protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); $diff = array_diff_assoc($this->settings, $previous_settings); if (!empty($diff)) { ITSEC_Response::regenerate_server_config(); } if ($this->settings['write_permissions']) { // Always set permissions to 0444 when saving the settings. // This ensures that the file permissions are fixed each time the settings are saved. $new_permissions = 0444; } else { if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) { // Only revert the settings to the defaults when disabling the setting. // This avoids changing the file permissions when the setting has yet to be enabled and disabled. $new_permissions = 0664; } } if (isset($new_permissions)) { // Only change the permissions when needed. require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php'; require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php'; $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path(); $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); ITSEC_Lib_File::chmod($server_config_file, $new_permissions); ITSEC_Lib_File::chmod($wp_config_file, $new_permissions); ITSEC_Response::reload_module('file-permissions'); } }
private function __construct() { global $itsec_globals; $this->settings = ITSEC_Modules::get_settings('file-change'); $this->running = false; $this->excludes = array('file_change.lock', ITSEC_Modules::get_setting('backup', 'location'), ITSEC_Modules::get_setting('global', 'log_location'), '.lock'); }
/** * Setup the module's functionality. * * Loads the backup detection module's unpriviledged functionality including * performing the scans themselves. * * @since 4.0.0 * * @return void */ function run() { global $itsec_globals; $this->settings = ITSEC_Modules::get_settings('backup'); add_action('itsec_execute_backup_cron', array($this, 'do_backup')); add_filter('itsec_logger_modules', array($this, 'register_logger')); if (defined('ITSEC_BACKUP_CRON') && true === ITSEC_BACKUP_CRON) { if (!wp_next_scheduled('itsec_execute_backup_cron')) { wp_schedule_event(time(), 'daily', 'itsec_execute_backup_cron'); } // When ITSEC_BACKUP_CRON is enabled, skip the regular scheduling system. return; } if (defined('DOING_AJAX') && DOING_AJAX) { // Don't run on AJAX requests. return; } if (class_exists('pb_backupbuddy')) { // Don't run when BackupBuddy is active. return; } if ($this->settings['interval'] <= 0) { // Don't run when the interval is zero or less. return; } $next_run = $this->settings['last_run'] + $this->settings['interval'] * DAY_IN_SECONDS; if ($next_run <= $itsec_globals['current_time_gmt']) { add_action('init', array($this, 'do_backup'), 10, 0); } }
public function enqueue_scripts_and_styles() { $settings = ITSEC_Modules::get_settings($this->id); $vars = array('resetting_button_text' => __('Resetting...', 'better-wp-security')); wp_enqueue_script('itsec-network-brute-force-settings-page-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true); wp_localize_script('itsec-network-brute-force-settings-page-script', 'itsec_network_brute_force', $vars); }
function run() { $this->settings = ITSEC_Modules::get_settings('hide-backend'); if (!$this->settings['enabled']) { return; } add_filter('itsec_filter_apache_server_config_modification', array($this, 'filter_apache_server_config_modification')); add_filter('itsec_filter_litespeed_server_config_modification', array($this, 'filter_apache_server_config_modification')); add_filter('itsec_filter_nginx_server_config_modification', array($this, 'filter_nginx_server_config_modification')); $jetpack_active_modules = get_option('jetpack_active_modules'); if (is_multisite() && function_exists('is_plugin_active_for_network')) { //see if Jetpack is active $is_jetpack_active = in_array('jetpack/jetpack.php', (array) get_option('active_plugins', array())) || is_plugin_active_for_network('jetpack/jetpack.php'); } else { $is_jetpack_active = in_array('jetpack/jetpack.php', (array) get_option('active_plugins', array())); } if (!($is_jetpack_active === true && is_array($jetpack_active_modules) && in_array('json-api', $jetpack_active_modules) && isset($_GET['action']) && $_GET['action'] == 'jetpack_json_api_authorization')) { $this->auth_cookie_expired = false; add_action('auth_cookie_expired', array($this, 'auth_cookie_expired')); add_action('init', array($this, 'execute_hide_backend'), 1000); add_action('login_init', array($this, 'execute_hide_backend_login')); add_action('plugins_loaded', array($this, 'plugins_loaded'), 11); add_filter('body_class', array($this, 'remove_admin_bar')); add_filter('loginout', array($this, 'filter_loginout')); add_filter('wp_redirect', array($this, 'filter_login_url'), 10, 2); add_filter('lostpassword_url', array($this, 'filter_login_url'), 10, 2); add_filter('site_url', array($this, 'filter_login_url'), 10, 2); add_filter('retrieve_password_message', array($this, 'retrieve_password_message')); add_filter('comment_moderation_text', array($this, 'comment_moderation_text')); remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); } }
public function init() { if (ITSEC_Core::is_iwp_call()) { return; } if (current_user_can('manage_options')) { return; } $settings = ITSEC_Modules::get_settings('multisite-tweaks'); if ($settings['theme_updates']) { remove_action('load-update-core.php', 'wp_update_themes'); add_filter('pre_site_transient_update_themes', '__return_null'); wp_clear_scheduled_hook('wp_update_themes'); } if ($settings['plugin_updates']) { remove_action('load-update-core.php', 'wp_update_plugins'); add_filter('pre_site_transient_update_plugins', '__return_null'); wp_clear_scheduled_hook('wp_update_plugins'); } if ($settings['core_updates']) { remove_action('admin_notices', 'update_nag', 3); add_filter('pre_site_transient_update_core', '__return_null'); wp_clear_scheduled_hook('wp_version_check'); } }
function run() { $this->settings = ITSEC_Modules::get_settings('404-detection'); add_filter('itsec_lockout_modules', array($this, 'register_lockout')); add_filter('itsec_logger_modules', array($this, 'register_logger')); add_filter('itsec_logger_displays', array($this, 'register_logger_displays')); add_action('wp_head', array($this, 'check_404')); }
protected function sanitize_settings() { $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if (!isset($this->settings['last_generated'])) { $this->settings['last_generated'] = $previous_settings['last_generated']; } $this->sanitize_setting('bool', 'regenerate', __('Change WordPress Salts', 'better-wp-security'), false); $this->sanitize_setting('positive-int', 'last_generated', __('Last Generated', 'better-wp-security'), false); $this->vars_to_skip_validate_matching_fields[] = 'regenerate'; }
protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); foreach ($this->settings as $key => $val) { if (!isset($previous_settings[$key]) || $previous_settings[$key] != $val) { ITSEC_Response::regenerate_server_config(); break; } } }
protected function sanitize_settings() { $previous_settings = ITSEC_Modules::get_settings($this->get_id()); $this->settings = array_merge($previous_settings, $this->settings); if (isset($this->settings['email'])) { $this->sanitize_setting('email', 'email', __('Email Address', 'better-wp-security')); $this->vars_to_skip_validate_matching_fields[] = 'email'; } $this->sanitize_setting('bool', 'updates_optin', __('Receive Email Updates', 'better-wp-security')); $this->sanitize_setting('string', 'api_key', __('API Key', 'better-wp-security')); $this->sanitize_setting('string', 'api_secret', __('API Secret', 'better-wp-security')); $this->sanitize_setting('bool', 'enable_ban', __('Ban Reported IPs', 'better-wp-security')); }
protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if ($this->settings['file_editor'] !== $previous_settings['file_editor']) { ITSEC_Response::regenerate_wp_config(); } if ($this->settings['disable_xmlrpc'] !== $previous_settings['disable_xmlrpc'] || $this->settings['comment_spam'] !== $previous_settings['comment_spam']) { ITSEC_Response::regenerate_server_config(); } }
protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if ($this->settings['admin'] !== $previous_settings['admin']) { ITSEC_Response::regenerate_wp_config(); if ($this->settings['admin']) { ITSEC_Response::force_logout(); } } }
public function enqueue_scripts_and_styles() { $settings = ITSEC_Modules::get_settings($this->id); $logs_page_url = ITSEC_Core::get_logs_page_url('file_change'); $vars = array('button_text' => isset($settings['split']) && true === $settings['split'] ? __('Scan Next File Chunk', 'better-wp-security') : __('Scan Files Now', 'better-wp-security'), 'scanning_button_text' => __('Scanning...', 'better-wp-security'), 'no_changes' => __('No changes were detected.', 'better-wp-security'), 'found_changes' => sprintf(__('Changes were detected. Please check the <a href="%s" target="_blank">logs page</a> for details.', 'better-wp-security'), esc_url($logs_page_url)), 'unknown_error' => __('An unknown error occured. Please try again later', 'better-wp-security'), 'already_running' => sprintf(__('A scan is already in progress. Please check the <a href="%s" target="_blank">logs page</a> at a later time for the results of the scan.', 'better-wp-security'), esc_url($logs_page_url)), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check')); wp_enqueue_script('itsec-file-change-settings-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true); wp_localize_script('itsec-file-change-settings-script', 'itsec_file_change_settings', $vars); $vars = array('nonce' => wp_create_nonce('itsec_jquery_filetree')); wp_enqueue_script('itsec-file-change-admin-filetree-script', plugins_url('js/filetree/jqueryFileTree.js', __FILE__), array('jquery'), $this->script_version, true); wp_localize_script('itsec-file-change-admin-filetree-script', 'itsec_jquery_filetree', $vars); wp_enqueue_style('itsec-file-change-admin-filetree-style', plugins_url('js/filetree/jqueryFileTree.css', __FILE__), array(), $this->script_version); wp_enqueue_style('itsec-file-change-admin-style', plugins_url('css/settings.css', __FILE__), array(), $this->script_version); }
public function validate($settings) { $this->settings = $settings; $this->previous_settings = ITSEC_Modules::get_settings($this->get_id()); $this->sanitize_settings(); if ($this->run_validate_matching_fields) { $this->validate_matching_fields(); } if ($this->run_validate_matching_types) { $this->validate_matching_types(); } $this->validate_settings(); }
/** * Redirects to or from SSL where appropriate * * @since 4.0 * * @return void */ public function do_conditional_ssl_redirect() { $hide_options = get_site_option('itsec_hide_backend', array()); if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) { return; } $settings = ITSEC_Modules::get_settings('ssl'); if (2 === $settings['frontend']) { $protocol = 'https'; } else { if (1 === $settings['frontend'] && is_singular()) { global $post; $bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl'); if (!empty($bwps_ssl)) { if ($bwps_ssl[0]) { $protocol = 'https'; update_post_meta($post->ID, 'itsec_enable_ssl', true); } delete_post_meta($post->ID, 'bwps_enable_ssl'); } if (!isset($protocol)) { $enable_ssl = get_post_meta($post->ID, 'itsec_enable_ssl'); if (!empty($enable_ssl)) { if ($enable_ssl[0]) { $protocol = 'https'; } else { delete_post_meta($post->ID, 'itsec_enable_ssl'); } } } } else { return; } } if (!isset($protocol)) { $protocol = 'http'; } $is_ssl = is_ssl(); if ($is_ssl && 'http' == $protocol) { $redirect = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; } else { if (!$is_ssl && 'https' == $protocol) { $redirect = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; } } if (isset($redirect)) { wp_redirect($redirect, 301); exit; } }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those if (false !== $current_options) { $current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false; $current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false; $current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false; $current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false; $current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false; $current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false; $current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); ITSEC_Response::regenerate_server_config(); ITSEC_Response::regenerate_wp_config(); } } if ($itsec_old_version < 4035) { ITSEC_Response::regenerate_server_config(); } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_tweaks'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { $new_module_settings = ITSEC_Modules::get_settings('system-tweaks'); // Reduce to only settings in new module $current_options = array_intersect_key($current_options, $new_module_settings); // Use new module settings as defaults for any missing settings $current_options = array_merge($new_module_settings, $current_options); // If anything in this module is being used activate it, otherwise deactivate it $activate = false; foreach ($current_options as $on) { if ($on) { $activate = true; break; } } if ($activate) { ITSEC_Modules::activate('system-tweaks'); } else { ITSEC_Modules::deactivate('system-tweaks'); } ITSEC_Modules::set_settings('system-tweaks', $current_options); } } }
function run() { $this->settings = ITSEC_Modules::get_settings('brute-force'); $this->username = null; add_action('wp_login', array($this, 'wp_login'), 10, 2); add_action('wp_login_failed', array($this, 'wp_login_failed'), 1, 1); add_filter('itsec_logger_displays', array($this, 'itsec_logger_displays')); //adds logs metaboxes add_filter('authenticate', array($this, 'authenticate'), 10, 3); add_filter('itsec_lockout_modules', array($this, 'itsec_lockout_modules')); add_filter('itsec_logger_modules', array($this, 'itsec_logger_modules')); add_filter('xmlrpc_login_error', array($this, 'xmlrpc_login_error'), 10, 2); add_filter('jetpack_get_default_modules', array($this, 'jetpack_get_default_modules')); //disable jetpack protect via Geoge Stephanis }
/** * Setup the module's functionality. * * Loads the backup detection module's unpriviledged functionality including * performing the scans themselves. * * @since 4.0.0 * * @return void */ function run() { global $itsec_globals; $this->settings = ITSEC_Modules::get_settings('backup'); add_action('itsec_execute_backup_cron', array($this, 'do_backup')); //Action to execute during a cron run. add_filter('itsec_logger_modules', array($this, 'register_logger')); if ((!defined('DOING_AJAX') || false === DOING_AJAX) && (!defined('ITSEC_BACKUP_CRON') || false === ITSEC_BACKUP_CRON) && !class_exists('pb_backupbuddy') && $this->settings['interval'] > 0 && $itsec_globals['current_time_gmt'] - $this->settings['interval'] * DAY_IN_SECONDS > $this->settings['last_run']) { add_action('init', array($this, 'do_backup'), 10, 0); } else { if (defined('ITSEC_BACKUP_CRON') && true === ITSEC_BACKUP_CRON && !wp_next_scheduled('itsec_execute_backup_cron')) { //Use cron if needed wp_schedule_event(time(), 'daily', 'itsec_execute_backup_cron'); } } }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those if (false !== $current_options) { $current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false; $current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false; $current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false; $current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); ITSEC_Response::regenerate_server_config(); ITSEC_Response::regenerate_wp_config(); } } if ($itsec_old_version < 4035) { ITSEC_Response::regenerate_server_config(); } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_tweaks'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { $new_module_settings = ITSEC_Modules::get_settings('wordpress-tweaks'); // Reduce to only settings in new module $current_options = array_intersect_key($current_options, $new_module_settings); // Use new module settings as defaults for any missing settings $current_options = array_merge($new_module_settings, $current_options); // If anything in this module is being used activate it, otherwise deactivate it $activate = false; foreach ($current_options as $setting => $on) { // False is actually "enabled" for blocking xmlrpc multiauth if ('allow_xmlrpc_multiauth' !== $setting && $on || 'allow_xmlrpc_multiauth' === $setting && !$on) { $activate = true; break; } } if ($activate) { ITSEC_Modules::activate('wordpress-tweaks'); } else { ITSEC_Modules::deactivate('wordpress-tweaks'); } ITSEC_Modules::set_settings('wordpress-tweaks', $current_options); } } }
public function init() { $this->add_config_hooks(); if (defined('WP_CLI') && WP_CLI) { // Don't risk blocking anything with WP_CLI. return; } $this->settings = ITSEC_Modules::get_settings('wordpress-tweaks'); add_action('wp_print_scripts', array($this, 'store_jquery_version')); // Functional code for the allow_xmlrpc_multiauth setting. if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && !$this->settings['allow_xmlrpc_multiauth']) { add_filter('authenticate', array($this, 'block_multiauth_attempts'), 0, 3); } //remove wlmanifest link if turned on if ($this->settings['wlwmanifest_header']) { remove_action('wp_head', 'wlwmanifest_link'); } //remove rsd link from header if turned on if ($this->settings['edituri_header']) { remove_action('wp_head', 'rsd_link'); } //Disable XML-RPC if (2 == $this->settings['disable_xmlrpc']) { add_filter('xmlrpc_enabled', '__return_null'); add_filter('bloginfo_url', array($this, 'remove_pingback_url'), 10, 2); } else { if (1 == $this->settings['disable_xmlrpc']) { add_filter('xmlrpc_methods', array($this, 'xmlrpc_methods')); } } if ($this->settings['safe_jquery']) { add_action('wp_enqueue_scripts', array($this, 'current_jquery')); } //Process remove login errors if ($this->settings['login_errors']) { add_filter('login_errors', '__return_null'); } //Process require unique nicename if ($this->settings['force_unique_nicename']) { add_action('user_profile_update_errors', array($this, 'force_unique_nicename'), 10, 3); } //Process remove extra author archives if ($this->settings['disable_unused_author_pages']) { add_action('template_redirect', array($this, 'disable_unused_author_pages')); } }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those if (false !== $current_options) { $current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false; $current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false; $current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); ITSEC_Response::regenerate_server_config(); ITSEC_Response::regenerate_wp_config(); } } if ($itsec_old_version < 4035) { ITSEC_Response::regenerate_server_config(); } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_tweaks'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { $new_module_settings = ITSEC_Modules::get_settings('multisite-tweaks'); // Reduce to only settings in new module $current_options = array_intersect_key($current_options, $new_module_settings); // Use new module settings as defaults for any missing settings $current_options = array_merge($new_module_settings, $current_options); // If anything in this module is being used activate it, otherwise deactivate it $activate = false; foreach ($current_options as $on) { if ($on) { $activate = true; break; } } if ($activate) { ITSEC_Modules::activate('multisite-tweaks'); } else { ITSEC_Modules::deactivate('multisite-tweaks'); } ITSEC_Modules::set_settings('multisite-tweaks', $current_options); } } }
protected function sanitize_settings() { $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if (!isset($this->settings['interval'])) { $this->settings['interval'] = $previous_settings['interval']; } if (!isset($this->settings['last_run'])) { $this->settings['last_run'] = $previous_settings['last_run']; } $this->sanitize_setting('bool', 'all_sites', __('Backup Full Database', 'better-wp-security')); $this->sanitize_setting('positive-int', 'method', __('Backup Method', 'better-wp-security')); $this->sanitize_setting(array(0, 1, 2), 'method', __('Backup Method', 'better-wp-security')); $this->sanitize_setting('writable-directory', 'location', __('Backup Location', 'better-wp-security')); $this->sanitize_setting('positive-int', 'retain', __('Backups to Retain', 'better-wp-security')); $this->sanitize_setting('bool', 'zip', __('Compress Backup Files', 'better-wp-security')); $this->sanitize_setting('newline-separated-array', 'exclude', __('Exclude Tables', 'better-wp-security')); $this->sanitize_setting('bool', 'enabled', __('Schedule Database Backups', 'better-wp-security')); $this->sanitize_setting('positive-int', 'interval', __('Backup Interval', 'better-wp-security')); $this->sanitize_setting('positive-int', 'last_run', __('Last Run', 'better-wp-security'), false); }
protected function sanitize_settings() { $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if (!isset($this->settings['last_run'])) { $this->settings['last_run'] = $previous_settings['last_run']; } if (!isset($this->settings['last_chunk'])) { $this->settings['last_chunk'] = $previous_settings['last_chunk']; } if (!isset($this->settings['show_warning'])) { $this->settings['show_warning'] = $previous_settings['show_warning']; } $this->vars_to_skip_validate_matching_types[] = 'last_chunk'; $this->sanitize_setting('bool', 'split', __('Split File Scanning', 'better-wp-security')); $this->sanitize_setting(array('exclude', 'include'), 'method', __('Include/Exclude Files and Folders', 'better-wp-security')); $this->sanitize_setting('newline-separated-array', 'file_list', __('Files and Folders List', 'better-wp-security')); $this->sanitize_setting('newline-separated-extensions', 'types', __('Ignore File Types', 'better-wp-security')); $this->sanitize_setting('bool', 'email', __('Email File Change Notifications', 'better-wp-security')); $this->sanitize_setting('bool', 'notify_admin', __('Display File Change Admin Warning', 'better-wp-security')); $this->sanitize_setting('positive-int', 'last_run', __('Last Run', 'better-wp-security'), false); $this->settings = apply_filters('itsec-file-change-sanitize-settings', $this->settings); }
public static function filter_nginx_server_config_modification($modification) { $input = ITSEC_Modules::get_settings('wordpress-tweaks'); if (2 == $input['disable_xmlrpc']) { $modification .= "\n"; $modification .= "\t# " . __('Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC', 'better-wp-security') . "\n"; $modification .= "\tlocation ~ xmlrpc.php { deny all; }\n"; } if ($input['comment_spam']) { $valid_referers = self::get_valid_referers('nginx'); $modification .= "\n"; $modification .= "\t# " . __('Reduce Comment Spam - Security > Settings > WordPress Tweaks > Comment Spam', 'better-wp-security') . "\n"; $modification .= "\tlocation = /wp-comments-post.php {\n"; $modification .= "\t\tlimit_except POST { deny all; }\n"; $modification .= "\t\tif (\$http_user_agent ~ \"^\$\") { return 403; }\n"; if (!empty($valid_referers) && !in_array('*', $valid_referers)) { $modification .= "\t\tvalid_referers " . implode(' ', $valid_referers) . ";\n"; $modification .= "\t\tif (\$invalid_referer) { return 403; }\n"; } $modification .= "\t}\n"; } return $modification; }
/** * Check if away mode is active * * @since 4.4 * @static * * @param bool $get_details Optional, defaults to false. True to receive details rather than a boolean response. * * @return mixed If $get_details is true, an array of status details. Otherwise, true if away and false otherwise. */ public static function is_active($get_details = false) { require_once dirname(__FILE__) . '/utilities.php'; $settings = ITSEC_Modules::get_settings('away-mode'); if ('daily' === $settings['type']) { $details = ITSEC_Away_Mode_Utilities::is_current_time_active($settings['start_time'], $settings['end_time'], true); } else { $details = ITSEC_Away_Mode_Utilities::is_current_timestamp_active($settings['start'], $settings['end'], true); } $details['has_active_file'] = ITSEC_Away_Mode_Utilities::has_active_file(); $details['override_type'] = $settings['override_type']; $details['override_end'] = $settings['override_end']; if (empty($settings['override_type']) || ITSEC_Core::get_current_time() > $settings['override_end']) { $details['override_active'] = false; } else { $details['override_active'] = true; if ('activate' === $details['override_type']) { $details['active'] = true; } else { $details['active'] = false; } } if (!$details['has_active_file']) { $details['active'] = false; $details['remaining'] = false; $details['next'] = false; $details['length'] = false; } if (!isset($details['error'])) { $details['error'] = false; } if ($get_details) { return $details; } return $details['active']; }
/** * Render the file change log metabox * * Displays a metabox on the logs page, when filtered, showing all file change items. * * @since 4.0.0 * * @return void */ public function logs_metabox_content() { global $itsec_globals; if (!class_exists('ITSEC_File_Change_Log')) { require dirname(__FILE__) . '/class-itsec-file-change-log.php'; } $settings = ITSEC_Modules::get_settings('file-change'); // If we're splitting the file check run it every 6 hours. Else daily. if (isset($settings['split']) && true === $settings['split']) { $interval = 12342; } else { $interval = 86400; } $next_run_raw = $settings['last_run'] + $interval; if (date('j', $next_run_raw) == date('j', $itsec_globals['current_time'])) { $next_run_day = __('Today', 'better-wp-security'); } else { $next_run_day = __('Tomorrow', 'better-wp-security'); } $next_run = $next_run_day . ' at ' . date('g:i a', $next_run_raw); echo '<p>' . __('Next automatic scan at: ', 'better-wp-security') . '<strong>' . $next_run . '*</strong></p>'; echo '<p><em>*' . __('Automatic file change scanning is triggered by a user visiting your page and may not happen exactly at the time listed.', 'better-wp-security') . '</em>'; $log_display = new ITSEC_File_Change_Log(); $log_display->prepare_items(); $log_display->display(); }
public function run($arguments) { $arguments = Ithemes_Sync_Functions::merge_defaults($arguments, $this->default_arguments); $details = ITSEC_Away_Mode::is_active(true); $settings = ITSEC_Modules::get_settings('away-mode'); $defaults = ITSEC_Modules::get_defaults('away-mode'); $errors = array(); if ('activate' === $arguments['intention']) { if ($details['active']) { $action = 'stayed-active'; $success = true; } else { if ($details['override_active'] && 'deactivate' === $details['override_type']) { $action = 'removed-deactivate-override'; $settings['override_type'] = $defaults['override_type']; $settings['override_end'] = $defaults['override_end']; } else { if (false === $details['next']) { $action = 'denied-activate'; $errors[] = new WP_Error('itsec-sync-verb-itsec-override-away-mode-cannot-override-activate-expired-one-time', __('iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the module is configured for a one-time lockout that occurred in the past. Allowing an activate override would result in an unending Away Mode lockout.', 'better-wp-security')); $success = false; } else { $action = 'added-activate-override'; $settings['override_type'] = 'activate'; $settings['override_end'] = ITSEC_Core::get_current_time() + $details['next']; } } } } else { if ('deactivate' === $arguments['intention']) { if (!$details['active']) { $action = 'stayed-inactive'; $success = true; } else { if ($details['override_active'] && 'activate' === $details['override_type']) { $action = 'removed-activate-override'; $settings['override_type'] = $defaults['override_type']; $settings['override_end'] = $defaults['override_end']; } else { $action = 'added-deactivate-override'; $settings['override_type'] = 'deactivate'; $settings['override_end'] = ITSEC_Core::get_current_time() + $details['remaining']; } } } else { if (empty($arguments['intention'])) { $action = 'missing-intention'; $errors[] = new WP_Error('itsec-sync-verb-itsec-override-away-mode-missing-intention', __('iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the required "intention" argument is missing.', 'better-wp-security')); $success = false; } else { $action = 'unknown-intention'; $errors[] = new WP_Error('itsec-sync-verb-itsec-override-away-mode-unknown-intention', sprintf(__('iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the required "intention" argument is set to an unrecognized value: "".', 'better-wp-security'), $arguments['intention'])); $success = false; } } } if (!isset($success)) { ITSEC_Core::set_interactive(false); $results = ITSEC_Modules::set_settings('away-mode', $settings); if ($results['saved']) { $success = true; } else { $errors = $results['errors']; $success = false; } } if ($success) { $status = "{$arguments['intention']}d"; } else { $status = 'error'; } $response = array('api' => '1', 'status' => $status, 'action' => $action, 'errors' => $errors, 'details' => ITSEC_Away_Mode::is_active(true)); return $response; }
public static function filter_nginx_server_config_modification($modification) { require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php'; $input = ITSEC_Modules::get_settings('system-tweaks'); $wp_includes = WPINC; if ($input['protect_files']) { $config_file = ITSEC_Lib::get_htaccess(); if (0 === strpos($config_file, ABSPATH)) { $config_file = '/' . substr($config_file, strlen(ABSPATH)); } else { $config_file = '/nginx.conf'; } $modification .= "\n"; $modification .= "\t# " . __('Protect System Files - Security > Settings > System Tweaks > System Files', 'better-wp-security') . "\n"; $modification .= "\tlocation = /wp-admin/install\\.php { deny all; }\n"; $modification .= "\tlocation = {$config_file} { deny all; }\n"; $modification .= "\tlocation ~ /\\.htaccess\$ { deny all; }\n"; $modification .= "\tlocation ~ /readme\\.html\$ { deny all; }\n"; $modification .= "\tlocation ~ /readme\\.txt\$ { deny all; }\n"; $modification .= "\tlocation ~ /wp-config.php\$ { deny all; }\n"; $modification .= "\tlocation ~ ^/wp-admin/includes/ { deny all; }\n"; if (!is_multisite() || !get_site_option('ms_files_rewriting')) { // nginx can only reliably block PHP files in wp-includes if requests to wp-includes/ms-files.php are // not required. This is because there is no skip directive as Apache has. $modification .= "\tlocation ~ ^/{$wp_includes}/[^/]+\\.php\$ { deny all; }\n"; } $modification .= "\tlocation ~ ^/{$wp_includes}/js/tinymce/langs/.+\\.php\$ { deny all; }\n"; $modification .= "\tlocation ~ ^/{$wp_includes}/theme-compat/ { deny all; }\n"; } // Rewrite Rules for Disable PHP in Uploads if ($input['uploads_php']) { $dir = ITSEC_Lib_Utility::get_relative_upload_url_path(); if (!empty($dir)) { $dir = preg_quote($dir); $modification .= "\n"; $modification .= "\t# " . __('Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads', 'better-wp-security') . "\n"; $modification .= "\tlocation ~ ^/{$dir}/.*\\.(?:php[1-7]?|pht|phtml?|phps)\$ { deny all; }\n"; } } // Rewrite Rules for Disable PHP in Plugins if ($input['plugins_php']) { $dir = ITSEC_Lib_Utility::get_relative_url_path(WP_PLUGIN_URL); if (!empty($dir)) { $dir = preg_quote($dir); $modification .= "\n"; $modification .= "\t# " . __('Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins', 'better-wp-security') . "\n"; $modification .= "\tlocation ~ ^/{$dir}/.*\\.(?:php[1-7]?|pht|phtml?|phps)\$ { deny all; }\n"; } } // Rewrite Rules for Disable PHP in Themes if ($input['themes_php']) { $dir = ITSEC_Lib_Utility::get_relative_url_path(get_theme_root_uri()); if (!empty($dir)) { $dir = preg_quote($dir); $modification .= "\n"; $modification .= "\t# " . __('Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes', 'better-wp-security') . "\n"; $modification .= "\tlocation ~ ^/{$dir}/.*\\.(?:php[1-7]?|pht|phtml?|phps)\$ { deny all; }\n"; } } // Apache rewrite rules for disable http methods if ($input['request_methods']) { $modification .= "\n"; $modification .= "\t# " . __('Filter Request Methods - Security > Settings > System Tweaks > Request Methods', 'better-wp-security') . "\n"; $modification .= "\tif ( \$request_method ~* ^(TRACE|DELETE|TRACK)\$ ) { return 403; }\n"; } // Process suspicious query rules if ($input['suspicious_query_strings']) { $modification .= "\n"; $modification .= "\t# " . __('Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings', 'better-wp-security') . "\n"; $modification .= "\tset \$susquery 0;\n"; $modification .= "\tif ( \$args ~* \"\\.\\./\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"\\.(bash|git|hg|log|svn|swp|cvs)\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"etc/passwd\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"boot\\.ini\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"ftp:\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"https?:\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"(<|%3C)script(>|%3E)\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"mosConfig_[a-zA-Z_]{1,21}(=|%3D)\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"base64_decode\\(\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"%24&x\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"127\\.0\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"(globals|encode|localhost|loopback)\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"(request|insert|concat|union|declare)\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~* \"%[01][0-9A-F]\" ) { set \$susquery 1; }\n"; $modification .= "\tif ( \$args ~ \"^loggedout=true\" ) { set \$susquery 0; }\n"; $modification .= "\tif ( \$args ~ \"^action=jetpack-sso\" ) { set \$susquery 0; }\n"; $modification .= "\tif ( \$args ~ \"^action=rp\" ) { set \$susquery 0; }\n"; $modification .= "\tif ( \$http_cookie ~ \"wordpress_logged_in_\" ) { set \$susquery 0; }\n"; $modification .= "\tif ( \$http_referer ~* \"^https?://maps\\.googleapis\\.com/\" ) { set \$susquery 0; }\n"; $modification .= "\tif ( \$susquery = 1 ) { return 403; }\n"; } // Process filtering of foreign characters if ($input['non_english_characters']) { $modification .= "\n"; $modification .= "\t# " . __('Filter Non-English Characters - Security > Settings > System Tweaks > Non-English Characters', 'better-wp-security') . "\n"; $modification .= "\tif (\$args ~* \"%[A-F][0-9A-F]\") { return 403; }\n"; } return $modification; }
/** * Return the settings for the module. * * @access public * * @return array List of settings. */ public function get_settings() { return ITSEC_Modules::get_settings($this->id); }
public static function filter_nginx_server_config_modification($modification) { $input = ITSEC_Modules::get_settings('system-tweaks'); if ($input['protect_files']) { $modification .= "\n"; $modification .= "\t# " . __('Protect System Files - Security > Settings > System Tweaks > System Files', 'better-wp-security') . "\n"; $modification .= "\tlocation ~ /\\.ht { deny all; }\n"; $modification .= "\tlocation ~ wp-config.php { deny all; }\n"; $modification .= "\tlocation ~ readme.html { deny all; }\n"; $modification .= "\tlocation ~ readme.txt { deny all; }\n"; $modification .= "\tlocation ~ /install.php { deny all; }\n"; $modification .= "\tlocation ^wp-includes/(.*).php { deny all; }\n"; $modification .= "\tlocation ^/wp-admin/includes(.*)\$ { deny all; }\n"; } // Rewrite Rules for Disable PHP in Uploads if ($input['uploads_php']) { require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php'; $dir = ITSEC_Lib_Utility::get_relative_upload_url_path(); if (!empty($dir)) { $dir = preg_quote($dir); $modification .= "\n"; $modification .= "\t# " . __('Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads', 'better-wp-security') . "\n"; $modification .= "\tlocation ^{$dir}/(.*).php(.?) { deny all; }\n"; } } // Apache rewrite rules for disable http methods if ($input['request_methods']) { $modification .= "\n"; $modification .= "\t# " . __('Filter Request Methods - Security > Settings > System Tweaks > Request Methods', 'better-wp-security') . "\n"; $modification .= "\tif (\$request_method ~* \"^(TRACE|DELETE|TRACK)\") { return 403; }\n"; } // Process suspicious query rules if ($input['suspicious_query_strings']) { $modification .= "\n"; $modification .= "\t# " . __('Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings', 'better-wp-security') . "\n"; $modification .= "\tset \$susquery 0;\n"; $modification .= "\tif (\$args ~* \"\\.\\./\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"\\.(bash|git|hg|log|svn|swp|cvs)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"etc/passwd\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"boot.ini\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"ftp:\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"http:\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"https:\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"(<|%3C).*script.*(>|%3E)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"mosConfig_[a-zA-Z_]{1,21}(=|%3D)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"base64_encode\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"(%24&x)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"(127.0)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"(globals|encode|localhost|loopback)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args ~* \"(request|insert|concat|union|declare)\") { set \$susquery 1; }\n"; $modification .= "\tif (\$args !~ \"^loggedout=true\") { set \$susquery 0; }\n"; $modification .= "\tif (\$args !~ \"^action=jetpack-sso\") { set \$susquery 0; }\n"; $modification .= "\tif (\$args !~ \"^action=rp\") { set \$susquery 0; }\n"; $modification .= "\tif (\$http_cookie !~ \"^.*wordpress_logged_in_.*\$\") { set \$susquery 0; }\n"; $modification .= "\tif (\$http_referer !~ \"^http://maps.googleapis.com(.*)\$\") { set \$susquery 0; }\n"; $modification .= "\tif (\$susquery = 1) { return 403; } \n"; } // Process filtering of foreign characters if ($input['non_english_characters']) { $modification .= "\n"; $modification .= "\t# " . __('Filter Non-English Characters - Security > Settings > System Tweaks > Non-English Characters', 'better-wp-security') . "\n"; $modification .= "\tif (\$args ~* \"(%0|%A|%B|%C|%D|%E|%F)\") { return 403; }\n"; } return $modification; }