function bps_wpadmin_htaccess_status_dashboard()
{
    if (current_user_can('manage_options')) {
        global $bps_version, $bps_last_version, $aitpro_bullet;
        if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
            $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
            if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
                return;
            }
            $filename = ABSPATH . 'wp-admin/.htaccess';
            $permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
            $check_string = @file_get_contents($filename);
            $section = @file_get_contents($filename, NULL, NULL, 3, 46);
            $bps_wpadmin_upgrade = '';
            $pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
            $pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
            $pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
            $pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
            $BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
            $BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
            if (!file_exists($filename)) {
                $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your wp-admin folder. Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' for more specific information.', 'bulletproof-security') . '</font><br><font color="blue">' . __('BPS First Time|New Installation', 'bulletproof-security') . '</font><br>' . __('If you are installing BPS for the first time click here ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php">' . __('Security Modes page', 'bulletproof-security') . '</a>' . __(' and then click the AutoMagic, Setup Steps & Other Help Info Read Me help button for BPS Setup Steps.', 'bulletproof-security') . '</div>';
                echo $text;
            } else {
                if (file_exists($filename)) {
                    switch ($bps_version) {
                        case $bps_last_version:
                            // for Testing
                            if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
                                // echo or print for testing
                            }
                            break;
                        case !strpos($check_string, "BULLETPROOF"):
                            $text = '<div style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:0px 5px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('The BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('Go to the ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php">' . __('Security Modes page', 'bulletproof-security') . '</a>' . __(' and Activate wp-admin Folder BulletProof Mode.', 'bulletproof-security') . '</div>';
                            echo $text;
                            break;
                        case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
                            if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
                                // Windows IIS, XAMPP, etc
                                @chmod($filename, 0644);
                            }
                            $stringReplace = @file_get_contents($filename);
                            $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
                            if (preg_match($pattern10a, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern10b, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern10c, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern1, $stringReplace, $matches)) {
                                $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
                            }
                            file_put_contents($filename, $stringReplace);
                            if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
                                //print("Testing wp-admin auto-update");
                                $bps_wpadmin_upgrade = 'upgrade';
                            }
                            // end upgrade processing
                            break;
                        case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
                            $bps_status_display = get_option('bulletproof_security_options_status_display');
                            if ($bps_status_display['bps_status_display'] != 'Off') {
                                if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
                                    $WBM = $aitpro_bullet . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#WBM-Link" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
                                    $WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
                                    echo '<div id="bps-status-display" style="background-color:#eeeeee;font-weight:bold;float:left;margin:0px;">' . $WBM_str . '</div>';
                                }
                            }
                            break;
                        default:
                            if ($bps_wpadmin_upgrade != 'upgrade') {
                                $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
                                echo $text;
                            }
                    }
                }
            }
        }
    }
}
Exemple #2
0
function bps_wpadmin_htaccess_status_dashboard()
{
    if (current_user_can('manage_options')) {
        global $bps_version, $bps_last_version, $aitpro_bullet;
        if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
            $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
            if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
                return;
            }
            $filename = ABSPATH . 'wp-admin/.htaccess';
            $permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
            $check_string = @file_get_contents($filename);
            $section = @file_get_contents($filename, NULL, NULL, 3, 46);
            $bps_wpadmin_upgrade = '';
            $pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
            $pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
            $pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
            $pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
            $BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
            $BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
            if (!file_exists($filename)) {
                // Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
                if (!get_option('bulletproof_security_options_wizard_free')) {
                    // display nothing. Notice is already displayed in the root htaccess function.
                } else {
                    $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security') . '</font><br>' . __('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security') . '<br>' . __('After you are done troubleshooting ', 'bulletproof-security') . '</font><a href="admin.php?page=bulletproof-security/admin/wizard/wizard.php">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you deleted the wp-admin htaccess file due to bad/invalid Custom Code causing a problem then ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-7">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, delete the bad/invalid wp-admin Custom Code and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
                    echo $text;
                }
            } else {
                if (file_exists($filename)) {
                    switch ($bps_version) {
                        case $bps_last_version:
                            // for Testing
                            if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
                                // echo or print for testing
                            }
                            break;
                        case !strpos($check_string, "BULLETPROOF"):
                            // Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
                            if (!get_option('bulletproof_security_options_wizard_free')) {
                                // display nothing. Notice is already displayed in the root htaccess function.
                            } else {
                                $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('he BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br><a href="admin.php?page=bulletproof-security/admin/wizard/wizard.php">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security') . '<br><a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-7">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
                                echo $text;
                            }
                            break;
                        case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
                            if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
                                // Windows IIS, XAMPP, etc
                                @chmod($filename, 0644);
                            }
                            $stringReplace = @file_get_contents($filename);
                            $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
                            if (preg_match($pattern10a, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern10b, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern10c, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern1, $stringReplace, $matches)) {
                                $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
                            }
                            file_put_contents($filename, $stringReplace);
                            if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
                                //print("Testing wp-admin auto-update");
                                $bps_wpadmin_upgrade = 'upgrade';
                            }
                            // end upgrade processing
                            break;
                        case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
                            $bps_status_display = get_option('bulletproof_security_options_status_display');
                            if ($bps_status_display['bps_status_display'] != 'Off') {
                                if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
                                    $WBM = $aitpro_bullet . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#WBM-Link" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
                                    $WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
                                    echo '<div id="bps-status-display" style="background-color:#eeeeee;font-weight:bold;float:left;margin:0px;">' . $WBM_str . '</div>';
                                }
                            }
                            break;
                        default:
                            if ($bps_wpadmin_upgrade != 'upgrade') {
                                $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
                                echo $text;
                            }
                    }
                }
            }
        }
    }
}
function bps_wpadmin_htaccess_status_dashboard()
{
    if (current_user_can('manage_options')) {
        global $bps_version, $bps_last_version, $aitpro_bullet;
        if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
            $BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
            if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
                return;
            }
            $filename = ABSPATH . 'wp-admin/.htaccess';
            $permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
            $check_string = @file_get_contents($filename);
            $section = @file_get_contents($filename, NULL, NULL, 3, 46);
            $bps_wpadmin_upgrade = '';
            $pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
            $pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
            $pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
            $pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
            $pattern_amod = '/#\\sWPADMIN\\sDENY\\sBROWSER\\sACCESS\\sTO\\sFILES(.*\\s*){13,16}#\\sEND\\sBPS\\sWPADMIN\\sDENY\\sACCESS\\sTO\\sFILES/';
            $BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
            $BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
            if (!file_exists($filename)) {
                // Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
                if (!get_option('bulletproof_security_options_wizard_free')) {
                    // display nothing. Notice is already displayed in the root htaccess function.
                } else {
                    $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security') . '</font><br>' . __('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security') . '<br>' . __('After you are done troubleshooting ', 'bulletproof-security') . '</font><a href="' . admin_url('admin.php?page=bulletproof-security/admin/wizard/wizard.php') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you deleted the wp-admin htaccess file due to bad/invalid Custom Code causing a problem then ', 'bulletproof-security') . '<a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, delete the bad/invalid wp-admin Custom Code and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
                    echo $text;
                }
            } else {
                if (file_exists($filename)) {
                    switch ($bps_version) {
                        case $bps_last_version:
                            // for Testing
                            if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
                                // echo or print for testing
                            }
                            break;
                        case !strpos($check_string, "BULLETPROOF"):
                            // Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
                            if (!get_option('bulletproof_security_options_wizard_free')) {
                                // display nothing. Notice is already displayed in the root htaccess function.
                            } else {
                                $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('he BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br><a href="' . admin_url('admin.php?page=bulletproof-security/admin/wizard/wizard.php') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security') . '<br><a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
                                echo $text;
                            }
                            break;
                        case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
                            // mod_authz_core forward/backward compatibility: create new htaccess files if needed
                            bpsPro_apache_mod_directive_check();
                            $CC_Options_wpadmin = get_option('bulletproof_security_options_customcode_WPA');
                            $Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
                            if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
                                // Windows IIS, XAMPP, etc
                                @chmod($filename, 0644);
                            }
                            $stringReplace = @file_get_contents($filename);
                            $stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
                            if (preg_match($pattern_amod, $stringReplace, $matches) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes') {
                                $stringReplace = preg_replace($pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
                            } elseif (preg_match($pattern_amod, $stringReplace, $matches) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No') {
                                $stringReplace = preg_replace($pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
                            }
                            if (preg_match($pattern10a, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern10b, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern10c, $stringReplace, $matches)) {
                                $stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
                            }
                            if (preg_match($pattern1, $stringReplace, $matches)) {
                                $stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
                            }
                            file_put_contents($filename, $stringReplace);
                            if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
                                //print("Testing wp-admin auto-update");
                                $bps_wpadmin_upgrade = 'upgrade';
                            }
                            // end upgrade processing
                            break;
                        case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
                            $bps_status_display = get_option('bulletproof_security_options_status_display');
                            if ($bps_status_display['bps_status_display'] != 'Off') {
                                if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
                                    $WBM = $aitpro_bullet . '<a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#WBM-Link') . '" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
                                    $WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
                                    echo '<div id="bps-status-display" style="float:left;font-weight:bold;margin:0px;">' . $WBM_str . '</div>';
                                }
                            }
                            break;
                        default:
                            if ($bps_wpadmin_upgrade != 'upgrade') {
                                $text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-2') . '">' . esc_attr__('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
                                echo $text;
                            }
                    }
                }
            }
        }
    }
}