Shield Security for WordPress - Version 10.1.6

Version Description

Download this release

Release Info

Developer paultgoodchild
Plugin Icon 128x128 Shield Security for WordPress
Version 10.1.6
Comparing to
See all releases

Code changes from version 10.1.5 to 10.1.6

Files changed (15) hide show
  1. cl.json +6 -0
  2. icwp-wpsf.php +3 -3
  3. plugin-spec.php +4 -4
  4. readme.txt +64 -20
  5. resources/js/shield-antibot.js +65 -64
  6. src/config/feature-license.php +1 -2
  7. src/lib/src/Modules/License/Lib/LicenseEmails.php +10 -11
  8. src/lib/src/Modules/License/Lib/LicenseHandler.php +7 -12
  9. src/lib/src/Modules/License/Options.php +1 -1
  10. src/lib/src/Modules/LoginGuard/Lib/Rename/RenameLogin.php +2 -1
  11. src/lib/src/Modules/Sessions/Processor.php +1 -1
  12. src/lib/src/Modules/UserManagement/Lib/Session/UserSessionHandler.php +13 -12
  13. src/lib/src/ShieldNetApi/Common/BaseShieldNetApi.php +1 -1
  14. src/lib/vendor/composer/autoload_classmap.php +1 -0
  15. src/lib/vendor/composer/autoload_static.php +1 -0
cl.json CHANGED
@@ -127,6 +127,12 @@
127
  "title": "Stop notice showing when it's not required.",
128
  "description": [],
129
  "patch": "10.1.5"
 
 
 
 
 
 
130
  }
131
  ]
132
  },
127
  "title": "Stop notice showing when it's not required.",
128
  "description": [],
129
  "patch": "10.1.5"
130
+ },
131
+ {
132
+ "type": "fixed",
133
+ "title": "Prevent warnings and logouts when loading WordPress Site Health tool.",
134
+ "description": [],
135
+ "patch": "10.1.6"
136
  }
137
  ]
138
  },
icwp-wpsf.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
- * Version: 10.1.5
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
@@ -11,7 +11,7 @@
11
  */
12
 
13
  /**
14
- * Copyright (c) 2020 Shield Security <support@shieldsecurity.io>
15
  * All rights reserved.
16
  * "Shield" (formerly WordPress Simple Firewall) is distributed under the GNU
17
  * General Public License, Version 2, June 1991. Copyright (C) 1989, 1991 Free
@@ -55,7 +55,7 @@ elseif ( @is_file( dirname( __FILE__ ).'/src/lib/vendor/autoload.php' ) ) {
55
  register_activation_hook( __FILE__, 'icwp_wpsf_onactivate' );
56
  }
57
  else {
58
- add_action( 'admin_notices', function() {
59
  echo sprintf( '<div class="error"><h4>%s</h4><p>%s</p></div>',
60
  'Shield Security Plugin - Broken Installation',
61
  implode( '<br/>', [
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
+ * Version: 10.1.6
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
11
  */
12
 
13
  /**
14
+ * Copyright (c) 2021 Shield Security <support@getshieldsecurity.com>
15
  * All rights reserved.
16
  * "Shield" (formerly WordPress Simple Firewall) is distributed under the GNU
17
  * General Public License, Version 2, June 1991. Copyright (C) 1989, 1991 Free
55
  register_activation_hook( __FILE__, 'icwp_wpsf_onactivate' );
56
  }
57
  else {
58
+ add_action( 'admin_notices', function () {
59
  echo sprintf( '<div class="error"><h4>%s</h4><p>%s</p></div>',
60
  'Shield Security Plugin - Broken Installation',
61
  implode( '<br/>', [
plugin-spec.php CHANGED
@@ -1,8 +1,8 @@
1
  {
2
  "properties": {
3
- "version": "10.1.5",
4
- "release_timestamp": 1607348838,
5
- "build": "202012.0702",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
@@ -19,7 +19,7 @@
19
  "enable_premium": true
20
  },
21
  "requirements": {
22
- "php": "7.0.0",
23
  "wordpress": "3.5.2"
24
  },
25
  "upgrade_reqs": {
1
  {
2
  "properties": {
3
+ "version": "10.1.6",
4
+ "release_timestamp": 1611222790,
5
+ "build": "202101.2101",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
19
  "enable_premium": true
20
  },
21
  "requirements": {
22
+ "php": "7.0",
23
  "wordpress": "3.5.2"
24
  },
25
  "upgrade_reqs": {
readme.txt CHANGED
@@ -1,5 +1,5 @@
1
  === Shield Security: Powerful All-In-One Protection ===
2
- Contributors: onedollarplugin, paultgoodchild
3
  Donate link: https://shsec.io/bw
4
  License: GPLv3
5
  License URI: http://www.gnu.org/licenses/gpl.html
@@ -8,7 +8,7 @@ Requires at least: 3.5.2
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
  Tested up to: 5.6
11
- Stable tag: 10.1.5
12
 
13
  The highest rated WordPress Security plugin, delivering unparalleled, all-in-one protection for you and your customers.
14
 
@@ -16,7 +16,7 @@ The highest rated WordPress Security plugin, delivering unparalleled, all-in-one
16
 
17
  #### Get the highest rated 5* Security Plugin for WordPress
18
 
19
- Don't *settle* for the same ol' security plugin just because everyone else does.
20
 
21
  #### Shield makes Security for WordPress easy
22
 
@@ -30,32 +30,43 @@ Wouldn't it be great if your Security plugin took responsibility and handled pro
30
 
31
  Shield does exactly this. It's your Silent Guardian.
32
 
33
- #### Shield Features You'll Absolutely Love =
34
 
35
  * [Automatic Bot & IP Blocking](https://shsec.io/j0) - points-based system (that you control) to detect bad bots and block them.
36
  * Block Bot Attacks On Important Forms:
37
  * Login
38
  * Registration
39
  * Password Reset
 
 
40
  * [Limit Login Attempts + Login Cooldown System](https://shsec.io/iw)
41
  * Powerful Firewall Rules
42
  * Restricted Security Admin Access
43
  * [Prevents Unauthorized Changes To Site Even By Admins](https://shsec.io/ix).
44
- * (2FA) [2-Factor Login Authentication](https://shsec.io/iy):
45
  * Email
46
  * Google Authenticator
47
  * Yubikey
 
 
 
 
48
  * [Block XML-RPC](https://shsec.io/iz) (*including* Pingbacks and Trackbacks)
49
  * Block Anonymous Rest API
50
- * Block and Bypass IP Addresses
51
  * [Automatic IP Address Blocking Using Points-Based/Offenses System](https://shsec.io/j0)
52
  * Block or Bypass individual IPs
53
  * Block or Bypass IP Subnets
54
- * Automatic File Scanning
55
- * Detect File Changes - [Scan & Repair WordPress Core Files](https://shsec.io/j1)
56
- * [Detect Unknown/Suspicious PHP Files](https://shsec.io/j2)
 
 
 
 
 
57
  * [Create a **Custom Login URL** by hiding wp-login.php](https://shsec.io/j3)
58
- * Detect (and optionally Block) Comment SPAM.
59
  * reCAPTCHA & [hCAPTCHA](https://shsec.io/j4) support
60
  * **Never Block Google**: Automatic Detection and Bypass for GoogleBot, Bing and other Official Search Engines including:
61
  * Google
@@ -80,10 +91,13 @@ Shield does exactly this. It's your Silent Guardian.
80
  * Restrict Users Session To IP
81
  * Block Use Of Pwned Passwords
82
  * Block User Enumeration (?author=x)
 
83
  * Full/Automatic Support for All IP Address Sources including Proxy Support
84
  * [Full Traffic Log and Request Monitoring](https://shsec.io/j7)
85
  * [HTTP Security Headers & Content Security Policies (CSP)](https://shsec.io/j6)
86
 
 
 
87
  ### Dedicated Premium Support When You Go PRO
88
 
89
  The Shield Security team prioritises email technical support over the WordPress.org forums.
@@ -148,9 +162,11 @@ Any IP address that is on the whitelist will not be subject to **any of the fire
148
 
149
  Yes. To specify a range you use CIDR notation. E.g. ABC.DEF.GHJ.KMP/16
150
 
151
- = I want to black list an IP address, where can I do that? =
 
 
152
 
153
- You can't. The plugin runs an automatic black list IP system so you don't need to maintain any manual lists.
154
 
155
  = I've locked myself out from my own site! =
156
 
@@ -176,11 +192,6 @@ Remember: If you leave one of these files on the server, it will override your o
176
 
177
  Whitelist. So if you have the same address in both lists, it'll be whitelisted and allowed to pass before the blacklist comes into effect.
178
 
179
- = What changes go into each version? =
180
-
181
- The changelog outlines the main changes for each release. We group changes by minor release "Series". Changes in smaller "point" releases are highlighted
182
- using **(.1)** notation. So for example, version 4.4**.1** will have changelog items appended with **(.1)**
183
-
184
  = Can I assist with development? =
185
 
186
  Yes! We actively [develop our plugin on Github](https://github.com/FernleafSystems/wp-simple-firewall) and the best thing you can do is submit pull request and bug reports which we'll review.
@@ -209,10 +220,12 @@ that are url, param and password will be ignored by the firewall.
209
 
210
  = How does the login cooldown work? =
211
 
212
- When enabled the plugin will prevent more than 1 login attempt to your site every "so-many" seconds. So if you enable a login cooldown
213
  of 60 seconds, only 1 login attempt will be processed every 60 seconds. If you login incorrectly, you wont be able to attempt another
214
  login for a further 60 seconds.
215
 
 
 
216
  More Info: https://shsec.io/2t
217
 
218
  = How does the GASP Login Guard work? =
@@ -221,13 +234,37 @@ This is best [described on the blog](https://shsec.io/2u)
221
 
222
  = How does the 2-factor authentication work? =
223
 
224
- [2-Factor Authentication is best described here](https://shsec.io/2v).
 
 
 
 
 
 
 
 
225
 
226
  = I'm getting an update message although I have auto update enabled? =
227
 
228
  The Automatic (Background) WordPress updates happens on a WordPress schedule - it doesn't happen immediately when an update is detected.
229
  You can either manually upgrade, or WordPress will handle it in due course.
230
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
231
  = How can I remove the WordPress admin footer message that displays my IP address? =
232
 
233
  You can add some custom code to your functions.php exactly as the following:
@@ -248,6 +285,13 @@ Use the following filter and return the role in the function:
248
 
249
  Possible options are: network_admin, administrator, editor, author, contributor, subscriber
250
 
 
 
 
 
 
 
 
251
  == Screenshots ==
252
 
253
  1. A top-level dashboard that shows all the important things you need to know at-a-glance.
@@ -265,4 +309,4 @@ The full Shield Changelog can be viewed from our home page:
265
  ShieldPRO delivers exclusive security features to the serious site administrator to maximise site security
266
  You'll also have direct access to our technical support team.
267
 
268
- [Go Pro from just $1/month](https://shsec.io/aa).
1
  === Shield Security: Powerful All-In-One Protection ===
2
+ Contributors: paultgoodchild, getshieldsecurity
3
  Donate link: https://shsec.io/bw
4
  License: GPLv3
5
  License URI: http://www.gnu.org/licenses/gpl.html
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
  Tested up to: 5.6
11
+ Stable tag: 10.1.6
12
 
13
  The highest rated WordPress Security plugin, delivering unparalleled, all-in-one protection for you and your customers.
14
 
16
 
17
  #### Get the highest rated 5* Security Plugin for WordPress
18
 
19
+ Don't *settle* for the same security plugin just because everyone else does.
20
 
21
  #### Shield makes Security for WordPress easy
22
 
30
 
31
  Shield does exactly this. It's your Silent Guardian.
32
 
33
+ #### Shield Features You'll Absolutely Love
34
 
35
  * [Automatic Bot & IP Blocking](https://shsec.io/j0) - points-based system (that you control) to detect bad bots and block them.
36
  * Block Bot Attacks On Important Forms:
37
  * Login
38
  * Registration
39
  * Password Reset
40
+ * [ShieldPRO] WooCommerce & Easy Digital Downloads
41
+ * [ShieldPRO] Memberpress, LearnPress, BuddyPress, WP Members, ProfileBuilder
42
  * [Limit Login Attempts + Login Cooldown System](https://shsec.io/iw)
43
  * Powerful Firewall Rules
44
  * Restricted Security Admin Access
45
  * [Prevents Unauthorized Changes To Site Even By Admins](https://shsec.io/ix).
46
+ * (MFA) [Two-Factor / Multi-Factor Login Authentication](https://shsec.io/iy):
47
  * Email
48
  * Google Authenticator
49
  * Yubikey
50
+ * [ShieldPRO] U2F Keys
51
+ * [ShieldPRO] Backup Login Codes
52
+ * [ShieldPRO] Multiple Yubikey per User
53
+ * [ShieldPRO] Remember Me (reduces 2FA requests for users)
54
  * [Block XML-RPC](https://shsec.io/iz) (*including* Pingbacks and Trackbacks)
55
  * Block Anonymous Rest API
56
+ * Block, Bypass and Analyse IP Addresses
57
  * [Automatic IP Address Blocking Using Points-Based/Offenses System](https://shsec.io/j0)
58
  * Block or Bypass individual IPs
59
  * Block or Bypass IP Subnets
60
+ * Full IP Analysis in 1 place to see their activity on your sites
61
+ * Complete WordPress Scanning for Intrusions and Hacks
62
+ * Detect File Changes - [Scan & Repair WordPress Core Files](https://shsec.io/j1)
63
+ * [Detect Unknown/Suspicious PHP Files](https://shsec.io/j2)
64
+ * Detect Abandoned Plugins.
65
+ * [ShieldPRO] Malware Scanner - detects known and unknown malware.
66
+ * [ShieldPRO] Plugin and Theme file scanning - identify file changes in your plugins/themes.
67
+ * [ShieldPRO] Detect Plugins/Themes With Known Vulnerabilities.
68
  * [Create a **Custom Login URL** by hiding wp-login.php](https://shsec.io/j3)
69
+ * Detect (and optionally Block) [Comment SPAM from Bots and Humans](https://shsec.io/jf).
70
  * reCAPTCHA & [hCAPTCHA](https://shsec.io/j4) support
71
  * **Never Block Google**: Automatic Detection and Bypass for GoogleBot, Bing and other Official Search Engines including:
72
  * Google
91
  * Restrict Users Session To IP
92
  * Block Use Of Pwned Passwords
93
  * Block User Enumeration (?author=x)
94
+ * [ShieldPRO] User Suspend - manual and automatic.
95
  * Full/Automatic Support for All IP Address Sources including Proxy Support
96
  * [Full Traffic Log and Request Monitoring](https://shsec.io/j7)
97
  * [HTTP Security Headers & Content Security Policies (CSP)](https://shsec.io/j6)
98
 
99
+ #### [Full Shield Security Features List](https://shsec.io/shieldfeatures)
100
+
101
  ### Dedicated Premium Support When You Go PRO
102
 
103
  The Shield Security team prioritises email technical support over the WordPress.org forums.
162
 
163
  Yes. To specify a range you use CIDR notation. E.g. ABC.DEF.GHJ.KMP/16
164
 
165
+ = I want to review and manage IP addresses, where can I do that? =
166
+
167
+ You can use IP Lists section. This is an essential tool you can use to analyse IP address, review information concerning blocked and bypassed IP addresses.
168
 
169
+ It shows you geo-location information and all the request made to your site by that IP, including offenses and any logged-in users.
170
 
171
  = I've locked myself out from my own site! =
172
 
192
 
193
  Whitelist. So if you have the same address in both lists, it'll be whitelisted and allowed to pass before the blacklist comes into effect.
194
 
 
 
 
 
 
195
  = Can I assist with development? =
196
 
197
  Yes! We actively [develop our plugin on Github](https://github.com/FernleafSystems/wp-simple-firewall) and the best thing you can do is submit pull request and bug reports which we'll review.
220
 
221
  = How does the login cooldown work? =
222
 
223
+ Login Cooldown prevents more than 1 login attempt to your site every "so-many" seconds. So if you enable a login cooldown
224
  of 60 seconds, only 1 login attempt will be processed every 60 seconds. If you login incorrectly, you wont be able to attempt another
225
  login for a further 60 seconds.
226
 
227
+ This system completely blocks any level of brute-force login attacks and a cooldown of just 1 second goes a long way.
228
+
229
  More Info: https://shsec.io/2t
230
 
231
  = How does the GASP Login Guard work? =
234
 
235
  = How does the 2-factor authentication work? =
236
 
237
+ 2-Factor Authentication [is best described here](https://shsec.io/2v).
238
+
239
+ = I'm not receiving the email with 2FA verification code.? =
240
+
241
+ Email delivery is a huge problem with WordPress sites and is very common.
242
+
243
+ Your WordPress is not designed to send emails. The best solution is to use a service that is dedicated to the purpose of sending emails.
244
+
245
+ [This is what we recommend](https://shsec.io/jj).
246
 
247
  = I'm getting an update message although I have auto update enabled? =
248
 
249
  The Automatic (Background) WordPress updates happens on a WordPress schedule - it doesn't happen immediately when an update is detected.
250
  You can either manually upgrade, or WordPress will handle it in due course.
251
 
252
+ = I'm getting large volumes of comment SPAM. How can I stop this? =
253
+
254
+ You can block 100% of automated spam bots and also block and analyse human-generated spam. [This is best described here](https://shsec.io/jg).
255
+
256
+ = Do you offer White Label? =
257
+
258
+ Yes, we do. You can essentially rename the Shield plugin to whatever you would like it to be.
259
+
260
+ It ensures a more consistent brand offering and presents your business offering as a more holistic, integrated solution.
261
+
262
+ We go into [further detail here](https://shsec.io/jh).
263
+
264
+ = I’d like to customise 2FA emails sent to my site users. How can I do that? =
265
+
266
+ You can use our custom [templates for this purpose](https://shsec.io/ji).
267
+
268
  = How can I remove the WordPress admin footer message that displays my IP address? =
269
 
270
  You can add some custom code to your functions.php exactly as the following:
285
 
286
  Possible options are: network_admin, administrator, editor, author, contributor, subscriber
287
 
288
+ = What changes go into each Shield version? =
289
+
290
+ The changelog outlines the main changes for each release. We group changes by minor release "Series". Changes in smaller "point" releases are highlighted
291
+ using **(.1)** notation. So for example, version 10.1**.1** will have changelog items appended with **(.1)**
292
+
293
+ You can view the entire [Shield changelog here](https://shsec.io/shieldwporgfullchangelog).
294
+
295
  == Screenshots ==
296
 
297
  1. A top-level dashboard that shows all the important things you need to know at-a-glance.
309
  ShieldPRO delivers exclusive security features to the serious site administrator to maximise site security
310
  You'll also have direct access to our technical support team.
311
 
312
+ [Go Pro](https://shsec.io/aa) or grab the [free ShieldPRO Trial](https://shsec.io/shieldfreetrialwporgreadme).
resources/js/shield-antibot.js CHANGED
@@ -1,8 +1,9 @@
1
- if ( typeof icwp_wpsf_vars_lpantibot !== 'undefined' ) {
2
- var iCWP_WPSF_LoginGuard_Gasp = new function () {
 
 
 
3
 
4
- this.initialise = function () {
5
- jQuery( document ).ready( function () {
6
  jQuery( icwp_wpsf_vars_lpantibot.form_selectors ).each(
7
  function ( _ ) {
8
  if ( this !== null ) {
@@ -31,72 +32,72 @@ if ( typeof icwp_wpsf_vars_lpantibot !== 'undefined' ) {
31
  }
32
  }
33
  );
34
- } );
35
- };
 
36
 
37
- var insertPlaceHolder_Recap = function ( form ) {
38
- var recap_div = document.createElement( 'div' );
39
- recap_div.classList.add( 'icwpg-recaptcha' );
40
- jQuery( recap_div ).insertBefore( jQuery( ':submit', form ) );
41
- };
42
 
43
- var cleanDuplicates = function ( form ) {
44
- let $oPlaceholders = jQuery( 'p.shield_gasp_placeholder', form );
45
- if ( $oPlaceholders.length > 1 ) {
46
- $oPlaceholders.each(
47
- function ( nkey ) {
48
- if ( nkey > 0 && this !== null ) {
49
- jQuery( this ).remove();
50
- }
51
  }
52
- );
53
- }
54
- };
 
55
 
56
- var insertPlaceHolder_Gasp = function ( form ) {
57
- if ( jQuery( 'p.shield_gasp_placeholder', form ).length === 0 ) {
58
- let the_p = document.createElement( "p" );
59
- the_p.classList.add( 'shield_gasp_placeholder' );
60
- the_p.innerHTML = icwp_wpsf_vars_lpantibot.strings.loading + '&hellip;';
61
- jQuery( the_p ).insertBefore( jQuery( ':submit', form ) );
62
- }
63
- };
64
 
65
- var processPlaceHolder_Gasp = function ( shiep ) {
66
- var shishoney = document.createElement( "input" );
67
- shishoney.type = "hidden";
68
- shishoney.name = "icwp_wpsf_login_email";
69
 
70
- shiep.innerHTML = '';
71
- shiep.appendChild( shishoney );
72
 
73
- var shieThe_lab = document.createElement( "label" );
74
- var shieThe_txt = document.createTextNode( ' ' + icwp_wpsf_vars_lpantibot.strings.label );
75
- var shieThe_cb = document.createElement( "input" );
76
- shieThe_cb.type = "checkbox";
77
- shieThe_cb.name = icwp_wpsf_vars_lpantibot.cbname;
78
- shieThe_cb.id = '_' + shieThe_cb.name;
79
- shiep.appendChild( shieThe_lab );
80
- shieThe_lab.appendChild( shieThe_cb );
81
- shieThe_lab.appendChild( shieThe_txt );
82
 
83
- let $oPH = jQuery( shiep );
84
- if ( [ 'p', 'P' ].includes( $oPH.parent()[ 0 ].nodeName ) ) {
85
- /** try to prevent nested paragraphs */
86
- jQuery( shiep ).insertBefore( $oPH.parent() )
87
- }
88
 
89
- let $oParentForm = $oPH.closest( 'form' );
90
- if ( $oParentForm.length > 0 ) {
91
- $oParentForm[ 0 ].onsubmit = function () {
92
- if ( shieThe_cb.checked !== true ) {
93
- alert( icwp_wpsf_vars_lpantibot.strings.alert );
94
- return false;
95
- }
96
- return true;
97
- };
98
- }
99
- };
100
- }();
101
- iCWP_WPSF_LoginGuard_Gasp.initialise();
102
- }
1
+ var iCWP_WPSF_LoginGuard_Gasp = new function () {
2
+
3
+ this.initialise = function () {
4
+ jQuery( document ).ready( function () {
5
+ if ( typeof icwp_wpsf_vars_lpantibot !== 'undefined' ) {
6
 
 
 
7
  jQuery( icwp_wpsf_vars_lpantibot.form_selectors ).each(
8
  function ( _ ) {
9
  if ( this !== null ) {
32
  }
33
  }
34
  );
35
+ }
36
+ } );
37
+ };
38
 
39
+ var insertPlaceHolder_Recap = function ( form ) {
40
+ var recap_div = document.createElement( 'div' );
41
+ recap_div.classList.add( 'icwpg-recaptcha' );
42
+ jQuery( recap_div ).insertBefore( jQuery( ':submit', form ) );
43
+ };
44
 
45
+ var cleanDuplicates = function ( form ) {
46
+ let $oPlaceholders = jQuery( 'p.shield_gasp_placeholder', form );
47
+ if ( $oPlaceholders.length > 1 ) {
48
+ $oPlaceholders.each(
49
+ function ( nkey ) {
50
+ if ( nkey > 0 && this !== null ) {
51
+ jQuery( this ).remove();
 
52
  }
53
+ }
54
+ );
55
+ }
56
+ };
57
 
58
+ var insertPlaceHolder_Gasp = function ( form ) {
59
+ if ( jQuery( 'p.shield_gasp_placeholder', form ).length === 0 ) {
60
+ let the_p = document.createElement( "p" );
61
+ the_p.classList.add( 'shield_gasp_placeholder' );
62
+ the_p.innerHTML = icwp_wpsf_vars_lpantibot.strings.loading + '&hellip;';
63
+ jQuery( the_p ).insertBefore( jQuery( ':submit', form ) );
64
+ }
65
+ };
66
 
67
+ var processPlaceHolder_Gasp = function ( shiep ) {
68
+ var shishoney = document.createElement( "input" );
69
+ shishoney.type = "hidden";
70
+ shishoney.name = "icwp_wpsf_login_email";
71
 
72
+ shiep.innerHTML = '';
73
+ shiep.appendChild( shishoney );
74
 
75
+ var shieThe_lab = document.createElement( "label" );
76
+ var shieThe_txt = document.createTextNode( ' ' + icwp_wpsf_vars_lpantibot.strings.label );
77
+ var shieThe_cb = document.createElement( "input" );
78
+ shieThe_cb.type = "checkbox";
79
+ shieThe_cb.name = icwp_wpsf_vars_lpantibot.cbname;
80
+ shieThe_cb.id = '_' + shieThe_cb.name;
81
+ shiep.appendChild( shieThe_lab );
82
+ shieThe_lab.appendChild( shieThe_cb );
83
+ shieThe_lab.appendChild( shieThe_txt );
84
 
85
+ let $oPH = jQuery( shiep );
86
+ if ( [ 'p', 'P' ].includes( $oPH.parent()[ 0 ].nodeName ) ) {
87
+ /** try to prevent nested paragraphs */
88
+ jQuery( shiep ).insertBefore( $oPH.parent() )
89
+ }
90
 
91
+ let $oParentForm = $oPH.closest( 'form' );
92
+ if ( $oParentForm.length > 0 ) {
93
+ $oParentForm[ 0 ].onsubmit = function () {
94
+ if ( shieThe_cb.checked !== true ) {
95
+ alert( icwp_wpsf_vars_lpantibot.strings.alert );
96
+ return false;
97
+ }
98
+ return true;
99
+ };
100
+ }
101
+ };
102
+ }();
103
+ iCWP_WPSF_LoginGuard_Gasp.initialise();
 
src/config/feature-license.php CHANGED
@@ -124,8 +124,7 @@
124
  }
125
  ],
126
  "definitions": {
127
- "license_store_url": "https://onedollarplugin.com/edd-sl/",
128
- "license_store_url_api": "https://onedollarplugin.com/wp-json/odp-eddkeyless/v1",
129
  "keyless_cp": "https://shsec.io/c5",
130
  "license_item_name": "Shield Security Pro",
131
  "license_item_id": "6047",
124
  }
125
  ],
126
  "definitions": {
127
+ "license_store_url_api": "https://api.getshieldsecurity.com/wp-json/odp-eddkeyless/v1",
 
128
  "keyless_cp": "https://shsec.io/c5",
129
  "license_item_name": "Shield Security Pro",
130
  "license_item_id": "6047",
src/lib/src/Modules/License/Lib/LicenseEmails.php CHANGED
@@ -26,7 +26,7 @@ class LicenseEmails {
26
  $aMessage = [
27
  __( 'Attempts to verify Shield Pro license has just failed.', 'wp-simple-firewall' ),
28
  sprintf( __( 'Please check your license on-site: %s', 'wp-simple-firewall' ), $mod->getUrl_AdminPage() ),
29
- sprintf( __( 'If this problem persists, please contact support: %s', 'wp-simple-firewall' ), 'https://support.onedollarplugin.com/' )
30
  ];
31
  $mod->getEmailProcessor()
32
  ->sendEmailWithWrap(
@@ -43,24 +43,23 @@ class LicenseEmails {
43
  $mod = $this->getMod();
44
  $opts = $this->getOptions();
45
 
46
- $bCanSend = Services::Request()
47
- ->carbon()
48
- ->subDay( 1 )->timestamp > $opts->getOpt( 'last_deactivated_email_sent_at' );
49
 
50
- if ( $bCanSend ) {
51
  $opts->setOptAt( 'last_deactivated_email_sent_at' );
52
  $mod->saveModOptions();
53
 
54
- $aMessage = [
55
- __( 'All attempts to verify Shield Pro license have failed.', 'wp-simple-firewall' ),
56
- sprintf( __( 'Please check your license on-site: %s', 'wp-simple-firewall' ), $mod->getUrl_AdminPage() ),
57
- sprintf( __( 'If this problem persists, please contact support: %s', 'wp-simple-firewall' ), 'https://support.onedollarplugin.com/' )
58
- ];
59
  $mod->getEmailProcessor()
60
  ->sendEmailWithWrap(
61
  $mod->getPluginReportEmail(),
62
  '[Action May Be Required] Pro License Has Been Deactivated',
63
- $aMessage
 
 
 
 
64
  );
65
  }
66
  }
26
  $aMessage = [
27
  __( 'Attempts to verify Shield Pro license has just failed.', 'wp-simple-firewall' ),
28
  sprintf( __( 'Please check your license on-site: %s', 'wp-simple-firewall' ), $mod->getUrl_AdminPage() ),
29
+ sprintf( __( 'If this problem persists, please contact support: %s', 'wp-simple-firewall' ), 'https://support.getshieldsecurity.com/' )
30
  ];
31
  $mod->getEmailProcessor()
32
  ->sendEmailWithWrap(
43
  $mod = $this->getMod();
44
  $opts = $this->getOptions();
45
 
46
+ $canSend = Services::Request()
47
+ ->carbon()
48
+ ->subDay( 1 )->timestamp > $opts->getOpt( 'last_deactivated_email_sent_at' );
49
 
50
+ if ( $canSend ) {
51
  $opts->setOptAt( 'last_deactivated_email_sent_at' );
52
  $mod->saveModOptions();
53
 
 
 
 
 
 
54
  $mod->getEmailProcessor()
55
  ->sendEmailWithWrap(
56
  $mod->getPluginReportEmail(),
57
  '[Action May Be Required] Pro License Has Been Deactivated',
58
+ [
59
+ __( 'All attempts to verify Shield Pro license have failed.', 'wp-simple-firewall' ),
60
+ sprintf( __( 'Please check your license on-site: %s', 'wp-simple-firewall' ), $mod->getUrl_AdminPage() ),
61
+ sprintf( __( 'If this problem persists, please contact support: %s', 'wp-simple-firewall' ), 'https://support.getshieldsecurity.com/' )
62
+ ]
63
  );
64
  }
65
  }
src/lib/src/Modules/License/Lib/LicenseHandler.php CHANGED
@@ -15,11 +15,9 @@ class LicenseHandler {
15
  use OneTimeExecute;
16
 
17
  protected function run() {
18
- $oCon = $this->getCon();
19
-
20
- add_action( $oCon->prefix( 'shield_action' ), function ( $sAction ) {
21
- $oCon = $this->getCon();
22
- switch ( $sAction ) {
23
 
24
  case 'keyless_handshake':
25
  case 'snapi_handshake':
@@ -34,16 +32,16 @@ class LicenseHandler {
34
  break;
35
 
36
  case 'license_check':
37
- if ( !wp_next_scheduled( $oCon->prefix( 'adhoc_cron_license_check' ) ) ) {
38
  wp_schedule_single_event( Services::Request()
39
- ->ts() + 20, $oCon->prefix( 'adhoc_cron_license_check' ) );
40
  }
41
  break;
42
  }
43
  } );
44
 
45
  // performs the license check on-demand
46
- add_action( $oCon->prefix( 'adhoc_cron_license_check' ), function () {
47
  /** @var ModCon $mod */
48
  $mod = $this->getMod();
49
  try {
@@ -54,10 +52,7 @@ class LicenseHandler {
54
  } );
55
  }
56
 
57
- /**
58
- * @return bool
59
- */
60
- private function canCheck() {
61
  return !in_array( $this->getCon()->getShieldAction(), [ 'keyless_handshake', 'license_check' ] )
62
  && $this->getIsLicenseNotCheckedFor( 20 )
63
  && $this->canLicenseCheck_FileFlag();
15
  use OneTimeExecute;
16
 
17
  protected function run() {
18
+ add_action( $this->getCon()->prefix( 'shield_action' ), function ( $action ) {
19
+ $con = $this->getCon();
20
+ switch ( $action ) {
 
 
21
 
22
  case 'keyless_handshake':
23
  case 'snapi_handshake':
32
  break;
33
 
34
  case 'license_check':
35
+ if ( !wp_next_scheduled( $con->prefix( 'adhoc_cron_license_check' ) ) ) {
36
  wp_schedule_single_event( Services::Request()
37
+ ->ts() + 20, $con->prefix( 'adhoc_cron_license_check' ) );
38
  }
39
  break;
40
  }
41
  } );
42
 
43
  // performs the license check on-demand
44
+ add_action( $this->getCon()->prefix( 'adhoc_cron_license_check' ), function () {
45
  /** @var ModCon $mod */
46
  $mod = $this->getMod();
47
  try {
52
  } );
53
  }
54
 
55
+ private function canCheck() :bool {
 
 
 
56
  return !in_array( $this->getCon()->getShieldAction(), [ 'keyless_handshake', 'license_check' ] )
57
  && $this->getIsLicenseNotCheckedFor( 20 )
58
  && $this->canLicenseCheck_FileFlag();
src/lib/src/Modules/License/Options.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
 
3
  namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\License;
4
 
1
+ <?php declare( strict_types=1 );
2
 
3
  namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\License;
4
 
src/lib/src/Modules/LoginGuard/Lib/Rename/RenameLogin.php CHANGED
@@ -20,7 +20,8 @@ class RenameLogin {
20
  protected function canRun() {
21
  /** @var Options $opts */
22
  $opts = $this->getOptions();
23
- return !empty( $opts->getCustomLoginPath() )
 
24
  && !$this->hasPluginConflict() && !$this->hasUnsupportedConfiguration();
25
  }
26
 
20
  protected function canRun() {
21
  /** @var Options $opts */
22
  $opts = $this->getOptions();
23
+ return !Services::IP()->isLoopback()
24
+ && !empty( $opts->getCustomLoginPath() )
25
  && !$this->hasPluginConflict() && !$this->hasUnsupportedConfiguration();
26
  }
27
 
src/lib/src/Modules/Sessions/Processor.php CHANGED
@@ -17,7 +17,7 @@ class Processor extends BaseShield\Processor {
17
  private $current;
18
 
19
  protected function run() {
20
- if ( !Services::WpUsers()->isProfilePage() ) { // only on logout
21
  add_action( 'clear_auth_cookie', function () {
22
  /** @var ModCon $mod */
23
  $mod = $this->getMod();
17
  private $current;
18
 
19
  protected function run() {
20
+ if ( !Services::WpUsers()->isProfilePage() && !Services::IP()->isLoopback() ) { // only on logout
21
  add_action( 'clear_auth_cookie', function () {
22
  /** @var ModCon $mod */
23
  $mod = $this->getMod();
src/lib/src/Modules/UserManagement/Lib/Session/UserSessionHandler.php CHANGED
@@ -49,13 +49,18 @@ class UserSessionHandler {
49
  }
50
  }
51
  catch ( \Exception $e ) {
52
- $event = $e->getMessage();
53
- $con->fireEvent( $event );
54
- $con->getModule_Sessions()
55
- ->getSessionCon()
56
- ->terminateCurrentSession();
57
- $WPU = Services::WpUsers();
58
- is_admin() ? $WPU->forceUserRelogin( [ 'shield-forcelogout' => $event ] ) : $WPU->logoutUser( true );
 
 
 
 
 
59
  }
60
  }
61
 
@@ -86,11 +91,7 @@ class UserSessionHandler {
86
 
87
  $srvIP = Services::IP();
88
  if ( $opts->isLockToIp() && $srvIP->getRequestIp() != $sess->ip ) {
89
- // We force-refresh the server IPs just to be sure.
90
- Services::IP()->getServerPublicIPs( true );
91
- if ( !$srvIP->isLoopback() ) {
92
- throw new \Exception( 'session_iplock' );
93
- }
94
  }
95
  // TODO: 'session_browserlock';
96
  }
49
  }
50
  }
51
  catch ( \Exception $e ) {
52
+ // We force-refresh the server IPs just to be sure.
53
+ $srvIP = Services::IP();
54
+ $srvIP->getServerPublicIPs( true );
55
+ if ( !$srvIP->isLoopback() ) {
56
+ $event = $e->getMessage();
57
+ $con->fireEvent( $event );
58
+ $con->getModule_Sessions()
59
+ ->getSessionCon()
60
+ ->terminateCurrentSession();
61
+ $WPU = Services::WpUsers();
62
+ is_admin() ? $WPU->forceUserRelogin( [ 'shield-forcelogout' => $event ] ) : $WPU->logoutUser( true );
63
+ }
64
  }
65
  }
66
 
91
 
92
  $srvIP = Services::IP();
93
  if ( $opts->isLockToIp() && $srvIP->getRequestIp() != $sess->ip ) {
94
+ throw new \Exception( 'session_iplock' );
 
 
 
 
95
  }
96
  // TODO: 'session_browserlock';
97
  }
src/lib/src/ShieldNetApi/Common/BaseShieldNetApi.php CHANGED
@@ -14,7 +14,7 @@ use FernleafSystems\Wordpress\Services\Services;
14
  class BaseShieldNetApi extends BaseApi {
15
 
16
  use ModConsumer;
17
- const DEFAULT_URL_STUB = 'https://net.shieldsecurity.io/wp-json/apto-snapi/v1';
18
 
19
  /**
20
  * @param string $sProperty
14
  class BaseShieldNetApi extends BaseApi {
15
 
16
  use ModConsumer;
17
+ const DEFAULT_URL_STUB = 'https://net.getshieldsecurity.com/wp-json/apto-snapi/v1';
18
 
19
  /**
20
  * @param string $sProperty
src/lib/vendor/composer/autoload_classmap.php CHANGED
@@ -735,6 +735,7 @@ return array(
735
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Changelog\\Retrieve' => $baseDir . '/src/Utilities/Changelog/Retrieve.php',
736
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpLoginCapture' => $baseDir . '/src/Utilities/Consumer/WpLoginCapture.php',
737
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpUserConsumer' => $baseDir . '/src/Utilities/Consumer/WpUserConsumer.php',
 
738
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\HCaptcha\\TestRequest' => $baseDir . '/src/Utilities/HCaptcha/TestRequest.php',
739
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Options\\CleanStorage' => $baseDir . '/src/Utilities/Options/CleanStorage.php',
740
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\ReCaptcha\\Enqueue' => $baseDir . '/src/Utilities/ReCaptcha/Enqueue.php',
735
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Changelog\\Retrieve' => $baseDir . '/src/Utilities/Changelog/Retrieve.php',
736
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpLoginCapture' => $baseDir . '/src/Utilities/Consumer/WpLoginCapture.php',
737
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpUserConsumer' => $baseDir . '/src/Utilities/Consumer/WpUserConsumer.php',
738
+ 'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Github\\ListTags' => $baseDir . '/src/Utilities/Github/ListTags.php',
739
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\HCaptcha\\TestRequest' => $baseDir . '/src/Utilities/HCaptcha/TestRequest.php',
740
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Options\\CleanStorage' => $baseDir . '/src/Utilities/Options/CleanStorage.php',
741
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\ReCaptcha\\Enqueue' => $baseDir . '/src/Utilities/ReCaptcha/Enqueue.php',
src/lib/vendor/composer/autoload_static.php CHANGED
@@ -902,6 +902,7 @@ class ComposerStaticInit0b573d8879ea3b08a114d68dbb7a4533
902
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Changelog\\Retrieve' => __DIR__ . '/../..' . '/src/Utilities/Changelog/Retrieve.php',
903
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpLoginCapture' => __DIR__ . '/../..' . '/src/Utilities/Consumer/WpLoginCapture.php',
904
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpUserConsumer' => __DIR__ . '/../..' . '/src/Utilities/Consumer/WpUserConsumer.php',
 
905
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\HCaptcha\\TestRequest' => __DIR__ . '/../..' . '/src/Utilities/HCaptcha/TestRequest.php',
906
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Options\\CleanStorage' => __DIR__ . '/../..' . '/src/Utilities/Options/CleanStorage.php',
907
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\ReCaptcha\\Enqueue' => __DIR__ . '/../..' . '/src/Utilities/ReCaptcha/Enqueue.php',
902
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Changelog\\Retrieve' => __DIR__ . '/../..' . '/src/Utilities/Changelog/Retrieve.php',
903
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpLoginCapture' => __DIR__ . '/../..' . '/src/Utilities/Consumer/WpLoginCapture.php',
904
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Consumer\\WpUserConsumer' => __DIR__ . '/../..' . '/src/Utilities/Consumer/WpUserConsumer.php',
905
+ 'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Github\\ListTags' => __DIR__ . '/../..' . '/src/Utilities/Github/ListTags.php',
906
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\HCaptcha\\TestRequest' => __DIR__ . '/../..' . '/src/Utilities/HCaptcha/TestRequest.php',
907
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\Options\\CleanStorage' => __DIR__ . '/../..' . '/src/Utilities/Options/CleanStorage.php',
908
  'FernleafSystems\\Wordpress\\Plugin\\Shield\\Utilities\\ReCaptcha\\Enqueue' => __DIR__ . '/../..' . '/src/Utilities/ReCaptcha/Enqueue.php',