Beispiel #1
0
 public function generate_new_salts()
 {
     if (!ITSEC_Modules::get_setting('global', 'write_files')) {
         return new WP_Error('itsec-wordpress-salts-utilities-write-files-disabled', __('The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security'));
     }
     require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
     require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php';
     $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
     $config = ITSEC_Lib_File::read($config_file_path);
     if (is_wp_error($config)) {
         return new WP_Error('itsec-wordpress-salts-utilities-cannot-read-wp-config.php', sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()));
     }
     $defines = array('AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT');
     foreach ($defines as $define) {
         if (empty($salts)) {
             $salts = self::get_new_salts();
         }
         $salt = array_pop($salts);
         if (empty($salt)) {
             $salt = wp_generate_password(64, true, true);
         }
         $salt = str_replace('$', '\\$', $salt);
         $regex = "/(define\\s*\\(\\s*(['\"]){$define}\\2\\s*,\\s*)(['\"]).+?\\3(\\s*\\)\\s*;)/";
         $config = preg_replace($regex, "\${1}'{$salt}'\${4}", $config);
     }
     $write_result = ITSEC_Lib_File::write($config_file_path, $config);
     if (is_wp_error($write_result)) {
         return new WP_Error('itsec-wordpress-salts-utilities-cannot-save-wp-config.php', sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()));
     }
     return true;
 }
Beispiel #2
0
 public function __construct()
 {
     if (!ITSEC_Modules::get_setting('file-change', 'show_warning')) {
         return;
     }
     add_action('init', array($this, 'init'));
 }
 function run()
 {
     if (1 === ITSEC_Modules::get_setting('ssl', 'frontend')) {
         add_action('post_submitbox_misc_actions', array($this, 'ssl_enable_per_content'));
         add_action('save_post', array($this, 'save_post'));
     }
 }
Beispiel #4
0
 protected function validate_settings()
 {
     if (!$this->can_save()) {
         return;
     }
     if (!$this->settings['regenerate']) {
         unset($this->settings['regenerate']);
         if (defined('DOING_AJAX') && DOING_AJAX && !empty($_POST['module']) && $this->get_id() === $_POST['module']) {
             // Request to modify just this module.
             $this->set_can_save(false);
             if (ITSEC_Modules::get_setting('global', 'write_files')) {
                 $this->add_error(new WP_Error('itsec-wordpress-salts-skipping-regeneration-empty-checkbox', __('You must check the Change WordPress Salts checkbox in order to change the WordPress salts.', 'better-wp-security')));
             } else {
                 $this->add_error(new WP_Error('itsec-wordpress-salts-skipping-regeneration-write-files-disabled', __('The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security')));
             }
         }
         return;
     }
     unset($this->settings['regenerate']);
     require_once dirname(__FILE__) . '/utilities.php';
     $result = ITSEC_WordPress_Salts_Utilities::generate_new_salts();
     if (is_wp_error($result)) {
         $this->add_error($result);
         $this->set_can_save(false);
     } else {
         $this->add_message(__('The WordPress salts were successfully regenerated.', 'better-wp-security'));
         $this->settings['last_generated'] = ITSEC_Core::get_current_time_gmt();
         ITSEC_Response::force_logout();
     }
 }
Beispiel #5
0
 private function send_new_login_url($url)
 {
     if (ITSEC_Core::doing_data_upgrade()) {
         // Do not send emails when upgrading data. This prevents spamming users with notifications just because the
         // data was ported from an old version to a new version.
         return;
     }
     $message = '<p>' . __('Dear Site Admin,', 'better-wp-security') . "</p>\n";
     /* translators: 1: Site name, 2: Site address, 3: New login address */
     $message .= '<p>' . sprintf(__('The login address for %1$s (<code>%2$s</code>) has changed. The new login address is <code>%3$s</code>. You will be unable to use the old login address.', 'better-wp-security'), get_bloginfo('name'), esc_url(get_site_url()), esc_url($url)) . "</p>\n";
     if (defined('ITSEC_DEBUG') && ITSEC_DEBUG === true) {
         $message .= '<p>Debug info (source page): ' . esc_url($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) . "</p>\n";
     }
     $message = "<html>\n{$message}</html>\n";
     //Setup the remainder of the email
     $recipients = ITSEC_Modules::get_setting('global', 'notification_email');
     $subject = sprintf(__('[%1$s] WordPress Login Address Changed', 'better-wp-security'), get_site_url());
     $subject = apply_filters('itsec_lockout_email_subject', $subject);
     $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
     //Use HTML Content type
     add_filter('wp_mail_content_type', array($this, 'get_html_content_type'));
     //Send emails to all recipients
     foreach ($recipients as $recipient) {
         $recipient = trim($recipient);
         if (is_email($recipient)) {
             wp_mail($recipient, $subject, $message, $headers);
         }
     }
     //Remove HTML Content type
     remove_filter('wp_mail_content_type', array($this, 'get_html_content_type'));
 }
Beispiel #6
0
function itsec_ban_users_handle_new_blacklisted_ip($ip)
{
    $host_list = ITSEC_Modules::get_setting('ban-users', 'host_list', array());
    if (!is_array($host_list)) {
        $host_list = array();
    }
    $host_list[] = $ip;
    ITSEC_Modules::set_setting('ban-users', 'host_list', $host_list);
}
Beispiel #7
0
 public function filter_body_classes($classes)
 {
     if (ITSEC_Modules::get_setting('global', 'show_error_codes')) {
         $classes .= ' itsec-show-error-codes';
     }
     if (ITSEC_Modules::get_setting('global', 'write_files')) {
         $classes .= ' itsec-write-files-enabled';
     } else {
         $classes .= ' itsec-write-files-disabled';
     }
     $classes = trim($classes);
     return $classes;
 }
 public function add_hooks()
 {
     if ($this->hooks_added) {
         return;
     }
     add_filter('itsec_filter_apache_server_config_modification', array($this, 'filter_apache_server_config_modification'));
     add_filter('itsec_filter_nginx_server_config_modification', array($this, 'filter_nginx_server_config_modification'));
     add_filter('itsec_filter_litespeed_server_config_modification', array($this, 'filter_litespeed_server_config_modification'));
     if (ITSEC_Modules::get_setting('system-tweaks', 'long_url_strings')) {
         add_action('itsec_initialized', array($this, 'block_long_urls'));
     }
     $this->hooks_added = true;
 }
 public function add_scripts()
 {
     foreach ($this->modules as $id => $module) {
         $module->enqueue_scripts_and_styles();
     }
     foreach ($this->widgets as $id => $widget) {
         $widget->enqueue_scripts_and_styles();
     }
     $vars = array('ajax_action' => 'itsec_settings_page', 'ajax_nonce' => wp_create_nonce('itsec-settings-nonce'), 'show_security_check' => ITSEC_Modules::get_setting('global', 'show_security_check'), 'translations' => $this->translations);
     if ($vars['show_security_check']) {
         ITSEC_Modules::set_setting('global', 'show_security_check', false);
         if (!empty($_GET['module']) && 'security-check' === $_GET['module']) {
             $vars['show_security_check'] = false;
         }
     }
     wp_enqueue_script('itsec-settings-page-script', plugins_url('js/script.js', __FILE__), array(), $this->version, true);
     wp_localize_script('itsec-settings-page-script', 'itsec_page', $vars);
 }
Beispiel #10
0
 private static function enforce_setting($module, $setting_name, $setting_value, $description)
 {
     if (!in_array($module, self::$available_modules)) {
         return;
     }
     if (ITSEC_Modules::get_setting($module, $setting_name) !== $setting_value) {
         ITSEC_Modules::set_setting($module, $setting_name, $setting_value);
         ob_start();
         self::open_container();
         echo "<p>{$description}</p>";
         echo '</div>';
         self::$actions_taken[] = ob_get_clean();
         ITSEC_Response::reload_module($module);
     }
 }
 /**
  * Release the lock.
  *
  * Releases a file lock to allow others to use it.
  *
  * @since  4.0.0
  *
  * @param string $lock_file file name of lock
  *
  * @return bool true if released, false otherwise
  */
 public function release_file_lock($lock_file)
 {
     if (ITSEC_Modules::get_setting('global', 'lock_file')) {
         return true;
     }
     require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-directory.php';
     $lock_file = ITSEC_Core::get_storage_dir() . '/' . sanitize_text_field($lock_file) . '.lock';
     $result = ITSEC_Lib_Directory::remove($lock_file);
     if (is_wp_error($result)) {
         return false;
     }
     return true;
 }
Beispiel #12
0
 /**
  * Checks jQuery version.
  *
  * Checks if the jquery version saved is vulnerable to http://bugs.jquery.com/ticket/9521
  *
  * @since 4.0.0
  *
  * @return mixed|bool true if known safe false if unsafe or null if untested
  */
 public static function is_jquery_version_safe()
 {
     $jquery_version = ITSEC_Modules::get_setting('wordpress-tweaks', 'jquery_version');
     if (!empty($jquery_version) && version_compare($jquery_version, '1.6.3', '>=')) {
         return true;
     }
     return false;
 }
Beispiel #13
0
 /**
  * Builds and sends notification email
  *
  * Sends the notication email too all applicable administrative users notifying them
  * that file changes have been detected
  *
  * @since  4.0.0
  *
  * @access private
  *
  * @param array $email_details array of details for the email messge
  *
  * @return void
  */
 private function send_notification_email($email_details)
 {
     global $itsec_globals;
     $itsec_notify = ITSEC_Core::get_itsec_notify();
     if (!ITSEC_Modules::get_setting('global', 'digest_email')) {
         $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
         $subject = '[' . get_option('siteurl') . '] ' . __('WordPress File Change Warning', 'better-wp-security') . ' ' . date('l, F jS, Y \\a\\t g:i a e', $itsec_globals['current_time']);
         $body = '<p>' . __('A file (or files) on your site at ', 'better-wp-security') . ' ' . get_option('siteurl') . __(' have been changed. Please review the report below to verify changes are not the result of a compromise.', 'better-wp-security') . '</p>';
         $body .= $this->get_email_report($email_details);
         //get report
         $args = array('headers' => $headers, 'message' => $body, 'subject' => $subject);
         $itsec_notify->notify($args);
     } else {
         $changed = $email_details[0] + $email_details[1] + $email_details[2];
         if ($changed > 0) {
             $itsec_notify->register_file_change();
         }
     }
 }
Beispiel #14
0
 public static function get_server_config_ban_user_agents_rules($server_type)
 {
     $agent_list = ITSEC_Modules::get_setting('ban-users', 'agent_list', array());
     if (!is_array($agent_list) || empty($agent_list)) {
         return '';
     }
     $agent_rules = '';
     $rewrite_rules = '';
     foreach ($agent_list as $index => $agent) {
         $agent = trim($agent);
         if (empty($agent)) {
             continue;
         }
         $agent = preg_quote($agent);
         if (in_array($server_type, array('apache', 'litespeed'))) {
             $agent = str_replace(' ', '\\ ', $agent);
             $rewrite_rules .= "\t\tRewriteCond %{HTTP_USER_AGENT} ^{$agent} [NC,OR]\n";
         } else {
             if ('nginx' === $server_type) {
                 $agent = str_replace('"', '\\"', $agent);
                 $agent_rules .= "\tif (\$http_user_agent ~* \"^{$agent}\") { return 403; }\n";
             }
         }
     }
     if (in_array($server_type, array('apache', 'litespeed')) && !empty($rewrite_rules)) {
         $rewrite_rules = preg_replace("/\\[NC,OR\\]\n\$/", "[NC]\n", $rewrite_rules);
         $agent_rules .= "\t<IfModule mod_rewrite.c>\n";
         $agent_rules .= "\t\tRewriteEngine On\n";
         $agent_rules .= $rewrite_rules;
         $agent_rules .= "\t\tRewriteRule ^.* - [F]\n";
         $agent_rules .= "\t</IfModule>\n";
     }
     $rules = '';
     if (!empty($agent_rules)) {
         $rules .= "\n";
         $rules .= "\t# " . __('Ban User Agents - Security > Settings > Banned Users', 'better-wp-security') . "\n";
         $rules .= $agent_rules;
     }
     return $rules;
 }
Beispiel #15
0
 public function filter_wp_config_modification($modification)
 {
     if (ITSEC_Modules::get_setting('ssl', 'admin')) {
         $modification .= "define( 'FORCE_SSL_LOGIN', true ); // " . __('Force SSL for Dashboard - Security > Settings > Secure Socket Layers (SSL) > SSL for Dashboard', 'better-wp-security') . "\n";
         $modification .= "define( 'FORCE_SSL_ADMIN', true ); // " . __('Force SSL for Dashboard - Security > Settings > Secure Socket Layers (SSL) > SSL for Dashboard', 'better-wp-security') . "\n";
     }
     return $modification;
 }
Beispiel #16
0
    private function show_settings_page()
    {
        require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-wp-list-table.php';
        if (isset($_GET['filter'])) {
            $filter = $_GET['filter'];
        } else {
            $filter = 'all';
        }
        $form = new ITSEC_Form();
        $filters = array('all' => __('All Log Data', 'better-wp-security'));
        foreach ($this->logger_displays as $log_provider) {
            $filters[$log_provider['module']] = $log_provider['title'];
        }
        $form->set_option('filter', $filter);
        ?>
	<div class="wrap">
		<h1>
			<?php 
        _e('iThemes Security', 'better-wp-security');
        ?>
			<a href="<?php 
        echo esc_url(ITSEC_Core::get_settings_page_url());
        ?>
" class="page-title-action"><?php 
        _e('Manage Settings', 'better-wp-security');
        ?>
</a>
			<a href="<?php 
        echo esc_url(apply_filters('itsec_support_url', 'https://wordpress.org/support/plugin/better-wp-security'));
        ?>
" class="page-title-action"><?php 
        _e('Support', 'better-wp-security');
        ?>
</a>
		</h1>

		<div id="itsec-settings-messages-container">
			<?php 
        foreach (ITSEC_Response::get_errors() as $error) {
            ITSEC_Lib::show_error_message($error);
        }
        foreach (ITSEC_Response::get_messages() as $message) {
            ITSEC_Lib::show_status_message($message);
        }
        ?>
		</div>

		<div id="poststuff">
			<div id="post-body" class="metabox-holder columns-2 hide-if-no-js">
				<div id="postbox-container-2" class="postbox-container">
					<?php 
        if ('file' === ITSEC_Modules::get_setting('global', 'log_type')) {
            ?>
						<p><?php 
            _e('To view logs within the plugin you must enable database logging in the Global Settings. File logging is not available for access within the plugin itself.', 'better-wp-security');
            ?>
</p>
					<?php 
        } else {
            ?>
						<div class="itsec-module-cards-container list">
							<p><?php 
            _e('Below are various logs of information collected by iThemes Security Pro. This information can help you get a picture of what is happening with your site and the level of success you have achieved in your security efforts.', 'better-wp-security');
            ?>
</p>
							<p><?php 
            _e('Logging settings can be managed in the Global Settings.', 'better-wp-security');
            ?>
</p>


							<?php 
            $form->start_form('itsec-module-settings-form');
            ?>
								<?php 
            $form->add_nonce('itsec-settings-page');
            ?>
								<p><?php 
            $form->add_select('filter', $filters);
            ?>
</p>
							<?php 
            $form->end_form();
            ?>

							<?php 
            $this->show_filtered_logs($filter);
            ?>
						</div>
					<?php 
        }
        ?>
				</div>
				<div class="itsec-modal-background"></div>

				<div id="postbox-container-1" class="postbox-container">
					<?php 
        foreach ($this->widgets as $id => $widget) {
            ?>
						<?php 
            $form->start_form("itsec-sidebar-widget-form-{$id}");
            ?>
							<?php 
            $form->add_nonce('itsec-logs-page');
            ?>
							<?php 
            $form->add_hidden('widget-id', $id);
            ?>
							<div id="itsec-sidebar-widget-<?php 
            echo $id;
            ?>
" class="postbox itsec-sidebar-widget">
								<h3 class="hndle ui-sortable-handle"><span><?php 
            echo esc_html($widget->title);
            ?>
</span></h3>
								<div class="inside">
									<?php 
            $this->get_widget_settings($id, $form, true);
            ?>
								</div>
							</div>
						<?php 
            $form->end_form();
            ?>
					<?php 
        }
        ?>
				</div>
			</div>

			<div class="hide-if-js">
				<p class="itsec-warning-message"><?php 
        _e('iThemes Security requires Javascript in order for the settings to be modified. Please enable Javascript to configure the settings.', 'better-wp-security');
        ?>
</p>
			</div>
		</div>
	</div>
<?php 
    }
 /**
  * Get full file path to the server's config file for the site.
  *
  * Customize the returned value with the itsec_filter_server_config_file_path filter. Filter the value to a blank
  * string ("") in order to disable modifications to this file.
  *
  * @since 1.15.0
  *
  * @return string Full path to the server config file or a blank string if modifications for the file are disabled.
  */
 public static function get_server_config_file_path()
 {
     global $itsec_globals;
     $server = ITSEC_Lib_Utility::get_web_server();
     if ('nginx' === $server) {
         $file = ITSEC_Modules::get_setting('global', 'nginx_file');
         $file_path = apply_filters('itsec_filter_server_config_file_path', $file, basename($file));
         if (!empty($file_path)) {
             return $file_path;
         }
     }
     $file = self::get_default_server_config_file_name();
     if (empty($file)) {
         return '';
     }
     require_once ABSPATH . 'wp-admin/includes/file.php';
     $home_path = get_home_path();
     $file_path = $home_path . $file;
     $file_path = apply_filters('itsec_filter_server_config_file_path', $file_path, $file);
     if ($file_path === $home_path) {
         return '';
     }
     return $file_path;
 }
Beispiel #18
0
    protected function render_settings($form)
    {
        $settings = $form->get_options();
        $xmlrpc_options = array('2' => __('Disable XML-RPC (recommended)', 'better-wp-security'), '1' => __('Disable Pingbacks', 'better-wp-security'), '0' => __('Enable XML-RPC', 'better-wp-security'));
        $allow_xmlrpc_multiauth_options = array(false => __('Block (recommended)', 'better-wp-security'), true => __('Allow', 'better-wp-security'));
        $jquery_version = ITSEC_Modules::get_setting($this->id, 'jquery_version');
        $jquery_version_is_safe = ITSEC_Lib::is_jquery_version_safe();
        if (empty($jquery_version)) {
            $jquery_description = sprintf(__('Your current jQuery version is undetermined. Please <a href="%1$s" target="_blank">check your homepage</a> to see if you even need this feature'), site_url());
        } else {
            $jquery_description = sprintf(__('Your current jQuery version is %1$s'), $jquery_version);
        }
        if ($jquery_version_is_safe) {
            $jquery_description_color = 'green';
        } else {
            $jquery_description_color = 'red';
        }
        ?>
	<p><?php 
        _e('Note: These settings are listed as advanced because they block common forms of attacks but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.', 'better-wp-security');
        ?>
</p>
	<p><?php 
        _e('Remember, some of these settings might conflict with other plugins or themes, so test your site after enabling each setting.', 'better-wp-security');
        ?>
</p>
	<table class="form-table">
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-wlwmanifest_header"><?php 
        _e('Windows Live Writer Header', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('wlwmanifest_header');
        ?>
				<label for="itsec-wordpress-tweaks-wlwmanifest_header"><?php 
        _e('Remove the Windows Live Writer header.', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('This is not needed if you do not use Windows Live Writer or other blogging clients that rely on this file.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-edituri_header"><?php 
        _e('EditURI Header', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('edituri_header');
        ?>
				<label for="itsec-wordpress-tweaks-edituri_header"><?php 
        _e('Remove the RSD (Really Simple Discovery) header.', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('Removes the RSD (Really Simple Discovery) header. If you don\'t integrate your blog with external XML-RPC services such as Flickr then the "RSD" function is pretty much useless to you.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-comment_spam"><?php 
        _e('Comment Spam', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('comment_spam');
        ?>
				<label for="itsec-wordpress-tweaks-comment_spam"><?php 
        _e('Reduce Comment Spam', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('This option will cut down on comment spam by denying comments from bots with no referrer or without a user-agent identified.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-file_editor"><?php 
        _e('File Editor', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('file_editor');
        ?>
				<label for="itsec-wordpress-tweaks-file_editor"><?php 
        _e('Disable File Editor', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('Disables the file editor for plugins and themes requiring users to have access to the file system to modify files. Once activated you will need to manually edit theme and other files using a tool other than WordPress.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-disable_xmlrpc"><?php 
        _e('XML-RPC', 'better-wp-security');
        ?>
</label></th>
			<td>
				<p><?php 
        printf(__('WordPress\' XML-RPC feature allows external services to access and modify content on the site. Common example of services that make use of XML-RPC are <a href="%1$s">the Jetpack plugin</a>, <a href="%2$s">the WordPress mobile app</a>, and <a href="%3$s">pingbacks</a>. If the site does not use a service that requires XML-RPC, select the "Disable XML-RPC" setting as disabling XML-RPC prevents attackers from using the feature to attack the site.', 'better-wp-security'), esc_url('https://jetpack.me/'), esc_url('https://apps.wordpress.org/'), esc_url('https://make.wordpress.org/support/user-manual/building-your-wordpress-community/trackbacks-and-pingbacks/#pingbacks'));
        ?>
</p>
				<?php 
        $form->add_select('disable_xmlrpc', $xmlrpc_options);
        ?>
				<ul>
					<li><?php 
        _e('<strong>Disable XML-RPC</strong> - XML-RPC is disabled on the site. This setting is highly recommended if Jetpack, the WordPress mobile app, pingbacks, and other services that use XML-RPC are not used.', 'better-wp-security');
        ?>
</li>
					<li><?php 
        _e('<strong>Disable Pingbacks</strong> - Only disable pingbacks. Other XML-RPC features will work as normal. Select this setting if you require features such as Jetpack or the WordPress Mobile app.', 'better-wp-security');
        ?>
</li>
					<li><?php 
        _e('<strong>Enable XML-RPC</strong> - XML-RPC is fully enabled and will function as normal. Use this setting only if the site must have unrestricted use of XML-RPC.', 'better-wp-security');
        ?>
</li>
				</ul>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-allow_xmlrpc_multiauth"><?php 
        _e('Multiple Authentication Attempts per XML-RPC Request', 'better-wp-security');
        ?>
</label></th>
			<td>
				<p><?php 
        _e('WordPress\' XML-RPC feature allows hundreds of username and password guesses per request. Use the recommended "Block" setting below to prevent attackers from exploiting this feature.', 'better-wp-security');
        ?>
</p>
				<?php 
        $form->add_select('allow_xmlrpc_multiauth', $allow_xmlrpc_multiauth_options);
        ?>
				<ul>
					<li><?php 
        _e('<strong>Block</strong> - Blocks XML-RPC requests that contain multiple login attempts. This setting is highly recommended.', 'better-wp-security');
        ?>
</li>
					<li><?php 
        _e('<strong>Allow</strong> - Allows XML-RPC requests that contain multiple login attempts. Only use this setting if a service requires it.', 'better-wp-security');
        ?>
</li>
				</ul>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-safe_jquery"><?php 
        _e('Replace jQuery With a Safe Version', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        if ($jquery_version_is_safe) {
            ?>
					<?php 
            $form->add_checkbox('safe_jquery');
            ?>
					<label for="itsec-wordpress-tweaks-safe_jquery"><?php 
            _e('Enqueue a safe version of jQuery', 'better-wp-security');
            ?>
</label>
					<p class="description"><?php 
            _e('Remove the existing jQuery version used and replace it with a safe version (the version that comes default with WordPress).', 'better-wp-security');
            ?>
</p>
				<?php 
        }
        ?>
				
				<p class="description" style="color: <?php 
        echo esc_attr($jquery_description_color);
        ?>
"><?php 
        echo $jquery_description;
        ?>
</p>
				<p class="description"><?php 
        printf(__('Note that this only checks the homepage of your site and only for users who are logged in. This is done intentionally to save resources. If you think this is in error <a href="%s" target="_blank">click here to check again.</a> This will open your homepage in a new window allowing the plugin to determine the version of jQuery actually being used. You can then come back here and reload this page to see your version.', 'better-wp-security'), site_url());
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-login_errors"><?php 
        _e('Login Error Messages', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('login_errors');
        ?>
				<label for="itsec-wordpress-tweaks-login_errors"><?php 
        _e('Disable login error messages', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('Prevents error messages from being displayed to a user upon a failed login attempt.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-force_unique_nicename"><?php 
        _e('Force Unique Nickname', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('force_unique_nicename');
        ?>
				<label for="itsec-wordpress-tweaks-force_unique_nicename"><?php 
        _e('Force users to choose a unique nickname', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('This forces users to choose a unique nickname when updating their profile or creating a new account which prevents bots and attackers from easily harvesting user\'s login usernames from the code on author pages. Note this does not automatically update existing users as it will affect author feed urls if used.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
		<tr>
			<th scope="row"><label for="itsec-wordpress-tweaks-disable_unused_author_pages"><?php 
        _e('Disable Extra User Archives', 'better-wp-security');
        ?>
</label></th>
			<td>
				<?php 
        $form->add_checkbox('disable_unused_author_pages');
        ?>
				<label for="itsec-wordpress-tweaks-disable_unused_author_pages"><?php 
        _e('Disables a user\'s author page if their post count is 0.', 'better-wp-security');
        ?>
</label>
				<p class="description"><?php 
        _e('This makes it harder for bots to determine usernames by disabling post archives for users that don\'t post to your site.', 'better-wp-security');
        ?>
</p>
			</td>
		</tr>
	</table>
<?php 
    }
function itsec_network_brute_force_add_notice()
{
    if (ITSEC_Modules::get_setting('network-brute-force', 'api_nag')) {
        ITSEC_Core::add_notice('itsec_network_brute_force_show_notice');
    }
}
 private function get_log_file()
 {
     if (isset($this->log_file)) {
         return $this->log_file;
         $this->rotate_log();
     }
     $log_location = ITSEC_Modules::get_setting('global', 'log_location');
     $log_info = ITSEC_Modules::get_setting('global', 'log_info');
     if (empty($log_info)) {
         // We need wp_generate_password() to create a cryptographically secure file name
         if (!function_exists('wp_generate_password')) {
             $this->log_file = false;
             return false;
         }
         $log_info = substr(sanitize_title(get_bloginfo('name')), 0, 20) . '-' . wp_generate_password(30, false);
         ITSEC_Modules::set_setting('global', 'log_info', $log_info);
     }
     $this->log_file = "{$log_location}/event-log-{$log_info}.log";
     return $this->log_file;
 }
Beispiel #21
0
 public static function change_content_directory($dir_name)
 {
     $dir_name = sanitize_file_name($dir_name);
     if (empty($dir_name)) {
         return new WP_Error('itsec-content-directory-utility-change-content-directory-empty-directory-name', __('The content directory cannot be changed to a blank directory name.', 'better-wp-security'));
     }
     if (preg_match('{^(?:/|\\|[a-z]:)}i', $dir_name)) {
         return new WP_Error('itsec-content-diraectory-utility-change-content-directory-received-absolute-path', sprintf(__('The new directory name cannot be an absolute path. Please supply a path that is relative to <code>ABSPATH</code> (<code>%s</code>).', 'better-wp-security'), esc_html(ABSPATH)));
     }
     if (0 === strpos(WP_CONTENT_DIR, ABSPATH)) {
         $old_name = substr(WP_CONTENT_DIR, strlen(ABSPATH));
         $new_name = $dir_name;
     } else {
         $old_name = WP_CONTENT_DIR;
         $new_name = ABSPATH . $dir_name;
     }
     $old_dir = WP_CONTENT_DIR;
     $new_dir = ABSPATH . $dir_name;
     if ($old_dir === $new_dir) {
         return new WP_Error('itsec-content-directory-utility-change-content-directory-received-same-directory', __('The new directory name cannot be the same as the current directory name. Please supply a new directory name.', 'better-wp-security'));
     }
     if (file_exists($new_dir)) {
         return new WP_Error('itsec-content-directory-utility-change-content-directory-path-already-exists', sprintf(__('A file or directory already exists at <code>%s</code>. No Directory Name changes have been made. Please choose a new Directory Name or remove the existing file or directory and try again.', 'better-wp-security'), esc_html($new_dir)));
     }
     require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
     $old_permissions = ITSEC_Lib_Directory::get_permissions($old_dir);
     $result = rename($old_dir, $new_dir);
     if (!$result) {
         /* translators: 1: Old directory path, 2: New directory path */
         return new WP_Error('itsec-content-directory-utility-change-content-directory-cannot-rename-directory', sprintf(__('Unable to rename the <code>%1$s</code> directory to <code>%2$s</code>. This could indicate a file permission issue or that your server does not support the supplied name as a valid directory name. No config file or directory changes have been made.', 'better-wp-security'), esc_html($old_name), esc_html($new_name)));
     }
     // Make sure ITSEC_Core knows it's in a different place
     $plugin_file = str_replace($old_dir, $new_dir, ITSEC_Core::get_plugin_file());
     ITSEC_Core::set_plugin_file($plugin_file);
     ITSEC_Core::update_wp_upload_dir($old_dir, $new_dir);
     ITSEC_Modules::update_module_paths($old_dir, $new_dir);
     $new_permissions = ITSEC_Lib_Directory::get_permissions($new_dir);
     if (is_int($old_permissions) && is_int($new_permissions) && $old_permissions != $new_permissions) {
         $result = ITSEC_Lib_Directory::chmod($new_dir, $old_permissions);
         if (is_wp_error($result)) {
             /* translators: 1: Directory path, 2: Directory permissions */
             return new WP_Error('itsec-content-directory-utility-change-content-directory-unable-to-change-permissions', sprintf(__('Unable to set the permissions of the new Directory Name (<code>%1$s</code>) to match the permissions of the old Directory Name. You may have to manually change the permissions of the directory to <code>%2$s</code> in order for your site to function properly.', 'better-wp-security'), esc_html($new_name), esc_html($old_permissions)));
         }
     }
     if ('wp-content' === $dir_name) {
         // We're undoing the change.
         $expression = self::get_wp_config_define_expression();
         $expression = substr($expression, 0, -1);
         $expression .= "[\r\n]*|";
         $modification_result = ITSEC_Lib_Config_File::remove_from_wp_config($expression);
     } else {
         $modification = self::get_wp_config_modification($new_dir, get_option('siteurl') . "/{$dir_name}");
         $modification_result = ITSEC_Lib_Config_File::append_wp_config($modification, true);
     }
     if (is_wp_error($modification_result)) {
         $rename_result = rename($new_dir, $old_dir);
         if ($rename_result) {
             // Reset the ITSEC_Core plugin file back to its old setting.
             $plugin_file = str_replace($new_dir, $old_dir, ITSEC_Core::get_plugin_file());
             ITSEC_Core::set_plugin_file($plugin_file);
             ITSEC_Core::update_wp_upload_dir($new_dir, $old_dir);
             ITSEC_Modules::update_module_paths($new_dir, $old_dir);
             ITSEC_Lib_Directory::chmod($old_dir, $old_permissions);
             /* translators: 1: Specific error details */
             return new WP_Error($modification_result->get_error_code(), sprintf(__('Unable to update the <code>wp-config.php</code> file. No directory or config file changes have been made. The error that prevented the file from updating is as follows: %1$s', 'better-wp-security'), $modification_result->get_error_message()));
         } else {
             /* translators: 1: Old directory path, 2: New directory path, 3: Specific error details */
             return new WP_Error($modification_result->get_error_code(), sprintf(__('CRITICAL ERROR: The <code>%1$s</code> directory was successfully renamed to the new name (<code>%2$s</code>). However, an error occurred when updating the <code>wp-config.php</code> file to configure WordPress to use the new content directory. iThemes Security attempted to rename the directory back to its original name, but an unknown error prevented the rename from working as expected. In order for your site to function properly, you will either need to manually rename the <code>%2$s</code> directory back to <code>%1$s</code> or manually update the <code>wp-config.php</code> file with the necessary modifications. The error that prevented the file from updating is as follows: %3$s', 'better-wp-security'), $old_name, $new_name, $modification_result->get_error_message()));
         }
     }
     $backups_location = ITSEC_Modules::get_setting('backup', 'location');
     $backups_location = str_replace($old_dir, $new_dir, $backups_location);
     ITSEC_Modules::set_setting('backup', 'location', $backups_location);
     $log_location = ITSEC_Modules::get_setting('global', 'log_location');
     $log_location = str_replace($old_dir, $new_dir, $log_location);
     ITSEC_Modules::set_setting('global', 'log_location', $log_location);
     $nginx_file = ITSEC_Modules::get_setting('global', 'nginx_file');
     $nginx_file = str_replace($old_dir, $new_dir, $nginx_file);
     ITSEC_Modules::set_setting('global', 'nginx_file', $nginx_file);
     return $dir_name;
 }
 /**
  * Sets an error message when a user has been forcibly logged out due to lockout
  *
  * @return string
  */
 public function set_lockout_error()
 {
     global $itsec_globals;
     //check to see if it's the logout screen
     if (isset($_GET['itsec']) && $_GET['itsec'] == true) {
         return '<div id="login_error">' . ITSEC_Modules::get_setting('global', 'user_lockout_message') . '</div>' . PHP_EOL;
     }
 }
 public static function is_iwp_call()
 {
     $self = self::get_instance();
     if (isset($self->is_iwp_call)) {
         return $self->is_iwp_call;
     }
     $self->is_iwp_call = false;
     if (false && !ITSEC_Modules::get_setting('global', 'infinitewp_compatibility')) {
         return false;
     }
     $HTTP_RAW_POST_DATA = @file_get_contents('php://input');
     if (!empty($HTTP_RAW_POST_DATA)) {
         $data = base64_decode($HTTP_RAW_POST_DATA);
         if (false !== strpos($data, 's:10:"iwp_action";')) {
             $self->is_iwp_call = true;
         }
     }
     return $self->is_iwp_call;
 }
Beispiel #24
0
function itsec_network_brute_force_add_notice()
{
    if (ITSEC_Modules::get_setting('network-brute-force', 'api_nag') && current_user_can(ITSEC_Core::get_required_cap())) {
        ITSEC_Core::add_notice('itsec_network_brute_force_show_notice');
    }
}
Beispiel #25
0
 /**
  * Sends email to recipient
  *
  * @since 4.5
  *
  * @param string       $subject     Email subject
  * @param string       $message     Message contents
  * @param string|array $headers     Optional. Additional headers.
  * @param string|array $attachments Optional. Files to attach.
  *
  * @return bool Whether the email contents were sent successfully.
  */
 private function send_mail($subject, $message, $headers = '', $attachments = array())
 {
     global $itsec_globals;
     $recipients = ITSEC_Modules::get_setting('global', 'notification_email');
     $all_success = true;
     add_filter('wp_mail_content_type', array($this, 'wp_mail_content_type'));
     foreach ($recipients as $recipient) {
         if (is_email(trim($recipient))) {
             if (defined('ITSEC_DEBUG') && ITSEC_DEBUG === true) {
                 $message .= '<p>' . __('Debug info (source page): ' . esc_url($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])) . '</p>';
             }
             $success = wp_mail(trim($recipient), $subject, '<html>' . $message . '</html>', $headers);
             if ($all_success === true && $success === false) {
                 $all_success = false;
             }
         }
     }
     remove_filter('wp_mail_content_type', array($this, 'wp_mail_content_type'));
     return $all_success;
 }
 public function filter_litespeed_server_config_modification($modification)
 {
     require_once dirname(__FILE__) . '/config-generators.php';
     if (ITSEC_Modules::get_setting('ban-users', 'default')) {
         $modification .= ITSEC_Ban_Users_Config_Generators::get_server_config_default_blacklist_rules('litespeed');
     }
     if (ITSEC_Modules::get_setting('ban-users', 'enable_ban_lists')) {
         $modification .= ITSEC_Ban_Users_Config_Generators::get_server_config_ban_hosts_rules('litespeed');
         $modification .= ITSEC_Ban_Users_Config_Generators::get_server_config_ban_user_agents_rules('litespeed');
     }
     return $modification;
 }
 /**
  * Executes backup function.
  *
  * Handles the execution of database backups.
  *
  * @since 4.0.0
  *
  * @param bool $one_time whether this is a one-time backup
  *
  * @return void
  */
 private function execute_backup($one_time = false)
 {
     global $wpdb, $itsec_globals, $itsec_logger;
     //get all of the tables
     if (isset($this->settings['all_sites']) && true === $this->settings['all_sites']) {
         $tables = $wpdb->get_results('SHOW TABLES', ARRAY_N);
         //retrieve a list of all tables in the DB
     } else {
         $tables = $wpdb->get_results('SHOW TABLES LIKE "' . $wpdb->base_prefix . '%"', ARRAY_N);
         //retrieve a list of all tables for this WordPress installation
     }
     $return = '';
     //cycle through each table
     foreach ($tables as $table) {
         $num_fields = sizeof($wpdb->get_results('DESCRIBE `' . $table[0] . '`;'));
         $return .= 'DROP TABLE IF EXISTS `' . $table[0] . '`;';
         $row2 = $wpdb->get_row('SHOW CREATE TABLE `' . $table[0] . '`;', ARRAY_N);
         $return .= PHP_EOL . PHP_EOL . $row2[1] . ";" . PHP_EOL . PHP_EOL;
         if (!in_array(substr($table[0], strlen($wpdb->prefix)), $this->settings['exclude'])) {
             $result = $wpdb->get_results('SELECT * FROM `' . $table[0] . '`;', ARRAY_N);
             foreach ($result as $row) {
                 $return .= 'INSERT INTO `' . $table[0] . '` VALUES(';
                 for ($j = 0; $j < $num_fields; $j++) {
                     $row[$j] = addslashes($row[$j]);
                     $row[$j] = preg_replace('#' . PHP_EOL . '#', "\n", $row[$j]);
                     if (isset($row[$j])) {
                         $return .= '"' . $row[$j] . '"';
                     } else {
                         $return .= '""';
                     }
                     if ($j < $num_fields - 1) {
                         $return .= ',';
                     }
                 }
                 $return .= ");" . PHP_EOL;
             }
         }
         $return .= PHP_EOL . PHP_EOL;
     }
     $return .= PHP_EOL . PHP_EOL;
     //save file
     $file = 'backup-' . substr(sanitize_title(get_bloginfo('name')), 0, 20) . '-' . current_time('Ymd-His') . '-' . wp_generate_password(30, false);
     require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php';
     $dir = $this->settings['location'];
     ITSEC_Lib_Directory::create($dir);
     $fileext = '.sql';
     $handle = @fopen($dir . '/' . $file . '.sql', 'w+');
     @fwrite($handle, $return);
     @fclose($handle);
     //zip the file
     if (true === $this->settings['zip']) {
         if (!class_exists('PclZip')) {
             require ABSPATH . 'wp-admin/includes/class-pclzip.php';
         }
         $zip = new PclZip($dir . '/' . $file . '.zip');
         if (0 != $zip->create($dir . '/' . $file . '.sql', PCLZIP_OPT_REMOVE_PATH, $dir)) {
             //delete .sql and keep zip
             @unlink($dir . '/' . $file . '.sql');
             $fileext = '.zip';
         }
     }
     if (2 !== $this->settings['method'] || true === $one_time) {
         require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-mailer.php';
         $mail = new ITSEC_Mail();
         $mail->add_header(esc_html__('Database Backup', 'better-wp-security'), sprintf(wp_kses(__('Site Database Backup for <b>%s</b>', 'better-wp-security'), array('b' => array())), date_i18n(get_option('date_format'))));
         $mail->add_info_box(esc_html__('Attached is the database backup file for your site.', 'better-wp-security'), 'attachment');
         $mail->add_section_heading(esc_html__('Website', 'better-wp-security'));
         $mail->add_text(esc_html(network_home_url()));
         $mail->add_section_heading(esc_html__('Date', 'better-wp-security'));
         $mail->add_text(esc_html(date_i18n(get_option('date_format'))));
         $mail->add_footer();
         $raw_recipients = ITSEC_Modules::get_setting('global', 'backup_email');
         $recipients = array();
         foreach ($raw_recipients as $recipient) {
             $recipient = trim($recipient);
             if (is_email($recipient)) {
                 $recipients[] = $recipient;
             }
         }
         $subject = sprintf(esc_html__('[%s] Database Backup', 'better-wp-security'), esc_url(network_home_url()));
         $subject = apply_filters('itsec_backup_email_subject', $subject);
         $attachment = array("{$dir}/{$file}{$fileext}");
         $mail_success = $mail->send($recipients, $subject, $attachment);
     }
     if (1 === $this->settings['method']) {
         @unlink($dir . '/' . $file . $fileext);
     } else {
         $retain = isset($this->settings['retain']) ? absint($this->settings['retain']) : 0;
         //delete extra files
         if (0 < $retain) {
             $files = scandir($dir, 1);
             $count = 0;
             if (is_array($files) && 0 < count($files)) {
                 foreach ($files as $file) {
                     if (strstr($file, 'backup')) {
                         if ($count >= $retain) {
                             @unlink(trailingslashit($dir) . $file);
                         }
                         $count++;
                     }
                 }
             }
         }
     }
     if (false === $one_time) {
         ITSEC_Modules::set_setting('backup', 'last_run', ITSEC_Core::get_current_time_gmt());
     }
     switch ($this->settings['method']) {
         case 0:
             if (false === $mail_success) {
                 $status = array('status' => __('Error', 'better-wp-security'), 'details' => __('saved locally but email to backup recipients could not be sent.', 'better-wp-security'));
             } else {
                 $status = array('status' => __('Success', 'better-wp-security'), 'details' => __('emailed to backup recipients and saved locally', 'better-wp-security'));
             }
             break;
         case 1:
             if (false === $mail_success) {
                 $status = array('status' => __('Error', 'better-wp-security'), 'details' => __('email to backup recipients could not be sent.', 'better-wp-security'));
             } else {
                 $status = array('status' => __('Success', 'better-wp-security'), 'details' => __('emailed to backup recipients', 'better-wp-security'));
             }
             break;
         default:
             $status = array('status' => __('Success', 'better-wp-security'), 'details' => __('saved locally', 'better-wp-security'));
             break;
     }
     $itsec_logger->log_event('backup', 3, array($status));
 }
Beispiel #28
0
 /**
  * Executes backup function.
  *
  * Handles the execution of database backups.
  *
  * @since 4.0.0
  *
  * @param bool $one_time whether this is a one-time backup
  *
  * @return void
  */
 private function execute_backup($one_time = false)
 {
     global $wpdb, $itsec_globals, $itsec_logger;
     //get all of the tables
     if (isset($this->settings['all_sites']) && true === $this->settings['all_sites']) {
         $tables = $wpdb->get_results('SHOW TABLES', ARRAY_N);
         //retrieve a list of all tables in the DB
     } else {
         $tables = $wpdb->get_results('SHOW TABLES LIKE "' . $wpdb->base_prefix . '%"', ARRAY_N);
         //retrieve a list of all tables for this WordPress installation
     }
     $return = '';
     //cycle through each table
     foreach ($tables as $table) {
         $num_fields = sizeof($wpdb->get_results('DESCRIBE `' . $table[0] . '`;'));
         $return .= 'DROP TABLE IF EXISTS `' . $table[0] . '`;';
         $row2 = $wpdb->get_row('SHOW CREATE TABLE `' . $table[0] . '`;', ARRAY_N);
         $return .= PHP_EOL . PHP_EOL . $row2[1] . ";" . PHP_EOL . PHP_EOL;
         if (!in_array(substr($table[0], strlen($wpdb->prefix)), $this->settings['exclude'])) {
             $result = $wpdb->get_results('SELECT * FROM `' . $table[0] . '`;', ARRAY_N);
             foreach ($result as $row) {
                 $return .= 'INSERT INTO `' . $table[0] . '` VALUES(';
                 for ($j = 0; $j < $num_fields; $j++) {
                     $row[$j] = addslashes($row[$j]);
                     $row[$j] = preg_replace('#' . PHP_EOL . '#', "\n", $row[$j]);
                     if (isset($row[$j])) {
                         $return .= '"' . $row[$j] . '"';
                     } else {
                         $return .= '""';
                     }
                     if ($j < $num_fields - 1) {
                         $return .= ',';
                     }
                 }
                 $return .= ");" . PHP_EOL;
             }
         }
         $return .= PHP_EOL . PHP_EOL;
     }
     $return .= PHP_EOL . PHP_EOL;
     //save file
     $file = 'backup-' . substr(sanitize_title(get_bloginfo('name')), 0, 20) . '-' . current_time('Ymd-His') . '-' . wp_generate_password(30, false);
     require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php';
     $dir = $this->settings['location'];
     ITSEC_Lib_Directory::create($dir);
     $fileext = '.sql';
     $handle = @fopen($dir . '/' . $file . '.sql', 'w+');
     @fwrite($handle, $return);
     @fclose($handle);
     //zip the file
     if (true === $this->settings['zip']) {
         if (!class_exists('PclZip')) {
             require ABSPATH . 'wp-admin/includes/class-pclzip.php';
         }
         $zip = new PclZip($dir . '/' . $file . '.zip');
         if (0 != $zip->create($dir . '/' . $file . '.sql', PCLZIP_OPT_REMOVE_PATH, $dir)) {
             //delete .sql and keep zip
             @unlink($dir . '/' . $file . '.sql');
             $fileext = '.zip';
         }
     }
     if (2 !== $this->settings['method'] || true === $one_time) {
         $attachment = array($dir . '/' . $file . $fileext);
         $body = __('Attached is the backup file for the database powering', 'better-wp-security') . ' ' . get_option('siteurl') . __(' taken', 'better-wp-security') . ' ' . date('l, F jS, Y \\a\\t g:i a', $itsec_globals['current_time']);
         //Setup the remainder of the email
         $recipients = ITSEC_Modules::get_setting('global', 'backup_email');
         $subject = __('Site Database Backup', 'better-wp-security') . ' ' . date('l, F jS, Y \\a\\t g:i a', $itsec_globals['current_time']);
         $subject = apply_filters('itsec_backup_email_subject', $subject);
         $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
         $mail_success = false;
         //Use HTML Content type
         add_filter('wp_mail_content_type', array($this, 'set_html_content_type'));
         //Send emails to all recipients
         foreach ($recipients as $recipient) {
             if (is_email(trim($recipient))) {
                 if (defined('ITSEC_DEBUG') && true === ITSEC_DEBUG) {
                     $body .= '<p>' . __('Debug info (source page): ' . esc_url($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])) . '</p>';
                 }
                 $mail_success = wp_mail(trim($recipient), $subject, '<html>' . $body . '</html>', $headers, $attachment);
             }
         }
         //Remove HTML Content type
         remove_filter('wp_mail_content_type', array($this, 'set_html_content_type'));
     }
     if (1 === $this->settings['method']) {
         @unlink($dir . '/' . $file . $fileext);
     } else {
         $retain = isset($this->settings['retain']) ? absint($this->settings['retain']) : 0;
         //delete extra files
         if (0 < $retain) {
             $files = scandir($dir, 1);
             $count = 0;
             if (is_array($files) && 0 < count($files)) {
                 foreach ($files as $file) {
                     if (strstr($file, 'backup')) {
                         if ($count >= $retain) {
                             @unlink(trailingslashit($dir) . $file);
                         }
                         $count++;
                     }
                 }
             }
         }
     }
     if (false === $one_time) {
         ITSEC_Modules::set_setting('backup', 'last_run', ITSEC_Core::get_current_time_gmt());
     }
     switch ($this->settings['method']) {
         case 0:
             if (false === $mail_success) {
                 $status = array('status' => __('Error', 'better-wp-security'), 'details' => __('saved locally but email to backup recipients could not be sent.', 'better-wp-security'));
             } else {
                 $status = array('status' => __('Success', 'better-wp-security'), 'details' => __('emailed to backup recipients and saved locally', 'better-wp-security'));
             }
             break;
         case 1:
             if (false === $mail_success) {
                 $status = array('status' => __('Error', 'better-wp-security'), 'details' => __('email to backup recipients could not be sent.', 'better-wp-security'));
             } else {
                 $status = array('status' => __('Success', 'better-wp-security'), 'details' => __('emailed to backup recipients', 'better-wp-security'));
             }
             break;
         default:
             $status = array('status' => __('Success', 'better-wp-security'), 'details' => __('saved locally', 'better-wp-security'));
             break;
     }
     $itsec_logger->log_event('backup', 3, array($status));
 }
 /**
  * Gets the version of jQuery enqueued
  */
 function store_jquery_version()
 {
     global $wp_scripts;
     if ((is_home() || is_front_page()) && is_user_logged_in()) {
         $stored_jquery_version = ITSEC_Modules::get_setting('wordpress-tweaks', 'jquery_version');
         $current_jquery_version = $wp_scripts->registered['jquery']->ver;
         if ($current_jquery_version !== $stored_jquery_version) {
             ITSEC_Modules::set_setting('wordpress-tweaks', 'jquery_version', $current_jquery_version);
         }
     }
 }