function render_tab2() { global $aio_wp_security; global $aiowps_feature_mgr; if (isset($_POST['aiowps_disable_file_edit'])) { $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-disable-file-edit-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable PHP file edit options save!", 4); die("Nonce check failed on disable PHP file edit options save!"); } if (isset($_POST['aiowps_disable_file_editing'])) { $res = AIOWPSecurity_Utility::disable_file_edits(); //$this->disable_file_edits(); } else { $res = AIOWPSecurity_Utility::enable_file_edits(); //$this->enable_file_edits(); } if ($res) { //Save settings if no errors $aio_wp_security->configs->set_value('aiowps_disable_file_editing', isset($_POST["aiowps_disable_file_editing"]) ? '1' : ''); $aio_wp_security->configs->save_config(); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_updated(__('Your PHP file editing settings were saved successfully.', 'aiowpsecurity')); } else { $this->show_msg_error(__('Operation failed! Unable to modify or make a backup of wp-config.php file!', 'aiowpsecurity')); } //$this->show_msg_settings_updated(); } ?> <h2><?php _e('File Editing', 'aiowpsecurity'); ?> </h2> <div class="aio_blue_box"> <?php echo '<p>' . __('The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.', 'aiowpsecurity') . ' <br />' . __('This is often the first tool an attacker will use if able to login, since it allows code execution.', 'aiowpsecurity') . ' <br />' . __('This feature will disable the ability for people to edit PHP files via the dashboard.', 'aiowpsecurity') . ' </p>'; ?> </div> <div class="postbox"> <h3><label for="title"><?php _e('Disable PHP File Editing', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <?php //Display security info badge global $aiowps_feature_mgr; $aiowps_feature_mgr->output_feature_details_badge("filesystem-file-editing"); ?> <form action="" method="POST"> <?php wp_nonce_field('aiowpsec-disable-file-edit-nonce'); ?> <table class="form-table"> <tr valign="top"> <th scope="row"><?php _e('Disable Ability To Edit PHP Files', 'aiowpsecurity'); ?> :</th> <td> <input name="aiowps_disable_file_editing" type="checkbox"<?php if ($aio_wp_security->configs->get_value('aiowps_disable_file_editing') == '1') { echo ' checked="checked"'; } ?> value="1"/> <span class="description"><?php _e('Check this if you want to remove the ability for people to edit PHP files via the WP dashboard', 'aiowpsecurity'); ?> </span> </td> </tr> </table> <input type="submit" name="aiowps_disable_file_edit" value="<?php _e('Save Settings', 'aiowpsecurity'); ?> " class="button-primary" /> </form> </div></div> <?php }
function render_tab1() { global $aio_wp_security; if (isset($_POST['aiowpsec_disable_all_features'])) { $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-features')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all security features!", 4); die("Nonce check failed on disable all security features!"); } AIOWPSecurity_Configure_Settings::turn_off_all_security_features(); //Now let's clear the applicable rules from the .htaccess file $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //Now let's revert the disable editing setting in the wp-config.php file if necessary $res2 = AIOWPSecurity_Utility::enable_file_edits(); if ($res) { $this->show_msg_updated(__('All the security features have been disabled successfully!', 'aiowpsecurity')); } else { if ($res == -1) { $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'aiowpsecurity')); } } if (!$res2) { $this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'aiowpsecurity')); } } if (isset($_POST['aiowpsec_disable_all_firewall_rules'])) { $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!", 4); die("Nonce check failed on disable all firewall rules!"); } AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules(); //Now let's clear the applicable rules from the .htaccess file $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); if ($res) { $this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'aiowpsecurity')); } else { if ($res == -1) { $this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'aiowpsecurity')); } } } ?> <div class="aio_grey_box"> <p>For information, updates and documentation, please visit the <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin" target="_blank">AIO WP Security & Firewall Plugin</a> Page.</p> <p><a href="https://www.tipsandtricks-hq.com/development-center" target="_blank">Follow us</a> on Twitter, Google+ or via Email to stay upto date about the new security features of this plugin.</p> </div> <div class="postbox"> <h3><label for="title"><?php _e('WP Security Plugin', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <p><?php _e('Thank you for using our WordPress security plugin. There are a lot of security features in this plugin.', 'aiowpsecurity'); ?> </p> <p><?php _e('Go through each menu items and enable the security options to add more security to your site. Start by activating the basic features first.', 'aiowpsecurity'); ?> </p> <p><?php _e('It is a good practice to take a backup of your .htaccess file, database and wp-config.php file before activating the security features. This plugin has options that you can use to backup those resources easily.', 'aiowpsecurity'); ?> </p> <p> <ul class="aiowps_admin_ul_grp1"> <li><a href="admin.php?page=aiowpsec_database&tab=tab2" target="_blank"><?php _e('Backup your database', 'aiowpsecurity'); ?> </a></li> <li><a href="admin.php?page=aiowpsec_settings&tab=tab2" target="_blank"><?php _e('Backup .htaccess file', 'aiowpsecurity'); ?> </a></li> <li><a href="admin.php?page=aiowpsec_settings&tab=tab3" target="_blank"><?php _e('Backup wp-config.php file', 'aiowpsecurity'); ?> </a></li> </ul> </p> </div></div> <div class="postbox"> <h3><label for="title"><?php _e('Disable Security Features', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?> "> <?php wp_nonce_field('aiowpsec-disable-all-features'); ?> <div class="aio_blue_box"> <?php echo '<p>' . __('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'aiowpsecurity') . '</p>'; ?> </div> <div class="submit"> <input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php _e('Disable All Security Features'); ?> " /> </div> </form> </div></div> <div class="postbox"> <h3><label for="title"><?php _e('Disable All Firewall Rules', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?> "> <?php wp_nonce_field('aiowpsec-disable-all-firewall-rules'); ?> <div class="aio_blue_box"> <?php echo '<p>' . __('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htacess file. Use it if you think one of the firewall rules is causing an issue on your site.', 'aiowpsecurity') . '</p>'; ?> </div> <div class="submit"> <input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php _e('Disable All Firewall Rules'); ?> " /> </div> </form> </div></div> <?php }
