public function show_file_change_warning()
{
$args = array('file_change_dismiss_warning' => '1', 'nonce' => $this->dismiss_nonce);
$dismiss_url = add_query_arg($args, ITSEC_Core::get_settings_page_url());
$logs_url = ITSEC_Core::get_logs_page_url();
$message = __('iThemes Security noticed file changes in your WordPress site. Please review the logs to make sure your system has not been compromised.', 'better-wp-security');
echo "<div id='itsec-file-change-warning-dialog' class='error'>\n";
echo "<p>{$message}</p>\n";
echo "<p>";
echo "<a class='button-primary' href='" . esc_url($logs_url) . "'>" . __('View Logs', 'better-wp-security') . "</a> ";
echo "<a id='itsec-file-change-dismiss-warning' class='button-secondary' href='" . esc_url($dismiss_url) . "'>" . __('Dismiss Warning', 'better-wp-security') . "</a>";
echo "</p>\n";
echo "</div>\n";
}
/**
* Processes and sends daily digest message
*
* @since 4.5
*
* @return void
*/
public function init()
{
global $itsec_globals, $itsec_lockout;
if (is_404() || (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) && get_site_transient('itsec_notification_running') !== false) {
return;
}
if (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) {
set_site_transient('itsec_notification_running', true, 3600);
}
$messages = false;
$has_lockouts = true;
//assume a lockout has occured by default
if (isset($this->queue['messages']) && sizeof($this->queue['messages']) > 0) {
$messages = $this->queue['messages'];
}
$host_count = sizeof($itsec_lockout->get_lockouts('host', true));
$user_count = sizeof($itsec_lockout->get_lockouts('user', true));
if ($host_count == 0 && $user_count == 0) {
$has_lockouts = false;
$lockout_message = __('There have been no lockouts since the last email check.', 'better-wp-security');
} elseif ($host_count === 0 && $user_count > 1) {
$lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $user_count, __('users or usernames locked out for attempting to log in with incorrect credentials.', 'better-wp-security'));
} elseif ($host_count === 0 && $user_count == 1) {
$lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $user_count, __('user or username locked out for attempting to log in with incorrect credentials.', 'better-wp-security'));
} elseif ($host_count == 1 && $user_count === 0) {
$lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $host_count, __('host locked out.', 'better-wp-security'));
} elseif ($host_count > 1 && $user_count === 0) {
$lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $host_count, __('hosts locked out.', 'better-wp-security'));
} else {
$lockout_message = sprintf('%s %s %s %s %s %s %s', __('There have been', 'better-wp-security'), $user_count + $host_count, __('lockout(s) including', 'better-wp-security'), $user_count, __('user(s) and', 'better-wp-security'), $host_count, __('host(s) locked out of your site.', 'better-wp-security'));
}
if ($has_lockouts !== false || $messages !== false) {
$module_message = '';
if (is_array($messages)) {
foreach ($messages as $message) {
if (is_string($message)) {
$module_message .= '<p>' . $message . '</p>';
}
}
}
$body = sprintf('<p>%s,</p><p>%s <a href="%s">%s</a></p><p><strong>%s: </strong>%s</p>%s<p>%s %s</p><p>%s <a href="%s">%s</a>.</p>', __('Dear Site Admin', 'better-wp-security'), __('The following is a summary of security related activity on your site. For details please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_logs_page_url()), __('the security logs', 'better-wp-security'), __('Lockouts', 'better-wp-security'), $lockout_message, $module_message, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security'));
//Setup the remainder of the email
$subject = '[' . get_option('siteurl') . '] ' . __('Daily Security Digest', 'better-wp-security');
$subject = apply_filters('itsec_lockout_email_subject', $subject);
$headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
$this->send_mail($subject, $body, $headers);
}
$this->queue = array('last_sent' => $itsec_globals['current_time_gmt'], 'messages' => array());
update_site_option('itsec_message_queue', $this->queue);
}
public function add_footer()
{
$footer = '';
if (!ITSEC_Core::is_pro()) {
$callout = $this->get_template('pro-callout.html');
$replacements = array('two_factor' => esc_html__('Want two-factor authentication, scheduled malware scanning, ticketed support and more?', 'better-wp-security'), 'get_pro' => esc_html__('Get iThemes Security Pro', 'better-wp-security'), 'why_pro' => sprintf(wp_kses(__('Why go Pro? <a href="%s">Check out the Free/Pro comparison chart.</a>', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/security/why-go-pro/')));
$footer .= $this->replace_all($callout, $replacements);
} else {
$this->add_divider();
}
$footer .= $this->get_template('footer.html');
$replacements = array('security_resources' => esc_html__('Security Resources', 'better-wp-security'), 'articles' => esc_html__('Articles', 'better-wp-security'), 'articles_content' => sprintf(wp_kses(__('Read the latest in WordPress Security news, tips, and updates on <a href="%s">iThemes Blog</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/category/wordpress-security/')), 'tutorials' => esc_html__('Tutorials', 'better-wp-security'), 'tutorials_content' => sprintf(wp_kses(__('Make the most of iThemes Security features with our <a href="%s">free iThemes Security tutorials</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/tutorial/category/ithemes-security/')), 'help_and_support' => esc_html__('Help & Support', 'better-wp-security'), 'documentation' => esc_html__('Documentation', 'better-wp-security'), 'documentation_content' => sprintf(wp_kses(__('Read iThemes Security documentation and Frequently Asked Questions on <a href="%s">the Codex</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('http://ithemes.com/codex/page/IThemes_Security')), 'support' => esc_html__('Support', 'better-wp-security'), 'pro' => esc_html__('Pro', 'better-wp-security'), 'support_content' => sprintf(wp_kses(__('Pro customers can contact <a href="%s">iThemes Helpdesk</a> for help. Our support team answers questions Monday – Friday, 8am – 5pm (CST).', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://members.ithemes.com/panel/helpdesk.php')), 'security_settings_link' => esc_url(ITSEC_Core::get_settings_page_url()), 'unsubscribe_link_text' => esc_html__('This email was generated by the iThemes Security plugin.', 'better-wp-security') . '<br>' . esc_html__('To unsubscribe from these updates, visit the Settings page in the iThemes Security plugin menu.', 'better-wp-security'), 'security_guide' => esc_html__('Free WordPress Security Guide', 'better-wp-security'), 'security_guide_content' => sprintf(wp_kses(__('Learn simple WordPress security tips — including 3 kinds of security your site needs and 4 best security practices for keeping your WordPress site safe with our <a href="%s">free guide</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/publishing/wordpress-security/')));
$footer = $this->replace_all($footer, $replacements);
$this->content .= $footer;
}
function itsec_network_brute_force_show_notice()
{
echo '<div id="itsec-notice-network-brute-force" class="updated itsec-notice"><span class="it-icon-itsec"></span>' . __('New! Take your site security to the next level by activating iThemes Brute Force Network Protection.', 'better-wp-security') . '<a class="itsec-notice-button" href="' . esc_url(wp_nonce_url(add_query_arg(array('module' => 'network-brute-force', 'enable' => 'network-brute-force'), ITSEC_Core::get_settings_page_url()), 'itsec-enable-network-brute-force', 'itsec-enable-nonce')) . '" onclick="document.location.href=\'?itsec_no_api_nag=off&_wpnonce=' . wp_create_nonce('itsec-nag') . '\';">' . __('Get Free API Key', 'better-wp-security') . '</a>' . '<button class="itsec-notice-hide" data-nonce="' . wp_create_nonce('dismiss-brute-force-network-notice') . '" data-source="brute_force_network">×</button>' . '</div>';
}
/**
* Sends an email to notify site admins of lockouts
*
* @since 4.0
*
* @param string $host the host to lockout
* @param int $user the user id to lockout
* @param string $username the username to lockout
* @param string $host_expiration when the host login expires
* @param string $user_expiration when the user lockout expires
* @param string $reason the reason for the lockout to show to the user
*
* @return void
*/
private function send_lockout_email($host, $user, $username, $host_expiration, $user_expiration, $reason)
{
global $itsec_globals;
$itsec_notify = ITSEC_Core::get_itsec_notify();
if (!ITSEC_Modules::get_setting('global', 'digest_email')) {
$plural_text = __('has', 'better-wp-security');
//Tell which host was locked out
if ($host !== false) {
$host_text = sprintf('%s, <a href="http://www.traceip.net/?query=%s"><strong>%s</strong></a>, ', __('host', 'better-wp-security'), urlencode($host), sanitize_text_field($host));
$host_expiration_text = __('The host has been locked out ', 'better-wp-security');
if ($host_expiration === false) {
$host_expiration_text .= '<strong>' . __('permanently', 'better-wp-security') . '</strong>';
$release_text = sprintf(__('To release the host lockout you can remove the host from the <a href="%1$s">host list</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
} else {
$host_expiration_text .= sprintf('<strong>%s %s</strong>', __('until', 'better-wp-security'), sanitize_text_field($host_expiration));
$release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the admin area</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
}
} else {
$host_expiration_text = '';
$host_text = '';
$release_text = '';
}
$user_object = get_userdata($user);
//try to get and actual user object
//Tell them which user was locked out and setup the expiration copy
if ($user_object !== false || $username !== false) {
if ($user_object !== false) {
$login = $user_object->user_login;
} else {
$login = sanitize_text_field($username);
}
if ($host_text === '') {
$user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('The user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration));
$user_text = sprintf('%s, <strong>%s</strong>, ', __('user', 'better-wp-security'), $login);
$release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
} else {
$user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('and the user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration));
$plural_text = __('have', 'better-wp-security');
$user_text = sprintf('%s, <strong>%s</strong>, ', __('and a user', 'better-wp-security'), $login);
if ($host_expiration === false) {
$release_text = sprintf(__('To release the user lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
} else {
$release_text = sprintf(__('To release the lockouts please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()));
}
}
} else {
$user_expiration_text = '.';
$user_text = '';
$release_text = '';
}
//Put the copy all together
$body = sprintf('<p>%s,</p><p>%s %s %s %s %s <a href="%s">%s</a> %s <strong>%s</strong>.</p><p>%s %s</p><p>%s</p><p><em>*%s %s. %s <a href="%s">%s</a>.</em></p>', __('Dear Site Admin', 'better-wp-security'), __('A', 'better-wp-security'), $host_text, $user_text, $plural_text, __(' been locked out of the WordPress site at', 'better-wp-security'), get_option('siteurl'), get_option('siteurl'), __('due to', 'better-wp-security'), sanitize_text_field($reason), $host_expiration_text, $user_expiration_text, $release_text, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security'));
//Setup the remainder of the email
$subject = '[' . get_option('siteurl') . '] ' . __('Site Lockout Notification', 'better-wp-security');
$subject = apply_filters('itsec_lockout_email_subject', $subject);
$headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
$args = array('headers' => $headers, 'message' => $body, 'subject' => $subject);
$itsec_notify->notify($args);
}
}
private function show_settings_page()
{
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-wp-list-table.php';
if (isset($_GET['filter'])) {
$filter = $_GET['filter'];
} else {
$filter = 'all';
}
$form = new ITSEC_Form();
$filters = array('all' => __('All Log Data', 'better-wp-security'));
foreach ($this->logger_displays as $log_provider) {
$filters[$log_provider['module']] = $log_provider['title'];
}
$form->set_option('filter', $filter);
?>
<div class="wrap">
<h1>
<?php
_e('iThemes Security', 'better-wp-security');
?>
<a href="<?php
echo esc_url(ITSEC_Core::get_settings_page_url());
?>
" class="page-title-action"><?php
_e('Manage Settings', 'better-wp-security');
?>
</a>
<a href="<?php
echo esc_url(apply_filters('itsec_support_url', 'https://wordpress.org/support/plugin/better-wp-security'));
?>
" class="page-title-action"><?php
_e('Support', 'better-wp-security');
?>
</a>
</h1>
<div id="itsec-settings-messages-container">
<?php
foreach (ITSEC_Response::get_errors() as $error) {
ITSEC_Lib::show_error_message($error);
}
foreach (ITSEC_Response::get_messages() as $message) {
ITSEC_Lib::show_status_message($message);
}
?>
</div>
<div id="poststuff">
<div id="post-body" class="metabox-holder columns-2 hide-if-no-js">
<div id="postbox-container-2" class="postbox-container">
<?php
if ('file' === ITSEC_Modules::get_setting('global', 'log_type')) {
?>
<p><?php
_e('To view logs within the plugin you must enable database logging in the Global Settings. File logging is not available for access within the plugin itself.', 'better-wp-security');
?>
</p>
<?php
} else {
?>
<div class="itsec-module-cards-container list">
<p><?php
_e('Below are various logs of information collected by iThemes Security Pro. This information can help you get a picture of what is happening with your site and the level of success you have achieved in your security efforts.', 'better-wp-security');
?>
</p>
<p><?php
_e('Logging settings can be managed in the Global Settings.', 'better-wp-security');
?>
</p>
<?php
$form->start_form('itsec-module-settings-form');
?>
<?php
$form->add_nonce('itsec-settings-page');
?>
<p><?php
$form->add_select('filter', $filters);
?>
</p>
<?php
$form->end_form();
?>
<?php
$this->show_filtered_logs($filter);
?>
</div>
<?php
}
?>
</div>
<div class="itsec-modal-background"></div>
<div id="postbox-container-1" class="postbox-container">
<?php
foreach ($this->widgets as $id => $widget) {
?>
<?php
$form->start_form("itsec-sidebar-widget-form-{$id}");
?>
<?php
$form->add_nonce('itsec-logs-page');
?>
<?php
$form->add_hidden('widget-id', $id);
?>
<div id="itsec-sidebar-widget-<?php
echo $id;
?>
" class="postbox itsec-sidebar-widget">
<h3 class="hndle ui-sortable-handle"><span><?php
echo esc_html($widget->title);
?>
</span></h3>
<div class="inside">
<?php
$this->get_widget_settings($id, $form, true);
?>
</div>
</div>
<?php
$form->end_form();
?>
<?php
}
?>
</div>
</div>
<div class="hide-if-js">
<p class="itsec-warning-message"><?php
_e('iThemes Security requires Javascript in order for the settings to be modified. Please enable Javascript to configure the settings.', 'better-wp-security');
?>
</p>
</div>
</div>
</div>
<?php
}
