Shield Security for WordPress

Version Description

Current Release = Released: 22nd June, 2018 - Release Notes
(v.2) FIXED: Bug with multi-factor authentication verification.
(v.2) FIXED: Bug with chosen reCAPTCHA style not being honoured on login pages
(v.2) FIXED: Bug with Invisible reCAPTCHA + WooCommerce
(v.2) FIXED: Bug with Pwned passwords always being checked even if setting turned off.

Release Info

Developer	paultgoodchild
Plugin	Shield Security for WordPress
Version	6.8.2
Comparing to
See all releases

Code changes from version 6.8.1 to 6.8.2

Files changed (14) hide show

icwp-plugin-controller.php +1 -1
icwp-wpsf.php +1 -1
plugin-spec.php +2 -2
readme.txt +11 -5
src/common/icwp-data.php +8 -0
src/common/icwp-wpfunctions.php +5 -8
src/features/login_protect.php +39 -2
src/processors/firewall.php +1 -1
src/processors/loginprotect_base.php +8 -1
src/processors/loginprotect_googlerecaptcha.php +24 -0
src/processors/loginprotect_intent.php +1 -1
src/processors/loginprotect_track.php +2 -4
src/processors/usermanagement_passwords.php +6 -1
templates/php/snippets/google_recaptcha_js.php +12 -10

icwp-plugin-controller.php CHANGED Viewed

	@@ -401,7 +401,7 @@ class ICWP_WPSF_Plugin_Controller extends ICWP_WPSF_Foundation {
401	$oDp->downloadStringAsFile(
402	wp_json_encode( $aExportOptions ),
403	'shield_options_export-'
404	- .$this->loadWp()->getHomeUrl( ~~true~~ )
405	.'-'.date( 'y-m-d__H-i-s' ).'.txt'
406	);
407	}


401	$oDp->downloadStringAsFile(
402	wp_json_encode( $aExportOptions ),
403	'shield_options_export-'
404	+ .$oDp->urlStripSchema( $this->loadWp()->getHomeUrl() )
405	.'-'.date( 'y-m-d__H-i-s' ).'.txt'
406	);
407	}

icwp-wpsf.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Shield Security
4	* Plugin URI: https://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	- * Version: 6.8.1
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin


3	* Plugin Name: Shield Security
4	* Plugin URI: https://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	+ * Version: 6.8.2
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages/
9	* Author: One Dollar Plugin

plugin-spec.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	{
2	"properties": {
3	- "version": "6.8.1",
4	- "release_timestamp": ~~1528972148~~,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",


1	{
2	"properties": {
3	+ "version": "6.8.2",
4	+ "release_timestamp": 1529653373,
5	"slug_parent": "icwp",
6	"slug_plugin": "wpsf",
7	"human_name": "Shield",

readme.txt CHANGED Viewed

	@@ -8,7 +8,7 @@ Requires at least: 3.5.0
8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	- Stable tag: 6.8.1
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14
	@@ -353,15 +353,21 @@ You will always be able to use Shield Security and its free features in-full.
353
354	[Go Pro for just $1/month](https://icwp.io/aa).
355
356	- = 6.8.1 - Current Release =
357	- Released: ~~14th~~ June, 2018 - [Release Notes](https://icwp.io/d4)
358
359	- * (v.1) FIXED: A ~~couple of bugs~~ with ~~WooCommerce~~ ~~reCAPTCHA~~ ~~processing~~.
360	- * (v.1) FIXED: A ~~bug~~ with ~~user~~ ~~sessions~~ ~~cleaning~~


361
362	= 6.8 Series =
363	Released: 11th June, 2018 - [Release Notes](https://icwp.io/d4)
364




365	* (v.1) FIXED: A couple of bugs with WooCommerce reCAPTCHA processing.
366	* (v.1) FIXED: A bug with user sessions cleaning
367	* (v.0) ADDED: [PRO] White Label - ability to re-brand the entire Shield Security plugin to your company brand.


8	Requires PHP: 5.2.4
9	Recommended PHP: 5.4
10	Tested up to: 4.9
11	+ Stable tag: 6.8.2
12
13	Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14

353
354	[Go Pro for just $1/month](https://icwp.io/aa).
355
356	+ = 6.8.2 - Current Release =
357	+ Released: 22nd June, 2018 - [Release Notes](https://icwp.io/d4)
358
359	+ * (v.2) FIXED: Bug with multi-factor authentication verification.
360	+ * (v.2) FIXED: Bug with chosen reCAPTCHA style not being honoured on login pages
361	+ * (v.2) FIXED: Bug with Invisible reCAPTCHA + WooCommerce
362	+ * (v.2) FIXED: Bug with Pwned passwords always being checked even if setting turned off.
363
364	= 6.8 Series =
365	Released: 11th June, 2018 - [Release Notes](https://icwp.io/d4)
366
367	+ * (v.2) FIXED: Bug with multi-factor authentication verification.
368	+ * (v.2) FIXED: Bug with chosen reCAPTCHA style not being honoured on login pages
369	+ * (v.2) FIXED: Bug with Invisible reCAPTCHA + WooCommerce
370	+ * (v.2) FIXED: Bug with Pwned passwords always being checked even if setting turned off.
371	* (v.1) FIXED: A couple of bugs with WooCommerce reCAPTCHA processing.
372	* (v.1) FIXED: A bug with user sessions cleaning
373	* (v.0) ADDED: [PRO] White Label - ability to re-brand the entire Shield Security plugin to your company brand.

src/common/icwp-data.php CHANGED Viewed

	@@ -224,6 +224,14 @@ class ICWP_WPSF_DataProcessor extends ICWP_WPSF_Foundation {
224	return preg_replace( '#\s?\?.*$#', '', $sUrl );
225	}
226








227	/**
228	* Will strip everything from a URL except Scheme+Host and requires that Scheme+Host be present
229	* @return string\|false


224	return preg_replace( '#\s?\?.*$#', '', $sUrl );
225	}
226
227	+ /**
228	+ * @param string $sUrl
229	+ * @return string
230	+ */
231	+ public function urlStripSchema( $sUrl ) {
232	+ return preg_replace( '#^((http\|https):)?\/\/#i', '', $sUrl );
233	+ }
234	+
235	/**
236	* Will strip everything from a URL except Scheme+Host and requires that Scheme+Host be present
237	* @return string\|false

src/common/icwp-wpfunctions.php CHANGED Viewed

	@@ -190,17 +190,14 @@ class ICWP_WPSF_WpFunctions extends ICWP_WPSF_Foundation {
190	}
191
192	/**
193	- * @param ~~bool~~ $~~bRemoveSchema~~
194	* @return string
195	*/
196	- public function getHomeUrl( $~~bRemoveSchema~~ = ~~false~~ ) {
197	- $sUrl = home_url();
198	if ( empty( $sUrl ) ) {
199	remove_all_filters( 'home_url' );
200	- $sUrl = home_url();
201	- }
202	- if ( $bRemoveSchema ) {
203	- $sUrl = preg_replace( '#^((http\|https):)?\/\/#i', '', $sUrl );
204	}
205	return $sUrl;
206	}
	@@ -753,7 +750,7 @@ class ICWP_WPSF_WpFunctions extends ICWP_WPSF_Foundation {
753
754	$sPath = $oDP->request( 'rest_route' );
755	if ( empty( $sPath ) && $this->isPermalinksEnabled() ) {
756	- $sFullUri = $this->loadWp()->getHomeUrl(~~).$~~oDP->getRequestPath();
757	$sPath = substr( $sFullUri, strlen( get_rest_url( get_current_blog_id() ) ) );
758	}
759	}


190	}
191
192	/**
193	+ * @param string $sPath
194	* @return string
195	*/
196	+ public function getHomeUrl( $sPath = '' ) {
197	+ $sUrl = home_url( $sPath );
198	if ( empty( $sUrl ) ) {
199	remove_all_filters( 'home_url' );
200	+ $sUrl = home_url( $sPath );



201	}
202	return $sUrl;
203	}

750
751	$sPath = $oDP->request( 'rest_route' );
752	if ( empty( $sPath ) && $this->isPermalinksEnabled() ) {
753	+ $sFullUri = $this->loadWp()->getHomeUrl( $oDP->getRequestPath() );
754	$sPath = substr( $sFullUri, strlen( get_rest_url( get_current_blog_id() ) ) );
755	}
756	}

src/features/login_protect.php CHANGED Viewed

@@ -386,7 +386,7 @@ class ICWP_WPSF_FeatureHandler_LoginProtect extends ICWP_WPSF_FeatureHandler_Bas
             	 * @return string
             	 */
             	public function getGoogleRecaptchaStyle() {
-            -
            		$sStyle = $this->getOpt( 'google_recaptcha_style_login' );
             		if ( $sStyle == 'default' ) {
             			$sStyle = parent::getGoogleRecaptchaStyle();
+            		}
@@ -499,6 +499,43 @@ class ICWP_WPSF_FeatureHandler_LoginProtect extends ICWP_WPSF_FeatureHandler_Bas
             		return $this->setOpt( 'enable_login_gasp_check', $bEnabled ? 'Y' : 'N' );
+            	}
             	/**
             	 * @param array $aOptionsParams
             	 * @return array
@@ -657,7 +694,7 @@ class ICWP_WPSF_FeatureHandler_LoginProtect extends ICWP_WPSF_FeatureHandler_Bas
             								.'<br/>'.sprintf( '%s - %s', _wpsf__( 'Note' ), _wpsf__( "You'll need to setup your Google reCAPTCHA API Keys in 'General' settings." ) );
             				break;
-            -
            			case 'google_recaptcha_style_login' :
             				$sName = _wpsf__( 'reCAPTCHA Style' );
             				$sSummary = _wpsf__( 'How Google reCAPTCHA Will Be Displayed' );
             				$sDescription = _wpsf__( 'You can choose the reCAPTCHA display format that best suits your site, including the new Invisible Recaptcha' );


386	* @return string
387	*/
388	public function getGoogleRecaptchaStyle() {
389	+ $sStyle = $this->getOpt( 'enable_google_recaptcha_login' );
390	if ( $sStyle == 'default' ) {
391	$sStyle = parent::getGoogleRecaptchaStyle();
392	}

499	return $this->setOpt( 'enable_login_gasp_check', $bEnabled ? 'Y' : 'N' );
500	}
501
502	+ /**
503	+ * @param string $sSectionSlug
504	+ * @return array
505	+ */
506	+ protected function getSectionWarnings( $sSectionSlug ) {
507	+ $aWarnings = array();
508	+
509	+ if ( $sSectionSlug == 'section_brute_force_login_protection' && !$this->isPremium() ) {
510	+ $sIntegration = $this->getPremiumOnlyIntegration();
511	+ if ( !empty( $sIntegration ) ) {
512	+ $aWarnings[] = sprintf( _wpsf__( 'Support for login protection with %s is a Pro-only feature.' ), $sIntegration );
513	+ }
514	+ }
515	+
516	+ return $aWarnings;
517	+ }
518	+
519	+ /**
520	+ * @return string
521	+ */
522	+ protected function getPremiumOnlyIntegration() {
523	+ $aIntegrations = array(
524	+ 'WooCommerce' => 'WooCommerce',
525	+ 'Easy_Digital_Downloads' => 'Easy Digital Downloads',
526	+ 'BuddyPress' => 'BuddyPress',
527	+ );
528	+
529	+ $sIntegration = '';
530	+ foreach ( $aIntegrations as $sInt => $sName ) {
531	+ if ( class_exists( $sInt ) ) {
532	+ $sIntegration = $sName;
533	+ break;
534	+ }
535	+ }
536	+ return $sIntegration;
537	+ }
538	+
539	/**
540	* @param array $aOptionsParams
541	* @return array

694	.'<br/>'.sprintf( '%s - %s', _wpsf__( 'Note' ), _wpsf__( "You'll need to setup your Google reCAPTCHA API Keys in 'General' settings." ) );
695	break;
696
697	+ case 'google_recaptcha_style_login' : // Unused
698	$sName = _wpsf__( 'reCAPTCHA Style' );
699	$sSummary = _wpsf__( 'How Google reCAPTCHA Will Be Displayed' );
700	$sDescription = _wpsf__( 'You can choose the reCAPTCHA display format that best suits your site, including the new Invisible Recaptcha' );

src/processors/firewall.php CHANGED Viewed

	@@ -311,7 +311,7 @@ class ICWP_WPSF_Processor_Firewall extends ICWP_WPSF_Processor_BaseWpsf {
311	header( "Location: ".$oWp->getHomeUrl() );
312	break;
313	case 'redirect_404':
314	- header( "Location: ".$oWp->getHomeUrl().'/404' );
315	break;
316	default:
317	break;


311	header( "Location: ".$oWp->getHomeUrl() );
312	break;
313	case 'redirect_404':
314	+ header( "Location: ".$oWp->getHomeUrl( '404' ) );
315	break;
316	default:
317	break;

src/processors/loginprotect_base.php CHANGED Viewed

	@@ -68,7 +68,7 @@ abstract class ICWP_WPSF_Processor_LoginProtect_Base extends ICWP_WPSF_Processor
68	add_action( 'edd_register_form_fields_before_submit', array( $this, 'printLoginFormItems' ), 10 );
69	add_action( 'edd_process_register_form', array( $this, 'checkReqRegistration_Edd' ), 10 );
70
71	- add_action( 'woocommerce_register_form', array( $this, '~~printLoginFormItems~~' ), 10 );
72	add_filter( 'woocommerce_process_registration_errors', array( $this, 'checkReqRegistration_Woo' ), 10, 2 );
73	}
74	}
	@@ -259,6 +259,13 @@ abstract class ICWP_WPSF_Processor_LoginProtect_Base extends ICWP_WPSF_Processor
259	$this->printLoginFormItems();
260	}
261







262	/**
263	* see form-billing.php
264	* @param WP_Checkout $oCheckout


68	add_action( 'edd_register_form_fields_before_submit', array( $this, 'printLoginFormItems' ), 10 );
69	add_action( 'edd_process_register_form', array( $this, 'checkReqRegistration_Edd' ), 10 );
70
71	+ add_action( 'woocommerce_register_form', array( $this, 'printRegisterFormItems_Woo' ), 10 );
72	add_filter( 'woocommerce_process_registration_errors', array( $this, 'checkReqRegistration_Woo' ), 10, 2 );
73	}
74	}

259	$this->printLoginFormItems();
260	}
261
262	+ /**
263	+ * @return void
264	+ */
265	+ public function printRegisterFormItems_Woo() {
266	+ $this->printLoginFormItems();
267	+ }
268	+
269	/**
270	* see form-billing.php
271	* @param WP_Checkout $oCheckout

src/processors/loginprotect_googlerecaptcha.php CHANGED Viewed

@@ -59,6 +59,30 @@ class ICWP_WPSF_Processor_LoginProtect_GoogleRecaptcha extends ICWP_WPSF_Process
             		return $this->getGoogleRecaptchaHtml();
+            	}
             	/**
             	 * @return string
             	 */


59	return $this->getGoogleRecaptchaHtml();
60	}
61
62	+ /**
63	+ * We add the hidden input because the WooCommerce login processing doesn't fire unless
64	+ * $_POST['login'] is set. But this is put on the form button and so doesn't get submitted using JQuery
65	+ * @return void
66	+ */
67	+ public function printLoginFormItems_Woo() {
68	+ parent::printLoginFormItems_Woo();
69	+ if ( $this->isRecaptchaInvisible() ) {
70	+ echo '<input type="hidden" name="login" value="Log in" />';
71	+ }
72	+ }
73	+
74	+ /**
75	+ * We add the hidden input because the WooCommerce register processing doesn't fire unless
76	+ * $_POST['register'] is set. But this is put on the form button and so doesn't get submitted using JQuery
77	+ * @return void
78	+ */
79	+ public function printRegisterFormItems_Woo() {
80	+ parent::printRegisterFormItems_Woo();
81	+ if ( $this->isRecaptchaInvisible() ) {
82	+ echo '<input type="hidden" name="register" value="Register" />';
83	+ }
84	+ }
85	+
86	/**
87	* @return string
88	*/

src/processors/loginprotect_intent.php CHANGED Viewed

	@@ -376,7 +376,7 @@ class ICWP_WPSF_Processor_LoginProtect_Intent extends ICWP_WPSF_Processor_BaseWp
376	$this->setLoginIntentProcessed();
377	}
378	$oTrk = $this->getLoginTrack();
379	- return $oFO->isChainedAuth() ? $oTrk->hasUnSuccessfulFactor() : $oTrk->hasSuccessfulFactor();
380	}
381
382	/**


376	$this->setLoginIntentProcessed();
377	}
378	$oTrk = $this->getLoginTrack();
379	+ return $oFO->isChainedAuth() ? !$oTrk->hasUnSuccessfulFactor() : $oTrk->hasSuccessfulFactor();
380	}
381
382	/**

src/processors/loginprotect_track.php CHANGED Viewed

	@@ -77,7 +77,6 @@ class ICWP_WPSF_Processor_LoginProtect_Track {
77	/**
78	* Works by using array_filter() with no callback, so only those values in the
79	* array that don't evaluate as false are returned. #SuperOmgElegant :)
80	- *
81	* @return int
82	*/
83	public function getCountFactorsSuccessful() {
	@@ -140,14 +139,13 @@ class ICWP_WPSF_Processor_LoginProtect_Track {
140	/**
141	* Also remove remaining factors to track
142	* @param string $sFactor
143	- * @param bool $bState
144	* @return $this
145	*/
146	protected function setFactorState( $sFactor, $bState ) {
147	$aFactors = $this->getAuthFactorsTracked();
148	$aFactors[ $sFactor ] = $bState;
149	$this->aFactorsTracked = $aFactors;
150	- ~~unset(~~ $this->~~aFactorsToTrack[~~ $sFactor ] );
151	- return $this;
152	}
153	}


77	/**
78	* Works by using array_filter() with no callback, so only those values in the
79	* array that don't evaluate as false are returned. #SuperOmgElegant :)

80	* @return int
81	*/
82	public function getCountFactorsSuccessful() {

139	/**
140	* Also remove remaining factors to track
141	* @param string $sFactor
142	+ * @param bool $bState
143	* @return $this
144	*/
145	protected function setFactorState( $sFactor, $bState ) {
146	$aFactors = $this->getAuthFactorsTracked();
147	$aFactors[ $sFactor ] = $bState;
148	$this->aFactorsTracked = $aFactors;
149	+ return $this->removeFactorToTrack( $sFactor );

150	}
151	}

src/processors/usermanagement_passwords.php CHANGED Viewed

	@@ -138,9 +138,14 @@ class ICWP_WPSF_Processor_UserManagement_Passwords extends ICWP_WPSF_Processor_B
138	* @throws Exception
139	*/
140	protected function applyPasswordChecks( $sPassword ) {



141	$this->testPasswordMeetsMinimumLength( $sPassword );
142	$this->testPasswordMeetsMinimumStrength( $sPassword );
143	- $~~this~~->~~sendRequestToPwnedRange~~( ~~$sPassword~~ );


144	}
145
146	/**


138	* @throws Exception
139	*/
140	protected function applyPasswordChecks( $sPassword ) {
141	+ /** @var ICWP_WPSF_FeatureHandler_UserManagement $oFO */
142	+ $oFO = $this->getFeature();
143	+
144	$this->testPasswordMeetsMinimumLength( $sPassword );
145	$this->testPasswordMeetsMinimumStrength( $sPassword );
146	+ if ( $oFO->isPassPreventPwned() ) {
147	+ $this->sendRequestToPwnedRange( $sPassword );
148	+ }
149	}
150
151	/**

templates/php/snippets/google_recaptcha_js.php CHANGED Viewed

	@@ -2,32 +2,34 @@
2
3	var iCWP_WPSF_Recaptcha = new function () {
4
5	- ~~this.setupForm~~ = ~~function~~ ( ~~form~~ ) {
6
7	- ~~var~~ ~~recaptchaContainer~~ = ~~form.querySelector~~(~~'.icwpg-recaptcha'~~);


8
9	if ( recaptchaContainer !== null ) {
10
11	var recaptchaContainerSpec = grecaptcha.render(
12	recaptchaContainer,
13	{
14	- 'sitekey': '<?php echo $sitekey~~;?>~~',
15	- 'size': '<?php echo $size~~;?>~~',
16	- 'theme': '<?php echo $theme~~;?>~~',
17	'badge': 'bottomright',
18	- 'callback' : function ( reCaptchaToken ) {
19	<?php if ( $invis ) : ?>
20	- HTMLFormElement.prototype.submit.call( ~~form~~ );
21	<?php endif;?>
22	},
23	- 'expired-callback' : function() {
24	grecaptcha.reset( recaptchaContainerSpec );
25	}
26	}
27	);
28
29	<?php if ( $invis ) : ?>
30	- var aSubmitInputs = ~~document~~.~~getElementsByTagName~~( 'input' );
31	for ( var i = 0; i < aSubmitInputs.length; i++ ) {
32	if ( aSubmitInputs[ i ].type.toLowerCase() === 'submit' ) {
33	aSubmitInputs[ i ].onclick = function ( event ) {
	@@ -49,7 +51,7 @@
49	};
50	}();
51
52	- var onLoadIcwpRecaptchaCallback = function() {
53	iCWP_WPSF_Recaptcha.initialise();
54	};
55	</script>


2
3	var iCWP_WPSF_Recaptcha = new function () {
4
5	+ var bInvisible = <?php echo $invis ? 'true' : 'false'; ?>;
6
7	+ this.setupForm = function ( oForm ) {
8	+
9	+ var recaptchaContainer = oForm.querySelector( '.icwpg-recaptcha' );
10
11	if ( recaptchaContainer !== null ) {
12
13	var recaptchaContainerSpec = grecaptcha.render(
14	recaptchaContainer,
15	{
16	+ 'sitekey': '<?php echo $sitekey; ?>',
17	+ 'size': '<?php echo $size; ?>',
18	+ 'theme': '<?php echo $theme; ?>',
19	'badge': 'bottomright',
20	+ 'callback': function ( reCaptchaToken ) {
21	<?php if ( $invis ) : ?>
22	+ HTMLFormElement.prototype.submit.call( oForm );
23	<?php endif;?>
24	},
25	+ 'expired-callback': function () {
26	grecaptcha.reset( recaptchaContainerSpec );
27	}
28	}
29	);
30
31	<?php if ( $invis ) : ?>
32	+ var aSubmitInputs = oForm.querySelectorAll( 'input, button' );
33	for ( var i = 0; i < aSubmitInputs.length; i++ ) {
34	if ( aSubmitInputs[ i ].type.toLowerCase() === 'submit' ) {
35	aSubmitInputs[ i ].onclick = function ( event ) {

51	};
52	}();
53
54	+ var onLoadIcwpRecaptchaCallback = function () {
55	iCWP_WPSF_Recaptcha.initialise();
56	};
57	</script>

Shield Security for WordPress - Version 6.8.2

Version Description

Release Info

Code changes from version 6.8.1 to 6.8.2