/**
* Define host column
*
* @param array $item array of row data
*
* @return string formatted output
*
**/
function column_host($item)
{
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
$r = array();
if (!is_array($item['host'])) {
$item['host'] = array($item['host']);
}
foreach ($item['host'] as $host) {
if (ITSEC_Lib_IP_Tools::validate($host)) {
$r[] = '<a href="http://www.traceip.net/?query=' . urlencode($host) . '" target="_blank">' . esc_html($host) . '</a>';
}
}
$return = implode('<br />', $r);
return $return;
}
public function run($arguments)
{
global $itsec_globals;
$direction = isset($arguments['direction']) ? $arguments['direction'] : 'add';
if ($direction === 'add') {
if (get_site_option('itsec_temp_whitelist_ip') !== false || !isset($arguments['ip'])) {
return false;
}
$ip = sanitize_text_field($arguments['ip']);
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if (ITSEC_Lib_IP_Tools::validate($ip)) {
$response = array('ip' => $ip, 'exp' => $itsec_globals['current_time'] + 86400);
add_site_option('itsec_temp_whitelist_ip', $response);
return true;
}
} elseif ($direction === 'remove') {
delete_site_option('itsec_temp_whitelist_ip');
return true;
}
return false;
}
/**
* Sanitize and validate input
*
* @param Array $input array of input fields
*
* @return Array Sanitized array
*/
public function sanitize_module_input($input)
{
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
global $itsec_globals;
$has_errors = false;
//Sanitize checkbox features
$input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false;
$input['default'] = isset($input['default']) && intval($input['default'] == 1) ? true : false;
if (isset($input['agent_list']) && is_string($input['agent_list'])) {
$agents = preg_split('/(?<!\\r)\\n|\\r(?!\\n)|(?<!\\r)\\r\\n|\\r\\r\\n/', trim($input['agent_list']));
} else {
if (isset($input['agent_list']) && is_array($input['agent_list'])) {
$agents = $input['agent_list'];
} else {
$agents = array();
}
}
$good_agents = array();
foreach ($agents as $agent) {
$agent = trim(sanitize_text_field($agent));
if (!empty($agent)) {
$good_agents[] = $agent;
}
}
$input['agent_list'] = array_unique($good_agents);
if (isset($input['host_list']) && is_string($input['host_list'])) {
$addresses = preg_split('/(?<!\\r)\\n|\\r(?!\\n)|(?<!\\r)\\r\\n|\\r\\r\\n/', trim($input['host_list']));
} else {
if (isset($input['host_list']) && is_array($input['host_list'])) {
$addresses = $input['host_list'];
} else {
$addresses = array();
}
}
if (!class_exists('ITSEC_Ban_Users')) {
require dirname(__FILE__) . '/class-itsec-ban-users.php';
}
$bad_ips = array();
$white_ips = array();
$raw_ips = array();
foreach ($addresses as $index => $address) {
$address = trim($address);
if (empty($address)) {
continue;
}
//Store the original user supplied IP for use in error messages or to fill back into the list if invalid
$original_address = $address;
// This checks validity and converts wildcard notation to standard CIDR notation
$address = ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($address);
if (!$address) {
// Put the address back to the original so it's not removed from the list
$address = $original_address;
$bad_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
if (ITSEC_Lib::is_ip_whitelisted($address, null, true)) {
$white_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
$raw_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING));
}
$raw_ips = array_unique($raw_ips);
if (!empty($bad_ips)) {
$input['enabled'] = false;
//disable ban users list
$type = 'error';
if (!$has_errors) {
$message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security'));
}
foreach ($bad_ips as $bad_ip) {
$message .= sprintf('%s %s<br />', $bad_ip, __('is not a valid address in the ban users box.', 'better-wp-security'));
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
$has_errors = true;
}
if (sizeof($white_ips) > 0) {
$input['enabled'] = false;
//disable ban users list
$type = 'error';
if (!$has_errors) {
$message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security'));
}
foreach ($white_ips as $white_ip) {
$message .= sprintf('%s %s<br />', $white_ip, __('is not a valid address as it has been white listed.', 'better-wp-security'));
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
$has_errors = true;
}
$input['host_list'] = $raw_ips;
if (!$has_errors) {
if (!isset($type) && ($input['host_list'] !== $this->settings['host_list'] || $input['enabled'] !== $this->settings['enabled'] || $input['default'] !== $this->settings['default'] || $input['agent_list'] !== $this->settings['agent_list']) || isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) {
add_site_option('itsec_rewrites_changed', true);
}
}
if (is_multisite()) {
if (isset($type)) {
$error_handler = new WP_Error();
$error_handler->add($type, $message);
$this->core->show_network_admin_notice($error_handler);
} else {
$this->core->show_network_admin_notice(false);
}
$this->settings = $input;
}
return $input;
}
<?php require_once 'class-itsec-ipcheck.php'; $itsec_ip_check = new ITSEC_IPCheck(ITSEC_Core::get_instance()); $itsec_ip_check->run();
<?php // Set up Tweaks Admin require_once 'class-itsec-tweaks-admin.php'; $itsec_tweaks_admin = new ITSEC_Tweaks_Admin(); $itsec_tweaks_admin->run(ITSEC_Core::get_instance()); // Set up Tweaks Frontend require_once 'class-itsec-tweaks.php'; $itsec_tweaks = new ITSEC_Tweaks(); $itsec_tweaks->run();
/**
* Determines whether a given IP address is whitelisted
*
* @param string $ip_to_check ip to check (can be in CIDR notation)
* @param array $white_ips ip list to compare to if not yet saved to options
* @param boolean $current whether to whitelist the current ip or not (due to saving, etc)
*
* @return boolean true if whitelisted or false
*/
public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false)
{
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if ($white_ips === null) {
$global_settings = get_site_option('itsec_global');
$white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if ($current === true) {
$white_ips[] = ITSEC_Lib::get_ip();
//add current user ip to whitelist to check automatically
}
// Check to see if we have a temporarily white listed IP
$temp = get_site_option('itsec_temp_whitelist_ip');
if (false !== $temp) {
// If the temporary white list is expired, delete the option we store it in
if ($temp['exp'] < current_time('timestamp')) {
delete_site_option('itsec_temp_whitelist_ip');
} else {
// If the temporary white list is still valid, add the IP to our list of white IPs
$white_ips[] = $temp['ip'];
}
}
$white_ips = apply_filters('itsec_white_ips', $white_ips);
foreach ($white_ips as $white_ip) {
if (ITSEC_Lib_IP_Tools::intersect($ip_to_check, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($white_ip))) {
return true;
}
}
return false;
}
<?php // Set up Away Mode Admin require_once 'class-itsec-away-mode-admin.php'; $itsec_away_mode_admin = new ITSEC_Away_Mode_Admin(); $itsec_away_mode_admin->run(ITSEC_Core::get_instance()); // Set up Away Mode Frontend require_once 'class-itsec-away-mode.php'; $itsec_away_mode = new ITSEC_Away_Mode(); $itsec_away_mode->run();
<?php // Set up Brute Force Admin require_once 'class-itsec-brute-force-admin.php'; $itsec_brute_force_admin = new ITSEC_Brute_Force_Admin(); $itsec_brute_force_admin->run(ITSEC_Core::get_instance()); // Set up Brute Force Frontend require_once 'class-itsec-brute-force.php'; $itsec_brute_force = new ITSEC_Brute_Force(); $itsec_brute_force->run();
<?php // Set up Database Prefix Admin require_once 'class-itsec-database-prefix-admin.php'; $itsec_database_prefix_admin = new ITSEC_Database_Prefix_Admin(); $itsec_database_prefix_admin->run(ITSEC_Core::get_instance());
<?php // Set up Away Mode Admin require_once 'class-itsec-ban-users-admin.php'; $itsec_ban_users_admin = new ITSEC_Ban_Users_Admin(); $itsec_ban_users_admin->run(ITSEC_Core::get_instance()); // Set up Away Mode Frontend require_once 'class-itsec-ban-users.php'; $itsec_ban_users = new ITSEC_Ban_Users(); $itsec_ban_users->run();
<?php // Set up Content Directory Admin require_once 'class-itsec-content-directory-admin.php'; $itsec_content_directory_admin = new ITSEC_Content_Directory_Admin(); $itsec_content_directory_admin->run(ITSEC_Core::get_instance());
protected function change_content_directory($dir_name)
{
if ('wp-content' == $dir_name) {
$undo = true;
} else {
$undo = false;
}
if (0 === strpos(WP_CONTENT_DIR, ABSPATH)) {
$old_name = substr(WP_CONTENT_DIR, strlen(ABSPATH));
$new_name = $dir_name;
} else {
$old_name = WP_CONTENT_DIR;
$new_name = ABSPATH . $dir_name;
}
$old_dir = WP_CONTENT_DIR;
$new_dir = ABSPATH . $dir_name;
if (file_exists($new_dir)) {
if ($undo) {
$this->show_error(sprintf(__('A file or directory already exists at <code>%s</code>. The Content Directory change has not been undone. Please remove the existing file or directory and try again.', 'better-wp-security'), $new_dir));
} else {
$this->show_error(sprintf(__('A file or directory already exists at <code>%s</code>. No Directory Name changes have been made. Please choose a new Directory Name or remove the existing file or directory and try again.', 'better-wp-security'), $new_dir));
}
$this->show_network_admin_notice();
return false;
}
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php';
$old_permissions = ITSEC_Lib_Directory::get_permissions($old_dir);
$result = rename($old_dir, $new_dir);
if (!$result) {
$this->show_error(sprintf(__('Unable to rename the <code>%1$s</code> directory to <code>%2$s</code>. This could indicate a file permission issue or that your server does not support the supplied name as a valid directory name. No config file or directory changes have been made.', 'better-wp-security'), $old_name, $new_name));
$this->show_network_admin_notice();
return;
}
// Make sure ITSEC_Core knows it's in a different place
$itsec_core = ITSEC_Core::get_instance();
$itsec_core->plugin_file = str_replace($old_name, $new_name, $itsec_core->get_plugin_file());
$new_permissions = ITSEC_Lib_Directory::get_permissions($new_dir);
if (is_int($old_permissions) && is_int($new_permissions) && $old_permissions != $new_permissions) {
$result = ITSEC_Lib_Directory::chmod($new_dir, $old_permissions);
if (is_wp_error($result)) {
$this->show_error(sprintf(__('Unable to set the permissions of the new Directory Name (<code>%1$s</code>) to match the permissions of the old Directory Name. You may have to manually change the permissions of the directory to <code>%2$s</code> in order for your site to function properly.', 'better-wp-security'), $new_name, $old_permissions));
}
}
if ($undo) {
$expression = $this->get_wp_config_define_expression();
$expression = substr($expression, 0, -1);
$expression .= "[\r\n]*|";
$modification_result = ITSEC_Lib_Config_File::remove_from_wp_config($expression);
} else {
$modification = $this->get_wp_config_modification($new_dir, get_option('siteurl') . "/{$dir_name}");
$modification_result = ITSEC_Lib_Config_File::append_wp_config($modification, true);
}
if (is_wp_error($modification_result)) {
$rename_result = rename($new_dir, $old_dir);
if ($rename_result) {
ITSEC_Lib_Directory::chmod($old_dir, $old_permissions);
$this->show_error(sprintf(__('Unable to update the <code>wp-config.php</code> file. No directory or config file changes have been made. %1$s (%2$s)', 'better-wp-security'), $modification_result->get_error_message(), $modification_result->get_error_code()));
$this->show_error(sprintf(__('In order to change the content directory on your server, you will have to manually change the configuration and rename the directory. Details can be found <a href="%s">here</a>.', 'better-wp-security'), 'https://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content_folder'));
} else {
$this->show_error(sprintf(__('CRITICAL ERROR: The <code>%1$s</code> directory was successfully renamed to the new name (<code>%2$s</code>). However, an error occurred when updating the <code>wp-config.php</code> file to configure WordPress to use the new content directory. iThemes Security attempted to rename the directory back to its original name, but an unknown error prevented the rename from working as expected. In order for your site to function properly, you will either need to manually rename the <code>%2$s</code> directory back to <code>%1$s</code> or manually update the <code>wp-config.php</code> file with the necessary modifications. Instructions for making this modification can be found <a href="%3$s">here</a>.', 'better-wp-security'), $old_name, $new_name, 'https://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content_folder'));
$this->show_error(sprintf(__('Details on the error that prevented the <code>wp-config.php</code> file from updating is as follows: %1$s (%2$s)', 'better-wp-security'), $modification_result->get_error_message(), $modification_result->get_error_code()));
}
return;
}
$backup = get_site_option('itsec_backup');
if ($backup !== false && isset($backup['location'])) {
$backup['location'] = str_replace($old_dir, $new_dir, $backup['location']);
update_site_option('itsec_backup', $backup);
}
$global = get_site_option('itsec_global');
if ($global !== false && (isset($global['log_location']) || isset($global['nginx_file']))) {
if (isset($global['log_location'])) {
$global['log_location'] = str_replace($old_dir, $new_dir, $global['log_location']);
}
if (isset($global['nginx_file'])) {
$global['nginx_file'] = str_replace($old_dir, $new_dir, $global['nginx_file']);
}
update_site_option('itsec_global', $global);
}
$this->show_network_admin_notice();
if ($undo) {
wp_redirect(admin_url("admin.php?page={$_GET['page']}&message=undo-success"));
} else {
wp_redirect(admin_url("admin.php?page={$_GET['page']}&message=change-success" . urlencode("|{$dir_name}")));
}
exit;
}
/**
* Sanitize and validate input
*
* @since 4.0
*
* @param Array $input array of input fields
*
* @return Array Sanitized array
*/
public function sanitize_module_input($input)
{
global $itsec_globals;
$input['did_upgrade'] = isset($this->settings['did_upgrade']) ? $this->settings['did_upgrade'] : false;
if (isset($input['backup_email'])) {
$bad_emails = array();
$emails_to_save = array();
if (isset($input['backup_email']) && !is_array($input['backup_email'])) {
$emails = explode(PHP_EOL, $input['backup_email']);
} elseif (isset($input['backup_email'])) {
$emails = $input['backup_email'];
}
foreach ($emails as $email) {
$email = sanitize_text_field(trim($email));
if (strlen($email) > 0) {
if (is_email($email) === false) {
$bad_emails[] = $email;
}
$emails_to_save[] = $email;
}
}
if (sizeof($bad_emails) > 0) {
$bad_addresses = implode(', ', $bad_emails);
$type = 'error';
$message = __('The following backup email address(es) do not appear to be valid: ', 'better-wp-security') . $bad_addresses;
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
$input['backup_email'] = $emails_to_save;
}
if (isset($input['notification_email'])) {
$bad_emails = array();
$emails_to_save = array();
if (isset($input['notification_email']) && !is_array($input['notification_email'])) {
$emails = explode(PHP_EOL, $input['notification_email']);
} else {
$emails = $input['notification_email'];
}
foreach ($emails as $email) {
$email = sanitize_text_field(trim($email));
if (strlen($email) > 0) {
if (is_email($email) === false) {
$bad_emails[] = $email;
}
$emails_to_save[] = $email;
}
}
if (sizeof($bad_emails) > 0) {
$bad_addresses = implode(', ', $bad_emails);
$type = 'error';
$message = __('The following notification email address(es) do not appear to be valid: ', 'better-wp-security') . $bad_addresses;
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
$input['notification_email'] = $emails_to_save;
}
$input['lockout_message'] = isset($input['lockout_message']) ? trim(wp_kses($input['lockout_message'], $this->allowed_tags)) : '';
$input['user_lockout_message'] = isset($input['user_lockout_message']) ? trim(wp_kses($input['user_lockout_message'], $this->allowed_tags)) : '';
$input['community_lockout_message'] = isset($input['community_lockout_message']) ? trim(wp_kses($input['community_lockout_message'], $this->allowed_tags)) : '';
$input['blacklist'] = isset($input['blacklist']) && intval($input['blacklist'] == 1) ? true : false;
$input['blacklist_count'] = isset($input['blacklist_count']) ? absint($input['blacklist_count']) : 3;
$input['blacklist_period'] = isset($input['blacklist_period']) ? absint($input['blacklist_period']) : 7;
$input['email_notifications'] = isset($input['email_notifications']) && intval($input['email_notifications'] == 1) ? true : false;
$input['lockout_period'] = isset($input['lockout_period']) ? absint($input['lockout_period']) : 15;
$input['log_rotation'] = isset($input['log_rotation']) ? absint($input['log_rotation']) : 14;
$input['allow_tracking'] = isset($input['allow_tracking']) && intval($input['allow_tracking'] == 1) ? true : false;
$input['write_files'] = isset($input['write_files']) && intval($input['write_files'] == 1) ? true : false;
$input['nginx_file'] = isset($input['nginx_file']) ? sanitize_text_field($input['nginx_file']) : ABSPATH . 'nginx.conf';
$input['infinitewp_compatibility'] = isset($input['infinitewp_compatibility']) && intval($input['infinitewp_compatibility'] == 1) ? true : false;
$input['log_info'] = $itsec_globals['settings']['log_info'];
$input['lock_file'] = isset($input['lock_file']) && intval($input['lock_file'] == 1) ? true : false;
$input['digest_email'] = isset($input['digest_email']) && intval($input['digest_email'] == 1) ? true : false;
$input['proxy_override'] = isset($input['proxy_override']) && intval($input['proxy_override'] == 1) ? true : false;
$input['hide_admin_bar'] = isset($input['hide_admin_bar']) && intval($input['hide_admin_bar'] == 1) ? true : false;
//Set a fresh message queue if we're just turning on the digest.
if ($input['digest_email'] === true && (!isset($this->settings['digest_email']) || $this->settings['digest_email'] === false)) {
$digest_queue = array('last_sent' => $itsec_globals['current_time_gmt'], 'messages' => array());
update_site_option('itsec_message_queue', $digest_queue);
}
$input['log_location'] = isset($input['log_location']) ? sanitize_text_field($input['log_location']) : $itsec_globals['ithemes_log_dir'];
//Process white list
if (isset($input['lockout_white_list']) && !is_array($input['lockout_white_list'])) {
$white_listed_addresses = explode(PHP_EOL, $input['lockout_white_list']);
} elseif (isset($input['lockout_white_list'])) {
$white_listed_addresses = $input['lockout_white_list'];
} else {
$white_listed_addresses = array();
}
$bad_white_listed_ips = array();
$raw_white_listed_ips = array();
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
foreach ($white_listed_addresses as $index => $address) {
// Convert wildcard IPs to CIDR notation
$address = ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr(trim($address));
if (strlen(trim($address)) > 0) {
if (ITSEC_Lib_IP_Tools::validate($address) === false) {
$bad_white_listed_ips[] = filter_var($address, FILTER_SANITIZE_STRING);
}
$raw_white_listed_ips[] = filter_var($address, FILTER_SANITIZE_STRING);
} else {
unset($white_listed_addresses[$index]);
}
}
$raw_white_listed_ips = array_unique($raw_white_listed_ips);
if (sizeof($bad_white_listed_ips) > 0) {
$type = 'error';
$message = __('There is a problem with an IP address in the white list:', 'better-wp-security') . '<br /><br />';
foreach ($bad_white_listed_ips as $bad_ip) {
$message .= sprintf(__('%s is not a valid address in the white list users box.', 'better-wp-security'), $bad_ip) . '<br />';
}
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
$input['lockout_white_list'] = $raw_white_listed_ips;
if ($input['log_location'] != $itsec_globals['ithemes_log_dir']) {
$good_path = ITSEC_Lib::validate_path($input['log_location']);
} else {
$good_path = true;
}
if ($good_path !== true) {
$input['log_location'] = $itsec_globals['ithemes_log_dir'];
$type = 'error';
$message = __('The file path entered for the log location does not appear to be valid. it has been reset to: ' . $itsec_globals['ithemes_log_dir'], 'better-wp-security');
add_settings_error('itsec', esc_attr('settings_updated'), $message, $type);
}
$input['log_type'] = isset($input['log_type']) ? intval($input['log_type']) : 0;
if (!isset($type) && $input['write_files'] === true && $this->settings['write_files'] === false) {
add_site_option('itsec_rewrites_changed', true);
}
if (is_multisite()) {
if (isset($type)) {
$error_handler = new WP_Error();
$error_handler->add($type, $message);
$this->core->show_network_admin_notice($error_handler);
} else {
$this->core->show_network_admin_notice(false);
}
$this->settings = $input;
}
return $input;
}
<?php // Set up Strong Passwords Admin require_once 'class-itsec-strong-passwords-admin.php'; $itsec_strong_passwords_admin = new ITSEC_Strong_Passwords_Admin(); $itsec_strong_passwords_admin->run(ITSEC_Core::get_instance()); // Set up Strong Passwords Frontend require_once 'class-itsec-strong-passwords.php'; $itsec_strong_passwords = new ITSEC_Strong_Passwords(); $itsec_strong_passwords->run(ITSEC_Core::get_instance());
<?php // Set up Content Directory Admin require_once 'class-itsec-salts-admin.php'; $itsec_salts_admin = new ITSEC_Salts_Admin(); $itsec_salts_admin->run(ITSEC_Core::get_instance());
/**
* Determines whether a given IP address is whitelisted
*
* @param string $ip_to_check ip to check (can be in CIDR notation)
* @param array $white_ips ip list to compare to if not yet saved to options
* @param boolean $current whether to whitelist the current ip or not (due to saving, etc)
*
* @return boolean true if whitelisted or false
*/
public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false)
{
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if ($white_ips === null) {
$global_settings = get_site_option('itsec_global');
$white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if ($current === true) {
$white_ips[] = ITSEC_Lib::get_ip();
//add current user ip to whitelist to check automatically
}
foreach ($white_ips as $white_ip) {
if (ITSEC_Lib_IP_Tools::intersect($ip_to_check, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($white_ip))) {
return true;
}
}
return false;
}
<?php // Set up File Change Admin require_once 'class-itsec-file-change-admin.php'; $itsec_file_change_admin = new ITSEC_File_Change_Admin(); $itsec_file_change_admin->run(ITSEC_Core::get_instance()); // Set up File Change Frontend require_once 'class-itsec-file-change.php'; $itsec_file_change = new ITSEC_File_Change(); $itsec_file_change->run();
<?php // Set up Malware Admin require_once 'class-itsec-malware-admin.php'; $itsec_malware_admin = new ITSEC_Malware_Admin(); $itsec_malware_admin->run(ITSEC_Core::get_instance()); // Set up Malware Frontend require_once 'class-itsec-malware.php'; $itsec_malware = new ITSEC_Malware(); $itsec_malware->run();
<?php // Set up Backup Admin require_once 'class-itsec-backup-admin.php'; $itsec_backup_admin = new ITSEC_Backup_Admin(); $itsec_backup_admin->run(ITSEC_Core::get_instance()); // Set up Backup Frontend require_once 'class-itsec-backup.php'; $itsec_backup = new ITSEC_Backup(); $itsec_backup->run(ITSEC_Core::get_instance());
/**
* Process quick ban of host.
*
* Immediately adds the supplied host to the .htaccess file for banning.
*
* @since 4.0.0
*
* @param string $host the host to ban
*
* @return bool true on success or false on failure
*/
public static function quick_ban($host)
{
$host = trim($host);
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if (!ITSEC_Lib_IP_Tools::validate($host)) {
return false;
}
$host_rule = '# ' . __('Quick ban IP. Will be updated on next formal rules save.', 'better-wp-security') . "\n";
if ('nginx' === ITSEC_Lib::get_server()) {
$host_rule .= "\tdeny {$host};\n";
} else {
if ('apache' === ITSEC_Lib::get_server()) {
$dhost = str_replace('.', '\\.', $host);
//re-define $dhost to match required output for SetEnvIf-RegEX
$host_rule .= "SetEnvIF REMOTE_ADDR \"^{$dhost}\$\" DenyAccess\n";
//Ban IP
$host_rule .= "SetEnvIF X-FORWARDED-FOR \"^{$dhost}\$\" DenyAccess\n";
//Ban IP from Proxy-User
$host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^{$dhost}\$\" DenyAccess\n";
//Ban IP for Cluster/Cloud-hosted WP-Installs
$host_rule .= "<IfModule mod_authz_core.c>\n";
$host_rule .= "\t<RequireAll>\n";
$host_rule .= "\t\tRequire all granted\n";
$host_rule .= "\t\tRequire not env DenyAccess\n";
$host_rule .= "\t\tRequire not ip {$host}\n";
$host_rule .= "\t</RequireAll>\n";
$host_rule .= "</IfModule>\n";
$host_rule .= "<IfModule !mod_authz_core.c>\n";
$host_rule .= "\tOrder allow,deny\n";
$host_rule .= "\tDeny from env=DenyAccess\n";
$host_rule .= "\tDeny from {$host}\n";
$host_rule .= "\tAllow from all\n";
$host_rule .= "</IfModule>\n";
}
}
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php';
$result = ITSEC_Lib_Config_File::append_server_config($host_rule);
if (is_wp_error($result)) {
return false;
}
return true;
}
<?php // Set up Hide Backend Admin require_once 'class-itsec-hide-backend-admin.php'; $itsec_hide_backend_admin = new ITSEC_Hide_Backend_Admin(); $itsec_hide_backend_admin->run(ITSEC_Core::get_instance()); // Set up Hide Backend Frontend require_once 'class-itsec-hide-backend.php'; $itsec_hide_backend = new ITSEC_Hide_Backend(); $itsec_hide_backend->run();
<?php
/*
* Plugin Name: iThemes Security
* Plugin URI: https://ithemes.com/security
* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
* Author: iThemes
* Author URI: https://ithemes.com
* Version: 5.3.7
* Text Domain: better-wp-security
* Network: True
* License: GPLv2
*/
$locale = apply_filters('plugin_locale', get_locale(), 'better-wp-security');
load_textdomain('better-wp-security', WP_LANG_DIR . "/plugins/better-wp-security/better-wp-security-{$locale}.mo");
load_plugin_textdomain('better-wp-security');
if (isset($itsec_dir) || class_exists('ITSEC_Core')) {
include dirname(__FILE__) . '/core/show-multiple-version-notice.php';
return;
}
$itsec_dir = dirname(__FILE__);
if (is_admin()) {
require "{$itsec_dir}/lib/icon-fonts/load.php";
}
require "{$itsec_dir}/core/class-itsec-core.php";
$itsec_core = ITSEC_Core::get_instance();
$itsec_core->init(__FILE__, __('iThemes Security', 'better-wp-security'));
<?php // Set up Brute Force Admin require_once 'class-itsec-four-oh-four-admin.php'; $itsec_404_detection_admin = new ITSEC_Four_Oh_Four_Admin(); $itsec_404_detection_admin->run(ITSEC_Core::get_instance()); // Set up Brute Force Frontend require_once 'class-itsec-four-oh-four.php'; $itsec_404_detection = new ITSEC_Four_Oh_Four(); $itsec_404_detection->run();
