Version Description
- Bug fixed: Hidden custom login URL may be discovered by using specially formatted URL.
- Bug fixed: Customization CSS styles dont work on the Custom login page.
Download this release
Release Info
| Developer | Gioni |
| Plugin |  Cerber Security & Antispam |
| Version | 5.2 |
| Comparing to | |
| See all releases | |
Code changes from version 5.1 to 5.2
- common.php +23 -0
- dashboard.php +7 -3
- languages/wp-cerber-it_IT.mo +0 -0
- languages/wp-cerber-it_IT.po +8 -8
- readme.txt +19 -8
- wp-cerber.php +17 -16
common.php
CHANGED
|
@@ -320,6 +320,29 @@ function cerber_is_rest_url(){
|
|
| 320 |
return false;
|
| 321 |
}
|
| 322 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 323 |
/*
|
| 324 |
* Sets of human readable labels for vary activity/logs events
|
| 325 |
* @since 1.0
|
| 320 |
return false;
|
| 321 |
}
|
| 322 |
|
| 323 |
+
/**
|
| 324 |
+
* Return the last portion of the requested URI.
|
| 325 |
+
*
|
| 326 |
+
* @param bool $check_php if true check if a php script has been requested
|
| 327 |
+
*
|
| 328 |
+
* @return bool|string
|
| 329 |
+
*/
|
| 330 |
+
function cerber_get_last_in_uri( $check_php = false ) {
|
| 331 |
+
$ret = substr( strrchr( $_SERVER['REQUEST_URI'], '/' ), 1 );
|
| 332 |
+
if ( $pos = strpos( $ret, '?' ) ) {
|
| 333 |
+
$ret = substr( $ret, 0, $pos );
|
| 334 |
+
}
|
| 335 |
+
$ret = rtrim( $ret, '/' );
|
| 336 |
+
|
| 337 |
+
if ( $check_php ) {
|
| 338 |
+
if ( strtolower( substr( $ret, - 4 ) ) != '.php' ) {
|
| 339 |
+
$ret = '';
|
| 340 |
+
}
|
| 341 |
+
}
|
| 342 |
+
|
| 343 |
+
return $ret;
|
| 344 |
+
}
|
| 345 |
+
|
| 346 |
/*
|
| 347 |
* Sets of human readable labels for vary activity/logs events
|
| 348 |
* @since 1.0
|
dashboard.php
CHANGED
|
@@ -927,12 +927,16 @@ function cerber_show_help() {
|
|
| 927 |
|
| 928 |
<h3>Do you have a question or need help?</h3>
|
| 929 |
|
| 930 |
-
<p>Support is provided on the WordPress
|
| 931 |
not always possible to answer all questions on a timely manner, although I do try.</p>
|
| 932 |
|
| 933 |
-
|
| 934 |
-
|
|
|
|
|
|
|
|
|
|
| 935 |
|
|
|
|
| 936 |
|
| 937 |
<h3>Mobile and browser notifications with Pushbullet</h3>
|
| 938 |
|
| 927 |
|
| 928 |
<h3>Do you have a question or need help?</h3>
|
| 929 |
|
| 930 |
+
<p>Support is provided on the WordPress forum for free, though please note that it is free support hence it is
|
| 931 |
not always possible to answer all questions on a timely manner, although I do try.</p>
|
| 932 |
|
| 933 |
+
<p><a href="http://wpcerber.com/toc/" target="_blank">Read articles on wpcerber.com</a> or <a href="http://wordpress.org/support/plugin/wp-cerber">get answer on the support forum</a></p>
|
| 934 |
+
|
| 935 |
+
<form action="http://wpcerber.com" target="_blank"><b>Search plugin documentation on wpcerber.com: </b><input type="text" name="s" placeholder="Enter term to search"><input type="submit" value="Search" class="button button-primary"></form>
|
| 936 |
+
|
| 937 |
+
<h3>What is IP address of your computer?</h3>
|
| 938 |
|
| 939 |
+
<p>To find out your current IP address go to this page: <a href="http://wpcerber.com/what-is-my-ip/">What is my IP</a>. If you see a different IP address on the Activity tab for your login or logout events you probably need to check <b><?php _e('My site is behind a reverse proxy','wp-cerber'); ?></b>.</p>
|
| 940 |
|
| 941 |
<h3>Mobile and browser notifications with Pushbullet</h3>
|
| 942 |
|
languages/wp-cerber-it_IT.mo
CHANGED
|
Binary file
|
languages/wp-cerber-it_IT.po
CHANGED
|
@@ -1231,33 +1231,33 @@ msgstr "Sposta i commenti spam nel cestino dopo"
|
|
| 1231 |
|
| 1232 |
#: ../common.php:345
|
| 1233 |
msgid "Spam form submission denied"
|
| 1234 |
-
msgstr ""
|
| 1235 |
|
| 1236 |
#: ../settings.php:122
|
| 1237 |
msgid "Other forms"
|
| 1238 |
-
msgstr ""
|
| 1239 |
|
| 1240 |
#: ../settings.php:122
|
| 1241 |
msgid "Protect all forms on the website with bot detection engine"
|
| 1242 |
-
msgstr ""
|
| 1243 |
|
| 1244 |
#: ../settings.php:124
|
| 1245 |
msgid "Adjust antispam engine"
|
| 1246 |
-
msgstr ""
|
| 1247 |
|
| 1248 |
#: ../settings.php:125
|
| 1249 |
msgid "Safe mode"
|
| 1250 |
-
msgstr ""
|
| 1251 |
|
| 1252 |
#: ../settings.php:125
|
| 1253 |
msgid "Use less restrictive policies (allow AJAX)"
|
| 1254 |
-
msgstr ""
|
| 1255 |
|
| 1256 |
#: ../settings.php:126
|
| 1257 |
msgid "Logged in users"
|
| 1258 |
-
msgstr ""
|
| 1259 |
|
| 1260 |
#: ../settings.php:126
|
| 1261 |
msgid "Disable bot detection engine for logged in users"
|
| 1262 |
-
msgstr ""
|
| 1263 |
|
| 1231 |
|
| 1232 |
#: ../common.php:345
|
| 1233 |
msgid "Spam form submission denied"
|
| 1234 |
+
msgstr "L'invio del form contenente spam è stato negata"
|
| 1235 |
|
| 1236 |
#: ../settings.php:122
|
| 1237 |
msgid "Other forms"
|
| 1238 |
+
msgstr "Altro form"
|
| 1239 |
|
| 1240 |
#: ../settings.php:122
|
| 1241 |
msgid "Protect all forms on the website with bot detection engine"
|
| 1242 |
+
msgstr "Proteggi tutti i form del sito web con il motore di rilevazione dei bot"
|
| 1243 |
|
| 1244 |
#: ../settings.php:124
|
| 1245 |
msgid "Adjust antispam engine"
|
| 1246 |
+
msgstr "Regola Motore Antispam"
|
| 1247 |
|
| 1248 |
#: ../settings.php:125
|
| 1249 |
msgid "Safe mode"
|
| 1250 |
+
msgstr "Modalità sicura"
|
| 1251 |
|
| 1252 |
#: ../settings.php:125
|
| 1253 |
msgid "Use less restrictive policies (allow AJAX)"
|
| 1254 |
+
msgstr "Usa regole meno restrittive (Permetti AJAX)"
|
| 1255 |
|
| 1256 |
#: ../settings.php:126
|
| 1257 |
msgid "Logged in users"
|
| 1258 |
+
msgstr "Utenti connessi"
|
| 1259 |
|
| 1260 |
#: ../settings.php:126
|
| 1261 |
msgid "Disable bot detection engine for logged in users"
|
| 1262 |
+
msgstr "Disattiva il motore di rilevazione bot per gli utenti connessi"
|
| 1263 |
|
readme.txt
CHANGED
|
@@ -1,11 +1,11 @@
|
|
| 1 |
-
=== Cerber Security &
|
| 2 |
Contributors: gioni
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SR8RJXFU35EW8
|
| 4 |
Tags: security, login, custom login, protect, antispam, woocommerce, recaptcha, captcha, activity, log, logging, block, fail2ban, monitoring, rename wp login, whitelist, blacklist, wordpress security, xmlrpc, user enumeration, hardening, authentication, notification, pushbullet, brute force, bruteforce, users
|
| 5 |
Requires at least: 4.4
|
| 6 |
Requires PHP: 5.3
|
| 7 |
Tested up to: 4.8.1
|
| 8 |
-
Stable tag: 5.
|
| 9 |
License: GPLv2
|
| 10 |
|
| 11 |
Protection against hacker attacks and bots. Restrict access with IP access lists, track user and bot activity. reCAPTCHA. Limit login attempts.
|
|
@@ -15,19 +15,20 @@ Protection against hacker attacks and bots. Restrict access with IP access lists
|
|
| 15 |
Defends WordPress against brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies.
|
| 16 |
Restricts access with a Black IP Access List and a White IP Access List.
|
| 17 |
Tracks user and intruder activity with powerful email, mobile and desktop notifications.
|
| 18 |
-
Stop spam: activates reCAPTCHA for protecting registration and comments forms.
|
| 19 |
-
Hardening WordPress.
|
| 20 |
|
| 21 |
**Features you will love**
|
| 22 |
|
| 23 |
* Limit login attempts when logging in by IP address or entire subnet.
|
| 24 |
* Monitors logins made by login forms, XML-RPC requests or auth cookies.
|
| 25 |
* Permit or restrict access by [White IP Access list and Black IP Access List](http://wpcerber.com/using-ip-access-lists-to-protect-wordpress/) with a single IP, IP range or subnet.
|
| 26 |
-
*
|
| 27 |
-
*
|
|
|
|
|
|
|
| 28 |
* Hide wp-login.php, wp-signup.php and wp-register.php from possible attacks and return 404 HTTP Error.
|
| 29 |
* Hide wp-admin (dashboard) and return 404 HTTP Error when a user isn't logged in.
|
| 30 |
-
* Create **Custom login URL** ([rename wp-login.php](http://wpcerber.com/how-to-rename-wp-login-php/)).
|
| 31 |
* Immediately block IP or subnet when attempting to log in with non-existent or prohibited username.
|
| 32 |
* Disable WP REST API
|
| 33 |
* Disable XML-RPC (block access to the XML-RPC interface including Pingbacks and Trackbacks)
|
|
@@ -36,7 +37,7 @@ Hardening WordPress.
|
|
| 36 |
* Disable automatic redirecting to login page.
|
| 37 |
* **Stop user enumeration** (block access to the pages like /?author=n)
|
| 38 |
* Proactively **block IP subnet class C** for intruder's IP.
|
| 39 |
-
* Antispam: **reCAPTCHA** to protect WordPress register and comment forms.
|
| 40 |
* [reCAPTCHA for WooCommerce & WordPress forms](http://wpcerber.com/how-to-setup-recaptcha/).
|
| 41 |
* Invisible reCAPTCHA for WordPress comments forms
|
| 42 |
* Citadel mode for **massive brute force attack**.
|
|
@@ -67,6 +68,12 @@ You can **hide WordPress dashboard** (/wp-admin/) when a user isn't logged in. I
|
|
| 67 |
|
| 68 |
Massive botnet brute force attack? That's no longer a problem. **Citadel mode** will automatically be activated for awhile and prevent your site from making further attempts to log in with any username.
|
| 69 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 70 |
= Antispam protection: invisible reCAPTCHA for WooCommerce =
|
| 71 |
|
| 72 |
* WooCommerce login form
|
|
@@ -251,6 +258,10 @@ To get access to your dashboard you need to copy the WP Cerber Reset folder to t
|
|
| 251 |
|
| 252 |
== Changelog ==
|
| 253 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 254 |
= 5.1 =
|
| 255 |
* New: Anti-spam and anti-bot for contact and other forms. Cerber antispam and bot detection engine now protects all forms on a website. It’s compatible with virtually any form. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms.
|
| 256 |
* New: Portuguese of Portugal translation has been added, thanks to Helderk.
|
| 1 |
+
=== Cerber Security & Antispam ===
|
| 2 |
Contributors: gioni
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=SR8RJXFU35EW8
|
| 4 |
Tags: security, login, custom login, protect, antispam, woocommerce, recaptcha, captcha, activity, log, logging, block, fail2ban, monitoring, rename wp login, whitelist, blacklist, wordpress security, xmlrpc, user enumeration, hardening, authentication, notification, pushbullet, brute force, bruteforce, users
|
| 5 |
Requires at least: 4.4
|
| 6 |
Requires PHP: 5.3
|
| 7 |
Tested up to: 4.8.1
|
| 8 |
+
Stable tag: 5.2
|
| 9 |
License: GPLv2
|
| 10 |
|
| 11 |
Protection against hacker attacks and bots. Restrict access with IP access lists, track user and bot activity. reCAPTCHA. Limit login attempts.
|
| 15 |
Defends WordPress against brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies.
|
| 16 |
Restricts access with a Black IP Access List and a White IP Access List.
|
| 17 |
Tracks user and intruder activity with powerful email, mobile and desktop notifications.
|
| 18 |
+
Stop spam: activates Cerber antispam engine and Google reCAPTCHA for protecting registration, contact and comments forms.
|
| 19 |
+
Hardening WordPress with a set of security settings.
|
| 20 |
|
| 21 |
**Features you will love**
|
| 22 |
|
| 23 |
* Limit login attempts when logging in by IP address or entire subnet.
|
| 24 |
* Monitors logins made by login forms, XML-RPC requests or auth cookies.
|
| 25 |
* Permit or restrict access by [White IP Access list and Black IP Access List](http://wpcerber.com/using-ip-access-lists-to-protect-wordpress/) with a single IP, IP range or subnet.
|
| 26 |
+
* Create **Custom login URL** ([rename wp-login.php](http://wpcerber.com/how-to-rename-wp-login-php/)).
|
| 27 |
+
* Cerber antispam engine for protecting any contact form. Automatically detects and moves spam comments to trash or deny it completely.
|
| 28 |
+
* Log user, bot and hacker activities.
|
| 29 |
+
* Cool notifications with powerful filters.
|
| 30 |
* Hide wp-login.php, wp-signup.php and wp-register.php from possible attacks and return 404 HTTP Error.
|
| 31 |
* Hide wp-admin (dashboard) and return 404 HTTP Error when a user isn't logged in.
|
|
|
|
| 32 |
* Immediately block IP or subnet when attempting to log in with non-existent or prohibited username.
|
| 33 |
* Disable WP REST API
|
| 34 |
* Disable XML-RPC (block access to the XML-RPC interface including Pingbacks and Trackbacks)
|
| 37 |
* Disable automatic redirecting to login page.
|
| 38 |
* **Stop user enumeration** (block access to the pages like /?author=n)
|
| 39 |
* Proactively **block IP subnet class C** for intruder's IP.
|
| 40 |
+
* Antispam: **reCAPTCHA** to protect WordPress login, register and comment forms.
|
| 41 |
* [reCAPTCHA for WooCommerce & WordPress forms](http://wpcerber.com/how-to-setup-recaptcha/).
|
| 42 |
* Invisible reCAPTCHA for WordPress comments forms
|
| 43 |
* Citadel mode for **massive brute force attack**.
|
| 68 |
|
| 69 |
Massive botnet brute force attack? That's no longer a problem. **Citadel mode** will automatically be activated for awhile and prevent your site from making further attempts to log in with any username.
|
| 70 |
|
| 71 |
+
= Cerber antispam engine =
|
| 72 |
+
|
| 73 |
+
Anti-spam and anti-bot protection for contact, registration, comments and other forms.
|
| 74 |
+
Cerber antispam and bot detection engine now protects all forms on a website. No reCAPTCHA is needed.
|
| 75 |
+
It’s compatible with virtually any form you have. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms.
|
| 76 |
+
|
| 77 |
= Antispam protection: invisible reCAPTCHA for WooCommerce =
|
| 78 |
|
| 79 |
* WooCommerce login form
|
| 258 |
|
| 259 |
== Changelog ==
|
| 260 |
|
| 261 |
+
= 5.2 =
|
| 262 |
+
* Bug fixed: Hidden custom login URL may be discovered by using specially formatted URL.
|
| 263 |
+
* Bug fixed: Customization CSS styles don’t work on the Custom login page.
|
| 264 |
+
|
| 265 |
= 5.1 =
|
| 266 |
* New: Anti-spam and anti-bot for contact and other forms. Cerber antispam and bot detection engine now protects all forms on a website. It’s compatible with virtually any form. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms.
|
| 267 |
* New: Portuguese of Portugal translation has been added, thanks to Helderk.
|
wp-cerber.php
CHANGED
|
@@ -1,11 +1,11 @@
|
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
-
Plugin Name: WP Cerber Security
|
| 4 |
Plugin URI: http://wpcerber.com
|
| 5 |
-
Description: Protects site from brute force attacks, bots and hackers. Antispam protection with reCAPTCHA. Comprehensive control of user activity. Restrict login by IP access lists. Limit login attempts. Know more: <a href="http://wpcerber.com">wpcerber.com</a>.
|
| 6 |
Author: Gregory
|
| 7 |
Author URI: http://wpcerber.com
|
| 8 |
-
Version: 5.
|
| 9 |
Text Domain: wp-cerber
|
| 10 |
Domain Path: /languages
|
| 11 |
Network: true
|
|
@@ -59,7 +59,7 @@
|
|
| 59 |
// If this file is called directly, abort executing.
|
| 60 |
if ( ! defined( 'WPINC' ) ) { exit; }
|
| 61 |
|
| 62 |
-
define( 'CERBER_VER', '5.
|
| 63 |
define( 'CERBER_LOG_TABLE', 'cerber_log' );
|
| 64 |
define( 'CERBER_ACL_TABLE', 'cerber_acl' );
|
| 65 |
define( 'CERBER_BLOCKS_TABLE', 'cerber_blocks' );
|
|
@@ -647,8 +647,8 @@ function cerber_init() {
|
|
| 647 |
Display login form if Custom login URL has been requested
|
| 648 |
|
| 649 |
*/
|
| 650 |
-
|
| 651 |
-
add_action( 'setup_theme', 'cerber_wp_login_page' ); // @since 5.05
|
| 652 |
function cerber_wp_login_page() {
|
| 653 |
global $wp_cerber;
|
| 654 |
if ( $path = $wp_cerber->getSettings( 'loginpath' ) ) {
|
|
@@ -689,7 +689,8 @@ function cerber_is_login_request() {
|
|
| 689 |
return true;
|
| 690 |
}
|
| 691 |
}
|
| 692 |
-
elseif ( 0 === strpos( trim( $_SERVER['REQUEST_URI'], '/' ), WP_LOGIN_SCRIPT ) ) {
|
|
|
|
| 693 |
return true;
|
| 694 |
}
|
| 695 |
|
|
@@ -1160,9 +1161,10 @@ function cerber_redirect( $location, $status ) {
|
|
| 1160 |
|
| 1161 |
// Access control ========================================================================================
|
| 1162 |
|
| 1163 |
-
|
| 1164 |
-
|
| 1165 |
-
|
|
|
|
| 1166 |
add_action( 'init', 'cerber_access_control', 1 );
|
| 1167 |
function cerber_access_control() {
|
| 1168 |
global $wp_cerber;
|
|
@@ -1184,8 +1186,8 @@ function cerber_access_control() {
|
|
| 1184 |
}
|
| 1185 |
|
| 1186 |
$opt = $wp_cerber->getSettings();
|
| 1187 |
-
|
| 1188 |
-
|
| 1189 |
|
| 1190 |
if ( $script ) {
|
| 1191 |
if ( $script == WP_LOGIN_SCRIPT || $script == WP_SIGNUP_SCRIPT || ( $script == WP_REG_URI && ! get_option( 'users_can_register' ) ) ) { // no direct access
|
|
@@ -1371,11 +1373,10 @@ function cerber_block_rest() {
|
|
| 1371 |
add_filter( 'wp_redirect', 'cerber_no_redirect', 10, 2 );
|
| 1372 |
function cerber_no_redirect( $location, $status ) {
|
| 1373 |
global $current_user, $wp_cerber;
|
| 1374 |
-
if ( $current_user->ID == 0 && $wp_cerber->getSettings( 'noredirect' ) ) {
|
| 1375 |
-
//$str = 'redirect_to=' . urlencode( admin_url() );
|
| 1376 |
$str = urlencode( '/wp-admin/' );
|
| 1377 |
-
|
| 1378 |
-
if ( strpos( $
|
| 1379 |
cerber_404_page();
|
| 1380 |
}
|
| 1381 |
}
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
+
Plugin Name: WP Cerber Security & Antispam
|
| 4 |
Plugin URI: http://wpcerber.com
|
| 5 |
+
Description: Protects site from brute force attacks, bots and hackers. Antispam protection with the Cerber antispam engine and reCAPTCHA. Comprehensive control of user activity. Restrict login by IP access lists. Limit login attempts. Know more: <a href="http://wpcerber.com">wpcerber.com</a>.
|
| 6 |
Author: Gregory
|
| 7 |
Author URI: http://wpcerber.com
|
| 8 |
+
Version: 5.2
|
| 9 |
Text Domain: wp-cerber
|
| 10 |
Domain Path: /languages
|
| 11 |
Network: true
|
| 59 |
// If this file is called directly, abort executing.
|
| 60 |
if ( ! defined( 'WPINC' ) ) { exit; }
|
| 61 |
|
| 62 |
+
define( 'CERBER_VER', '5.2' );
|
| 63 |
define( 'CERBER_LOG_TABLE', 'cerber_log' );
|
| 64 |
define( 'CERBER_ACL_TABLE', 'cerber_acl' );
|
| 65 |
define( 'CERBER_BLOCKS_TABLE', 'cerber_blocks' );
|
| 647 |
Display login form if Custom login URL has been requested
|
| 648 |
|
| 649 |
*/
|
| 650 |
+
add_action( 'init', 'cerber_wp_login_page', 20 );
|
| 651 |
+
//add_action( 'setup_theme', 'cerber_wp_login_page' ); // @since 5.05
|
| 652 |
function cerber_wp_login_page() {
|
| 653 |
global $wp_cerber;
|
| 654 |
if ( $path = $wp_cerber->getSettings( 'loginpath' ) ) {
|
| 689 |
return true;
|
| 690 |
}
|
| 691 |
}
|
| 692 |
+
//elseif ( 0 === strpos( trim( $_SERVER['REQUEST_URI'], '/' ), WP_LOGIN_SCRIPT ) ) {
|
| 693 |
+
elseif ( strtolower( cerber_get_last_in_uri( true ) ) == WP_LOGIN_SCRIPT ) {
|
| 694 |
return true;
|
| 695 |
}
|
| 696 |
|
| 1161 |
|
| 1162 |
// Access control ========================================================================================
|
| 1163 |
|
| 1164 |
+
/**
|
| 1165 |
+
* Restrict access to vital parts of WP
|
| 1166 |
+
*
|
| 1167 |
+
*/
|
| 1168 |
add_action( 'init', 'cerber_access_control', 1 );
|
| 1169 |
function cerber_access_control() {
|
| 1170 |
global $wp_cerber;
|
| 1186 |
}
|
| 1187 |
|
| 1188 |
$opt = $wp_cerber->getSettings();
|
| 1189 |
+
|
| 1190 |
+
$script = strtolower( cerber_get_last_in_uri( true ) );
|
| 1191 |
|
| 1192 |
if ( $script ) {
|
| 1193 |
if ( $script == WP_LOGIN_SCRIPT || $script == WP_SIGNUP_SCRIPT || ( $script == WP_REG_URI && ! get_option( 'users_can_register' ) ) ) { // no direct access
|
| 1373 |
add_filter( 'wp_redirect', 'cerber_no_redirect', 10, 2 );
|
| 1374 |
function cerber_no_redirect( $location, $status ) {
|
| 1375 |
global $current_user, $wp_cerber;
|
| 1376 |
+
if ( (!$current_user || $current_user->ID == 0) && $wp_cerber->getSettings( 'noredirect' ) ) {
|
|
|
|
| 1377 |
$str = urlencode( '/wp-admin/' );
|
| 1378 |
+
$rdr = explode('redirect_to=',$location);
|
| 1379 |
+
if ( isset($rdr[1]) && strpos( $rdr[1], $str ) ) {
|
| 1380 |
cerber_404_page();
|
| 1381 |
}
|
| 1382 |
}
|
