Version Description
Download this release
Release Info
Developer | arshidkv12 |
Plugin | WP Limit Login Attempts |
Version | 2.6 |
Comparing to | |
See all releases |
Code changes from version 2.4.9 to 2.6
- captcha.php +12 -1
- images/banner.png +0 -0
- readme.txt +5 -5
- style.css +1 -1
- wp-limit-login-attempts.php +71 -16
captcha.php
CHANGED
@@ -1,7 +1,18 @@
|
|
1 |
<?php
|
2 |
|
3 |
// Start the session
|
4 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
|
6 |
|
7 |
// Set the content-type
|
1 |
<?php
|
2 |
|
3 |
// Start the session
|
4 |
+
function is_session_started(){
|
5 |
+
if ( php_sapi_name() !== 'cli' ) {
|
6 |
+
if ( version_compare(phpversion(), '5.4.0', '>=') ) {
|
7 |
+
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
|
8 |
+
} else {
|
9 |
+
return session_id() === '' ? FALSE : TRUE;
|
10 |
+
}
|
11 |
+
}
|
12 |
+
return FALSE;
|
13 |
+
}
|
14 |
+
|
15 |
+
if( is_session_started() === FALSE ) session_start();
|
16 |
|
17 |
|
18 |
// Set the content-type
|
images/banner.png
DELETED
Binary file
|
readme.txt
CHANGED
@@ -3,19 +3,19 @@ Contributors: arshidkv12
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=H5F3Z6S3MNTXA&lc=IN&item_name=wp%2dlogin%2dlimit&amount=5%2e00¤cy_code=USD&button_subtype=services&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, security, authentication, hack, Loginizer, admin, protection,Proxy detection, Brute Force,block,attempts,captcha,verification,bots,attack,login alerts,lock, log, logging, personal security,wordpress security,secure,wordpress,blocked,secure website, admin, atempts, attemps, Auth, authentication, ban, best security, best security pligin, best wordpress security plugin, best wp security plugin, blacklist, block address, block automatically, block user, blocked, blocked ip, botnet, error log, etempts, failed attempts, limit attempts plugin,limit of locks, limit login attempts, limited attempts, lock, lockdown,login attempt, login alerts, Login Attempts, login security, maintenance, permissions, personal security, plugin, prevent, prevention, limit login attempts, private, security plugin, protection, ettempts, maximum login security
|
5 |
Requires at least: 3.0
|
6 |
-
Tested up to: 4.7
|
7 |
-
Stable tag: 2.
|
8 |
-
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
11 |
-
Limit Login Attempts for login protection. Limit rate of login attempts and block IP temporarily. It is protecting from brute force attacks
|
12 |
|
13 |
|
14 |
== Description ==
|
15 |
|
16 |
Limit Login Attempts for login protection, protect site from brute force attacks.Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. WP Limit Login Attempts plugin limit rate of login attempts and block IP temporarily. It is detecting bots by captcha verification.
|
17 |
|
18 |
-
Go to `Settings > WP Limit Login`.
|
19 |
|
20 |
|
21 |
= Features =
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=H5F3Z6S3MNTXA&lc=IN&item_name=wp%2dlogin%2dlimit&amount=5%2e00¤cy_code=USD&button_subtype=services&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHosted
|
4 |
Tags: login, security, authentication, hack, Loginizer, admin, protection,Proxy detection, Brute Force,block,attempts,captcha,verification,bots,attack,login alerts,lock, log, logging, personal security,wordpress security,secure,wordpress,blocked,secure website, admin, atempts, attemps, Auth, authentication, ban, best security, best security pligin, best wordpress security plugin, best wp security plugin, blacklist, block address, block automatically, block user, blocked, blocked ip, botnet, error log, etempts, failed attempts, limit attempts plugin,limit of locks, limit login attempts, limited attempts, lock, lockdown,login attempt, login alerts, Login Attempts, login security, maintenance, permissions, personal security, plugin, prevent, prevention, limit login attempts, private, security plugin, protection, ettempts, maximum login security
|
5 |
Requires at least: 3.0
|
6 |
+
Tested up to: 4.7.3
|
7 |
+
Stable tag: 2.6
|
8 |
+
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
11 |
+
Limit Login Attempts for login protection. Limit rate of login attempts and block IP temporarily. It is protecting from brute force attacks..
|
12 |
|
13 |
|
14 |
== Description ==
|
15 |
|
16 |
Limit Login Attempts for login protection, protect site from brute force attacks.Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. WP Limit Login Attempts plugin limit rate of login attempts and block IP temporarily. It is detecting bots by captcha verification.
|
17 |
|
18 |
+
Go to `Settings > WP Limit Login`.
|
19 |
|
20 |
|
21 |
= Features =
|
style.css
CHANGED
@@ -64,7 +64,7 @@ font-weight: bold;
|
|
64 |
.popup_box .x{
|
65 |
float: right;
|
66 |
position: relative;
|
67 |
-
top: -
|
68 |
right: -3px;
|
69 |
width: 9px;
|
70 |
}
|
64 |
.popup_box .x{
|
65 |
float: right;
|
66 |
position: relative;
|
67 |
+
top: -14px;
|
68 |
right: -3px;
|
69 |
width: 9px;
|
70 |
}
|
wp-limit-login-attempts.php
CHANGED
@@ -1,12 +1,12 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: WP Limit Login Attempts
|
4 |
-
Plugin URI:
|
5 |
Description: Limit rate of login attempts and block ip temporarily . It is protecting from brute force attack.
|
6 |
Author: Arshid
|
7 |
-
Author URI:
|
8 |
Text Domain: wp-limit-login-attempts
|
9 |
-
Version: 2.
|
10 |
*/
|
11 |
|
12 |
/* create or update table */
|
@@ -18,7 +18,7 @@ function wp_limit_login_update_tables(){
|
|
18 |
|
19 |
$sql = "CREATE TABLE `$tablename` (
|
20 |
`login_id` INT(11) NOT NULL AUTO_INCREMENT,
|
21 |
-
`login_ip` VARCHAR(
|
22 |
`login_attempts` INT(11) NOT NULL,
|
23 |
`attempt_time` DATETIME,
|
24 |
`locked_time` VARCHAR(100) NOT NULL,
|
@@ -33,21 +33,22 @@ function wp_limit_login_update_tables(){
|
|
33 |
add_option( 'limit_login_attepts_delay_time', '10', '', 'yes' );
|
34 |
add_option( 'limit_login_attepts_captcha', '3', '', 'yes' );
|
35 |
add_option( 'limit_login_captcha', 'checked', '', 'yes');
|
|
|
36 |
}
|
37 |
|
38 |
-
|
39 |
register_deactivation_hook(__FILE__,'wp_limit_login_deactivation');
|
40 |
function wp_limit_login_deactivation(){
|
41 |
error_log("Plugin deactivated..!");
|
42 |
}
|
43 |
-
|
44 |
-
|
45 |
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
add_action( 'login_enqueue_scripts', 'wp_limit_login_stylesheet');
|
52 |
add_action('plugins_loaded', 'wp_limit_login_init', 99999);
|
53 |
function wp_limit_login_init(){
|
@@ -75,7 +76,7 @@ function wp_limit_login_init(){
|
|
75 |
function wp_limit_login_head(){
|
76 |
|
77 |
/* check captcha input */
|
78 |
-
if(!isset($_SESSION["popup_flag"])){
|
79 |
|
80 |
$_SESSION["popup_flag"] = "first" ;
|
81 |
}
|
@@ -123,6 +124,7 @@ function wp_limit_login_init(){
|
|
123 |
global $msg,$ip,$wpdb;
|
124 |
if ($_SESSION["popup_flag"] == "true_0152"){
|
125 |
$ip = getip();
|
|
|
126 |
$tablename = $wpdb->prefix."limit_login";
|
127 |
$tablerows = $wpdb->get_results( "SELECT `login_id`, `login_ip`,`login_attempts`,`attempt_time`,`locked_time` FROM `$tablename` WHERE `login_ip` = '$ip' ORDER BY `login_id` DESC LIMIT 1 " );
|
128 |
|
@@ -335,16 +337,30 @@ function wp_limit_login_auth_signon( $user, $username, $password ) {
|
|
335 |
|
336 |
|
337 |
function getip(){
|
338 |
-
|
|
|
339 |
$ip =esc_sql($_SERVER['HTTP_CLIENT_IP']);
|
340 |
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
341 |
$ip = esc_sql($_SERVER['HTTP_X_FORWARDED_FOR']);
|
342 |
} else {
|
343 |
$ip = esc_sql($_SERVER['REMOTE_ADDR']);
|
344 |
if($ip=='::1'){
|
345 |
-
|
|
|
346 |
}
|
347 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
348 |
return $ip;
|
349 |
}
|
350 |
|
@@ -445,4 +461,43 @@ function wp_limit_login_settings_link($links) {
|
|
445 |
$plugin = plugin_basename(__FILE__);
|
446 |
add_filter("plugin_action_links_$plugin", 'wp_limit_login_settings_link' );
|
447 |
|
448 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: WP Limit Login Attempts
|
4 |
+
Plugin URI: https://ciphercoin.com/
|
5 |
Description: Limit rate of login attempts and block ip temporarily . It is protecting from brute force attack.
|
6 |
Author: Arshid
|
7 |
+
Author URI: https://ciphercoin.com
|
8 |
Text Domain: wp-limit-login-attempts
|
9 |
+
Version: 2.6
|
10 |
*/
|
11 |
|
12 |
/* create or update table */
|
18 |
|
19 |
$sql = "CREATE TABLE `$tablename` (
|
20 |
`login_id` INT(11) NOT NULL AUTO_INCREMENT,
|
21 |
+
`login_ip` VARCHAR(50) NOT NULL,
|
22 |
`login_attempts` INT(11) NOT NULL,
|
23 |
`attempt_time` DATETIME,
|
24 |
`locked_time` VARCHAR(100) NOT NULL,
|
33 |
add_option( 'limit_login_attepts_delay_time', '10', '', 'yes' );
|
34 |
add_option( 'limit_login_attepts_captcha', '3', '', 'yes' );
|
35 |
add_option( 'limit_login_captcha', 'checked', '', 'yes');
|
36 |
+
add_option( 'limit_login_install_date', date('Y-m-d G:i:s'), '', 'yes');
|
37 |
}
|
38 |
|
39 |
+
/*** plugin deactivation ***/
|
40 |
register_deactivation_hook(__FILE__,'wp_limit_login_deactivation');
|
41 |
function wp_limit_login_deactivation(){
|
42 |
error_log("Plugin deactivated..!");
|
43 |
}
|
44 |
+
/*** Plugin Style ****/
|
45 |
+
function wp_limit_login_stylesheet() {
|
46 |
|
47 |
+
wp_enqueue_script( 'login_captcha_script', '//code.jquery.com/jquery-1.8.2.js',1);
|
48 |
+
wp_enqueue_style( 'login_captcha_style', plugin_dir_url( __FILE__ ) . 'style.css');
|
49 |
+
wp_enqueue_script( 'login_captcha_main_script', plugin_dir_url( __FILE__ ). 'js/main.js',2);
|
50 |
+
}
|
51 |
+
/*** Plugin main functions ***/
|
52 |
add_action( 'login_enqueue_scripts', 'wp_limit_login_stylesheet');
|
53 |
add_action('plugins_loaded', 'wp_limit_login_init', 99999);
|
54 |
function wp_limit_login_init(){
|
76 |
function wp_limit_login_head(){
|
77 |
|
78 |
/* check captcha input */
|
79 |
+
if(!isset($_SESSION["popup_flag"]) && empty($_SESSION["popup_flag"])){
|
80 |
|
81 |
$_SESSION["popup_flag"] = "first" ;
|
82 |
}
|
124 |
global $msg,$ip,$wpdb;
|
125 |
if ($_SESSION["popup_flag"] == "true_0152"){
|
126 |
$ip = getip();
|
127 |
+
|
128 |
$tablename = $wpdb->prefix."limit_login";
|
129 |
$tablerows = $wpdb->get_results( "SELECT `login_id`, `login_ip`,`login_attempts`,`attempt_time`,`locked_time` FROM `$tablename` WHERE `login_ip` = '$ip' ORDER BY `login_id` DESC LIMIT 1 " );
|
130 |
|
337 |
|
338 |
|
339 |
function getip(){
|
340 |
+
|
341 |
+
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
342 |
$ip =esc_sql($_SERVER['HTTP_CLIENT_IP']);
|
343 |
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
344 |
$ip = esc_sql($_SERVER['HTTP_X_FORWARDED_FOR']);
|
345 |
} else {
|
346 |
$ip = esc_sql($_SERVER['REMOTE_ADDR']);
|
347 |
if($ip=='::1'){
|
348 |
+
//$ip = '127.0.0.1';
|
349 |
+
$ip = '127.0.1.6';
|
350 |
}
|
351 |
}
|
352 |
+
|
353 |
+
if( (!isset($_SESSION["IP_hash"]) ) && (empty($_SESSION["IP_hash"]) ) ){
|
354 |
+
|
355 |
+
$_SESSION["IP_hash"] = md5( $ip );
|
356 |
+
}else{
|
357 |
+
|
358 |
+
if( !empty($_SESSION["IP_hash"]) && ( $_SESSION["IP_hash"] != md5( $ip ) ) ){
|
359 |
+
|
360 |
+
session_unset();
|
361 |
+
}
|
362 |
+
}
|
363 |
+
|
364 |
return $ip;
|
365 |
}
|
366 |
|
461 |
$plugin = plugin_basename(__FILE__);
|
462 |
add_filter("plugin_action_links_$plugin", 'wp_limit_login_settings_link' );
|
463 |
|
464 |
+
/* Display a notice that can be dismissed */
|
465 |
+
add_action('admin_notices', 'limit_login_admin_notice');
|
466 |
+
|
467 |
+
function limit_login_admin_notice() {
|
468 |
+
|
469 |
+
$install_date = get_option( 'limit_login_install_date', '');
|
470 |
+
$install_date = date_create( $install_date );
|
471 |
+
$date_now = date_create( date('Y-m-d G:i:s') );
|
472 |
+
$date_diff = date_diff( $install_date, $date_now );
|
473 |
+
|
474 |
+
if ( $date_diff->format("%d") <= 7 ) {
|
475 |
+
|
476 |
+
return false;
|
477 |
+
}
|
478 |
+
|
479 |
+
global $current_user ;
|
480 |
+
$user_id = $current_user->ID;
|
481 |
+
|
482 |
+
if ( ! get_user_meta($user_id, 'limit_login_rating_ignore_notice' ) ) {
|
483 |
+
|
484 |
+
echo '<div class="updated"><p>';
|
485 |
+
|
486 |
+
printf(__('Awesome, you\'ve been using <a href="options-general.php?page=wp-limit-login-attempts">WP Limit Login Attempts Plugin</a> for more than 1 week. May we ask you to give it a 5-star rating on WordPress? | <a href="%2$s" target="_blank">Ok, you deserved it</a> | <a href="%1$s">I alredy did</a> | <a href="%1$s">No, not good enough</a>'), 'options-general.php?page=wp-limit-login-attempts&wp_limit_login_rating_ignore=0','https://wordpress.org/plugins/wp-limit-login-attempts/');
|
487 |
+
echo "</p></div>";
|
488 |
+
}
|
489 |
+
}
|
490 |
+
|
491 |
+
add_action('admin_init', 'wp_limit_login_rating_ignore');
|
492 |
+
|
493 |
+
function wp_limit_login_rating_ignore() {
|
494 |
+
global $current_user;
|
495 |
+
$user_id = $current_user->ID;
|
496 |
+
|
497 |
+
if ( isset($_GET['wp_limit_login_rating_ignore']) && '0' == $_GET['wp_limit_login_rating_ignore'] ) {
|
498 |
+
|
499 |
+
add_user_meta($user_id, 'limit_login_rating_ignore_notice', 'true', true);
|
500 |
+
}
|
501 |
+
}
|
502 |
+
|
503 |
+
?>
|