/** * Build rewrite rules * * @since 4.0 * * @param array $input options to build rules from * * @return array rules to write */ public static function build_rewrite_rules($input = null) { $home_root = ITSEC_Lib::get_home_root(); $server_type = ITSEC_Lib::get_server(); //Get the server type to build the right rules //Get the rules from the database if input wasn't sent if ($input === null) { $input = get_site_option('itsec_hide_backend'); } $rules = ''; //initialize all rules to blank string //don't add any rules if the module hasn't been enabled if ($input['enabled'] == true) { if ($server_type == 'nginx') { $rules .= "\t# " . __('Rules to hide the dashboard', 'it-l10n-ithemes-security-pro') . PHP_EOL . "\trewrite ^(" . $home_root . ")?" . $input['slug'] . "/?\$ " . $home_root . "wp-login.php?\$query_string break;" . PHP_EOL; } else { $rules .= "\t# " . __('Rules to hide the dashboard', 'it-l10n-ithemes-security-pro') . PHP_EOL . "\tRewriteRule ^(" . $home_root . ")?" . $input['slug'] . "/?\$ " . $home_root . "wp-login.php [QSA,L]" . PHP_EOL; } if ($input['register'] != 'wp-register.php') { if ($server_type == 'nginx') { $rules .= "\trewrite ^(" . $home_root . ")?" . $input['register'] . "/?\$ " . $home_root . $input['slug'] . "?action=register break;" . PHP_EOL; } else { $rules .= "\tRewriteRule ^(" . $home_root . ")?" . $input['register'] . "/?\$ /wplogin?action=register [QSA,L]" . PHP_EOL; } } } if (strlen($rules) > 0) { $rules = explode(PHP_EOL, $rules); } else { $rules = false; } //create a proper array for writing return array('type' => 'htaccess', 'priority' => 9, 'name' => 'Hide Backend', 'rules' => $rules); }
/** * Redirects to or from SSL where appropriate * * @return void */ function ssl_redirect() { global $post; $hide_options = get_site_option('itsec_hide_backend'); if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) { return; } if (is_singular() && $this->settings['frontend'] == 1) { $require_ssl = get_post_meta($post->ID, 'itsec_enable_ssl', true); $bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl', true); if ($bwps_ssl == 1) { $require_ssl = 1; delete_post_meta($post->ID, 'bwps_enable_ssl'); update_post_meta($post->ID, 'itsec_enable_ssl', true); } elseif ($bwps_ssl != 1) { delete_post_meta($post->ID, 'bwps_enable_ssl'); if ($require_ssl != 1) { delete_post_meta($post->ID, 'itsec_enable_ssl'); } } if ($require_ssl == 1 && $this->is_ssl() === false || $require_ssl != 1 && $this->is_ssl() === true) { $href = ($_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; wp_redirect($href, 302); } } else { if ($this->settings['frontend'] == 2 && !$this->is_ssl() || ($this->settings['frontend'] == 0 || $this->settings['frontend'] == 1) && $this->is_ssl()) { $href = ($_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; wp_redirect($href, 302); } } }
public static function filter_nginx_server_config_modification($modification, $settings) { $home_root = ITSEC_Lib::get_home_root(); $modification .= "\n"; $modification .= "\t# " . __('Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security') . "\n"; $modification .= "\trewrite ^({$home_root})?{$settings['slug']}/?\$ {$home_root}wp-login.php?\$query_string break;\n"; if ('wp-register.php' != $settings['register']) { $modification .= "\trewrite ^({$home_root})?{$settings['register']}/?\$ {$home_root}{$settings['slug']}?action=register break;\n"; } return $modification; }
/** * Redirects to or from SSL where appropriate * * @since 4.0 * * @return void */ public function do_conditional_ssl_redirect() { $hide_options = get_site_option('itsec_hide_backend', array()); if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) { return; } $settings = ITSEC_Modules::get_settings('ssl'); if (2 === $settings['frontend']) { $protocol = 'https'; } else { if (1 === $settings['frontend'] && is_singular()) { global $post; $bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl'); if (!empty($bwps_ssl)) { if ($bwps_ssl[0]) { $protocol = 'https'; update_post_meta($post->ID, 'itsec_enable_ssl', true); } delete_post_meta($post->ID, 'bwps_enable_ssl'); } if (!isset($protocol)) { $enable_ssl = get_post_meta($post->ID, 'itsec_enable_ssl'); if (!empty($enable_ssl)) { if ($enable_ssl[0]) { $protocol = 'https'; } else { delete_post_meta($post->ID, 'itsec_enable_ssl'); } } } } else { return; } } if (!isset($protocol)) { $protocol = 'http'; } $is_ssl = is_ssl(); if ($is_ssl && 'http' == $protocol) { $redirect = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; } else { if (!$is_ssl && 'https' == $protocol) { $redirect = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; } } if (isset($redirect)) { wp_redirect($redirect, 301); exit; } }
/** * Execute hide backend functionality * * @since 4.0 * * @return void */ public function execute_hide_backend() { if (get_site_option('users_can_register') == 1 && isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $this->settings['register']) { wp_redirect(wp_login_url() . '?action=register'); exit; } //redirect wp-admin and wp-register.php to 404 when not logged in if ((get_site_option('users_can_register') == false && (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && is_user_logged_in() !== true || is_admin() && is_user_logged_in() !== true || ($this->settings['register'] != 'wp-register.php' && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') !== false || strpos($_SERVER['REQUEST_URI'], 'wp-signup.php') !== false || isset($_REQUEST['redirect_to']) && strpos($_REQUEST['redirect_to'], 'wp-admin/customize.php') !== false)) && strpos($_SERVER['REQUEST_URI'], 'admin-ajax.php') === false && $this->auth_cookie_expired === false) { global $itsec_is_old_admin; $itsec_is_old_admin = true; if (isset($this->settings['theme_compat']) && $this->settings['theme_compat'] === true) { //theme compat (process theme and redirect to a 404) wp_redirect(ITSEC_Lib::get_home_root() . sanitize_title(isset($this->settings['theme_compat_slug']) ? $this->settings['theme_compat_slug'] : 'not_found'), 302); exit; } else { // Throw a 403 forbidden wp_die(__('This has been disabled.', 'better-wp-security'), 403); } } $url_info = parse_url($_SERVER['REQUEST_URI']); $login_path = site_url($this->settings['slug'], 'relative'); $login_path_trailing_slash = site_url($this->settings['slug'] . '/', 'relative'); if ($url_info['path'] === $login_path || $url_info['path'] === $login_path_trailing_slash) { if (!is_user_logged_in()) { //Add the login form if (isset($this->settings['post_logout_slug']) && strlen(trim($this->settings['post_logout_slug'])) > 0 && isset($_GET['action']) && sanitize_text_field($_GET['action']) == trim($this->settings['post_logout_slug'])) { do_action('itsec_custom_login_slug'); //add hook here for custom users } //suppress error messages due to timing error_reporting(0); @ini_set('display_errors', 0); status_header(200); //don't allow domain mapping to redirect if (defined('DOMAIN_MAPPING') && DOMAIN_MAPPING == 1) { remove_action('login_head', 'redirect_login_to_orig'); } if (!function_exists('login_header')) { include ABSPATH . 'wp-login.php'; exit; } } elseif (!isset($_GET['action']) || sanitize_text_field($_GET['action']) != 'logout' && sanitize_text_field($_GET['action']) != 'postpass' && (isset($this->settings['post_logout_slug']) && strlen(trim($this->settings['post_logout_slug'])) > 0 && sanitize_text_field($_GET['action']) != trim($this->settings['post_logout_slug']))) { //Just redirect them to the dashboard (for logged in users) if ($this->auth_cookie_expired === false) { wp_redirect(get_admin_url()); exit; } } elseif (isset($_GET['action']) && (sanitize_text_field($_GET['action']) == 'postpass' || isset($this->settings['post_logout_slug']) && strlen(trim($this->settings['post_logout_slug'])) > 0 && sanitize_text_field($_GET['action']) == trim($this->settings['post_logout_slug']))) { //handle private posts for if (isset($this->settings['post_logout_slug']) && strlen(trim($this->settings['post_logout_slug'])) > 0 && sanitize_text_field($_GET['action']) == trim($this->settings['post_logout_slug'])) { do_action('itsec_custom_login_slug'); //add hook here for custom users } //suppress error messages due to timing error_reporting(0); @ini_set('display_errors', 0); status_header(200); //its a good login page. make sure we say so //include the login page where we need it if (!function_exists('login_header')) { include ABSPATH . '/wp-login.php'; exit; } //Take them back to the page if we need to if (isset($_SERVER['HTTP_REFERRER'])) { wp_redirect(sanitize_text_field($_SERVER['HTTP_REFERRER'])); exit; } } } }
/** * Processes file writing after saving options. * * Looks to see if rewrites_changed is true and starts file writing process as appropriate * * @since 4.0.0 * * @return void */ public function admin_init() { global $itsec_globals; if (true === $this->rewrites_changed) { if (isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) { do_action('itsec_pre_save_rewrites'); $rewrites = $this->save_rewrites(); if (is_array($rewrites)) { if (false === $rewrites['success']) { add_settings_error('itsec', esc_attr('settings_updated'), $rewrites['text'], 'error'); require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php'; $file = ITSEC_Lib_Config_File::get_server_config_file_path(); $message = sprintf(__('Unable to update the <code>%1$s</code> file. You may need to manually remove the existing iThemes Security modifications and replace them with the rules found at <a href="%2$s">Security > Dashboard</a> under the "Rewrite Rules" section.', 'better-wp-security'), $file, admin_url('admin.php?page=itsec#itsec_rewrite')); add_settings_error('itsec', esc_attr('settings_updated'), $message, 'error'); } else { if (true !== $rewrites['text']) { add_settings_error('itsec', esc_attr('settings_updated'), __('Settings Updated', 'better-wp-security') . '<br />' . $rewrites['text'], 'updated'); } } } else { add_site_option('itsec_manual_update', true); } } else { add_site_option('itsec_manual_update', true); } } if (true === $this->config_changed) { if (isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) { do_action('itsec_pre_save_configs'); $configs = $this->save_wpconfig(); if (is_array($configs)) { if (false === $configs['success']) { add_settings_error('itsec', esc_attr('settings_updated'), $configs['text'], 'error'); $message = sprintf(__('Unable to update the <code>%1$s</code> file. You may need to manually remove the existing iThemes Security modifications and replace them with the rules found at <a href="%2$s">Security > Dashboard</a> under the "wp-config.php Rules" section.', 'better-wp-security'), ABSPATH . 'wp-config.php', admin_url('admin.php?page=itsec#itsec_wpconfig')); add_settings_error('itsec', esc_attr('settings_updated'), $message, 'error'); } if (1 == get_site_option('itsec_clear_login')) { delete_site_option('itsec_clear_login'); wp_clear_auth_cookie(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); exit; } } else { add_site_option('itsec_manual_update', true); } } else { add_site_option('itsec_manual_update', true); } } }
/** * Execute admin initializations * * @return void */ public function initialize_admin() { $this->settings = username_exists('admin') || ITSEC_Lib::user_id_exists(1) ? false : true; if (!$this->settings === true && isset($_POST['itsec_enable_admin_user']) && $_POST['itsec_enable_admin_user'] == 'true') { if (!wp_verify_nonce($_POST['wp_nonce'], 'ITSEC_admin_save')) { die(__('Security check', 'it-l10n-ithemes-security-pro')); } //Process admin user $username = isset($_POST['itsec_admin_user_username']) ? trim(sanitize_text_field($_POST['itsec_admin_user_username'])) : null; $change_id_1 = isset($_POST['itsec_admin_user_id']) && intval($_POST['itsec_admin_user_id'] == 1) ? true : false; $admin_success = true; if (strlen($username) >= 1) { $admin_success = $this->change_admin_user($username, $change_id_1); } elseif ($change_id_1 === true) { $admin_success = $this->change_admin_user(null, $change_id_1); } if ($admin_success === false) { $type = 'error'; $message = __('The new admin username you entered is invalid or WordPress could not change the user id or username. Please check the name and try again.', 'it-l10n-ithemes-security-pro'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = true; } if ($admin_success === true) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); } } }
/** * Sanitize and validate input * * @since 4.6.0 */ public function process_salts() { global $itsec_files, $itsec_globals; //suppress error messages due to timing error_reporting(0); @ini_set('display_errors', 0); $rules = $this->build_salts_rules(); $itsec_files->set_wpconfig($rules); $configs = $itsec_files->save_wpconfig(); if (is_array($configs)) { if ($configs['success'] === false) { $type = 'error'; $message = $configs['text']; add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } if (!$configs) { $type = 'error'; $message = __('Unable change the WordPress Salts. Operation cancelled.', 'it-l10n-better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } } else { add_site_option('itsec_manual_update', true); } $this->settings = true; //this tells the form field that all went well. if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = true; } if ($this->settings === true) { update_site_option('itsec_salts', $itsec_globals['current_time_gmt']); wp_clear_auth_cookie(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); } }
/** * Sanitize and validate input * * @since 4.6.0 */ public function process_salts() { global $itsec_globals; require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' ); require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-file.php' ); $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path(); $config = ITSEC_Lib_File::read( $config_file_path ); $error = ''; if ( is_wp_error( $config ) ) { $error = sprintf( __( 'Unable to read the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'it-l10n-ithemes-security-pro' ), $config->get_error_message(), $config->get_error_code() ); } else { $defines = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT', ); foreach ( $defines as $define ) { $new_salt = $this->get_salt(); $new_salt = str_replace( '$', '\\$', $new_salt ); $regex = "/(define\s*\(\s*(['\"])$define\\2\s*,\s*)(['\"]).+?\\3(\s*\)\s*;)/"; $config = preg_replace( $regex, "\${1}'$new_salt'\${4}", $config ); } $write_result = ITSEC_Lib_File::write( $config_file_path, $config ); if ( is_wp_error( $write_result ) ) { $error = sprintf( __( 'Unable to update the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'it-l10n-ithemes-security-pro' ), $config->get_error_message(), $config->get_error_code() ); } } if ( ! empty( $error ) ) { add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $error, 'error' ); add_site_option( 'itsec_manual_update', true ); } $this->settings = true; //this tells the form field that all went well. if ( is_multisite() ) { if ( ! empty( $error ) ) { $error_handler = new WP_Error(); $error_handler->add( 'error', $error ); $this->core->show_network_admin_notice( $error_handler ); } else { $this->core->show_network_admin_notice( false ); } $this->settings = true; } if ( $this->settings === true ) { update_site_option( 'itsec_salts', $itsec_globals['current_time_gmt'] ); wp_clear_auth_cookie(); $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect( $redirect_to ); } }
public function filter_nginx_server_config_modification($modification) { $input = get_site_option('itsec_hide_backend'); if (true != $input['enabled']) { return $modification; } $home_root = ITSEC_Lib::get_home_root(); $modification .= "\n"; $modification .= "\t# " . __('Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'it-l10n-better-wp-security') . "\n"; $modification .= "\trewrite ^({$home_root})?{$input['slug']}/?\$ {$home_root}wp-login.php?\$query_string break;\n"; if ('wp-register.php' != $input['register']) { $modification .= "\trewrite ^({$home_root})?{$input['register']}/?\$ {$home_root}{$input['slug']}?action=register break;\n"; } return $modification; }