Version Description
Download this release
Release Info
Developer | bmarshall511 |
Plugin | WordPress Zero Spam |
Version | 5.4.2 |
Comparing to | |
See all releases |
Code changes from version 5.4.1 to 5.4.2
- core/admin/class-settings.php +5 -5
- core/class-access.php +0 -1
- core/class-utilities.php +2 -0
- includes/class-plugin.php +35 -3
- modules/class-security.php +0 -41
- modules/elementor/class-elementor.php +171 -0
- modules/elementor/icon-elementor.svg +1 -0
- modules/gravityforms/class-gravityforms.php +2 -4
- modules/ipbase/class-ipbase.php +184 -0
- modules/ipbase/icon-ipbase.svg +1 -0
- modules/security/class-security.php +230 -0
- modules/security/icon-security.svg +10 -0
- readme.txt +14 -7
- wordpress-zero-spam.php +2 -2
core/admin/class-settings.php
CHANGED
@@ -558,7 +558,7 @@ class Settings {
|
|
558 |
?>
|
559 |
<div class="zerospam-block">
|
560 |
<div class="zerospam-block__content zerospam-block__content--supports">
|
561 |
-
<strong><?php _e( '
|
562 |
<?php
|
563 |
foreach ( $section['supports'] as $k => $s ) :
|
564 |
switch ( $s ) :
|
@@ -566,13 +566,13 @@ class Settings {
|
|
566 |
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-honeypot.svg" alt="' . esc_attr( __( 'Honeypot', 'zero-spam' ) ) . '" />';
|
567 |
break;
|
568 |
case 'email':
|
569 |
-
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-email.svg" alt="' . esc_attr( __( 'Email', 'zero-spam' ) ) . '" />';
|
570 |
break;
|
571 |
case 'davidwalsh':
|
572 |
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'modules/davidwalsh/icon-david-walsh.png" alt="' . esc_attr( __( 'David Walsh', 'zero-spam' ) ) . '" />';
|
573 |
break;
|
574 |
case 'words':
|
575 |
-
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-words.svg" alt="' . esc_attr( __( 'Disallowed Words', 'zero-spam' ) ) . '" />';
|
576 |
break;
|
577 |
endswitch;
|
578 |
|
@@ -582,8 +582,8 @@ class Settings {
|
|
582 |
</div>
|
583 |
<?php
|
584 |
endif;
|
585 |
-
|
586 |
-
|
587 |
|
588 |
<?php if ( ! in_array( $subview, array( 'export', 'errors' ) ) ) : ?>
|
589 |
<?php
|
558 |
?>
|
559 |
<div class="zerospam-block">
|
560 |
<div class="zerospam-block__content zerospam-block__content--supports">
|
561 |
+
<strong><?php _e( 'Supported Signals', 'zero-spam' ); ?>:</strong>
|
562 |
<?php
|
563 |
foreach ( $section['supports'] as $k => $s ) :
|
564 |
switch ( $s ) :
|
566 |
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-honeypot.svg" alt="' . esc_attr( __( 'Honeypot', 'zero-spam' ) ) . '" />';
|
567 |
break;
|
568 |
case 'email':
|
569 |
+
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-email.svg" alt="' . esc_attr( __( 'Email Protection', 'zero-spam' ) ) . '" title="' . esc_attr( __( 'Email Protection', 'zero-spam' ) ) . '" />';
|
570 |
break;
|
571 |
case 'davidwalsh':
|
572 |
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'modules/davidwalsh/icon-david-walsh.png" alt="' . esc_attr( __( 'David Walsh', 'zero-spam' ) ) . '" />';
|
573 |
break;
|
574 |
case 'words':
|
575 |
+
echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-words.svg" alt="' . esc_attr( __( 'Disallowed Words', 'zero-spam' ) ) . '" title="' . esc_attr( __( 'Disallowed Words', 'zero-spam' ) ) . '" />';
|
576 |
break;
|
577 |
endswitch;
|
578 |
|
582 |
</div>
|
583 |
<?php
|
584 |
endif;
|
585 |
+
endforeach;
|
586 |
+
?>
|
587 |
|
588 |
<?php if ( ! in_array( $subview, array( 'export', 'errors' ) ) ) : ?>
|
589 |
<?php
|
core/class-access.php
CHANGED
@@ -16,7 +16,6 @@ defined( 'ABSPATH' ) || die();
|
|
16 |
* Access
|
17 |
*/
|
18 |
class Access {
|
19 |
-
|
20 |
/**
|
21 |
* Constructor
|
22 |
*/
|
16 |
* Access
|
17 |
*/
|
18 |
class Access {
|
|
|
19 |
/**
|
20 |
* Constructor
|
21 |
*/
|
core/class-utilities.php
CHANGED
@@ -849,6 +849,8 @@ class Utilities {
|
|
849 |
}
|
850 |
}
|
851 |
}
|
|
|
|
|
852 |
|
853 |
// 3. Query the IPinfo API.
|
854 |
$ipinfo_location = ZeroSpam\Modules\IPinfoModule::get_geolocation( $ip );
|
849 |
}
|
850 |
}
|
851 |
}
|
852 |
+
// 2. Query ipbase
|
853 |
+
$location_details = apply_filters( 'zero_spam_ip_address_details', $ip, $location_details );
|
854 |
|
855 |
// 3. Query the IPinfo API.
|
856 |
$ipinfo_location = ZeroSpam\Modules\IPinfoModule::get_geolocation( $ip );
|
includes/class-plugin.php
CHANGED
@@ -31,6 +31,7 @@ class Plugin {
|
|
31 |
|
32 |
add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
|
33 |
add_filter( 'zerospam_failed_types', array( $this, 'failed_types' ), 10, 1 );
|
|
|
34 |
}
|
35 |
|
36 |
/**
|
@@ -85,7 +86,7 @@ class Plugin {
|
|
85 |
new \ZeroSpam\Includes\Updates();
|
86 |
|
87 |
// Site security
|
88 |
-
new \ZeroSpam\Modules\Security();
|
89 |
|
90 |
// Zero Spam module.
|
91 |
new \ZeroSpam\Modules\Zero_Spam();
|
@@ -96,12 +97,15 @@ class Plugin {
|
|
96 |
// Project Honeypot module.
|
97 |
new \ZeroSpam\Modules\ProjectHoneypot();
|
98 |
|
99 |
-
//
|
100 |
-
new \ZeroSpam\Modules\
|
101 |
|
102 |
// IPinfo module.
|
103 |
new \ZeroSpam\Modules\IPinfoModule();
|
104 |
|
|
|
|
|
|
|
105 |
if ( is_admin() ) {
|
106 |
// Google API module.
|
107 |
new \ZeroSpam\Modules\Google();
|
@@ -122,6 +126,11 @@ class Plugin {
|
|
122 |
// Used to check if a plugin is installed & active.
|
123 |
include_once ABSPATH . 'wp-admin/includes/plugin.php';
|
124 |
|
|
|
|
|
|
|
|
|
|
|
125 |
// GiveWP plugin module.
|
126 |
if ( is_plugin_active( 'give/give.php' ) ) {
|
127 |
new \ZeroSpam\Modules\Give\Give();
|
@@ -181,6 +190,29 @@ class Plugin {
|
|
181 |
|
182 |
return $types;
|
183 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
184 |
}
|
185 |
|
186 |
Plugin::instance();
|
31 |
|
32 |
add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
|
33 |
add_filter( 'zerospam_failed_types', array( $this, 'failed_types' ), 10, 1 );
|
34 |
+
add_action( 'zero_spam_flagged_attempt', array( $this, 'flagged_attempt' ), 10, 3 );
|
35 |
}
|
36 |
|
37 |
/**
|
86 |
new \ZeroSpam\Includes\Updates();
|
87 |
|
88 |
// Site security
|
89 |
+
new \ZeroSpam\Modules\Security\Security();
|
90 |
|
91 |
// Zero Spam module.
|
92 |
new \ZeroSpam\Modules\Zero_Spam();
|
97 |
// Project Honeypot module.
|
98 |
new \ZeroSpam\Modules\ProjectHoneypot();
|
99 |
|
100 |
+
// ipbase module
|
101 |
+
new \ZeroSpam\Modules\ipbase\ipbase();
|
102 |
|
103 |
// IPinfo module.
|
104 |
new \ZeroSpam\Modules\IPinfoModule();
|
105 |
|
106 |
+
// ipstack module.
|
107 |
+
new \ZeroSpam\Modules\ipstack();
|
108 |
+
|
109 |
if ( is_admin() ) {
|
110 |
// Google API module.
|
111 |
new \ZeroSpam\Modules\Google();
|
126 |
// Used to check if a plugin is installed & active.
|
127 |
include_once ABSPATH . 'wp-admin/includes/plugin.php';
|
128 |
|
129 |
+
// Elementor plugin module.
|
130 |
+
/*if ( is_plugin_active( 'elementor-pro/elementor-pro.php' ) ) {
|
131 |
+
new \ZeroSpam\Modules\Elementor\Elementor();
|
132 |
+
}*/
|
133 |
+
|
134 |
// GiveWP plugin module.
|
135 |
if ( is_plugin_active( 'give/give.php' ) ) {
|
136 |
new \ZeroSpam\Modules\Give\Give();
|
190 |
|
191 |
return $types;
|
192 |
}
|
193 |
+
|
194 |
+
/**
|
195 |
+
* Action taken for flagged attempts
|
196 |
+
*
|
197 |
+
* @param string $module The associated module.
|
198 |
+
* @param string $signal The associated signal.
|
199 |
+
* @param array $data Additional attempt data.
|
200 |
+
*/
|
201 |
+
public function flagged_attempt( $module, $signal, $data ) {
|
202 |
+
$details = array(
|
203 |
+
'type' => $module,
|
204 |
+
'failed' => $signal,
|
205 |
+
'data' => $data,
|
206 |
+
);
|
207 |
+
|
208 |
+
if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( $module . '_log_flagged_attempts' ) ) {
|
209 |
+
\ZeroSpam\Includes\DB::log( $module, $details );
|
210 |
+
}
|
211 |
+
|
212 |
+
if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'share_data' ) ) {
|
213 |
+
do_action( 'zerospam_share_detection', $details );
|
214 |
+
}
|
215 |
+
}
|
216 |
}
|
217 |
|
218 |
Plugin::instance();
|
modules/class-security.php
DELETED
@@ -1,41 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
/**
|
3 |
-
* Site security
|
4 |
-
*
|
5 |
-
* Implement Zero Spam's recommended WordPress security practices.
|
6 |
-
*
|
7 |
-
* @package ZeroSpam
|
8 |
-
*/
|
9 |
-
|
10 |
-
namespace ZeroSpam\Modules;
|
11 |
-
|
12 |
-
// Security Note: Blocks direct access to the plugin PHP files.
|
13 |
-
defined( 'ABSPATH' ) || die();
|
14 |
-
|
15 |
-
/**
|
16 |
-
* Security class
|
17 |
-
*/
|
18 |
-
class Security {
|
19 |
-
/**
|
20 |
-
* Constructor
|
21 |
-
*/
|
22 |
-
public function __construct() {
|
23 |
-
// It can be considered a security risk to make your WP version visible &
|
24 |
-
// public you should hide it.
|
25 |
-
remove_action( 'wp_head', 'wp_generator' );
|
26 |
-
|
27 |
-
// XML-RPC can significantly amplify the brute-force attacks.
|
28 |
-
add_filter( 'xmlrpc_enabled', '__return_false' );
|
29 |
-
|
30 |
-
// Fired on detections.
|
31 |
-
add_action( 'zero_spam_detection', array( $this, 'handle_detection' ), 10, 2 );
|
32 |
-
}
|
33 |
-
|
34 |
-
/**
|
35 |
-
* Handles detections.
|
36 |
-
*
|
37 |
-
* @param array $validation_errors Array of validation errors.
|
38 |
-
*/
|
39 |
-
public function handle_detection( $details, $validation_errors ) {
|
40 |
-
}
|
41 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
modules/elementor/class-elementor.php
ADDED
@@ -0,0 +1,171 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* Adds integration for Elementor Pro forms
|
4 |
+
*
|
5 |
+
* @package ZeroSpam
|
6 |
+
*/
|
7 |
+
|
8 |
+
namespace ZeroSpam\Modules\Elementor;
|
9 |
+
|
10 |
+
// Security Note: Blocks direct access to the plugin PHP files.
|
11 |
+
defined( 'ABSPATH' ) || die();
|
12 |
+
|
13 |
+
/**
|
14 |
+
* Elementor
|
15 |
+
*/
|
16 |
+
class Elementor {
|
17 |
+
/**
|
18 |
+
* Constructor
|
19 |
+
*/
|
20 |
+
public function __construct() {
|
21 |
+
add_action( 'init', array( $this, 'init' ) );
|
22 |
+
wp_add_inline_style(
|
23 |
+
'zero-spam-admin',
|
24 |
+
'
|
25 |
+
.zerospam-type-elementor::before {
|
26 |
+
background-image: url("../../modules/elementor/icon-elementor.svg");
|
27 |
+
}
|
28 |
+
'
|
29 |
+
);
|
30 |
+
}
|
31 |
+
|
32 |
+
/**
|
33 |
+
* Fires after WordPress has finished loading but before any headers are sent
|
34 |
+
*/
|
35 |
+
public function init() {
|
36 |
+
add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
|
37 |
+
add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
|
38 |
+
add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
|
39 |
+
|
40 |
+
if (
|
41 |
+
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'elementor_enabled' ) &&
|
42 |
+
\ZeroSpam\Core\Access::process()
|
43 |
+
) {
|
44 |
+
add_action( 'elementor_pro/forms/validation/email', array( $this, 'validate_email' ), 10, 3 );
|
45 |
+
add_action( 'elementor_pro/forms/validation/text', array( $this, 'validate_text' ), 10, 3 );
|
46 |
+
add_action( 'elementor_pro/forms/validation/textarea', array( $this, 'validate_text' ), 10, 3 );
|
47 |
+
add_action( 'elementor_pro/forms/validation/html', array( $this, 'validate_text' ), 10, 3 );
|
48 |
+
}
|
49 |
+
}
|
50 |
+
|
51 |
+
/**
|
52 |
+
* Admin setting sections
|
53 |
+
*
|
54 |
+
* @param array $sections Array of admin setting sections.
|
55 |
+
*/
|
56 |
+
public function sections( $sections ) {
|
57 |
+
$sections['elementor'] = array(
|
58 |
+
'title' => __( 'Elementor', 'zero-spam' ),
|
59 |
+
'icon' => 'modules/elementor/icon-elementor.svg',
|
60 |
+
'supports' => array( 'email', 'words' ),
|
61 |
+
);
|
62 |
+
|
63 |
+
return $sections;
|
64 |
+
}
|
65 |
+
|
66 |
+
/**
|
67 |
+
* Admin settings
|
68 |
+
*
|
69 |
+
* @param array $settings Array of available settings.
|
70 |
+
*/
|
71 |
+
public function settings( $settings ) {
|
72 |
+
$options = get_option( 'zero-spam-elementor' );
|
73 |
+
|
74 |
+
$settings['elementor_enabled'] = array(
|
75 |
+
'title' => wp_kses(
|
76 |
+
__( 'Protect Form Submissions', 'zero-spam' ),
|
77 |
+
array(
|
78 |
+
'a' => array(
|
79 |
+
'href' => array(),
|
80 |
+
'class' => array(),
|
81 |
+
'target' => array(),
|
82 |
+
'rel' => array(),
|
83 |
+
),
|
84 |
+
)
|
85 |
+
),
|
86 |
+
'desc' => __( 'Protects & monitors Elementor form submissions.', 'zero-spam' ),
|
87 |
+
'module' => 'elementor',
|
88 |
+
'type' => 'checkbox',
|
89 |
+
'options' => array(
|
90 |
+
'enabled' => false,
|
91 |
+
),
|
92 |
+
'value' => ! empty( $options['elementor_enabled'] ) ? $options['elementor_enabled'] : false,
|
93 |
+
'recommended' => 'enabled',
|
94 |
+
);
|
95 |
+
|
96 |
+
$message = __( 'We were unable to process your submission due to possible malicious activity.', 'zero-spam' );
|
97 |
+
$settings['elementor_flagged_msg'] = array(
|
98 |
+
'title' => __( 'Flagged Message', 'zero-spam' ),
|
99 |
+
'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
|
100 |
+
'module' => 'elementor',
|
101 |
+
'type' => 'text',
|
102 |
+
'field_class' => 'large-text',
|
103 |
+
'placeholder' => $message,
|
104 |
+
'value' => ! empty( $options['elementor_flagged_msg'] ) ? $options['elementor_flagged_msg'] : $message,
|
105 |
+
'recommended' => $message,
|
106 |
+
);
|
107 |
+
|
108 |
+
$settings['elementor_log_flagged_attempts'] = array(
|
109 |
+
'title' => __( 'Log Flagged Attempts', 'zero-spam' ),
|
110 |
+
'module' => 'elementor',
|
111 |
+
'type' => 'checkbox',
|
112 |
+
'desc' => wp_kses(
|
113 |
+
__( 'When enabled, stores blocked form submissions in the database.', 'zero-spam' ),
|
114 |
+
array( 'strong' => array() )
|
115 |
+
),
|
116 |
+
'options' => array(
|
117 |
+
'enabled' => false
|
118 |
+
),
|
119 |
+
'value' => ! empty( $options['elementor_log_flagged_attempts'] ) ? $options['elementor_log_flagged_attempts'] : false,
|
120 |
+
'recommended' => 'enabled',
|
121 |
+
);
|
122 |
+
|
123 |
+
return $settings;
|
124 |
+
}
|
125 |
+
|
126 |
+
/**
|
127 |
+
* Register custom fields
|
128 |
+
*
|
129 |
+
* @param \ElementorPro\Modules\Forms\Registrars\Form_Fields_Registrar $form_fields_registrar
|
130 |
+
*/
|
131 |
+
public function register_fields( $form_fields_registrar ) {
|
132 |
+
//require_once ZEROSPAM_PATH . 'modules/elementor/fields/class-honeypot.php';
|
133 |
+
}
|
134 |
+
|
135 |
+
/**
|
136 |
+
* Validates form on submission
|
137 |
+
*/
|
138 |
+
public function validate_form( $record, $ajax_handler ) {
|
139 |
+
|
140 |
+
}
|
141 |
+
|
142 |
+
/**
|
143 |
+
* Validates an email address
|
144 |
+
*/
|
145 |
+
public function validate_email( $field, $record, $ajax_handler ) {
|
146 |
+
if ( \ZeroSpam\Core\Utilities::is_email_domain_blocked( $field['value'] ) ) {
|
147 |
+
$ajax_handler->add_error( $field['id'], \ZeroSpam\Core\Utilities::detection_message( 'elementor_flagged_msg' ) );
|
148 |
+
return;
|
149 |
+
}
|
150 |
+
}
|
151 |
+
|
152 |
+
/**
|
153 |
+
* Validates text content
|
154 |
+
*/
|
155 |
+
public function validate_text( $field, $record, $ajax_handler ) {
|
156 |
+
if ( \ZeroSpam\Core\Utilities::is_disallowed( $field['value'] ) ) {
|
157 |
+
do_action(
|
158 |
+
'zero_spam_flagged_attempt',
|
159 |
+
'elementor',
|
160 |
+
'disallowed_list',
|
161 |
+
array(
|
162 |
+
'field' => $field,
|
163 |
+
'record' => $record,
|
164 |
+
)
|
165 |
+
);
|
166 |
+
|
167 |
+
$ajax_handler->add_error( $field['id'], \ZeroSpam\Core\Utilities::detection_message( 'elementor_flagged_msg' ) );
|
168 |
+
return;
|
169 |
+
}
|
170 |
+
}
|
171 |
+
}
|
modules/elementor/icon-elementor.svg
ADDED
@@ -0,0 +1 @@
|
|
|
1 |
+
<svg xmlns="http://www.w3.org/2000/svg" width="400" height="400" viewBox="0 0 400 400" fill="none"><g clip-path="url(#clip0)"><path d="M200 0C89.5321 0 0 89.5321 0 200C0 310.431 89.5321 400 200 400C310.468 400 400 310.468 400 200C399.964 89.5321 310.431 0 200 0ZM150.009 283.306H116.694V116.658H150.009V283.306ZM283.306 283.306H183.324V249.991H283.306V283.306ZM283.306 216.639H183.324V183.324H283.306V216.639ZM283.306 149.973H183.324V116.658H283.306V149.973Z" fill="#92003B"></path></g><defs><clipPath id="clip0"><rect width="400" height="400" fill="white"></rect></clipPath></defs></svg>
|
modules/gravityforms/class-gravityforms.php
CHANGED
@@ -5,7 +5,6 @@
|
|
5 |
* Malicious user detection techniques available:
|
6 |
*
|
7 |
* 1. Zero Spam honeypot field
|
8 |
-
* 2. Checks blocked email domains
|
9 |
*
|
10 |
* @package ZeroSpam
|
11 |
*/
|
@@ -74,7 +73,7 @@ class GravityForms {
|
|
74 |
$sections['gravityforms'] = array(
|
75 |
'title' => __( 'Gravity Forms', 'zero-spam' ),
|
76 |
'icon' => 'modules/gravityforms/icon-gravity-forms.svg',
|
77 |
-
'supports' => array( 'honeypot'
|
78 |
);
|
79 |
|
80 |
return $sections;
|
@@ -205,8 +204,7 @@ class GravityForms {
|
|
205 |
'recommended' => 'enabled',
|
206 |
);
|
207 |
|
208 |
-
$message = __( 'We were unable to process your submission
|
209 |
-
|
210 |
$settings['gravityforms_spam_message'] = array(
|
211 |
'title' => __( 'Flagged Message', 'zero-spam' ),
|
212 |
'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
|
5 |
* Malicious user detection techniques available:
|
6 |
*
|
7 |
* 1. Zero Spam honeypot field
|
|
|
8 |
*
|
9 |
* @package ZeroSpam
|
10 |
*/
|
73 |
$sections['gravityforms'] = array(
|
74 |
'title' => __( 'Gravity Forms', 'zero-spam' ),
|
75 |
'icon' => 'modules/gravityforms/icon-gravity-forms.svg',
|
76 |
+
'supports' => array( 'honeypot' ),
|
77 |
);
|
78 |
|
79 |
return $sections;
|
204 |
'recommended' => 'enabled',
|
205 |
);
|
206 |
|
207 |
+
$message = __( 'We were unable to process your submission due to possible malicious activity.', 'zero-spam' );
|
|
|
208 |
$settings['gravityforms_spam_message'] = array(
|
209 |
'title' => __( 'Flagged Message', 'zero-spam' ),
|
210 |
'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
|
modules/ipbase/class-ipbase.php
ADDED
@@ -0,0 +1,184 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* Adds integration for ipbase.com IP lookup service
|
4 |
+
*
|
5 |
+
* @package ZeroSpam
|
6 |
+
*/
|
7 |
+
|
8 |
+
namespace ZeroSpam\Modules\ipbase;
|
9 |
+
|
10 |
+
// Security Note: Blocks direct access to the plugin PHP files.
|
11 |
+
defined( 'ABSPATH' ) || die();
|
12 |
+
|
13 |
+
/**
|
14 |
+
* ipbase
|
15 |
+
*/
|
16 |
+
class ipbase {
|
17 |
+
/**
|
18 |
+
* Constructor
|
19 |
+
*/
|
20 |
+
public function __construct() {
|
21 |
+
add_action( 'init', array( $this, 'init' ) );
|
22 |
+
}
|
23 |
+
|
24 |
+
/**
|
25 |
+
* Fires after WordPress has finished loading but before any headers are sent
|
26 |
+
*/
|
27 |
+
public function init() {
|
28 |
+
add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
|
29 |
+
add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
|
30 |
+
add_filter( 'zero_spam_ip_address_details', array( $this, 'ip_address_details' ), 10, 2 );
|
31 |
+
}
|
32 |
+
|
33 |
+
/**
|
34 |
+
* Admin setting sections
|
35 |
+
*
|
36 |
+
* @param array $sections Array of admin setting sections.
|
37 |
+
*/
|
38 |
+
public function sections( $sections ) {
|
39 |
+
$sections['ipbase'] = array(
|
40 |
+
'title' => __( 'ipbase (geolocation)', 'zero-spam' ),
|
41 |
+
'icon' => 'modules/ipbase/icon-ipbase.svg',
|
42 |
+
);
|
43 |
+
|
44 |
+
return $sections;
|
45 |
+
}
|
46 |
+
|
47 |
+
/**
|
48 |
+
* Admin settings
|
49 |
+
*
|
50 |
+
* @param array $settings Array of available settings.
|
51 |
+
*/
|
52 |
+
public function settings( $settings ) {
|
53 |
+
$options = get_option( 'zero-spam-ipbase' );
|
54 |
+
|
55 |
+
$settings['ipbase_api_key'] = array(
|
56 |
+
'title' => __( 'API Key', 'zero-spam' ),
|
57 |
+
'desc' => sprintf(
|
58 |
+
wp_kses(
|
59 |
+
/* translators: %1$s: Replaced with the ipbase URL */
|
60 |
+
__( 'Enter your ipbase API key. Don\'t have an API key? <a href="%1$s" target="_blank" rel="noopener noreferrer"><strong>Get one for free!</strong></a>', 'zero-spam' ),
|
61 |
+
array(
|
62 |
+
'strong' => array(),
|
63 |
+
'a' => array(
|
64 |
+
'target' => array(),
|
65 |
+
'href' => array(),
|
66 |
+
'rel' => array(),
|
67 |
+
),
|
68 |
+
)
|
69 |
+
),
|
70 |
+
esc_url( 'https://app.ipbase.com/register' )
|
71 |
+
),
|
72 |
+
'module' => 'ipbase',
|
73 |
+
'type' => 'text',
|
74 |
+
'field_class' => 'regular-text',
|
75 |
+
'placeholder' => __( 'Enter your ipbase API key.', 'zero-spam' ),
|
76 |
+
'value' => ! empty( $options['ipbase_api_key'] ) ? $options['ipbase_api_key'] : false,
|
77 |
+
);
|
78 |
+
|
79 |
+
$settings['ipbase_api_timeout'] = array(
|
80 |
+
'title' => __( 'API Timeout', 'zero-spam' ),
|
81 |
+
'module' => 'ipbase',
|
82 |
+
'type' => 'number',
|
83 |
+
'field_class' => 'small-text',
|
84 |
+
'suffix' => __( 'seconds', 'zero-spam' ),
|
85 |
+
'placeholder' => __( '5', 'zero-spam' ),
|
86 |
+
'desc' => __( 'Controls how long to wait for the api to return a response, 5 seconds is recommended. Too high could result in degraded performance, too low & it won\'t have time to respond.', 'zero-spam' ),
|
87 |
+
'value' => ! empty( $options['ipbase_api_timeout'] ) ? $options['ipbase_api_timeout'] : 5,
|
88 |
+
'recommended' => 5,
|
89 |
+
);
|
90 |
+
|
91 |
+
$settings['ipbase_cache'] = array(
|
92 |
+
'title' => __( 'Cache Expiration', 'zero-spam' ),
|
93 |
+
'module' => 'ipbase',
|
94 |
+
'type' => 'number',
|
95 |
+
'field_class' => 'small-text',
|
96 |
+
'suffix' => __( 'day(s)', 'zero-spam' ),
|
97 |
+
'placeholder' => __( 'Number of days', 'zero-spam' ),
|
98 |
+
'desc' => __( 'Controls how long IP data is cached, 30 days is recommended. Too low could result in degraded performance.', 'zero-spam' ),
|
99 |
+
'value' => ! empty( $options['ipbase_cache'] ) ? $options['ipbase_cache'] : 30,
|
100 |
+
'recommended' => 30,
|
101 |
+
);
|
102 |
+
|
103 |
+
return $settings;
|
104 |
+
}
|
105 |
+
|
106 |
+
/**
|
107 |
+
* Returns an IP addresses' details
|
108 |
+
*
|
109 |
+
* @param string $ip_address_details IP address details.
|
110 |
+
*/
|
111 |
+
public function ip_address_details( $ip_address, $ip_address_details ) {
|
112 |
+
$response_mapping = array(
|
113 |
+
'country_code' => 'country_code',
|
114 |
+
'country_name' => 'country_name',
|
115 |
+
'region_code' => 'region_code',
|
116 |
+
'region_name' => 'region_name',
|
117 |
+
'city' => 'city',
|
118 |
+
'zip_code' => 'zip',
|
119 |
+
'time_zone' => 'timezone',
|
120 |
+
'latitude' => 'latitude',
|
121 |
+
'longitude' => 'longitude',
|
122 |
+
);
|
123 |
+
|
124 |
+
$api_response = self::query_ip_address( $ip_address );
|
125 |
+
if ( $api_response ) {
|
126 |
+
foreach ( $response_mapping as $api_key => $details_key ) {
|
127 |
+
if ( ! empty( $api_response[ $api_key ] ) ) {
|
128 |
+
$ip_address_details[ $details_key ] = sanitize_text_field( $api_response[ $api_key ] );
|
129 |
+
}
|
130 |
+
}
|
131 |
+
}
|
132 |
+
|
133 |
+
return $ip_address_details;
|
134 |
+
}
|
135 |
+
|
136 |
+
/**
|
137 |
+
* Query an IP address
|
138 |
+
*
|
139 |
+
* @param string $ip_address IP address to query.
|
140 |
+
*/
|
141 |
+
public static function query_ip_address( $ip_address ) {
|
142 |
+
$plugin_settings = \ZeroSpam\Core\Settings::get_settings();
|
143 |
+
|
144 |
+
if ( empty( $plugin_settings['ipbase_api_key']['value'] ) || ! rest_is_ip_address( $ip_address ) ) {
|
145 |
+
return false;
|
146 |
+
}
|
147 |
+
|
148 |
+
$queried_cache_key = \ZeroSpam\Core\Utilities::cache_key(
|
149 |
+
array(
|
150 |
+
'ipinfo',
|
151 |
+
$ip,
|
152 |
+
)
|
153 |
+
);
|
154 |
+
|
155 |
+
$result = wp_cache_get( $queried_cache_key );
|
156 |
+
if ( false === $result ) {
|
157 |
+
$endpoint = esc_url( "https://api.ipbase.com/json/$ip_address?apikey=" . $plugin_settings['ipbase_api_key']['value'] );
|
158 |
+
|
159 |
+
$response_timeout = 5;
|
160 |
+
if ( ! empty( $settings['ipbase_api_timeout'] ) ) {
|
161 |
+
$timeout = intval( $settings['ipbase_api_timeout']['value'] );
|
162 |
+
}
|
163 |
+
|
164 |
+
$response = \ZeroSpam\Core\Utilities::remote_get( $endpoint, array( 'timeout' => $timeout ) );
|
165 |
+
if ( $response ) {
|
166 |
+
$result = json_decode( $response, true );
|
167 |
+
|
168 |
+
if ( empty( $result ) || ! empty( $result['message'] ) ) {
|
169 |
+
\ZeroSpam\Core\Utilities::log( 'ipbase_api: ' . $result['message'] );
|
170 |
+
return false;
|
171 |
+
}
|
172 |
+
|
173 |
+
$cache_expiration = 14 * DAY_IN_SECONDS;
|
174 |
+
if ( ! empty( $settings['ipbase_cache']['value'] ) ) {
|
175 |
+
$expiration = $settings['ipbase_cache']['value'] * DAY_IN_SECONDS;
|
176 |
+
}
|
177 |
+
|
178 |
+
wp_cache_set( $cache_key, $result, 'zerospam', $expiration );
|
179 |
+
}
|
180 |
+
}
|
181 |
+
|
182 |
+
return $result;
|
183 |
+
}
|
184 |
+
}
|
modules/ipbase/icon-ipbase.svg
ADDED
@@ -0,0 +1 @@
|
|
|
1 |
+
<?xml version="1.0" encoding="UTF-8"?><svg version="1.1" width="342px" height="342px" viewBox="0 0 342.0 342.0" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="i0"><path d="M48,0 C74.5,0 96,21.5 96,48 L96,294 C96,320.235 74.92785,341.5695 48.7934835,341.993567 L48,342 C21.5,342 0,320.5 0,294 L0,48 C0,21.765 21.07215,0.4305 47.2065165,0.0064335 L48,0 Z"></path></clipPath><linearGradient id="i1" x1="45.0696px" y1="326.3085px" x2="48.0562px" y2="168.0193px" gradientUnits="userSpaceOnUse"><stop stop-color="#2893FF" offset="0%"></stop><stop stop-color="#0033BF" offset="100%"></stop></linearGradient><clipPath id="i2"><path d="M48,0 C74.5,0 96.0003474,21.5 96.0003474,48 L96.0003474,173 C96.0990035,199.235 75.02784,220.5695 48.7964535,220.993566 L48,221 C21.5,221 0,199.5 0,173 L0,48 C0,21.765 21.07215,0.4305 47.2065165,0.0064335 L48,0 Z"></path></clipPath><linearGradient id="i3" x1="48.0002px" y1="-118.6891px" x2="48.0002px" y2="212.1005px" gradientUnits="userSpaceOnUse"><stop stop-color="#45A2FF" offset="0%"></stop><stop stop-color="#2660FF" offset="100%"></stop></linearGradient><linearGradient id="i4" x1="48px" y1="2.3109px" x2="48px" y2="333.1005px" gradientUnits="userSpaceOnUse"><stop stop-color="#45A2FF" offset="0%"></stop><stop stop-color="#2660FF" offset="100%"></stop></linearGradient><clipPath id="i5"><path d="M48,0 C74.5,0 96,21.5 96,48 L96,123 C96,149.235 74.92785,170.5695 48.7934835,170.993566 L48,171 C21.5,171 0,149.5 0,123 L0,48 C0,21.765 21.07215,0.4305 47.2065165,0.0064335 L48,0 Z"></path></clipPath><clipPath id="i6"><path d="M47.7,0 C74.0439826,0 95.4,21.3560174 95.4,47.7 C95.4,74.0439826 74.0439826,95.4 47.7,95.4 C21.3560174,95.4 0,74.0439826 0,47.7 C0,21.3560174 21.3560174,0 47.7,0 Z"></path></clipPath><linearGradient id="i7" x1="47.7px" y1="5.5699px" x2="47.7px" y2="124.5238px" gradientUnits="userSpaceOnUse"><stop stop-color="#45A2FF" offset="0%"></stop><stop stop-color="#2660FF" offset="100%"></stop></linearGradient></defs><g transform="translate(246.0 0.0)"><g clip-path="url(#i0)"><polygon points="0,0 96,0 96,342 0,342 0,0" stroke="none" fill="url(#i1)"></polygon></g></g><g transform="translate(0.0 121.0)"><g clip-path="url(#i2)"><polygon points="0,0 96.0006924,0 96.0006924,221 0,221 0,0" stroke="none" fill="url(#i3)"></polygon></g></g><g transform="translate(123.0 0.0)"><g clip-path="url(#i0)"><polygon points="0,0 96,0 96,342 0,342 0,0" stroke="none" fill="url(#i4)"></polygon></g></g><g transform="translate(246.0 0.0)"><g clip-path="url(#i5)"><polygon points="0,0 96,0 96,171 0,171 0,0" stroke="none" fill="url(#i4)"></polygon></g></g><g transform="translate(0.29999999999999716 0.0)"><g clip-path="url(#i6)"><polygon points="0,0 95.4,0 95.4,95.4 0,95.4 0,0" stroke="none" fill="url(#i7)"></polygon></g></g></svg>
|
modules/security/class-security.php
ADDED
@@ -0,0 +1,230 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* Site security
|
4 |
+
*
|
5 |
+
* Implement Zero Spam's recommended WordPress security practices.
|
6 |
+
*
|
7 |
+
* @package ZeroSpam
|
8 |
+
*/
|
9 |
+
|
10 |
+
namespace ZeroSpam\Modules\Security;
|
11 |
+
|
12 |
+
// Security Note: Blocks direct access to the plugin PHP files.
|
13 |
+
defined( 'ABSPATH' ) || die();
|
14 |
+
|
15 |
+
/**
|
16 |
+
* Security class
|
17 |
+
*/
|
18 |
+
class Security {
|
19 |
+
/**
|
20 |
+
* Constructor
|
21 |
+
*/
|
22 |
+
public function __construct() {
|
23 |
+
add_action( 'init', array( $this, 'init' ) );
|
24 |
+
}
|
25 |
+
|
26 |
+
/**
|
27 |
+
* Fires after WordPress has finished loading but before any headers are sent
|
28 |
+
*/
|
29 |
+
public function init() {
|
30 |
+
add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
|
31 |
+
add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
|
32 |
+
|
33 |
+
// It can be considered a security risk to make your WP version visible &
|
34 |
+
// public you should hide it.
|
35 |
+
remove_action( 'wp_head', 'wp_generator' );
|
36 |
+
remove_action( 'opml_head', 'the_generator' );
|
37 |
+
|
38 |
+
// XML-RPC can significantly amplify the brute-force attacks.
|
39 |
+
add_filter( 'xmlrpc_enabled', '__return_false' );
|
40 |
+
|
41 |
+
// Fired on detections.
|
42 |
+
add_action( 'zero_spam_detection', array( $this, 'handle_detection' ), 10, 2 );
|
43 |
+
|
44 |
+
// Block XMLRPC. Accessing this file can allow an attacker to exhaust your
|
45 |
+
// server’s resources quite easily as well as potentially enumerate your
|
46 |
+
// WordPress authors and brute force your WordPress logins among other
|
47 |
+
// vectors.
|
48 |
+
add_action( 'init', array( $this, 'block_xmlrpc' ) );
|
49 |
+
|
50 |
+
if (
|
51 |
+
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'remove_resource_query_parameters' )
|
52 |
+
) {
|
53 |
+
remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
|
54 |
+
remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
|
55 |
+
remove_action( 'wp_print_styles', 'print_emoji_styles' );
|
56 |
+
remove_action( 'admin_print_styles', 'print_emoji_styles' );
|
57 |
+
remove_filter( 'the_content_feed', 'wp_staticize_emoji' );
|
58 |
+
remove_filter( 'comment_text_rss', 'wp_staticize_emoji' );
|
59 |
+
remove_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
|
60 |
+
add_filter( 'tiny_mce_plugins', 'disable_emojis_tinymce' );
|
61 |
+
}
|
62 |
+
|
63 |
+
if (
|
64 |
+
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'disable_emojis' )
|
65 |
+
) {
|
66 |
+
add_filter( 'style_loader_src', array( $this, 'remove_resource_query_params' ), 10, 2);
|
67 |
+
add_filter( 'script_loader_src', array( $this, 'remove_resource_query_params' ), 10, 2);
|
68 |
+
}
|
69 |
+
|
70 |
+
if (
|
71 |
+
'enabled' === \ZeroSpam\Core\Settings::get_settings( 'disable_rss_feed' )
|
72 |
+
) {
|
73 |
+
add_action( 'do_feed', array( $this, 'disable_rss'), 1 );
|
74 |
+
add_action( 'do_feed_rdf', array( $this, 'disable_rss'), 1 );
|
75 |
+
add_action( 'do_feed_rss', array( $this, 'disable_rss'), 1 );
|
76 |
+
add_action( 'do_feed_rss2', array( $this, 'disable_rss'), 1 );
|
77 |
+
add_action( 'do_feed_atom', array( $this, 'disable_rss'), 1 );
|
78 |
+
add_action( 'do_feed_rss2_comments', array( $this, 'disable_rss'), 1 );
|
79 |
+
add_action( 'do_feed_atom_comments', array( $this, 'disable_rss'), 1 );
|
80 |
+
add_filter(
|
81 |
+
'the_generator',
|
82 |
+
function() {
|
83 |
+
return '';
|
84 |
+
}
|
85 |
+
);
|
86 |
+
}
|
87 |
+
}
|
88 |
+
|
89 |
+
/**
|
90 |
+
* Admin setting sections
|
91 |
+
*
|
92 |
+
* @param array $sections Array of admin setting sections.
|
93 |
+
*/
|
94 |
+
public function sections( $sections ) {
|
95 |
+
$sections['security'] = array(
|
96 |
+
'title' => __( 'Security', 'zero-spam' ),
|
97 |
+
'icon' => 'modules/security/icon-security.svg',
|
98 |
+
);
|
99 |
+
|
100 |
+
return $sections;
|
101 |
+
}
|
102 |
+
|
103 |
+
/**
|
104 |
+
* Admin settings
|
105 |
+
*
|
106 |
+
* @param array $settings Array of available settings.
|
107 |
+
*/
|
108 |
+
public function settings( $settings ) {
|
109 |
+
$options = get_option( 'zero-spam-security' );
|
110 |
+
|
111 |
+
$settings['remove_resource_query_parameters'] = array(
|
112 |
+
'title' => __( 'Remove Resource Query Parameters', 'zero-spam' ),
|
113 |
+
'desc' => wp_kses(
|
114 |
+
__( 'Web scanners love the <code>&ver=x.x.x</code> type arguments that are appended to your CSS and JS files. This is useful for caching systems and implementing this change could affect the quality of your cache. As long as you are aware of the effects or risks, there really shouldn’t be any other detrimental effects.', 'zero-spam' ),
|
115 |
+
array(
|
116 |
+
'code' => array(),
|
117 |
+
'strong' => array(),
|
118 |
+
'a' => array(
|
119 |
+
'target' => array(),
|
120 |
+
'href' => array(),
|
121 |
+
'rel' => array(),
|
122 |
+
),
|
123 |
+
)
|
124 |
+
),
|
125 |
+
'module' => 'security',
|
126 |
+
'type' => 'checkbox',
|
127 |
+
'options' => array(
|
128 |
+
'enabled' => false,
|
129 |
+
),
|
130 |
+
'value' => ! empty( $options['remove_resource_query_parameters'] ) ? $options['remove_resource_query_parameters'] : false,
|
131 |
+
);
|
132 |
+
|
133 |
+
$settings['disable_emojis'] = array(
|
134 |
+
'title' => __( 'Disable WordPress Emoj\'s', 'zero-spam' ),
|
135 |
+
'desc' => wp_kses(
|
136 |
+
__( 'WordPress emoji’s are one of the vectors scanners use in order to enumerate version information, disable them if you\'re not using them.', 'zero-spam' ),
|
137 |
+
array(
|
138 |
+
'code' => array(),
|
139 |
+
'strong' => array(),
|
140 |
+
'a' => array(
|
141 |
+
'target' => array(),
|
142 |
+
'href' => array(),
|
143 |
+
'rel' => array(),
|
144 |
+
),
|
145 |
+
)
|
146 |
+
),
|
147 |
+
'module' => 'security',
|
148 |
+
'type' => 'checkbox',
|
149 |
+
'options' => array(
|
150 |
+
'enabled' => false,
|
151 |
+
),
|
152 |
+
'value' => ! empty( $options['disable_emojis'] ) ? $options['disable_emojis'] : false,
|
153 |
+
'recommended' => 'enabled',
|
154 |
+
);
|
155 |
+
|
156 |
+
$settings['disable_rss_feed'] = array(
|
157 |
+
'title' => __( 'Disable WordPress RSS Feed', 'zero-spam' ),
|
158 |
+
'desc' => wp_kses(
|
159 |
+
__( 'Having the RSS feed exposed is another way that scanners use to detect your WordPress version as well as other pertinent information such as authors, disable it if you\'re not using it.', 'zero-spam' ),
|
160 |
+
array(
|
161 |
+
'code' => array(),
|
162 |
+
'strong' => array(),
|
163 |
+
'a' => array(
|
164 |
+
'target' => array(),
|
165 |
+
'href' => array(),
|
166 |
+
'rel' => array(),
|
167 |
+
),
|
168 |
+
)
|
169 |
+
),
|
170 |
+
'module' => 'security',
|
171 |
+
'type' => 'checkbox',
|
172 |
+
'options' => array(
|
173 |
+
'enabled' => false,
|
174 |
+
),
|
175 |
+
'value' => ! empty( $options['disable_rss_feed'] ) ? $options['disable_rss_feed'] : false,
|
176 |
+
);
|
177 |
+
|
178 |
+
return $settings;
|
179 |
+
}
|
180 |
+
|
181 |
+
/**
|
182 |
+
* Disables RSS feeds
|
183 |
+
*/
|
184 |
+
public function disable_rss() {
|
185 |
+
wp_die( __( 'No feed available.', 'zero-spam' ) );
|
186 |
+
}
|
187 |
+
|
188 |
+
/**
|
189 |
+
* Removes resource query parameters
|
190 |
+
*/
|
191 |
+
public function remove_resource_query_params( $src ) {
|
192 |
+
if ( strpos( $src, 'ver=' . get_bloginfo( 'version' ) ) ) {
|
193 |
+
$src = remove_query_arg( 'ver', $src );
|
194 |
+
}
|
195 |
+
|
196 |
+
return $src;
|
197 |
+
}
|
198 |
+
|
199 |
+
/**
|
200 |
+
* Handles detections.
|
201 |
+
*
|
202 |
+
* @param array $details Detection details.
|
203 |
+
*/
|
204 |
+
public function handle_detection( $details ) {
|
205 |
+
|
206 |
+
}
|
207 |
+
|
208 |
+
/**
|
209 |
+
* Block access to xmlrpc.php
|
210 |
+
*/
|
211 |
+
public function block_xmlrpc() {
|
212 |
+
$current_url = rtrim( $_SERVER['REQUEST_URI'], '/' );
|
213 |
+
add_filter(
|
214 |
+
'bloginfo_url',
|
215 |
+
function( $output, $property ) {
|
216 |
+
return ( $property == 'pingback_url' ) ? null : $output;
|
217 |
+
},
|
218 |
+
11,
|
219 |
+
2
|
220 |
+
);
|
221 |
+
|
222 |
+
add_filter( 'xmlrpc_enabled', '__return_false' );
|
223 |
+
|
224 |
+
if ( strpos( $current_url, '/xmlrpc.php' ) !== false ) {
|
225 |
+
status_header( 404 );
|
226 |
+
nocache_headers();
|
227 |
+
wp_die( __('This file is not accessible.', 'zero-spam') );
|
228 |
+
}
|
229 |
+
}
|
230 |
+
}
|
modules/security/icon-security.svg
ADDED
@@ -0,0 +1,10 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="256" height="256" viewBox="0 0 256 256" xml:space="preserve">
|
2 |
+
|
3 |
+
<defs>
|
4 |
+
</defs>
|
5 |
+
<g style="stroke: none; stroke-width: 0; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: none; fill-rule: nonzero; opacity: 1;" transform="translate(1.4065934065934016 1.4065934065934016) scale(2.81 2.81)" >
|
6 |
+
<path d="M 70.774 90 H 19.226 c -3.586 0 -6.494 -2.907 -6.494 -6.494 V 41.755 c 0 -3.586 2.907 -6.494 6.494 -6.494 h 51.549 c 3.586 0 6.494 2.907 6.494 6.494 v 41.751 C 77.268 87.093 74.361 90 70.774 90 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(255,189,72); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round" />
|
7 |
+
<path d="M 51.483 57.308 c 0 -4.038 -3.691 -7.213 -7.883 -6.337 c -2.439 0.51 -4.414 2.477 -4.932 4.915 c -0.604 2.842 0.656 5.45 2.784 6.845 v 9.575 c 0 1.959 1.588 3.548 3.548 3.548 h 0 c 1.959 0 3.548 -1.588 3.548 -3.548 v -9.575 C 50.314 61.573 51.483 59.578 51.483 57.308 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(102,102,102); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round" />
|
8 |
+
<path d="M 66.961 35.262 V 20.155 C 66.961 9.024 57.937 0 46.806 0 h -3.612 C 32.063 0 23.039 9.024 23.039 20.155 v 15.107 l 7.993 0 V 22.92 c 0 -8.244 6.683 -14.927 14.927 -14.927 l 0 0 c 7.185 0 13.009 5.824 13.009 13.009 v 14.26 L 66.961 35.262 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(102,102,102); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round" />
|
9 |
+
</g>
|
10 |
+
</svg>
|
readme.txt
CHANGED
@@ -5,15 +5,15 @@ Donate link: https://www.zerospam.org/subscribe/
|
|
5 |
Requires at least: 5.2
|
6 |
Tested up to: 6.0.2
|
7 |
Requires PHP: 7.3
|
8 |
-
Stable tag: 5.4.
|
9 |
License: GNU GPLv3
|
10 |
License URI: https://choosealicense.com/licenses/gpl-3.0/
|
11 |
|
12 |
-
Protection against spam
|
13 |
|
14 |
== Description ==
|
15 |
|
16 |
-
Protect against spam
|
17 |
|
18 |
**Install, activate, configure, then put your mind at ease!**
|
19 |
|
@@ -21,9 +21,10 @@ Protect against spam & malicious users using an advanced, highly-configurable fi
|
|
21 |
|
22 |
* No captcha, spam isn't a users' problem
|
23 |
* No moderation queues, spam isn't a administrators' problem
|
24 |
-
*
|
25 |
-
*
|
26 |
-
*
|
|
|
27 |
* Block entire countries, regions, zip/postal codes & cities
|
28 |
* Optional disallowed list using [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist)
|
29 |
* Block known disposable & malicious email domains using [disposable](https://github.com/disposable)
|
@@ -50,6 +51,7 @@ Zero Spam allows you to integrate with other services to improve the ability to
|
|
50 |
* **[Stop Forum Spam](https://www.stopforumspam.com/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.stopforumspam.com/privacy) & [Terms of Use](https://www.stopforumspam.com/legal).
|
51 |
* **[Project Honeypot](https://www.projecthoneypot.org/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) & [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php).
|
52 |
* **[ipinfo.io](https://ipinfo.io/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://ipinfo.io/privacy-policy) & [Terms of Use](https://ipinfo.io/terms-of-service).
|
|
|
53 |
* **[ipstack](https://ipstack.com/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://ipstack.com/terms).
|
54 |
* **[Google Maps](https://developers.google.com/maps)** - Enables the ability to plot attack locations. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://developers.google.com/terms/site-terms).
|
55 |
|
@@ -105,6 +107,11 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs
|
|
105 |
|
106 |
== Changelog ==
|
107 |
|
|
|
|
|
|
|
|
|
|
|
108 |
= v5.4.1 =
|
109 |
|
110 |
* feat(dashboard): dashboard ui enhancements
|
@@ -112,7 +119,7 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs
|
|
112 |
* fix(memberpress): removed memberpress support, they made fundamental changes to their plugin that's ganna require a rework
|
113 |
* fix(uninstall): fix issue where the plugin couldn't be deleted
|
114 |
* fix(cli): resolves #33
|
115 |
-
* chore(charts): updated chart.js
|
116 |
|
117 |
= v5.4.0 =
|
118 |
|
5 |
Requires at least: 5.2
|
6 |
Tested up to: 6.0.2
|
7 |
Requires PHP: 7.3
|
8 |
+
Stable tag: 5.4.2
|
9 |
License: GNU GPLv3
|
10 |
License URI: https://choosealicense.com/licenses/gpl-3.0/
|
11 |
|
12 |
+
Protection against spam, malicious users & common attacks using an advanced behavior detection engine. Integrates with other 3rd-party plugins.
|
13 |
|
14 |
== Description ==
|
15 |
|
16 |
+
Protect against spam, malicious users, attacks like web & port scans, brute force, and others. Zero Spam uses multiple methods to detect & stop threats including an advanced behavior detection engine that integrates with [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/) & [Project Honeypot](https://www.projecthoneypot.org/). Integration with popular plugins like [WooCommerce](https://wordpress.org/plugins/woocommerce/), [GiveWP](https://givewp.com/ref/1118/), [Gravity Forms](https://www.gravityforms.com/) & more help provides an extra level of protection.
|
17 |
|
18 |
**Install, activate, configure, then put your mind at ease!**
|
19 |
|
21 |
|
22 |
* No captcha, spam isn't a users' problem
|
23 |
* No moderation queues, spam isn't a administrators' problem
|
24 |
+
* Advanced behavior detection engine able to dynamically block threats
|
25 |
+
* Integrates with global IP reputation providers
|
26 |
+
* Allows admins to block IPs temporarily or permanently
|
27 |
+
* Geolocation integration to track where threats are coming from
|
28 |
* Block entire countries, regions, zip/postal codes & cities
|
29 |
* Optional disallowed list using [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist)
|
30 |
* Block known disposable & malicious email domains using [disposable](https://github.com/disposable)
|
51 |
* **[Stop Forum Spam](https://www.stopforumspam.com/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.stopforumspam.com/privacy) & [Terms of Use](https://www.stopforumspam.com/legal).
|
52 |
* **[Project Honeypot](https://www.projecthoneypot.org/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) & [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php).
|
53 |
* **[ipinfo.io](https://ipinfo.io/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://ipinfo.io/privacy-policy) & [Terms of Use](https://ipinfo.io/terms-of-service).
|
54 |
+
* **[ipbase.com](https://ipbase.com/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://ipbase.com/privacy-policy/) & [Terms of Use](https://www.iubenda.com/terms-and-conditions/41661719).
|
55 |
* **[ipstack](https://ipstack.com/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://ipstack.com/terms).
|
56 |
* **[Google Maps](https://developers.google.com/maps)** - Enables the ability to plot attack locations. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://developers.google.com/terms/site-terms).
|
57 |
|
107 |
|
108 |
== Changelog ==
|
109 |
|
110 |
+
= v5.4.2 =
|
111 |
+
|
112 |
+
* feat(ipbase): added support for ipbase.com
|
113 |
+
* feat(security): added additional advanced security protections
|
114 |
+
|
115 |
= v5.4.1 =
|
116 |
|
117 |
* feat(dashboard): dashboard ui enhancements
|
119 |
* fix(memberpress): removed memberpress support, they made fundamental changes to their plugin that's ganna require a rework
|
120 |
* fix(uninstall): fix issue where the plugin couldn't be deleted
|
121 |
* fix(cli): resolves #33
|
122 |
+
* chore(charts): updated chart.js to 3.9.1
|
123 |
|
124 |
= v5.4.0 =
|
125 |
|
wordpress-zero-spam.php
CHANGED
@@ -13,7 +13,7 @@
|
|
13 |
* Plugin Name: Zero Spam for WordPress
|
14 |
* Plugin URI: https://www.highfivery.com/projects/zero-spam/
|
15 |
* Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam & malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong>
|
16 |
-
* Version: 5.4.
|
17 |
* Requires at least: 5.2
|
18 |
* Requires PHP: 7.3
|
19 |
* Author: Highfivery LLC
|
@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) || die();
|
|
31 |
define( 'ZEROSPAM', __FILE__ );
|
32 |
define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
|
33 |
define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
|
34 |
-
define( 'ZEROSPAM_VERSION', '5.4.
|
35 |
|
36 |
if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
|
37 |
define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );
|
13 |
* Plugin Name: Zero Spam for WordPress
|
14 |
* Plugin URI: https://www.highfivery.com/projects/zero-spam/
|
15 |
* Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam & malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong>
|
16 |
+
* Version: 5.4.2
|
17 |
* Requires at least: 5.2
|
18 |
* Requires PHP: 7.3
|
19 |
* Author: Highfivery LLC
|
31 |
define( 'ZEROSPAM', __FILE__ );
|
32 |
define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
|
33 |
define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
|
34 |
+
define( 'ZEROSPAM_VERSION', '5.4.2' );
|
35 |
|
36 |
if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
|
37 |
define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );
|