WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content - Version 5.7.9

Version Description

  • Improved HTTP challenge verification
Download this release

Release Info

Developer gowebsmarty
Plugin Icon wp plugin WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content
Version 5.7.9
Comparing to
See all releases

Code changes from version 5.7.8 to 5.7.9

Files changed (4) hide show
  1. admin/le_admin.php +28 -5
  2. lib/LEFunctions.php +20 -3
  3. readme.txt +5 -2
  4. wp-letsencrypt.php +2 -2
admin/le_admin.php CHANGED
@@ -1267,9 +1267,9 @@ class WPLE_Admin
1267
 
1268
  $counter = get_option( 'wple_failed_verification' );
1269
  foreach ( $httpch as $index => $ch ) {
 
1270
 
1271
  if ( $counter >= 8 ) {
1272
- $fpath = ABSPATH . '.well-known/acme-challenge/';
1273
  if ( !file_exists( $fpath ) ) {
1274
  mkdir( $fpath, 0775, true );
1275
  }
@@ -1284,9 +1284,19 @@ class WPLE_Admin
1284
  file_put_contents( $acmefilepath, trim( $ch['value'] ) );
1285
  }
1286
 
1287
- $check = LEFunctions::checkHTTPChallenge( $domain, $ch['file'], $ch['value'] );
 
 
 
 
 
 
 
 
 
 
1288
 
1289
- if ( !$check ) {
1290
 
1291
  if ( FALSE === $counter ) {
1292
  update_option( 'wple_failed_verification', 1 );
@@ -1295,7 +1305,7 @@ class WPLE_Admin
1295
  }
1296
 
1297
  WPLE_Trait::wple_logger(
1298
- "HTTP challenge file (" . $ch['file'] . ") checked locally - found invalid",
1299
  'success',
1300
  'a',
1301
  false
@@ -1313,6 +1323,19 @@ class WPLE_Admin
1313
  }
1314
 
1315
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
1316
  WPLE_Trait::wple_logger(
1317
  "Local check - All HTTP challenges verified\n",
1318
  'success',
@@ -1769,7 +1792,7 @@ class WPLE_Admin
1769
  $ruleset = "<IfModule mod_rewrite.c>" . "\n";
1770
  $ruleset .= "RewriteEngine on" . "\n";
1771
  $ruleset .= "RewriteCond %{HTTPS} =on [NC]" . "\n";
1772
- $ruleset .= "RewriteRule ^(.*)\$ http://%{HTTP_HOST}%{REQUEST_FILENAME} [R=301,L]" . "\n";
1773
  $ruleset .= "</IfModule>" . "\n";
1774
  insert_with_markers( $dir, 'WP_Encryption', $ruleset );
1775
  }
1267
 
1268
  $counter = get_option( 'wple_failed_verification' );
1269
  foreach ( $httpch as $index => $ch ) {
1270
+ $fpath = ABSPATH . '.well-known/acme-challenge/';
1271
 
1272
  if ( $counter >= 8 ) {
 
1273
  if ( !file_exists( $fpath ) ) {
1274
  mkdir( $fpath, 0775, true );
1275
  }
1284
  file_put_contents( $acmefilepath, trim( $ch['value'] ) );
1285
  }
1286
 
1287
+ $check = LEFunctions::checkHTTPChallenge(
1288
+ $domain,
1289
+ $ch['file'],
1290
+ $ch['value'],
1291
+ true
1292
+ );
1293
+ if ( $check == 200 ) {
1294
+ if ( file_exists( $fpath . $ch['file'] ) ) {
1295
+ $check = 2;
1296
+ }
1297
+ }
1298
 
1299
+ if ( $check == false ) {
1300
 
1301
  if ( FALSE === $counter ) {
1302
  update_option( 'wple_failed_verification', 1 );
1305
  }
1306
 
1307
  WPLE_Trait::wple_logger(
1308
+ "HTTP challenge file (" . $domain . "/.well-known/acme-challenge/" . $ch['file'] . ") checked locally - found invalid",
1309
  'success',
1310
  'a',
1311
  false
1323
  }
1324
 
1325
  }
1326
+
1327
+ if ( $check == 2 ) {
1328
+ WPLE_Trait::wple_logger(
1329
+ "Local check - Found challenge file in acme-challenge => proceeding to ACME verification\n",
1330
+ 'success',
1331
+ 'a',
1332
+ false
1333
+ );
1334
+ delete_option( 'wple_failed_verification' );
1335
+ echo 1 ;
1336
+ exit;
1337
+ }
1338
+
1339
  WPLE_Trait::wple_logger(
1340
  "Local check - All HTTP challenges verified\n",
1341
  'success',
1792
  $ruleset = "<IfModule mod_rewrite.c>" . "\n";
1793
  $ruleset .= "RewriteEngine on" . "\n";
1794
  $ruleset .= "RewriteCond %{HTTPS} =on [NC]" . "\n";
1795
+ $ruleset .= "RewriteRule ^(.*)\$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]" . "\n";
1796
  $ruleset .= "</IfModule>" . "\n";
1797
  insert_with_markers( $dir, 'WP_Encryption', $ruleset );
1798
  }
lib/LEFunctions.php CHANGED
@@ -185,10 +185,12 @@ class LEFunctions
185
  *
186
  * @return boolean Returns true if the challenge is valid, false if not.
187
  */
188
- public static function checkHTTPChallenge($domain, $token, $keyAuthorization)
189
  {
190
  if (!stripos($domain, 'http')) {
191
  $domain = 'http://' . $domain;
 
 
192
  }
193
 
194
  $requestURL = $domain . '/.well-known/acme-challenge/' . $token;
@@ -205,14 +207,29 @@ class LEFunctions
205
  CURLOPT_SSL_VERIFYPEER => false,
206
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
207
  CURLOPT_CUSTOMREQUEST => "GET",
208
- CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'
209
  ));
210
 
211
  $response = trim(curl_exec($curl));
 
 
212
 
213
  curl_close($curl);
214
 
215
- return (!empty($response) && $response == $keyAuthorization);
 
 
 
 
 
 
 
 
 
 
 
 
 
216
  }
217
 
218
  /**
185
  *
186
  * @return boolean Returns true if the challenge is valid, false if not.
187
  */
188
+ public static function checkHTTPChallenge($domain, $token, $keyAuthorization, $returncode = false)
189
  {
190
  if (!stripos($domain, 'http')) {
191
  $domain = 'http://' . $domain;
192
+ } else {
193
+ $domain = str_ireplace('https:', 'http:', $domain);
194
  }
195
 
196
  $requestURL = $domain . '/.well-known/acme-challenge/' . $token;
207
  CURLOPT_SSL_VERIFYPEER => false,
208
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
209
  CURLOPT_CUSTOMREQUEST => "GET",
210
+ //CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'
211
  ));
212
 
213
  $response = trim(curl_exec($curl));
214
+ //$final_url = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
215
+ $httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
216
 
217
  curl_close($curl);
218
 
219
+ if (!empty($response) && $response == $keyAuthorization) {
220
+ return true;
221
+ } else {
222
+
223
+ //if(FALSE !== stripos($final_url, 'public_html')){
224
+ //LEFunctions::log("Could not verify challenge code in above http challenge file. Trying again with advanced technique!.\n");
225
+ //}
226
+
227
+ if ($returncode) {
228
+ return $httpcode;
229
+ }
230
+
231
+ return false;
232
+ }
233
  }
234
 
235
  /**
readme.txt CHANGED
@@ -1,11 +1,11 @@
1
  === WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content ===
2
  Contributors: gowebsmarty, gwsharsha
3
- Tags: ssl,install ssl,https,add ssl,ssl certificate,https redirect,free ssl,force https,mixed content,insecure content,enable ssl
4
  Requires at least: 4.2
5
  License: GPL3
6
  Tested up to: 5.9
7
  Requires PHP: 5.4
8
- Stable tag: 5.7.8
9
 
10
  SSL for lifetime - Install free SSL certificate & enable SSL / HTTPS, secure mail w/ HTTPS, HTTPS redirect, fix SSL errors, SSL score, insecure content scanner, download SSL certificate, know your active SSL details.
11
 
@@ -199,6 +199,9 @@ Security is an important subject regarding SSL/TLS certificates, of course. It i
199
 
200
  == Changelog ==
201
 
 
 
 
202
  = 5.7.8 =
203
  * Active SSL info block for SSL health page to show installed SSL details
204
  * Sleep before ACME DNS verification
1
  === WP Encryption - One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content ===
2
  Contributors: gowebsmarty, gwsharsha
3
+ Tags: ssl,https redirect,ssl certificate,free ssl,https,add ssl,install ssl,force https,mixed content,insecure content,enable ssl
4
  Requires at least: 4.2
5
  License: GPL3
6
  Tested up to: 5.9
7
  Requires PHP: 5.4
8
+ Stable tag: 5.7.9
9
 
10
  SSL for lifetime - Install free SSL certificate & enable SSL / HTTPS, secure mail w/ HTTPS, HTTPS redirect, fix SSL errors, SSL score, insecure content scanner, download SSL certificate, know your active SSL details.
11
 
199
 
200
  == Changelog ==
201
 
202
+ = 5.7.9 =
203
+ * Improved HTTP challenge verification
204
+
205
  = 5.7.8 =
206
  * Active SSL info block for SSL health page to show installed SSL details
207
  * Sleep before ACME DNS verification
wp-letsencrypt.php CHANGED
@@ -7,7 +7,7 @@
7
  * Plugin Name: WP Encryption - One Click SSL & Force HTTPS
8
  * Plugin URI: https://wpencryption.com
9
  * Description: Secure your WordPress site with free SSL certificate and force HTTPS throughout the site. Just activating this plugin won't help! - Please run the SSL install form of WP Encryption found on left panel.
10
- * Version: 5.7.8
11
  * Author: Go Web Smarty
12
  * Author URI: https://wpencryption.com
13
  * License: GNU General Public License v3.0
@@ -33,7 +33,7 @@ if ( !defined( 'ABSPATH' ) ) {
33
  /**
34
  * Definitions
35
  */
36
- define( 'WPLE_PLUGIN_VERSION', '5.7.8' );
37
  define( 'WPLE_BASE', plugin_basename( __FILE__ ) );
38
  define( 'WPLE_DIR', plugin_dir_path( __FILE__ ) );
39
  define( 'WPLE_URL', plugin_dir_url( __FILE__ ) );
7
  * Plugin Name: WP Encryption - One Click SSL & Force HTTPS
8
  * Plugin URI: https://wpencryption.com
9
  * Description: Secure your WordPress site with free SSL certificate and force HTTPS throughout the site. Just activating this plugin won't help! - Please run the SSL install form of WP Encryption found on left panel.
10
+ * Version: 5.7.9
11
  * Author: Go Web Smarty
12
  * Author URI: https://wpencryption.com
13
  * License: GNU General Public License v3.0
33
  /**
34
  * Definitions
35
  */
36
+ define( 'WPLE_PLUGIN_VERSION', '5.7.9' );
37
  define( 'WPLE_BASE', plugin_basename( __FILE__ ) );
38
  define( 'WPLE_DIR', plugin_dir_path( __FILE__ ) );
39
  define( 'WPLE_URL', plugin_dir_url( __FILE__ ) );