public function generate_new_salts() { if (!ITSEC_Modules::get_setting('global', 'write_files')) { return new WP_Error('itsec-wordpress-salts-utilities-write-files-disabled', __('The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.', 'better-wp-security')); } require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php'; require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-file.php'; $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path(); $config = ITSEC_Lib_File::read($config_file_path); if (is_wp_error($config)) { return new WP_Error('itsec-wordpress-salts-utilities-cannot-read-wp-config.php', sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code())); } $defines = array('AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT'); foreach ($defines as $define) { if (empty($salts)) { $salts = self::get_new_salts(); } $salt = array_pop($salts); if (empty($salt)) { $salt = wp_generate_password(64, true, true); } $salt = str_replace('$', '\\$', $salt); $regex = "/(define\\s*\\(\\s*(['\"]){$define}\\2\\s*,\\s*)(['\"]).+?\\3(\\s*\\)\\s*;)/"; $config = preg_replace($regex, "\${1}'{$salt}'\${4}", $config); } $write_result = ITSEC_Lib_File::write($config_file_path, $config); if (is_wp_error($write_result)) { return new WP_Error('itsec-wordpress-salts-utilities-cannot-save-wp-config.php', sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code())); } return true; }
protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); $diff = array_diff_assoc($this->settings, $previous_settings); if (!empty($diff)) { ITSEC_Response::regenerate_server_config(); } if ($this->settings['write_permissions']) { // Always set permissions to 0444 when saving the settings. // This ensures that the file permissions are fixed each time the settings are saved. $new_permissions = 0444; } else { if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) { // Only revert the settings to the defaults when disabling the setting. // This avoids changing the file permissions when the setting has yet to be enabled and disabled. $new_permissions = 0664; } } if (isset($new_permissions)) { // Only change the permissions when needed. require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php'; require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php'; $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path(); $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); ITSEC_Lib_File::chmod($server_config_file, $new_permissions); ITSEC_Lib_File::chmod($wp_config_file, $new_permissions); ITSEC_Response::reload_module('file-permissions'); } }
protected function render_settings($form) { if (!defined('DOING_AJAX') || !DOING_AJAX) { echo '<p>' . __('Click the button to load the current file permissions.', 'better-wp-security') . '</p>'; echo '<p>' . $form->add_button('load_file_permissions', array('value' => __('Load File Permissions Details', 'better-wp-security'), 'class' => 'button-primary itsec-reload-module')) . '</p>'; return; } require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php'; $wp_upload_dir = ITSEC_Core::get_wp_upload_dir(); $path_data = array(array(ABSPATH, 0755), array(ABSPATH . WPINC, 0755), array(ABSPATH . 'wp-admin', 0755), array(ABSPATH . 'wp-admin/js', 0755), array(WP_CONTENT_DIR, 0755), array(get_theme_root(), 0755), array(WP_PLUGIN_DIR, 0755), array($wp_upload_dir['basedir'], 0755), array(ITSEC_Lib_Config_File::get_wp_config_file_path(), 0444), array(ITSEC_Lib_Config_File::get_server_config_file_path(), 0444)); $rows = array(); foreach ($path_data as $path) { $row = array(); list($path, $suggested_permissions) = $path; $display_path = preg_replace('/^' . preg_quote(ABSPATH, '/') . '/', '', $path); $display_path = ltrim($display_path, '/'); if (empty($display_path)) { $display_path = '/'; } $row[] = $display_path; $row[] = sprintf('%o', $suggested_permissions); $permissions = fileperms($path) & 0777; $row[] = sprintf('%o', $permissions); if (!$permissions || $permissions != $suggested_permissions) { $row[] = __('WARNING', 'better-wp-security'); $row[] = '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;"> </div>'; } else { $row[] = __('OK', 'better-wp-security'); $row[] = '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;"> </div>'; } $rows[] = $row; } $class = 'entry-row'; ?> <p><?php $form->add_button('reload_file_permissions', array('value' => __('Reload File Permissions Details', 'better-wp-security'), 'class' => 'button-primary itsec-reload-module')); ?> </p> <table class="widefat"> <thead> <tr> <th><?php _e('Relative Path', 'better-wp-security'); ?> </th> <th><?php _e('Suggestion', 'better-wp-security'); ?> </th> <th><?php _e('Value', 'better-wp-security'); ?> </th> <th><?php _e('Result', 'better-wp-security'); ?> </th> <th><?php _e('Status', 'better-wp-security'); ?> </th> </tr> </thead> <tfoot> <tr> <th><?php _e('Relative Path', 'better-wp-security'); ?> </th> <th><?php _e('Suggestion', 'better-wp-security'); ?> </th> <th><?php _e('Value', 'better-wp-security'); ?> </th> <th><?php _e('Result', 'better-wp-security'); ?> </th> <th><?php _e('Status', 'better-wp-security'); ?> </th> </tr> </tfoot> <tbody> <?php foreach ($rows as $row) { ?> <tr class="<?php echo $class; ?> "> <?php foreach ($row as $column) { ?> <td><?php echo $column; ?> </td> <?php } ?> </tr> <?php $class = 'entry-row' === $class ? 'entry-row alternate' : 'entry-row'; ?> <?php } ?> </tbody> </table> <br /> <?php }
/** * Sanitize and validate input * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input( $input ) { global $itsec_globals; $input['protect_files'] = ( isset( $input['protect_files'] ) && intval( $input['protect_files'] == 1 ) ? true : false ); $input['directory_browsing'] = ( isset( $input['directory_browsing'] ) && intval( $input['directory_browsing'] == 1 ) ? true : false ); $input['request_methods'] = ( isset( $input['request_methods'] ) && intval( $input['request_methods'] == 1 ) ? true : false ); $input['suspicious_query_strings'] = ( isset( $input['suspicious_query_strings'] ) && intval( $input['suspicious_query_strings'] == 1 ) ? true : false ); $input['non_english_characters'] = ( isset( $input['non_english_characters'] ) && intval( $input['non_english_characters'] == 1 ) ? true : false ); $input['long_url_strings'] = ( isset( $input['long_url_strings'] ) && intval( $input['long_url_strings'] == 1 ) ? true : false ); $input['write_permissions'] = ( isset( $input['write_permissions'] ) && intval( $input['write_permissions'] == 1 ) ? true : false ); $input['wlwmanifest_header'] = ( isset( $input['wlwmanifest_header'] ) && intval( $input['wlwmanifest_header'] == 1 ) ? true : false ); $input['edituri_header'] = ( isset( $input['edituri_header'] ) && intval( $input['edituri_header'] == 1 ) ? true : false ); $input['theme_updates'] = ( isset( $input['theme_updates'] ) && intval( $input['theme_updates'] == 1 ) ? true : false ); $input['plugin_updates'] = ( isset( $input['plugin_updates'] ) && intval( $input['plugin_updates'] == 1 ) ? true : false ); $input['core_updates'] = ( isset( $input['core_updates'] ) && intval( $input['core_updates'] == 1 ) ? true : false ); $input['comment_spam'] = ( isset( $input['comment_spam'] ) && intval( $input['comment_spam'] == 1 ) ? true : false ); $input['file_editor'] = ( isset( $input['file_editor'] ) && intval( $input['file_editor'] == 1 ) ? true : false ); $input['disable_xmlrpc'] = isset( $input['disable_xmlrpc'] ) ? intval( $input['disable_xmlrpc'] ) : 0; $input['allow_xmlrpc_multiauth'] = isset( $input['allow_xmlrpc_multiauth'] ) ? (bool) $input['allow_xmlrpc_multiauth'] : true; $input['uploads_php'] = ( isset( $input['uploads_php'] ) && intval( $input['uploads_php'] == 1 ) ? true : false ); $input['safe_jquery'] = ( isset( $input['safe_jquery'] ) && intval( $input['safe_jquery'] == 1 ) ? true : false ); $input['login_errors'] = ( isset( $input['login_errors'] ) && intval( $input['login_errors'] == 1 ) ? true : false ); $input['force_unique_nicename'] = ( isset( $input['force_unique_nicename'] ) && intval( $input['force_unique_nicename'] == 1 ) ? true : false ); $input['disable_unused_author_pages'] = ( isset( $input['disable_unused_author_pages'] ) && intval( $input['disable_unused_author_pages'] == 1 ) ? true : false ); if ( ! isset( $this->settings['allow_xmlrpc_multiauth'] ) ) { $this->settings['allow_xmlrpc_multiauth'] = null; } if ( ( $input['protect_files'] !== $this->settings['protect_files'] || $input['directory_browsing'] !== $this->settings['directory_browsing'] || $input['request_methods'] !== $this->settings['request_methods'] || $input['suspicious_query_strings'] !== $this->settings['suspicious_query_strings'] || $input['non_english_characters'] !== $this->settings['non_english_characters'] || $input['comment_spam'] !== $this->settings['comment_spam'] || $input['disable_xmlrpc'] !== $this->settings['disable_xmlrpc'] || $input['allow_xmlrpc_multiauth'] !== $this->settings['allow_xmlrpc_multiauth'] || $input['uploads_php'] !== $this->settings['uploads_php'] ) || isset( $itsec_globals['settings']['write_files'] ) && $itsec_globals['settings']['write_files'] === true ) { add_site_option( 'itsec_rewrites_changed', true ); } if ( $input['file_editor'] !== $this->settings['file_editor'] ) { add_site_option( 'itsec_config_changed', true ); } if ( $input['write_permissions'] === true ) { // Always set permissions to 0444 when saving the settings. // This ensures that the file permissions are fixed each time the settings are saved. $new_permissions = 0444; } else if ( $input['write_permissions'] !== $this->settings['write_permissions'] ) { // Only revert the settings to the defaults when disabling the setting. // This avoids changing the file permissions when the setting has yet to be enabled and disabled. $new_permissions = 0664; } if ( isset( $new_permissions ) ) { // Only change the permissions when needed. require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' ); require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-file.php' ); $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path(); $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); ITSEC_Lib_File::chmod( $server_config_file, $new_permissions ); ITSEC_Lib_File::chmod( $wp_config_file, $new_permissions ); } if ( is_multisite() ) { $this->settings = $input; } return $input; }
/** * Sanitize and validate input * */ public function process_database_prefix() { global $wpdb, $itsec_files; //suppress error messages due to timing error_reporting(0); @ini_set('display_errors', 0); $check_prefix = true; //Assume the first prefix we generate is unique //generate a new table prefix that doesn't conflict with any other in use in the database while ($check_prefix) { $avail = 'abcdefghijklmnopqrstuvwxyz0123456789'; //first character should be alpha $new_prefix = $avail[mt_rand(0, 25)]; //length of new prefix $prelength = mt_rand(4, 9); //generate remaning characters for ($i = 0; $i < $prelength; $i++) { $new_prefix .= $avail[mt_rand(0, 35)]; } //complete with underscore $new_prefix .= '_'; $new_prefix = esc_sql($new_prefix); //just be safe $check_prefix = $wpdb->get_results('SHOW TABLES LIKE "' . $new_prefix . '%";', ARRAY_N); //if there are no tables with that prefix in the database set checkPrefix to false } //assume this will work $type = 'updated'; $message = __('Settings Updated', 'better-wp-security'); $tables = $wpdb->get_results('SHOW TABLES LIKE "' . $wpdb->base_prefix . '%"', ARRAY_N); //retrieve a list of all tables in the DB //Rename each table foreach ($tables as $table) { $table = substr($table[0], strlen($wpdb->base_prefix), strlen($table[0])); //Get the table name without the old prefix //rename the table and generate an error if there is a problem if ($wpdb->query('RENAME TABLE `' . $wpdb->base_prefix . $table . '` TO `' . $new_prefix . $table . '`;') === false) { $type = 'error'; $message = sprintf('%s %s%s. %s', __('Error: Could not rename table', 'better-wp-security'), $wpdb->base_prefix, $table, __('You may have to rename the table manually.', 'better-wp-security')); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } } if (is_multisite()) { //multisite requires us to rename each blogs' options $blogs = $wpdb->get_col("SELECT blog_id FROM `" . $new_prefix . "blogs` WHERE public = '1' AND archived = '0' AND mature = '0' AND spam = '0' ORDER BY blog_id DESC"); //get list of blog id's if (is_array($blogs)) { //make sure there are other blogs to update //update each blog's user_roles option foreach ($blogs as $blog) { $wpdb->query('UPDATE `' . $new_prefix . $blog . '_options` SET option_name = "' . $new_prefix . $blog . '_user_roles" WHERE option_name = "' . $wpdb->base_prefix . $blog . '_user_roles" LIMIT 1;'); } } } $upOpts = $wpdb->query('UPDATE `' . $new_prefix . 'options` SET option_name = "' . $new_prefix . 'user_roles" WHERE option_name = "' . $wpdb->base_prefix . 'user_roles" LIMIT 1;'); //update options table and set flag to false if there's an error if ($upOpts === false) { //set an error $type = 'error'; $message = __('Could not update prefix references in options table.', 'better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $rows = $wpdb->get_results('SELECT * FROM `' . $new_prefix . 'usermeta`'); //get all rows in usermeta //update all prefixes in usermeta foreach ($rows as $row) { if (substr($row->meta_key, 0, strlen($wpdb->base_prefix)) == $wpdb->base_prefix) { $pos = $new_prefix . substr($row->meta_key, strlen($wpdb->base_prefix), strlen($row->meta_key)); $result = $wpdb->query('UPDATE `' . $new_prefix . 'usermeta` SET meta_key="' . $pos . '" WHERE meta_key= "' . $row->meta_key . '" LIMIT 1;'); if ($result == false) { $type = 'error'; $message = __('Could not update prefix references in usermeta table.', 'better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } } } require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php'; require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-file.php'; $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path(); $config = ITSEC_Lib_File::read($config_file_path); $error = ''; if (is_wp_error($config)) { $error = sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()); } else { $regex = '/(\\$table_prefix\\s*=\\s*)([\'"]).+?\\2(\\s*;)/'; $config = preg_replace($regex, "\${1}'{$new_prefix}'\${3}", $config); $write_result = ITSEC_Lib_File::write($config_file_path, $config); if (is_wp_error($write_result)) { $error = sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()); } } if (!empty($error)) { add_settings_error('itsec', esc_attr('settings_updated'), $error, 'error'); add_site_option('itsec_manual_update', true); } $this->settings = $new_prefix; //this tells the form field that all went well. if (is_multisite()) { if (!empty($error)) { $error_handler = new WP_Error(); $error_handler->add('error', $error); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = false; } }
/** * Sanitize and validate input * * @since 4.6.0 */ public function process_salts() { global $itsec_globals; require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' ); require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-file.php' ); $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path(); $config = ITSEC_Lib_File::read( $config_file_path ); $error = ''; if ( is_wp_error( $config ) ) { $error = sprintf( __( 'Unable to read the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'it-l10n-ithemes-security-pro' ), $config->get_error_message(), $config->get_error_code() ); } else { $defines = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT', ); foreach ( $defines as $define ) { $new_salt = $this->get_salt(); $new_salt = str_replace( '$', '\\$', $new_salt ); $regex = "/(define\s*\(\s*(['\"])$define\\2\s*,\s*)(['\"]).+?\\3(\s*\)\s*;)/"; $config = preg_replace( $regex, "\${1}'$new_salt'\${4}", $config ); } $write_result = ITSEC_Lib_File::write( $config_file_path, $config ); if ( is_wp_error( $write_result ) ) { $error = sprintf( __( 'Unable to update the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'it-l10n-ithemes-security-pro' ), $config->get_error_message(), $config->get_error_code() ); } } if ( ! empty( $error ) ) { add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $error, 'error' ); add_site_option( 'itsec_manual_update', true ); } $this->settings = true; //this tells the form field that all went well. if ( is_multisite() ) { if ( ! empty( $error ) ) { $error_handler = new WP_Error(); $error_handler->add( 'error', $error ); $this->core->show_network_admin_notice( $error_handler ); } else { $this->core->show_network_admin_notice( false ); } $this->settings = true; } if ( $this->settings === true ) { update_site_option( 'itsec_salts', $itsec_globals['current_time_gmt'] ); wp_clear_auth_cookie(); $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect( $redirect_to ); } }
protected function is_modified_by_it_security() { if (!$this->is_custom_directory()) { return false; } if (isset($this->is_modified_by_it_security)) { return $this->is_modified_by_it_security; } $this->is_modified_by_it_security = false; require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php'; $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); if (empty($wp_config_file)) { return false; } require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-file.php'; $wp_config = ITSEC_Lib_File::read($wp_config_file); if (is_wp_error($wp_config)) { return false; } $define_expression = $this->get_wp_config_define_expression(); if (!preg_match($define_expression, $wp_config)) { return false; } require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-utility.php'; $wp_config_without_comments = ITSEC_Lib_Utility::strip_php_comments($wp_config); if (is_wp_error($wp_config_without_comments)) { return false; } $define_expression_without_comment = $this->get_wp_config_define_expression(false); if (!preg_match($define_expression_without_comment, $wp_config_without_comments)) { return false; } $this->is_modified_by_it_security = true; return true; }
/** * Gets location of wp-config.php. * * Finds and returns path to wp-config.php * * @since 4.0.0 * * @return string path to wp-config.php * */ public static function get_config() { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php'; return ITSEC_Lib_Config_File::get_wp_config_file_path(); }
public static function is_modified_by_it_security() { if (isset($GLOBALS['__itsec_content_directory_is_modified_by_it_security'])) { return $GLOBALS['__itsec_content_directory_is_modified_by_it_security']; } $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = false; if (!self::is_custom_directory()) { return false; } require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-config-file.php'; $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); if (empty($wp_config_file)) { return false; } require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-file.php'; $wp_config = ITSEC_Lib_File::read($wp_config_file); if (is_wp_error($wp_config)) { return false; } $define_expression = self::get_wp_config_define_expression(); if (!preg_match($define_expression, $wp_config)) { return false; } require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php'; $wp_config_without_comments = ITSEC_Lib_Utility::strip_php_comments($wp_config); if (is_wp_error($wp_config_without_comments)) { return false; } $define_expression_without_comment = self::get_wp_config_define_expression(false); if (!preg_match($define_expression_without_comment, $wp_config_without_comments)) { return false; } $GLOBALS['__itsec_content_directory_is_modified_by_it_security'] = true; return true; }
public static function change_database_prefix() { global $wpdb; require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-config-file.php'; require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-file.php'; $response = array('errors' => array(), 'new_prefix' => false); //suppress error messages due to timing // error_reporting( 0 ); // @ini_set( 'display_errors', 0 ); $check_prefix = true; //Assume the first prefix we generate is unique //generate a new table prefix that doesn't conflict with any other in use in the database while ($check_prefix) { $avail = 'abcdefghijklmnopqrstuvwxyz0123456789'; //first character should be alpha $new_prefix = $avail[mt_rand(0, 25)]; //length of new prefix $prelength = mt_rand(4, 9); //generate remaning characters for ($i = 0; $i < $prelength; $i++) { $new_prefix .= $avail[mt_rand(0, 35)]; } //complete with underscore $new_prefix .= '_'; $new_prefix = esc_sql($new_prefix); //just be safe $check_prefix = $wpdb->get_results('SHOW TABLES LIKE "' . $new_prefix . '%";', ARRAY_N); //if there are no tables with that prefix in the database set checkPrefix to false } $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path(); $config = ITSEC_Lib_File::read($config_file_path); if (is_wp_error($config)) { /* translators: 1: Specific error details */ $response['errors'][] = new WP_Error($confix->get_error_code(), sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security'), $config->get_error_message())); return $response; } $regex = '/(\\$table_prefix\\s*=\\s*)([\'"]).+?\\2(\\s*;)/'; $config = preg_replace($regex, "\${1}'{$new_prefix}'\${3}", $config); $write_result = ITSEC_Lib_File::write($config_file_path, $config); if (is_wp_error($write_result)) { /* translators: 1: Specific error details */ $response['errors'][] = new WP_Error($confix->get_error_code(), sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the Database Prefix. Error details as follows: %1$s', 'better-wp-security'), $config->get_error_message())); return $response; } $response['new_prefix'] = $new_prefix; $tables = $wpdb->get_results('SHOW TABLES LIKE "' . $wpdb->base_prefix . '%"', ARRAY_N); //retrieve a list of all tables in the DB //Rename each table foreach ($tables as $table) { $table = substr($table[0], strlen($wpdb->base_prefix), strlen($table[0])); //Get the table name without the old prefix //rename the table and generate an error if there is a problem if ($wpdb->query('RENAME TABLE `' . $wpdb->base_prefix . $table . '` TO `' . $new_prefix . $table . '`;') === false) { $response['errors'][] = new WP_Error('itsec-database-prefix-utility-change-database-prefix-failed-table-rename', sprintf(__('Could not rename table %1$s. You may have to rename the table manually.', 'better-wp-security'), $wpdb->base_prefix . $table)); } } if (is_multisite()) { //multisite requires us to rename each blogs' options $blogs = $wpdb->get_col("SELECT blog_id FROM `" . $new_prefix . "blogs` WHERE public = '1' AND archived = '0' AND mature = '0' AND spam = '0' ORDER BY blog_id DESC"); //get list of blog id's if (is_array($blogs)) { //make sure there are other blogs to update //update each blog's user_roles option foreach ($blogs as $blog) { $wpdb->query('UPDATE `' . $new_prefix . $blog . '_options` SET option_name = "' . $new_prefix . $blog . '_user_roles" WHERE option_name = "' . $wpdb->base_prefix . $blog . '_user_roles" LIMIT 1;'); } } } $upOpts = $wpdb->query('UPDATE `' . $new_prefix . 'options` SET option_name = "' . $new_prefix . 'user_roles" WHERE option_name = "' . $wpdb->base_prefix . 'user_roles" LIMIT 1;'); //update options table and set flag to false if there's an error if ($upOpts === false) { //set an error $response['errors'][] = new WP_Error('itsec-database-prefix-utility-change-database-prefix-failed-options-update', __('Could not update prefix references in options table.', 'better-wp-security')); } $rows = $wpdb->get_results('SELECT * FROM `' . $new_prefix . 'usermeta`'); //get all rows in usermeta //update all prefixes in usermeta foreach ($rows as $row) { if (substr($row->meta_key, 0, strlen($wpdb->base_prefix)) == $wpdb->base_prefix) { $pos = $new_prefix . substr($row->meta_key, strlen($wpdb->base_prefix), strlen($row->meta_key)); $result = $wpdb->query('UPDATE `' . $new_prefix . 'usermeta` SET meta_key="' . $pos . '" WHERE meta_key= "' . $row->meta_key . '" LIMIT 1;'); if ($result == false) { $response['errors'][] = new WP_Error('itsec-database-prefix-utility-change-database-prefix-failed-usermeta-update', __('Could not update prefix references in usermeta table.', 'better-wp-security')); } } } return $response; }