public function generate_new_salts()
{
if (!ITSEC_Modules::get_setting('global', 'write_files')) {
return new WP_Error('itsec-wordpress-salts-utilities-write-files-disabled', __('The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security'));
}
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php';
$config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path();
$config = ITSEC_Lib_File::read($config_file_path);
if (is_wp_error($config)) {
return new WP_Error('itsec-wordpress-salts-utilities-cannot-read-wp-config.php', sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()));
}
$defines = array('AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT');
foreach ($defines as $define) {
if (empty($salts)) {
$salts = self::get_new_salts();
}
$salt = array_pop($salts);
if (empty($salt)) {
$salt = wp_generate_password(64, true, true);
}
$salt = str_replace('$', '\\$', $salt);
$regex = "/(define\\s*\\(\\s*(['\"]){$define}\\2\\s*,\\s*)(['\"]).+?\\3(\\s*\\)\\s*;)/";
$config = preg_replace($regex, "\${1}'{$salt}'\${4}", $config);
}
$write_result = ITSEC_Lib_File::write($config_file_path, $config);
if (is_wp_error($write_result)) {
return new WP_Error('itsec-wordpress-salts-utilities-cannot-save-wp-config.php', sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()));
}
return true;
}
public function set_all($settings)
{
$retval = array('old_settings' => $this->settings, 'new_settings' => $this->settings, 'errors' => array(), 'messages' => array(), 'saved' => false);
$validator = ITSEC_Modules::get_validator($this->get_id());
if (is_null($validator)) {
$retval['errors'][] = new WP_Error('itsec-settings-missing-validator-for-' . $this->get_id(), sprintf(__('The data validator for %1$s is missing. Data for the module cannot be saved without the validator. This error could indicate a bad install of iThemes Security. Please remove the plugin and reinstall it. If this message persists, please contact support and send them this error message.', 'better-wp-security'), $this->get_id()));
} else {
$validator->validate($settings);
$retval['errors'] = $validator->get_errors();
$retval['messages'] = $validator->get_messages();
if ($validator->can_save()) {
$this->settings = $validator->get_settings();
ITSEC_Storage::set($this->get_id(), $this->settings);
$this->after_save();
$this->handle_settings_changes($retval['old_settings']);
$retval['new_settings'] = $this->settings;
$retval['saved'] = true;
} else {
ITSEC_Response::set_success(false);
}
}
ITSEC_Response::add_errors($retval['errors']);
ITSEC_Response::add_messages($retval['messages']);
return $retval;
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_backup');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['backup_enabled']) && $itsec_bwps_options['backup_enabled'] == 1 ? true : false;
$current_options['interval'] = isset($itsec_bwps_options['backup_interval']) ? intval($itsec_bwps_options['backup_interval']) : 1;
update_site_option('itsec_backup', $current_options);
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_backup');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// Make sure the new module is properly activated or deactivated
if ($current_options['enabled']) {
ITSEC_Modules::activate('backup');
} else {
ITSEC_Modules::deactivate('backup');
}
if (isset($current_options['location']) && !is_dir($current_options['location'])) {
unset($current_options['location']);
}
$options = ITSEC_Modules::get_defaults('backup');
foreach ($options as $name => $value) {
if (isset($current_options[$name])) {
$options[$name] = $current_options[$name];
}
}
ITSEC_Modules::set_settings('backup', $options);
}
}
}
public function init()
{
if (ITSEC_Core::is_iwp_call()) {
return;
}
if (current_user_can('manage_options')) {
return;
}
$settings = ITSEC_Modules::get_settings('multisite-tweaks');
if ($settings['theme_updates']) {
remove_action('load-update-core.php', 'wp_update_themes');
add_filter('pre_site_transient_update_themes', '__return_null');
wp_clear_scheduled_hook('wp_update_themes');
}
if ($settings['plugin_updates']) {
remove_action('load-update-core.php', 'wp_update_plugins');
add_filter('pre_site_transient_update_plugins', '__return_null');
wp_clear_scheduled_hook('wp_update_plugins');
}
if ($settings['core_updates']) {
remove_action('admin_notices', 'update_nag', 3);
add_filter('pre_site_transient_update_core', '__return_null');
wp_clear_scheduled_hook('wp_version_check');
}
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_strong_passwords');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['st_enablepassword']) && $itsec_bwps_options['st_enablepassword'] == 1 ? true : false;
$current_options['roll'] = isset($itsec_bwps_options['st_passrole']) ? $itsec_bwps_options['st_passrole'] : 'administrator';
update_site_option('itsec_strong_passwords', $current_options);
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_strong_passwords');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// Make sure the new module is properly activated or deactivated
if ($current_options['enabled']) {
ITSEC_Modules::activate('strong-passwords');
} else {
ITSEC_Modules::deactivate('strong-passwords');
}
$settings = array('role' => $current_options['roll']);
ITSEC_Modules::set_settings('strong-passwords', $settings);
}
}
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_brute_force');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['ll_enabled']) && $itsec_bwps_options['ll_enabled'] == 1 ? true : false;
$current_options['max_attempts_host'] = isset($itsec_bwps_options['ll_maxattemptshost']) ? intval($itsec_bwps_options['ll_maxattemptshost']) : 5;
$current_options['max_attempts_user'] = isset($itsec_bwps_options['ll_maxattemptsuser']) ? intval($itsec_bwps_options['ll_maxattemptsuser']) : 10;
$current_options['check_period'] = isset($itsec_bwps_options['ll_checkinterval']) ? intval($itsec_bwps_options['ll_checkinterval']) : 5;
update_site_option('itsec_brute_force', $current_options);
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_brute_force');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// Make sure the new module is properly activated or deactivated
if ($current_options['enabled']) {
ITSEC_Modules::activate('brute-force');
} else {
ITSEC_Modules::deactivate('brute-force');
}
// remove 'enabled' which isn't use in the new module
unset($current_options['enabled']);
ITSEC_Modules::set_settings('brute-force', $current_options);
}
}
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_ssl');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['frontend'] = isset($itsec_bwps_options['ssl_frontend']) ? intval($itsec_bwps_options['ssl_frontend']) : 0;
update_site_option('itsec_ssl', $current_options);
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_ssl');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('ssl');
} else {
ITSEC_Modules::deactivate('ssl');
}
// remove 'enabled' which isn't used in the new module
unset($current_options['enabled']);
ITSEC_Modules::set_settings('ssl', $current_options);
}
}
}
private function send_new_login_url($url)
{
if (ITSEC_Core::doing_data_upgrade()) {
// Do not send emails when upgrading data. This prevents spamming users with notifications just because the
// data was ported from an old version to a new version.
return;
}
$message = '<p>' . __('Dear Site Admin,', 'better-wp-security') . "</p>\n";
/* translators: 1: Site name, 2: Site address, 3: New login address */
$message .= '<p>' . sprintf(__('The login address for %1$s (<code>%2$s</code>) has changed. The new login address is <code>%3$s</code>. You will be unable to use the old login address.', 'better-wp-security'), get_bloginfo('name'), esc_url(get_site_url()), esc_url($url)) . "</p>\n";
if (defined('ITSEC_DEBUG') && ITSEC_DEBUG === true) {
$message .= '<p>Debug info (source page): ' . esc_url($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]) . "</p>\n";
}
$message = "<html>\n{$message}</html>\n";
//Setup the remainder of the email
$recipients = ITSEC_Modules::get_setting('global', 'notification_email');
$subject = sprintf(__('[%1$s] WordPress Login Address Changed', 'better-wp-security'), get_site_url());
$subject = apply_filters('itsec_lockout_email_subject', $subject);
$headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
//Use HTML Content type
add_filter('wp_mail_content_type', array($this, 'get_html_content_type'));
//Send emails to all recipients
foreach ($recipients as $recipient) {
$recipient = trim($recipient);
if (is_email($recipient)) {
wp_mail($recipient, $subject, $message, $headers);
}
}
//Remove HTML Content type
remove_filter('wp_mail_content_type', array($this, 'get_html_content_type'));
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_four_oh_four');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['id_enabled']) && $itsec_bwps_options['id_enabled'] == 1 ? true : false;
$current_options['check_period'] = isset($itsec_bwps_options['id_checkinterval']) ? intval($itsec_bwps_options['id_checkinterval']) : 5;
$current_options['error_threshold'] = isset($itsec_bwps_options['id_threshold']) ? intval($itsec_bwps_options['id_threshold']) : 20;
if (isset($itsec_bwps_options['id_whitelist']) && !is_array($itsec_bwps_options['id_whitelist']) && strlen($itsec_bwps_options['id_whitelist']) > 1) {
$current_options['white_list'] .= explode(PHP_EOL, $itsec_bwps_options['id_whitelist']);
}
update_site_option('itsec_four_oh_four', $current_options);
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_four_oh_four');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// Make sure the new module is properly activated or deactivated
if ($current_options['enabled']) {
ITSEC_Modules::activate('404-detection');
} else {
ITSEC_Modules::deactivate('404-detection');
}
// remove 'enabled' which isn't use in the new module
unset($current_options['enabled']);
ITSEC_Modules::set_settings('404-detection', $current_options);
}
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
$diff = array_diff_assoc($this->settings, $previous_settings);
if (!empty($diff)) {
ITSEC_Response::regenerate_server_config();
}
if ($this->settings['write_permissions']) {
// Always set permissions to 0444 when saving the settings.
// This ensures that the file permissions are fixed each time the settings are saved.
$new_permissions = 0444;
} else {
if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) {
// Only revert the settings to the defaults when disabling the setting.
// This avoids changing the file permissions when the setting has yet to be enabled and disabled.
$new_permissions = 0664;
}
}
if (isset($new_permissions)) {
// Only change the permissions when needed.
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php';
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php';
$server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path();
$wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
ITSEC_Lib_File::chmod($server_config_file, $new_permissions);
ITSEC_Lib_File::chmod($wp_config_file, $new_permissions);
ITSEC_Response::reload_module('file-permissions');
}
}
function run()
{
if (1 === ITSEC_Modules::get_setting('ssl', 'frontend')) {
add_action('post_submitbox_misc_actions', array($this, 'ssl_enable_per_content'));
add_action('save_post', array($this, 'save_post'));
}
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_ipcheck');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$settings = ITSEC_Modules::get_defaults('network-brute-force');
if (isset($current_options['api_ban'])) {
$settings['enable_ban'] = $current_options['api_ban'];
}
// Make sure the new module is properly activated or deactivated
if ($settings['enable_ban']) {
ITSEC_Modules::activate('network-brute-force');
} else {
ITSEC_Modules::deactivate('network-brute-force');
}
if (!empty($current_options['api_key'])) {
$settings['api_key'] = $current_options['api_key'];
// Don't ask users to sign up if they already have
$settings['api_nag'] = false;
}
if (!empty($current_options['api_s'])) {
$settings['api_secret'] = $current_options['api_s'];
}
if (!empty($current_options['optin'])) {
$settings['updates_optin'] = $current_options['optin'];
}
ITSEC_Modules::set_settings('network-brute-force', $settings);
}
}
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_global');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// log_type used to be 0 for database, 1 for file, 2 for both
switch ($current_options['log_type']) {
case 2:
$current_options['log_type'] = 'both';
break;
case 1:
$current_options['log_type'] = 'file';
break;
default:
$current_options['log_type'] = 'database';
}
if (isset($current_options['log_location']) && !is_dir($current_options['log_location'])) {
unset($current_options['log_location']);
}
if (isset($current_options['nginx_file']) && !is_dir(dirname($current_options['nginx_file']))) {
unset($current_options['nginx_file']);
}
$settings = ITSEC_Modules::get_defaults('global');
foreach ($settings as $index => $setting) {
if (isset($current_options[$index])) {
$settings[$index] = $current_options[$index];
}
}
ITSEC_Modules::set_settings('global', $settings);
}
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
if (!$this->settings['regenerate']) {
unset($this->settings['regenerate']);
if (defined('DOING_AJAX') && DOING_AJAX && !empty($_POST['module']) && $this->get_id() === $_POST['module']) {
// Request to modify just this module.
$this->set_can_save(false);
if (ITSEC_Modules::get_setting('global', 'write_files')) {
$this->add_error(new WP_Error('itsec-wordpress-salts-skipping-regeneration-empty-checkbox', __('You must check the Change WordPress Salts checkbox in order to change the WordPress salts.', 'better-wp-security')));
} else {
$this->add_error(new WP_Error('itsec-wordpress-salts-skipping-regeneration-write-files-disabled', __('The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security')));
}
}
return;
}
unset($this->settings['regenerate']);
require_once dirname(__FILE__) . '/utilities.php';
$result = ITSEC_WordPress_Salts_Utilities::generate_new_salts();
if (is_wp_error($result)) {
$this->add_error($result);
$this->set_can_save(false);
} else {
$this->add_message(__('The WordPress salts were successfully regenerated.', 'better-wp-security'));
$this->settings['last_generated'] = ITSEC_Core::get_current_time_gmt();
ITSEC_Response::force_logout();
}
}
function run()
{
$this->settings = ITSEC_Modules::get_settings('hide-backend');
if (!$this->settings['enabled']) {
return;
}
add_filter('itsec_filter_apache_server_config_modification', array($this, 'filter_apache_server_config_modification'));
add_filter('itsec_filter_litespeed_server_config_modification', array($this, 'filter_apache_server_config_modification'));
add_filter('itsec_filter_nginx_server_config_modification', array($this, 'filter_nginx_server_config_modification'));
$jetpack_active_modules = get_option('jetpack_active_modules');
if (is_multisite() && function_exists('is_plugin_active_for_network')) {
//see if Jetpack is active
$is_jetpack_active = in_array('jetpack/jetpack.php', (array) get_option('active_plugins', array())) || is_plugin_active_for_network('jetpack/jetpack.php');
} else {
$is_jetpack_active = in_array('jetpack/jetpack.php', (array) get_option('active_plugins', array()));
}
if (!($is_jetpack_active === true && is_array($jetpack_active_modules) && in_array('json-api', $jetpack_active_modules) && isset($_GET['action']) && $_GET['action'] == 'jetpack_json_api_authorization')) {
$this->auth_cookie_expired = false;
add_action('auth_cookie_expired', array($this, 'auth_cookie_expired'));
add_action('init', array($this, 'execute_hide_backend'), 1000);
add_action('login_init', array($this, 'execute_hide_backend_login'));
add_action('plugins_loaded', array($this, 'plugins_loaded'), 11);
add_filter('body_class', array($this, 'remove_admin_bar'));
add_filter('loginout', array($this, 'filter_loginout'));
add_filter('wp_redirect', array($this, 'filter_login_url'), 10, 2);
add_filter('lostpassword_url', array($this, 'filter_login_url'), 10, 2);
add_filter('site_url', array($this, 'filter_login_url'), 10, 2);
add_filter('retrieve_password_message', array($this, 'retrieve_password_message'));
add_filter('comment_moderation_text', array($this, 'comment_moderation_text'));
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
}
}
/**
* Function to instantiate our class and make it a singleton
*/
public static function get_instance()
{
if (!self::$instance) {
self::$instance = new self();
}
return self::$instance;
}
public function dismiss_file_change_warning()
{
ini_set('display_errors', 1);
if (!wp_verify_nonce($_REQUEST['nonce'], 'itsec-file-change-dismiss-warning')) {
die('Security check');
}
ITSEC_Modules::set_setting('file-change', 'show_warning', false);
}
public function enqueue_scripts_and_styles()
{
wp_enqueue_script('jquery-multi-select', plugins_url('js/jquery.multi-select.js', __FILE__), array('jquery'), $this->script_version, true);
$vars = array('default_backup_location' => ITSEC_Modules::get_default($this->id, 'location'), 'available_tables_label' => __('Tables for Backup', 'better-wp-security'), 'excluded_tables_label' => __('Excluded Tables', 'better-wp-security'), 'creating_backup_text' => __('Creating Backup...', 'better-wp-security'));
wp_enqueue_script('itsec-backup-settings-page-script', plugins_url('js/settings-page.js', __FILE__), array('jquery', 'jquery-multi-select'), $this->script_version, true);
wp_localize_script('itsec-backup-settings-page-script', 'itsec_backup', $vars);
wp_enqueue_style('itsec-backup-settings-page-style', plugins_url('css/settings-page.css', __FILE__), array(), $this->script_version);
}
function itsec_network_brute_force_dismiss_notice()
{
if (wp_verify_nonce($_REQUEST['notice_nonce'], 'dismiss-brute-force-network-notice')) {
ITSEC_Modules::set_setting('network-brute-force', 'api_nag', false);
wp_send_json_success();
}
wp_send_json_error();
}
function run()
{
$this->settings = ITSEC_Modules::get_settings('404-detection');
add_filter('itsec_lockout_modules', array($this, 'register_lockout'));
add_filter('itsec_logger_modules', array($this, 'register_logger'));
add_filter('itsec_logger_displays', array($this, 'register_logger_displays'));
add_action('wp_head', array($this, 'check_404'));
}
function itsec_ban_users_handle_new_blacklisted_ip($ip)
{
$host_list = ITSEC_Modules::get_setting('ban-users', 'host_list', array());
if (!is_array($host_list)) {
$host_list = array();
}
$host_list[] = $ip;
ITSEC_Modules::set_setting('ban-users', 'host_list', $host_list);
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4041) {
$last_generated = get_site_option('itsec_salts');
if (is_int($last_generated) && $last_generated >= 0) {
ITSEC_Modules::set_setting('wordpress-salts', 'last_generated', $last_generated);
}
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if ($this->settings['admin'] !== $previous_settings['admin']) {
ITSEC_Response::regenerate_wp_config();
if ($this->settings['admin']) {
ITSEC_Response::force_logout();
}
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
foreach ($this->settings as $key => $val) {
if (!isset($previous_settings[$key]) || $previous_settings[$key] != $val) {
ITSEC_Response::regenerate_server_config();
break;
}
}
}
public function validate($settings)
{
$this->settings = $settings;
$this->previous_settings = ITSEC_Modules::get_settings($this->get_id());
$this->sanitize_settings();
if ($this->run_validate_matching_fields) {
$this->validate_matching_fields();
}
if ($this->run_validate_matching_types) {
$this->validate_matching_types();
}
$this->validate_settings();
}
public function enqueue_scripts_and_styles()
{
$settings = ITSEC_Modules::get_settings($this->id);
$logs_page_url = ITSEC_Core::get_logs_page_url('file_change');
$vars = array('button_text' => isset($settings['split']) && true === $settings['split'] ? __('Scan Next File Chunk', 'better-wp-security') : __('Scan Files Now', 'better-wp-security'), 'scanning_button_text' => __('Scanning...', 'better-wp-security'), 'no_changes' => __('No changes were detected.', 'better-wp-security'), 'found_changes' => sprintf(__('Changes were detected. Please check the <a href="%s" target="_blank">logs page</a> for details.', 'better-wp-security'), esc_url($logs_page_url)), 'unknown_error' => __('An unknown error occured. Please try again later', 'better-wp-security'), 'already_running' => sprintf(__('A scan is already in progress. Please check the <a href="%s" target="_blank">logs page</a> at a later time for the results of the scan.', 'better-wp-security'), esc_url($logs_page_url)), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check'));
wp_enqueue_script('itsec-file-change-settings-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-file-change-settings-script', 'itsec_file_change_settings', $vars);
$vars = array('nonce' => wp_create_nonce('itsec_jquery_filetree'));
wp_enqueue_script('itsec-file-change-admin-filetree-script', plugins_url('js/filetree/jqueryFileTree.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-file-change-admin-filetree-script', 'itsec_jquery_filetree', $vars);
wp_enqueue_style('itsec-file-change-admin-filetree-style', plugins_url('js/filetree/jqueryFileTree.css', __FILE__), array(), $this->script_version);
wp_enqueue_style('itsec-file-change-admin-style', plugins_url('css/settings.css', __FILE__), array(), $this->script_version);
}
protected function sanitize_settings()
{
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
$this->settings = array_merge($previous_settings, $this->settings);
if (isset($this->settings['email'])) {
$this->sanitize_setting('email', 'email', __('Email Address', 'better-wp-security'));
$this->vars_to_skip_validate_matching_fields[] = 'email';
}
$this->sanitize_setting('bool', 'updates_optin', __('Receive Email Updates', 'better-wp-security'));
$this->sanitize_setting('string', 'api_key', __('API Key', 'better-wp-security'));
$this->sanitize_setting('string', 'api_secret', __('API Secret', 'better-wp-security'));
$this->sanitize_setting('bool', 'enable_ban', __('Ban Reported IPs', 'better-wp-security'));
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if ($this->settings['file_editor'] !== $previous_settings['file_editor']) {
ITSEC_Response::regenerate_wp_config();
}
if ($this->settings['disable_xmlrpc'] !== $previous_settings['disable_xmlrpc'] || $this->settings['comment_spam'] !== $previous_settings['comment_spam']) {
ITSEC_Response::regenerate_server_config();
}
}
public function add_hooks()
{
if ($this->hooks_added) {
return;
}
add_filter('itsec_filter_apache_server_config_modification', array($this, 'filter_apache_server_config_modification'));
add_filter('itsec_filter_nginx_server_config_modification', array($this, 'filter_nginx_server_config_modification'));
add_filter('itsec_filter_litespeed_server_config_modification', array($this, 'filter_litespeed_server_config_modification'));
if (ITSEC_Modules::get_setting('system-tweaks', 'long_url_strings')) {
add_action('itsec_initialized', array($this, 'block_long_urls'));
}
$this->hooks_added = true;
}
function run()
{
$this->settings = ITSEC_Modules::get_settings('brute-force');
$this->username = null;
add_action('wp_login', array($this, 'wp_login'), 10, 2);
add_action('wp_login_failed', array($this, 'wp_login_failed'), 1, 1);
add_filter('itsec_logger_displays', array($this, 'itsec_logger_displays'));
//adds logs metaboxes
add_filter('authenticate', array($this, 'authenticate'), 10, 3);
add_filter('itsec_lockout_modules', array($this, 'itsec_lockout_modules'));
add_filter('itsec_logger_modules', array($this, 'itsec_logger_modules'));
add_filter('xmlrpc_login_error', array($this, 'xmlrpc_login_error'), 10, 2);
add_filter('jetpack_get_default_modules', array($this, 'jetpack_get_default_modules'));
//disable jetpack protect via Geoge Stephanis
}
