Version Description
- New feature - Security Scan.
- Security Scan dashboard widget
- Inform on possible LiteSpeed service restart if use such system.
- Check if HTTP_USER_AGENT environment variable exists before making comparison.
- Fix Oxigen compatibility when using the HTML Minify.
- Fix: Cache Enable static call.
Download this release
Release Info
Developer | nsp-code |
Plugin | WP Hide & Security Enhancer |
Version | 1.9.1 |
Comparing to | |
See all releases |
Code changes from version 1.8.8 to 1.9.1
- assets/css/dashboard-widget.css +9 -0
- assets/css/security-scan.css +42 -0
- assets/css/wph.css +1 -39
- assets/js/wph.js +114 -22
- compatibility/cache-enabler.php +13 -8
- compatibility/oxygen-class.php +2 -2
- compatibility/oxygen.php +8 -2
- include/admin-interfaces/notice-is-litespeed.php +4 -1
- include/admin-interfaces/security-scan.class.php +823 -0
- include/admin-interfaces/security-scan/scan_item.class.php +48 -0
- include/admin-interfaces/security-scan/scan_item_database_prefix.php +71 -0
- include/admin-interfaces/security-scan/scan_item_db_debug.php +72 -0
- include/admin-interfaces/security-scan/scan_item_disable_file_edit.php +70 -0
- include/admin-interfaces/security-scan/scan_item_firewall.php +138 -0
- include/admin-interfaces/security-scan/scan_item_headers.php +120 -0
- include/admin-interfaces/security-scan/scan_item_hide_admin_ajax.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_admin_url.php +76 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_child_theme.php +105 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_child_theme_style.php +102 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_comments.php +95 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_plugins.php +96 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_theme.php +95 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_theme_style.php +95 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_wp_content.php +95 -0
- include/admin-interfaces/security-scan/scan_item_hide_check_wp_includes.php +95 -0
- include/admin-interfaces/security-scan/scan_item_hide_emulate.php +76 -0
- include/admin-interfaces/security-scan/scan_item_hide_json.php +77 -0
- include/admin-interfaces/security-scan/scan_item_hide_json_clean_api.php +76 -0
- include/admin-interfaces/security-scan/scan_item_hide_license_txt.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_new_wp_login.php +76 -0
- include/admin-interfaces/security-scan/scan_item_hide_other_generator.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_postprocessing.php +79 -0
- include/admin-interfaces/security-scan/scan_item_hide_readme_html.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_registration.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_remove_header_link.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_remove_headers.php +102 -0
- include/admin-interfaces/security-scan/scan_item_hide_remove_html_comments.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_replacements.php +164 -0
- include/admin-interfaces/security-scan/scan_item_hide_robots.php +76 -0
- include/admin-interfaces/security-scan/scan_item_hide_wlwmanifest.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_wordpress_generator.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_wordpress_tagline.php +75 -0
- include/admin-interfaces/security-scan/scan_item_hide_xml_rpc.php +76 -0
- include/admin-interfaces/security-scan/scan_item_keys_and_salts.php +89 -0
- include/admin-interfaces/security-scan/scan_item_mysql_version.php +71 -0
- include/admin-interfaces/security-scan/scan_item_old_plugins.php +122 -0
- include/admin-interfaces/security-scan/scan_item_outdated_plugins.php +102 -0
- include/admin-interfaces/security-scan/scan_item_outdated_themes.php +97 -0
- include/admin-interfaces/security-scan/scan_item_php_allow_url_include.php +77 -0
- include/admin-interfaces/security-scan/scan_item_php_display_errors.php +73 -0
- include/admin-interfaces/security-scan/scan_item_php_expose.php +74 -0
- include/admin-interfaces/security-scan/scan_item_php_register_globals.php +74 -0
- include/admin-interfaces/security-scan/scan_item_php_safe_mode.php +74 -0
- include/admin-interfaces/security-scan/scan_item_php_version.php +72 -0
- include/admin-interfaces/security-scan/scan_item_unwanted_files.php +143 -0
- include/admin-interfaces/security-scan/scan_item_use_admin_user.php +76 -0
- include/admin-interfaces/security-scan/scan_item_wp_debug.php +70 -0
- include/admin-interfaces/security-scan/scan_item_wp_version.php +103 -0
- include/admin-interfaces/security-scan/scan_item_wp_version_stability.php +110 -0
- include/functions.class.php +19 -0
- include/widgets.class.php +65 -0
- include/wph.class.php +47 -16
- modules/components/general-html.php +1 -1
- modules/components/general-user-interactions.php +7 -1
- modules/components/rewrite-new_plugin_path.php +5 -1
- readme.txt +10 -2
- wp-hide.php +1 -1
assets/css/dashboard-widget.css
ADDED
@@ -0,0 +1,9 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
#scan_overview p.hint {display: none}
|
2 |
+
#scan_overview .wph_graph > div {text-align: center}
|
3 |
+
#scan_overview #wph-graph {background-color: #FFF; max-width: 100%;box-sizing: border-box;overflow: hidden;}
|
4 |
+
#scan_overview #wph-graph .wph-graph-text{ background-color: #FFF }
|
5 |
+
#wph-scan-score table td.passed {background-color: #fbfbfb;}
|
6 |
+
#scan_overview p.actions {display: none}
|
7 |
+
#scan_overview .wph_results p {padding: 0px}
|
8 |
+
#scan_overview.header {border: none}
|
9 |
+
#wph-scan-score {padding: 0px}
|
assets/css/security-scan.css
ADDED
@@ -0,0 +1,42 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
#security-scan #scan_overview .spinner {float: none}
|
2 |
+
#security-scan #scan_overview .working {display: none; vertical-align: middle;}
|
3 |
+
#security-scan #scan_overview .working span.progress, #security-scan #scan_overview .working span.total_items {font-weight: bold}
|
4 |
+
#security-scan #scan_overview .new-items {color: #f04d46 }
|
5 |
+
#security-scan .item.processing {opacity: 0.3; pointer-events: none;-webkit-user-select: none; /* Safari */ -ms-user-select: none; /* IE 10 and IE 11 */ user-select: none; /* Standard syntax */;transition: opacity 0.5s linear; -webkit-transition: opacity 0.5s linear; -moz-transition: opacity 0.5s linear; }
|
6 |
+
#wph-site-scan-button {padding: 10px}
|
7 |
+
#security-scan .wph_input .row.cell.label {background-color: #FFF}
|
8 |
+
#security-scan .wph_input.issue_found {border-left: 4px solid #d63638;}
|
9 |
+
#security-scan .wph_input.unknown {border-left: 4px solid #E7D1A9;}
|
10 |
+
#security-scan .description code {padding: 0px}
|
11 |
+
#security-scan .dashicons-no {color: #d63638}
|
12 |
+
#security-scan .dashicons-yes {color: #229d51}
|
13 |
+
#security-scan .wph_input .row.cell.label .description {line-height: inherit;}
|
14 |
+
#security-scan .wph_input .row.cell.label .description span {line-height: inherit;}
|
15 |
+
#security-scan .wph_input .row.cell.label .description .error { color: #d63638}
|
16 |
+
#security-scan .outdated_plugin {clear: both; width: 50%; display: inline-block;}
|
17 |
+
#security-scan .outdated_plugin .icon {max-height: 40px; max-width: 40px; float: left; margin-right: 10px}
|
18 |
+
#security-scan .important {color: #333; }
|
19 |
+
#security-scan .item .actions {text-align: right}
|
20 |
+
#security-scan .item .actions .restore {display: none}
|
21 |
+
#security-scan .item .actions .wph-pro { background-color: #f04d46; border-color: transparent; font-weight: bold}
|
22 |
+
#security-scan .item .actions .wph-pro:hover {background-color: #c83e38}
|
23 |
+
#security-scan #hidden-items {padding-top: 40px}
|
24 |
+
#security-scan #hidden-items > div {opacity: 0.3; transition: opacity 0.2s linear; -webkit-transition: opacity 0.2s linear; -moz-transition: opacity 0.2s linear; }
|
25 |
+
#security-scan #hidden-items > div:hover {opacity: 1}
|
26 |
+
#security-scan #hidden-items .actions .restore {display: inline-block}
|
27 |
+
#security-scan #hidden-items .actions .ignore {display: none}
|
28 |
+
#wph-scan-score {padding: 0px 0 30px 0}
|
29 |
+
#wph-scan-score table { width: 100%; border-collapse: collapse;}
|
30 |
+
#wph-scan-score table td {text-align: center; border-bottom: 1px dotted #bbb; padding-bottom: 30px; padding-top: 20px}
|
31 |
+
#wph-scan-score table td.failed { background-color: #f0f0f1;}
|
32 |
+
#wph-scan-score table h4 {font-weight: normal;font-size: 14px;margin-bottom: 10px;}
|
33 |
+
#wph-scan-score table h5 {font-size: 32px; margin: 0px; font-weight: normal;}
|
34 |
+
#wph-scan-score table .failed h4 {color:#f04d46}
|
35 |
+
#wph-scan-score table td.passed {}
|
36 |
+
#security-scan .wph_results {background-color: #f9f9f9; padding: 0; box-sizing: border-box; overflow: hidden; position:relative; border-left: 1px solid #f1f1f1; flex-grow: 1;}
|
37 |
+
#security-scan .wph_results p {padding-left: 20px}
|
38 |
+
#scan_overview .last_scan {font-size: 12px; color: #999; padding-top: 20px}
|
39 |
+
#scan_overview.header {margin-bottom: 10px;overflow: hidden;position: relative;
|
40 |
+
min-width: 255px;
|
41 |
+
border: 1px solid #e5e5e5;box-shadow: 0 1px 1px rgba(0,0,0,.04);
|
42 |
+
background: #fff;}
|
assets/css/wph.css
CHANGED
@@ -190,45 +190,7 @@ table .wph_input tr td{}
|
|
190 |
.conditional_rules .wph_input td.param{width: 40%}
|
191 |
.conditional_rules .wph_input td.comparison{width: 12%}
|
192 |
|
193 |
-
|
194 |
-
#security-scan #scan_overview .working {display: none; vertical-align: middle;}
|
195 |
-
#security-scan #scan_overview .working span.progress, #security-scan #scan_overview .working span.total_items {font-weight: bold}
|
196 |
-
#security-scan #scan_overview .new-items {color: #f04d46 }
|
197 |
-
#security-scan .item.processing {opacity: 0.3; pointer-events: none;-webkit-user-select: none; /* Safari */ -ms-user-select: none; /* IE 10 and IE 11 */ user-select: none; /* Standard syntax */;transition: opacity 0.5s linear; -webkit-transition: opacity 0.5s linear; -moz-transition: opacity 0.5s linear; }
|
198 |
-
#wph-site-scan-button {padding: 10px}
|
199 |
-
#security-scan .wph_input .row.cell.label {background-color: #FFF}
|
200 |
-
#security-scan .wph_input.issue_found {border-left: 4px solid #d63638;}
|
201 |
-
#security-scan .wph_input.unknown {border-left: 4px solid #E7D1A9;}
|
202 |
-
#security-scan .description code {padding: 0px}
|
203 |
-
#security-scan .dashicons-no {color: #d63638}
|
204 |
-
#security-scan .dashicons-yes {color: #229d51}
|
205 |
-
#security-scan .wph_input .row.cell.label .description {line-height: inherit;}
|
206 |
-
#security-scan .wph_input .row.cell.label .description span {line-height: inherit;}
|
207 |
-
#security-scan .wph_input .row.cell.label .description .error { color: #d63638}
|
208 |
-
#security-scan .outdated_plugin {clear: both; width: 50%; display: inline-block;}
|
209 |
-
#security-scan .outdated_plugin .icon {max-height: 40px; max-width: 40px; float: left; margin-right: 10px}
|
210 |
-
#security-scan .important {color: #333; }
|
211 |
-
#security-scan .actions {text-align: right}
|
212 |
-
#security-scan .actions .restore {display: none}
|
213 |
-
#security-scan .actions .wph-pro { background-color: #f04d46; border-color: transparent; font-weight: bold}
|
214 |
-
#security-scan .actions .wph-pro:hover {background-color: #c83e38}
|
215 |
-
#security-scan #hidden-items {padding-top: 40px}
|
216 |
-
#security-scan #hidden-items > div {opacity: 0.3; transition: opacity 0.2s linear; -webkit-transition: opacity 0.2s linear; -moz-transition: opacity 0.2s linear; }
|
217 |
-
#security-scan #hidden-items > div:hover {opacity: 1}
|
218 |
-
#security-scan #hidden-items .actions .restore {display: inline-block}
|
219 |
-
#security-scan #hidden-items .actions .ignore {display: none}
|
220 |
-
#wph-scan-score {padding: 0px 0 30px 0}
|
221 |
-
#wph-scan-score table { width: 100%; border-collapse: collapse;}
|
222 |
-
#wph-scan-score table td {text-align: center; border-bottom: 1px dotted #bbb; padding-bottom: 30px; padding-top: 20px}
|
223 |
-
#wph-scan-score table td.failed { background-color: #f0f0f1;}
|
224 |
-
#wph-scan-score table h4 {font-weight: normal;font-size: 14px;margin-bottom: 10px;}
|
225 |
-
#wph-scan-score table h5 {font-size: 32px; margin: 0px; font-weight: normal;}
|
226 |
-
#wph-scan-score table .failed h4 {color:#f04d46}
|
227 |
-
#wph-scan-score table td.passed {}
|
228 |
-
#security-scan .wph_results {background-color: #f9f9f9; padding: 0; box-sizing: border-box; overflow: hidden; position:relative; border-left: 1px solid #f1f1f1; flex-grow: 1;}
|
229 |
-
#security-scan .wph_results p {padding-left: 20px}
|
230 |
-
#scan_overview .last_scan {font-size: 12px; color: #999; padding-top: 20px}
|
231 |
-
|
232 |
table .select.multiple {height: 82px}
|
233 |
|
234 |
.postbox h3 span {display: inline-block; vertical-align: middle}
|
190 |
.conditional_rules .wph_input td.param{width: 40%}
|
191 |
.conditional_rules .wph_input td.comparison{width: 12%}
|
192 |
|
193 |
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
194 |
table .select.multiple {height: 82px}
|
195 |
|
196 |
.postbox h3 span {display: inline-block; vertical-align: middle}
|
assets/js/wph.js
CHANGED
@@ -1,6 +1,11 @@
|
|
1 |
|
2 |
|
3 |
class WPH_Class {
|
|
|
|
|
|
|
|
|
|
|
4 |
|
5 |
selectText(node)
|
6 |
{
|
@@ -124,10 +129,26 @@
|
|
124 |
|
125 |
site_scan( nonce )
|
126 |
{
|
|
|
|
|
|
|
127 |
jQuery('#wph-site-scan-button').addClass( 'disabled' );
|
128 |
jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'visible');
|
129 |
jQuery('#security-scan #scan_overview .working').css( 'display', 'inline-block');
|
130 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
131 |
|
132 |
var LastResponseLength = false;
|
133 |
var Response = '';
|
@@ -140,36 +161,107 @@
|
|
140 |
'action':'wph_site_scan',
|
141 |
'nonce' : nonce
|
142 |
},
|
143 |
-
xhrFields: {
|
144 |
-
onprogress: function(e) {
|
145 |
-
var thisResponse, Response = e.currentTarget.response;
|
146 |
-
if( LastResponseLength === false) {
|
147 |
-
thisResponse = Response;
|
148 |
-
LastResponseLength = Response.length;
|
149 |
-
} else {
|
150 |
-
thisResponse = Response.substring( LastResponseLength );
|
151 |
-
LastResponseLength = Response.length;
|
152 |
-
}
|
153 |
-
|
154 |
-
Response = JSON.parse( thisResponse );
|
155 |
-
|
156 |
-
jQuery ( '#security-scan #scan_overview .working .progress' ).html( Response.progress );
|
157 |
-
jQuery ( '#security-scan #scan_overview .working .total_items' ).html( Response.total );
|
158 |
-
jQuery ( '#security-scan #scan_overview .working .current_scan' ).html( Response.next_item_id );
|
159 |
-
}
|
160 |
-
},
|
161 |
success:function(data) {
|
162 |
-
|
|
|
163 |
jQuery('#security-scan #scan_overview p.new-items').removeClass( 'new-items' );
|
164 |
jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
|
165 |
jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
|
166 |
|
167 |
-
location.reload();
|
|
|
168 |
},
|
169 |
error: function(errorThrown){
|
170 |
-
jQuery('#wph-site-scan-button').removeClass( 'disabled' );
|
171 |
jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
|
172 |
jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
173 |
}
|
174 |
});
|
175 |
}
|
1 |
|
2 |
|
3 |
class WPH_Class {
|
4 |
+
|
5 |
+
constructor() {
|
6 |
+
this.SiteScanProgress_interval = false;
|
7 |
+
this.AJAX_data = false
|
8 |
+
}
|
9 |
|
10 |
selectText(node)
|
11 |
{
|
129 |
|
130 |
site_scan( nonce )
|
131 |
{
|
132 |
+
if ( jQuery('#wph-site-scan-button').hasClass( 'disabled' ) )
|
133 |
+
return;
|
134 |
+
|
135 |
jQuery('#wph-site-scan-button').addClass( 'disabled' );
|
136 |
jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'visible');
|
137 |
jQuery('#security-scan #scan_overview .working').css( 'display', 'inline-block');
|
138 |
+
|
139 |
+
jQuery('#wph-scan-score .passed h5').html('0');
|
140 |
+
jQuery('#wph-scan-score .failed h5').html('0');
|
141 |
+
|
142 |
+
jQuery('#wph-graph .wph-graph-progress' ).css( 'transform', 'rotate(0deg)' );
|
143 |
+
jQuery('#wph-graph .wph-graph-data b' ).html( '0%' );
|
144 |
+
jQuery('#scan_overview .protection' ).html( 'Unknown' );
|
145 |
+
|
146 |
+
jQuery('#all-scann-items div.item').not('.ajax_updated').each ( function ( ) {
|
147 |
+
jQuery(this).find(' > .wph_input').addClass('unknown').removeClass('issue_found');
|
148 |
+
jQuery(this).find('.info').html('');
|
149 |
+
jQuery(this).find('.description').html('');
|
150 |
+
jQuery(this).find('.actions').html('');
|
151 |
+
})
|
152 |
|
153 |
var LastResponseLength = false;
|
154 |
var Response = '';
|
161 |
'action':'wph_site_scan',
|
162 |
'nonce' : nonce
|
163 |
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
164 |
success:function(data) {
|
165 |
+
|
166 |
+
//jQuery('#wph-site-scan-button').removeClass( 'disabled' );
|
167 |
jQuery('#security-scan #scan_overview p.new-items').removeClass( 'new-items' );
|
168 |
jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
|
169 |
jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
|
170 |
|
171 |
+
setTimeout ( function(){ location.reload(); }, 2000);
|
172 |
+
|
173 |
},
|
174 |
error: function(errorThrown){
|
175 |
+
//jQuery('#wph-site-scan-button').removeClass( 'disabled' );
|
176 |
jQuery('#security-scan #scan_overview .spinner').css( 'visibility', 'hidden');
|
177 |
jQuery('#security-scan #scan_overview .working').css( 'display', 'none');
|
178 |
+
|
179 |
+
clearInterval( WPH.SiteScanProgress_interval );
|
180 |
+
}
|
181 |
+
});
|
182 |
+
|
183 |
+
setTimeout( function() { WPH.site_scan_progress_start( nonce ) }, 3000 );
|
184 |
+
|
185 |
+
}
|
186 |
+
|
187 |
+
site_scan_progress_start ( nonce )
|
188 |
+
{
|
189 |
+
this.SiteScanProgress_interval = setInterval( function() { WPH.site_scan_progres( nonce ) }, 1000);
|
190 |
+
}
|
191 |
+
|
192 |
+
site_scan_progres ( nonce )
|
193 |
+
{
|
194 |
+
jQuery.ajax({
|
195 |
+
type: 'POST',
|
196 |
+
url: ajaxurl,
|
197 |
+
dataType: "json",
|
198 |
+
data: {
|
199 |
+
'action':'wph_site_scan_progress',
|
200 |
+
'nonce' : nonce
|
201 |
+
},
|
202 |
+
success:function(data) {
|
203 |
+
|
204 |
+
WPH.AJAX_data = data;
|
205 |
+
|
206 |
+
jQuery ( '#security-scan #scan_overview .working .progress' ).html( data.items_progress );
|
207 |
+
jQuery('#wph-scan-score .passed h5').html( data.success );
|
208 |
+
jQuery('#wph-scan-score .failed h5').html( data.failed );
|
209 |
+
|
210 |
+
jQuery('#wph-graph .wph-graph-progress' ).css( 'transform', 'rotate(' + data.graph_progress + 'deg)' );
|
211 |
+
jQuery('#wph-graph .wph-graph-data b' ).html( data.progress + '%' );
|
212 |
+
jQuery('#scan_overview .protection' ).html( data.protection );
|
213 |
+
|
214 |
+
if ( data.scann_in_progress == false )
|
215 |
+
clearInterval( WPH.SiteScanProgress_interval );
|
216 |
+
|
217 |
+
jQuery('#all-scann-items div.item').not('.ajax_updated').each ( function ( ) {
|
218 |
+
var item_id = jQuery(this).attr('id');
|
219 |
+
var el_item_id = item_id.replace("item-", "")
|
220 |
+
if ( eval ( "WPH.AJAX_data.results." + el_item_id ) != undefined )
|
221 |
+
{
|
222 |
+
var item_response = eval ( "WPH.AJAX_data.results." + el_item_id );
|
223 |
+
|
224 |
+
jQuery('#' + item_id ).removeClass('valid-item');
|
225 |
+
|
226 |
+
if ( item_response.status != undefined )
|
227 |
+
{
|
228 |
+
jQuery('#' + item_id ).addClass( item_response.status );
|
229 |
+
|
230 |
+
jQuery('#' + item_id + " > .wph_input").removeClass( 'unknown' );
|
231 |
+
|
232 |
+
if ( item_response.status == true )
|
233 |
+
jQuery('#' + item_id ).addClass('valid-item');
|
234 |
+
else if ( item_response.status == false )
|
235 |
+
jQuery('#' + item_id + " > .wph_input").addClass( 'issue_found' );
|
236 |
+
}
|
237 |
+
|
238 |
+
jQuery('#' + item_id + " .info").html( '' );
|
239 |
+
if ( item_response.info != undefined )
|
240 |
+
{
|
241 |
+
jQuery('#' + item_id + " .info").html( item_response.info );
|
242 |
+
}
|
243 |
+
|
244 |
+
jQuery('#' + item_id + " .description").html( '' );
|
245 |
+
if ( item_response.description != undefined )
|
246 |
+
{
|
247 |
+
jQuery('#' + item_id + " .description").html( item_response.description );
|
248 |
+
}
|
249 |
+
|
250 |
+
jQuery('#' + item_id + " .actions").html( '' );
|
251 |
+
if ( item_response.actions != undefined )
|
252 |
+
{
|
253 |
+
jQuery('#' + item_id + " .actions").html( item_response.actions );
|
254 |
+
}
|
255 |
+
|
256 |
+
jQuery('#' + item_id ).addClass('ajax_updated');
|
257 |
+
|
258 |
+
}
|
259 |
+
|
260 |
+
})
|
261 |
+
|
262 |
+
},
|
263 |
+
error: function(errorThrown){
|
264 |
+
jQuery('#scan_overview .wph_results').append( '<p>Error while retrieving the AJAX update.</p>');
|
265 |
}
|
266 |
});
|
267 |
}
|
compatibility/cache-enabler.php
CHANGED
@@ -9,17 +9,22 @@
|
|
9 |
|
10 |
class WPH_conflict_handle_cache_enabler
|
11 |
{
|
12 |
-
|
13 |
-
|
|
|
14 |
{
|
15 |
-
if( !
|
16 |
return FALSE;
|
|
|
|
|
|
|
|
|
17 |
|
18 |
-
add_filter( 'cache_enabler_before_store', array(
|
19 |
|
20 |
-
}
|
21 |
|
22 |
-
|
23 |
{
|
24 |
|
25 |
include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
|
@@ -30,7 +35,7 @@
|
|
30 |
return FALSE;
|
31 |
}
|
32 |
|
33 |
-
|
34 |
{
|
35 |
|
36 |
global $wph;
|
@@ -44,7 +49,7 @@
|
|
44 |
}
|
45 |
|
46 |
|
47 |
-
WPH_conflict_handle_cache_enabler
|
48 |
|
49 |
|
50 |
?>
|
9 |
|
10 |
class WPH_conflict_handle_cache_enabler
|
11 |
{
|
12 |
+
|
13 |
+
|
14 |
+
function __construct()
|
15 |
{
|
16 |
+
if( ! $this->is_plugin_active() )
|
17 |
return FALSE;
|
18 |
+
|
19 |
+
global $wph;
|
20 |
+
|
21 |
+
$this->wph = $wph;
|
22 |
|
23 |
+
add_filter( 'cache_enabler_before_store', array( $this, 'cache_enabler_before_store'), 999 );
|
24 |
|
25 |
+
}
|
26 |
|
27 |
+
function is_plugin_active()
|
28 |
{
|
29 |
|
30 |
include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
|
35 |
return FALSE;
|
36 |
}
|
37 |
|
38 |
+
function cache_enabler_before_store( $buffer )
|
39 |
{
|
40 |
|
41 |
global $wph;
|
49 |
}
|
50 |
|
51 |
|
52 |
+
new WPH_conflict_handle_cache_enabler();
|
53 |
|
54 |
|
55 |
?>
|
compatibility/oxygen-class.php
CHANGED
@@ -3,9 +3,9 @@
|
|
3 |
|
4 |
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
|
6 |
-
if(!class_exists('OXYGEN_VSB_Signature'))
|
7 |
{
|
8 |
-
include_once( ABSPATH . 'wp-content/plugins/oxygen/
|
9 |
}
|
10 |
|
11 |
Class WPH_OXYGEN_VSB_Signature extends OXYGEN_VSB_Signature
|
3 |
|
4 |
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
|
6 |
+
if( ! class_exists('OXYGEN_VSB_Signature'))
|
7 |
{
|
8 |
+
include_once( ABSPATH . 'wp-content/plugins/oxygen/component-framework/signature.class.php' );
|
9 |
}
|
10 |
|
11 |
Class WPH_OXYGEN_VSB_Signature extends OXYGEN_VSB_Signature
|
compatibility/oxygen.php
CHANGED
@@ -2,7 +2,8 @@
|
|
2 |
|
3 |
/**
|
4 |
* Compatibility for Plugin Name: Oxygen
|
5 |
-
*
|
|
|
6 |
*/
|
7 |
|
8 |
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
@@ -21,7 +22,12 @@
|
|
21 |
$this->wph = $wph;
|
22 |
|
23 |
add_filter( 'plugins_loaded', array( $this, 'plugins_loaded'), 999 );
|
24 |
-
|
|
|
|
|
|
|
|
|
|
|
25 |
}
|
26 |
|
27 |
function is_plugin_active()
|
2 |
|
3 |
/**
|
4 |
* Compatibility for Plugin Name: Oxygen
|
5 |
+
* Since: 3.1
|
6 |
+
* Last checked: 4.1.1
|
7 |
*/
|
8 |
|
9 |
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
22 |
$this->wph = $wph;
|
23 |
|
24 |
add_filter( 'plugins_loaded', array( $this, 'plugins_loaded'), 999 );
|
25 |
+
|
26 |
+
if ( isset ( $_GET['ct_builder'] ) )
|
27 |
+
{
|
28 |
+
$WPH_module_general_html = $this->wph->functions->return_component_instance( 'WPH_module_general_html' );
|
29 |
+
remove_filter('wp-hide/ob_start_callback', array( $WPH_module_general_html, 'remove_html_new_lines'));
|
30 |
+
}
|
31 |
}
|
32 |
|
33 |
function is_plugin_active()
|
include/admin-interfaces/notice-is-litespeed.php
CHANGED
@@ -3,5 +3,8 @@
|
|
3 |
?>
|
4 |
|
5 |
<li>
|
6 |
-
|
|
|
|
|
|
|
7 |
</li>
|
3 |
?>
|
4 |
|
5 |
<li>
|
6 |
+
<p>
|
7 |
+
<span class="dashicons dashicons-flag error critical"></span> <?php _e( "Your site runs on LiteSpeed ! Before starting, ensure your server is properly configured and it processes the .htaccess file, or there might be layout and functionality breaks.", 'wp-hide-security-enhancer' ) ?> <?php _e( "For more details check at", 'wp-hide-security-enhancer' ) ?> <a target="_blank" href="https://wp-hide.com/setup-wp-hide-on-litespeed/">Setup WP Hide on LiteSpeed</a>
|
8 |
+
<br /><?php _e( "Also, once the plugin options changed, a LiteSpeed service may be required. Through SSH run the command", 'wp-hide-security-enhancer' ) ?> <b class="highlight">sudo systemctl restart lsws</b>
|
9 |
+
</p>
|
10 |
</li>
|
include/admin-interfaces/security-scan.class.php
ADDED
@@ -0,0 +1,823 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan
|
7 |
+
{
|
8 |
+
|
9 |
+
var $wph;
|
10 |
+
var $functions;
|
11 |
+
|
12 |
+
var $scan_items = array();
|
13 |
+
|
14 |
+
var $remote_started = FALSE;
|
15 |
+
var $remote_html = FALSE;
|
16 |
+
var $remote_headers = FALSE;
|
17 |
+
var $remote_errors = FALSE;
|
18 |
+
|
19 |
+
|
20 |
+
function __construct()
|
21 |
+
{
|
22 |
+
add_action ( 'init', array ( $this, 'init') );
|
23 |
+
}
|
24 |
+
|
25 |
+
function init()
|
26 |
+
{
|
27 |
+
if ( is_admin() && current_user_can ( 'manage_options' ) )
|
28 |
+
$this->run();
|
29 |
+
}
|
30 |
+
|
31 |
+
function get_scan_items()
|
32 |
+
{
|
33 |
+
$scan_items = array (
|
34 |
+
'wp_version',
|
35 |
+
'wp_version_stability',
|
36 |
+
'php_version',
|
37 |
+
'mysql_version',
|
38 |
+
'wp_debug',
|
39 |
+
'db_debug',
|
40 |
+
'use_admin_user',
|
41 |
+
'outdated_themes',
|
42 |
+
'outdated_plugins',
|
43 |
+
'old_plugins',
|
44 |
+
'disable_file_edit',
|
45 |
+
|
46 |
+
'firewall',
|
47 |
+
'unwanted_files',
|
48 |
+
|
49 |
+
'php_display_errors',
|
50 |
+
'php_register_globals',
|
51 |
+
'php_safe_mode',
|
52 |
+
'php_allow_url_include',
|
53 |
+
'php_expose',
|
54 |
+
'database_prefix',
|
55 |
+
'keys_and_salts',
|
56 |
+
|
57 |
+
'headers',
|
58 |
+
|
59 |
+
'hide_check_theme',
|
60 |
+
'hide_check_theme_style',
|
61 |
+
'hide_check_child_theme',
|
62 |
+
'hide_check_child_theme_style',
|
63 |
+
'hide_check_wp_content',
|
64 |
+
'hide_check_wp_includes',
|
65 |
+
'hide_check_plugins',
|
66 |
+
'hide_check_comments',
|
67 |
+
'hide_xml_rpc',
|
68 |
+
'hide_json',
|
69 |
+
'hide_json_clean_api',
|
70 |
+
'hide_registration',
|
71 |
+
'hide_license_txt',
|
72 |
+
'hide_readme_html',
|
73 |
+
'hide_wordpress_tagline',
|
74 |
+
'hide_wordpress_generator',
|
75 |
+
'hide_other_generator',
|
76 |
+
'hide_wlwmanifest',
|
77 |
+
'hide_emulate',
|
78 |
+
'hide_robots',
|
79 |
+
'hide_remove_header_link',
|
80 |
+
'hide_remove_headers',
|
81 |
+
'hide_remove_html_comments',
|
82 |
+
'hide_new_wp_login',
|
83 |
+
'hide_admin_url',
|
84 |
+
'hide_admin_ajax',
|
85 |
+
'hide_postprocessing',
|
86 |
+
'hide_replacements'
|
87 |
+
);
|
88 |
+
|
89 |
+
return $scan_items;
|
90 |
+
}
|
91 |
+
|
92 |
+
|
93 |
+
function menu_warning()
|
94 |
+
{
|
95 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
96 |
+
|
97 |
+
$page_visited = isset ( $site_scan['visited'] ) ? $site_scan['visited'] : '';
|
98 |
+
|
99 |
+
if ( ( ! isset ( $site_scan['last_scan'] ) || empty ( $site_scan['last_scan'] ) ) && empty ( $page_visited ) )
|
100 |
+
{
|
101 |
+
if ( isset ( $_GET['page'] ) && $_GET['page'] == 'wp-hide-security-scan')
|
102 |
+
return FALSE;
|
103 |
+
|
104 |
+
return TRUE;
|
105 |
+
}
|
106 |
+
|
107 |
+
$found_new_scan_items = FALSE;
|
108 |
+
$scan_items = $this->get_scan_items();
|
109 |
+
|
110 |
+
if ( ! empty ( $page_visited ) && md5 ( json_encode( $scan_items ) ) != $page_visited )
|
111 |
+
return TRUE;
|
112 |
+
|
113 |
+
return FALSE;
|
114 |
+
}
|
115 |
+
|
116 |
+
function run()
|
117 |
+
{
|
118 |
+
global $wph;
|
119 |
+
$this->wph = &$wph;
|
120 |
+
|
121 |
+
$this->functions = new WPH_functions();
|
122 |
+
|
123 |
+
include_once( WPH_PATH . '/include/admin-interfaces/security-scan/scan_item.class.php' );
|
124 |
+
|
125 |
+
$scan_item = $this->get_scan_items();
|
126 |
+
foreach ( $scan_item as $scan_item )
|
127 |
+
{
|
128 |
+
|
129 |
+
include_once( WPH_PATH . '/include/admin-interfaces/security-scan/scan_item_' . $scan_item . '.php' );
|
130 |
+
|
131 |
+
$item_instance_class_name = 'WPH_security_scan_' . $scan_item;
|
132 |
+
$item_instance = new $item_instance_class_name;
|
133 |
+
|
134 |
+
$this->scan_items[ $scan_item ] = $item_instance;
|
135 |
+
|
136 |
+
}
|
137 |
+
|
138 |
+
add_action( 'admin_notice', array ( $this, 'admin_notices' ) );
|
139 |
+
|
140 |
+
add_action( 'wp_ajax_wph_site_scan', array ( $this, 'wp_ajax_wph_site_scan' ) );
|
141 |
+
add_action( 'wp_ajax_wph_site_scan_progress', array ( $this, 'wp_ajax_wph_site_scan_progress' ) );
|
142 |
+
add_action( 'wp_ajax_wph_site_scan_ignore', array ( $this, 'wp_ajax_wph_site_scan_ignore' ) );
|
143 |
+
add_action( 'wp_ajax_wph_site_scan_restore', array ( $this, 'wp_ajax_wph_site_scan_restore' ) );
|
144 |
+
|
145 |
+
}
|
146 |
+
|
147 |
+
function admin_print_styles()
|
148 |
+
{
|
149 |
+
|
150 |
+
wp_register_style('WPHStyle', WPH_URL . '/assets/css/wph.css');
|
151 |
+
wp_enqueue_style( 'WPHStyle');
|
152 |
+
|
153 |
+
wp_register_style('wph-graphs', WPH_URL . '/assets/css/graph.css');
|
154 |
+
wp_enqueue_style( 'wph-graphs');
|
155 |
+
|
156 |
+
wp_register_style('wph-security-scan', WPH_URL . '/assets/css/security-scan.css');
|
157 |
+
wp_enqueue_style( 'wph-security-scan');
|
158 |
+
|
159 |
+
}
|
160 |
+
|
161 |
+
|
162 |
+
function admin_print_scripts()
|
163 |
+
{
|
164 |
+
wp_enqueue_script( 'jquery');
|
165 |
+
wp_register_script('wph', WPH_URL . '/assets/js/wph.js', array(), WPH_CORE_VERSION );
|
166 |
+
|
167 |
+
|
168 |
+
// Localize the script with new data
|
169 |
+
$translation_array = array(
|
170 |
+
|
171 |
+
);
|
172 |
+
wp_localize_script( 'wph', 'wph_vars', $translation_array );
|
173 |
+
|
174 |
+
wp_enqueue_script( 'wph');
|
175 |
+
|
176 |
+
}
|
177 |
+
|
178 |
+
|
179 |
+
|
180 |
+
function _render()
|
181 |
+
{
|
182 |
+
|
183 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
184 |
+
$site_scan['visited'] = md5 ( json_encode( $this->get_scan_items() ) );
|
185 |
+
update_site_option ( 'wph/site_scan', $site_scan );
|
186 |
+
|
187 |
+
?>
|
188 |
+
<div id="wph" class="wrap">
|
189 |
+
<h1>WP Hide & Security Enhancer - <?php _e( "Security Scan", 'wp-hide-security-enhancer' ) ?></h1>
|
190 |
+
|
191 |
+
<?php echo $this->functions->get_ad_banner(); ?>
|
192 |
+
|
193 |
+
|
194 |
+
<div class="start-container title security_scan">
|
195 |
+
<h2><?php _e( "Security Scan", 'wp-hide-security-enhancer' ) ?></h2>
|
196 |
+
</div>
|
197 |
+
<div id="security-scan">
|
198 |
+
|
199 |
+
<?php $this->render_overview( $site_scan ); ?>
|
200 |
+
|
201 |
+
<p><br /></p>
|
202 |
+
|
203 |
+
<div id="all-scann-items">
|
204 |
+
<div id="scann-items">
|
205 |
+
<?php
|
206 |
+
|
207 |
+
$wph_site_scan_ignore = isset ( $site_scan['ignore'] ) ? (array)$site_scan['ignore'] : array();
|
208 |
+
|
209 |
+
foreach ( $this->scan_items as $scan_item_id => $item_instance )
|
210 |
+
{
|
211 |
+
|
212 |
+
if ( in_array ( $scan_item_id, $wph_site_scan_ignore ) )
|
213 |
+
continue;
|
214 |
+
|
215 |
+
$scan_item_data = $item_instance->get_settings();
|
216 |
+
$scan_response = isset ( $site_scan['results'][ $scan_item_id ] ) ? $site_scan['results'][ $scan_item_id ] : FALSE ;
|
217 |
+
|
218 |
+
if ( ! $scan_response )
|
219 |
+
{
|
220 |
+
$scan_response = new stdClass();
|
221 |
+
$scan_response->status = 'unknown';
|
222 |
+
$scan_response->info = '';
|
223 |
+
$scan_response->description = '<h5>' . __( 'Unknow - Start a new Scan', 'wp-hide-security-enhancer' ) .'</h5>';
|
224 |
+
$scan_response->actions = array();
|
225 |
+
}
|
226 |
+
|
227 |
+
$this->render_item( $scan_item_id, $scan_item_data, $scan_response );
|
228 |
+
|
229 |
+
}
|
230 |
+
?>
|
231 |
+
</div>
|
232 |
+
<div id="hidden-items">
|
233 |
+
<?php
|
234 |
+
|
235 |
+
foreach ( $this->scan_items as $scan_item_id => $item_instance )
|
236 |
+
{
|
237 |
+
|
238 |
+
if ( ! in_array ( $scan_item_id, $wph_site_scan_ignore ) )
|
239 |
+
continue;
|
240 |
+
|
241 |
+
$scan_item_data = $item_instance->get_settings();
|
242 |
+
$scan_response = isset ( $site_scan['results'][ $scan_item_id ] ) ? $site_scan['results'][ $scan_item_id ] : FALSE ;
|
243 |
+
|
244 |
+
/*
|
245 |
+
if ( ! $scan_response )
|
246 |
+
{
|
247 |
+
$scan_response = json_decode ( $item_instance->scan() );
|
248 |
+
$site_scan['results'][ $scan_item_id ] = $scan_response;
|
249 |
+
}
|
250 |
+
*/
|
251 |
+
|
252 |
+
$this->render_item( $scan_item_id, $scan_item_data, $scan_response );
|
253 |
+
|
254 |
+
}
|
255 |
+
?>
|
256 |
+
</div>
|
257 |
+
</div>
|
258 |
+
</div>
|
259 |
+
|
260 |
+
|
261 |
+
<?php
|
262 |
+
|
263 |
+
}
|
264 |
+
|
265 |
+
|
266 |
+
public function render_overview( $site_scan, $context = '' )
|
267 |
+
{
|
268 |
+
?>
|
269 |
+
<div id="scan_overview" class="wph-postbox header">
|
270 |
+
<div class="wph_graph wph_input widefat">
|
271 |
+
<div class="row cell label">
|
272 |
+
<?php
|
273 |
+
|
274 |
+
|
275 |
+
if ( ! isset ( $site_scan['last_scan'] ) || empty ( $site_scan['last_scan'] ) )
|
276 |
+
{
|
277 |
+
?>
|
278 |
+
|
279 |
+
<div id="wph-graph">
|
280 |
+
<div class="wph-graph-container">
|
281 |
+
<div class="wph-graph-bg"></div>
|
282 |
+
<div class="wph-graph-text"></div>
|
283 |
+
<div class="wph-graph-progress" style="transform: rotate(0deg);"></div>
|
284 |
+
<div class="wph-graph-data"><b>0%</b><br><span class="protection"><?php _e('Unknown', 'wp-hide-security-enhancer') ?></span></div>
|
285 |
+
</div>
|
286 |
+
</div>
|
287 |
+
<p class="hint"><span class="dashicons dashicons-plugins-checked"></span> <?php _e( 'Running first Scan.. Please wait!', 'wp-hide-security-enhancer') ?></p>
|
288 |
+
<?php
|
289 |
+
}
|
290 |
+
else
|
291 |
+
{
|
292 |
+
$results = $this->get_site_score( $site_scan );
|
293 |
+
|
294 |
+
?>
|
295 |
+
|
296 |
+
<div id="wph-graph">
|
297 |
+
<div class="wph-graph-container">
|
298 |
+
<div class="wph-graph-bg"></div>
|
299 |
+
<div class="wph-graph-text"></div>
|
300 |
+
<div class="wph-graph-progress" style="transform: rotate(<?php echo $results['graph_progress'] ?>deg);"></div>
|
301 |
+
<div class="wph-graph-data"><b><?php echo $results['progress'] ?>%</b><br><span class="protection"><?php _e( $results['protection'], 'wp-hide-security-enhancer') ?></span></div>
|
302 |
+
</div>
|
303 |
+
</div>
|
304 |
+
<p class="hint"><span class="dashicons dashicons-plugins-checked"></span> <?php _e( 'Your curent estimated protection is', 'wp-hide-security-enhancer' ); ?> <span class="protection"><?php _e( $results['protection'], 'wp-hide-security-enhancer') ?></span>.</p>
|
305 |
+
<?php
|
306 |
+
}
|
307 |
+
|
308 |
+
?>
|
309 |
+
</div>
|
310 |
+
|
311 |
+
</div>
|
312 |
+
<div class="wph_results">
|
313 |
+
<div class="text">
|
314 |
+
<?php
|
315 |
+
|
316 |
+
reset ( $this->scan_items );
|
317 |
+
$first_scan_item_id = ucwords ( key ( $this->scan_items ) );
|
318 |
+
|
319 |
+
//check for scann in progress
|
320 |
+
$scan_in_progress = FALSE;
|
321 |
+
if ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 && $site_scan['last_scan_progress'] > time() - 60 )
|
322 |
+
$scan_in_progress = TRUE;
|
323 |
+
|
324 |
+
if ( ! isset ( $site_scan['last_scan'] ) || empty ( $site_scan['last_scan'] ) )
|
325 |
+
{
|
326 |
+
?>
|
327 |
+
<p class="actions">
|
328 |
+
<button id="wph-site-scan-button" type="button" class="button <?php if ( $scan_in_progress ) { echo 'disabled'; } ?> button-primary" onClick="WPH.site_scan( '<?php echo esc_attr ( wp_create_nonce( 'wph/site_scan') ) ?>')"><?php _e( 'Start First Scan', 'wp-hide-security-enhancer' ); ?></button>
|
329 |
+
<span class="spinner" style="visibility: hidden;"></span>
|
330 |
+
<span class="working"><?php _e( 'Working', 'wp-hide-security-enhancer' ); ?> <span class="progress">0</span> <?php _e( 'of', 'wp-hide-security-enhancer' ); ?> <span class="total_items"><?php echo count ( $this->scan_items ) ?></span> <?php _e( 'total tests', 'wp-hide-security-enhancer' ); ?></span>
|
331 |
+
<br />
|
332 |
+
<b><?php _e( 'Running first Scan.. Please wait!', 'wp-hide-security-enhancer') ?></b></p>
|
333 |
+
<p class="last_scan"><b><?php _e( 'Last Scan', 'wp-hide-security-enhancer' ); ?>:</b> <?php _e( 'Unavailable', 'wp-hide-security-enhancer' ); ?></p>
|
334 |
+
<script type="text/javascript">
|
335 |
+
jQuery( document ).ready(function() {
|
336 |
+
jQuery('#wph-site-scan-button').click();
|
337 |
+
});
|
338 |
+
</script>
|
339 |
+
<?php
|
340 |
+
|
341 |
+
//check for scann in progress
|
342 |
+
if ( $scan_in_progress )
|
343 |
+
{
|
344 |
+
?><p class="new-items"><?php _e( 'Another Scan instance in progress. Refresh the page in a minute.', 'wp-hide-security-enhancer' ) ?></p><?php
|
345 |
+
}
|
346 |
+
}
|
347 |
+
else
|
348 |
+
{
|
349 |
+
?>
|
350 |
+
<div id="wph-scan-score">
|
351 |
+
<table><tbody><tr>
|
352 |
+
<td class="passed">
|
353 |
+
<h4><?php _e( 'Passed', 'wp-hide-security-enhancer' ); ?></h4>
|
354 |
+
<h5><?php echo $results['success'] ?></h5>
|
355 |
+
</td>
|
356 |
+
<td class="failed">
|
357 |
+
<h4><?php _e( 'Failed', 'wp-hide-security-enhancer' ); ?></h4>
|
358 |
+
<h5><?php echo $results['failed'] ?></h5>
|
359 |
+
</td>
|
360 |
+
</tr></tbody></table>
|
361 |
+
</div>
|
362 |
+
<p class="actions">
|
363 |
+
<button id="wph-site-scan-button" type="button" class="button <?php if ( $scan_in_progress ) { echo 'disabled'; } ?> button-primary" onClick="WPH.site_scan( '<?php echo esc_attr ( wp_create_nonce( 'wph/site_scan') ) ?>')"><?php _e( 'Start New Scan', 'wp-hide-security-enhancer' ); ?></button>
|
364 |
+
<span class="spinner" style="visibility: hidden;"></span>
|
365 |
+
<span class="working"><?php _e( 'Working', 'wp-hide-security-enhancer' ); ?> <span class="progress">0</span> <?php _e( 'of', 'wp-hide-security-enhancer' ); ?> <span class="total_items"><?php echo count ( $this->scan_items ) ?></span> <?php _e( 'total tests', 'wp-hide-security-enhancer' ); ?></span>
|
366 |
+
</p>
|
367 |
+
<?php
|
368 |
+
|
369 |
+
//check if new items
|
370 |
+
$found_new_scan_items = FALSE;
|
371 |
+
foreach ( $this->scan_items as $scan_item_id => $item_instance )
|
372 |
+
{
|
373 |
+
$scan_item_data = $item_instance->get_settings();
|
374 |
+
$scan_response = isset ( $site_scan['results'][ $scan_item_id ] ) ? $site_scan['results'][ $scan_item_id ] : FALSE ;
|
375 |
+
|
376 |
+
if ( ! $scan_response )
|
377 |
+
{
|
378 |
+
$found_new_scan_items = TRUE;
|
379 |
+
break;
|
380 |
+
}
|
381 |
+
}
|
382 |
+
|
383 |
+
//check for scann in progress
|
384 |
+
if ( $scan_in_progress )
|
385 |
+
{
|
386 |
+
?><p class="new-items"><?php _e( 'Another Scan instance in progress. Refresh the page in a minute.', 'wp-hide-security-enhancer' ) ?></p><?php
|
387 |
+
}
|
388 |
+
|
389 |
+
if ( ! $scan_in_progress && $found_new_scan_items )
|
390 |
+
{
|
391 |
+
?><p class="new-items"><?php _e( 'Found new Items, a new Security Scann is recommended.', 'wp-hide-security-enhancer' ) ?></p><?php
|
392 |
+
}
|
393 |
+
|
394 |
+
?>
|
395 |
+
<p class="last_scan"><b><?php _e( 'Last Scan', 'wp-hide-security-enhancer' ); ?>:</b> <?php echo date( "Y-m-d H:i:s", $site_scan['last_scan'] ); ?></p>
|
396 |
+
<?php if ( empty ( $context ) ) { ?>
|
397 |
+
<p class="security_hints"><?php echo $this->get_security_hints( $site_score ) ?></p>
|
398 |
+
<?php } ?>
|
399 |
+
<?php
|
400 |
+
}
|
401 |
+
?>
|
402 |
+
</div>
|
403 |
+
</div>
|
404 |
+
</div>
|
405 |
+
|
406 |
+
<?php
|
407 |
+
|
408 |
+
}
|
409 |
+
|
410 |
+
|
411 |
+
function get_site_score( $site_scan )
|
412 |
+
{
|
413 |
+
$results = array();
|
414 |
+
$results['success'] = 0;
|
415 |
+
$results['failed'] = 0;
|
416 |
+
$results['total_score'] = 0;
|
417 |
+
$results['achieved_score'] = 0;
|
418 |
+
|
419 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
420 |
+
$wph_site_scan_ignore = isset ( $site_scan['ignore'] ) ? (array)$site_scan['ignore'] : array();
|
421 |
+
|
422 |
+
foreach ( $this->scan_items as $scan_item_id => $item_instance )
|
423 |
+
{
|
424 |
+
if ( in_array ( $scan_item_id, $wph_site_scan_ignore ) )
|
425 |
+
continue;
|
426 |
+
|
427 |
+
$scan_item_data = $item_instance->get_settings();
|
428 |
+
$results['total_score'] += $scan_item_data['score_points'];
|
429 |
+
|
430 |
+
if ( isset ( $site_scan['results'][$scan_item_id ] ) && $site_scan['results'][$scan_item_id ]->status === TRUE )
|
431 |
+
$results['achieved_score'] += $scan_item_data['score_points'];
|
432 |
+
|
433 |
+
if ( isset ( $site_scan['results'][$scan_item_id] ) && $site_scan['results'][$scan_item_id]->status === FALSE )
|
434 |
+
$results['failed'] += 1;
|
435 |
+
else if ( isset ( $site_scan['results'][$scan_item_id] ) && $site_scan['results'][$scan_item_id]->status === TRUE )
|
436 |
+
$results['success'] += 1;
|
437 |
+
}
|
438 |
+
|
439 |
+
$results['progress'] = intval ( $results['achieved_score'] * 100 / $results['total_score'] );
|
440 |
+
$results['protection'] = '';
|
441 |
+
if ( $results['progress'] < 30 )
|
442 |
+
$results['protection'] = __( 'Very Poor' , 'wp-hide-security-enhancer' );
|
443 |
+
else if ( $results['progress'] >= 30 and $results['progress'] < 50 )
|
444 |
+
$results['protection'] = __( 'Poor', 'wp-hide-security-enhancer' );
|
445 |
+
else if ( $results['progress'] >= 50 and $results['progress'] < 70 )
|
446 |
+
$results['protection'] = __( 'Fair', 'wp-hide-security-enhancer' );
|
447 |
+
else if ( $results['progress'] >= 70 and $results['progress'] < 80 )
|
448 |
+
$results['protection'] = __( 'Good', 'wp-hide-security-enhancer' );
|
449 |
+
else if ( $results['progress'] >= 80 and $results['progress'] < 90 )
|
450 |
+
$results['protection'] = __( 'Great', 'wp-hide-security-enhancer' );
|
451 |
+
else if ( $results['progress'] >= 90 and $results['progress'] <= 99 )
|
452 |
+
$results['protection'] = __( 'Excelent', 'wp-hide-security-enhancer' );
|
453 |
+
else if ( $results['progress'] > 99 )
|
454 |
+
$results['protection'] = __( 'Perfect', 'wp-hide-security-enhancer' );
|
455 |
+
|
456 |
+
$results['graph_progress'] = round ( $results['progress'] * 180 / 100 );
|
457 |
+
|
458 |
+
return $results;
|
459 |
+
}
|
460 |
+
|
461 |
+
|
462 |
+
private function render_item( $scan_item_id, $scan_item_data, $response )
|
463 |
+
{
|
464 |
+
|
465 |
+
?>
|
466 |
+
<div id="item-<?php echo $scan_item_id ?>" class="postbox wph-postbox item<?php if ( $response->status ) { echo ' valid-item'; } ?>">
|
467 |
+
<div class="wph_input widefat<?php
|
468 |
+
if ( ! $response->status ) { echo ' issue_found';}
|
469 |
+
else if ( $response->status === 'unknown' ) { echo ' unknown';}
|
470 |
+
?>">
|
471 |
+
<div class="row cell label">
|
472 |
+
<label><span class="dashicons <?php echo $scan_item_data['icon'] ?>"></span> <?php echo $scan_item_data['title'] ?></label>
|
473 |
+
<p class="info"><?php echo $response->info; ?></p>
|
474 |
+
<div class="description"><?php echo $response->description; ?></div>
|
475 |
+
<div class="actions">
|
476 |
+
<?php
|
477 |
+
if ( count ( (array)$response->actions ) > 0 )
|
478 |
+
foreach ( $response->actions as $action_type => $action )
|
479 |
+
{
|
480 |
+
echo " " . $this->get_action_html( $action_type, $action, $scan_item_id );
|
481 |
+
}
|
482 |
+
?></div>
|
483 |
+
</div>
|
484 |
+
|
485 |
+
</div>
|
486 |
+
<div class="wph_help option_help">
|
487 |
+
<div class="text">
|
488 |
+
<?php echo wpautop( $scan_item_data['help'] ) ?>
|
489 |
+
</div>
|
490 |
+
</div>
|
491 |
+
</div>
|
492 |
+
<?php
|
493 |
+
|
494 |
+
}
|
495 |
+
|
496 |
+
|
497 |
+
function get_security_hints( $site_score, $context = 'security-scan-interface' )
|
498 |
+
{
|
499 |
+
if (! is_array ( $site_score ) )
|
500 |
+
{
|
501 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
502 |
+
$site_score = $this->get_site_score( $site_scan );
|
503 |
+
}
|
504 |
+
|
505 |
+
$hints = '';
|
506 |
+
|
507 |
+
if ( $site_score['progress'] < 90)
|
508 |
+
{
|
509 |
+
$level = '';
|
510 |
+
switch ( $site_score['progress'] )
|
511 |
+
{
|
512 |
+
case ( $site_score['progress'] >= 75 ):
|
513 |
+
$level = __( 'unsatisfactory', 'wp-hide-security-enhancer');
|
514 |
+
break;
|
515 |
+
case ( $site_score['progress'] > 40 && $site_score['progress'] < 75 ):
|
516 |
+
$level = __( 'unsatisfactory', 'wp-hide-security-enhancer');
|
517 |
+
break;
|
518 |
+
case ( $site_score['progress'] <= 40 ):
|
519 |
+
$level = __( 'dangerously low, an imminent security breach is highly likely.', 'wp-hide-security-enhancer');
|
520 |
+
break;
|
521 |
+
}
|
522 |
+
|
523 |
+
$hints .= __( 'The current protection level is ' , 'wp-hide-security-enhancer' ) . $level . ' ' .__ ('Consider improving the overall security by fixing the issues reported by the Scan', 'wp-hide-security-enhancer' );
|
524 |
+
|
525 |
+
if ( $context != 'security-scan-interface' )
|
526 |
+
$hints .= '<br /><br /><a class="button button-primary" href="' . network_admin_url ( 'admin.php?page=wp-hide-security-scan' ) . '">'. __( 'Security Scan', 'wp-hide-security-enhancer') .'</a>';
|
527 |
+
}
|
528 |
+
|
529 |
+
return $hints;
|
530 |
+
|
531 |
+
}
|
532 |
+
|
533 |
+
|
534 |
+
private function get_action_html( $action_type, $action, $scan_item_id )
|
535 |
+
{
|
536 |
+
$html = '';
|
537 |
+
|
538 |
+
switch( $action_type )
|
539 |
+
{
|
540 |
+
case 'ignore' :
|
541 |
+
$html = '<a class="button ignore" href="javascript: void(0)" onclick="WPH.scan_ignore_item(\'' . $scan_item_id . '\', \''. esc_attr ( wp_create_nonce( 'wph/site_scan/ignore') ) .'\')">'. __( 'Ignore', 'wp-hide-security-enhancer' ) .'</a>';
|
542 |
+
break;
|
543 |
+
case 'restore' :
|
544 |
+
$html = '<a class="button restore" href="javascript: void(0)" onclick="WPH.scan_restore_item(\'' . $scan_item_id . '\', \''. esc_attr ( wp_create_nonce( 'wph/site_scan/restore') ) .'\')">'. __( 'Restore', 'wp-hide-security-enhancer' ) .'</a>';
|
545 |
+
break;
|
546 |
+
default:
|
547 |
+
$html = $action;
|
548 |
+
}
|
549 |
+
|
550 |
+
return $html;
|
551 |
+
|
552 |
+
}
|
553 |
+
|
554 |
+
|
555 |
+
function wp_ajax_wph_site_scan()
|
556 |
+
{
|
557 |
+
|
558 |
+
if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan' ) )
|
559 |
+
die();
|
560 |
+
|
561 |
+
$this->get_HTML();
|
562 |
+
|
563 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
564 |
+
|
565 |
+
$response = array();
|
566 |
+
|
567 |
+
//allow a timeout of 60 secconds
|
568 |
+
if ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 && $site_scan['last_scan_progress'] > time() - 60 )
|
569 |
+
{
|
570 |
+
return __( 'Another Scan instance in progress. Please wait until completed.', 'wp-hide-security-enhancer' );
|
571 |
+
}
|
572 |
+
|
573 |
+
$site_scan['results'] = array();
|
574 |
+
|
575 |
+
$progress = 1;
|
576 |
+
|
577 |
+
foreach ( $this->scan_items as $scan_item => $item_instance )
|
578 |
+
{
|
579 |
+
$site_scan['last_scan_progress'] = time();
|
580 |
+
|
581 |
+
$scan_item_data = $item_instance->get_settings();
|
582 |
+
$scan_response = json_decode( $item_instance->scan() );
|
583 |
+
|
584 |
+
$site_scan['results'][ $scan_item ] = $scan_response;
|
585 |
+
|
586 |
+
|
587 |
+
usleep ( 400000 );
|
588 |
+
|
589 |
+
update_site_option( 'wph/site_scan', $site_scan );
|
590 |
+
|
591 |
+
$progress++;
|
592 |
+
}
|
593 |
+
|
594 |
+
$site_scan['last_scan'] = time();
|
595 |
+
$site_scan['visited'] = md5 ( json_encode( $this->get_scan_items() ) );
|
596 |
+
$site_scan['last_scan_progress'] = FALSE;
|
597 |
+
|
598 |
+
update_site_option( 'wph/site_scan', $site_scan );
|
599 |
+
|
600 |
+
_e( 'Scan completed.', 'wp-hide-security-enhancer' );
|
601 |
+
|
602 |
+
die();
|
603 |
+
|
604 |
+
}
|
605 |
+
|
606 |
+
|
607 |
+
function wp_ajax_wph_site_scan_progress()
|
608 |
+
{
|
609 |
+
|
610 |
+
if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan' ) )
|
611 |
+
die();
|
612 |
+
|
613 |
+
wp_ob_end_flush_all();
|
614 |
+
|
615 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
616 |
+
|
617 |
+
$response = array();
|
618 |
+
$response['results'] = $site_scan['results'];
|
619 |
+
$response['scann_in_progress'] = ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 ) ? TRUE: FALSE;
|
620 |
+
|
621 |
+
if ( $response['scann_in_progress'] )
|
622 |
+
$response['scann_status'] = 'Working';
|
623 |
+
else
|
624 |
+
$response['scann_status'] = 'Idle';
|
625 |
+
|
626 |
+
if ( count ( (array)$response['results'] ) > 0 )
|
627 |
+
{
|
628 |
+
foreach ( $response['results'] as $scan_item_id => $item_scan_data )
|
629 |
+
{
|
630 |
+
if ( count ( (array)$item_scan_data->actions ) > 0 )
|
631 |
+
{
|
632 |
+
$actions = '';
|
633 |
+
foreach ( $item_scan_data->actions as $action_type => $action )
|
634 |
+
{
|
635 |
+
$actions .= ' ' . $this->get_action_html( $action_type, $action, $scan_item_id );
|
636 |
+
}
|
637 |
+
$response['results'][$scan_item_id]->actions = $actions;
|
638 |
+
}
|
639 |
+
}
|
640 |
+
}
|
641 |
+
|
642 |
+
//check if timeout
|
643 |
+
if ( isset ( $site_scan['last_scan_progress'] ) && $site_scan['last_scan_progress'] > 0 && $site_scan['last_scan_progress'] < time() - 60 )
|
644 |
+
{
|
645 |
+
$response['scann_in_progress'] = FALSE;
|
646 |
+
$response['scann_status'] = 'Timed Out';
|
647 |
+
}
|
648 |
+
|
649 |
+
$response['total'] = count ( $this->scan_items );
|
650 |
+
$response['items_progress'] = count ( $response['results'] );
|
651 |
+
|
652 |
+
$results = $this->get_site_score( $site_scan );
|
653 |
+
|
654 |
+
$response['success'] = $results['success'];
|
655 |
+
$response['failed'] = $results['failed'];
|
656 |
+
$response['graph_progress'] = $results['graph_progress'];
|
657 |
+
$response['progress'] = $results['progress'];
|
658 |
+
$response['protection'] = __( $results['protection'], 'wp-hide-security-enhancer');
|
659 |
+
|
660 |
+
echo json_encode( $response );
|
661 |
+
|
662 |
+
die();
|
663 |
+
|
664 |
+
}
|
665 |
+
|
666 |
+
function wp_ajax_wph_site_scan_ignore()
|
667 |
+
{
|
668 |
+
|
669 |
+
if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan/ignore' ) )
|
670 |
+
die();
|
671 |
+
|
672 |
+
$item_id = preg_replace( '/[^a-zA-Z0-9\-\_$]/m' , "", $_POST['item_id'] );
|
673 |
+
|
674 |
+
if ( ! empty ( $item_id ) )
|
675 |
+
{
|
676 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
677 |
+
$wph_site_scan_ignore = (array)$site_scan['ignore'];
|
678 |
+
$wph_site_scan_ignore[] = $item_id;
|
679 |
+
$wph_site_scan_ignore = array_unique ( array_filter ( $wph_site_scan_ignore ) );
|
680 |
+
|
681 |
+
$wph_site_scan_ignore = array_unique ( array_filter ( $wph_site_scan_ignore ) );
|
682 |
+
|
683 |
+
$site_scan['ignore'] = $wph_site_scan_ignore;
|
684 |
+
|
685 |
+
update_site_option ( 'wph/site_scan', $site_scan );
|
686 |
+
}
|
687 |
+
|
688 |
+
$response = array();
|
689 |
+
$response['item_id'] = $item_id;
|
690 |
+
|
691 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
692 |
+
$site_score = $this->get_site_score( $site_scan );
|
693 |
+
$response = $response + $site_score;
|
694 |
+
|
695 |
+
echo json_encode( $response );
|
696 |
+
|
697 |
+
die();
|
698 |
+
}
|
699 |
+
|
700 |
+
function wp_ajax_wph_site_scan_restore()
|
701 |
+
{
|
702 |
+
|
703 |
+
if ( ! wp_verify_nonce( $_POST['nonce'], 'wph/site_scan/restore' ) )
|
704 |
+
die();
|
705 |
+
|
706 |
+
$item_id = preg_replace( '/[^a-zA-Z0-9\-\_$]/m' , "", $_POST['item_id'] );
|
707 |
+
|
708 |
+
if ( ! empty ( $item_id ) )
|
709 |
+
{
|
710 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
711 |
+
$wph_site_scan_ignore = (array)$site_scan['ignore'];
|
712 |
+
$index = array_search( $item_id, $wph_site_scan_ignore );
|
713 |
+
if ( $index !== FALSE )
|
714 |
+
unset ( $wph_site_scan_ignore[$index] );
|
715 |
+
|
716 |
+
$wph_site_scan_ignore = array_unique ( array_filter ( $wph_site_scan_ignore ) );
|
717 |
+
|
718 |
+
$site_scan['ignore'] = $wph_site_scan_ignore;
|
719 |
+
|
720 |
+
update_site_option ( 'wph/site_scan', $site_scan );
|
721 |
+
}
|
722 |
+
|
723 |
+
$response = array();
|
724 |
+
$response['item_id'] = $item_id;
|
725 |
+
|
726 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
727 |
+
$site_score = $this->get_site_score( $site_scan );
|
728 |
+
$response = $response + $site_score;
|
729 |
+
|
730 |
+
echo json_encode( $response );
|
731 |
+
|
732 |
+
die();
|
733 |
+
}
|
734 |
+
|
735 |
+
function get_remote_content()
|
736 |
+
{
|
737 |
+
if ( $this->remote_errors !== FALSE )
|
738 |
+
return FALSE;
|
739 |
+
|
740 |
+
if ( $this->remote_html === FALSE )
|
741 |
+
$this->get_HTML();
|
742 |
+
|
743 |
+
return $this->remote_html;
|
744 |
+
}
|
745 |
+
|
746 |
+
|
747 |
+
function get_remote_headers()
|
748 |
+
{
|
749 |
+
if ( $this->remote_errors !== FALSE )
|
750 |
+
return FALSE;
|
751 |
+
|
752 |
+
return $this->remote_headers;
|
753 |
+
}
|
754 |
+
|
755 |
+
function get_HTML()
|
756 |
+
{
|
757 |
+
$this->remote_started = TRUE;
|
758 |
+
|
759 |
+
$args = array(
|
760 |
+
'sslverify' => false,
|
761 |
+
'timeout' => 30
|
762 |
+
);
|
763 |
+
$site_url = apply_filters( 'wp-hide/security-scan/url', home_url() );
|
764 |
+
$response = wp_remote_get( $site_url, $args );
|
765 |
+
|
766 |
+
if ( is_a( $response, 'WP_Error' ))
|
767 |
+
{
|
768 |
+
$this->remote_errors = $response->get_error_message();
|
769 |
+
return FALSE;
|
770 |
+
}
|
771 |
+
|
772 |
+
if ( is_array( $response ) )
|
773 |
+
{
|
774 |
+
|
775 |
+
if ( ! isset( $response['response']['code'] ) )
|
776 |
+
return FALSE;
|
777 |
+
|
778 |
+
if ( $response['response']['code'] != 200 )
|
779 |
+
{
|
780 |
+
if ( $response['response']['code'] == 404 )
|
781 |
+
{
|
782 |
+
$this->remote_errors = __( "The wp_remote_get() returns a Not Found page.", 'wp-hide-security-enhancer' );
|
783 |
+
return FALSE;
|
784 |
+
}
|
785 |
+
|
786 |
+
if ( $response['response']['code'] == 401 )
|
787 |
+
{
|
788 |
+
$this->remote_errors = __( "The wp_remote_get() returns a 401 error code, the request could not be authenticated. Does the site use an httpd password?", 'wp-hide-security-enhancer' );
|
789 |
+
return FALSE;
|
790 |
+
}
|
791 |
+
|
792 |
+
if ( ! empty ( $response['response']['code'] ) )
|
793 |
+
{
|
794 |
+
$this->remote_errors = __( "The wp_remote_get() returns a", 'wp-hide-security-enhancer' ) . " " . $response['response']['code'] . " " . __( "error code", 'wp-hide-security-enhancer' );
|
795 |
+
return FALSE;
|
796 |
+
}
|
797 |
+
|
798 |
+
$this->remote_errors = __( "Unespected error code for wp_remote_get() call.", 'wp-hide-security-enhancer' );
|
799 |
+
return FALSE;
|
800 |
+
}
|
801 |
+
|
802 |
+
$this->remote_html = $response['body'];
|
803 |
+
$this->remote_headers = $response['http_response']->get_headers();
|
804 |
+
|
805 |
+
return TRUE;
|
806 |
+
|
807 |
+
}
|
808 |
+
|
809 |
+
return FALSE;
|
810 |
+
|
811 |
+
}
|
812 |
+
|
813 |
+
|
814 |
+
|
815 |
+
|
816 |
+
|
817 |
+
|
818 |
+
|
819 |
+
|
820 |
+
}
|
821 |
+
|
822 |
+
|
823 |
+
?>
|
include/admin-interfaces/security-scan/scan_item.class.php
ADDED
@@ -0,0 +1,48 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
|
29 |
+
}
|
30 |
+
|
31 |
+
public function return_json_response( $response )
|
32 |
+
{
|
33 |
+
$defaults = array (
|
34 |
+
'info' => '',
|
35 |
+
'status' => FALSE,
|
36 |
+
'description' => '',
|
37 |
+
'actions' => array()
|
38 |
+
);
|
39 |
+
|
40 |
+
$response = wp_parse_args ( $response, $defaults );
|
41 |
+
|
42 |
+
return json_encode( $response );
|
43 |
+
}
|
44 |
+
|
45 |
+
}
|
46 |
+
|
47 |
+
|
48 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_database_prefix.php
ADDED
@@ -0,0 +1,71 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_database_prefix extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'database_prefix';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Database Prefix',
|
30 |
+
'icon' => 'dashicons-database',
|
31 |
+
|
32 |
+
'help' => __("WordPress security is a serious matter and you can improve it by changing the WordPress database prefix. A WordPress database contains all of the information for your website, which makes it a prime target for hackers.
|
33 |
+
By default, the WordPress database prefix is “wp_” and is quite easy to locate and target.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
global $wpdb;
|
45 |
+
|
46 |
+
$_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . $wpdb->prefix;
|
47 |
+
|
48 |
+
if ( $wpdb->prefix == 'wp_' )
|
49 |
+
{
|
50 |
+
$_JSON_response['status'] = FALSE;
|
51 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The database prefix use the default wp_ prefix.', 'wp-hide-security-enhancer' );
|
52 |
+
$_JSON_response['actions'] = array (
|
53 |
+
'read_more' => '<a class="button" target="_blank" href="https://wp-staging.com/3-ways-to-change-the-wordpress-database-prefix-method-simplified/">Read More</a>',
|
54 |
+
'ignore' => '//--post-generated--',
|
55 |
+
'restore' => '//--post-generated--',
|
56 |
+
);
|
57 |
+
}
|
58 |
+
else
|
59 |
+
{
|
60 |
+
$_JSON_response['status'] = TRUE;
|
61 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The database prefix use a custom name.', 'wp-hide-security-enhancer' );
|
62 |
+
}
|
63 |
+
|
64 |
+
return $this->return_json_response( $_JSON_response );
|
65 |
+
|
66 |
+
}
|
67 |
+
|
68 |
+
}
|
69 |
+
|
70 |
+
|
71 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_db_debug.php
ADDED
@@ -0,0 +1,72 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_db_debug extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'db_debug';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Database Debug',
|
30 |
+
'icon' => 'dashicons-code-standards',
|
31 |
+
|
32 |
+
'help' => __("Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins and themes.
|
33 |
+
On production sites, the debug should be disabled to avoid exposing paths and other pieces of information related to the site. ", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 5,
|
36 |
+
|
37 |
+
'callback' => 'scan_item_db_debug',
|
38 |
+
);
|
39 |
+
}
|
40 |
+
|
41 |
+
|
42 |
+
function scan()
|
43 |
+
{
|
44 |
+
$_JSON_response = array();
|
45 |
+
|
46 |
+
global $wpdb;
|
47 |
+
|
48 |
+
$_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . ( $wpdb->show_errors === TRUE ? 'TRUE' : 'FALSE' );
|
49 |
+
|
50 |
+
if ( $wpdb->show_errors === TRUE )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The database debug is active. Check your site wp-config.php and comment the WP_DEBUG and WP_DEBUG_DISPLAY ( if exists ) constants declaration.', 'wp-hide-security-enhancer' );
|
54 |
+
$_JSON_response['actions'] = array (
|
55 |
+
'ignore' => '//--post-generated--',
|
56 |
+
'restore' => '//--post-generated--',
|
57 |
+
);
|
58 |
+
}
|
59 |
+
else
|
60 |
+
{
|
61 |
+
$_JSON_response['status'] = TRUE;
|
62 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The database debug is disabled.', 'wp-hide-security-enhancer' );
|
63 |
+
}
|
64 |
+
|
65 |
+
return $this->return_json_response( $_JSON_response );
|
66 |
+
|
67 |
+
}
|
68 |
+
|
69 |
+
}
|
70 |
+
|
71 |
+
|
72 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_disable_file_edit.php
ADDED
@@ -0,0 +1,70 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_disable_file_edit extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'disable_file_edit';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Theme/Plugin File Editor',
|
30 |
+
'icon' => 'dashicons-code-standards',
|
31 |
+
|
32 |
+
'help' => __("The WordPress theme/plugin file editor lets you open files from the site. It displays the file content on the text editor allowing changes to the code, directly on the dashboard.
|
33 |
+
<br />Unless this is a development instance, it should be disabled.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 5,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . ( defined ( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT === TRUE ? 'TRUE' : 'FALSE' );
|
45 |
+
|
46 |
+
if ( ! defined ( 'DISALLOW_FILE_EDIT' ) || DISALLOW_FILE_EDIT === FALSE )
|
47 |
+
{
|
48 |
+
$_JSON_response['status'] = FALSE;
|
49 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The file editor is enabled.
|
50 |
+
<br />To fix this security issue, add/change the wp-config.php:
|
51 |
+
<br /><code>define ( \'DISALLOW_FILE_EDIT\', TRUE );</code>.', 'wp-hide-security-enhancer' );
|
52 |
+
$_JSON_response['actions'] = array (
|
53 |
+
'ignore' => '//--post-generated--',
|
54 |
+
'restore' => '//--post-generated--',
|
55 |
+
);
|
56 |
+
}
|
57 |
+
else
|
58 |
+
{
|
59 |
+
$_JSON_response['status'] = TRUE;
|
60 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The file editor is disabled.', 'wp-hide-security-enhancer' );
|
61 |
+
}
|
62 |
+
|
63 |
+
return $this->return_json_response( $_JSON_response );
|
64 |
+
|
65 |
+
}
|
66 |
+
|
67 |
+
}
|
68 |
+
|
69 |
+
|
70 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_firewall.php
ADDED
@@ -0,0 +1,138 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_firewall extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'firewall';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Firewall', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-shield',
|
31 |
+
|
32 |
+
'help' => __("A Firewall is a security piece of software that adds a layer of protection to your site. A firewall works as a rules-based filter for all incoming traffic to a website, it ensures only the secure traffic is reaching the server, all malicious attempts will be blocked and logged.
|
33 |
+
<br />A Firewall works as Proactive ratter reactive security solution, so it helps to protect a website before the malicious and malware actually reach it. This is a huge improvement for security, as preventing any harm and damages to a site, spare the administrators of incalculable losses which the malware can do.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 20,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_errors = array();
|
45 |
+
|
46 |
+
$firewall_check = array (
|
47 |
+
'header' => array (
|
48 |
+
'url' => 'query=header:',
|
49 |
+
'message' => __('Failed to block requests using malicious header calls.', 'wp-hide-security-enhancer')
|
50 |
+
),
|
51 |
+
'set_cookie' => array(
|
52 |
+
'url' => 'query=set-cookie:=',
|
53 |
+
'message' => __('Failed to block requests using malicious set-cookie calls.', 'wp-hide-security-enhancer')
|
54 |
+
),
|
55 |
+
'union' => array(
|
56 |
+
'url' => 'query=union(select(',
|
57 |
+
'message' => __('Failed to block requests using malicious MySQL code.', 'wp-hide-security-enhancer')
|
58 |
+
),
|
59 |
+
'globals' => array(
|
60 |
+
'url' => 'query=globals=',
|
61 |
+
'message' => __('Failed to block requests using malicious globals calls.', 'wp-hide-security-enhancer')
|
62 |
+
),
|
63 |
+
'request' => array(
|
64 |
+
'url' => 'query=request=',
|
65 |
+
'message' => __('Failed to block requests using malicious request calls.', 'wp-hide-security-enhancer')
|
66 |
+
)
|
67 |
+
);
|
68 |
+
|
69 |
+
$args = array(
|
70 |
+
'sslverify' => false,
|
71 |
+
'timeout' => 15
|
72 |
+
);
|
73 |
+
|
74 |
+
foreach ( $firewall_check as $item_id => $firewall_item )
|
75 |
+
{
|
76 |
+
$url = home_url() . '?' . $firewall_item['url'] ;
|
77 |
+
$response = wp_remote_get( $url, $args );
|
78 |
+
|
79 |
+
if ( is_a( $response, 'WP_Error' ))
|
80 |
+
{
|
81 |
+
$found_errors[$item_id][] = $response->get_error_message();
|
82 |
+
$found_errors[$item_id][] = $firewall_item['message'];
|
83 |
+
continue;
|
84 |
+
}
|
85 |
+
|
86 |
+
if ( is_array( $response ) )
|
87 |
+
{
|
88 |
+
|
89 |
+
if ( ! isset( $response['response']['code'] ) )
|
90 |
+
{
|
91 |
+
$found_errors[$item_id][] = __('No valid respons for the call.', 'wp-hide-security-enhancer');
|
92 |
+
continue;
|
93 |
+
}
|
94 |
+
|
95 |
+
if ( $response['response']['code'] != 403 )
|
96 |
+
{
|
97 |
+
$found_errors[$item_id][] = $firewall_item['message'];
|
98 |
+
continue;
|
99 |
+
}
|
100 |
+
}
|
101 |
+
}
|
102 |
+
|
103 |
+
if ( count ( $found_errors ) > 0 )
|
104 |
+
{
|
105 |
+
$_JSON_response['status'] = FALSE;
|
106 |
+
|
107 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site does not appear to use a Firewall or fails to block specific hacks.', 'wp-hide-security-enhancer' );
|
108 |
+
$_JSON_response['description'] .= '<br /><br />';
|
109 |
+
|
110 |
+
foreach ( $found_errors as $found_error_messages )
|
111 |
+
{
|
112 |
+
|
113 |
+
$_JSON_response['description'] .= '<p class="important">';
|
114 |
+
$_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . __( 'Found', 'wp-hide-security-enhancer' ) .' - ' . implode ( '<br />' , $found_error_messages ) .'</b>';
|
115 |
+
$_JSON_response['description'] .= '</p>';
|
116 |
+
|
117 |
+
}
|
118 |
+
|
119 |
+
$_JSON_response['actions'] = array (
|
120 |
+
'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
121 |
+
'ignore' => '//--post-generated--',
|
122 |
+
'restore' => '//--post-generated--',
|
123 |
+
);
|
124 |
+
}
|
125 |
+
else
|
126 |
+
{
|
127 |
+
$_JSON_response['status'] = TRUE;
|
128 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>Your site use a Firewall.', 'wp-hide-security-enhancer' );
|
129 |
+
}
|
130 |
+
|
131 |
+
return $this->return_json_response( $_JSON_response );
|
132 |
+
|
133 |
+
}
|
134 |
+
|
135 |
+
}
|
136 |
+
|
137 |
+
|
138 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_headers.php
ADDED
@@ -0,0 +1,120 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_headers extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'headers';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('HTTP Response Security Headers', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("HTTP Response Headers are a powerful tool to Harden Your Website.
|
33 |
+
The Hypertext Transfer Protocol (HTTP) is based on a client-server architecture, in which the client ( typically a web browser application ) establishes a connection with the server through a destination URL and waits for a response.
|
34 |
+
The HTTP Headers allow the client and the server send additional pieces of information with the HTTP request or response.
|
35 |
+
The HTTP Headers are categorised by their purpose: Authentication, Caching, Client hints, Conditionals, Connection management, Content negotiation, Controls, Cookies, CORS, Downloads, Message body information, Proxies, Redirects, Request context, Response context, Range requests, Security, Server-sent events, Transfer coding, WebSockets, Other
|
36 |
+
This area provides support for the <a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#security' target='_blank'>Security Headers</a> type. Those are the ones responsible for the security implementation for any page.", 'wp-hide-security-enhancer'),
|
37 |
+
|
38 |
+
'score_points' => 20,
|
39 |
+
);
|
40 |
+
}
|
41 |
+
|
42 |
+
|
43 |
+
function scan()
|
44 |
+
{
|
45 |
+
$_JSON_response = array();
|
46 |
+
|
47 |
+
$found_issue = FALSE;
|
48 |
+
$found_headers = array();
|
49 |
+
$not_found_headers = array();
|
50 |
+
|
51 |
+
if ( $this->wph->security_scan->remote_headers )
|
52 |
+
{
|
53 |
+
$WPH_module_general_security_check_headers = new WPH_module_general_security_check_headers();
|
54 |
+
|
55 |
+
$headers = $this->wph->security_scan->remote_headers;
|
56 |
+
|
57 |
+
$found_headers = array ( );
|
58 |
+
|
59 |
+
foreach ( $headers->getAll() as $header_key => $header_value )
|
60 |
+
{
|
61 |
+
$header_key = strtolower ( $header_key ) ;
|
62 |
+
$header_key = trim ( $header_key );
|
63 |
+
|
64 |
+
if ( isset( $WPH_module_general_security_check_headers->headers[ $header_key ] ) )
|
65 |
+
$found_headers[] = $header_key;
|
66 |
+
}
|
67 |
+
|
68 |
+
foreach ( $WPH_module_general_security_check_headers->headers as $header_key => $header_data )
|
69 |
+
{
|
70 |
+
if ( in_array ( $header_key, $found_headers ) )
|
71 |
+
continue;
|
72 |
+
|
73 |
+
$not_found_headers[] = $header_key;
|
74 |
+
}
|
75 |
+
|
76 |
+
if ( count ( $not_found_headers ) > 0 )
|
77 |
+
$found_issue = TRUE;
|
78 |
+
}
|
79 |
+
else
|
80 |
+
$found_issue = TRUE;
|
81 |
+
|
82 |
+
if ( $found_issue )
|
83 |
+
{
|
84 |
+
$_JSON_response['status'] = FALSE;
|
85 |
+
|
86 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site is missing some security headers.', 'wp-hide-security-enhancer' );
|
87 |
+
|
88 |
+
foreach ( $not_found_headers as $not_found_header )
|
89 |
+
{
|
90 |
+
|
91 |
+
$_JSON_response['description'] .= '<p class="important">';
|
92 |
+
$_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> Not Found - ' . ucfirst ( $not_found_header ) .'</b>';
|
93 |
+
$_JSON_response['description'] .= '</p>';
|
94 |
+
|
95 |
+
}
|
96 |
+
|
97 |
+
if ( $this->wph->security_scan->remote_started && $this->wph->security_scan->remote_errors !== FALSE )
|
98 |
+
$_JSON_response['description'] .= "<br /><br /><span class='error'>" . __('Unable to complete this security task as an error occoured', 'wp-hide-security-enhancer' ) . ': <b>' .$this->wph->security_scan->remote_errors . '</b></span>';
|
99 |
+
|
100 |
+
$_JSON_response['actions'] = array (
|
101 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-security-headers', 'admin' ) .'">Fix</a>',
|
102 |
+
'fix2' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
103 |
+
'ignore' => '//--post-generated--',
|
104 |
+
'restore' => '//--post-generated--',
|
105 |
+
);
|
106 |
+
}
|
107 |
+
else
|
108 |
+
{
|
109 |
+
$_JSON_response['status'] = TRUE;
|
110 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no headers containing valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
|
111 |
+
}
|
112 |
+
|
113 |
+
return $this->return_json_response( $_JSON_response );
|
114 |
+
|
115 |
+
}
|
116 |
+
|
117 |
+
}
|
118 |
+
|
119 |
+
|
120 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_admin_ajax.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_admin_ajax extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_admin_ajax';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New admin-ajax.php', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The admin-ajax.php is being used by WordPress core and many plugins to initiate AJAX calls from dashboard and front side. This is specific to WordPress, a site using such slug is an easy target to hack attempts.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 20,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('new_admin_ajax_php');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Rewriting the admin-ajax.php to another slug to increase overall security for a WordPress site.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_admin_url.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_admin_url extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_admin_url';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New Admin Url', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Despite the flexibility of WordPress framework, there are few ways to configure the admin login url customization for making a bit safer against unauthorized access and brute force attempts. All methods are not provided out of the box through WordPress core but require custom code to make it happen.
|
33 |
+
<br />This feature provide an easy way to change the default /wp-admin/ to a different slug.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 20,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
|
46 |
+
$option = $this->wph->functions->get_module_item_setting('admin_url');
|
47 |
+
|
48 |
+
if ( empty ( $option ) || $option == 'no' )
|
49 |
+
$found_issue = TRUE;
|
50 |
+
|
51 |
+
if ( $found_issue )
|
52 |
+
{
|
53 |
+
$_JSON_response['status'] = FALSE;
|
54 |
+
|
55 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Map a new admin url instead default prevent hackers boot to attempt to brute force a site login.', 'wp-hide-security-enhancer' );
|
56 |
+
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-admin&component=wp-login-php', 'admin' ) .'">Fix</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_child_theme.php
ADDED
@@ -0,0 +1,105 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_child_theme extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_child_theme';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New Child Theme Path', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("This option helps to change the theme url to a custom one. As default all theme assets ( styles, JavaScript etc ) are loaded using the theme url and appear on front side HTML source code.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
if ( ! $this->wph->templates_data['use_child_theme'] )
|
44 |
+
{
|
45 |
+
$_JSON_response = array (
|
46 |
+
'status' => TRUE,
|
47 |
+
'description' => __( '<span class="dashicons dashicons-yes"></span>On the last scan, you are not using a Child Theme.', 'wp-hide-security-enhancer' )
|
48 |
+
);
|
49 |
+
|
50 |
+
return $this->return_json_response( $_JSON_response );
|
51 |
+
}
|
52 |
+
|
53 |
+
$found_issue = FALSE;
|
54 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_theme_child_path');
|
55 |
+
|
56 |
+
if ( empty ( $option_value ) )
|
57 |
+
$found_issue = TRUE;
|
58 |
+
|
59 |
+
$found_within_code = FALSE;
|
60 |
+
if ( ! $found_issue && $this->remote_html )
|
61 |
+
{
|
62 |
+
$seek_url = $this->wph->default_variables['stylesheet_uri'];
|
63 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
64 |
+
if ( stripos( $this->remote_html, $seek_url ) )
|
65 |
+
$found_within_code = TRUE;
|
66 |
+
}
|
67 |
+
|
68 |
+
if ( $found_within_code )
|
69 |
+
$found_issue = TRUE;
|
70 |
+
|
71 |
+
if ( $found_issue )
|
72 |
+
{
|
73 |
+
$_JSON_response['status'] = FALSE;
|
74 |
+
|
75 |
+
if ( empty ( $option_value ) )
|
76 |
+
{
|
77 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url has not been customised.', 'wp-hide-security-enhancer' );
|
78 |
+
}
|
79 |
+
else
|
80 |
+
{
|
81 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
82 |
+
if ( $found_within_code )
|
83 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
84 |
+
}
|
85 |
+
|
86 |
+
$_JSON_response['actions'] = array (
|
87 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
|
88 |
+
'ignore' => '//--post-generated--',
|
89 |
+
'restore' => '//--post-generated--',
|
90 |
+
);
|
91 |
+
}
|
92 |
+
else
|
93 |
+
{
|
94 |
+
$_JSON_response['status'] = TRUE;
|
95 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
96 |
+
}
|
97 |
+
|
98 |
+
return $this->return_json_response( $_JSON_response );
|
99 |
+
|
100 |
+
}
|
101 |
+
|
102 |
+
}
|
103 |
+
|
104 |
+
|
105 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_child_theme_style.php
ADDED
@@ -0,0 +1,102 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_child_theme_style extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_child_theme_style';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New Child Theme Style File Path', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("This allow to change the default style.css filename to something else e.g. template-style.css. Per this example, on front side the main style link change from /style.css to /template-style.css ", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
$option_value = $this->wph->functions->get_module_item_setting('child_style_file_path');
|
45 |
+
|
46 |
+
if ( empty ( $option_value ) )
|
47 |
+
{
|
48 |
+
$_JSON_response = array (
|
49 |
+
'status' => TRUE,
|
50 |
+
'description' => __( '<span class="dashicons dashicons-yes"></span>On the last scan, you are not using a Child Theme.', 'wp-hide-security-enhancer' )
|
51 |
+
);
|
52 |
+
|
53 |
+
return $this->return_json_response( $_JSON_response );
|
54 |
+
}
|
55 |
+
|
56 |
+
$found_within_code = FALSE;
|
57 |
+
if ( ! $found_issue && $this->remote_html )
|
58 |
+
{
|
59 |
+
$seek_url = $this->wph->default_variables['stylesheet_uri'] . '/style.css';
|
60 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
61 |
+
if ( stripos( $this->remote_html, $seek_url ) )
|
62 |
+
$found_within_code = TRUE;
|
63 |
+
}
|
64 |
+
|
65 |
+
if ( $found_within_code )
|
66 |
+
$found_issue = TRUE;
|
67 |
+
|
68 |
+
if ( $found_issue )
|
69 |
+
{
|
70 |
+
$_JSON_response['status'] = FALSE;
|
71 |
+
|
72 |
+
if ( empty ( $option_value ) )
|
73 |
+
{
|
74 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url has not been customised.', 'wp-hide-security-enhancer' );
|
75 |
+
}
|
76 |
+
else
|
77 |
+
{
|
78 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
79 |
+
if ( $found_within_code )
|
80 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
81 |
+
}
|
82 |
+
|
83 |
+
$_JSON_response['actions'] = array (
|
84 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
|
85 |
+
'ignore' => '//--post-generated--',
|
86 |
+
'restore' => '//--post-generated--',
|
87 |
+
);
|
88 |
+
}
|
89 |
+
else
|
90 |
+
{
|
91 |
+
$_JSON_response['status'] = TRUE;
|
92 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme style url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
93 |
+
}
|
94 |
+
|
95 |
+
return $this->return_json_response( $_JSON_response );
|
96 |
+
|
97 |
+
}
|
98 |
+
|
99 |
+
}
|
100 |
+
|
101 |
+
|
102 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_comments.php
ADDED
@@ -0,0 +1,95 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_comments extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_comments';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New wp-comments-post.php', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("To avoid boots to create smap comments, the default wp-comments-post.php should be changed to a custom one.
|
33 |
+
<br />This makes it easy to recognise as WordPress form. Boots always search for such file ( wp-comments-post.php ) and automatically submit spam messages.Though this option a new file slug can replace the default.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_wp_comments_post');
|
46 |
+
|
47 |
+
if ( empty ( $option_value ) )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
$found_within_code = FALSE;
|
51 |
+
if ( ! $found_issue && $this->wph->security_scan->remote_html )
|
52 |
+
{
|
53 |
+
$seek_url = $option_value;
|
54 |
+
if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
|
55 |
+
$found_within_code = TRUE;
|
56 |
+
}
|
57 |
+
|
58 |
+
if ( $found_within_code )
|
59 |
+
$found_issue = TRUE;
|
60 |
+
|
61 |
+
if ( $found_issue )
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = FALSE;
|
64 |
+
|
65 |
+
if ( empty ( $option_value ) )
|
66 |
+
{
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default wp-comments-post.php has not been customised.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
else
|
70 |
+
{
|
71 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default wp-comments-post.php is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
72 |
+
if ( $found_within_code )
|
73 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
74 |
+
}
|
75 |
+
|
76 |
+
$_JSON_response['actions'] = array (
|
77 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=comments', 'admin' ) .'">Fix</a>',
|
78 |
+
'ignore' => '//--post-generated--',
|
79 |
+
'restore' => '//--post-generated--',
|
80 |
+
);
|
81 |
+
}
|
82 |
+
else
|
83 |
+
{
|
84 |
+
$_JSON_response['status'] = TRUE;
|
85 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default wp-comments-post.php cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
86 |
+
}
|
87 |
+
|
88 |
+
return $this->return_json_response( $_JSON_response );
|
89 |
+
|
90 |
+
}
|
91 |
+
|
92 |
+
}
|
93 |
+
|
94 |
+
|
95 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_plugins.php
ADDED
@@ -0,0 +1,96 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_plugins extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_plugins';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New Plugins Path', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("In WordPress, a plugin is a small software application that extends the features and functions of a WordPress website.
|
33 |
+
<br />Plugins play a major role in building great websites using WordPress. They make it easier for users to add features to their website without knowing a single line of code.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_plugin_path');
|
46 |
+
|
47 |
+
if ( empty ( $option_value ) )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
$found_within_code = FALSE;
|
51 |
+
if ( ! $found_issue && $this->remote_html )
|
52 |
+
{
|
53 |
+
$seek_url = includes_url();
|
54 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
55 |
+
if ( stripos( $this->remote_html, $seek_url ) )
|
56 |
+
$found_within_code = TRUE;
|
57 |
+
}
|
58 |
+
|
59 |
+
if ( $found_within_code )
|
60 |
+
$found_issue = TRUE;
|
61 |
+
|
62 |
+
if ( $found_issue )
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = FALSE;
|
65 |
+
|
66 |
+
if ( empty ( $option_value ) )
|
67 |
+
{
|
68 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default plugins path has not been customised.', 'wp-hide-security-enhancer' );
|
69 |
+
}
|
70 |
+
else
|
71 |
+
{
|
72 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default plugins path is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
73 |
+
if ( $found_within_code )
|
74 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
75 |
+
}
|
76 |
+
|
77 |
+
$_JSON_response['actions'] = array (
|
78 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=plugins', 'admin' ) .'">Fix</a>',
|
79 |
+
'ignore' => '//--post-generated--',
|
80 |
+
'restore' => '//--post-generated--',
|
81 |
+
);
|
82 |
+
}
|
83 |
+
else
|
84 |
+
{
|
85 |
+
$_JSON_response['status'] = TRUE;
|
86 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default plugins path cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
87 |
+
}
|
88 |
+
|
89 |
+
return $this->return_json_response( $_JSON_response );
|
90 |
+
|
91 |
+
}
|
92 |
+
|
93 |
+
}
|
94 |
+
|
95 |
+
|
96 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_theme.php
ADDED
@@ -0,0 +1,95 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_theme extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_theme';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New Theme Path', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("This option helps to change the theme url to a custom one. As default all theme assets ( styles, JavaScript etc ) are loaded using the theme url and appear on front side HTML source code.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_theme_path');
|
45 |
+
|
46 |
+
if ( empty ( $option_value ) )
|
47 |
+
$found_issue = TRUE;
|
48 |
+
|
49 |
+
$found_within_code = FALSE;
|
50 |
+
if ( ! $found_issue && $this->remote_html )
|
51 |
+
{
|
52 |
+
$seek_url = $this->wph->default_variables['template_url'];
|
53 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
54 |
+
if ( stripos( $this->remote_html, $seek_url ) )
|
55 |
+
$found_within_code = TRUE;
|
56 |
+
}
|
57 |
+
|
58 |
+
if ( $found_within_code )
|
59 |
+
$found_issue = TRUE;
|
60 |
+
|
61 |
+
if ( $found_issue )
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = FALSE;
|
64 |
+
|
65 |
+
if ( empty ( $option_value ) )
|
66 |
+
{
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url has not been customised.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
else
|
70 |
+
{
|
71 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme url is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
72 |
+
if ( $found_within_code )
|
73 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
74 |
+
}
|
75 |
+
|
76 |
+
$_JSON_response['actions'] = array (
|
77 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
|
78 |
+
'ignore' => '//--post-generated--',
|
79 |
+
'restore' => '//--post-generated--',
|
80 |
+
);
|
81 |
+
}
|
82 |
+
else
|
83 |
+
{
|
84 |
+
$_JSON_response['status'] = TRUE;
|
85 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
86 |
+
}
|
87 |
+
|
88 |
+
return $this->return_json_response( $_JSON_response );
|
89 |
+
|
90 |
+
}
|
91 |
+
|
92 |
+
}
|
93 |
+
|
94 |
+
|
95 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_theme_style.php
ADDED
@@ -0,0 +1,95 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_theme_style extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_theme_style';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New Theme Style File Path', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("This allow to change the default style.css filename to something else e.g. template-style.css. Per this example, on front side the main style link change from /style.css to /template-style.css ", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_style_file_path');
|
45 |
+
|
46 |
+
if ( empty ( $option_value ) )
|
47 |
+
$found_issue = TRUE;
|
48 |
+
|
49 |
+
$found_within_code = FALSE;
|
50 |
+
if ( ! $found_issue && $this->remote_html )
|
51 |
+
{
|
52 |
+
$seek_url = $this->wph->default_variables['template_url'] . '/style.css';
|
53 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
54 |
+
if ( stripos( $this->remote_html, $seek_url ) )
|
55 |
+
$found_within_code = TRUE;
|
56 |
+
}
|
57 |
+
|
58 |
+
if ( $found_within_code )
|
59 |
+
$found_issue = TRUE;
|
60 |
+
|
61 |
+
if ( $found_issue )
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = FALSE;
|
64 |
+
|
65 |
+
if ( empty ( $option_value ) )
|
66 |
+
{
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url has not been customised.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
else
|
70 |
+
{
|
71 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default theme style url is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
72 |
+
if ( $found_within_code )
|
73 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
74 |
+
}
|
75 |
+
|
76 |
+
$_JSON_response['actions'] = array (
|
77 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=theme', 'admin' ) .'">Fix</a>',
|
78 |
+
'ignore' => '//--post-generated--',
|
79 |
+
'restore' => '//--post-generated--',
|
80 |
+
);
|
81 |
+
}
|
82 |
+
else
|
83 |
+
{
|
84 |
+
$_JSON_response['status'] = TRUE;
|
85 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default theme style url cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
86 |
+
}
|
87 |
+
|
88 |
+
return $this->return_json_response( $_JSON_response );
|
89 |
+
|
90 |
+
}
|
91 |
+
|
92 |
+
}
|
93 |
+
|
94 |
+
|
95 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_wp_content.php
ADDED
@@ -0,0 +1,95 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_wp_content extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_wp_content';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Hide default /wp-content/ ', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("As default a WordPress installation contain a wp-content folder which store files and resources used by themes and plugin. The wp-content is a common fingerprint, which makes easily to anyone to identify the site as being created on WordPress.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_content_path');
|
45 |
+
|
46 |
+
if ( empty ( $option_value ) )
|
47 |
+
$found_issue = TRUE;
|
48 |
+
|
49 |
+
$found_within_code = FALSE;
|
50 |
+
if ( ! $found_issue && $this->wph->security_scan->remote_html )
|
51 |
+
{
|
52 |
+
$seek_url = content_url();
|
53 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
54 |
+
if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
|
55 |
+
$found_within_code = TRUE;
|
56 |
+
}
|
57 |
+
|
58 |
+
if ( $found_within_code )
|
59 |
+
$found_issue = TRUE;
|
60 |
+
|
61 |
+
if ( $found_issue )
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = FALSE;
|
64 |
+
|
65 |
+
if ( empty ( $option_value ) )
|
66 |
+
{
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-content/ has not been customised.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
else
|
70 |
+
{
|
71 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-content/ is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
72 |
+
if ( $found_within_code )
|
73 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
74 |
+
}
|
75 |
+
|
76 |
+
$_JSON_response['actions'] = array (
|
77 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=wp-content', 'admin' ) .'">Fix</a>',
|
78 |
+
'ignore' => '//--post-generated--',
|
79 |
+
'restore' => '//--post-generated--',
|
80 |
+
);
|
81 |
+
}
|
82 |
+
else
|
83 |
+
{
|
84 |
+
$_JSON_response['status'] = TRUE;
|
85 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default /wp-content/ cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
86 |
+
}
|
87 |
+
|
88 |
+
return $this->return_json_response( $_JSON_response );
|
89 |
+
|
90 |
+
}
|
91 |
+
|
92 |
+
}
|
93 |
+
|
94 |
+
|
95 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_check_wp_includes.php
ADDED
@@ -0,0 +1,95 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_check_wp_includes extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_check_wp_includes';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Hide default /wp-includes/ ', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("As default a WordPress installation contain a wp-include folder which store files and resources used by WordPress core, themes and plugin. The wp-includes is a common fingerprint, which makes easily to anyone to identify the site as being created on WordPress.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
$option_value = $this->wph->functions->get_module_item_setting('new_include_path');
|
45 |
+
|
46 |
+
if ( empty ( $option_value ) )
|
47 |
+
$found_issue = TRUE;
|
48 |
+
|
49 |
+
$found_within_code = FALSE;
|
50 |
+
if ( ! $found_issue && $this->wph->security_scan->remote_html )
|
51 |
+
{
|
52 |
+
$seek_url = includes_url();
|
53 |
+
$seek_url = str_replace( array('https://', 'http://'), "", $seek_url );
|
54 |
+
if ( stripos( $this->wph->security_scan->remote_html, $seek_url ) )
|
55 |
+
$found_within_code = TRUE;
|
56 |
+
}
|
57 |
+
|
58 |
+
if ( $found_within_code )
|
59 |
+
$found_issue = TRUE;
|
60 |
+
|
61 |
+
if ( $found_issue )
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = FALSE;
|
64 |
+
|
65 |
+
if ( empty ( $option_value ) )
|
66 |
+
{
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-includes/ has not been customised.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
else
|
70 |
+
{
|
71 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The default /wp-includes/ is still found within the source HTML.', 'wp-hide-security-enhancer' );
|
72 |
+
if ( $found_within_code )
|
73 |
+
$_JSON_response['description'] = __( '<br />Ensure you cleared the site cache, then check again.', 'wp-hide-security-enhancer' );
|
74 |
+
}
|
75 |
+
|
76 |
+
$_JSON_response['actions'] = array (
|
77 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=wp-includes', 'admin' ) .'">Fix</a>',
|
78 |
+
'ignore' => '//--post-generated--',
|
79 |
+
'restore' => '//--post-generated--',
|
80 |
+
);
|
81 |
+
}
|
82 |
+
else
|
83 |
+
{
|
84 |
+
$_JSON_response['status'] = TRUE;
|
85 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The default /wp-includes/ cannot be found anymore through the site source.', 'wp-hide-security-enhancer' );
|
86 |
+
}
|
87 |
+
|
88 |
+
return $this->return_json_response( $_JSON_response );
|
89 |
+
|
90 |
+
}
|
91 |
+
|
92 |
+
}
|
93 |
+
|
94 |
+
|
95 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_emulate.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_emulate extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_emulate';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Emulate CMS', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Using the option the system try to misguide the used WordPress by outputting the wrong traces, of the selected CMS.
|
33 |
+
<br />Misleading and making a false lead provides an extra security, as the attacker search and attempt to hack something which not exist.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
|
46 |
+
$option = $this->wph->functions->get_module_item_setting('emulate_cms');
|
47 |
+
|
48 |
+
if ( empty ( $option ) || $option == 'no' )
|
49 |
+
$found_issue = TRUE;
|
50 |
+
|
51 |
+
if ( $found_issue )
|
52 |
+
{
|
53 |
+
$_JSON_response['status'] = FALSE;
|
54 |
+
|
55 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>It\'s recommended to use the option to output specific CMSs HTML traces to mislead any peculiar check.', 'wp-hide-security-enhancer' );
|
56 |
+
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=emulate-cms', 'admin' ) .'">Fix</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_json.php
ADDED
@@ -0,0 +1,77 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_json extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_json';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('JSON REST', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The WordPress REST API is an easy-to-use set of HTTP endpoints which allows access a site data in simple JSON format. That including users, posts, taxonomies and more. Retrieving or updating is as simple as sending a HTTP request.
|
33 |
+
<br />A REST API can be consumed everywhere. On mobile applications, on front-end (web apps) or any other devices that have access on the net, practically everything can connect from anywhere to your site and interact though JSON REST API service.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
|
46 |
+
$disable_json_rest_v1 = $this->wph->functions->get_module_item_setting('disable_json_rest_v1');
|
47 |
+
$disable_json_rest_v2 = $this->wph->functions->get_module_item_setting('disable_json_rest_v2');
|
48 |
+
|
49 |
+
if ( ( empty ( $disable_json_rest_v1 ) || $disable_json_rest_v1 == 'no' ) && ( empty ( $disable_json_rest_v2 ) || $disable_json_rest_v2 == 'no' ) )
|
50 |
+
$found_issue = TRUE;
|
51 |
+
|
52 |
+
if ( $found_issue )
|
53 |
+
{
|
54 |
+
$_JSON_response['status'] = FALSE;
|
55 |
+
|
56 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The JSON endpoint should be customised. If not used, should be disabled.', 'wp-hide-security-enhancer' );
|
57 |
+
|
58 |
+
$_JSON_response['actions'] = array (
|
59 |
+
'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
60 |
+
'ignore' => '//--post-generated--',
|
61 |
+
'restore' => '//--post-generated--',
|
62 |
+
);
|
63 |
+
}
|
64 |
+
else
|
65 |
+
{
|
66 |
+
$_JSON_response['status'] = TRUE;
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
|
70 |
+
return $this->return_json_response( $_JSON_response );
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
}
|
75 |
+
|
76 |
+
|
77 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_json_clean_api.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_json_clean_api extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_json_clean_api';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Clean the REST API response', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("When calling the site REST API base route ( e.g. /wp-json/ or ?rest_route=/ ) the service outputs all available namespaces and routes for current site. This can be a breach for the system, as outputs important information regarding certain used theme and plugins.
|
33 |
+
<br />Recommended selection for this option is Yes, to ensure no inside data is being exposed. ", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
|
46 |
+
$clean_json_base_route = $this->wph->functions->get_module_item_setting('clean_json_base_route');
|
47 |
+
|
48 |
+
if ( empty ( $clean_json_base_route ) || $clean_json_base_route == 'no' )
|
49 |
+
$found_issue = TRUE;
|
50 |
+
|
51 |
+
if ( $found_issue )
|
52 |
+
{
|
53 |
+
$_JSON_response['status'] = FALSE;
|
54 |
+
|
55 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The "Clean the REST API response" should be active.', 'wp-hide-security-enhancer' );
|
56 |
+
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=json-rest', 'admin' ) .'">Fix</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_license_txt.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_license_txt extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_license_txt';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Block license.txt', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("This is a text file which contain the licensing terms for WordPress framework. Obviously you don't want that visible as every site containing such file must be a WordPress.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('block_license_txt');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The license.txt file is still accessible.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=root-files', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_new_wp_login.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_new_wp_login extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_new_wp_login';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('New wp-login.php', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("There are a lot of security issues that come from having your login page open to the public. Most specifically, brute force attacks. Because of the ubiquity of WordPress, these kinds of attacks are becoming more and more common.
|
33 |
+
<br />Map a new wp-login.php instead default prevent hackers boot to attempt to brute force a site login. Being known only by the site owner, the url itself becomes private.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 20,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
|
46 |
+
$option = $this->wph->functions->get_module_item_setting('new_wp_login_php');
|
47 |
+
|
48 |
+
if ( empty ( $option ) || $option == 'no' )
|
49 |
+
$found_issue = TRUE;
|
50 |
+
|
51 |
+
if ( $found_issue )
|
52 |
+
{
|
53 |
+
$_JSON_response['status'] = FALSE;
|
54 |
+
|
55 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Map a new wp-login.php instead default prevent hackers boot to attempt to brute force a site login. Being known only by the site owner, the url itself becomes private.', 'wp-hide-security-enhancer' );
|
56 |
+
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-admin&component=wp-login-php', 'admin' ) .'">Fix</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_other_generator.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_other_generator extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_other_generator';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Remove Other Generator Meta', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Remove other meta generated tags within head (eg Theme Name, Theme Version).", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 20,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('remove_other_generator_meta');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The Other Generator Meta is still visible through the HTML code.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=meta', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_postprocessing.php
ADDED
@@ -0,0 +1,79 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_postprocessing extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_postprocessing';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Post-Processing', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The feature provides a post-processing engine for all site assets ( CSS / JavaScript ). That encodes the CSS and JavaScript, which makes it unable to read. Also, ensure perfect URLs disguise, as even if changing the plugin's name, most of the URLs still contain traces within.
|
33 |
+
This is also a great tool for making optimisation of the site assets by combining, minifying, comment removal etc.
|
34 |
+
Perfectly functional and integration in conjunction with other SEO/Optimisation plugins.
|
35 |
+
<p> </p>
|
36 |
+
<p>There are 4 types of processing options:
|
37 |
+
<b>Combine</b>: Merge all code in (usually) 2 files, one in the header and another in the footer.
|
38 |
+
<b>Combine & Encode Inline</b>: Merge all code in (usually) 2 files, one in the header and another in the footer. Additionally, the Inline code will be base64 encoded and placed in the same spot.
|
39 |
+
<b>In Place</b>: All JavaScript code will be processed and the results will be placed in the same spot. Any InLine code will be processed and saved into a data-collection directory for later usage.
|
40 |
+
<b>In Place & Encode Inline</b>: All code will be processed and the results will be placed in the same spot. Additionally, the Inline code will be base64 encoded.</p>", 'wp-hide-security-enhancer'),
|
41 |
+
|
42 |
+
'score_points' => 30,
|
43 |
+
);
|
44 |
+
}
|
45 |
+
|
46 |
+
|
47 |
+
function scan()
|
48 |
+
{
|
49 |
+
$_JSON_response = array();
|
50 |
+
|
51 |
+
//The free code does not include such functionality
|
52 |
+
$found_issue = TRUE;
|
53 |
+
|
54 |
+
if ( $found_issue )
|
55 |
+
{
|
56 |
+
$_JSON_response['status'] = FALSE;
|
57 |
+
|
58 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site assets still contain traceable data within CSS / JavaScript', 'wp-hide-security-enhancer' );
|
59 |
+
|
60 |
+
$_JSON_response['actions'] = array (
|
61 |
+
'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
62 |
+
'ignore' => '//--post-generated--',
|
63 |
+
'restore' => '//--post-generated--',
|
64 |
+
);
|
65 |
+
}
|
66 |
+
else
|
67 |
+
{
|
68 |
+
$_JSON_response['status'] = TRUE;
|
69 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
70 |
+
}
|
71 |
+
|
72 |
+
return $this->return_json_response( $_JSON_response );
|
73 |
+
|
74 |
+
}
|
75 |
+
|
76 |
+
}
|
77 |
+
|
78 |
+
|
79 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_readme_html.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_readme_html extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_readme_html';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Block readme.html', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("A Hypertext Markup Language file with general information about installed WordPress, version, instalation steps, updating, requirements, resources etc.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('block_readme_html');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The readme.html file is still accessible.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=root-files', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_registration.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_registration extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_registration';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('User Registration', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Through your site, if the WordPress Membership option is active, anyone can register.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$users_can_register = get_option('users_can_register');
|
46 |
+
|
47 |
+
if ( ! empty ( $users_can_register ) )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The Registration should be customised or disabled through Dashboard > Settings.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_remove_header_link.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_remove_header_link extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_remove_header_link';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Remove Link Header', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Remove Link Header being set as default by WordPress which outputs the site JSON URL.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('remove_header_link');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The site pages header still contain the site JSON url.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=headers', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_remove_headers.php
ADDED
@@ -0,0 +1,102 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_remove_headers extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_remove_headers';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Remove Environment Headers', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Remove the X-Powered-By and Server Headers if set. This type of header information discloses important details regarding your server environment.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 5,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
$found_headers = array();
|
45 |
+
|
46 |
+
if ( $this->wph->security_scan->remote_headers )
|
47 |
+
{
|
48 |
+
foreach ( $this->wph->security_scan->remote_headers->getAll() as $header_name => $header_value )
|
49 |
+
{
|
50 |
+
if ( stripos( $header_name, 'x-powered-by' ) === 0 )
|
51 |
+
{
|
52 |
+
$found_headers[] = 'x-powered-by';
|
53 |
+
$found_issue = TRUE;
|
54 |
+
}
|
55 |
+
if ( stripos( $header_name, 'server' ) === 0 )
|
56 |
+
{
|
57 |
+
$found_headers[] = 'server';
|
58 |
+
$found_issue = TRUE;
|
59 |
+
}
|
60 |
+
}
|
61 |
+
}
|
62 |
+
else
|
63 |
+
$found_issue = TRUE;
|
64 |
+
|
65 |
+
if ( $found_issue )
|
66 |
+
{
|
67 |
+
$_JSON_response['status'] = FALSE;
|
68 |
+
|
69 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site headers still contain some valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
|
70 |
+
|
71 |
+
foreach ( $found_headers as $found_header )
|
72 |
+
{
|
73 |
+
|
74 |
+
$_JSON_response['description'] .= '<p class="important">';
|
75 |
+
$_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> Found - ' . ucfirst ( $found_header ) .'</b>';
|
76 |
+
$_JSON_response['description'] .= '</p>';
|
77 |
+
|
78 |
+
}
|
79 |
+
|
80 |
+
if ( $this->wph->security_scan->remote_started && $this->wph->security_scan->remote_errors !== FALSE )
|
81 |
+
$_JSON_response['description'] .= "<br /><br /><span class='error'>" . __('Unable to complete this security task as an error occoured', 'wp-hide-security-enhancer' ) . ': <b>' .$this->wph->security_scan->remote_errors . '</b></span>';
|
82 |
+
|
83 |
+
$_JSON_response['actions'] = array (
|
84 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=headers', 'admin' ) .'">Fix</a>',
|
85 |
+
'ignore' => '//--post-generated--',
|
86 |
+
'restore' => '//--post-generated--',
|
87 |
+
);
|
88 |
+
}
|
89 |
+
else
|
90 |
+
{
|
91 |
+
$_JSON_response['status'] = TRUE;
|
92 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no headers containing valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
|
93 |
+
}
|
94 |
+
|
95 |
+
return $this->return_json_response( $_JSON_response );
|
96 |
+
|
97 |
+
}
|
98 |
+
|
99 |
+
}
|
100 |
+
|
101 |
+
|
102 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_remove_html_comments.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_remove_html_comments extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_remove_html_comments';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Remove Comments', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The HTML source code usually contain many comment lines, however there is no use for that, unless debugging. Remove all HTML Comments, which usually specify Plugins Name and Version. Any Internet Explorer conditional tags are preserved.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('remove_html_comments');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The site pages still contain HTML comments which may provide essential pieces of information regarding the active plugins and themes.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=html', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_replacements.php
ADDED
@@ -0,0 +1,164 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_replacements extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_replacements';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Replacements', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The module implements a post-processing engine, which allows arbitrary words to be replaced with custom ones. This works for all site data as HTML, Css, JavaScript assets.
|
33 |
+
This is the perfect tool to white-label any plugins or active code on a site, by replacing the specific words (classes, tags, JavaScript variables etc).
|
34 |
+
Examples can be found at <a href='https://wp-hide.com/how-to-easily-hide-elementor-page-builder/' target='_blank'>How to white label Elementor</a> also <a href='https://wp-hide.com/hide-your-avada-theme-avada-builder-and-fusion-core/' target='_blank'>HowHide your Avada Theme, Avada Builder and Fusion core</a> this makes the plugins totally unrecognizable for anonymous users.
|
35 |
+
<p> </p>
|
36 |
+
<p>This feature integrates perfectly with any site environment, regardles of the used plugins and themes. Changing any fingerprint does not break the site layout or disable any existing functionality.</p>", 'wp-hide-security-enhancer'),
|
37 |
+
|
38 |
+
'score_points' => 50,
|
39 |
+
);
|
40 |
+
}
|
41 |
+
|
42 |
+
|
43 |
+
function scan()
|
44 |
+
{
|
45 |
+
$_JSON_response = array();
|
46 |
+
|
47 |
+
$found_issue = FALSE;
|
48 |
+
$found_traces = array();
|
49 |
+
|
50 |
+
$fingerprints = array (
|
51 |
+
'Common WordPress fingerprints' => array (
|
52 |
+
'search' => array ( 'wp-', '-wp' ),
|
53 |
+
'replacements' => array( 'wp-' )
|
54 |
+
),
|
55 |
+
'Astra' => array (
|
56 |
+
'search' => array ('astra-', '-astra'),
|
57 |
+
'replacements' => array( 'astra' )
|
58 |
+
),
|
59 |
+
'Avada' => array (
|
60 |
+
'search' => array ( 'avada-', '-avada'),
|
61 |
+
'replacements' => array( 'avada' )
|
62 |
+
),
|
63 |
+
'Divi' => array (
|
64 |
+
'search' => array ( 'divi-', '-divi'),
|
65 |
+
'replacements' => array( 'divi' )
|
66 |
+
),
|
67 |
+
'Elementor' => array (
|
68 |
+
'search' => array ( 'elementor-', '-elementor'),
|
69 |
+
'replacements' => array( 'elementor' )
|
70 |
+
),
|
71 |
+
'Fusion Builder' => array (
|
72 |
+
'search' => array ( 'fusion-', '-fusion'),
|
73 |
+
'replacements' => array( 'fusion' )
|
74 |
+
),
|
75 |
+
'Flatsome' => array (
|
76 |
+
'search' => array ( 'flatsome-'),
|
77 |
+
'replacements' => array( 'flatsome' )
|
78 |
+
),
|
79 |
+
'Porto' => array (
|
80 |
+
'search' => array ( 'porto-', '-porto'),
|
81 |
+
'replacements' => array( 'porto' )
|
82 |
+
),
|
83 |
+
'Themify' => array (
|
84 |
+
'search' => array ( 'themify-', '-themify'),
|
85 |
+
'replacements' => array( 'themify' )
|
86 |
+
),
|
87 |
+
'Uncode' => array (
|
88 |
+
'search' => array ( 'uncode-', '-uncode'),
|
89 |
+
'replacements' => array( 'uncode' )
|
90 |
+
),
|
91 |
+
'Yoast SEO' => array (
|
92 |
+
'search' => array ( 'yoast-'),
|
93 |
+
'replacements' => array( 'yoast' )
|
94 |
+
),
|
95 |
+
'WoodMart' => array (
|
96 |
+
'search' => array ( 'woodmart-', '-woodmart'),
|
97 |
+
'replacements' => array( 'woodmart' )
|
98 |
+
),
|
99 |
+
'WooCommerce' => array (
|
100 |
+
'search' => array ( 'woocommerce-', '-woocommerce', 'wc_'),
|
101 |
+
'replacements' => array( 'woocommerce' )
|
102 |
+
),
|
103 |
+
'WP Bakery' => array (
|
104 |
+
'search' => array ( 'js-composer', 'vc_', 'wpb_'),
|
105 |
+
'replacements' => array( 'js-composer', 'vc_' )
|
106 |
+
),
|
107 |
+
);
|
108 |
+
|
109 |
+
if ( $this->wph->security_scan->remote_html )
|
110 |
+
{
|
111 |
+
foreach ( $fingerprints as $code_name => $fingerprints_group )
|
112 |
+
{
|
113 |
+
foreach ( $fingerprints_group['search'] as $fingerprints_item )
|
114 |
+
{
|
115 |
+
if ( stripos( $this->wph->security_scan->remote_html, $fingerprints_item ) )
|
116 |
+
{
|
117 |
+
$found_issue = TRUE;
|
118 |
+
$found_traces[ $code_name ] = TRUE;
|
119 |
+
}
|
120 |
+
}
|
121 |
+
}
|
122 |
+
}
|
123 |
+
else
|
124 |
+
$found_issue = TRUE;
|
125 |
+
|
126 |
+
if ( $found_issue )
|
127 |
+
{
|
128 |
+
$_JSON_response['status'] = FALSE;
|
129 |
+
|
130 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Your site assets still contain traceable data within HTML / CSS / JavaScript. Those can be removed using the Replacements functionality.', 'wp-hide-security-enhancer' );
|
131 |
+
$_JSON_response['description'] .= '<br /><br />';
|
132 |
+
|
133 |
+
foreach ( $found_traces as $code_name => $found_status )
|
134 |
+
{
|
135 |
+
|
136 |
+
$_JSON_response['description'] .= '<p class="important">';
|
137 |
+
$_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . __( 'Found', 'wp-hide-security-enhancer' ) .' - ' . $code_name .'</b>. ' . __( 'Add replacements for <code>', 'wp-hide-security-enhancer' ) . implode ( "</code>, <code>", $fingerprints[$code_name]['replacements'] ) . '</code>';
|
138 |
+
$_JSON_response['description'] .= '</p>';
|
139 |
+
|
140 |
+
}
|
141 |
+
|
142 |
+
if ( $this->wph->security_scan->remote_errors !== FALSE )
|
143 |
+
$_JSON_response['description'] .= "<br /><br /><span class='error'>" . __('Unable to complete this security task as an error occoured', 'wp-hide-security-enhancer' ) . ': <b>' .$this->wph->security_scan->remote_errors . '</b></span>';
|
144 |
+
|
145 |
+
$_JSON_response['actions'] = array (
|
146 |
+
'fix' => '<a class="button-primary wph-pro" target="_blank" href="https://wp-hide.com/pricing/">PRO</a>',
|
147 |
+
'ignore' => '//--post-generated--',
|
148 |
+
'restore' => '//--post-generated--',
|
149 |
+
);
|
150 |
+
}
|
151 |
+
else
|
152 |
+
{
|
153 |
+
$_JSON_response['status'] = TRUE;
|
154 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no obvious fingerprints.', 'wp-hide-security-enhancer' );
|
155 |
+
}
|
156 |
+
|
157 |
+
return $this->return_json_response( $_JSON_response );
|
158 |
+
|
159 |
+
}
|
160 |
+
|
161 |
+
}
|
162 |
+
|
163 |
+
|
164 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_robots.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_robots extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_robots';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Process robots.txt', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The robots.txt file plays a major role in search engine ranking. It blocks search engine bots and helps index and crawl important parts of your site.
|
33 |
+
<br />As default the robots.txt also includes an allow clause to admin URL and admin-ajax.php url. Once customized those areas, the new slugs might not want to be show to anyone. Turn this option to Yes removed any reference to new wp-admin and admin-ajax.php.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$found_issue = FALSE;
|
45 |
+
|
46 |
+
$option = $this->wph->functions->get_module_item_setting('disable_robots_txt');
|
47 |
+
|
48 |
+
if ( empty ( $option ) || $option == 'no' )
|
49 |
+
$found_issue = TRUE;
|
50 |
+
|
51 |
+
if ( $found_issue )
|
52 |
+
{
|
53 |
+
$_JSON_response['status'] = FALSE;
|
54 |
+
|
55 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The robots.txt should be processed to ensure none of the default URLs is still used.', 'wp-hide-security-enhancer' );
|
56 |
+
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=robots-txt', 'admin' ) .'">Fix</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_wlwmanifest.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_wlwmanifest extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_wlwmanifest';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Remove wlwmanifest Meta', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The wlwmanifest link is actually used by Windows Live Writer. If you don't te application, this is just unnecessary code.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('remove_wlwmanifest');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>Unless using the Windows Live Writer, the file have no usage so should be disabled.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=meta', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_wordpress_generator.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_wordpress_generator extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_wordpress_generator';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Remove WordPress Generator Meta', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("Remove the autogenerated meta generator tag within head (WordPress Version).", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 30,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = $this->wph->functions->get_module_item_setting('remove_generator_meta');
|
46 |
+
|
47 |
+
if ( empty ( $option ) || $option == 'no' )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The WordPress Generator is still visible through the HTML code.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-general&component=meta', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_wordpress_tagline.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_wordpress_tagline extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_wordpress_tagline';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('Change WordPress TagLine', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("The WordPress tagline is a short description of your website. The WordPress tagline can be modified by accessing the Dasboard > Settings > General", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$option = get_option ( 'blogdescription' );
|
46 |
+
|
47 |
+
if ( $option == __('Just another WordPress site') )
|
48 |
+
$found_issue = TRUE;
|
49 |
+
|
50 |
+
if ( $found_issue )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = FALSE;
|
53 |
+
|
54 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The tagline still uses the default WordPress sample, and should be customised.', 'wp-hide-security-enhancer' );
|
55 |
+
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'options-general.php', 'admin' ) .'">Fix</a>',
|
58 |
+
'ignore' => '//--post-generated--',
|
59 |
+
'restore' => '//--post-generated--',
|
60 |
+
);
|
61 |
+
}
|
62 |
+
else
|
63 |
+
{
|
64 |
+
$_JSON_response['status'] = TRUE;
|
65 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The option appears properly configured.', 'wp-hide-security-enhancer' );
|
66 |
+
}
|
67 |
+
|
68 |
+
return $this->return_json_response( $_JSON_response );
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
|
75 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_hide_xml_rpc.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_hide_xml_rpc extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'hide_xml_rpc';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __('XML-RPC', 'wp-hide-security-enhancer'),
|
30 |
+
'icon' => 'dashicons-hidden',
|
31 |
+
|
32 |
+
'help' => __("XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. This service allow other applications to talk to your WordPress site.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$found_issue = FALSE;
|
44 |
+
|
45 |
+
$new_xml_rpc_path = $this->wph->functions->get_module_item_setting('new_xml_rpc_path');
|
46 |
+
$disable_xml_rpc_auth = $this->wph->functions->get_module_item_setting('disable_xml_rpc_auth');
|
47 |
+
|
48 |
+
if ( empty ( $new_xml_rpc_path ) && ( empty ( $disable_xml_rpc_auth ) || $disable_xml_rpc_auth == 'no' ) )
|
49 |
+
$found_issue = TRUE;
|
50 |
+
|
51 |
+
if ( $found_issue )
|
52 |
+
{
|
53 |
+
$_JSON_response['status'] = FALSE;
|
54 |
+
|
55 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The XML-RPC module has not been customised.', 'wp-hide-security-enhancer' );
|
56 |
+
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'admin.php?page=wp-hide-rewrite&component=xml-rpc', 'admin' ) .'">Fix</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The XML-RPC appears properly configured.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_keys_and_salts.php
ADDED
@@ -0,0 +1,89 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_keys_and_salts extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'keys_and_salts';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Authentication Unique Keys and Salts',
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("WordPress security authentication or secret key or SALT keys, are the encrypted code that protects your login information.
|
33 |
+
Salt keys are cryptographic elements used to 'hash' data in order to secure it. In fact, most serious platforms and systems use similar mechanisms to protect sensitive data.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$wrong_value = FALSE;
|
45 |
+
|
46 |
+
$constants = array(
|
47 |
+
'AUTH_KEY',
|
48 |
+
'SECURE_AUTH_KEY',
|
49 |
+
'LOGGED_IN_KEY',
|
50 |
+
'NONCE_KEY',
|
51 |
+
'AUTH_SALT',
|
52 |
+
'SECURE_AUTH_SALT',
|
53 |
+
'LOGGED_IN_SALT',
|
54 |
+
'NONCE_SALT'
|
55 |
+
);
|
56 |
+
|
57 |
+
foreach ( $constants as $constant )
|
58 |
+
{
|
59 |
+
if ( empty ( constant ( $constant ) ) || constant ( $constant ) == 'put your unique phrase here' )
|
60 |
+
{
|
61 |
+
$wrong_value = TRUE;
|
62 |
+
break;
|
63 |
+
}
|
64 |
+
}
|
65 |
+
|
66 |
+
if ( $wrong_value )
|
67 |
+
{
|
68 |
+
$_JSON_response['status'] = FALSE;
|
69 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The Authentication unique keys and salts are empty or invalid.', 'wp-hide-security-enhancer' );
|
70 |
+
$_JSON_response['actions'] = array (
|
71 |
+
'read_more' => '<a class="button" target="_blank" href="https://www.malcare.com/blog/wordpress-salts/">Read More</a>',
|
72 |
+
'ignore' => '//--post-generated--',
|
73 |
+
'restore' => '//--post-generated--',
|
74 |
+
);
|
75 |
+
}
|
76 |
+
else
|
77 |
+
{
|
78 |
+
$_JSON_response['status'] = TRUE;
|
79 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The Authentication unique keys and salts are correctly set-up.', 'wp-hide-security-enhancer' );
|
80 |
+
}
|
81 |
+
|
82 |
+
return $this->return_json_response( $_JSON_response );
|
83 |
+
|
84 |
+
}
|
85 |
+
|
86 |
+
}
|
87 |
+
|
88 |
+
|
89 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_mysql_version.php
ADDED
@@ -0,0 +1,71 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_mysql_version extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'mysql_version';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'MySQL Version',
|
30 |
+
'icon' => 'dashicons-database',
|
31 |
+
|
32 |
+
'help' => __("Using a higher MySQL version ensures better capability for your system. Older versions are often exploitable making the system unstable and predisposing to security breaches.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 5,
|
35 |
+
|
36 |
+
'callback' => 'scan_item_mysql_version',
|
37 |
+
);
|
38 |
+
}
|
39 |
+
|
40 |
+
|
41 |
+
function scan()
|
42 |
+
{
|
43 |
+
$_JSON_response = array();
|
44 |
+
|
45 |
+
global $wpdb;
|
46 |
+
|
47 |
+
$_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $wpdb->db_version();
|
48 |
+
|
49 |
+
if ( version_compare ( $wpdb->db_version(), '5.0', '>=' ) )
|
50 |
+
{
|
51 |
+
$_JSON_response['status'] = TRUE;
|
52 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> You are using at least the minimum recommended PHP version.', 'wp-hide-security-enhancer' );
|
53 |
+
}
|
54 |
+
else
|
55 |
+
{
|
56 |
+
$_JSON_response['status'] = FALSE;
|
57 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> You are using an older PHP version that the minimum recommended.', 'wp-hide-security-enhancer' );
|
58 |
+
$_JSON_response['actions'] = array (
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
|
64 |
+
return $this->return_json_response( $_JSON_response );
|
65 |
+
|
66 |
+
}
|
67 |
+
|
68 |
+
}
|
69 |
+
|
70 |
+
|
71 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_old_plugins.php
ADDED
@@ -0,0 +1,122 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_old_plugins extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'old_plugins';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Old Plugins',
|
30 |
+
'icon' => 'dashicons-admin-plugins',
|
31 |
+
|
32 |
+
'help' => __("Old WordPress plugins can do damage to your website. Vulnerabilities are found within plugins all the time. Unmaintained code drastically increase the risk, as there are no patches for known issues.
|
33 |
+
Inconsistent updates can lead to serious security issues and compatibility problems, and land you in technical debt.
|
34 |
+
This will check for plugins with more than a year since their last update.", 'wp-hide-security-enhancer'),
|
35 |
+
|
36 |
+
'score_points' => 10,
|
37 |
+
|
38 |
+
'use_transient' => TRUE
|
39 |
+
);
|
40 |
+
}
|
41 |
+
|
42 |
+
|
43 |
+
function scan()
|
44 |
+
{
|
45 |
+
$_JSON_response = array();
|
46 |
+
|
47 |
+
$found_old = array();
|
48 |
+
|
49 |
+
$active_plugins = get_option( 'active_plugins' );
|
50 |
+
$all_plugins = apply_filters( 'all_plugins', get_plugins() );
|
51 |
+
|
52 |
+
foreach ( $active_plugins as $active_plugin )
|
53 |
+
{
|
54 |
+
list ( $plugin_slug, $file ) = explode ( '/' , $active_plugin );
|
55 |
+
if ( empty ( $plugin_slug ) )
|
56 |
+
continue;
|
57 |
+
|
58 |
+
$response = wp_remote_get( 'https://api.wordpress.org/plugins/info/1.0/' . $plugin_slug . '.json' , array( 'sslverify' => false, 'timeout' => 10 ) );
|
59 |
+
$http_response = $response['http_response'];
|
60 |
+
|
61 |
+
if ( ! is_array( $response ) || ! is_object( $http_response ) || $http_response->get_status() != 200 )
|
62 |
+
continue;
|
63 |
+
|
64 |
+
$response_body = json_decode ( $response['body'] );
|
65 |
+
|
66 |
+
$last_update = strtotime ( $response_body->last_updated );
|
67 |
+
if ( $last_update > strtotime ( "-1 year") )
|
68 |
+
continue;
|
69 |
+
|
70 |
+
$found_old[ $plugin_slug ] = array (
|
71 |
+
'name' => $response_body->name,
|
72 |
+
'last_updated' => $response_body->last_updated,
|
73 |
+
);
|
74 |
+
if ( isset ( $response_body->screenshots ) && isset ( $response_body->screenshots->{1} ) )
|
75 |
+
$found_old[ $plugin_slug ]['screenshot'] = $response_body->screenshots->{1}->src;
|
76 |
+
else
|
77 |
+
$found_old[ $plugin_slug ]['screenshot'] = 'https://ps.w.org/classic-editor/assets/icon-256x256.png';
|
78 |
+
}
|
79 |
+
|
80 |
+
if ( $found_old )
|
81 |
+
$_JSON_response['info'] = __( 'Found old plugins: ', 'wp-hide-security-enhancer' ) . count ( $found_old );
|
82 |
+
|
83 |
+
if ( count ( $found_old ) > 0 )
|
84 |
+
{
|
85 |
+
$_JSON_response['status'] = FALSE;
|
86 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The following plugins are very old and appear unmaintained:', 'wp-hide-security-enhancer' );
|
87 |
+
|
88 |
+
foreach ( $found_old as $plugin_slug => $plugin_data )
|
89 |
+
{
|
90 |
+
|
91 |
+
$_JSON_response['description'] .= '<p class="outdated_plugin">';
|
92 |
+
|
93 |
+
$_JSON_response['description'] .= '<img class="icon" src="'. $plugin_data['screenshot'].'" /> ';
|
94 |
+
|
95 |
+
$_JSON_response['description'] .= '<b>' . $plugin_data['name'] .'</b><br />' . __( ' Last updated on ', 'wp-hide-security-enhancer' ) . $plugin_data['last_updated'];
|
96 |
+
|
97 |
+
$_JSON_response['description'] .= '</p>';
|
98 |
+
|
99 |
+
}
|
100 |
+
|
101 |
+
$_JSON_response['description'] .= __( '<br /><p class="description">We strongly suggest finding replacements for the above plugins and remove from your site.</p>', 'wp-hide-security-enhancer' );
|
102 |
+
|
103 |
+
$_JSON_response['actions'] = array (
|
104 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'plugins.php', 'admin' ) .'">Fix</a>',
|
105 |
+
'ignore' => '//--post-generated--',
|
106 |
+
'restore' => '//--post-generated--',
|
107 |
+
);
|
108 |
+
}
|
109 |
+
else
|
110 |
+
{
|
111 |
+
$_JSON_response['status'] = TRUE;
|
112 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no Old Plugins.', 'wp-hide-security-enhancer' );
|
113 |
+
}
|
114 |
+
|
115 |
+
return $this->return_json_response( $_JSON_response );
|
116 |
+
|
117 |
+
}
|
118 |
+
|
119 |
+
}
|
120 |
+
|
121 |
+
|
122 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_outdated_plugins.php
ADDED
@@ -0,0 +1,102 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_outdated_plugins extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'outdated_plugins';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Outdated Plugins',
|
30 |
+
'icon' => 'dashicons-admin-plugins',
|
31 |
+
|
32 |
+
'help' => __("Keeping your plugins up to date is important for the stability and security of your WordPress site. It also lets you take advantage of any new features the plugin's developers have added.
|
33 |
+
A key concept of updating WordPress core, themes, and plugins is to protect your site from the possible vulnerabilities that allow a hacker to compromise your site. ", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 15,
|
36 |
+
|
37 |
+
'callback' => 'scan_item_outdated_plugins',
|
38 |
+
'use_transient' => TRUE
|
39 |
+
);
|
40 |
+
}
|
41 |
+
|
42 |
+
|
43 |
+
function scan()
|
44 |
+
{
|
45 |
+
$_JSON_response = array();
|
46 |
+
|
47 |
+
wp_update_plugins();
|
48 |
+
|
49 |
+
$update_plugins = get_site_transient('update_plugins');
|
50 |
+
$found_outdated = array();
|
51 |
+
if ( $update_plugins && is_array( $update_plugins->response ) && count ( $update_plugins->response ) > 0 )
|
52 |
+
$found_outdated = $update_plugins->response;
|
53 |
+
|
54 |
+
if ( count ( $found_outdated ) > 0 )
|
55 |
+
$_JSON_response['info'] = __( 'Found outdated plugins: ', 'wp-hide-security-enhancer' ) . count ( $found_outdated );
|
56 |
+
|
57 |
+
if ( count ( $found_outdated ) > 0 )
|
58 |
+
{
|
59 |
+
$_JSON_response['status'] = FALSE;
|
60 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The following plugins are found outdated on your site:', 'wp-hide-security-enhancer' );
|
61 |
+
|
62 |
+
$all_plugins = apply_filters( 'all_plugins', get_plugins() );
|
63 |
+
|
64 |
+
foreach ( $found_outdated as $plugin_slug => $plugin_data )
|
65 |
+
{
|
66 |
+
$plugin_data = array_merge ( (array)$plugin_data, $all_plugins[$plugin_slug]);
|
67 |
+
|
68 |
+
$_JSON_response['description'] .= '<p class="outdated_plugin">';
|
69 |
+
|
70 |
+
if ( isset ( $plugin_data['icons'] ) && isset ( $plugin_data['icons']['2x'] ) )
|
71 |
+
$_JSON_response['description'] .= '<img class="icon" src="'. $plugin_data['icons']['2x'].'" /> ';
|
72 |
+
else
|
73 |
+
$_JSON_response['description'] .= '<img class="icon" src="https://ps.w.org/classic-editor/assets/icon-256x256.png" /> ';
|
74 |
+
|
75 |
+
$_JSON_response['description'] .= '<b>' . $plugin_data['Name'] .'</b><br />' . __( ' Upgrade from ', 'wp-hide-security-enhancer' ) . $plugin_data['Version'] . __( ' to ', 'wp-hide-security-enhancer' ) . $plugin_data['new_version'];
|
76 |
+
|
77 |
+
$_JSON_response['description'] .= '</p>';
|
78 |
+
|
79 |
+
}
|
80 |
+
|
81 |
+
$_JSON_response['description'] .= __( '<br /><p class="description">The inactive plugins require updating as well, as may contain harmful vulnerabilities, exploaitable even if the code is not active.</p>', 'wp-hide-security-enhancer' );
|
82 |
+
|
83 |
+
$_JSON_response['actions'] = array (
|
84 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'plugins.php', 'admin' ) .'">Fix</a>',
|
85 |
+
'ignore' => '//--post-generated--',
|
86 |
+
'restore' => '//--post-generated--',
|
87 |
+
);
|
88 |
+
}
|
89 |
+
else
|
90 |
+
{
|
91 |
+
$_JSON_response['status'] = TRUE;
|
92 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>All plugins are Up to Date.', 'wp-hide-security-enhancer' );
|
93 |
+
}
|
94 |
+
|
95 |
+
return $this->return_json_response( $_JSON_response );
|
96 |
+
|
97 |
+
}
|
98 |
+
|
99 |
+
}
|
100 |
+
|
101 |
+
|
102 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_outdated_themes.php
ADDED
@@ -0,0 +1,97 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_outdated_themes extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'outdated_themes';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'Outdated Themes',
|
30 |
+
'icon' => 'dashicons-admin-appearance',
|
31 |
+
|
32 |
+
'help' => __("The biggest reason to keep your WordPress website up to date is Security. When you do not update your WordPress themes, you create a security risk and expose your site to existing vulnerabilities and imminent attacks.
|
33 |
+
The WordPress developers are constantly fixing security breaches or improving security.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 15,
|
36 |
+
|
37 |
+
'callback' => 'scan_item_outdated_themes',
|
38 |
+
'use_transient' => TRUE
|
39 |
+
);
|
40 |
+
}
|
41 |
+
|
42 |
+
|
43 |
+
function scan()
|
44 |
+
{
|
45 |
+
$_JSON_response = array();
|
46 |
+
|
47 |
+
wp_update_themes();
|
48 |
+
|
49 |
+
$update_themes = get_site_transient('update_themes');
|
50 |
+
$found_outdated = array();
|
51 |
+
if ( $update_themes && is_array( $update_themes->response ) && count ( $update_themes->response ) > 0 )
|
52 |
+
$found_outdated = $update_themes->response;
|
53 |
+
|
54 |
+
if ( count ( $found_outdated ) > 0 )
|
55 |
+
$_JSON_response['info'] = __( 'Found outdated themes: ', 'wp-hide-security-enhancer' ) . count ( $found_outdated );
|
56 |
+
|
57 |
+
if ( count ( $found_outdated ) > 0 )
|
58 |
+
{
|
59 |
+
$_JSON_response['status'] = FALSE;
|
60 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The following plugins are found outdated on your site:', 'wp-hide-security-enhancer' );
|
61 |
+
|
62 |
+
foreach ( $found_outdated as $theme_slug => $theme_data )
|
63 |
+
{
|
64 |
+
$theme = wp_get_theme( $theme_slug );
|
65 |
+
|
66 |
+
$_JSON_response['description'] .= '<p class="outdated_plugin">';
|
67 |
+
|
68 |
+
$_JSON_response['description'] .= '<img class="icon" src="'. $theme->get_screenshot() .'" /> ';
|
69 |
+
|
70 |
+
$_JSON_response['description'] .= '<b>' . $theme->get('Name') .'</b><br />' . __( ' Upgrade from ', 'wp-hide-security-enhancer' ) . $theme->get('Version') . __( ' to ', 'wp-hide-security-enhancer' ) . $theme_data['new_version'];
|
71 |
+
|
72 |
+
$_JSON_response['description'] .= '</p>';
|
73 |
+
|
74 |
+
}
|
75 |
+
|
76 |
+
$_JSON_response['description'] .= __( '<br /><p class="description">The inactive themes require updating as well, as may contain harmful vulnerabilities, exploaitable even if the code is not active.</p>', 'wp-hide-security-enhancer' );
|
77 |
+
|
78 |
+
$_JSON_response['actions'] = array (
|
79 |
+
'fix' => '<a class="button-primary" href="'. get_dashboard_url( '', 'themes.php', 'admin' ) .'">Fix</a>',
|
80 |
+
'ignore' => '//--post-generated--',
|
81 |
+
'restore' => '//--post-generated--',
|
82 |
+
);
|
83 |
+
}
|
84 |
+
else
|
85 |
+
{
|
86 |
+
$_JSON_response['status'] = TRUE;
|
87 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>All themes are Up to Date.', 'wp-hide-security-enhancer' );
|
88 |
+
}
|
89 |
+
|
90 |
+
return $this->return_json_response( $_JSON_response );
|
91 |
+
|
92 |
+
}
|
93 |
+
|
94 |
+
}
|
95 |
+
|
96 |
+
|
97 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_php_allow_url_include.php
ADDED
@@ -0,0 +1,77 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_php_allow_url_include extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'php_allow_url_include';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'PHP allow_url_include',
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("The allow_url_include allows a developer to include a remote file using a URL rather than a local file path. This technique is used to reduce the load on the server.
|
33 |
+
There are many servers with PHP configuration directive allow_url_include as enabled. When this setting is enabled, the server’s directory allows data retrieval from remote locations.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 10,
|
36 |
+
);
|
37 |
+
}
|
38 |
+
|
39 |
+
|
40 |
+
function scan()
|
41 |
+
{
|
42 |
+
$_JSON_response = array();
|
43 |
+
|
44 |
+
$allow_url_include = (bool)ini_get( 'allow_url_include' );
|
45 |
+
|
46 |
+
if ( $allow_url_include === TRUE )
|
47 |
+
{
|
48 |
+
$_JSON_response['status'] = FALSE;
|
49 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The allow_url_include is ON.
|
50 |
+
To fix this security issue, change the php.ini:
|
51 |
+
|
52 |
+
<br /><code>allow_url_include = "off"</code>
|
53 |
+
|
54 |
+
<br />or within .htaccess:
|
55 |
+
|
56 |
+
<br /><code>php_flag allow_url_include off</code>
|
57 |
+
<br />or within wp-config.php:
|
58 |
+
<br /><code>ini_set("allow_url_include", "0");</code>.', 'wp-hide-security-enhancer' );
|
59 |
+
$_JSON_response['actions'] = array (
|
60 |
+
'ignore' => '//--post-generated--',
|
61 |
+
'restore' => '//--post-generated--',
|
62 |
+
);
|
63 |
+
}
|
64 |
+
else
|
65 |
+
{
|
66 |
+
$_JSON_response['status'] = TRUE;
|
67 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The allow_url_include is Off.', 'wp-hide-security-enhancer' );
|
68 |
+
}
|
69 |
+
|
70 |
+
return $this->return_json_response( $_JSON_response );
|
71 |
+
|
72 |
+
}
|
73 |
+
|
74 |
+
}
|
75 |
+
|
76 |
+
|
77 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_php_display_errors.php
ADDED
@@ -0,0 +1,73 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_php_display_errors extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'php_display_errors';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'PHP display_errors',
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("The display_error setting in PHP is used to determine whether errors should be printed to the screen or not.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 5,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$display_errors = (bool)ini_get( 'display_errors' );
|
44 |
+
|
45 |
+
if ( $display_errors === TRUE )
|
46 |
+
{
|
47 |
+
$_JSON_response['status'] = FALSE;
|
48 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The display_errors is ON.
|
49 |
+
<br />To fix this security issue, change the php.ini:
|
50 |
+
<br /><code>display_errors = "off"</code>
|
51 |
+
<br />or within .htaccess:
|
52 |
+
<br /><code>php_flag display_errors off</code>
|
53 |
+
<br />or within wp-config.php:
|
54 |
+
<br /><code>ini_set("display_errors", "0");</code>.', 'wp-hide-security-enhancer' );
|
55 |
+
$_JSON_response['actions'] = array (
|
56 |
+
'ignore' => '//--post-generated--',
|
57 |
+
'restore' => '//--post-generated--',
|
58 |
+
);
|
59 |
+
}
|
60 |
+
else
|
61 |
+
{
|
62 |
+
$_JSON_response['status'] = TRUE;
|
63 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The display_errors is Off.', 'wp-hide-security-enhancer' );
|
64 |
+
}
|
65 |
+
|
66 |
+
return $this->return_json_response( $_JSON_response );
|
67 |
+
|
68 |
+
}
|
69 |
+
|
70 |
+
}
|
71 |
+
|
72 |
+
|
73 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_php_expose.php
ADDED
@@ -0,0 +1,74 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_php_expose extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'php_expose';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'PHP expose',
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("When the expose_php directive is enabled, PHP includes critical pieces of information within the HTTP response X-Powered-By header when a page is requested.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 10,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$expose_php = (bool)ini_get( 'expose_php' );
|
44 |
+
|
45 |
+
if ( $expose_php === TRUE )
|
46 |
+
{
|
47 |
+
$_JSON_response['status'] = FALSE;
|
48 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The expose_php is ON.
|
49 |
+
To fix this security issue, change the php.ini:
|
50 |
+
|
51 |
+
<br /><code>expose_php = "off"</code>
|
52 |
+
|
53 |
+
<br />or within .htaccess:
|
54 |
+
|
55 |
+
<br /><code>php_flag expose_php off</code>.', 'wp-hide-security-enhancer' );
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'ignore' => '//--post-generated--',
|
58 |
+
'restore' => '//--post-generated--',
|
59 |
+
);
|
60 |
+
}
|
61 |
+
else
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = TRUE;
|
64 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The expose_php is Off.', 'wp-hide-security-enhancer' );
|
65 |
+
}
|
66 |
+
|
67 |
+
return $this->return_json_response( $_JSON_response );
|
68 |
+
|
69 |
+
}
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
|
74 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_php_register_globals.php
ADDED
@@ -0,0 +1,74 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_php_register_globals extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'php_register_globals';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'PHP register_globals',
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("When register_globals is enabled, PHP will automatically create variables in the global scope for any value passed in GET, POST or COOKIE. This, combined with the use of variables without initialization, has led to numerous security vulnerabilities.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 20,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$register_globals = (bool)ini_get( 'register_globals' );
|
44 |
+
|
45 |
+
if ( $register_globals === TRUE )
|
46 |
+
{
|
47 |
+
$_JSON_response['status'] = FALSE;
|
48 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The register_globals is ON.
|
49 |
+
To fix this security issue, change the php.ini:
|
50 |
+
|
51 |
+
<br /><code>register_globals = "off"</code>
|
52 |
+
|
53 |
+
<br />or within .htaccess:
|
54 |
+
|
55 |
+
<br /><code>php_flag register_globals off</code>.', 'wp-hide-security-enhancer' );
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'ignore' => '//--post-generated--',
|
58 |
+
'restore' => '//--post-generated--',
|
59 |
+
);
|
60 |
+
}
|
61 |
+
else
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = TRUE;
|
64 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The register_globals is Off.', 'wp-hide-security-enhancer' );
|
65 |
+
}
|
66 |
+
|
67 |
+
return $this->return_json_response( $_JSON_response );
|
68 |
+
|
69 |
+
}
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
|
74 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_php_safe_mode.php
ADDED
@@ -0,0 +1,74 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_php_safe_mode extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'php_safe_mode';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'PHP safe_mode',
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 5,
|
35 |
+
);
|
36 |
+
}
|
37 |
+
|
38 |
+
|
39 |
+
function scan()
|
40 |
+
{
|
41 |
+
$_JSON_response = array();
|
42 |
+
|
43 |
+
$safe_mode = (bool)ini_get( 'safe_mode' );
|
44 |
+
|
45 |
+
if ( $safe_mode === TRUE )
|
46 |
+
{
|
47 |
+
$_JSON_response['status'] = FALSE;
|
48 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The register_globals is ON.
|
49 |
+
To fix this security issue, change the php.ini:
|
50 |
+
|
51 |
+
<br /><code>safe_mode = "off"</code>
|
52 |
+
|
53 |
+
<br />or within .htaccess:
|
54 |
+
|
55 |
+
<br /><code>php_flag safe_mode off</code>.', 'wp-hide-security-enhancer' );
|
56 |
+
$_JSON_response['actions'] = array (
|
57 |
+
'ignore' => '//--post-generated--',
|
58 |
+
'restore' => '//--post-generated--',
|
59 |
+
);
|
60 |
+
}
|
61 |
+
else
|
62 |
+
{
|
63 |
+
$_JSON_response['status'] = TRUE;
|
64 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The safe_mode is Off.', 'wp-hide-security-enhancer' );
|
65 |
+
}
|
66 |
+
|
67 |
+
return $this->return_json_response( $_JSON_response );
|
68 |
+
|
69 |
+
}
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
|
74 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_php_version.php
ADDED
@@ -0,0 +1,72 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_php_version extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'php_version';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __( 'PHP Version', 'wp-hide-security-enhancer' ),
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("Using the latest PHP version ensures the longevity of security updates. While older versions of PHP offer security updates for a time past “end of life,” the most secure option is the version that is actively maintained.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 5,
|
35 |
+
|
36 |
+
'callback' => 'scan_item_php_version',
|
37 |
+
);
|
38 |
+
}
|
39 |
+
|
40 |
+
|
41 |
+
function scan()
|
42 |
+
{
|
43 |
+
$_JSON_response = array();
|
44 |
+
|
45 |
+
$phpversion = phpversion();
|
46 |
+
|
47 |
+
$_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $phpversion;
|
48 |
+
|
49 |
+
|
50 |
+
if ( version_compare ( $phpversion, '7.0', '>=' ) )
|
51 |
+
{
|
52 |
+
$_JSON_response['status'] = TRUE;
|
53 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> You are using at least the minimum recommended PHP version.', 'wp-hide-security-enhancer' );
|
54 |
+
}
|
55 |
+
else
|
56 |
+
{
|
57 |
+
$_JSON_response['status'] = FALSE;
|
58 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> You are using an older PHP version that the minimum recommended.', 'wp-hide-security-enhancer' );
|
59 |
+
$_JSON_response['actions'] = array (
|
60 |
+
'ignore' => '//--post-generated--',
|
61 |
+
'restore' => '//--post-generated--',
|
62 |
+
);
|
63 |
+
}
|
64 |
+
|
65 |
+
return $this->return_json_response( $_JSON_response );
|
66 |
+
|
67 |
+
}
|
68 |
+
|
69 |
+
}
|
70 |
+
|
71 |
+
|
72 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_unwanted_files.php
ADDED
@@ -0,0 +1,143 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_unwanted_files extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'unwanted_files';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => __( 'Dangerours Files', 'wp-hide-security-enhancer' ),
|
30 |
+
'icon' => 'dashicons-admin-generic',
|
31 |
+
|
32 |
+
'help' => __("This security test checks for any dangerous files on your WordPress root. You should avoid keeping any unnecessary files on domain root.", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 15,
|
35 |
+
|
36 |
+
'callback' => 'scan_item_php_version',
|
37 |
+
);
|
38 |
+
}
|
39 |
+
|
40 |
+
|
41 |
+
function scan()
|
42 |
+
{
|
43 |
+
$_JSON_response = array();
|
44 |
+
|
45 |
+
$found_issue = FALSE;
|
46 |
+
|
47 |
+
$unwanted_files = array(
|
48 |
+
'wp-config.php' => array(
|
49 |
+
'regex' => '/(wp-config\.php|wp-config-sample\.php)(*SKIP)(*FAIL)|(^wp-config.*)/m',
|
50 |
+
'error_description' => ''
|
51 |
+
),
|
52 |
+
'php_errorlog' => array(
|
53 |
+
'regex' => '/php_errorlog/m',
|
54 |
+
'error_description' => ''
|
55 |
+
),
|
56 |
+
'*.log' => array(
|
57 |
+
'regex' => '/.*\.log$.*/m',
|
58 |
+
'error_description' => ''
|
59 |
+
),
|
60 |
+
'*.sql' => array(
|
61 |
+
'regex' => '/.*\.sql$.*/m',
|
62 |
+
'error_description' => ''
|
63 |
+
),
|
64 |
+
'*.bak' => array(
|
65 |
+
'regex' => '/.*\.sql$.*/m',
|
66 |
+
'error_description' => ''
|
67 |
+
),
|
68 |
+
'*.zip' => array(
|
69 |
+
'regex' => '/.*\.zip$.*/m',
|
70 |
+
'error_description' => ''
|
71 |
+
),
|
72 |
+
'*.txt' => array(
|
73 |
+
'regex' => '/(license\.txt|robots\.txt)(*SKIP)(*FAIL)|.*\.txt/m',
|
74 |
+
'error_description' => ''
|
75 |
+
),
|
76 |
+
'other php' => array(
|
77 |
+
'regex' => '/(index\.php|wp-activate\.php|wp-blog-header\.php|wp-comments-post\.php|wp-config\.php|wp-config-sample\.php|wp-cron\.php|wp-links-opml\.php|wp-load\.php|wp-login\.php|wp-mail\.php|wp-settings\.php|wp-signup\.php|wp-trackback\.php|xmlrpc\.php|wordfence-waf\.php)(*SKIP)(*FAIL)|.*\.php/m',
|
78 |
+
'error_description' => ''
|
79 |
+
)
|
80 |
+
);
|
81 |
+
|
82 |
+
$founds = array();
|
83 |
+
|
84 |
+
$files = scandir ( ABSPATH );
|
85 |
+
foreach ( $files as $file )
|
86 |
+
{
|
87 |
+
if ( ! is_file ( ABSPATH . $file ) )
|
88 |
+
continue;
|
89 |
+
|
90 |
+
foreach ( $unwanted_files as $key => $data )
|
91 |
+
{
|
92 |
+
if ( preg_match ( $data['regex'], $file ) )
|
93 |
+
{
|
94 |
+
$founds[] = array(
|
95 |
+
'type' => $key,
|
96 |
+
'value' => $file
|
97 |
+
);
|
98 |
+
break;
|
99 |
+
}
|
100 |
+
|
101 |
+
}
|
102 |
+
}
|
103 |
+
|
104 |
+
if ( count ( $founds ) > 0 )
|
105 |
+
$found_issue = TRUE;
|
106 |
+
|
107 |
+
if ( $found_issue )
|
108 |
+
{
|
109 |
+
$_JSON_response['status'] = FALSE;
|
110 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> Your WordPress root still includes dangerous files which may contain valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
|
111 |
+
$_JSON_response['description'] .= '<br /><br />' . __( 'Consider re-locating the followng files from your site root:', 'wp-hide-security-enhancer' );
|
112 |
+
$_JSON_response['description'] .= '<br /><br />';
|
113 |
+
|
114 |
+
foreach ( $founds as $data )
|
115 |
+
{
|
116 |
+
|
117 |
+
$_JSON_response['description'] .= '<p class="important">';
|
118 |
+
$_JSON_response['description'] .= '<b> <span class="dashicons dashicons-search"></span> ' . $data['value'] .'</b>';
|
119 |
+
$_JSON_response['description'] .= '</p>';
|
120 |
+
|
121 |
+
}
|
122 |
+
|
123 |
+
$_JSON_response['actions'] = array (
|
124 |
+
'ignore' => '//--post-generated--',
|
125 |
+
'restore' => '//--post-generated--',
|
126 |
+
);
|
127 |
+
|
128 |
+
}
|
129 |
+
else
|
130 |
+
{
|
131 |
+
$_JSON_response['status'] = TRUE;
|
132 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> Your WordPress root still includes dangerous files which may contain valuable pieces of information regarding your environment.', 'wp-hide-security-enhancer' );
|
133 |
+
|
134 |
+
}
|
135 |
+
|
136 |
+
return $this->return_json_response( $_JSON_response );
|
137 |
+
|
138 |
+
}
|
139 |
+
|
140 |
+
}
|
141 |
+
|
142 |
+
|
143 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_use_admin_user.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_use_admin_user extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'use_admin_user';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'User using Admin or Administrator',
|
30 |
+
'icon' => 'dashicons-admin-users',
|
31 |
+
|
32 |
+
'help' => __("When setting up a new WordPress site, many users create the default administrator account using the username `admin`.
|
33 |
+
Considering entering the dashboard requires a username and a password, using the login `admin` makes the hackers have an easier time trying to brute force in. ", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 5,
|
36 |
+
|
37 |
+
'callback' => 'scan_item_use_admin_user',
|
38 |
+
);
|
39 |
+
}
|
40 |
+
|
41 |
+
|
42 |
+
function scan()
|
43 |
+
{
|
44 |
+
$_JSON_response = array();
|
45 |
+
|
46 |
+
$args = array (
|
47 |
+
'login__in' => array ( 'admin', 'administrator' )
|
48 |
+
);
|
49 |
+
$user_query = new WP_User_Query( $args );
|
50 |
+
$found_users = $user_query->get_results();
|
51 |
+
$_JSON_response['info'] = __( 'Found users: ', 'wp-hide-security-enhancer' ) . count ( $found_users );
|
52 |
+
|
53 |
+
if ( count ( $found_users ) > 0 )
|
54 |
+
{
|
55 |
+
$_JSON_response['status'] = FALSE;
|
56 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The admin or administrator usernames were found on your system!', 'wp-hide-security-enhancer' );
|
57 |
+
$_JSON_response['actions'] = array (
|
58 |
+
'read_more' => '<a class="button" target="_blank" href="https://www.wpbeginner.com/wp-tutorials/how-to-change-your-wordpress-username/">Read More</a>',
|
59 |
+
'ignore' => '//--post-generated--',
|
60 |
+
'restore' => '//--post-generated--',
|
61 |
+
);
|
62 |
+
}
|
63 |
+
else
|
64 |
+
{
|
65 |
+
$_JSON_response['status'] = TRUE;
|
66 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>There are no admin or administrator usernames.', 'wp-hide-security-enhancer' );
|
67 |
+
}
|
68 |
+
|
69 |
+
return $this->return_json_response( $_JSON_response );
|
70 |
+
|
71 |
+
}
|
72 |
+
|
73 |
+
}
|
74 |
+
|
75 |
+
|
76 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_wp_debug.php
ADDED
@@ -0,0 +1,70 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_wp_debug extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'wp_debug';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'WP Debug',
|
30 |
+
'icon' => 'dashicons-code-standards',
|
31 |
+
|
32 |
+
'help' => __("Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins and themes.
|
33 |
+
On production sites, the debug should be disabled to avoid exposing paths and other pieces of information related to the site. ", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 5,
|
36 |
+
|
37 |
+
'callback' => 'scan_item_wp_debug',
|
38 |
+
);
|
39 |
+
}
|
40 |
+
|
41 |
+
|
42 |
+
function scan()
|
43 |
+
{
|
44 |
+
$_JSON_response = array();
|
45 |
+
|
46 |
+
$_JSON_response['info'] = __( 'Current value: ', 'wp-hide-security-enhancer' ) . ( WP_DEBUG === TRUE ? 'TRUE' : 'FALSE' );
|
47 |
+
|
48 |
+
if ( defined ( 'WP_DEBUG' ) && WP_DEBUG === TRUE )
|
49 |
+
{
|
50 |
+
$_JSON_response['status'] = FALSE;
|
51 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span>The WP_DEBUG is active. Check your site wp-config.php and comment the constant declaration.', 'wp-hide-security-enhancer' );
|
52 |
+
$_JSON_response['actions'] = array (
|
53 |
+
'ignore' => '//--post-generated--',
|
54 |
+
'restore' => '//--post-generated--',
|
55 |
+
);
|
56 |
+
}
|
57 |
+
else
|
58 |
+
{
|
59 |
+
$_JSON_response['status'] = TRUE;
|
60 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span>The WP_DEBUG is disabled.', 'wp-hide-security-enhancer' );
|
61 |
+
}
|
62 |
+
|
63 |
+
return $this->return_json_response( $_JSON_response );
|
64 |
+
|
65 |
+
}
|
66 |
+
|
67 |
+
}
|
68 |
+
|
69 |
+
|
70 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_wp_version.php
ADDED
@@ -0,0 +1,103 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_wp_version extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'wp_version';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'WordPress Version',
|
30 |
+
'icon' => 'dashicons-wordpress-alt',
|
31 |
+
|
32 |
+
'help' => __("WordPress is a permanent evolving software with regularly released security fixes. The core updates ensure the safety and efficiency of the WordPress system.
|
33 |
+
WordPress updates often include security fixes. It’s an ongoing battle since hackers find vulnerabilities all the time. It’s important to keep WordPress up to date to get the latest protections from new types of attacks.", 'wp-hide-security-enhancer'),
|
34 |
+
|
35 |
+
'score_points' => 5,
|
36 |
+
|
37 |
+
'callback' => array ( $this, 'scan' ),
|
38 |
+
'use_transient' => TRUE
|
39 |
+
);
|
40 |
+
}
|
41 |
+
|
42 |
+
|
43 |
+
function scan()
|
44 |
+
{
|
45 |
+
global $wp_version;
|
46 |
+
|
47 |
+
$_JSON_response = array();
|
48 |
+
$wp_latest = FALSE;
|
49 |
+
|
50 |
+
$_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $wp_version;
|
51 |
+
|
52 |
+
$response = wp_remote_get( 'https://api.wordpress.org/core/version-check/1.7/', array( 'sslverify' => false, 'timeout' => 10 ) );
|
53 |
+
|
54 |
+
$http_response = FALSE;
|
55 |
+
if ( ! is_wp_error( $response ) )
|
56 |
+
$http_response = $response['http_response'];
|
57 |
+
|
58 |
+
if ( ! is_array( $response ) || ! is_object( $http_response ) || $http_response->get_status() != 200 )
|
59 |
+
{
|
60 |
+
$_JSON_response['status'] = FALSE;
|
61 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> Unable to connect with WordPress API. Try again later.', 'wp-hide-security-enhancer' );
|
62 |
+
$_JSON_response['actions'] = array (
|
63 |
+
'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
|
64 |
+
'ignore' => '<a class="button read_more" target="_blank" onclick="WPH.scan_ignore_item(\''. $this->get_id() .'\')" href="javascript: void(0)">Ignore</a>',
|
65 |
+
);
|
66 |
+
|
67 |
+
return $this->return_json_response( $_JSON_response );
|
68 |
+
}
|
69 |
+
|
70 |
+
$response_body = json_decode ( $response['body'] );
|
71 |
+
if ( $response_body->offers[0] )
|
72 |
+
{
|
73 |
+
$block = $response_body->offers[0];
|
74 |
+
$wp_latest = $block->version;
|
75 |
+
}
|
76 |
+
|
77 |
+
if ( $wp_latest )
|
78 |
+
{
|
79 |
+
if ( version_compare ( $wp_version, $wp_latest, '==' ) )
|
80 |
+
{
|
81 |
+
$_JSON_response['status'] = TRUE;
|
82 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> You are up to date with the latest Wordpress version.', 'wp-hide-security-enhancer' );
|
83 |
+
}
|
84 |
+
else
|
85 |
+
{
|
86 |
+
$_JSON_response['status'] = FALSE;
|
87 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> An updated version ', 'wp-hide-security-enhancer' ) . $wp_latest . __(' of WordPress is available.', 'wp-hide-security-enhancer' );
|
88 |
+
$_JSON_response['actions'] = array (
|
89 |
+
'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
|
90 |
+
'ignore' => '//--post-generated--',
|
91 |
+
'restore' => '//--post-generated--',
|
92 |
+
);
|
93 |
+
}
|
94 |
+
}
|
95 |
+
|
96 |
+
return $this->return_json_response( $_JSON_response );
|
97 |
+
|
98 |
+
}
|
99 |
+
|
100 |
+
}
|
101 |
+
|
102 |
+
|
103 |
+
?>
|
include/admin-interfaces/security-scan/scan_item_wp_version_stability.php
ADDED
@@ -0,0 +1,110 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
|
4 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
5 |
+
|
6 |
+
class WPH_security_scan_wp_version_stability extends WPH_security_scan_item
|
7 |
+
{
|
8 |
+
var $wph;
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
$this->id = $this->get_id();
|
13 |
+
|
14 |
+
global $wph;
|
15 |
+
|
16 |
+
$this->wph = $wph;
|
17 |
+
}
|
18 |
+
|
19 |
+
public function get_id()
|
20 |
+
{
|
21 |
+
return 'wp_version_stability';
|
22 |
+
}
|
23 |
+
|
24 |
+
|
25 |
+
public function get_settings()
|
26 |
+
{
|
27 |
+
|
28 |
+
return array(
|
29 |
+
'title' => 'WordPress Version Stability',
|
30 |
+
'icon' => 'dashicons-wordpress-alt',
|
31 |
+
|
32 |
+
'help' => __("Over time, security breaches are found within the WordPress core. This option checks whenever the WordPress version deployed on your site is succeptible to a known vulenrability. ", 'wp-hide-security-enhancer'),
|
33 |
+
|
34 |
+
'score_points' => 5,
|
35 |
+
|
36 |
+
'callback' => 'scan_item_wp_version_stability',
|
37 |
+
'use_transient' => TRUE
|
38 |
+
);
|
39 |
+
}
|
40 |
+
|
41 |
+
|
42 |
+
function scan()
|
43 |
+
{
|
44 |
+
global $wp_version;
|
45 |
+
|
46 |
+
$_JSON_response = array();
|
47 |
+
$wp_stability = FALSE;
|
48 |
+
|
49 |
+
$_JSON_response['info'] = __( 'Using Version: ', 'wp-hide-security-enhancer' ) . $wp_version;
|
50 |
+
|
51 |
+
$response = wp_remote_get( 'http://api.wordpress.org/core/stable-check/1.0/', array( 'sslverify' => false, 'timeout' => 10 ) );
|
52 |
+
|
53 |
+
$http_response = FALSE;
|
54 |
+
if ( ! is_wp_error( $response ) )
|
55 |
+
$http_response = $response['http_response'];
|
56 |
+
|
57 |
+
if ( ! is_array( $response ) || ! is_object( $http_response ) || $http_response->get_status() != 200 )
|
58 |
+
{
|
59 |
+
$_JSON_response['status'] = FALSE;
|
60 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> Unable to connect with WordPress API. Try again later.', 'wp-hide-security-enhancer' );
|
61 |
+
$_JSON_response['actions'] = array (
|
62 |
+
'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
|
63 |
+
'ignore' => '//--post-generated--',
|
64 |
+
'restore' => '//--post-generated--',
|
65 |
+
);
|
66 |
+
|
67 |
+
return $this->return_json_response( $_JSON_response );
|
68 |
+
}
|
69 |
+
|
70 |
+
$response_body = json_decode ( $response['body'] );
|
71 |
+
if ( $response_body->{$wp_version} )
|
72 |
+
{
|
73 |
+
$wp_stability = $response_body->{$wp_version};
|
74 |
+
}
|
75 |
+
|
76 |
+
if ( $wp_stability )
|
77 |
+
{
|
78 |
+
if ( $wp_stability == 'latest' )
|
79 |
+
{
|
80 |
+
$_JSON_response['status'] = TRUE;
|
81 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-yes"></span> The current Wordpress version stability tag is ', 'wp-hide-security-enhancer' ) . '<b> ' . strtoupper ( $wp_stability ) .'</b> ' ;
|
82 |
+
}
|
83 |
+
else
|
84 |
+
{
|
85 |
+
$_JSON_response['status'] = FALSE;
|
86 |
+
|
87 |
+
if ( $wp_stability == 'outdated' )
|
88 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> The current Wordpress version stability tag is ', 'wp-hide-security-enhancer' ) . '<b> ' . strtoupper ( $wp_stability ) .'</b> ';
|
89 |
+
else
|
90 |
+
{
|
91 |
+
$_JSON_response['description'] = __( '<span class="dashicons dashicons-no"></span> The current Wordpress version stability tag is ', 'wp-hide-security-enhancer' ) . '<b> ' . strtoupper ( $wp_stability ) .'</b> ' . __('. This is critical and require urgent WordPress update.', 'wp-hide-security-enhancer' );
|
92 |
+
$_JSON_response['score_points'] = 20;
|
93 |
+
}
|
94 |
+
|
95 |
+
$_JSON_response['actions'] = array (
|
96 |
+
'fix' => '<a class="button-primary" target="_blank" href="'. get_dashboard_url( '', 'update-core.php', 'admin' ) .'">Fix</a>',
|
97 |
+
'ignore' => '//--post-generated--',
|
98 |
+
'restore' => '//--post-generated--',
|
99 |
+
);
|
100 |
+
}
|
101 |
+
}
|
102 |
+
|
103 |
+
return $this->return_json_response( $_JSON_response );
|
104 |
+
|
105 |
+
}
|
106 |
+
|
107 |
+
}
|
108 |
+
|
109 |
+
|
110 |
+
?>
|
include/functions.class.php
CHANGED
@@ -2606,6 +2606,25 @@
|
|
2606 |
}
|
2607 |
|
2608 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2609 |
|
2610 |
/**
|
2611 |
* Check the plugins directory and retrieve all plugin files with plugin data.
|
2606 |
}
|
2607 |
|
2608 |
|
2609 |
+
function return_component_instance( $component_class_name )
|
2610 |
+
{
|
2611 |
+
|
2612 |
+
foreach ( $this->wph->modules as $priority => $data )
|
2613 |
+
{
|
2614 |
+
if ( is_array ( $data->components ) && count ( $data->components ) > 0 )
|
2615 |
+
{
|
2616 |
+
foreach ( $data->components as $component )
|
2617 |
+
{
|
2618 |
+
if ( get_class( $component ) == $component_class_name )
|
2619 |
+
return $component;
|
2620 |
+
}
|
2621 |
+
}
|
2622 |
+
}
|
2623 |
+
|
2624 |
+
return FALSE;
|
2625 |
+
|
2626 |
+
}
|
2627 |
+
|
2628 |
|
2629 |
/**
|
2630 |
* Check the plugins directory and retrieve all plugin files with plugin data.
|
include/widgets.class.php
ADDED
@@ -0,0 +1,65 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
4 |
+
|
5 |
+
class WPH_widgets
|
6 |
+
{
|
7 |
+
var $wph;
|
8 |
+
|
9 |
+
function __construct()
|
10 |
+
{
|
11 |
+
global $wph;
|
12 |
+
$this->wph = &$wph;
|
13 |
+
}
|
14 |
+
|
15 |
+
function _get_dashboard_overview_widget_id()
|
16 |
+
{
|
17 |
+
return 'wp-hide-overview';
|
18 |
+
}
|
19 |
+
|
20 |
+
|
21 |
+
function dashboard_overview_styles()
|
22 |
+
{
|
23 |
+
wp_register_style('wph-graphs', WPH_URL . '/assets/css/graph.css');
|
24 |
+
wp_enqueue_style( 'wph-graphs');
|
25 |
+
|
26 |
+
wp_register_style('wph-security-scan', WPH_URL . '/assets/css/security-scan.css');
|
27 |
+
wp_enqueue_style( 'wph-security-scan');
|
28 |
+
|
29 |
+
wp_register_style('wph-dashboard-widget', WPH_URL . '/assets/css/dashboard-widget.css');
|
30 |
+
wp_enqueue_style( 'wph-dashboard-widget');
|
31 |
+
}
|
32 |
+
|
33 |
+
|
34 |
+
function dashboard_overview_widget_content()
|
35 |
+
{
|
36 |
+
$this->dashboard_overview_styles();
|
37 |
+
|
38 |
+
$site_scan = (array)get_site_option('wph/site_scan');
|
39 |
+
$this->wph->security_scan->render_overview( $site_scan, 'widget' );
|
40 |
+
|
41 |
+
$site_score = $this->wph->security_scan->get_site_score( $site_scan );
|
42 |
+
|
43 |
+
if ( isset ( $site_scan['last_scan'] ) && ! empty ( $site_scan['last_scan'] ) )
|
44 |
+
{
|
45 |
+
?>
|
46 |
+
<p><?php _e( 'Your curent estimated protection is', 'wp-hide-security-enhancer') ?> <b><?php _e( $site_score['protection'], 'wp-hide-security-enhancer') ?></b>.<br /><?php
|
47 |
+
|
48 |
+
echo $this->wph->security_scan->get_security_hints( $site_score, 'widget' );
|
49 |
+
|
50 |
+
?></p>
|
51 |
+
<?php
|
52 |
+
}
|
53 |
+
else
|
54 |
+
{
|
55 |
+
?>
|
56 |
+
<p><?php _e( 'Run a fist scan to determine the current protection level of your website.', 'wp-hide-security-enhancer') ?><br /><br /><a class="button button-primary" href="<?php echo network_admin_url ( 'admin.php?page=wp-hide-security-scan' ) ?>"><?php _e( 'Security Scan', 'wp-hide-security-enhancer') ?></a></p>
|
57 |
+
<?php
|
58 |
+
}
|
59 |
+
|
60 |
+
}
|
61 |
+
|
62 |
+
}
|
63 |
+
|
64 |
+
|
65 |
+
?>
|
include/wph.class.php
CHANGED
@@ -111,38 +111,40 @@
|
|
111 |
/**
|
112 |
* Filters
|
113 |
*/
|
114 |
-
add_action( 'activated_plugin',
|
115 |
|
116 |
|
117 |
//change any links within email message
|
118 |
-
add_filter('wp_mail',
|
119 |
|
120 |
//process redirects
|
121 |
-
add_action('wp_redirect',
|
122 |
//hijack a redirect on permalink change
|
123 |
-
add_action('admin_head',
|
124 |
|
125 |
-
add_action('logout_redirect',
|
126 |
|
127 |
//check if force 404 error
|
128 |
-
add_action('init',
|
129 |
|
130 |
-
add_action('admin_menu',
|
131 |
-
add_action('admin_init',
|
132 |
-
add_action('admin_print_styles',
|
|
|
|
|
133 |
|
134 |
//make sure to clear cache files on certain actions
|
135 |
-
add_action("after_switch_theme",
|
136 |
|
137 |
|
138 |
//rebuild and change uppon settings modified
|
139 |
-
add_action('wph/settings_changed',
|
140 |
|
141 |
//create the static file which contain different environment variables which will be used on router
|
142 |
-
add_action('wph/settings_changed',
|
143 |
|
144 |
//create the static file which contain different environment variables which will be used on router
|
145 |
-
add_action('admin_init',
|
146 |
|
147 |
add_action('admin_init', array($this, 'mu_loader_check'), 999);
|
148 |
|
@@ -233,7 +235,10 @@
|
|
233 |
|
234 |
//filter available for mu-plugins
|
235 |
$this->modules = apply_filters('wp-hide/loaded_modules', $this->modules);
|
236 |
-
|
|
|
|
|
|
|
237 |
|
238 |
}
|
239 |
|
@@ -390,7 +395,7 @@
|
|
390 |
if ( isset ( $_GET['page'] ) && $_GET['page'] == 'wp-hide' )
|
391 |
$first_view = 'false';
|
392 |
$menu_title = 'WP Hide';
|
393 |
-
if ( empty ( $first_view ) || $system_warning )
|
394 |
$menu_title .= ' <span class="update-plugins count-1"><span class="plugin-count">!</span></span>';
|
395 |
$hookID = add_menu_page('WP Hide', $menu_title, 'manage_options', 'wp-hide');
|
396 |
|
@@ -402,7 +407,13 @@
|
|
402 |
add_action('admin_print_styles-' . $hookID , array($setup_interface, 'admin_print_styles'));
|
403 |
add_action('admin_print_scripts-' . $hookID , array($setup_interface, 'admin_print_scripts'));
|
404 |
|
405 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
406 |
foreach($this->modules as $module)
|
407 |
{
|
408 |
$interface_menu_data = $module->get_interface_menu_data();
|
@@ -617,6 +628,26 @@
|
|
617 |
}
|
618 |
|
619 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
620 |
|
621 |
/**
|
622 |
* Buffer Callback. This is the place to replace all data
|
111 |
/**
|
112 |
* Filters
|
113 |
*/
|
114 |
+
add_action( 'activated_plugin', array($this, 'activated_plugin'), 999, 2 );
|
115 |
|
116 |
|
117 |
//change any links within email message
|
118 |
+
add_filter('wp_mail', array($this, 'apply_for_wp_mail') , 999);
|
119 |
|
120 |
//process redirects
|
121 |
+
add_action('wp_redirect', array($this, 'wp_redirect') , 999, 2);
|
122 |
//hijack a redirect on permalink change
|
123 |
+
add_action('admin_head', array($this, 'permalink_change_redirect') , 999, 2);
|
124 |
|
125 |
+
add_action('logout_redirect', array($this, 'logout_redirect') , 999, 3);
|
126 |
|
127 |
//check if force 404 error
|
128 |
+
add_action('init', array($this, 'check_for_404'));
|
129 |
|
130 |
+
add_action('admin_menu', array($this, 'admin_menus'));
|
131 |
+
add_action('admin_init', array($this, 'admin_init'), 11);
|
132 |
+
add_action('admin_print_styles', array($this, 'admin_print_styles_general' ) );
|
133 |
+
|
134 |
+
add_action('wp_dashboard_setup', array($this, 'wp_dashboard_setup' ), 999 );
|
135 |
|
136 |
//make sure to clear cache files on certain actions
|
137 |
+
add_action("after_switch_theme", array($this->functions, 'cache_clear'));
|
138 |
|
139 |
|
140 |
//rebuild and change uppon settings modified
|
141 |
+
add_action('wph/settings_changed', array($this, 'settings_changed'));
|
142 |
|
143 |
//create the static file which contain different environment variables which will be used on router
|
144 |
+
add_action('wph/settings_changed', array($this, 'set_static_environment_file'), 999);
|
145 |
|
146 |
//create the static file which contain different environment variables which will be used on router
|
147 |
+
add_action('admin_init', array($this, 'environment_check'), 999);
|
148 |
|
149 |
add_action('admin_init', array($this, 'mu_loader_check'), 999);
|
150 |
|
235 |
|
236 |
//filter available for mu-plugins
|
237 |
$this->modules = apply_filters('wp-hide/loaded_modules', $this->modules);
|
238 |
+
|
239 |
+
//load other components
|
240 |
+
include_once(WPH_PATH . '/include/admin-interfaces/security-scan.class.php');
|
241 |
+
$this->security_scan = new WPH_security_scan();
|
242 |
|
243 |
}
|
244 |
|
395 |
if ( isset ( $_GET['page'] ) && $_GET['page'] == 'wp-hide' )
|
396 |
$first_view = 'false';
|
397 |
$menu_title = 'WP Hide';
|
398 |
+
if ( empty ( $first_view ) || $system_warning || $this->security_scan->menu_warning() )
|
399 |
$menu_title .= ' <span class="update-plugins count-1"><span class="plugin-count">!</span></span>';
|
400 |
$hookID = add_menu_page('WP Hide', $menu_title, 'manage_options', 'wp-hide');
|
401 |
|
407 |
add_action('admin_print_styles-' . $hookID , array($setup_interface, 'admin_print_styles'));
|
408 |
add_action('admin_print_scripts-' . $hookID , array($setup_interface, 'admin_print_scripts'));
|
409 |
|
410 |
+
$menu_title = '<span class="wph-info">Overview→</span> Scan';
|
411 |
+
if ( $this->security_scan->menu_warning() )
|
412 |
+
$menu_title .= ' <span class="update-plugins count-1"><span class="plugin-count">!</span></span>';
|
413 |
+
$hookID = add_submenu_page( 'wp-hide', 'WP Hide', $menu_title, 'manage_options', 'wp-hide-security-scan', array( $this->security_scan,'_render' ) );
|
414 |
+
add_action('admin_print_styles-' . $hookID , array( $this->security_scan, 'admin_print_styles'));
|
415 |
+
add_action('admin_print_scripts-' . $hookID , array( $this->security_scan, 'admin_print_scripts'));
|
416 |
+
|
417 |
foreach($this->modules as $module)
|
418 |
{
|
419 |
$interface_menu_data = $module->get_interface_menu_data();
|
628 |
}
|
629 |
|
630 |
}
|
631 |
+
|
632 |
+
|
633 |
+
|
634 |
+
function wp_dashboard_setup()
|
635 |
+
{
|
636 |
+
include_once(WPH_PATH . '/include/widgets.class.php');
|
637 |
+
|
638 |
+
$WPH_widgets = new WPH_widgets();
|
639 |
+
|
640 |
+
wp_add_dashboard_widget( $WPH_widgets->_get_dashboard_overview_widget_id(), esc_html__( 'WP Hide Security Overview', 'wp-hide-security-enhancer' ), array ( $WPH_widgets, 'dashboard_overview_widget_content' ) );
|
641 |
+
|
642 |
+
global $wp_meta_boxes;
|
643 |
+
|
644 |
+
$dashboard = $wp_meta_boxes['dashboard']['normal']['core'];
|
645 |
+
$widget = array (
|
646 |
+
$WPH_widgets->_get_dashboard_overview_widget_id() => $dashboard[ $WPH_widgets->_get_dashboard_overview_widget_id() ],
|
647 |
+
);
|
648 |
+
$wp_meta_boxes['dashboard']['normal']['core'] = array_merge( $widget, $dashboard );
|
649 |
+
}
|
650 |
+
|
651 |
|
652 |
/**
|
653 |
* Buffer Callback. This is the place to replace all data
|
modules/components/general-html.php
CHANGED
@@ -238,7 +238,7 @@
|
|
238 |
if( defined('WP_ADMIN') && ( !defined('DOING_AJAX') || ( defined('DOING_AJAX') && DOING_AJAX === TRUE )) && ! apply_filters('wph/components/force_run_on_admin', FALSE, 'remove_html_new_lines' ) )
|
239 |
return;
|
240 |
|
241 |
-
add_filter('wp-hide/ob_start_callback', array($this, 'remove_html_new_lines'));
|
242 |
|
243 |
}
|
244 |
|
238 |
if( defined('WP_ADMIN') && ( !defined('DOING_AJAX') || ( defined('DOING_AJAX') && DOING_AJAX === TRUE )) && ! apply_filters('wph/components/force_run_on_admin', FALSE, 'remove_html_new_lines' ) )
|
239 |
return;
|
240 |
|
241 |
+
add_filter('wp-hide/ob_start_callback', array( $this, 'remove_html_new_lines' ));
|
242 |
|
243 |
}
|
244 |
|
modules/components/general-user-interactions.php
CHANGED
@@ -217,7 +217,7 @@
|
|
217 |
|
218 |
$disable_developer_tools = $this->wph->functions->get_module_item_setting('disable_developer_tools');
|
219 |
|
220 |
-
if ( $disable_developer_tools == 'no' || stripos ( $_SERVER['HTTP_USER_AGENT'],"iPhone") )
|
221 |
return;
|
222 |
|
223 |
wp_register_script('devtools-detect', WPH_URL . '/assets/js/devtools-detect.js');
|
@@ -242,6 +242,12 @@
|
|
242 |
if ( $disable_mouse_right_click == 'no' && $disable_text_selection == 'no' && $disable_copy_paste == 'no' && $disable_print == 'no' && $disable_print_screen == 'no' && $disable_developer_tools == 'no' && $disable_view_source == 'no' && $disable_drag_drop == 'no' )
|
243 |
return;
|
244 |
|
|
|
|
|
|
|
|
|
|
|
|
|
245 |
?>
|
246 |
<script type="text/javascript">
|
247 |
<?php
|
217 |
|
218 |
$disable_developer_tools = $this->wph->functions->get_module_item_setting('disable_developer_tools');
|
219 |
|
220 |
+
if ( $disable_developer_tools == 'no' || ( isset ( $_SERVER['HTTP_USER_AGENT'] ) && stripos ( $_SERVER['HTTP_USER_AGENT'],"iPhone") ) )
|
221 |
return;
|
222 |
|
223 |
wp_register_script('devtools-detect', WPH_URL . '/assets/js/devtools-detect.js');
|
242 |
if ( $disable_mouse_right_click == 'no' && $disable_text_selection == 'no' && $disable_copy_paste == 'no' && $disable_print == 'no' && $disable_print_screen == 'no' && $disable_developer_tools == 'no' && $disable_view_source == 'no' && $disable_drag_drop == 'no' )
|
243 |
return;
|
244 |
|
245 |
+
if ( $disable_print == 'yes' ) { ?>
|
246 |
+
<style type="text/css" media="print">
|
247 |
+
body { visibility: hidden !important; display: none !important}
|
248 |
+
</style>
|
249 |
+
<?php }
|
250 |
+
|
251 |
?>
|
252 |
<script type="text/javascript">
|
253 |
<?php
|
modules/components/rewrite-new_plugin_path.php
CHANGED
@@ -138,6 +138,10 @@
|
|
138 |
$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
|
139 |
$replace_url = trailingslashit( trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory );
|
140 |
$replacement_url = trailingslashit( trailingslashit( home_url() ) . $plugin_custom_path );
|
|
|
|
|
|
|
|
|
141 |
$this->wph->functions->add_replacement( $replace_url, $replacement_url);
|
142 |
|
143 |
}
|
@@ -195,7 +199,7 @@
|
|
195 |
$plugin_rewrite_to = $this->wph->functions->get_rewrite_to_base( trailingslashit($plugin_path) . $active_plugin_directory );
|
196 |
|
197 |
if($this->wph->server_htaccess_config === TRUE)
|
198 |
-
$rewrite .= "\nRewriteRule ^" . trailingslashit( $plugin_custom_path ) . '(.+) '. $plugin_rewrite_to .'$1 [L,QSA]';
|
199 |
|
200 |
if($this->wph->server_web_config === TRUE)
|
201 |
$rewrite .= '
|
138 |
$new_plugin_path = $this->wph->functions->untrailingslashit_all( $this->wph->functions->get_module_item_setting('new_plugin_path') );
|
139 |
$replace_url = trailingslashit( trailingslashit( WP_PLUGIN_URL ) . $active_plugin_directory );
|
140 |
$replacement_url = trailingslashit( trailingslashit( home_url() ) . $plugin_custom_path );
|
141 |
+
|
142 |
+
//replace any spaces
|
143 |
+
$replace_url = str_replace (" ", "%20", $replace_url );
|
144 |
+
|
145 |
$this->wph->functions->add_replacement( $replace_url, $replacement_url);
|
146 |
|
147 |
}
|
199 |
$plugin_rewrite_to = $this->wph->functions->get_rewrite_to_base( trailingslashit($plugin_path) . $active_plugin_directory );
|
200 |
|
201 |
if($this->wph->server_htaccess_config === TRUE)
|
202 |
+
$rewrite .= "\nRewriteRule ^" . trailingslashit( $plugin_custom_path ) . '(.+) "'. $plugin_rewrite_to .'$1" [L,QSA]';
|
203 |
|
204 |
if($this->wph->server_web_config === TRUE)
|
205 |
$rewrite .= '
|
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: nsp-code, tdgu
|
|
3 |
Donate link: https://www.nsp-code.com/
|
4 |
Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
|
5 |
Requires at least: 2.8
|
6 |
-
Tested up to: 6.1
|
7 |
-
Stable tag: 1.
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
|
@@ -388,6 +388,14 @@ Please get in touch with us and we’ll do our best to include it inthe next ver
|
|
388 |
|
389 |
== Changelog ==
|
390 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
391 |
= 1.8.8 =
|
392 |
* New component Headers -> Remove Server Header.
|
393 |
* Prevent output of "document.addEventListener" unless an user-interaction option is active.
|
3 |
Donate link: https://www.nsp-code.com/
|
4 |
Tags: wordpress hide, hide, security, secuirty headers, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
|
5 |
Requires at least: 2.8
|
6 |
+
Tested up to: 6.1.1
|
7 |
+
Stable tag: 1.9.1
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Hide WordPress, wp-content, wp-includes, wp-admin, login URL, plugins, themes etc. Block the default URLs. Security Headers etc.
|
388 |
|
389 |
== Changelog ==
|
390 |
|
391 |
+
= 1.9.1 =
|
392 |
+
* New feature - Security Scan.
|
393 |
+
* Security Scan dashboard widget
|
394 |
+
* Inform on possible LiteSpeed service restart if use such system.
|
395 |
+
* Check if HTTP_USER_AGENT environment variable exists before making comparison.
|
396 |
+
* Fix Oxigen compatibility when using the HTML Minify.
|
397 |
+
* Fix: Cache Enable static call.
|
398 |
+
|
399 |
= 1.8.8 =
|
400 |
* New component Headers -> Remove Server Header.
|
401 |
* Prevent output of "document.addEventListener" unless an user-interaction option is active.
|
wp-hide.php
CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://wp-hide.com/
|
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
-
Version: 1.
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
+
Version: 1.9.1
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|