Shield Security for WordPress

Version Description

Release Info

Developer	paultgoodchild
Plugin	Shield Security for WordPress
Version	11.2.3
Comparing to
See all releases

Code changes from version 11.2.2 to 11.2.3

Files changed (63) hide show

cl.json +26 -4
icwp-wpsf.php +1 -1
plugin-spec.php +3 -3
readme.txt +1 -1
resources/css/plugin.css +2 -1
resources/js/plugin.js +17 -3
src/config/feature-admin_access_restriction.php +25 -8
src/config/feature-audit_trail.php +5 -0
src/config/feature-autoupdates.php +8 -0
src/config/feature-comments_filter.php +19 -2
src/config/feature-comms.php +3 -2
src/config/feature-events.php +6 -6
src/config/feature-firewall.php +12 -5
src/config/feature-hack_protect.php +19 -0
src/config/feature-headers.php +7 -1
src/config/feature-integrations.php +22 -10
src/config/feature-ips.php +31 -21
src/config/feature-lockdown.php +11 -3
src/config/feature-login_protect.php +26 -0
src/config/feature-plugin.php +23 -14
src/config/feature-reporting.php +11 -6
src/config/feature-sessions.php +4 -4
src/config/feature-traffic.php +16 -8
src/config/feature-user_management.php +14 -0
src/lib/src/Controller/Controller.php +75 -75
src/lib/src/Modules/AuditTrail/AjaxHandler.php +8 -9
src/lib/src/Modules/AuditTrail/Auditors/Base.php +1 -4
src/lib/src/Modules/AuditTrail/Lib/AuditWriter.php +8 -8
src/lib/src/Modules/AuditTrail/Lib/Ops/Commit.php +24 -27
src/lib/src/Modules/AuditTrail/Processor.php +18 -21
src/lib/src/Modules/AuditTrail/UI.php +5 -5
src/lib/src/Modules/AuditTrail/WpCli.php +1 -1
src/lib/src/Modules/Base/AdminPage.php +10 -0
src/lib/src/Modules/Base/ModCon.php +33 -30
src/lib/src/Modules/BaseShield/ModCon.php +3 -0
src/lib/src/Modules/Events/Lib/EventsService.php +1 -1
src/lib/src/Modules/IPs/Components/ImportIpsFromFile.php +9 -10
src/lib/src/Modules/IPs/Components/QueryRemainingOffenses.php +7 -7
src/lib/src/Modules/IPs/Components/UnblockIpByFlag.php +5 -6
src/lib/src/Modules/IPs/Lib/BlacklistHandler.php +23 -26
src/lib/src/Modules/IPs/Lib/Bots/BotSignalsController.php +24 -16
src/lib/src/Modules/IPs/Lib/Bots/BotSignalsRecord.php +0 -1
src/lib/src/Modules/IPs/Lib/Bots/Calculator/BuildScores.php +6 -3
src/lib/src/Modules/IPs/Lib/Bots/NotBot/NotBotHandler.php +1 -1
src/lib/src/Modules/IPs/Options.php +8 -0
src/lib/src/Modules/IPs/Strings.php +1 -11
src/lib/src/Modules/IPs/UI.php +7 -0
src/lib/src/Modules/Insights/ModCon.php +6 -3
src/lib/src/Modules/Integrations/Lib/Bots/Spam/Handlers/SuperForms.php +24 -0
src/lib/src/Modules/Integrations/Lib/Bots/Spam/SpamController.php +2 -0
src/lib/src/Modules/Plugin/ModCon.php +3 -4
src/lib/src/Modules/UserManagement/Lib/Session/UserSessionHandler.php +4 -6
src/lib/vendor/composer/autoload_classmap.php +1 -0
src/lib/vendor/composer/autoload_static.php +1 -0
src/lib/vendor/fernleafsystems/wordpress-services/src/Core/Cron.php +7 -2
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Licenses/EddLicenseVO.php +36 -30
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Licenses/Keyless/Base.php +0 -3
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Licenses/Keyless/Lookup.php +1 -7
src/wizards/plugin.php +4 -4
templates/php/snippets/admin_access_login_box.php +0 -50
templates/twig/components/options_form/main.twig +25 -13
templates/twig/components/options_form/option.twig +24 -6
templates/twig/wizard/slides/welcome/optin.twig +3 -3

cl.json CHANGED Viewed

	@@ -8,7 +8,7 @@
8	},
9	"title": "AntiBot Scoring Improvements",
10	"description": [
11	- "Shield 11.0 brought the new AntiBot Detection Engine, designed to detect bad bots and block them.",
12	"With feedback from customers and ongoing research, we've made some major improvements and adjustments to the system."
13	],
14	"items": [
	@@ -33,7 +33,8 @@
33	"title": "AntiBot Detection Engine Improvements.",
34	"description": [
35	"We've adjusted some of the bot scoring and improved the ability to detect legitimate users based on earlier logins.",
36	- "We've also removed the need for the small cookie that was needed to help track the NotBot status."

37	]
38	},
39	{
	@@ -43,9 +44,17 @@
43	"Google's Legacy Chart API wasn't always loading the QR code so we replaced it with a locally generated QR code image."
44	]
45	},








46	{
47	"type": "new",
48	- "title": "Support For Groundhogg",
49	"description": [
50	"Added support for protecting Groundhogg forms from bots."
51	],
	@@ -53,7 +62,14 @@
53	},
54	{
55	"type": "new",
56	- "title": "Support For ~~LifterLMS~~.",







57	"description": [
58	"Added support for protecting LifterLMS login & registration forms from bots."
59	]
	@@ -74,6 +90,12 @@
74	"title": "Fatal error when initiating WP-CLI in some cases.",
75	"description": [],
76	"patch": "11.2.2"






77	}
78	]
79	},


8	},
9	"title": "AntiBot Scoring Improvements",
10	"description": [
11	+ "Shield 11.0 brought the new AntiBot Detection Engine, designed to detect bad bots and block them automatically.",
12	"With feedback from customers and ongoing research, we've made some major improvements and adjustments to the system."
13	],
14	"items": [

33	"title": "AntiBot Detection Engine Improvements.",
34	"description": [
35	"We've adjusted some of the bot scoring and improved the ability to detect legitimate users based on earlier logins.",
36	+ "We've also removed the need for the small cookie that was needed to help track the NotBot status.",
37	+ "The AntiBot Detection Engine can now be disabled by setting the minimum reputation score to 0."
38	]
39	},
40	{

44	"Google's Legacy Chart API wasn't always loading the QR code so we replaced it with a locally generated QR code image."
45	]
46	},
47	+ {
48	+ "type": "improved",
49	+ "title": "Brand new Knowledgebase Integration.",
50	+ "description": [
51	+ "We've moved to a brand new Helpdesk/Knowledgebase and this allows us to integrate instant access to docs inside the plugin itself.",
52	+ "Simply click the 'Info' link for any option to view documentation within your WordPress admin area."
53	+ ]
54	+ },
55	{
56	"type": "new",
57	+ "title": "Support For Protecting Subscription Forms in Groundhogg CRM.",
58	"description": [
59	"Added support for protecting Groundhogg forms from bots."
60	],

62	},
63	{
64	"type": "new",
65	+ "title": "Support For Protecting Super Forms Contact Forms.",
66	+ "description": [
67	+ "Added support for protecting contact forms against SPAM in the Super Forms plugin."
68	+ ]
69	+ },
70	+ {
71	+ "type": "new",
72	+ "title": "Support For Protecting User Forms in LifterLMS.",
73	"description": [
74	"Added support for protecting LifterLMS login & registration forms from bots."
75	]

90	"title": "Fatal error when initiating WP-CLI in some cases.",
91	"description": [],
92	"patch": "11.2.2"
93	+ },
94	+ {
95	+ "type": "improved",
96	+ "title": "Adjust default bot scoring logic to reduce spam.",
97	+ "description": [],
98	+ "patch": "11.2.3"
99	}
100	]
101	},

icwp-wpsf.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Shield Security
4	* Plugin URI: https://shsec.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	- * Version: 11.2.2
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages
9	* Author: Shield Security


3	* Plugin Name: Shield Security
4	* Plugin URI: https://shsec.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	+ * Version: 11.2.3
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages
9	* Author: Shield Security

plugin-spec.php CHANGED Viewed

	@@ -1,8 +1,8 @@
1	{
2	"properties": {
3	- "version": "11.2.2",
4	- "release_timestamp": ~~1622036775~~,
5	- "build": "202105.~~2603~~",
6	"slug_parent": "icwp",
7	"slug_plugin": "wpsf",
8	"human_name": "Shield Security",


1	{
2	"properties": {
3	+ "version": "11.2.3",
4	+ "release_timestamp": 1622190000,
5	+ "build": "202105.2802",
6	"slug_parent": "icwp",
7	"slug_plugin": "wpsf",
8	"human_name": "Shield Security",

readme.txt CHANGED Viewed

	@@ -8,7 +8,7 @@ Requires at least: 3.5.2
8	Requires PHP: 7.0
9	Recommended PHP: 7.4
10	Tested up to: 5.7
11	- Stable tag: 11.2.2
12	Security against hackers and brute force bots with firewall, login security hiding and hardening, Antispam, Audit Trail, Live Traffic, and much more...
13
14	== Description ==


8	Requires PHP: 7.0
9	Recommended PHP: 7.4
10	Tested up to: 5.7
11	+ Stable tag: 11.2.3
12	Security against hackers and brute force bots with firewall, login security hiding and hardening, Antispam, Audit Trail, Live Traffic, and much more...
13
14	== Description ==

resources/css/plugin.css CHANGED Viewed

	@@ -1100,11 +1100,12 @@ input[type=checkbox].form-check-input {
1100	position: relative;
1101	/display: block;/
1102	}


1103	.icwpOptionsForm .option_link_info > .dashicons {
1104	font-size: 16px;
1105	text-decoration: none;
1106	width: 1px;
1107	- margin-left: -3px;
1108	}
1109	.tooltip .arrow {
1110	display: none !important;


1100	position: relative;
1101	/display: block;/
1102	}
1103	+
1104	+ .option_label_name .beacon-article > .dashicons,
1105	.icwpOptionsForm .option_link_info > .dashicons {
1106	font-size: 16px;
1107	text-decoration: none;
1108	width: 1px;

1109	}
1110	.tooltip .arrow {
1111	display: none !important;

resources/js/plugin.js CHANGED Viewed

	@@ -235,15 +235,15 @@ jQuery.fn.icwpWpsfAjaxTable = function ( aOptions ) {
235	$oTableContainer.addClass( 'icwpAjaxTableContainer' );
236	};
237
238	- var refreshTable = function ( ~~event~~ ) {
239	- ~~event~~.preventDefault();
240
241	var query = this.search.substring( 1 );
242	var aTableRequestParams = {
243	paged: extractQueryVars( query, 'paged' ) \|\| 1,
244	order: extractQueryVars( query, 'order' ) \|\| 'desc',
245	orderby: extractQueryVars( query, 'orderby' ) \|\| 'created_at',
246	- tableaction: jQuery( ~~event~~.currentTarget ).data( 'tableaction' )
247	};
248
249	renderTableRequest( aTableRequestParams );
	@@ -352,4 +352,18 @@ jQuery( document ).ready( function () {
352	jQuery( '.select2picker' ).select2( {
353	width: 'resolve'
354	} );














355	} );


235	$oTableContainer.addClass( 'icwpAjaxTableContainer' );
236	};
237
238	+ var refreshTable = function ( evt ) {
239	+ evt.preventDefault();
240
241	var query = this.search.substring( 1 );
242	var aTableRequestParams = {
243	paged: extractQueryVars( query, 'paged' ) \|\| 1,
244	order: extractQueryVars( query, 'order' ) \|\| 'desc',
245	orderby: extractQueryVars( query, 'orderby' ) \|\| 'created_at',
246	+ tableaction: jQuery( evt.currentTarget ).data( 'tableaction' )
247	};
248
249	renderTableRequest( aTableRequestParams );

352	jQuery( '.select2picker' ).select2( {
353	width: 'resolve'
354	} );
355	+
356	+ jQuery( document ).on( 'click', 'a.beacon-article', function ( evt ) {
357	+ evt.preventDefault();
358	+ let link = jQuery( evt.currentTarget );
359	+ let id = link.data( 'beacon-article-id' );
360	+ if ( id ) {
361	+ let format = '';
362	+ if ( link.data( 'beacon-article-format' ) ) {
363	+ format = link.data( 'beacon-article-format' );
364	+ }
365	+ Beacon( 'article', String( id ), { type: format } );
366	+ }
367	+ return false;
368	+ } );
369	} );

src/config/feature-admin_access_restriction.php CHANGED Viewed

	@@ -37,20 +37,21 @@
37	},
38	"sections": [
39	{
40	- "slug": "section_security_admin_settings",
41	- "primary": true,
42	- "title": "Security Admin Restriction Settings",
43	- "title_short": "Security Admin Settings",
44	- "~~summary~~": [

45	"Purpose - Restrict access using a simple Access PIN.",
46	"Recommendation - Use of this feature is highly recommend."
47	- ],
48	- "help_video_id": "338551188"
49	},
50	{
51	"slug": "section_admin_access_restriction_areas",
52	"title": "Security Admin Restriction Zones",
53	"title_short": "Access Restriction Zones",

54	"summary": [
55	"Purpose - Restricts access to key WordPress areas for all users not authenticated with the Security Admin Access system.",
56	"Recommendation - Use of this feature is highly recommend."
	@@ -61,6 +62,7 @@
61	"slug": "section_whitelabel",
62	"title": "Shield White Label",
63	"title_short": "White Label",

64	"summary": [
65	"Purpose - Rename and re-brand the Shield Security plugin for your client site installations."
66	]
	@@ -69,6 +71,7 @@
69	"slug": "section_enable_plugin_feature_admin_access_restriction",
70	"title": "Enable Module: WordPress Security Admin",
71	"title_short": "Disable Module",

72	"summary": [
73	"Purpose - Restricts access to this plugin preventing unauthorized changes to your security settings.",
74	"Recommendation - Keep the Security Admin feature turned on.",
	@@ -101,6 +104,7 @@
101	"type": "password",
102	"link_info": "https://shsec.io/42",
103	"link_blog": "",

104	"name": "Security Admin Access PIN",
105	"summary": "Provide/Update Security Admin Access PIN",
106	"description": "Careful: If you forget this, you could potentially lock yourself out from using this plugin."
	@@ -115,6 +119,7 @@
115	"type": "array",
116	"link_info": "https://shsec.io/dk",
117	"link_blog": "",

118	"name": "Security Admins",
119	"summary": "Persistent Security Admins",
120	"description": "All emails, usernames, or user IDs entered here will always be Security Admins."
	@@ -128,6 +133,7 @@
128	"min": 1,
129	"link_info": "https://shsec.io/41",
130	"link_blog": "",

131	"name": "Security Admin Timeout",
132	"summary": "Specify An Automatic Timeout Interval For Security Admin Access",
133	"description": "This will automatically expire your Security Admin Session. Does not apply until you enter the access PIN again. Default: 60 minutes."
	@@ -140,6 +146,7 @@
140	"type": "checkbox",
141	"link_info": "https://shsec.io/gf",
142	"link_blog": "",

143	"name": "Allow Email Override",
144	"summary": "Allow Email Override Of Admin Access Restrictions",
145	"description": "Allow the use of verification emails to override and switch off the Security Admin restrictions."
	@@ -151,7 +158,8 @@
151	"type": "checkbox",
152	"link_info": "https://shsec.io/a0",
153	"link_blog": "https://shsec.io/wpsf32",
154	- "~~name~~": ~~"Pages"~~,

155	"summary": "Restrict Access To Key WordPress Posts And Pages Actions",
156	"description": "Careful: This will restrict access to page/post creation, editing and deletion. Note: Selecting 'Edit' will also restrict all other options."
157	},
	@@ -163,6 +171,7 @@
163	"type": "checkbox",
164	"link_info": "https://shsec.io/a0",
165	"link_blog": "",

166	"name": "Admin Users",
167	"summary": "Restrict Access To Create/Delete/Modify Other Admin Users",
168	"description": "Careful: This will restrict the ability of WordPress administrators from creating, modifying or promoting other administrators."
	@@ -193,6 +202,7 @@
193	],
194	"link_info": "https://shsec.io/a0",
195	"link_blog": "https://shsec.io/wpsf21",

196	"summary": "Restrict Access To Key WordPress Plugin Actions",
197	"description": "Careful: This will restrict access to plugin installation, update, activation and deletion. Note: Selecting 'Activate' will also restrict all other options."
198	},
	@@ -226,6 +236,7 @@
226	],
227	"link_info": "https://shsec.io/a0",
228	"link_blog": "https://shsec.io/wpsf21",

229	"summary": "Restrict Access To WordPress Theme Actions",
230	"description": "Careful: This will restrict access to theme installation, update, activation and deletion."
231	},
	@@ -251,6 +262,7 @@
251	],
252	"link_info": "https://shsec.io/a0",
253	"link_blog": "https://shsec.io/wpsf21",

254	"summary": "Restrict Access To Key WordPress Posts And Pages Actions",
255	"description": "Careful: This will restrict access to page/post creation, editing and deletion."
256	},
	@@ -262,6 +274,7 @@
262	"type": "checkbox",
263	"link_info": "https://shsec.io/dr",
264	"link_blog": "https://shsec.io/ds",

265	"name": "Enable White Label",
266	"summary": "Activate Your White Label Settings",
267	"description": "Use this option to turn on/off the whole White Label feature."
	@@ -296,6 +309,7 @@
296	"type": "text",
297	"link_info": "https://shsec.io/dt",
298	"link_blog": "",

299	"name": "Plugin Name",
300	"summary": "The Name Of The Plugin",
301	"description": "The Name Of The Plugin."
	@@ -320,6 +334,7 @@
320	"type": "text",
321	"link_info": "https://shsec.io/dt",
322	"link_blog": "",

323	"name": "Company Name",
324	"summary": "The Name Of Your Company",
325	"description": "Provide the name of your company."
	@@ -356,6 +371,7 @@
356	"type": "text",
357	"link_info": "https://shsec.io/dt",
358	"link_blog": "",

359	"name": "Menu Icon",
360	"summary": "Menu Icon URL",
361	"description": "The URL of the icon displayed in the menu."
	@@ -368,6 +384,7 @@
368	"type": "text",
369	"link_info": "",
370	"link_blog": "",

371	"name": "Plugin Badge Logo",
372	"summary": "Plugin Badge Logo URL",
373	"description": "The URL of the logo displayed in the main dashboard. Should be 128x128px"


37	},
38	"sections": [
39	{
40	+ "slug": "section_security_admin_settings",
41	+ "primary": true,
42	+ "title": "Security Admin Restriction Settings",
43	+ "title_short": "Security Admin Settings",
44	+ "beacon_id": 215,
45	+ "summary": [
46	"Purpose - Restrict access using a simple Access PIN.",
47	"Recommendation - Use of this feature is highly recommend."
48	+ ]

49	},
50	{
51	"slug": "section_admin_access_restriction_areas",
52	"title": "Security Admin Restriction Zones",
53	"title_short": "Access Restriction Zones",
54	+ "beacon_id": 214,
55	"summary": [
56	"Purpose - Restricts access to key WordPress areas for all users not authenticated with the Security Admin Access system.",
57	"Recommendation - Use of this feature is highly recommend."

62	"slug": "section_whitelabel",
63	"title": "Shield White Label",
64	"title_short": "White Label",
65	+ "beacon_id": 131,
66	"summary": [
67	"Purpose - Rename and re-brand the Shield Security plugin for your client site installations."
68	]

71	"slug": "section_enable_plugin_feature_admin_access_restriction",
72	"title": "Enable Module: WordPress Security Admin",
73	"title_short": "Disable Module",
74	+ "beacon_id": 213,
75	"summary": [
76	"Purpose - Restricts access to this plugin preventing unauthorized changes to your security settings.",
77	"Recommendation - Keep the Security Admin feature turned on.",

104	"type": "password",
105	"link_info": "https://shsec.io/42",
106	"link_blog": "",
107	+ "beacon_id": 215,
108	"name": "Security Admin Access PIN",
109	"summary": "Provide/Update Security Admin Access PIN",
110	"description": "Careful: If you forget this, you could potentially lock yourself out from using this plugin."

119	"type": "array",
120	"link_info": "https://shsec.io/dk",
121	"link_blog": "",
122	+ "beacon_id": 132,
123	"name": "Security Admins",
124	"summary": "Persistent Security Admins",
125	"description": "All emails, usernames, or user IDs entered here will always be Security Admins."

133	"min": 1,
134	"link_info": "https://shsec.io/41",
135	"link_blog": "",
136	+ "beacon_id": 387,
137	"name": "Security Admin Timeout",
138	"summary": "Specify An Automatic Timeout Interval For Security Admin Access",
139	"description": "This will automatically expire your Security Admin Session. Does not apply until you enter the access PIN again. Default: 60 minutes."

146	"type": "checkbox",
147	"link_info": "https://shsec.io/gf",
148	"link_blog": "",
149	+ "beacon_id": 385,
150	"name": "Allow Email Override",
151	"summary": "Allow Email Override Of Admin Access Restrictions",
152	"description": "Allow the use of verification emails to override and switch off the Security Admin restrictions."

158	"type": "checkbox",
159	"link_info": "https://shsec.io/a0",
160	"link_blog": "https://shsec.io/wpsf32",
161	+ "beacon_id": 214,
162	+ "name": "Options",
163	"summary": "Restrict Access To Key WordPress Posts And Pages Actions",
164	"description": "Careful: This will restrict access to page/post creation, editing and deletion. Note: Selecting 'Edit' will also restrict all other options."
165	},

171	"type": "checkbox",
172	"link_info": "https://shsec.io/a0",
173	"link_blog": "",
174	+ "beacon_id": 214,
175	"name": "Admin Users",
176	"summary": "Restrict Access To Create/Delete/Modify Other Admin Users",
177	"description": "Careful: This will restrict the ability of WordPress administrators from creating, modifying or promoting other administrators."

202	],
203	"link_info": "https://shsec.io/a0",
204	"link_blog": "https://shsec.io/wpsf21",
205	+ "beacon_id": 214,
206	"summary": "Restrict Access To Key WordPress Plugin Actions",
207	"description": "Careful: This will restrict access to plugin installation, update, activation and deletion. Note: Selecting 'Activate' will also restrict all other options."
208	},

236	],
237	"link_info": "https://shsec.io/a0",
238	"link_blog": "https://shsec.io/wpsf21",
239	+ "beacon_id": 214,
240	"summary": "Restrict Access To WordPress Theme Actions",
241	"description": "Careful: This will restrict access to theme installation, update, activation and deletion."
242	},

262	],
263	"link_info": "https://shsec.io/a0",
264	"link_blog": "https://shsec.io/wpsf21",
265	+ "beacon_id": 214,
266	"summary": "Restrict Access To Key WordPress Posts And Pages Actions",
267	"description": "Careful: This will restrict access to page/post creation, editing and deletion."
268	},

274	"type": "checkbox",
275	"link_info": "https://shsec.io/dr",
276	"link_blog": "https://shsec.io/ds",
277	+ "beacon_id": 131,
278	"name": "Enable White Label",
279	"summary": "Activate Your White Label Settings",
280	"description": "Use this option to turn on/off the whole White Label feature."

309	"type": "text",
310	"link_info": "https://shsec.io/dt",
311	"link_blog": "",
312	+ "beacon_id": 216,
313	"name": "Plugin Name",
314	"summary": "The Name Of The Plugin",
315	"description": "The Name Of The Plugin."

334	"type": "text",
335	"link_info": "https://shsec.io/dt",
336	"link_blog": "",
337	+ "beacon_id": 216,
338	"name": "Company Name",
339	"summary": "The Name Of Your Company",
340	"description": "Provide the name of your company."

371	"type": "text",
372	"link_info": "https://shsec.io/dt",
373	"link_blog": "",
374	+ "beacon_id": 216,
375	"name": "Menu Icon",
376	"summary": "Menu Icon URL",
377	"description": "The URL of the icon displayed in the menu."

384	"type": "text",
385	"link_info": "",
386	"link_blog": "",
387	+ "beacon_id": 216,
388	"name": "Plugin Badge Logo",
389	"summary": "Plugin Badge Logo URL",
390	"description": "The URL of the logo displayed in the main dashboard. Should be 128x128px"

src/config/feature-audit_trail.php CHANGED Viewed

	@@ -37,6 +37,7 @@
37	"primary": true,
38	"title": "Audit Trail Options",
39	"title_short": "Options",

40	"summary": [
41	"Purpose - Provides finer control over the audit trail itself.",
42	"Recommendation - These settings are dependent on your requirements."
	@@ -56,6 +57,7 @@
56	"slug": "section_enable_plugin_feature_audit_trail",
57	"title": "Enable Module: Audit Trail",
58	"title_short": "Disable Module",

59	"summary": [
60	"Purpose - The Audit Trail is designed so you can look back on events and analyse what happened and what may have gone wrong.",
61	"Recommendation - Keep the Audit Trail feature turned on."
	@@ -75,6 +77,7 @@
75	"type": "checkbox",
76	"link_info": "https://shsec.io/5p",
77	"link_blog": "https://shsec.io/a1",

78	"name": "Enable Audit Trail",
79	"summary": "Enable (or Disable) The Audit Trail module",
80	"description": "Un-Checking this option will completely disable the Audit Trail module"
	@@ -87,6 +90,7 @@
87	"type": "integer",
88	"link_info": "https://shsec.io/a2",
89	"link_blog": "https://shsec.io/a1",

90	"name": "Auto Clean",
91	"summary": "Enable Audit Auto Cleaning",
92	"description": "Events older than the number of days specified will be automatically cleaned from the database"
	@@ -100,6 +104,7 @@
100	"type": "integer",
101	"link_info": "https://shsec.io/hc",
102	"link_blog": "",

103	"name": "Max Trail Length",
104	"summary": "Maximum Audit Trail Length To Keep",
105	"description": "Automatically remove any audit trail entries when this limit is exceeded."


37	"primary": true,
38	"title": "Audit Trail Options",
39	"title_short": "Options",
40	+ "beacon_id": 241,
41	"summary": [
42	"Purpose - Provides finer control over the audit trail itself.",
43	"Recommendation - These settings are dependent on your requirements."

57	"slug": "section_enable_plugin_feature_audit_trail",
58	"title": "Enable Module: Audit Trail",
59	"title_short": "Disable Module",
60	+ "beacon_id": 241,
61	"summary": [
62	"Purpose - The Audit Trail is designed so you can look back on events and analyse what happened and what may have gone wrong.",
63	"Recommendation - Keep the Audit Trail feature turned on."

77	"type": "checkbox",
78	"link_info": "https://shsec.io/5p",
79	"link_blog": "https://shsec.io/a1",
80	+ "beacon_id": 241,
81	"name": "Enable Audit Trail",
82	"summary": "Enable (or Disable) The Audit Trail module",
83	"description": "Un-Checking this option will completely disable the Audit Trail module"

90	"type": "integer",
91	"link_info": "https://shsec.io/a2",
92	"link_blog": "https://shsec.io/a1",
93	+ "beacon_id": 375,
94	"name": "Auto Clean",
95	"summary": "Enable Audit Auto Cleaning",
96	"description": "Events older than the number of days specified will be automatically cleaned from the database"

104	"type": "integer",
105	"link_info": "https://shsec.io/hc",
106	"link_blog": "",
107	+ "beacon_id": 128,
108	"name": "Max Trail Length",
109	"summary": "Maximum Audit Trail Length To Keep",
110	"description": "Automatically remove any audit trail entries when this limit is exceeded."

src/config/feature-autoupdates.php CHANGED Viewed

	@@ -22,6 +22,7 @@
22	"primary": true,
23	"title": "Automatic Updates For WordPress Components",
24	"title_short": "WordPress Components",

25	"summary": [
26	"Purpose - Control how automatic updates for each WordPress component is handled.",
27	"Recommendation - You should at least allow minor updates for the WordPress core."
	@@ -31,12 +32,14 @@
31	"slug": "section_options",
32	"title": "Auto-Update Options",
33	"title_short": "Auto-Update Options",

34	"summary": "Purpose - Make adjustments to how automatic updates are handled on your site."
35	},
36	{
37	"slug": "section_enable_plugin_feature_automatic_updates_control",
38	"title": "Enable Module: Automatic Updates",
39	"title_short": "Disable Module",

40	"summary": [
41	"Purpose - Automatic Updates lets you manage the WordPress automatic updates engine so you choose what exactly gets updated automatically.",
42	"Recommendation - Keep the Automatic Updates feature turned on."
	@@ -56,6 +59,7 @@
56	"type": "checkbox",
57	"link_info": "https://shsec.io/3w",
58	"link_blog": "https://shsec.io/hj",

59	"name": "Enable Automatic Updates",
60	"summary": "Enable (or Disable) The Automatic Updates module",
61	"description": "Un-Checking this option will completely disable the Automatic Updates module"
	@@ -68,6 +72,7 @@
68	"type": "checkbox",
69	"link_info": "https://shsec.io/3v",
70	"link_blog": "https://shsec.io/k6",

71	"name": "Disable All",
72	"summary": "Completely Disable WordPress Automatic Updates",
73	"description": "When selected, regardless of any other settings, all WordPress automatic updates on this site will be completely disabled!"
	@@ -93,6 +98,7 @@
93	],
94	"link_info": "https://shsec.io/k5",
95	"link_blog": "",

96	"name": "WordPress Core Updates",
97	"summary": "Decide how the WordPress Core will automatically update, if at all",
98	"description": "At least automatically upgrading minor versions is recommended (and is the WordPress default)."
	@@ -128,6 +134,7 @@
128	"type": "integer",
129	"link_info": "https://shsec.io/e5",
130	"link_blog": "",

131	"name": "Update Delay",
132	"summary": "Delay Automatic Updates For Period Of Stability",
133	"description": "Shield will delay upgrades until the new update has been available for the set number of days."
	@@ -154,6 +161,7 @@
154	],
155	"link_info": "https://shsec.io/3x",
156	"link_blog": "",

157	"name": "Auto Update Plugin",
158	"summary": "Always Automatically Update This Plugin",
159	"description": "Regardless of any other settings, automatically update the Shield plugin."


22	"primary": true,
23	"title": "Automatic Updates For WordPress Components",
24	"title_short": "WordPress Components",
25	+ "beacon_id": 236,
26	"summary": [
27	"Purpose - Control how automatic updates for each WordPress component is handled.",
28	"Recommendation - You should at least allow minor updates for the WordPress core."

32	"slug": "section_options",
33	"title": "Auto-Update Options",
34	"title_short": "Auto-Update Options",
35	+ "beacon_id": 234,
36	"summary": "Purpose - Make adjustments to how automatic updates are handled on your site."
37	},
38	{
39	"slug": "section_enable_plugin_feature_automatic_updates_control",
40	"title": "Enable Module: Automatic Updates",
41	"title_short": "Disable Module",
42	+ "beacon_id": 234,
43	"summary": [
44	"Purpose - Automatic Updates lets you manage the WordPress automatic updates engine so you choose what exactly gets updated automatically.",
45	"Recommendation - Keep the Automatic Updates feature turned on."

59	"type": "checkbox",
60	"link_info": "https://shsec.io/3w",
61	"link_blog": "https://shsec.io/hj",
62	+ "beacon_id": 234,
63	"name": "Enable Automatic Updates",
64	"summary": "Enable (or Disable) The Automatic Updates module",
65	"description": "Un-Checking this option will completely disable the Automatic Updates module"

72	"type": "checkbox",
73	"link_info": "https://shsec.io/3v",
74	"link_blog": "https://shsec.io/k6",
75	+ "beacon_id": 405,
76	"name": "Disable All",
77	"summary": "Completely Disable WordPress Automatic Updates",
78	"description": "When selected, regardless of any other settings, all WordPress automatic updates on this site will be completely disabled!"

98	],
99	"link_info": "https://shsec.io/k5",
100	"link_blog": "",
101	+ "beacon_id": 237,
102	"name": "WordPress Core Updates",
103	"summary": "Decide how the WordPress Core will automatically update, if at all",
104	"description": "At least automatically upgrading minor versions is recommended (and is the WordPress default)."

134	"type": "integer",
135	"link_info": "https://shsec.io/e5",
136	"link_blog": "",
137	+ "beacon_id": 137,
138	"name": "Update Delay",
139	"summary": "Delay Automatic Updates For Period Of Stability",
140	"description": "Shield will delay upgrades until the new update has been available for the set number of days."

161	],
162	"link_info": "https://shsec.io/3x",
163	"link_blog": "",
164	+ "beacon_id": 409,
165	"name": "Auto Update Plugin",
166	"summary": "Always Automatically Update This Plugin",
167	"description": "Regardless of any other settings, automatically update the Shield plugin."

src/config/feature-comments_filter.php CHANGED Viewed

	@@ -26,10 +26,11 @@
26	},
27	"sections": [
28	{

29	"slug": "section_bot_comment_spam_protection_filter",
30	"title": "Automatic Bot Comment SPAM Protection Filter",
31	"title_short": "Bot SPAM",
32	- "~~primary~~": ~~true~~,
33	"summary": [
34	"Purpose - Blocks 100% of all automated bot-generated comment SPAM.",
35	"Recommendation - Use of this feature is highly recommend."
	@@ -39,6 +40,7 @@
39	"slug": "section_human_spam_filter",
40	"title": "Human Comment SPAM Protection Filter",
41	"title_short": "Human SPAM",

42	"summary": [
43	"Purpose - Uses a 3rd party SPAM dictionary to detect human-based comment SPAM.",
44	"Recommendation - Use of this feature is highly recommend.This tool, unlike other SPAM tools such as Akismet, will not send your comment data to 3rd party services for analysis."
	@@ -48,6 +50,7 @@
48	"slug": "section_bot_comment_spam_common",
49	"title": "Common Settings For All SPAM Scanning",
50	"title_short": "Common Settings",

51	"summary": [
52	"Purpose - Settings that apply to all comment SPAM scanning."
53	]
	@@ -56,6 +59,7 @@
56	"slug": "section_user_messages",
57	"title": "Customize Messages Shown To User",
58	"title_short": "Visitor Messages",

59	"summary": [
60	"Purpose - Customize the messages shown to visitors.",
61	"Recommendation - Be sure to change the messages to suit your audience.",
	@@ -66,6 +70,7 @@
66	"slug": "section_enable_plugin_feature_spam_comments_protection_filter",
67	"title": "Enable Module: Comments SPAM Protection",
68	"title_short": "Disable Module",

69	"summary": [
70	"Purpose - The Comments Filter can block 100% of automated spam bots and also offer the option to analyse human-generated spam.",
71	"Recommendation - Keep the Comments Filter feature turned on."
	@@ -85,6 +90,7 @@
85	"type": "checkbox",
86	"link_info": "https://shsec.io/3z",
87	"link_blog": "https://shsec.io/wpsf04",

88	"name": "Enable SPAM Protection",
89	"summary": "Enable (or Disable) The Comments SPAM Protection module",
90	"description": "Un-Checking this option will completely disable the Comments SPAM Protection module"
	@@ -97,6 +103,7 @@
97	"type": "integer",
98	"link_info": "https://shsec.io/fu",
99	"link_blog": "",

100	"name": "Trusted Commenter Minimum",
101	"summary": "Minimum Number Of Approved Comments Before Commenter Is Trusted",
102	"description": "Specify how many approved comments must exist before a commenter is trusted and their comments are no longer scanned."
	@@ -115,6 +122,7 @@
115	"type": "array",
116	"link_info": "https://shsec.io/fu",
117	"link_blog": "",

118	"name": "Trusted Users",
119	"summary": "Don't Scan Comments For Users With The Following Roles",
120	"description": "Shield doesn't normally scan comments from logged-in or registered users. Specify user roles here that shouldn't be scanned."
	@@ -126,6 +134,7 @@
126	"type": "checkbox",
127	"link_info": "https://shsec.io/k1",
128	"link_blog": "https://shsec.io/jo",

129	"name": "AntiBot Detection Engine",
130	"summary": "Use Experimental AntiBot Detection Engine",
131	"description": "Use Shield's AntiBot Detection Engine In-Place of GASP Bot checking."
	@@ -155,6 +164,7 @@
155	],
156	"link_info": "https://shsec.io/6j",
157	"link_blog": "",

158	"name": "SPAM Action",
159	"summary": "How To Categorise Comments When Identified To Be SPAM",
160	"description": "When a comment is detected as being SPAM from an automatic bot, the comment will be categorised based on this setting."
	@@ -188,6 +198,7 @@
188	],
189	"link_info": "https://shsec.io/e4",
190	"link_blog": "",

191	"name": "CAPTCHA",
192	"summary": "Enable CAPTCHA To Protect Against SPAM Comments",
193	"description": "You can choose the CAPTCHA display format that best suits your site, including the newer Invisible CAPTCHA."
	@@ -199,6 +210,7 @@
199	"type": "checkbox",
200	"link_info": "https://shsec.io/3n",
201	"link_blog": "https://shsec.io/2n",

202	"name": "GASP Protection",
203	"summary": "Block Bot Comment SPAM",
204	"description": "Taking the lead from the original GASP plugin for WordPress, we have extended it to include advanced spam-bot protection."
	@@ -210,6 +222,7 @@
210	"type": "checkbox",
211	"link_info": "https://shsec.io/57",
212	"link_blog": "https://shsec.io/9w",

213	"name": "Human SPAM Filter",
214	"summary": "Enable (or Disable) The Human SPAM Filter module",
215	"description": "Scans the content of WordPress comments for keywords that are indicative of SPAM and marks the comment according to your preferred setting below."
	@@ -249,6 +262,7 @@
249	"type": "text",
250	"link_info": "https://shsec.io/3p",
251	"link_blog": "",

252	"name": "Custom Checkbox Message",
253	"summary": "If you want a custom checkbox message, please provide this here",
254	"description": "You can customise the message beside the checkbox."
	@@ -261,6 +275,7 @@
261	"type": "text",
262	"link_info": "https://shsec.io/3p",
263	"link_blog": "",

264	"name": "Custom Alert Message",
265	"summary": "If you want a custom alert message, please provide this here",
266	"description": "This alert message is displayed when a visitor attempts to submit a comment without checking the box."
	@@ -273,6 +288,7 @@
273	"type": "text",
274	"link_info": "https://shsec.io/3p",
275	"link_blog": "",

276	"name": "Custom Wait Message",
277	"summary": "If you want a custom submit-button wait message, please provide this here.",
278	"description": "Where you see the '%s' this will be the number of seconds. You must ensure you include 1, and only 1, of these."
	@@ -285,6 +301,7 @@
285	"type": "text",
286	"link_info": "https://shsec.io/3p",
287	"link_blog": "",

288	"name": "Custom Reload Message",
289	"summary": "If you want a custom message when the comment token has expired, please provide this here.",
290	"description": "This message is displayed on the submit-button when the comment token is expired."
	@@ -311,7 +328,7 @@
311	}
312	],
313	"definitions": {
314	- "comments_expire": 1800,
315	"url_spam_blacklist_terms": "https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt",
316	"events": {
317	"comment_spam_block": {


26	},
27	"sections": [
28	{
29	+ "primary": true,
30	"slug": "section_bot_comment_spam_protection_filter",
31	"title": "Automatic Bot Comment SPAM Protection Filter",
32	"title_short": "Bot SPAM",
33	+ "beacon_id": 260,
34	"summary": [
35	"Purpose - Blocks 100% of all automated bot-generated comment SPAM.",
36	"Recommendation - Use of this feature is highly recommend."

40	"slug": "section_human_spam_filter",
41	"title": "Human Comment SPAM Protection Filter",
42	"title_short": "Human SPAM",
43	+ "beacon_id": 262,
44	"summary": [
45	"Purpose - Uses a 3rd party SPAM dictionary to detect human-based comment SPAM.",
46	"Recommendation - Use of this feature is highly recommend.This tool, unlike other SPAM tools such as Akismet, will not send your comment data to 3rd party services for analysis."

50	"slug": "section_bot_comment_spam_common",
51	"title": "Common Settings For All SPAM Scanning",
52	"title_short": "Common Settings",
53	+ "beacon_id": 152,
54	"summary": [
55	"Purpose - Settings that apply to all comment SPAM scanning."
56	]

59	"slug": "section_user_messages",
60	"title": "Customize Messages Shown To User",
61	"title_short": "Visitor Messages",
62	+ "beacon_id": 403,
63	"summary": [
64	"Purpose - Customize the messages shown to visitors.",
65	"Recommendation - Be sure to change the messages to suit your audience.",

70	"slug": "section_enable_plugin_feature_spam_comments_protection_filter",
71	"title": "Enable Module: Comments SPAM Protection",
72	"title_short": "Disable Module",
73	+ "beacon_id": 257,
74	"summary": [
75	"Purpose - The Comments Filter can block 100% of automated spam bots and also offer the option to analyse human-generated spam.",
76	"Recommendation - Keep the Comments Filter feature turned on."

90	"type": "checkbox",
91	"link_info": "https://shsec.io/3z",
92	"link_blog": "https://shsec.io/wpsf04",
93	+ "beacon_id": 257,
94	"name": "Enable SPAM Protection",
95	"summary": "Enable (or Disable) The Comments SPAM Protection module",
96	"description": "Un-Checking this option will completely disable the Comments SPAM Protection module"

103	"type": "integer",
104	"link_info": "https://shsec.io/fu",
105	"link_blog": "",
106	+ "beacon_id": 152,
107	"name": "Trusted Commenter Minimum",
108	"summary": "Minimum Number Of Approved Comments Before Commenter Is Trusted",
109	"description": "Specify how many approved comments must exist before a commenter is trusted and their comments are no longer scanned."

122	"type": "array",
123	"link_info": "https://shsec.io/fu",
124	"link_blog": "",
125	+ "beacon_id": 152,
126	"name": "Trusted Users",
127	"summary": "Don't Scan Comments For Users With The Following Roles",
128	"description": "Shield doesn't normally scan comments from logged-in or registered users. Specify user roles here that shouldn't be scanned."

134	"type": "checkbox",
135	"link_info": "https://shsec.io/k1",
136	"link_blog": "https://shsec.io/jo",
137	+ "beacon_id": 427,
138	"name": "AntiBot Detection Engine",
139	"summary": "Use Experimental AntiBot Detection Engine",
140	"description": "Use Shield's AntiBot Detection Engine In-Place of GASP Bot checking."

164	],
165	"link_info": "https://shsec.io/6j",
166	"link_blog": "",
167	+ "beacon_id": 260,
168	"name": "SPAM Action",
169	"summary": "How To Categorise Comments When Identified To Be SPAM",
170	"description": "When a comment is detected as being SPAM from an automatic bot, the comment will be categorised based on this setting."

198	],
199	"link_info": "https://shsec.io/e4",
200	"link_blog": "",
201	+ "beacon_id": 269,
202	"name": "CAPTCHA",
203	"summary": "Enable CAPTCHA To Protect Against SPAM Comments",
204	"description": "You can choose the CAPTCHA display format that best suits your site, including the newer Invisible CAPTCHA."

210	"type": "checkbox",
211	"link_info": "https://shsec.io/3n",
212	"link_blog": "https://shsec.io/2n",
213	+ "beacon_id": 401,
214	"name": "GASP Protection",
215	"summary": "Block Bot Comment SPAM",
216	"description": "Taking the lead from the original GASP plugin for WordPress, we have extended it to include advanced spam-bot protection."

222	"type": "checkbox",
223	"link_info": "https://shsec.io/57",
224	"link_blog": "https://shsec.io/9w",
225	+ "beacon_id": 262,
226	"name": "Human SPAM Filter",
227	"summary": "Enable (or Disable) The Human SPAM Filter module",
228	"description": "Scans the content of WordPress comments for keywords that are indicative of SPAM and marks the comment according to your preferred setting below."

262	"type": "text",
263	"link_info": "https://shsec.io/3p",
264	"link_blog": "",
265	+ "beacon_id": 403,
266	"name": "Custom Checkbox Message",
267	"summary": "If you want a custom checkbox message, please provide this here",
268	"description": "You can customise the message beside the checkbox."

275	"type": "text",
276	"link_info": "https://shsec.io/3p",
277	"link_blog": "",
278	+ "beacon_id": 403,
279	"name": "Custom Alert Message",
280	"summary": "If you want a custom alert message, please provide this here",
281	"description": "This alert message is displayed when a visitor attempts to submit a comment without checking the box."

288	"type": "text",
289	"link_info": "https://shsec.io/3p",
290	"link_blog": "",
291	+ "beacon_id": 403,
292	"name": "Custom Wait Message",
293	"summary": "If you want a custom submit-button wait message, please provide this here.",
294	"description": "Where you see the '%s' this will be the number of seconds. You must ensure you include 1, and only 1, of these."

301	"type": "text",
302	"link_info": "https://shsec.io/3p",
303	"link_blog": "",
304	+ "beacon_id": 403,
305	"name": "Custom Reload Message",
306	"summary": "If you want a custom message when the comment token has expired, please provide this here.",
307	"description": "This message is displayed on the submit-button when the comment token is expired."

328	}
329	],
330	"definitions": {
331	+ "comments_expire": 1800,
332	"url_spam_blacklist_terms": "https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt",
333	"events": {
334	"comment_spam_block": {

src/config/feature-comms.php CHANGED Viewed

	@@ -22,10 +22,11 @@
22	},
23	"sections": [
24	{
25	- "slug": "section_suresend",
26	"primary": true,

27	"title": "SureSend Email",
28	- "title_short": "SureSend Email"

29	},
30	{
31	"slug": "section_non_ui",


22	},
23	"sections": [
24	{

25	"primary": true,
26	+ "slug": "section_suresend",
27	"title": "SureSend Email",
28	+ "title_short": "SureSend Email",
29	+ "beacon_id": 156
30	},
31	{
32	"slug": "section_non_ui",

src/config/feature-events.php CHANGED Viewed

	@@ -13,7 +13,7 @@
13	"run_if_wpcli": true,
14	"tracking_exclude": true
15	},
16	- "wpcli": {
17	"enabled": false
18	},
19	"sections": [
	@@ -46,16 +46,16 @@
46	}
47	],
48	"definitions": {
49	- "db_classes": {
50	"events": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Events\\Handler"
51	},
52	- "db_table_events": {
53	- "slug": "events",
54	- "cols_custom": {
55	"event": "varchar(50) NOT NULL DEFAULT 'none' COMMENT 'Event ID'",
56	"count": "int(11) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Total'"
57	}
58	},
59	- "events_table_name": "events"
60	}
61	}


13	"run_if_wpcli": true,
14	"tracking_exclude": true
15	},
16	+ "wpcli": {
17	"enabled": false
18	},
19	"sections": [

46	}
47	],
48	"definitions": {
49	+ "db_classes": {
50	"events": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Events\\Handler"
51	},
52	+ "db_table_events": {
53	+ "slug": "events",
54	+ "cols_custom": {
55	"event": "varchar(50) NOT NULL DEFAULT 'none' COMMENT 'Event ID'",
56	"count": "int(11) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Total'"
57	}
58	},
59	+ "events_table_name": "events"
60	}
61	}

src/config/feature-firewall.php CHANGED Viewed

	@@ -22,6 +22,7 @@
22	"primary": true,
23	"title": "Firewall Blocking Options",
24	"title_short": "Firewall Blocking",

25	"summary": [
26	"Here you choose what kind of malicious data to scan for.",
27	"Recommendation - Turn on as many options here as you can. If you find an incompatibility or something stops working, un-check 1 option at a time until you find the problem or review the Audit Trail."
	@@ -31,6 +32,7 @@
31	"slug": "section_choose_firewall_block_response",
32	"title": "Choose Firewall Block Response",
33	"title_short": "Firewall Response",

34	"summary": [
35	"Here you choose how the plugin will respond when it detects malicious data.",
36	"Recommendation - Choose the option 'Die With Message'."
	@@ -40,6 +42,7 @@
40	"slug": "section_whitelist",
41	"title": "Whitelists - IPs, Pages, Parameters, and Users that bypass the Firewall",
42	"title_short": "Whitelist",

43	"summary": [
44	"In principle you should not need to whitelist anything or anyone unless you have discovered a collision with another plugin.",
45	"Recommendation - Do not whitelist anything unless you are confident in what you are doing."
	@@ -49,6 +52,7 @@
49	"slug": "section_user_messages",
50	"title": "Customize Messages Shown To User",
51	"title_short": "Visitor Messages",

52	"summary": [
53	"Purpose - Customize the messages shown to visitors.",
54	"Recommendation - Be sure to change the messages to suit your audience.",
	@@ -59,6 +63,7 @@
59	"slug": "section_enable_plugin_feature_wordpress_firewall",
60	"title": "Enable Module: Firewall",
61	"title_short": "Disable Module",

62	"summary": [
63	"Purpose - The Firewall is designed to analyse data sent to your website and block any requests that appear to be malicious.",
64	"Recommendation - Keep the Firewall feature turned on."
	@@ -78,6 +83,7 @@
78	"type": "checkbox",
79	"link_info": "https://shsec.io/43",
80	"link_blog": "https://shsec.io/wpsf01",

81	"name": "Enable Firewall",
82	"summary": "Enable (or Disable) The Firewall module",
83	"description": "Un-Checking this option will completely disable the Firewall module"
	@@ -233,6 +239,7 @@
233	"type": "comma_separated_lists",
234	"link_info": "https://shsec.io/2a",
235	"link_blog": "",

236	"name": "Whitelist Parameters",
237	"summary": "Detail pages and parameters that are whitelisted (ignored by the firewall)",
238	"description": "This should be used with caution and you should only provide parameter names that you must have excluded"
	@@ -410,9 +417,9 @@
410	"cat": 2,
411	"stat": false
412	},
413	- "firewall_block": {
414	- "audit": false,
415	- "recent": true,
416	"offense": true
417	},
418	"blockparam_dirtraversal": {
	@@ -439,11 +446,11 @@
439	"block_exefile": {
440	"cat": 3
441	},
442	- "fw_email_fail": {
443	"cat": 2,
444	"stat": false
445	},
446	- "fw_email_success": {
447	"stat": false
448	}
449	}


22	"primary": true,
23	"title": "Firewall Blocking Options",
24	"title_short": "Firewall Blocking",
25	+ "beacon_id": 333,
26	"summary": [
27	"Here you choose what kind of malicious data to scan for.",
28	"Recommendation - Turn on as many options here as you can. If you find an incompatibility or something stops working, un-check 1 option at a time until you find the problem or review the Audit Trail."

32	"slug": "section_choose_firewall_block_response",
33	"title": "Choose Firewall Block Response",
34	"title_short": "Firewall Response",
35	+ "beacon_id": 334,
36	"summary": [
37	"Here you choose how the plugin will respond when it detects malicious data.",
38	"Recommendation - Choose the option 'Die With Message'."

42	"slug": "section_whitelist",
43	"title": "Whitelists - IPs, Pages, Parameters, and Users that bypass the Firewall",
44	"title_short": "Whitelist",
45	+ "beacon_id": 335,
46	"summary": [
47	"In principle you should not need to whitelist anything or anyone unless you have discovered a collision with another plugin.",
48	"Recommendation - Do not whitelist anything unless you are confident in what you are doing."

52	"slug": "section_user_messages",
53	"title": "Customize Messages Shown To User",
54	"title_short": "Visitor Messages",
55	+ "beacon_id": 139,
56	"summary": [
57	"Purpose - Customize the messages shown to visitors.",
58	"Recommendation - Be sure to change the messages to suit your audience.",

63	"slug": "section_enable_plugin_feature_wordpress_firewall",
64	"title": "Enable Module: Firewall",
65	"title_short": "Disable Module",
66	+ "beacon_id": 253,
67	"summary": [
68	"Purpose - The Firewall is designed to analyse data sent to your website and block any requests that appear to be malicious.",
69	"Recommendation - Keep the Firewall feature turned on."

83	"type": "checkbox",
84	"link_info": "https://shsec.io/43",
85	"link_blog": "https://shsec.io/wpsf01",
86	+ "beacon_id": 253,
87	"name": "Enable Firewall",
88	"summary": "Enable (or Disable) The Firewall module",
89	"description": "Un-Checking this option will completely disable the Firewall module"

239	"type": "comma_separated_lists",
240	"link_info": "https://shsec.io/2a",
241	"link_blog": "",
242	+ "beacon_id": 335,
243	"name": "Whitelist Parameters",
244	"summary": "Detail pages and parameters that are whitelisted (ignored by the firewall)",
245	"description": "This should be used with caution and you should only provide parameter names that you must have excluded"

417	"cat": 2,
418	"stat": false
419	},
420	+ "firewall_block": {
421	+ "audit": false,
422	+ "recent": true,
423	"offense": true
424	},
425	"blockparam_dirtraversal": {

446	"block_exefile": {
447	"cat": 3
448	},
449	+ "fw_email_fail": {
450	"cat": 2,
451	"stat": false
452	},
453	+ "fw_email_success": {
454	"stat": false
455	}
456	}

src/config/feature-hack_protect.php CHANGED Viewed

	@@ -40,6 +40,7 @@
40	"primary": true,
41	"title": "File Guard",
42	"title_short": "File Guard",

43	"summary": [
44	"Purpose - Monitor WordPress files and protect against malicious intrusion and hacking.",
45	"Recommendation - Keep the File Guard features turned on."
	@@ -49,6 +50,7 @@
49	"slug": "section_scan_wpv",
50	"title": "Vulnerability Scanner",
51	"title_short": "Vulnerability Scanner",

52	"summary": [
53	"Purpose - Regularly scan your WordPress plugins and themes for known security vulnerabilities.",
54	"Recommendation - Ensure this is turned on and you will always know if any of your assets have known security vulnerabilities."
	@@ -58,6 +60,7 @@
58	"slug": "section_realtime",
59	"title": "Realtime Change Detection",
60	"title_short": "Realtime Change Detection",

61	"summary": [
62	"Purpose - Monitor Your WordPress Site For Changes To Critical Components In Realtime.",
63	"Recommendation - Keep The Realtime Change Detection Active."
	@@ -67,6 +70,7 @@
67	"slug": "section_scan_ufc",
68	"title": "Unrecognised Files Scanner",
69	"title_short": "Unrecognised Files Scanner",

70	"summary": [
71	"Purpose - Scan your WordPress core folders for unrecognised files that don't belong.",
72	"Recommendation - Keep the Unrecognised Files Scanner feature turned on."
	@@ -76,6 +80,7 @@
76	"slug": "section_scan_options",
77	"title": "Scan Options",
78	"title_short": "Scan Options",

79	"summary": [
80	"Purpose - Set how often the Hack Guard scans will run."
81	]
	@@ -84,6 +89,7 @@
84	"slug": "section_enable_plugin_feature_hack_protection_tools",
85	"title": "Enable Module: Hack Guard",
86	"title_short": "Disable Module",

87	"summary": [
88	"Purpose - Hack Guard is a set of tools to warn you and protect you against hacks on your site.",
89	"Recommendation - Keep the Hack Guard module turned on."
	@@ -103,6 +109,7 @@
103	"type": "checkbox",
104	"link_info": "https://shsec.io/wpsf38",
105	"link_blog": "https://shsec.io/9x",

106	"name": "Enable Hack Guard",
107	"summary": "Enable (or Disable) The Hack Guard Module",
108	"description": "Un-Checking this option will completely disable the Hack Guard module"
	@@ -114,6 +121,7 @@
114	"default": "Y",
115	"link_info": "https://shsec.io/ew",
116	"link_blog": "https://shsec.io/eo",

117	"name": "Abandoned Plugin Scanner",
118	"summary": "Enable The Abandoned Plugin Scanner",
119	"description": "Scan your WordPress.org assets for whether they've been abandoned."
	@@ -126,6 +134,7 @@
126	"default": "Y",
127	"link_info": "https://shsec.io/du",
128	"link_blog": "https://shsec.io/ah",

129	"name": "Vulnerability Scanner",
130	"summary": "Enable The Vulnerability Scanner",
131	"description": "Scan all your WordPress assets for known security vulnerabilities."
	@@ -149,6 +158,7 @@
149	"type": "checkbox",
150	"link_info": "https://shsec.io/hd",
151	"link_blog": "https://shsec.io/wpsf37",

152	"name": "WP Core File Scanner",
153	"summary": "Automatically Scans WordPress Core Files For Alterations",
154	"description": "Compares all WordPress core files on your site against the official WordPress files. WordPress Core files should never be altered for any reason."
	@@ -161,6 +171,7 @@
161	"type": "checkbox",
162	"link_info": "https://shsec.io/fp",
163	"link_blog": "https://shsec.io/fx",

164	"name": "Automatic Malware Scan",
165	"summary": "Enable Malware File Scanner",
166	"description": "When enabled the Malware scanner will run automatically."
	@@ -173,6 +184,7 @@
173	"type": "checkbox",
174	"link_info": "https://shsec.io/bl",
175	"link_blog": "https://shsec.io/bm",

176	"name": "Enable/Disable Guard",
177	"summary": "Enable The Guard For Plugin And Theme Files",
178	"description": "When enabled the Guard will automatically scan for changes to your Plugin and Theme files."
	@@ -203,6 +215,7 @@
203	],
204	"link_info": "https://shsec.io/h7",
205	"link_blog": "https://shsec.io/h8",

206	"name": "File Locker",
207	"summary": "Lock Files Against Tampering and Changes",
208	"description": "As soon as changes are detected to any selected files, the contents may be examined and reverted."
	@@ -231,6 +244,7 @@
231	],
232	"link_info": "https://shsec.io/wpsf36",
233	"link_blog": "https://shsec.io/wpsf37",

234	"name": "Auto File Repair",
235	"summary": "Which Files Should Be Automatically Repaired?",
236	"description": "When a file is modified, or malware is detected, Shield can try to repair files."
	@@ -277,6 +291,7 @@
277	],
278	"link_info": "https://shsec.io/b2",
279	"link_blog": "",

280	"name": "Scan Frequency",
281	"summary": "Number Of Times To Automatically Scan Core Files In 24 Hours",
282	"description": "Default: Once every 24hrs. To improve security, increase the number of scans per day."
	@@ -302,6 +317,7 @@
302	],
303	"link_info": "https://shsec.io/9y",
304	"link_blog": "https://shsec.io/95",

305	"name": "Unrecognised Files Scanner",
306	"summary": "Scans Core Directories For Unrecognised Files",
307	"description": "Scans for, and automatically deletes, any files in your core WordPress folders that are not part of your WordPress installation."
	@@ -314,6 +330,7 @@
314	"type": "checkbox",
315	"link_info": "https://shsec.io/he",
316	"link_blog": "https://shsec.io/95",

317	"name": "Scan Uploads",
318	"summary": "Scan Uploads Folder For PHP and Javascript",
319	"description": "The Uploads folder is primarily for media, but could be used to store nefarious files."
	@@ -338,6 +355,7 @@
338	"type": "array",
339	"link_info": "https://shsec.io/9z",
340	"link_blog": "https://shsec.io/95",

341	"name": "File Exclusions",
342	"summary": "Provide A List Of Files To Be Excluded From The Scan",
343	"description": "Take a new line for each file you wish to exclude from the scan. No commas are necessary."
	@@ -362,6 +380,7 @@
362	"default": "Y",
363	"link_info": "https://shsec.io/bp",
364	"link_blog": "",

365	"name": "Show Re-Install Links",
366	"summary": "Show Re-Install Links For Plugins",
367	"description": "Show links to re-install plugins and offer re-install when activating plugins."


40	"primary": true,
41	"title": "File Guard",
42	"title_short": "File Guard",
43	+ "beacon_id": 217,
44	"summary": [
45	"Purpose - Monitor WordPress files and protect against malicious intrusion and hacking.",
46	"Recommendation - Keep the File Guard features turned on."

50	"slug": "section_scan_wpv",
51	"title": "Vulnerability Scanner",
52	"title_short": "Vulnerability Scanner",
53	+ "beacon_id": 217,
54	"summary": [
55	"Purpose - Regularly scan your WordPress plugins and themes for known security vulnerabilities.",
56	"Recommendation - Ensure this is turned on and you will always know if any of your assets have known security vulnerabilities."

60	"slug": "section_realtime",
61	"title": "Realtime Change Detection",
62	"title_short": "Realtime Change Detection",
63	+ "beacon_id": 226,
64	"summary": [
65	"Purpose - Monitor Your WordPress Site For Changes To Critical Components In Realtime.",
66	"Recommendation - Keep The Realtime Change Detection Active."

70	"slug": "section_scan_ufc",
71	"title": "Unrecognised Files Scanner",
72	"title_short": "Unrecognised Files Scanner",
73	+ "beacon_id": 395,
74	"summary": [
75	"Purpose - Scan your WordPress core folders for unrecognised files that don't belong.",
76	"Recommendation - Keep the Unrecognised Files Scanner feature turned on."

80	"slug": "section_scan_options",
81	"title": "Scan Options",
82	"title_short": "Scan Options",
83	+ "beacon_id": 217,
84	"summary": [
85	"Purpose - Set how often the Hack Guard scans will run."
86	]

89	"slug": "section_enable_plugin_feature_hack_protection_tools",
90	"title": "Enable Module: Hack Guard",
91	"title_short": "Disable Module",
92	+ "beacon_id": 217,
93	"summary": [
94	"Purpose - Hack Guard is a set of tools to warn you and protect you against hacks on your site.",
95	"Recommendation - Keep the Hack Guard module turned on."

109	"type": "checkbox",
110	"link_info": "https://shsec.io/wpsf38",
111	"link_blog": "https://shsec.io/9x",
112	+ "beacon_id": 217,
113	"name": "Enable Hack Guard",
114	"summary": "Enable (or Disable) The Hack Guard Module",
115	"description": "Un-Checking this option will completely disable the Hack Guard module"

121	"default": "Y",
122	"link_info": "https://shsec.io/ew",
123	"link_blog": "https://shsec.io/eo",
124	+ "beacon_id": 225,
125	"name": "Abandoned Plugin Scanner",
126	"summary": "Enable The Abandoned Plugin Scanner",
127	"description": "Scan your WordPress.org assets for whether they've been abandoned."

134	"default": "Y",
135	"link_info": "https://shsec.io/du",
136	"link_blog": "https://shsec.io/ah",
137	+ "beacon_id": 137,
138	"name": "Vulnerability Scanner",
139	"summary": "Enable The Vulnerability Scanner",
140	"description": "Scan all your WordPress assets for known security vulnerabilities."

158	"type": "checkbox",
159	"link_info": "https://shsec.io/hd",
160	"link_blog": "https://shsec.io/wpsf37",
161	+ "beacon_id": 224,
162	"name": "WP Core File Scanner",
163	"summary": "Automatically Scans WordPress Core Files For Alterations",
164	"description": "Compares all WordPress core files on your site against the official WordPress files. WordPress Core files should never be altered for any reason."

171	"type": "checkbox",
172	"link_info": "https://shsec.io/fp",
173	"link_blog": "https://shsec.io/fx",
174	+ "beacon_id": 222,
175	"name": "Automatic Malware Scan",
176	"summary": "Enable Malware File Scanner",
177	"description": "When enabled the Malware scanner will run automatically."

184	"type": "checkbox",
185	"link_info": "https://shsec.io/bl",
186	"link_blog": "https://shsec.io/bm",
187	+ "beacon_id": 133,
188	"name": "Enable/Disable Guard",
189	"summary": "Enable The Guard For Plugin And Theme Files",
190	"description": "When enabled the Guard will automatically scan for changes to your Plugin and Theme files."

215	],
216	"link_info": "https://shsec.io/h7",
217	"link_blog": "https://shsec.io/h8",
218	+ "beacon_id": 226,
219	"name": "File Locker",
220	"summary": "Lock Files Against Tampering and Changes",
221	"description": "As soon as changes are detected to any selected files, the contents may be examined and reverted."

244	],
245	"link_info": "https://shsec.io/wpsf36",
246	"link_blog": "https://shsec.io/wpsf37",
247	+ "beacon_id": 228,
248	"name": "Auto File Repair",
249	"summary": "Which Files Should Be Automatically Repaired?",
250	"description": "When a file is modified, or malware is detected, Shield can try to repair files."

291	],
292	"link_info": "https://shsec.io/b2",
293	"link_blog": "",
294	+ "beacon_id": 223,
295	"name": "Scan Frequency",
296	"summary": "Number Of Times To Automatically Scan Core Files In 24 Hours",
297	"description": "Default: Once every 24hrs. To improve security, increase the number of scans per day."

317	],
318	"link_info": "https://shsec.io/9y",
319	"link_blog": "https://shsec.io/95",
320	+ "beacon_id": 227,
321	"name": "Unrecognised Files Scanner",
322	"summary": "Scans Core Directories For Unrecognised Files",
323	"description": "Scans for, and automatically deletes, any files in your core WordPress folders that are not part of your WordPress installation."

330	"type": "checkbox",
331	"link_info": "https://shsec.io/he",
332	"link_blog": "https://shsec.io/95",
333	+ "beacon_id": 347,
334	"name": "Scan Uploads",
335	"summary": "Scan Uploads Folder For PHP and Javascript",
336	"description": "The Uploads folder is primarily for media, but could be used to store nefarious files."

355	"type": "array",
356	"link_info": "https://shsec.io/9z",
357	"link_blog": "https://shsec.io/95",
358	+ "beacon_id": 231,
359	"name": "File Exclusions",
360	"summary": "Provide A List Of Files To Be Excluded From The Scan",
361	"description": "Take a new line for each file you wish to exclude from the scan. No commas are necessary."

380	"default": "Y",
381	"link_info": "https://shsec.io/bp",
382	"link_blog": "",
383	+ "beacon_id": 135,
384	"name": "Show Re-Install Links",
385	"summary": "Show Re-Install Links For Plugins",
386	"description": "Show links to re-install plugins and offer re-install when activating plugins."

src/config/feature-headers.php CHANGED Viewed

	@@ -18,10 +18,11 @@
18	},
19	"sections": [
20	{
21	- "slug": "section_security_headers",
22	"primary": true,

23	"title": "Advanced Security Headers",
24	"title_short": "Security Headers",

25	"summary": [
26	"Purpose - Protect visitors to your site by implementing increased security response headers.",
27	"Recommendation - Enabling these features are advised, but you must test them on your site thoroughly."
	@@ -31,6 +32,7 @@
31	"slug": "section_content_security_policy",
32	"title": "Content Security Policy",
33	"title_short": "Content Security Policy",

34	"summary": [
35	"Purpose - Restrict the sources and types of content that may be loaded and processed by visitor browsers.",
36	"Recommendation - Enabling these features are advised, but you must test them on your site thoroughly."
	@@ -40,6 +42,7 @@
40	"slug": "section_enable_plugin_feature_headers",
41	"title": "Enable Module: HTTP Headers",
42	"title_short": "Disable Module",

43	"summary": [
44	"Purpose - Protect visitors to your site by implementing increased security response headers.",
45	"Recommendation - Enabling these features are advised, but you must test them on your site thoroughly."
	@@ -59,6 +62,7 @@
59	"type": "checkbox",
60	"link_info": "https://shsec.io/aj",
61	"link_blog": "https://shsec.io/7c",

62	"name": "Enable HTTP Headers",
63	"summary": "Enable (or Disable) The HTTP Headers module",
64	"description": "Un-Checking this option will completely disable the HTTP Headers module"
	@@ -172,6 +176,7 @@
172	"type": "checkbox",
173	"link_info": "https://shsec.io/7d",
174	"link_blog": "https://shsec.io/7c",

175	"name": "Enable Content Security Policy",
176	"summary": "Enable (or Disable) The Content Security Policy module",
177	"description": "Allows for permission and restriction of all resources loaded on your site."
	@@ -184,6 +189,7 @@
184	"type": "array",
185	"link_info": "https://shsec.io/g9",
186	"link_blog": "",

187	"name": "Manual Rules",
188	"summary": "Manual CSP Rules",
189	"description": "Manual CSP rules."


18	},
19	"sections": [
20	{

21	"primary": true,
22	+ "slug": "section_security_headers",
23	"title": "Advanced Security Headers",
24	"title_short": "Security Headers",
25	+ "beacon_id": 267,
26	"summary": [
27	"Purpose - Protect visitors to your site by implementing increased security response headers.",
28	"Recommendation - Enabling these features are advised, but you must test them on your site thoroughly."

32	"slug": "section_content_security_policy",
33	"title": "Content Security Policy",
34	"title_short": "Content Security Policy",
35	+ "beacon_id": 155,
36	"summary": [
37	"Purpose - Restrict the sources and types of content that may be loaded and processed by visitor browsers.",
38	"Recommendation - Enabling these features are advised, but you must test them on your site thoroughly."

42	"slug": "section_enable_plugin_feature_headers",
43	"title": "Enable Module: HTTP Headers",
44	"title_short": "Disable Module",
45	+ "beacon_id": 265,
46	"summary": [
47	"Purpose - Protect visitors to your site by implementing increased security response headers.",
48	"Recommendation - Enabling these features are advised, but you must test them on your site thoroughly."

62	"type": "checkbox",
63	"link_info": "https://shsec.io/aj",
64	"link_blog": "https://shsec.io/7c",
65	+ "beacon_id": 265,
66	"name": "Enable HTTP Headers",
67	"summary": "Enable (or Disable) The HTTP Headers module",
68	"description": "Un-Checking this option will completely disable the HTTP Headers module"

176	"type": "checkbox",
177	"link_info": "https://shsec.io/7d",
178	"link_blog": "https://shsec.io/7c",
179	+ "beacon_id": 155,
180	"name": "Enable Content Security Policy",
181	"summary": "Enable (or Disable) The Content Security Policy module",
182	"description": "Allows for permission and restriction of all resources loaded on your site."

189	"type": "array",
190	"link_info": "https://shsec.io/g9",
191	"link_blog": "",
192	+ "beacon_id": 155,
193	"name": "Manual Rules",
194	"summary": "Manual CSP Rules",
195	"description": "Manual CSP rules."

src/config/feature-integrations.php CHANGED Viewed

	@@ -26,17 +26,20 @@
26	"slug": "section_integrations",
27	"primary": true,
28	"title": "Integrations",
29	- "title_short": "Integrations"

30	},
31	{
32	"slug": "section_spam",
33	"title": "SPAM Detection",
34	- "title_short": "SPAM Detection"

35	},
36	{
37	"slug": "section_user_forms",
38	"title": "User Forms Bot Detection",
39	- "title_short": "User Forms Bot Detection"

40	},
41	{
42	"slug": "section_non_ui",
	@@ -51,6 +54,7 @@
51	"type": "checkbox",
52	"link_info": "https://shsec.io/ir",
53	"link_blog": "",

54	"name": "Enable MainWP",
55	"summary": "Enable The Built-In MainWP Extension",
56	"description": "This option will enable Shield's built-in MainWP extension for both server and client."
	@@ -99,6 +103,10 @@
99	"value_key": "ninjaforms",
100	"text": "Ninja Forms"
101	},




102	{
103	"value_key": "wpforo",
104	"text": "wpForo"
	@@ -110,6 +118,7 @@
110	],
111	"link_info": "https://shsec.io/k2",
112	"link_blog": "https://shsec.io/k3",

113	"name": "SPAM Form Checking",
114	"summary": "Select The Form Providers That Should Be Checked For SPAM",
115	"description": "Select The Form Providers That Should Be Checked For SPAM."
	@@ -120,7 +129,9 @@
120	"premium": true,
121	"advanced": true,
122	"type": "multiple_select",
123	- "default": [ ~~"wordpress" ],~~


124	"value_options": [
125	{
126	"value_key": "buddypress",
	@@ -169,6 +180,7 @@
169	],
170	"link_info": "https://shsec.io/k4",
171	"link_blog": "https://shsec.io/k3",

172	"name": "User Form Checking",
173	"summary": "Select The User Form Providers That Should Be Checked For SPAM Registrations and Logins",
174	"description": "Select The User Form Providers That Should Be Checked For SPAM Registrations and Logins"
	@@ -176,14 +188,14 @@
176	],
177	"definitions": {
178	"events": {
179	- "spam_form_pass": {
180	"stat": true,
181	"audit": true,
182	"offense": false
183	},
184	- "spam_form_fail": {
185	- "stat": true,
186	- "audit": true,
187	"offense": false
188	},
189	"user_form_bot_pass": {
	@@ -192,8 +204,8 @@
192	"offense": false
193	},
194	"user_form_bot_fail": {
195	- "stat": true,
196	- "audit": true,
197	"offense": true
198	}
199	}


26	"slug": "section_integrations",
27	"primary": true,
28	"title": "Integrations",
29	+ "title_short": "Integrations",
30	+ "beacon_id": 404
31	},
32	{
33	"slug": "section_spam",
34	"title": "SPAM Detection",
35	+ "title_short": "SPAM Detection",
36	+ "beacon_id": 138
37	},
38	{
39	"slug": "section_user_forms",
40	"title": "User Forms Bot Detection",
41	+ "title_short": "User Forms Bot Detection",
42	+ "beacon_id": 239
43	},
44	{
45	"slug": "section_non_ui",

54	"type": "checkbox",
55	"link_info": "https://shsec.io/ir",
56	"link_blog": "",
57	+ "beacon_id": 404,
58	"name": "Enable MainWP",
59	"summary": "Enable The Built-In MainWP Extension",
60	"description": "This option will enable Shield's built-in MainWP extension for both server and client."

103	"value_key": "ninjaforms",
104	"text": "Ninja Forms"
105	},
106	+ {
107	+ "value_key": "superforms",
108	+ "text": "Super Forms"
109	+ },
110	{
111	"value_key": "wpforo",
112	"text": "wpForo"

118	],
119	"link_info": "https://shsec.io/k2",
120	"link_blog": "https://shsec.io/k3",
121	+ "beacon_id": 138,
122	"name": "SPAM Form Checking",
123	"summary": "Select The Form Providers That Should Be Checked For SPAM",
124	"description": "Select The Form Providers That Should Be Checked For SPAM."

129	"premium": true,
130	"advanced": true,
131	"type": "multiple_select",
132	+ "default": [
133	+ "wordpress"
134	+ ],
135	"value_options": [
136	{
137	"value_key": "buddypress",

180	],
181	"link_info": "https://shsec.io/k4",
182	"link_blog": "https://shsec.io/k3",
183	+ "beacon_id": 239,
184	"name": "User Form Checking",
185	"summary": "Select The User Form Providers That Should Be Checked For SPAM Registrations and Logins",
186	"description": "Select The User Form Providers That Should Be Checked For SPAM Registrations and Logins"

188	],
189	"definitions": {
190	"events": {
191	+ "spam_form_pass": {
192	"stat": true,
193	"audit": true,
194	"offense": false
195	},
196	+ "spam_form_fail": {
197	+ "stat": true,
198	+ "audit": true,
199	"offense": false
200	},
201	"user_form_bot_pass": {

204	"offense": false
205	},
206	"user_form_bot_fail": {
207	+ "stat": true,
208	+ "audit": true,
209	"offense": true
210	}
211	}

src/config/feature-ips.php CHANGED Viewed

	@@ -18,8 +18,8 @@
18	},
19	"menu_items": [
20	{
21	- "title": "IP Manager",
22	- "slug": "ips-redirect"
23	}
24	],
25	"custom_redirects": [
	@@ -60,6 +60,7 @@
60	"primary": true,
61	"title": "Automatic IP Black List",
62	"title_short": "Auto IP Blocking Rules",

63	"summary": [
64	"Purpose - The Automatic IP Black List system will block the IP addresses of naughty visitors after a specified number of transgressions.",
65	"Recommendation - Keep the Automatic IP Black List feature turned on."
	@@ -68,14 +69,13 @@
68	{
69	"slug": "section_antibot",
70	"title": "AntiBot System",
71	- "title_short": "AntiBot System",
72	- "summary": [
73	- ]
74	},
75	{
76	"slug": "section_logins",
77	"title": "Capture Login Bots",
78	"title_short": "Login Bots",

79	"summary": [
80	"Recommendation - Enable to capture bots/spiders that don't honour 'nofollow' directives."
81	]
	@@ -84,6 +84,7 @@
84	"slug": "section_probes",
85	"title": "Capture Probing Bots",
86	"title_short": "Probing Bots",

87	"summary": [
88	"Recommendation - Enable to capture bots/spiders that don't honour 'nofollow' directives."
89	]
	@@ -92,23 +93,16 @@
92	"slug": "section_behaviours",
93	"title": "Identify Common Bot Behaviours",
94	"title_short": "Bot Behaviours",

95	"summary": [
96	"Recommendation - Enable to capture bots/spiders that don't honour 'nofollow' directives."
97	]
98	},
99	- {
100	- "slug": "section_enable_plugin_feature_bottrap",
101	- "title": "Enable Module: BotTrap",
102	- "title_short": "Enable Module",
103	- "summary": [
104	- "Purpose - BotTrap monitors a typical set of bot behaviours to help identify probing bots.",
105	- "Recommendation - Enable as many bot traps as possible."
106	- ]
107	- },
108	{
109	"slug": "section_user_messages",
110	"title": "Customize Messages Shown To User",
111	"title_short": "Visitor Messages",

112	"summary": [
113	"Purpose - Customize the messages shown to visitors.",
114	"Recommendation - Be sure to change the messages to suit your audience.",
	@@ -138,6 +132,7 @@
138	"type": "checkbox",
139	"link_info": "https://shsec.io/ea",
140	"link_blog": "https://shsec.io/wpsf26",

141	"name": "Enable IP Manager",
142	"summary": "Enable (or Disable) The IP Manager module",
143	"description": "Un-Checking this option will completely disable the IP Manager module"
	@@ -147,10 +142,11 @@
147	"section": "section_antibot",
148	"default": 35,
149	"type": "integer",
150	- "min": 1,
151	"max": 99,
152	"link_info": "https://shsec.io/jy",
153	"link_blog": "https://shsec.io/jz",

154	"name": "AntiBot Threshold",
155	"summary": "AntiBot Testing Threshold (Percentage)",
156	"description": "When using Shield's AntiBot system, this is the threshold used for testing (between 1 and 99)."
	@@ -162,6 +158,7 @@
162	"type": "integer",
163	"link_info": "https://shsec.io/wpsf24",
164	"link_blog": "https://shsec.io/wpsf26",

165	"name": "Offense Limit",
166	"summary": "Visitor IP address will be Black Listed after X bad actions on your site",
167	"description": "A black mark is set against an IP address each time a visitor trips the defenses of the Shield plugin. When the number of these offenses exceeds specified limit, they are automatically blocked from accessing the site. Set this to 0 to turn off the Automatic IP Black List feature."
	@@ -196,6 +193,7 @@
196	],
197	"link_info": "https://shsec.io/wpsf25",
198	"link_blog": "https://shsec.io/wpsf26",

199	"name": "Auto Block Expiration",
200	"summary": "After 1 'X' a black listed IP will be removed from the black list",
201	"description": "Permanent and lengthy IP Black Lists are harmful to performance. You should allow IP addresses on the black list to be eventually removed over time. Shorter IP black lists are more efficient and a more intelligent use of an IP-based blocking system."
	@@ -219,6 +217,7 @@
219	],
220	"link_info": "https://shsec.io/f8",
221	"link_blog": "",

222	"name": "User Auto Unblock",
223	"summary": "Allow Visitors To Unblock Their IP",
224	"description": "Allow visitors blocked by the plugin to automatically unblock themselves."
	@@ -232,6 +231,7 @@
232	"type": "array",
233	"link_info": "https://shsec.io/gd",
234	"link_blog": "",

235	"name": "Request Path Whitelist",
236	"summary": "Request Path Whitelist",
237	"description": "Request Path Whitelist."
	@@ -245,6 +245,7 @@
245	"type": "text",
246	"link_info": "https://shsec.io/e8",
247	"link_blog": "",

248	"name": "Login Failed",
249	"summary": "Visitor Triggers The IP Offenses System Through A Failed Login",
250	"description": "This message is displayed if the visitor fails a login attempt."
	@@ -279,6 +280,7 @@
279	],
280	"link_info": "https://shsec.io/fo",
281	"link_blog": "https://shsec.io/f7",

282	"name": "404 Detect",
283	"summary": "Identify A Bot When It Hits A 404",
284	"description": "Detect When A Visitor Browses To A Non-Existent Page."
	@@ -313,6 +315,7 @@
313	],
314	"link_info": "https://shsec.io/fo",
315	"link_blog": "https://shsec.io/f6",

316	"name": "Link Cheese",
317	"summary": "Tempt A Bot With A Fake Link To Follow",
318	"description": "Detect A Bot That Follows A 'no-follow' Link."
	@@ -347,6 +350,7 @@
347	],
348	"link_info": "https://shsec.io/fo",
349	"link_blog": "https://shsec.io/f7",

350	"name": "XML-RPC Access",
351	"summary": "Identify A Bot When It Accesses XML-RPC",
352	"description": "If you don't use XML-RPC, why would anyone access it?"
	@@ -381,6 +385,7 @@
381	],
382	"link_info": "https://shsec.io/fo",
383	"link_blog": "https://shsec.io/f7",

384	"name": "Invalid Script Load",
385	"summary": "Identify A Bot Attempts To Load WordPress In A Non-Standard Way",
386	"description": "WordPress should only be loaded in a limited number of ways."
	@@ -414,6 +419,7 @@
414	],
415	"link_info": "https://shsec.io/fn",
416	"link_blog": "https://shsec.io/f7",

417	"name": "Failed Login",
418	"summary": "Detect Failed Login Attempts By Valid Usernames",
419	"description": "Penalise a visitor who fails to login using a valid username."
	@@ -448,6 +454,7 @@
448	],
449	"link_info": "https://shsec.io/fn",
450	"link_blog": "https://shsec.io/f7",

451	"name": "Invalid Usernames",
452	"summary": "Detect Invalid Username Logins",
453	"description": "Identify A Bot When It Tries To Login With A Non-Existent Username."
	@@ -482,6 +489,7 @@
482	],
483	"link_info": "https://shsec.io/f5",
484	"link_blog": "https://shsec.io/f7",

485	"name": "Fake Web Crawler",
486	"summary": "Detect Fake Search Engine Crawlers",
487	"description": "Identify a Bot when it presents as an official web crawler, but analysis shows it's fake."
	@@ -516,6 +524,7 @@
516	],
517	"link_info": "https://shsec.io/fi",
518	"link_blog": "https://shsec.io/f7",

519	"name": "Empty User Agents",
520	"summary": "Detect Requests With Empty User Agents",
521	"description": "Identify a request as a bot if the user agent is not provided."
	@@ -529,6 +538,7 @@
529	"type": "text",
530	"link_info": "https://shsec.io/e9",
531	"link_blog": "",

532	"name": "Remaining Offenses",
533	"summary": "Visitor Triggers The IP Offenses System Through A Firewall Block",
534	"description": "This message is displayed if the visitor triggered the IP Offenses system and reports how many offenses remain before being blocked."
	@@ -549,12 +559,12 @@
549	}
550	],
551	"definitions": {
552	- "db_classes": {
553	"botsignals": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\BotSignals\\Handler",
554	"ip_lists": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\IPs\\Handler"
555	},
556	- "ip_lists_table_name": "ip_lists",
557	- "db_table_ip_lists": {
558	"slug": "ip_lists",
559	"cols_custom": {
560	"ip": "varchar(60) NOT NULL DEFAULT '' COMMENT 'Human readable IP address or range'",
	@@ -569,7 +579,7 @@
569	"blocked_at": "IP Blocked"
570	}
571	},
572	- "db_table_botsignals": {
573	"autoexpire": 3,
574	"slug": "botsignals",
575	"col_older_than": "updated_at",
	@@ -579,7 +589,7 @@
579	},
580	"cols_timestamps": {
581	"notbot_at": "NotBot",
582	- "frontpage_at": "~~Front~~ Page Loaded",
583	"loginpage_at": "Login Page Loaded",
584	"bt404_at": "BotTrack 404",
585	"btfake_at": "BotTrack FakeWebCrawler",
	@@ -604,7 +614,7 @@
604	"bypass_at": "Bypass"
605	}
606	},
607	- "events": {
608	"custom_offense": {
609	"cat": 3,
610	"offense": true


18	},
19	"menu_items": [
20	{
21	+ "title": "IP Manager",
22	+ "slug": "ips-redirect"
23	}
24	],
25	"custom_redirects": [

60	"primary": true,
61	"title": "Automatic IP Black List",
62	"title_short": "Auto IP Blocking Rules",
63	+ "beacon_id": 208,
64	"summary": [
65	"Purpose - The Automatic IP Black List system will block the IP addresses of naughty visitors after a specified number of transgressions.",
66	"Recommendation - Keep the Automatic IP Black List feature turned on."

69	{
70	"slug": "section_antibot",
71	"title": "AntiBot System",
72	+ "title_short": "AntiBot System"


73	},
74	{
75	"slug": "section_logins",
76	"title": "Capture Login Bots",
77	"title_short": "Login Bots",
78	+ "beacon_id": 122,
79	"summary": [
80	"Recommendation - Enable to capture bots/spiders that don't honour 'nofollow' directives."
81	]

84	"slug": "section_probes",
85	"title": "Capture Probing Bots",
86	"title_short": "Probing Bots",
87	+ "beacon_id": 123,
88	"summary": [
89	"Recommendation - Enable to capture bots/spiders that don't honour 'nofollow' directives."
90	]

93	"slug": "section_behaviours",
94	"title": "Identify Common Bot Behaviours",
95	"title_short": "Bot Behaviours",
96	+ "beacon_id": 124,
97	"summary": [
98	"Recommendation - Enable to capture bots/spiders that don't honour 'nofollow' directives."
99	]
100	},









101	{
102	"slug": "section_user_messages",
103	"title": "Customize Messages Shown To User",
104	"title_short": "Visitor Messages",
105	+ "beacon_id": 139,
106	"summary": [
107	"Purpose - Customize the messages shown to visitors.",
108	"Recommendation - Be sure to change the messages to suit your audience.",

132	"type": "checkbox",
133	"link_info": "https://shsec.io/ea",
134	"link_blog": "https://shsec.io/wpsf26",
135	+ "beacon_id": 208,
136	"name": "Enable IP Manager",
137	"summary": "Enable (or Disable) The IP Manager module",
138	"description": "Un-Checking this option will completely disable the IP Manager module"

142	"section": "section_antibot",
143	"default": 35,
144	"type": "integer",
145	+ "min": 0,
146	"max": 99,
147	"link_info": "https://shsec.io/jy",
148	"link_blog": "https://shsec.io/jz",
149	+ "beacon_id": 424,
150	"name": "AntiBot Threshold",
151	"summary": "AntiBot Testing Threshold (Percentage)",
152	"description": "When using Shield's AntiBot system, this is the threshold used for testing (between 1 and 99)."

158	"type": "integer",
159	"link_info": "https://shsec.io/wpsf24",
160	"link_blog": "https://shsec.io/wpsf26",
161	+ "beacon_id": 207,
162	"name": "Offense Limit",
163	"summary": "Visitor IP address will be Black Listed after X bad actions on your site",
164	"description": "A black mark is set against an IP address each time a visitor trips the defenses of the Shield plugin. When the number of these offenses exceeds specified limit, they are automatically blocked from accessing the site. Set this to 0 to turn off the Automatic IP Black List feature."

193	],
194	"link_info": "https://shsec.io/wpsf25",
195	"link_blog": "https://shsec.io/wpsf26",
196	+ "beacon_id": 210,
197	"name": "Auto Block Expiration",
198	"summary": "After 1 'X' a black listed IP will be removed from the black list",
199	"description": "Permanent and lengthy IP Black Lists are harmful to performance. You should allow IP addresses on the black list to be eventually removed over time. Shorter IP black lists are more efficient and a more intelligent use of an IP-based blocking system."

217	],
218	"link_info": "https://shsec.io/f8",
219	"link_blog": "",
220	+ "beacon_id": 125,
221	"name": "User Auto Unblock",
222	"summary": "Allow Visitors To Unblock Their IP",
223	"description": "Allow visitors blocked by the plugin to automatically unblock themselves."

231	"type": "array",
232	"link_info": "https://shsec.io/gd",
233	"link_blog": "",
234	+ "beacon_id": 126,
235	"name": "Request Path Whitelist",
236	"summary": "Request Path Whitelist",
237	"description": "Request Path Whitelist."

245	"type": "text",
246	"link_info": "https://shsec.io/e8",
247	"link_blog": "",
248	+ "beacon_id": 139,
249	"name": "Login Failed",
250	"summary": "Visitor Triggers The IP Offenses System Through A Failed Login",
251	"description": "This message is displayed if the visitor fails a login attempt."

280	],
281	"link_info": "https://shsec.io/fo",
282	"link_blog": "https://shsec.io/f7",
283	+ "beacon_id": 123,
284	"name": "404 Detect",
285	"summary": "Identify A Bot When It Hits A 404",
286	"description": "Detect When A Visitor Browses To A Non-Existent Page."

315	],
316	"link_info": "https://shsec.io/fo",
317	"link_blog": "https://shsec.io/f6",
318	+ "beacon_id": 123,
319	"name": "Link Cheese",
320	"summary": "Tempt A Bot With A Fake Link To Follow",
321	"description": "Detect A Bot That Follows A 'no-follow' Link."

350	],
351	"link_info": "https://shsec.io/fo",
352	"link_blog": "https://shsec.io/f7",
353	+ "beacon_id": 123,
354	"name": "XML-RPC Access",
355	"summary": "Identify A Bot When It Accesses XML-RPC",
356	"description": "If you don't use XML-RPC, why would anyone access it?"

385	],
386	"link_info": "https://shsec.io/fo",
387	"link_blog": "https://shsec.io/f7",
388	+ "beacon_id": 123,
389	"name": "Invalid Script Load",
390	"summary": "Identify A Bot Attempts To Load WordPress In A Non-Standard Way",
391	"description": "WordPress should only be loaded in a limited number of ways."

419	],
420	"link_info": "https://shsec.io/fn",
421	"link_blog": "https://shsec.io/f7",
422	+ "beacon_id": 122,
423	"name": "Failed Login",
424	"summary": "Detect Failed Login Attempts By Valid Usernames",
425	"description": "Penalise a visitor who fails to login using a valid username."

454	],
455	"link_info": "https://shsec.io/fn",
456	"link_blog": "https://shsec.io/f7",
457	+ "beacon_id": 122,
458	"name": "Invalid Usernames",
459	"summary": "Detect Invalid Username Logins",
460	"description": "Identify A Bot When It Tries To Login With A Non-Existent Username."

489	],
490	"link_info": "https://shsec.io/f5",
491	"link_blog": "https://shsec.io/f7",
492	+ "beacon_id": 206,
493	"name": "Fake Web Crawler",
494	"summary": "Detect Fake Search Engine Crawlers",
495	"description": "Identify a Bot when it presents as an official web crawler, but analysis shows it's fake."

524	],
525	"link_info": "https://shsec.io/fi",
526	"link_blog": "https://shsec.io/f7",
527	+ "beacon_id": 124,
528	"name": "Empty User Agents",
529	"summary": "Detect Requests With Empty User Agents",
530	"description": "Identify a request as a bot if the user agent is not provided."

538	"type": "text",
539	"link_info": "https://shsec.io/e9",
540	"link_blog": "",
541	+ "beacon_id": 139,
542	"name": "Remaining Offenses",
543	"summary": "Visitor Triggers The IP Offenses System Through A Firewall Block",
544	"description": "This message is displayed if the visitor triggered the IP Offenses system and reports how many offenses remain before being blocked."

559	}
560	],
561	"definitions": {
562	+ "db_classes": {
563	"botsignals": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\BotSignals\\Handler",
564	"ip_lists": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\IPs\\Handler"
565	},
566	+ "ip_lists_table_name": "ip_lists",
567	+ "db_table_ip_lists": {
568	"slug": "ip_lists",
569	"cols_custom": {
570	"ip": "varchar(60) NOT NULL DEFAULT '' COMMENT 'Human readable IP address or range'",

579	"blocked_at": "IP Blocked"
580	}
581	},
582	+ "db_table_botsignals": {
583	"autoexpire": 3,
584	"slug": "botsignals",
585	"col_older_than": "updated_at",

589	},
590	"cols_timestamps": {
591	"notbot_at": "NotBot",
592	+ "frontpage_at": "Any Frontend Page Loaded",
593	"loginpage_at": "Login Page Loaded",
594	"bt404_at": "BotTrack 404",
595	"btfake_at": "BotTrack FakeWebCrawler",

614	"bypass_at": "Bypass"
615	}
616	},
617	+ "events": {
618	"custom_offense": {
619	"cat": 3,
620	"offense": true

src/config/feature-lockdown.php CHANGED Viewed

	@@ -18,10 +18,11 @@
18	},
19	"sections": [
20	{
21	- "slug": "section_apixml",
22	"primary": true,

23	"title": "WordPress System Lockdown",
24	"title_short": "System",

25	"summary": [
26	"Purpose - Lockdown certain core WordPress system features.",
27	"Recommendation - This depends on your usage and needs for certain WordPress functions and features."
	@@ -31,6 +32,7 @@
31	"slug": "section_permission_access_options",
32	"title": "Permissions and Access Options",
33	"title_short": "Permissions",

34	"summary": [
35	"Purpose - Provides finer control of certain WordPress permissions.",
36	"Recommendation - Only enable SSL if you have a valid certificate installed."
	@@ -40,6 +42,7 @@
40	"slug": "section_wordpress_obscurity_options",
41	"title": "WordPress Obscurity Options",
42	"title_short": "Obscurity",

43	"summary": [
44	"Purpose - Obscures certain WordPress settings from public view.",
45	"Recommendation - Obscurity is not true security and so these settings are down to your personal tastes."
	@@ -49,6 +52,7 @@
49	"slug": "section_enable_plugin_feature_wordpress_lockdown",
50	"title": "Enable Module: Lockdown",
51	"title_short": "Disable Module",

52	"summary": [
53	"Purpose - Lockdown helps secure-up certain loosely-controlled WordPress settings on your site.",
54	"Recommendation - Keep the Lockdown feature turned on."
	@@ -68,6 +72,7 @@
68	"type": "checkbox",
69	"link_info": "https://shsec.io/4r",
70	"link_blog": "",

71	"name": "Enable Lockdown",
72	"summary": "Enable (or Disable) The Lockdown module",
73	"description": "Un-Checking this option will completely disable the Lockdown module"
	@@ -79,6 +84,7 @@
79	"type": "checkbox",
80	"link_info": "https://shsec.io/e6",
81	"link_blog": "https://shsec.io/fb",

82	"name": "Disable XML-RPC",
83	"summary": "Disable The XML-RPC System",
84	"description": "Checking this option will completely turn off the whole XML-RPC system."
	@@ -117,6 +123,7 @@
117	"type": "checkbox",
118	"link_info": "https://shsec.io/4q",
119	"link_blog": "https://shsec.io/hk",

120	"name": "Disable File Editing",
121	"summary": "Disable Ability To Edit Files From Within WordPress",
122	"description": "Removes the option to directly edit any files from within the WordPress admin area. Equivalent to setting 'DISALLOW_FILE_EDIT' to TRUE."
	@@ -128,6 +135,7 @@
128	"type": "checkbox",
129	"link_info": "https://shsec.io/4t",
130	"link_blog": "",

131	"name": "Force SSL Admin",
132	"summary": "Forces WordPress Admin Dashboard To Be Delivered Over SSL",
133	"description": "Please only enable this option if you have a valid SSL certificate installed. Equivalent to setting 'FORCE_SSL_ADMIN' to TRUE."
	@@ -179,8 +187,8 @@
179	"recent": true
180	},
181	"block_xml": {
182	- "audit": false,
183	- "recent": true,
184	"offense": true
185	}
186	}


18	},
19	"sections": [
20	{

21	"primary": true,
22	+ "slug": "section_apixml",
23	"title": "WordPress System Lockdown",
24	"title_short": "System",
25	+ "beacon_id": 413,
26	"summary": [
27	"Purpose - Lockdown certain core WordPress system features.",
28	"Recommendation - This depends on your usage and needs for certain WordPress functions and features."

32	"slug": "section_permission_access_options",
33	"title": "Permissions and Access Options",
34	"title_short": "Permissions",
35	+ "beacon_id": 415,
36	"summary": [
37	"Purpose - Provides finer control of certain WordPress permissions.",
38	"Recommendation - Only enable SSL if you have a valid certificate installed."

42	"slug": "section_wordpress_obscurity_options",
43	"title": "WordPress Obscurity Options",
44	"title_short": "Obscurity",
45	+ "beacon_id": 418,
46	"summary": [
47	"Purpose - Obscures certain WordPress settings from public view.",
48	"Recommendation - Obscurity is not true security and so these settings are down to your personal tastes."

52	"slug": "section_enable_plugin_feature_wordpress_lockdown",
53	"title": "Enable Module: Lockdown",
54	"title_short": "Disable Module",
55	+ "beacon_id": 272,
56	"summary": [
57	"Purpose - Lockdown helps secure-up certain loosely-controlled WordPress settings on your site.",
58	"Recommendation - Keep the Lockdown feature turned on."

72	"type": "checkbox",
73	"link_info": "https://shsec.io/4r",
74	"link_blog": "",
75	+ "beacon_id": 272,
76	"name": "Enable Lockdown",
77	"summary": "Enable (or Disable) The Lockdown module",
78	"description": "Un-Checking this option will completely disable the Lockdown module"

84	"type": "checkbox",
85	"link_info": "https://shsec.io/e6",
86	"link_blog": "https://shsec.io/fb",
87	+ "beacon_id": 414,
88	"name": "Disable XML-RPC",
89	"summary": "Disable The XML-RPC System",
90	"description": "Checking this option will completely turn off the whole XML-RPC system."

123	"type": "checkbox",
124	"link_info": "https://shsec.io/4q",
125	"link_blog": "https://shsec.io/hk",
126	+ "beacon_id": 416,
127	"name": "Disable File Editing",
128	"summary": "Disable Ability To Edit Files From Within WordPress",
129	"description": "Removes the option to directly edit any files from within the WordPress admin area. Equivalent to setting 'DISALLOW_FILE_EDIT' to TRUE."

135	"type": "checkbox",
136	"link_info": "https://shsec.io/4t",
137	"link_blog": "",
138	+ "beacon_id": 417,
139	"name": "Force SSL Admin",
140	"summary": "Forces WordPress Admin Dashboard To Be Delivered Over SSL",
141	"description": "Please only enable this option if you have a valid SSL certificate installed. Equivalent to setting 'FORCE_SSL_ADMIN' to TRUE."

187	"recent": true
188	},
189	"block_xml": {
190	+ "audit": false,
191	+ "recent": true,
192	"offense": true
193	}
194	}

src/config/feature-login_protect.php CHANGED Viewed

	@@ -33,6 +33,7 @@
33	"primary": true,
34	"title": "Brute Force Login Guard",
35	"title_short": "Brute Force",

36	"summary": [
37	"Purpose - Blocks brute force hacking attacks against your login and registration pages.",
38	"Recommendation - Use of this feature is highly recommend."
	@@ -42,6 +43,7 @@
42	"slug": "section_2fa_email",
43	"title": "Email Two-Factor Authentication",
44	"title_short": "2FA - Email",

45	"summary": [
46	"Purpose - Verifies the identity of users who log in to your site using email-based one-time-passwords.",
47	"Recommendation - Use of this feature is highly recommend. However, if your host blocks email sending you may lock yourself out.",
	@@ -52,6 +54,7 @@
52	"slug": "section_2fa_ga",
53	"title": "Google Authenticator Two-Factor Authentication",
54	"title_short": "2FA - Google Authenticator",

55	"summary": [
56	"Purpose - Verifies the identity of users who log in to your site using Google Authenticator one-time-passwords.",
57	"Recommendation - Use of this feature is highly recommend. However, if your host blocks email sending you may lock yourself out.",
	@@ -62,6 +65,7 @@
62	"slug": "section_hardware_authentication",
63	"title": "Hardware 2-Factor Authentication",
64	"title_short": "2FA - Hardware",

65	"summary": [
66	"Purpose - Verifies the identity of users who log in to your site using Yubikey one-time-passwords.",
67	"Note: You may combine multiple authentication factors for increased security."
	@@ -71,6 +75,7 @@
71	"slug": "section_multifactor_authentication",
72	"title": "Multi-Factor Authentication",
73	"title_short": "2-Factor Auth",

74	"summary": [
75	"Purpose - Verifies the identity of users who log in to your site - i.e. they are who they say they are.",
76	"Recommendation - Use of this feature is highly recommend. However, if your host blocks email sending you may lock yourself out.",
	@@ -81,6 +86,7 @@
81	"slug": "section_rename_wplogin",
82	"title": "Hide WP Login Page",
83	"title_short": "Hide Login Page",

84	"summary": [
85	"Purpose - To hide your wp-login.php page from brute force attacks and hacking attempts - if your login page cannot be found, no-one can login.",
86	"Recommendation - This is not required for complete security and if your site has irregular or inconsistent configuration it may not work for you."
	@@ -90,6 +96,7 @@
90	"slug": "section_user_messages",
91	"title": "User Messages",
92	"title_short": "User Messages",

93	"summary": [
94	"Purpose - Customize the messages shown to visitors.",
95	"Recommendation - Be sure to change the messages to suit your audience.",
	@@ -100,6 +107,7 @@
100	"slug": "section_enable_plugin_feature_login_protection",
101	"title": "Disable Login Guard Module",
102	"title_short": "Disable",

103	"summary": [
104	"Purpose - Login Guard blocks all automated and brute force attempts to log in to your site.",
105	"Recommendation - Keep the Login Guard module turned on."
	@@ -119,6 +127,7 @@
119	"type": "checkbox",
120	"link_info": "https://shsec.io/51",
121	"link_blog": "https://shsec.io/wpsf03",

122	"name": "Enable Login Guard",
123	"summary": "Enable (or Disable) The Login Guard Module",
124	"description": "Un-Checking this option will completely disable the Login Guard module"
	@@ -132,6 +141,7 @@
132	"type": "text",
133	"link_info": "https://shsec.io/5q",
134	"link_blog": "https://shsec.io/5r",

135	"name": "Hide Login Page",
136	"summary": "Rename The WordPress Login Page",
137	"description": "Creating a path here will disable your 'wp-login.php'. Only letters and numbers are permitted: abc123"
	@@ -143,6 +153,7 @@
143	"type": "checkbox",
144	"link_info": "https://shsec.io/9r",
145	"link_blog": "https://shsec.io/84",

146	"name": "Multi-Factor Authentication",
147	"summary": "Require All Active Authentication Factors",
148	"description": "When enabled, all multi-factor authentication methods will be applied to a user login. Disable to only require one to pass."
	@@ -156,6 +167,7 @@
156	"type": "integer",
157	"link_info": "https://shsec.io/b1",
158	"link_blog": "",

159	"name": "Multi-Factor Bypass",
160	"summary": "A User Can Bypass Multi-Factor Authentication (MFA) For The Set Number Of Days",
161	"description": "Enter the number of days a user can bypass future MFA after a successful MFA-login. 0 to disable."
	@@ -168,6 +180,7 @@
168	"type": "checkbox",
169	"link_info": "https://shsec.io/dx",
170	"link_blog": "https://shsec.io/dy",

171	"name": "Allow Backup Codes",
172	"summary": "Allow Users To Generate A Backup Code",
173	"description": "Allow users to generate a backup code that can be used to login if MFA factors are unavailable."
	@@ -179,6 +192,7 @@
179	"type": "checkbox",
180	"link_info": "https://shsec.io/shld7",
181	"link_blog": "https://shsec.io/shld6",

182	"name": "Enable Google Authenticator",
183	"summary": "Allow Users To Use Google Authenticator",
184	"description": "When enabled, users will have the option to add Google Authenticator to their WordPress user profile."
	@@ -190,6 +204,7 @@
190	"type": "checkbox",
191	"link_info": "https://shsec.io/3t",
192	"link_blog": "https://shsec.io/9q",

193	"name": "Enable Email Authentication",
194	"summary": "Two-Factor Login Authentication By Email",
195	"description": "All users will be required to verify their login by email-based two-factor authentication."
	@@ -249,6 +264,7 @@
249	],
250	"link_info": "https://shsec.io/4v",
251	"link_blog": "",

252	"name": "Enforce - Email Authentication",
253	"summary": "All User Roles Subject To Email Authentication",
254	"description": "Enforces email-based authentication on all users with the selected roles. Note: This setting only applies to email authentication."
	@@ -261,6 +277,7 @@
261	"type": "checkbox",
262	"link_info": "https://shsec.io/gj",
263	"link_blog": "",

264	"name": "Allow Any User",
265	"summary": "Allow Any User To Turn-On Two-Factor Authentication By Email",
266	"description": "Allow Any User To Turn-On Two-Factor Authentication By Email."
	@@ -272,6 +289,7 @@
272	"type": "checkbox",
273	"link_info": "https://shsec.io/k0",
274	"link_blog": "https://shsec.io/jo",

275	"name": "AntiBot",
276	"summary": "Use Experimental AntiBot Detection Engine",
277	"description": "Use Shield's AntiBot Detection Engine In-Place of GASP/CAPTCHA Bot checking."
	@@ -303,6 +321,7 @@
303	],
304	"link_info": "https://shsec.io/dv",
305	"link_blog": "",

306	"name": "Protection Locations",
307	"summary": "How Google reCAPTCHA Will Be Displayed",
308	"description": "Choose for which forms bot protection measures will be deployed."
	@@ -315,6 +334,7 @@
315	"type": "integer",
316	"link_info": "https://shsec.io/3q",
317	"link_blog": "https://shsec.io/9o",

318	"name": "Login Cooldown Interval",
319	"summary": "Limit login attempts to every X seconds",
320	"description": "WordPress will process only ONE login attempt for every number of seconds specified. Zero (0) turns this off."
	@@ -326,6 +346,7 @@
326	"type": "checkbox",
327	"link_info": "https://shsec.io/3r",
328	"link_blog": "https://shsec.io/9n",

329	"name": "Bot Protection",
330	"summary": "Protect WP Login From Automated Login Attempts By Bots",
331	"description": "Adds a dynamically (Javascript) generated checkbox to the login form that prevents bots using automated login techniques. Recommended: ON."
	@@ -359,6 +380,7 @@
359	],
360	"link_info": "https://shsec.io/9m",
361	"link_blog": "",

362	"name": "CAPTCHA",
363	"summary": "Enable CAPTCHA",
364	"description": "Use CAPTCHA on the login screen."
	@@ -372,6 +394,7 @@
372	"default": [],
373	"link_info": "https://shsec.io/hg",
374	"link_blog": "",

375	"name": "AntiBot Forms",
376	"summary": "Enter The IDs Of The 3rd Party Login Forms For Use With AntiBot JS",
377	"description": "For Use With AnitBot JS (above)."
	@@ -395,6 +418,7 @@
395	"type": "checkbox",
396	"link_info": "https://shsec.io/4f",
397	"link_blog": "https://shsec.io/9t",

398	"name": "Allow Yubikey OTP",
399	"summary": "Allow Yubikey Registration For One Time Passwords",
400	"description": "Combined with your Yubikey API Key (below) this will form the basis of your Yubikey Authentication."
	@@ -407,6 +431,7 @@
407	"type": "text",
408	"link_info": "https://shsec.io/4g",
409	"link_blog": "",

410	"name": "Yubikey App ID",
411	"summary": "Your Unique Yubikey App ID",
412	"description": "Combined with your Yubikey API Key this will form the basis of your Yubikey Authentication."
	@@ -419,6 +444,7 @@
419	"type": "text",
420	"link_info": "https://shsec.io/4g",
421	"link_blog": "",

422	"name": "Yubikey API Key",
423	"summary": "Your Unique Yubikey App API Key",
424	"description": "Combined with your Yubikey App ID this will form the basis of your Yubikey Authentication."


33	"primary": true,
34	"title": "Brute Force Login Guard",
35	"title_short": "Brute Force",
36	+ "beacon_id": 325,
37	"summary": [
38	"Purpose - Blocks brute force hacking attacks against your login and registration pages.",
39	"Recommendation - Use of this feature is highly recommend."

43	"slug": "section_2fa_email",
44	"title": "Email Two-Factor Authentication",
45	"title_short": "2FA - Email",
46	+ "beacon_id": 246,
47	"summary": [
48	"Purpose - Verifies the identity of users who log in to your site using email-based one-time-passwords.",
49	"Recommendation - Use of this feature is highly recommend. However, if your host blocks email sending you may lock yourself out.",

54	"slug": "section_2fa_ga",
55	"title": "Google Authenticator Two-Factor Authentication",
56	"title_short": "2FA - Google Authenticator",
57	+ "beacon_id": 244,
58	"summary": [
59	"Purpose - Verifies the identity of users who log in to your site using Google Authenticator one-time-passwords.",
60	"Recommendation - Use of this feature is highly recommend. However, if your host blocks email sending you may lock yourself out.",

65	"slug": "section_hardware_authentication",
66	"title": "Hardware 2-Factor Authentication",
67	"title_short": "2FA - Hardware",
68	+ "beacon_id": 249,
69	"summary": [
70	"Purpose - Verifies the identity of users who log in to your site using Yubikey one-time-passwords.",
71	"Note: You may combine multiple authentication factors for increased security."

75	"slug": "section_multifactor_authentication",
76	"title": "Multi-Factor Authentication",
77	"title_short": "2-Factor Auth",
78	+ "beacon_id": 326,
79	"summary": [
80	"Purpose - Verifies the identity of users who log in to your site - i.e. they are who they say they are.",
81	"Recommendation - Use of this feature is highly recommend. However, if your host blocks email sending you may lock yourself out.",

86	"slug": "section_rename_wplogin",
87	"title": "Hide WP Login Page",
88	"title_short": "Hide Login Page",
89	+ "beacon_id": 316,
90	"summary": [
91	"Purpose - To hide your wp-login.php page from brute force attacks and hacking attempts - if your login page cannot be found, no-one can login.",
92	"Recommendation - This is not required for complete security and if your site has irregular or inconsistent configuration it may not work for you."

96	"slug": "section_user_messages",
97	"title": "User Messages",
98	"title_short": "User Messages",
99	+ "beacon_id": 139,
100	"summary": [
101	"Purpose - Customize the messages shown to visitors.",
102	"Recommendation - Be sure to change the messages to suit your audience.",

107	"slug": "section_enable_plugin_feature_login_protection",
108	"title": "Disable Login Guard Module",
109	"title_short": "Disable",
110	+ "beacon_id": 249,
111	"summary": [
112	"Purpose - Login Guard blocks all automated and brute force attempts to log in to your site.",
113	"Recommendation - Keep the Login Guard module turned on."

127	"type": "checkbox",
128	"link_info": "https://shsec.io/51",
129	"link_blog": "https://shsec.io/wpsf03",
130	+ "beacon_id": 249,
131	"name": "Enable Login Guard",
132	"summary": "Enable (or Disable) The Login Guard Module",
133	"description": "Un-Checking this option will completely disable the Login Guard module"

141	"type": "text",
142	"link_info": "https://shsec.io/5q",
143	"link_blog": "https://shsec.io/5r",
144	+ "beacon_id": 316,
145	"name": "Hide Login Page",
146	"summary": "Rename The WordPress Login Page",
147	"description": "Creating a path here will disable your 'wp-login.php'. Only letters and numbers are permitted: abc123"

153	"type": "checkbox",
154	"link_info": "https://shsec.io/9r",
155	"link_blog": "https://shsec.io/84",
156	+ "beacon_id": 326,
157	"name": "Multi-Factor Authentication",
158	"summary": "Require All Active Authentication Factors",
159	"description": "When enabled, all multi-factor authentication methods will be applied to a user login. Disable to only require one to pass."

167	"type": "integer",
168	"link_info": "https://shsec.io/b1",
169	"link_blog": "",
170	+ "beacon_id": 141,
171	"name": "Multi-Factor Bypass",
172	"summary": "A User Can Bypass Multi-Factor Authentication (MFA) For The Set Number Of Days",
173	"description": "Enter the number of days a user can bypass future MFA after a successful MFA-login. 0 to disable."

180	"type": "checkbox",
181	"link_info": "https://shsec.io/dx",
182	"link_blog": "https://shsec.io/dy",
183	+ "beacon_id": 143,
184	"name": "Allow Backup Codes",
185	"summary": "Allow Users To Generate A Backup Code",
186	"description": "Allow users to generate a backup code that can be used to login if MFA factors are unavailable."

192	"type": "checkbox",
193	"link_info": "https://shsec.io/shld7",
194	"link_blog": "https://shsec.io/shld6",
195	+ "beacon_id": 245,
196	"name": "Enable Google Authenticator",
197	"summary": "Allow Users To Use Google Authenticator",
198	"description": "When enabled, users will have the option to add Google Authenticator to their WordPress user profile."

204	"type": "checkbox",
205	"link_info": "https://shsec.io/3t",
206	"link_blog": "https://shsec.io/9q",
207	+ "beacon_id": 247,
208	"name": "Enable Email Authentication",
209	"summary": "Two-Factor Login Authentication By Email",
210	"description": "All users will be required to verify their login by email-based two-factor authentication."

264	],
265	"link_info": "https://shsec.io/4v",
266	"link_blog": "",
267	+ "beacon_id": 243,
268	"name": "Enforce - Email Authentication",
269	"summary": "All User Roles Subject To Email Authentication",
270	"description": "Enforces email-based authentication on all users with the selected roles. Note: This setting only applies to email authentication."

277	"type": "checkbox",
278	"link_info": "https://shsec.io/gj",
279	"link_blog": "",
280	+ "beacon_id": 142,
281	"name": "Allow Any User",
282	"summary": "Allow Any User To Turn-On Two-Factor Authentication By Email",
283	"description": "Allow Any User To Turn-On Two-Factor Authentication By Email."

289	"type": "checkbox",
290	"link_info": "https://shsec.io/k0",
291	"link_blog": "https://shsec.io/jo",
292	+ "beacon_id": 426,
293	"name": "AntiBot",
294	"summary": "Use Experimental AntiBot Detection Engine",
295	"description": "Use Shield's AntiBot Detection Engine In-Place of GASP/CAPTCHA Bot checking."

321	],
322	"link_info": "https://shsec.io/dv",
323	"link_blog": "",
324	+ "beacon_id": 314,
325	"name": "Protection Locations",
326	"summary": "How Google reCAPTCHA Will Be Displayed",
327	"description": "Choose for which forms bot protection measures will be deployed."

334	"type": "integer",
335	"link_info": "https://shsec.io/3q",
336	"link_blog": "https://shsec.io/9o",
337	+ "beacon_id": 242,
338	"name": "Login Cooldown Interval",
339	"summary": "Limit login attempts to every X seconds",
340	"description": "WordPress will process only ONE login attempt for every number of seconds specified. Zero (0) turns this off."

346	"type": "checkbox",
347	"link_info": "https://shsec.io/3r",
348	"link_blog": "https://shsec.io/9n",
349	+ "beacon_id": 313,
350	"name": "Bot Protection",
351	"summary": "Protect WP Login From Automated Login Attempts By Bots",
352	"description": "Adds a dynamically (Javascript) generated checkbox to the login form that prevents bots using automated login techniques. Recommended: ON."

380	],
381	"link_info": "https://shsec.io/9m",
382	"link_blog": "",
383	+ "beacon_id": 269,
384	"name": "CAPTCHA",
385	"summary": "Enable CAPTCHA",
386	"description": "Use CAPTCHA on the login screen."

394	"default": [],
395	"link_info": "https://shsec.io/hg",
396	"link_blog": "",
397	+ "beacon_id": 144,
398	"name": "AntiBot Forms",
399	"summary": "Enter The IDs Of The 3rd Party Login Forms For Use With AntiBot JS",
400	"description": "For Use With AnitBot JS (above)."

418	"type": "checkbox",
419	"link_info": "https://shsec.io/4f",
420	"link_blog": "https://shsec.io/9t",
421	+ "beacon_id": 358,
422	"name": "Allow Yubikey OTP",
423	"summary": "Allow Yubikey Registration For One Time Passwords",
424	"description": "Combined with your Yubikey API Key (below) this will form the basis of your Yubikey Authentication."

431	"type": "text",
432	"link_info": "https://shsec.io/4g",
433	"link_blog": "",
434	+ "beacon_id": 360,
435	"name": "Yubikey App ID",
436	"summary": "Your Unique Yubikey App ID",
437	"description": "Combined with your Yubikey API Key this will form the basis of your Yubikey Authentication."

444	"type": "text",
445	"link_info": "https://shsec.io/4g",
446	"link_blog": "",
447	+ "beacon_id": 360,
448	"name": "Yubikey API Key",
449	"summary": "Your Unique Yubikey App API Key",
450	"description": "Combined with your Yubikey App ID this will form the basis of your Yubikey Authentication."

src/config/feature-plugin.php CHANGED Viewed

	@@ -92,28 +92,28 @@
92	},
93	"sections": [
94	{
95	- "slug": "section_defaults",
96	- "primary": true,
97	- "title": "Plugin Defaults",
98	- "title_short": "Plugin Defaults",
99	- "~~help_video_id~~": ~~"338533495"~~
100	},
101	{
102	- "slug": "section_general_plugin_options",
103	- "title": "General Plugin Options",
104	- "title_short": "General Options",
105	- "help_video_id": "338540386"
106	},
107	{
108	- "slug": "section_third_party_captcha",
109	- "title": "CAPTCHA",
110	- "title_short": "CAPTCHA",
111	- "~~help_video_id~~": ~~"338546796"~~
112	},
113	{
114	"slug": "section_importexport",
115	"title": "Import / Export",
116	- "title_short": "Import / Export"

117	},
118	{
119	"slug": "section_integrations",
	@@ -138,6 +138,7 @@
138	"type": "checkbox",
139	"link_info": "",
140	"link_blog": "",

141	"name": "Enable/Disable All Plugin Modules",
142	"summary": "Global Plugin On/Off Switch",
143	"description": "Uncheck this option to disable all Shield features"
	@@ -219,6 +220,7 @@
219	],
220	"link_info": "https://shsec.io/dn",
221	"link_blog": "",

222	"name": "Visitor IP Address",
223	"summary": "Which Address Is Yours",
224	"description": "There are many way to detect visitor IP addresses. Please select yours from the list."
	@@ -255,6 +257,7 @@
255	"type": "checkbox",
256	"link_info": "https://shsec.io/i1",
257	"link_blog": "https://shsec.io/i2",

258	"name": "Allow WP-CLI",
259	"summary": "Allow Access And Control Of This Plugin Via WP-CLI",
260	"description": "Turn off this option to disable this plugin's WP-CLI integration."
	@@ -266,6 +269,7 @@
266	"type": "checkbox",
267	"link_info": "https://shsec.io/5v",
268	"link_blog": "https://shsec.io/wpsf20",

269	"name": "Show Plugin Badge",
270	"summary": "Display Plugin Security Badge On Your Site",
271	"description": "Enabling this option helps support the plugin by spreading the word about it on your website. The plugin badge also demonstrates to visitors that you take your website security seriously."
	@@ -290,6 +294,7 @@
290	"type": "checkbox",
291	"link_info": "https://shsec.io/do",
292	"link_blog": "https://shsec.io/dp",

293	"name": "Allow Import/Export",
294	"summary": "Allow Import Of Options To, And Export Of Options From, This Site",
295	"description": "Uncheck this box to completely disable import and export of options."
	@@ -387,6 +392,7 @@
387	],
388	"link_info": "https://shsec.io/dq",
389	"link_blog": "",

390	"name": "CAPTCHA Provider",
391	"summary": "Which CAPTCHA Provider To Use Throughout",
392	"description": "You can choose the CAPTCHA provider depending on your preferences."
	@@ -413,6 +419,7 @@
413	],
414	"link_info": "https://shsec.io/dq",
415	"link_blog": "",

416	"name": "CAPTCHA Type",
417	"summary": "How Google reCAPTCHA Will Be Displayed By Default",
418	"description": "You can choose the reCAPTCHA display format that best suits your site, including the new Invisible Recaptcha."
	@@ -425,6 +432,7 @@
425	"type": "text",
426	"link_info": "https://shsec.io/shld5",
427	"link_blog": "",

428	"name": "reCAPTCHA Site Key",
429	"summary": "Google reCAPTCHA Site Key - Only v2 or Invisible. v3 NOT supported.",
430	"description": "Enter your Google reCAPTCHA site key for use throughout the plugin."
	@@ -437,6 +445,7 @@
437	"type": "text",
438	"link_info": "https://shsec.io/shld5",
439	"link_blog": "",

440	"name": "reCAPTCHA Secret",
441	"summary": "Google reCAPTCHA Secret Key - Only v2 or Invisible. v3 NOT supported.",
442	"description": "Enter your Google reCAPTCHA secret key for use throughout the plugin."


92	},
93	"sections": [
94	{
95	+ "slug": "section_defaults",
96	+ "primary": true,
97	+ "title": "Plugin Defaults",
98	+ "title_short": "Plugin Defaults",
99	+ "beacon_id": 389
100	},
101	{
102	+ "slug": "section_general_plugin_options",
103	+ "title": "General Plugin Options",
104	+ "title_short": "General Options"

105	},
106	{
107	+ "slug": "section_third_party_captcha",
108	+ "title": "CAPTCHA",
109	+ "title_short": "CAPTCHA",
110	+ "beacon_id": 390
111	},
112	{
113	"slug": "section_importexport",
114	"title": "Import / Export",
115	+ "title_short": "Import / Export",
116	+ "beacon_id": 129
117	},
118	{
119	"slug": "section_integrations",

138	"type": "checkbox",
139	"link_info": "",
140	"link_blog": "",
141	+ "beacon_id": 389,
142	"name": "Enable/Disable All Plugin Modules",
143	"summary": "Global Plugin On/Off Switch",
144	"description": "Uncheck this option to disable all Shield features"

220	],
221	"link_info": "https://shsec.io/dn",
222	"link_blog": "",
223	+ "beacon_id": 391,
224	"name": "Visitor IP Address",
225	"summary": "Which Address Is Yours",
226	"description": "There are many way to detect visitor IP addresses. Please select yours from the list."

257	"type": "checkbox",
258	"link_info": "https://shsec.io/i1",
259	"link_blog": "https://shsec.io/i2",
260	+ "beacon_id": 308,
261	"name": "Allow WP-CLI",
262	"summary": "Allow Access And Control Of This Plugin Via WP-CLI",
263	"description": "Turn off this option to disable this plugin's WP-CLI integration."

269	"type": "checkbox",
270	"link_info": "https://shsec.io/5v",
271	"link_blog": "https://shsec.io/wpsf20",
272	+ "beacon_id": 130,
273	"name": "Show Plugin Badge",
274	"summary": "Display Plugin Security Badge On Your Site",
275	"description": "Enabling this option helps support the plugin by spreading the word about it on your website. The plugin badge also demonstrates to visitors that you take your website security seriously."

294	"type": "checkbox",
295	"link_info": "https://shsec.io/do",
296	"link_blog": "https://shsec.io/dp",
297	+ "beacon_id": 129,
298	"name": "Allow Import/Export",
299	"summary": "Allow Import Of Options To, And Export Of Options From, This Site",
300	"description": "Uncheck this box to completely disable import and export of options."

392	],
393	"link_info": "https://shsec.io/dq",
394	"link_blog": "",
395	+ "beacon_id": 269,
396	"name": "CAPTCHA Provider",
397	"summary": "Which CAPTCHA Provider To Use Throughout",
398	"description": "You can choose the CAPTCHA provider depending on your preferences."

419	],
420	"link_info": "https://shsec.io/dq",
421	"link_blog": "",
422	+ "beacon_id": 269,
423	"name": "CAPTCHA Type",
424	"summary": "How Google reCAPTCHA Will Be Displayed By Default",
425	"description": "You can choose the reCAPTCHA display format that best suits your site, including the new Invisible Recaptcha."

432	"type": "text",
433	"link_info": "https://shsec.io/shld5",
434	"link_blog": "",
435	+ "beacon_id": 390,
436	"name": "reCAPTCHA Site Key",
437	"summary": "Google reCAPTCHA Site Key - Only v2 or Invisible. v3 NOT supported.",
438	"description": "Enter your Google reCAPTCHA site key for use throughout the plugin."

445	"type": "text",
446	"link_info": "https://shsec.io/shld5",
447	"link_blog": "",
448	+ "beacon_id": 390,
449	"name": "reCAPTCHA Secret",
450	"summary": "Google reCAPTCHA Secret Key - Only v2 or Invisible. v3 NOT supported.",
451	"description": "Enter your Google reCAPTCHA secret key for use throughout the plugin."

src/config/feature-reporting.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	{
2	- "properties": {
3	"slug": "reporting",
4	"name": "Reporting",
5	"storage_key": "reporting",
	@@ -16,8 +16,8 @@
16	},
17	"menu_items": [
18	{
19	- "title": "Stats (beta)",
20	- "slug": "stats-redirect"
21	}
22	],
23	"custom_redirects": [
	@@ -29,12 +29,13 @@
29	}
30	}
31	],
32	- "sections": [
33	{
34	"slug": "section_timings",
35	"primary": true,
36	"title": "Report Frequencies",
37	"title_short": "Report Frequencies",

38	"summary": [
39	"Purpose - Choose the most appropriate frequency to receive alerts from Shield according to your schedule."
40	]
	@@ -43,6 +44,7 @@
43	"slug": "section_enable_mod_reporting",
44	"title": "Enable Module: Reports",
45	"title_short": "Disable Module",

46	"summary": [
47	"Purpose - Helps you see at a glance how effective the plugin has been.",
48	"Recommendation - Keep the Reporting feature turned on."
	@@ -53,7 +55,7 @@
53	"hidden": true
54	}
55	],
56	- "options": [
57	{
58	"key": "enable_reporting",
59	"section": "section_enable_mod_reporting",
	@@ -62,6 +64,7 @@
62	"type": "checkbox",
63	"link_info": "https://shsec.io/hb",
64	"link_blog": "",

65	"name": "Enable Reporting",
66	"summary": "Enable (or Disable) The Reporting module",
67	"description": "Un-Checking this option will completely disable the Reporting module"
	@@ -91,6 +94,7 @@
91	],
92	"link_info": "https://shsec.io/h9",
93	"link_blog": "",

94	"name": "Alert Frequency",
95	"summary": "How Often Should You Be Sent Important Alerts",
96	"description": "Decide when you should be sent important and critical alerts about your site security."
	@@ -128,12 +132,13 @@
128	],
129	"link_info": "https://shsec.io/ha",
130	"link_blog": "",

131	"name": "Info Frequency",
132	"summary": "How Often Should You Be Sent Information Reports",
133	"description": "Decide when you should be sent non-critical information and reports about your site security."
134	}
135	],
136	- "definitions": {
137	"db_classes": {
138	"reports": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Reports\\Handler"
139	},


1	{
2	+ "properties": {
3	"slug": "reporting",
4	"name": "Reporting",
5	"storage_key": "reporting",

16	},
17	"menu_items": [
18	{
19	+ "title": "Stats (beta)",
20	+ "slug": "stats-redirect"
21	}
22	],
23	"custom_redirects": [

29	}
30	}
31	],
32	+ "sections": [
33	{
34	"slug": "section_timings",
35	"primary": true,
36	"title": "Report Frequencies",
37	"title_short": "Report Frequencies",
38	+ "beacon_id": 136,
39	"summary": [
40	"Purpose - Choose the most appropriate frequency to receive alerts from Shield according to your schedule."
41	]

44	"slug": "section_enable_mod_reporting",
45	"title": "Enable Module: Reports",
46	"title_short": "Disable Module",
47	+ "beacon_id": 136,
48	"summary": [
49	"Purpose - Helps you see at a glance how effective the plugin has been.",
50	"Recommendation - Keep the Reporting feature turned on."

55	"hidden": true
56	}
57	],
58	+ "options": [
59	{
60	"key": "enable_reporting",
61	"section": "section_enable_mod_reporting",

64	"type": "checkbox",
65	"link_info": "https://shsec.io/hb",
66	"link_blog": "",
67	+ "beacon_id": 136,
68	"name": "Enable Reporting",
69	"summary": "Enable (or Disable) The Reporting module",
70	"description": "Un-Checking this option will completely disable the Reporting module"

94	],
95	"link_info": "https://shsec.io/h9",
96	"link_blog": "",
97	+ "beacon_id": 233,
98	"name": "Alert Frequency",
99	"summary": "How Often Should You Be Sent Important Alerts",
100	"description": "Decide when you should be sent important and critical alerts about your site security."

132	],
133	"link_info": "https://shsec.io/ha",
134	"link_blog": "",
135	+ "beacon_id": 232,
136	"name": "Info Frequency",
137	"summary": "How Often Should You Be Sent Information Reports",
138	"description": "Decide when you should be sent non-critical information and reports about your site security."
139	}
140	],
141	+ "definitions": {
142	"db_classes": {
143	"reports": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Reports\\Handler"
144	},

src/config/feature-sessions.php CHANGED Viewed

	@@ -55,11 +55,11 @@
55	}
56	],
57	"definitions": {
58	- "db_classes": {
59	"sessions": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Session\\Handler"
60	},
61	- "sessions_table_name": "sessions",
62	- "db_table_sessions": {
63	"slug": "sessions",
64	"cols_custom": {
65	"session_id": "varchar(32) NOT NULL DEFAULT ''",
	@@ -75,7 +75,7 @@
75	"secadmin_at": "Security Admin Authenticated"
76	}
77	},
78	- "events": {
79	"session_start": {
80	"audit": false
81	},


55	}
56	],
57	"definitions": {
58	+ "db_classes": {
59	"sessions": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Session\\Handler"
60	},
61	+ "sessions_table_name": "sessions",
62	+ "db_table_sessions": {
63	"slug": "sessions",
64	"cols_custom": {
65	"session_id": "varchar(32) NOT NULL DEFAULT ''",

75	"secadmin_at": "Security Admin Authenticated"
76	}
77	},
78	+ "events": {
79	"session_start": {
80	"audit": false
81	},

src/config/feature-traffic.php CHANGED Viewed

	@@ -18,8 +18,8 @@
18	},
19	"menu_items": [
20	{
21	- "title": "Traffic Log",
22	- "slug": "traffic-redirect"
23	}
24	],
25	"custom_redirects": [
	@@ -37,6 +37,7 @@
37	"primary": true,
38	"title": "Traffic Watch Options",
39	"title_short": "Options",

40	"summary": [
41	"Purpose - Provides finer control over the live traffic system.",
42	"Recommendation - These settings are dependent on your requirements."
	@@ -46,6 +47,7 @@
46	"slug": "section_traffic_limiter",
47	"title": "Traffic Rate Limiting",
48	"title_short": "Rate Limiting",

49	"summary": [
50	"Purpose - Provides ability to restrict excessive requests from a single visitor.",
51	"Recommendation - These settings are dependent on your requirements."
	@@ -55,6 +57,7 @@
55	"slug": "section_enable_plugin_feature_traffic",
56	"title": "Enable Module: Traffic Watch",
57	"title_short": "Disable Module",

58	"summary": [
59	"Purpose - The Traffic Watch module lets you monitor and review all requests to your site.",
60	"Recommendation - Required only if you need to review and investigate and monitor requests to your site."
	@@ -74,6 +77,7 @@
74	"type": "checkbox",
75	"link_info": "https://shsec.io/ed",
76	"link_blog": "https://shsec.io/ee",

77	"name": "Enable Traffic Watch",
78	"summary": "Enable (or Disable) The Traffic Watch Module",
79	"description": "Un-Checking this option will completely disable the Traffic Watch module."
	@@ -85,6 +89,7 @@
85	"type": "checkbox",
86	"link_info": "https://shsec.io/hf",
87	"link_blog": "",

88	"name": "Enable Traffic Logger",
89	"summary": "Turn On The Traffic Logging Feature",
90	"description": "Enable or disable the ability to log and monitor requests to your site."
	@@ -132,6 +137,7 @@
132	],
133	"link_info": "https://shsec.io/eb",
134	"link_blog": "",

135	"name": "Traffic Log Exclusions",
136	"summary": "Select Which Types Of Requests To Exclude",
137	"description": "Deselect any requests that you don't want to appear in the traffic viewer."
	@@ -145,6 +151,7 @@
145	"type": "array",
146	"link_info": "https://shsec.io/ec",
147	"link_blog": "",

148	"name": "Custom Exclusions",
149	"summary": "Provide Custom Traffic Exclusions",
150	"description": "For each entry, if the text is present in either the User Agent or Page/Path, it will be excluded."
	@@ -184,6 +191,7 @@
184	"type": "checkbox",
185	"link_info": "https://shsec.io/gw",
186	"link_blog": "https://shsec.io/gx",

187	"name": "Enable Rate Limiting",
188	"summary": "Turn On The Rate Limiting Feature",
189	"description": "Enable or disable the rate limiting feature according to your rate limiting parameters."
	@@ -214,12 +222,12 @@
214	}
215	],
216	"definitions": {
217	- "db_classes": {
218	"traffic": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Traffic\\Handler"
219	},
220	- "db_table_traffic": {
221	- "slug": "traffic",
222	- "cols_custom": {
223	"rid": "varchar(10) NOT NULL DEFAULT '' COMMENT 'Request ID'",
224	"uid": "int(11) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'User ID'",
225	"ip": "varbinary(16) DEFAULT NULL COMMENT 'Visitor IP Address'",
	@@ -230,8 +238,8 @@
230	"trans": "tinyint(1) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Trangression'"
231	}
232	},
233	- "traffic_table_name": "traffic",
234	- "events": {
235	"request_limit_exceeded": {
236	"cat": 3,
237	"offense": true


18	},
19	"menu_items": [
20	{
21	+ "title": "Traffic Log",
22	+ "slug": "traffic-redirect"
23	}
24	],
25	"custom_redirects": [

37	"primary": true,
38	"title": "Traffic Watch Options",
39	"title_short": "Options",
40	+ "beacon_id": 153,
41	"summary": [
42	"Purpose - Provides finer control over the live traffic system.",
43	"Recommendation - These settings are dependent on your requirements."

47	"slug": "section_traffic_limiter",
48	"title": "Traffic Rate Limiting",
49	"title_short": "Rate Limiting",
50	+ "beacon_id": 420,
51	"summary": [
52	"Purpose - Provides ability to restrict excessive requests from a single visitor.",
53	"Recommendation - These settings are dependent on your requirements."

57	"slug": "section_enable_plugin_feature_traffic",
58	"title": "Enable Module: Traffic Watch",
59	"title_short": "Disable Module",
60	+ "beacon_id": 153,
61	"summary": [
62	"Purpose - The Traffic Watch module lets you monitor and review all requests to your site.",
63	"Recommendation - Required only if you need to review and investigate and monitor requests to your site."

77	"type": "checkbox",
78	"link_info": "https://shsec.io/ed",
79	"link_blog": "https://shsec.io/ee",
80	+ "beacon_id": 153,
81	"name": "Enable Traffic Watch",
82	"summary": "Enable (or Disable) The Traffic Watch Module",
83	"description": "Un-Checking this option will completely disable the Traffic Watch module."

89	"type": "checkbox",
90	"link_info": "https://shsec.io/hf",
91	"link_blog": "",
92	+ "beacon_id": 153,
93	"name": "Enable Traffic Logger",
94	"summary": "Turn On The Traffic Logging Feature",
95	"description": "Enable or disable the ability to log and monitor requests to your site."

137	],
138	"link_info": "https://shsec.io/eb",
139	"link_blog": "",
140	+ "beacon_id": 154,
141	"name": "Traffic Log Exclusions",
142	"summary": "Select Which Types Of Requests To Exclude",
143	"description": "Deselect any requests that you don't want to appear in the traffic viewer."

151	"type": "array",
152	"link_info": "https://shsec.io/ec",
153	"link_blog": "",
154	+ "beacon_id": 154,
155	"name": "Custom Exclusions",
156	"summary": "Provide Custom Traffic Exclusions",
157	"description": "For each entry, if the text is present in either the User Agent or Page/Path, it will be excluded."

191	"type": "checkbox",
192	"link_info": "https://shsec.io/gw",
193	"link_blog": "https://shsec.io/gx",
194	+ "beacon_id": 420,
195	"name": "Enable Rate Limiting",
196	"summary": "Turn On The Rate Limiting Feature",
197	"description": "Enable or disable the rate limiting feature according to your rate limiting parameters."

222	}
223	],
224	"definitions": {
225	+ "db_classes": {
226	"traffic": "\\FernleafSystems\\Wordpress\\Plugin\\Shield\\Databases\\Traffic\\Handler"
227	},
228	+ "db_table_traffic": {
229	+ "slug": "traffic",
230	+ "cols_custom": {
231	"rid": "varchar(10) NOT NULL DEFAULT '' COMMENT 'Request ID'",
232	"uid": "int(11) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'User ID'",
233	"ip": "varbinary(16) DEFAULT NULL COMMENT 'Visitor IP Address'",

238	"trans": "tinyint(1) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Trangression'"
239	}
240	},
241	+ "traffic_table_name": "traffic",
242	+ "events": {
243	"request_limit_exceeded": {
244	"cat": 3,
245	"offense": true

src/config/feature-user_management.php CHANGED Viewed

	@@ -22,6 +22,7 @@
22	"primary": true,
23	"title": "User Session Management",
24	"title_short": "Session Options",

25	"summary": [
26	"Purpose - Allows you to better control user sessions on your site and expire idle sessions and prevent account sharing.",
27	"Recommendation - Use of this feature is highly recommend."
	@@ -31,6 +32,7 @@
31	"slug": "section_user_reg",
32	"title": "User Registration",
33	"title_short": "User Registration",

34	"summary": [
35	"Purpose - Control user registration and prevent SPAM.",
36	"Recommendation - Use of this feature is highly recommend."
	@@ -43,6 +45,7 @@
43	},
44	"title": "Password Policies",
45	"title_short": "Password Policies",

46	"summary": [
47	"Purpose - Have full control over passwords used by users on the site.",
48	"Recommendation - Use of this feature is highly recommend."
	@@ -52,6 +55,7 @@
52	"slug": "section_suspend",
53	"title": "Automatic And Manual User Suspension",
54	"title_short": "User Suspension",

55	"summary": [
56	"Purpose - Automatically suspend accounts to prevent login by certain users.",
57	"Recommendation - Use of this feature is highly recommend."
	@@ -61,6 +65,7 @@
61	"slug": "section_admin_login_notification",
62	"title": "Admin Login Notification",
63	"title_short": "Notifications",

64	"summary": [
65	"Purpose - So you can be made aware of when a WordPress administrator has logged into your site when you are not expecting it.",
66	"Recommendation - Use of this feature is highly recommend."
	@@ -70,6 +75,7 @@
70	"slug": "section_enable_plugin_feature_user_accounts_management",
71	"title": "Enable Module: User Management",
72	"title_short": "Disable Module",

73	"summary": [
74	"Purpose - User Management offers real user sessions, finer control over user session time-out, and ensures users have logged-in in a correct manner.",
75	"Recommendation - Keep the User Management feature turned on."
	@@ -89,6 +95,7 @@
89	"type": "checkbox",
90	"link_info": "https://shsec.io/e3",
91	"link_blog": "https://shsec.io/hi",

92	"name": "Enable User Management",
93	"summary": "Enable (or Disable) The User Management module",
94	"description": "Un-Checking this option will completely disable the User Management module"
	@@ -102,6 +109,7 @@
102	"type": "checkbox",
103	"link_info": "https://shsec.io/e2",
104	"link_blog": "",

105	"name": "User Login Notification Email",
106	"summary": "Send Email Notification To Each User Upon Successful Login",
107	"description": "A notification is sent to each user when a successful login occurs for their account."
	@@ -138,6 +146,7 @@
138	"type": "integer",
139	"link_info": "https://support.getshieldsecurity.com/support/solutions/articles/3000070590",
140	"link_blog": "",

141	"name": "Idle Timeout",
142	"summary": "Specify How Many Hours After Inactivity To Automatically Logout User",
143	"description": "If the user is inactive for the number of hours specified, they will be forcefully logged out next time they return. Set this to '0' to turn off this option."
	@@ -239,6 +248,7 @@
239	"default": "N",
240	"link_info": "https://shsec.io/e1",
241	"link_blog": "https://shsec.io/c4",

242	"name": "Enable Password Policies",
243	"summary": "Enable The Password Policies Below",
244	"description": "Turn on/off all password policies."
	@@ -333,6 +343,7 @@
333	"default": "N",
334	"link_info": "https://shsec.io/fq",
335	"link_blog": "https://shsec.io/fr",

336	"name": "Allow Manual User Suspension",
337	"summary": "Manually Suspend User Accounts To Prevent Login",
338	"description": "Users may be suspended by administrators to prevent login."
	@@ -345,6 +356,7 @@
345	"default": "Y",
346	"link_info": "https://shsec.io/fs",
347	"link_blog": "https://shsec.io/fr",

348	"name": "Auto-Suspend Expired Passwords",
349	"summary": "Automatically Suspend Users With Expired Passwords",
350	"description": "Suspend login by users and require password reset to unsuspend."
	@@ -358,6 +370,7 @@
358	"min": 0,
359	"link_info": "https://shsec.io/ft",
360	"link_blog": "https://shsec.io/fr",

361	"name": "Auto-Suspend Idle Users",
362	"summary": "Automatically Suspend Idle User Accounts",
363	"description": "Prevent login by idle users and require password reset to unsuspend."
	@@ -374,6 +387,7 @@
374	],
375	"link_info": "https://shsec.io/ft",
376	"link_blog": "",

377	"name": "Auto-Suspend Idle Users",
378	"summary": "Automatically Suspend Idle User Accounts",
379	"description": "Prevent login by idle users and require password reset to unsuspend."


22	"primary": true,
23	"title": "User Session Management",
24	"title_short": "Session Options",
25	+ "beacon_id": 397,
26	"summary": [
27	"Purpose - Allows you to better control user sessions on your site and expire idle sessions and prevent account sharing.",
28	"Recommendation - Use of this feature is highly recommend."

32	"slug": "section_user_reg",
33	"title": "User Registration",
34	"title_short": "User Registration",
35	+ "beacon_id": 145,
36	"summary": [
37	"Purpose - Control user registration and prevent SPAM.",
38	"Recommendation - Use of this feature is highly recommend."

45	},
46	"title": "Password Policies",
47	"title_short": "Password Policies",
48	+ "beacon_id": 256,
49	"summary": [
50	"Purpose - Have full control over passwords used by users on the site.",
51	"Recommendation - Use of this feature is highly recommend."

55	"slug": "section_suspend",
56	"title": "Automatic And Manual User Suspension",
57	"title_short": "User Suspension",
58	+ "beacon_id": 273,
59	"summary": [
60	"Purpose - Automatically suspend accounts to prevent login by certain users.",
61	"Recommendation - Use of this feature is highly recommend."

65	"slug": "section_admin_login_notification",
66	"title": "Admin Login Notification",
67	"title_short": "Notifications",
68	+ "beacon_id": 147,
69	"summary": [
70	"Purpose - So you can be made aware of when a WordPress administrator has logged into your site when you are not expecting it.",
71	"Recommendation - Use of this feature is highly recommend."

75	"slug": "section_enable_plugin_feature_user_accounts_management",
76	"title": "Enable Module: User Management",
77	"title_short": "Disable Module",
78	+ "beacon_id": 273,
79	"summary": [
80	"Purpose - User Management offers real user sessions, finer control over user session time-out, and ensures users have logged-in in a correct manner.",
81	"Recommendation - Keep the User Management feature turned on."

95	"type": "checkbox",
96	"link_info": "https://shsec.io/e3",
97	"link_blog": "https://shsec.io/hi",
98	+ "beacon_id": 273,
99	"name": "Enable User Management",
100	"summary": "Enable (or Disable) The User Management module",
101	"description": "Un-Checking this option will completely disable the User Management module"

109	"type": "checkbox",
110	"link_info": "https://shsec.io/e2",
111	"link_blog": "",
112	+ "beacon_id": 147,
113	"name": "User Login Notification Email",
114	"summary": "Send Email Notification To Each User Upon Successful Login",
115	"description": "A notification is sent to each user when a successful login occurs for their account."

146	"type": "integer",
147	"link_info": "https://support.getshieldsecurity.com/support/solutions/articles/3000070590",
148	"link_blog": "",
149	+ "beacon_id": 397,
150	"name": "Idle Timeout",
151	"summary": "Specify How Many Hours After Inactivity To Automatically Logout User",
152	"description": "If the user is inactive for the number of hours specified, they will be forcefully logged out next time they return. Set this to '0' to turn off this option."

248	"default": "N",
249	"link_info": "https://shsec.io/e1",
250	"link_blog": "https://shsec.io/c4",
251	+ "beacon_id": 146,
252	"name": "Enable Password Policies",
253	"summary": "Enable The Password Policies Below",
254	"description": "Turn on/off all password policies."

343	"default": "N",
344	"link_info": "https://shsec.io/fq",
345	"link_blog": "https://shsec.io/fr",
346	+ "beacon_id": 399,
347	"name": "Allow Manual User Suspension",
348	"summary": "Manually Suspend User Accounts To Prevent Login",
349	"description": "Users may be suspended by administrators to prevent login."

356	"default": "Y",
357	"link_info": "https://shsec.io/fs",
358	"link_blog": "https://shsec.io/fr",
359	+ "beacon_id": 400,
360	"name": "Auto-Suspend Expired Passwords",
361	"summary": "Automatically Suspend Users With Expired Passwords",
362	"description": "Suspend login by users and require password reset to unsuspend."

370	"min": 0,
371	"link_info": "https://shsec.io/ft",
372	"link_blog": "https://shsec.io/fr",
373	+ "beacon_id": 400,
374	"name": "Auto-Suspend Idle Users",
375	"summary": "Automatically Suspend Idle User Accounts",
376	"description": "Prevent login by idle users and require password reset to unsuspend."

387	],
388	"link_info": "https://shsec.io/ft",
389	"link_blog": "",
390	+ "beacon_id": 400,
391	"name": "Auto-Suspend Idle Users",
392	"summary": "Automatically Suspend Idle User Accounts",
393	"description": "Prevent login by idle users and require password reset to unsuspend."

src/lib/src/Controller/Controller.php CHANGED Viewed

	@@ -85,7 +85,7 @@ class Controller extends DynPropertiesClass {
85	* @return $this
86	*/
87	public function fireEvent( string $event, $meta = [] ) :self {
88	- $this->loadEventsService()->fireEvent( $event, $meta );
89	return $this;
90	}
91
	@@ -488,37 +488,37 @@ class Controller extends DynPropertiesClass {
488	*/
489	public function getSiteInstallationId() {
490	$WP = Services::WpGeneral();
491	- $~~sOptKey~~ = $this->prefixOption( 'install_id' );
492
493	- $mStoredID = $WP->getOption( $~~sOptKey~~ );
494	if ( is_array( $mStoredID ) && !empty( $mStoredID[ 'id' ] ) ) {
495	- $~~sID~~ = $mStoredID[ 'id' ];
496	- $~~bUpdate~~ = true;
497	}
498	elseif ( is_string( $mStoredID ) && strpos( $mStoredID, ':' ) ) {
499	- $~~sID~~ = explode( ':', $mStoredID, 2 )[ 1 ];
500	- $~~bUpdate~~ = true;
501	}
502	else {
503	- $~~sID~~ = $mStoredID;
504	- $~~bUpdate~~ = false;
505	}
506
507	- if ( empty( $~~sID~~ ) \|\| !is_string( $~~sID~~ ) \|\| ( strlen( $~~sID~~ ) !== 40 && !\Ramsey\Uuid\Uuid::isValid( $~~sID~~ ) ) ) {
508	try {
509	- $~~sID~~ = \Ramsey\Uuid\Uuid::uuid4()->toString();
510	}
511	catch ( \Exception $e ) {
512	- $~~sID~~ = sha1( uniqid( $WP->getHomeUrl( '', true ), true ) );
513	}
514	- $~~bUpdate~~ = true;
515	}
516
517	- if ( $~~bUpdate~~ ) {
518	- $WP->updateOption( $~~sOptKey~~, $~~sID~~ );
519	}
520
521	- return $~~sID~~;
522	}
523
524	/**
	@@ -1155,15 +1155,15 @@ class Controller extends DynPropertiesClass {
1155	}
1156
1157	protected function deleteCronJobs() {
1158	- $~~oWpCron~~ = Services::WpCron();
1159	- $~~aCrons~~ = $~~oWpCron~~->getCrons();
1160	-
1161	- $~~sPattern~~ = sprintf( '#^(%s\|%s)#', $this->getParentSlug(), $this->getPluginSlug() );
1162	- foreach ( $~~aCrons~~ as $~~aCron~~ ) {
1163	- if ( is_array( $~~aCrons~~ ) ) {
1164	- foreach ( $~~aCron~~ as $~~sKey~~ => $~~aCronEntry~~ ) {
1165	- if ( is_string( $~~sKey~~ ) && preg_match( $~~sPattern~~, $~~sKey~~ ) ) {
1166	- $~~oWpCron~~->deleteCronJob( $~~sKey~~ );
1167	}
1168	}
1169	}
	@@ -1478,9 +1478,9 @@ class Controller extends DynPropertiesClass {
1478
1479	$this->{$sOptionsVarName} = new $className( $this, $modProps );
1480
1481	- $~~aMs~~ = $this->modules;
1482	- $~~aMs~~[ $modSlug ] = $this->{$sOptionsVarName};
1483	- $this->modules = $~~aMs~~;
1484	return $this->modules[ $modSlug ];
1485	}
1486
	@@ -1496,108 +1496,108 @@ class Controller extends DynPropertiesClass {
1496	* @return Shield\Users\ShieldUserMeta\|mixed
1497	*/
1498	public function getUserMeta( $user ) {
1499	- $~~oMeta~~ = null;
1500	try {
1501	if ( $user instanceof \WP_User ) {
1502	- /** @var Shield\Users\ShieldUserMeta $~~oMeta~~ */
1503	- $~~oMeta~~ = Shield\Users\ShieldUserMeta::Load( $this->prefix(), $user->ID );
1504	- if ( !$~~oMeta~~ instanceof Shield\Users\ShieldUserMeta ) {
1505	// Weird: user reported an error where it wasn't of the correct type
1506	- $~~oMeta~~ = new Shield\Users\ShieldUserMeta( $this->prefix(), $user->ID );
1507	- Shield\Users\ShieldUserMeta::AddToCache( $~~oMeta~~ );
1508	}
1509	- $~~oMeta~~->setPasswordStartedAt( $user->user_pass )
1510	- ->updateFirstSeenAt();
1511	Services::WpUsers()
1512	->updateUserMeta( $this->prefix( 'meta-version' ), $this->getVersionNumeric(), $user->ID );
1513	}
1514	}
1515	catch ( \Exception $e ) {
1516	}
1517	- return $~~oMeta~~;
1518	}
1519
1520	/**
1521	* @return \FernleafSystems\Wordpress\Services\Utilities\Render
1522	*/
1523	public function getRenderer() {
1524	- $~~oRndr~~ = Services::Render();
1525	- $~~oLocator~~ = ( new Shield\Render\LocateTemplateDirs() )->setCon( $this );
1526	- foreach ( $~~oLocator~~->run() as $~~sDir~~ ) {
1527	- $~~oRndr~~->setTwigTemplateRoot( $~~sDir~~ );
1528	}
1529	- $~~oRndr~~->setTemplateRoot( $this->getPath_Templates() );
1530	- return $~~oRndr~~;
1531	}
1532
1533	/**
1534	- * @param array[] $~~aRegistered~~
1535	* @return array[]
1536	*/
1537	- public function onWpPrivacyRegisterExporter( $~~aRegistered~~ ) {
1538	- if ( !is_array( $~~aRegistered~~ ) ) {
1539	- $~~aRegistered~~ = []; // account for crap plugins that do-it-wrong.
1540	}
1541
1542	- $~~aRegistered~~[] = [
1543	'exporter_friendly_name' => $this->getHumanName(),
1544	'callback' => [ $this, 'wpPrivacyExport' ],
1545	];
1546	- return $~~aRegistered~~;
1547	}
1548
1549	/**
1550	- * @param array[] $~~aRegistered~~
1551	* @return array[]
1552	*/
1553	- public function onWpPrivacyRegisterEraser( $~~aRegistered~~ ) {
1554	- if ( !is_array( $~~aRegistered~~ ) ) {
1555	- $~~aRegistered~~ = []; // account for crap plugins that do-it-wrong.
1556	}
1557
1558	- $~~aRegistered~~[] = [
1559	'eraser_friendly_name' => $this->getHumanName(),
1560	'callback' => [ $this, 'wpPrivacyErase' ],
1561	];
1562	- return $~~aRegistered~~;
1563	}
1564
1565	/**
1566	- * @param string $~~sEmail~~
1567	- * @param int $~~nPage~~
1568	* @return array
1569	*/
1570	- public function wpPrivacyExport( $~~sEmail~~, $~~nPage~~ = 1 ) {
1571
1572	- $~~bValid~~ = Services::Data()->validEmail( $~~sEmail~~ )
1573	- && ( Services::WpUsers()->getUserByEmail( $~~sEmail~~ ) instanceof \WP_User );
1574
1575	return [
1576	- 'data' => $~~bValid~~ ? apply_filters( $this->prefix( 'wpPrivacyExport' ), [], $~~sEmail~~, $~~nPage~~ ) : [],
1577	'done' => true,
1578	];
1579	}
1580
1581	/**
1582	- * @param string $~~sEmail~~
1583	- * @param int $~~nPage~~
1584	* @return array
1585	*/
1586	- public function wpPrivacyErase( $~~sEmail~~, $~~nPage~~ = 1 ) {
1587
1588	- $~~bValidUser~~ = Services::Data()->validEmail( $~~sEmail~~ )
1589	- && ( Services::WpUsers()->getUserByEmail( $~~sEmail~~ ) instanceof \WP_User );
1590
1591	- $~~aResult~~ = [
1592	- 'items_removed' => $~~bValidUser~~,
1593	'items_retained' => false,
1594	- 'messages' => $~~bValidUser~~ ? [] : [ 'Email address not valid or does not belong to a user.' ],
1595	'done' => true,
1596	];
1597	- if ( $~~bValidUser~~ ) {
1598	- $~~aResult~~ = apply_filters( $this->prefix( 'wpPrivacyErase' ), $~~aResult~~, $~~sEmail~~, $~~nPage~~ );
1599	}
1600	- return $~~aResult~~;
1601	}
1602
1603	/**
	@@ -1614,8 +1614,8 @@ class Controller extends DynPropertiesClass {
1614	$href = $this->cfg->meta[ 'privacy_policy_href' ];
1615	}
1616
1617	- /** @var Shield\Modules\AuditTrail\Options $~~oOpts~~ */
1618	- $~~oOpts~~ = $this->getModule_AuditTrail()->getOptions();
1619
1620	$content = $this->getRenderer()
1621	->setTemplate( 'snippets/privacy_policy' )
	@@ -1624,7 +1624,7 @@ class Controller extends DynPropertiesClass {
1624	[
1625	'name' => $name,
1626	'href' => $href,
1627	- 'audit_trail_days' => $~~oOpts~~->getAutoCleanDays()
1628	]
1629	)
1630	->render();


85	* @return $this
86	*/
87	public function fireEvent( string $event, $meta = [] ) :self {
88	+ $this->loadEventsService()->fireEvent( $event, is_array( $meta ) ? $meta : [] );
89	return $this;
90	}
91

488	*/
489	public function getSiteInstallationId() {
490	$WP = Services::WpGeneral();
491	+ $optKey = $this->prefixOption( 'install_id' );
492
493	+ $mStoredID = $WP->getOption( $optKey );
494	if ( is_array( $mStoredID ) && !empty( $mStoredID[ 'id' ] ) ) {
495	+ $ID = $mStoredID[ 'id' ];
496	+ $update = true;
497	}
498	elseif ( is_string( $mStoredID ) && strpos( $mStoredID, ':' ) ) {
499	+ $ID = explode( ':', $mStoredID, 2 )[ 1 ];
500	+ $update = true;
501	}
502	else {
503	+ $ID = $mStoredID;
504	+ $update = false;
505	}
506
507	+ if ( empty( $ID ) \|\| !is_string( $ID ) \|\| ( strlen( $ID ) !== 40 && !\Ramsey\Uuid\Uuid::isValid( $ID ) ) ) {
508	try {
509	+ $ID = \Ramsey\Uuid\Uuid::uuid4()->toString();
510	}
511	catch ( \Exception $e ) {
512	+ $ID = sha1( uniqid( $WP->getHomeUrl( '', true ), true ) );
513	}
514	+ $update = true;
515	}
516
517	+ if ( $update ) {
518	+ $WP->updateOption( $optKey, $ID );
519	}
520
521	+ return $ID;
522	}
523
524	/**

1155	}
1156
1157	protected function deleteCronJobs() {
1158	+ $WPCron = Services::WpCron();
1159	+ $crons = $WPCron->getCrons();
1160	+
1161	+ $pattern = sprintf( '#^(%s\|%s)#', $this->getParentSlug(), $this->getPluginSlug() );
1162	+ foreach ( $crons as $cron ) {
1163	+ if ( is_array( $crons ) ) {
1164	+ foreach ( $cron as $key => $cronEntry ) {
1165	+ if ( is_string( $key ) && preg_match( $pattern, $key ) ) {
1166	+ $WPCron->deleteCronJob( $key );
1167	}
1168	}
1169	}

1478
1479	$this->{$sOptionsVarName} = new $className( $this, $modProps );
1480
1481	+ $modules = $this->modules;
1482	+ $modules[ $modSlug ] = $this->{$sOptionsVarName};
1483	+ $this->modules = $modules;
1484	return $this->modules[ $modSlug ];
1485	}
1486

1496	* @return Shield\Users\ShieldUserMeta\|mixed
1497	*/
1498	public function getUserMeta( $user ) {
1499	+ $meta = null;
1500	try {
1501	if ( $user instanceof \WP_User ) {
1502	+ /** @var Shield\Users\ShieldUserMeta $meta */
1503	+ $meta = Shield\Users\ShieldUserMeta::Load( $this->prefix(), $user->ID );
1504	+ if ( !$meta instanceof Shield\Users\ShieldUserMeta ) {
1505	// Weird: user reported an error where it wasn't of the correct type
1506	+ $meta = new Shield\Users\ShieldUserMeta( $this->prefix(), $user->ID );
1507	+ Shield\Users\ShieldUserMeta::AddToCache( $meta );
1508	}
1509	+ $meta->setPasswordStartedAt( $user->user_pass )
1510	+ ->updateFirstSeenAt();
1511	Services::WpUsers()
1512	->updateUserMeta( $this->prefix( 'meta-version' ), $this->getVersionNumeric(), $user->ID );
1513	}
1514	}
1515	catch ( \Exception $e ) {
1516	}
1517	+ return $meta;
1518	}
1519
1520	/**
1521	* @return \FernleafSystems\Wordpress\Services\Utilities\Render
1522	*/
1523	public function getRenderer() {
1524	+ $render = Services::Render();
1525	+ $locator = ( new Shield\Render\LocateTemplateDirs() )->setCon( $this );
1526	+ foreach ( $locator->run() as $dir ) {
1527	+ $render->setTwigTemplateRoot( $dir );
1528	}
1529	+ $render->setTemplateRoot( $this->getPath_Templates() );
1530	+ return $render;
1531	}
1532
1533	/**
1534	+ * @param array[] $registered
1535	* @return array[]
1536	*/
1537	+ public function onWpPrivacyRegisterExporter( $registered ) {
1538	+ if ( !is_array( $registered ) ) {
1539	+ $registered = []; // account for crap plugins that do-it-wrong.
1540	}
1541
1542	+ $registered[] = [
1543	'exporter_friendly_name' => $this->getHumanName(),
1544	'callback' => [ $this, 'wpPrivacyExport' ],
1545	];
1546	+ return $registered;
1547	}
1548
1549	/**
1550	+ * @param array[] $registered
1551	* @return array[]
1552	*/
1553	+ public function onWpPrivacyRegisterEraser( $registered ) {
1554	+ if ( !is_array( $registered ) ) {
1555	+ $registered = []; // account for crap plugins that do-it-wrong.
1556	}
1557
1558	+ $registered[] = [
1559	'eraser_friendly_name' => $this->getHumanName(),
1560	'callback' => [ $this, 'wpPrivacyErase' ],
1561	];
1562	+ return $registered;
1563	}
1564
1565	/**
1566	+ * @param string $email
1567	+ * @param int $page
1568	* @return array
1569	*/
1570	+ public function wpPrivacyExport( $email, $page = 1 ) {
1571
1572	+ $valid = Services::Data()->validEmail( $email )
1573	+ && ( Services::WpUsers()->getUserByEmail( $email ) instanceof \WP_User );
1574
1575	return [
1576	+ 'data' => $valid ? apply_filters( $this->prefix( 'wpPrivacyExport' ), [], $email, $page ) : [],
1577	'done' => true,
1578	];
1579	}
1580
1581	/**
1582	+ * @param string $email
1583	+ * @param int $page
1584	* @return array
1585	*/
1586	+ public function wpPrivacyErase( $email, $page = 1 ) {
1587
1588	+ $valid = Services::Data()->validEmail( $email )
1589	+ && ( Services::WpUsers()->getUserByEmail( $email ) instanceof \WP_User );
1590
1591	+ $result = [
1592	+ 'items_removed' => $valid,
1593	'items_retained' => false,
1594	+ 'messages' => $valid ? [] : [ 'Email address not valid or does not belong to a user.' ],
1595	'done' => true,
1596	];
1597	+ if ( $valid ) {
1598	+ $result = apply_filters( $this->prefix( 'wpPrivacyErase' ), $result, $email, $page );
1599	}
1600	+ return $result;
1601	}
1602
1603	/**

1614	$href = $this->cfg->meta[ 'privacy_policy_href' ];
1615	}
1616
1617	+ /** @var Shield\Modules\AuditTrail\Options $opts */
1618	+ $opts = $this->getModule_AuditTrail()->getOptions();
1619
1620	$content = $this->getRenderer()
1621	->setTemplate( 'snippets/privacy_policy' )

1624	[
1625	'name' => $name,
1626	'href' => $href,
1627	+ 'audit_trail_days' => $opts->getAutoCleanDays()
1628	]
1629	)
1630	->render();

src/lib/src/Modules/AuditTrail/AjaxHandler.php CHANGED Viewed

	@@ -11,18 +11,18 @@ class AjaxHandler extends Shield\Modules\BaseShield\AjaxHandler {
11
12	switch ( $action ) {
13	case 'render_table_audittrail':
14	- $~~aResponse~~ = $this->ajaxExec_BuildTableAuditTrail();
15	break;
16
17	case 'item_addparamwhite':
18	- $~~aResponse~~ = $this->ajaxExec_AddParamToFirewallWhitelist();
19	break;
20
21	default:
22	- $~~aResponse~~ = parent::processAjaxAction( $action );
23	}
24
25	- return $~~aResponse~~;
26	}
27
28	protected function ajaxExec_AddParamToFirewallWhitelist() :array {
	@@ -55,13 +55,12 @@ class AjaxHandler extends Shield\Modules\BaseShield\AjaxHandler {
55	private function ajaxExec_BuildTableAuditTrail() :array {
56	/** @var ModCon $mod */
57	$mod = $this->getMod();
58	- $oTableBuilder = ( new Shield\Tables\Build\AuditTrail() )
59	- ->setMod( $mod )
60	- ->setDbHandler( $mod->getDbHandler_AuditTrail() );
61	-
62	return [
63	'success' => true,
64	- 'html' => ~~$oTableBuilder->render~~()



65	];
66	}
67	}


11
12	switch ( $action ) {
13	case 'render_table_audittrail':
14	+ $response = $this->ajaxExec_BuildTableAuditTrail();
15	break;
16
17	case 'item_addparamwhite':
18	+ $response = $this->ajaxExec_AddParamToFirewallWhitelist();
19	break;
20
21	default:
22	+ $response = parent::processAjaxAction( $action );
23	}
24
25	+ return $response;
26	}
27
28	protected function ajaxExec_AddParamToFirewallWhitelist() :array {

55	private function ajaxExec_BuildTableAuditTrail() :array {
56	/** @var ModCon $mod */
57	$mod = $this->getMod();




58	return [
59	'success' => true,
60	+ 'html' => ( new Shield\Tables\Build\AuditTrail() )
61	+ ->setMod( $mod )
62	+ ->setDbHandler( $mod->getDbHandler_AuditTrail() )
63	+ ->render()
64	];
65	}
66	}

src/lib/src/Modules/AuditTrail/Auditors/Base.php CHANGED Viewed

	@@ -2,11 +2,8 @@
2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail\Auditors;
4
5	- use FernleafSystems\Utilities\Logic\ExecOnce;
6	use FernleafSystems\Wordpress\Plugin\Shield\Modules;
7
8	- class Base {
9
10	- use Modules\ModConsumer;
11	- use ExecOnce;
12	}


2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail\Auditors;
4

5	use FernleafSystems\Wordpress\Plugin\Shield\Modules;
6
7	+ class Base extends Modules\Base\Common\ExecOnceModConsumer {
8


9	}

src/lib/src/Modules/AuditTrail/Lib/AuditWriter.php CHANGED Viewed

	@@ -32,19 +32,19 @@ class AuditWriter extends EventsListener {
32	$entry->event = $evt;
33	$entry->category = $def[ 'cat' ];
34	$entry->context = $def[ 'context' ];
35	- $entry->meta = ~~isset(~~ $meta[ 'audit' ] ) ~~? $meta~~[ ~~'audit'~~ ] ~~: []~~;
36
37	- $~~aLogs~~ = $this->getLogs();
38
39	// cater for where certain events may happen more than once in the same request
40	if ( !empty( $def[ 'audit_multiple' ] ) ) {
41	- $~~aLogs~~[] = $entry;
42	}
43	else {
44	- $~~aLogs~~[ $evt ] = $entry;
45	}
46
47	- $this->setLogs( $~~aLogs~~ );
48	}
49	}
50
	@@ -65,11 +65,11 @@ class AuditWriter extends EventsListener {
65	}
66
67	/**
68	- * @param AuditTrail\EntryVO[] $~~aLogs~~
69	* @return $this
70	*/
71	- public function setLogs( $~~aLogs~~ = [] ) {
72	- $this->aAuditLogs = $~~aLogs~~;
73	return $this;
74	}
75	}


32	$entry->event = $evt;
33	$entry->category = $def[ 'cat' ];
34	$entry->context = $def[ 'context' ];
35	+ $entry->meta = $meta[ 'audit' ] ?? [];
36
37	+ $logs = $this->getLogs();
38
39	// cater for where certain events may happen more than once in the same request
40	if ( !empty( $def[ 'audit_multiple' ] ) ) {
41	+ $logs[] = $entry;
42	}
43	else {
44	+ $logs[ $evt ] = $entry;
45	}
46
47	+ $this->setLogs( $logs );
48	}
49	}
50

65	}
66
67	/**
68	+ * @param AuditTrail\EntryVO[] $logs
69	* @return $this
70	*/
71	+ public function setLogs( array $logs = [] ) {
72	+ $this->aAuditLogs = $logs;
73	return $this;
74	}
75	}

src/lib/src/Modules/AuditTrail/Lib/Ops/Commit.php CHANGED Viewed

	@@ -11,11 +11,11 @@ class Commit {
11	use HandlerConsumer;
12
13	/**
14	- * @param AuditTrail\EntryVO[] $~~aEvents~~
15	*/
16	- public function commitAudits( $~~aEvents~~ ) {
17	- if ( is_array( $~~aEvents~~ ) ) {
18	- foreach ( $~~aEvents~~ as $entry ) {
19	if ( $entry instanceof AuditTrail\EntryVO ) {
20	$this->commitAudit( $entry );
21	}
	@@ -23,10 +23,7 @@ class Commit {
23	}
24	}
25
26	- /**
27	- * @param AuditTrail\EntryVO $entry
28	- */
29	- public function commitAudit( $entry ) {
30	$WP = Services::WpGeneral();
31	$WPU = Services::WpUsers();
32
	@@ -49,28 +46,28 @@ class Commit {
49	$entry->wp_username = $sUser;
50	}
51
52	- $~~oLatest~~ = null;
53	- $~~bCanCount~~ = in_array( $entry->event, $this->getCanCountEvents() );
54	- if ( $~~bCanCount~~ ) {
55	- /** @var AuditTrail\Select $~~oSel~~ */
56	- $~~oSel~~ = $this->getDbHandler()->getQuerySelector();
57	- $~~oLatest~~ = $~~oSel~~->filterByEvent( $entry->event )
58	- ->filterByIp( $entry->ip )
59	- ->filterByCreatedAt( Services::Request()->carbon()->subDay()->timestamp, '>' )
60	- ->first();
61	- $~~bCanCount~~ = ( $~~oLatest~~ instanceof AuditTrail\EntryVO )
62	- && ( $~~oLatest~~->event === $entry->event && $~~oLatest~~->ip === $entry->ip );
63	}
64
65	- if ( $~~bCanCount~~ ) {
66	- /** @var AuditTrail\Update $~~oQU~~ */
67	- $~~oQU~~ = $this->getDbHandler()->getQueryUpdater();
68	- $~~oQU~~->updateCount( $~~oLatest~~ );
69	}
70	else {
71	- /** @var AuditTrail\Insert $~~oQI~~ */
72	- $~~oQI~~ = $this->getDbHandler()->getQueryInserter();
73	- $~~oQI~~->insert( $entry );
74	}
75	}
76
	@@ -78,7 +75,7 @@ class Commit {
78	* TODO: This should be a config
79	* @return string[]
80	*/
81	- private function getCanCountEvents() {
82	return [ 'conn_kill' ];
83	}
84	}


11	use HandlerConsumer;
12
13	/**
14	+ * @param AuditTrail\EntryVO[] $events
15	*/
16	+ public function commitAudits( array $events ) {
17	+ if ( is_array( $events ) ) {
18	+ foreach ( $events as $entry ) {
19	if ( $entry instanceof AuditTrail\EntryVO ) {
20	$this->commitAudit( $entry );
21	}

23	}
24	}
25
26	+ public function commitAudit( AuditTrail\EntryVO $entry ) {



27	$WP = Services::WpGeneral();
28	$WPU = Services::WpUsers();
29

46	$entry->wp_username = $sUser;
47	}
48
49	+ $latest = null;
50	+ $canCount = in_array( $entry->event, $this->getCanCountEvents() );
51	+ if ( $canCount ) {
52	+ /** @var AuditTrail\Select $select */
53	+ $select = $this->getDbHandler()->getQuerySelector();
54	+ $latest = $select->filterByEvent( $entry->event )
55	+ ->filterByIp( $entry->ip )
56	+ ->filterByCreatedAt( Services::Request()->carbon()->subDay()->timestamp, '>' )
57	+ ->first();
58	+ $canCount = ( $latest instanceof AuditTrail\EntryVO )
59	+ && ( $latest->event === $entry->event && $latest->ip === $entry->ip );
60	}
61
62	+ if ( $canCount ) {
63	+ /** @var AuditTrail\Update $updater */
64	+ $updater = $this->getDbHandler()->getQueryUpdater();
65	+ $updater->updateCount( $latest );
66	}
67	else {
68	+ /** @var AuditTrail\Insert $inserter */
69	+ $inserter = $this->getDbHandler()->getQueryInserter();
70	+ $inserter->insert( $entry );
71	}
72	}
73

75	* TODO: This should be a config
76	* @return string[]
77	*/
78	+ private function getCanCountEvents() :array {
79	return [ 'conn_kill' ];
80	}
81	}

src/lib/src/Modules/AuditTrail/Processor.php CHANGED Viewed

@@ -3,6 +3,7 @@
             namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail;
             use FernleafSystems\Wordpress\Plugin\Shield\Databases;
             use FernleafSystems\Wordpress\Plugin\Shield\Modules\BaseShield;
             class Processor extends BaseShield\Processor {
@@ -32,28 +33,24 @@ class Processor extends BaseShield\Processor {
             	private function initAuditors() {
             		$this->loadAuditorWriter()->setIfCommit( true );
-            -
            		( new Auditors\Users() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
-            -
            		( new Auditors\Plugins() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
-            -
            		( new Auditors\Themes() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
-            -
            		( new Auditors\Wordpress() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
-            -
            		( new Auditors\Posts() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
-            -
            		( new Auditors\Emails() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
-            -
            		( new Auditors\Upgrades() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->execute();
+            	}
             	/**


3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail;
4
5	use FernleafSystems\Wordpress\Plugin\Shield\Databases;
6	+ use FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail\Auditors\Base;
7	use FernleafSystems\Wordpress\Plugin\Shield\Modules\BaseShield;
8
9	class Processor extends BaseShield\Processor {

33
34	private function initAuditors() {
35	$this->loadAuditorWriter()->setIfCommit( true );
36	+ foreach ( $this->getAuditors() as $auditor ) {
37	+ $auditor->setMod( $this->getMod() )->execute();
38	+ }
39	+ }
40
41	+ /**
42	+ * @return Base[]
43	+ */
44	+ private function getAuditors() :array {
45	+ return [
46	+ new Auditors\Users(),
47	+ new Auditors\Plugins(),
48	+ new Auditors\Themes(),
49	+ new Auditors\Wordpress(),
50	+ new Auditors\Posts(),
51	+ new Auditors\Emails(),
52	+ new Auditors\Upgrades(),
53	+ ];








54	}
55
56	/**

src/lib/src/Modules/AuditTrail/UI.php CHANGED Viewed

	@@ -15,10 +15,10 @@ class UI extends BaseShield\UI {
15	/** @var Databases\AuditTrail\Select $dbSel */
16	$dbSel = $mod->getDbHandler_AuditTrail()->getQuerySelector();
17
18	- /** @var Modules\Events\Strings $~~oEventStrings~~ */
19	- $~~oEventStrings~~ = $con->getModule_Events()->getStrings();
20	- $~~aEventsSelect~~ = array_intersect_key( $~~oEventStrings~~->getEventNames(), array_flip( $dbSel->getDistinctEvents() ) );
21	- asort( $~~aEventsSelect~~ );
22
23	return $this->getMod()
24	->renderTemplate(
	@@ -42,7 +42,7 @@ class UI extends BaseShield\UI {
42	'show_before' => __( 'show results that occurred before', 'wp-simple-firewall' ),
43	],
44	'vars' => [
45	- 'events_for_select' => $~~aEventsSelect~~,
46	'unique_ips' => $dbSel->getDistinctIps(),
47	'unique_users' => $dbSel->getDistinctUsernames(),
48	],


15	/** @var Databases\AuditTrail\Select $dbSel */
16	$dbSel = $mod->getDbHandler_AuditTrail()->getQuerySelector();
17
18	+ /** @var Modules\Events\Strings $eventStrings */
19	+ $eventStrings = $con->getModule_Events()->getStrings();
20	+ $eventsSelect = array_intersect_key( $eventStrings->getEventNames(), array_flip( $dbSel->getDistinctEvents() ) );
21	+ asort( $eventsSelect );
22
23	return $this->getMod()
24	->renderTemplate(

42	'show_before' => __( 'show results that occurred before', 'wp-simple-firewall' ),
43	],
44	'vars' => [
45	+ 'events_for_select' => $eventsSelect,
46	'unique_ips' => $dbSel->getDistinctIps(),
47	'unique_users' => $dbSel->getDistinctUsernames(),
48	],

src/lib/src/Modules/AuditTrail/WpCli.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <?php
2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail;
4


1	+ <?php declare( strict_types=1 );
2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\AuditTrail;
4

src/lib/src/Modules/Base/AdminPage.php CHANGED Viewed

	@@ -80,6 +80,12 @@ class AdminPage extends ExecOnceModConsumer {
80	return (bool)$this->getOptions()->getFeatureProperty( 'show_module_menu_item' );
81	}
82






83	public function getMenuTitle( bool $markup = true ) :string {
84	$mod = $this->getMod();
85	$title = $this->getOptions()->getFeatureProperty( 'menu_title' );
	@@ -117,4 +123,8 @@ class AdminPage extends ExecOnceModConsumer {
117	}
118	return $items;
119	}




120	}


80	return (bool)$this->getOptions()->getFeatureProperty( 'show_module_menu_item' );
81	}
82
83	+ public function isCurrentPage() :bool {
84	+ $req = Services::Request();
85	+ return !Services::WpGeneral()->isAjax() && $req->isGet()
86	+ && $this->getCon()->isModulePage() && $req->query( 'page' ) == $this->getSlug();
87	+ }
88	+
89	public function getMenuTitle( bool $markup = true ) :string {
90	$mod = $this->getMod();
91	$title = $this->getOptions()->getFeatureProperty( 'menu_title' );

123	}
124	return $items;
125	}
126	+
127	+ public function getSlug() :string {
128	+ return $this->getMod()->getModSlug();
129	+ }
130	}

src/lib/src/Modules/Base/ModCon.php CHANGED Viewed

	@@ -970,6 +970,9 @@ abstract class ModCon {
970	return $this;
971	}
972



973	protected function isThisModAdminPage() :bool {
974	return is_admin() && !Services::WpGeneral()->isAjax()
975	&& Services::Request()->isGet() && $this->isThisModulePage();
	@@ -986,57 +989,57 @@ abstract class ModCon {
986	// standard options use b64 and fail-over to lz-string
987	$form = FormParams::Retrieve( FormParams::ENC_BASE64 );
988
989	- foreach ( $this->getAllFormOptionsAndTypes() as $~~sKey~~ => $~~sOptType~~ ) {
990
991	- $~~sOptionValue~~ = ~~isset(~~ $form[ $~~sKey~~ ] ) ~~? $form[ $sKey ] :~~ null;
992	- if ( is_null( $~~sOptionValue~~ ) ) {
993
994	- if ( in_array( $~~sOptType~~, [ 'text', 'email' ] ) ) { //text box, and it's null, don't update
995	continue;
996	}
997	- elseif ( $~~sOptType~~ == 'checkbox' ) { //if it was a checkbox, and it's null, it means 'N'
998	- $~~sOptionValue~~ = 'N';
999	}
1000	- elseif ( $~~sOptType~~ == 'integer' ) { //if it was a integer, and it's null, it means '0'
1001	- $~~sOptionValue~~ = 0;
1002	}
1003	- elseif ( $~~sOptType~~ == 'multiple_select' ) {
1004	- $~~sOptionValue~~ = [];
1005	}
1006	}
1007	else { //handle any pre-processing we need to.
1008
1009	- if ( $~~sOptType~~ == 'text' \|\| $~~sOptType~~ == 'email' ) {
1010	- $~~sOptionValue~~ = trim( $~~sOptionValue~~ );
1011	}
1012	- if ( $~~sOptType~~ == 'integer' ) {
1013	- $~~sOptionValue~~ = intval( $~~sOptionValue~~ );
1014	}
1015	- elseif ( $~~sOptType~~ == 'password' ) {
1016	- $sTempValue = trim( $~~sOptionValue~~ );
1017	if ( empty( $sTempValue ) ) {
1018	continue;
1019	}
1020
1021	- $~~sConfirm~~ = ~~isset(~~ $form[ $~~sKey~~.'_confirm' ] ) ~~? $form[ $sKey.'_confirm' ] :~~ null;
1022	- if ( $sTempValue !== $~~sConfirm~~ ) {
1023	throw new \Exception( __( 'Password values do not match.', 'wp-simple-firewall' ) );
1024	}
1025
1026	- $~~sOptionValue~~ = md5( $sTempValue );
1027	}
1028	- elseif ( $~~sOptType~~ == 'array' ) { //arrays are textareas, where each is separated by newline
1029	- $~~sOptionValue~~ = array_filter( explode( "\n", esc_textarea( $~~sOptionValue~~ ) ), 'trim' );
1030	}
1031	- elseif ( $~~sOptType~~ == 'comma_separated_lists' ) {
1032	- $~~sOptionValue~~ = Services::Data()->extractCommaSeparatedList( $~~sOptionValue~~ );
1033	}
1034	- /* elseif ( $~~sOptType~~ == 'multiple_select' ) { } */
1035	}
1036
1037	// Prevent overwriting of non-editable fields
1038	- if ( !in_array( $~~sOptType~~, [ 'noneditable_text' ] ) ) {
1039	- $this->getOptions()->setOpt( $~~sKey~~, $~~sOptionValue~~ );
1040	}
1041	}
1042
	@@ -1081,12 +1084,12 @@ abstract class ModCon {
1081
1082	/**
1083	* Will prefix and return any string with the unique plugin prefix.
1084	- * @param string $~~sSuffix~~
1085	- * @param string $~~sGlue~~
1086	* @return string
1087	*/
1088	- public function prefix( $~~sSuffix~~ = '', $~~sGlue~~ = '-' ) {
1089	- return $this->getCon()->prefix( $~~sSuffix~~, $~~sGlue~~ );
1090	}
1091
1092	/**


970	return $this;
971	}
972
973	+ /**
974	+ * @deprecated 11.2
975	+ */
976	protected function isThisModAdminPage() :bool {
977	return is_admin() && !Services::WpGeneral()->isAjax()
978	&& Services::Request()->isGet() && $this->isThisModulePage();

989	// standard options use b64 and fail-over to lz-string
990	$form = FormParams::Retrieve( FormParams::ENC_BASE64 );
991
992	+ foreach ( $this->getAllFormOptionsAndTypes() as $key => $optType ) {
993
994	+ $optValue = $form[ $key ] ?? null;
995	+ if ( is_null( $optValue ) ) {
996
997	+ if ( in_array( $optType, [ 'text', 'email' ] ) ) { //text box, and it's null, don't update
998	continue;
999	}
1000	+ elseif ( $optType == 'checkbox' ) { //if it was a checkbox, and it's null, it means 'N'
1001	+ $optValue = 'N';
1002	}
1003	+ elseif ( $optType == 'integer' ) { //if it was a integer, and it's null, it means '0'
1004	+ $optValue = 0;
1005	}
1006	+ elseif ( $optType == 'multiple_select' ) {
1007	+ $optValue = [];
1008	}
1009	}
1010	else { //handle any pre-processing we need to.
1011
1012	+ if ( $optType == 'text' \|\| $optType == 'email' ) {
1013	+ $optValue = trim( $optValue );
1014	}
1015	+ if ( $optType == 'integer' ) {
1016	+ $optValue = intval( $optValue );
1017	}
1018	+ elseif ( $optType == 'password' ) {
1019	+ $sTempValue = trim( $optValue );
1020	if ( empty( $sTempValue ) ) {
1021	continue;
1022	}
1023
1024	+ $confirm = $form[ $key.'_confirm' ] ?? null;
1025	+ if ( $sTempValue !== $confirm ) {
1026	throw new \Exception( __( 'Password values do not match.', 'wp-simple-firewall' ) );
1027	}
1028
1029	+ $optValue = md5( $sTempValue );
1030	}
1031	+ elseif ( $optType == 'array' ) { //arrays are textareas, where each is separated by newline
1032	+ $optValue = array_filter( explode( "\n", esc_textarea( $optValue ) ), 'trim' );
1033	}
1034	+ elseif ( $optType == 'comma_separated_lists' ) {
1035	+ $optValue = Services::Data()->extractCommaSeparatedList( $optValue );
1036	}
1037	+ /* elseif ( $optType == 'multiple_select' ) { } */
1038	}
1039
1040	// Prevent overwriting of non-editable fields
1041	+ if ( !in_array( $optType, [ 'noneditable_text' ] ) ) {
1042	+ $this->getOptions()->setOpt( $key, $optValue );
1043	}
1044	}
1045

1084
1085	/**
1086	* Will prefix and return any string with the unique plugin prefix.
1087	+ * @param string $suffix
1088	+ * @param string $glue
1089	* @return string
1090	*/
1091	+ public function prefix( $suffix = '', $glue = '-' ) {
1092	+ return $this->getCon()->prefix( $suffix, $glue );
1093	}
1094
1095	/**

src/lib/src/Modules/BaseShield/ModCon.php CHANGED Viewed

	@@ -43,6 +43,9 @@ class ModCon extends Base\ModCon {
43	->getCurrent();
44	}
45



46	public function hasValidRequestIP() :bool {
47	return !empty( Services::IP()->isValidIp( Services::IP()->getRequestIp() ) );
48	}


43	->getCurrent();
44	}
45
46	+ /**
47	+ * @deprecated 11.2
48	+ */
49	public function hasValidRequestIP() :bool {
50	return !empty( Services::IP()->isValidIp( Services::IP()->getRequestIp() ) );
51	}

src/lib/src/Modules/Events/Lib/EventsService.php CHANGED Viewed

	@@ -18,7 +18,7 @@ class EventsService {
18	* @param array $meta
19	* @return $this
20	*/
21	- public function fireEvent( string $event, $meta = [] ) {
22	if ( $this->isSupportedEvent( $event ) ) {
23	do_action(
24	$this->getCon()->prefix( 'event' ),


18	* @param array $meta
19	* @return $this
20	*/
21	+ public function fireEvent( string $event, array $meta = [] ) {
22	if ( $this->isSupportedEvent( $event ) ) {
23	do_action(
24	$this->getCon()->prefix( 'event' ),

src/lib/src/Modules/IPs/Components/ImportIpsFromFile.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <?php
2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Components;
4
	@@ -6,12 +6,10 @@ use FernleafSystems\Wordpress\Plugin\Shield;
6	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs;
7	use FernleafSystems\Wordpress\Services\Services;
8
9	- class ImportIpsFromFile {
10
11	- ~~use~~ ~~Shield\Modules\ModConsumer;~~
12	-
13	- public function run() {
14	- foreach ( [ 'black', 'white' ] as $type ) {
15	$this->runFileImport( $type );
16	}
17	}
	@@ -23,12 +21,13 @@ class ImportIpsFromFile {
23	if ( $FS->isFile( $fileImport ) ) {
24	$content = $FS->getFileContent( $fileImport );
25	if ( !empty( $content ) ) {
26	- $~~oAdd~~ = ( new IPs\Lib\Ops\AddIp() )->setMod( $this->getMod() );
27	foreach ( array_map( 'trim', explode( "\n", $content ) ) as $sIP ) {
28	- $~~oAdd~~->setIP( $sIP );
29	try {
30	- $type == 'white' ~~? $oAdd->toManualWhitelist(~~ '~~file import~~' )
31	- : $~~oAdd~~->~~toManualBlacklist~~( 'file import' );

32	}
33	catch ( \Exception $e ) {
34	}


1	+ <?php declare( strict_types=1 );
2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Components;
4

6	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs;
7	use FernleafSystems\Wordpress\Services\Services;
8
9	+ class ImportIpsFromFile extends Shield\Modules\Base\Common\ExecOnceModConsumer {
10
11	+ protected function run() {
12	+ foreach ( [ 'black', 'white', 'block', 'bypass' ] as $type ) {


13	$this->runFileImport( $type );
14	}
15	}

21	if ( $FS->isFile( $fileImport ) ) {
22	$content = $FS->getFileContent( $fileImport );
23	if ( !empty( $content ) ) {
24	+ $add = ( new IPs\Lib\Ops\AddIp() )->setMod( $this->getMod() );
25	foreach ( array_map( 'trim', explode( "\n", $content ) ) as $sIP ) {
26	+ $add->setIP( $sIP );
27	try {
28	+ in_array( $type, [ 'white', 'bypass' ] ) ?
29	+ $add->toManualWhitelist( 'file import' )
30	+ : $add->toManualBlacklist( 'file import' );
31	}
32	catch ( \Exception $e ) {
33	}

src/lib/src/Modules/IPs/Components/QueryRemainingOffenses.php CHANGED Viewed

	@@ -21,19 +21,19 @@ class QueryRemainingOffenses {
21	public function run() {
22	/** @var IPs\ModCon $mod */
23	$mod = $this->getMod();
24	- $~~oBlackIp~~ = ( new IPs\Lib\Ops\LookupIpOnList() )
25	->setDbHandler( $mod->getDbHandler_IPs() )
26	->setListTypeBlock()
27	->setIP( $this->getIP() )
28	->lookup( false );
29
30	- $~~nOffenses~~ = 0;
31	- if ( $~~oBlackIp~~ instanceof Databases\IPs\EntryVO ) {
32	- $~~nOffenses~~ = (int)$~~oBlackIp~~->transgressions;
33	}
34
35	- /** @var IPs\Options $~~oOpts~~ */
36	- $~~oOpts~~ = $this->getOptions();
37	- return $~~oOpts~~->getOffenseLimit() - $~~nOffenses~~ - 1;
38	}
39	}


21	public function run() {
22	/** @var IPs\ModCon $mod */
23	$mod = $this->getMod();
24	+ $blackIp = ( new IPs\Lib\Ops\LookupIpOnList() )
25	->setDbHandler( $mod->getDbHandler_IPs() )
26	->setListTypeBlock()
27	->setIP( $this->getIP() )
28	->lookup( false );
29
30	+ $offenses = 0;
31	+ if ( $blackIp instanceof Databases\IPs\EntryVO ) {
32	+ $offenses = (int)$blackIp->transgressions;
33	}
34
35	+ /** @var IPs\Options $opts */
36	+ $opts = $this->getOptions();
37	+ return $opts->getOffenseLimit() - $offenses - 1;
38	}
39	}

src/lib/src/Modules/IPs/Components/UnblockIpByFlag.php CHANGED Viewed

	@@ -17,16 +17,15 @@ class UnblockIpByFlag {
17
18	$path = $FS->findFileInDir( 'unblock', $this->getCon()->paths->forFlag() );
19	if ( !empty( $path ) && $FS->isFile( $path ) ) {
20	- $~~sContent~~ = $FS->getFileContent( $path );
21	- if ( !empty( $~~sContent~~ ) ) {
22
23	- ~~$aLines~~ = array_map( 'trim', explode( "\n", $~~sContent~~ ) );
24	- ~~foreach~~ ( ~~$aLines~~ as ~~$sIp~~ ) {
25	- $bRemoved = ( new IPs\Lib\Ops\DeleteIp() )
26	->setMod( $mod )
27	->setIP( $sIp )
28	->fromBlacklist();
29	- if ( $~~bRemoved~~ ) {
30	$this->getCon()->fireEvent( 'ip_unblock_flag', [ 'audit' => [ 'ip' => $sIp ] ] );
31	}
32	}


17
18	$path = $FS->findFileInDir( 'unblock', $this->getCon()->paths->forFlag() );
19	if ( !empty( $path ) && $FS->isFile( $path ) ) {
20	+ $content = $FS->getFileContent( $path );
21	+ if ( !empty( $content ) ) {
22
23	+ foreach ( array_map( 'trim', explode( "\n", $content ) ) as $sIp ) {
24	+ $removed = ( new IPs\Lib\Ops\DeleteIp() )

25	->setMod( $mod )
26	->setIP( $sIp )
27	->fromBlacklist();
28	+ if ( $removed ) {
29	$this->getCon()->fireEvent( 'ip_unblock_flag', [ 'audit' => [ 'ip' => $sIp ] ] );
30	}
31	}

src/lib/src/Modules/IPs/Lib/BlacklistHandler.php CHANGED Viewed

	@@ -2,50 +2,47 @@
2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib;
4
5	- use FernleafSystems\Utilities\Logic\ExecOnce;
6	use FernleafSystems\Wordpress\Plugin\Shield\Crons\PluginCronsConsumer;
7	use FernleafSystems\Wordpress\Plugin\Shield\Modules;
8	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs;
9	use FernleafSystems\Wordpress\Services\Services;
10
11	- class BlacklistHandler {
12
13	- use Modules\ModConsumer;
14	- use ExecOnce;
15	use PluginCronsConsumer;
16






17	protected function run() {
18	/** @var IPs\ModCon $mod */
19	$mod = $this->getMod();
20	- /** @var IPs\Options $opts */
21	- $opts = $this->getOptions();
22
23	- if ( $~~opts~~->~~isEnabledAutoBlackList~~() ) {


24
25	- ~~$con~~ = ~~$this->getCon~~();
26	- ~~if ( Services::WpGeneral()~~->~~isCron~~() && $~~con->isPremiumActive()~~ ) {
27	- ~~$this~~->~~setupCronHooks~~();
28	- }
29
30	- ( ~~new~~ ~~IPs\Components\UnblockIpByFlag(~~) )
31	- ->setMod( $mod )
32	- ->run();
33
34	- ~~add_action~~( ~~'init',~~ [ $this, ~~'loadBotDetectors' ]~~ ); ~~// hook in the bot detection~~
35
36	- if ( ~~!$mod->isVisitorWhitelisted()~~ && ~~!$this->isRequestWhitelisted()~~ ) {



37
38	- // We ~~setup~~ ~~offenses~~ ~~processing immediately but run the blocks on 'init~~
39	- ( new ~~ProcessOffenses~~() )
40	->setMod( $this->getMod() )
41	->execute();
42	-
43	- add_action( 'init', function () {
44	- ( new BlockRequest() )
45	- ->setMod( $this->getMod() )
46	- ->execute();
47	- }, -100000 );
48	- }
49	}
50	}
51
	@@ -124,6 +121,6 @@ class BlacklistHandler {
124	public function runHourlyCron() {
125	( new IPs\Components\ImportIpsFromFile() )
126	->setMod( $this->getMod() )
127	- ->~~run~~();
128	}
129	}


2
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib;
4

5	use FernleafSystems\Wordpress\Plugin\Shield\Crons\PluginCronsConsumer;
6	use FernleafSystems\Wordpress\Plugin\Shield\Modules;
7	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs;
8	use FernleafSystems\Wordpress\Services\Services;
9
10	+ class BlacklistHandler extends Modules\Base\Common\ExecOnceModConsumer {
11


12	use PluginCronsConsumer;
13
14	+ protected function canRun() :bool {
15	+ /** @var IPs\Options $opts */
16	+ $opts = $this->getOptions();
17	+ return $opts->isEnabledAutoBlackList();
18	+ }
19	+
20	protected function run() {
21	/** @var IPs\ModCon $mod */
22	$mod = $this->getMod();


23
24	+ if ( Services::WpGeneral()->isCron() && $this->getCon()->isPremiumActive() ) {
25	+ $this->setupCronHooks();
26	+ }
27
28	+ ( new IPs\Components\UnblockIpByFlag() )
29	+ ->setMod( $mod )
30	+ ->run();

31
32	+ add_action( 'init', [ $this, 'loadBotDetectors' ] ); // hook in the bot detection


33
34	+ if ( !$mod->isVisitorWhitelisted() && !$this->isRequestWhitelisted() ) {
35
36	+ // We setup offenses processing immediately but run the blocks on 'init
37	+ ( new ProcessOffenses() )
38	+ ->setMod( $this->getMod() )
39	+ ->execute();
40
41	+ add_action( 'init', function () {
42	+ ( new BlockRequest() )
43	->setMod( $this->getMod() )
44	->execute();
45	+ }, -100000 );






46	}
47	}
48

121	public function runHourlyCron() {
122	( new IPs\Components\ImportIpsFromFile() )
123	->setMod( $this->getMod() )
124	+ ->execute();
125	}
126	}

src/lib/src/Modules/IPs/Lib/Bots/BotSignalsController.php CHANGED Viewed

@@ -4,6 +4,7 @@ namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots;
             use FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer;
             use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\Calculator\CalculateVisitorBotScores;
             use FernleafSystems\Wordpress\Services\Services;
             class BotSignalsController extends ExecOnceModConsumer {
@@ -19,25 +20,32 @@ class BotSignalsController extends ExecOnceModConsumer {
             	private $eventListener;
             	public function isBot( string $IP = '', bool $allowEventFire = true ) :bool {
-            -
            		$score = ( new CalculateVisitorBotScores() )
-            -
            			->setMod( $this->getMod() )
-            -
            			->setIP( empty( $IP ) ? Services::IP()->getRequestIp() : $IP )
-            -
            			->probability();
-            -
            		$botScoreMinimum = (int)apply_filters( 'shield/antibot_score_minimum',
-            -
            			(int)$this->getOptions()->getOpt( 'antibot_minimum', 50 ) );
-            -
            		$isBot = $score < $botScoreMinimum;
-            -
            		if ( $allowEventFire ) {
-            -
            			$this->getCon()->fireEvent(
-            -
            				'antibot_'.( $isBot ? 'fail' : 'pass' ),
-            -
            				[
-            -
            					'audit' => [
-            -
            						'score'   => $score,
-            -
            						'minimum' => $botScoreMinimum,
+            					]
-            -
            				]
-            -
            			);
+            		}
             		return $isBot;
+            	}


4
5	use FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer;
6	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\Calculator\CalculateVisitorBotScores;
7	+ use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Options;
8	use FernleafSystems\Wordpress\Services\Services;
9
10	class BotSignalsController extends ExecOnceModConsumer {

20	private $eventListener;
21
22	public function isBot( string $IP = '', bool $allowEventFire = true ) :bool {
23	+ /** @var Options $opts */
24	+ $opts = $this->getOptions();




25
26	+ $isBot = false;
27	+ $botScoreMinimum = (int)apply_filters( 'shield/antibot_score_minimum', $opts->getAntiBotMinimum() );
28
29	+ if ( $botScoreMinimum > 0 ) {
30	+
31	+ $score = ( new CalculateVisitorBotScores() )
32	+ ->setMod( $this->getMod() )
33	+ ->setIP( empty( $IP ) ? Services::IP()->getRequestIp() : $IP )
34	+ ->probability();
35	+
36	+ $isBot = $score < $botScoreMinimum;
37	+
38	+ if ( $allowEventFire ) {
39	+ $this->getCon()->fireEvent(
40	+ 'antibot_'.( $isBot ? 'fail' : 'pass' ),
41	+ [
42	+ 'audit' => [
43	+ 'score' => $score,
44	+ 'minimum' => $botScoreMinimum,
45	+ ]
46	]
47	+ );
48	+ }
49	}
50	return $isBot;
51	}

src/lib/src/Modules/IPs/Lib/Bots/BotSignalsRecord.php CHANGED Viewed

	@@ -9,7 +9,6 @@ use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Components\IpAddressCons
9	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Ops\LookupIpOnList;
10	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\ModCon;
11	use FernleafSystems\Wordpress\Plugin\Shield\Modules\ModConsumer;
12	- use FernleafSystems\Wordpress\Plugin\Shield\Modules\Sessions\Lib\Ops\Retrieve;
13	use FernleafSystems\Wordpress\Services\Services;
14
15	class BotSignalsRecord {


9	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Ops\LookupIpOnList;
10	use FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\ModCon;
11	use FernleafSystems\Wordpress\Plugin\Shield\Modules\ModConsumer;

12	use FernleafSystems\Wordpress\Services\Services;
13
14	class BotSignalsRecord {

src/lib/src/Modules/IPs/Lib/Bots/Calculator/BuildScores.php CHANGED Viewed

	@@ -14,11 +14,14 @@ class BuildScores {
14	public function build() :array {
15	$scores = [];
16	foreach ( $this->getAllFields( true ) as $field ) {
17	- $~~scores[~~ ~~$field ]~~ = ~~$this->{~~'score_'.$field~~}()~~;



18	}
19	$scores[ 'known' ] = $this->score_known();
20	- if ( Services::Request()->ts() - $this->getRecord()->created_at < 30 ) {
21	- $scores[ 'baseline' ] = 60;
22	}
23	return $scores;
24	}


14	public function build() :array {
15	$scores = [];
16	foreach ( $this->getAllFields( true ) as $field ) {
17	+ $method = 'score_'.$field;
18	+ if ( method_exists( $this, $method ) ) {
19	+ $scores[ $field ] = $this->{$method}();
20	+ }
21	}
22	$scores[ 'known' ] = $this->score_known();
23	+ if ( Services::Request()->ts() - $this->getRecord()->created_at < 20 ) {
24	+ $scores[ 'baseline' ] = 35;
25	}
26	return $scores;
27	}

src/lib/src/Modules/IPs/Lib/Bots/NotBot/NotBotHandler.php CHANGED Viewed

	@@ -33,7 +33,7 @@ class NotBotHandler extends ExecOnceModConsumer {
33	private function registerFrontPageLoad() {
34	add_action( $this->getCon()->prefix( 'pre_plugin_shutdown' ), function () {
35	$req = Services::Request();
36	- if ( $req->isGet() && ( is_front_page() \|\| is_home() ) ) {
37	/** @var ModCon $mod */
38	$mod = $this->getMod();
39	$mod->getBotSignalsController()


33	private function registerFrontPageLoad() {
34	add_action( $this->getCon()->prefix( 'pre_plugin_shutdown' ), function () {
35	$req = Services::Request();
36	+ if ( $req->isGet() && ( is_page() \|\| is_single() \|\| is_front_page() \|\| is_home() ) ) {
37	/** @var ModCon $mod */
38	$mod = $this->getMod();
39	$mod->getBotSignalsController()

src/lib/src/Modules/IPs/Options.php CHANGED Viewed

	@@ -52,6 +52,14 @@ class Options extends BaseShield\Options {
52	);
53	}
54








55	public function isEnabledAutoBlackList() :bool {
56	return $this->getOffenseLimit() > 0;
57	}


52	);
53	}
54
55	+ public function getAntiBotMinimum() :int {
56	+ return (int)$this->getOpt( 'antibot_minimum', 50 );
57	+ }
58	+
59	+ public function isEnabledAntiBotEngine() :bool {
60	+ return $this->getAntiBotMinimum() > 0;
61	+ }
62	+
63	public function isEnabledAutoBlackList() :bool {
64	return $this->getOffenseLimit() > 0;
65	}

src/lib/src/Modules/IPs/Strings.php CHANGED Viewed

	@@ -45,16 +45,6 @@ class Strings extends Base\Strings {
45	];
46	break;
47
48	- case 'section_enable_plugin_feature_bottrap' :
49	- $titleShort = __( 'Bot-Trap', 'wp-simple-firewall' );
50	- $title = __( 'Identify And Capture Bots Based On Their Site Activity', 'wp-simple-firewall' );
51	- $summary = [
52	- __( "A bot doesn't know what's real and what's not, so it probes many different avenues until it finds something it recognises.", 'wp-simple-firewall' ),
53	- __( "Bot-Trap monitors a set of typical bot behaviours to help identify probing bots.", 'wp-simple-firewall' ),
54	- sprintf( '%s - %s', __( 'Recommendation', 'wp-simple-firewall' ), __( 'Enable as many mouse traps as possible.', 'wp-simple-firewall' ) )
55	- ];
56	- break;
57	-
58	case 'section_logins':
59	$titleShort = __( 'Login Bots', 'wp-simple-firewall' );
60	$title = __( 'Detect & Capture Login Bots', 'wp-simple-firewall' );
	@@ -273,7 +263,7 @@ class Strings extends Base\Strings {
273	'baseline' => __( 'Baseline Starting Score', 'wp-simple-firewall' ),
274	'known' => __( 'A Known Service Provider/Bot', 'wp-simple-firewall' ),
275	'notbot' => __( '"Not Bot" Registration', 'wp-simple-firewall' ),
276	- 'frontpage' => __( '~~Frontpage~~ Visited', 'wp-simple-firewall' ),
277	'loginpage' => __( 'Login Page Visited', 'wp-simple-firewall' ),
278	'bt404' => __( '404 Triggered', 'wp-simple-firewall' ),
279	'btfake' => __( 'Fake Web Crawler', 'wp-simple-firewall' ),


45	];
46	break;
47










48	case 'section_logins':
49	$titleShort = __( 'Login Bots', 'wp-simple-firewall' );
50	$title = __( 'Detect & Capture Login Bots', 'wp-simple-firewall' );

263	'baseline' => __( 'Baseline Starting Score', 'wp-simple-firewall' ),
264	'known' => __( 'A Known Service Provider/Bot', 'wp-simple-firewall' ),
265	'notbot' => __( '"Not Bot" Registration', 'wp-simple-firewall' ),
266	+ 'frontpage' => __( 'Any Frontend Page Visited', 'wp-simple-firewall' ),
267	'loginpage' => __( 'Login Page Visited', 'wp-simple-firewall' ),
268	'bt404' => __( '404 Triggered', 'wp-simple-firewall' ),
269	'btfake' => __( 'Fake Web Crawler', 'wp-simple-firewall' ),

src/lib/src/Modules/IPs/UI.php CHANGED Viewed

	@@ -85,6 +85,13 @@ class UI extends BaseShield\UI {
85	}
86	break;
87







88	case 'section_behaviours':
89	case 'section_probes':
90	case 'section_logins':


85	}
86	break;
87
88	+ case 'section_antibot':
89	+ if ( !$opts->isEnabledAntiBotEngine() ) {
90	+ $warnings[] = sprintf( '%s: %s', __( 'Important', 'wp-simple-firewall' ),
91	+ sprintf( __( "The AntiBot Detection Engine is disabled when set to a minimum score of %s.", 'wp-simple-firewall' ), '0' ) );
92	+ }
93	+ break;
94	+
95	case 'section_behaviours':
96	case 'section_probes':
97	case 'section_logins':

src/lib/src/Modules/Insights/ModCon.php CHANGED Viewed

	@@ -22,16 +22,19 @@ class ModCon extends BaseShield\ModCon {
22
23	private function handleCustomRedirection() {
24	$con = $this->getCon();
25	- if ( !Services::WpGeneral()->isAjax() && is_admin() ~~&& !$con->isModulePage(~~) ) {
26	- if ( $con->getModule_Plugin()->getActivateLength() < 5 ) {
27	Services::Response()->redirect( $con->getModule_Plugin()->getUrl_Wizard( 'welcome' ) );
28	}
29	- elseif ( $this->~~isThisModAdminPage~~() && empty( Services::Request()->query( 'inav' ) ) ) {
30	Services::Response()->redirect( $con->getPluginUrl_DashboardHome() );
31	}
32	}
33	}
34



35	private function maybeRedirectToAdmin() {
36	$con = $this->getCon();
37	$activeFor = $con->getModule_Plugin()->getActivateLength();


22
23	private function handleCustomRedirection() {
24	$con = $this->getCon();
25	+ if ( !Services::WpGeneral()->isAjax() && is_admin() ) {
26	+ if ( !$con->isModulePage() && $con->getModule_Plugin()->getActivateLength() < 5 ) {
27	Services::Response()->redirect( $con->getModule_Plugin()->getUrl_Wizard( 'welcome' ) );
28	}
29	+ elseif ( $this->getAdminPage()->isCurrentPage() && empty( Services::Request()->query( 'inav' ) ) ) {
30	Services::Response()->redirect( $con->getPluginUrl_DashboardHome() );
31	}
32	}
33	}
34
35	+ /**
36	+ * @deprecated 11.2
37	+ */
38	private function maybeRedirectToAdmin() {
39	$con = $this->getCon();
40	$activeFor = $con->getModule_Plugin()->getActivateLength();

src/lib/src/Modules/Integrations/Lib/Bots/Spam/Handlers/SuperForms.php ADDED Viewed

	@@ -0,0 +1,24 @@


1	+ <?php declare( strict_types=1 );
2	+
3	+ namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\Integrations\Lib\Bots\Spam\Handlers;
4	+
5	+ class SuperForms extends Base {
6	+
7	+ protected function run() {
8	+ add_action( 'super_before_sending_email_hook', function ( $formSubmissionData ) {
9	+ if ( $this->isSpam() ) {
10	+ \SUPER_Common::output_message( true, esc_html__( 'Shield Anti-Spam detected this form submission as a bot!', 'wp-simple-firewall' ) );
11	+ }
12	+ }, 1000 );
13	+ }
14	+
15	+ protected function getProviderName() :string {
16	+ return 'Super Forms';
17	+ }
18	+
19	+ public static function IsProviderInstalled() :bool {
20	+ return @class_exists( '\SUPER_Forms' )
21	+ && isset( \SUPER_Forms::$version )
22	+ && version_compare( \SUPER_Forms::$version, '4.9', '>=' );
23	+ }
24	+ }

src/lib/src/Modules/Integrations/Lib/Bots/Spam/SpamController.php CHANGED Viewed

	@@ -20,9 +20,11 @@ class SpamController extends BaseBotDetectionController {
20	new Handlers\FormidableForms(),
21	new Handlers\FluentForms(),
22	new Handlers\Forminator(),

23	new Handlers\GravityForms(),
24	new Handlers\KaliForms(),
25	new Handlers\NinjaForms(),

26	new Handlers\WPForms(),
27	new Handlers\WpForo(),
28	];


20	new Handlers\FormidableForms(),
21	new Handlers\FluentForms(),
22	new Handlers\Forminator(),
23	+ new Handlers\Groundhogg(),
24	new Handlers\GravityForms(),
25	new Handlers\KaliForms(),
26	new Handlers\NinjaForms(),
27	+ new Handlers\SuperForms(),
28	new Handlers\WPForms(),
29	new Handlers\WpForo(),
30	];

src/lib/src/Modules/Plugin/ModCon.php CHANGED Viewed

	@@ -68,10 +68,9 @@ class ModCon extends BaseShield\ModCon {
68	$con = $this->getCon();
69	$wpCrons = Services::WpCron();
70
71	- foreach ( $wpCrons->getCrons() as $~~nKey~~ => $~~aCronArgs~~ ) {
72	- foreach ( $~~aCronArgs~~ as $hook => $~~aCron~~ ) {
73	- if ( strpos( (string)$hook, $con->prefix() ) === 0
74	- \|\| strpos( (string)$hook, $con->prefixOption() ) === 0 ) {
75	$wpCrons->deleteCronJob( $hook );
76	}
77	}


68	$con = $this->getCon();
69	$wpCrons = Services::WpCron();
70
71	+ foreach ( $wpCrons->getCrons() as $key => $cronArgs ) {
72	+ foreach ( $cronArgs as $hook => $cron ) {
73	+ if ( strpos( (string)$hook, $con->prefix() ) === 0 \|\| strpos( (string)$hook, $con->prefixOption() ) === 0 ) {

74	$wpCrons->deleteCronJob( $hook );
75	}
76	}

src/lib/src/Modules/UserManagement/Lib/Session/UserSessionHandler.php CHANGED Viewed

	@@ -23,7 +23,7 @@ class UserSessionHandler extends ExecOnceModConsumer {
23	$this->setupLoginCaptureHooks();
24	add_action( 'wp_loaded', [ $this, 'onWpLoaded' ] );
25	add_filter( 'wp_login_errors', [ $this, 'addLoginMessage' ] );
26	- add_filter( 'auth_cookie_expiration', [ $this, 'setMaxAuthCookieExpiration' ], 100, 1 );
27	}
28
29	protected function captureLogin( \WP_User $user ) {
	@@ -38,16 +38,14 @@ class UserSessionHandler extends ExecOnceModConsumer {
38
39	private function checkCurrentSession() {
40	$con = $this->getCon();
41	- /** ~~@var~~ ~~UserManagement\ModCon $mod */~~
42	- ~~$mod = $this->getMod();~~
43	try {
44	- if ( $~~mod~~->~~hasValidRequestIP~~() ) {
45	$this->assessSession();
46	}
47	}
48	catch ( \Exception $e ) {
49	- // We force-refresh the server IPs just to be sure.
50	- $srvIP = Services::IP();
51	$srvIP->getServerPublicIPs( true );
52	if ( !$srvIP->isLoopback() ) {
53	$event = $e->getMessage();


23	$this->setupLoginCaptureHooks();
24	add_action( 'wp_loaded', [ $this, 'onWpLoaded' ] );
25	add_filter( 'wp_login_errors', [ $this, 'addLoginMessage' ] );
26	+ add_filter( 'auth_cookie_expiration', [ $this, 'setMaxAuthCookieExpiration' ], 100 );
27	}
28
29	protected function captureLogin( \WP_User $user ) {

38
39	private function checkCurrentSession() {
40	$con = $this->getCon();
41	+ $srvIP = Services::IP();
42	+
43	try {
44	+ if ( !empty( $srvIP->isValidIp( $srvIP->getRequestIp() ) ) ) {
45	$this->assessSession();
46	}
47	}
48	catch ( \Exception $e ) {


49	$srvIP->getServerPublicIPs( true );
50	if ( !$srvIP->isLoopback() ) {
51	$event = $e->getMessage();

src/lib/vendor/composer/autoload_classmap.php CHANGED Viewed

	@@ -512,6 +512,7 @@ return array(
512	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\Helpers\\NinjaForms_ShieldSpamAction' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/Helpers/NinjaForms_ShieldSpamAction.php',
513	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\KaliForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/KaliForms.php',
514	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\NinjaForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/NinjaForms.php',

515	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WPForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WPForms.php',
516	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WpForo' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WpForo.php',
517	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\SpamController' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/SpamController.php',


512	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\Helpers\\NinjaForms_ShieldSpamAction' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/Helpers/NinjaForms_ShieldSpamAction.php',
513	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\KaliForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/KaliForms.php',
514	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\NinjaForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/NinjaForms.php',
515	+ 'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\SuperForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/SuperForms.php',
516	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WPForms' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WPForms.php',
517	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WpForo' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WpForo.php',
518	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\SpamController' => $baseDir . '/src/Modules/Integrations/Lib/Bots/Spam/SpamController.php',

src/lib/vendor/composer/autoload_static.php CHANGED Viewed

	@@ -714,6 +714,7 @@ class ComposerStaticInit4fc2c6daaffaf40b64b79b6d26830171
714	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\Helpers\\NinjaForms_ShieldSpamAction' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/Helpers/NinjaForms_ShieldSpamAction.php',
715	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\KaliForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/KaliForms.php',
716	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\NinjaForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/NinjaForms.php',

717	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WPForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WPForms.php',
718	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WpForo' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WpForo.php',
719	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\SpamController' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/SpamController.php',


714	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\Helpers\\NinjaForms_ShieldSpamAction' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/Helpers/NinjaForms_ShieldSpamAction.php',
715	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\KaliForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/KaliForms.php',
716	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\NinjaForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/NinjaForms.php',
717	+ 'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\SuperForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/SuperForms.php',
718	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WPForms' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WPForms.php',
719	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WpForo' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/Handlers/WpForo.php',
720	'FernleafSystems\\Wordpress\\Plugin\\Shield\\Modules\\Integrations\\Lib\\Bots\\Spam\\SpamController' => __DIR__ . '/../..' . '/src/Modules/Integrations/Lib/Bots/Spam/SpamController.php',

src/lib/vendor/fernleafsystems/wordpress-services/src/Core/Cron.php CHANGED Viewed

	@@ -49,10 +49,15 @@ class Cron {
49
50	/**
51	* @return array
52	- * @deprecated uses undocumented private WP function
53	*/
54	public function getCrons() {
55	- ~~return~~ function_exists( '~~_get_cron_array~~' ) ~~&& is_array( _get_cron_array(~~) ~~) ? _get_cron_array() : [];~~






56	}
57
58	/**


49
50	/**
51	* @return array

52	*/
53	public function getCrons() {
54	+ if ( function_exists( 'wp_get_ready_cron_jobs' ) ) {
55	+ $crons = wp_get_ready_cron_jobs();
56	+ }
57	+ elseif ( function_exists( '_get_cron_array' ) ) {
58	+ $crons = _get_cron_array();
59	+ }
60	+ return is_array( $crons ) ? $crons : [];
61	}
62
63	/**

src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Licenses/EddLicenseVO.php CHANGED Viewed

	@@ -1,7 +1,8 @@
1	- <?php
2
3	namespace FernleafSystems\Wordpress\Services\Utilities\Licenses;
4

5	use FernleafSystems\Wordpress\Services\Services;
6
7	/**
	@@ -21,61 +22,66 @@ use FernleafSystems\Wordpress\Services\Services;
21	* @property string $license
22	* @property string $payment_id
23	* @property bool $success


24	* @property string $error
25	*/
26	- class EddLicenseVO {
27
28	- ~~use~~ ~~\FernleafSystems\Utilities\Data\Adapter\StdClassAdapter;~~


29
30	- /**
31	- * ~~@return~~ int
32	- */
33	- ~~public function getExpiresAt() {~~
34	- ~~return~~ ~~( $this->expires ==~~ '~~lifetime~~' ~~) ? PHP_INT_MAX~~ : ~~strtotime( $this->expires );~~









35	}
36
37	- /**
38	- * @return ~~bool~~
39	- */
40	- public function isExpired() {
41	- return ( $this->getExpiresAt() < Services::Request()->ts() );
42	}
43
44	/**
45	* @return bool
46	*/
47	- public function ~~isValid~~() {
48	- return ( $this->~~isReady~~() && ~~$this->success && !$this->isExpired~~() ~~&& $this~~->~~license == 'valid'~~ );
49	}
50
51	- /**
52	- * @return ~~bool~~
53	- */
54	- ~~public function hasError() {~~

55	return !empty( $this->error );
56	}
57
58	- /**
59	- * @return bool
60	- */
61	- public function hasChecksum() {
62	return !empty( $this->checksum );
63	}
64
65	- /**
66	- * @return bool
67	- */
68	- public function isReady() {
69	return $this->hasChecksum();
70	}
71
72	/**
73	- * @param bool $~~bAddRandom~~
74	* @return $this
75	*/
76	- public function updateLastVerifiedAt( $~~bAddRandom~~ = false ) {
77	$this->last_verified_at = (int)$this->last_request_at +
78	- ( $~~bAddRandom~~ ? rand( -6, 18 )*HOUR_IN_SECONDS : 0 );
79	return $this;
80	}
81	}


1	+ <?php declare( strict_types=1 );
2
3	namespace FernleafSystems\Wordpress\Services\Utilities\Licenses;
4
5	+ use FernleafSystems\Utilities\Data\Adapter\DynPropertiesClass;
6	use FernleafSystems\Wordpress\Services\Services;
7
8	/**

22	* @property string $license
23	* @property string $payment_id
24	* @property bool $success
25	+ * @property bool $is_staging
26	+ * @property bool $has_support
27	* @property string $error
28	*/
29	+ class EddLicenseVO extends DynPropertiesClass {
30
31	+ public function __get( string $key ) {
32	+ $value = parent::__get( $key );
33	+ switch ( $key ) {
34
35	+ case 'expires_at':
36	+ $value = is_numeric( $value ) ? (int)$value : $this->getExpiresAt();
37	+ break;
38	+
39	+ case 'success':
40	+ case 'has_support':
41	+ case 'is_staging':
42	+ $value = (bool)$value;
43	+ break;
44	+
45	+ default:
46	+ break;
47	+ }
48	+ return $value;
49	}
50
51	+ public function getExpiresAt() :int {
52	+ return ( $this->expires == 'lifetime' ) ? PHP_INT_MAX : (int)strtotime( $this->expires );



53	}
54
55	/**
56	* @return bool
57	*/
58	+ public function isExpired() :bool {
59	+ return $this->getExpiresAt() < Services::Request()->ts();
60	}
61
62	+ public function isValid() :bool {
63	+ return $this->isReady() && $this->success && !$this->isExpired() && $this->license == 'valid';
64	+ }
65	+
66	+ public function hasError() :bool {
67	return !empty( $this->error );
68	}
69
70	+ public function hasChecksum() :bool {



71	return !empty( $this->checksum );
72	}
73
74	+ public function isReady() :bool {



75	return $this->hasChecksum();
76	}
77
78	/**
79	+ * @param bool $addRandom
80	* @return $this
81	*/
82	+ public function updateLastVerifiedAt( bool $addRandom = false ) {
83	$this->last_verified_at = (int)$this->last_request_at +
84	+ ( $addRandom ? rand( -6, 18 )*HOUR_IN_SECONDS : 0 );
85	return $this;
86	}
87	}

src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Licenses/Keyless/Base.php CHANGED Viewed

	@@ -63,9 +63,6 @@ abstract class Base extends DynPropertiesClass {
63	return $response;
64	}
65
66	- /**
67	- * @return string
68	- */
69	protected function getApiRequestUrl() :string {
70	return sprintf( '%s/%s', $this->lookup_url_stub, static::API_ACTION );
71	}


63	return $response;
64	}
65



66	protected function getApiRequestUrl() :string {
67	return sprintf( '%s/%s', $this->lookup_url_stub, static::API_ACTION );
68	}

src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Licenses/Keyless/Lookup.php CHANGED Viewed

	@@ -18,10 +18,7 @@ class Lookup extends Base {
18
19	const API_ACTION = 'lookup';
20
21	- /**
22	- * @return EddLicenseVO
23	- */
24	- public function lookup() {
25	if ( empty( $this->url ) ) {
26	$this->url = Services::WpGeneral()->getHomeUrl( '', true );
27	}
	@@ -39,9 +36,6 @@ class Lookup extends Base {
39	return $lic;
40	}
41
42	- /**
43	- * @return string
44	- */
45	protected function getApiRequestUrl() :string {
46	return sprintf( '%s/%s/%s', parent::getApiRequestUrl(), $this->item_id, $this->install_id );
47	}


18
19	const API_ACTION = 'lookup';
20
21	+ public function lookup() :EddLicenseVO {



22	if ( empty( $this->url ) ) {
23	$this->url = Services::WpGeneral()->getHomeUrl( '', true );
24	}

36	return $lic;
37	}
38



39	protected function getApiRequestUrl() :string {
40	return sprintf( '%s/%s/%s', parent::getApiRequestUrl(), $this->item_id, $this->install_id );
41	}

src/wizards/plugin.php CHANGED Viewed

	@@ -268,7 +268,7 @@ class ICWP_WPSF_Wizard_Plugin extends ICWP_WPSF_Wizard_BaseWpsf {
268	$additional = [
269	'hrefs' => [
270	'free_trial' => 'https://shsec.io/freetrialwizard',
271	- 'features' => 'https://getshieldsecurity.com/features/',
272	],
273	'imgs' => [
274	'free_trial' => $con->svgs->raw( 'bootstrap/shield-fill-plus.svg' ),
	@@ -294,9 +294,9 @@ class ICWP_WPSF_Wizard_Plugin extends ICWP_WPSF_Wizard_BaseWpsf {
294	$users = Services::WpUsers()->getCurrentWpUser();
295	$additional = [
296	'hrefs' => [
297	- '~~privacy_policy~~' => ~~$this->getOptions()->getDef(~~ '~~href_privacy_policy~~' ),
298	- '~~facebook~~' => ~~$con->urls->forImage(~~ '~~bootstrap~~/~~facebook.svg~~' ),
299	- '~~twitter~~' => ~~$con->urls->forImage(~~ '~~bootstrap~~/~~twitter.svg~~' ),
300	],
301	'imgs' => [
302	'facebook' => $con->svgs->raw( 'bootstrap/facebook.svg' ),


268	$additional = [
269	'hrefs' => [
270	'free_trial' => 'https://shsec.io/freetrialwizard',
271	+ 'features' => 'https://getshieldsecurity.com/features/',
272	],
273	'imgs' => [
274	'free_trial' => $con->svgs->raw( 'bootstrap/shield-fill-plus.svg' ),

294	$users = Services::WpUsers()->getCurrentWpUser();
295	$additional = [
296	'hrefs' => [
297	+ 'facebook' => 'https://shsec.io/pluginshieldsecuritygroupfb',
298	+ 'twitter' => 'https://shsec.io/pluginshieldsecuritytwitter',
299	+ 'email' => 'https://shsec.io/pluginshieldsecuritynewsletter',
300	],
301	'imgs' => [
302	'facebook' => $con->svgs->raw( 'bootstrap/facebook.svg' ),

templates/php/snippets/admin_access_login_box.php DELETED Viewed

@@ -1,50 +0,0 @@
-            -
            <div id="WpsfAdminAccessLogin" style="display:none;">
-            -
            	<div class="bootstrap-wpadmin wpsf-admin-access-login" id="AdminAccessLogin-<?php echo $unique_render_id; ?>"></div>
-            -
            </div>
-            -
-            -
            <script type="text/javascript">
-            -
-            -
            	<?php if ( $flags[ 'restrict_options' ] ) : ?>
-            -
            		jQuery( document ).ready(
-            -
            			function () {
-            -
            				aItems = [ <?php echo $js_snippets[ 'options_to_restrict' ]; ?> ];
-            -
            				aItems.forEach( disable_input );
-            -
            			}
-            -
            		);
-            -
            	<?php endif; ?>
-            -
-            -
            	function disable_input( element, index, array ) {
-            -
            		$oItem = jQuery( 'input[name=' + element + ']' );
-            -
            		$oItem.prop( 'disabled', true );
-            -
            		$oParentTr = $oItem.parents( 'tr' );
-            -
            		$oParentTr.addClass( 'restricted-option-row' );
-            -
            		$oItem.parents( 'td' ).append(
-            -
            			'<div style="clear:both"></div><div class="restricted-option">' +
-            -
            			'<span class="dashicons dashicons-lock"></span>' +
-            -
            			'<?php echo $strings[ 'editing_restricted' ];?>' + ' <?php echo $strings[ 'unlock_link' ];?>' +
-            -
            			'</div>'
-            -
            		);
-            -
            	}
-            -
-            -
            	jQuery( document ).ready( function () {
-            -
            		load_admin_access_form( jQuery( '#AdminAccessLogin-<?php echo $unique_render_id;?>' ) );
-            -
            	} );
-            -
-            -
            	function load_admin_access_form( $oTarget ) {
-            -
            		var aData = <?php echo $ajax[ 'sec_admin_login_box' ]; ?>;
-            -
            		request_and_html( aData, $oTarget );
-            -
            	}
-            -
-            -
            	function request_and_html( requestData, $oTarget ) {
-            -
-            -
            		$oTarget.html( '<div class="spinner"></div>' );
-            -
            		jQuery.post( ajaxurl, requestData, function ( oResponse ) {
-            -
            			if ( oResponse.data ) {
-            -
            				$oTarget.html( oResponse.data.html );
-            -
            			}
-            -
            			else {
-            -
            				$oTarget.html( 'There was an unknown error' );
-            -
            			}
-            -
            		} );
-            -
            	}
-            -
            </script>

templates/twig/components/options_form/main.twig CHANGED Viewed

@@ -32,22 +32,34 @@
             						<h5 class="mt-3">
             							<span class="mb-3 d-inline-block">{{ opt_section.title }}</span>
-            -
            							{% if ( opt_section.summary is defined ) and opt_section.summary|length %}
-            -
            								<a class="section_title_info"
-            -
            								   data-toggle="collapse"
-            -
            								   data-target="#collapse-{{ opt_section.slug }}"
-            -
            								><span class="dashicons dashicons-info"></span></a>
-            -
            								<br />
-            -
            								<div class="collapse mb-3" id="collapse-{{ opt_section.slug }}">
-            -
            									<div class="card">
-            -
            										<div class="card-body">
-            -
            											{% for item in opt_section.summary %}
-            -
            												<p class="card-text">{{ item|raw }}</p>
-            -
            											{% endfor %}
             										</div>
             									</div>
-            -
            								</div>
             							{% endif %}
             						</h5>
             					</div>
             				</div>


32	<h5 class="mt-3">
33	<span class="mb-3 d-inline-block">{{ opt_section.title }}</span>
34
35	+ {% if opt_section.beacon_id\|default(false) %}
36	+ <a href="javascript:{}" class="beacon-article"
37	+ data-beacon-article-id="{{ opt_section.beacon_id }}"
38	+ data-beacon-article-format="modal"
39	+ title="{{ strings.opt_info_helpdesk }}">
40	+ <span class="dashicons dashicons-editor-help"></span>
41	+ </a>
42	+
43	+ {% else %}
44	+ {% if ( opt_section.summary is defined ) and opt_section.summary\|length %}
45	+
46	+ <a class="section_title_info"
47	+ data-toggle="collapse"
48	+ data-target="#collapse-{{ opt_section.slug }}"
49	+ ><span class="dashicons dashicons-editor-help"></span></a>
50	+ <br />
51	+ <div class="collapse mb-3" id="collapse-{{ opt_section.slug }}">
52	+ <div class="card">
53	+ <div class="card-body">
54	+ {% for item in opt_section.summary %}
55	+ <p class="card-text">{{ item\|raw }}</p>
56	+ {% endfor %}
57	+ </div>
58	</div>
59	</div>
60	+ {% endif %}
61	{% endif %}
62	+
63	</h5>
64	</div>
65	</div>

templates/twig/components/options_form/option.twig CHANGED Viewed

@@ -5,10 +5,20 @@
             			   id="Label-{{ aOption.key }}"
             			   class="col-form-label">
             			<span class="option_label_name">{{ aOption.name }}
-            -
            				{% if aOption.link_info %}
-            -
            					<a href="{{ aOption.link_info }}" class="option_link_info d-inline-block" target="_blank"
             					   title="{{ strings.opt_info_helpdesk }}">
-            -
            					<span class="dashicons dashicons-editor-help"></span></a>
             				{% endif %}
             			</span>
@@ -173,9 +183,17 @@
             			</div>
             			<div class="mt-3 text-left text-nowrap">
-            -
            				{% if aOption.link_info %}
-            -
            					<a href="{{ aOption.link_info }}" target="_blank"
-            -
            					   title="{{ strings.opt_info_helpdesk }}">{{ strings.more_info }}</a>
             					{% if aOption.link_blog %}
             						<span class="m-1">&vert;</span>
             						<a href="{{ aOption.link_blog }}" target="_blank"


5	id="Label-{{ aOption.key }}"
6	class="col-form-label">
7	<span class="option_label_name">{{ aOption.name }}
8	+
9	+ {% if aOption.beacon_id\|default(false) %}
10	+ <a href="javascript:{}"
11	+ class="beacon-article"
12	+ data-beacon-article-id="{{ aOption.beacon_id }}"
13	+ data-beacon-article-format="sidebar"
14	title="{{ strings.opt_info_helpdesk }}">
15	+ <span class="dashicons dashicons-editor-help"></span>
16	+ </a>
17	+ {% else %}
18	+ {% if aOption.link_info %}
19	+ <a href="{{ aOption.link_info }}" class="option_link_info d-inline-block" target="_blank"
20	+ title="{{ strings.opt_info_helpdesk }}"></a>
21	+ {% endif %}
22	{% endif %}
23	</span>
24

183	</div>
184
185	<div class="mt-3 text-left text-nowrap">
186	+ {% if aOption.link_info or aOption.beacon_id\|default(false) %}
187	+
188	+ {% if aOption.beacon_id\|default(false) %}
189	+ <a href="javascript:{}" data-beacon-article-sidebar="{{ aOption.beacon_id }}"
190	+ title="{{ strings.opt_info_helpdesk }}">{{ strings.more_info }}</a>
191	+
192	+ {% else %}
193	+ <a href="{{ aOption.link_info }}" target="_blank"
194	+ title="{{ strings.opt_info_helpdesk }}">{{ strings.more_info }}</a>
195	+ {% endif %}
196	+
197	{% if aOption.link_blog %}
198	<span class="m-1">\|</span>
199	<a href="{{ aOption.link_blog }}" target="_blank"

templates/twig/wizard/slides/welcome/optin.twig CHANGED Viewed

	@@ -10,7 +10,7 @@
10	from our active Shield community and keep up-to-date on our latest news.</p>
11	</div>
12	<div class="col-4">
13	- <a href=""
14	class="button d-block w-100 text-center p-3"
15	target="_blank"
16	>
	@@ -25,7 +25,7 @@
25	<p>Follow us on Twitter for news, updates, and promotions.</p>
26	</div>
27	<div class="col-4">
28	- <a href=""
29	class="button d-block w-100 text-center p-3"
30	target="_blank"
31	>
	@@ -40,7 +40,7 @@
40	<p>Join our newsletter to get alerted when we have new blog posts and announcements.</p>
41	</div>
42	<div class="col-4">
43	- <a href=""
44	class="button d-block w-100 text-center p-3"
45	target="_blank"
46	>


10	from our active Shield community and keep up-to-date on our latest news.</p>
11	</div>
12	<div class="col-4">
13	+ <a href="{{ hrefs.facebook }}"
14	class="button d-block w-100 text-center p-3"
15	target="_blank"
16	>

25	<p>Follow us on Twitter for news, updates, and promotions.</p>
26	</div>
27	<div class="col-4">
28	+ <a href="{{ hrefs.twitter }}"
29	class="button d-block w-100 text-center p-3"
30	target="_blank"
31	>

40	<p>Join our newsletter to get alerted when we have new blog posts and announcements.</p>
41	</div>
42	<div class="col-4">
43	+ <a href="{{ hrefs.email }}"
44	class="button d-block w-100 text-center p-3"
45	target="_blank"
46	>

Shield Security for WordPress - Version 11.2.3

Version Description

Release Info

Code changes from version 11.2.2 to 11.2.3