public function show_file_change_warning() { $args = array('file_change_dismiss_warning' => '1', 'nonce' => $this->dismiss_nonce); $dismiss_url = add_query_arg($args, ITSEC_Core::get_settings_page_url()); $logs_url = ITSEC_Core::get_logs_page_url(); $message = __('iThemes Security noticed file changes in your WordPress site. Please review the logs to make sure your system has not been compromised.', 'better-wp-security'); echo "<div id='itsec-file-change-warning-dialog' class='error'>\n"; echo "<p>{$message}</p>\n"; echo "<p>"; echo "<a class='button-primary' href='" . esc_url($logs_url) . "'>" . __('View Logs', 'better-wp-security') . "</a> "; echo "<a id='itsec-file-change-dismiss-warning' class='button-secondary' href='" . esc_url($dismiss_url) . "'>" . __('Dismiss Warning', 'better-wp-security') . "</a>"; echo "</p>\n"; echo "</div>\n"; }
/** * Processes and sends daily digest message * * @since 4.5 * * @return void */ public function init() { global $itsec_globals, $itsec_lockout; if (is_404() || (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) && get_site_transient('itsec_notification_running') !== false) { return; } if (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) { set_site_transient('itsec_notification_running', true, 3600); } $messages = false; $has_lockouts = true; //assume a lockout has occured by default if (isset($this->queue['messages']) && sizeof($this->queue['messages']) > 0) { $messages = $this->queue['messages']; } $host_count = sizeof($itsec_lockout->get_lockouts('host', true)); $user_count = sizeof($itsec_lockout->get_lockouts('user', true)); if ($host_count == 0 && $user_count == 0) { $has_lockouts = false; $lockout_message = __('There have been no lockouts since the last email check.', 'better-wp-security'); } elseif ($host_count === 0 && $user_count > 1) { $lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $user_count, __('users or usernames locked out for attempting to log in with incorrect credentials.', 'better-wp-security')); } elseif ($host_count === 0 && $user_count == 1) { $lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $user_count, __('user or username locked out for attempting to log in with incorrect credentials.', 'better-wp-security')); } elseif ($host_count == 1 && $user_count === 0) { $lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $host_count, __('host locked out.', 'better-wp-security')); } elseif ($host_count > 1 && $user_count === 0) { $lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $host_count, __('hosts locked out.', 'better-wp-security')); } else { $lockout_message = sprintf('%s %s %s %s %s %s %s', __('There have been', 'better-wp-security'), $user_count + $host_count, __('lockout(s) including', 'better-wp-security'), $user_count, __('user(s) and', 'better-wp-security'), $host_count, __('host(s) locked out of your site.', 'better-wp-security')); } if ($has_lockouts !== false || $messages !== false) { $module_message = ''; if (is_array($messages)) { foreach ($messages as $message) { if (is_string($message)) { $module_message .= '<p>' . $message . '</p>'; } } } $body = sprintf('<p>%s,</p><p>%s <a href="%s">%s</a></p><p><strong>%s: </strong>%s</p>%s<p>%s %s</p><p>%s <a href="%s">%s</a>.</p>', __('Dear Site Admin', 'better-wp-security'), __('The following is a summary of security related activity on your site. For details please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_logs_page_url()), __('the security logs', 'better-wp-security'), __('Lockouts', 'better-wp-security'), $lockout_message, $module_message, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security')); //Setup the remainder of the email $subject = '[' . get_option('siteurl') . '] ' . __('Daily Security Digest', 'better-wp-security'); $subject = apply_filters('itsec_lockout_email_subject', $subject); $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n"; $this->send_mail($subject, $body, $headers); } $this->queue = array('last_sent' => $itsec_globals['current_time_gmt'], 'messages' => array()); update_site_option('itsec_message_queue', $this->queue); }
public function add_footer() { $footer = ''; if (!ITSEC_Core::is_pro()) { $callout = $this->get_template('pro-callout.html'); $replacements = array('two_factor' => esc_html__('Want two-factor authentication, scheduled malware scanning, ticketed support and more?', 'better-wp-security'), 'get_pro' => esc_html__('Get iThemes Security Pro', 'better-wp-security'), 'why_pro' => sprintf(wp_kses(__('Why go Pro? <a href="%s">Check out the Free/Pro comparison chart.</a>', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/security/why-go-pro/'))); $footer .= $this->replace_all($callout, $replacements); } else { $this->add_divider(); } $footer .= $this->get_template('footer.html'); $replacements = array('security_resources' => esc_html__('Security Resources', 'better-wp-security'), 'articles' => esc_html__('Articles', 'better-wp-security'), 'articles_content' => sprintf(wp_kses(__('Read the latest in WordPress Security news, tips, and updates on <a href="%s">iThemes Blog</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/category/wordpress-security/')), 'tutorials' => esc_html__('Tutorials', 'better-wp-security'), 'tutorials_content' => sprintf(wp_kses(__('Make the most of iThemes Security features with our <a href="%s">free iThemes Security tutorials</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/tutorial/category/ithemes-security/')), 'help_and_support' => esc_html__('Help & Support', 'better-wp-security'), 'documentation' => esc_html__('Documentation', 'better-wp-security'), 'documentation_content' => sprintf(wp_kses(__('Read iThemes Security documentation and Frequently Asked Questions on <a href="%s">the Codex</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('http://ithemes.com/codex/page/IThemes_Security')), 'support' => esc_html__('Support', 'better-wp-security'), 'pro' => esc_html__('Pro', 'better-wp-security'), 'support_content' => sprintf(wp_kses(__('Pro customers can contact <a href="%s">iThemes Helpdesk</a> for help. Our support team answers questions Monday – Friday, 8am – 5pm (CST).', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://members.ithemes.com/panel/helpdesk.php')), 'security_settings_link' => esc_url(ITSEC_Core::get_settings_page_url()), 'unsubscribe_link_text' => esc_html__('This email was generated by the iThemes Security plugin.', 'better-wp-security') . '<br>' . esc_html__('To unsubscribe from these updates, visit the Settings page in the iThemes Security plugin menu.', 'better-wp-security'), 'security_guide' => esc_html__('Free WordPress Security Guide', 'better-wp-security'), 'security_guide_content' => sprintf(wp_kses(__('Learn simple WordPress security tips — including 3 kinds of security your site needs and 4 best security practices for keeping your WordPress site safe with our <a href="%s">free guide</a>.', 'better-wp-security'), array('a' => array('href' => array()))), esc_url('https://ithemes.com/publishing/wordpress-security/'))); $footer = $this->replace_all($footer, $replacements); $this->content .= $footer; }
function itsec_network_brute_force_show_notice() { echo '<div id="itsec-notice-network-brute-force" class="updated itsec-notice"><span class="it-icon-itsec"></span>' . __('New! Take your site security to the next level by activating iThemes Brute Force Network Protection.', 'better-wp-security') . '<a class="itsec-notice-button" href="' . esc_url(wp_nonce_url(add_query_arg(array('module' => 'network-brute-force', 'enable' => 'network-brute-force'), ITSEC_Core::get_settings_page_url()), 'itsec-enable-network-brute-force', 'itsec-enable-nonce')) . '" onclick="document.location.href=\'?itsec_no_api_nag=off&_wpnonce=' . wp_create_nonce('itsec-nag') . '\';">' . __('Get Free API Key', 'better-wp-security') . '</a>' . '<button class="itsec-notice-hide" data-nonce="' . wp_create_nonce('dismiss-brute-force-network-notice') . '" data-source="brute_force_network">×</button>' . '</div>'; }
/** * Sends an email to notify site admins of lockouts * * @since 4.0 * * @param string $host the host to lockout * @param int $user the user id to lockout * @param string $username the username to lockout * @param string $host_expiration when the host login expires * @param string $user_expiration when the user lockout expires * @param string $reason the reason for the lockout to show to the user * * @return void */ private function send_lockout_email($host, $user, $username, $host_expiration, $user_expiration, $reason) { global $itsec_globals; $itsec_notify = ITSEC_Core::get_itsec_notify(); if (!ITSEC_Modules::get_setting('global', 'digest_email')) { $plural_text = __('has', 'better-wp-security'); //Tell which host was locked out if ($host !== false) { $host_text = sprintf('%s, <a href="http://www.traceip.net/?query=%s"><strong>%s</strong></a>, ', __('host', 'better-wp-security'), urlencode($host), sanitize_text_field($host)); $host_expiration_text = __('The host has been locked out ', 'better-wp-security'); if ($host_expiration === false) { $host_expiration_text .= '<strong>' . __('permanently', 'better-wp-security') . '</strong>'; $release_text = sprintf(__('To release the host lockout you can remove the host from the <a href="%1$s">host list</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } else { $host_expiration_text .= sprintf('<strong>%s %s</strong>', __('until', 'better-wp-security'), sanitize_text_field($host_expiration)); $release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the admin area</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } } else { $host_expiration_text = ''; $host_text = ''; $release_text = ''; } $user_object = get_userdata($user); //try to get and actual user object //Tell them which user was locked out and setup the expiration copy if ($user_object !== false || $username !== false) { if ($user_object !== false) { $login = $user_object->user_login; } else { $login = sanitize_text_field($username); } if ($host_text === '') { $user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('The user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration)); $user_text = sprintf('%s, <strong>%s</strong>, ', __('user', 'better-wp-security'), $login); $release_text = sprintf(__('To release the lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } else { $user_expiration_text = sprintf('%s <strong>%s %s</strong>.', __('and the user has been locked out', 'better-wp-security'), __('until', 'better-wp-security'), sanitize_text_field($user_expiration)); $plural_text = __('have', 'better-wp-security'); $user_text = sprintf('%s, <strong>%s</strong>, ', __('and a user', 'better-wp-security'), $login); if ($host_expiration === false) { $release_text = sprintf(__('To release the user lockout please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } else { $release_text = sprintf(__('To release the lockouts please visit <a href="%1$s">the lockouts page</a>.', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url())); } } } else { $user_expiration_text = '.'; $user_text = ''; $release_text = ''; } //Put the copy all together $body = sprintf('<p>%s,</p><p>%s %s %s %s %s <a href="%s">%s</a> %s <strong>%s</strong>.</p><p>%s %s</p><p>%s</p><p><em>*%s %s. %s <a href="%s">%s</a>.</em></p>', __('Dear Site Admin', 'better-wp-security'), __('A', 'better-wp-security'), $host_text, $user_text, $plural_text, __(' been locked out of the WordPress site at', 'better-wp-security'), get_option('siteurl'), get_option('siteurl'), __('due to', 'better-wp-security'), sanitize_text_field($reason), $host_expiration_text, $user_expiration_text, $release_text, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security')); //Setup the remainder of the email $subject = '[' . get_option('siteurl') . '] ' . __('Site Lockout Notification', 'better-wp-security'); $subject = apply_filters('itsec_lockout_email_subject', $subject); $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n"; $args = array('headers' => $headers, 'message' => $body, 'subject' => $subject); $itsec_notify->notify($args); } }
private function show_settings_page() { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-wp-list-table.php'; if (isset($_GET['filter'])) { $filter = $_GET['filter']; } else { $filter = 'all'; } $form = new ITSEC_Form(); $filters = array('all' => __('All Log Data', 'better-wp-security')); foreach ($this->logger_displays as $log_provider) { $filters[$log_provider['module']] = $log_provider['title']; } $form->set_option('filter', $filter); ?> <div class="wrap"> <h1> <?php _e('iThemes Security', 'better-wp-security'); ?> <a href="<?php echo esc_url(ITSEC_Core::get_settings_page_url()); ?> " class="page-title-action"><?php _e('Manage Settings', 'better-wp-security'); ?> </a> <a href="<?php echo esc_url(apply_filters('itsec_support_url', 'https://wordpress.org/support/plugin/better-wp-security')); ?> " class="page-title-action"><?php _e('Support', 'better-wp-security'); ?> </a> </h1> <div id="itsec-settings-messages-container"> <?php foreach (ITSEC_Response::get_errors() as $error) { ITSEC_Lib::show_error_message($error); } foreach (ITSEC_Response::get_messages() as $message) { ITSEC_Lib::show_status_message($message); } ?> </div> <div id="poststuff"> <div id="post-body" class="metabox-holder columns-2 hide-if-no-js"> <div id="postbox-container-2" class="postbox-container"> <?php if ('file' === ITSEC_Modules::get_setting('global', 'log_type')) { ?> <p><?php _e('To view logs within the plugin you must enable database logging in the Global Settings. File logging is not available for access within the plugin itself.', 'better-wp-security'); ?> </p> <?php } else { ?> <div class="itsec-module-cards-container list"> <p><?php _e('Below are various logs of information collected by iThemes Security Pro. This information can help you get a picture of what is happening with your site and the level of success you have achieved in your security efforts.', 'better-wp-security'); ?> </p> <p><?php _e('Logging settings can be managed in the Global Settings.', 'better-wp-security'); ?> </p> <?php $form->start_form('itsec-module-settings-form'); ?> <?php $form->add_nonce('itsec-settings-page'); ?> <p><?php $form->add_select('filter', $filters); ?> </p> <?php $form->end_form(); ?> <?php $this->show_filtered_logs($filter); ?> </div> <?php } ?> </div> <div class="itsec-modal-background"></div> <div id="postbox-container-1" class="postbox-container"> <?php foreach ($this->widgets as $id => $widget) { ?> <?php $form->start_form("itsec-sidebar-widget-form-{$id}"); ?> <?php $form->add_nonce('itsec-logs-page'); ?> <?php $form->add_hidden('widget-id', $id); ?> <div id="itsec-sidebar-widget-<?php echo $id; ?> " class="postbox itsec-sidebar-widget"> <h3 class="hndle ui-sortable-handle"><span><?php echo esc_html($widget->title); ?> </span></h3> <div class="inside"> <?php $this->get_widget_settings($id, $form, true); ?> </div> </div> <?php $form->end_form(); ?> <?php } ?> </div> </div> <div class="hide-if-js"> <p class="itsec-warning-message"><?php _e('iThemes Security requires Javascript in order for the settings to be modified. Please enable Javascript to configure the settings.', 'better-wp-security'); ?> </p> </div> </div> </div> <?php }