Shield Security for WordPress - Version 15.0.0

Version Description

Download this release

Release Info

Developer paultgoodchild
Plugin Icon 128x128 Shield Security for WordPress
Version 15.0.0
Comparing to
See all releases

Code changes from version 14.9.11 to 15.0.0

Files changed (25) hide show
  1. cl.json +29 -5
  2. icwp-wpsf.php +1 -1
  3. plugin-spec.php +3 -3
  4. plugin.json +3 -3
  5. readme.txt +3 -3
  6. resources/css/global-plugin.css +15 -1
  7. resources/images/bootstrap/speedometer.svg +3 -3
  8. resources/js/shield/ip_detect.js +20 -2
  9. src/lib/src/Controller/Admin/DashboardWidget.php +2 -1
  10. src/lib/src/Modules/HackGuard/DB/Utility/Clean.php +0 -1
  11. src/lib/src/Modules/HackGuard/Scan/Controller/Afs.php +1 -1
  12. src/lib/src/Modules/IPs/Options.php +1 -1
  13. src/lib/src/Modules/IPs/Rules/Build/IsPathWhitelisted.php +3 -2
  14. src/lib/src/Modules/Insights/Lib/NavMenuBuilder.php +1 -1
  15. src/lib/src/Modules/License/UI.php +16 -6
  16. src/lib/src/Modules/LoginGuard/Lib/TwoFactor/MfaProfilesController.php +1 -5
  17. src/lib/src/Modules/Plugin/AjaxHandler.php +3 -2
  18. src/lib/src/Modules/Plugin/Components/DashboardWidget.php +14 -4
  19. src/lib/src/Modules/Plugin/ModCon.php +13 -2
  20. src/lib/src/Modules/SecurityAdmin/Lib/WhiteLabel/WhitelabelController.php +0 -4
  21. src/lib/src/Scans/Afs/Scans/RealtimeFile.php +0 -1
  22. src/lib/src/Tables/DataTables/LoadData/BaseBuildTableData.php +1 -0
  23. src/lib/vendor/a5hleyrich/wp-background-processing/classes/wp-background-process.php +0 -1
  24. templates/twig/admin/admin_dashboard_widget.twig +8 -6
  25. templates/twig/wpadmin_pages/insights/license/license.twig +3 -0
cl.json CHANGED
@@ -1,13 +1,15 @@
1
  {
2
  "15.0": {
3
  "version": "15.0",
4
- "released_at": 1649932802,
5
  "hrefs": {
6
  "release": "https://shsec.io/shieldrelease150",
7
  "upgrade": "https://shsec.io/shieldupgradeguide150"
8
  },
9
  "title": "Rules Engine",
10
  "description": [
 
 
11
  ],
12
  "items": [
13
  {
@@ -41,11 +43,26 @@
41
  "Please use the newer AntiBot Detection Engine."
42
  ]
43
  },
 
 
 
 
 
 
 
44
  {
45
  "type": "improved",
46
- "title": "Author Discovery/Fishing",
47
  "description": [
48
- "This feature is now a Bot Signal which is logged in the Audit Trail and triggers offenses."
 
 
 
 
 
 
 
 
49
  ]
50
  },
51
  {
@@ -55,11 +72,18 @@
55
  "Shield has undergone major enhancements and performance improvements."
56
  ],
57
  "list": [
58
- "Reduced duplicate and unnecessary DB requests.",
59
- "Consolidated and removed many excess Transients (fewer DB requests).",
60
  "Optimised several DB queries."
61
  ]
62
  },
 
 
 
 
 
 
 
63
  {
64
  "type": "improved",
65
  "title": "New Filters: Adjust scanner notices about plugin/theme update/active status",
1
  {
2
  "15.0": {
3
  "version": "15.0",
4
+ "released_at": 1652184000,
5
  "hrefs": {
6
  "release": "https://shsec.io/shieldrelease150",
7
  "upgrade": "https://shsec.io/shieldupgradeguide150"
8
  },
9
  "title": "Rules Engine",
10
  "description": [
11
+ "A major overhaul of how Shield assesses all incoming requests.",
12
+ "The Rules Engine allows for streamlined security processing and, in the future, easily customisable rules to handle any scenario."
13
  ],
14
  "items": [
15
  {
43
  "Please use the newer AntiBot Detection Engine."
44
  ]
45
  },
46
+ {
47
+ "type": "new",
48
+ "title": "All-New WordPress Dashboard Widget",
49
+ "description": [
50
+ "The original WordPress Admin Dashboard widget was pretty basic, so we've completely revamped it with some of your latest site activity."
51
+ ]
52
+ },
53
  {
54
  "type": "improved",
55
+ "title": "Visitor IP Source Detection",
56
  "description": [
57
+ "It's critical that Shield can get the correct visitor IP address. Unfortunately many webhosts drop the ball when it comes to their configurations.",
58
+ "We've added a completely automated and highly reliable method of determining the best source for Visitor IP addresses. If it's there, Shield will find it."
59
+ ]
60
+ },
61
+ {
62
+ "type": "improved",
63
+ "title": "Shield Dashboard Navigation",
64
+ "description": [
65
+ "We've done quite a bit of work to smooth out and simplify Shield's admin UI making it easier to navigate and find what you need."
66
  ]
67
  },
68
  {
72
  "Shield has undergone major enhancements and performance improvements."
73
  ],
74
  "list": [
75
+ "Removed duplicate and unnecessary DB requests.",
76
+ "Consolidated and removed many excess WP Transients (fewer DB requests).",
77
  "Optimised several DB queries."
78
  ]
79
  },
80
+ {
81
+ "type": "improved",
82
+ "title": "Author Discovery/Fishing",
83
+ "description": [
84
+ "This feature is now a Bot Signal which is logged in the Audit Trail and triggers offenses."
85
+ ]
86
+ },
87
  {
88
  "type": "improved",
89
  "title": "New Filters: Adjust scanner notices about plugin/theme update/active status",
icwp-wpsf.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
- * Version: 14.9.11
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
+ * Version: 15.0.0
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
plugin-spec.php CHANGED
@@ -1,8 +1,8 @@
1
  {
2
  "properties": {
3
- "version": "14.9.11",
4
- "release_timestamp": 1651672680,
5
- "build": "202205.0402",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
1
  {
2
  "properties": {
3
+ "version": "15.0.0",
4
+ "release_timestamp": 1652184000,
5
+ "build": "202205.0501",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
plugin.json CHANGED
@@ -1,8 +1,8 @@
1
  {
2
  "properties": {
3
- "version": "14.9.11",
4
- "release_timestamp": 1651672680,
5
- "build": "202205.0402",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
1
  {
2
  "properties": {
3
+ "version": "15.0.0",
4
+ "release_timestamp": 1652184000,
5
+ "build": "202205.0501",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
readme.txt CHANGED
@@ -3,12 +3,12 @@ Contributors: paultgoodchild, getshieldsecurity
3
  Donate link: https://shsec.io/bw
4
  License: GPLv3
5
  License URI: http://www.gnu.org/licenses/gpl.html
6
- Tags: scan, malware, firewall, two factor authentication, login protection
7
  Requires at least: 3.7
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
- Tested up to: 5.9
11
- Stable tag: 14.1.7
12
 
13
  No-Nonsense Security Hardening that protects WordPress against hackers, malicious bots, and spammers (no captchas!). Now with exclusive ShieldNET Technology.
14
 
3
  Donate link: https://shsec.io/bw
4
  License: GPLv3
5
  License URI: http://www.gnu.org/licenses/gpl.html
6
+ Tags: limit login, malware scan, firewall, two factor authentication, login protection
7
  Requires at least: 3.7
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
+ Tested up to: 6.0
11
+ Stable tag: 15.0.0
12
 
13
  No-Nonsense Security Hardening that protects WordPress against hackers, malicious bots, and spammers (no captchas!). Now with exclusive ShieldNET Technology.
14
 
resources/css/global-plugin.css CHANGED
@@ -290,13 +290,27 @@ tr.icwp-plugin-vulnerability dd {
290
  z-index: 1;
291
  }
292
  #ShieldDashboardWidget .jump-buttons {
293
- margin: 10px auto;
294
 
295
  display: flex;
296
  flex-direction: row;
297
  justify-content: center;
298
  gap: 7px;
299
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
300
  #ShieldDashboardWidget .shield-progress-bar {
301
  height: 20px;
302
  margin: 15px 0 20px;
290
  z-index: 1;
291
  }
292
  #ShieldDashboardWidget .jump-buttons {
293
+ margin: 20px 3px 14px;
294
 
295
  display: flex;
296
  flex-direction: row;
297
  justify-content: center;
298
  gap: 7px;
299
  }
300
+ #icwp-wpsf-dashboard_widget {
301
+ border: 1px solid rgba(119, 159, 119, 0.5);
302
+ }
303
+ #icwp-wpsf-dashboard_widget .postbox-header {
304
+ border-bottom: 1px solid rgba(119, 159, 119, 0.5);
305
+ }
306
+ #ShieldDashboardWidget a.jump-link {
307
+ text-decoration: none;
308
+ flex-grow: 1;
309
+ font-size: smaller;
310
+ }
311
+ #ShieldDashboardWidget a.jump-link > svg {
312
+ vertical-align: text-bottom;
313
+ }
314
  #ShieldDashboardWidget .shield-progress-bar {
315
  height: 20px;
316
  margin: 15px 0 20px;
resources/images/bootstrap/speedometer.svg CHANGED
@@ -1,4 +1,4 @@
1
- <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-speedometer" viewBox="0 0 16 16">
2
- <path d="M8 2a.5.5 0 0 1 .5.5V4a.5.5 0 0 1-1 0V2.5A.5.5 0 0 1 8 2zM3.732 3.732a.5.5 0 0 1 .707 0l.915.914a.5.5 0 1 1-.708.708l-.914-.915a.5.5 0 0 1 0-.707zM2 8a.5.5 0 0 1 .5-.5h1.586a.5.5 0 0 1 0 1H2.5A.5.5 0 0 1 2 8zm9.5 0a.5.5 0 0 1 .5-.5h1.5a.5.5 0 0 1 0 1H12a.5.5 0 0 1-.5-.5zm.754-4.246a.389.389 0 0 0-.527-.02L7.547 7.31A.91.91 0 1 0 8.85 8.569l3.434-4.297a.389.389 0 0 0-.029-.518z"/>
3
- <path fill-rule="evenodd" d="M6.664 15.889A8 8 0 1 1 9.336.11a8 8 0 0 1-2.672 15.78zm-4.665-4.283A11.945 11.945 0 0 1 8 10c2.186 0 4.236.585 6.001 1.606a7 7 0 1 0-12.002 0z"/>
4
  </svg>
1
+ <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-speedometer" viewBox="0 0 16 16">
2
+ <path d="M8 2a.5.5 0 0 1 .5.5V4a.5.5 0 0 1-1 0V2.5A.5.5 0 0 1 8 2zM3.732 3.732a.5.5 0 0 1 .707 0l.915.914a.5.5 0 1 1-.708.708l-.914-.915a.5.5 0 0 1 0-.707zM2 8a.5.5 0 0 1 .5-.5h1.586a.5.5 0 0 1 0 1H2.5A.5.5 0 0 1 2 8zm9.5 0a.5.5 0 0 1 .5-.5h1.5a.5.5 0 0 1 0 1H12a.5.5 0 0 1-.5-.5zm.754-4.246a.389.389 0 0 0-.527-.02L7.547 7.31A.91.91 0 1 0 8.85 8.569l3.434-4.297a.389.389 0 0 0-.029-.518z"/>
3
+ <path fill-rule="evenodd" d="M6.664 15.889A8 8 0 1 1 9.336.11a8 8 0 0 1-2.672 15.78zm-4.665-4.283A11.945 11.945 0 0 1 8 10c2.186 0 4.236.585 6.001 1.606a7 7 0 1 0-12.002 0z"/>
4
  </svg>
resources/js/shield/ip_detect.js CHANGED
@@ -3,8 +3,26 @@ if ( typeof icwp_wpsf_vars_ipdetect !== 'undefined' ) {
3
  jQuery.getJSON( icwp_wpsf_vars_ipdetect.url, function ( response ) {
4
  if ( typeof response !== 'undefined' && typeof response[ 'ip' ] !== 'undefined' ) {
5
  icwp_wpsf_vars_ipdetect.ajax[ 'ip' ] = response[ 'ip' ];
6
- jQuery.post( ajaxurl, icwp_wpsf_vars_ipdetect.ajax ).always();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  }
8
  } );
9
  } );
10
- }
3
  jQuery.getJSON( icwp_wpsf_vars_ipdetect.url, function ( response ) {
4
  if ( typeof response !== 'undefined' && typeof response[ 'ip' ] !== 'undefined' ) {
5
  icwp_wpsf_vars_ipdetect.ajax[ 'ip' ] = response[ 'ip' ];
6
+ jQuery.ajax(
7
+ {
8
+ type: "POST",
9
+ url: ajaxurl,
10
+ data: icwp_wpsf_vars_ipdetect.ajax,
11
+ dataType: "text",
12
+ success: function ( raw ) {
13
+ let response = iCWP_WPSF_ParseAjaxResponse.parseIt( raw );
14
+ if ( response.success ) {
15
+ alert(
16
+ icwp_wpsf_vars_ipdetect.strings.source_found
17
+ + "\n" + icwp_wpsf_vars_ipdetect.strings.ip_source + ': ' + response.data.ip_source
18
+ + "\n" + icwp_wpsf_vars_ipdetect.strings.reloading + '...'
19
+ );
20
+ }
21
+ }
22
+ }
23
+ ).always( function () {
24
+ } );
25
  }
26
  } );
27
  } );
28
+ }
src/lib/src/Controller/Admin/DashboardWidget.php CHANGED
@@ -29,7 +29,8 @@ class DashboardWidget {
29
  apply_filters( 'shield/dashboard_widget_title',
30
  sprintf( '%s: %s', $con->getHumanName(), __( 'Overview', 'wp-simple-firewall' ) ) ),
31
  function () {
32
- echo '<div id="ShieldDashboardWidget"><div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div></div>';
 
33
  }
34
  );
35
  }
29
  apply_filters( 'shield/dashboard_widget_title',
30
  sprintf( '%s: %s', $con->getHumanName(), __( 'Overview', 'wp-simple-firewall' ) ) ),
31
  function () {
32
+ echo sprintf( '<div id="ShieldDashboardWidget"><div class="spinner-border" role="status"><span class="visually-hidden">%s...</span></div></div>',
33
+ __( 'Loading', 'wp-simple-firewall' ) );
34
  }
35
  );
36
  }
src/lib/src/Modules/HackGuard/DB/Utility/Clean.php CHANGED
@@ -13,7 +13,6 @@ use FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\{
13
  class Clean extends ExecOnceModConsumer {
14
 
15
  protected function run() {
16
- error_log( 'clean' );
17
  $this->deleteScansThatNeverCompleted();
18
  $this->deleteEarlierScans();
19
  }
13
  class Clean extends ExecOnceModConsumer {
14
 
15
  protected function run() {
 
16
  $this->deleteScansThatNeverCompleted();
17
  $this->deleteEarlierScans();
18
  }
src/lib/src/Modules/HackGuard/Scan/Controller/Afs.php CHANGED
@@ -68,7 +68,7 @@ class Afs extends BaseForFiles {
68
  $count = $status->countThemeFiles();
69
  if ( $count > 0 ) {
70
  $warning = $template;
71
- $warning[ 'id' ] .= '-plugin';
72
  $warning[ 'title' ] = __( 'Theme Files', 'wp-simple-firewall' ).sprintf( $warning[ 'title' ], $count );
73
  $warning[ 'warnings' ] = $count;
74
  $items[] = $warning;
68
  $count = $status->countThemeFiles();
69
  if ( $count > 0 ) {
70
  $warning = $template;
71
+ $warning[ 'id' ] .= '-theme';
72
  $warning[ 'title' ] = __( 'Theme Files', 'wp-simple-firewall' ).sprintf( $warning[ 'title' ], $count );
73
  $warning[ 'warnings' ] = $count;
74
  $items[] = $warning;
src/lib/src/Modules/IPs/Options.php CHANGED
@@ -110,7 +110,7 @@ class Options extends BaseShield\Options {
110
  if ( $this->isTrackOptDoubleTransgression( $key ) ) {
111
  $count = 2;
112
  }
113
- elseif ( $this->isTrackOptTransgression( $key ) ) {
114
  $count = 1;
115
  }
116
  else {
110
  if ( $this->isTrackOptDoubleTransgression( $key ) ) {
111
  $count = 2;
112
  }
113
+ elseif ( $this->isTrackOptTransgression( $key ) || $this->isTrackOptImmediateBlock( $key ) ) {
114
  $count = 1;
115
  }
116
  else {
src/lib/src/Modules/IPs/Rules/Build/IsPathWhitelisted.php CHANGED
@@ -23,8 +23,6 @@ class IsPathWhitelisted extends BuildRuleCoreShieldBase {
23
  }
24
 
25
  protected function getConditions() :array {
26
- /** @var Shield\Modules\IPs\Options $opts */
27
- $opts = $this->getOptions();
28
  return [
29
  'logic' => static::LOGIC_AND,
30
  'group' => [
@@ -41,6 +39,9 @@ class IsPathWhitelisted extends BuildRuleCoreShieldBase {
41
 
42
  private function buildPaths() :array {
43
  $homeUrlPath = (string)wp_parse_url( Services::WpGeneral()->getHomeUrl(), PHP_URL_PATH );
 
 
 
44
  return array_map(
45
  function ( $value ) use ( $homeUrlPath ) {
46
  $regEx = ( new WildCardOptions() )->buildFullRegexValue( $value, WildCardOptions::URL_PATH, false );
23
  }
24
 
25
  protected function getConditions() :array {
 
 
26
  return [
27
  'logic' => static::LOGIC_AND,
28
  'group' => [
39
 
40
  private function buildPaths() :array {
41
  $homeUrlPath = (string)wp_parse_url( Services::WpGeneral()->getHomeUrl(), PHP_URL_PATH );
42
+ if ( empty( $homeUrlPath ) ) {
43
+ $homeUrlPath = '/';
44
+ }
45
  return array_map(
46
  function ( $value ) use ( $homeUrlPath ) {
47
  $regEx = ( new WildCardOptions() )->buildFullRegexValue( $value, WildCardOptions::URL_PATH, false );
src/lib/src/Modules/Insights/Lib/NavMenuBuilder.php CHANGED
@@ -269,7 +269,7 @@ class NavMenuBuilder {
269
  return [
270
  'slug' => 'overview',
271
  'title' => __( 'Overview', 'wp-simple-firewall' ),
272
- 'img' => $this->getCon()->svgs->raw( 'bootstrap/binoculars.svg' ),
273
  'href' => $mod->getUrl_SubInsightsPage( 'overview' ),
274
  'introjs' => [
275
  'body' => sprintf( __( "Review your entire %s configuration at a glance to see what's working and what's not.", 'wp-simple-firewall' ),
269
  return [
270
  'slug' => 'overview',
271
  'title' => __( 'Overview', 'wp-simple-firewall' ),
272
+ 'img' => $this->getCon()->svgs->raw( 'bootstrap/speedometer.svg' ),
273
  'href' => $mod->getUrl_SubInsightsPage( 'overview' ),
274
  'introjs' => [
275
  'body' => sprintf( __( "Review your entire %s configuration at a glance to see what's working and what's not.", 'wp-simple-firewall' ),
src/lib/src/Modules/License/UI.php CHANGED
@@ -112,6 +112,7 @@ class UI extends BaseShield\UI {
112
  'lines' => [
113
  sprintf( __( 'The only WordPress security plugin to add monitoring of your %s files with automatic rollback and recovery.', 'wp-simple-firewall' ), '<code>wp-config.php</code>' ),
114
  ],
 
115
  ],
116
  [
117
  'title' => __( 'Support for WooCommerce, Contact Form 7, Elementor PRO, Ninja Form & more', 'wp-simple-firewall' ),
@@ -126,65 +127,74 @@ class UI extends BaseShield\UI {
126
  __( 'Detects common and uncommon malware patterns in PHP files and alerts you immediately.', 'wp-simple-firewall' ),
127
  __( 'With ShieldNET crowd-sourcing intelligence, Shield automatically hides false-positives so you can focus on risks that matter, and can ignore the noise that wastes your time.', 'wp-simple-firewall' ),
128
  ],
 
129
  ],
130
  [
131
  'title' => __( 'Plugin and Theme Vulnerability Scanner', 'wp-simple-firewall' ),
132
  'lines' => [
133
  __( 'Alerts to plugin/theme vulnerabilities. Shield can then automatically upgrade as updates become available.', 'wp-simple-firewall' ),
134
  ],
 
135
  ],
136
  [
137
  'title' => __( 'Catch Plugin & Theme Hacks Immediately', 'wp-simple-firewall' ),
138
  'lines' => [
139
  __( 'Be alerted to ANY unauthorized changes to plugins/themes.', 'wp-simple-firewall' ),
140
  ],
 
141
  ],
142
  [
143
  'title' => __( 'Traffic Rate Limiting', 'wp-simple-firewall' ),
144
  'lines' => [
145
  __( 'Prevent abuse of your web hosting resources by detecting and blocking bots that send too many requests to your site.', 'wp-simple-firewall' ),
146
  ],
 
147
  ],
148
  [
149
  'title' => sprintf( '%s: %s', __( 'Intelligence From The Collective', 'wp-simple-firewall' ), 'ShieldNET' ),
150
  'lines' => [
151
  __( 'Take advantage of the intelligence gathered throughout the entire Shield network to better protect your WordPress sites', 'wp-simple-firewall' ),
152
  ],
 
153
  ],
154
  [
155
  'title' => __( 'Easiest, Frustration-Free WP Pro-Upgrade Anywhere', 'wp-simple-firewall' ),
156
  'lines' => [
157
  __( 'No more license keys to remember/copy-paste! Simply activate your site URL in your ShieldPRO control panel and get Pro features enabled on your site automatically.', 'wp-simple-firewall' ),
158
  ],
 
159
  ],
160
  [
161
  'title' => __( 'MainWP Integration', 'wp-simple-firewall' ).' ('.__( 'No extra extension plugins required', 'wp-simple-firewall' ).')',
162
  'lines' => [
163
  __( 'Use MainWP to manage and monitor the security of all your WordPress sites.', 'wp-simple-firewall' ),
164
  ],
 
165
  ],
166
  [
167
  'title' => __( 'Powerful User Password Policies', 'wp-simple-firewall' ),
168
  'lines' => [
169
  __( 'Ensures that all users maintain strong passwords.', 'wp-simple-firewall' ),
170
  ],
 
171
  ],
172
  [
173
- 'title' => __( 'Exclusive Customer Support', 'wp-simple-firewall' ),
174
  'lines' => [
175
- __( 'Technical support for Shield is exclusive to Pro customers.', 'wp-simple-firewall' ),
176
  ],
 
177
  ],
178
  [
179
- 'title' => __( 'Unlimited Audit Trail', 'wp-simple-firewall' ),
180
  'lines' => [
181
- __( 'Retain logs for as long as you need without limits.', 'wp-simple-firewall' ),
182
  ],
183
  ],
184
  [
185
- 'title' => __( 'White Label', 'wp-simple-firewall' ),
186
  'lines' => [
187
- __( 'Re-Brand Shield Security as your own!', 'wp-simple-firewall' ),
188
  ],
189
  ],
190
  ];
112
  'lines' => [
113
  sprintf( __( 'The only WordPress security plugin to add monitoring of your %s files with automatic rollback and recovery.', 'wp-simple-firewall' ), '<code>wp-config.php</code>' ),
114
  ],
115
+ 'href' => 'https://shsec.io/ki'
116
  ],
117
  [
118
  'title' => __( 'Support for WooCommerce, Contact Form 7, Elementor PRO, Ninja Form & more', 'wp-simple-firewall' ),
127
  __( 'Detects common and uncommon malware patterns in PHP files and alerts you immediately.', 'wp-simple-firewall' ),
128
  __( 'With ShieldNET crowd-sourcing intelligence, Shield automatically hides false-positives so you can focus on risks that matter, and can ignore the noise that wastes your time.', 'wp-simple-firewall' ),
129
  ],
130
+ 'href' => 'https://shsec.io/kj'
131
  ],
132
  [
133
  'title' => __( 'Plugin and Theme Vulnerability Scanner', 'wp-simple-firewall' ),
134
  'lines' => [
135
  __( 'Alerts to plugin/theme vulnerabilities. Shield can then automatically upgrade as updates become available.', 'wp-simple-firewall' ),
136
  ],
137
+ 'href' => 'https://shsec.io/kk'
138
  ],
139
  [
140
  'title' => __( 'Catch Plugin & Theme Hacks Immediately', 'wp-simple-firewall' ),
141
  'lines' => [
142
  __( 'Be alerted to ANY unauthorized changes to plugins/themes.', 'wp-simple-firewall' ),
143
  ],
144
+ 'href' => 'https://shsec.io/kl'
145
  ],
146
  [
147
  'title' => __( 'Traffic Rate Limiting', 'wp-simple-firewall' ),
148
  'lines' => [
149
  __( 'Prevent abuse of your web hosting resources by detecting and blocking bots that send too many requests to your site.', 'wp-simple-firewall' ),
150
  ],
151
+ 'href' => 'https://shsec.io/km'
152
  ],
153
  [
154
  'title' => sprintf( '%s: %s', __( 'Intelligence From The Collective', 'wp-simple-firewall' ), 'ShieldNET' ),
155
  'lines' => [
156
  __( 'Take advantage of the intelligence gathered throughout the entire Shield network to better protect your WordPress sites', 'wp-simple-firewall' ),
157
  ],
158
+ 'href' => 'https://shsec.io/kn'
159
  ],
160
  [
161
  'title' => __( 'Easiest, Frustration-Free WP Pro-Upgrade Anywhere', 'wp-simple-firewall' ),
162
  'lines' => [
163
  __( 'No more license keys to remember/copy-paste! Simply activate your site URL in your ShieldPRO control panel and get Pro features enabled on your site automatically.', 'wp-simple-firewall' ),
164
  ],
165
+ 'href' => 'https://shsec.io/ko'
166
  ],
167
  [
168
  'title' => __( 'MainWP Integration', 'wp-simple-firewall' ).' ('.__( 'No extra extension plugins required', 'wp-simple-firewall' ).')',
169
  'lines' => [
170
  __( 'Use MainWP to manage and monitor the security of all your WordPress sites.', 'wp-simple-firewall' ),
171
  ],
172
+ 'href' => 'https://shsec.io/kp'
173
  ],
174
  [
175
  'title' => __( 'Powerful User Password Policies', 'wp-simple-firewall' ),
176
  'lines' => [
177
  __( 'Ensures that all users maintain strong passwords.', 'wp-simple-firewall' ),
178
  ],
179
+ 'href' => 'https://shsec.io/kq'
180
  ],
181
  [
182
+ 'title' => __( 'White Label', 'wp-simple-firewall' ),
183
  'lines' => [
184
+ __( 'Re-Brand Shield Security as your own!', 'wp-simple-firewall' ),
185
  ],
186
+ 'href' => 'https://shsec.io/kr'
187
  ],
188
  [
189
+ 'title' => __( 'Exclusive Customer Support', 'wp-simple-firewall' ),
190
  'lines' => [
191
+ __( 'Technical support for Shield is exclusive to Pro customers.', 'wp-simple-firewall' ),
192
  ],
193
  ],
194
  [
195
+ 'title' => __( 'Unlimited Audit Trail', 'wp-simple-firewall' ),
196
  'lines' => [
197
+ __( 'Retain logs for as long as you need without limits.', 'wp-simple-firewall' ),
198
  ],
199
  ],
200
  ];
src/lib/src/Modules/LoginGuard/Lib/TwoFactor/MfaProfilesController.php CHANGED
@@ -92,11 +92,7 @@ class MfaProfilesController extends Shield\Modules\Base\Common\ExecOnceModConsum
92
  $this->isFrontend = $isFrontend;
93
  add_filter( 'shield/custom_enqueues', function ( array $enqueues, $hook = '' ) {
94
 
95
- $isPageWithProfileDisplay = in_array( $hook, [
96
- 'profile.php',
97
- 'user-edit.php',
98
- 'shieldpro_page_icwp-wpsf-my-login-security'
99
- ] );
100
  if ( $this->isFrontend || $isPageWithProfileDisplay ) {
101
  $enqueues[ Enqueue::JS ][] = 'shield/userprofile';
102
  $enqueues[ Enqueue::CSS ][] = 'shield/dialog';
92
  $this->isFrontend = $isFrontend;
93
  add_filter( 'shield/custom_enqueues', function ( array $enqueues, $hook = '' ) {
94
 
95
+ $isPageWithProfileDisplay = preg_match( '#^(profile\.php|user-edit\.php|.*icwp-wpsf-my-login-security)$#', (string)$hook );
 
 
 
 
96
  if ( $this->isFrontend || $isPageWithProfileDisplay ) {
97
  $enqueues[ Enqueue::JS ][] = 'shield/userprofile';
98
  $enqueues[ Enqueue::CSS ][] = 'shield/dialog';
src/lib/src/Modules/Plugin/AjaxHandler.php CHANGED
@@ -250,8 +250,9 @@ class AjaxHandler extends Shield\Modules\BaseShield\AjaxHandler {
250
  $opts->setVisitorAddressSource( $source );
251
  }
252
  return [
253
- 'success' => !empty( $source ),
254
- 'message' => empty( $source ) ? 'Could not find source' : 'IP Source Found: '.$source
 
255
  ];
256
  }
257
 
250
  $opts->setVisitorAddressSource( $source );
251
  }
252
  return [
253
+ 'success' => !empty( $source ),
254
+ 'message' => empty( $source ) ? 'Could not find source' : 'IP Source Found: '.$source,
255
+ 'ip_source' => $source,
256
  ];
257
  }
258
 
src/lib/src/Modules/Plugin/Components/DashboardWidget.php CHANGED
@@ -24,6 +24,11 @@ class DashboardWidget {
24
  ->setTimestamp( $vars[ 'generated_at' ] )
25
  ->diffForHumans();
26
 
 
 
 
 
 
27
  return $this->getMod()
28
  ->getRenderer()
29
  ->setTemplate( '/admin/admin_dashboard_widget.twig' )
@@ -39,7 +44,7 @@ class DashboardWidget {
39
  'show_internal_links' => $con->isPluginAdmin()
40
  ],
41
  'imgs' => [
42
- 'logo' => $con->urls->forImage( 'pluginlogo_banner-772x250.png' )
43
  ],
44
  'strings' => [
45
  'security_progress' => __( 'Overall Security Progress', 'wp-simple-firewall' ),
@@ -70,35 +75,40 @@ class DashboardWidget {
70
  private function getVars( bool $refresh ) :array {
71
  $con = $this->getCon();
72
  $modInsights = $con->getModule_Insights();
73
- $recent = ( new RecentStats() )->setCon( $this->getCon() );
74
 
75
  $vars = Transient::Get( $con->prefix( 'dashboard-widget-vars' ) );
76
  if ( $refresh || empty( $vars ) ) {
77
  $vars = [
78
  'generated_at' => Services::Request()->ts(),
79
  'security_progress' => ( new Components() )
80
- ->setCon( $this->getCon() )
81
  ->getComponent( 'all' )[ 'original_score' ],
82
  'jump_links' => [
83
  [
84
  'href' => $modInsights->getUrl_SubInsightsPage( 'overview' ),
85
- 'text' => __( 'Overview', 'wp-simple-firewall' ),
 
86
  ],
87
  [
88
  'href' => $modInsights->getUrl_IPs(),
89
  'text' => __( 'IPs', 'wp-simple-firewall' ),
 
90
  ],
91
  [
92
  'href' => $modInsights->getUrl_SubInsightsPage( 'audit_trail' ),
93
  'text' => __( 'Activity', 'wp-simple-firewall' ),
 
94
  ],
95
  [
96
  'href' => $modInsights->getUrl_SubInsightsPage( 'traffic' ),
97
  'text' => __( 'Traffic', 'wp-simple-firewall' ),
 
98
  ],
99
  [
100
  'href' => $con->getModule_Plugin()->getUrl_AdminPage(),
101
  'text' => __( 'Config', 'wp-simple-firewall' ),
 
102
  ],
103
  ],
104
  'recent_events' => array_map(
24
  ->setTimestamp( $vars[ 'generated_at' ] )
25
  ->diffForHumans();
26
 
27
+ $logoSrc = $con->urls->forImage( 'pluginlogo_banner-772x250.png' );
28
+ if ( $con->getModule_SecAdmin()->getWhiteLabelController()->isEnabled() ) {
29
+ $logoSrc = $con->getLabels()[ 'wl_login2fa_logourl' ] ?? ( $con->getLabels()[ 'wl_dashboardlogourl' ] ?? '' );
30
+ }
31
+
32
  return $this->getMod()
33
  ->getRenderer()
34
  ->setTemplate( '/admin/admin_dashboard_widget.twig' )
44
  'show_internal_links' => $con->isPluginAdmin()
45
  ],
46
  'imgs' => [
47
+ 'logo' => $logoSrc,
48
  ],
49
  'strings' => [
50
  'security_progress' => __( 'Overall Security Progress', 'wp-simple-firewall' ),
75
  private function getVars( bool $refresh ) :array {
76
  $con = $this->getCon();
77
  $modInsights = $con->getModule_Insights();
78
+ $recent = ( new RecentStats() )->setCon( $con );
79
 
80
  $vars = Transient::Get( $con->prefix( 'dashboard-widget-vars' ) );
81
  if ( $refresh || empty( $vars ) ) {
82
  $vars = [
83
  'generated_at' => Services::Request()->ts(),
84
  'security_progress' => ( new Components() )
85
+ ->setCon( $con )
86
  ->getComponent( 'all' )[ 'original_score' ],
87
  'jump_links' => [
88
  [
89
  'href' => $modInsights->getUrl_SubInsightsPage( 'overview' ),
90
+ 'text' => __( 'Dashboard', 'wp-simple-firewall' ),
91
+ 'svg' => $con->svgs->raw( 'bootstrap/speedometer.svg' ),
92
  ],
93
  [
94
  'href' => $modInsights->getUrl_IPs(),
95
  'text' => __( 'IPs', 'wp-simple-firewall' ),
96
+ 'svg' => $con->svgs->raw( 'bootstrap/diagram-3.svg' ),
97
  ],
98
  [
99
  'href' => $modInsights->getUrl_SubInsightsPage( 'audit_trail' ),
100
  'text' => __( 'Activity', 'wp-simple-firewall' ),
101
+ 'svg' => $con->svgs->raw( 'bootstrap/person-lines-fill.svg' ),
102
  ],
103
  [
104
  'href' => $modInsights->getUrl_SubInsightsPage( 'traffic' ),
105
  'text' => __( 'Traffic', 'wp-simple-firewall' ),
106
+ 'svg' => $con->svgs->raw( 'bootstrap/stoplights.svg' ),
107
  ],
108
  [
109
  'href' => $con->getModule_Plugin()->getUrl_AdminPage(),
110
  'text' => __( 'Config', 'wp-simple-firewall' ),
111
+ 'svg' => $con->svgs->raw( 'bootstrap/sliders.svg' ),
112
  ],
113
  ],
114
  'recent_events' => array_map(
src/lib/src/Modules/Plugin/ModCon.php CHANGED
@@ -72,6 +72,12 @@ class ModCon extends BaseShield\ModCon {
72
  }
73
 
74
  protected function preProcessOptions() {
 
 
 
 
 
 
75
  ( new Lib\Captcha\CheckCaptchaSettings() )
76
  ->setMod( $this )
77
  ->checkAll();
@@ -445,8 +451,13 @@ class ModCon extends BaseShield\ModCon {
445
  'shield/ip_detect',
446
  'icwp_wpsf_vars_ipdetect',
447
  [
448
- 'url' => 'https://net.getshieldsecurity.com/wp-json/apto-snapi/v2/tools/what_is_my_ip',
449
- 'ajax' => $this->getAjaxActionData( 'ipdetect' ),
 
 
 
 
 
450
  ]
451
  ];
452
  }
72
  }
73
 
74
  protected function preProcessOptions() {
75
+ /** @var Options $opts */
76
+ $opts = $this->getOptions();
77
+ if ( $opts->getIpSource() === 'AUTO_DETECT_IP' ) {
78
+ $opts->setOpt( 'ipdetect_at', 0 );
79
+ }
80
+
81
  ( new Lib\Captcha\CheckCaptchaSettings() )
82
  ->setMod( $this )
83
  ->checkAll();
451
  'shield/ip_detect',
452
  'icwp_wpsf_vars_ipdetect',
453
  [
454
+ 'url' => 'https://net.getshieldsecurity.com/wp-json/apto-snapi/v2/tools/what_is_my_ip',
455
+ 'ajax' => $this->getAjaxActionData( 'ipdetect' ),
456
+ 'strings' => [
457
+ 'source_found' => __( 'Valid visitor IP address source discovered.', 'wp-simple-firewall' ),
458
+ 'ip_source' => __( 'IP Source', 'wp-simple-firewall' ),
459
+ 'reloading' => __( 'Please reload the page.', 'wp-simple-firewall' ),
460
+ ],
461
  ]
462
  ];
463
  }
src/lib/src/Modules/SecurityAdmin/Lib/WhiteLabel/WhitelabelController.php CHANGED
@@ -71,10 +71,6 @@ class WhitelabelController extends ExecOnceModConsumer {
71
  // TODO
72
  }
73
 
74
- /**
75
- * @param array $pluginLabels
76
- * @return array
77
- */
78
  public function applyPluginLabels( array $pluginLabels ) :array {
79
  $labels = ( new BuildOptions() )
80
  ->setMod( $this->getMod() )
71
  // TODO
72
  }
73
 
 
 
 
 
74
  public function applyPluginLabels( array $pluginLabels ) :array {
75
  $labels = ( new BuildOptions() )
76
  ->setMod( $this->getMod() )
src/lib/src/Scans/Afs/Scans/RealtimeFile.php CHANGED
@@ -18,7 +18,6 @@ class RealtimeFile extends BaseScan {
18
 
19
  $mtime = $FS->isFile( $this->pathFull ) ? $FS->getModifiedTime( $this->pathFull ) : 0;
20
  if ( $mtime > $action->realtime_scan_last_at ) {
21
- error_log( var_export( $action->realtime_scan_last_at, true ) );
22
  throw new RealtimeFileDiscoveredException( $this->pathFull, [ 'mtime' => $mtime ] );
23
  }
24
  return true;
18
 
19
  $mtime = $FS->isFile( $this->pathFull ) ? $FS->getModifiedTime( $this->pathFull ) : 0;
20
  if ( $mtime > $action->realtime_scan_last_at ) {
 
21
  throw new RealtimeFileDiscoveredException( $this->pathFull, [ 'mtime' => $mtime ] );
22
  }
23
  return true;
src/lib/src/Tables/DataTables/LoadData/BaseBuildTableData.php CHANGED
@@ -76,6 +76,7 @@ abstract class BaseBuildTableData extends DynPropertiesClass {
76
  $value = wp_strip_all_tags( $value );
77
  if ( !is_string( $search ) ) {
78
  error_log( var_export( $search, true ) );
 
79
  }
80
  if ( stripos( $value, $search ) !== false ) {
81
  $results[] = $result;
76
  $value = wp_strip_all_tags( $value );
77
  if ( !is_string( $search ) ) {
78
  error_log( var_export( $search, true ) );
79
+ continue;
80
  }
81
  if ( stripos( $value, $search ) !== false ) {
82
  $results[] = $result;
src/lib/vendor/a5hleyrich/wp-background-processing/classes/wp-background-process.php CHANGED
@@ -455,7 +455,6 @@ abstract class WP_Background_Process extends WP_Async_Request {
455
  * Schedule event
456
  */
457
  protected function schedule_event() {
458
- error_log( var_export( $this->cron_hook_identifier, true ) );
459
  if ( ! wp_next_scheduled( $this->cron_hook_identifier ) ) {
460
  wp_schedule_event( time(), $this->cron_interval_identifier, $this->cron_hook_identifier );
461
  }
455
  * Schedule event
456
  */
457
  protected function schedule_event() {
 
458
  if ( ! wp_next_scheduled( $this->cron_hook_identifier ) ) {
459
  wp_schedule_event( time(), $this->cron_interval_identifier, $this->cron_hook_identifier );
460
  }
templates/twig/admin/admin_dashboard_widget.twig CHANGED
@@ -5,13 +5,13 @@
5
  <h3 class="subheader">
6
  {{ strings.security_progress }}
7
  {% if flags.show_internal_links %}
8
- <small>[<a href="{{ hrefs.overview }}" target="_blank">{{ strings.progress_overview }}</a>]</small>
9
  {% endif %}
10
  </h3>
11
  <div class="shield-progress-bar
12
  {% if vars.security_progress < 45 %}
13
  red
14
- {% elseif vars.security_progress < 75 %}
15
  orange
16
  {% endif %}
17
  ">
@@ -23,7 +23,7 @@
23
  <h3 class="subheader">
24
  {{ strings.recent_blocked }}
25
  {% if flags.show_internal_links %}
26
- <small>[<a href="{{ hrefs.ips }}" target="_blank">{{ strings.view_all }}</a>]</small>
27
  {% endif %}
28
  </h3>
29
 
@@ -41,7 +41,7 @@
41
  <tr>
42
  <td>
43
  {% if flags.show_internal_links %}
44
- <a href="{{ ip.ip_href }}" target="_blank">{{ ip.ip }}</a>
45
  {% else %}
46
  {{ ip.ip }}
47
  {% endif %}
@@ -59,7 +59,7 @@
59
  <h3 class="subheader">
60
  {{ strings.recent_offenses }}
61
  {% if flags.show_internal_links %}
62
- <small>[<a href="{{ hrefs.ips }}" target="_blank">{{ strings.view_all }}</a>]</small>
63
  {% endif %}
64
  </h3>
65
  {% if vars.recent_ips_offense|default([])|length > 0 %}
@@ -164,7 +164,9 @@
164
  <div class="jump-buttons">
165
  {% if flags.show_internal_links %}
166
  {% for jump_link in vars.jump_links %}
167
- <a href="{{ jump_link.href }}" target="_blank">{{ jump_link.text }}</a>
 
 
168
  {% endfor %}
169
  {% endif %}
170
  </div>
5
  <h3 class="subheader">
6
  {{ strings.security_progress }}
7
  {% if flags.show_internal_links %}
8
+ <small>[<a href="{{ hrefs.overview }}">{{ strings.progress_overview }}</a>]</small>
9
  {% endif %}
10
  </h3>
11
  <div class="shield-progress-bar
12
  {% if vars.security_progress < 45 %}
13
  red
14
+ {% elseif vars.security_progress < 70 %}
15
  orange
16
  {% endif %}
17
  ">
23
  <h3 class="subheader">
24
  {{ strings.recent_blocked }}
25
  {% if flags.show_internal_links %}
26
+ <small>[<a href="{{ hrefs.ips }}">{{ strings.view_all }}</a>]</small>
27
  {% endif %}
28
  </h3>
29
 
41
  <tr>
42
  <td>
43
  {% if flags.show_internal_links %}
44
+ <a href="{{ ip.ip_href }}">{{ ip.ip }}</a>
45
  {% else %}
46
  {{ ip.ip }}
47
  {% endif %}
59
  <h3 class="subheader">
60
  {{ strings.recent_offenses }}
61
  {% if flags.show_internal_links %}
62
+ <small>[<a href="{{ hrefs.ips }}">{{ strings.view_all }}</a>]</small>
63
  {% endif %}
64
  </h3>
65
  {% if vars.recent_ips_offense|default([])|length > 0 %}
164
  <div class="jump-buttons">
165
  {% if flags.show_internal_links %}
166
  {% for jump_link in vars.jump_links %}
167
+ <a href="{{ jump_link.href }}" class="jump-link" title="Jump to {{ jump_link.text }}">
168
+ {{ jump_link.svg|raw }} {{ jump_link.text }}
169
+ </a>
170
  {% endfor %}
171
  {% endif %}
172
  </div>
templates/twig/wpadmin_pages/insights/license/license.twig CHANGED
@@ -164,6 +164,9 @@
164
  {% for line in feature.lines %}
165
  {{ line|raw }}
166
  {% endfor %}
 
 
 
167
  </div>
168
  </div>
169
 
164
  {% for line in feature.lines %}
165
  {{ line|raw }}
166
  {% endfor %}
167
+ {% if feature.href|default('') is not empty %}
168
+ <br/><a href="{{ feature.href }}" target="_blank" class="btn btn-outline-dark btn-sm mt-2">{{ strings.more_info }}</a>
169
+ {% endif %}
170
  </div>
171
  </div>
172