Shield Security for WordPress - Version 6.9.3

Version Description

  • Current Release = Released: 11th September, 2018

  • (v.3) ADDED: Support for AppleBot in the Traffic Watcher.

  • (v.3) FIXED: Plugin/Theme Guard bug not capturing updates correctly.

  • (v.3) FIXED: Google Authenticator could not be removed from profile.

Download this release

Release Info

Developer paultgoodchild
Plugin Icon 128x128 Shield Security for WordPress
Version 6.9.3
Comparing to
See all releases

Code changes from version 6.9.2 to 6.9.3

Files changed (23) hide show
  1. icwp-wpsf.php +1 -1
  2. plugin-spec.php +2 -2
  3. readme.txt +11 -9
  4. src/common/icwp-ip.php +13 -0
  5. src/common/icwp-optionsvo.php +7 -0
  6. src/common/icwp-wpfunctions-plugins.php +17 -0
  7. src/config/feature-autoupdates.php +126 -125
  8. src/config/feature-email.php +22 -21
  9. src/config/feature-hack_protect.php +2 -1
  10. src/config/feature-insights.php +2 -1
  11. src/config/feature-ips.php +108 -108
  12. src/config/feature-license.php +89 -88
  13. src/config/feature-plugin.php +1 -0
  14. src/config/feature-sessions.php +27 -26
  15. src/config/feature-statistics.php +43 -42
  16. src/config/feature-traffic.php +80 -74
  17. src/features/base_wpsf.php +2 -1
  18. src/features/hack_protect.php +12 -0
  19. src/processors/base_wpsf.php +3 -3
  20. src/processors/hackprotect_ptguard.php +56 -8
  21. src/processors/loginprotect_googleauthenticator.php +11 -3
  22. src/processors/loginprotect_intentprovider_base.php +2 -2
  23. src/processors/traffic_logger.php +23 -1
icwp-wpsf.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://icwp.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
- * Version: 6.9.2
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages/
9
  * Author: One Dollar Plugin
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://icwp.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
+ * Version: 6.9.3
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages/
9
  * Author: One Dollar Plugin
plugin-spec.php CHANGED
@@ -1,7 +1,7 @@
1
  {
2
  "properties": {
3
- "version": "6.9.2",
4
- "release_timestamp": 1536572281,
5
  "slug_parent": "icwp",
6
  "slug_plugin": "wpsf",
7
  "human_name": "Shield",
1
  {
2
  "properties": {
3
+ "version": "6.9.3",
4
+ "release_timestamp": 1536678135,
5
  "slug_parent": "icwp",
6
  "slug_plugin": "wpsf",
7
  "human_name": "Shield",
readme.txt CHANGED
@@ -8,7 +8,7 @@ Requires at least: 3.5.0
8
  Requires PHP: 5.2.4
9
  Recommended PHP: 5.4
10
  Tested up to: 4.9
11
- Stable tag: 6.9.2
12
 
13
  Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14
 
@@ -345,24 +345,26 @@ Possible options are: network_admin, administrator, editor, author, contributor,
345
 
346
  == Changelog ==
347
 
348
- Our policy was to never restrict security features to Pro upgrades.
349
- [This has now changed](https://icwp.io/bs).
350
 
351
- Shield Pro brings exclusive features to the serious webmaster to maximise site security. You'll also have access to our email technical support team.
352
  You will always be able to use Shield Security and its free features in-full.
353
 
354
  [Go Pro for just $1/month](https://icwp.io/aa).
355
 
356
- = 6.9.2 - Current Release =
357
- *Released: 10th September, 2018*
358
 
359
- * **(v.2)** FIXED: Prevent crashing on sites with PHP < v5.4
360
- * **(v.1)** ADDED: Support for Yandex search engine in the [Traffic Watcher](https://icwp.io/dc).
361
- * **(v.1)** IMPROVED: WooCommerce checkout handling with reCAPTCHA.
362
 
363
  = 6.9.0 - Series =
364
  *Released: 6th September, 2018* - [Release Notes](https://icwp.io/dc)
365
 
 
 
 
366
  * **(v.0)** NEW: [**PRO**] [Traffic Watcher](https://icwp.io/dc) - live tracking of all requests to your site.
367
  * **(v.0)** NEW: [**PRO**] [Yubikey](https://icwp.io/dc) - Allows for multiple Yubikeys on the same user profile.
368
  * **(v.0)** ADDED: [**PRO**] Option to include listing of affected files within Hack Guard notification emails.
8
  Requires PHP: 5.2.4
9
  Recommended PHP: 5.4
10
  Tested up to: 4.9
11
+ Stable tag: 6.9.3
12
 
13
  Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
14
 
345
 
346
  == Changelog ==
347
 
348
+ Shield Pro brings exclusive features to the serious webmaster to maximise site security.
349
+ You'll also have access to our email technical support team.
350
 
 
351
  You will always be able to use Shield Security and its free features in-full.
352
 
353
  [Go Pro for just $1/month](https://icwp.io/aa).
354
 
355
+ = 6.9.3 - Current Release =
356
+ *Released: 11th September, 2018*
357
 
358
+ * **(v.3)** ADDED: Support for AppleBot in the [Traffic Watcher](https://icwp.io/dc).
359
+ * **(v.3)** FIXED: [Plugin/Theme Guard](https://icwp.io/bq) bug not capturing updates correctly.
360
+ * **(v.3)** FIXED: Google Authenticator could not be removed from profile.
361
 
362
  = 6.9.0 - Series =
363
  *Released: 6th September, 2018* - [Release Notes](https://icwp.io/dc)
364
 
365
+ * **(v.2)** FIXED: Prevent crashing on sites with PHP < v5.4
366
+ * **(v.1)** ADDED: Support for Yandex search engine in the [Traffic Watcher](https://icwp.io/dc).
367
+ * **(v.1)** IMPROVED: WooCommerce checkout handling with reCAPTCHA.
368
  * **(v.0)** NEW: [**PRO**] [Traffic Watcher](https://icwp.io/dc) - live tracking of all requests to your site.
369
  * **(v.0)** NEW: [**PRO**] [Yubikey](https://icwp.io/dc) - Allows for multiple Yubikeys on the same user profile.
370
  * **(v.0)** ADDED: [**PRO**] Option to include listing of affected files within Hack Guard notification emails.
src/common/icwp-ip.php CHANGED
@@ -457,6 +457,19 @@ class ICWP_WPSF_Ip extends ICWP_WPSF_Foundation {
457
  return $this->isIpOfBot( 'yandex.com/bots', '#.*\.yandex?\.(com|ru|net)\.?$#i', $sIp, $sUserAgent );
458
  }
459
 
 
 
 
 
 
 
 
 
 
 
 
 
 
460
  /**
461
  * @param string $sBotUserAgent
462
  * @param string $sBotHostPattern
457
  return $this->isIpOfBot( 'yandex.com/bots', '#.*\.yandex?\.(com|ru|net)\.?$#i', $sIp, $sUserAgent );
458
  }
459
 
460
+ /**
461
+ * https://support.apple.com/en-gb/HT204683
462
+ * https://discussions.apple.com/thread/7090135
463
+ * Apple IPs start with '17.'
464
+ * @param string $sIp
465
+ * @param string $sUserAgent
466
+ * @return bool
467
+ */
468
+ public function isIpAppleBot( $sIp, $sUserAgent = '' ) {
469
+ return ( $this->getIpVersion( $sIp ) != 4 || strpos( $sIp, '17.' ) === 0 )
470
+ && $this->isIpOfBot( 'Applebot/', '#.*\.applebot.apple.com\.?$#i', $sIp, $sUserAgent );
471
+ }
472
+
473
  /**
474
  * @param string $sBotUserAgent
475
  * @param string $sBotHostPattern
src/common/icwp-optionsvo.php CHANGED
@@ -593,6 +593,13 @@ class ICWP_WPSF_OptionsVO extends ICWP_WPSF_Foundation {
593
  return (bool)$this->getFeatureProperty( 'premium' );
594
  }
595
 
 
 
 
 
 
 
 
596
  /**
597
  * @param string $sKey
598
  * @return bool
593
  return (bool)$this->getFeatureProperty( 'premium' );
594
  }
595
 
596
+ /**
597
+ * @return bool
598
+ */
599
+ public function isModuleWhitelistExempt() {
600
+ return (bool)$this->getFeatureProperty( 'whitelist_exempt' );
601
+ }
602
+
603
  /**
604
  * @param string $sKey
605
  * @return bool
src/common/icwp-wpfunctions-plugins.php CHANGED
@@ -331,6 +331,23 @@ class ICWP_WPSF_WpFunctions_Plugins extends ICWP_WPSF_Foundation {
331
  return $aPlugin;
332
  }
333
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
334
  /**
335
  * @param string $sPluginFile
336
  * @return null|stdClass
331
  return $aPlugin;
332
  }
333
 
334
+ /**
335
+ * @param string $sDirName
336
+ * @return string|null
337
+ */
338
+ public function getFileFromDirName( $sDirName ) {
339
+ $sFile = null;
340
+ if ( !empty( $sDirName ) ) {
341
+ foreach ( $this->getInstalledPluginFiles() as $sF ) {
342
+ if ( strpos( $sFile, $sDirName.'/' ) === 0 ) {
343
+ $sFile = $sF;
344
+ break;
345
+ }
346
+ }
347
+ }
348
+ return $sFile;
349
+ }
350
+
351
  /**
352
  * @param string $sPluginFile
353
  * @return null|stdClass
src/config/feature-autoupdates.php CHANGED
@@ -1,197 +1,198 @@
1
  {
2
- "slug": "autoupdates",
3
- "properties": {
4
- "slug": "autoupdates",
5
- "name": "Automatic Updates",
6
  "show_module_menu_item": true,
7
- "storage_key": "autoupdates",
8
- "tagline": "Take back full control of WordPress automatic updates",
9
- "show_central": true,
10
- "access_restricted": true,
11
- "premium": false,
12
- "order": 60
 
13
  },
14
- "sections": [
15
  {
16
- "slug": "section_automatic_updates_for_wordpress_components",
17
- "primary": true,
18
- "title": "Automatic Updates For WordPress Components",
19
  "title_short": "WordPress Components",
20
- "summary": [
21
  "Purpose - Control how automatic updates for each WordPress component is handled.",
22
  "Recommendation - You should at least allow minor updates for the WordPress core."
23
  ]
24
  },
25
  {
26
- "slug": "section_options",
27
- "title": "Auto-Update Options",
28
  "title_short": "Auto-Update Options",
29
- "summary": "Purpose - Make adjustments to how automatic updates are handled on your site."
30
  },
31
  {
32
- "slug": "section_enable_plugin_feature_automatic_updates_control",
33
- "title": "Enable Module: Automatic Updates",
34
  "title_short": "Disable Module",
35
- "summary": [
36
  "Purpose - Automatic Updates lets you manage the WordPress automatic updates engine so you choose what exactly gets updated automatically.",
37
  "Recommendation - Keep the Automatic Updates feature turned on."
38
  ]
39
  },
40
  {
41
- "slug": "section_non_ui",
42
  "hidden": true
43
  }
44
  ],
45
- "options": [
46
- {
47
- "key": "enable_autoupdates",
48
- "section": "section_enable_plugin_feature_automatic_updates_control",
49
- "default": "Y",
50
- "type": "checkbox",
51
- "link_info": "https://icwp.io/3w",
52
- "link_blog": "",
53
- "name": "Enable Automatic Updates",
54
- "summary": "Enable (or Disable) The Automatic Updates module",
55
  "description": "Un-Checking this option will completely disable the Automatic Updates module"
56
  },
57
  {
58
- "key": "enable_autoupdate_disable_all",
59
- "section": "section_automatic_updates_for_wordpress_components",
60
- "default": "N",
61
- "type": "checkbox",
62
- "link_info": "https://icwp.io/3v",
63
- "link_blog": "",
64
- "name": "Disable All",
65
- "summary": "Completely Disable WordPress Automatic Updates",
66
  "description": "When selected, regardless of any other settings, all WordPress automatic updates on this site will be completely disabled!"
67
  },
68
  {
69
- "key": "autoupdate_core",
70
- "section": "section_automatic_updates_for_wordpress_components",
71
- "default": "core_minor",
72
- "type": "select",
73
  "value_options": [
74
  {
75
  "value_key": "core_never",
76
- "text": "Never"
77
  },
78
  {
79
  "value_key": "core_minor",
80
- "text": "Minor Versions Only"
81
  },
82
  {
83
  "value_key": "core_major",
84
- "text": "Major and Minor Versions"
85
  }
86
  ],
87
- "link_info": "https://icwp.io/3x",
88
- "link_blog": "",
89
- "name": "WordPress Core Updates",
90
- "summary": "Decide how the WordPress Core will automatically update, if at all",
91
- "description": "At least automatically upgrading minor versions is recommended (and is the WordPress default)."
92
  },
93
  {
94
- "key": "enable_autoupdate_plugins",
95
- "section": "section_automatic_updates_for_wordpress_components",
96
- "default": "N",
97
- "type": "checkbox",
98
- "link_info": "",
99
- "link_blog": "",
100
- "name": "Plugins",
101
- "summary": "Automatically Update Plugins",
102
  "description": "Note: Automatic updates for plugins are disabled on WordPress by default."
103
  },
104
  {
105
- "key": "enable_individual_autoupdate_plugins",
106
- "section": "section_non_ui",
107
- "default": "N",
108
- "type": "checkbox",
109
- "premium": true,
110
- "link_info": "",
111
- "link_blog": "",
112
- "name": "Individually Select Plugins",
113
- "summary": "Select Individual Plugins To Automatically Update",
114
  "description": "Turning this on will provide an option on the plugins page to select whether a plugin is automatically updated."
115
  },
116
  {
117
- "key": "enable_autoupdate_themes",
118
- "section": "section_automatic_updates_for_wordpress_components",
119
- "default": "N",
120
- "type": "checkbox",
121
- "link_info": "",
122
- "link_blog": "",
123
- "name": "Themes",
124
- "summary": "Automatically Update Themes",
125
  "description": "Note: Automatic updates for themes are disabled on WordPress by default."
126
  },
127
  {
128
- "key": "enable_autoupdate_translations",
129
- "section": "section_automatic_updates_for_wordpress_components",
130
- "default": "Y",
131
- "type": "checkbox",
132
- "link_info": "",
133
- "link_blog": "",
134
- "name": "Translations",
135
- "summary": "Automatically Update Translations",
136
  "description": "Note: Automatic updates for translations are enabled on WordPress by default."
137
  },
138
  {
139
- "key": "enable_autoupdate_ignore_vcs",
140
- "section": "section_automatic_updates_for_wordpress_components",
141
- "default": "N",
142
- "type": "checkbox",
143
- "link_info": "",
144
- "link_blog": "",
145
- "name": "Ignore Version Control",
146
- "summary": "Ignore Version Control Systems Such As GIT and SVN",
147
  "description": "If you use SVN or GIT and WordPress detects it, automatic updates are disabled by default. Check this box to ignore version control systems and allow automatic updates."
148
  },
149
  {
150
- "key": "update_delay",
151
- "section": "section_options",
152
- "premium": true,
153
- "default": "0",
154
- "type": "integer",
155
- "link_info": "",
156
- "link_blog": "",
157
- "name": "Update Delay",
158
- "summary": "Delay Automatic Updates For Period Of Stability",
159
  "description": "Shield will delay upgrades until the new update has been available for the set number of days."
160
  },
161
  {
162
- "key": "enable_upgrade_notification_email",
163
- "section": "section_options",
164
- "default": "",
165
- "type": "checkbox",
166
- "link_info": "",
167
- "link_blog": "",
168
- "name": "Send Report Email",
169
- "summary": "Send email notices after automatic updates",
170
  "description": "You can turn on/off email notices from automatic updates by un/checking this box."
171
  },
172
  {
173
- "key": "override_email_address",
174
- "section": "section_options",
175
- "sensitive": true,
176
- "default": "",
177
- "type": "email",
178
- "link_info": "",
179
- "link_blog": "",
180
- "name": "Report Email Address",
181
- "summary": "Where to send upgrade notification reports",
182
  "description": "If this is empty, it will default to the Site Admin email address"
183
  },
184
  {
185
- "key": "delay_tracking",
186
  "transferable": false,
187
- "default": [],
188
- "section": "section_non_ui"
189
  },
190
  {
191
- "key": "selected_plugins",
192
  "transferable": false,
193
- "default": [],
194
- "section": "section_non_ui"
195
  }
196
  ],
197
  "definitions": {
1
  {
2
+ "slug": "autoupdates",
3
+ "properties": {
4
+ "slug": "autoupdates",
5
+ "name": "Automatic Updates",
6
  "show_module_menu_item": true,
7
+ "storage_key": "autoupdates",
8
+ "tagline": "Take back full control of WordPress automatic updates",
9
+ "show_central": true,
10
+ "access_restricted": true,
11
+ "premium": false,
12
+ "whitelist_exempt": true,
13
+ "order": 60
14
  },
15
+ "sections": [
16
  {
17
+ "slug": "section_automatic_updates_for_wordpress_components",
18
+ "primary": true,
19
+ "title": "Automatic Updates For WordPress Components",
20
  "title_short": "WordPress Components",
21
+ "summary": [
22
  "Purpose - Control how automatic updates for each WordPress component is handled.",
23
  "Recommendation - You should at least allow minor updates for the WordPress core."
24
  ]
25
  },
26
  {
27
+ "slug": "section_options",
28
+ "title": "Auto-Update Options",
29
  "title_short": "Auto-Update Options",
30
+ "summary": "Purpose - Make adjustments to how automatic updates are handled on your site."
31
  },
32
  {
33
+ "slug": "section_enable_plugin_feature_automatic_updates_control",
34
+ "title": "Enable Module: Automatic Updates",
35
  "title_short": "Disable Module",
36
+ "summary": [
37
  "Purpose - Automatic Updates lets you manage the WordPress automatic updates engine so you choose what exactly gets updated automatically.",
38
  "Recommendation - Keep the Automatic Updates feature turned on."
39
  ]
40
  },
41
  {
42
+ "slug": "section_non_ui",
43
  "hidden": true
44
  }
45
  ],
46
+ "options": [
47
+ {
48
+ "key": "enable_autoupdates",
49
+ "section": "section_enable_plugin_feature_automatic_updates_control",
50
+ "default": "Y",
51
+ "type": "checkbox",
52
+ "link_info": "https://icwp.io/3w",
53
+ "link_blog": "",
54
+ "name": "Enable Automatic Updates",
55
+ "summary": "Enable (or Disable) The Automatic Updates module",
56
  "description": "Un-Checking this option will completely disable the Automatic Updates module"
57
  },
58
  {
59
+ "key": "enable_autoupdate_disable_all",
60
+ "section": "section_automatic_updates_for_wordpress_components",
61
+ "default": "N",
62
+ "type": "checkbox",
63
+ "link_info": "https://icwp.io/3v",
64
+ "link_blog": "",
65
+ "name": "Disable All",
66
+ "summary": "Completely Disable WordPress Automatic Updates",
67
  "description": "When selected, regardless of any other settings, all WordPress automatic updates on this site will be completely disabled!"
68
  },
69
  {
70
+ "key": "autoupdate_core",
71
+ "section": "section_automatic_updates_for_wordpress_components",
72
+ "default": "core_minor",
73
+ "type": "select",
74
  "value_options": [
75
  {
76
  "value_key": "core_never",
77
+ "text": "Never"
78
  },
79
  {
80
  "value_key": "core_minor",
81
+ "text": "Minor Versions Only"
82
  },
83
  {
84
  "value_key": "core_major",
85
+ "text": "Major and Minor Versions"
86
  }
87
  ],
88
+ "link_info": "https://icwp.io/3x",
89
+ "link_blog": "",
90
+ "name": "WordPress Core Updates",
91
+ "summary": "Decide how the WordPress Core will automatically update, if at all",
92
+ "description": "At least automatically upgrading minor versions is recommended (and is the WordPress default)."
93
  },
94
  {
95
+ "key": "enable_autoupdate_plugins",
96
+ "section": "section_automatic_updates_for_wordpress_components",
97
+ "default": "N",
98
+ "type": "checkbox",
99
+ "link_info": "",
100
+ "link_blog": "",
101
+ "name": "Plugins",
102
+ "summary": "Automatically Update Plugins",
103
  "description": "Note: Automatic updates for plugins are disabled on WordPress by default."
104
  },
105
  {
106
+ "key": "enable_individual_autoupdate_plugins",
107
+ "section": "section_non_ui",
108
+ "default": "N",
109
+ "type": "checkbox",
110
+ "premium": true,
111
+ "link_info": "",
112
+ "link_blog": "",
113
+ "name": "Individually Select Plugins",
114
+ "summary": "Select Individual Plugins To Automatically Update",
115
  "description": "Turning this on will provide an option on the plugins page to select whether a plugin is automatically updated."
116
  },
117
  {
118
+ "key": "enable_autoupdate_themes",
119
+ "section": "section_automatic_updates_for_wordpress_components",
120
+ "default": "N",
121
+ "type": "checkbox",
122
+ "link_info": "",
123
+ "link_blog": "",
124
+ "name": "Themes",
125
+ "summary": "Automatically Update Themes",
126
  "description": "Note: Automatic updates for themes are disabled on WordPress by default."
127
  },
128
  {
129
+ "key": "enable_autoupdate_translations",
130
+ "section": "section_automatic_updates_for_wordpress_components",
131
+ "default": "Y",
132
+ "type": "checkbox",
133
+ "link_info": "",
134
+ "link_blog": "",
135
+ "name": "Translations",
136
+ "summary": "Automatically Update Translations",
137
  "description": "Note: Automatic updates for translations are enabled on WordPress by default."
138
  },
139
  {
140
+ "key": "enable_autoupdate_ignore_vcs",
141
+ "section": "section_automatic_updates_for_wordpress_components",
142
+ "default": "N",
143
+ "type": "checkbox",
144
+ "link_info": "",
145
+ "link_blog": "",
146
+ "name": "Ignore Version Control",
147
+ "summary": "Ignore Version Control Systems Such As GIT and SVN",
148
  "description": "If you use SVN or GIT and WordPress detects it, automatic updates are disabled by default. Check this box to ignore version control systems and allow automatic updates."
149
  },
150
  {
151
+ "key": "update_delay",
152
+ "section": "section_options",
153
+ "premium": true,
154
+ "default": "0",
155
+ "type": "integer",
156
+ "link_info": "",
157
+ "link_blog": "",
158
+ "name": "Update Delay",
159
+ "summary": "Delay Automatic Updates For Period Of Stability",
160
  "description": "Shield will delay upgrades until the new update has been available for the set number of days."
161
  },
162
  {
163
+ "key": "enable_upgrade_notification_email",
164
+ "section": "section_options",
165
+ "default": "",
166
+ "type": "checkbox",
167
+ "link_info": "",
168
+ "link_blog": "",
169
+ "name": "Send Report Email",
170
+ "summary": "Send email notices after automatic updates",
171
  "description": "You can turn on/off email notices from automatic updates by un/checking this box."
172
  },
173
  {
174
+ "key": "override_email_address",
175
+ "section": "section_options",
176
+ "sensitive": true,
177
+ "default": "",
178
+ "type": "email",
179
+ "link_info": "",
180
+ "link_blog": "",
181
+ "name": "Report Email Address",
182
+ "summary": "Where to send upgrade notification reports",
183
  "description": "If this is empty, it will default to the Site Admin email address"
184
  },
185
  {
186
+ "key": "delay_tracking",
187
  "transferable": false,
188
+ "default": [],
189
+ "section": "section_non_ui"
190
  },
191
  {
192
+ "key": "selected_plugins",
193
  "transferable": false,
194
+ "default": [],
195
+ "section": "section_non_ui"
196
  }
197
  ],
198
  "definitions": {
src/config/feature-email.php CHANGED
@@ -1,36 +1,37 @@
1
  {
2
- "slug": "email",
3
  "properties": {
4
- "slug": "email",
5
- "name": "Email",
6
  "show_module_menu_item": false,
7
- "auto_enabled": true,
8
- "storage_key": "email",
9
- "show_central": false,
10
- "premium": false,
11
- "access_restricted": true
 
12
  },
13
- "sections": [
14
  {
15
- "slug": "section_email_options",
16
- "title": "Email Options",
17
  "primary": true
18
  },
19
  {
20
- "slug": "section_non_ui",
21
  "hidden": true
22
  }
23
  ],
24
- "options": [
25
  {
26
- "key": "send_email_throttle_limit",
27
- "section": "section_email_options",
28
- "default": 10,
29
- "type": "integer",
30
- "link_info": "",
31
- "link_blog": "",
32
- "name": "Email Throttle Limit",
33
- "summary": "Limit Emails Per Second",
34
  "description": "You throttle emails sent by this plugin by limiting the number of emails sent every second. This is useful in case you get hit by a bot attack. Zero (0) turns this off. Suggested: 10."
35
  }
36
  ]
1
  {
2
+ "slug": "email",
3
  "properties": {
4
+ "slug": "email",
5
+ "name": "Email",
6
  "show_module_menu_item": false,
7
+ "auto_enabled": true,
8
+ "storage_key": "email",
9
+ "show_central": false,
10
+ "premium": false,
11
+ "access_restricted": true,
12
+ "whitelist_exempt": true
13
  },
14
+ "sections": [
15
  {
16
+ "slug": "section_email_options",
17
+ "title": "Email Options",
18
  "primary": true
19
  },
20
  {
21
+ "slug": "section_non_ui",
22
  "hidden": true
23
  }
24
  ],
25
+ "options": [
26
  {
27
+ "key": "send_email_throttle_limit",
28
+ "section": "section_email_options",
29
+ "default": 10,
30
+ "type": "integer",
31
+ "link_info": "",
32
+ "link_blog": "",
33
+ "name": "Email Throttle Limit",
34
+ "summary": "Limit Emails Per Second",
35
  "description": "You throttle emails sent by this plugin by limiting the number of emails sent every second. This is useful in case you get hit by a bot attack. Zero (0) turns this off. Suggested: 10."
36
  }
37
  ]
src/config/feature-hack_protect.php CHANGED
@@ -9,7 +9,8 @@
9
  "show_central": true,
10
  "access_restricted": true,
11
  "premium": false,
12
- "order": 70
 
13
  },
14
  "sections": [
15
  {
9
  "show_central": true,
10
  "access_restricted": true,
11
  "premium": false,
12
+ "order": 70,
13
+ "whitelist_exempt": true
14
  },
15
  "sections": [
16
  {
src/config/feature-insights.php CHANGED
@@ -9,7 +9,8 @@
9
  "storage_key": "insights",
10
  "show_central": false,
11
  "premium": false,
12
- "access_restricted": true
 
13
  },
14
  "requirements": {
15
  "php": {
9
  "storage_key": "insights",
10
  "show_central": false,
11
  "premium": false,
12
+ "access_restricted": true,
13
+ "whitelist_exempt": true
14
  },
15
  "requirements": {
16
  "php": {
src/config/feature-ips.php CHANGED
@@ -1,26 +1,27 @@
1
  {
2
- "slug": "ips",
3
- "properties": {
4
- "slug": "ips",
5
- "name": "IP Manager",
6
  "show_module_menu_item": true,
7
- "storage_key": "ips",
8
- "tagline": "Manage Visitor IP Address",
9
- "show_central": true,
10
- "access_restricted": true,
11
- "premium": false,
12
- "has_custom_actions": true,
13
- "order": 100
 
14
  },
15
  "admin_notices": {
16
  "visitor-whitelisted": {
17
- "id": "visitor-whitelisted",
18
- "schedule": "conditions",
19
  "valid_admin": true,
20
- "type": "info"
21
  }
22
  },
23
- "requirements": {
24
  "php": {
25
  "functions": [
26
  "filter_var"
@@ -34,166 +35,165 @@
34
  ]
35
  }
36
  },
37
- "sections": [
38
  {
39
- "slug": "section_auto_black_list",
40
- "primary": true,
41
- "title": "Automatic IP Black List",
42
  "title_short": "Auto Black List",
43
- "summary": [
44
  "Purpose - The Automatic IP Black List system will block the IP addresses of naughty visitors after a specified number of transgressions.",
45
  "Recommendation - Keep the Automatic IP Black List feature turned on."
46
  ]
47
  },
48
  {
49
- "slug": "section_reqtracking",
50
- "title": "Bad Request Tracking",
51
  "title_short": "Request Tracking",
52
- "summary": [
53
  "Purpose - Track strange behaviour to determine whether visitors are legitimate.",
54
  "Recommendation - These aren't security issues in their own right, but may indicate probing bots."
55
  ]
56
  },
57
  {
58
- "slug": "section_user_messages",
59
- "title": "Customize Messages Shown To User",
60
  "title_short": "Visitor Messages",
61
- "summary":
62
- [
63
  "Purpose - Customize the messages shown to visitors.",
64
  "Recommendation - Be sure to change the messages to suit your audience.",
65
  "Hint - To reset any message to its default, enter the text exactly: default"
66
  ]
67
  },
68
  {
69
- "slug": "section_enable_plugin_feature_ips",
70
- "title": "Enable Module: IP Manager",
71
  "title_short": "Disable Module",
72
- "summary": [
73
  "Purpose - The IP Manager allows you to whitelist, blacklist and configure auto-blacklist rules.",
74
  "Recommendation - Keep the IP Manager feature turned on. You should also carefully review the automatic black list settings."
75
  ]
76
  },
77
  {
78
- "slug": "section_non_ui",
79
  "hidden": true
80
  }
81
  ],
82
- "options": [
83
  {
84
- "key": "enable_ips",
85
- "section": "section_enable_plugin_feature_ips",
86
- "default": "Y",
87
- "type": "checkbox",
88
- "link_info": "https://icwp.io/wpsf26",
89
- "link_blog": "",
90
- "name": "Enable IP Manager",
91
- "summary": "Enable (or Disable) The IP Manager module",
92
  "description": "Un-Checking this option will completely disable the IP Manager module"
93
  },
94
  {
95
- "key": "transgression_limit",
96
- "section": "section_auto_black_list",
97
- "default": 10,
98
- "type": "integer",
99
- "link_info": "https://icwp.io/wpsf24",
100
- "link_blog": "https://icwp.io/wpsf26",
101
- "name": "Transgression Limit",
102
- "summary": "Visitor IP address will be Black Listed after X bad actions on your site",
103
  "description": "A black mark is set against an IP address each time a visitor trips the defenses of the Shield plugin. When the number of these transgressions exceeds specified limit, they are automatically blocked from accessing the site. Set this to 0 to turn off the Automatic IP Black List feature."
104
  },
105
  {
106
- "key": "auto_expire",
107
- "section": "section_auto_black_list",
108
- "default": "minute",
109
- "type": "select",
110
  "value_options": [
111
  {
112
  "value_key": "minute",
113
- "text": "Minute"
114
  },
115
  {
116
  "value_key": "hour",
117
- "text": "Hour"
118
  },
119
  {
120
  "value_key": "day",
121
- "text": "Day"
122
  },
123
  {
124
  "value_key": "week",
125
- "text": "Week"
126
  }
127
  ],
128
- "link_info": "https://icwp.io/wpsf25",
129
- "link_blog": "https://icwp.io/wpsf26",
130
- "name": "Auto Block Expiration",
131
- "summary": "After 1 'X' a black listed IP will be removed from the black list",
132
- "description": "Permanent and lengthy IP Black Lists are harmful to performance. You should allow IP addresses on the black list to be eventually removed over time. Shorter IP black lists are more efficient and a more intelligent use of an IP-based blocking system."
133
  },
134
- {
135
- "key": "text_loginfailed",
136
- "section": "section_user_messages",
137
- "premium": true,
138
- "default": "default",
139
- "type": "text",
140
- "link_info": "",
141
- "link_blog": "",
142
- "name": "Login Failed",
143
- "summary": "Visitor Triggers The IP Transgression System Through A Failed Login",
144
- "description": "This message is displayed if the visitor fails a login attempt."
145
- },
146
  {
147
- "key": "track_404",
148
- "section": "section_reqtracking",
149
- "sensitive": false,
150
- "type": "select",
151
- "premium": true,
152
- "default": "disabled",
 
 
 
 
 
 
 
 
 
 
 
 
153
  "value_options": [
154
  {
155
  "value_key": "disabled",
156
- "text": "Ignore 404s"
157
  },
158
  {
159
  "value_key": "log-only",
160
- "text": "Log Only (Audit Trail)"
161
  },
162
  {
163
  "value_key": "assign-transgression",
164
- "text": "Increment Transgression"
165
  }
166
  ],
167
- "link_info": "",
168
- "link_blog": "",
169
- "name": "Track 404s",
170
- "summary": "Use 404s As An Transgression",
171
- "description": "Repeated 404s may indicate a probing bot especially where WP Login has been renamed."
 
 
 
 
 
 
 
 
 
 
 
 
172
  },
173
- {
174
- "key": "text_remainingtrans",
175
- "section": "section_user_messages",
176
- "premium": true,
177
- "default": "default",
178
- "type": "text",
179
- "link_info": "",
180
- "link_blog": "",
181
- "name": "Remaining Transgressions",
182
- "summary": "Visitor Triggers The IP Transgression System Through A Firewall Block",
183
- "description": "This message is displayed if the visitor triggered the IP Transgression system and reports how many transgressions remain before being blocked."
184
- },
185
  {
186
- "key": "this_server_ip",
187
  "transferable": false,
188
- "sensitive": true,
189
- "section": "section_non_ui",
190
- "value": ""
191
  },
192
  {
193
- "key": "this_server_ip_last_check_at",
194
  "transferable": false,
195
- "section": "section_non_ui",
196
- "value": 0
197
  },
198
  {
199
  "key": "insights_last_transgression_at",
@@ -208,8 +208,8 @@
208
  "default": 0
209
  }
210
  ],
211
- "definitions": {
212
- "ip_lists_table_name": "ip_lists",
213
  "ip_list_table_columns": [
214
  "id",
215
  "ip",
1
  {
2
+ "slug": "ips",
3
+ "properties": {
4
+ "slug": "ips",
5
+ "name": "IP Manager",
6
  "show_module_menu_item": true,
7
+ "storage_key": "ips",
8
+ "tagline": "Manage Visitor IP Address",
9
+ "show_central": true,
10
+ "access_restricted": true,
11
+ "premium": false,
12
+ "has_custom_actions": true,
13
+ "whitelist_exempt": true,
14
+ "order": 100
15
  },
16
  "admin_notices": {
17
  "visitor-whitelisted": {
18
+ "id": "visitor-whitelisted",
19
+ "schedule": "conditions",
20
  "valid_admin": true,
21
+ "type": "info"
22
  }
23
  },
24
+ "requirements": {
25
  "php": {
26
  "functions": [
27
  "filter_var"
35
  ]
36
  }
37
  },
38
+ "sections": [
39
  {
40
+ "slug": "section_auto_black_list",
41
+ "primary": true,
42
+ "title": "Automatic IP Black List",
43
  "title_short": "Auto Black List",
44
+ "summary": [
45
  "Purpose - The Automatic IP Black List system will block the IP addresses of naughty visitors after a specified number of transgressions.",
46
  "Recommendation - Keep the Automatic IP Black List feature turned on."
47
  ]
48
  },
49
  {
50
+ "slug": "section_reqtracking",
51
+ "title": "Bad Request Tracking",
52
  "title_short": "Request Tracking",
53
+ "summary": [
54
  "Purpose - Track strange behaviour to determine whether visitors are legitimate.",
55
  "Recommendation - These aren't security issues in their own right, but may indicate probing bots."
56
  ]
57
  },
58
  {
59
+ "slug": "section_user_messages",
60
+ "title": "Customize Messages Shown To User",
61
  "title_short": "Visitor Messages",
62
+ "summary": [
 
63
  "Purpose - Customize the messages shown to visitors.",
64
  "Recommendation - Be sure to change the messages to suit your audience.",
65
  "Hint - To reset any message to its default, enter the text exactly: default"
66
  ]
67
  },
68
  {
69
+ "slug": "section_enable_plugin_feature_ips",
70
+ "title": "Enable Module: IP Manager",
71
  "title_short": "Disable Module",
72
+ "summary": [
73
  "Purpose - The IP Manager allows you to whitelist, blacklist and configure auto-blacklist rules.",
74
  "Recommendation - Keep the IP Manager feature turned on. You should also carefully review the automatic black list settings."
75
  ]
76
  },
77
  {
78
+ "slug": "section_non_ui",
79
  "hidden": true
80
  }
81
  ],
82
+ "options": [
83
  {
84
+ "key": "enable_ips",
85
+ "section": "section_enable_plugin_feature_ips",
86
+ "default": "Y",
87
+ "type": "checkbox",
88
+ "link_info": "https://icwp.io/wpsf26",
89
+ "link_blog": "",
90
+ "name": "Enable IP Manager",
91
+ "summary": "Enable (or Disable) The IP Manager module",
92
  "description": "Un-Checking this option will completely disable the IP Manager module"
93
  },
94
  {
95
+ "key": "transgression_limit",
96
+ "section": "section_auto_black_list",
97
+ "default": 10,
98
+ "type": "integer",
99
+ "link_info": "https://icwp.io/wpsf24",
100
+ "link_blog": "https://icwp.io/wpsf26",
101
+ "name": "Transgression Limit",
102
+ "summary": "Visitor IP address will be Black Listed after X bad actions on your site",
103
  "description": "A black mark is set against an IP address each time a visitor trips the defenses of the Shield plugin. When the number of these transgressions exceeds specified limit, they are automatically blocked from accessing the site. Set this to 0 to turn off the Automatic IP Black List feature."
104
  },
105
  {
106
+ "key": "auto_expire",
107
+ "section": "section_auto_black_list",
108
+ "default": "minute",
109
+ "type": "select",
110
  "value_options": [
111
  {
112
  "value_key": "minute",
113
+ "text": "Minute"
114
  },
115
  {
116
  "value_key": "hour",
117
+ "text": "Hour"
118
  },
119
  {
120
  "value_key": "day",
121
+ "text": "Day"
122
  },
123
  {
124
  "value_key": "week",
125
+ "text": "Week"
126
  }
127
  ],
128
+ "link_info": "https://icwp.io/wpsf25",
129
+ "link_blog": "https://icwp.io/wpsf26",
130
+ "name": "Auto Block Expiration",
131
+ "summary": "After 1 'X' a black listed IP will be removed from the black list",
132
+ "description": "Permanent and lengthy IP Black Lists are harmful to performance. You should allow IP addresses on the black list to be eventually removed over time. Shorter IP black lists are more efficient and a more intelligent use of an IP-based blocking system."
133
  },
 
 
 
 
 
 
 
 
 
 
 
 
134
  {
135
+ "key": "text_loginfailed",
136
+ "section": "section_user_messages",
137
+ "premium": true,
138
+ "default": "default",
139
+ "type": "text",
140
+ "link_info": "",
141
+ "link_blog": "",
142
+ "name": "Login Failed",
143
+ "summary": "Visitor Triggers The IP Transgression System Through A Failed Login",
144
+ "description": "This message is displayed if the visitor fails a login attempt."
145
+ },
146
+ {
147
+ "key": "track_404",
148
+ "section": "section_reqtracking",
149
+ "sensitive": false,
150
+ "type": "select",
151
+ "premium": true,
152
+ "default": "disabled",
153
  "value_options": [
154
  {
155
  "value_key": "disabled",
156
+ "text": "Ignore 404s"
157
  },
158
  {
159
  "value_key": "log-only",
160
+ "text": "Log Only (Audit Trail)"
161
  },
162
  {
163
  "value_key": "assign-transgression",
164
+ "text": "Increment Transgression"
165
  }
166
  ],
167
+ "link_info": "",
168
+ "link_blog": "",
169
+ "name": "Track 404s",
170
+ "summary": "Use 404s As An Transgression",
171
+ "description": "Repeated 404s may indicate a probing bot especially where WP Login has been renamed."
172
+ },
173
+ {
174
+ "key": "text_remainingtrans",
175
+ "section": "section_user_messages",
176
+ "premium": true,
177
+ "default": "default",
178
+ "type": "text",
179
+ "link_info": "",
180
+ "link_blog": "",
181
+ "name": "Remaining Transgressions",
182
+ "summary": "Visitor Triggers The IP Transgression System Through A Firewall Block",
183
+ "description": "This message is displayed if the visitor triggered the IP Transgression system and reports how many transgressions remain before being blocked."
184
  },
 
 
 
 
 
 
 
 
 
 
 
 
185
  {
186
+ "key": "this_server_ip",
187
  "transferable": false,
188
+ "sensitive": true,
189
+ "section": "section_non_ui",
190
+ "value": ""
191
  },
192
  {
193
+ "key": "this_server_ip_last_check_at",
194
  "transferable": false,
195
+ "section": "section_non_ui",
196
+ "value": 0
197
  },
198
  {
199
  "key": "insights_last_transgression_at",
208
  "default": 0
209
  }
210
  ],
211
+ "definitions": {
212
+ "ip_lists_table_name": "ip_lists",
213
  "ip_list_table_columns": [
214
  "id",
215
  "ip",
src/config/feature-license.php CHANGED
@@ -1,154 +1,155 @@
1
  {
2
- "slug": "license",
3
- "properties": {
4
- "slug": "license",
5
- "name": "Pro Security",
6
- "tagline": "The Best In WordPress Security, Only Better.",
7
- "auto_enabled": true,
8
  "show_module_menu_item": true,
9
- "highlight_menu_item": true,
10
- "storage_key": "license",
11
- "show_central": false,
12
- "premium": false,
13
- "access_restricted": true
 
14
  },
15
- "sections": [
16
  {
17
- "slug": "section_license_options",
18
- "title": "License Options",
19
  "primary": true
20
  },
21
  {
22
- "slug": "section_non_ui",
23
  "hidden": true
24
  }
25
  ],
26
- "options": [
27
  {
28
- "key": "license_key",
29
- "sensitive": true,
30
  "transferable": false,
31
- "default": "",
32
- "section": "section_non_ui"
33
  },
34
  {
35
- "key": "license_activated_at",
36
  "transferable": false,
37
- "default": 0,
38
- "section": "section_non_ui"
39
  },
40
  {
41
- "key": "license_deactivated_at",
42
  "transferable": false,
43
- "default": 0,
44
- "section": "section_non_ui"
45
  },
46
  {
47
- "key": "license_last_checked_at",
48
  "transferable": false,
49
- "default": 0,
50
- "section": "section_non_ui"
51
  },
52
  {
53
- "key": "license_last_request_at",
54
  "transferable": false,
55
- "default": 0,
56
- "section": "section_non_ui"
57
  },
58
  {
59
- "key": "license_verified_at",
60
- "sensitive": true,
61
  "transferable": false,
62
- "default": 0,
63
- "section": "section_non_ui"
64
  },
65
  {
66
- "key": "license_expires_at",
67
- "sensitive": true,
68
  "transferable": false,
69
- "default": 0,
70
- "section": "section_non_ui"
71
  },
72
  {
73
- "key": "license_official_status",
74
- "sensitive": true,
75
  "transferable": false,
76
- "default": "",
77
- "section": "section_non_ui"
78
  },
79
  {
80
- "key": "license_deactivated_reason",
81
  "transferable": false,
82
- "default": "",
83
- "section": "section_non_ui"
84
  },
85
  {
86
- "key": "license_registered_email",
87
- "sensitive": true,
88
  "transferable": false,
89
- "default": "",
90
- "section": "section_non_ui"
91
  },
92
  {
93
- "key": "last_warning_email_sent_at",
94
  "transferable": false,
95
- "default": 0,
96
- "section": "section_non_ui"
97
  },
98
  {
99
- "key": "is_shield_central",
100
- "sensitive": true,
101
  "transferable": false,
102
- "default": false,
103
- "section": "section_non_ui"
104
  },
105
  {
106
- "key": "last_errors",
107
  "transferable": false,
108
- "default": "",
109
- "section": "section_non_ui"
110
  },
111
  {
112
- "key": "last_error_at",
113
- "sensitive": true,
114
  "transferable": false,
115
- "default": 0,
116
- "section": "section_non_ui"
117
  },
118
  {
119
- "key": "keyless_request_hash",
120
- "sensitive": true,
121
  "transferable": false,
122
- "default": "",
123
- "section": "section_non_ui"
124
  },
125
  {
126
- "key": "keyless_request_at",
127
- "sensitive": true,
128
  "transferable": false,
129
- "default": 0,
130
- "section": "section_non_ui"
131
  },
132
  {
133
- "key": "license_data",
134
- "sensitive": true,
135
  "transferable": false,
136
- "default": 0,
137
- "section": "section_non_ui"
138
  }
139
  ],
140
  "definitions": {
141
- "license_store_url": "https://onedollarplugin.com/edd-sl/",
142
- "keyless_cp": "https://icwp.io/c5",
143
- "license_item_name": "Shield Security Pro",
144
- "license_item_id": "6047",
145
- "license_item_name_sc": "Shield Security Pro (via Shield Central)",
146
- "license_item_id_sc": "968",
147
- "lic_verify_expire_days": 3,
148
  "lic_verify_expire_grace_days": 3,
149
- "license_key_length": 32,
150
- "license_key_type": "alphanumeric",
151
- "keyless": true,
152
- "keyless_handshake_expire": 90
153
  }
154
  }
1
  {
2
+ "slug": "license",
3
+ "properties": {
4
+ "slug": "license",
5
+ "name": "Pro Security",
6
+ "tagline": "The Best In WordPress Security, Only Better.",
7
+ "auto_enabled": true,
8
  "show_module_menu_item": true,
9
+ "highlight_menu_item": true,
10
+ "storage_key": "license",
11
+ "show_central": false,
12
+ "premium": false,
13
+ "access_restricted": true,
14
+ "whitelist_exempt": true
15
  },
16
+ "sections": [
17
  {
18
+ "slug": "section_license_options",
19
+ "title": "License Options",
20
  "primary": true
21
  },
22
  {
23
+ "slug": "section_non_ui",
24
  "hidden": true
25
  }
26
  ],
27
+ "options": [
28
  {
29
+ "key": "license_key",
30
+ "sensitive": true,
31
  "transferable": false,
32
+ "default": "",
33
+ "section": "section_non_ui"
34
  },
35
  {
36
+ "key": "license_activated_at",
37
  "transferable": false,
38
+ "default": 0,
39
+ "section": "section_non_ui"
40
  },
41
  {
42
+ "key": "license_deactivated_at",
43
  "transferable": false,
44
+ "default": 0,
45
+ "section": "section_non_ui"
46
  },
47
  {
48
+ "key": "license_last_checked_at",
49
  "transferable": false,
50
+ "default": 0,
51
+ "section": "section_non_ui"
52
  },
53
  {
54
+ "key": "license_last_request_at",
55
  "transferable": false,
56
+ "default": 0,
57
+ "section": "section_non_ui"
58
  },
59
  {
60
+ "key": "license_verified_at",
61
+ "sensitive": true,
62
  "transferable": false,
63
+ "default": 0,
64
+ "section": "section_non_ui"
65
  },
66
  {
67
+ "key": "license_expires_at",
68
+ "sensitive": true,
69
  "transferable": false,
70
+ "default": 0,
71
+ "section": "section_non_ui"
72
  },
73
  {
74
+ "key": "license_official_status",
75
+ "sensitive": true,
76
  "transferable": false,
77
+ "default": "",
78
+ "section": "section_non_ui"
79
  },
80
  {
81
+ "key": "license_deactivated_reason",
82
  "transferable": false,
83
+ "default": "",
84
+ "section": "section_non_ui"
85
  },
86
  {
87
+ "key": "license_registered_email",
88
+ "sensitive": true,
89
  "transferable": false,
90
+ "default": "",
91
+ "section": "section_non_ui"
92
  },
93
  {
94
+ "key": "last_warning_email_sent_at",
95
  "transferable": false,
96
+ "default": 0,
97
+ "section": "section_non_ui"
98
  },
99
  {
100
+ "key": "is_shield_central",
101
+ "sensitive": true,
102
  "transferable": false,
103
+ "default": false,
104
+ "section": "section_non_ui"
105
  },
106
  {
107
+ "key": "last_errors",
108
  "transferable": false,
109
+ "default": "",
110
+ "section": "section_non_ui"
111
  },
112
  {
113
+ "key": "last_error_at",
114
+ "sensitive": true,
115
  "transferable": false,
116
+ "default": 0,
117
+ "section": "section_non_ui"
118
  },
119
  {
120
+ "key": "keyless_request_hash",
121
+ "sensitive": true,
122
  "transferable": false,
123
+ "default": "",
124
+ "section": "section_non_ui"
125
  },
126
  {
127
+ "key": "keyless_request_at",
128
+ "sensitive": true,
129
  "transferable": false,
130
+ "default": 0,
131
+ "section": "section_non_ui"
132
  },
133
  {
134
+ "key": "license_data",
135
+ "sensitive": true,
136
  "transferable": false,
137
+ "default": 0,
138
+ "section": "section_non_ui"
139
  }
140
  ],
141
  "definitions": {
142
+ "license_store_url": "https://onedollarplugin.com/edd-sl/",
143
+ "keyless_cp": "https://icwp.io/c5",
144
+ "license_item_name": "Shield Security Pro",
145
+ "license_item_id": "6047",
146
+ "license_item_name_sc": "Shield Security Pro (via Shield Central)",
147
+ "license_item_id_sc": "968",
148
+ "lic_verify_expire_days": 7,
149
  "lic_verify_expire_grace_days": 3,
150
+ "license_key_length": 32,
151
+ "license_key_type": "alphanumeric",
152
+ "keyless": true,
153
+ "keyless_handshake_expire": 90
154
  }
155
  }
src/config/feature-plugin.php CHANGED
@@ -10,6 +10,7 @@
10
  "access_restricted": true,
11
  "premium": false,
12
  "has_custom_actions": false,
 
13
  "order": 10
14
  },
15
  "admin_notices": {
10
  "access_restricted": true,
11
  "premium": false,
12
  "has_custom_actions": false,
13
+ "whitelist_exempt": true,
14
  "order": 10
15
  },
16
  "admin_notices": {
src/config/feature-sessions.php CHANGED
@@ -1,42 +1,43 @@
1
  {
2
- "properties": {
3
- "slug": "sessions",
4
- "name": "Sessions",
5
  "show_module_menu_item": false,
6
- "storage_key": "sessions",
7
- "tagline": "User Sessions",
8
- "auto_enabled": true,
9
- "show_central": false,
10
- "premium": false,
11
- "access_restricted": true,
12
- "auto_load_processor": true
 
13
  },
14
- "sections": [
15
  {
16
- "slug": "section_enable_plugin_feature_sessions",
17
- "primary": true,
18
- "title": "Enable Module: Sessions",
19
  "title_short": "Disable Module",
20
- "summary": [
21
  "Purpose - Creates and Manages User Sessions.",
22
  "Recommendation - Keep the Sessions feature turned on."
23
  ]
24
  },
25
  {
26
- "slug": "section_non_ui",
27
  "hidden": true
28
  }
29
  ],
30
- "options": [
31
  {
32
- "key": "enable_sessions",
33
- "section": "section_enable_plugin_feature_sessions",
34
- "default": "Y",
35
- "type": "checkbox",
36
- "link_info": "",
37
- "link_blog": "",
38
- "name": "Enable Sessions",
39
- "summary": "Enable (or Disable) The Sessions module",
40
  "description": "Un-Checking this option will completely disable the Sessions module"
41
  },
42
  {
@@ -46,7 +47,7 @@
46
  }
47
  ],
48
  "definitions": {
49
- "sessions_table_name": "sessions",
50
  "sessions_table_columns": [
51
  "id",
52
  "session_id",
1
  {
2
+ "properties": {
3
+ "slug": "sessions",
4
+ "name": "Sessions",
5
  "show_module_menu_item": false,
6
+ "storage_key": "sessions",
7
+ "tagline": "User Sessions",
8
+ "auto_enabled": true,
9
+ "show_central": false,
10
+ "premium": false,
11
+ "access_restricted": true,
12
+ "auto_load_processor": true,
13
+ "whitelist_exempt": true
14
  },
15
+ "sections": [
16
  {
17
+ "slug": "section_enable_plugin_feature_sessions",
18
+ "primary": true,
19
+ "title": "Enable Module: Sessions",
20
  "title_short": "Disable Module",
21
+ "summary": [
22
  "Purpose - Creates and Manages User Sessions.",
23
  "Recommendation - Keep the Sessions feature turned on."
24
  ]
25
  },
26
  {
27
+ "slug": "section_non_ui",
28
  "hidden": true
29
  }
30
  ],
31
+ "options": [
32
  {
33
+ "key": "enable_sessions",
34
+ "section": "section_enable_plugin_feature_sessions",
35
+ "default": "Y",
36
+ "type": "checkbox",
37
+ "link_info": "",
38
+ "link_blog": "",
39
+ "name": "Enable Sessions",
40
+ "summary": "Enable (or Disable) The Sessions module",
41
  "description": "Un-Checking this option will completely disable the Sessions module"
42
  },
43
  {
47
  }
48
  ],
49
  "definitions": {
50
+ "sessions_table_name": "sessions",
51
  "sessions_table_columns": [
52
  "id",
53
  "session_id",
src/config/feature-statistics.php CHANGED
@@ -1,76 +1,77 @@
1
  {
2
- "properties": {
3
- "slug": "statistics",
4
- "name": "Statistics",
5
  "show_module_menu_item": false,
6
- "storage_key": "statistics",
7
- "tagline": "Summary of the main security actions taken by this plugin",
8
- "show_central": false,
9
- "premium": false,
10
- "access_restricted": true
 
11
  },
12
- "sections": [
13
  {
14
- "slug": "section_enable_plugin_feature_statistics",
15
- "primary": true,
16
- "title": "Enable Module: Statistics",
17
  "title_short": "Disable Module",
18
- "summary": [
19
  "Purpose - Helps you see at a glance how effective the plugin has been.",
20
  "Recommendation - Keep the Statistics feature turned on."
21
  ]
22
  },
23
  {
24
- "slug": "section_enable_plugin_feature_reporting",
25
- "primary": true,
26
- "title": "Enable Module: Reporting",
27
  "title_short": "Disable Module",
28
- "summary": [
29
  "Purpose - To track stats and issue reports.",
30
  "Recommendation - Keep the Reporting feature turned on."
31
  ]
32
  },
33
  {
34
- "slug": "section_stats_sharing",
35
- "title": "Statistics Sharing",
36
  "title_short": "Sharing",
37
- "summary": [
38
  "Purpose - Help us to provide globally accessible statistics on the effectiveness of the plugin.",
39
  "Recommendation - Enabling this option helps us improve our plugin over time.All statistics data collection is 100% anonymous.Neither we nor anyone else will be able to trace the data back to the originating site."
40
  ]
41
  },
42
  {
43
- "slug": "section_non_ui",
44
  "hidden": true
45
  }
46
  ],
47
- "options": [
48
  {
49
- "key": "enable_statistics",
50
- "section": "section_enable_plugin_feature_statistics",
51
- "default": "Y",
52
- "type": "checkbox",
53
- "link_info": "",
54
- "link_blog": "",
55
- "name": "Enable Statistics",
56
- "summary": "Enable (or Disable) The Statistics module",
57
  "description": "Un-Checking this option will completely disable the Statistics module"
58
  },
59
  {
60
- "key": "enable_reporting",
61
- "section": "section_enable_plugin_feature_reporting",
62
- "default": "Y",
63
- "type": "checkbox",
64
- "link_info": "",
65
- "link_blog": "",
66
- "name": "Enable Reporting",
67
- "summary": "Enable (or Disable) The Reporting module",
68
  "description": "Un-Checking this option will completely disable the Reporting module"
69
  }
70
  ],
71
  "definitions": {
72
- "statistics_table_name": "statistics",
73
- "statistics_table_columns": [
74
  "id",
75
  "stat_key",
76
  "parent_stat_key",
@@ -79,9 +80,9 @@
79
  "modified_at",
80
  "deleted_at"
81
  ],
82
- "reporting_table_name": "reporting",
83
  "reporting_consolidation_cron_name": "reporting-consolidation",
84
- "reporting_table_columns": [
85
  "id",
86
  "stat_key",
87
  "tally",
1
  {
2
+ "properties": {
3
+ "slug": "statistics",
4
+ "name": "Statistics",
5
  "show_module_menu_item": false,
6
+ "storage_key": "statistics",
7
+ "tagline": "Summary of the main security actions taken by this plugin",
8
+ "show_central": false,
9
+ "premium": false,
10
+ "access_restricted": true,
11
+ "whitelist_exempt": true
12
  },
13
+ "sections": [
14
  {
15
+ "slug": "section_enable_plugin_feature_statistics",
16
+ "primary": true,
17
+ "title": "Enable Module: Statistics",
18
  "title_short": "Disable Module",
19
+ "summary": [
20
  "Purpose - Helps you see at a glance how effective the plugin has been.",
21
  "Recommendation - Keep the Statistics feature turned on."
22
  ]
23
  },
24
  {
25
+ "slug": "section_enable_plugin_feature_reporting",
26
+ "primary": true,
27
+ "title": "Enable Module: Reporting",
28
  "title_short": "Disable Module",
29
+ "summary": [
30
  "Purpose - To track stats and issue reports.",
31
  "Recommendation - Keep the Reporting feature turned on."
32
  ]
33
  },
34
  {
35
+ "slug": "section_stats_sharing",
36
+ "title": "Statistics Sharing",
37
  "title_short": "Sharing",
38
+ "summary": [
39
  "Purpose - Help us to provide globally accessible statistics on the effectiveness of the plugin.",
40
  "Recommendation - Enabling this option helps us improve our plugin over time.All statistics data collection is 100% anonymous.Neither we nor anyone else will be able to trace the data back to the originating site."
41
  ]
42
  },
43
  {
44
+ "slug": "section_non_ui",
45
  "hidden": true
46
  }
47
  ],
48
+ "options": [
49
  {
50
+ "key": "enable_statistics",
51
+ "section": "section_enable_plugin_feature_statistics",
52
+ "default": "Y",
53
+ "type": "checkbox",
54
+ "link_info": "",
55
+ "link_blog": "",
56
+ "name": "Enable Statistics",
57
+ "summary": "Enable (or Disable) The Statistics module",
58
  "description": "Un-Checking this option will completely disable the Statistics module"
59
  },
60
  {
61
+ "key": "enable_reporting",
62
+ "section": "section_enable_plugin_feature_reporting",
63
+ "default": "Y",
64
+ "type": "checkbox",
65
+ "link_info": "",
66
+ "link_blog": "",
67
+ "name": "Enable Reporting",
68
+ "summary": "Enable (or Disable) The Reporting module",
69
  "description": "Un-Checking this option will completely disable the Reporting module"
70
  }
71
  ],
72
  "definitions": {
73
+ "statistics_table_name": "statistics",
74
+ "statistics_table_columns": [
75
  "id",
76
  "stat_key",
77
  "parent_stat_key",
80
  "modified_at",
81
  "deleted_at"
82
  ],
83
+ "reporting_table_name": "reporting",
84
  "reporting_consolidation_cron_name": "reporting-consolidation",
85
+ "reporting_table_columns": [
86
  "id",
87
  "stat_key",
88
  "tally",
src/config/feature-traffic.php CHANGED
@@ -1,133 +1,139 @@
1
  {
2
- "slug": "traffic",
3
- "properties": {
4
- "slug": "traffic",
5
- "name": "Traffic Watch",
6
  "show_module_menu_item": true,
7
- "storage_key": "traffic",
8
- "tagline": "Watch All Requests To Your Site",
9
- "show_central": true,
10
- "access_restricted": true,
11
- "premium": true,
12
- "has_custom_actions": true,
13
- "order": 110
 
14
  },
15
  "requirements": {
16
  "php": {
17
  "version": "5.4"
18
  }
19
  },
20
- "sections": [
21
  {
22
- "slug": "section_traffic_options",
23
- "primary": true,
24
- "title": "Traffic Watch Options",
25
  "title_short": "Options",
26
- "summary": [
27
  "Purpose - Provides finer control over the live traffic system.",
28
  "Recommendation - These settings are dependent on your requirements."
29
  ]
30
  },
31
  {
32
- "slug": "section_enable_plugin_feature_traffic",
33
- "title": "Enable Module: Traffic Watch",
34
  "title_short": "Disable Module",
35
- "summary": [
36
  "Purpose - The Traffic Watch module lets you monitor and review all requests to your site.",
37
  "Recommendation - Required only if you need to review and investigate and monitor requests to your site."
38
  ]
39
  },
40
  {
41
- "slug": "section_non_ui",
42
  "hidden": true
43
  }
44
  ],
45
- "options": [
46
  {
47
- "key": "enable_traffic",
48
- "section": "section_enable_plugin_feature_traffic",
49
- "default": "N",
50
- "type": "checkbox",
51
- "link_info": "",
52
- "link_blog": "",
53
- "name": "Enable Traffic Watch",
54
- "summary": "Enable (or Disable) The Traffic Watch Module",
55
  "description": "Un-Checking this option will completely disable the Traffic Watch module."
56
  },
57
  {
58
- "key": "type_exclusions",
59
- "section": "section_traffic_options",
60
- "type": "multiple_select",
61
- "default": [ "logged_in", "cron", "search", "uptime" ],
 
 
 
 
 
62
  "value_options": [
63
  {
64
  "value_key": "simple",
65
- "text": "Simple Requests"
66
  },
67
  {
68
  "value_key": "api",
69
- "text": "REST API"
70
  },
71
  {
72
  "value_key": "ajax",
73
- "text": "AJAX"
74
  },
75
  {
76
  "value_key": "logged_in",
77
- "text": "Logged-In Users"
78
  },
79
  {
80
  "value_key": "cron",
81
- "text": "WP CRON"
82
  },
83
  {
84
  "value_key": "search",
85
- "text": "Search Bots (i.e. Google, Bing, DuckDuckGo)"
86
  },
87
  {
88
  "value_key": "uptime",
89
- "text": "Uptime Monitoring Services (i.e. StatusCake, Pingdom, UptimeRobot)"
90
  }
91
  ],
92
- "link_info": "",
93
- "link_blog": "",
94
- "name": "Traffic Log Exclusions",
95
- "summary": "Select Which Types Of Requests To Exclude",
96
- "description": "Deselect any requests that you don't want to appear in the traffic viewer."
97
  },
98
  {
99
- "key": "auto_clean",
100
- "section": "section_traffic_options",
101
- "default": 3,
102
- "min": 1,
103
- "type": "integer",
104
- "link_info": "",
105
- "link_blog": "",
106
- "name": "Auto Expiry Cleaning",
107
- "summary": "Enable Traffic Log Auto Expiry",
108
  "description": "Automated DB cleanup will delete logs older than this maximum value (in days)."
109
  },
110
  {
111
- "key": "max_entries",
112
- "section": "section_traffic_options",
113
- "default": 1000,
114
- "min": 0,
115
- "type": "integer",
116
- "link_info": "",
117
- "link_blog": "",
118
- "name": "Max Log Length",
119
- "summary": "Maximum Traffic Log Length To Keep",
120
  "description": "Automated DB cleanup will delete logs to maintain this maximum number of records."
121
  },
122
  {
123
- "key": "auto_disable",
124
- "section": "section_traffic_options",
125
- "default": "N",
126
- "type": "checkbox",
127
- "link_info": "",
128
- "link_blog": "",
129
- "name": "Auto Disable",
130
- "summary": "Auto Disable Traffic Logging After 1 Week",
131
  "description": "Turn on to prevent unnecessary long-term traffic logging. Timer resets each time you save."
132
  },
133
  {
@@ -136,9 +142,9 @@
136
  "section": "section_non_ui"
137
  }
138
  ],
139
- "definitions": {
140
- "default_per_page": 25,
141
- "traffic_table_name": "traffic",
142
  "traffic_table_columns": [
143
  "id",
144
  "rid",
1
  {
2
+ "slug": "traffic",
3
+ "properties": {
4
+ "slug": "traffic",
5
+ "name": "Traffic Watch",
6
  "show_module_menu_item": true,
7
+ "storage_key": "traffic",
8
+ "tagline": "Watch All Requests To Your Site",
9
+ "show_central": true,
10
+ "access_restricted": true,
11
+ "premium": true,
12
+ "has_custom_actions": true,
13
+ "whitelist_exempt": true,
14
+ "order": 110
15
  },
16
  "requirements": {
17
  "php": {
18
  "version": "5.4"
19
  }
20
  },
21
+ "sections": [
22
  {
23
+ "slug": "section_traffic_options",
24
+ "primary": true,
25
+ "title": "Traffic Watch Options",
26
  "title_short": "Options",
27
+ "summary": [
28
  "Purpose - Provides finer control over the live traffic system.",
29
  "Recommendation - These settings are dependent on your requirements."
30
  ]
31
  },
32
  {
33
+ "slug": "section_enable_plugin_feature_traffic",
34
+ "title": "Enable Module: Traffic Watch",
35
  "title_short": "Disable Module",
36
+ "summary": [
37
  "Purpose - The Traffic Watch module lets you monitor and review all requests to your site.",
38
  "Recommendation - Required only if you need to review and investigate and monitor requests to your site."
39
  ]
40
  },
41
  {
42
+ "slug": "section_non_ui",
43
  "hidden": true
44
  }
45
  ],
46
+ "options": [
47
  {
48
+ "key": "enable_traffic",
49
+ "section": "section_enable_plugin_feature_traffic",
50
+ "default": "N",
51
+ "type": "checkbox",
52
+ "link_info": "",
53
+ "link_blog": "",
54
+ "name": "Enable Traffic Watch",
55
+ "summary": "Enable (or Disable) The Traffic Watch Module",
56
  "description": "Un-Checking this option will completely disable the Traffic Watch module."
57
  },
58
  {
59
+ "key": "type_exclusions",
60
+ "section": "section_traffic_options",
61
+ "type": "multiple_select",
62
+ "default": [
63
+ "logged_in",
64
+ "cron",
65
+ "search",
66
+ "uptime"
67
+ ],
68
  "value_options": [
69
  {
70
  "value_key": "simple",
71
+ "text": "Simple Requests"
72
  },
73
  {
74
  "value_key": "api",
75
+ "text": "REST API"
76
  },
77
  {
78
  "value_key": "ajax",
79
+ "text": "AJAX"
80
  },
81
  {
82
  "value_key": "logged_in",
83
+ "text": "Logged-In Users"
84
  },
85
  {
86
  "value_key": "cron",
87
+ "text": "WP CRON"
88
  },
89
  {
90
  "value_key": "search",
91
+ "text": "Search Bots (i.e. Google, Bing, DuckDuckGo)"
92
  },
93
  {
94
  "value_key": "uptime",
95
+ "text": "Uptime Monitoring Services (i.e. StatusCake, Pingdom, UptimeRobot)"
96
  }
97
  ],
98
+ "link_info": "",
99
+ "link_blog": "",
100
+ "name": "Traffic Log Exclusions",
101
+ "summary": "Select Which Types Of Requests To Exclude",
102
+ "description": "Deselect any requests that you don't want to appear in the traffic viewer."
103
  },
104
  {
105
+ "key": "auto_clean",
106
+ "section": "section_traffic_options",
107
+ "default": 3,
108
+ "min": 1,
109
+ "type": "integer",
110
+ "link_info": "",
111
+ "link_blog": "",
112
+ "name": "Auto Expiry Cleaning",
113
+ "summary": "Enable Traffic Log Auto Expiry",
114
  "description": "Automated DB cleanup will delete logs older than this maximum value (in days)."
115
  },
116
  {
117
+ "key": "max_entries",
118
+ "section": "section_traffic_options",
119
+ "default": 1000,
120
+ "min": 0,
121
+ "type": "integer",
122
+ "link_info": "",
123
+ "link_blog": "",
124
+ "name": "Max Log Length",
125
+ "summary": "Maximum Traffic Log Length To Keep",
126
  "description": "Automated DB cleanup will delete logs to maintain this maximum number of records."
127
  },
128
  {
129
+ "key": "auto_disable",
130
+ "section": "section_traffic_options",
131
+ "default": "N",
132
+ "type": "checkbox",
133
+ "link_info": "",
134
+ "link_blog": "",
135
+ "name": "Auto Disable",
136
+ "summary": "Auto Disable Traffic Logging After 1 Week",
137
  "description": "Turn on to prevent unnecessary long-term traffic logging. Timer resets each time you save."
138
  },
139
  {
142
  "section": "section_non_ui"
143
  }
144
  ],
145
+ "definitions": {
146
+ "default_per_page": 25,
147
+ "traffic_table_name": "traffic",
148
  "traffic_table_columns": [
149
  "id",
150
  "rid",
src/features/base_wpsf.php CHANGED
@@ -243,7 +243,8 @@ class ICWP_WPSF_FeatureHandler_BaseWpsf extends ICWP_WPSF_FeatureHandler_Base {
243
  * @return bool
244
  */
245
  protected function isReadyToExecute() {
246
- return !$this->isVisitorWhitelisted() && parent::isReadyToExecute();
 
247
  }
248
 
249
  /**
243
  * @return bool
244
  */
245
  protected function isReadyToExecute() {
246
+ return ( $this->getOptionsVo()->isModuleWhitelistExempt() || !$this->isVisitorWhitelisted() )
247
+ && parent::isReadyToExecute();
248
  }
249
 
250
  /**
src/features/hack_protect.php CHANGED
@@ -12,6 +12,18 @@ class ICWP_WPSF_FeatureHandler_HackProtect extends ICWP_WPSF_FeatureHandler_Base
12
  $this->setCustomCronSchedules();
13
  }
14
 
 
 
 
 
 
 
 
 
 
 
 
 
15
  /**
16
  * @param array $aAjaxResponse
17
  * @return array
12
  $this->setCustomCronSchedules();
13
  }
14
 
15
+ /**
16
+ */
17
+ protected function updateHandler() {
18
+ if ( $this->getConn()->getVersion() == '6.9.3' ) {
19
+ /** @var ICWP_WPSF_Processor_HackProtect $oP */
20
+ $oP = $this->getProcessor();
21
+ $this->setPtgLastBuildAt( 0 );
22
+ $oP->getSubProcessorGuard()
23
+ ->deleteStores();
24
+ }
25
+ }
26
+
27
  /**
28
  * @param array $aAjaxResponse
29
  * @return array
src/processors/base_wpsf.php CHANGED
@@ -263,13 +263,13 @@ abstract class ICWP_WPSF_Processor_BaseWpsf extends ICWP_WPSF_Processor_Base {
263
  }
264
 
265
  /**
266
- * @param string $sAdditionalMessage
267
  * @param int $nCategory
268
  * @param string $sEvent
269
  * @param string $sWpUsername
270
  * @return $this
271
  */
272
- public function addToAuditEntry( $sAdditionalMessage = '', $nCategory = 1, $sEvent = '', $sWpUsername = '' ) {
273
  if ( !isset( $this->aAuditEntry ) ) {
274
 
275
  if ( empty( $sWpUsername ) ) {
@@ -292,7 +292,7 @@ abstract class ICWP_WPSF_Processor_BaseWpsf extends ICWP_WPSF_Processor_Base {
292
  );
293
  }
294
 
295
- $this->aAuditEntry[ 'message' ][] = esc_sql( $sAdditionalMessage );
296
 
297
  if ( $nCategory > $this->aAuditEntry[ 'category' ] ) {
298
  $this->aAuditEntry[ 'category' ] = $nCategory;
263
  }
264
 
265
  /**
266
+ * @param string $sMsg
267
  * @param int $nCategory
268
  * @param string $sEvent
269
  * @param string $sWpUsername
270
  * @return $this
271
  */
272
+ public function addToAuditEntry( $sMsg = '', $nCategory = 1, $sEvent = '', $sWpUsername = '' ) {
273
  if ( !isset( $this->aAuditEntry ) ) {
274
 
275
  if ( empty( $sWpUsername ) ) {
292
  );
293
  }
294
 
295
+ $this->aAuditEntry[ 'message' ][] = esc_sql( $sMsg );
296
 
297
  if ( $nCategory > $this->aAuditEntry[ 'category' ] ) {
298
  $this->aAuditEntry[ 'category' ] = $nCategory;
src/processors/hackprotect_ptguard.php CHANGED
@@ -114,20 +114,53 @@ class ICWP_WPSF_Processor_HackProtect_PTGuard extends ICWP_WPSF_Processor_CronBa
114
 
115
  /**
116
  * @param WP_Upgrader $oUpgrader
117
- * @param array $aUpgradeInfo
118
  */
119
- public function updateSnapshotAfterUpgrade( $oUpgrader, $aUpgradeInfo ) {
120
 
121
  $sContext = '';
122
- if ( !empty( $aUpgradeInfo[ self::CONTEXT_PLUGINS ] ) ) {
 
 
 
123
  $sContext = self::CONTEXT_PLUGINS;
 
 
 
 
 
124
  }
125
- else if ( !empty( $aUpgradeInfo[ self::CONTEXT_PLUGINS ] ) ) {
126
  $sContext = self::CONTEXT_PLUGINS;
 
127
  }
 
 
 
 
 
 
128
 
129
- if ( !empty( $sContext ) ) {
130
- foreach ( $aUpgradeInfo[ $sContext ] as $sSlug ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
131
  $this->updateItemInSnapshot( $sSlug, $sContext );
132
  }
133
  }
@@ -142,7 +175,8 @@ class ICWP_WPSF_Processor_HackProtect_PTGuard extends ICWP_WPSF_Processor_CronBa
142
  $aSnapshot = $this->loadSnapshotData( $sContext );
143
  if ( isset( $aSnapshot[ $sSlug ] ) ) {
144
  unset( $aSnapshot[ $sSlug ] );
145
- $this->storeSnapshot( $aSnapshot, $sContext );
 
146
  }
147
  return $this;
148
  }
@@ -166,7 +200,8 @@ class ICWP_WPSF_Processor_HackProtect_PTGuard extends ICWP_WPSF_Processor_CronBa
166
  if ( $aNewSnapData ) {
167
  $aSnapshot = $this->loadSnapshotData( $sContext );
168
  $aSnapshot[ $sSlug ] = $aNewSnapData;
169
- $this->storeSnapshot( $aSnapshot, $sContext );
 
170
  }
171
 
172
  return $this;
@@ -642,6 +677,19 @@ class ICWP_WPSF_Processor_HackProtect_PTGuard extends ICWP_WPSF_Processor_CronBa
642
  $oFO = $this->getMod();
643
  return $oFO->getPtgSnapsBaseDir();
644
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
645
  }
646
 
647
  class GuardRecursiveFilterIterator extends RecursiveFilterIterator {
114
 
115
  /**
116
  * @param WP_Upgrader $oUpgrader
117
+ * @param array $aInfo Upgrade/Install Information
118
  */
119
+ public function updateSnapshotAfterUpgrade( $oUpgrader, $aInfo ) {
120
 
121
  $sContext = '';
122
+ $aSlugs = array();
123
+
124
+ // Need to account for single and bulk updates. First bulk
125
+ if ( !empty( $aInfo[ self::CONTEXT_PLUGINS ] ) ) {
126
  $sContext = self::CONTEXT_PLUGINS;
127
+ $aSlugs = $aInfo[ $sContext ];
128
+ }
129
+ else if ( !empty( $aInfo[ self::CONTEXT_THEMES ] ) ) {
130
+ $sContext = self::CONTEXT_THEMES;
131
+ $aSlugs = $aInfo[ $sContext ];
132
  }
133
+ else if ( !empty( $aInfo[ 'plugin' ] ) ) {
134
  $sContext = self::CONTEXT_PLUGINS;
135
+ $aSlugs = array( $aInfo[ 'plugin' ] );
136
  }
137
+ else if ( !empty( $aInfo[ 'theme' ] ) ) {
138
+ $sContext = self::CONTEXT_THEMES;
139
+ $aSlugs = array( $aInfo[ 'theme' ] );
140
+ }
141
+ else if ( isset( $aInfo[ 'action' ] ) && $aInfo[ 'action' ] == 'install' && isset( $aInfo[ 'type' ] )
142
+ && !empty( $oUpgrader->result[ 'destination_name' ] ) ) {
143
 
144
+ if ( $aInfo[ 'type' ] == 'plugin' ) {
145
+ $oWpPlugins = $this->loadWpPlugins();
146
+ $sDir = $oWpPlugins->getFileFromDirName( $oUpgrader->result[ 'destination_name' ] );
147
+ if ( $sDir && $oWpPlugins->isActive( $sDir ) ) {
148
+ $sContext = self::CONTEXT_PLUGINS;
149
+ $aSlugs = array( $sDir );
150
+ }
151
+ }
152
+ else if ( $aInfo[ 'type' ] == 'theme' ) {
153
+ $sDir = $oUpgrader->result[ 'destination_name' ];
154
+ if ( $this->loadWpThemes()->isActive( $sDir ) ) {
155
+ $sContext = self::CONTEXT_THEMES;
156
+ $aSlugs = array( $sDir );
157
+ }
158
+ }
159
+ }
160
+
161
+ // update snaptshots
162
+ if ( is_array( $aSlugs ) ) {
163
+ foreach ( $aSlugs as $sSlug ) {
164
  $this->updateItemInSnapshot( $sSlug, $sContext );
165
  }
166
  }
175
  $aSnapshot = $this->loadSnapshotData( $sContext );
176
  if ( isset( $aSnapshot[ $sSlug ] ) ) {
177
  unset( $aSnapshot[ $sSlug ] );
178
+ $this->addToAuditEntry( sprintf( _wpsf__( 'File signatures removed for item "%s"' ), $sSlug ) )
179
+ ->storeSnapshot( $aSnapshot, $sContext );
180
  }
181
  return $this;
182
  }
200
  if ( $aNewSnapData ) {
201
  $aSnapshot = $this->loadSnapshotData( $sContext );
202
  $aSnapshot[ $sSlug ] = $aNewSnapData;
203
+ $this->storeSnapshot( $aSnapshot, $sContext )
204
+ ->addToAuditEntry( sprintf( _wpsf__( 'File signatures updated for item "%s"' ), $sSlug ) );
205
  }
206
 
207
  return $this;
677
  $oFO = $this->getMod();
678
  return $oFO->getPtgSnapsBaseDir();
679
  }
680
+
681
+ /**
682
+ * @param string $sMsg
683
+ * @param int $nCategory
684
+ * @param string $sEvent
685
+ * @param string $sWpUsername
686
+ * @return $this
687
+ */
688
+ public function addToAuditEntry( $sMsg = '', $nCategory = 1, $sEvent = '', $sWpUsername = '' ) {
689
+ $sMsg = sprintf( '[%s]: %s', _wpsf__( 'Plugin/Theme Guard' ), $sMsg );
690
+ parent::addToAuditEntry( $sMsg, $nCategory, $sEvent, $sWpUsername );
691
+ return $this;
692
+ }
693
  }
694
 
695
  class GuardRecursiveFilterIterator extends RecursiveFilterIterator {
src/processors/loginprotect_googleauthenticator.php CHANGED
@@ -122,9 +122,8 @@ class ICWP_WPSF_Processor_LoginProtect_GoogleAuthenticator extends ICWP_WPSF_Pro
122
  * @return $this
123
  */
124
  protected function processRemovalFromAccount( $oUser ) {
125
- $oMeta = $this->loadWpUsers()->metaVoForUser( $this->prefix(), $oUser->ID );
126
- $oMeta->ga_validated = 'N';
127
- $oMeta->ga_secret = 'N';
128
  return $this;
129
  }
130
 
@@ -372,6 +371,15 @@ class ICWP_WPSF_Processor_LoginProtect_GoogleAuthenticator extends ICWP_WPSF_Pro
372
  return $this->loadGoogleAuthenticatorProcessor()->generateNewSecret();
373
  }
374
 
 
 
 
 
 
 
 
 
 
375
  /**
376
  * @return string
377
  */
122
  * @return $this
123
  */
124
  protected function processRemovalFromAccount( $oUser ) {
125
+ $this->setProfileValidated( $oUser, false )
126
+ ->resetSecret( $oUser );
 
127
  return $this;
128
  }
129
 
371
  return $this->loadGoogleAuthenticatorProcessor()->generateNewSecret();
372
  }
373
 
374
+ /**
375
+ * @param WP_User $oUser
376
+ * @return string
377
+ */
378
+ protected function getSecret( WP_User $oUser ) {
379
+ $sSec = parent::getSecret( $oUser );
380
+ return empty( $sSec ) ? $this->resetSecret( $oUser ) : $sSec;
381
+ }
382
+
383
  /**
384
  * @return string
385
  */
src/processors/loginprotect_intentprovider_base.php CHANGED
@@ -79,7 +79,7 @@ abstract class ICWP_WPSF_Processor_LoginProtect_IntentProviderBase extends ICWP_
79
  protected function hasValidatedProfile( $oUser ) {
80
  $sKey = $this->getStub().'_validated';
81
  return ( $oUser instanceof WP_User )
82
- && $this->loadWpUsers()->metaVoForUser( $this->prefix(), $oUser->ID )->{$sKey};
83
  }
84
 
85
  /**
@@ -238,7 +238,7 @@ abstract class ICWP_WPSF_Processor_LoginProtect_IntentProviderBase extends ICWP_
238
  }
239
 
240
  /**
241
- * @param bool $bIsSubjectTo
242
  * @param WP_User $oUser
243
  * @return bool
244
  */
79
  protected function hasValidatedProfile( $oUser ) {
80
  $sKey = $this->getStub().'_validated';
81
  return ( $oUser instanceof WP_User )
82
+ && $this->loadWpUsers()->metaVoForUser( $this->prefix(), $oUser->ID )->{$sKey} === true;
83
  }
84
 
85
  /**
238
  }
239
 
240
  /**
241
+ * @param bool $bIsSubjectTo
242
  * @param WP_User $oUser
243
  * @return bool
244
  */
src/processors/traffic_logger.php CHANGED
@@ -82,7 +82,8 @@ class ICWP_WPSF_Processor_TrafficLogger extends ICWP_WPSF_BaseDbProcessor {
82
  return $this->isIp_GoogleBot( $sIp, $sAgent )
83
  || $this->isIp_BingBot( $sIp, $sAgent )
84
  || $this->isIp_DuckDuckGoBot( $sIp, $sAgent )
85
- || $this->isIp_YandexBot( $sIp, $sAgent );
 
86
  }
87
 
88
  /**
@@ -177,6 +178,27 @@ class ICWP_WPSF_Processor_TrafficLogger extends ICWP_WPSF_BaseDbProcessor {
177
  return in_array( $sIp, $aIps );
178
  }
179
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
180
  /**
181
  * @param string $sIp
182
  * @return bool
82
  return $this->isIp_GoogleBot( $sIp, $sAgent )
83
  || $this->isIp_BingBot( $sIp, $sAgent )
84
  || $this->isIp_DuckDuckGoBot( $sIp, $sAgent )
85
+ || $this->isIp_YandexBot( $sIp, $sAgent )
86
+ || $this->isIp_AppleBot( $sIp, $sAgent );
87
  }
88
 
89
  /**
178
  return in_array( $sIp, $aIps );
179
  }
180
 
181
+ /**
182
+ * @param string $sIp
183
+ * @param string $sUserAgent
184
+ * @return bool
185
+ */
186
+ protected function isIp_AppleBot( $sIp, $sUserAgent ) {
187
+ $oWp = $this->loadWp();
188
+
189
+ $aIps = $oWp->getTransient( $this->prefix( 'serviceips_applebot' ) );
190
+ if ( !is_array( $aIps ) ) {
191
+ $aIps = array();
192
+ }
193
+
194
+ if ( !in_array( $sIp, $aIps ) && $this->loadIpService()->isIpAppleBot( $sIp, $sUserAgent ) ) {
195
+ $aIps[] = $sIp;
196
+ $aIps = $oWp->setTransient( $this->prefix( 'serviceips_applebot' ), $aIps, WEEK_IN_SECONDS*4 );
197
+ }
198
+
199
+ return in_array( $sIp, $aIps );
200
+ }
201
+
202
  /**
203
  * @param string $sIp
204
  * @return bool