/**
* Redirects to or from SSL where appropriate
*
* @return void
*/
function ssl_redirect()
{
global $post;
$hide_options = get_site_option('itsec_hide_backend');
if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) {
return;
}
if (is_singular() && $this->settings['frontend'] == 1) {
$require_ssl = get_post_meta($post->ID, 'itsec_enable_ssl', true);
$bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl', true);
if ($bwps_ssl == 1) {
$require_ssl = 1;
delete_post_meta($post->ID, 'bwps_enable_ssl');
update_post_meta($post->ID, 'itsec_enable_ssl', true);
} elseif ($bwps_ssl != 1) {
delete_post_meta($post->ID, 'bwps_enable_ssl');
if ($require_ssl != 1) {
delete_post_meta($post->ID, 'itsec_enable_ssl');
}
}
if ($require_ssl == 1 && $this->is_ssl() === false || $require_ssl != 1 && $this->is_ssl() === true) {
$href = ($_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
wp_redirect($href, 302);
}
} else {
if ($this->settings['frontend'] == 2 && !$this->is_ssl() || ($this->settings['frontend'] == 0 || $this->settings['frontend'] == 1) && $this->is_ssl()) {
$href = ($_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
wp_redirect($href, 302);
}
}
}
function run($core)
{
$this->core = $core;
$this->settings = get_site_option('itsec_malware');
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
add_action('itsec_add_admin_meta_boxes', array($this, 'add_admin_meta_boxes'));
//add meta boxes to admin page
add_action('itsec_admin_init', array($this, 'initialize_admin'));
//initialize admin area
add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts'));
//enqueue scripts for admin page
add_action('wp_ajax_itsec_malware_request_url_scan_ajax', array($this, 'wp_ajax_itsec_malware_request_url_scan_ajax'));
//Execute manual homepage scan request
add_action('wp_ajax_itsec_malware_get_scan_results_ajax', array($this, 'wp_ajax_itsec_malware_get_scan_results_ajax'));
//Execute manual homepage scan report
add_filter('itsec_add_dashboard_status', array($this, 'dashboard_status'));
//add information for plugin status
add_filter('itsec_tracking_vars', array($this, 'tracking_vars'));
add_filter('itsec_logger_displays', array($this, 'itsec_logger_displays'));
//adds logs metaboxes
//manually save options on multisite
if (is_multisite()) {
add_action('itsec_admin_init', array($this, 'save_network_options'));
//save multisite options
}
}
protected function sanitize_settings()
{
$this->sanitize_setting('bool', 'default', __('Default Blacklist', 'better-wp-security'));
$this->sanitize_setting('bool', 'enable_ban_lists', __('Ban Lists', 'better-wp-security'));
$this->sanitize_setting('newline-separated-ips', 'host_list', __('Ban Hosts', 'better-wp-security'));
if (is_array($this->settings['host_list'])) {
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php';
$whitelisted_hosts = array();
$current_ip = ITSEC_Lib::get_ip();
foreach ($this->settings['host_list'] as $host) {
if (is_user_logged_in() && ITSEC_Lib_IP_Tools::intersect($current_ip, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($host))) {
$this->set_can_save(false);
/* translators: 1: input name, 2: invalid host */
$this->add_error(sprintf(__('The following host in %1$s matches your current IP and cannot be banned: %2$s', 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $host));
continue;
}
if (ITSEC_Lib::is_ip_whitelisted($host)) {
$whitelisted_hosts[] = $host;
}
}
if (!empty($whitelisted_hosts)) {
$this->set_can_save(false);
/* translators: 1: input name, 2: invalid host list */
$this->add_error(wp_sprintf(_n('The following IP in %1$s is whitelisted and cannot be banned: %2$l', 'The following IPs in %1$s are whitelisted and cannot be banned: %2$l', count($whitelisted_hosts), 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $whitelisted_hosts));
}
}
$this->sanitize_setting(array($this, 'sanitize_agent_list_entry'), 'agent_list', __('Ban User Agents', 'better-wp-security'));
}
/**
* Returns directory contents
*
* @since 4.3
*
* @param string $dir the directory to scan
* @param string $parent the parent directory (if needed
*
* @return array
*/
private function get_files($dir = '', $parent = null)
{
if ($parent === null) {
$parent = ITSEC_Lib::get_home_path();
}
$rel_dir = trim(sanitize_text_field($dir));
$directory = trim(trailingslashit(urldecode(trailingslashit(sanitize_text_field($parent)) . $rel_dir)));
$dir_contents = array();
if (file_exists($directory)) {
$files = scandir($directory);
natcasesort($files);
if (count($files) > 2) {
/* The 2 accounts for . and .. */
//two loops keep directories sorted before files
// All dirs
foreach ($files as $file) {
if (file_exists($directory . $file) && $file != '.' && $file != '..' && is_dir($directory . $file)) {
//echo $dir . ', ' . $directory . PHP_EOL;
$dir_contents[$file] = $this->get_files($file, $directory);
}
}
// All files
foreach ($files as $file) {
if (file_exists($directory . $file) && $file != '.' && $file != '..' && !is_dir($directory . $file)) {
//echo $file . PHP_EOL;
$dir_contents[] = $file;
}
}
}
}
return $dir_contents;
}
/**
* Build rewrite rules
*
* @since 4.0
*
* @param array $input options to build rules from
*
* @return array rules to write
*/
public static function build_rewrite_rules($input = null)
{
$home_root = ITSEC_Lib::get_home_root();
$server_type = ITSEC_Lib::get_server();
//Get the server type to build the right rules
//Get the rules from the database if input wasn't sent
if ($input === null) {
$input = get_site_option('itsec_hide_backend');
}
$rules = '';
//initialize all rules to blank string
//don't add any rules if the module hasn't been enabled
if ($input['enabled'] == true) {
if ($server_type == 'nginx') {
$rules .= "\t# " . __('Rules to hide the dashboard', 'it-l10n-ithemes-security-pro') . PHP_EOL . "\trewrite ^(" . $home_root . ")?" . $input['slug'] . "/?\$ " . $home_root . "wp-login.php?\$query_string break;" . PHP_EOL;
} else {
$rules .= "\t# " . __('Rules to hide the dashboard', 'it-l10n-ithemes-security-pro') . PHP_EOL . "\tRewriteRule ^(" . $home_root . ")?" . $input['slug'] . "/?\$ " . $home_root . "wp-login.php [QSA,L]" . PHP_EOL;
}
if ($input['register'] != 'wp-register.php') {
if ($server_type == 'nginx') {
$rules .= "\trewrite ^(" . $home_root . ")?" . $input['register'] . "/?\$ " . $home_root . $input['slug'] . "?action=register break;" . PHP_EOL;
} else {
$rules .= "\tRewriteRule ^(" . $home_root . ")?" . $input['register'] . "/?\$ /wplogin?action=register [QSA,L]" . PHP_EOL;
}
}
}
if (strlen($rules) > 0) {
$rules = explode(PHP_EOL, $rules);
} else {
$rules = false;
}
//create a proper array for writing
return array('type' => 'htaccess', 'priority' => 9, 'name' => 'Hide Backend', 'rules' => $rules);
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
if ($current_options === false) {
$current_options = $this->defaults;
}
$current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false;
$current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false;
$current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false;
$current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false;
$current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false;
$current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false;
$current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false;
$current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false;
$current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false;
$current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false;
$current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false;
$current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false;
$current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false;
$current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
add_site_option('itsec_rewrites_changed', true);
add_site_option('itsec_config_changed', true);
}
if ($itsec_old_version < 4035) {
add_site_option('itsec_rewrites_changed', true);
}
}
function run( $core ) {
$this->defaults = array(
'enabled' => false,
'email_notifications' => true,
'email_contacts' => array(),
);
$this->core = $core;
$this->settings = get_site_option( 'itsec_malware_scheduling' );
$this->module_path = ITSEC_Lib::get_module_path( __FILE__ );
if ( ! is_array( $this->settings ) ) {
$this->settings = array();
}
$this->settings = array_merge( $this->defaults, $this->settings );
add_action( 'itsec_add_admin_meta_boxes', array( $this, 'itsec_add_admin_meta_boxes' ) ); //add meta boxes to admin page
add_action( 'itsec_admin_init', array( $this, 'itsec_admin_init' ) ); //initialize admin area
add_filter( 'itsec_add_dashboard_status', array( $this, 'dashboard_status' ) );
add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) ); //enqueue scripts for admin page
add_action( 'wp_ajax_itsec_jquery_malware_filetree_ajax', array( $this, 'wp_ajax_itsec_jquery_malware_filetree_ajax' ) );
//manually save options on multisite
if ( is_multisite() ) {
add_action( 'itsec_admin_init', array( $this, 'itsec_admin_init_multisite' ) ); //save multisite options
}
}
function run( $core ) {
$this->core = $core;
$this->module_path = ITSEC_Lib::get_module_path( __FILE__ );
add_action( 'admin_init', array( $this, 'admin_init' ) );
}
/**
* Determines whether a given IP address is whitelisted
*
* @param string $ip_to_check ip to check
* @param array $white_ips ip list to compare to if not yet saved to options
* @param boolean $current whether to whitelist the current ip or not (due to saving, etc)
*
* @return boolean true if whitelisted or false
*/
public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false)
{
$ip_to_check = trim($ip_to_check);
if ($white_ips === null) {
$global_settings = get_site_option('itsec_global');
$white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if ($current === true) {
$white_ips[] = ITSEC_Lib::get_ip();
//add current user ip to whitelist to check automatically
}
foreach ($white_ips as $white_ip) {
$converted_white_ip = ITSEC_Lib::ip_wild_to_mask($white_ip);
$check_range = ITSEC_Lib::cidr_to_range($converted_white_ip);
$ip_range = ITSEC_Lib::cidr_to_range($ip_to_check);
if (sizeof($check_range) === 2) {
//range to check
$check_min = ip2long($check_range[0]);
$check_max = ip2long($check_range[1]);
if (sizeof($ip_range) === 2) {
$ip_min = ip2long($ip_range[0]);
$ip_max = ip2long($ip_range[1]);
/**
* Checks cover the following scenarios:
* - min-a, min-b, max-a, max-b : min-b is in a range and min-a is in b range
* - min-b, min-a, max-b, max-a : max-b is in a range and max-a is in b range
* - min-a, min-b, max-b, max-a : range b is encapsulated by range a
* - min-b, min-a, max-a, max-b : range a is encapsulated by range b
*/
if ($check_min <= $ip_min && $ip_min <= $check_max || $check_min <= $ip_max && $ip_max <= $check_max || $ip_min <= $check_min && $check_min <= $ip_max || $ip_min <= $check_max && $check_max <= $ip_max) {
return true;
}
} else {
$ip = ip2long($ip_range[0]);
if ($check_min <= $ip && $ip <= $check_max) {
return true;
}
}
} else {
//single ip to check
$check = ip2long($check_range[0]);
if (sizeof($ip_range) === 2) {
$ip_min = ip2long($ip_range[0]);
$ip_max = ip2long($ip_range[1]);
if ($ip_min <= $check && $check <= $ip_max) {
return true;
}
} else {
$ip = ip2long($ip_range[0]);
if ($check == $ip) {
return true;
}
}
}
}
return false;
}
function run($core)
{
$this->settings = true;
$this->core = $core;
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
add_action('itsec_add_admin_meta_boxes', array($this, 'itsec_add_admin_meta_boxes'));
//add meta boxes to admin page
add_action('itsec_admin_init', array($this, 'itsec_admin_init'));
//initialize admin area
}
function run()
{
$this->settings = get_site_option('itsec_privilege');
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
add_action('admin_init', array($this, 'admin_init'));
add_action('edit_user_profile', array($this, 'edit_user_profile'));
add_action('edit_user_profile_update', array($this, 'edit_user_profile_update'));
add_action('init', array($this, 'init'), 1);
add_action('switch_blog', array($this, 'init'));
}
protected function render_settings($form)
{
?>
<div class="itsec-warning-message"><?php
printf(__('<span>Warning:</span> The changes made by this tool could cause compatibility issues with some plugins, themes, or customizations. Ensure that you <a href="%s">create a database backup</a> before using this tool.', 'better-wp-security'), esc_url(ITSEC_Core::get_backup_creation_page_url()));
?>
</div>
<table class="form-table itsec-settings-section">
<?php
if (username_exists('admin')) {
?>
<tr>
<th scope="row"><label for="itsec-admin-user-new_username"><?php
_e('New Admin Username', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_text('new_username', array('class' => 'code'));
?>
<br />
<p class="description"><?php
_e('Enter a new username to replace "admin." Please note that if you are logged in as admin you will have to log in again.', 'better-wp-security');
?>
</p>
</td>
</tr>
<?php
}
?>
<?php
if (ITSEC_Lib::user_id_exists(1)) {
?>
<tr>
<th scope="row"><label for="itsec-admin-user-change_id"><?php
_e('Change User ID 1', 'better-wp-security');
?>
</label></th>
<td>
<?php
$form->add_checkbox('change_id');
?>
<label for="itsec-admin-user-change_id"><?php
_e('Change the ID of the user with ID 1.', 'better-wp-security');
?>
</label>
</td>
</tr>
<?php
}
?>
</table>
<?php
}
public static function scan()
{
global $itsec_logger;
$results = self::get_scan_results();
if (is_array($results) && isset($results['cached']) && $results['cached']) {
return $results;
}
$user = wp_get_current_user();
$itsec_logger->log_event('malware', 3, $results, ITSEC_Lib::get_ip(), $user->user_login, $user->ID);
return $results;
}
public static function filter_nginx_server_config_modification($modification, $settings)
{
$home_root = ITSEC_Lib::get_home_root();
$modification .= "\n";
$modification .= "\t# " . __('Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security') . "\n";
$modification .= "\trewrite ^({$home_root})?{$settings['slug']}/?\$ {$home_root}wp-login.php?\$query_string break;\n";
if ('wp-register.php' != $settings['register']) {
$modification .= "\trewrite ^({$home_root})?{$settings['register']}/?\$ {$home_root}{$settings['slug']}?action=register break;\n";
}
return $modification;
}
/**
* Execute away mode functionality
*
* @return void
*/
public function run_active_check()
{
global $itsec_logger;
//execute lockout if applicable
if (self::is_active()) {
$itsec_logger->log_event('away_mode', 5, array(__('A host was prevented from accessing the dashboard due to away-mode restrictions being in effect', 'better-wp-security')), ITSEC_Lib::get_ip(), '', '', '', '');
wp_redirect(get_option('siteurl'));
wp_clear_auth_cookie();
die;
}
}
function run($core)
{
$this->core = $core;
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
add_filter('itsec_tracking_vars', array($this, 'tracking_vars'));
if (!empty($_POST)) {
add_action('itsec_admin_init', array($this, 'process_post_data'));
}
if (!$this->is_custom_directory() || $this->is_modified_by_it_security()) {
add_action('itsec_add_admin_meta_boxes', array($this, 'add_admin_meta_boxes'));
}
}
function run() {
$this->settings = get_site_option( 'itsec_password' );
$this->module_path = ITSEC_Lib::get_module_path( __FILE__ );
add_action( 'user_profile_update_errors', array( $this, 'validate_valid_password' ), 11 ); //make sure to clear password nag
add_action( 'validate_password_reset', array( $this, 'validate_valid_password' ), 11 ); //make sure to clear password nag if reseting
add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) ); //Add password generator to edit profile page
add_action( 'login_enqueue_scripts', array( $this, 'login_enqueue_scripts' ) ); //Add to reset password page
add_action( 'wp_login', array( $this, 'wp_login' ), 10, 2 ); //set meta if they need to change their password
add_action( 'current_screen', array( $this, 'admin_init' ) ); //redirect to profile page and show a require password change nag
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_hide_backend');
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['hb_enabled']) && $itsec_bwps_options['hb_enabled'] == 1 ? true : false;
$current_options['register'] = isset($itsec_bwps_options['hb_register']) ? sanitize_text_field($itsec_bwps_options['hb_register']) : 'wp-register.php';
if ($current_options['enabled'] === true) {
$current_options['show-tooltip'] = true;
set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600);
} else {
$current_options['show-tooltip'] = false;
}
$forbidden_slugs = array('admin', 'login', 'wp-login.php', 'dashboard', 'wp-admin', '');
if (isset($itsec_bwps_options['hb_login']) && !in_array(trim($itsec_bwps_options['hb_login']), $forbidden_slugs)) {
$current_options['slug'] = $itsec_bwps_options['hb_login'];
set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600);
} else {
$current_options['enabled'] = false;
set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600);
}
update_site_option('itsec_hide_backend', $current_options);
ITSEC_Response::regenerate_server_config();
}
}
if ($itsec_old_version < 4027) {
$current_options = get_site_option('itsec_hide_backend');
if (isset($current_options['enabled']) && $current_options['enabled'] === true) {
$config_file = ITSEC_Lib::get_htaccess();
//Make sure we can write to the file
$perms = substr(sprintf('%o', @fileperms($config_file)), -4);
@chmod($config_file, 0664);
add_action('admin_init', array($this, 'flush_rewrite_rules'));
//reset file permissions if we changed them
if ($perms == '0444') {
@chmod($config_file, 0444);
}
ITSEC_Response::regenerate_server_config();
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_hide_backend');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// remove 'show-tooltip' which is old and not used in the new module
unset($current_options['show-tooltip']);
ITSEC_Modules::set_settings('hide-backend', $current_options);
}
}
}
/**
* Redirects to or from SSL where appropriate
*
* @since 4.0
*
* @return void
*/
public function do_conditional_ssl_redirect()
{
$hide_options = get_site_option('itsec_hide_backend', array());
if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) {
return;
}
$settings = ITSEC_Modules::get_settings('ssl');
if (2 === $settings['frontend']) {
$protocol = 'https';
} else {
if (1 === $settings['frontend'] && is_singular()) {
global $post;
$bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl');
if (!empty($bwps_ssl)) {
if ($bwps_ssl[0]) {
$protocol = 'https';
update_post_meta($post->ID, 'itsec_enable_ssl', true);
}
delete_post_meta($post->ID, 'bwps_enable_ssl');
}
if (!isset($protocol)) {
$enable_ssl = get_post_meta($post->ID, 'itsec_enable_ssl');
if (!empty($enable_ssl)) {
if ($enable_ssl[0]) {
$protocol = 'https';
} else {
delete_post_meta($post->ID, 'itsec_enable_ssl');
}
}
}
} else {
return;
}
}
if (!isset($protocol)) {
$protocol = 'http';
}
$is_ssl = is_ssl();
if ($is_ssl && 'http' == $protocol) {
$redirect = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
} else {
if (!$is_ssl && 'https' == $protocol) {
$redirect = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
}
}
if (isset($redirect)) {
wp_redirect($redirect, 301);
exit;
}
}
/**
* Determines whether a given IP address is whitelisted
*
* @param string $ip_to_check ip to check
* @param array $white_ips ip list to compare to if not yet saved to options
* @param boolean $current whether to whitelist the current ip or not (due to saving, etc)
*
* @return boolean true if whitelisted or false
*/
public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false)
{
$ip_to_check = trim($ip_to_check);
if ($white_ips === null) {
$global_settings = get_site_option('itsec_global');
$white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if ($current === true) {
$white_ips[] = ITSEC_Lib::get_ip();
//add current user ip to whitelist to check automatically
}
foreach ($white_ips as $white_ip) {
$converted_white_ip = ITSEC_Lib::ip_wild_to_mask($white_ip);
$check_range = ITSEC_Lib::cidr_to_range($converted_white_ip);
$ip_range = ITSEC_Lib::cidr_to_range($ip_to_check);
if (sizeof($check_range) === 2) {
//range to check
$check_min = ip2long($check_range[0]);
$check_max = ip2long($check_range[1]);
if (sizeof($ip_range) === 2) {
$ip_min = ip2long($ip_range[0]);
$ip_max = ip2long($ip_range[1]);
if ($check_min < $ip_min && $ip_min < $check_max || $check_min < $ip_max && $ip_max < $check_max) {
return true;
}
} else {
$ip = ip2long($ip_range[0]);
if ($check_min < $ip && $ip < $check_max) {
return true;
}
}
} else {
//single ip to check
$check = ip2long($check_range[0]);
if (sizeof($ip_range) === 2) {
$ip_min = ip2long($ip_range[0]);
$ip_max = ip2long($ip_range[1]);
if ($ip_min < $check && $check < $ip_max) {
return true;
}
} else {
$ip = ip2long($ip_range[0]);
if ($check == $ip) {
return true;
}
}
}
}
return false;
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false;
$current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false;
$current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false;
$current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false;
$current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false;
$current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false;
$current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('system-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('system-tweaks');
} else {
ITSEC_Modules::deactivate('system-tweaks');
}
ITSEC_Modules::set_settings('system-tweaks', $current_options);
}
}
}
function run()
{
$this->settings = get_site_option('itsec_strong_passwords');
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
//require strong passwords if turned on
if (isset($this->settings['enabled']) && $this->settings['enabled'] === true) {
add_action('user_profile_update_errors', array($this, 'enforce_strong_password'), 0, 3);
add_action('validate_password_reset', array($this, 'enforce_strong_password'), 10, 2);
if (isset($_GET['action']) && ($_GET['action'] == 'rp' || $_GET['action'] == 'resetpass') && isset($_GET['login'])) {
add_action('login_head', array($this, 'enforce_strong_password'));
}
add_action('admin_enqueue_scripts', array($this, 'login_script_js'));
add_action('login_enqueue_scripts', array($this, 'login_script_js'));
}
}
function run($core)
{
$this->core = $core;
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
add_filter('itsec_tracking_vars', array($this, 'tracking_vars'));
add_filter('itsec_add_dashboard_status', array($this, 'dashboard_status'));
if (!empty($_POST)) {
add_action('itsec_admin_init', array($this, 'initialize_admin'));
}
if (!$this->is_custom_directory()) {
// Changing the content directory is only supported when the content directory is set to default values.
add_action('admin_enqueue_scripts', array($this, 'admin_script'));
add_action('itsec_add_admin_meta_boxes', array($this, 'add_admin_meta_boxes'));
}
}
/**
* Sends to lockout class when login form isn't completely filled out
*
* @param object $user user or wordpress error
* @param string $username username attempted
* @param string $password password attempted
*
* @return user object or WordPress error
*/
public function execute_brute_force_no_password($user, $username = '', $password = '')
{
global $itsec_lockout, $itsec_logger;
if (isset($_POST['wp-submit']) && (empty($username) || empty($password))) {
$user_id = username_exists(sanitize_text_field($username));
if ($user_id === false || $user_id === NULL) {
$itsec_lockout->check_lockout(false, $username);
} else {
$itsec_lockout->check_lockout($user_id);
}
$itsec_logger->log_event('brute_force', 5, array(), ITSEC_Lib::get_ip(), sanitize_text_field($username), intval($user_id));
$itsec_lockout->do_lockout('brute_force', sanitize_text_field($username));
}
return $user;
}
function run($core)
{
$this->core = $core;
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
$this->settings = get_site_option('itsec_ipcheck');
add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts'));
//enqueue scripts for admin page
add_action('itsec_admin_init', array($this, 'itsec_admin_init'));
//initialize admin area
add_action('wp_ajax_itsec_api_key_ajax', array($this, 'wp_ajax_itsec_api_key_ajax'));
//manually save options on multisite
if (is_multisite()) {
add_action('itsec_admin_init', array($this, 'itsec_admin_init_multisite'));
//save multisite options
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false;
$current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false;
$current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false;
$current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('wordpress-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $setting => $on) {
// False is actually "enabled" for blocking xmlrpc multiauth
if ('allow_xmlrpc_multiauth' !== $setting && $on || 'allow_xmlrpc_multiauth' === $setting && !$on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('wordpress-tweaks');
} else {
ITSEC_Modules::deactivate('wordpress-tweaks');
}
ITSEC_Modules::set_settings('wordpress-tweaks', $current_options);
}
}
}
function run($core)
{
$this->core = $core;
$this->settings = get_site_option('itsec_privilege');
$this->module_path = ITSEC_Lib::get_module_path(__FILE__);
add_action('itsec_add_admin_meta_boxes', array($this, 'itsec_add_admin_meta_boxes'));
//add meta boxes to admin page
add_action('itsec_admin_init', array($this, 'itsec_admin_init'));
//initialize admin area
add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts'));
//enqueue scripts for admin page
//manually save options on multisite
if (is_multisite()) {
add_action('itsec_admin_init', array($this, 'itsec_admin_init_multisite'));
//save multisite options
}
}
/**
* If the page is a WordPress 404 error log it and register for lockout
*
* @return void
*/
public function check_404()
{
global $itsec_logger, $itsec_lockout;
if (!is_404()) {
return;
}
$uri = explode('?', $_SERVER['REQUEST_URI']);
if (!is_array($this->settings['white_list']) || in_array($uri[0], $this->settings['white_list'])) {
// Invalid settings or white listed page.
return;
}
$itsec_logger->log_event('four_oh_four', 3, array('query_string' => isset($uri[1]) ? esc_sql($uri[1]) : ''), ITSEC_Lib::get_ip(), '', '', esc_sql($uri[0]), isset($_SERVER['HTTP_REFERER']) ? esc_sql($_SERVER['HTTP_REFERER']) : '');
$path_info = pathinfo($uri[0]);
if (!isset($path_info['extension']) || is_array($this->settings['types']) && !in_array('.' . $path_info['extension'], $this->settings['types'])) {
$itsec_lockout->do_lockout('four_oh_four');
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false;
$current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false;
$current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('multisite-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('multisite-tweaks');
} else {
ITSEC_Modules::deactivate('multisite-tweaks');
}
ITSEC_Modules::set_settings('multisite-tweaks', $current_options);
}
}
}
/**
* Add Files Admin Javascript
*
* @since 4.0
*
* @return void
*/
public function admin_enqueue_scripts()
{
global $itsec_globals;
wp_enqueue_script('itsec_file_change_warning_js', $this->module_path . 'js/admin-file-change-warning.js', array('jquery'), $itsec_globals['plugin_build']);
wp_localize_script('itsec_file_change_warning_js', 'itsec_file_change_warning', array('nonce' => wp_create_nonce('itsec_file_change_warning'), 'url' => admin_url() . 'admin.php?page=toplevel_page_itsec_logs&itsec_log_filter=file_change'));
if (isset(get_current_screen()->id) && (strpos(get_current_screen()->id, 'security_page_toplevel_page_itsec_settings') !== false || strpos(get_current_screen()->id, 'security_page_toplevel_page_itsec_logs') !== false || strpos(get_current_screen()->id, 'dashboard') !== false)) {
wp_enqueue_script('itsec_file_change_js', $this->module_path . 'js/admin-file-change.js', array('jquery'), $itsec_globals['plugin_build']);
wp_localize_script('itsec_file_change_js', 'itsec_file_change', array('mem_limit' => ITSEC_Lib::get_memory_limit(), 'text' => __('Warning: Your server has less than 128MB of RAM dedicated to PHP. If you have many files in your installation or a lot of active plugins activating this feature may result in your site becoming disabled with a memory error. See the plugin homepage for more information.', 'it-l10n-better-wp-security'), 'module_path' => $this->module_path, 'button_text' => isset($this->settings['split']) && $this->settings['split'] === true ? __('Scan Next File Chunk', 'it-l10n-better-wp-security') : __('Scan Files Now', 'it-l10n-better-wp-security'), 'scanning_button_text' => __('Scanning...', 'it-l10n-better-wp-security'), 'no_changes' => __('No changes were detected.', 'it-l10n-better-wp-security'), 'changes' => __('Changes were detected. Please check the log page for details.', 'it-l10n-better-wp-security'), 'error' => __('An error occured. Please try again later', 'it-l10n-better-wp-security'), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check')));
wp_enqueue_script('itsec_jquery_filetree', $this->module_path . 'filetree/jqueryFileTree.js', array('jquery'), '1.01');
wp_localize_script('itsec_jquery_filetree', 'itsec_jquery_filetree', array('nonce' => wp_create_nonce('itsec_jquery_filetree')));
wp_register_style('itsec_jquery_filetree_style', $this->module_path . 'filetree/jqueryFileTree.css', array(), $itsec_globals['plugin_build']);
//add multi-select css
wp_enqueue_style('itsec_jquery_filetree_style');
wp_register_style('itsec_file_change_css', $this->module_path . 'css/admin-file-change.css', array(), $itsec_globals['plugin_build']);
//add multi-select css
wp_enqueue_style('itsec_file_change_css');
}
}
