function render_tab1()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
$result = 1;
if (isset($_POST['aiowps_save_blacklist_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-blacklist-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings!", 4);
die(__('Nonce check failed for save blacklist settings!', 'all-in-one-wp-security-and-firewall'));
}
if (isset($_POST["aiowps_enable_blacklisting"]) && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents'])) {
$this->show_msg_error('You must submit at least one IP address or one User Agent value or both!', 'all-in-one-wp-security-and-firewall');
} else {
if (!empty($_POST['aiowps_banned_ip_addresses'])) {
$ip_addresses = $_POST['aiowps_banned_ip_addresses'];
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
if ($payload[0] == 1) {
//success case
$result = 1;
$list = $payload[1];
$banned_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
$_POST['aiowps_banned_ip_addresses'] = '';
//Clear the post variable for the banned address list
} else {
$result = -1;
$error_msg = $payload[1][0];
$this->show_msg_error($error_msg);
}
} else {
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', '');
//Clear the IP address config value
}
if (!empty($_POST['aiowps_banned_user_agents'])) {
$result = $result * $this->validate_user_agent_list();
} else {
//clear the user agent list
$aio_wp_security->configs->set_value('aiowps_banned_user_agents', '');
}
if ($result == 1) {
$aio_wp_security->configs->set_value('aiowps_enable_blacklisting', isset($_POST["aiowps_enable_blacklisting"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Save the configuration
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
//now let's write to the .htaccess file
if (!$write_result) {
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
}
}
}
}
?>
<h2><?php
_e('Ban IPs or User Agents', 'all-in-one-wp-security-and-firewall');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<div class="aio_grey_box">
<?php
$addon_link = '<strong><a href="http://www.site-scanners.com/country-blocking-addon/" target="_blank">Country Blocking Addon</a></strong>';
$info_msg = sprintf(__('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
$info_msg2 = __('This addon allows you to automatically block IP addresses based on their country of origin.', 'all-in-one-wp-security-and-firewall');
echo '<p>' . $info_msg . '<br />' . $info_msg2 . '</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-blacklist-settings-nonce');
?>
<div class="aio_orange_box">
<p>
<?php
$read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">must read this message</a>';
echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
?>
</p>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable IP or User Agent Blacklisting', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_blacklisting" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_blacklisting') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Enter IP Addresses:', 'all-in-one-wp-security-and-firewall');
?>
</th>
<td>
<textarea name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php
echo $result == -1 ? htmlspecialchars($_POST['aiowps_banned_ip_addresses']) : htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
?>
</textarea>
<br />
<span class="description"><?php
_e('Enter one or more IP addresses or IP ranges.', 'all-in-one-wp-security-and-firewall');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'all-in-one-wp-security-and-firewall');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Enter User Agents:', 'all-in-one-wp-security-and-firewall');
?>
</th>
<td>
<textarea name="aiowps_banned_user_agents" rows="5" cols="50"><?php
echo $result == -1 ? $_POST['aiowps_banned_user_agents'] : $aio_wp_security->configs->get_value('aiowps_banned_user_agents');
?>
</textarea>
<br />
<span class="description">
<?php
_e('Enter one or more user agent strings.', 'all-in-one-wp-security-and-firewall');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'all-in-one-wp-security-and-firewall');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">SquigglebotBot</p>';
echo '<p class="description">' . __('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_blacklist_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<?php
}
function blacklist_ip_address($entries)
{
global $wpdb, $aio_wp_security;
$bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
//get the currently saved blacklisted IPs
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses);
if (is_array($entries)) {
//Get the selected IP addresses
$id_list = "(" . implode(",", $entries) . ")";
//Create comma separate list for DB operation
$events_table = AIOWPSEC_TBL_EVENTS;
$query = "SELECT ip_or_host FROM {$events_table} WHERE ID IN " . $id_list;
$results = $wpdb->get_col($query);
if (empty($results)) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found!', 'WPS'));
return false;
} else {
foreach ($results as $entry) {
$ip_list_array[] = $entry;
}
}
} elseif ($entries != NULL) {
//Blacklist single record
$ip_list_array[] = $entries;
}
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
if ($payload[0] == 1) {
//success case
$result = 1;
$list = $payload[1];
$banned_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_enable_blacklisting', '1');
//Force blacklist feature to be enabled
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
$aio_wp_security->configs->save_config();
//Save the configuration
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
//now let's write to the .htaccess file
if ($write_result == -1) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'aiowpsecurity'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
} else {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked!', 'WPS'));
}
} else {
$result = -1;
$error_msg = $payload[1][0];
AIOWPSecurity_Admin_Menu::show_msg_error_st($error_msg);
}
}
function render_tab4()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
$result = 1;
$your_ip_address = AIOWPSecurity_Utility_IP::get_user_ip_address();
if (isset($_POST['aiowps_save_whitelist_settings'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-whitelist-settings-nonce')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save whitelist settings!", 4);
die(__('Nonce check failed for save whitelist settings!', 'all-in-one-wp-security-and-firewall'));
}
if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses'])) {
$this->show_msg_error('You must submit at least one IP address!', 'all-in-one-wp-security-and-firewall');
} else {
if (!empty($_POST['aiowps_allowed_ip_addresses'])) {
$ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
if ($payload[0] == 1) {
//success case
$result = 1;
$list = $payload[1];
$whitelist_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', $whitelist_ip_data);
$_POST['aiowps_allowed_ip_addresses'] = '';
//Clear the post variable for the banned address list
} else {
$result = -1;
$error_msg = htmlspecialchars($payload[1][0]);
$this->show_msg_error($error_msg);
}
} else {
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses', '');
//Clear the IP address config value
}
if ($result == 1) {
$aio_wp_security->configs->set_value('aiowps_enable_whitelisting', isset($_POST["aiowps_enable_whitelisting"]) ? '1' : '');
$aio_wp_security->configs->save_config();
//Save the configuration
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
//now let's write to the .htaccess file
if (!$write_result) {
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.', 'all-in-one-wp-security-and-firewall'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
}
}
}
}
?>
<h2><?php
_e('Login Whitelist', 'all-in-one-wp-security-and-firewall');
?>
</h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'all-in-one-wp-security-and-firewall') . '
<br />' . __('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall') . '
</p>';
?>
</div>
<div class="aio_yellow_box">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab2" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
$rename_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=tab1" target="_blank">Rename Login Page</a>';
echo '<p>' . sprintf(__('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link) . '</p>
<p>' . __('These features are NOT functionally related. Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php
_e('Login IP Whitelist Settings', 'all-in-one-wp-security-and-firewall');
?>
</label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
?>
<form action="" method="POST">
<?php
wp_nonce_field('aiowpsec-whitelist-settings-nonce');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php
_e('Enable IP Whitelisting', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input name="aiowps_enable_whitelisting" type="checkbox"<?php
if ($aio_wp_security->configs->get_value('aiowps_enable_whitelisting') == '1') {
echo ' checked="checked"';
}
?>
value="1"/>
<span class="description"><?php
_e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Your Current IP Address', 'all-in-one-wp-security-and-firewall');
?>
:</th>
<td>
<input size="20" name="aiowps_user_ip" type="text" value="<?php
echo $your_ip_address;
?>
" readonly="readonly"/>
<span class="description"><?php
_e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php
_e('Enter Whitelisted IP Addresses:', 'all-in-one-wp-security-and-firewall');
?>
</th>
<td>
<textarea name="aiowps_allowed_ip_addresses" rows="5" cols="50"><?php
echo $result == -1 ? htmlspecialchars($_POST['aiowps_allowed_ip_addresses']) : htmlspecialchars($aio_wp_security->configs->get_value('aiowps_allowed_ip_addresses'));
?>
</textarea>
<br />
<span class="description"><?php
_e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.', 'all-in-one-wp-security-and-firewall');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php
_e('More Info', 'all-in-one-wp-security-and-firewall');
?>
</span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description"><strong>' . __('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</strong></p>';
echo '<p class="description">' . __('To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 4: 4102:0:3ea6:79fd:b:46f8:230f:bb05', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 5: 2205:0:1ca2:810d::', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_whitelist_settings" value="<?php
_e('Save Settings', 'all-in-one-wp-security-and-firewall');
?>
" class="button-primary" />
</form>
</div></div>
<?php
}
