/** * Redirects to or from SSL where appropriate * * @return void */ function ssl_redirect() { global $post; $hide_options = get_site_option('itsec_hide_backend'); if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) { return; } if (is_singular() && $this->settings['frontend'] == 1) { $require_ssl = get_post_meta($post->ID, 'itsec_enable_ssl', true); $bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl', true); if ($bwps_ssl == 1) { $require_ssl = 1; delete_post_meta($post->ID, 'bwps_enable_ssl'); update_post_meta($post->ID, 'itsec_enable_ssl', true); } elseif ($bwps_ssl != 1) { delete_post_meta($post->ID, 'bwps_enable_ssl'); if ($require_ssl != 1) { delete_post_meta($post->ID, 'itsec_enable_ssl'); } } if ($require_ssl == 1 && $this->is_ssl() === false || $require_ssl != 1 && $this->is_ssl() === true) { $href = ($_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; wp_redirect($href, 302); } } else { if ($this->settings['frontend'] == 2 && !$this->is_ssl() || ($this->settings['frontend'] == 0 || $this->settings['frontend'] == 1) && $this->is_ssl()) { $href = ($_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; wp_redirect($href, 302); } } }
function run($core) { $this->core = $core; $this->settings = get_site_option('itsec_malware'); $this->module_path = ITSEC_Lib::get_module_path(__FILE__); add_action('itsec_add_admin_meta_boxes', array($this, 'add_admin_meta_boxes')); //add meta boxes to admin page add_action('itsec_admin_init', array($this, 'initialize_admin')); //initialize admin area add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts')); //enqueue scripts for admin page add_action('wp_ajax_itsec_malware_request_url_scan_ajax', array($this, 'wp_ajax_itsec_malware_request_url_scan_ajax')); //Execute manual homepage scan request add_action('wp_ajax_itsec_malware_get_scan_results_ajax', array($this, 'wp_ajax_itsec_malware_get_scan_results_ajax')); //Execute manual homepage scan report add_filter('itsec_add_dashboard_status', array($this, 'dashboard_status')); //add information for plugin status add_filter('itsec_tracking_vars', array($this, 'tracking_vars')); add_filter('itsec_logger_displays', array($this, 'itsec_logger_displays')); //adds logs metaboxes //manually save options on multisite if (is_multisite()) { add_action('itsec_admin_init', array($this, 'save_network_options')); //save multisite options } }
protected function sanitize_settings() { $this->sanitize_setting('bool', 'default', __('Default Blacklist', 'better-wp-security')); $this->sanitize_setting('bool', 'enable_ban_lists', __('Ban Lists', 'better-wp-security')); $this->sanitize_setting('newline-separated-ips', 'host_list', __('Ban Hosts', 'better-wp-security')); if (is_array($this->settings['host_list'])) { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php'; $whitelisted_hosts = array(); $current_ip = ITSEC_Lib::get_ip(); foreach ($this->settings['host_list'] as $host) { if (is_user_logged_in() && ITSEC_Lib_IP_Tools::intersect($current_ip, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($host))) { $this->set_can_save(false); /* translators: 1: input name, 2: invalid host */ $this->add_error(sprintf(__('The following host in %1$s matches your current IP and cannot be banned: %2$s', 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $host)); continue; } if (ITSEC_Lib::is_ip_whitelisted($host)) { $whitelisted_hosts[] = $host; } } if (!empty($whitelisted_hosts)) { $this->set_can_save(false); /* translators: 1: input name, 2: invalid host list */ $this->add_error(wp_sprintf(_n('The following IP in %1$s is whitelisted and cannot be banned: %2$l', 'The following IPs in %1$s are whitelisted and cannot be banned: %2$l', count($whitelisted_hosts), 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $whitelisted_hosts)); } } $this->sanitize_setting(array($this, 'sanitize_agent_list_entry'), 'agent_list', __('Ban User Agents', 'better-wp-security')); }
/** * Returns directory contents * * @since 4.3 * * @param string $dir the directory to scan * @param string $parent the parent directory (if needed * * @return array */ private function get_files($dir = '', $parent = null) { if ($parent === null) { $parent = ITSEC_Lib::get_home_path(); } $rel_dir = trim(sanitize_text_field($dir)); $directory = trim(trailingslashit(urldecode(trailingslashit(sanitize_text_field($parent)) . $rel_dir))); $dir_contents = array(); if (file_exists($directory)) { $files = scandir($directory); natcasesort($files); if (count($files) > 2) { /* The 2 accounts for . and .. */ //two loops keep directories sorted before files // All dirs foreach ($files as $file) { if (file_exists($directory . $file) && $file != '.' && $file != '..' && is_dir($directory . $file)) { //echo $dir . ', ' . $directory . PHP_EOL; $dir_contents[$file] = $this->get_files($file, $directory); } } // All files foreach ($files as $file) { if (file_exists($directory . $file) && $file != '.' && $file != '..' && !is_dir($directory . $file)) { //echo $file . PHP_EOL; $dir_contents[] = $file; } } } } return $dir_contents; }
/** * Build rewrite rules * * @since 4.0 * * @param array $input options to build rules from * * @return array rules to write */ public static function build_rewrite_rules($input = null) { $home_root = ITSEC_Lib::get_home_root(); $server_type = ITSEC_Lib::get_server(); //Get the server type to build the right rules //Get the rules from the database if input wasn't sent if ($input === null) { $input = get_site_option('itsec_hide_backend'); } $rules = ''; //initialize all rules to blank string //don't add any rules if the module hasn't been enabled if ($input['enabled'] == true) { if ($server_type == 'nginx') { $rules .= "\t# " . __('Rules to hide the dashboard', 'it-l10n-ithemes-security-pro') . PHP_EOL . "\trewrite ^(" . $home_root . ")?" . $input['slug'] . "/?\$ " . $home_root . "wp-login.php?\$query_string break;" . PHP_EOL; } else { $rules .= "\t# " . __('Rules to hide the dashboard', 'it-l10n-ithemes-security-pro') . PHP_EOL . "\tRewriteRule ^(" . $home_root . ")?" . $input['slug'] . "/?\$ " . $home_root . "wp-login.php [QSA,L]" . PHP_EOL; } if ($input['register'] != 'wp-register.php') { if ($server_type == 'nginx') { $rules .= "\trewrite ^(" . $home_root . ")?" . $input['register'] . "/?\$ " . $home_root . $input['slug'] . "?action=register break;" . PHP_EOL; } else { $rules .= "\tRewriteRule ^(" . $home_root . ")?" . $input['register'] . "/?\$ /wplogin?action=register [QSA,L]" . PHP_EOL; } } } if (strlen($rules) > 0) { $rules = explode(PHP_EOL, $rules); } else { $rules = false; } //create a proper array for writing return array('type' => 'htaccess', 'priority' => 9, 'name' => 'Hide Backend', 'rules' => $rules); }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); if ($current_options === false) { $current_options = $this->defaults; } $current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false; $current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false; $current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false; $current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false; $current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false; $current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false; $current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false; $current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false; $current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false; $current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false; $current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false; $current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false; $current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false; $current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); add_site_option('itsec_rewrites_changed', true); add_site_option('itsec_config_changed', true); } if ($itsec_old_version < 4035) { add_site_option('itsec_rewrites_changed', true); } }
function run( $core ) { $this->defaults = array( 'enabled' => false, 'email_notifications' => true, 'email_contacts' => array(), ); $this->core = $core; $this->settings = get_site_option( 'itsec_malware_scheduling' ); $this->module_path = ITSEC_Lib::get_module_path( __FILE__ ); if ( ! is_array( $this->settings ) ) { $this->settings = array(); } $this->settings = array_merge( $this->defaults, $this->settings ); add_action( 'itsec_add_admin_meta_boxes', array( $this, 'itsec_add_admin_meta_boxes' ) ); //add meta boxes to admin page add_action( 'itsec_admin_init', array( $this, 'itsec_admin_init' ) ); //initialize admin area add_filter( 'itsec_add_dashboard_status', array( $this, 'dashboard_status' ) ); add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) ); //enqueue scripts for admin page add_action( 'wp_ajax_itsec_jquery_malware_filetree_ajax', array( $this, 'wp_ajax_itsec_jquery_malware_filetree_ajax' ) ); //manually save options on multisite if ( is_multisite() ) { add_action( 'itsec_admin_init', array( $this, 'itsec_admin_init_multisite' ) ); //save multisite options } }
function run( $core ) { $this->core = $core; $this->module_path = ITSEC_Lib::get_module_path( __FILE__ ); add_action( 'admin_init', array( $this, 'admin_init' ) ); }
/** * Determines whether a given IP address is whitelisted * * @param string $ip_to_check ip to check * @param array $white_ips ip list to compare to if not yet saved to options * @param boolean $current whether to whitelist the current ip or not (due to saving, etc) * * @return boolean true if whitelisted or false */ public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false) { $ip_to_check = trim($ip_to_check); if ($white_ips === null) { $global_settings = get_site_option('itsec_global'); $white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array(); } if ($current === true) { $white_ips[] = ITSEC_Lib::get_ip(); //add current user ip to whitelist to check automatically } foreach ($white_ips as $white_ip) { $converted_white_ip = ITSEC_Lib::ip_wild_to_mask($white_ip); $check_range = ITSEC_Lib::cidr_to_range($converted_white_ip); $ip_range = ITSEC_Lib::cidr_to_range($ip_to_check); if (sizeof($check_range) === 2) { //range to check $check_min = ip2long($check_range[0]); $check_max = ip2long($check_range[1]); if (sizeof($ip_range) === 2) { $ip_min = ip2long($ip_range[0]); $ip_max = ip2long($ip_range[1]); /** * Checks cover the following scenarios: * - min-a, min-b, max-a, max-b : min-b is in a range and min-a is in b range * - min-b, min-a, max-b, max-a : max-b is in a range and max-a is in b range * - min-a, min-b, max-b, max-a : range b is encapsulated by range a * - min-b, min-a, max-a, max-b : range a is encapsulated by range b */ if ($check_min <= $ip_min && $ip_min <= $check_max || $check_min <= $ip_max && $ip_max <= $check_max || $ip_min <= $check_min && $check_min <= $ip_max || $ip_min <= $check_max && $check_max <= $ip_max) { return true; } } else { $ip = ip2long($ip_range[0]); if ($check_min <= $ip && $ip <= $check_max) { return true; } } } else { //single ip to check $check = ip2long($check_range[0]); if (sizeof($ip_range) === 2) { $ip_min = ip2long($ip_range[0]); $ip_max = ip2long($ip_range[1]); if ($ip_min <= $check && $check <= $ip_max) { return true; } } else { $ip = ip2long($ip_range[0]); if ($check == $ip) { return true; } } } } return false; }
function run($core) { $this->settings = true; $this->core = $core; $this->module_path = ITSEC_Lib::get_module_path(__FILE__); add_action('itsec_add_admin_meta_boxes', array($this, 'itsec_add_admin_meta_boxes')); //add meta boxes to admin page add_action('itsec_admin_init', array($this, 'itsec_admin_init')); //initialize admin area }
function run() { $this->settings = get_site_option('itsec_privilege'); $this->module_path = ITSEC_Lib::get_module_path(__FILE__); add_action('admin_init', array($this, 'admin_init')); add_action('edit_user_profile', array($this, 'edit_user_profile')); add_action('edit_user_profile_update', array($this, 'edit_user_profile_update')); add_action('init', array($this, 'init'), 1); add_action('switch_blog', array($this, 'init')); }
protected function render_settings($form) { ?> <div class="itsec-warning-message"><?php printf(__('<span>Warning:</span> The changes made by this tool could cause compatibility issues with some plugins, themes, or customizations. Ensure that you <a href="%s">create a database backup</a> before using this tool.', 'better-wp-security'), esc_url(ITSEC_Core::get_backup_creation_page_url())); ?> </div> <table class="form-table itsec-settings-section"> <?php if (username_exists('admin')) { ?> <tr> <th scope="row"><label for="itsec-admin-user-new_username"><?php _e('New Admin Username', 'better-wp-security'); ?> </label></th> <td> <?php $form->add_text('new_username', array('class' => 'code')); ?> <br /> <p class="description"><?php _e('Enter a new username to replace "admin." Please note that if you are logged in as admin you will have to log in again.', 'better-wp-security'); ?> </p> </td> </tr> <?php } ?> <?php if (ITSEC_Lib::user_id_exists(1)) { ?> <tr> <th scope="row"><label for="itsec-admin-user-change_id"><?php _e('Change User ID 1', 'better-wp-security'); ?> </label></th> <td> <?php $form->add_checkbox('change_id'); ?> <label for="itsec-admin-user-change_id"><?php _e('Change the ID of the user with ID 1.', 'better-wp-security'); ?> </label> </td> </tr> <?php } ?> </table> <?php }
public static function scan() { global $itsec_logger; $results = self::get_scan_results(); if (is_array($results) && isset($results['cached']) && $results['cached']) { return $results; } $user = wp_get_current_user(); $itsec_logger->log_event('malware', 3, $results, ITSEC_Lib::get_ip(), $user->user_login, $user->ID); return $results; }
public static function filter_nginx_server_config_modification($modification, $settings) { $home_root = ITSEC_Lib::get_home_root(); $modification .= "\n"; $modification .= "\t# " . __('Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend', 'better-wp-security') . "\n"; $modification .= "\trewrite ^({$home_root})?{$settings['slug']}/?\$ {$home_root}wp-login.php?\$query_string break;\n"; if ('wp-register.php' != $settings['register']) { $modification .= "\trewrite ^({$home_root})?{$settings['register']}/?\$ {$home_root}{$settings['slug']}?action=register break;\n"; } return $modification; }
/** * Execute away mode functionality * * @return void */ public function run_active_check() { global $itsec_logger; //execute lockout if applicable if (self::is_active()) { $itsec_logger->log_event('away_mode', 5, array(__('A host was prevented from accessing the dashboard due to away-mode restrictions being in effect', 'better-wp-security')), ITSEC_Lib::get_ip(), '', '', '', ''); wp_redirect(get_option('siteurl')); wp_clear_auth_cookie(); die; } }
function run($core) { $this->core = $core; $this->module_path = ITSEC_Lib::get_module_path(__FILE__); add_filter('itsec_tracking_vars', array($this, 'tracking_vars')); if (!empty($_POST)) { add_action('itsec_admin_init', array($this, 'process_post_data')); } if (!$this->is_custom_directory() || $this->is_modified_by_it_security()) { add_action('itsec_add_admin_meta_boxes', array($this, 'add_admin_meta_boxes')); } }
function run() { $this->settings = get_site_option( 'itsec_password' ); $this->module_path = ITSEC_Lib::get_module_path( __FILE__ ); add_action( 'user_profile_update_errors', array( $this, 'validate_valid_password' ), 11 ); //make sure to clear password nag add_action( 'validate_password_reset', array( $this, 'validate_valid_password' ), 11 ); //make sure to clear password nag if reseting add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) ); //Add password generator to edit profile page add_action( 'login_enqueue_scripts', array( $this, 'login_enqueue_scripts' ) ); //Add to reset password page add_action( 'wp_login', array( $this, 'wp_login' ), 10, 2 ); //set meta if they need to change their password add_action( 'current_screen', array( $this, 'admin_init' ) ); //redirect to profile page and show a require password change nag }
/** * Execute module upgrade * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; $current_options = get_site_option('itsec_hide_backend'); if (false !== $current_options) { $current_options['enabled'] = isset($itsec_bwps_options['hb_enabled']) && $itsec_bwps_options['hb_enabled'] == 1 ? true : false; $current_options['register'] = isset($itsec_bwps_options['hb_register']) ? sanitize_text_field($itsec_bwps_options['hb_register']) : 'wp-register.php'; if ($current_options['enabled'] === true) { $current_options['show-tooltip'] = true; set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600); } else { $current_options['show-tooltip'] = false; } $forbidden_slugs = array('admin', 'login', 'wp-login.php', 'dashboard', 'wp-admin', ''); if (isset($itsec_bwps_options['hb_login']) && !in_array(trim($itsec_bwps_options['hb_login']), $forbidden_slugs)) { $current_options['slug'] = $itsec_bwps_options['hb_login']; set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600); } else { $current_options['enabled'] = false; set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600); } update_site_option('itsec_hide_backend', $current_options); ITSEC_Response::regenerate_server_config(); } } if ($itsec_old_version < 4027) { $current_options = get_site_option('itsec_hide_backend'); if (isset($current_options['enabled']) && $current_options['enabled'] === true) { $config_file = ITSEC_Lib::get_htaccess(); //Make sure we can write to the file $perms = substr(sprintf('%o', @fileperms($config_file)), -4); @chmod($config_file, 0664); add_action('admin_init', array($this, 'flush_rewrite_rules')); //reset file permissions if we changed them if ($perms == '0444') { @chmod($config_file, 0444); } ITSEC_Response::regenerate_server_config(); } } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_hide_backend'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { // remove 'show-tooltip' which is old and not used in the new module unset($current_options['show-tooltip']); ITSEC_Modules::set_settings('hide-backend', $current_options); } } }
/** * Redirects to or from SSL where appropriate * * @since 4.0 * * @return void */ public function do_conditional_ssl_redirect() { $hide_options = get_site_option('itsec_hide_backend', array()); if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) { return; } $settings = ITSEC_Modules::get_settings('ssl'); if (2 === $settings['frontend']) { $protocol = 'https'; } else { if (1 === $settings['frontend'] && is_singular()) { global $post; $bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl'); if (!empty($bwps_ssl)) { if ($bwps_ssl[0]) { $protocol = 'https'; update_post_meta($post->ID, 'itsec_enable_ssl', true); } delete_post_meta($post->ID, 'bwps_enable_ssl'); } if (!isset($protocol)) { $enable_ssl = get_post_meta($post->ID, 'itsec_enable_ssl'); if (!empty($enable_ssl)) { if ($enable_ssl[0]) { $protocol = 'https'; } else { delete_post_meta($post->ID, 'itsec_enable_ssl'); } } } } else { return; } } if (!isset($protocol)) { $protocol = 'http'; } $is_ssl = is_ssl(); if ($is_ssl && 'http' == $protocol) { $redirect = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; } else { if (!$is_ssl && 'https' == $protocol) { $redirect = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; } } if (isset($redirect)) { wp_redirect($redirect, 301); exit; } }
/** * Determines whether a given IP address is whitelisted * * @param string $ip_to_check ip to check * @param array $white_ips ip list to compare to if not yet saved to options * @param boolean $current whether to whitelist the current ip or not (due to saving, etc) * * @return boolean true if whitelisted or false */ public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false) { $ip_to_check = trim($ip_to_check); if ($white_ips === null) { $global_settings = get_site_option('itsec_global'); $white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array(); } if ($current === true) { $white_ips[] = ITSEC_Lib::get_ip(); //add current user ip to whitelist to check automatically } foreach ($white_ips as $white_ip) { $converted_white_ip = ITSEC_Lib::ip_wild_to_mask($white_ip); $check_range = ITSEC_Lib::cidr_to_range($converted_white_ip); $ip_range = ITSEC_Lib::cidr_to_range($ip_to_check); if (sizeof($check_range) === 2) { //range to check $check_min = ip2long($check_range[0]); $check_max = ip2long($check_range[1]); if (sizeof($ip_range) === 2) { $ip_min = ip2long($ip_range[0]); $ip_max = ip2long($ip_range[1]); if ($check_min < $ip_min && $ip_min < $check_max || $check_min < $ip_max && $ip_max < $check_max) { return true; } } else { $ip = ip2long($ip_range[0]); if ($check_min < $ip && $ip < $check_max) { return true; } } } else { //single ip to check $check = ip2long($check_range[0]); if (sizeof($ip_range) === 2) { $ip_min = ip2long($ip_range[0]); $ip_max = ip2long($ip_range[1]); if ($ip_min < $check && $check < $ip_max) { return true; } } else { $ip = ip2long($ip_range[0]); if ($check == $ip) { return true; } } } } return false; }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those if (false !== $current_options) { $current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false; $current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false; $current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false; $current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false; $current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false; $current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false; $current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); ITSEC_Response::regenerate_server_config(); ITSEC_Response::regenerate_wp_config(); } } if ($itsec_old_version < 4035) { ITSEC_Response::regenerate_server_config(); } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_tweaks'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { $new_module_settings = ITSEC_Modules::get_settings('system-tweaks'); // Reduce to only settings in new module $current_options = array_intersect_key($current_options, $new_module_settings); // Use new module settings as defaults for any missing settings $current_options = array_merge($new_module_settings, $current_options); // If anything in this module is being used activate it, otherwise deactivate it $activate = false; foreach ($current_options as $on) { if ($on) { $activate = true; break; } } if ($activate) { ITSEC_Modules::activate('system-tweaks'); } else { ITSEC_Modules::deactivate('system-tweaks'); } ITSEC_Modules::set_settings('system-tweaks', $current_options); } } }
function run() { $this->settings = get_site_option('itsec_strong_passwords'); $this->module_path = ITSEC_Lib::get_module_path(__FILE__); //require strong passwords if turned on if (isset($this->settings['enabled']) && $this->settings['enabled'] === true) { add_action('user_profile_update_errors', array($this, 'enforce_strong_password'), 0, 3); add_action('validate_password_reset', array($this, 'enforce_strong_password'), 10, 2); if (isset($_GET['action']) && ($_GET['action'] == 'rp' || $_GET['action'] == 'resetpass') && isset($_GET['login'])) { add_action('login_head', array($this, 'enforce_strong_password')); } add_action('admin_enqueue_scripts', array($this, 'login_script_js')); add_action('login_enqueue_scripts', array($this, 'login_script_js')); } }
function run($core) { $this->core = $core; $this->module_path = ITSEC_Lib::get_module_path(__FILE__); add_filter('itsec_tracking_vars', array($this, 'tracking_vars')); add_filter('itsec_add_dashboard_status', array($this, 'dashboard_status')); if (!empty($_POST)) { add_action('itsec_admin_init', array($this, 'initialize_admin')); } if (!$this->is_custom_directory()) { // Changing the content directory is only supported when the content directory is set to default values. add_action('admin_enqueue_scripts', array($this, 'admin_script')); add_action('itsec_add_admin_meta_boxes', array($this, 'add_admin_meta_boxes')); } }
/** * Sends to lockout class when login form isn't completely filled out * * @param object $user user or wordpress error * @param string $username username attempted * @param string $password password attempted * * @return user object or WordPress error */ public function execute_brute_force_no_password($user, $username = '', $password = '') { global $itsec_lockout, $itsec_logger; if (isset($_POST['wp-submit']) && (empty($username) || empty($password))) { $user_id = username_exists(sanitize_text_field($username)); if ($user_id === false || $user_id === NULL) { $itsec_lockout->check_lockout(false, $username); } else { $itsec_lockout->check_lockout($user_id); } $itsec_logger->log_event('brute_force', 5, array(), ITSEC_Lib::get_ip(), sanitize_text_field($username), intval($user_id)); $itsec_lockout->do_lockout('brute_force', sanitize_text_field($username)); } return $user; }
function run($core) { $this->core = $core; $this->module_path = ITSEC_Lib::get_module_path(__FILE__); $this->settings = get_site_option('itsec_ipcheck'); add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts')); //enqueue scripts for admin page add_action('itsec_admin_init', array($this, 'itsec_admin_init')); //initialize admin area add_action('wp_ajax_itsec_api_key_ajax', array($this, 'wp_ajax_itsec_api_key_ajax')); //manually save options on multisite if (is_multisite()) { add_action('itsec_admin_init', array($this, 'itsec_admin_init_multisite')); //save multisite options } }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those if (false !== $current_options) { $current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false; $current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false; $current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false; $current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); ITSEC_Response::regenerate_server_config(); ITSEC_Response::regenerate_wp_config(); } } if ($itsec_old_version < 4035) { ITSEC_Response::regenerate_server_config(); } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_tweaks'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { $new_module_settings = ITSEC_Modules::get_settings('wordpress-tweaks'); // Reduce to only settings in new module $current_options = array_intersect_key($current_options, $new_module_settings); // Use new module settings as defaults for any missing settings $current_options = array_merge($new_module_settings, $current_options); // If anything in this module is being used activate it, otherwise deactivate it $activate = false; foreach ($current_options as $setting => $on) { // False is actually "enabled" for blocking xmlrpc multiauth if ('allow_xmlrpc_multiauth' !== $setting && $on || 'allow_xmlrpc_multiauth' === $setting && !$on) { $activate = true; break; } } if ($activate) { ITSEC_Modules::activate('wordpress-tweaks'); } else { ITSEC_Modules::deactivate('wordpress-tweaks'); } ITSEC_Modules::set_settings('wordpress-tweaks', $current_options); } } }
function run($core) { $this->core = $core; $this->settings = get_site_option('itsec_privilege'); $this->module_path = ITSEC_Lib::get_module_path(__FILE__); add_action('itsec_add_admin_meta_boxes', array($this, 'itsec_add_admin_meta_boxes')); //add meta boxes to admin page add_action('itsec_admin_init', array($this, 'itsec_admin_init')); //initialize admin area add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts')); //enqueue scripts for admin page //manually save options on multisite if (is_multisite()) { add_action('itsec_admin_init', array($this, 'itsec_admin_init_multisite')); //save multisite options } }
/** * If the page is a WordPress 404 error log it and register for lockout * * @return void */ public function check_404() { global $itsec_logger, $itsec_lockout; if (!is_404()) { return; } $uri = explode('?', $_SERVER['REQUEST_URI']); if (!is_array($this->settings['white_list']) || in_array($uri[0], $this->settings['white_list'])) { // Invalid settings or white listed page. return; } $itsec_logger->log_event('four_oh_four', 3, array('query_string' => isset($uri[1]) ? esc_sql($uri[1]) : ''), ITSEC_Lib::get_ip(), '', '', esc_sql($uri[0]), isset($_SERVER['HTTP_REFERER']) ? esc_sql($_SERVER['HTTP_REFERER']) : ''); $path_info = pathinfo($uri[0]); if (!isset($path_info['extension']) || is_array($this->settings['types']) && !in_array('.' . $path_info['extension'], $this->settings['types'])) { $itsec_lockout->do_lockout('four_oh_four'); } }
/** * Execute module upgrade * * @since 4.0 * * @return void */ public function execute_upgrade($itsec_old_version) { if ($itsec_old_version < 4000) { global $itsec_bwps_options; ITSEC_Lib::create_database_tables(); $current_options = get_site_option('itsec_tweaks'); // Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those if (false !== $current_options) { $current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false; $current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false; $current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false; update_site_option('itsec_tweaks', $current_options); ITSEC_Response::regenerate_server_config(); ITSEC_Response::regenerate_wp_config(); } } if ($itsec_old_version < 4035) { ITSEC_Response::regenerate_server_config(); } if ($itsec_old_version < 4041) { $current_options = get_site_option('itsec_tweaks'); // If there are no current options, go with the new defaults by not saving anything if (is_array($current_options)) { $new_module_settings = ITSEC_Modules::get_settings('multisite-tweaks'); // Reduce to only settings in new module $current_options = array_intersect_key($current_options, $new_module_settings); // Use new module settings as defaults for any missing settings $current_options = array_merge($new_module_settings, $current_options); // If anything in this module is being used activate it, otherwise deactivate it $activate = false; foreach ($current_options as $on) { if ($on) { $activate = true; break; } } if ($activate) { ITSEC_Modules::activate('multisite-tweaks'); } else { ITSEC_Modules::deactivate('multisite-tweaks'); } ITSEC_Modules::set_settings('multisite-tweaks', $current_options); } } }
/** * Add Files Admin Javascript * * @since 4.0 * * @return void */ public function admin_enqueue_scripts() { global $itsec_globals; wp_enqueue_script('itsec_file_change_warning_js', $this->module_path . 'js/admin-file-change-warning.js', array('jquery'), $itsec_globals['plugin_build']); wp_localize_script('itsec_file_change_warning_js', 'itsec_file_change_warning', array('nonce' => wp_create_nonce('itsec_file_change_warning'), 'url' => admin_url() . 'admin.php?page=toplevel_page_itsec_logs&itsec_log_filter=file_change')); if (isset(get_current_screen()->id) && (strpos(get_current_screen()->id, 'security_page_toplevel_page_itsec_settings') !== false || strpos(get_current_screen()->id, 'security_page_toplevel_page_itsec_logs') !== false || strpos(get_current_screen()->id, 'dashboard') !== false)) { wp_enqueue_script('itsec_file_change_js', $this->module_path . 'js/admin-file-change.js', array('jquery'), $itsec_globals['plugin_build']); wp_localize_script('itsec_file_change_js', 'itsec_file_change', array('mem_limit' => ITSEC_Lib::get_memory_limit(), 'text' => __('Warning: Your server has less than 128MB of RAM dedicated to PHP. If you have many files in your installation or a lot of active plugins activating this feature may result in your site becoming disabled with a memory error. See the plugin homepage for more information.', 'it-l10n-better-wp-security'), 'module_path' => $this->module_path, 'button_text' => isset($this->settings['split']) && $this->settings['split'] === true ? __('Scan Next File Chunk', 'it-l10n-better-wp-security') : __('Scan Files Now', 'it-l10n-better-wp-security'), 'scanning_button_text' => __('Scanning...', 'it-l10n-better-wp-security'), 'no_changes' => __('No changes were detected.', 'it-l10n-better-wp-security'), 'changes' => __('Changes were detected. Please check the log page for details.', 'it-l10n-better-wp-security'), 'error' => __('An error occured. Please try again later', 'it-l10n-better-wp-security'), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check'))); wp_enqueue_script('itsec_jquery_filetree', $this->module_path . 'filetree/jqueryFileTree.js', array('jquery'), '1.01'); wp_localize_script('itsec_jquery_filetree', 'itsec_jquery_filetree', array('nonce' => wp_create_nonce('itsec_jquery_filetree'))); wp_register_style('itsec_jquery_filetree_style', $this->module_path . 'filetree/jqueryFileTree.css', array(), $itsec_globals['plugin_build']); //add multi-select css wp_enqueue_style('itsec_jquery_filetree_style'); wp_register_style('itsec_file_change_css', $this->module_path . 'css/admin-file-change.css', array(), $itsec_globals['plugin_build']); //add multi-select css wp_enqueue_style('itsec_file_change_css'); } }