public function render($form) { ?> <div class="hide-if-no-js"> <p><?php printf(__('This malware scan is powered by <a href="%s">Sucuri SiteCheck</a>. It checks for known malware, blacklisting status, website errors and out-of-date software. Although the Sucuri team does its best to provide thorough results, 100%% accuracy is not realistic and is not guaranteed.', 'better-wp-security'), esc_url('https://ithemes.com/sitecheck')); ?> </p> <p><?php printf(__('Results of previous malware scans can be found on the <a href="%s">logs page</a>.', 'better-wp-security'), ITSEC_Core::get_logs_page_url('malware')); ?> </p> <div class='itsec-malware-scan-results-wrapper'></div> <?php $form->add_button('start', array('value' => __('Scan Homepage for Malware', 'better-wp-security'), 'class' => 'button-primary')); ?> </div> <div class="hide-if-js"> <p><?php _e('The malware scanner requires Javascript in order to function. If Javascript is disabled in your browser, please enable it. If Javascript is not disabled, a script from another plugin, the theme, or a broken WordPress file is preventing the malware scanner\'s script from executing properly. Please try disabling other plugins to see if that resolves the issue.', 'better-wp-security'); ?> </p> </div> <?php }
public function add_scripts() { foreach ($this->modules as $id => $module) { $module->enqueue_scripts_and_styles(); } foreach ($this->widgets as $id => $widget) { $widget->enqueue_scripts_and_styles(); } $vars = array('ajax_action' => 'itsec_settings_page', 'ajax_nonce' => wp_create_nonce('itsec-settings-nonce'), 'logs_page_url' => ITSEC_Core::get_logs_page_url(), 'translations' => $this->translations); wp_enqueue_script('itsec-settings-page-script', plugins_url('js/script.js', __FILE__), array('jquery-ui-dialog'), $this->version, true); wp_localize_script('itsec-settings-page-script', 'itsec_page', $vars); }
public function enqueue_scripts_and_styles() { $settings = ITSEC_Modules::get_settings($this->id); $logs_page_url = ITSEC_Core::get_logs_page_url('file_change'); $vars = array('button_text' => isset($settings['split']) && true === $settings['split'] ? __('Scan Next File Chunk', 'better-wp-security') : __('Scan Files Now', 'better-wp-security'), 'scanning_button_text' => __('Scanning...', 'better-wp-security'), 'no_changes' => __('No changes were detected.', 'better-wp-security'), 'found_changes' => sprintf(__('Changes were detected. Please check the <a href="%s" target="_blank">logs page</a> for details.', 'better-wp-security'), esc_url($logs_page_url)), 'unknown_error' => __('An unknown error occured. Please try again later', 'better-wp-security'), 'already_running' => sprintf(__('A scan is already in progress. Please check the <a href="%s" target="_blank">logs page</a> at a later time for the results of the scan.', 'better-wp-security'), esc_url($logs_page_url)), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check')); wp_enqueue_script('itsec-file-change-settings-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true); wp_localize_script('itsec-file-change-settings-script', 'itsec_file_change_settings', $vars); $vars = array('nonce' => wp_create_nonce('itsec_jquery_filetree')); wp_enqueue_script('itsec-file-change-admin-filetree-script', plugins_url('js/filetree/jqueryFileTree.js', __FILE__), array('jquery'), $this->script_version, true); wp_localize_script('itsec-file-change-admin-filetree-script', 'itsec_jquery_filetree', $vars); wp_enqueue_style('itsec-file-change-admin-filetree-style', plugins_url('js/filetree/jqueryFileTree.css', __FILE__), array(), $this->script_version); wp_enqueue_style('itsec-file-change-admin-style', plugins_url('css/settings.css', __FILE__), array(), $this->script_version); }
public function show_file_change_warning() { $args = array('file_change_dismiss_warning' => '1', 'nonce' => $this->dismiss_nonce); $dismiss_url = add_query_arg($args, ITSEC_Core::get_settings_page_url()); $logs_url = ITSEC_Core::get_logs_page_url(); $message = __('iThemes Security noticed file changes in your WordPress site. Please review the logs to make sure your system has not been compromised.', 'better-wp-security'); echo "<div id='itsec-file-change-warning-dialog' class='error'>\n"; echo "<p>{$message}</p>\n"; echo "<p>"; echo "<a class='button-primary' href='" . esc_url($logs_url) . "'>" . __('View Logs', 'better-wp-security') . "</a> "; echo "<a id='itsec-file-change-dismiss-warning' class='button-secondary' href='" . esc_url($dismiss_url) . "'>" . __('Dismiss Warning', 'better-wp-security') . "</a>"; echo "</p>\n"; echo "</div>\n"; }
/** * Processes and sends daily digest message * * @since 4.5 * * @return void */ public function init() { global $itsec_globals, $itsec_lockout; if (is_404() || (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) && get_site_transient('itsec_notification_running') !== false) { return; } if (!defined('ITSEC_NOTIFY_USE_CRON') || false === ITSEC_NOTIFY_USE_CRON) { set_site_transient('itsec_notification_running', true, 3600); } $messages = false; $has_lockouts = true; //assume a lockout has occured by default if (isset($this->queue['messages']) && sizeof($this->queue['messages']) > 0) { $messages = $this->queue['messages']; } $host_count = sizeof($itsec_lockout->get_lockouts('host', true)); $user_count = sizeof($itsec_lockout->get_lockouts('user', true)); if ($host_count == 0 && $user_count == 0) { $has_lockouts = false; $lockout_message = __('There have been no lockouts since the last email check.', 'better-wp-security'); } elseif ($host_count === 0 && $user_count > 1) { $lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $user_count, __('users or usernames locked out for attempting to log in with incorrect credentials.', 'better-wp-security')); } elseif ($host_count === 0 && $user_count == 1) { $lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $user_count, __('user or username locked out for attempting to log in with incorrect credentials.', 'better-wp-security')); } elseif ($host_count == 1 && $user_count === 0) { $lockout_message = sprintf('%s %s %s', __('There has been', 'better-wp-security'), $host_count, __('host locked out.', 'better-wp-security')); } elseif ($host_count > 1 && $user_count === 0) { $lockout_message = sprintf('%s %s %s', __('There have been', 'better-wp-security'), $host_count, __('hosts locked out.', 'better-wp-security')); } else { $lockout_message = sprintf('%s %s %s %s %s %s %s', __('There have been', 'better-wp-security'), $user_count + $host_count, __('lockout(s) including', 'better-wp-security'), $user_count, __('user(s) and', 'better-wp-security'), $host_count, __('host(s) locked out of your site.', 'better-wp-security')); } if ($has_lockouts !== false || $messages !== false) { $module_message = ''; if (is_array($messages)) { foreach ($messages as $message) { if (is_string($message)) { $module_message .= '<p>' . $message . '</p>'; } } } $body = sprintf('<p>%s,</p><p>%s <a href="%s">%s</a></p><p><strong>%s: </strong>%s</p>%s<p>%s %s</p><p>%s <a href="%s">%s</a>.</p>', __('Dear Site Admin', 'better-wp-security'), __('The following is a summary of security related activity on your site. For details please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_logs_page_url()), __('the security logs', 'better-wp-security'), __('Lockouts', 'better-wp-security'), $lockout_message, $module_message, __('This email was generated automatically by'), $itsec_globals['plugin_name'], __('To change your email preferences please visit', 'better-wp-security'), wp_login_url(ITSEC_Core::get_settings_page_url()), __('the plugin settings', 'better-wp-security')); //Setup the remainder of the email $subject = '[' . get_option('siteurl') . '] ' . __('Daily Security Digest', 'better-wp-security'); $subject = apply_filters('itsec_lockout_email_subject', $subject); $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n"; $this->send_mail($subject, $body, $headers); } $this->queue = array('last_sent' => $itsec_globals['current_time_gmt'], 'messages' => array()); update_site_option('itsec_message_queue', $this->queue); }
private function show_settings_page() { $form = new ITSEC_Form(); $module_filters = array('all' => array(_x('All', 'List all modules', 'better-wp-security'), 0), 'recommended' => array(_x('Recommended', 'List recommended modules', 'better-wp-security'), 0), 'advanced' => array(_x('Advanced', 'List advanced modules', 'better-wp-security'), 0)); $current_type = isset($_REQUEST['module_type']) ? $_REQUEST['module_type'] : 'recommended'; $visible_modules = array(); foreach ($this->modules as $id => $module) { $module_filters['all'][1]++; if ('all' === $current_type) { $visible_modules[] = $id; } if (isset($module_filters[$module->type])) { $module_filters[$module->type][1]++; if ($module->type === $current_type) { $visible_modules[] = $id; } } $module->enabled = ITSEC_Modules::is_active($id); $module->always_active = ITSEC_Modules::is_always_active($id); } $feature_tabs = array(); foreach ($module_filters as $type => $data) { if ($current_type === $type) { $class = 'current'; } else { $class = ''; } $feature_tabs[] = "<li class='itsec-module-filter' id='itsec-module-filter-{$type}'><a href='" . esc_url(add_query_arg('module_type', $type, $this->self_url)) . "' class='{$class}'>{$data[0]} <span class='count'>({$data[1]})</span></a>"; } $whitelisted_ips = ITSEC_Lib::get_whitelisted_ips(); $blacklisted_ips = ITSEC_Lib::get_blacklisted_ips(); // Get user's view preference $view = get_user_meta(get_current_user_id(), 'itsec-settings-view', true); // Default to grid view for users that have an invalid or unspecified view if (!in_array($view, array('grid', 'list'))) { $view = 'grid'; } ?> <div class="wrap"> <h1> <?php _e('iThemes Security', 'better-wp-security'); ?> <a href="<?php echo esc_url(ITSEC_Core::get_logs_page_url()); ?> " class="page-title-action"><?php _e('View Logs', 'better-wp-security'); ?> </a> <a href="<?php echo esc_url(apply_filters('itsec_support_url', 'https://wordpress.org/support/plugin/better-wp-security')); ?> " target="_blank" class="page-title-action"><?php _e('Support', 'better-wp-security'); ?> </a> </h1> <div id="itsec-settings-messages-container"> <?php foreach (ITSEC_Response::get_errors() as $error) { ITSEC_Lib::show_error_message($error); } foreach (ITSEC_Response::get_messages() as $message) { ITSEC_Lib::show_status_message($message); } ?> </div> <div id="poststuff"> <div id="post-body" class="metabox-holder columns-2 hide-if-no-js"> <div id="postbox-container-2" class="postbox-container"> <div class="itsec-module-section-heading"> <div class="itsec-settings-view-toggle hide-if-no-js" data-nonce="<?php echo esc_attr(wp_create_nonce('set-user-setting-itsec-settings-view')); ?> "> <a class="itsec-grid<?php if ('grid' === $view) { echo ' itsec-selected'; } ?> "><span class="dashicons dashicons-grid-view"></span></a> <a class="itsec-list<?php if ('list' === $view) { echo ' itsec-selected'; } ?> "><span class="dashicons dashicons-list-view"></span></a> </div> <ul class="subsubsub itsec-feature-tabs hide-if-no-js"> <?php echo implode($feature_tabs, " |</li>\n") . "</li>\n"; ?> </ul> </div> <div class="itsec-module-cards-container <?php echo $view; ?> hide-if-js"> <?php $form->start_form('itsec-module-settings-form'); ?> <?php $form->add_nonce('itsec-settings-page'); ?> <ul class="itsec-module-cards"> <?php foreach ($this->modules as $id => $module) { ?> <?php if (!in_array($id, $visible_modules)) { // continue; } $classes = array('itsec-module-type-' . $module->type, 'itsec-module-type-' . ($module->enabled ? 'enabled' : 'disabled')); if ($module->upsell) { $classes[] = 'itsec-module-pro-upsell'; } if ($module->pro) { $classes[] = 'itsec-module-type-pro'; } ?> <li id="itsec-module-card-<?php echo $id; ?> " class="itsec-module-card <?php echo implode(' ', $classes); ?> " data-module-id="<?php echo $id; ?> "> <div class="itsec-module-card-content"> <?php if ($module->upsell) { ?> <a href="<?php echo esc_url($module->upsell_url); ?> " target="_blank" class="itsec-pro-upsell"> </a> <?php } ?> <h2><?php echo esc_html($module->title); ?> </h2> <?php if ($module->pro) { ?> <div class="itsec-pro-label"><?php _e('Pro', 'better-wp-security'); ?> </div> <?php } ?> <p class="module-description"><?php echo $module->description; ?> </p> <?php if (!$module->upsell) { ?> <div class="module-actions hide-if-no-js"> <?php if ($module->information_only) { ?> <button class="button button-secondary itsec-toggle-settings information-only"><?php echo $this->translations['show_information']; ?> </button> <?php } elseif ($module->enabled || $module->always_active) { ?> <button class="button button-secondary itsec-toggle-settings"><?php echo $this->translations['show_settings']; ?> </button> <?php if (!$module->always_active) { ?> <button class="button button-secondary itsec-toggle-activation"><?php echo $this->translations['deactivate']; ?> </button> <?php } ?> <?php } else { ?> <button class="button button-secondary itsec-toggle-settings"><?php echo $this->translations['show_description']; ?> </button> <button class="button button-primary itsec-toggle-activation"><?php echo $this->translations['activate']; ?> </button> <?php } ?> </div> <?php } ?> </div> <?php if (!$module->upsell) { ?> <div class="itsec-module-settings-container"> <div class="itsec-modal-navigation"> <button class="dashicons itsec-close-modal"></button> <button class="itsec-right dashicons hidden"><span class="screen-reader-text"><?php _e('Configure next iThemes Security setting', 'better-wp-security'); ?> </span></button> <button class="itsec-left dashicons hidden"><span class="screen-reader-text"><?php _e('Configure previous iThemes Security setting', 'better-wp-security'); ?> </span></button> </div> <div class="itsec-module-settings-content-container"> <div class="itsec-module-settings-content"> <h3 class="itsec-modal-header"><?php echo esc_html($module->title); ?> </h3> <div class="itsec-module-messages-container"></div> <div class="itsec-module-settings-content-main"> <?php $this->get_module_settings($id, $form, true); ?> </div> </div> </div> <div class="itsec-list-content-footer hide-if-no-js"> <?php if ($module->can_save) { ?> <button class="button button-primary align-left itsec-module-settings-save"><?php echo $this->translations['save_settings']; ?> </button> <?php } ?> <button class="button button-secondary align-left itsec-module-settings-cancel"><?php _e('Cancel', 'better-wp-security'); ?> </button> </div> <div class="itsec-modal-content-footer"> <?php if ($module->enabled || $module->always_active || $module->information_only) { ?> <?php if (!$module->always_active && !$module->information_only) { ?> <button class="button button-secondary align-right itsec-toggle-activation"><?php echo $this->translations['deactivate']; ?> </button> <?php } ?> <?php } else { ?> <button class="button button-primary align-right itsec-toggle-activation"><?php echo $this->translations['activate']; ?> </button> <?php } ?> <?php if ($module->can_save) { ?> <button class="button button-primary align-left itsec-module-settings-save"><?php echo $this->translations['save_settings']; ?> </button> <?php } else { ?> <button class="button button-primary align-left itsec-close-modal"><?php echo $this->translations['close_settings']; ?> </button> <?php } ?> </div> </div> <?php } ?> </li> <?php } ?> <li class="itsec-module-card-filler"></li> </ul> <?php $form->end_form(); ?> </div> </div> <div class="itsec-modal-background"></div> <div id="postbox-container-1" class="postbox-container"> <?php foreach ($this->widgets as $id => $widget) { ?> <?php if ($widget->settings_form) { ?> <?php $form->start_form("itsec-sidebar-widget-form-{$id}"); ?> <?php $form->add_nonce('itsec-settings-page'); ?> <?php $form->add_hidden('widget-id', $id); ?> <?php } ?> <div id="itsec-sidebar-widget-<?php echo $id; ?> " class="postbox itsec-sidebar-widget"> <h3 class="hndle ui-sortable-handle"><span><?php echo esc_html($widget->title); ?> </span></h3> <div class="inside"> <?php $this->get_widget_settings($id, $form, true); ?> </div> </div> <?php if ($widget->settings_form) { $form->end_form(); } ?> <?php } ?> </div> </div> <div class="hide-if-js"> <p class="itsec-warning-message"><?php _e('iThemes Security requires Javascript in order for the settings to be modified. Please enable Javascript to configure the settings.', 'better-wp-security'); ?> </p> </div> </div> </div> <?php }
/** * Send the daily digest email. * * @since 2.6.0 * * @return */ public function send_daily_digest() { global $itsec_lockout; $send_email = false; require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-mailer.php'; $mail = new ITSEC_Mail(); $mail->add_header(esc_html__('Daily Security Digest', 'better-wp-security'), sprintf(wp_kses(__('Your Daily Security Digest for <b>%s</b>', 'better-wp-security'), array('b' => array())), date_i18n(get_option('date_format')))); $mail->add_info_box(sprintf(wp_kses(__('The following is a summary of security related activity on your site: <b>%s</b>', 'better-wp-security'), array('b' => array())), get_option('siteurl'))); $mail->add_section_heading(esc_html__('Lockouts', 'better-wp-security'), 'lock'); $user_count = sizeof($itsec_lockout->get_lockouts('user', true)); $host_count = sizeof($itsec_lockout->get_lockouts('host', true)); if ($host_count > 0 || $user_count > 0) { $mail->add_lockouts_summary($user_count, $host_count); $send_email = true; } else { $mail->add_text(esc_html__('No lockouts since the last email check.', 'better-wp-security')); } if (is_array($this->queue) && !empty($this->queue['messages']) && is_array($this->queue['messages'])) { if (in_array('file-change', $this->queue['messages'])) { $mail->add_section_heading(esc_html__('File Changes', 'better-wp-security'), 'folder'); $mail->add_text(esc_html__('File changes detected on the site.', 'better-wp-security')); $send_email = true; } $messages = array(); foreach ($this->queue['messages'] as $message) { if ('file-change' === $message) { continue; } $messages[] = $message; } if (!empty($messages)) { $mail->add_section_heading(esc_html__('Messages', 'better-wp-security'), 'message'); foreach ($messages as $message) { $mail->add_text($message); } $send_email = true; } } if (!$send_email) { return; } $mail->add_details_box(sprintf(wp_kses(__('For more details, <a href="%s"><b>visit your security logs</b></a>', 'better-wp-security'), array('a' => array('href' => array()), 'b' => array())), ITSEC_Core::get_logs_page_url())); $mail->add_divider(); $mail->add_large_text(esc_html__('Is your site as secure as it could be?', 'better-wp-security')); $mail->add_text(esc_html__('Ensure your site is using recommended settings and features with a security check.', 'better-wp-security')); $mail->add_button(esc_html__('Run a Security Check ✓', 'better-wp-security'), ITSEC_Core::get_security_check_page_url()); if (defined('ITSEC_DEBUG') && true === ITSEC_DEBUG) { $mail->add_text(sprintf(esc_html__('Debug info (source page): %s', 'better-wp-security'), esc_url($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]))); } $mail->add_footer(); $raw_recipients = ITSEC_Modules::get_setting('global', 'notification_email'); $recipients = array(); foreach ($raw_recipients as $recipient) { $recipient = trim($recipient); if (is_email($recipient)) { $recipients[] = $recipient; } } $this->queue = array('last_sent' => ITSEC_Core::get_current_time_gmt(), 'messages' => array()); update_site_option('itsec_message_queue', $this->queue); $subject = sprintf(esc_html__('[%s] Daily Security Digest', 'better-wp-security'), esc_url(get_option('siteurl'))); return $mail->send($recipients, $subject); }