function __construct()
{
global $aio_wp_security;
if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
add_action('widgets_init', array(&$this, 'remove_standard_wp_meta_widget'));
add_filter('retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 4);
//Fix for non decoded html entities in password reset link
}
add_action('admin_notices', array(&$this, 'reapply_htaccess_rules_notice'));
if (isset($_REQUEST['aiowps_reapply_htaccess'])) {
if (strip_tags($_REQUEST['aiowps_reapply_htaccess']) == 1) {
include_once 'wp-security-installer.php';
if (AIOWPSecurity_Installer::reactivation_tasks()) {
echo '<div class="updated"><p>The AIOWPS .htaccess rules were successfully re-inserted.</p></div>';
} else {
echo '<div class="error"><p>AIOWPS encountered an error when trying to write to your .htaccess file. Please check the logs.</p></div>';
}
} elseif (strip_tags($_REQUEST['aiowps_reapply_htaccess']) == 2) {
//Don't re-write the rules and just delete the temp config item
delete_option('aiowps_temp_configs');
}
}
if ($aio_wp_security->configs->get_value('aiowps_prevent_site_display_inside_frame') == '1') {
send_frame_options_header();
//send X-Frame-Options: SAMEORIGIN in HTTP header
}
if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') {
add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info'));
}
//For the cookie based brute force prevention feature
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == 1) {
$bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word');
if (isset($_GET[$bfcf_secret_word])) {
//If URL contains secret word in query param then set cookie and then redirect to the login page
AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1");
AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin");
}
}
//For user unlock request feature
if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) {
nocache_headers();
remove_action('wp_head', 'head_addons', 7);
include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php';
exit;
}
if (isset($_GET['aiowps_auth_key'])) {
//If URL contains unlock key in query param then process the request
$unlock_key = strip_tags($_GET['aiowps_auth_key']);
AIOWPSecurity_User_Login::process_unlock_request($unlock_key);
}
//For honeypot feature
if (isset($_POST['aio_special_field'])) {
$special_field_value = strip_tags($_POST['aio_special_field']);
if (!empty($special_field_value)) {
//This means a robot has submitted the login form!
//Redirect back to its localhost
AIOWPSecurity_Utility::redirect_to_url('http://127.0.0.1');
}
}
//For 404 IP lockout feature
if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') {
if (!is_user_logged_in() || !current_user_can('administrator')) {
$this->do_404_lockout_tasks();
}
}
//For login captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('login_form', array(&$this, 'insert_captcha_question_form'));
}
}
//For custom login form captcha feature, ie, when wp_login_form() function is used to generate login form
if ($aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha') == '1') {
if (!is_user_logged_in()) {
add_filter('login_form_middle', array(&$this, 'insert_captcha_custom_login'), 10, 2);
//For cases where the WP wp_login_form() function is used
}
}
//For honeypot feature
if ($aio_wp_security->configs->get_value('aiowps_enable_login_honeypot') == '1') {
if (!is_user_logged_in()) {
add_action('login_form', array(&$this, 'insert_honeypot_hidden_field'));
}
}
//For lost password captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form'));
add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post'));
}
}
//For registration page captcha feature
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
switch_to_blog($blog_id);
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('signup_extra_fields', array(&$this, 'insert_captcha_question_form_multi'));
//add_action('preprocess_signup_form', array(&$this, 'process_signup_form_multi'));
add_filter('wpmu_validate_user_signup', array(&$this, 'process_signup_form_multi'));
}
}
restore_current_blog();
} else {
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') {
if (!is_user_logged_in()) {
add_action('register_form', array(&$this, 'insert_captcha_question_form'));
}
}
}
//For comment captcha feature
if (AIOWPSecurity_Utility::is_multisite_install()) {
$blog_id = get_current_blog_id();
switch_to_blog($blog_id);
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
restore_current_blog();
} else {
if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') {
add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1);
add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1);
add_filter('preprocess_comment', array(&$this, 'process_comment_post'));
}
}
//For buddypress registration captcha feature
if ($aio_wp_security->configs->get_value('aiowps_enable_bp_register_captcha') == '1') {
add_action('bp_account_details_fields', array(&$this, 'insert_captcha_question_form'));
add_action('bp_signup_validate', array(&$this, 'buddy_press_signup_validate_captcha'));
}
//For feature which displays logged in users
$this->update_logged_in_user_transient();
//For block fake googlebots feature
if ($aio_wp_security->configs->get_value('aiowps_block_fake_googlebots') == '1') {
include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php';
AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots();
}
//For 404 event logging
if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') {
add_action('wp_head', array(&$this, 'check_404_event'));
}
//Add more tasks that need to be executed at init time
}
/**
* When loading sensitive checkout or account pages, send a HTTP header to limit rendering of pages to same origin iframes for security reasons.
*
* Can be disabled with: remove_action( 'template_redirect', 'wc_send_frame_options_header' );
*
* @since 2.3.10
*/
function wc_send_frame_options_header()
{
if (is_checkout() || is_account_page()) {
send_frame_options_header();
}
}
/**
* Sends the X-Frame-Options header to limit rendering of pages to frames on
* the same domain/origin. Provides XSS protection.
*
* @return void
*/
public function enableFrameOptions()
{
if (!headers_sent()) {
send_frame_options_header();
}
}