriscan-inline-alert-info">
15
- <p>
16
- You can set up to %%SUCURI.MaxRequestTimeout%% seconds for the timeout, more than that is not allowed.
17
- </p>
18
- </div>
19
20
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
21
- <span>Wait <b>%%SUCURI.RequestTimeout%%</b> before timeout</span>
22
</div>
23
24
- <p>
25
- If you start experiencing issues related with the timeout of the requests
26
- you may consider to increase the number of seconds to wait for the response.
27
- You may also want to check with your hosting provider to see if there is
28
- something in the server blocking the connection.
29
- </p>
30
-
31
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
32
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
33
<fieldset class="sucuriscan-clearfix">
34
- <label>HTTP Request Timeout (in secs)</label>
35
<input type="text" name="sucuriscan_request_timeout" />
36
- <button type="submit" class="button button-primary">Proceed</button>
37
</fieldset>
38
</form>
39
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.APITimeout@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.APITimeoutInfo@@</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
+ <span>@@SUCURI.APITimeoutValue@@</span>
10
</div>
11
12
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
13
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<fieldset class="sucuriscan-clearfix">
15
+ <label>@@SUCURI.APITimeoutLabel@@</label>
16
<input type="text" name="sucuriscan_request_timeout" />
17
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
18
</fieldset>
19
</form>
20
</div>
inc/tpl/settings-general-apikey.html.tpl CHANGED
@@ -4,65 +4,36 @@
4
%%%SUCURI.ModalForApiKeyRecovery%%%
5
6
<div class="sucuriscan-panel">
7
- <h3 class="sucuriscan-title">Plugin API Key</h3>
8
9
<div class="inside">
10
- <p>
11
- Most of the tools in this plugin can be used without a specific configuration,
12
- but the core features <strong>require an API key</strong> to communicate with
13
- the Sucuri services. The key is generated using your administrator e-mail and
14
- the domain of this site, this will allow you to have access to our free
15
- monitoring tool and other extra features.
16
- </p>
17
18
<div class="sucuriscan-inline-alert-info">
19
- <p>
20
-
21
- Generating an API key implies that you agree to send the information collected
22
- by the plugin to the Sucuri API service which is a remote server where the
23
- information for the audit logs is stored, this is to prevent malicious users to
24
- delete the logs during an attack which may affect an investigation if you
25
- suspect that your website was hacked. We also use this information to display <a
26
- href="https://sucuri.net/security-reports/brute-force/" target="_blank">statistics
27
- </a> and try to use the data in an anonymous way as we are concerned about your
28
- privacy too. Please do not generate an API key if you do not agree with this,
29
- you can keep using the plugin without it anyway.
30
- </p>
31
</div>
32
33
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.InvalidDomainVisibility%%">
34
- <p>
35
- Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS
36
- <code>A</code> record so it will be considered as <em>invalid</em> by the API
37
- interface when you request the generation of a new key. Adding <code>www</code>
38
- at the beginning of the domain name may fix this issue. If you do not understand
39
- what is this then send an email to our support team requesting the key.
40
- </p>
41
</div>
42
43
<div class="sucuriscan-%%SUCURI.APIKey.RecoverVisibility%%">
44
<div class="sucuriscan-hstatus sucuriscan-hstatus-0">
45
- <div class="sucuriscan-monospace">Plugin API Key: %%SUCURI.APIKey%%</div>
46
<form action="%%SUCURI.URL.Settings%%" method="post">
47
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
48
- <button type="submit" name="sucuriscan_recover_key" class="button button-primary">Recover Via E-mail</button>
49
</form>
50
</div>
51
52
- <p>
53
- If you don't have access to the e-mail address used to generate the
54
- API key, but have a copy of the key at hand you can <a target="_self"
55
- href="%%SUCURI.URL.Settings%%&recover">click this link</a> to activate
56
- the plugin manually. Be aware that if the key is invalid the plugin will
57
- delete it afterwards.
58
- </p>
59
</div>
60
61
<div class="sucuriscan-hstatus sucuriscan-hstatus-1 sucuriscan-%%SUCURI.APIKey.RemoveVisibility%%">
62
- <div class="sucuriscan-monospace">Plugin API Key: %%SUCURI.APIKey%%</div>
63
<form action="%%SUCURI.URL.Settings%%" method="post">
64
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
65
- <button type="submit" name="sucuriscan_remove_api_key" class="button button-primary">Remove</button>
66
</form>
67
</div>
68
</div>
4
%%%SUCURI.ModalForApiKeyRecovery%%%
5
6
<div class="sucuriscan-panel">
7
+ <h3 class="sucuriscan-title">@@SUCURI.APIKey@@</h3>
8
9
<div class="inside">
10
+ <p>@@SUCURI.APIKeyInfo@@</p>
11
12
<div class="sucuriscan-inline-alert-info">
13
+ <p>@@SUCURI.APIKeyTerms@@</p>
14
</div>
15
16
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.InvalidDomainVisibility%%">
17
+ <p>@@SUCURI.APIKeyInvalidDomain@@</p>
18
</div>
19
20
<div class="sucuriscan-%%SUCURI.APIKey.RecoverVisibility%%">
21
<div class="sucuriscan-hstatus sucuriscan-hstatus-0">
22
+ <div class="sucuriscan-monospace">@@SUCURI.APIKey@@: %%SUCURI.APIKey%%</div>
23
<form action="%%SUCURI.URL.Settings%%" method="post">
24
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
25
+ <button type="submit" name="sucuriscan_recover_key" class="button button-primary">@@SUCURI.APIKeyRecoverButton@@</button>
26
</form>
27
</div>
28
29
+ <p>@@SUCURI.APIKeyRecoveryCondition@@</p>
30
</div>
31
32
<div class="sucuriscan-hstatus sucuriscan-hstatus-1 sucuriscan-%%SUCURI.APIKey.RemoveVisibility%%">
33
+ <div class="sucuriscan-monospace">@@SUCURI.APIKey@@: %%SUCURI.APIKey%%</div>
34
<form action="%%SUCURI.URL.Settings%%" method="post">
35
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
36
+ <button type="submit" name="sucuriscan_remove_api_key" class="button button-primary">@@SUCURI.Delete@@</button>
37
</form>
38
</div>
39
</div>
inc/tpl/settings-general-auditlogstats.html.tpl CHANGED
@@ -1,29 +1,16 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Audit Log Statistics</h3>
4
5
<div class="inside">
6
- <p>
7
- Enabling this option allows you to have a quick view of the range of
8
- the activity of your users and/or the attacks directed against your
9
- website. By default, the plugin uses the latest entries in the audit
10
- logs and uses that information to draw bar and pie charts in the
11
- dashboard.
12
- </p>
13
-
14
- <p>
15
- The statistic are generated with a limited number of logs to reduce
16
- the memory consumption of the parser. You can increase the limit at
17
- your own discretion considering the amount of memory and maximum
18
- execution time that your PHP installation is allowed to use.
19
- </p>
20
21
<form action="%%SUCURI.URL.Settings%%" method="post">
22
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
23
<fieldset class="sucuriscan-clearfix">
24
- <label>Audit Logs Limit:</label>
25
<input type="text" name="sucuriscan_logs4report" value="%%SUCURI.AuditLogStats.Limit%%" placeholder="e.g. 500" />
26
- <button type="submit" class="button button-primary">Save</button>
27
</fieldset>
28
</form>
29
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.LogsReport@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.LogsReportDescription@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>@@SUCURI.LogsReport@@:</label>
12
<input type="text" name="sucuriscan_logs4report" value="%%SUCURI.AuditLogStats.Limit%%" placeholder="e.g. 500" />
13
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
14
</fieldset>
15
</form>
16
</div>
inc/tpl/settings-general-commentmonitor.html.tpl CHANGED
@@ -1,28 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">User Comment Monitor</h3>
4
5
<div class="inside">
6
- <p>
7
- User comments are the main source of spam in WordPress websites, this option
8
- enables the monitoring of data sent via the comment forms loaded in every page
9
- and post. Remember that the plugin sends this information to the Sucuri servers
10
- so if you do not agree with this you must keep this option disabled. Among the
11
- data included in the report for each comment there are identifiers of the post
12
- and user account <em>(usually null for guest comments)</em>, the IP address of
13
- the author, the email address of the author, the user-agent of the web browser
14
- used by the author to create the comment, the current date, the status which
15
- usually falls under the category of not approved, and the message itself.
16
- </p>
17
-
18
- <p>
19
- We also use this information in an anonymous way to generate <a target="_blank"
20
- href="https://sucuri.net/security-reports/brute-force/">statistics</a> of usage
21
- that help us improve our service.
22
- </p>
23
24
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
25
- <span>User Comment Monitor is %%SUCURI.CommentMonitorStatus%%</span>
26
27
<form action="%%SUCURI.URL.Settings%%" method="post">
28
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.CommentMonitor@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.CommentMonitorInfo@@</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
+ <span>@@SUCURI.CommentMonitor@@ &mdash; %%SUCURI.CommentMonitorStatus%%</span>
10
11
<form action="%%SUCURI.URL.Settings%%" method="post">
12
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
inc/tpl/settings-general-cronjobs.html.tpl CHANGED
@@ -1,24 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Scheduled Tasks (%%SUCURI.Cronjobs.Total%% tasks)</h3>
4
5
<div class="inside">
6
- <p>
7
- <strong>Scheduled Tasks</strong> are rules registered in your database by a
8
- plugin, theme, or the base system itself; they are used to automatically execute
9
- actions defined in the code every certain amount of time. A good use of these
10
- rules is to generate backup files of your site, execute a security scanner, or
11
- remove unused elements like drafts.
12
- </p>
13
-
14
- <div class="sucuriscan-inline-alert-error">
15
- <p>
16
- Note that there are some scheduled tasks <em>(registered by the base
17
- system)</em> that can not be removed permanently using this tool, tasks such as
18
- the <strong>addon update</strong> and <strong>version checker</strong> are
19
- required by the site to work correctly.
20
- </p>
21
- </div>
22
23
<form action="%%SUCURI.URL.Settings%%#general" method="post">
24
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -30,10 +15,10 @@
30
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
31
<input id="cb-select-all-1" type="checkbox">
32
</td>
33
- <th>Task</th>
34
- <th>Schedule</th>
35
- <th>Next due</th>
36
- <th>Arguments</th>
37
</tr>
38
</thead>
39
@@ -43,11 +28,11 @@
43
</table>
44
45
<fieldset class="sucuriscan-clearfix">
46
- <label>Choose Action:</label>
47
<select name="sucuriscan_cronjob_action">
48
%%%SUCURI.Cronjob.Schedules%%%
49
</select>
50
- <button type="submit" class="button button-primary">Send action</button>
51
</fieldset>
52
</form>
53
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.Cronjobs@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.CronjobsInfo@@</p>
7
8
<form action="%%SUCURI.URL.Settings%%#general" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
15
<label class="screen-reader-text" for="cb-select-all-1">Select All</label>
16
<input id="cb-select-all-1" type="checkbox">
17
</td>
18
+ <th>@@SUCURI.Name@@</th>
19
+ <th>@@SUCURI.Schedule@@</th>
20
+ <th>@@SUCURI.NextDue@@</th>
21
+ <th>@@SUCURI.Arguments@@</th>
22
</tr>
23
</thead>
24
28
</table>
29
30
<fieldset class="sucuriscan-clearfix">
31
+ <label>@@SUCURI.Action@@:</label>
32
<select name="sucuriscan_cronjob_action">
33
%%%SUCURI.Cronjob.Schedules%%%
34
</select>
35
+ <button type="submit" class="button button-primary">@@SUCURI.Submit@@</button>
36
</fieldset>
37
</form>
38
</div>
inc/tpl/settings-general-datastorage.html.tpl CHANGED
@@ -1,68 +1,40 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Data Storage Path</h3>
4
5
<div class="inside">
6
- <p>
7
- This is the directory where the plugin will store the security logs, the list of
8
- files marked as fixed in the core integrity tool, the cache for the malware
9
- scanner and 3rd-party plugin metadata. The directory is blocked from public
10
- visibility if <strong>and only if</strong> the site is being hosted by the
11
- Apache web server. Additionally, every PHP file has an exit point in its header
12
- to prevent the content to be printed.
13
- </p>
14
15
- <div class="sucuriscan-inline-alert-info">
16
- <p>
17
- The plugin requires write permissions in this directory as well
18
- as the files contained in it. If you prefer to keep these files
19
- in a non-public directory <em>(one level up the document root)
20
- </em> please define a constant in the <em>"wp-config.php"</em>
21
- file named <em>"SUCURI_DATA_STORAGE"</em> with the absolute path
22
- to the new directory.
23
- </p>
24
- </div>
25
26
- <div class="sucuriscan-hstatus sucuriscan-hstatus-2">
27
- <span class="sucuriscan-monospace">%%SUCURI.Storage.Path%%</span>
28
- </div>
29
30
<p>
31
- As of version 1.7.18 the plugin started using a plain text file named
32
- <em>"sucuri-settings.php"</em> to store its settings instead of the
33
- database, this was both a security measure and a mechanism to simplify
34
- the management of the settings for multisite installations. Options
35
- created in the database by previous versions of the plugin will be
36
- migrated to the settings file if it is writable, otherwise they will
37
- remain in the database until the user grants write permissions.
38
</p>
39
-
40
- <form action="%%SUCURI.URL.Settings%%#general" method="post">
41
- <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
42
- <input type="hidden" name="sucuriscan_reset_storage" value="1" />
43
-
44
- <table class="wp-list-table widefat sucuriscan-table">
45
- <thead>
46
- <tr>
47
- <td id="cb" class="manage-column column-cb check-column">
48
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
49
- <input id="cb-select-all-1" type="checkbox">
50
- </td>
51
- <th class="manage-column">File</th>
52
- <th class="manage-column">Size</th>
53
- <th class="manage-column">Existence</th>
54
- <th class="manage-column">Write Permission</th>
55
- </tr>
56
- </thead>
57
-
58
- <tbody>
59
- %%%SUCURI.Storage.Files%%%
60
- </tbody>
61
- </table>
62
-
63
- <p>
64
- <button type="submit" class="button button-primary">Reset Files</button>
65
- </p>
66
- </form>
67
- </div>
68
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">@@SUCURI.DataStorage@@</h3>
4
5
<div class="inside">
6
+ <p>@@SUCURI.DataStorageInfo@@</p>
7
+ </div>
8
9
+ <div class="sucuriscan-hstatus sucuriscan-hstatus-2">
10
+ <span class="sucuriscan-monospace">%%SUCURI.Storage.Path%%</span>
11
+ </div>
12
13
+ <form action="%%SUCURI.URL.Settings%%#general" method="post">
14
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
15
+ <input type="hidden" name="sucuriscan_reset_storage" value="1" />
16
+
17
+ <table class="wp-list-table widefat sucuriscan-table">
18
+ <thead>
19
+ <tr>
20
+ <td id="cb" class="manage-column column-cb check-column">
21
+ <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
22
+ <input id="cb-select-all-1" type="checkbox">
23
+ </td>
24
+ <th class="manage-column">@@SUCURI.FilePath@@</th>
25
+ <th class="manage-column">@@SUCURI.FileSize@@</th>
26
+ <th class="manage-column">@@SUCURI.Status@@</th>
27
+ <th class="manage-column">@@SUCURI.Writable@@</th>
28
+ </tr>
29
+ </thead>
30
+
31
+ <tbody>
32
+ %%%SUCURI.Storage.Files%%%
33
+ </tbody>
34
+ </table>
35
36
<p>
37
+ <button type="submit" class="button button-primary">@@SUCURI.Delete@@</button>
38
</p>
39
+ </form>
40
</div>