WP Security Audit Log - Version 3.1.3

Version Description

Release Info

Developer	WPWhiteSecurity
Plugin	WP Security Audit Log
Version	3.1.3
Comparing to
See all releases

Code changes from version 3.1.2 to 3.1.3

Files changed (9) hide show

classes/AuditLogListView.php +8 -0
classes/SensorManager.php +26 -2
classes/Sensors/LogInOut.php +17 -0
classes/Views/AuditLog.php +1 -1
classes/Views/ToggleAlerts.php +14 -0
defaults.php +1 -1
js/auditlog.js +1 -0
readme.txt +14 -11
wp-security-audit-log.php +2 -2

classes/AuditLogListView.php CHANGED Viewed

	@@ -544,6 +544,14 @@ class WSAL_AuditLogListView extends WP_List_Table {
544	case '%LogFileLink%' === $name: // Failed login file link.
545	return '';
546








547	case '%LogFileText%' === $name: // Failed login file text.
548	return '<a href="#" class="wsal_download_failed_logins" data-download-nonce="' . esc_attr( wp_create_nonce( 'wsal-download-failed-logins' ) ) . '" title="' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '">' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '</a>';
549


544	case '%LogFileLink%' === $name: // Failed login file link.
545	return '';
546
547	+ case '%Attempts%' === $name: // Failed login attempts.
548	+ $check_value = (int) $value;
549	+ if ( 0 === $check_value ) {
550	+ return '';
551	+ } else {
552	+ return $value;
553	+ }
554	+
555	case '%LogFileText%' === $name: // Failed login file text.
556	return '<a href="#" class="wsal_download_failed_logins" data-download-nonce="' . esc_attr( wp_create_nonce( 'wsal-download-failed-logins' ) ) . '" title="' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '">' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '</a>';
557

classes/SensorManager.php CHANGED Viewed

	@@ -1,8 +1,22 @@
1	<?php














2	/**
3	* Sensor Manager.
4	*
5	- * This ~~Class~~ ~~load~~ all the sensors and initialize them.
6	*
7	* @package Wsal
8	*/
	@@ -32,12 +46,22 @@ final class WSAL_SensorManager extends WSAL_AbstractSensor {
32	*/
33	$upload_dir = wp_upload_dir();
34	$uploads_dir_path = trailingslashit( $upload_dir['basedir'] ) . 'wp-security-audit-log' . DIRECTORY_SEPARATOR . 'custom-sensors' . DIRECTORY_SEPARATOR;

35	// Check directory.
36	if ( is_dir( $uploads_dir_path ) && is_readable( $uploads_dir_path ) ) {
37	foreach ( glob( $uploads_dir_path . '*.php' ) as $file ) {

38	require_once( $file );
39	$file = substr( $file, 0, -4 );
40	- $~~class~~ = ~~'WSAL_Sensors_' .~~ str_replace( $uploads_dir_path, '', $file );








41	$this->AddFromClass( $class );
42	}
43	}


1	<?php
2	+ /**
3	+ * Manager: Sensor
4	+ *
5	+ * Sensor manager class file.
6	+ *
7	+ * @since 1.0.0
8	+ * @package Wsal
9	+ */
10	+
11	+ // Exit if accessed directly.
12	+ if ( ! defined( 'ABSPATH' ) ) {
13	+ exit;
14	+ }
15	+
16	/**
17	* Sensor Manager.
18	*
19	+ * This class loads all the sensors and initialize them.
20	*
21	* @package Wsal
22	*/

46	*/
47	$upload_dir = wp_upload_dir();
48	$uploads_dir_path = trailingslashit( $upload_dir['basedir'] ) . 'wp-security-audit-log' . DIRECTORY_SEPARATOR . 'custom-sensors' . DIRECTORY_SEPARATOR;
49	+
50	// Check directory.
51	if ( is_dir( $uploads_dir_path ) && is_readable( $uploads_dir_path ) ) {
52	foreach ( glob( $uploads_dir_path . '*.php' ) as $file ) {
53	+ // Include custom sensor file.
54	require_once( $file );
55	$file = substr( $file, 0, -4 );
56	+ $sensor = str_replace( $uploads_dir_path, '', $file );
57	+
58	+ // Skip if the file is index.php for security.
59	+ if ( 'index' === $sensor ) {
60	+ continue;
61	+ }
62	+
63	+ // Generate and initiate custom sensor file.
64	+ $class = 'WSAL_Sensors_' . $sensor;
65	$this->AddFromClass( $class );
66	}
67	}

classes/Sensors/LogInOut.php CHANGED Viewed

	@@ -305,6 +305,21 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
305
306	$occ_unknown = count( $occ_unknown ) ? $occ_unknown[0] : null;
307	if ( ! empty( $occ_unknown ) ) {















308	// Get users from alert.
309	$users = $occ_unknown->GetMetaValue( 'Users' );
310
	@@ -327,8 +342,10 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
327	// Log an alert for a login attempt with unknown username.
328	$this->plugin->alerts->Trigger(
329	$new_alert_code, array(

330	'Users' => $users,
331	'LogFileText' => '',

332	)
333	);
334	}


305
306	$occ_unknown = count( $occ_unknown ) ? $occ_unknown[0] : null;
307	if ( ! empty( $occ_unknown ) ) {
308	+ // Update existing record not exists user.
309	+ $this->IncrementLoginFailure( $ip, $site_id, false );
310	+
311	+ // Increase the number of attempts.
312	+ $new = $occ_unknown->GetMetaValue( 'Attempts', 0 ) + 1;
313	+
314	+ // If login attempts pass allowed number of attempts then stop increasing the attempts.
315	+ if ( -1 !== (int) $this->GetVisitorLoginFailureLogLimit()
316	+ && $new > $this->GetVisitorLoginFailureLogLimit() ) {
317	+ $new = $this->GetVisitorLoginFailureLogLimit() . '+';
318	+ }
319	+
320	+ // Update the number of login attempts.
321	+ $occ_unknown->UpdateMetaValue( 'Attempts', $new );
322	+
323	// Get users from alert.
324	$users = $occ_unknown->GetMetaValue( 'Users' );
325

342	// Log an alert for a login attempt with unknown username.
343	$this->plugin->alerts->Trigger(
344	$new_alert_code, array(
345	+ 'Attempts' => 1,
346	'Users' => $users,
347	'LogFileText' => '',
348	+ 'ClientIP' => $ip,
349	)
350	);
351	}

classes/Views/AuditLog.php CHANGED Viewed

	@@ -395,7 +395,7 @@ class WSAL_Views_AuditLog extends WSAL_AbstractView {
395	// Check if there are any users.
396	if ( ! empty( $users ) && is_array( $users ) ) {
397	// Prepare content.
398	- $content = implode( ', ', $users );
399	echo esc_html( $content );
400	} else {
401	echo esc_html__( 'No users found.', 'wp-security-audit-log' );


395	// Check if there are any users.
396	if ( ! empty( $users ) && is_array( $users ) ) {
397	// Prepare content.
398	+ $content = implode( ',', $users );
399	echo esc_html( $content );
400	} else {
401	echo esc_html__( 'No users found.', 'wp-security-audit-log' );

classes/Views/ToggleAlerts.php CHANGED Viewed

	@@ -111,6 +111,7 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
111	$this->_plugin->settings->SetVisitor404LogLimit( $post_array['visitor_404Limit'] );
112
113	$this->_plugin->settings->set_failed_login_limit( $post_array['log_failed_login_limit'] );

114	}
115	?>
116	<h2 id="wsal-tabs" class="nav-tab-wrapper">
	@@ -284,6 +285,19 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
284	</tr>
285	<?php
286	}













287	}
288	?>
289	</tbody>


111	$this->_plugin->settings->SetVisitor404LogLimit( $post_array['visitor_404Limit'] );
112
113	$this->_plugin->settings->set_failed_login_limit( $post_array['log_failed_login_limit'] );
114	+ $this->_plugin->settings->set_visitor_failed_login_limit( $post_array['log_visitor_failed_login_limit'] );
115	}
116	?>
117	<h2 id="wsal-tabs" class="nav-tab-wrapper">

285	</tr>
286	<?php
287	}
288	+ if ( 1003 === $alert->type ) {
289	+ $log_visitor_failed_login_limit = (int) $this->_plugin->GetGlobalOption( 'log-visitor-failed-login-limit', 10 );
290	+ $log_visitor_failed_login_limit = ( -1 === $log_visitor_failed_login_limit ) ? '0' : $log_visitor_failed_login_limit;
291	+ ?>
292	+ <tr>
293	+ <td></td>
294	+ <td><input name="log_visitor_failed_login_limit" type="number" class="check_visitor_log" value="<?php echo esc_attr( $log_visitor_failed_login_limit ); ?>"></td>
295	+ <td colspan="2">
296	+ <p><?php esc_html_e( 'Number of login attempts to log. Enter 0 to log all failed login attempts. (By default the plugin only logs up to 10 failed login because the process can be very resource intensive in case of a brute force attack)', 'wp-security-audit-log' ); ?></p>
297	+ </td>
298	+ </tr>
299	+ <?php
300	+ }
301	}
302	?>
303	</tbody>

defaults.php CHANGED Viewed

	@@ -418,7 +418,7 @@ function wsaldefaults_wsal_init( WpSecurityAuditLog $wsal ) {
418	array( 1000, E_NOTICE, __( 'User logged in', 'wp-security-audit-log' ), __( 'Successfully logged in.', 'wp-security-audit-log' ) ),
419	array( 1001, E_NOTICE, __( 'User logged out', 'wp-security-audit-log' ), __( 'Successfully logged out.', 'wp-security-audit-log' ) ),
420	array( 1002, E_WARNING, __( 'Login failed', 'wp-security-audit-log' ), __( '%Attempts% failed login(s) detected.', 'wp-security-audit-log' ) ),
421	- array( 1003, E_WARNING, __( 'Login failed / non existing user', 'wp-security-audit-log' ), __( '~~Failed~~ login(s) detected using non existing user. %LogFileText%', 'wp-security-audit-log' ) ),
422	array( 1004, E_WARNING, __( 'Login blocked', 'wp-security-audit-log' ), __( 'Blocked from logging in because the same WordPress user is logged in from %ClientIP%.', 'wp-security-audit-log' ) ),
423	array( 1005, E_WARNING, __( 'User logged in with existing session(s)', 'wp-security-audit-log' ), __( 'Successfully logged in. Another session from %IPAddress% for this user already exist.', 'wp-security-audit-log' ) ),
424	array( 1006, E_CRITICAL, __( 'User logged out all other sessions with the same username', 'wp-security-audit-log' ), __( 'Logged out all other sessions with the same username.', 'wp-security-audit-log' ) ),


418	array( 1000, E_NOTICE, __( 'User logged in', 'wp-security-audit-log' ), __( 'Successfully logged in.', 'wp-security-audit-log' ) ),
419	array( 1001, E_NOTICE, __( 'User logged out', 'wp-security-audit-log' ), __( 'Successfully logged out.', 'wp-security-audit-log' ) ),
420	array( 1002, E_WARNING, __( 'Login failed', 'wp-security-audit-log' ), __( '%Attempts% failed login(s) detected.', 'wp-security-audit-log' ) ),
421	+ array( 1003, E_WARNING, __( 'Login failed / non existing user', 'wp-security-audit-log' ), __( '%Attempts% failed login(s) detected using non existing user. %LogFileText%', 'wp-security-audit-log' ) ),
422	array( 1004, E_WARNING, __( 'Login blocked', 'wp-security-audit-log' ), __( 'Blocked from logging in because the same WordPress user is logged in from %ClientIP%.', 'wp-security-audit-log' ) ),
423	array( 1005, E_WARNING, __( 'User logged in with existing session(s)', 'wp-security-audit-log' ), __( 'Successfully logged in. Another session from %IPAddress% for this user already exist.', 'wp-security-audit-log' ) ),
424	array( 1006, E_CRITICAL, __( 'User logged out all other sessions with the same username', 'wp-security-audit-log' ), __( 'Logged out all other sessions with the same username.', 'wp-security-audit-log' ) ),

js/auditlog.js CHANGED Viewed

	@@ -256,6 +256,7 @@ jQuery( document ).ready( function( $ ) {
256	alert_id: alert
257	},
258	success: function( data ) {

259	// Start file download.
260	download( 'failed_logins.log', data );
261	}


256	alert_id: alert
257	},
258	success: function( data ) {
259	+ data = data.replace( /,/g, '\n' );
260	// Start file download.
261	download( 'failed_logins.log', data );
262	}

readme.txt CHANGED Viewed

	@@ -6,7 +6,7 @@ License URI: http://www.gnu.org/licenses/gpl.html
6	Tags: wordpress security plugin, wordpress security audit log, audit log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, wordpress security monitor, wordpress admin, wordpress admin monitoring, user activity, admin, multisite, dashboard, notification, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report, wordpress audit trail
7	Requires at least: 3.6
8	Tested up to: 4.9.4
9	- Stable tag: 3.1.2
10	Requires PHP: 5.3
11
12	An easy to use and comprehensive monitoring & activity log solution that keeps a log of all changes & user activity on your WordPress site.
	@@ -80,7 +80,7 @@ See our [premium features page](https://www.wpsecurityauditlog.com/premium-featu
80
81	Support for the WP Security Audit Log plugin on the WordPress forums is free.
82
83	- Premium world-class support is available via email to all [WP Security Audit Log Premium](https://www.wpsecurityauditlog.com/premium-features/) customers.
84
85	> <strong>Note</strong>: paid customers support is always given priority over free support. Paid customers support is provided via one-to-one email and over the phone. [Upgrade to Premium](https://www.wpsecurityauditlog.com/premium-features/) to benefit from priority support.
86	>
	@@ -91,7 +91,7 @@ WP Security Audit Log plugin also has a number of features that make WordPress a
91	* Built-in [support for reverse proxies and web application firewalls](http://www.wpsecurityauditlog.com/documentation/automatically-retrieve-originating-wordpress-user-ip-address/)
92	* Full [WordPress multisite support](http://www.wpsecurityauditlog.com/documentation/wordpress-multisite-plugin-features-support/)
93	* Easily [create your custom alerts](https://www.wpsecurityauditlog.com/support-documentation/create-custom-alerts-wordpress-audit-trail/) to monitor additional functionality
94	- * Developer tools including the logging of all HTTP GET and POST requests
95	* Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click
96	* Limit who can view the WordPress audit trail by either users or roles
97	* Limit who can manage the plugin by either users or roles
	@@ -101,7 +101,7 @@ WP Security Audit Log plugin also has a number of features that make WordPress a
101	* Enable or disable any security alerts
102	* and much more...
103
104	- ### As Featured On:
105
106	* [GoDaddy](https://www.godaddy.com/garage/decode-security-logs-wordpress/)
107	* [Pagely](https://pagely.com/blog/2015/01/log-wordpress-dashboard-activity-improved-security-auditing/)
	@@ -179,11 +179,14 @@ Please refer to our [Support & Documentation pages](https://www.wpsecurityauditl
179
180	== Changelog ==
181
182	- = 3.1.2(2018-03-16) =
183	-
184	- * ~~Security improvement~~
185	- * ~~Move~~ ~~log~~ ~~for~~ failed logins in ~~the~~ ~~database~~
186	- * ~~Added~~ ~~index.php~~ ~~and~~ ~~.htaccess~~ ~~files~~ to the plugin ~~upload~~ ~~directory~~ ~~(restricting~~ ~~directory~~ ~~listing)~~
187	- * ~~Above~~ ~~fixes~~ ~~applied~~ to ~~address~~ ~~potential~~ ~~information~~ ~~disclosure~~ ~~issue~~ ~~reported~~ by ~~Colette~~ ~~Chamberland, Defiant, Inc~~.
188	-



189	Refer to the [WP Security Audit Log change log](https://www.wpsecurityauditlog.com/plugin-change-log/) page for the complete change log.


6	Tags: wordpress security plugin, wordpress security audit log, audit log, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, wordpress security monitor, wordpress admin, wordpress admin monitoring, user activity, admin, multisite, dashboard, notification, wordpress monitoring, email notification, wordpress email alerts, tracking, user tracking, user activity report, wordpress audit trail
7	Requires at least: 3.6
8	Tested up to: 4.9.4
9	+ Stable tag: 3.1.3
10	Requires PHP: 5.3
11
12	An easy to use and comprehensive monitoring & activity log solution that keeps a log of all changes & user activity on your WordPress site.

80
81	Support for the WP Security Audit Log plugin on the WordPress forums is free.
82
83	+ Premium world-class support is available via email to all [WP Security Audit Log Premium](https://www.wpsecurityauditlog.com/premium-features/) customers.
84
85	> <strong>Note</strong>: paid customers support is always given priority over free support. Paid customers support is provided via one-to-one email and over the phone. [Upgrade to Premium](https://www.wpsecurityauditlog.com/premium-features/) to benefit from priority support.
86	>

91	* Built-in [support for reverse proxies and web application firewalls](http://www.wpsecurityauditlog.com/documentation/automatically-retrieve-originating-wordpress-user-ip-address/)
92	* Full [WordPress multisite support](http://www.wpsecurityauditlog.com/documentation/wordpress-multisite-plugin-features-support/)
93	* Easily [create your custom alerts](https://www.wpsecurityauditlog.com/support-documentation/create-custom-alerts-wordpress-audit-trail/) to monitor additional functionality
94	+ * Developer tools including the logging of all HTTP GET and POST requests
95	* Integration with WhatIsMyIpAddress.com so you can get all information about an IP address with just a mouse click
96	* Limit who can view the WordPress audit trail by either users or roles
97	* Limit who can manage the plugin by either users or roles

101	* Enable or disable any security alerts
102	* and much more...
103
104	+ ### As Featured On:
105
106	* [GoDaddy](https://www.godaddy.com/garage/decode-security-logs-wordpress/)
107	* [Pagely](https://pagely.com/blog/2015/01/log-wordpress-dashboard-activity-improved-security-auditing/)

179
180	== Changelog ==
181
182	+ = 3.1.3(2018-03-19) =
183	+
184	+ * Improvements
185	+ * Reintroduced the count of failed logins for non WordPress users.
186	+ * Reintroduced the setting to limit the number of failed logins by non WordPress users the plugin should keep a log of.
187	+ * Improved the formatting of the log file for usernames used in failed logins.
188	+
189	+ * Bug Fix
190	+ * Fixed issue where new restrictions in The plugin uploads directory broke the [custom alerts](https://www.wpsecurityauditlog.com/support-documentation/create-custom-alerts-wordpress-audit-trail/)
191	+
192	Refer to the [WP Security Audit Log change log](https://www.wpsecurityauditlog.com/plugin-change-log/) page for the complete change log.

wp-security-audit-log.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	* Plugin URI: http://www.wpsecurityauditlog.com/
5	* Description: Identify WordPress security issues before they become a problem. Keep track of everything happening on your WordPress including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log generates a security alert for everything that happens on your WordPress blogs and websites. Use the Audit Log Viewer included in the plugin to see all the security alerts.
6	* Author: WP White Security
7	- * Version: 3.1.2
8	* Text Domain: wp-security-audit-log
9	* Author URI: http://www.wpsecurityauditlog.com/
10	* License: GPL2
	@@ -54,7 +54,7 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
54	*
55	* @var string
56	*/
57	- public $version = '3.1.2';
58
59	// Plugin constants.
60	const PLG_CLS_PRFX = 'WSAL_';


4	* Plugin URI: http://www.wpsecurityauditlog.com/
5	* Description: Identify WordPress security issues before they become a problem. Keep track of everything happening on your WordPress including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log generates a security alert for everything that happens on your WordPress blogs and websites. Use the Audit Log Viewer included in the plugin to see all the security alerts.
6	* Author: WP White Security
7	+ * Version: 3.1.3
8	* Text Domain: wp-security-audit-log
9	* Author URI: http://www.wpsecurityauditlog.com/
10	* License: GPL2

54	*
55	* @var string
56	*/
57	+ public $version = '3.1.3';
58
59	// Plugin constants.
60	const PLG_CLS_PRFX = 'WSAL_';