Shield Security for WordPress

Version Description

Current Release = Released: 14th June, 2018 - Release Notes
(v.1) FIXED: A couple of bugs with WooCommerce reCAPTCHA processing.
(v.1) FIXED: A bug with user sessions cleaning

Release Info

Developer	paultgoodchild
Plugin	Shield Security for WordPress
Version	6.8.1
Comparing to
See all releases

Code changes from version 6.8.0 to 6.8.1

Files changed (9) hide show

icwp-wpsf.php +1 -1
plugin-spec.php +2 -2
readme.txt +7 -9
src/common/icwp-optionsvo.php +1 -1
src/features/login_protect.php +9 -6
src/processors/loginprotect_base.php +23 -0
src/processors/loginprotect_cooldown.php +5 -15
src/processors/loginprotect_googlerecaptcha.php +12 -7
src/processors/usermanagement_sessions.php +1 -1

icwp-wpsf.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Shield Security
4	* Plugin URI: https://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	- * Version: 6.8.0
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin


3	* Plugin Name: Shield Security
4	* Plugin URI: https://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	+ * Version: 6.8.1
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin

plugin-spec.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	{
2	"properties": {
3	- "version": "6.8.0",
4	- "release_timestamp": ~~1528704978~~,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",


1	{
2	"properties": {
3	+ "version": "6.8.1",
4	+ "release_timestamp": 1528972148,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",

readme.txt CHANGED Viewed

	@@ -8,7 +8,7 @@ Requires at least: 3.5.0
8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	- Stable tag: 6.8.0
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14
	@@ -353,19 +353,17 @@ You will always be able to use Shield Security and its free features in-full.
353
354	[Go Pro for just $1/month](https://icwp.io/aa).
355
356	- = 6.8.0 - Current Release =
357	- Released: ~~11th~~ June, 2018 - [Release Notes](https://icwp.io/d4)
358
359	- * (v.0) ~~ADDED~~: ~~[PRO]~~ ~~White~~ ~~Label~~ - ~~ability~~ to ~~re-brand~~ ~~the entire Shield Security plugin to your company brand~~.
360	- * (v.0) ~~ADDED~~: ~~[PRO]~~ ~~Option~~ ~~for~~ ~~all~~ ~~users~~ ~~to receive notification email upon login to their accounts.~~
361	- * (v.0) IMPROVED: Completely rebuilt the bot and reCAPTCHA login protection system.
362	- * (v.0) IMPROVED: Import/Export system hugely improved with respect to automated push of options from Master sites.
363	- * (v.0) IMPROVED: A different approach to sessions management that should handle sessions a bit better.
364	- * (v.0) IMPROVED: Expired user sessions are cleaned from the DB using a cron, and on Insights Dashboard load.
365
366	= 6.8 Series =
367	Released: 11th June, 2018 - [Release Notes](https://icwp.io/d4)
368


369	* (v.0) ADDED: [PRO] White Label - ability to re-brand the entire Shield Security plugin to your company brand.
370	* (v.0) ADDED: [PRO] Option for all users to receive notification email upon login to their accounts.
371	* (v.0) IMPROVED: Completely rebuilt the bot and reCAPTCHA login protection system.


8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	+ Stable tag: 6.8.1
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14

353
354	[Go Pro for just $1/month](https://icwp.io/aa).
355
356	+ = 6.8.1 - Current Release =
357	+ Released: 14th June, 2018 - [Release Notes](https://icwp.io/d4)
358
359	+ * (v.1) FIXED: A couple of bugs with WooCommerce reCAPTCHA processing.
360	+ * (v.1) FIXED: A bug with user sessions cleaning




361
362	= 6.8 Series =
363	Released: 11th June, 2018 - [Release Notes](https://icwp.io/d4)
364
365	+ * (v.1) FIXED: A couple of bugs with WooCommerce reCAPTCHA processing.
366	+ * (v.1) FIXED: A bug with user sessions cleaning
367	* (v.0) ADDED: [PRO] White Label - ability to re-brand the entire Shield Security plugin to your company brand.
368	* (v.0) ADDED: [PRO] Option for all users to receive notification email upon login to their accounts.
369	* (v.0) IMPROVED: Completely rebuilt the bot and reCAPTCHA login protection system.

src/common/icwp-optionsvo.php CHANGED Viewed

	@@ -764,7 +764,7 @@ class ICWP_WPSF_OptionsVO extends ICWP_WPSF_Foundation {
764	break;
765
766	case 'email':
767	- $bValid = empty( $mPotentialValue ) \|\| $this->loadDP()->validEmail( $mPotentialValue );
768	break;
769	}
770	return $bValid;


764	break;
765
766	case 'email':
767	+ $bValid = empty( $mPotentialValue) \|\| $this->loadDP()->validEmail( $mPotentialValue );
768	break;
769	}
770	return $bValid;

src/features/login_protect.php CHANGED Viewed

	@@ -81,14 +81,17 @@ class ICWP_WPSF_FeatureHandler_LoginProtect extends ICWP_WPSF_FeatureHandler_Bas
81	// v6.8.0: reCAPTCHA options restructure
82
83	// These can be removed eventually and are used to migrate old recaptcha settings to new structure
84	- if ( $this->getOpt( 'enable_google_recaptcha_login' ) ~~== 'Y' ) {~~

85	$this->setOpt( 'enable_google_recaptcha_login', $this->getOpt( 'google_recaptcha_style_login' ) );
86	}




87	if ( $this->getIsCheckingUserRegistrations() ) {
88	- $this->setOpt( 'bot_protection_locations', array_merge( ~~$this->getBotProtectionLocations(), array(~~
89	- 'register',
90	- 'password'
91	- ) ) )
92	->setOpt( 'enable_user_register_checking', 'N' );
93	}
94	}
	@@ -395,7 +398,7 @@ class ICWP_WPSF_FeatureHandler_LoginProtect extends ICWP_WPSF_FeatureHandler_Bas
395	*/
396	public function getBotProtectionLocations() {
397	$aLocs = $this->getOpt( 'bot_protection_locations' );
398	- return is_array( $aLocs ) ? $aLocs : $this->getOptionsVo()->getOptDefault( 'bot_protection_locations' );
399	}
400
401	/**


81	// v6.8.0: reCAPTCHA options restructure
82
83	// These can be removed eventually and are used to migrate old recaptcha settings to new structure
84	+ $sRecap = $this->getOpt( 'enable_google_recaptcha_login' );
85	+ if ( $sRecap == 'Y' ) {
86	$this->setOpt( 'enable_google_recaptcha_login', $this->getOpt( 'google_recaptcha_style_login' ) );
87	}
88	+ else if ( $sRecap == 'N' ) {
89	+ $this->setOpt( 'enable_google_recaptcha_login', 'disabled' );
90	+ }
91	+
92	if ( $this->getIsCheckingUserRegistrations() ) {
93	+ $this->setOpt( 'bot_protection_locations', array_merge(
94	+ $this->getBotProtectionLocations(), array( 'register', 'password' ) ) )


95	->setOpt( 'enable_user_register_checking', 'N' );
96	}
97	}

398	*/
399	public function getBotProtectionLocations() {
400	$aLocs = $this->getOpt( 'bot_protection_locations' );
401	+ return is_array( $aLocs ) ? $aLocs : (array)$this->getOptionsVo()->getOptDefault( 'bot_protection_locations' );
402	}
403
404	/**

src/processors/loginprotect_base.php CHANGED Viewed

	@@ -18,6 +18,11 @@ abstract class ICWP_WPSF_Processor_LoginProtect_Base extends ICWP_WPSF_Processor
18	*/
19	private $sUserToAudit;
20





21	/**
22	*/
23	public function run() {
	@@ -25,6 +30,8 @@ abstract class ICWP_WPSF_Processor_LoginProtect_Base extends ICWP_WPSF_Processor
25	$oFO = $this->getFeature();
26	$b3rdParty = $oFO->getIfSupport3rdParty();
27


28	if ( $oFO->isProtectLogin() ) {
29	// We give it a priority of 10 so that we can jump in before WordPress does its own validation.
30	add_filter( 'authenticate', array( $this, 'checkReqLogin_Wp' ), 10, 3 );
	@@ -311,6 +318,13 @@ abstract class ICWP_WPSF_Processor_LoginProtect_Base extends ICWP_WPSF_Processor
311	return empty( $this->sUserToAudit ) ? 'unknown' : $this->sUserToAudit;
312	}
313







314	/**
315	* @param string $sActionToAudit
316	* @return $this
	@@ -320,6 +334,15 @@ abstract class ICWP_WPSF_Processor_LoginProtect_Base extends ICWP_WPSF_Processor
320	return $this;
321	}
322









323	/**
324	* @param string $sUserToAudit
325	* @return $this


18	*/
19	private $sUserToAudit;
20
21	+ /**
22	+ * @var bool
23	+ */
24	+ private $bFactorTested;
25	+
26	/**
27	*/
28	public function run() {

30	$oFO = $this->getFeature();
31	$b3rdParty = $oFO->getIfSupport3rdParty();
32
33	+ $this->setFactorTested( false );
34	+
35	if ( $oFO->isProtectLogin() ) {
36	// We give it a priority of 10 so that we can jump in before WordPress does its own validation.
37	add_filter( 'authenticate', array( $this, 'checkReqLogin_Wp' ), 10, 3 );

318	return empty( $this->sUserToAudit ) ? 'unknown' : $this->sUserToAudit;
319	}
320
321	+ /**
322	+ * @return bool
323	+ */
324	+ public function isFactorTested() {
325	+ return (bool)$this->bFactorTested;
326	+ }
327	+
328	/**
329	* @param string $sActionToAudit
330	* @return $this

334	return $this;
335	}
336
337	+ /**
338	+ * @param bool $bFactorTested
339	+ * @return $this
340	+ */
341	+ public function setFactorTested( $bFactorTested ) {
342	+ $this->bFactorTested = $bFactorTested;
343	+ return $this;
344	+ }
345	+
346	/**
347	* @param string $sUserToAudit
348	* @return $this

src/processors/loginprotect_cooldown.php CHANGED Viewed

	@@ -8,21 +8,17 @@ require_once( dirname( __FILE__ ).'/loginprotect_base.php' );
8
9	class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_LoginProtect_Base {
10
11	- /**
12	- * @var bool
13	- */
14	- private $bCooldownUpdated = false;
15	-
16	/**
17	* @throws Exception
18	*/
19	protected function performCheckWithException() {
20
21	- if ( !$this->~~isCooldownAlreadyUpdated~~() ) {
22
23	$bWithinCooldownPeriod = $this->isWithinCooldownPeriod();
24	$nRemaining = $this->getLoginCooldownInterval() - $this->getSecondsSinceLastLogin();
25	- $this->updateLastLoginTime();

26
27	// At this point someone has attempted to login within the previous login wait interval
28	// So we remove WordPress's authentication filter and our own user check authentication
	@@ -68,11 +64,12 @@ class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_Logi
68	}
69
70	/**

71	*/
72	protected function updateLastLoginTime() {
73	- $this->bCooldownUpdated = true;
74	$this->loadFS()->deleteFile( $this->getLastLoginTimeFilePath() );
75	$this->loadFS()->touch( $this->getLastLoginTimeFilePath(), $this->time() );

76	}
77
78	/**
	@@ -93,11 +90,4 @@ class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_Logi
93	protected function getSecondsSinceLastLogin() {
94	return ( $this->time() - $this->getLastLoginTime() );
95	}
96	-
97	- /**
98	- * @return bool
99	- */
100	- protected function isCooldownAlreadyUpdated() {
101	- return (bool)$this->bCooldownUpdated;
102	- }
103	}


8
9	class ICWP_WPSF_Processor_LoginProtect_Cooldown extends ICWP_WPSF_Processor_LoginProtect_Base {
10





11	/**
12	* @throws Exception
13	*/
14	protected function performCheckWithException() {
15
16	+ if ( !$this->isFactorTested() ) {
17
18	$bWithinCooldownPeriod = $this->isWithinCooldownPeriod();
19	$nRemaining = $this->getLoginCooldownInterval() - $this->getSecondsSinceLastLogin();
20	+ $this->updateLastLoginTime()
21	+ ->setFactorTested( true );
22
23	// At this point someone has attempted to login within the previous login wait interval
24	// So we remove WordPress's authentication filter and our own user check authentication

64	}
65
66	/**
67	+ * @return $this
68	*/
69	protected function updateLastLoginTime() {

70	$this->loadFS()->deleteFile( $this->getLastLoginTimeFilePath() );
71	$this->loadFS()->touch( $this->getLastLoginTimeFilePath(), $this->time() );
72	+ return $this;
73	}
74
75	/**

90	protected function getSecondsSinceLastLogin() {
91	return ( $this->time() - $this->getLastLoginTime() );
92	}







93	}

src/processors/loginprotect_googlerecaptcha.php CHANGED Viewed

@@ -21,13 +21,18 @@ class ICWP_WPSF_Processor_LoginProtect_GoogleRecaptcha extends ICWP_WPSF_Process
             	 * @throws Exception
             	 */
             	protected function performCheckWithException() {
-            -
            		try {
-            -
            			$this->checkRequestRecaptcha();
-            -
            			$this->doStatIncrement( 'login.recaptcha.verified' );
-            -
            		}
-            -
            		catch ( Exception $oE ) {
-            -
            			$this->setLoginAsFailed( 'login.recaptcha.fail' );
-            -
            			throw $oE;
+            		}
+            	}


21	* @throws Exception
22	*/
23	protected function performCheckWithException() {
24	+
25	+ if ( !$this->isFactorTested() ) {
26	+
27	+ $this->setFactorTested( true );
28	+ try {
29	+ $this->checkRequestRecaptcha();
30	+ $this->doStatIncrement( 'login.recaptcha.verified' );
31	+ }
32	+ catch ( Exception $oE ) {
33	+ $this->setLoginAsFailed( 'login.recaptcha.fail' );
34	+ throw $oE;
35	+ }
36	}
37	}
38

src/processors/usermanagement_sessions.php CHANGED Viewed

	@@ -122,7 +122,7 @@ class ICWP_WPSF_Processor_UserManagement_Sessions extends ICWP_WPSF_Processor_Cr
122	$nNow = $this->time();
123	// We use 14 as an outside case. If it's 2 days, WP cookie will expire anyway.
124	// And if User Management is active, then it'll draw in that value.
125	- $oTerminator->forExpiredLoginAt( $nNow - apply_filters( 'auth_cookie_expiration', 14*DAY_IN_SECONDS ) );
126
127	// Default is ZERO, so we don't want to terminate all sessions if it's never set.
128	if ( $oFO->hasSessionIdleTimeout() ) {


122	$nNow = $this->time();
123	// We use 14 as an outside case. If it's 2 days, WP cookie will expire anyway.
124	// And if User Management is active, then it'll draw in that value.
125	+ $oTerminator->forExpiredLoginAt( $nNow - apply_filters( 'auth_cookie_expiration', 14*DAY_IN_SECONDS, 0, false ) );
126
127	// Default is ZERO, so we don't want to terminate all sessions if it's never set.
128	if ( $oFO->hasSessionIdleTimeout() ) {

Shield Security for WordPress - Version 6.8.1

Version Description

Release Info

Code changes from version 6.8.0 to 6.8.1