public function render($form)
{
?>
<div class="hide-if-no-js">
<p><?php
printf(__('This malware scan is powered by <a href="%s">Sucuri SiteCheck</a>. It checks for known malware, blacklisting status, website errors and out-of-date software. Although the Sucuri team does its best to provide thorough results, 100%% accuracy is not realistic and is not guaranteed.', 'better-wp-security'), esc_url('https://ithemes.com/sitecheck'));
?>
</p>
<p><?php
printf(__('Results of previous malware scans can be found on the <a href="%s">logs page</a>.', 'better-wp-security'), ITSEC_Core::get_logs_page_url('malware'));
?>
</p>
<div class='itsec-malware-scan-results-wrapper'></div>
<?php
$form->add_button('start', array('value' => __('Scan Homepage for Malware', 'better-wp-security'), 'class' => 'button-primary'));
?>
</div>
<div class="hide-if-js">
<p><?php
_e('The malware scanner requires Javascript in order to function. If Javascript is disabled in your browser, please enable it. If Javascript is not disabled, a script from another plugin, the theme, or a broken WordPress file is preventing the malware scanner\'s script from executing properly. Please try disabling other plugins to see if that resolves the issue.', 'better-wp-security');
?>
</p>
</div>
<?php
}
public function add_scripts()
{
foreach ($this->modules as $id => $module) {
$module->enqueue_scripts_and_styles();
}
foreach ($this->widgets as $id => $widget) {
$widget->enqueue_scripts_and_styles();
}
$vars = array('ajax_action' => 'itsec_settings_page', 'ajax_nonce' => wp_create_nonce('itsec-settings-nonce'), 'logs_page_url' => ITSEC_Core::get_logs_page_url(), 'translations' => $this->translations);
wp_enqueue_script('itsec-settings-page-script', plugins_url('js/script.js', __FILE__), array('jquery-ui-dialog'), $this->version, true);
wp_localize_script('itsec-settings-page-script', 'itsec_page', $vars);
}
public function enqueue_scripts_and_styles()
{
$settings = ITSEC_Modules::get_settings($this->id);
$logs_page_url = ITSEC_Core::get_logs_page_url('file_change');
$vars = array('button_text' => isset($settings['split']) && true === $settings['split'] ? __('Scan Next File Chunk', 'better-wp-security') : __('Scan Files Now', 'better-wp-security'), 'scanning_button_text' => __('Scanning...', 'better-wp-security'), 'no_changes' => __('No changes were detected.', 'better-wp-security'), 'found_changes' => sprintf(__('Changes were detected. Please check the <a href="%s" target="_blank">logs page</a> for details.', 'better-wp-security'), esc_url($logs_page_url)), 'unknown_error' => __('An unknown error occured. Please try again later', 'better-wp-security'), 'already_running' => sprintf(__('A scan is already in progress. Please check the <a href="%s" target="_blank">logs page</a> at a later time for the results of the scan.', 'better-wp-security'), esc_url($logs_page_url)), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check'));
wp_enqueue_script('itsec-file-change-settings-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-file-change-settings-script', 'itsec_file_change_settings', $vars);
$vars = array('nonce' => wp_create_nonce('itsec_jquery_filetree'));
wp_enqueue_script('itsec-file-change-admin-filetree-script', plugins_url('js/filetree/jqueryFileTree.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-file-change-admin-filetree-script', 'itsec_jquery_filetree', $vars);
wp_enqueue_style('itsec-file-change-admin-filetree-style', plugins_url('js/filetree/jqueryFileTree.css', __FILE__), array(), $this->script_version);
wp_enqueue_style('itsec-file-change-admin-style', plugins_url('css/settings.css', __FILE__), array(), $this->script_version);
}
public function show_file_change_warning()
{
$args = array('file_change_dismiss_warning' => '1', 'nonce' => $this->dismiss_nonce);
$dismiss_url = add_query_arg($args, ITSEC_Core::get_settings_page_url());
$logs_url = ITSEC_Core::get_logs_page_url();
$message = __('iThemes Security noticed file changes in your WordPress site. Please review the logs to make sure your system has not been compromised.', 'better-wp-security');
echo "<div id='itsec-file-change-warning-dialog' class='error'>\n";
echo "<p>{$message}</p>\n";
echo "<p>";
echo "<a class='button-primary' href='" . esc_url($logs_url) . "'>" . __('View Logs', 'better-wp-security') . "</a> ";
echo "<a id='itsec-file-change-dismiss-warning' class='button-secondary' href='" . esc_url($dismiss_url) . "'>" . __('Dismiss Warning', 'better-wp-security') . "</a>";
echo "</p>\n";
echo "</div>\n";
}
/**
* Processes and sends daily digest message
*
* @since 4.5
*
* @return void
*/
public function init()
{
global $itsec_globals, $itsec_lockout;
if (is_404() || (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) && get_site_transient('itsec_notification_running') !== false) {
return;
}
if (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) {
set_site_transient('itsec_notification_running', true, 3600);
}
$messages = false;
$has_lockouts = true;
//assume a lockout has occured by default
if (isset($this->queue['messages']) && sizeof($this->queue['messages']) > 0) {
$messages = $this->queue['messages'];
}
$host_count = sizeof($itsec_lockout->get_lockouts('host', true));
$user_count = sizeof($itsec_lockout->get_lockouts('user', true));
if ($host_count == 0 && $user_count == 0) {
$has_lockouts = false;
$lockout_message = __('There have been no lockouts since the last email check.', 'better-wp-security');
} elseif ($host_count === 0 && $user_count > 1) {
$lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $user_count, __('users or usernames locked out for attempting to log in with incorrect credentials.', 'better-wp-security'));
} elseif ($host_count === 0 && $user_count == 1) {
$lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $user_count, __('user or username locked out for attempting to log in with incorrect credentials.', 'better-wp-security'));
} elseif ($host_count == 1 && $user_count === 0) {
$lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $host_count, __('host locked out.', 'better-wp-security'));
} elseif ($host_count > 1 && $user_count === 0) {
$lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $host_count, __('hosts locked out.', 'better-wp-security'));
} else {
$lockout_message = sprintf('%s %s %s %s %s %s %s', __('There have been', 'better-wp-security'), $user_count + $host_count, __('lockout(s) including', 'better-wp-security'), $user_count, __('user(s) and', 'better-wp-security'), $host_count, __('host(s) locked out of your site.', 'better-wp-security'));
}
if ($has_lockouts !== false || $messages !== false) {
$module_message = '';
if (is_array($messages)) {
foreach ($messages as $message) {
if (is_string($message)) {
$module_message .= '<p>' . $message . '</p>';
}
}
}
$body = sprintf('<p>%s,</p><p>%s <a href="%s">%s</a></p><p><strong>%s: </strong>%s</p>%s<p>%s %s</p><p>%s <a href="%s">%s</a>.</p>', __('Dear Site Admin', 'better-wp-security'), __('The following is a summary of security related activity on your site. For details please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_logs_page_url()), __('the security logs', 'better-wp-security'), __('Lockouts', 'better-wp-security'), $lockout_message, $module_message, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security'));
//Setup the remainder of the email
$subject = '[' . get_option('siteurl') . '] ' . __('Daily Security Digest', 'better-wp-security');
$subject = apply_filters('itsec_lockout_email_subject', $subject);
$headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n";
$this->send_mail($subject, $body, $headers);
}
$this->queue = array('last_sent' => $itsec_globals['current_time_gmt'], 'messages' => array());
update_site_option('itsec_message_queue', $this->queue);
}
private function show_settings_page()
{
$form = new ITSEC_Form();
$module_filters = array('all' => array(_x('All', 'List all modules', 'better-wp-security'), 0), 'recommended' => array(_x('Recommended', 'List recommended modules', 'better-wp-security'), 0), 'advanced' => array(_x('Advanced', 'List advanced modules', 'better-wp-security'), 0));
$current_type = isset($_REQUEST['module_type']) ? $_REQUEST['module_type'] : 'recommended';
$visible_modules = array();
foreach ($this->modules as $id => $module) {
$module_filters['all'][1]++;
if ('all' === $current_type) {
$visible_modules[] = $id;
}
if (isset($module_filters[$module->type])) {
$module_filters[$module->type][1]++;
if ($module->type === $current_type) {
$visible_modules[] = $id;
}
}
$module->enabled = ITSEC_Modules::is_active($id);
$module->always_active = ITSEC_Modules::is_always_active($id);
}
$feature_tabs = array();
foreach ($module_filters as $type => $data) {
if ($current_type === $type) {
$class = 'current';
} else {
$class = '';
}
$feature_tabs[] = "<li class='itsec-module-filter' id='itsec-module-filter-{$type}'><a href='" . esc_url(add_query_arg('module_type', $type, $this->self_url)) . "' class='{$class}'>{$data[0]} <span class='count'>({$data[1]})</span></a>";
}
$whitelisted_ips = ITSEC_Lib::get_whitelisted_ips();
$blacklisted_ips = ITSEC_Lib::get_blacklisted_ips();
// Get user's view preference
$view = get_user_meta(get_current_user_id(), 'itsec-settings-view', true);
// Default to grid view for users that have an invalid or unspecified view
if (!in_array($view, array('grid', 'list'))) {
$view = 'grid';
}
?>
<div class="wrap">
<h1>
<?php
_e('iThemes Security', 'better-wp-security');
?>
<a href="<?php
echo esc_url(ITSEC_Core::get_logs_page_url());
?>
" class="page-title-action"><?php
_e('View Logs', 'better-wp-security');
?>
</a>
<a href="<?php
echo esc_url(apply_filters('itsec_support_url', 'https://wordpress.org/support/plugin/better-wp-security'));
?>
" target="_blank" class="page-title-action"><?php
_e('Support', 'better-wp-security');
?>
</a>
</h1>
<div id="itsec-settings-messages-container">
<?php
foreach (ITSEC_Response::get_errors() as $error) {
ITSEC_Lib::show_error_message($error);
}
foreach (ITSEC_Response::get_messages() as $message) {
ITSEC_Lib::show_status_message($message);
}
?>
</div>
<div id="poststuff">
<div id="post-body" class="metabox-holder columns-2 hide-if-no-js">
<div id="postbox-container-2" class="postbox-container">
<div class="itsec-module-section-heading">
<div class="itsec-settings-view-toggle hide-if-no-js" data-nonce="<?php
echo esc_attr(wp_create_nonce('set-user-setting-itsec-settings-view'));
?>
">
<a class="itsec-grid<?php
if ('grid' === $view) {
echo ' itsec-selected';
}
?>
"><span class="dashicons dashicons-grid-view"></span></a>
<a class="itsec-list<?php
if ('list' === $view) {
echo ' itsec-selected';
}
?>
"><span class="dashicons dashicons-list-view"></span></a>
</div>
<ul class="subsubsub itsec-feature-tabs hide-if-no-js">
<?php
echo implode($feature_tabs, " |</li>\n") . "</li>\n";
?>
</ul>
</div>
<div class="itsec-module-cards-container <?php
echo $view;
?>
hide-if-js">
<?php
$form->start_form('itsec-module-settings-form');
?>
<?php
$form->add_nonce('itsec-settings-page');
?>
<ul class="itsec-module-cards">
<?php
foreach ($this->modules as $id => $module) {
?>
<?php
if (!in_array($id, $visible_modules)) {
// continue;
}
$classes = array('itsec-module-type-' . $module->type, 'itsec-module-type-' . ($module->enabled ? 'enabled' : 'disabled'));
if ($module->upsell) {
$classes[] = 'itsec-module-pro-upsell';
}
if ($module->pro) {
$classes[] = 'itsec-module-type-pro';
}
?>
<li id="itsec-module-card-<?php
echo $id;
?>
" class="itsec-module-card <?php
echo implode(' ', $classes);
?>
" data-module-id="<?php
echo $id;
?>
">
<div class="itsec-module-card-content">
<?php
if ($module->upsell) {
?>
<a href="<?php
echo esc_url($module->upsell_url);
?>
" target="_blank" class="itsec-pro-upsell"> </a>
<?php
}
?>
<h2><?php
echo esc_html($module->title);
?>
</h2>
<?php
if ($module->pro) {
?>
<div class="itsec-pro-label"><?php
_e('Pro', 'better-wp-security');
?>
</div>
<?php
}
?>
<p class="module-description"><?php
echo $module->description;
?>
</p>
<?php
if (!$module->upsell) {
?>
<div class="module-actions hide-if-no-js">
<?php
if ($module->information_only) {
?>
<button class="button button-secondary itsec-toggle-settings information-only"><?php
echo $this->translations['show_information'];
?>
</button>
<?php
} elseif ($module->enabled || $module->always_active) {
?>
<button class="button button-secondary itsec-toggle-settings"><?php
echo $this->translations['show_settings'];
?>
</button>
<?php
if (!$module->always_active) {
?>
<button class="button button-secondary itsec-toggle-activation"><?php
echo $this->translations['deactivate'];
?>
</button>
<?php
}
?>
<?php
} else {
?>
<button class="button button-secondary itsec-toggle-settings"><?php
echo $this->translations['show_description'];
?>
</button>
<button class="button button-primary itsec-toggle-activation"><?php
echo $this->translations['activate'];
?>
</button>
<?php
}
?>
</div>
<?php
}
?>
</div>
<?php
if (!$module->upsell) {
?>
<div class="itsec-module-settings-container">
<div class="itsec-modal-navigation">
<button class="dashicons itsec-close-modal"></button>
<button class="itsec-right dashicons hidden"><span class="screen-reader-text"><?php
_e('Configure next iThemes Security setting', 'better-wp-security');
?>
</span></button>
<button class="itsec-left dashicons hidden"><span class="screen-reader-text"><?php
_e('Configure previous iThemes Security setting', 'better-wp-security');
?>
</span></button>
</div>
<div class="itsec-module-settings-content-container">
<div class="itsec-module-settings-content">
<h3 class="itsec-modal-header"><?php
echo esc_html($module->title);
?>
</h3>
<div class="itsec-module-messages-container"></div>
<div class="itsec-module-settings-content-main">
<?php
$this->get_module_settings($id, $form, true);
?>
</div>
</div>
</div>
<div class="itsec-list-content-footer hide-if-no-js">
<?php
if ($module->can_save) {
?>
<button class="button button-primary align-left itsec-module-settings-save"><?php
echo $this->translations['save_settings'];
?>
</button>
<?php
}
?>
<button class="button button-secondary align-left itsec-module-settings-cancel"><?php
_e('Cancel', 'better-wp-security');
?>
</button>
</div>
<div class="itsec-modal-content-footer">
<?php
if ($module->enabled || $module->always_active || $module->information_only) {
?>
<?php
if (!$module->always_active && !$module->information_only) {
?>
<button class="button button-secondary align-right itsec-toggle-activation"><?php
echo $this->translations['deactivate'];
?>
</button>
<?php
}
?>
<?php
} else {
?>
<button class="button button-primary align-right itsec-toggle-activation"><?php
echo $this->translations['activate'];
?>
</button>
<?php
}
?>
<?php
if ($module->can_save) {
?>
<button class="button button-primary align-left itsec-module-settings-save"><?php
echo $this->translations['save_settings'];
?>
</button>
<?php
} else {
?>
<button class="button button-primary align-left itsec-close-modal"><?php
echo $this->translations['close_settings'];
?>
</button>
<?php
}
?>
</div>
</div>
<?php
}
?>
</li>
<?php
}
?>
<li class="itsec-module-card-filler"></li>
</ul>
<?php
$form->end_form();
?>
</div>
</div>
<div class="itsec-modal-background"></div>
<div id="postbox-container-1" class="postbox-container">
<?php
foreach ($this->widgets as $id => $widget) {
?>
<?php
if ($widget->settings_form) {
?>
<?php
$form->start_form("itsec-sidebar-widget-form-{$id}");
?>
<?php
$form->add_nonce('itsec-settings-page');
?>
<?php
$form->add_hidden('widget-id', $id);
?>
<?php
}
?>
<div id="itsec-sidebar-widget-<?php
echo $id;
?>
" class="postbox itsec-sidebar-widget">
<h3 class="hndle ui-sortable-handle"><span><?php
echo esc_html($widget->title);
?>
</span></h3>
<div class="inside">
<?php
$this->get_widget_settings($id, $form, true);
?>
</div>
</div>
<?php
if ($widget->settings_form) {
$form->end_form();
}
?>
<?php
}
?>
</div>
</div>
<div class="hide-if-js">
<p class="itsec-warning-message"><?php
_e('iThemes Security requires Javascript in order for the settings to be modified. Please enable Javascript to configure the settings.', 'better-wp-security');
?>
</p>
</div>
</div>
</div>
<?php
}
/**
* Send the daily digest email.
*
* @since 2.6.0
*
* @return
*/
public function send_daily_digest()
{
global $itsec_lockout;
$send_email = false;
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-mailer.php';
$mail = new ITSEC_Mail();
$mail->add_header(esc_html__('Daily Security Digest', 'better-wp-security'), sprintf(wp_kses(__('Your Daily Security Digest for <b>%s</b>', 'better-wp-security'), array('b' => array())), date_i18n(get_option('date_format'))));
$mail->add_info_box(sprintf(wp_kses(__('The following is a summary of security related activity on your site: <b>%s</b>', 'better-wp-security'), array('b' => array())), get_option('siteurl')));
$mail->add_section_heading(esc_html__('Lockouts', 'better-wp-security'), 'lock');
$user_count = sizeof($itsec_lockout->get_lockouts('user', true));
$host_count = sizeof($itsec_lockout->get_lockouts('host', true));
if ($host_count > 0 || $user_count > 0) {
$mail->add_lockouts_summary($user_count, $host_count);
$send_email = true;
} else {
$mail->add_text(esc_html__('No lockouts since the last email check.', 'better-wp-security'));
}
if (is_array($this->queue) && !empty($this->queue['messages']) && is_array($this->queue['messages'])) {
if (in_array('file-change', $this->queue['messages'])) {
$mail->add_section_heading(esc_html__('File Changes', 'better-wp-security'), 'folder');
$mail->add_text(esc_html__('File changes detected on the site.', 'better-wp-security'));
$send_email = true;
}
$messages = array();
foreach ($this->queue['messages'] as $message) {
if ('file-change' === $message) {
continue;
}
$messages[] = $message;
}
if (!empty($messages)) {
$mail->add_section_heading(esc_html__('Messages', 'better-wp-security'), 'message');
foreach ($messages as $message) {
$mail->add_text($message);
}
$send_email = true;
}
}
if (!$send_email) {
return;
}
$mail->add_details_box(sprintf(wp_kses(__('For more details, <a href="%s"><b>visit your security logs</b></a>', 'better-wp-security'), array('a' => array('href' => array()), 'b' => array())), ITSEC_Core::get_logs_page_url()));
$mail->add_divider();
$mail->add_large_text(esc_html__('Is your site as secure as it could be?', 'better-wp-security'));
$mail->add_text(esc_html__('Ensure your site is using recommended settings and features with a security check.', 'better-wp-security'));
$mail->add_button(esc_html__('Run a Security Check ✓', 'better-wp-security'), ITSEC_Core::get_security_check_page_url());
if (defined('ITSEC_DEBUG') && true === ITSEC_DEBUG) {
$mail->add_text(sprintf(esc_html__('Debug info (source page): %s', 'better-wp-security'), esc_url($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])));
}
$mail->add_footer();
$raw_recipients = ITSEC_Modules::get_setting('global', 'notification_email');
$recipients = array();
foreach ($raw_recipients as $recipient) {
$recipient = trim($recipient);
if (is_email($recipient)) {
$recipients[] = $recipient;
}
}
$this->queue = array('last_sent' => ITSEC_Core::get_current_time_gmt(), 'messages' => array());
update_site_option('itsec_message_queue', $this->queue);
$subject = sprintf(esc_html__('[%s] Daily Security Digest', 'better-wp-security'), esc_url(get_option('siteurl')));
return $mail->send($recipients, $subject);
}
