WP Security Audit Log - Version 3.5

Version Description

(2019-09-12) =

  • New Features

    • 3 new front-end sensors that can be individually enabled / disabled individually (used for front end activity, such as logins from non-default WordPress login page).

  • Improvements

    • Improved the hide plugin feature: number of installed plugins is also adjusted when plugin is hidden.
    • Added new steps in the wizard to help users configure the front-end sensors when they install the plugin.
    • Plugin keeps log of stock changes when orders are placed manually or items in orders are changed (WooCommerce Activity Log).
    • Removed event ID 2126 (visitor posted a comment): noticed almost all users disable it since this is trivial information / change.

  • Bug Fixes

    • Plugin was not reporting correct product name & stock quantity when WooCommerce Tab Manager was installed.
    • Mirroring cron jobs not firing / not copying logs to mirror.
    • Unhandled error when using custom login pages.
Download this release

Release Info

Developer WPWhiteSecurity
Plugin Icon 128x128 WP Security Audit Log
Version 3.5
Comparing to
See all releases

Code changes from version 3.4.3.1 to 3.5

Files changed (19) hide show
  1. classes/AlertManager.php +1 -3
  2. classes/SensorManager.php +59 -5
  3. classes/Sensors/FrontendLogin.php +50 -0
  4. classes/Sensors/FrontendRegister.php +51 -0
  5. classes/Sensors/FrontendSystem.php +279 -0
  6. classes/Sensors/FrontendWooCommerce.php +293 -0
  7. classes/Sensors/LogInOut.php +7 -4
  8. classes/Sensors/Public.php +55 -294
  9. classes/Sensors/WooCommerce.php +1 -1
  10. classes/Settings.php +34 -1
  11. classes/ViewManager.php +15 -0
  12. classes/Views/FrontendSetupWizard.php +511 -0
  13. classes/Views/SetupWizard.php +166 -17
  14. classes/Views/ToggleAlerts.php +135 -77
  15. css/dist/wsal-wizard.build.css +3 -1
  16. css/src/wsal-wizard.scss +5 -0
  17. languages/wp-security-audit-log.pot +395 -260
  18. readme.txt +17 -28
  19. wp-security-audit-log.php +116 -84
classes/AlertManager.php CHANGED
@@ -135,6 +135,7 @@ final class WSAL_AlertManager {
135
  'shop_order', // WooCommerce Order CPT.
136
  'shop_order_refund', // WooCommerce Order Refund CPT.
137
  'product_variation', // WooCommerce Product Variation CPT.
 
138
  )
139
  );
140
 
@@ -445,9 +446,6 @@ final class WSAL_AlertManager {
445
  */
446
  public function IsEnabled( $type ) {
447
  $disabled_events = $this->GetDisabledAlerts();
448
- if ( 'no' !== $this->plugin->GetGlobalOption( 'disable-visitor-events', 'no' ) ) {
449
- $disabled_events = array_merge( $disabled_events, $this->get_public_events() );
450
- }
451
  return ! in_array( $type, $disabled_events, true );
452
  }
453
 
135
  'shop_order', // WooCommerce Order CPT.
136
  'shop_order_refund', // WooCommerce Order Refund CPT.
137
  'product_variation', // WooCommerce Product Variation CPT.
138
+ 'wc_product_tab', // WooCommerce Product Tab CPT.
139
  )
140
  );
141
 
446
  */
447
  public function IsEnabled( $type ) {
448
  $disabled_events = $this->GetDisabledAlerts();
 
 
 
449
  return ! in_array( $type, $disabled_events, true );
450
  }
451
 
classes/SensorManager.php CHANGED
@@ -40,6 +40,11 @@ final class WSAL_SensorManager extends WSAL_AbstractSensor {
40
  // Check sensors before loading for optimization.
41
  add_filter( 'wsal_before_sensor_load', array( $this, 'check_sensor_before_load' ), 10, 2 );
42
 
 
 
 
 
 
43
  foreach ( glob( dirname( __FILE__ ) . '/Sensors/*.php' ) as $file ) {
44
  $this->AddFromFile( $file );
45
  }
@@ -177,9 +182,16 @@ final class WSAL_SensorManager extends WSAL_AbstractSensor {
177
  // Get file name.
178
  $filename = basename( $filepath, '.php' );
179
 
180
- // Load LogInOut sensor on login page.
181
- if ( 'wp-login.php' === $pagenow && 'LogInOut' === $filename ) {
182
- return true;
 
 
 
 
 
 
 
183
  }
184
 
185
  /**
@@ -193,8 +205,9 @@ final class WSAL_SensorManager extends WSAL_AbstractSensor {
193
  *
194
  * @param array $public_sensors - List of sensors to be loaded for visitors.
195
  */
196
- $public_sensors = apply_filters( 'wsal_load_public_sensors', array( 'Public', 'LogInOut' ) );
197
- if ( ! is_admin() && ! is_user_logged_in() && ! in_array( $filename, $public_sensors, true ) ) {
 
198
  return false;
199
  }
200
 
@@ -279,10 +292,51 @@ final class WSAL_SensorManager extends WSAL_AbstractSensor {
279
  }
280
  break;
281
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
282
  default:
283
  break;
284
  }
285
  }
286
  return $load_sensor;
287
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
288
  }
40
  // Check sensors before loading for optimization.
41
  add_filter( 'wsal_before_sensor_load', array( $this, 'check_sensor_before_load' ), 10, 2 );
42
 
43
+ if ( doing_action( 'wp_loaded' ) && ! is_user_logged_in() && WpSecurityAuditLog::is_frontend() && ! WpSecurityAuditLog::is_rest_api() && WpSecurityAuditLog::should_load_frontend() ) {
44
+ // If WSAL loads on `wp_loaded` hook, then hook the following to see if need to load frontend 404 sensor or not.
45
+ add_action( 'wp', array( $this, 'load_frontend_system_sensor' ) );
46
+ }
47
+
48
  foreach ( glob( dirname( __FILE__ ) . '/Sensors/*.php' ) as $file ) {
49
  $this->AddFromFile( $file );
50
  }
182
  // Get file name.
183
  $filename = basename( $filepath, '.php' );
184
 
185
+ $frontend_events = $this->plugin->settings->get_frontend_events();
186
+
187
+ // Check to see if LogInOut, FrontendLogin, and FrontendRegister sensors should load on login page.
188
+ if ( WpSecurityAuditLog::is_login_screen() ) {
189
+ if ( 'FrontendRegister' === $filename && ! empty( $frontend_events['register'] ) ) {
190
+ return true;
191
+ } elseif ( 'LogInOut' === $filename ) {
192
+ return true;
193
+ }
194
+ return false; // Any other sensor should not load here.
195
  }
196
 
197
  /**
205
  *
206
  * @param array $public_sensors - List of sensors to be loaded for visitors.
207
  */
208
+ $public_sensors = apply_filters( 'wsal_load_public_sensors', array( 'FrontendLogin', 'FrontendSystem', 'FrontendRegister', 'FrontendWooCommerce' ) );
209
+
210
+ if ( WpSecurityAuditLog::is_frontend() && ! is_user_logged_in() && ! in_array( $filename, $public_sensors, true ) ) {
211
  return false;
212
  }
213
 
292
  }
293
  break;
294
 
295
+ case 'FrontendWooCommerce':
296
+ if ( is_user_logged_in() || ! WpSecurityAuditLog::is_woocommerce_active() || empty( $frontend_events['woocommerce'] ) ) {
297
+ $load_sensor = false;
298
+ }
299
+ break;
300
+
301
+ case 'FrontendRegister':
302
+ if ( is_user_logged_in() || empty( $frontend_events['register'] ) ) {
303
+ $load_sensor = false;
304
+ }
305
+ break;
306
+
307
+ case 'FrontendLogin':
308
+ if ( is_user_logged_in() || empty( $frontend_events['login'] ) ) {
309
+ $load_sensor = false;
310
+ }
311
+ break;
312
+
313
+ case 'FrontendSystem':
314
+ if ( is_user_logged_in() || empty( $frontend_events['system'] ) ) {
315
+ $load_sensor = false;
316
+ } elseif ( ! is_404() ) {
317
+ $load_sensor = false;
318
+ }
319
+ break;
320
+
321
  default:
322
  break;
323
  }
324
  }
325
  return $load_sensor;
326
  }
327
+
328
+ /**
329
+ * Lazy load frontend system sensor to detect 404 errors.
330
+ * This is because our plugin loads a bit early on the
331
+ * frontend, i.e., just before setting up wp query.
332
+ */
333
+ public function load_frontend_system_sensor() {
334
+ $frontend_events = $this->plugin->settings->get_frontend_events();
335
+
336
+ if ( ! empty( $frontend_events['system'] ) && is_404() ) {
337
+ $sensor = new WSAL_Sensors_FrontendSystem( $this->plugin );
338
+ $this->AddInstance( $sensor );
339
+ $sensor->HookEvents();
340
+ }
341
+ }
342
  }
classes/Sensors/FrontendLogin.php ADDED
@@ -0,0 +1,50 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Frontend user login sensor.
4
+ *
5
+ * @package wsal
6
+ */
7
+
8
+ if ( ! defined( 'ABSPATH' ) ) {
9
+ exit; // Exit if accessed directly.
10
+ }
11
+
12
+ /**
13
+ * Frontend user login sensor.
14
+ */
15
+ class WSAL_Sensors_FrontendLogin extends WSAL_AbstractSensor {
16
+
17
+ /**
18
+ * Listening to events using WP hooks.
19
+ */
20
+ public function HookEvents() {
21
+ add_action( 'wp_login', array( $this, 'event_login' ), 10, 2 );
22
+ }
23
+
24
+ /**
25
+ * Event Login.
26
+ *
27
+ * @param string $user_login - Username.
28
+ * @param object $user - WP_User object.
29
+ */
30
+ public function event_login( $user_login, $user ) {
31
+ if ( empty( $user ) ) {
32
+ $user = get_user_by( 'login', $user_login );
33
+ }
34
+
35
+ $user_roles = $this->plugin->settings->GetCurrentUserRoles( $user->roles );
36
+
37
+ if ( $this->plugin->settings->IsLoginSuperAdmin( $user_login ) ) {
38
+ $user_roles[] = 'superadmin';
39
+ }
40
+
41
+ $this->plugin->alerts->Trigger(
42
+ 1000,
43
+ array(
44
+ 'Username' => $user_login,
45
+ 'CurrentUserRoles' => $user_roles,
46
+ ),
47
+ true
48
+ );
49
+ }
50
+ }
classes/Sensors/FrontendRegister.php ADDED
@@ -0,0 +1,51 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Frontend user registeration sensor.
4
+ *
5
+ * @package wsal
6
+ */
7
+
8
+ if ( ! defined( 'ABSPATH' ) ) {
9
+ exit; // Exit if accessed directly.
10
+ }
11
+
12
+ /**
13
+ * Frontend user registeration sensor.
14
+ */
15
+ class WSAL_Sensors_FrontendRegister extends WSAL_AbstractSensor {
16
+
17
+ /**
18
+ * Listening to events using WP hooks.
19
+ */
20
+ public function HookEvents() {
21
+ add_action( 'user_register', array( $this, 'event_user_register' ) );
22
+ }
23
+
24
+ /**
25
+ * Triggered when a user is registered.
26
+ *
27
+ * @param int $user_id - User ID of the registered user.
28
+ */
29
+ public function event_user_register( $user_id ) {
30
+ $user = get_userdata( $user_id );
31
+ $ismu = function_exists( 'is_multisite' ) && is_multisite();
32
+ $event = $ismu ? 4012 : ( is_user_logged_in() ? 4001 : 4000 );
33
+ $current_user = wp_get_current_user();
34
+
35
+ $this->plugin->alerts->Trigger(
36
+ $event,
37
+ array(
38
+ 'NewUserID' => $user_id,
39
+ 'UserChanger' => ! empty( $current_user ) ? $current_user->user_login : '',
40
+ 'NewUserData' => (object) array(
41
+ 'Username' => $user->user_login,
42
+ 'FirstName' => $user->user_firstname,
43
+ 'LastName' => $user->user_lastname,
44
+ 'Email' => $user->user_email,
45
+ 'Roles' => is_array( $user->roles ) ? implode( ', ', $user->roles ) : $user->roles,
46
+ ),
47
+ ),
48
+ true
49
+ );
50
+ }
51
+ }
classes/Sensors/FrontendSystem.php ADDED
@@ -0,0 +1,279 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Frontend system sensor.
4
+ *
5
+ * @package wsal
6
+ */
7
+
8
+ if ( ! defined( 'ABSPATH' ) ) {
9
+ exit; // Exit if accessed directly.
10
+ }
11
+
12
+ /**
13
+ * Frontend system sensor to detect 404 requests.
14
+ */
15
+ class WSAL_Sensors_FrontendSystem extends WSAL_AbstractSensor {
16
+
17
+ /**
18
+ * 404 Visitor Transient.
19
+ *
20
+ * WordPress will prefix the name with "_transient_"
21
+ * or "_transient_timeout_" in the options table.
22
+ */
23
+ const TRANSIENT_VISITOR_404 = 'wsal-visitor-404-attempts';
24
+
25
+ /**
26
+ * Listening to events using WP hooks.
27
+ */
28
+ public function HookEvents() {
29
+ add_filter( 'template_redirect', array( $this, 'event_404' ) );
30
+ }
31
+
32
+ /**
33
+ * Event 404 Not found.
34
+ */
35
+ public function event_404() {
36
+ $attempts = 1;
37
+
38
+ global $wp_query;
39
+ if ( ! $wp_query->is_404 ) {
40
+ return;
41
+ }
42
+
43
+ $msg = 'times';
44
+ list( $y, $m, $d ) = explode( '-', date( 'Y-m-d' ) );
45
+ $site_id = function_exists( 'get_current_blog_id' ) ? get_current_blog_id() : 0;
46
+ $ip = $this->plugin->settings->GetMainClientIP();
47
+
48
+ if ( ! is_user_logged_in() ) {
49
+ $username = 'Website Visitor';
50
+ } else {
51
+ $username = wp_get_current_user()->user_login;
52
+ }
53
+
54
+ // Request URL.
55
+ $request_uri = filter_input( INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_STRING );
56
+ if ( ! empty( $request_uri ) ) {
57
+ $url_404 = home_url() . $request_uri;
58
+ } elseif ( isset( $_SERVER['REQUEST_URI'] ) && ! empty( $_SERVER['REQUEST_URI'] ) ) {
59
+ $url_404 = home_url() . sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) );
60
+ }
61
+
62
+ // Remove forward slash from the URL.
63
+ $url_404 = untrailingslashit( $url_404 );
64
+
65
+ // Check for excluded 404 URls.
66
+ if ( $this->is_excluded_url( $url_404 ) ) {
67
+ return;
68
+ }
69
+
70
+ if ( 'Website Visitor' === $username ) {
71
+ // Check if the alert is disabled from the "Enable/Disable Alerts" section.
72
+ if ( ! $this->plugin->alerts->IsEnabled( 6023 ) ) {
73
+ return;
74
+ }
75
+
76
+ if ( $this->is_past_visitor_404_limit( $site_id, $username, $ip ) ) {
77
+ return;
78
+ }
79
+
80
+ $obj_occurrence = new WSAL_Models_Occurrence();
81
+ $occurrence = $obj_occurrence->CheckAlert404(
82
+ array(
83
+ $ip,
84
+ $username,
85
+ 6023,
86
+ $site_id,
87
+ mktime( 0, 0, 0, $m, $d, $y ),
88
+ mktime( 0, 0, 0, $m, $d + 1, $y ) - 1,
89
+ )
90
+ );
91
+
92
+ $occurrence = count( $occurrence ) ? $occurrence[0] : null;
93
+ if ( ! empty( $occurrence ) ) {
94
+ // Update existing record.
95
+ $this->increment_visitor_404( $site_id, $username, $ip );
96
+ $new = ( (int) $occurrence->GetMetaValue( 'Attempts', 0 ) ) + 1;
97
+
98
+ if ( $new > $this->get_visitor_404_log_limit() ) {
99
+ $new = 'more than ' . $this->get_visitor_404_log_limit();
100
+ $msg .= ' This could possible be a scan, therefore keep an eye on the activity from this IP Address';
101
+ }
102
+
103
+ $link_file = $this->write_log( $new, $ip, $username, $url_404 );
104
+
105
+ $occurrence->UpdateMetaValue( 'Attempts', $new );
106
+ $occurrence->UpdateMetaValue( 'Username', $username );
107
+ $occurrence->UpdateMetaValue( 'Msg', $msg );
108
+ $occurrence->UpdateMetaValue( 'URL', $url_404 );
109
+ if ( ! empty( $link_file ) ) {
110
+ $occurrence->UpdateMetaValue( 'LinkFile', $link_file );
111
+ }
112
+ $occurrence->created_on = null;
113
+ $occurrence->Save();
114
+ } else {
115
+ $link_file = $this->write_log( 1, $ip, $username, $url_404 );
116
+ // Create a new record.
117
+ $fields = array(
118
+ 'Attempts' => 1,
119
+ 'Username' => $username,
120
+ 'Msg' => $msg,
121
+ 'URL' => $url_404,
122
+ );
123
+ if ( ! empty( $link_file ) ) {
124
+ $fields['LinkFile'] = $link_file;
125
+ }
126
+ $this->plugin->alerts->Trigger( 6023, $fields );
127
+ }
128
+ }
129
+ }
130
+
131
+ /**
132
+ * Check visitor 404 limit.
133
+ *
134
+ * @param integer $site_id - Blog ID.
135
+ * @param string $username - Username.
136
+ * @param string $ip - IP address.
137
+ * @return boolean passed limit true|false
138
+ */
139
+ protected function is_past_visitor_404_limit( $site_id, $username, $ip ) {
140
+ $get_fn = $this->plugin->IsMultisite() ? 'get_site_transient' : 'get_transient';
141
+ $data = $get_fn( self::TRANSIENT_VISITOR_404 );
142
+ return ( false !== $data ) && isset( $data[ $site_id . ':' . $username . ':' . $ip ] ) && ( $data[ $site_id . ':' . $username . ':' . $ip ] > $this->get_visitor_404_log_limit() );
143
+ }
144
+
145
+ /**
146
+ * Increment visitor 404 limit.
147
+ *
148
+ * @param integer $site_id - Blog ID.
149
+ * @param string $username - Username.
150
+ * @param string $ip - IP address.
151
+ */
152
+ protected function increment_visitor_404( $site_id, $username, $ip ) {
153
+ $get_fn = $this->plugin->IsMultisite() ? 'get_site_transient' : 'get_transient';
154
+ $set_fn = $this->plugin->IsMultisite() ? 'set_site_transient' : 'set_transient';
155
+ $data = $get_fn( self::TRANSIENT_VISITOR_404 );
156
+
157
+ if ( ! $data ) {
158
+ $data = array();
159
+ }
160
+
161
+ if ( ! isset( $data[ $site_id . ':' . $username . ':' . $ip ] ) ) {
162
+ $data[ $site_id . ':' . $username . ':' . $ip ] = 1;
163
+ }
164
+ $data[ $site_id . ':' . $username . ':' . $ip ]++;
165
+ $set_fn( self::TRANSIENT_VISITOR_404, $data, DAY_IN_SECONDS );
166
+ }
167
+
168
+ /**
169
+ * 404 visitor limit count.
170
+ *
171
+ * @return integer limit
172
+ */
173
+ protected function get_visitor_404_log_limit() {
174
+ return $this->plugin->settings->GetVisitor404LogLimit();
175
+ }
176
+
177
+ /**
178
+ * Method: Return true if URL is excluded otherwise false.
179
+ *
180
+ * @param string $url - 404 URL.
181
+ * @return boolean
182
+ */
183
+ public function is_excluded_url( $url ) {
184
+ if ( empty( $url ) ) {
185
+ return false;
186
+ }
187
+
188
+ if ( in_array( $url, $this->plugin->settings->get_excluded_urls() ) ) {
189
+ return true;
190
+ }
191
+ }
192
+
193
+ /**
194
+ * Write Log.
195
+ *
196
+ * Write a new line on 404 log file.
197
+ * Folder: /uploads/wp-security-audit-log/404s/
198
+ *
199
+ * @param int $attempts - Number of attempt.
200
+ * @param string $ip - IP address.
201
+ * @param string $username - Username.
202
+ * @param string $url - 404 URL.
203
+ */
204
+ private function write_log( $attempts, $ip, $username = '', $url = null ) {
205
+ $name_file = null;
206
+
207
+ if ( 'on' === $this->plugin->GetGlobalOption( 'log-visitor-404', 'off' ) ) {
208
+ // Get option to log referrer.
209
+ $log_referrer = $this->plugin->GetGlobalOption( 'log-visitor-404-referrer' );
210
+
211
+ // Check localhost.
212
+ if ( '127.0.0.1' == $ip || '::1' == $ip ) {
213
+ $ip = 'localhost';
214
+ }
215
+
216
+ if ( 'on' === $log_referrer ) {
217
+ // Get the referer.
218
+ $referrer = filter_input( INPUT_SERVER, 'HTTP_REFERER', FILTER_SANITIZE_STRING );
219
+ if ( empty( $referrer ) && isset( $_SERVER['HTTP_REFERER'] ) && ! empty( $_SERVER['HTTP_REFERER'] ) ) {
220
+ $referrer = sanitize_text_field( wp_unslash( $_SERVER['HTTP_REFERER'] ) );
221
+ }
222
+
223
+ // Data to write.
224
+ $data = '';
225
+
226
+ // Append IP if it exists.
227
+ $data = ( $ip ) ? $ip . ',' : '';
228
+
229
+ // Create/Append to the log file.
230
+ $data = $data . 'Request URL ' . $url . ',Referer ' . $referrer . ',';
231
+ } else {
232
+ // Data to write.
233
+ $data = '';
234
+
235
+ // Append IP if it exists.
236
+ $data = ( $ip ) ? $ip . ',' : '';
237
+
238
+ // Create/Append to the log file.
239
+ $data = $data . 'Request URL ' . $url . ',';
240
+ }
241
+
242
+ $username = '';
243
+ $upload_dir = wp_upload_dir();
244
+ $uploads_url = trailingslashit( $upload_dir['baseurl'] ) . 'wp-security-audit-log/404s/';
245
+ $uploads_dir_path = trailingslashit( $upload_dir['basedir'] ) . 'wp-security-audit-log/404s/';
246
+
247
+ // Check directory.
248
+ if ( $this->CheckDirectory( $uploads_dir_path ) ) {
249
+ $filename = '6023_' . date( 'Ymd' ) . '.log';
250
+ $fp = $uploads_dir_path . $filename;
251
+ $name_file = $uploads_url . $filename;
252
+ if ( ! $file = fopen( $fp, 'a' ) ) {
253
+ $i = 1;
254
+ $file_opened = false;
255
+ do {
256
+ $fp2 = substr( $fp, 0, -4 ) . '_' . $i . '.log';
257
+ if ( ! file_exists( $fp2 ) ) {
258
+ if ( $file = fopen( $fp2, 'a' ) ) {
259
+ $file_opened = true;
260
+ $name_file = $uploads_url . substr( $name_file, 0, -4 ) . '_' . $i . '.log';
261
+ }
262
+ } else {
263
+ $latest_filename = $this->GetLastModified( $uploads_dir_path, $filename );
264
+ $fp_last = $uploads_dir_path . $latest_filename;
265
+ if ( $file = fopen( $fp_last, 'a' ) ) {
266
+ $file_opened = true;
267
+ $name_file = $uploads_url . $latest_filename;
268
+ }
269
+ }
270
+ $i++;
271
+ } while ( ! $file_opened );
272
+ }
273
+ fwrite( $file, sprintf( "%s\n", $data ) );
274
+ fclose( $file );
275
+ }
276
+ }
277
+ return $name_file;
278
+ }
279
+ }
classes/Sensors/FrontendWooCommerce.php ADDED
@@ -0,0 +1,293 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Frontend WooCommerce sensor.
4
+ *
5
+ * @package wsal
6
+ */
7
+
8
+ if ( ! defined( 'ABSPATH' ) ) {
9
+ exit; // Exit if accessed directly.
10
+ }
11
+
12
+ /**
13
+ * Frontend WooCommerce sensor.
14
+ */
15
+ class WSAL_Sensors_FrontendWooCommerce extends WSAL_AbstractSensor {
16
+
17
+ /**
18
+ * Listening to events using WP hooks.
19
+ */
20
+ public function HookEvents() {
21
+ // Check if WooCommerce plugin exists.
22
+ if ( WpSecurityAuditLog::is_woocommerce_active() ) {
23
+ add_action( 'woocommerce_new_order', array( $this, 'event_new_order' ), 10, 1 );
24
+ add_filter( 'woocommerce_order_item_quantity', array( $this, 'set_old_stock' ), 10, 3 );
25
+ add_action( 'woocommerce_product_set_stock', array( $this, 'product_stock_changed' ), 10, 1 );
26
+ add_action( 'woocommerce_variation_set_stock', array( $this, 'product_stock_changed' ), 10, 1 );
27
+ }
28
+ }
29
+
30
+ /**
31
+ * New WooCommerce Order Event.
32
+ *
33
+ * @since 3.3.1
34
+ *
35
+ * @param integer $order_id – Order id.
36
+ */
37
+ public function event_new_order( $order_id ) {
38
+ if ( empty( $order_id ) ) {
39
+ return;
40
+ }
41
+
42
+ // Get order object.
43
+ $new_order = new WC_Order( $order_id );
44
+
45
+ if ( $new_order && $new_order instanceof WC_Order ) {
46
+ $order_post = get_post( $order_id ); // Get order post object.
47
+ $order_title = ( null !== $order_post && $order_post instanceof WP_Post ) ? $order_post->post_title : false;
48
+ $editor_link = $this->get_editor_link( $order_post );
49
+
50
+ $this->plugin->alerts->Trigger(
51
+ 9035,
52
+ array(
53
+ 'OrderID' => $order_id,
54
+ 'OrderTitle' => $this->get_order_title( $new_order ),
55
+ 'OrderStatus' => $new_order->get_status(),
56
+ $editor_link['name'] => $editor_link['value'],
57
+ )
58
+ );
59
+ }
60
+ }
61
+
62
+ /**
63
+ * Triggered before updating stock quantity on customer order.
64
+ *
65
+ * @since 3.3.1
66
+ *
67
+ * @param int $order_quantity - Order quantity.
68
+ * @param WC_Order $order - Order object.
69
+ * @param WC_Order_Item $item - Order item object.
70
+ * @return int - Order quantity.
71
+ */
72
+ public function set_old_stock( $order_quantity, $order, $item ) {
73
+ // Get product from order item.
74
+ $product = $item->get_product();
75
+
76
+ // Get product id.
77
+ $product_id_with_stock = $product->get_stock_managed_by_id();
78
+
79
+ // Get product with stock.
80
+ $product_with_stock = wc_get_product( $product_id_with_stock );
81
+
82
+ // Set stock attributes of the product.
83
+ $this->_old_stock = $product_with_stock->get_stock_quantity();
84
+ $this->_old_stock_status = $product_with_stock->get_stock_status();
85
+
86
+ // Return original stock quantity.
87
+ return $order_quantity;
88
+ }
89
+
90
+ /**
91
+ * Triggered when stock of a product is changed.
92
+ *
93
+ * @since 3.3.1
94
+ *
95
+ * @param WC_Product $product - WooCommerce product object.
96
+ */
97
+ public function product_stock_changed( $product ) {
98
+ // Get product data.
99
+ $product_status = false;
100
+ if ( $product->is_type( 'variation' ) ) {
101
+ $product_id = $product->get_parent_id();
102
+ $product_title = $product->get_name(); // Get product title.
103
+ $product_status = $product->get_status();
104
+ } else {
105
+ $product_id = $product->get_id();
106
+ $product_title = $product->get_title(); // Get product title.
107
+ }
108
+
109
+ // Return if current screen is edit post page.
110
+ global $pagenow;
111
+ if ( is_admin() && ( 'post.php' === $pagenow || defined( 'DOING_AJAX' ) ) ) {
112
+ return;
113
+ }
114
+
115
+ // Get global $_POST array.
116
+ $post_array = filter_input_array( INPUT_POST );
117
+
118
+ // Special conditions for WooCommerce Bulk Stock Management.
119
+ if ( 'edit.php' === $pagenow && isset( $post_array['page'] ) && 'woocommerce-bulk-stock-management' === $post_array['page'] ) {
120
+ $old_acc_stock = isset( $post_array['current_stock_quantity'] ) ? $post_array['current_stock_quantity'] : false;
121
+ $new_acc_stock = isset( $post_array['stock_quantity'] ) ? $post_array['stock_quantity'] : false;
122
+
123
+ // Get old stock quantity.
124
+ $old_stock = ! empty( $this->_old_stock ) ? $this->_old_stock : $old_acc_stock[ $product_id ];
125
+
126
+ // Following cases handle the stock status.
127
+ if ( '0' === $old_acc_stock[ $product_id ] && '0' !== $new_acc_stock[ $product_id ] ) {
128
+ $old_stock_status = 'outofstock';
129
+ } elseif ( '0' !== $old_acc_stock[ $product_id ] && '0' === $new_acc_stock[ $product_id ] ) {
130
+ $old_stock_status = 'instock';
131
+ } elseif ( '0' === $old_acc_stock[ $product_id ] && '0' === $new_acc_stock[ $product_id ] ) {
132
+ $old_stock_status = 'outofstock';
133
+ } elseif ( '0' !== $old_acc_stock[ $product_id ] && '0' !== $new_acc_stock[ $product_id ] ) {
134
+ $old_stock_status = 'instock';
135
+ } else {
136
+ $old_stock_status = '';
137
+ }
138
+ } else {
139
+ $old_stock = $this->_old_stock; // Get old stock quantity.
140
+ $old_stock_status = $this->_old_stock_status; // Get old stock status.
141
+ }
142
+
143
+ $new_stock = $product->get_stock_quantity(); // Get new stock quantity.
144
+ $new_stock_status = $product->get_stock_status(); // Get new stock status.
145
+
146
+ // Set post object.
147
+ $post = get_post( $product_id );
148
+
149
+ // Set username.
150
+ $username = '';
151
+ if ( ! is_user_logged_in() ) {
152
+ $username = 'Website Visitor';
153
+ } else {
154
+ $username = wp_get_current_user()->user_login;
155
+ }
156
+
157
+ // If stock status has changed then trigger the alert.
158
+ if ( ( $old_stock_status && $new_stock_status ) && ( $old_stock_status !== $new_stock_status ) ) {
159
+ $editor_link = $this->get_editor_link( $post );
160
+ $this->plugin->alerts->Trigger(
161
+ 9018,
162
+ array(
163
+ 'ProductTitle' => $product_title,
164
+ 'ProductStatus' => ( ! $product_status ) ? $post->post_status : $product_status,
165
+ 'OldStatus' => $this->get_stock_status( $old_stock_status ),
166
+ 'NewStatus' => $this->get_stock_status( $new_stock_status ),
167
+ 'Username' => $username,
168
+ $editor_link['name'] => $editor_link['value'],
169
+ )
170
+ );
171
+ }
172
+
173
+ $wc_all_stock_changes = $this->plugin->GetGlobalOption( 'wc-all-stock-changes', 'on' );
174
+
175
+ // If stock has changed then trigger the alert.
176
+ if ( ( $old_stock !== $new_stock ) && ( 'on' === $wc_all_stock_changes ) ) {
177
+ $editor_link = $this->get_editor_link( $post );
178
+ $this->plugin->alerts->Trigger(
179
+ 9019,
180
+ array(
181
+ 'ProductTitle' => $product_title,
182
+ 'ProductStatus' => ( ! $product_status ) ? $post->post_status : $product_status,
183
+ 'OldValue' => ( ! empty( $old_stock ) ? $old_stock : 0 ),
184
+ 'NewValue' => $new_stock,
185
+ 'Username' => $username,
186
+ $editor_link['name'] => $editor_link['value'],
187
+ )
188
+ );
189
+ }
190
+ }
191
+
192
+ /**
193
+ * Get Stock Status Name.
194
+ *
195
+ * @since 3.3.1
196
+ *
197
+ * @param string $slug - Stock slug.
198
+ * @return string
199
+ */
200
+ private function get_stock_status( $slug ) {
201
+ if ( 'instock' === $slug ) {
202
+ return __( 'In stock', 'wp-security-audit-log' );
203
+ } elseif ( 'outofstock' === $slug ) {
204
+ return __( 'Out of stock', 'wp-security-audit-log' );
205
+ } elseif ( 'onbackorder' === $slug ) {
206
+ return __( 'On backorder', 'wp-security-audit-log' );
207
+ }
208
+ }
209
+
210
+ /**
211
+ * Get editor link.
212
+ *
213
+ * @param WP_Post $post - Product post object.
214
+ * @return array $editor_link - Name and value link.
215
+ */
216
+ private function get_editor_link( $post ) {
217
+ // Meta value key.
218
+ if ( 'shop_order' === $post->post_type ) {
219
+ $name = 'EditorLinkOrder';
220
+ } else {
221
+ $name = 'EditorLinkProduct';
222
+ }
223
+
224
+ // Get editor post link URL.
225
+ $value = get_edit_post_link( $post->ID );
226
+
227
+ // If the URL is not empty then set values.
228
+ if ( ! empty( $value ) ) {
229
+ $editor_link = array(
230
+ 'name' => $name, // Meta key.
231
+ 'value' => $value, // Meta value.
232
+ );
233
+ } else {
234
+ // Get post object.
235
+ $post = get_post( $post->ID );
236
+
237
+ // Set URL action.
238
+ if ( 'revision' === $post->post_type ) {
239
+ $action = '';
240
+ } else {
241
+ $action = '&action=edit';
242
+ }
243
+
244
+ // Get and check post type object.
245
+ $post_type_object = get_post_type_object( $post->post_type );
246
+ if ( ! $post_type_object ) {
247
+ return;
248
+ }
249
+
250
+ // Set editor link manually.
251
+ if ( $post_type_object->_edit_link ) {
252
+ $link = admin_url( sprintf( $post_type_object->_edit_link . $action, $post->ID ) );
253
+ } else {
254
+ $link = '';
255
+ }
256
+
257
+ $editor_link = array(
258
+ 'name' => $name, // Meta key.
259
+ 'value' => $link, // Meta value.
260
+ );
261
+ }
262
+
263
+ return $editor_link;
264
+ }
265
+
266
+ /**
267
+ * Formulate Order Title as done by WooCommerce.
268
+ *
269
+ * @param int|WC_Order $order - Order id or WC Order object.
270
+ * @return string
271
+ */
272
+ private function get_order_title( $order ) {
273
+ if ( ! $order ) {
274
+ return false;
275
+ }
276
+ if ( is_int( $order ) ) {
277
+ $order = new WC_Order( $order );
278
+ }
279
+ if ( ! $order instanceof WC_Order ) {
280
+ return false;
281
+ }
282
+
283
+ if ( $order->get_billing_first_name() || $order->get_billing_last_name() ) {
284
+ $buyer = trim( sprintf( '%1$s %2$s', $order->get_billing_first_name(), $order->get_billing_last_name() ) );
285
+ } elseif ( $order->get_billing_company() ) {
286
+ $buyer = trim( $order->get_billing_company() );
287
+ } elseif ( $order->get_customer_id() ) {
288
+ $user = get_user_by( 'id', $order->get_customer_id() );
289
+ $buyer = ucwords( $user->display_name );
290
+ }
291
+ return '#' . $order->get_order_number() . ' ' . $buyer;
292
+ }
293
+ }
classes/Sensors/LogInOut.php CHANGED
@@ -125,6 +125,7 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
125
  if ( $provider && $user && in_array( $provider, $providers_2fa, true ) ) {
126
  // Get user roles.
127
  $user_roles = $this->plugin->settings->GetCurrentUserRoles( $user->roles );
 
128
  if ( $this->plugin->settings->IsLoginSuperAdmin( $user->user_login ) ) {
129
  $user_roles[] = 'superadmin';
130
  }
@@ -138,6 +139,7 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
138
  true
139
  );
140
  }
 
141
  return $redirect_url;
142
  }
143
 
@@ -147,7 +149,7 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
147
  * @param string $user_login - Username.
148
  * @param object $user - WP_User object.
149
  */
150
- public function EventLogin( $user_login, $user = null ) {
151
  // Get global POST array.
152
  $post_array = filter_input_array( INPUT_POST );
153
 
@@ -156,9 +158,7 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
156
  *
157
  * @since 3.1.6
158
  */
159
- if ( isset( $post_array['_um_account'] )
160
- && isset( $post_array['_um_account_tab'] )
161
- && 'password' === $post_array['_um_account_tab'] ) {
162
  /**
163
  * If the data is coming from UM plugin account change
164
  * password page, check for change in password.
@@ -198,10 +198,13 @@ class WSAL_Sensors_LogInOut extends WSAL_AbstractSensor {
198
  if ( empty( $user ) ) {
199
  $user = get_user_by( 'login', $user_login );
200
  }
 
201
  $user_roles = $this->plugin->settings->GetCurrentUserRoles( $user->roles );
 
202
  if ( $this->plugin->settings->IsLoginSuperAdmin( $user_login ) ) {
203
  $user_roles[] = 'superadmin';
204
  }
 
205
  $this->plugin->alerts->Trigger(
206
  1000,
207
  array(
125
  if ( $provider && $user && in_array( $provider, $providers_2fa, true ) ) {
126
  // Get user roles.
127
  $user_roles = $this->plugin->settings->GetCurrentUserRoles( $user->roles );
128
+
129
  if ( $this->plugin->settings->IsLoginSuperAdmin( $user->user_login ) ) {
130
  $user_roles[] = 'superadmin';
131
  }
139
  true
140
  );
141
  }
142
+
143
  return $redirect_url;
144
  }
145
 
149
  * @param string $user_login - Username.
150
  * @param object $user - WP_User object.
151
  */
152
+ public function EventLogin( $user_login, $user ) {
153
  // Get global POST array.
154
  $post_array = filter_input_array( INPUT_POST );
155
 
158
  *
159
  * @since 3.1.6
160
  */
161
+ if ( isset( $post_array['_um_account'] ) && isset( $post_array['_um_account_tab'] ) && 'password' === $post_array['_um_account_tab'] ) {
 
 
162
  /**
163
  * If the data is coming from UM plugin account change
164
  * password page, check for change in password.
198
  if ( empty( $user ) ) {
199
  $user = get_user_by( 'login', $user_login );
200
  }
201
+
202
  $user_roles = $this->plugin->settings->GetCurrentUserRoles( $user->roles );
203
+
204
  if ( $this->plugin->settings->IsLoginSuperAdmin( $user_login ) ) {
205
  $user_roles[] = 'superadmin';
206
  }
207
+
208
  $this->plugin->alerts->Trigger(
209
  1000,
210
  array(
classes/Sensors/Public.php CHANGED
@@ -20,14 +20,6 @@ if ( ! defined( 'ABSPATH' ) ) {
20
  */
21
  class WSAL_Sensors_Public extends WSAL_AbstractSensor {
22
 
23
- /**
24
- * 404 Visitor Transient.
25
- *
26
- * WordPress will prefix the name with "_transient_"
27
- * or "_transient_timeout_" in the options table.
28
- */
29
- const TRANSIENT_VISITOR_404 = 'wsal-visitor-404-attempts';
30
-
31
  /**
32
  * Visitor Events.
33
  *
@@ -53,12 +45,8 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
53
  * Listening to events using WP hooks.
54
  */
55
  public function HookEvents() {
56
- if ( $this->plugin->alerts->IsEnabled( 6023 ) || $this->plugin->alerts->IsEnabled( 6027 ) ) {
57
- add_filter( 'template_redirect', array( $this, 'event_404' ) );
58
- }
59
-
60
  // Hook the events if user is logged in OR if user is not logged in and visitor events are allowed to load.
61
- if ( is_user_logged_in() || ( ! is_user_logged_in() && $this->plugin->load_for_visitor_events() ) ) {
62
  add_action( 'user_register', array( $this, 'event_user_register' ) );
63
  add_action( 'comment_post', array( $this, 'event_comment' ), 10, 3 );
64
 
@@ -66,6 +54,7 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
66
  if ( WpSecurityAuditLog::is_woocommerce_active() ) {
67
  add_action( 'woocommerce_new_order', array( $this, 'event_new_order' ), 10, 1 );
68
  add_filter( 'woocommerce_order_item_quantity', array( $this, 'set_old_stock' ), 10, 3 );
 
69
  add_action( 'woocommerce_product_set_stock', array( $this, 'product_stock_changed' ), 10, 1 );
70
  add_action( 'woocommerce_variation_set_stock', array( $this, 'product_stock_changed' ), 10, 1 );
71
  }
@@ -111,44 +100,44 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
111
  if ( ! $comment_id ) {
112
  return;
113
  }
 
114
  // Check if the comment is response to another comment.
115
  if ( isset( $comment_data['comment_parent'] ) && $comment_data['comment_parent'] ) {
116
  $this->event_generic( $comment_id, 2092 );
117
  return;
118
  }
119
 
 
120
  $comment = get_comment( $comment_id );
121
- if ( $comment ) {
122
- if ( 'spam' !== $comment->comment_approved ) {
123
- $post = get_post( $comment->comment_post_ID );
124
- $comment_link = get_permalink( $post->ID ) . '#comment-' . $comment_id;
125
- $fields = array(
126
- 'Date' => $comment->comment_date,
127
- 'CommentLink' => '<a target="_blank" href="' . $comment_link . '">' . $comment->comment_date . '</a>',
128
- );
129
-
130
- // Get user data.
131
- $user_data = get_user_by( 'email', $comment->comment_author_email );
132
-
133
- if ( ! $user_data ) {
134
- // Set the fields.
135
- /* Translators: 1: Post Title, 2: Comment Author */
136
- $fields['CommentMsg'] = sprintf( esc_html__( 'A comment was posted in response to the post %1$s. The comment was posted by %2$s', 'wp-security-audit-log' ), '<strong>' . $post->post_title . '</strong>', '<strong>' . $this->check_author( $comment ) . '</strong>' );
137
- $fields['Username'] = 'Website Visitor';
138
- $this->plugin->alerts->Trigger( 2126, $fields );
139
- } else {
140
- // Get user roles.
141
- $user_roles = $user_data->roles;
142
- if ( function_exists( 'is_super_admin' ) && is_super_admin() ) { // Check if superadmin.
143
- $user_roles[] = 'superadmin';
144
- }
145
-
146
- // Set the fields.
147
- $fields['Username'] = $user_data->user_login;
148
- $fields['CurrentUserRoles'] = $user_roles;
149
- $fields['CommentMsg'] = sprintf( 'Posted a comment in response to the post <strong>%s</strong>', $post->post_title );
150
- $this->plugin->alerts->Trigger( 2099, $fields );
151
  }
 
 
 
 
 
 
 
 
 
152
  }
153
  }
154
  }
@@ -194,254 +183,6 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
194
  }
195
  }
196
 
197
- /**
198
- * Event 404 Not found.
199
- */
200
- public function event_404() {
201
- $attempts = 1;
202
-
203
- global $wp_query;
204
- if ( ! $wp_query->is_404 ) {
205
- return;
206
- }
207
-
208
- $msg = 'times';
209
- list( $y, $m, $d ) = explode( '-', date( 'Y-m-d' ) );
210
- $site_id = function_exists( 'get_current_blog_id' ) ? get_current_blog_id() : 0;
211
- $ip = $this->plugin->settings->GetMainClientIP();
212
-
213
- if ( ! is_user_logged_in() ) {
214
- $username = 'Website Visitor';
215
- } else {
216
- $username = wp_get_current_user()->user_login;
217
- }
218
-
219
- // Request URL.
220
- $request_uri = filter_input( INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_STRING );
221
- if ( ! empty( $request_uri ) ) {
222
- $url_404 = home_url() . $request_uri;
223
- } elseif ( isset( $_SERVER['REQUEST_URI'] ) && ! empty( $_SERVER['REQUEST_URI'] ) ) {
224
- $url_404 = home_url() . sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) );
225
- }
226
-
227
- // Remove forward slash from the URL.
228
- $url_404 = untrailingslashit( $url_404 );
229
-
230
- // Check for excluded 404 URls.
231
- if ( $this->is_excluded_url( $url_404 ) ) {
232
- return;
233
- }
234
-
235
- if ( 'Website Visitor' === $username ) {
236
- // Check if the alert is disabled from the "Enable/Disable Alerts" section.
237
- if ( ! $this->plugin->alerts->IsEnabled( 6023 ) ) {
238
- return;
239
- }
240
-
241
- if ( $this->is_past_visitor_404_limit( $site_id, $username, $ip ) ) {
242
- return;
243
- }
244
-
245
- $obj_occurrence = new WSAL_Models_Occurrence();
246
- $occurrence = $obj_occurrence->CheckAlert404(
247
- array(
248
- $ip,
249
- $username,
250
- 6023,
251
- $site_id,
252
- mktime( 0, 0, 0, $m, $d, $y ),
253
- mktime( 0, 0, 0, $m, $d + 1, $y ) - 1,
254
- )
255
- );
256
-
257
- $occurrence = count( $occurrence ) ? $occurrence[0] : null;
258
- if ( ! empty( $occurrence ) ) {
259
- // Update existing record.
260
- $this->increment_visitor_404( $site_id, $username, $ip );
261
- $new = ( (int) $occurrence->GetMetaValue( 'Attempts', 0 ) ) + 1;
262
-
263
- if ( $new > $this->get_visitor_404_log_limit() ) {
264
- $new = 'more than ' . $this->get_visitor_404_log_limit();
265
- $msg .= ' This could possible be a scan, therefore keep an eye on the activity from this IP Address';
266
- }
267
-
268
- $link_file = $this->write_log( $new, $ip, $username, $url_404 );
269
-
270
- $occurrence->UpdateMetaValue( 'Attempts', $new );
271
- $occurrence->UpdateMetaValue( 'Username', $username );
272
- $occurrence->UpdateMetaValue( 'Msg', $msg );
273
- $occurrence->UpdateMetaValue( 'URL', $url_404 );
274
- if ( ! empty( $link_file ) ) {
275
- $occurrence->UpdateMetaValue( 'LinkFile', $link_file );
276
- }
277
- $occurrence->created_on = null;
278
- $occurrence->Save();
279
- } else {
280
- $link_file = $this->write_log( 1, $ip, $username, $url_404 );
281
- // Create a new record.
282
- $fields = array(
283
- 'Attempts' => 1,
284
- 'Username' => $username,
285
- 'Msg' => $msg,
286
- 'URL' => $url_404,
287
- );
288
- if ( ! empty( $link_file ) ) {
289
- $fields['LinkFile'] = $link_file;
290
- }
291
- $this->plugin->alerts->Trigger( 6023, $fields );
292
- }
293
- }
294
- }
295
-
296
- /**
297
- * Method: Return true if URL is excluded otherwise false.
298
- *
299
- * @param string $url - 404 URL.
300
- * @return boolean
301
- */
302
- public function is_excluded_url( $url ) {
303
- if ( empty( $url ) ) {
304
- return false;
305
- }
306
-
307
- if ( in_array( $url, $this->plugin->settings->get_excluded_urls() ) ) {
308
- return true;
309
- }
310
- }
311
-
312
- /**
313
- * Check visitor 404 limit.
314
- *
315
- * @param integer $site_id - Blog ID.
316
- * @param string $username - Username.
317
- * @param string $ip - IP address.
318
- * @return boolean passed limit true|false
319
- */
320
- protected function is_past_visitor_404_limit( $site_id, $username, $ip ) {
321
- $get_fn = $this->plugin->IsMultisite() ? 'get_site_transient' : 'get_transient';
322
- $data = $get_fn( self::TRANSIENT_VISITOR_404 );
323
- return ( false !== $data ) && isset( $data[ $site_id . ':' . $username . ':' . $ip ] ) && ( $data[ $site_id . ':' . $username . ':' . $ip ] > $this->get_visitor_404_log_limit() );
324
- }
325
-
326
- /**
327
- * Increment visitor 404 limit.
328
- *
329
- * @param integer $site_id - Blog ID.
330
- * @param string $username - Username.
331
- * @param string $ip - IP address.
332
- */
333
- protected function increment_visitor_404( $site_id, $username, $ip ) {
334
- $get_fn = $this->plugin->IsMultisite() ? 'get_site_transient' : 'get_transient';
335
- $set_fn = $this->plugin->IsMultisite() ? 'set_site_transient' : 'set_transient';
336
- $data = $get_fn( self::TRANSIENT_VISITOR_404 );
337
-
338
- if ( ! $data ) {
339
- $data = array();
340
- }
341
-
342
- if ( ! isset( $data[ $site_id . ':' . $username . ':' . $ip ] ) ) {
343
- $data[ $site_id . ':' . $username . ':' . $ip ] = 1;
344
- }
345
- $data[ $site_id . ':' . $username . ':' . $ip ]++;
346
- $set_fn( self::TRANSIENT_VISITOR_404, $data, DAY_IN_SECONDS );
347
- }
348
-
349
- /**
350
- * 404 visitor limit count.
351
- *
352
- * @return integer limit
353
- */
354
- protected function get_visitor_404_log_limit() {
355
- return $this->plugin->settings->GetVisitor404LogLimit();
356
- }
357
-
358
- /**
359
- * Write Log.
360
- *
361
- * Write a new line on 404 log file.
362
- * Folder: /uploads/wp-security-audit-log/404s/
363
- *
364
- * @param int $attempts - Number of attempt.
365
- * @param string $ip - IP address.
366
- * @param string $username - Username.
367
- * @param string $url - 404 URL.
368
- */
369
- private function write_log( $attempts, $ip, $username = '', $url = null ) {
370
- $name_file = null;
371
-
372
- if ( 'on' === $this->plugin->GetGlobalOption( 'log-visitor-404', 'off' ) ) {
373
- // Get option to log referrer.
374
- $log_referrer = $this->plugin->GetGlobalOption( 'log-visitor-404-referrer' );
375
-
376
- // Check localhost.
377
- if ( '127.0.0.1' == $ip || '::1' == $ip ) {
378
- $ip = 'localhost';
379
- }
380
-
381
- if ( 'on' === $log_referrer ) {
382
- // Get the referer.
383
- $referrer = filter_input( INPUT_SERVER, 'HTTP_REFERER', FILTER_SANITIZE_STRING );
384
- if ( empty( $referrer ) && isset( $_SERVER['HTTP_REFERER'] ) && ! empty( $_SERVER['HTTP_REFERER'] ) ) {
385
- $referrer = sanitize_text_field( wp_unslash( $_SERVER['HTTP_REFERER'] ) );
386
- }
387
-
388
- // Data to write.
389
- $data = '';
390
-
391
- // Append IP if it exists.
392
- $data = ( $ip ) ? $ip . ',' : '';
393
-
394
- // Create/Append to the log file.
395
- $data = $data . 'Request URL ' . $url . ',Referer ' . $referrer . ',';
396
- } else {
397
- // Data to write.
398
- $data = '';
399
-
400
- // Append IP if it exists.
401
- $data = ( $ip ) ? $ip . ',' : '';
402
-
403
- // Create/Append to the log file.
404
- $data = $data . 'Request URL ' . $url . ',';
405
- }
406
-
407
- $username = '';
408
- $upload_dir = wp_upload_dir();
409
- $uploads_url = trailingslashit( $upload_dir['baseurl'] ) . 'wp-security-audit-log/404s/';
410
- $uploads_dir_path = trailingslashit( $upload_dir['basedir'] ) . 'wp-security-audit-log/404s/';
411
-
412
- // Check directory.
413
- if ( $this->CheckDirectory( $uploads_dir_path ) ) {
414
- $filename = '6023_' . date( 'Ymd' ) . '.log';
415
- $fp = $uploads_dir_path . $filename;
416
- $name_file = $uploads_url . $filename;
417
- if ( ! $file = fopen( $fp, 'a' ) ) {
418
- $i = 1;
419
- $file_opened = false;
420
- do {
421
- $fp2 = substr( $fp, 0, -4 ) . '_' . $i . '.log';
422
- if ( ! file_exists( $fp2 ) ) {
423
- if ( $file = fopen( $fp2, 'a' ) ) {
424
- $file_opened = true;
425
- $name_file = $uploads_url . substr( $name_file, 0, -4 ) . '_' . $i . '.log';
426
- }
427
- } else {
428
- $latest_filename = $this->GetLastModified( $uploads_dir_path, $filename );
429
- $fp_last = $uploads_dir_path . $latest_filename;
430
- if ( $file = fopen( $fp_last, 'a' ) ) {
431
- $file_opened = true;
432
- $name_file = $uploads_url . $latest_filename;
433
- }
434
- }
435
- $i++;
436
- } while ( ! $file_opened );
437
- }
438
- fwrite( $file, sprintf( "%s\n", $data ) );
439
- fclose( $file );
440
- }
441
- }
442
- return $name_file;
443
- }
444
-
445
  /**
446
  * Get editor link.
447
  *
@@ -590,6 +331,24 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
590
  return $order_quantity;
591
  }
592
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
593
  /**
594
  * Triggered when stock of a product is changed.
595
  *
@@ -598,8 +357,13 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
598
  * @param WC_Product $product - WooCommerce product object.
599
  */
600
  public function product_stock_changed( $product ) {
 
 
 
 
601
  // Get product data.
602
  $product_status = false;
 
603
  if ( $product->is_type( 'variation' ) ) {
604
  $product_id = $product->get_parent_id();
605
  $product_title = $product->get_name(); // Get product title.
@@ -611,9 +375,6 @@ class WSAL_Sensors_Public extends WSAL_AbstractSensor {
611
 
612
  // Return if current screen is edit post page.
613
  global $pagenow;
614
- if ( is_admin() && ( 'post.php' === $pagenow || defined( 'DOING_AJAX' ) ) ) {
615
- return;
616
- }
617
 
618
  // Get global $_POST array.
619
  $post_array = filter_input_array( INPUT_POST );
20
  */
21
  class WSAL_Sensors_Public extends WSAL_AbstractSensor {
22
 
 
 
 
 
 
 
 
 
23
  /**
24
  * Visitor Events.
25
  *
45
  * Listening to events using WP hooks.
46
  */
47
  public function HookEvents() {
 
 
 
 
48
  // Hook the events if user is logged in OR if user is not logged in and visitor events are allowed to load.
49
+ if ( is_user_logged_in() ) {
50
  add_action( 'user_register', array( $this, 'event_user_register' ) );
51
  add_action( 'comment_post', array( $this, 'event_comment' ), 10, 3 );
52
 
54
  if ( WpSecurityAuditLog::is_woocommerce_active() ) {
55
  add_action( 'woocommerce_new_order', array( $this, 'event_new_order' ), 10, 1 );
56
  add_filter( 'woocommerce_order_item_quantity', array( $this, 'set_old_stock' ), 10, 3 );
57
+ add_filter( 'woocommerce_update_product_stock_query', array( $this, 'set_old_stock_for_orders' ), 10, 3 );
58
  add_action( 'woocommerce_product_set_stock', array( $this, 'product_stock_changed' ), 10, 1 );
59
  add_action( 'woocommerce_variation_set_stock', array( $this, 'product_stock_changed' ), 10, 1 );
60
  }
100
  if ( ! $comment_id ) {
101
  return;
102
  }
103
+
104
  // Check if the comment is response to another comment.
105
  if ( isset( $comment_data['comment_parent'] ) && $comment_data['comment_parent'] ) {
106
  $this->event_generic( $comment_id, 2092 );
107
  return;
108
  }
109
 
110
+ // Get WP comment object.
111
  $comment = get_comment( $comment_id );
112
+
113
+ if ( $comment && 'spam' !== $comment->comment_approved ) {
114
+ $post = get_post( $comment->comment_post_ID );
115
+ $comment_link = get_permalink( $post->ID ) . '#comment-' . $comment_id;
116
+ $fields = array(
117
+ 'Date' => $comment->comment_date,
118
+ 'CommentLink' => '<a target="_blank" href="' . $comment_link . '">' . $comment->comment_date . '</a>',
119
+ );
120
+
121
+ // Get user data.
122
+ $user_data = get_user_by( 'email', $comment->comment_author_email );
123
+
124
+ if ( $user_data ) {
125
+ // Get user roles.
126
+ $user_roles = $user_data->roles;
127
+
128
+ // Check if superadmin.
129
+ if ( function_exists( 'is_super_admin' ) && is_super_admin() ) {
130
+ $user_roles[] = 'superadmin';
 
 
 
 
 
 
 
 
 
 
 
131
  }
132
+
133
+ /* Translators: %s: Post title */
134
+ $comment_msg = sprintf( __( 'Posted a comment in response to the post %s', 'wp-security-audit-log' ), '<strong>' . $post->post_title . '</strong>' );
135
+
136
+ // Set the fields.
137
+ $fields['Username'] = $user_data->user_login;
138
+ $fields['CurrentUserRoles'] = $user_roles;
139
+ $fields['CommentMsg'] = $comment_msg;
140
+ $this->plugin->alerts->Trigger( 2099, $fields );
141
  }
142
  }
143
  }
183
  }
184
  }
185
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
186
  /**
187
  * Get editor link.
188
  *
331
  return $order_quantity;
332
  }
333
 
334
+ /**
335
+ * Triggered before updating stock quantity on customer order from admin panel.
336
+ *
337
+ * @param string $sql - Stock update SQL query.
338
+ * @param integer $product_id - Product id.
339
+ * @return string
340
+ */
341
+ public function set_old_stock_for_orders( $sql, $product_id ) {
342
+ $old_product = wc_get_product( $product_id );
343
+
344
+ // Set stock attributes of the product.
345
+ $this->_old_stock = $old_product->get_stock_quantity();
346
+ $this->_old_stock_status = $old_product->get_stock_status();
347
+
348
+ // Return the original sql.
349
+ return $sql;
350
+ }
351
+
352
  /**
353
  * Triggered when stock of a product is changed.
354
  *
357
  * @param WC_Product $product - WooCommerce product object.
358
  */
359
  public function product_stock_changed( $product ) {
360
+ if ( is_null( $this->_old_stock ) && is_null( $this->_old_stock_status ) ) {
361
+ return;
362
+ }
363
+
364
  // Get product data.
365
  $product_status = false;
366
+
367
  if ( $product->is_type( 'variation' ) ) {
368
  $product_id = $product->get_parent_id();
369
  $product_title = $product->get_name(); // Get product title.
375
 
376
  // Return if current screen is edit post page.
377
  global $pagenow;
 
 
 
378
 
379
  // Get global $_POST array.
380
  $post_array = filter_input_array( INPUT_POST );
classes/Sensors/WooCommerce.php CHANGED
@@ -201,7 +201,7 @@ class WSAL_Sensors_WooCommerce extends WSAL_AbstractSensor {
201
  $post_id = (int) $post_id; // Making sure that the post id is integer.
202
  $post = get_post( $post_id ); // Get post.
203
 
204
- if ( ! empty( $post ) && $post instanceof WP_Post ) {
205
  $this->_old_post = $post;
206
  $this->old_product = 'product' === $post->post_type ? wc_get_product( $post->ID ) : null;
207
  $this->old_status = $post->post_status;
201
  $post_id = (int) $post_id; // Making sure that the post id is integer.
202
  $post = get_post( $post_id ); // Get post.
203
 
204
+ if ( ! empty( $post ) && $post instanceof WP_Post && in_array( $post->post_type, array( 'product', 'shop_order', 'shop_coupon' ), true ) ) {
205
  $this->_old_post = $post;
206
  $this->old_product = 'product' === $post->post_type ? wc_get_product( $post->ID ) : null;
207
  $this->old_status = $post->post_status;
classes/Settings.php CHANGED
@@ -160,7 +160,6 @@ class WSAL_Settings {
160
  * Enable Geek Mode.
161
  */
162
  public function set_geek_mode() {
163
- $this->_plugin->SetGlobalOption( 'disable-visitor-events', 'no' ); // Set disable visitor events to no.
164
  $this->SetDisabledAlerts( array() ); // Disable alerts of geek mode.
165
  }
166
 
@@ -2244,4 +2243,38 @@ class WSAL_Settings {
2244
 
2245
  return false;
2246
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2247
  }
160
  * Enable Geek Mode.
161
  */
162
  public function set_geek_mode() {
 
163
  $this->SetDisabledAlerts( array() ); // Disable alerts of geek mode.
164
  }
165
 
2243
 
2244
  return false;
2245
  }
2246
+
2247
+ /**
2248
+ * Get WSAL's frontend events option.
2249
+ *
2250
+ * @return array
2251
+ */
2252
+ public function get_frontend_events() {
2253
+ // Option defaults.
2254
+ $default = array(
2255
+ 'register' => false,
2256
+ 'login' => false,
2257
+ 'system' => false,
2258
+ 'woocommerce' => WpSecurityAuditLog::is_woocommerce_active(),
2259
+ );
2260
+
2261
+ // Get the option.
2262
+ $event_opt = 'wsal-frontend-events';
2263
+ $value = ! is_multisite() ? get_option( $event_opt, $default ) : get_network_option( get_main_network_id(), $event_opt, $default );
2264
+
2265
+ // Check for WooCommerce in case it is not stored.
2266
+ $value['woocommerce'] = ! isset( $value['woocommerce'] ) ? WpSecurityAuditLog::is_woocommerce_active() : $value['woocommerce'];
2267
+ return $value;
2268
+ }
2269
+
2270
+ /**
2271
+ * Set WSAL's frontend events option.
2272
+ *
2273
+ * @param array $value - Option values.
2274
+ * @return bool
2275
+ */
2276
+ public function set_frontend_events( $value = array() ) {
2277
+ $event_opt = 'wsal-frontend-events';
2278
+ return ! is_multisite() ? update_option( $event_opt, $value ) : update_network_option( get_main_network_id(), $event_opt, $value );
2279
+ }
2280
  }
classes/ViewManager.php CHANGED
@@ -82,6 +82,16 @@ class WSAL_ViewManager {
82
  $skip_views[] = $this->_plugin->GetBaseDir() . 'classes/Views/SetupWizard.php';
83
  }
84
 
 
 
 
 
 
 
 
 
 
 
85
  /**
86
  * Skipped Views.
87
  *
@@ -120,6 +130,11 @@ class WSAL_ViewManager {
120
  new WSAL_Views_SetupWizard( $plugin );
121
  }
122
 
 
 
 
 
 
123
  // Reorder WSAL submenu.
124
  add_filter( 'custom_menu_order', array( $this, 'reorder_wsal_submenu' ), 10, 1 );
125
 
82
  $skip_views[] = $this->_plugin->GetBaseDir() . 'classes/Views/SetupWizard.php';
83
  }
84
 
85
+ /**
86
+ * Add frontend setup wizard page to skip views. It will only be initialized
87
+ * one time.
88
+ *
89
+ * @since 3.5
90
+ */
91
+ if ( file_exists( $this->_plugin->GetBaseDir() . 'classes/Views/FrontendSetupWizard.php' ) ) {
92
+ $skip_views[] = $this->_plugin->GetBaseDir() . 'classes/Views/FrontendSetupWizard.php';
93
+ }
94
+
95
  /**
96
  * Skipped Views.
97
  *
130
  new WSAL_Views_SetupWizard( $plugin );
131
  }
132
 
133
+ // Initialize setup frontend wizard.
134
+ if ( 'no' === $this->_plugin->GetGlobalOption( 'front-end-setup-complete', 'no' ) ) {
135
+ new WSAL_Views_FrontendSetupWizard( $plugin );
136
+ }
137
+
138
  // Reorder WSAL submenu.
139
  add_filter( 'custom_menu_order', array( $this, 'reorder_wsal_submenu' ), 10, 1 );
140
 
classes/Views/FrontendSetupWizard.php ADDED
@@ -0,0 +1,511 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * View: WSAL Frontend Setup
4
+ *
5
+ * WSAL frontend setup class file.
6
+ *
7
+ * @since 3.2.3
8
+ * @package Wsal
9
+ */
10
+
11
+ // Exit if accessed directly.
12
+ if ( ! defined( 'ABSPATH' ) ) {
13
+ exit;
14
+ }
15
+
16
+ /**
17
+ * Class: WSAL Frontend Setup Wizard.
18
+ *
19
+ * WSAL setup wizard class which manages the functionality
20
+ * related to setup.
21
+ */
22
+ final class WSAL_Views_FrontendSetupWizard {
23
+
24
+ /**
25
+ * Instance of WpSecurityAuditLog
26
+ *
27
+ * @var WpSecurityAuditLog
28
+ */
29
+ private $wsal;
30
+
31
+ /**
32
+ * Wizard Steps
33
+ *
34
+ * @var array
35
+ */
36
+ private $wizard_steps;
37
+
38
+ /**
39
+ * Current Step
40
+ *
41
+ * @var string
42
+ */
43
+ private $current_step;
44
+
45
+ /**
46
+ * Method: Constructor.
47
+ *
48
+ * @param WpSecurityAuditLog $wsal – Instance of main plugin.
49
+ */
50
+ public function __construct( WpSecurityAuditLog $wsal ) {
51
+ $this->wsal = $wsal;
52
+ add_action( 'admin_menu', array( $this, 'admin_menus' ), 10 );
53
+ add_action( 'admin_init', array( $this, 'setup_page' ), 10 );
54
+ }
55
+
56
+ /**
57
+ * Ajax handler to verify setting token.
58
+ */
59
+ public function setup_check_security_token() {
60
+ if ( ! $this->wsal->settings->CurrentUserCan( 'view' ) ) {
61
+ echo wp_json_encode(
62
+ array(
63
+ 'success' => false,
64
+ 'message' => esc_html__( 'Access Denied.', 'wp-security-audit-log' ),
65
+ )
66
+ );
67
+ die();
68
+ }
69
+
70
+ //@codingStandardsIgnoreStart
71
+ $nonce = isset( $_POST['nonce'] ) ? sanitize_text_field( $_POST['nonce'] ) : false;
72
+ //@codingStandardsIgnoreEnd
73
+
74
+ if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wsal-verify-wizard-page' ) ) {
75
+ echo wp_json_encode(
76
+ array(
77
+ 'success' => false,
78
+ 'message' => esc_html__( 'Nonce verification failed.', 'wp-security-audit-log' ),
79
+ )
80
+ );
81
+ die();
82
+ }
83
+ die();
84
+ }
85
+
86
+ /**
87
+ * Add setup admin page.
88
+ */
89
+ public function admin_menus() {
90
+ add_dashboard_page( '', '', 'manage_options', 'wsal-front-setup', '' );
91
+ }
92
+
93
+ /**
94
+ * Setup Page Start.
95
+ */
96
+ public function setup_page() {
97
+ // Get page argument from $_GET array.
98
+ $page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
99
+ if ( empty( $page ) || 'wsal-front-setup' !== $page ) {
100
+ return;
101
+ }
102
+
103
+ /**
104
+ * Wizard Steps.
105
+ */
106
+ $this->wizard_steps = array(
107
+ 'welcome' => array(
108
+ 'name' => __( 'Welcome', 'wp-security-audit-log' ),
109
+ 'content' => array( $this, 'wsal_step_welcome' ),
110
+ ),
111
+ 'register' => array(
112
+ 'name' => __( 'User Registrations', 'wp-security-audit-log' ),
113
+ 'content' => array( $this, 'wsal_step_register' ),
114
+ 'save' => array( $this, 'wsal_step_register_save' ),
115
+ ),
116
+ 'login' => array(
117
+ 'name' => __( 'Log In', 'wp-security-audit-log' ),
118
+ 'content' => array( $this, 'wsal_step_login' ),
119
+ 'save' => array( $this, 'wsal_step_login_save' ),
120
+ ),
121
+ '404s' => array(
122
+ 'name' => __( '404s', 'wp-security-audit-log' ),
123
+ 'content' => array( $this, 'wsal_step_404s' ),
124
+ 'save' => array( $this, 'wsal_step_404s_save' ),
125
+ ),
126
+ 'finish' => array(
127
+ 'name' => __( 'Finish', 'wp-security-audit-log' ),
128
+ 'content' => array( $this, 'wsal_step_finish' ),
129
+ 'save' => array( $this, 'wsal_step_finish_save' ),
130
+ ),
131
+ );
132
+
133
+ // Set current step.
134
+ $current_step = filter_input( INPUT_GET, 'current-step', FILTER_SANITIZE_STRING );
135
+ $this->current_step = ! empty( $current_step ) ? $current_step : current( array_keys( $this->wizard_steps ) );
136
+
137
+ /**
138
+ * Enqueue Styles.
139
+ */
140
+ wp_enqueue_style(
141
+ 'wsal-wizard-css',
142
+ $this->wsal->GetBaseUrl() . '/css/dist/wsal-wizard.build.css',
143
+ array( 'dashicons', 'install', 'forms' ),
144
+ filemtime( $this->wsal->GetBaseDir() . 'css/dist/wsal-wizard.build.css' )
145
+ );
146
+
147
+ // Data array.
148
+ $data_array = array(
149
+ 'ajaxURL' => admin_url( 'admin-ajax.php' ),
150
+ 'nonce' => wp_create_nonce( 'wsal-verify-wizard-page' ),
151
+ );
152
+ wp_localize_script( 'wsal-wizard-js', 'wsalData', $data_array );
153
+
154
+ /**
155
+ * Save Wizard Settings.
156
+ */
157
+ $save_step = filter_input( INPUT_POST, 'save_step', FILTER_SANITIZE_STRING );
158
+ if ( ! empty( $save_step ) && ! empty( $this->wizard_steps[ $this->current_step ]['save'] ) ) {
159
+ call_user_func( $this->wizard_steps[ $this->current_step ]['save'] );
160
+ }
161
+
162
+ /**
163
+ * Close Wizard Settings.
164
+ */
165
+ $exit_wizard = filter_input( INPUT_GET, 'exit-wizard', FILTER_SANITIZE_STRING );
166
+ if ( ! empty( $exit_wizard ) ) {
167
+ call_user_func( array( $this, 'wsal_exit_frontend_wizard' ) );
168
+ }
169
+
170
+ ob_start();
171
+ $this->setup_page_header();
172
+ $this->setup_page_steps();
173
+ $this->setup_page_content();
174
+ $this->setup_page_footer();
175
+ exit;
176
+ }
177
+
178
+ /**
179
+ * Setup Page Header.
180
+ */
181
+ private function setup_page_header() {
182
+ ?>
183
+ <!DOCTYPE html>
184
+ <html <?php language_attributes(); ?>>
185
+ <head>
186
+ <meta name="viewport" content="width=device-width" />
187
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
188
+ <title><?php esc_html_e( 'WP Security Audit Log &rsaquo; Setup Wizard', 'wp-security-audit-log' ); ?></title>
189
+ <?php wp_print_scripts( 'wsal-wizard-js' ); ?>
190
+ <?php do_action( 'admin_print_styles' ); ?>
191
+ <?php do_action( 'admin_head' ); ?>
192
+ </head>
193
+ <body class="wsal-setup wp-core-ui">
194
+ <h1 id="wsal-logo"><a href="https://wpsecurityauditlog.com/" target="_blank"><img src="<?php echo esc_url( $this->wsal->GetBaseUrl() ); ?>/img/wsal-logo-full.png" alt="WP Security Audit Log" /></a></h1>
195
+ <?php
196
+ }
197
+
198
+ /**
199
+ * Setup Page Footer.
200
+ */
201
+ private function setup_page_footer() {
202
+ ?>
203
+ <div class="wsal-setup-footer">
204
+ <?php if ( 'welcome' !== $this->current_step && 'finish' !== $this->current_step ) : // Don't show the link on the first & last step. ?>
205
+ <a href="
206
+ <?php
207
+ echo esc_url(
208
+ add_query_arg(
209
+ array(
210
+ 'page' => 'wsal-front-setup',
211
+ 'exit-wizard' => wp_create_nonce( 'wsal-exit-wizard' ),
212
+ ),
213
+ admin_url()
214
+ )
215
+ );
216
+ ?>
217
+ "><?php esc_html_e( 'Close Wizard', 'wp-security-audit-log' ); ?></a>
218
+ <?php endif; ?>
219
+ </div>
220
+ </body>
221
+ </html>
222
+ <?php
223
+ }
224
+
225
+ /**
226
+ * Setup Page Steps.
227
+ */
228
+ private function setup_page_steps() {
229
+ ?>
230
+ <ul class="steps">
231
+ <?php
232
+ foreach ( $this->wizard_steps as $key => $step ) :
233
+ if ( $key === $this->current_step ) :
234
+ ?>
235
+ <li class="is-active"><?php echo esc_html( $step['name'] ); ?></li>
236
+ <?php else : ?>
237
+ <li></li>
238
+ <?php
239
+ endif;
240
+ endforeach;
241
+ ?>
242
+ </ul>
243
+ <?php
244
+ }
245
+
246
+ /**
247
+ * Get Next Step URL.
248
+ *
249
+ * @return string
250
+ */
251
+ private function get_next_step() {
252
+ // Get current step.
253
+ $current_step = $this->current_step;
254
+
255
+ // Array of step keys.
256
+ $keys = array_keys( $this->wizard_steps );
257
+ if ( end( $keys ) === $current_step ) { // If last step is active then return WP Admin URL.
258
+ return admin_url();
259
+ }
260
+
261
+ // Search for step index in step keys.
262
+ $step_index = array_search( $current_step, $keys, true );
263
+ if ( false === $step_index ) { // If index is not found then return empty string.
264
+ return '';
265
+ }
266
+
267
+ // Return next step.
268
+ return add_query_arg( 'current-step', $keys[ $step_index + 1 ] );
269
+ }
270
+
271
+ /**
272
+ * Setup Page Content.
273
+ */
274
+ private function setup_page_content() {
275
+ ?>
276
+ <div class="wsal-setup-content">
277
+ <?php
278
+ if ( ! empty( $this->wizard_steps[ $this->current_step ]['content'] ) ) {
279
+ call_user_func( $this->wizard_steps[ $this->current_step ]['content'] );
280
+ }
281
+ ?>
282
+ </div>
283
+ <?php
284
+ }
285
+
286
+ /**
287
+ * Step View: `Welcome`
288
+ */
289
+ private function wsal_step_welcome() {
290
+ ?>
291
+ <p><?php esc_html_e( 'In this update, we have improved the plugin\'s front-end sensors and performance. Use this quick 4-step wizard to fine tune the plugin for your website.', 'wp-security-audit-log' ); ?></p>
292
+
293
+ <div class="wsal-setup-actions">
294
+ <a class="button button-primary"
295
+ href="<?php echo esc_url( $this->get_next_step() ); ?>">
296
+ <?php esc_html_e( 'Start Configuring front-end sensors', 'wp-security-audit-log' ); ?>
297
+ </a>
298
+ <a class="button button-secondary"
299
+ href="
300
+ <?php
301
+ echo esc_url(
302
+ add_query_arg(
303
+ array(
304
+ 'page' => 'wsal-front-setup',
305
+ 'exit-wizard' => wp_create_nonce( 'wsal-exit-wizard' ),
306
+ ),
307
+ admin_url()
308
+ )
309
+ );
310
+ ?>
311
+ ">
312
+ <?php esc_html_e( 'Exit Wizard', 'wp-security-audit-log' ); ?>
313
+ </a>
314
+ </div>
315
+ <?php
316
+ }
317
+
318
+ /**
319
+ * Step View: `front end register sensors`
320
+ */
321
+ private function wsal_step_register() {
322
+ ?>
323
+ <form method="post" class="wsal-setup-form">
324
+ <?php wp_nonce_field( 'wsal-step-registers' ); ?>
325
+ <h4><?php esc_html_e( 'Can visitors register for a user on your website?', 'wp-security-audit-log' ); ?></h4>
326
+ <fieldset>
327
+ <label for="wsal-frontend-events-register-yes">
328
+ <input id="wsal-frontend-events-register-yes" name="wsal-front-end-register" type="radio" value="1">
329
+ <?php esc_html_e( 'Yes', 'wp-security-audit-log' ); ?>
330
+ </label>
331
+ <br />
332
+ <label for="wsal-frontend-events-register-no">
333
+ <input id="wsal-frontend-events-register-no" name="wsal-front-end-register" type="radio" value="0" checked>
334
+ <?php esc_html_e( 'No', 'wp-security-audit-log' ); ?>
335
+ </label>
336
+ <p class="description"><?php esc_html_e( 'If you are not sure about this setting, check if the Membership setting in the WordPress General settings is checked or not. If it is not checked (default) select No.', 'wp-security-audit-log' ); ?></p>
337
+ </fieldset>
338
+ <!-- Question -->
339
+ <div class="wsal-setup-actions">
340
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
341
+ </div>
342
+ </form>
343
+ <?php
344
+ }
345
+
346
+ /**
347
+ * Step Save: `Log Details`
348
+ */
349
+ private function wsal_step_register_save() {
350
+ // Check nonce.
351
+ check_admin_referer( 'wsal-step-registers' );
352
+
353
+ if ( isset( $_POST['wsal-front-end-register'] ) ) {
354
+ // Save frontend register sensors.
355
+ $frontend_sensors = $this->wsal->settings->get_frontend_events();
356
+ $register_sensor = sanitize_text_field( wp_unslash( $_POST['wsal-front-end-register'] ) );
357
+ $frontend_sensors['register'] = $register_sensor;
358
+
359
+ // Update option.
360
+ $this->wsal->settings->set_frontend_events( $frontend_sensors );
361
+ }
362
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
363
+ exit();
364
+ }
365
+
366
+ /**
367
+ * Step View: `Login Sensor`
368
+ */
369
+ private function wsal_step_login() {
370
+ ?>
371
+ <form method="post" class="wsal-setup-form">
372
+ <?php wp_nonce_field( 'wsal-step-login' ); ?>
373
+ <h4><?php esc_html_e( 'Do you or your users use other pages to log in to WordPress other than the default login page ( /wp-admin/ )?', 'wp-security-audit-log' ); ?></h4>
374
+ <fieldset>
375
+ <label for="wsal-frontend-events-login-yes">
376
+ <input id="wsal-frontend-events-login-yes" name="wsal-frontend-login" type="radio" value="1">
377
+ <?php esc_html_e( 'Yes, we use other pages to login to WordPress.', 'wp-security-audit-log' ); ?>
378
+ </label>
379
+ <br />
380
+ <label for="wsal-frontend-events-login-no">
381
+ <input id="wsal-frontend-events-login-no" name="wsal-frontend-login" type="radio" value="0" checked>
382
+ <?php esc_html_e( 'No, we only use the default WordPress login page.', 'wp-security-audit-log' ); ?>
383
+ </label>
384
+ <p class="description"><?php esc_html_e( 'If your website is a membership or ecommerce website most probably you have more than one area from where the users can login. If you are not sure, select Yes.', 'wp-security-audit-log' ); ?></p>
385
+ </fieldset>
386
+ <!-- Question -->
387
+ <div class="wsal-setup-actions">
388
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
389
+ </div>
390
+ </form>
391
+ <?php
392
+ }
393
+
394
+ /**
395
+ * Step Save: `Login Sensor`
396
+ */
397
+ private function wsal_step_login_save() {
398
+ // Check nonce.
399
+ check_admin_referer( 'wsal-step-login' );
400
+
401
+ if ( isset( $_POST['wsal-frontend-login'] ) ) {
402
+ $frontend_sensors = $this->wsal->settings->get_frontend_events();
403
+ $login_sensor = sanitize_text_field( wp_unslash( $_POST['wsal-frontend-login'] ) );
404
+ $login_sensor = '0' === $login_sensor ? false : $login_sensor; // Update the sensor option.
405
+ $frontend_sensors['login'] = $login_sensor;
406
+
407
+ // Update option.
408
+ $this->wsal->settings->set_frontend_events( $frontend_sensors );
409
+ }
410
+
411
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
412
+ exit();
413
+ }
414
+
415
+ /**
416
+ * Step View: `System Sensor`
417
+ */
418
+ private function wsal_step_404s() {
419
+ ?>
420
+ <form method="post" class="wsal-setup-form">
421
+ <?php wp_nonce_field( 'wsal-step-frontend-system' ); ?>
422
+ <h4><?php esc_html_e( 'Do you want to keep a log of (non-logged in) visitors’ requests to non-existing URLs which generate a HTTP 404 error response?', 'wp-security-audit-log' ); ?></h4>
423
+ <fieldset>
424
+ <label for="wsal-frontend-events-system-yes">
425
+ <input id="wsal-frontend-events-system-yes" name="wsal-frontend-system" type="radio" value="1">
426
+ <?php esc_html_e( 'Yes', 'wp-security-audit-log' ); ?>
427
+ </label>
428
+ <br />
429
+ <label for="wsal-frontend-events-system-no">
430
+ <input id="wsal-frontend-events-system-no" name="wsal-frontend-system" type="radio" value="0" checked>
431
+ <?php esc_html_e( 'No', 'wp-security-audit-log' ); ?>
432
+ </label>
433
+ </fieldset>
434
+ <!-- Question -->
435
+ <div class="wsal-setup-actions">
436
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
437
+ </div>
438
+ </form>
439
+ <?php
440
+ }
441
+
442
+ /**
443
+ * Step Save: `System Sensor`
444
+ */
445
+ private function wsal_step_404s_save() {
446
+ // Check nonce.
447
+ check_admin_referer( 'wsal-step-frontend-system' );
448
+
449
+ // Update system field.
450
+ if ( isset( $_POST['wsal-frontend-system'] ) ) {
451
+ $frontend_sensors = $this->wsal->settings->get_frontend_events();
452
+ $system_sensor = sanitize_text_field( wp_unslash( $_POST['wsal-frontend-system'] ) );
453
+ $system_sensor = '0' === $system_sensor ? false : $system_sensor; // Update the sensor option.
454
+ $frontend_sensors['system'] = $system_sensor;
455
+
456
+ // Update option.
457
+ $this->wsal->settings->set_frontend_events( $frontend_sensors );
458
+ }
459
+
460
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
461
+ exit();
462
+ }
463
+
464
+ /**
465
+ * Step View: `Finish`
466
+ */
467
+ private function wsal_step_finish() {
468
+ ?>
469
+ <p><?php esc_html_e( 'All the new settings have been applied. You can change these settings from the Front-end Events in the Enable/Disable Events section.', 'wp-security-audit-log' ); ?></p>
470
+
471
+ <form method="post" class="wsal-setup-form">
472
+ <?php wp_nonce_field( 'wsal-step-finish' ); ?>
473
+ <div class="wsal-setup-actions">
474
+ <button class="button button-primary"
475
+ type="submit"
476
+ name="save_step"
477
+ value="<?php esc_attr_e( 'Finish', 'wp-security-audit-log' ); ?>">
478
+ <?php esc_html_e( 'Finish', 'wp-security-audit-log' ); ?>
479
+ </button>
480
+ </div>
481
+ </form>
482
+ <?php
483
+ }
484
+
485
+ /**
486
+ * Step Save: `Finish`
487
+ */
488
+ private function wsal_step_finish_save() {
489
+ // Verify nonce.
490
+ check_admin_referer( 'wsal-step-finish' );
491
+
492
+ // Mark the finish of the setup.
493
+ $this->wsal->SetGlobalOption( 'front-end-setup-complete', 'yes' );
494
+
495
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
496
+ exit();
497
+ }
498
+
499
+ /**
500
+ * Exit Wizard
501
+ */
502
+ private function wsal_exit_frontend_wizard() {
503
+ if ( isset( $_GET['exit-wizard'] ) && wp_verify_nonce( $_GET['exit-wizard'], 'wsal-exit-wizard' ) ) {
504
+ // Mark the finish of the setup.
505
+ $this->wsal->SetGlobalOption( 'front-end-setup-complete', 'yes' );
506
+ wp_safe_redirect( admin_url() );
507
+ exit();
508
+ }
509
+
510
+ }
511
+ }
classes/Views/SetupWizard.php CHANGED
@@ -134,6 +134,21 @@ final class WSAL_Views_SetupWizard {
134
  'content' => array( $this, 'wsal_step_log_details' ),
135
  'save' => array( $this, 'wsal_step_log_details_save' ),
136
  ),
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
137
  'log_retention' => array(
138
  'name' => __( 'Log Retention', 'wp-security-audit-log' ),
139
  'content' => array( $this, 'wsal_step_log_retention' ),
@@ -262,10 +277,8 @@ final class WSAL_Views_SetupWizard {
262
  if ( $key === $this->current_step ) :
263
  ?>
264
  <li class="is-active"><?php echo esc_html( $step['name'] ); ?></li>
265
- <?php
266
- else :
267
- ?>
268
- <li><?php echo esc_html( $step['name'] ); ?></li>
269
  <?php
270
  endif;
271
  endforeach;
@@ -345,9 +358,7 @@ final class WSAL_Views_SetupWizard {
345
  ?>
346
  <form method="post" class="wsal-setup-form">
347
  <?php wp_nonce_field( 'wsal-step-log-details' ); ?>
348
- <h4>
349
- <?php esc_html_e( 'Please select the level of detail for your WordPress activity logs:', 'wp-security-audit-log' ); ?>
350
- </h4>
351
  <fieldset>
352
  <label for="basic">
353
  <input id="basic" name="wsal-details-level" type="radio" value="basic">
@@ -358,18 +369,10 @@ final class WSAL_Views_SetupWizard {
358
  <input id="geek" name="wsal-details-level" type="radio" value="geek" checked>
359
  <?php esc_html_e( 'Geek (I want to know everything that is happening on my WordPress)', 'wp-security-audit-log' ); ?>
360
  </label>
361
- <p class="description">
362
- <?php esc_html_e( 'Note: You can change the WordPress logging level from the plugin’s settings anytime.', 'wp-security-audit-log' ); ?>
363
- </p>
364
  </fieldset>
365
-
366
  <div class="wsal-setup-actions">
367
- <button class="button button-primary"
368
- type="submit"
369
- name="save_step"
370
- value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>">
371
- <?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?>
372
- </button>
373
  </div>
374
  </form>
375
  <?php
@@ -399,6 +402,152 @@ final class WSAL_Views_SetupWizard {
399
  exit();
400
  }
401
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
402
  /**
403
  * Step View: `Log Retention`
404
  */
134
  'content' => array( $this, 'wsal_step_log_details' ),
135
  'save' => array( $this, 'wsal_step_log_details_save' ),
136
  ),
137
+ 'login' => array(
138
+ 'name' => __( 'Log In', 'wp-security-audit-log' ),
139
+ 'content' => array( $this, 'wsal_step_login' ),
140
+ 'save' => array( $this, 'wsal_step_login_save' ),
141
+ ),
142
+ '404s' => array(
143
+ 'name' => __( '404s', 'wp-security-audit-log' ),
144
+ 'content' => array( $this, 'wsal_step_404s' ),
145
+ 'save' => array( $this, 'wsal_step_404s_save' ),
146
+ ),
147
+ 'register' => array(
148
+ 'name' => __( 'User Registrations', 'wp-security-audit-log' ),
149
+ 'content' => array( $this, 'wsal_step_register' ),
150
+ 'save' => array( $this, 'wsal_step_register_save' ),
151
+ ),
152
  'log_retention' => array(
153
  'name' => __( 'Log Retention', 'wp-security-audit-log' ),
154
  'content' => array( $this, 'wsal_step_log_retention' ),
277
  if ( $key === $this->current_step ) :
278
  ?>
279
  <li class="is-active"><?php echo esc_html( $step['name'] ); ?></li>
280
+ <?php else : ?>
281
+ <li></li>
 
 
282
  <?php
283
  endif;
284
  endforeach;
358
  ?>
359
  <form method="post" class="wsal-setup-form">
360
  <?php wp_nonce_field( 'wsal-step-log-details' ); ?>
361
+ <h4><?php esc_html_e( 'Please select the level of detail for your WordPress activity logs:', 'wp-security-audit-log' ); ?></h4>
 
 
362
  <fieldset>
363
  <label for="basic">
364
  <input id="basic" name="wsal-details-level" type="radio" value="basic">
369
  <input id="geek" name="wsal-details-level" type="radio" value="geek" checked>
370
  <?php esc_html_e( 'Geek (I want to know everything that is happening on my WordPress)', 'wp-security-audit-log' ); ?>
371
  </label>
372
+ <p class="description"><?php esc_html_e( 'Note: You can change the WordPress logging level from the plugin’s settings anytime.', 'wp-security-audit-log' ); ?></p>
 
 
373
  </fieldset>
 
374
  <div class="wsal-setup-actions">
375
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
 
 
 
 
 
376
  </div>
377
  </form>
378
  <?php
402
  exit();
403
  }
404
 
405
+ /**
406
+ * Step View: `Login Sensor`
407
+ */
408
+ private function wsal_step_login() {
409
+ ?>
410
+ <form method="post" class="wsal-setup-form">
411
+ <?php wp_nonce_field( 'wsal-step-login' ); ?>
412
+ <h4><?php esc_html_e( 'Do you or your users use other pages to log in to WordPress other than the default login page ( /wp-admin/ )?', 'wp-security-audit-log' ); ?></h4>
413
+ <fieldset>
414
+ <label for="wsal-frontend-events-login-yes">
415
+ <input id="wsal-frontend-events-login-yes" name="wsal-frontend-login" type="radio" value="1">
416
+ <?php esc_html_e( 'Yes, we use other pages to login to WordPress.', 'wp-security-audit-log' ); ?>
417
+ </label>
418
+ <br />
419
+ <label for="wsal-frontend-events-login-no">
420
+ <input id="wsal-frontend-events-login-no" name="wsal-frontend-login" type="radio" value="0" checked>
421
+ <?php esc_html_e( 'No, we only use the default WordPress login page.', 'wp-security-audit-log' ); ?>
422
+ </label>
423
+ <p class="description"><?php esc_html_e( 'If your website is a membership or ecommerce website most probably you have more than one area from where the users can login. If you are not sure, select Yes.', 'wp-security-audit-log' ); ?></p>
424
+ </fieldset>
425
+ <!-- Question -->
426
+ <p class="description"><?php esc_html_e( 'Note: You can change the WordPress activity log retention settings at any time from the plugin settings later on.', 'wp-security-audit-log' ); ?></p>
427
+ <div class="wsal-setup-actions">
428
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
429
+ </div>
430
+ </form>
431
+ <?php
432
+ }
433
+
434
+ /**
435
+ * Step Save: `Login Sensor`
436
+ */
437
+ private function wsal_step_login_save() {
438
+ // Check nonce.
439
+ check_admin_referer( 'wsal-step-login' );
440
+
441
+ if ( isset( $_POST['wsal-frontend-login'] ) ) {
442
+ $frontend_sensors = $this->wsal->settings->get_frontend_events(); // Get the frontend sensors setting.
443
+ $login_sensor = sanitize_text_field( wp_unslash( $_POST['wsal-frontend-login'] ) );
444
+ $login_sensor = '0' === $login_sensor ? false : $login_sensor; // Update the sensor option.
445
+
446
+ $frontend_sensors['login'] = $login_sensor;
447
+ $this->wsal->settings->set_frontend_events( $frontend_sensors );
448
+ }
449
+
450
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
451
+ exit();
452
+ }
453
+
454
+ /**
455
+ * Step View: `404s Sensor`
456
+ */
457
+ private function wsal_step_404s() {
458
+ ?>
459
+ <form method="post" class="wsal-setup-form">
460
+ <?php wp_nonce_field( 'wsal-step-404s' ); ?>
461
+ <h4><?php esc_html_e( 'Do you want to keep a log of (non-logged in) visitors’ requests to non-existing URLs which generate a HTTP 404 error response?', 'wp-security-audit-log' ); ?></h4>
462
+ <fieldset>
463
+ <label for="wsal-frontend-events-system-yes">
464
+ <input id="wsal-frontend-events-system-yes" name="wsal-frontend-system" type="radio" value="1">
465
+ <?php esc_html_e( 'Yes', 'wp-security-audit-log' ); ?>
466
+ </label>
467
+ <br />
468
+ <label for="wsal-frontend-events-system-no">
469
+ <input id="wsal-frontend-events-system-no" name="wsal-frontend-system" type="radio" value="0" checked>
470
+ <?php esc_html_e( 'No', 'wp-security-audit-log' ); ?>
471
+ </label>
472
+ </fieldset>
473
+ <!-- Question -->
474
+ <p class="description"><?php esc_html_e( 'Note: You can change the WordPress activity log retention settings at any time from the plugin settings later on.', 'wp-security-audit-log' ); ?></p>
475
+ <div class="wsal-setup-actions">
476
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
477
+ </div>
478
+ </form>
479
+ <?php
480
+ }
481
+
482
+ /**
483
+ * Step Save: `404s Sensor`
484
+ */
485
+ private function wsal_step_404s_save() {
486
+ // Check nonce.
487
+ check_admin_referer( 'wsal-step-404s' );
488
+
489
+ if ( isset( $_POST['wsal-frontend-system'] ) ) {
490
+ $frontend_sensors = $this->wsal->settings->get_frontend_events(); // Get the frontend sensors setting.
491
+ $system_sensor = sanitize_text_field( wp_unslash( $_POST['wsal-frontend-system'] ) );
492
+ $system_sensor = '0' === $system_sensor ? false : $system_sensor; // Update the sensor option.
493
+
494
+ $frontend_sensors['system'] = $system_sensor;
495
+ $this->wsal->settings->set_frontend_events( $frontend_sensors );
496
+ }
497
+
498
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
499
+ exit();
500
+ }
501
+
502
+ /**
503
+ * Step View: `Register Sensor`
504
+ */
505
+ private function wsal_step_register() {
506
+ ?>
507
+ <form method="post" class="wsal-setup-form">
508
+ <?php wp_nonce_field( 'wsal-step-frontend-register' ); ?>
509
+ <h4><?php esc_html_e( 'Can visitors register for a user on your website?', 'wp-security-audit-log' ); ?></h4>
510
+ <fieldset>
511
+ <label for="wsal-frontend-events-register-yes">
512
+ <input id="wsal-frontend-events-register-yes" name="wsal-frontend-register" type="radio" value="1">
513
+ <?php esc_html_e( 'Yes', 'wp-security-audit-log' ); ?>
514
+ </label>
515
+ <br />
516
+ <label for="wsal-frontend-events-register-no">
517
+ <input id="wsal-frontend-events-register-no" name="wsal-frontend-register" type="radio" value="0" checked>
518
+ <?php esc_html_e( 'No', 'wp-security-audit-log' ); ?>
519
+ </label>
520
+ <p class="description"><?php esc_html_e( 'If you are not sure about this setting, check if the Membership setting in the WordPress General settings is checked or not. If it is not checked (default) select No.', 'wp-security-audit-log' ); ?></p>
521
+ </fieldset>
522
+ <!-- Question -->
523
+ <p class="description"><?php esc_html_e( 'Note: You can change the WordPress activity log retention settings at any time from the plugin settings later on.', 'wp-security-audit-log' ); ?></p>
524
+ <div class="wsal-setup-actions">
525
+ <button class="button button-primary" type="submit" name="save_step" value="<?php esc_attr_e( 'Next', 'wp-security-audit-log' ); ?>"><?php esc_html_e( 'Next', 'wp-security-audit-log' ); ?></button>
526
+ </div>
527
+ </form>
528
+ <?php
529
+ }
530
+
531
+ /**
532
+ * Step Save: `Register Sensor`
533
+ */
534
+ private function wsal_step_register_save() {
535
+ // Check nonce.
536
+ check_admin_referer( 'wsal-step-frontend-register' );
537
+
538
+ if ( isset( $_POST['wsal-frontend-register'] ) ) {
539
+ $frontend_sensors = $this->wsal->settings->get_frontend_events(); // Get the frontend sensors setting.
540
+ $register_sensor = sanitize_text_field( wp_unslash( $_POST['wsal-frontend-register'] ) );
541
+ $register_sensor = '0' === $register_sensor ? false : $register_sensor; // Update the sensor option.
542
+
543
+ $frontend_sensors['register'] = $register_sensor;
544
+ $this->wsal->settings->set_frontend_events( $frontend_sensors );
545
+ }
546
+
547
+ wp_safe_redirect( esc_url_raw( $this->get_next_step() ) );
548
+ exit();
549
+ }
550
+
551
  /**
552
  * Step View: `Log Retention`
553
  */
classes/Views/ToggleAlerts.php CHANGED
@@ -68,18 +68,34 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
68
  // Filter $_POST array.
69
  $post_array = filter_input_array( INPUT_POST );
70
 
 
 
 
 
 
 
 
 
 
 
 
 
71
  $enabled = array_map( 'intval', $post_array['alert'] );
72
  $disabled = array();
73
  foreach ( $this->_plugin->alerts->GetAlerts() as $alert ) {
 
 
 
 
 
 
 
74
  if ( ! in_array( $alert->type, $enabled, true ) ) {
75
  $disabled[] = $alert->type;
76
  }
77
  }
78
 
79
- if ( isset( $post_array['disable-visitor-events'] ) && 'yes' === $this->_plugin->GetGlobalOption( 'disable-visitor-events', 'no' ) ) {
80
- $public_events = $this->_plugin->alerts->get_public_events();
81
- $disabled = array_diff( $disabled, $public_events );
82
- }
83
  $this->_plugin->alerts->SetDisabledAlerts( $disabled );
84
 
85
  $this->_plugin->SetGlobalOption( 'log-404', isset( $post_array['log_404'] ) ? 'on' : 'off' );
@@ -113,9 +129,6 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
113
 
114
  // Set the option.
115
  $this->_plugin->SetGlobalOption( 'scan-file-changes', $file_change_toggle );
116
-
117
- // Set the visitor events option.
118
- $this->_plugin->SetGlobalOption( 'disable-visitor-events', isset( $post_array['disable-visitor-events'] ) ? 'no' : 'yes' );
119
  }
120
 
121
  /**
@@ -175,7 +188,6 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
175
  $log_details = $this->_plugin->GetGlobalOption( 'details-level', false ); // Get log level option.
176
 
177
  $subcat_alerts = array( 1004, 2010, 6007, 2111, 2119, 2016, 2053, 7000, 8009, 8014, 4013, 9007, 9047, 9027, 9002, 9057, 9063, 9035, 9083, 8809, 8813, 6000, 6001, 6028 );
178
- $public_events = $this->_plugin->alerts->get_public_events(); // Get public events.
179
  ?>
180
  <p>
181
  <form method="post" id="wsal-alerts-level">
@@ -204,15 +216,13 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
204
  </form>
205
  </p>
206
  <h2 id="wsal-tabs" class="nav-tab-wrapper">
207
- <?php
208
- foreach ( $safe_names as $name => $safe ) :
209
- if ( __( 'Third Party Plugins', 'wp-security-audit-log' ) === $name ) :
210
- ?>
211
- <a href="#tab-visitor-events" class="nav-tab">
212
- <?php esc_html_e( 'Visitor Events', 'wp-security-audit-log' ); ?>
213
  </a>
214
  <?php endif; ?>
215
- <a href="#tab-<?php echo esc_attr( $safe ); ?>" class="nav-tab"><?php echo esc_html( $name ); ?></a>
216
  <?php endforeach; ?>
217
  </h2>
218
  <form id="audit-log-viewer" method="post">
@@ -386,9 +396,11 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
386
  if ( $alert->type <= 0006 ) {
387
  continue; // <- Ignore php alerts.
388
  }
389
- if ( 9999 === $alert->type ) {
 
390
  continue; // <- Ignore promo alerts.
391
  }
 
392
  $attrs = '';
393
  switch ( true ) {
394
  case ! $alert->mesg:
@@ -471,8 +483,6 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
471
  <?php
472
  if ( ! empty( $disabled ) ) {
473
  echo esc_attr( $disabled );
474
- } elseif ( 'no' !== $this->_plugin->GetGlobalOption( 'disable-visitor-events', 'no' ) && in_array( $alert->type, $public_events, true ) ) {
475
- echo 'disabled';
476
  }
477
  ?>
478
  <?php echo ( __( 'File Changes', 'wp-security-audit-log' ) === $subname ) ? 'onclick="wsal_toggle_file_changes(this)"' : false; ?>
@@ -529,39 +539,6 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
529
  </tr>
530
  <?php
531
  }
532
- if ( 6023 === $alert->type ) {
533
- $log_visitor_404 = $this->_plugin->GetGlobalOption( 'log-visitor-404' );
534
- $purge_visitor_log = $this->_plugin->GetGlobalOption( 'purge-visitor-404-log' );
535
- $log_visitor_404_referrer = $this->_plugin->GetGlobalOption( 'log-visitor-404-referrer', 'on' );
536
- ?>
537
- <tr>
538
- <td></td>
539
- <td>
540
- <input name="log_visitor_404" type="checkbox" class="check_visitor_log" value="1"
541
- <?php checked( $log_visitor_404, 'on' ); ?> />
542
- </td>
543
- <td colspan="2"><?php esc_html_e( 'Capture 404 requests to file (the log file are created in the /wp-content/uploads/wp-security-audit-log/404s/ directory)', 'wp-security-audit-log' ); ?></td>
544
- </tr>
545
- <tr>
546
- <td></td>
547
- <td>
548
- <input name="purge_visitor_log" type="checkbox" class="check_visitor_log" value="1"
549
- <?php checked( $purge_visitor_log, 'on' ); ?> />
550
- </td>
551
- <td colspan="2"><?php esc_html_e( 'Purge log files older than one month', 'wp-security-audit-log' ); ?></td>
552
- </tr>
553
- <tr>
554
- <td></td>
555
- <td colspan="1"><input type="number" id="visitor_404Limit" name="visitor_404Limit" value="<?php echo esc_attr( $this->_plugin->settings->GetVisitor404LogLimit() ); ?>" /></td>
556
- <td colspan="2"><?php esc_html_e( 'Number of 404 Requests to Log. By default the plugin keeps up to 99 requests to non-existing pages from the same IP address. Increase the value in this setting to the desired amount to keep a log of more or less requests. Note that by increasing this value to a high number, should your website be scanned the plugin will consume more resources to log all the requests.', 'wp-security-audit-log' ); ?></td>
557
- </tr>
558
- <tr>
559
- <td></td>
560
- <td><input name="log_visitor_404_referrer" type="checkbox" class="check_log" value="1" <?php checked( $log_visitor_404_referrer, 'on' ); ?>></td>
561
- <td colspan="2"><?php esc_html_e( 'Record the referrer that generated the 404 error.', 'wp-security-audit-log' ); ?></td>
562
- </tr>
563
- <?php
564
- }
565
  if ( 1002 === $alert->type ) {
566
  $log_failed_login_limit = (int) $this->_plugin->GetGlobalOption( 'log-failed-login-limit', 10 );
567
  $log_failed_login_limit = ( -1 === $log_failed_login_limit ) ? '0' : $log_failed_login_limit;
@@ -632,34 +609,83 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
632
  ?>
633
  </div>
634
  <?php endforeach; ?>
635
- <div class="wsal-tab" id="tab-visitor-events">
636
- <h4><?php esc_html_e( 'The plugin also keeps a log of some events that website visitors (non-logged in users) do because it is typically required by site admins. You can disable these events from here:', 'wp-security-audit-log' ); ?></h4>
637
- <table class="form-table">
638
- <th><label for="enable-visitor-events"><?php esc_html_e( 'Enable website visitors events', 'wp-security-audit-log' ); ?></label></th>
639
- <td>
640
- <fieldset>
641
- <?php $disable_visitor_events = $this->_plugin->GetGlobalOption( 'disable-visitor-events', 'no' ); ?>
642
- <label for="disable-visitor-events">
643
- <input type="checkbox" id="disable-visitor-events" name="disable-visitor-events" <?php checked( $disable_visitor_events, 'no' ); ?> value="no" />
644
- <?php esc_html_e( 'Enable', 'wp-security-audit-log' ); ?>
645
- </label>
646
- </fieldset>
647
- </td>
648
- </table>
649
- <p class="description"><?php esc_html_e( 'Below is the list of the events which are disabled when the above option is disabled:', 'wp-security-audit-log' ); ?></p>
650
- <ul>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
651
  <?php
652
- $wsal_alerts = $this->_plugin->alerts->GetAlerts(); // Get alerts list.
653
- foreach ( $public_events as $public_event ) :
654
- if ( isset( $wsal_alerts[ $public_event ] ) ) :
655
- ?>
656
- <li><?php echo esc_html( $wsal_alerts[ $public_event ]->type . ' — ' . $wsal_alerts[ $public_event ]->desc ); ?></li>
657
- <?php
658
- endif;
659
- endforeach;
660
  ?>
661
- </ul>
662
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
663
  </div>
664
  <p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="<?php echo esc_attr( __( 'Save Changes', 'wp-security-audit-log' ) ); ?>"></p>
665
  </form>
@@ -721,6 +747,12 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
721
  .wsal-tab tr.alert-unavailable td {
722
  color: #CCC;
723
  }
 
 
 
 
 
 
724
  .wsal-sub-tabs {
725
  padding-left: 20px;
726
  }
@@ -741,6 +773,32 @@ class WSAL_Views_ToggleAlerts extends WSAL_AbstractView {
741
  margin: 0.5em 0;
742
  margin-left: 8px;
743
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
744
  </style>
745
  <?php
746
  }
68
  // Filter $_POST array.
69
  $post_array = filter_input_array( INPUT_POST );
70
 
71
+ $frontend_events = array(
72
+ 'register' => false,
73
+ 'login' => false,
74
+ 'system' => false,
75
+ 'woocommerce' => false,
76
+ );
77
+
78
+ if ( isset( $post_array['frontend-events'] ) ) {
79
+ $frontend_events = array_merge( $frontend_events, $post_array['frontend-events'] );
80
+ }
81
+ $this->_plugin->settings->set_frontend_events( $frontend_events );
82
+
83
  $enabled = array_map( 'intval', $post_array['alert'] );
84
  $disabled = array();
85
  foreach ( $this->_plugin->alerts->GetAlerts() as $alert ) {
86
+ if ( 6023 === $alert->type && ! $frontend_events['system'] ) {
87
+ $disabled[] = $alert->type;
88
+ continue;
89
+ } elseif ( 6023 === $alert->type ) {
90
+ continue;
91
+ }
92
+
93
  if ( ! in_array( $alert->type, $enabled, true ) ) {
94
  $disabled[] = $alert->type;
95
  }
96
  }
97
 
98
+ // Save the disabled events.
 
 
 
99
  $this->_plugin->alerts->SetDisabledAlerts( $disabled );
100
 
101
  $this->_plugin->SetGlobalOption( 'log-404', isset( $post_array['log_404'] ) ? 'on' : 'off' );
129
 
130
  // Set the option.
131
  $this->_plugin->SetGlobalOption( 'scan-file-changes', $file_change_toggle );
 
 
 
132
  }
133
 
134
  /**
188
  $log_details = $this->_plugin->GetGlobalOption( 'details-level', false ); // Get log level option.
189
 
190
  $subcat_alerts = array( 1004, 2010, 6007, 2111, 2119, 2016, 2053, 7000, 8009, 8014, 4013, 9007, 9047, 9027, 9002, 9057, 9063, 9035, 9083, 8809, 8813, 6000, 6001, 6028 );
 
191
  ?>
192
  <p>
193
  <form method="post" id="wsal-alerts-level">
216
  </form>
217
  </p>
218
  <h2 id="wsal-tabs" class="nav-tab-wrapper">
219
+ <?php foreach ( $safe_names as $name => $safe ) : ?>
220
+ <a href="#tab-<?php echo esc_attr( $safe ); ?>" class="nav-tab"><?php echo esc_html( $name ); ?></a>
221
+ <?php if ( __( 'Third Party Plugins', 'wp-security-audit-log' ) === $name ) : ?>
222
+ <a href="#tab-frontend-events" class="nav-tab">
223
+ <?php esc_html_e( 'Front-end Events', 'wp-security-audit-log' ); ?>
 
224
  </a>
225
  <?php endif; ?>
 
226
  <?php endforeach; ?>
227
  </h2>
228
  <form id="audit-log-viewer" method="post">
396
  if ( $alert->type <= 0006 ) {
397
  continue; // <- Ignore php alerts.
398
  }
399
+
400
+ if ( in_array( $alert->type, array( 9999, 2126, 6023 ), true ) ) {
401
  continue; // <- Ignore promo alerts.
402
  }
403
+
404
  $attrs = '';
405
  switch ( true ) {
406
  case ! $alert->mesg:
483
  <?php
484
  if ( ! empty( $disabled ) ) {
485
  echo esc_attr( $disabled );
 
 
486
  }
487
  ?>
488
  <?php echo ( __( 'File Changes', 'wp-security-audit-log' ) === $subname ) ? 'onclick="wsal_toggle_file_changes(this)"' : false; ?>
539
  </tr>
540
  <?php
541
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
542
  if ( 1002 === $alert->type ) {
543
  $log_failed_login_limit = (int) $this->_plugin->GetGlobalOption( 'log-failed-login-limit', 10 );
544
  $log_failed_login_limit = ( -1 === $log_failed_login_limit ) ? '0' : $log_failed_login_limit;
609
  ?>
610
  </div>
611
  <?php endforeach; ?>
612
+ <?php
613
+ $frontend_events = $this->_plugin->settings->get_frontend_events();
614
+ ?>
615
+ <table id="tab-frontend-events" class="form-table wp-list-table wsal-tab widefat fixed" style="display: table;" cellspacing="0">
616
+ <tbody>
617
+ <tr>
618
+ <td>
619
+ <p><?php esc_html_e( 'This plugin keeps a log of what your website users are doing when they are logged in. On top of that it can also keep a log of some important events of (non logged in) website visitors. Use the below settings to enable / disable any of the front-end sensors:', 'wp-security-audit-log' ); ?></p>
620
+ </td>
621
+ </tr>
622
+ <tr>
623
+ <td>
624
+ <h3 style="margin:0"><?php esc_html_e( 'Front-end users registrations', 'wp-security-audit-log' ); ?></h3>
625
+ </td>
626
+ </tr>
627
+ <tr>
628
+ <th><input type="checkbox" name="frontend-events[register]" id="frontend-events-register" value="1" <?php checked( $frontend_events['register'] ); ?>></th>
629
+ <td>
630
+ <label for="frontend-events-register"><?php esc_html_e( 'Keep a log when a visitor registers a user on the website. Only enable this if you allow visitors to register as users on your website. User registration is disabled by default in WordPress.', 'wp-security-audit-log' ); ?></label>
631
+ </td>
632
+ </tr>
633
+ <tr>
634
+ <td>
635
+ <h3 style="margin:0"><?php esc_html_e( 'Front-end users logins', 'wp-security-audit-log' ); ?></h3>
636
+ </td>
637
+ </tr>
638
+ <tr>
639
+ <th><input type="checkbox" name="frontend-events[login]" id="frontend-events-login" value="1" <?php checked( $frontend_events['login'] ); ?>></th>
640
+ <td>
641
+ <label for="frontend-events-login"><?php esc_html_e( 'Keep a log when users login to the website from other login pages / forms other than the default WordPress login page.', 'wp-security-audit-log' ); ?></label>
642
+ </td>
643
+ </tr>
644
+ <tr>
645
+ <td>
646
+ <h3 style="margin:0"><?php esc_html_e( 'Website visitors 404 errors', 'wp-security-audit-log' ); ?></h3>
647
+ </td>
648
+ </tr>
649
+ <tr>
650
+ <th><input type="checkbox" name="frontend-events[system]" id="frontend-events-system" value="1" <?php checked( $frontend_events['system'] ); ?>></th>
651
+ <td >
652
+ <label for="frontend-events-system"><?php esc_html_e( 'Event ID 6023: Keep a log when a website visitor requests a non-existing URL (HTTP 404 response error).', 'wp-security-audit-log' ); ?></label>
653
+ </td>
654
+ </tr>
655
  <?php
656
+ $log_visitor_404 = $this->_plugin->GetGlobalOption( 'log-visitor-404' );
657
+ $purge_visitor_log = $this->_plugin->GetGlobalOption( 'purge-visitor-404-log' );
658
+ $log_visitor_404_referrer = $this->_plugin->GetGlobalOption( 'log-visitor-404-referrer', 'on' );
 
 
 
 
 
659
  ?>
660
+ <tr>
661
+ <td><input name="log_visitor_404" type="checkbox" class="check_visitor_log" value="1" <?php checked( $log_visitor_404, 'on' ); ?> /></td>
662
+ <td><?php esc_html_e( 'Capture 404 requests to file (the log file are created in the /wp-content/uploads/wp-security-audit-log/404s/ directory)', 'wp-security-audit-log' ); ?></td>
663
+ </tr>
664
+ <tr>
665
+ <td><input name="purge_visitor_log" type="checkbox" class="check_visitor_log" value="1" <?php checked( $purge_visitor_log, 'on' ); ?> /></td>
666
+ <td><?php esc_html_e( 'Purge log files older than one month', 'wp-security-audit-log' ); ?></td>
667
+ </tr>
668
+ <tr>
669
+ <td><input type="number" id="visitor_404Limit" name="visitor_404Limit" value="<?php echo esc_attr( $this->_plugin->settings->GetVisitor404LogLimit() ); ?>" /></td>
670
+ <td><?php esc_html_e( 'Number of 404 Requests to Log. By default the plugin keeps up to 99 requests to non-existing pages from the same IP address. Increase the value in this setting to the desired amount to keep a log of more or less requests. Note that by increasing this value to a high number, should your website be scanned the plugin will consume more resources to log all the requests.', 'wp-security-audit-log' ); ?></td>
671
+ </tr>
672
+ <tr>
673
+ <td><input name="log_visitor_404_referrer" type="checkbox" class="check_log" value="1" <?php checked( $log_visitor_404_referrer, 'on' ); ?>></td>
674
+ <td><?php esc_html_e( 'Record the referrer that generated the 404 error.', 'wp-security-audit-log' ); ?></td>
675
+ </tr>
676
+ <tr>
677
+ <td>
678
+ <h3 style="margin:0"><?php esc_html_e( 'Front-end WooCommerce activity', 'wp-security-audit-log' ); ?></h3>
679
+ </td>
680
+ </tr>
681
+ <tr>
682
+ <th><input type="checkbox" name="frontend-events[woocommerce]" id="frontend-events-woocommerce" value="1" <?php checked( $frontend_events['woocommerce'] ); ?>></th>
683
+ <td >
684
+ <label for="frontend-events-woocommerce"><?php esc_html_e( 'Keep a log of product stocks and orders changes done by website visitors (non-logged in). Regardless of the state of this setting, the plugin always keeps a log of changes done by logged in users.', 'wp-security-audit-log' ); ?></label>
685
+ </td>
686
+ </tr>
687
+ </tbody>
688
+ </table>
689
  </div>
690
  <p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="<?php echo esc_attr( __( 'Save Changes', 'wp-security-audit-log' ) ); ?>"></p>
691
  </form>
747
  .wsal-tab tr.alert-unavailable td {
748
  color: #CCC;
749
  }
750
+
751
+ #tab-frontend-events tr input[type=number]::-webkit-inner-spin-button,
752
+ #tab-frontend-events tr input[type=number]::-webkit-outer-spin-button {
753
+ -webkit-appearance: none;
754
+ margin: 0;
755
+ }
756
  .wsal-sub-tabs {
757
  padding-left: 20px;
758
  }
773
  margin: 0.5em 0;
774
  margin-left: 8px;
775
  }
776
+ table#tab-frontend-events {
777
+ margin-top: 0;
778
+ }
779
+ table#tab-frontend-events tr {
780
+ display: table;
781
+ }
782
+
783
+ table#tab-frontend-events tr th {
784
+ width: 20px;
785
+ padding-left: 10px;
786
+ }
787
+
788
+ table#tab-frontend-events tr td:first-child {
789
+ padding-left: 55px;
790
+ }
791
+
792
+ table#tab-frontend-events tr:first-child td:first-child {
793
+ padding-left: 10px;
794
+ }
795
+
796
+ table#tab-frontend-events tr:nth-child(2) td:first-child,
797
+ table#tab-frontend-events tr:nth-child(4) td:first-child,
798
+ table#tab-frontend-events tr:nth-child(6) td:first-child,
799
+ table#tab-frontend-events tr:nth-child(12) td:first-child {
800
+ padding-left: 10px;
801
+ }
802
  </style>
803
  <?php
804
  }
css/dist/wsal-wizard.build.css CHANGED
@@ -168,4 +168,6 @@
168
  background: #FFE;
169
  border-color: #ED5; }
170
 
171
- /*# sourceMappingURL=wsal-wizard.build.css.map*/
 
 
168
  background: #FFE;
169
  border-color: #ED5; }
170
 
171
+ p.description {
172
+ font-size: 13px;
173
+ font-style: italic; }
css/src/wsal-wizard.scss CHANGED
@@ -180,3 +180,8 @@
180
  .sectoken-user { background: #EFF; border-color: #5BE; }
181
  .sectoken-ip { background: #FFE; border-color: #ED5; }
182
  .sectoken-other { background: #FFE; border-color: #ED5; }
 
 
 
 
 
180
  .sectoken-user { background: #EFF; border-color: #5BE; }
181
  .sectoken-ip { background: #FFE; border-color: #ED5; }
182
  .sectoken-other { background: #FFE; border-color: #ED5; }
183
+
184
+ p.description {
185
+ font-size: 13px;
186
+ font-style: italic;
187
+ }
languages/wp-security-audit-log.pot CHANGED
@@ -3,8 +3,8 @@ msgid ""
3
  msgstr ""
4
  "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
5
  "Project-Id-Version: WP Security Audit Log\n"
6
- "POT-Creation-Date: 2019-08-29 10:22+0200\n"
7
- "PO-Revision-Date: 2019-08-29 10:22+0200\n"
8
  "Last-Translator: \n"
9
  "Language-Team: \n"
10
  "MIME-Version: 1.0\n"
@@ -22,59 +22,59 @@ msgstr ""
22
  "X-Poedit-SearchPathExcluded-0: *.min.js\n"
23
 
24
  #. translators: Event ID
25
- #: classes/AlertManager.php:339
26
  #, php-format
27
  msgid "Event with code %d has not be registered."
28
  msgstr ""
29
 
30
- #: classes/AlertManager.php:394
31
  #, php-format
32
  msgid "Event %s already registered with WP Security Audit Log."
33
  msgstr ""
34
 
35
- #: classes/AlertManager.php:429
36
  msgid ""
37
  "You have custom events that are using the same ID or IDs which are already "
38
  "registered in the plugin, so they have been disabled."
39
  msgstr ""
40
 
41
- #: classes/AlertManager.php:432
42
  #, php-format
43
  msgid "%4$s to help you solve this issue."
44
  msgstr ""
45
 
46
- #: classes/AlertManager.php:434
47
  msgid "ERROR:"
48
  msgstr ""
49
 
50
- #: classes/AlertManager.php:436
51
  msgid "Contact us"
52
  msgstr ""
53
 
54
- #: classes/AlertManager.php:1218 classes/Views/ToggleAlerts.php:229
55
- #: classes/Views/ToggleAlerts.php:261 defaults.php:306
56
  msgid "Pages"
57
  msgstr ""
58
 
59
- #: classes/AlertManager.php:1218 classes/Views/ToggleAlerts.php:229
60
- #: classes/Views/ToggleAlerts.php:261 defaults.php:266
61
  msgid "Custom Post Types"
62
  msgstr ""
63
 
64
- #: classes/AlertManager.php:1540
65
  msgid "System Activity"
66
  msgstr ""
67
 
68
- #: classes/AlertManager.php:1600 classes/AuditLogListView.php:437
69
  msgid "Unknown error code."
70
  msgstr ""
71
 
72
- #: classes/AlertManager.php:1607 classes/AlertManager.php:1619
73
  msgid "Unknown Site"
74
  msgstr ""
75
 
76
- #: classes/AlertManager.php:1641 classes/AuditLogListView.php:512
77
- #: classes/Views/ToggleAlerts.php:412 classes/Views/ToggleAlerts.php:450
78
  #: defaults.php:390
79
  msgid "System"
80
  msgstr ""
@@ -122,7 +122,7 @@ msgid "Event ID"
122
  msgstr ""
123
 
124
  #: classes/AuditLogListView.php:311 classes/AuditLogListView.php:339
125
- #: classes/Views/Settings.php:1143 classes/Views/ToggleAlerts.php:310
126
  msgid "Severity"
127
  msgstr ""
128
 
@@ -150,16 +150,16 @@ msgstr ""
150
  msgid "Disable this type of events."
151
  msgstr ""
152
 
153
- #: classes/AuditLogListView.php:441 classes/Views/ToggleAlerts.php:486
154
  msgid "Critical"
155
  msgstr ""
156
 
157
- #: classes/AuditLogListView.php:443 classes/Views/ToggleAlerts.php:488
158
  msgid "Warning"
159
  msgstr ""
160
 
161
- #: classes/AuditLogListView.php:445 classes/Views/ToggleAlerts.php:490
162
- #: classes/Views/ToggleAlerts.php:492
163
  msgid "Notification"
164
  msgstr ""
165
 
@@ -193,26 +193,26 @@ msgid "View all details of this change"
193
  msgstr ""
194
 
195
  #: classes/AuditLogListView.php:587 classes/AuditLogListView.php:737
196
- #: classes/Settings.php:1715
197
  msgid "Alert Data Inspector"
198
  msgstr ""
199
 
200
- #: classes/AuditLogListView.php:689 classes/Settings.php:1654
201
  msgid "Download the log file"
202
  msgstr ""
203
 
204
- #: classes/AuditLogListView.php:709 classes/Settings.php:1679
205
  msgid "Download the log file."
206
  msgstr ""
207
 
208
- #: classes/AuditLogListView.php:717 classes/Settings.php:1687
209
- #: classes/Settings.php:1933
210
  msgid "published"
211
  msgstr ""
212
 
213
  #. translators: Mailto link for support.
214
- #: classes/AuditLogListView.php:745 classes/Settings.php:1726
215
- #: classes/Settings.php:1959
216
  #, php-format
217
  msgid "Contact us on %s for assistance"
218
  msgstr ""
@@ -336,25 +336,26 @@ msgstr ""
336
  msgid "Public"
337
  msgstr ""
338
 
339
- #: classes/Sensors/Public.php:136
340
- #, php-format
341
- msgid ""
342
- "A comment was posted in response to the post %1$s. The comment was posted by "
343
- "%2$s"
344
- msgstr ""
345
-
346
- #: classes/Sensors/Public.php:705 classes/Sensors/WooCommerce.php:1908
347
  msgid "In stock"
348
  msgstr ""
349
 
350
- #: classes/Sensors/Public.php:707 classes/Sensors/WooCommerce.php:1910
 
351
  msgid "Out of stock"
352
  msgstr ""
353
 
354
- #: classes/Sensors/Public.php:709 classes/Sensors/WooCommerce.php:1912
 
355
  msgid "On backorder"
356
  msgstr ""
357
 
 
 
 
 
 
358
  #: classes/Sensors/WooCommerce.php:2817
359
  msgid "Visible"
360
  msgstr ""
@@ -363,52 +364,52 @@ msgstr ""
363
  msgid "Non-Visible"
364
  msgstr ""
365
 
366
- #: classes/Settings.php:470
367
  msgid "This function is deprecated"
368
  msgstr ""
369
 
370
- #: classes/Settings.php:1621
371
  msgid "View Order"
372
  msgstr ""
373
 
374
- #: classes/Settings.php:1738 classes/Settings.php:1971
375
  msgid "plugin settings"
376
  msgstr ""
377
 
378
- #: classes/Settings.php:1741 classes/Settings.php:1974
379
  msgid "contact our support"
380
  msgstr ""
381
 
382
- #: classes/Settings.php:2177
383
  msgid "Root directory of WordPress (excluding sub directories)"
384
  msgstr ""
385
 
386
- #: classes/Settings.php:2178
387
  msgid "WP Admin directory (/wp-admin/)"
388
  msgstr ""
389
 
390
- #: classes/Settings.php:2179
391
  msgid "WP Includes directory (/wp-includes/)"
392
  msgstr ""
393
 
394
- #: classes/Settings.php:2180
395
  msgid ""
396
  "/wp-content/ directory (excluding plugins, themes & uploads directories)"
397
  msgstr ""
398
 
399
- #: classes/Settings.php:2181
400
  msgid "Themes directory (/wp-content/themes/)"
401
  msgstr ""
402
 
403
- #: classes/Settings.php:2182
404
  msgid "Plugins directory (/wp-content/plugins/)"
405
  msgstr ""
406
 
407
- #: classes/Settings.php:2183
408
  msgid "Uploads directory (/wp-content/uploads/)"
409
  msgstr ""
410
 
411
- #: classes/Settings.php:2188
412
  msgid ""
413
  "Uploads directory of all sub sites on this network (/wp-content/sites/*)"
414
  msgstr ""
@@ -429,30 +430,31 @@ msgid ""
429
  "the plugin WP Security Audit Log on the website %2$s on %3$s."
430
  msgstr ""
431
 
432
- #: classes/ViewManager.php:262
433
  msgid "Free Premium Trial"
434
  msgstr ""
435
 
436
- #: classes/ViewManager.php:487 classes/Views/Settings.php:255
437
- #: classes/Views/Settings.php:2703 classes/Views/Settings.php:2732
438
- #: classes/Views/SetupWizard.php:66
439
  msgid "Access Denied."
440
  msgstr ""
441
 
442
- #: classes/ViewManager.php:518
443
  msgid "Log count parameter expected."
444
  msgstr ""
445
 
446
- #: classes/ViewManager.php:526 classes/Views/AuditLog.php:651
447
  #: classes/Views/AuditLog.php:728 classes/Views/AuditLog.php:754
448
  #: classes/Views/AuditLog.php:1059 classes/Views/AuditLog.php:1129
449
- #: classes/Views/Licensing.php:90 classes/Views/Settings.php:270
450
- #: classes/Views/Settings.php:2272 classes/Views/Settings.php:2300
451
- #: classes/Views/Settings.php:2330 classes/Views/Settings.php:2369
452
- #: classes/Views/Settings.php:2371 classes/Views/Settings.php:2373
453
- #: classes/Views/Settings.php:2488 classes/Views/Settings.php:2490
454
- #: classes/Views/Settings.php:2492 classes/Views/Settings.php:2586
455
- #: classes/Views/Settings.php:2679 classes/Views/SetupWizard.php:81
 
456
  msgid "Nonce verification failed."
457
  msgstr ""
458
 
@@ -544,7 +546,7 @@ msgid "Audit Log Viewer"
544
  msgstr ""
545
 
546
  #: classes/Views/AuditLog.php:378 classes/Views/Licensing.php:82
547
- #: classes/Views/Settings.php:361 classes/Views/ToggleAlerts.php:127
548
  msgid "You do not have sufficient permissions to access this page."
549
  msgstr ""
550
 
@@ -554,23 +556,27 @@ msgid ""
554
  "wizard to configure the basic plugin settings?"
555
  msgstr ""
556
 
557
- #: classes/Views/AuditLog.php:427 classes/Views/Settings.php:564
 
558
  #: classes/Views/Settings.php:591 classes/Views/Settings.php:657
559
  #: classes/Views/Settings.php:715 classes/Views/Settings.php:1176
560
  #: classes/Views/Settings.php:1241 classes/Views/Settings.php:2006
561
  #: classes/Views/Settings.php:2067 classes/Views/Settings.php:2095
562
  #: classes/Views/Settings.php:2116 classes/Views/Settings.php:2126
563
- #: classes/Views/SetupWizard.php:527
 
564
  msgid "Yes"
565
  msgstr ""
566
 
567
- #: classes/Views/AuditLog.php:428 classes/Views/Settings.php:569
 
568
  #: classes/Views/Settings.php:596 classes/Views/Settings.php:687
569
  #: classes/Views/Settings.php:725 classes/Views/Settings.php:1181
570
  #: classes/Views/Settings.php:1248 classes/Views/Settings.php:2011
571
  #: classes/Views/Settings.php:2074 classes/Views/Settings.php:2102
572
  #: classes/Views/Settings.php:2117 classes/Views/Settings.php:2127
573
- #: classes/Views/SetupWizard.php:522
 
574
  msgid "No"
575
  msgstr ""
576
 
@@ -758,6 +764,107 @@ msgid ""
758
  "third party services."
759
  msgstr ""
760
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
761
  #: classes/Views/Help.php:62 classes/Views/Help.php:104
762
  #: classes/Views/Help.php:118
763
  msgid "Help"
@@ -887,12 +994,12 @@ msgid "Licensing"
887
  msgstr ""
888
 
889
  #: classes/Views/Licensing.php:96 classes/Views/Settings.php:377
890
- #: classes/Views/ToggleAlerts.php:144
891
  msgid "Settings have been saved."
892
  msgstr ""
893
 
894
  #: classes/Views/Licensing.php:101 classes/Views/Settings.php:383
895
- #: classes/Views/ToggleAlerts.php:150
896
  msgid "Error: "
897
  msgstr ""
898
 
@@ -1084,7 +1191,7 @@ msgstr ""
1084
  msgid "File Integrity Scan"
1085
  msgstr ""
1086
 
1087
- #: classes/Views/Settings.php:117 classes/Views/SetupWizard.php:148
1088
  msgid "Exclude Objects"
1089
  msgstr ""
1090
 
@@ -1097,7 +1204,7 @@ msgid "Advanced Settings"
1097
  msgstr ""
1098
 
1099
  #: classes/Views/Settings.php:179 classes/Views/Settings.php:193
1100
- #: classes/Views/ToggleAlerts.php:424 classes/Views/ToggleAlerts.php:452
1101
  msgid "Settings"
1102
  msgstr ""
1103
 
@@ -1237,7 +1344,7 @@ msgstr ""
1237
  msgid "Login Page Notification"
1238
  msgstr ""
1239
 
1240
- #: classes/Views/Settings.php:663 wp-security-audit-log.php:1844
1241
  msgid ""
1242
  "For security and auditing purposes, a record of all of your logged-in "
1243
  "actions and changes within the WordPress dashboard will be recorded in an "
@@ -1937,9 +2044,9 @@ msgid "REMOVE"
1937
  msgstr ""
1938
 
1939
  #: classes/Views/Settings.php:1521 classes/Views/Settings.php:1557
1940
- #: classes/Views/Settings.php:1587 classes/Views/SetupWizard.php:536
1941
- #: classes/Views/SetupWizard.php:544 classes/Views/SetupWizard.php:629
1942
- #: classes/Views/SetupWizard.php:648 classes/Views/SetupWizard.php:667
1943
  msgid "ADD"
1944
  msgstr ""
1945
 
@@ -2304,110 +2411,83 @@ msgstr ""
2304
  msgid "Nonce Verification Failed."
2305
  msgstr ""
2306
 
2307
- #: classes/Views/SetupWizard.php:129
2308
- msgid "Welcome"
2309
- msgstr ""
2310
-
2311
  #: classes/Views/SetupWizard.php:133
2312
  msgid "Log Details"
2313
  msgstr ""
2314
 
2315
- #: classes/Views/SetupWizard.php:138
2316
  msgid "Log Retention"
2317
  msgstr ""
2318
 
2319
- #: classes/Views/SetupWizard.php:143
2320
  msgid "Access"
2321
  msgstr ""
2322
 
2323
- #: classes/Views/SetupWizard.php:153 classes/Views/SetupWizard.php:758
2324
- #: classes/Views/SetupWizard.php:759
2325
- msgid "Finish"
2326
- msgstr ""
2327
-
2328
- #: classes/Views/SetupWizard.php:197
2329
  msgid "Specified value in not a user."
2330
  msgstr ""
2331
 
2332
- #: classes/Views/SetupWizard.php:198
2333
  msgid "Specified value in not a role."
2334
  msgstr ""
2335
 
2336
- #: classes/Views/SetupWizard.php:199
2337
  msgid "Specified value in not an IP address."
2338
  msgstr ""
2339
 
2340
- #: classes/Views/SetupWizard.php:229
2341
- msgid "WP Security Audit Log &rsaquo; Setup Wizard"
2342
- msgstr ""
2343
-
2344
- #: classes/Views/SetupWizard.php:246
2345
- msgid "Close Wizard"
2346
- msgstr ""
2347
-
2348
- #: classes/Views/SetupWizard.php:326
2349
  msgid ""
2350
  "This wizard helps you configure the basic plugin settings. All these "
2351
  "settings can be changed at a later stage from the plugin settings."
2352
  msgstr ""
2353
 
2354
- #: classes/Views/SetupWizard.php:331
2355
  msgid "Start Configuring the Plugin"
2356
  msgstr ""
2357
 
2358
- #: classes/Views/SetupWizard.php:335
2359
- msgid "Exit Wizard"
2360
- msgstr ""
2361
-
2362
- #: classes/Views/SetupWizard.php:349
2363
  msgid "Please select the level of detail for your WordPress activity logs:"
2364
  msgstr ""
2365
 
2366
- #: classes/Views/SetupWizard.php:354
2367
  msgid ""
2368
  "Basic (I want a high level overview and I am not interested in the detail)"
2369
  msgstr ""
2370
 
2371
- #: classes/Views/SetupWizard.php:359
2372
  msgid "Geek (I want to know everything that is happening on my WordPress)"
2373
  msgstr ""
2374
 
2375
- #: classes/Views/SetupWizard.php:362
2376
  msgid ""
2377
  "Note: You can change the WordPress logging level from the plugin’s settings "
2378
  "anytime."
2379
  msgstr ""
2380
 
2381
- #: classes/Views/SetupWizard.php:370 classes/Views/SetupWizard.php:371
2382
- #: classes/Views/SetupWizard.php:436 classes/Views/SetupWizard.php:437
2383
- #: classes/Views/SetupWizard.php:569 classes/Views/SetupWizard.php:570
2384
- #: classes/Views/SetupWizard.php:689 classes/Views/SetupWizard.php:690
2385
- msgid "Next"
2386
  msgstr ""
2387
 
2388
- #: classes/Views/SetupWizard.php:410
2389
  msgid "How long do you want to keep the data in the WordPress activity Log?"
2390
  msgstr ""
2391
 
2392
- #: classes/Views/SetupWizard.php:415
2393
  msgid "6 months (data older than 6 months will be deleted)"
2394
  msgstr ""
2395
 
2396
- #: classes/Views/SetupWizard.php:420
2397
  msgid "12 months (data older than 12 months will be deleted)"
2398
  msgstr ""
2399
 
2400
- #: classes/Views/SetupWizard.php:425
2401
  msgid "Keep all data."
2402
  msgstr ""
2403
 
2404
- #: classes/Views/SetupWizard.php:428
2405
- msgid ""
2406
- "Note: You can change the WordPress activity log retention settings at any "
2407
- "time from the plugin settings later on."
2408
- msgstr ""
2409
-
2410
- #: classes/Views/SetupWizard.php:446
2411
  msgid ""
2412
  "The plugin stores the data in the WordPress database in a very efficient "
2413
  "way, though the more data you keep the more hard disk space it will consume. "
@@ -2417,7 +2497,7 @@ msgid ""
2417
  "activity log in an external database."
2418
  msgstr ""
2419
 
2420
- #: classes/Views/SetupWizard.php:450
2421
  msgid ""
2422
  "The plugin stores the data in the WordPress database in a very efficient "
2423
  "way, though the more data you keep the more hard disk space it will consume. "
@@ -2425,34 +2505,34 @@ msgid ""
2425
  "WordPress activity log in an external database or enable archiving."
2426
  msgstr ""
2427
 
2428
- #: classes/Views/SetupWizard.php:517
2429
  msgid ""
2430
  "By default only the users with administrator role can access the WordPress "
2431
  "activity log. Would you like to allow any other user or users with a role to "
2432
  "access the WordPress activity log?"
2433
  msgstr ""
2434
 
2435
- #: classes/Views/SetupWizard.php:533 classes/Views/SetupWizard.php:626
2436
  msgid "Usernames: "
2437
  msgstr ""
2438
 
2439
- #: classes/Views/SetupWizard.php:541 classes/Views/SetupWizard.php:645
2440
  msgid "Roles: "
2441
  msgstr ""
2442
 
2443
- #: classes/Views/SetupWizard.php:562
2444
  msgid ""
2445
  "Note: you can change the WordPress activity log privileges settings at any "
2446
  "time from the plugin settings."
2447
  msgstr ""
2448
 
2449
- #: classes/Views/SetupWizard.php:576
2450
  msgid ""
2451
  "The WordPress activity log contains sensitive data such as who logged in, "
2452
  "from where, when, and what they did."
2453
  msgstr ""
2454
 
2455
- #: classes/Views/SetupWizard.php:621
2456
  msgid ""
2457
  "The plugin will keep a log of everything that happens on your WordPress "
2458
  "website. If you would like to exclude a particular user, users with a role "
@@ -2460,43 +2540,43 @@ msgid ""
2460
  "button."
2461
  msgstr ""
2462
 
2463
- #: classes/Views/SetupWizard.php:664
2464
  msgid "IP Address: "
2465
  msgstr ""
2466
 
2467
- #: classes/Views/SetupWizard.php:682
2468
  msgid "Note: You can change these exclusions anytime from the plugin settings."
2469
  msgstr ""
2470
 
2471
- #: classes/Views/SetupWizard.php:696
2472
  msgid ""
2473
  "The WordPress activity log contains sensitive data such as who logged in, "
2474
  "from where, when and what they did."
2475
  msgstr ""
2476
 
2477
- #: classes/Views/SetupWizard.php:729
2478
  msgid ""
2479
  "Your plugin is all set and it is ready to start keeping a record of "
2480
  "everything that is happening on your WordPress in a WordPress activity log."
2481
  msgstr ""
2482
 
2483
- #: classes/Views/SetupWizard.php:730
2484
  msgid "Below are a few useful links you might need to refer to:"
2485
  msgstr ""
2486
 
2487
- #: classes/Views/SetupWizard.php:735
2488
  msgid "Getting started with the WP Security Audit Log plugin"
2489
  msgstr ""
2490
 
2491
- #: classes/Views/SetupWizard.php:740
2492
  msgid "Knowledge Base & Support Documents"
2493
  msgstr ""
2494
 
2495
- #: classes/Views/SetupWizard.php:745
2496
  msgid "Benefits of keeping a WordPress activity log"
2497
  msgstr ""
2498
 
2499
- #: classes/Views/SetupWizard.php:750
2500
  msgid ""
2501
  "We trust this plugin meets all your activity log requirements. Should you "
2502
  "encounter any problems, have feature requests or would like to share some "
@@ -2508,23 +2588,23 @@ msgstr ""
2508
  msgid "Enable/Disable Events"
2509
  msgstr ""
2510
 
2511
- #: classes/Views/ToggleAlerts.php:184
2512
  msgid "Log Level: "
2513
  msgstr ""
2514
 
2515
- #: classes/Views/ToggleAlerts.php:189
2516
  msgid "Basic"
2517
  msgstr ""
2518
 
2519
- #: classes/Views/ToggleAlerts.php:194
2520
  msgid "Geek"
2521
  msgstr ""
2522
 
2523
- #: classes/Views/ToggleAlerts.php:197
2524
  msgid "Custom"
2525
  msgstr ""
2526
 
2527
- #: classes/Views/ToggleAlerts.php:201
2528
  msgid ""
2529
  "Use the Log level drop down menu above to use one of our preset log levels. "
2530
  "Alternatively you can enable or disable any of the individual events from "
@@ -2534,228 +2614,219 @@ msgid ""
2534
  "on all the events the plugin can keep a log of."
2535
  msgstr ""
2536
 
2537
- #: classes/Views/ToggleAlerts.php:209 defaults.php:485
2538
  msgid "Third Party Plugins"
2539
  msgstr ""
2540
 
2541
- #: classes/Views/ToggleAlerts.php:212
2542
- msgid "Visitor Events"
2543
  msgstr ""
2544
 
2545
- #: classes/Views/ToggleAlerts.php:264 classes/Views/ToggleAlerts.php:271
2546
- #: classes/Views/ToggleAlerts.php:321 defaults.php:489
2547
  msgid "BBPress Forum"
2548
  msgstr ""
2549
 
2550
- #: classes/Views/ToggleAlerts.php:265 classes/Views/ToggleAlerts.php:278
2551
- #: classes/Views/ToggleAlerts.php:334 defaults.php:564
2552
  msgid "WooCommerce"
2553
  msgstr ""
2554
 
2555
- #: classes/Views/ToggleAlerts.php:266 classes/Views/ToggleAlerts.php:279
2556
- #: classes/Views/ToggleAlerts.php:334 classes/Views/ToggleAlerts.php:342
2557
  #: defaults.php:519
2558
  msgid "WooCommerce Products"
2559
  msgstr ""
2560
 
2561
- #: classes/Views/ToggleAlerts.php:267 classes/Views/ToggleAlerts.php:286
2562
- #: classes/Views/ToggleAlerts.php:349 defaults.php:616
2563
  msgid "Yoast SEO"
2564
  msgstr ""
2565
 
2566
- #: classes/Views/ToggleAlerts.php:268 classes/Views/ToggleAlerts.php:293
2567
- #: classes/Views/ToggleAlerts.php:362 defaults.php:467
2568
  msgid "MultiSite"
2569
  msgstr ""
2570
 
2571
- #: classes/Views/ToggleAlerts.php:309
2572
  msgid "Code"
2573
  msgstr ""
2574
 
2575
- #: classes/Views/ToggleAlerts.php:311 classes/WidgetManager.php:83
2576
  msgid "Description"
2577
  msgstr ""
2578
 
2579
- #: classes/Views/ToggleAlerts.php:314 classes/Views/ToggleAlerts.php:478
2580
- #: classes/Views/ToggleAlerts.php:606
2581
  msgid "File Changes"
2582
  msgstr ""
2583
 
2584
- #: classes/Views/ToggleAlerts.php:315 defaults.php:197
2585
  msgid "Content"
2586
  msgstr ""
2587
 
2588
- #: classes/Views/ToggleAlerts.php:318
2589
  msgid ""
2590
  "<strong>Note:</strong> Post refers to any type of content, i.e. blog post, "
2591
  "page or a post with a custom post type."
2592
  msgstr ""
2593
 
2594
- #: classes/Views/ToggleAlerts.php:325
2595
  msgid ""
2596
  "The plugin BBPress is not installed on your website so these events have "
2597
  "been disabled."
2598
  msgstr ""
2599
 
2600
- #: classes/Views/ToggleAlerts.php:331
2601
  msgid "Forums"
2602
  msgstr ""
2603
 
2604
- #: classes/Views/ToggleAlerts.php:338
2605
  msgid ""
2606
  "The plugin WooCommerce is not installed on your website so these events have "
2607
  "been disabled."
2608
  msgstr ""
2609
 
2610
- #: classes/Views/ToggleAlerts.php:345
2611
  msgid "Products"
2612
  msgstr ""
2613
 
2614
- #: classes/Views/ToggleAlerts.php:353
2615
  msgid ""
2616
  "The plugin Yoast SEO is not installed on your website so these events have "
2617
  "been disabled."
2618
  msgstr ""
2619
 
2620
- #: classes/Views/ToggleAlerts.php:359
2621
  msgid "Post Changes"
2622
  msgstr ""
2623
 
2624
- #: classes/Views/ToggleAlerts.php:366
2625
  msgid ""
2626
  "Your website is a single site so the multisite events have been disabled."
2627
  msgstr ""
2628
 
2629
- #: classes/Views/ToggleAlerts.php:372 defaults.php:171
2630
  msgid "User Profiles"
2631
  msgstr ""
2632
 
2633
- #: classes/Views/ToggleAlerts.php:375 defaults.php:152
2634
  msgid "Other User Activity"
2635
  msgstr ""
2636
 
2637
- #: classes/Views/ToggleAlerts.php:378
2638
  msgid "Logins & Logouts"
2639
  msgstr ""
2640
 
2641
- #: classes/Views/ToggleAlerts.php:395
2642
  msgid "Not Implemented"
2643
  msgstr ""
2644
 
2645
- #: classes/Views/ToggleAlerts.php:398
2646
  msgid "Not Available"
2647
  msgstr ""
2648
 
2649
- #: classes/Views/ToggleAlerts.php:408
2650
  msgid "User Sessions"
2651
  msgstr ""
2652
 
2653
- #: classes/Views/ToggleAlerts.php:410
2654
  msgid "Files"
2655
  msgstr ""
2656
 
2657
- #: classes/Views/ToggleAlerts.php:414
2658
  msgid "Post Settings"
2659
  msgstr ""
2660
 
2661
- #: classes/Views/ToggleAlerts.php:416
2662
  msgid "Tags"
2663
  msgstr ""
2664
 
2665
- #: classes/Views/ToggleAlerts.php:418 classes/Views/ToggleAlerts.php:436
2666
  msgid "Categories"
2667
  msgstr ""
2668
 
2669
- #: classes/Views/ToggleAlerts.php:420
2670
  msgid "Custom Fields"
2671
  msgstr ""
2672
 
2673
- #: classes/Views/ToggleAlerts.php:422
2674
  msgid "Sites"
2675
  msgstr ""
2676
 
2677
- #: classes/Views/ToggleAlerts.php:426
2678
  msgid "Topics"
2679
  msgstr ""
2680
 
2681
- #: classes/Views/ToggleAlerts.php:428 classes/Views/ToggleAlerts.php:444
2682
  msgid "User Profile"
2683
  msgstr ""
2684
 
2685
- #: classes/Views/ToggleAlerts.php:430
2686
  msgid "Product Admin"
2687
  msgstr ""
2688
 
2689
- #: classes/Views/ToggleAlerts.php:432
2690
  msgid "Product Attribute"
2691
  msgstr ""
2692
 
2693
- #: classes/Views/ToggleAlerts.php:434
2694
  msgid "Store Admin"
2695
  msgstr ""
2696
 
2697
- #: classes/Views/ToggleAlerts.php:438
2698
  msgid "Attributes"
2699
  msgstr ""
2700
 
2701
- #: classes/Views/ToggleAlerts.php:440
2702
  msgid "Coupons"
2703
  msgstr ""
2704
 
2705
- #: classes/Views/ToggleAlerts.php:442
2706
  msgid "Orders"
2707
  msgstr ""
2708
 
2709
- #: classes/Views/ToggleAlerts.php:446
2710
  msgid "Website Changes"
2711
  msgstr ""
2712
 
2713
- #: classes/Views/ToggleAlerts.php:448
2714
  msgid "Plugin Settings"
2715
  msgstr ""
2716
 
2717
- #: classes/Views/ToggleAlerts.php:454
2718
  msgid "File Changes Scanning"
2719
  msgstr ""
2720
 
2721
- #: classes/Views/ToggleAlerts.php:510 classes/Views/ToggleAlerts.php:543
2722
  msgid ""
2723
  "Capture 404 requests to file (the log file are created in the /wp-content/"
2724
  "uploads/wp-security-audit-log/404s/ directory)"
2725
  msgstr ""
2726
 
2727
- #: classes/Views/ToggleAlerts.php:518 classes/Views/ToggleAlerts.php:551
2728
  msgid "Purge log files older than one month"
2729
  msgstr ""
2730
 
2731
- #: classes/Views/ToggleAlerts.php:523
2732
  msgid ""
2733
  "Number of 404 Requests to Log. By default the plugin keeps up to 99 requests "
2734
  "to non-existing pages from the same IP address. Increase the value in this "
2735
  "setting to the desired amount to keep a log of more or less requests."
2736
  msgstr ""
2737
 
2738
- #: classes/Views/ToggleAlerts.php:528 classes/Views/ToggleAlerts.php:561
2739
  msgid "Record the referrer that generated the 404 error."
2740
  msgstr ""
2741
 
2742
- #: classes/Views/ToggleAlerts.php:556
2743
- msgid ""
2744
- "Number of 404 Requests to Log. By default the plugin keeps up to 99 requests "
2745
- "to non-existing pages from the same IP address. Increase the value in this "
2746
- "setting to the desired amount to keep a log of more or less requests. Note "
2747
- "that by increasing this value to a high number, should your website be "
2748
- "scanned the plugin will consume more resources to log all the requests."
2749
- msgstr ""
2750
-
2751
- #: classes/Views/ToggleAlerts.php:573 classes/Views/ToggleAlerts.php:586
2752
  msgid ""
2753
  "Number of login attempts to log. Enter 0 to log all failed login attempts. "
2754
  "(By default the plugin only logs up to 10 failed login because the process "
2755
  "can be very resource intensive in case of a brute force attack)"
2756
  msgstr ""
2757
 
2758
- #: classes/Views/ToggleAlerts.php:599
2759
  msgid ""
2760
  "Log all stock changes. Disable this setting to only keep a log of stock "
2761
  "changes done manually via the WooCommerce dashboard. Therefore automated "
@@ -2763,64 +2834,102 @@ msgid ""
2763
  "plugins will not be logged."
2764
  msgstr ""
2765
 
2766
- #: classes/Views/ToggleAlerts.php:621
2767
  msgid "Configure the file integrity scan settings."
2768
  msgstr ""
2769
 
2770
- #: classes/Views/ToggleAlerts.php:636
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2771
  msgid ""
2772
- "The plugin also keeps a log of some events that website visitors (non-logged "
2773
- "in users) do because it is typically required by site admins. You can "
2774
- "disable these events from here:"
2775
  msgstr ""
2776
 
2777
- #: classes/Views/ToggleAlerts.php:638
2778
- msgid "Enable website visitors events"
 
 
 
 
 
2779
  msgstr ""
2780
 
2781
- #: classes/Views/ToggleAlerts.php:644
2782
- msgid "Enable"
2783
  msgstr ""
2784
 
2785
- #: classes/Views/ToggleAlerts.php:649
2786
  msgid ""
2787
- "Below is the list of the events which are disabled when the above option is "
2788
- "disabled:"
 
2789
  msgstr ""
2790
 
2791
- #: classes/Views/ToggleAlerts.php:664
2792
  msgid "Save Changes"
2793
  msgstr ""
2794
 
2795
- #: classes/Views/ToggleAlerts.php:671
2796
  msgid "Log Level Updated"
2797
  msgstr ""
2798
 
2799
  #. translators: Alerts log level.
2800
- #: classes/Views/ToggleAlerts.php:675
2801
  #, php-format
2802
  msgid "The %s log level has been successfully loaded and applied."
2803
  msgstr ""
2804
 
2805
- #: classes/Views/ToggleAlerts.php:679
2806
  msgid "OK"
2807
  msgstr ""
2808
 
2809
- #: classes/Views/ToggleAlerts.php:694
2810
  msgid "Enable File Integrity Scanner"
2811
  msgstr ""
2812
 
2813
- #: classes/Views/ToggleAlerts.php:696
2814
  msgid ""
2815
  "The file integrity scanner is switched off. To enable this event it has to "
2816
  "be switched on."
2817
  msgstr ""
2818
 
2819
- #: classes/Views/ToggleAlerts.php:700
2820
  msgid "SWITCH ON"
2821
  msgstr ""
2822
 
2823
- #: classes/Views/ToggleAlerts.php:701
2824
  msgid "DISABLE EVENT"
2825
  msgstr ""
2826
 
@@ -6263,27 +6372,27 @@ msgid "%Status% the advanced settings for authors in the Yoast SEO settings."
6263
  msgstr ""
6264
 
6265
  #. translators: Username
6266
- #: wp-security-audit-log.php:715 wp-security-audit-log.php:742
6267
  #, php-format
6268
  msgid "Hey %1$s"
6269
  msgstr ""
6270
 
6271
- #: wp-security-audit-log.php:716
6272
  msgid ""
6273
  "Never miss an important update! Opt-in to our security and feature updates "
6274
  "notifications, and non-sensitive diagnostic tracking with freemius.com."
6275
  msgstr ""
6276
 
6277
- #: wp-security-audit-log.php:717 wp-security-audit-log.php:745
6278
  msgid "Note: "
6279
  msgstr ""
6280
 
6281
- #: wp-security-audit-log.php:718 wp-security-audit-log.php:746
6282
  msgid "NO AUDIT LOG ACTIVITY & DATA IS SENT BACK TO OUR SERVERS."
6283
  msgstr ""
6284
 
6285
  #. translators: 1: Plugin name. 2: Freemius link.
6286
- #: wp-security-audit-log.php:744
6287
  #, php-format
6288
  msgid ""
6289
  "Please help us improve %2$s! If you opt-in, some non-sensitive data about "
@@ -6292,7 +6401,7 @@ msgid ""
6292
  msgstr ""
6293
 
6294
  #. translators: Plugin name
6295
- #: wp-security-audit-log.php:766
6296
  #, php-format
6297
  msgid ""
6298
  "Get a free 7-day trial of the premium edition of %s. No credit card "
@@ -6300,124 +6409,150 @@ msgid ""
6300
  msgstr ""
6301
 
6302
  #. Plugin Name of the plugin/theme
6303
- #: wp-security-audit-log.php:767
6304
  msgid "WP Security Audit Log"
6305
  msgstr ""
6306
 
6307
- #: wp-security-audit-log.php:771
6308
  msgid "Start free trial"
6309
  msgstr ""
6310
 
6311
- #: wp-security-audit-log.php:838
6312
  #, php-format
6313
  msgid ""
6314
  "The license is limited to %s sub-sites. You need to upgrade your license to "
6315
  "cover all the sub-sites on this network."
6316
  msgstr ""
6317
 
6318
- #: wp-security-audit-log.php:936
6319
  msgid ""
6320
  "Error: You do not have sufficient permissions to disable this custom field."
6321
  msgstr ""
6322
 
6323
- #: wp-security-audit-log.php:972
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
6324
  msgid "Error: You do not have sufficient permissions to disable this alert."
6325
  msgstr ""
6326
 
6327
- #: wp-security-audit-log.php:1093
 
 
 
 
 
 
 
 
 
 
 
6328
  #, php-format
6329
  msgid ""
6330
  "You are using a version of PHP that is older than %s, which is no longer "
6331
  "supported."
6332
  msgstr ""
6333
 
6334
- #: wp-security-audit-log.php:1095
6335
  msgid ""
6336
  "Contact us on <a href=\"mailto:plugins@wpwhitesecurity.com"
6337
  "\">plugins@wpwhitesecurity.com</a> to help you switch the version of PHP you "
6338
  "are using."
6339
  msgstr ""
6340
 
6341
- #: wp-security-audit-log.php:1097
6342
  msgid ""
6343
  "The WP Security Audit Log plugin is a multisite network tool, so it has to "
6344
  "be activated at network level."
6345
  msgstr ""
6346
 
6347
- #: wp-security-audit-log.php:1099
6348
  msgid "Redirect me to the network dashboard"
6349
  msgstr ""
6350
 
6351
- #: wp-security-audit-log.php:1104
6352
  #, php-format
6353
  msgid "Please install the %s plugin on the MainWP dashboard."
6354
  msgstr ""
6355
 
6356
- #: wp-security-audit-log.php:1104
6357
  msgid "Activity Log for MainWP"
6358
  msgstr ""
6359
 
6360
- #: wp-security-audit-log.php:1106
6361
  #, php-format
6362
  msgid ""
6363
  "The WP Security Audit Log should be installed on the child sites only. Refer "
6364
  "to the %s for more information."
6365
  msgstr ""
6366
 
6367
- #: wp-security-audit-log.php:1106
6368
  msgid "getting started guide"
6369
  msgstr ""
6370
 
6371
- #: wp-security-audit-log.php:1199
6372
  msgid ""
6373
  "This plugin uses 3 tables in the WordPress database to store the activity "
6374
  "log and settings. It seems that these tables were not created."
6375
  msgstr ""
6376
 
6377
- #: wp-security-audit-log.php:1201
6378
  msgid ""
6379
  "This could happen because the database user does not have the right "
6380
  "privileges to create the tables in the database. We recommend you to update "
6381
  "the privileges and try enabling the plugin again."
6382
  msgstr ""
6383
 
6384
- #: wp-security-audit-log.php:1203
6385
  #, php-format
6386
  msgid ""
6387
  "If after doing so you still have issues, please send us an email on %s for "
6388
  "assistance."
6389
  msgstr ""
6390
 
6391
- #: wp-security-audit-log.php:1203
6392
  msgid "support@wpsecurityauditlog.com"
6393
  msgstr ""
6394
 
6395
- #: wp-security-audit-log.php:1863
6396
  msgid "Every 6 hours"
6397
  msgstr ""
6398
 
6399
- #: wp-security-audit-log.php:1867
6400
  msgid "Every 45 minutes"
6401
  msgstr ""
6402
 
6403
- #: wp-security-audit-log.php:1871
6404
  msgid "Every 30 minutes"
6405
  msgstr ""
6406
 
6407
- #: wp-security-audit-log.php:1875
6408
  msgid "Every 15 minutes"
6409
  msgstr ""
6410
 
6411
- #: wp-security-audit-log.php:1879
6412
  msgid "Every 10 minutes"
6413
  msgstr ""
6414
 
6415
- #: wp-security-audit-log.php:1883
6416
  msgid "Every 1 minute"
6417
  msgstr ""
6418
 
6419
  #. translators: 1. Deprecated method name 2. Version since deprecated
6420
- #: wp-security-audit-log.php:1897
6421
  #, php-format
6422
  msgid "Method %1$s is deprecated since version %2$s!"
6423
  msgstr ""
3
  msgstr ""
4
  "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
5
  "Project-Id-Version: WP Security Audit Log\n"
6
+ "POT-Creation-Date: 2019-09-12 10:47+0200\n"
7
+ "PO-Revision-Date: 2019-09-12 10:47+0200\n"
8
  "Last-Translator: \n"
9
  "Language-Team: \n"
10
  "MIME-Version: 1.0\n"
22
  "X-Poedit-SearchPathExcluded-0: *.min.js\n"
23
 
24
  #. translators: Event ID
25
+ #: classes/AlertManager.php:340
26
  #, php-format
27
  msgid "Event with code %d has not be registered."
28
  msgstr ""
29
 
30
+ #: classes/AlertManager.php:395
31
  #, php-format
32
  msgid "Event %s already registered with WP Security Audit Log."
33
  msgstr ""
34
 
35
+ #: classes/AlertManager.php:430
36
  msgid ""
37
  "You have custom events that are using the same ID or IDs which are already "
38
  "registered in the plugin, so they have been disabled."
39
  msgstr ""
40
 
41
+ #: classes/AlertManager.php:433
42
  #, php-format
43
  msgid "%4$s to help you solve this issue."
44
  msgstr ""
45
 
46
+ #: classes/AlertManager.php:435
47
  msgid "ERROR:"
48
  msgstr ""
49
 
50
+ #: classes/AlertManager.php:437
51
  msgid "Contact us"
52
  msgstr ""
53
 
54
+ #: classes/AlertManager.php:1216 classes/Views/ToggleAlerts.php:239
55
+ #: classes/Views/ToggleAlerts.php:271 defaults.php:306
56
  msgid "Pages"
57
  msgstr ""
58
 
59
+ #: classes/AlertManager.php:1216 classes/Views/ToggleAlerts.php:239
60
+ #: classes/Views/ToggleAlerts.php:271 defaults.php:266
61
  msgid "Custom Post Types"
62
  msgstr ""
63
 
64
+ #: classes/AlertManager.php:1538
65
  msgid "System Activity"
66
  msgstr ""
67
 
68
+ #: classes/AlertManager.php:1598 classes/AuditLogListView.php:437
69
  msgid "Unknown error code."
70
  msgstr ""
71
 
72
+ #: classes/AlertManager.php:1605 classes/AlertManager.php:1617
73
  msgid "Unknown Site"
74
  msgstr ""
75
 
76
+ #: classes/AlertManager.php:1639 classes/AuditLogListView.php:512
77
+ #: classes/Views/ToggleAlerts.php:424 classes/Views/ToggleAlerts.php:462
78
  #: defaults.php:390
79
  msgid "System"
80
  msgstr ""
122
  msgstr ""
123
 
124
  #: classes/AuditLogListView.php:311 classes/AuditLogListView.php:339
125
+ #: classes/Views/Settings.php:1143 classes/Views/ToggleAlerts.php:320
126
  msgid "Severity"
127
  msgstr ""
128
 
150
  msgid "Disable this type of events."
151
  msgstr ""
152
 
153
+ #: classes/AuditLogListView.php:441 classes/Views/ToggleAlerts.php:496
154
  msgid "Critical"
155
  msgstr ""
156
 
157
+ #: classes/AuditLogListView.php:443 classes/Views/ToggleAlerts.php:498
158
  msgid "Warning"
159
  msgstr ""
160
 
161
+ #: classes/AuditLogListView.php:445 classes/Views/ToggleAlerts.php:500
162
+ #: classes/Views/ToggleAlerts.php:502
163
  msgid "Notification"
164
  msgstr ""
165
 
193
  msgstr ""
194
 
195
  #: classes/AuditLogListView.php:587 classes/AuditLogListView.php:737
196
+ #: classes/Settings.php:1714
197
  msgid "Alert Data Inspector"
198
  msgstr ""
199
 
200
+ #: classes/AuditLogListView.php:689 classes/Settings.php:1653
201
  msgid "Download the log file"
202
  msgstr ""
203
 
204
+ #: classes/AuditLogListView.php:709 classes/Settings.php:1678
205
  msgid "Download the log file."
206
  msgstr ""
207
 
208
+ #: classes/AuditLogListView.php:717 classes/Settings.php:1686
209
+ #: classes/Settings.php:1932
210
  msgid "published"
211
  msgstr ""
212
 
213
  #. translators: Mailto link for support.
214
+ #: classes/AuditLogListView.php:745 classes/Settings.php:1725
215
+ #: classes/Settings.php:1958
216
  #, php-format
217
  msgid "Contact us on %s for assistance"
218
  msgstr ""
336
  msgid "Public"
337
  msgstr ""
338
 
339
+ #: classes/Sensors/FrontendWooCommerce.php:202 classes/Sensors/Public.php:466
340
+ #: classes/Sensors/WooCommerce.php:1908
 
 
 
 
 
 
341
  msgid "In stock"
342
  msgstr ""
343
 
344
+ #: classes/Sensors/FrontendWooCommerce.php:204 classes/Sensors/Public.php:468
345
+ #: classes/Sensors/WooCommerce.php:1910
346
  msgid "Out of stock"
347
  msgstr ""
348
 
349
+ #: classes/Sensors/FrontendWooCommerce.php:206 classes/Sensors/Public.php:470
350
+ #: classes/Sensors/WooCommerce.php:1912
351
  msgid "On backorder"
352
  msgstr ""
353
 
354
+ #: classes/Sensors/Public.php:134
355
+ #, php-format
356
+ msgid "Posted a comment in response to the post %s"
357
+ msgstr ""
358
+
359
  #: classes/Sensors/WooCommerce.php:2817
360
  msgid "Visible"
361
  msgstr ""
364
  msgid "Non-Visible"
365
  msgstr ""
366
 
367
+ #: classes/Settings.php:469
368
  msgid "This function is deprecated"
369
  msgstr ""
370
 
371
+ #: classes/Settings.php:1620
372
  msgid "View Order"
373
  msgstr ""
374
 
375
+ #: classes/Settings.php:1737 classes/Settings.php:1970
376
  msgid "plugin settings"
377
  msgstr ""
378
 
379
+ #: classes/Settings.php:1740 classes/Settings.php:1973
380
  msgid "contact our support"
381
  msgstr ""
382
 
383
+ #: classes/Settings.php:2176
384
  msgid "Root directory of WordPress (excluding sub directories)"
385
  msgstr ""
386
 
387
+ #: classes/Settings.php:2177
388
  msgid "WP Admin directory (/wp-admin/)"
389
  msgstr ""
390
 
391
+ #: classes/Settings.php:2178
392
  msgid "WP Includes directory (/wp-includes/)"
393
  msgstr ""
394
 
395
+ #: classes/Settings.php:2179
396
  msgid ""
397
  "/wp-content/ directory (excluding plugins, themes & uploads directories)"
398
  msgstr ""
399
 
400
+ #: classes/Settings.php:2180
401
  msgid "Themes directory (/wp-content/themes/)"
402
  msgstr ""
403
 
404
+ #: classes/Settings.php:2181
405
  msgid "Plugins directory (/wp-content/plugins/)"
406
  msgstr ""
407
 
408
+ #: classes/Settings.php:2182
409
  msgid "Uploads directory (/wp-content/uploads/)"
410
  msgstr ""
411
 
412
+ #: classes/Settings.php:2187
413
  msgid ""
414
  "Uploads directory of all sub sites on this network (/wp-content/sites/*)"
415
  msgstr ""
430
  "the plugin WP Security Audit Log on the website %2$s on %3$s."
431
  msgstr ""
432
 
433
+ #: classes/ViewManager.php:277
434
  msgid "Free Premium Trial"
435
  msgstr ""
436
 
437
+ #: classes/ViewManager.php:502 classes/Views/FrontendSetupWizard.php:64
438
+ #: classes/Views/Settings.php:255 classes/Views/Settings.php:2703
439
+ #: classes/Views/Settings.php:2732 classes/Views/SetupWizard.php:66
440
  msgid "Access Denied."
441
  msgstr ""
442
 
443
+ #: classes/ViewManager.php:533
444
  msgid "Log count parameter expected."
445
  msgstr ""
446
 
447
+ #: classes/ViewManager.php:541 classes/Views/AuditLog.php:651
448
  #: classes/Views/AuditLog.php:728 classes/Views/AuditLog.php:754
449
  #: classes/Views/AuditLog.php:1059 classes/Views/AuditLog.php:1129
450
+ #: classes/Views/FrontendSetupWizard.php:78 classes/Views/Licensing.php:90
451
+ #: classes/Views/Settings.php:270 classes/Views/Settings.php:2272
452
+ #: classes/Views/Settings.php:2300 classes/Views/Settings.php:2330
453
+ #: classes/Views/Settings.php:2369 classes/Views/Settings.php:2371
454
+ #: classes/Views/Settings.php:2373 classes/Views/Settings.php:2488
455
+ #: classes/Views/Settings.php:2490 classes/Views/Settings.php:2492
456
+ #: classes/Views/Settings.php:2586 classes/Views/Settings.php:2679
457
+ #: classes/Views/SetupWizard.php:81
458
  msgid "Nonce verification failed."
459
  msgstr ""
460
 
546
  msgstr ""
547
 
548
  #: classes/Views/AuditLog.php:378 classes/Views/Licensing.php:82
549
+ #: classes/Views/Settings.php:361 classes/Views/ToggleAlerts.php:140
550
  msgid "You do not have sufficient permissions to access this page."
551
  msgstr ""
552
 
556
  "wizard to configure the basic plugin settings?"
557
  msgstr ""
558
 
559
+ #: classes/Views/AuditLog.php:427 classes/Views/FrontendSetupWizard.php:329
560
+ #: classes/Views/FrontendSetupWizard.php:426 classes/Views/Settings.php:564
561
  #: classes/Views/Settings.php:591 classes/Views/Settings.php:657
562
  #: classes/Views/Settings.php:715 classes/Views/Settings.php:1176
563
  #: classes/Views/Settings.php:1241 classes/Views/Settings.php:2006
564
  #: classes/Views/Settings.php:2067 classes/Views/Settings.php:2095
565
  #: classes/Views/Settings.php:2116 classes/Views/Settings.php:2126
566
+ #: classes/Views/SetupWizard.php:465 classes/Views/SetupWizard.php:513
567
+ #: classes/Views/SetupWizard.php:676
568
  msgid "Yes"
569
  msgstr ""
570
 
571
+ #: classes/Views/AuditLog.php:428 classes/Views/FrontendSetupWizard.php:334
572
+ #: classes/Views/FrontendSetupWizard.php:431 classes/Views/Settings.php:569
573
  #: classes/Views/Settings.php:596 classes/Views/Settings.php:687
574
  #: classes/Views/Settings.php:725 classes/Views/Settings.php:1181
575
  #: classes/Views/Settings.php:1248 classes/Views/Settings.php:2011
576
  #: classes/Views/Settings.php:2074 classes/Views/Settings.php:2102
577
  #: classes/Views/Settings.php:2117 classes/Views/Settings.php:2127
578
+ #: classes/Views/SetupWizard.php:470 classes/Views/SetupWizard.php:518
579
+ #: classes/Views/SetupWizard.php:671
580
  msgid "No"
581
  msgstr ""
582
 
764
  "third party services."
765
  msgstr ""
766
 
767
+ #: classes/Views/FrontendSetupWizard.php:108 classes/Views/SetupWizard.php:129
768
+ msgid "Welcome"
769
+ msgstr ""
770
+
771
+ #: classes/Views/FrontendSetupWizard.php:112 classes/Views/SetupWizard.php:148
772
+ msgid "User Registrations"
773
+ msgstr ""
774
+
775
+ #: classes/Views/FrontendSetupWizard.php:117 classes/Views/SetupWizard.php:138
776
+ msgid "Log In"
777
+ msgstr ""
778
+
779
+ #: classes/Views/FrontendSetupWizard.php:122 classes/Views/SetupWizard.php:143
780
+ msgid "404s"
781
+ msgstr ""
782
+
783
+ #: classes/Views/FrontendSetupWizard.php:127
784
+ #: classes/Views/FrontendSetupWizard.php:477
785
+ #: classes/Views/FrontendSetupWizard.php:478 classes/Views/SetupWizard.php:168
786
+ #: classes/Views/SetupWizard.php:907 classes/Views/SetupWizard.php:908
787
+ msgid "Finish"
788
+ msgstr ""
789
+
790
+ #: classes/Views/FrontendSetupWizard.php:188 classes/Views/SetupWizard.php:244
791
+ msgid "WP Security Audit Log &rsaquo; Setup Wizard"
792
+ msgstr ""
793
+
794
+ #: classes/Views/FrontendSetupWizard.php:217 classes/Views/SetupWizard.php:261
795
+ msgid "Close Wizard"
796
+ msgstr ""
797
+
798
+ #: classes/Views/FrontendSetupWizard.php:291
799
+ msgid ""
800
+ "In this update, we have improved the plugin's front-end sensors and "
801
+ "performance. Use this quick 4-step wizard to fine tune the plugin for your "
802
+ "website."
803
+ msgstr ""
804
+
805
+ #: classes/Views/FrontendSetupWizard.php:296
806
+ msgid "Start Configuring front-end sensors"
807
+ msgstr ""
808
+
809
+ #: classes/Views/FrontendSetupWizard.php:312 classes/Views/SetupWizard.php:348
810
+ msgid "Exit Wizard"
811
+ msgstr ""
812
+
813
+ #: classes/Views/FrontendSetupWizard.php:325 classes/Views/SetupWizard.php:509
814
+ msgid "Can visitors register for a user on your website?"
815
+ msgstr ""
816
+
817
+ #: classes/Views/FrontendSetupWizard.php:336 classes/Views/SetupWizard.php:520
818
+ msgid ""
819
+ "If you are not sure about this setting, check if the Membership setting in "
820
+ "the WordPress General settings is checked or not. If it is not checked "
821
+ "(default) select No."
822
+ msgstr ""
823
+
824
+ #: classes/Views/FrontendSetupWizard.php:340
825
+ #: classes/Views/FrontendSetupWizard.php:388
826
+ #: classes/Views/FrontendSetupWizard.php:436 classes/Views/SetupWizard.php:375
827
+ #: classes/Views/SetupWizard.php:428 classes/Views/SetupWizard.php:476
828
+ #: classes/Views/SetupWizard.php:525 classes/Views/SetupWizard.php:585
829
+ #: classes/Views/SetupWizard.php:586 classes/Views/SetupWizard.php:718
830
+ #: classes/Views/SetupWizard.php:719 classes/Views/SetupWizard.php:838
831
+ #: classes/Views/SetupWizard.php:839
832
+ msgid "Next"
833
+ msgstr ""
834
+
835
+ #: classes/Views/FrontendSetupWizard.php:373 classes/Views/SetupWizard.php:412
836
+ msgid ""
837
+ "Do you or your users use other pages to log in to WordPress other than the "
838
+ "default login page ( /wp-admin/ )?"
839
+ msgstr ""
840
+
841
+ #: classes/Views/FrontendSetupWizard.php:377 classes/Views/SetupWizard.php:416
842
+ msgid "Yes, we use other pages to login to WordPress."
843
+ msgstr ""
844
+
845
+ #: classes/Views/FrontendSetupWizard.php:382 classes/Views/SetupWizard.php:421
846
+ msgid "No, we only use the default WordPress login page."
847
+ msgstr ""
848
+
849
+ #: classes/Views/FrontendSetupWizard.php:384 classes/Views/SetupWizard.php:423
850
+ msgid ""
851
+ "If your website is a membership or ecommerce website most probably you have "
852
+ "more than one area from where the users can login. If you are not sure, "
853
+ "select Yes."
854
+ msgstr ""
855
+
856
+ #: classes/Views/FrontendSetupWizard.php:422 classes/Views/SetupWizard.php:461
857
+ msgid ""
858
+ "Do you want to keep a log of (non-logged in) visitors’ requests to non-"
859
+ "existing URLs which generate a HTTP 404 error response?"
860
+ msgstr ""
861
+
862
+ #: classes/Views/FrontendSetupWizard.php:469
863
+ msgid ""
864
+ "All the new settings have been applied. You can change these settings from "
865
+ "the Front-end Events in the Enable/Disable Events section."
866
+ msgstr ""
867
+
868
  #: classes/Views/Help.php:62 classes/Views/Help.php:104
869
  #: classes/Views/Help.php:118
870
  msgid "Help"
994
  msgstr ""
995
 
996
  #: classes/Views/Licensing.php:96 classes/Views/Settings.php:377
997
+ #: classes/Views/ToggleAlerts.php:157
998
  msgid "Settings have been saved."
999
  msgstr ""
1000
 
1001
  #: classes/Views/Licensing.php:101 classes/Views/Settings.php:383
1002
+ #: classes/Views/ToggleAlerts.php:163
1003
  msgid "Error: "
1004
  msgstr ""
1005
 
1191
  msgid "File Integrity Scan"
1192
  msgstr ""
1193
 
1194
+ #: classes/Views/Settings.php:117 classes/Views/SetupWizard.php:163
1195
  msgid "Exclude Objects"
1196
  msgstr ""
1197
 
1204
  msgstr ""
1205
 
1206
  #: classes/Views/Settings.php:179 classes/Views/Settings.php:193
1207
+ #: classes/Views/ToggleAlerts.php:436 classes/Views/ToggleAlerts.php:464
1208
  msgid "Settings"
1209
  msgstr ""
1210
 
1344
  msgid "Login Page Notification"
1345
  msgstr ""
1346
 
1347
+ #: classes/Views/Settings.php:663 wp-security-audit-log.php:1853
1348
  msgid ""
1349
  "For security and auditing purposes, a record of all of your logged-in "
1350
  "actions and changes within the WordPress dashboard will be recorded in an "
2044
  msgstr ""
2045
 
2046
  #: classes/Views/Settings.php:1521 classes/Views/Settings.php:1557
2047
+ #: classes/Views/Settings.php:1587 classes/Views/SetupWizard.php:685
2048
+ #: classes/Views/SetupWizard.php:693 classes/Views/SetupWizard.php:778
2049
+ #: classes/Views/SetupWizard.php:797 classes/Views/SetupWizard.php:816
2050
  msgid "ADD"
2051
  msgstr ""
2052
 
2411
  msgid "Nonce Verification Failed."
2412
  msgstr ""
2413
 
 
 
 
 
2414
  #: classes/Views/SetupWizard.php:133
2415
  msgid "Log Details"
2416
  msgstr ""
2417
 
2418
+ #: classes/Views/SetupWizard.php:153
2419
  msgid "Log Retention"
2420
  msgstr ""
2421
 
2422
+ #: classes/Views/SetupWizard.php:158
2423
  msgid "Access"
2424
  msgstr ""
2425
 
2426
+ #: classes/Views/SetupWizard.php:212
 
 
 
 
 
2427
  msgid "Specified value in not a user."
2428
  msgstr ""
2429
 
2430
+ #: classes/Views/SetupWizard.php:213
2431
  msgid "Specified value in not a role."
2432
  msgstr ""
2433
 
2434
+ #: classes/Views/SetupWizard.php:214
2435
  msgid "Specified value in not an IP address."
2436
  msgstr ""
2437
 
2438
+ #: classes/Views/SetupWizard.php:339
 
 
 
 
 
 
 
 
2439
  msgid ""
2440
  "This wizard helps you configure the basic plugin settings. All these "
2441
  "settings can be changed at a later stage from the plugin settings."
2442
  msgstr ""
2443
 
2444
+ #: classes/Views/SetupWizard.php:344
2445
  msgid "Start Configuring the Plugin"
2446
  msgstr ""
2447
 
2448
+ #: classes/Views/SetupWizard.php:361
 
 
 
 
2449
  msgid "Please select the level of detail for your WordPress activity logs:"
2450
  msgstr ""
2451
 
2452
+ #: classes/Views/SetupWizard.php:365
2453
  msgid ""
2454
  "Basic (I want a high level overview and I am not interested in the detail)"
2455
  msgstr ""
2456
 
2457
+ #: classes/Views/SetupWizard.php:370
2458
  msgid "Geek (I want to know everything that is happening on my WordPress)"
2459
  msgstr ""
2460
 
2461
+ #: classes/Views/SetupWizard.php:372
2462
  msgid ""
2463
  "Note: You can change the WordPress logging level from the plugin’s settings "
2464
  "anytime."
2465
  msgstr ""
2466
 
2467
+ #: classes/Views/SetupWizard.php:426 classes/Views/SetupWizard.php:474
2468
+ #: classes/Views/SetupWizard.php:523 classes/Views/SetupWizard.php:577
2469
+ msgid ""
2470
+ "Note: You can change the WordPress activity log retention settings at any "
2471
+ "time from the plugin settings later on."
2472
  msgstr ""
2473
 
2474
+ #: classes/Views/SetupWizard.php:559
2475
  msgid "How long do you want to keep the data in the WordPress activity Log?"
2476
  msgstr ""
2477
 
2478
+ #: classes/Views/SetupWizard.php:564
2479
  msgid "6 months (data older than 6 months will be deleted)"
2480
  msgstr ""
2481
 
2482
+ #: classes/Views/SetupWizard.php:569
2483
  msgid "12 months (data older than 12 months will be deleted)"
2484
  msgstr ""
2485
 
2486
+ #: classes/Views/SetupWizard.php:574
2487
  msgid "Keep all data."
2488
  msgstr ""
2489
 
2490
+ #: classes/Views/SetupWizard.php:595
 
 
 
 
 
 
2491
  msgid ""
2492
  "The plugin stores the data in the WordPress database in a very efficient "
2493
  "way, though the more data you keep the more hard disk space it will consume. "
2497
  "activity log in an external database."
2498
  msgstr ""
2499
 
2500
+ #: classes/Views/SetupWizard.php:599
2501
  msgid ""
2502
  "The plugin stores the data in the WordPress database in a very efficient "
2503
  "way, though the more data you keep the more hard disk space it will consume. "
2505
  "WordPress activity log in an external database or enable archiving."
2506
  msgstr ""
2507
 
2508
+ #: classes/Views/SetupWizard.php:666
2509
  msgid ""
2510
  "By default only the users with administrator role can access the WordPress "
2511
  "activity log. Would you like to allow any other user or users with a role to "
2512
  "access the WordPress activity log?"
2513
  msgstr ""
2514
 
2515
+ #: classes/Views/SetupWizard.php:682 classes/Views/SetupWizard.php:775
2516
  msgid "Usernames: "
2517
  msgstr ""
2518
 
2519
+ #: classes/Views/SetupWizard.php:690 classes/Views/SetupWizard.php:794
2520
  msgid "Roles: "
2521
  msgstr ""
2522
 
2523
+ #: classes/Views/SetupWizard.php:711
2524
  msgid ""
2525
  "Note: you can change the WordPress activity log privileges settings at any "
2526
  "time from the plugin settings."
2527
  msgstr ""
2528
 
2529
+ #: classes/Views/SetupWizard.php:725
2530
  msgid ""
2531
  "The WordPress activity log contains sensitive data such as who logged in, "
2532
  "from where, when, and what they did."
2533
  msgstr ""
2534
 
2535
+ #: classes/Views/SetupWizard.php:770
2536
  msgid ""
2537
  "The plugin will keep a log of everything that happens on your WordPress "
2538
  "website. If you would like to exclude a particular user, users with a role "
2540
  "button."
2541
  msgstr ""
2542
 
2543
+ #: classes/Views/SetupWizard.php:813
2544
  msgid "IP Address: "
2545
  msgstr ""
2546
 
2547
+ #: classes/Views/SetupWizard.php:831
2548
  msgid "Note: You can change these exclusions anytime from the plugin settings."
2549
  msgstr ""
2550
 
2551
+ #: classes/Views/SetupWizard.php:845
2552
  msgid ""
2553
  "The WordPress activity log contains sensitive data such as who logged in, "
2554
  "from where, when and what they did."
2555
  msgstr ""
2556
 
2557
+ #: classes/Views/SetupWizard.php:878
2558
  msgid ""
2559
  "Your plugin is all set and it is ready to start keeping a record of "
2560
  "everything that is happening on your WordPress in a WordPress activity log."
2561
  msgstr ""
2562
 
2563
+ #: classes/Views/SetupWizard.php:879
2564
  msgid "Below are a few useful links you might need to refer to:"
2565
  msgstr ""
2566
 
2567
+ #: classes/Views/SetupWizard.php:884
2568
  msgid "Getting started with the WP Security Audit Log plugin"
2569
  msgstr ""
2570
 
2571
+ #: classes/Views/SetupWizard.php:889
2572
  msgid "Knowledge Base & Support Documents"
2573
  msgstr ""
2574
 
2575
+ #: classes/Views/SetupWizard.php:894
2576
  msgid "Benefits of keeping a WordPress activity log"
2577
  msgstr ""
2578
 
2579
+ #: classes/Views/SetupWizard.php:899
2580
  msgid ""
2581
  "We trust this plugin meets all your activity log requirements. Should you "
2582
  "encounter any problems, have feature requests or would like to share some "
2588
  msgid "Enable/Disable Events"
2589
  msgstr ""
2590
 
2591
+ #: classes/Views/ToggleAlerts.php:196
2592
  msgid "Log Level: "
2593
  msgstr ""
2594
 
2595
+ #: classes/Views/ToggleAlerts.php:201
2596
  msgid "Basic"
2597
  msgstr ""
2598
 
2599
+ #: classes/Views/ToggleAlerts.php:206
2600
  msgid "Geek"
2601
  msgstr ""
2602
 
2603
+ #: classes/Views/ToggleAlerts.php:209
2604
  msgid "Custom"
2605
  msgstr ""
2606
 
2607
+ #: classes/Views/ToggleAlerts.php:213
2608
  msgid ""
2609
  "Use the Log level drop down menu above to use one of our preset log levels. "
2610
  "Alternatively you can enable or disable any of the individual events from "
2614
  "on all the events the plugin can keep a log of."
2615
  msgstr ""
2616
 
2617
+ #: classes/Views/ToggleAlerts.php:221 defaults.php:485
2618
  msgid "Third Party Plugins"
2619
  msgstr ""
2620
 
2621
+ #: classes/Views/ToggleAlerts.php:223
2622
+ msgid "Front-end Events"
2623
  msgstr ""
2624
 
2625
+ #: classes/Views/ToggleAlerts.php:274 classes/Views/ToggleAlerts.php:281
2626
+ #: classes/Views/ToggleAlerts.php:331 defaults.php:489
2627
  msgid "BBPress Forum"
2628
  msgstr ""
2629
 
2630
+ #: classes/Views/ToggleAlerts.php:275 classes/Views/ToggleAlerts.php:288
2631
+ #: classes/Views/ToggleAlerts.php:344 defaults.php:564
2632
  msgid "WooCommerce"
2633
  msgstr ""
2634
 
2635
+ #: classes/Views/ToggleAlerts.php:276 classes/Views/ToggleAlerts.php:289
2636
+ #: classes/Views/ToggleAlerts.php:344 classes/Views/ToggleAlerts.php:352
2637
  #: defaults.php:519
2638
  msgid "WooCommerce Products"
2639
  msgstr ""
2640
 
2641
+ #: classes/Views/ToggleAlerts.php:277 classes/Views/ToggleAlerts.php:296
2642
+ #: classes/Views/ToggleAlerts.php:359 defaults.php:616
2643
  msgid "Yoast SEO"
2644
  msgstr ""
2645
 
2646
+ #: classes/Views/ToggleAlerts.php:278 classes/Views/ToggleAlerts.php:303
2647
+ #: classes/Views/ToggleAlerts.php:372 defaults.php:467
2648
  msgid "MultiSite"
2649
  msgstr ""
2650
 
2651
+ #: classes/Views/ToggleAlerts.php:319
2652
  msgid "Code"
2653
  msgstr ""
2654
 
2655
+ #: classes/Views/ToggleAlerts.php:321 classes/WidgetManager.php:83
2656
  msgid "Description"
2657
  msgstr ""
2658
 
2659
+ #: classes/Views/ToggleAlerts.php:324 classes/Views/ToggleAlerts.php:488
2660
+ #: classes/Views/ToggleAlerts.php:583
2661
  msgid "File Changes"
2662
  msgstr ""
2663
 
2664
+ #: classes/Views/ToggleAlerts.php:325 defaults.php:197
2665
  msgid "Content"
2666
  msgstr ""
2667
 
2668
+ #: classes/Views/ToggleAlerts.php:328
2669
  msgid ""
2670
  "<strong>Note:</strong> Post refers to any type of content, i.e. blog post, "
2671
  "page or a post with a custom post type."
2672
  msgstr ""
2673
 
2674
+ #: classes/Views/ToggleAlerts.php:335
2675
  msgid ""
2676
  "The plugin BBPress is not installed on your website so these events have "
2677
  "been disabled."
2678
  msgstr ""
2679
 
2680
+ #: classes/Views/ToggleAlerts.php:341
2681
  msgid "Forums"
2682
  msgstr ""
2683
 
2684
+ #: classes/Views/ToggleAlerts.php:348
2685
  msgid ""
2686
  "The plugin WooCommerce is not installed on your website so these events have "
2687
  "been disabled."
2688
  msgstr ""
2689
 
2690
+ #: classes/Views/ToggleAlerts.php:355
2691
  msgid "Products"
2692
  msgstr ""
2693
 
2694
+ #: classes/Views/ToggleAlerts.php:363
2695
  msgid ""
2696
  "The plugin Yoast SEO is not installed on your website so these events have "
2697
  "been disabled."
2698
  msgstr ""
2699
 
2700
+ #: classes/Views/ToggleAlerts.php:369
2701
  msgid "Post Changes"
2702
  msgstr ""
2703
 
2704
+ #: classes/Views/ToggleAlerts.php:376
2705
  msgid ""
2706
  "Your website is a single site so the multisite events have been disabled."
2707
  msgstr ""
2708
 
2709
+ #: classes/Views/ToggleAlerts.php:382 defaults.php:171
2710
  msgid "User Profiles"
2711
  msgstr ""
2712
 
2713
+ #: classes/Views/ToggleAlerts.php:385 defaults.php:152
2714
  msgid "Other User Activity"
2715
  msgstr ""
2716
 
2717
+ #: classes/Views/ToggleAlerts.php:388
2718
  msgid "Logins & Logouts"
2719
  msgstr ""
2720
 
2721
+ #: classes/Views/ToggleAlerts.php:407
2722
  msgid "Not Implemented"
2723
  msgstr ""
2724
 
2725
+ #: classes/Views/ToggleAlerts.php:410
2726
  msgid "Not Available"
2727
  msgstr ""
2728
 
2729
+ #: classes/Views/ToggleAlerts.php:420
2730
  msgid "User Sessions"
2731
  msgstr ""
2732
 
2733
+ #: classes/Views/ToggleAlerts.php:422
2734
  msgid "Files"
2735
  msgstr ""
2736
 
2737
+ #: classes/Views/ToggleAlerts.php:426
2738
  msgid "Post Settings"
2739
  msgstr ""
2740
 
2741
+ #: classes/Views/ToggleAlerts.php:428
2742
  msgid "Tags"
2743
  msgstr ""
2744
 
2745
+ #: classes/Views/ToggleAlerts.php:430 classes/Views/ToggleAlerts.php:448
2746
  msgid "Categories"
2747
  msgstr ""
2748
 
2749
+ #: classes/Views/ToggleAlerts.php:432
2750
  msgid "Custom Fields"
2751
  msgstr ""
2752
 
2753
+ #: classes/Views/ToggleAlerts.php:434
2754
  msgid "Sites"
2755
  msgstr ""
2756
 
2757
+ #: classes/Views/ToggleAlerts.php:438
2758
  msgid "Topics"
2759
  msgstr ""
2760
 
2761
+ #: classes/Views/ToggleAlerts.php:440 classes/Views/ToggleAlerts.php:456
2762
  msgid "User Profile"
2763
  msgstr ""
2764
 
2765
+ #: classes/Views/ToggleAlerts.php:442
2766
  msgid "Product Admin"
2767
  msgstr ""
2768
 
2769
+ #: classes/Views/ToggleAlerts.php:444
2770
  msgid "Product Attribute"
2771
  msgstr ""
2772
 
2773
+ #: classes/Views/ToggleAlerts.php:446
2774
  msgid "Store Admin"
2775
  msgstr ""
2776
 
2777
+ #: classes/Views/ToggleAlerts.php:450
2778
  msgid "Attributes"
2779
  msgstr ""
2780
 
2781
+ #: classes/Views/ToggleAlerts.php:452
2782
  msgid "Coupons"
2783
  msgstr ""
2784
 
2785
+ #: classes/Views/ToggleAlerts.php:454
2786
  msgid "Orders"
2787
  msgstr ""
2788
 
2789
+ #: classes/Views/ToggleAlerts.php:458
2790
  msgid "Website Changes"
2791
  msgstr ""
2792
 
2793
+ #: classes/Views/ToggleAlerts.php:460
2794
  msgid "Plugin Settings"
2795
  msgstr ""
2796
 
2797
+ #: classes/Views/ToggleAlerts.php:466
2798
  msgid "File Changes Scanning"
2799
  msgstr ""
2800
 
2801
+ #: classes/Views/ToggleAlerts.php:520 classes/Views/ToggleAlerts.php:662
2802
  msgid ""
2803
  "Capture 404 requests to file (the log file are created in the /wp-content/"
2804
  "uploads/wp-security-audit-log/404s/ directory)"
2805
  msgstr ""
2806
 
2807
+ #: classes/Views/ToggleAlerts.php:528 classes/Views/ToggleAlerts.php:666
2808
  msgid "Purge log files older than one month"
2809
  msgstr ""
2810
 
2811
+ #: classes/Views/ToggleAlerts.php:533
2812
  msgid ""
2813
  "Number of 404 Requests to Log. By default the plugin keeps up to 99 requests "
2814
  "to non-existing pages from the same IP address. Increase the value in this "
2815
  "setting to the desired amount to keep a log of more or less requests."
2816
  msgstr ""
2817
 
2818
+ #: classes/Views/ToggleAlerts.php:538 classes/Views/ToggleAlerts.php:674
2819
  msgid "Record the referrer that generated the 404 error."
2820
  msgstr ""
2821
 
2822
+ #: classes/Views/ToggleAlerts.php:550 classes/Views/ToggleAlerts.php:563
 
 
 
 
 
 
 
 
 
2823
  msgid ""
2824
  "Number of login attempts to log. Enter 0 to log all failed login attempts. "
2825
  "(By default the plugin only logs up to 10 failed login because the process "
2826
  "can be very resource intensive in case of a brute force attack)"
2827
  msgstr ""
2828
 
2829
+ #: classes/Views/ToggleAlerts.php:576
2830
  msgid ""
2831
  "Log all stock changes. Disable this setting to only keep a log of stock "
2832
  "changes done manually via the WooCommerce dashboard. Therefore automated "
2834
  "plugins will not be logged."
2835
  msgstr ""
2836
 
2837
+ #: classes/Views/ToggleAlerts.php:598
2838
  msgid "Configure the file integrity scan settings."
2839
  msgstr ""
2840
 
2841
+ #: classes/Views/ToggleAlerts.php:619
2842
+ msgid ""
2843
+ "This plugin keeps a log of what your website users are doing when they are "
2844
+ "logged in. On top of that it can also keep a log of some important events of "
2845
+ "(non logged in) website visitors. Use the below settings to enable / disable "
2846
+ "any of the front-end sensors:"
2847
+ msgstr ""
2848
+
2849
+ #: classes/Views/ToggleAlerts.php:624
2850
+ msgid "Front-end users registrations"
2851
+ msgstr ""
2852
+
2853
+ #: classes/Views/ToggleAlerts.php:630
2854
+ msgid ""
2855
+ "Keep a log when a visitor registers a user on the website. Only enable this "
2856
+ "if you allow visitors to register as users on your website. User "
2857
+ "registration is disabled by default in WordPress."
2858
+ msgstr ""
2859
+
2860
+ #: classes/Views/ToggleAlerts.php:635
2861
+ msgid "Front-end users logins"
2862
+ msgstr ""
2863
+
2864
+ #: classes/Views/ToggleAlerts.php:641
2865
+ msgid ""
2866
+ "Keep a log when users login to the website from other login pages / forms "
2867
+ "other than the default WordPress login page."
2868
+ msgstr ""
2869
+
2870
+ #: classes/Views/ToggleAlerts.php:646
2871
+ msgid "Website visitors 404 errors"
2872
+ msgstr ""
2873
+
2874
+ #: classes/Views/ToggleAlerts.php:652
2875
  msgid ""
2876
+ "Event ID 6023: Keep a log when a website visitor requests a non-existing URL "
2877
+ "(HTTP 404 response error)."
 
2878
  msgstr ""
2879
 
2880
+ #: classes/Views/ToggleAlerts.php:670
2881
+ msgid ""
2882
+ "Number of 404 Requests to Log. By default the plugin keeps up to 99 requests "
2883
+ "to non-existing pages from the same IP address. Increase the value in this "
2884
+ "setting to the desired amount to keep a log of more or less requests. Note "
2885
+ "that by increasing this value to a high number, should your website be "
2886
+ "scanned the plugin will consume more resources to log all the requests."
2887
  msgstr ""
2888
 
2889
+ #: classes/Views/ToggleAlerts.php:678
2890
+ msgid "Front-end WooCommerce activity"
2891
  msgstr ""
2892
 
2893
+ #: classes/Views/ToggleAlerts.php:684
2894
  msgid ""
2895
+ "Keep a log of product stocks and orders changes done by website visitors "
2896
+ "(non-logged in). Regardless of the state of this setting, the plugin always "
2897
+ "keeps a log of changes done by logged in users."
2898
  msgstr ""
2899
 
2900
+ #: classes/Views/ToggleAlerts.php:690
2901
  msgid "Save Changes"
2902
  msgstr ""
2903
 
2904
+ #: classes/Views/ToggleAlerts.php:697
2905
  msgid "Log Level Updated"
2906
  msgstr ""
2907
 
2908
  #. translators: Alerts log level.
2909
+ #: classes/Views/ToggleAlerts.php:701
2910
  #, php-format
2911
  msgid "The %s log level has been successfully loaded and applied."
2912
  msgstr ""
2913
 
2914
+ #: classes/Views/ToggleAlerts.php:705
2915
  msgid "OK"
2916
  msgstr ""
2917
 
2918
+ #: classes/Views/ToggleAlerts.php:720
2919
  msgid "Enable File Integrity Scanner"
2920
  msgstr ""
2921
 
2922
+ #: classes/Views/ToggleAlerts.php:722
2923
  msgid ""
2924
  "The file integrity scanner is switched off. To enable this event it has to "
2925
  "be switched on."
2926
  msgstr ""
2927
 
2928
+ #: classes/Views/ToggleAlerts.php:726
2929
  msgid "SWITCH ON"
2930
  msgstr ""
2931
 
2932
+ #: classes/Views/ToggleAlerts.php:727
2933
  msgid "DISABLE EVENT"
2934
  msgstr ""
2935
 
6372
  msgstr ""
6373
 
6374
  #. translators: Username
6375
+ #: wp-security-audit-log.php:755 wp-security-audit-log.php:782
6376
  #, php-format
6377
  msgid "Hey %1$s"
6378
  msgstr ""
6379
 
6380
+ #: wp-security-audit-log.php:756
6381
  msgid ""
6382
  "Never miss an important update! Opt-in to our security and feature updates "
6383
  "notifications, and non-sensitive diagnostic tracking with freemius.com."
6384
  msgstr ""
6385
 
6386
+ #: wp-security-audit-log.php:757 wp-security-audit-log.php:785
6387
  msgid "Note: "
6388
  msgstr ""
6389
 
6390
+ #: wp-security-audit-log.php:758 wp-security-audit-log.php:786
6391
  msgid "NO AUDIT LOG ACTIVITY & DATA IS SENT BACK TO OUR SERVERS."
6392
  msgstr ""
6393
 
6394
  #. translators: 1: Plugin name. 2: Freemius link.
6395
+ #: wp-security-audit-log.php:784
6396
  #, php-format
6397
  msgid ""
6398
  "Please help us improve %2$s! If you opt-in, some non-sensitive data about "
6401
  msgstr ""
6402
 
6403
  #. translators: Plugin name
6404
+ #: wp-security-audit-log.php:806
6405
  #, php-format
6406
  msgid ""
6407
  "Get a free 7-day trial of the premium edition of %s. No credit card "
6409
  msgstr ""
6410
 
6411
  #. Plugin Name of the plugin/theme
6412
+ #: wp-security-audit-log.php:807
6413
  msgid "WP Security Audit Log"
6414
  msgstr ""
6415
 
6416
+ #: wp-security-audit-log.php:811
6417
  msgid "Start free trial"
6418
  msgstr ""
6419
 
6420
+ #: wp-security-audit-log.php:878
6421
  #, php-format
6422
  msgid ""
6423
  "The license is limited to %s sub-sites. You need to upgrade your license to "
6424
  "cover all the sub-sites on this network."
6425
  msgstr ""
6426
 
6427
+ #: wp-security-audit-log.php:977
6428
  msgid ""
6429
  "Error: You do not have sufficient permissions to disable this custom field."
6430
  msgstr ""
6431
 
6432
+ #: wp-security-audit-log.php:1010
6433
+ #, php-format
6434
+ msgid ""
6435
+ "Custom Field %1$s is no longer being monitored.<br />Enable the monitoring "
6436
+ "of this custom field again from the"
6437
+ msgstr ""
6438
+
6439
+ #: wp-security-audit-log.php:1010
6440
+ msgid "Excluded Objects"
6441
+ msgstr ""
6442
+
6443
+ #: wp-security-audit-log.php:1010
6444
+ msgid " tab in the plugin settings"
6445
+ msgstr ""
6446
+
6447
+ #: wp-security-audit-log.php:1022
6448
  msgid "Error: You do not have sufficient permissions to disable this alert."
6449
  msgstr ""
6450
 
6451
+ #: wp-security-audit-log.php:1046
6452
+ #, php-format
6453
+ msgid "Alert %1$s is no longer being monitored.<br /> %2$s"
6454
+ msgstr ""
6455
+
6456
+ #: wp-security-audit-log.php:1046
6457
+ msgid ""
6458
+ "You can enable this alert again from the Enable/Disable Alerts node in the "
6459
+ "plugin menu."
6460
+ msgstr ""
6461
+
6462
+ #: wp-security-audit-log.php:1142
6463
  #, php-format
6464
  msgid ""
6465
  "You are using a version of PHP that is older than %s, which is no longer "
6466
  "supported."
6467
  msgstr ""
6468
 
6469
+ #: wp-security-audit-log.php:1144
6470
  msgid ""
6471
  "Contact us on <a href=\"mailto:plugins@wpwhitesecurity.com"
6472
  "\">plugins@wpwhitesecurity.com</a> to help you switch the version of PHP you "
6473
  "are using."
6474
  msgstr ""
6475
 
6476
+ #: wp-security-audit-log.php:1146
6477
  msgid ""
6478
  "The WP Security Audit Log plugin is a multisite network tool, so it has to "
6479
  "be activated at network level."
6480
  msgstr ""
6481
 
6482
+ #: wp-security-audit-log.php:1148
6483
  msgid "Redirect me to the network dashboard"
6484
  msgstr ""
6485
 
6486
+ #: wp-security-audit-log.php:1153
6487
  #, php-format
6488
  msgid "Please install the %s plugin on the MainWP dashboard."
6489
  msgstr ""
6490
 
6491
+ #: wp-security-audit-log.php:1153
6492
  msgid "Activity Log for MainWP"
6493
  msgstr ""
6494
 
6495
+ #: wp-security-audit-log.php:1155
6496
  #, php-format
6497
  msgid ""
6498
  "The WP Security Audit Log should be installed on the child sites only. Refer "
6499
  "to the %s for more information."
6500
  msgstr ""
6501
 
6502
+ #: wp-security-audit-log.php:1155
6503
  msgid "getting started guide"
6504
  msgstr ""
6505
 
6506
+ #: wp-security-audit-log.php:1241
6507
  msgid ""
6508
  "This plugin uses 3 tables in the WordPress database to store the activity "
6509
  "log and settings. It seems that these tables were not created."
6510
  msgstr ""
6511
 
6512
+ #: wp-security-audit-log.php:1243
6513
  msgid ""
6514
  "This could happen because the database user does not have the right "
6515
  "privileges to create the tables in the database. We recommend you to update "
6516
  "the privileges and try enabling the plugin again."
6517
  msgstr ""
6518
 
6519
+ #: wp-security-audit-log.php:1245
6520
  #, php-format
6521
  msgid ""
6522
  "If after doing so you still have issues, please send us an email on %s for "
6523
  "assistance."
6524
  msgstr ""
6525
 
6526
+ #: wp-security-audit-log.php:1245
6527
  msgid "support@wpsecurityauditlog.com"
6528
  msgstr ""
6529
 
6530
+ #: wp-security-audit-log.php:1872
6531
  msgid "Every 6 hours"
6532
  msgstr ""
6533
 
6534
+ #: wp-security-audit-log.php:1876
6535
  msgid "Every 45 minutes"
6536
  msgstr ""
6537
 
6538
+ #: wp-security-audit-log.php:1880
6539
  msgid "Every 30 minutes"
6540
  msgstr ""
6541
 
6542
+ #: wp-security-audit-log.php:1884
6543
  msgid "Every 15 minutes"
6544
  msgstr ""
6545
 
6546
+ #: wp-security-audit-log.php:1888
6547
  msgid "Every 10 minutes"
6548
  msgstr ""
6549
 
6550
+ #: wp-security-audit-log.php:1892
6551
  msgid "Every 1 minute"
6552
  msgstr ""
6553
 
6554
  #. translators: 1. Deprecated method name 2. Version since deprecated
6555
+ #: wp-security-audit-log.php:1906
6556
  #, php-format
6557
  msgid "Method %1$s is deprecated since version %2$s!"
6558
  msgstr ""
readme.txt CHANGED
@@ -5,8 +5,8 @@ License: GPLv3
5
  License URI: http://www.gnu.org/licenses/gpl.html
6
  Tags: wordpress security plugin, wordpress security audit log, audit log, activity logs, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, wordpress security monitor, wordpress admin, wordpress admin monitoring, user activity, admin, multisite, dashboard, notification, wordpress monitoring, email notification, wordpress email alerts, SMS messages, tracking, user tracking, user activity report, wordpress audit trail
7
  Requires at least: 3.6
8
- Tested up to: 5.2.2
9
- Stable tag: 3.4.3.1
10
  Requires PHP: 5.5
11
 
12
  An easy to use & comprehensive WordPress activity log plugin to log all changes on WordPress sites & multisite networks.
@@ -204,37 +204,26 @@ Please refer to our [Support & Documentation pages](https://www.wpsecurityauditl
204
 
205
  == Changelog ==
206
 
207
- =3.4.3.1 (2019-08-29)
208
 
209
- * **Improvements**
210
- * Added confirmation for when daily summary email is sent manually.
211
- * Updated the support links in the help page.
212
-
213
- * **Bug fixes**
214
- * Fixed cases in which event ID 4012 was not being reported.
215
- * Fixed a PHP fatal error caused when public events are disabled.
216
-
217
- Release notes: [Update 3.4.3 – Front-end plugin performance improvements & MainWP extension support](https://www.wpsecurityauditlog.com/releases/update-3-4-3/)
218
-
219
- = 3.4.3 (2019-08-28) =
220
 
221
  * **New Features**
222
- * Plugin performance improved five fold.
223
- * Improved [log coverage of WooCommerce](https://www.wpsecurityauditlog.com/woocommerce-activity-log-datasheet/) products - plugin keeps log of changes done to products via quick edit.
224
- * Added coverage of WooCommerce product changes done with Admin Columns Pro.
225
- * Support for the new Search and Reports features coming up in the [Activity Log for MainWP extension](https://www.wpsecurityauditlog.com/activity-log-mainwp-extension/).
226
 
227
  * **Improvements**
228
- * Improved log coverage of draft posts - now plugin reports the details of changes on draft posts.
229
- * Added report title in HTML reports.
230
- * Maximum number of logged in user sessions the plugin retrieves is now be configured.
231
- * Removed plugin branding from [WordPress activity log HTML reports](https://www.wpsecurityauditlog.com/premium-features/reports-wordpress-activity-log/) and automated emails.
232
- * Removed a number of redundant files from old premium extensions.
233
- * Events in activity log dashboard widget have been shortened for better readability.* Removed broken links from 404 error email notifications.
234
-
235
- * **Bug fixes**
236
- * Plugin now sends the IP address when [mirroring WordPress activity log to Slack](https://www.wpsecurityauditlog.com/premium-features/integration-mirroring-tools-wordpress-activity-log/).
237
- * Fixed an edge case in which cron jobs for mirroring of activity log were not firing.
 
238
 
239
  = Earlier versions =
240
 
5
  License URI: http://www.gnu.org/licenses/gpl.html
6
  Tags: wordpress security plugin, wordpress security audit log, audit log, activity logs, event log wordpress, wordpress user tracking, wordpress activity log, wordpress audit, security event log, audit trail, wordpress security monitor, wordpress admin, wordpress admin monitoring, user activity, admin, multisite, dashboard, notification, wordpress monitoring, email notification, wordpress email alerts, SMS messages, tracking, user tracking, user activity report, wordpress audit trail
7
  Requires at least: 3.6
8
+ Tested up to: 5.2.3
9
+ Stable tag: 3.5
10
  Requires PHP: 5.5
11
 
12
  An easy to use & comprehensive WordPress activity log plugin to log all changes on WordPress sites & multisite networks.
204
 
205
  == Changelog ==
206
 
207
+ Release notes: [Update 3.5 - New configurable front-end sensors & improved wizard](https://www.wpsecurityauditlog.com/releases/update-3-5/)
208
 
209
+ = 3.5 (2019-09-12) =
 
 
 
 
 
 
 
 
 
 
210
 
211
  * **New Features**
212
+
213
+ * 3 new front-end sensors that can be individually enabled / disabled individually (used for front end activity, such as logins from non-default WordPress login page).
 
 
214
 
215
  * **Improvements**
216
+
217
+ * Improved the hide plugin feature: number of installed plugins is also adjusted when plugin is hidden.
218
+ * Added new steps in the wizard to help users configure the front-end sensors when they install the plugin.
219
+ * Plugin keeps log of stock changes when orders are placed manually or items in orders are changed ([WooCommerce Activity Log](https://www.wpsecurityauditlog.com/woocommerce-activity-log-datasheet/)).
220
+ * Removed event ID 2126 (visitor posted a comment): noticed almost all users disable it since this is trivial information / change.
221
+
222
+ * **Bug Fixes**
223
+
224
+ * Plugin was not reporting correct product name & stock quantity when WooCommerce Tab Manager was installed.
225
+ * Mirroring cron jobs not firing / not copying logs to mirror.
226
+ * Unhandled error when using custom login pages.
227
 
228
  = Earlier versions =
229
 
wp-security-audit-log.php CHANGED
@@ -4,15 +4,14 @@
4
  * Plugin URI: http://www.wpsecurityauditlog.com/
5
  * Description: Identify WordPress security issues before they become a problem. Keep track of everything happening on your WordPress including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log generates a security alert for everything that happens on your WordPress blogs and websites. Use the Audit Log Viewer included in the plugin to see all the security alerts.
6
  * Author: WP White Security
7
- * Version: 3.4.3.1
8
  * Text Domain: wp-security-audit-log
9
  * Author URI: http://www.wpwhitesecurity.com/
10
  * License: GPL2
11
  *
12
  * @package Wsal
13
  *
14
- * @fs_premium_only /extensions/
15
- * @fs_premium_only /sdk/twilio-php/
16
  */
17
 
18
  /*
@@ -47,7 +46,7 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
47
  *
48
  * @var string
49
  */
50
- public $version = '3.4.3.1';
51
 
52
  // Plugin constants.
53
  const PLG_CLS_PRFX = 'WSAL_';
@@ -162,7 +161,8 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
162
  // Frontend requests should only log for certain 404 requests.
163
  // For that to happen, we need to delay until template_redirect.
164
  if ( self::is_frontend() ) {
165
- $bootstrap_hook = [ 'wp', 0 ];
 
166
  }
167
 
168
  add_action( $bootstrap_hook[0], array( $this, 'setup' ), $bootstrap_hook[1] );
@@ -228,6 +228,25 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
228
  return ! is_admin() && ! self::is_login_screen() && ( ! defined( 'WP_CLI' ) || ! WP_CLI ) && ( ! defined( 'DOING_CRON' ) || ! DOING_CRON ) && ! self::is_rest_api();
229
  }
230
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
231
  /**
232
  * Decides if the plugin should run, sets up constants, includes, inits hooks, etc.
233
  *
@@ -268,20 +287,31 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
268
  // This is a frontend request, and it's a 404, but we are not logging 404s.
269
  return false;
270
  }
271
- } elseif ( ! is_user_logged_in() && ! $this->load_for_visitor_events() ) {
272
  // This is not a 404, and the user isn't logged in, and we aren't logging visitor events.
273
  return false;
274
  }
275
  }
276
 
277
  // If this is a rest API request and the user is not logged in, bail.
278
- if ( self::is_rest_api() && ! is_user_logged_in() && ! $this->load_for_visitor_events() ) {
279
  return false;
280
  }
281
 
282
  return true;
283
  }
284
 
 
 
 
 
 
 
 
 
 
 
 
285
  /**
286
  * Include Plugin Files.
287
  *
@@ -385,7 +415,7 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
385
  * @return bool
386
  */
387
  public static function is_login_screen() {
388
- return parse_url( wp_login_url(), PHP_URL_PATH ) === parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH );
389
  }
390
 
391
  /**
@@ -475,7 +505,7 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
475
  return;
476
  }
477
 
478
- if ( is_admin() || self::is_login_screen() || ( is_admin() && defined( 'DOING_CRON' ) ) ) {
479
  self::load_freemius();
480
 
481
  if ( ! apply_filters( 'wsal_disable_freemius_sdk', false ) ) {
@@ -503,12 +533,16 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
503
  */
504
  public function load_for_404s() {
505
  if ( null === $this->load_for_404s ) {
506
- if ( ! is_user_logged_in() && ! self::load_for_visitor_events() ) {
 
 
 
 
507
  // This overrides the setting.
508
- $this->load_for_404s = false;
509
  } else {
510
  // We are doing a raw lookup here because The WSAL options system might not be loaded.
511
- $this->load_for_404s = self::raw_alert_is_enabled( is_user_logged_in() ? 6007 : 6023 );
512
  }
513
  }
514
 
@@ -636,6 +670,12 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
636
  wp_safe_redirect( $redirect );
637
  exit();
638
  }
 
 
 
 
 
 
639
  }
640
 
641
  /**
@@ -886,6 +926,7 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
886
  // Hide plugin.
887
  if ( $this->settings->IsIncognito() ) {
888
  add_action( 'admin_head', array( $this, 'HidePlugin' ) );
 
889
  }
890
 
891
  // Update routine.
@@ -957,7 +998,16 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
957
  $fields = esc_html( $post_array['notice'] );
958
  }
959
  $this->SetGlobalOption( 'excluded-custom', $fields );
960
- echo '<p>Custom Field ' . esc_html( $post_array['notice'] ) . ' is no longer being monitored.<br />Enable the monitoring of this custom field again from the <a href="admin.php?page=wsal-settings#tab-exclude">Excluded Objects</a> tab in the plugin settings</p>';
 
 
 
 
 
 
 
 
 
961
  die;
962
  }
963
 
@@ -993,8 +1043,7 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
993
  $s_alerts = esc_html( $post_array['code'] );
994
  }
995
  $this->SetGlobalOption( 'disabled-alerts', $s_alerts );
996
- echo '<p>Alert ' . esc_html( $post_array['code'] ) . ' is no longer being monitored.<br />';
997
- echo 'You can enable this alert again from the Enable/Disable Alerts node in the plugin menu.</p>';
998
  die;
999
  }
1000
 
@@ -1144,13 +1193,6 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
1144
  $this->Update( $old_version, $new_version );
1145
  }
1146
 
1147
- // Load options from wp_options table or wp_sitemeta in multisite enviroment.
1148
- $data = $this->read_options_prefixed( 'wsal-' );
1149
- if ( ! empty( $data ) ) {
1150
- $this->SetOptions( $data );
1151
- }
1152
- $this->deleteAllOptions();
1153
-
1154
  // If system wasn't installed, try migration now.
1155
  if ( ! $pre_installed && $this->CanMigrate() ) {
1156
  $this->Migrate();
@@ -1378,6 +1420,35 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
1378
  self::getConnector()->getAdapter( 'Meta' )->create_indexes();
1379
  }
1380
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1381
  }
1382
  }
1383
 
@@ -1391,68 +1462,6 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
1391
  $this->wsal_deprecate( __METHOD__, '3.2.3.3' );
1392
  }
1393
 
1394
- /**
1395
- * Delete from the options table of WP.
1396
- *
1397
- * @param string $prefix - Table prefix.
1398
- * @return boolean - Query result.
1399
- */
1400
- public function delete_options_prefixed( $prefix ) {
1401
- global $wpdb;
1402
- if ( $this->IsMultisite() ) {
1403
- $table_name = $wpdb->prefix . 'sitemeta';
1404
- $result = $wpdb->query( "DELETE FROM {$table_name} WHERE meta_key LIKE '{$prefix}%'" );
1405
- } else {
1406
- $result = $wpdb->query( "DELETE FROM {$wpdb->options} WHERE option_name LIKE '{$prefix}%'" );
1407
- }
1408
- return ( $result ) ? true : false;
1409
- }
1410
-
1411
- /**
1412
- * Delete all the Wsal options from the options table of WP.
1413
- */
1414
- private function deleteAllOptions() {
1415
- $flag = true;
1416
- while ( $flag ) {
1417
- $flag = $this->delete_options_prefixed( self::OPT_PRFX );
1418
- }
1419
- }
1420
-
1421
- /**
1422
- * Read options from the options table of WP.
1423
- *
1424
- * @param string $prefix - Table prefix.
1425
- * @return boolean - Query result.
1426
- */
1427
- public function read_options_prefixed( $prefix ) {
1428
- global $wpdb;
1429
- if ( $this->IsMultisite() ) {
1430
- $table_name = $wpdb->prefix . 'sitemeta';
1431
- $results = $wpdb->get_results( "SELECT site_id,meta_key,meta_value FROM {$table_name} WHERE meta_key LIKE '{$prefix}%'", ARRAY_A );
1432
- } else {
1433
- $results = $wpdb->get_results( "SELECT option_name,option_value FROM {$wpdb->options} WHERE option_name LIKE '{$prefix}%'", ARRAY_A );
1434
- }
1435
- return $results;
1436
- }
1437
-
1438
- /**
1439
- * Set options in the Wsal options table.
1440
- *
1441
- * @param array $data - Table prefix.
1442
- */
1443
- public function SetOptions( $data ) {
1444
- if ( empty( $this->options ) ) {
1445
- $this->options = new WSAL_Models_Option();
1446
- }
1447
- foreach ( $data as $key => $option ) {
1448
- if ( $this->IsMultisite() ) {
1449
- $this->options->SetOptionValue( $option['meta_key'], $option['meta_value'] );
1450
- } else {
1451
- $this->options->SetOptionValue( $option['option_name'], $option['option_value'] );
1452
- }
1453
- }
1454
- }
1455
-
1456
  /**
1457
  * Migrate data from old plugin.
1458
  */
@@ -1954,6 +1963,29 @@ if ( ! function_exists( 'wsal_freemius' ) ) {
1954
  }
1955
  }
1956
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1957
  }
1958
 
1959
  // Begin load sequence.
4
  * Plugin URI: http://www.wpsecurityauditlog.com/
5
  * Description: Identify WordPress security issues before they become a problem. Keep track of everything happening on your WordPress including WordPress users activity. Similar to Windows Event Log and Linux Syslog, WP Security Audit Log generates a security alert for everything that happens on your WordPress blogs and websites. Use the Audit Log Viewer included in the plugin to see all the security alerts.
6
  * Author: WP White Security
7
+ * Version: 3.5
8
  * Text Domain: wp-security-audit-log
9
  * Author URI: http://www.wpwhitesecurity.com/
10
  * License: GPL2
11
  *
12
  * @package Wsal
13
  *
14
+ * @fs_premium_only /extensions/, /sdk/twilio-php/
 
15
  */
16
 
17
  /*
46
  *
47
  * @var string
48
  */
49
+ public $version = '3.5';
50
 
51
  // Plugin constants.
52
  const PLG_CLS_PRFX = 'WSAL_';
161
  // Frontend requests should only log for certain 404 requests.
162
  // For that to happen, we need to delay until template_redirect.
163
  if ( self::is_frontend() ) {
164
+ $bootstrap_hook = [ 'wp_loaded', 0 ];
165
+ add_action( 'wp', array( $this, 'setup_404' ) );
166
  }
167
 
168
  add_action( $bootstrap_hook[0], array( $this, 'setup' ), $bootstrap_hook[1] );
228
  return ! is_admin() && ! self::is_login_screen() && ( ! defined( 'WP_CLI' ) || ! WP_CLI ) && ( ! defined( 'DOING_CRON' ) || ! DOING_CRON ) && ! self::is_rest_api();
229
  }
230
 
231
+ /**
232
+ * Decides if the plugin should run for 404 events on `wp` hook
233
+ * IF not already loaded on `wp_loaded` hook for frontend request.
234
+ */
235
+ public function setup_404() {
236
+ // If a user is logged in OR if the frontend sensors are allowed to load, then bail.
237
+ if ( is_user_logged_in() || self::should_load_frontend() ) {
238
+ return;
239
+ }
240
+
241
+ // If the current page is not 404 OR if the loading of 404 frontend sensor is not allowed, then bail.
242
+ if ( ! is_404() || ! $this->load_for_404s() ) {
243
+ return;
244
+ }
245
+
246
+ // Otherwise load WSAL on wp hook.
247
+ $this->setup();
248
+ }
249
+
250
  /**
251
  * Decides if the plugin should run, sets up constants, includes, inits hooks, etc.
252
  *
287
  // This is a frontend request, and it's a 404, but we are not logging 404s.
288
  return false;
289
  }
290
+ } elseif ( ! is_user_logged_in() && ! self::should_load_frontend() ) {
291
  // This is not a 404, and the user isn't logged in, and we aren't logging visitor events.
292
  return false;
293
  }
294
  }
295
 
296
  // If this is a rest API request and the user is not logged in, bail.
297
+ if ( self::is_rest_api() && ! is_user_logged_in() ) {
298
  return false;
299
  }
300
 
301
  return true;
302
  }
303
 
304
+ /**
305
+ * Checks to see if WSAL should be loaded for register, login, and comment events.
306
+ *
307
+ * @return bool
308
+ */
309
+ public static function should_load_frontend() {
310
+ $event_opt = 'wsal-frontend-events';
311
+ $frontend_events = ! is_multisite() ? get_option( $event_opt ) : get_network_option( get_main_network_id(), $event_opt );
312
+ return ! empty( $frontend_events['register'] ) || ! empty( $frontend_events['login'] ) || ! empty( $frontend_events['woocommerce'] );
313
+ }
314
+
315
  /**
316
  * Include Plugin Files.
317
  *
415
  * @return bool
416
  */
417
  public static function is_login_screen() {
418
+ return parse_url( site_url( 'wp-login.php' ), PHP_URL_PATH ) === parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH );
419
  }
420
 
421
  /**
505
  return;
506
  }
507
 
508
+ if ( is_admin() || self::is_login_screen() || ( defined( 'DOING_CRON' ) && DOING_CRON ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) {
509
  self::load_freemius();
510
 
511
  if ( ! apply_filters( 'wsal_disable_freemius_sdk', false ) ) {
533
  */
534
  public function load_for_404s() {
535
  if ( null === $this->load_for_404s ) {
536
+ if ( ! is_user_logged_in() ) {
537
+ // Get the frontend sensors setting.
538
+ $event_opt = 'wsal-frontend-events';
539
+ $frontend_events = ! is_multisite() ? get_option( $event_opt ) : get_network_option( get_main_network_id(), $event_opt );
540
+
541
  // This overrides the setting.
542
+ $this->load_for_404s = ! empty( $frontend_events['system'] ) ? true : false;
543
  } else {
544
  // We are doing a raw lookup here because The WSAL options system might not be loaded.
545
+ $this->load_for_404s = self::raw_alert_is_enabled( 6007 );
546
  }
547
  }
548
 
670
  wp_safe_redirect( $redirect );
671
  exit();
672
  }
673
+
674
+ if ( get_option( 'wsal-redirect-to-frontend-wizard', false ) ) {
675
+ delete_option( 'wsal-redirect-to-frontend-wizard' );
676
+ wp_safe_redirect( add_query_arg( 'page', 'wsal-front-setup', admin_url( 'index.php' ) ) );
677
+ exit();
678
+ }
679
  }
680
 
681
  /**
926
  // Hide plugin.
927
  if ( $this->settings->IsIncognito() ) {
928
  add_action( 'admin_head', array( $this, 'HidePlugin' ) );
929
+ add_filter( 'all_plugins', array( $this, 'wsal_hide_plugin' ) );
930
  }
931
 
932
  // Update routine.
998
  $fields = esc_html( $post_array['notice'] );
999
  }
1000
  $this->SetGlobalOption( 'excluded-custom', $fields );
1001
+
1002
+ // Exclude object link.
1003
+ $exclude_objects_link = add_query_arg(
1004
+ array(
1005
+ 'page' => 'wsal-settings',
1006
+ 'tab' => 'exclude-objects',
1007
+ ),
1008
+ admin_url( 'admin.php' )
1009
+ );
1010
+ echo wp_sprintf( '<p>' . __( 'Custom Field %1$s is no longer being monitored.<br />Enable the monitoring of this custom field again from the', 'wp-security-audit-log' ) . ' <a href="%2$s">%3$s</a>%4$s</p>', $post_array['notice'], $exclude_objects_link, __( 'Excluded Objects', 'wp-security-audit-log' ), __( ' tab in the plugin settings', 'wp-security-audit-log' ) );
1011
  die;
1012
  }
1013
 
1043
  $s_alerts = esc_html( $post_array['code'] );
1044
  }
1045
  $this->SetGlobalOption( 'disabled-alerts', $s_alerts );
1046
+ echo wp_sprintf( '<p>' . __( 'Alert %1$s is no longer being monitored.<br /> %2$s', 'wp-security-audit-log' ) . '</p>', esc_html( $post_array['code'] ), __( 'You can enable this alert again from the Enable/Disable Alerts node in the plugin menu.', 'wp-security-audit-log' ) );
 
1047
  die;
1048
  }
1049
 
1193
  $this->Update( $old_version, $new_version );
1194
  }
1195
 
 
 
 
 
 
 
 
1196
  // If system wasn't installed, try migration now.
1197
  if ( ! $pre_installed && $this->CanMigrate() ) {
1198
  $this->Migrate();
1420
  self::getConnector()->getAdapter( 'Meta' )->create_indexes();
1421
  }
1422
  }
1423
+
1424
+ /**
1425
+ * IMPORTANT: VERSION SPECIFIC UPDATE
1426
+ *
1427
+ * It only needs to run when old version of the plugin is less than 3.5
1428
+ * & the new version is later than 3.4.3.1.
1429
+ *
1430
+ * @since 3.5
1431
+ */
1432
+ if ( version_compare( $old_version, '3.5', '<' ) && version_compare( $new_version, '3.4.3.1', '>' ) ) {
1433
+ $frontend_events = array(
1434
+ 'register' => true, // Enabled by default to ensure users to not loose any functionality.
1435
+ 'login' => true, // Enabled by default to ensure users to not loose any functionality.
1436
+ 'system' => false,
1437
+ 'woocommerce' => self::is_woocommerce_active(),
1438
+ );
1439
+
1440
+ // If event 6023 is enabled.
1441
+ if ( self::raw_alert_is_enabled( 6023 ) ) {
1442
+ $frontend_events['system'] = true; // Then enable it for the frontend.
1443
+ }
1444
+
1445
+ if ( self::is_woocommerce_active() ) {
1446
+ $frontend_events['woocommerce'] = true;
1447
+ }
1448
+
1449
+ $this->settings->set_frontend_events( $frontend_events );
1450
+ add_option( 'wsal-redirect-to-frontend-wizard', true );
1451
+ }
1452
  }
1453
  }
1454
 
1462
  $this->wsal_deprecate( __METHOD__, '3.2.3.3' );
1463
  }
1464
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1465
  /**
1466
  * Migrate data from old plugin.
1467
  */
1963
  }
1964
  }
1965
  }
1966
+
1967
+ /**
1968
+ * Hide WSAL plugin from plugin list
1969
+ *
1970
+ * @param array $plugins All plugins.
1971
+ * @return array
1972
+ */
1973
+ public function wsal_hide_plugin( $plugins ) {
1974
+ global $pagenow;
1975
+
1976
+ // Check current page.
1977
+ if ( 'plugins.php' !== $pagenow ) {
1978
+ return;
1979
+ }
1980
+
1981
+ // Find WSAL by plugin basename.
1982
+ if ( array_key_exists( WSAL_BASE_NAME, $plugins ) ) {
1983
+ // Remove WSAL plugin from plugin list page.
1984
+ unset( $plugins[ WSAL_BASE_NAME ] );
1985
+ }
1986
+
1987
+ return $plugins;
1988
+ }
1989
  }
1990
 
1991
  // Begin load sequence.