function aiowps_filter_wp_login_file($url) { if (strpos($url, 'wp-login.php') !== false) { $args = explode('?', $url); if (isset($args[1])) { parse_str($args[1], $args); $url = add_query_arg($args, AIOWPSecurity_Process_Renamed_Login_Page::new_login_url()); } else { $url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url(); } } return $url; }
function __construct() { //Add tasks that need to be executed at wp-loaded time global $aio_wp_security; //Handle the rename login page feature if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') { include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-process-renamed-login-page.php'; $login_object = new AIOWPSecurity_Process_Renamed_Login_Page(); AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks(); } //For site lockout feature (ie, maintenance mode). It needs to be checked after the rename login page if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { if (!is_user_logged_in() && !current_user_can('administrator') && !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php'))) { self::site_lockout_tasks(); } } }
static function renamed_login_init_tasks() { global $aio_wp_security; //The following will process the native wordpress post password protection form //Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed $action = isset($_GET['action']) ? strip_tags($_GET['action']) : ''; if (isset($_POST['post_password']) && $action == 'postpass') { require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); /** * Filter the life span of the post password cookie. * * By default, the cookie expires 10 days from creation. To turn this * into a session cookie, return 0. * * @since 3.7.0 * * @param int $expires The expiry time, as passed to setcookie(). */ $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH); wp_safe_redirect(wp_get_referer()); exit; } //case where someone attempting to reach wp-admin if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } //case where someone attempting to reach wp-login if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } //case where someone attempting to reach the standard register or signup pages if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } $parsed_url = parse_url($_SERVER['REQUEST_URI']); $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug'); if (untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative') || !get_option('permalink_structure') && isset($_GET[$login_slug])) { status_header(200); require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php'; die; } }
static function renamed_login_init_tasks() { global $aio_wp_security; //case where someone attempting to reach wp-admin if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } //case where someone attempting to reach wp-login if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } //case where someone attempting to reach the standard register or signup pages if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } $parsed_url = parse_url($_SERVER['REQUEST_URI']); $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug'); if (untrailingslashit($parsed_url['path']) === home_url($login_slug, 'relative') || !get_option('permalink_structure') && isset($_GET[$login_slug])) { status_header(200); require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php'; die; } }
static function renamed_login_init_tasks() { global $aio_wp_security; //The following will process the native wordpress post password protection form //Normally this is done by wp-login.php file but we cannot use that since the login page has been renamed $action = isset($_GET['action']) ? strip_tags($_GET['action']) : ''; if (isset($_POST['post_password']) && $action == 'postpass') { require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); /** * Filter the life span of the post password cookie. * * By default, the cookie expires 10 days from creation. To turn this * into a session cookie, return 0. * * @since 3.7.0 * * @param int $expires The expiry time, as passed to setcookie(). */ $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH); wp_safe_redirect(wp_get_referer()); exit; } //case where someone attempting to reach wp-admin if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX')) { //Fix to prevent fatal error caused by some themes and Yoast SEO wp_die(__('Not available.', 'all-in-one-wp-security-and-firewall'), 403); } //case where someone attempting to reach wp-login if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-login.php') && !is_user_logged_in()) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } //case where someone attempting to reach the standard register or signup pages if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-register.php') || isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'wp-signup.php')) { //Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page! if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks(); } else { AIOWPSecurity_Process_Renamed_Login_Page::aiowps_set_404(); } } $parsed_url = parse_url($_SERVER['REQUEST_URI']); $login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug'); $home_url_with_slug = home_url($login_slug, 'relative'); /* * *** Compatibility fix for qTranslate-X plugin *** * qTranslate-X plugin modifies the result for the following command by adding the protocol and host to the url path: * home_url($login_slug, 'relative'); * Therefore we will remove the protocol and host for the following cases: * qTranslate-X is active AND the URL being accessed contains the secret slug */ if (function_exists('qtranxf_init_language') && strpos($home_url_with_slug, $login_slug)) { $parsed_home_url_with_slug = parse_url($home_url_with_slug); $home_url_with_slug = $parsed_home_url_with_slug['path']; //this will return just the path minus the protocol and host } if (untrailingslashit($parsed_url['path']) === $home_url_with_slug || !get_option('permalink_structure') && isset($_GET[$login_slug])) { status_header(200); require_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php'; die; } }
function __construct() { global $aio_wp_security; if ($aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info') == '1') { add_filter('the_generator', array(&$this, 'remove_wp_generator_meta_info')); } //For the cookie based brute force prevention feature $bfcf_secret_word = $aio_wp_security->configs->get_value('aiowps_brute_force_secret_word'); if (isset($_GET[$bfcf_secret_word])) { //If URL contains secret word in query param then set cookie and then redirect to the login page AIOWPSecurity_Utility::set_cookie_value($bfcf_secret_word, "1"); AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL . "/wp-admin"); } //For user unlock request feature if (isset($_POST['aiowps_unlock_request']) || isset($_POST['aiowps_wp_submit_unlock_request'])) { nocache_headers(); remove_action('wp_head', 'head_addons', 7); include_once AIO_WP_SECURITY_PATH . '/other-includes/wp-security-unlock-request.php'; exit; } if (isset($_GET['aiowps_auth_key'])) { //If URL contains unlock key in query param then process the request $unlock_key = strip_tags($_GET['aiowps_auth_key']); AIOWPSecurity_User_Login::process_unlock_request($unlock_key); } //For 404 IP lockout feature if ($aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout') == '1') { if (!is_user_logged_in() || !current_user_can('administrator')) { $this->do_404_lockout_tasks(); } } //For login captcha feature if ($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') == '1') { if (!is_user_logged_in()) { add_action('login_form', array(&$this, 'insert_captcha_question_form')); } } //For lost password captcha feature if ($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1') { if (!is_user_logged_in()) { add_action('lostpassword_form', array(&$this, 'insert_captcha_question_form')); add_action('lostpassword_post', array(&$this, 'process_lost_password_form_post')); } } //For registration page captcha feature if ($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1') { if (!is_user_logged_in()) { add_action('register_form', array(&$this, 'insert_captcha_question_form')); } } //For comment captcha feature if ($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1') { add_action('comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1); add_action('comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1); add_filter('preprocess_comment', array(&$this, 'process_comment_post')); } //For rename login page feature if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') { include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-process-renamed-login-page.php'; $login_object = new AIOWPSecurity_Process_Renamed_Login_Page(); AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks(); } //For site lockout feature (ie, maintenance mode) if ($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1') { if (!is_user_logged_in() && !current_user_can('administrator') && !is_admin() && !in_array($GLOBALS['pagenow'], array('wp-login.php', 'wp-register.php'))) { $this->site_lockout_tasks(); } } //For feature which displays logged in users $this->update_logged_in_user_transient(); //For block fake googlebots feature if ($aio_wp_security->configs->get_value('aiowps_enable_block_fake_googlebots') == '1') { include_once AIO_WP_SECURITY_PATH . '/classes/wp-security-bot-protection.php'; AIOWPSecurity_Fake_Bot_Protection::block_fake_googlebots(); } //For 404 event logging if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging') == '1') { add_action('wp_head', array(&$this, 'check_404_event')); } //Add more tasks that need to be executed at init time }