Shield Security for WordPress - Version 6.6.4

Version Description

Current Release = Released: 6th April, 2018 - Release Notes
(v.1-4) FIXED: Various small fixes and improvements
(v.4) FIXED: PHP Fatal Error on wp object cache.
(v.0) NEW: [PRO] Keyless Activation of Pro licenses.
(v.0) ADDED: WordPress Password Policies.
(v.0) ADDED: Pwned Passwords Detection.
(v.0) IMPROVED: Major rewrite of plugin AJAX handling.
(v.0) IMPROVED: Notices to indicate the time of the last scans.
(v.0) FIXED: A few bugs

Release Info

Developer	paultgoodchild
Plugin	Shield Security for WordPress
Version	6.6.4
Comparing to
See all releases

Code changes from version 6.6.3 to 6.6.4

Files changed (13) hide show

icwp-wpsf.php +1 -1
plugin-spec.php +2 -2
readme.txt +5 -4
src/common/icwp-usermeta.php +1 -6
src/common/wp-admin-notices.php +0 -9
src/config/feature-license.php +6 -0
src/features/base.php +7 -3
src/features/license.php +21 -1
src/processors/hackprotect_wpvulnscan.php +3 -3
src/processors/loginprotect_cooldown.php +7 -1
templates/html/plugin_badge.html +2 -0
templates/php/snippets/plugin_badge.php +2 -0
templates/php/snippets/pro.php +5 -2

icwp-wpsf.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Shield Security
4	* Plugin URI: http://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	- * Version: 6.6.3
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin


3	* Plugin Name: Shield Security
4	* Plugin URI: http://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	+ * Version: 6.6.4
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin

plugin-spec.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	{
2	"properties": {
3	- "version": "6.6.3",
4	- "release_timestamp": ~~1522410988~~,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",


1	{
2	"properties": {
3	+ "version": "6.6.4",
4	+ "release_timestamp": 1523016000,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",

readme.txt CHANGED Viewed

	@@ -8,7 +8,7 @@ Requires at least: 3.5.0
8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	- Stable tag: 6.6.3
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14
	@@ -352,10 +352,11 @@ If you don't want to support the work, no problem! You can still continue to use
352
353	You can [go Pro for just $1/month](http://icwp.io/aa).
354
355	- = 6.6.3 - Current Release =
356	- Released: ~~30th~~ ~~March~~, 2018 - [Release Notes](http://icwp.io/c3)
357
358	- * (v.1-3) FIXED: Various small fixes and improvements

359	* (v.0) NEW: [PRO] [Keyless Activation of Pro licenses](http://icwp.io/c1).
360	* (v.0) ADDED: [WordPress Password Policies](http://icwp.io/c2).
361	* (v.0) ADDED: Pwned Passwords Detection.


8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	+ Stable tag: 6.6.4
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14

352
353	You can [go Pro for just $1/month](http://icwp.io/aa).
354
355	+ = 6.6.4 - Current Release =
356	+ Released: 6th April, 2018 - [Release Notes](http://icwp.io/c3)
357
358	+ * (v.1-4) FIXED: Various small fixes and improvements
359	+ * (v.4) FIXED: PHP Fatal Error on wp object cache.
360	* (v.0) NEW: [PRO] [Keyless Activation of Pro licenses](http://icwp.io/c1).
361	* (v.0) ADDED: [WordPress Password Policies](http://icwp.io/c2).
362	* (v.0) ADDED: Pwned Passwords Detection.

src/common/icwp-usermeta.php CHANGED Viewed

	@@ -35,12 +35,7 @@ class ICWP_UserMeta extends ICWP_WPSF_Foundation {
35	*/
36	public function __construct( $sPrefix, $nUserId = 0 ) {
37	$this->load( $sPrefix, $nUserId );
38	- }
39	-
40	- /**
41	- */
42	- public function __destruct() {
43	- $this->save();
44	}
45
46	/**


35	*/
36	public function __construct( $sPrefix, $nUserId = 0 ) {
37	$this->load( $sPrefix, $nUserId );
38	+ add_action( 'shutdown', array( $this, 'save' ) );





39	}
40
41	/**

src/common/wp-admin-notices.php CHANGED Viewed

	@@ -95,15 +95,6 @@ class ICWP_WPSF_WpAdminNotices extends ICWP_WPSF_Foundation {
95	if ( isset( $oMeta->{$sCleanNotice} ) && is_array( $oMeta->{$sCleanNotice} ) ) {
96	$mValue = $oMeta->{$sCleanNotice};
97	}
98	- else {
99	- $oWp = $this->loadWpUsers();
100	- $mOldValue = $oWp->getUserMeta( $this->getActionPrefix().$sNoticeId );
101	- if ( !empty( $mOldValue ) ) {
102	- $oWp->deleteUserMeta( $this->getActionPrefix().$sNoticeId );
103	- $this->setMeta( $sNoticeId );
104	- $mValue = $oMeta->{$sCleanNotice};
105	- }
106	- }
107
108	return $mValue;
109	}


95	if ( isset( $oMeta->{$sCleanNotice} ) && is_array( $oMeta->{$sCleanNotice} ) ) {
96	$mValue = $oMeta->{$sCleanNotice};
97	}









98
99	return $mValue;
100	}

src/config/feature-license.php CHANGED Viewed

	@@ -49,6 +49,12 @@
49	"default": 0,
50	"section": "section_non_ui"
51	},






52	{
53	"key": "license_verified_at",
54	"sensitive": true,


49	"default": 0,
50	"section": "section_non_ui"
51	},
52	+ {
53	+ "key": "license_last_request_at",
54	+ "transferable": false,
55	+ "default": 0,
56	+ "section": "section_non_ui"
57	+ },
58	{
59	"key": "license_verified_at",
60	"sensitive": true,

src/features/base.php CHANGED Viewed

	@@ -1015,9 +1015,13 @@ abstract class ICWP_WPSF_FeatureHandler_Base extends ICWP_WPSF_Foundation {
1015	break;
1016	}
1017
1018	- $~~aOptParams[~~ ~~'value' ]~~ = ~~is_scalar~~( ~~$mCurrent ) ? esc_attr( $mCurrent ) : $mCurrent;~~
1019	- ~~$aOptParams[~~ '~~disabled~~' ] = ~~!$this->isPremium(~~) && ( ~~isset(~~ $~~aOptParams[~~ ~~'premium' ]~~ ) && $~~aOptParams[ 'premium' ] );~~
1020	- $aOptParams[ '~~enabled~~' ] = !$aOptParams[ '~~disabled~~' ];




1021	// add strings
1022	return $this->loadStrings_Options( $aOptParams );
1023	}


1015	break;
1016	}
1017
1018	+ $aParams = array(
1019	+ 'value' => is_scalar( $mCurrent ) ? esc_attr( $mCurrent ) : $mCurrent,
1020	+ 'disabled' => !$this->isPremium() && ( isset( $aOptParams[ 'premium' ] ) && $aOptParams[ 'premium' ] ),
1021	+ );
1022	+ $aParams[ 'enabled' ] = !$aParams[ 'disabled' ];
1023	+ $aOptParams = array_merge( array( 'rows' => 2 ), $aOptParams, $aParams );
1024	+
1025	// add strings
1026	return $this->loadStrings_Options( $aOptParams );
1027	}

src/features/license.php CHANGED Viewed

	@@ -261,8 +261,13 @@ class ICWP_WPSF_FeatureHandler_License extends ICWP_WPSF_FeatureHandler_BaseWpsf
261	$bCheck = $bForceCheck \|\| ( $this->hasValidWorkingLicense() && $this->isLastVerifiedExpired()
262	&& ( $nNow - $this->getLicenseLastCheckedAt() > HOUR_IN_SECONDS*4 ) );
263



264	if ( $bCheck ) {
265	- $this->setLicenseLastCheckedAt();


266
267	$oLicense = $this->retrieveLicense();
268	try {
	@@ -378,6 +383,13 @@ class ICWP_WPSF_FeatureHandler_License extends ICWP_WPSF_FeatureHandler_BaseWpsf
378	return $this->getOpt( 'license_last_checked_at' );
379	}
380







381	/**
382	* @return int
383	*/
	@@ -491,6 +503,14 @@ class ICWP_WPSF_FeatureHandler_License extends ICWP_WPSF_FeatureHandler_BaseWpsf
491	return $this->setOptAt( 'license_last_checked_at', $nAt );
492	}
493








494	/**
495	* @param int $nAt
496	* @return $this


261	$bCheck = $bForceCheck \|\| ( $this->hasValidWorkingLicense() && $this->isLastVerifiedExpired()
262	&& ( $nNow - $this->getLicenseLastCheckedAt() > HOUR_IN_SECONDS*4 ) );
263
264	+ // No more than 1 check in 20 seconds
265	+ $bCheck = $bCheck && ( $nNow - $this->getLicenseLastRequestAt() > 20 );
266	+
267	if ( $bCheck ) {
268	+ $this->setLicenseLastCheckedAt()
269	+ ->setLicenseLastRequestedAt()
270	+ ->savePluginOptions();
271
272	$oLicense = $this->retrieveLicense();
273	try {

383	return $this->getOpt( 'license_last_checked_at' );
384	}
385
386	+ /**
387	+ * @return int
388	+ */
389	+ protected function getLicenseLastRequestAt() {
390	+ return $this->getOpt( 'license_last_request_at' );
391	+ }
392	+
393	/**
394	* @return int
395	*/

503	return $this->setOptAt( 'license_last_checked_at', $nAt );
504	}
505
506	+ /**
507	+ * @param int $nAt
508	+ * @return $this
509	+ */
510	+ protected function setLicenseLastRequestedAt( $nAt = null ) {
511	+ return $this->setOptAt( 'license_last_request_at', $nAt );
512	+ }
513	+
514	/**
515	* @param int $nAt
516	* @return $this

src/processors/hackprotect_wpvulnscan.php CHANGED Viewed

	@@ -33,7 +33,7 @@ class ICWP_WPSF_Processor_HackProtect_WpVulnScan extends ICWP_WPSF_Processor_Bas
33	public function run() {
34
35	// For display on the Plugins page
36	- add_action( '~~admin_init~~', array( $this, 'addPluginVulnerabilityRows' ), 10, 2 );
37
38	/** @var ICWP_WPSF_FeatureHandler_HackProtect $oFO */
39	$oFO = $this->getFeature();
	@@ -343,14 +343,14 @@ class ICWP_WPSF_Processor_HackProtect_WpVulnScan extends ICWP_WPSF_Processor_Bas
343	$sUrl = $this->getApiRootUrl().'plugins/'.$sSlug;
344	$sFullContent = $this->loadFS()->getUrlContent( $sUrl );
345	if ( empty( $sFullContent ) ) {
346	- $sFullContent = '';
347	}
348	}
349
350	$oWp->setTransient( $sTransientKey, $sFullContent, DAY_IN_SECONDS );
351
352	$aVulns = array();
353	- if ( !empty( $sFullContent ) ) {
354	$oData = @json_decode( $sFullContent );
355	if ( isset( $oData->{$sSlug} ) && !empty( $oData->{$sSlug}->vulnerabilities ) && is_array( $oData->{$sSlug}->vulnerabilities ) ) {
356	$aVulns = $oData->{$sSlug}->vulnerabilities;


33	public function run() {
34
35	// For display on the Plugins page
36	+ add_action( 'load-plugins.php', array( $this, 'addPluginVulnerabilityRows' ), 10, 2 );
37
38	/** @var ICWP_WPSF_FeatureHandler_HackProtect $oFO */
39	$oFO = $this->getFeature();

343	$sUrl = $this->getApiRootUrl().'plugins/'.$sSlug;
344	$sFullContent = $this->loadFS()->getUrlContent( $sUrl );
345	if ( empty( $sFullContent ) ) {
346	+ $sFullContent = 'not available';
347	}
348	}
349
350	$oWp->setTransient( $sTransientKey, $sFullContent, DAY_IN_SECONDS );
351
352	$aVulns = array();
353	+ if ( !empty( $sFullContent ) && $sFullContent != 'not available' ) {
354	$oData = @json_decode( $sFullContent );
355	if ( isset( $oData->{$sSlug} ) && !empty( $oData->{$sSlug}->vulnerabilities ) && is_array( $oData->{$sSlug}->vulnerabilities ) ) {
356	$aVulns = $oData->{$sSlug}->vulnerabilities;

src/processors/loginprotect_cooldown.php CHANGED Viewed

	@@ -8,6 +8,11 @@ require_once( dirname(__FILE__ ).'/loginprotect_base.php' );
8
9	class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_LoginProtect_Base {
10





11	/**
12	*/
13	public function run() {
	@@ -31,7 +36,7 @@ class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_Logi
31	* @return WP_User\|WP_Error
32	*/
33	public function checkLoginInterval( $oUserOrError ) {
34	- if ( !$this->loadWp()->isRequestUserLogin() ) {
35	return $oUserOrError;
36	}
37
	@@ -90,6 +95,7 @@ class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_Logi
90	/**
91	*/
92	protected function updateLastLoginTime() {

93	$this->loadFS()->touch( $this->getLastLoginTimeFilePath(), $this->time() );
94	}
95


8
9	class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_LoginProtect_Base {
10
11	+ /**
12	+ * @var bool
13	+ */
14	+ private $bCooldownUpdated = false;
15	+
16	/**
17	*/
18	public function run() {

36	* @return WP_User\|WP_Error
37	*/
38	public function checkLoginInterval( $oUserOrError ) {
39	+ if ( !$this->loadWp()->isRequestUserLogin() \|\| $this->bCooldownUpdated ) {
40	return $oUserOrError;
41	}
42

95	/**
96	*/
97	protected function updateLastLoginTime() {
98	+ $this->bCooldownUpdated = true;
99	$this->loadFS()->touch( $this->getLastLoginTimeFilePath(), $this->time() );
100	}
101

templates/html/plugin_badge.html CHANGED Viewed

	@@ -35,6 +35,7 @@
35	#icwpWpsfSiteBadge .badge-text {
36	font-family: sans-serif;
37	font-size: 12px;

38	line-height: 17px;
39	padding-left: 43px;
40	letter-spacing: 0;
	@@ -69,6 +70,7 @@
69	}
70	#icwpWpsfSiteBadge .badge-text {
71	font-size: 8px;

72	line-height: 10px;
73	padding-left: 20px;
74	}


35	#icwpWpsfSiteBadge .badge-text {
36	font-family: sans-serif;
37	font-size: 12px;
38	+ font-weight: normal;
39	line-height: 17px;
40	padding-left: 43px;
41	letter-spacing: 0;

70	}
71	#icwpWpsfSiteBadge .badge-text {
72	font-size: 8px;
73	+ font-weight: normal;
74	line-height: 10px;
75	padding-left: 20px;
76	}

templates/php/snippets/plugin_badge.php CHANGED Viewed

	@@ -35,6 +35,7 @@
35	#icwpWpsfSiteBadge .badge-text {
36	font-family: sans-serif;
37	font-size: 12px;

38	line-height: 17px;
39	padding-left: 43px;
40	letter-spacing: 0;
	@@ -69,6 +70,7 @@
69	}
70	#icwpWpsfSiteBadge .badge-text {
71	font-size: 8px;

72	line-height: 10px;
73	padding-left: 20px;
74	}


35	#icwpWpsfSiteBadge .badge-text {
36	font-family: sans-serif;
37	font-size: 12px;
38	+ font-weight: normal;
39	line-height: 17px;
40	padding-left: 43px;
41	letter-spacing: 0;

70	}
71	#icwpWpsfSiteBadge .badge-text {
72	font-size: 8px;
73	+ font-weight: normal;
74	line-height: 10px;
75	padding-left: 20px;
76	}

templates/php/snippets/pro.php CHANGED Viewed

	@@ -71,7 +71,10 @@ $aLicKeyInput = $inputs[ 'license_key' ];
71	<?php echo $flags[ 'button_enabled_check' ] ? '' : 'disabled="disabled"'; ?> >
72	Check License
73	</button>
74	- <span class="form-text text-muted">~~Verify License Registration</span>~~



75	</div>
76	</form>
77	<p class="font-weight-bold">Be sure to have first activated your URL in your
	@@ -86,7 +89,7 @@ $aLicKeyInput = $inputs[ 'license_key' ];
86	</div>
87	</div>
88
89	- <?php if ( $flags[ 'has_license_key' ] ) : ?>
90	<div class="row">
91	<div class="col card">
92	<form method="post" class="licenseForm">


71	<?php echo $flags[ 'button_enabled_check' ] ? '' : 'disabled="disabled"'; ?> >
72	Check License
73	</button>
74	+ <span class="form-text text-muted">
75	+ Licenses may only be checked once in 20 seconds. Checks more frequent than this will
76	+ automatically be skipped.
77	+ </span>
78	</div>
79	</form>
80	<p class="font-weight-bold">Be sure to have first activated your URL in your

89	</div>
90	</div>
91
92	+ <?php if ( false && $flags[ 'has_license_key' ] ) : ?>
93	<div class="row">
94	<div class="col card">
95	<form method="post" class="licenseForm">