protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
$diff = array_diff_assoc($this->settings, $previous_settings);
if (!empty($diff)) {
ITSEC_Response::regenerate_server_config();
}
if ($this->settings['write_permissions']) {
// Always set permissions to 0444 when saving the settings.
// This ensures that the file permissions are fixed each time the settings are saved.
$new_permissions = 0444;
} else {
if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) {
// Only revert the settings to the defaults when disabling the setting.
// This avoids changing the file permissions when the setting has yet to be enabled and disabled.
$new_permissions = 0664;
}
}
if (isset($new_permissions)) {
// Only change the permissions when needed.
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php';
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php';
$server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path();
$wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
ITSEC_Lib_File::chmod($server_config_file, $new_permissions);
ITSEC_Lib_File::chmod($wp_config_file, $new_permissions);
ITSEC_Response::reload_module('file-permissions');
}
}
private function __construct()
{
global $itsec_globals;
$this->settings = ITSEC_Modules::get_settings('file-change');
$this->running = false;
$this->excludes = array('file_change.lock', ITSEC_Modules::get_setting('backup', 'location'), ITSEC_Modules::get_setting('global', 'log_location'), '.lock');
}
/**
* Setup the module's functionality.
*
* Loads the backup detection module's unpriviledged functionality including
* performing the scans themselves.
*
* @since 4.0.0
*
* @return void
*/
function run()
{
global $itsec_globals;
$this->settings = ITSEC_Modules::get_settings('backup');
add_action('itsec_execute_backup_cron', array($this, 'do_backup'));
add_filter('itsec_logger_modules', array($this, 'register_logger'));
if (defined('ITSEC_BACKUP_CRON') && true === ITSEC_BACKUP_CRON) {
if (!wp_next_scheduled('itsec_execute_backup_cron')) {
wp_schedule_event(time(), 'daily', 'itsec_execute_backup_cron');
}
// When ITSEC_BACKUP_CRON is enabled, skip the regular scheduling system.
return;
}
if (defined('DOING_AJAX') && DOING_AJAX) {
// Don't run on AJAX requests.
return;
}
if (class_exists('pb_backupbuddy')) {
// Don't run when BackupBuddy is active.
return;
}
if ($this->settings['interval'] <= 0) {
// Don't run when the interval is zero or less.
return;
}
$next_run = $this->settings['last_run'] + $this->settings['interval'] * DAY_IN_SECONDS;
if ($next_run <= $itsec_globals['current_time_gmt']) {
add_action('init', array($this, 'do_backup'), 10, 0);
}
}
public function enqueue_scripts_and_styles()
{
$settings = ITSEC_Modules::get_settings($this->id);
$vars = array('resetting_button_text' => __('Resetting...', 'better-wp-security'));
wp_enqueue_script('itsec-network-brute-force-settings-page-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-network-brute-force-settings-page-script', 'itsec_network_brute_force', $vars);
}
function run()
{
$this->settings = ITSEC_Modules::get_settings('hide-backend');
if (!$this->settings['enabled']) {
return;
}
add_filter('itsec_filter_apache_server_config_modification', array($this, 'filter_apache_server_config_modification'));
add_filter('itsec_filter_litespeed_server_config_modification', array($this, 'filter_apache_server_config_modification'));
add_filter('itsec_filter_nginx_server_config_modification', array($this, 'filter_nginx_server_config_modification'));
$jetpack_active_modules = get_option('jetpack_active_modules');
if (is_multisite() && function_exists('is_plugin_active_for_network')) {
//see if Jetpack is active
$is_jetpack_active = in_array('jetpack/jetpack.php', (array) get_option('active_plugins', array())) || is_plugin_active_for_network('jetpack/jetpack.php');
} else {
$is_jetpack_active = in_array('jetpack/jetpack.php', (array) get_option('active_plugins', array()));
}
if (!($is_jetpack_active === true && is_array($jetpack_active_modules) && in_array('json-api', $jetpack_active_modules) && isset($_GET['action']) && $_GET['action'] == 'jetpack_json_api_authorization')) {
$this->auth_cookie_expired = false;
add_action('auth_cookie_expired', array($this, 'auth_cookie_expired'));
add_action('init', array($this, 'execute_hide_backend'), 1000);
add_action('login_init', array($this, 'execute_hide_backend_login'));
add_action('plugins_loaded', array($this, 'plugins_loaded'), 11);
add_filter('body_class', array($this, 'remove_admin_bar'));
add_filter('loginout', array($this, 'filter_loginout'));
add_filter('wp_redirect', array($this, 'filter_login_url'), 10, 2);
add_filter('lostpassword_url', array($this, 'filter_login_url'), 10, 2);
add_filter('site_url', array($this, 'filter_login_url'), 10, 2);
add_filter('retrieve_password_message', array($this, 'retrieve_password_message'));
add_filter('comment_moderation_text', array($this, 'comment_moderation_text'));
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
}
}
public function init()
{
if (ITSEC_Core::is_iwp_call()) {
return;
}
if (current_user_can('manage_options')) {
return;
}
$settings = ITSEC_Modules::get_settings('multisite-tweaks');
if ($settings['theme_updates']) {
remove_action('load-update-core.php', 'wp_update_themes');
add_filter('pre_site_transient_update_themes', '__return_null');
wp_clear_scheduled_hook('wp_update_themes');
}
if ($settings['plugin_updates']) {
remove_action('load-update-core.php', 'wp_update_plugins');
add_filter('pre_site_transient_update_plugins', '__return_null');
wp_clear_scheduled_hook('wp_update_plugins');
}
if ($settings['core_updates']) {
remove_action('admin_notices', 'update_nag', 3);
add_filter('pre_site_transient_update_core', '__return_null');
wp_clear_scheduled_hook('wp_version_check');
}
}
function run()
{
$this->settings = ITSEC_Modules::get_settings('404-detection');
add_filter('itsec_lockout_modules', array($this, 'register_lockout'));
add_filter('itsec_logger_modules', array($this, 'register_logger'));
add_filter('itsec_logger_displays', array($this, 'register_logger_displays'));
add_action('wp_head', array($this, 'check_404'));
}
protected function sanitize_settings()
{
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if (!isset($this->settings['last_generated'])) {
$this->settings['last_generated'] = $previous_settings['last_generated'];
}
$this->sanitize_setting('bool', 'regenerate', __('Change WordPress Salts', 'better-wp-security'), false);
$this->sanitize_setting('positive-int', 'last_generated', __('Last Generated', 'better-wp-security'), false);
$this->vars_to_skip_validate_matching_fields[] = 'regenerate';
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
foreach ($this->settings as $key => $val) {
if (!isset($previous_settings[$key]) || $previous_settings[$key] != $val) {
ITSEC_Response::regenerate_server_config();
break;
}
}
}
protected function sanitize_settings()
{
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
$this->settings = array_merge($previous_settings, $this->settings);
if (isset($this->settings['email'])) {
$this->sanitize_setting('email', 'email', __('Email Address', 'better-wp-security'));
$this->vars_to_skip_validate_matching_fields[] = 'email';
}
$this->sanitize_setting('bool', 'updates_optin', __('Receive Email Updates', 'better-wp-security'));
$this->sanitize_setting('string', 'api_key', __('API Key', 'better-wp-security'));
$this->sanitize_setting('string', 'api_secret', __('API Secret', 'better-wp-security'));
$this->sanitize_setting('bool', 'enable_ban', __('Ban Reported IPs', 'better-wp-security'));
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if ($this->settings['file_editor'] !== $previous_settings['file_editor']) {
ITSEC_Response::regenerate_wp_config();
}
if ($this->settings['disable_xmlrpc'] !== $previous_settings['disable_xmlrpc'] || $this->settings['comment_spam'] !== $previous_settings['comment_spam']) {
ITSEC_Response::regenerate_server_config();
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if ($this->settings['admin'] !== $previous_settings['admin']) {
ITSEC_Response::regenerate_wp_config();
if ($this->settings['admin']) {
ITSEC_Response::force_logout();
}
}
}
public function enqueue_scripts_and_styles()
{
$settings = ITSEC_Modules::get_settings($this->id);
$logs_page_url = ITSEC_Core::get_logs_page_url('file_change');
$vars = array('button_text' => isset($settings['split']) && true === $settings['split'] ? __('Scan Next File Chunk', 'better-wp-security') : __('Scan Files Now', 'better-wp-security'), 'scanning_button_text' => __('Scanning...', 'better-wp-security'), 'no_changes' => __('No changes were detected.', 'better-wp-security'), 'found_changes' => sprintf(__('Changes were detected. Please check the <a href="%s" target="_blank">logs page</a> for details.', 'better-wp-security'), esc_url($logs_page_url)), 'unknown_error' => __('An unknown error occured. Please try again later', 'better-wp-security'), 'already_running' => sprintf(__('A scan is already in progress. Please check the <a href="%s" target="_blank">logs page</a> at a later time for the results of the scan.', 'better-wp-security'), esc_url($logs_page_url)), 'ABSPATH' => ITSEC_Lib::get_home_path(), 'nonce' => wp_create_nonce('itsec_do_file_check'));
wp_enqueue_script('itsec-file-change-settings-script', plugins_url('js/settings-page.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-file-change-settings-script', 'itsec_file_change_settings', $vars);
$vars = array('nonce' => wp_create_nonce('itsec_jquery_filetree'));
wp_enqueue_script('itsec-file-change-admin-filetree-script', plugins_url('js/filetree/jqueryFileTree.js', __FILE__), array('jquery'), $this->script_version, true);
wp_localize_script('itsec-file-change-admin-filetree-script', 'itsec_jquery_filetree', $vars);
wp_enqueue_style('itsec-file-change-admin-filetree-style', plugins_url('js/filetree/jqueryFileTree.css', __FILE__), array(), $this->script_version);
wp_enqueue_style('itsec-file-change-admin-style', plugins_url('css/settings.css', __FILE__), array(), $this->script_version);
}
public function validate($settings)
{
$this->settings = $settings;
$this->previous_settings = ITSEC_Modules::get_settings($this->get_id());
$this->sanitize_settings();
if ($this->run_validate_matching_fields) {
$this->validate_matching_fields();
}
if ($this->run_validate_matching_types) {
$this->validate_matching_types();
}
$this->validate_settings();
}
/**
* Redirects to or from SSL where appropriate
*
* @since 4.0
*
* @return void
*/
public function do_conditional_ssl_redirect()
{
$hide_options = get_site_option('itsec_hide_backend', array());
if (isset($hide_options['enabled']) && $hide_options['enabled'] === true && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $hide_options['slug']) {
return;
}
$settings = ITSEC_Modules::get_settings('ssl');
if (2 === $settings['frontend']) {
$protocol = 'https';
} else {
if (1 === $settings['frontend'] && is_singular()) {
global $post;
$bwps_ssl = get_post_meta($post->ID, 'bwps_enable_ssl');
if (!empty($bwps_ssl)) {
if ($bwps_ssl[0]) {
$protocol = 'https';
update_post_meta($post->ID, 'itsec_enable_ssl', true);
}
delete_post_meta($post->ID, 'bwps_enable_ssl');
}
if (!isset($protocol)) {
$enable_ssl = get_post_meta($post->ID, 'itsec_enable_ssl');
if (!empty($enable_ssl)) {
if ($enable_ssl[0]) {
$protocol = 'https';
} else {
delete_post_meta($post->ID, 'itsec_enable_ssl');
}
}
}
} else {
return;
}
}
if (!isset($protocol)) {
$protocol = 'http';
}
$is_ssl = is_ssl();
if ($is_ssl && 'http' == $protocol) {
$redirect = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
} else {
if (!$is_ssl && 'https' == $protocol) {
$redirect = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
}
}
if (isset($redirect)) {
wp_redirect($redirect, 301);
exit;
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false;
$current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false;
$current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false;
$current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false;
$current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false;
$current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false;
$current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('system-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('system-tweaks');
} else {
ITSEC_Modules::deactivate('system-tweaks');
}
ITSEC_Modules::set_settings('system-tweaks', $current_options);
}
}
}
function run()
{
$this->settings = ITSEC_Modules::get_settings('brute-force');
$this->username = null;
add_action('wp_login', array($this, 'wp_login'), 10, 2);
add_action('wp_login_failed', array($this, 'wp_login_failed'), 1, 1);
add_filter('itsec_logger_displays', array($this, 'itsec_logger_displays'));
//adds logs metaboxes
add_filter('authenticate', array($this, 'authenticate'), 10, 3);
add_filter('itsec_lockout_modules', array($this, 'itsec_lockout_modules'));
add_filter('itsec_logger_modules', array($this, 'itsec_logger_modules'));
add_filter('xmlrpc_login_error', array($this, 'xmlrpc_login_error'), 10, 2);
add_filter('jetpack_get_default_modules', array($this, 'jetpack_get_default_modules'));
//disable jetpack protect via Geoge Stephanis
}
/**
* Setup the module's functionality.
*
* Loads the backup detection module's unpriviledged functionality including
* performing the scans themselves.
*
* @since 4.0.0
*
* @return void
*/
function run()
{
global $itsec_globals;
$this->settings = ITSEC_Modules::get_settings('backup');
add_action('itsec_execute_backup_cron', array($this, 'do_backup'));
//Action to execute during a cron run.
add_filter('itsec_logger_modules', array($this, 'register_logger'));
if ((!defined('DOING_AJAX') || false === DOING_AJAX) && (!defined('ITSEC_BACKUP_CRON') || false === ITSEC_BACKUP_CRON) && !class_exists('pb_backupbuddy') && $this->settings['interval'] > 0 && $itsec_globals['current_time_gmt'] - $this->settings['interval'] * DAY_IN_SECONDS > $this->settings['last_run']) {
add_action('init', array($this, 'do_backup'), 10, 0);
} else {
if (defined('ITSEC_BACKUP_CRON') && true === ITSEC_BACKUP_CRON && !wp_next_scheduled('itsec_execute_backup_cron')) {
//Use cron if needed
wp_schedule_event(time(), 'daily', 'itsec_execute_backup_cron');
}
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false;
$current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false;
$current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false;
$current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('wordpress-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $setting => $on) {
// False is actually "enabled" for blocking xmlrpc multiauth
if ('allow_xmlrpc_multiauth' !== $setting && $on || 'allow_xmlrpc_multiauth' === $setting && !$on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('wordpress-tweaks');
} else {
ITSEC_Modules::deactivate('wordpress-tweaks');
}
ITSEC_Modules::set_settings('wordpress-tweaks', $current_options);
}
}
}
public function init()
{
$this->add_config_hooks();
if (defined('WP_CLI') && WP_CLI) {
// Don't risk blocking anything with WP_CLI.
return;
}
$this->settings = ITSEC_Modules::get_settings('wordpress-tweaks');
add_action('wp_print_scripts', array($this, 'store_jquery_version'));
// Functional code for the allow_xmlrpc_multiauth setting.
if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && !$this->settings['allow_xmlrpc_multiauth']) {
add_filter('authenticate', array($this, 'block_multiauth_attempts'), 0, 3);
}
//remove wlmanifest link if turned on
if ($this->settings['wlwmanifest_header']) {
remove_action('wp_head', 'wlwmanifest_link');
}
//remove rsd link from header if turned on
if ($this->settings['edituri_header']) {
remove_action('wp_head', 'rsd_link');
}
//Disable XML-RPC
if (2 == $this->settings['disable_xmlrpc']) {
add_filter('xmlrpc_enabled', '__return_null');
add_filter('bloginfo_url', array($this, 'remove_pingback_url'), 10, 2);
} else {
if (1 == $this->settings['disable_xmlrpc']) {
add_filter('xmlrpc_methods', array($this, 'xmlrpc_methods'));
}
}
if ($this->settings['safe_jquery']) {
add_action('wp_enqueue_scripts', array($this, 'current_jquery'));
}
//Process remove login errors
if ($this->settings['login_errors']) {
add_filter('login_errors', '__return_null');
}
//Process require unique nicename
if ($this->settings['force_unique_nicename']) {
add_action('user_profile_update_errors', array($this, 'force_unique_nicename'), 10, 3);
}
//Process remove extra author archives
if ($this->settings['disable_unused_author_pages']) {
add_action('template_redirect', array($this, 'disable_unused_author_pages'));
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false;
$current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false;
$current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('multisite-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('multisite-tweaks');
} else {
ITSEC_Modules::deactivate('multisite-tweaks');
}
ITSEC_Modules::set_settings('multisite-tweaks', $current_options);
}
}
}
protected function sanitize_settings()
{
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if (!isset($this->settings['interval'])) {
$this->settings['interval'] = $previous_settings['interval'];
}
if (!isset($this->settings['last_run'])) {
$this->settings['last_run'] = $previous_settings['last_run'];
}
$this->sanitize_setting('bool', 'all_sites', __('Backup Full Database', 'better-wp-security'));
$this->sanitize_setting('positive-int', 'method', __('Backup Method', 'better-wp-security'));
$this->sanitize_setting(array(0, 1, 2), 'method', __('Backup Method', 'better-wp-security'));
$this->sanitize_setting('writable-directory', 'location', __('Backup Location', 'better-wp-security'));
$this->sanitize_setting('positive-int', 'retain', __('Backups to Retain', 'better-wp-security'));
$this->sanitize_setting('bool', 'zip', __('Compress Backup Files', 'better-wp-security'));
$this->sanitize_setting('newline-separated-array', 'exclude', __('Exclude Tables', 'better-wp-security'));
$this->sanitize_setting('bool', 'enabled', __('Schedule Database Backups', 'better-wp-security'));
$this->sanitize_setting('positive-int', 'interval', __('Backup Interval', 'better-wp-security'));
$this->sanitize_setting('positive-int', 'last_run', __('Last Run', 'better-wp-security'), false);
}
protected function sanitize_settings()
{
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if (!isset($this->settings['last_run'])) {
$this->settings['last_run'] = $previous_settings['last_run'];
}
if (!isset($this->settings['last_chunk'])) {
$this->settings['last_chunk'] = $previous_settings['last_chunk'];
}
if (!isset($this->settings['show_warning'])) {
$this->settings['show_warning'] = $previous_settings['show_warning'];
}
$this->vars_to_skip_validate_matching_types[] = 'last_chunk';
$this->sanitize_setting('bool', 'split', __('Split File Scanning', 'better-wp-security'));
$this->sanitize_setting(array('exclude', 'include'), 'method', __('Include/Exclude Files and Folders', 'better-wp-security'));
$this->sanitize_setting('newline-separated-array', 'file_list', __('Files and Folders List', 'better-wp-security'));
$this->sanitize_setting('newline-separated-extensions', 'types', __('Ignore File Types', 'better-wp-security'));
$this->sanitize_setting('bool', 'email', __('Email File Change Notifications', 'better-wp-security'));
$this->sanitize_setting('bool', 'notify_admin', __('Display File Change Admin Warning', 'better-wp-security'));
$this->sanitize_setting('positive-int', 'last_run', __('Last Run', 'better-wp-security'), false);
$this->settings = apply_filters('itsec-file-change-sanitize-settings', $this->settings);
}
public static function filter_nginx_server_config_modification($modification)
{
$input = ITSEC_Modules::get_settings('wordpress-tweaks');
if (2 == $input['disable_xmlrpc']) {
$modification .= "\n";
$modification .= "\t# " . __('Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC', 'better-wp-security') . "\n";
$modification .= "\tlocation ~ xmlrpc.php { deny all; }\n";
}
if ($input['comment_spam']) {
$valid_referers = self::get_valid_referers('nginx');
$modification .= "\n";
$modification .= "\t# " . __('Reduce Comment Spam - Security > Settings > WordPress Tweaks > Comment Spam', 'better-wp-security') . "\n";
$modification .= "\tlocation = /wp-comments-post.php {\n";
$modification .= "\t\tlimit_except POST { deny all; }\n";
$modification .= "\t\tif (\$http_user_agent ~ \"^\$\") { return 403; }\n";
if (!empty($valid_referers) && !in_array('*', $valid_referers)) {
$modification .= "\t\tvalid_referers " . implode(' ', $valid_referers) . ";\n";
$modification .= "\t\tif (\$invalid_referer) { return 403; }\n";
}
$modification .= "\t}\n";
}
return $modification;
}
/**
* Check if away mode is active
*
* @since 4.4
* @static
*
* @param bool $get_details Optional, defaults to false. True to receive details rather than a boolean response.
*
* @return mixed If $get_details is true, an array of status details. Otherwise, true if away and false otherwise.
*/
public static function is_active($get_details = false)
{
require_once dirname(__FILE__) . '/utilities.php';
$settings = ITSEC_Modules::get_settings('away-mode');
if ('daily' === $settings['type']) {
$details = ITSEC_Away_Mode_Utilities::is_current_time_active($settings['start_time'], $settings['end_time'], true);
} else {
$details = ITSEC_Away_Mode_Utilities::is_current_timestamp_active($settings['start'], $settings['end'], true);
}
$details['has_active_file'] = ITSEC_Away_Mode_Utilities::has_active_file();
$details['override_type'] = $settings['override_type'];
$details['override_end'] = $settings['override_end'];
if (empty($settings['override_type']) || ITSEC_Core::get_current_time() > $settings['override_end']) {
$details['override_active'] = false;
} else {
$details['override_active'] = true;
if ('activate' === $details['override_type']) {
$details['active'] = true;
} else {
$details['active'] = false;
}
}
if (!$details['has_active_file']) {
$details['active'] = false;
$details['remaining'] = false;
$details['next'] = false;
$details['length'] = false;
}
if (!isset($details['error'])) {
$details['error'] = false;
}
if ($get_details) {
return $details;
}
return $details['active'];
}
/**
* Render the file change log metabox
*
* Displays a metabox on the logs page, when filtered, showing all file change items.
*
* @since 4.0.0
*
* @return void
*/
public function logs_metabox_content()
{
global $itsec_globals;
if (!class_exists('ITSEC_File_Change_Log')) {
require dirname(__FILE__) . '/class-itsec-file-change-log.php';
}
$settings = ITSEC_Modules::get_settings('file-change');
// If we're splitting the file check run it every 6 hours. Else daily.
if (isset($settings['split']) && true === $settings['split']) {
$interval = 12342;
} else {
$interval = 86400;
}
$next_run_raw = $settings['last_run'] + $interval;
if (date('j', $next_run_raw) == date('j', $itsec_globals['current_time'])) {
$next_run_day = __('Today', 'better-wp-security');
} else {
$next_run_day = __('Tomorrow', 'better-wp-security');
}
$next_run = $next_run_day . ' at ' . date('g:i a', $next_run_raw);
echo '<p>' . __('Next automatic scan at: ', 'better-wp-security') . '<strong>' . $next_run . '*</strong></p>';
echo '<p><em>*' . __('Automatic file change scanning is triggered by a user visiting your page and may not happen exactly at the time listed.', 'better-wp-security') . '</em>';
$log_display = new ITSEC_File_Change_Log();
$log_display->prepare_items();
$log_display->display();
}
public function run($arguments)
{
$arguments = Ithemes_Sync_Functions::merge_defaults($arguments, $this->default_arguments);
$details = ITSEC_Away_Mode::is_active(true);
$settings = ITSEC_Modules::get_settings('away-mode');
$defaults = ITSEC_Modules::get_defaults('away-mode');
$errors = array();
if ('activate' === $arguments['intention']) {
if ($details['active']) {
$action = 'stayed-active';
$success = true;
} else {
if ($details['override_active'] && 'deactivate' === $details['override_type']) {
$action = 'removed-deactivate-override';
$settings['override_type'] = $defaults['override_type'];
$settings['override_end'] = $defaults['override_end'];
} else {
if (false === $details['next']) {
$action = 'denied-activate';
$errors[] = new WP_Error('itsec-sync-verb-itsec-override-away-mode-cannot-override-activate-expired-one-time', __('iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the module is configured for a one-time lockout that occurred in the past. Allowing an activate override would result in an unending Away Mode lockout.', 'better-wp-security'));
$success = false;
} else {
$action = 'added-activate-override';
$settings['override_type'] = 'activate';
$settings['override_end'] = ITSEC_Core::get_current_time() + $details['next'];
}
}
}
} else {
if ('deactivate' === $arguments['intention']) {
if (!$details['active']) {
$action = 'stayed-inactive';
$success = true;
} else {
if ($details['override_active'] && 'activate' === $details['override_type']) {
$action = 'removed-activate-override';
$settings['override_type'] = $defaults['override_type'];
$settings['override_end'] = $defaults['override_end'];
} else {
$action = 'added-deactivate-override';
$settings['override_type'] = 'deactivate';
$settings['override_end'] = ITSEC_Core::get_current_time() + $details['remaining'];
}
}
} else {
if (empty($arguments['intention'])) {
$action = 'missing-intention';
$errors[] = new WP_Error('itsec-sync-verb-itsec-override-away-mode-missing-intention', __('iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the required "intention" argument is missing.', 'better-wp-security'));
$success = false;
} else {
$action = 'unknown-intention';
$errors[] = new WP_Error('itsec-sync-verb-itsec-override-away-mode-unknown-intention', sprintf(__('iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the required "intention" argument is set to an unrecognized value: "".', 'better-wp-security'), $arguments['intention']));
$success = false;
}
}
}
if (!isset($success)) {
ITSEC_Core::set_interactive(false);
$results = ITSEC_Modules::set_settings('away-mode', $settings);
if ($results['saved']) {
$success = true;
} else {
$errors = $results['errors'];
$success = false;
}
}
if ($success) {
$status = "{$arguments['intention']}d";
} else {
$status = 'error';
}
$response = array('api' => '1', 'status' => $status, 'action' => $action, 'errors' => $errors, 'details' => ITSEC_Away_Mode::is_active(true));
return $response;
}
public static function filter_nginx_server_config_modification($modification)
{
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php';
$input = ITSEC_Modules::get_settings('system-tweaks');
$wp_includes = WPINC;
if ($input['protect_files']) {
$config_file = ITSEC_Lib::get_htaccess();
if (0 === strpos($config_file, ABSPATH)) {
$config_file = '/' . substr($config_file, strlen(ABSPATH));
} else {
$config_file = '/nginx.conf';
}
$modification .= "\n";
$modification .= "\t# " . __('Protect System Files - Security > Settings > System Tweaks > System Files', 'better-wp-security') . "\n";
$modification .= "\tlocation = /wp-admin/install\\.php { deny all; }\n";
$modification .= "\tlocation = {$config_file} { deny all; }\n";
$modification .= "\tlocation ~ /\\.htaccess\$ { deny all; }\n";
$modification .= "\tlocation ~ /readme\\.html\$ { deny all; }\n";
$modification .= "\tlocation ~ /readme\\.txt\$ { deny all; }\n";
$modification .= "\tlocation ~ /wp-config.php\$ { deny all; }\n";
$modification .= "\tlocation ~ ^/wp-admin/includes/ { deny all; }\n";
if (!is_multisite() || !get_site_option('ms_files_rewriting')) {
// nginx can only reliably block PHP files in wp-includes if requests to wp-includes/ms-files.php are
// not required. This is because there is no skip directive as Apache has.
$modification .= "\tlocation ~ ^/{$wp_includes}/[^/]+\\.php\$ { deny all; }\n";
}
$modification .= "\tlocation ~ ^/{$wp_includes}/js/tinymce/langs/.+\\.php\$ { deny all; }\n";
$modification .= "\tlocation ~ ^/{$wp_includes}/theme-compat/ { deny all; }\n";
}
// Rewrite Rules for Disable PHP in Uploads
if ($input['uploads_php']) {
$dir = ITSEC_Lib_Utility::get_relative_upload_url_path();
if (!empty($dir)) {
$dir = preg_quote($dir);
$modification .= "\n";
$modification .= "\t# " . __('Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads', 'better-wp-security') . "\n";
$modification .= "\tlocation ~ ^/{$dir}/.*\\.(?:php[1-7]?|pht|phtml?|phps)\$ { deny all; }\n";
}
}
// Rewrite Rules for Disable PHP in Plugins
if ($input['plugins_php']) {
$dir = ITSEC_Lib_Utility::get_relative_url_path(WP_PLUGIN_URL);
if (!empty($dir)) {
$dir = preg_quote($dir);
$modification .= "\n";
$modification .= "\t# " . __('Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins', 'better-wp-security') . "\n";
$modification .= "\tlocation ~ ^/{$dir}/.*\\.(?:php[1-7]?|pht|phtml?|phps)\$ { deny all; }\n";
}
}
// Rewrite Rules for Disable PHP in Themes
if ($input['themes_php']) {
$dir = ITSEC_Lib_Utility::get_relative_url_path(get_theme_root_uri());
if (!empty($dir)) {
$dir = preg_quote($dir);
$modification .= "\n";
$modification .= "\t# " . __('Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes', 'better-wp-security') . "\n";
$modification .= "\tlocation ~ ^/{$dir}/.*\\.(?:php[1-7]?|pht|phtml?|phps)\$ { deny all; }\n";
}
}
// Apache rewrite rules for disable http methods
if ($input['request_methods']) {
$modification .= "\n";
$modification .= "\t# " . __('Filter Request Methods - Security > Settings > System Tweaks > Request Methods', 'better-wp-security') . "\n";
$modification .= "\tif ( \$request_method ~* ^(TRACE|DELETE|TRACK)\$ ) { return 403; }\n";
}
// Process suspicious query rules
if ($input['suspicious_query_strings']) {
$modification .= "\n";
$modification .= "\t# " . __('Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings', 'better-wp-security') . "\n";
$modification .= "\tset \$susquery 0;\n";
$modification .= "\tif ( \$args ~* \"\\.\\./\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"\\.(bash|git|hg|log|svn|swp|cvs)\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"etc/passwd\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"boot\\.ini\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"ftp:\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"https?:\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"(<|%3C)script(>|%3E)\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"mosConfig_[a-zA-Z_]{1,21}(=|%3D)\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"base64_decode\\(\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"%24&x\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"127\\.0\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"(globals|encode|localhost|loopback)\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"(request|insert|concat|union|declare)\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~* \"%[01][0-9A-F]\" ) { set \$susquery 1; }\n";
$modification .= "\tif ( \$args ~ \"^loggedout=true\" ) { set \$susquery 0; }\n";
$modification .= "\tif ( \$args ~ \"^action=jetpack-sso\" ) { set \$susquery 0; }\n";
$modification .= "\tif ( \$args ~ \"^action=rp\" ) { set \$susquery 0; }\n";
$modification .= "\tif ( \$http_cookie ~ \"wordpress_logged_in_\" ) { set \$susquery 0; }\n";
$modification .= "\tif ( \$http_referer ~* \"^https?://maps\\.googleapis\\.com/\" ) { set \$susquery 0; }\n";
$modification .= "\tif ( \$susquery = 1 ) { return 403; }\n";
}
// Process filtering of foreign characters
if ($input['non_english_characters']) {
$modification .= "\n";
$modification .= "\t# " . __('Filter Non-English Characters - Security > Settings > System Tweaks > Non-English Characters', 'better-wp-security') . "\n";
$modification .= "\tif (\$args ~* \"%[A-F][0-9A-F]\") { return 403; }\n";
}
return $modification;
}
/**
* Return the settings for the module.
*
* @access public
*
* @return array List of settings.
*/
public function get_settings()
{
return ITSEC_Modules::get_settings($this->id);
}
public static function filter_nginx_server_config_modification($modification)
{
$input = ITSEC_Modules::get_settings('system-tweaks');
if ($input['protect_files']) {
$modification .= "\n";
$modification .= "\t# " . __('Protect System Files - Security > Settings > System Tweaks > System Files', 'better-wp-security') . "\n";
$modification .= "\tlocation ~ /\\.ht { deny all; }\n";
$modification .= "\tlocation ~ wp-config.php { deny all; }\n";
$modification .= "\tlocation ~ readme.html { deny all; }\n";
$modification .= "\tlocation ~ readme.txt { deny all; }\n";
$modification .= "\tlocation ~ /install.php { deny all; }\n";
$modification .= "\tlocation ^wp-includes/(.*).php { deny all; }\n";
$modification .= "\tlocation ^/wp-admin/includes(.*)\$ { deny all; }\n";
}
// Rewrite Rules for Disable PHP in Uploads
if ($input['uploads_php']) {
require_once $GLOBALS['itsec_globals']['plugin_dir'] . 'core/lib/class-itsec-lib-utility.php';
$dir = ITSEC_Lib_Utility::get_relative_upload_url_path();
if (!empty($dir)) {
$dir = preg_quote($dir);
$modification .= "\n";
$modification .= "\t# " . __('Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads', 'better-wp-security') . "\n";
$modification .= "\tlocation ^{$dir}/(.*).php(.?) { deny all; }\n";
}
}
// Apache rewrite rules for disable http methods
if ($input['request_methods']) {
$modification .= "\n";
$modification .= "\t# " . __('Filter Request Methods - Security > Settings > System Tweaks > Request Methods', 'better-wp-security') . "\n";
$modification .= "\tif (\$request_method ~* \"^(TRACE|DELETE|TRACK)\") { return 403; }\n";
}
// Process suspicious query rules
if ($input['suspicious_query_strings']) {
$modification .= "\n";
$modification .= "\t# " . __('Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings', 'better-wp-security') . "\n";
$modification .= "\tset \$susquery 0;\n";
$modification .= "\tif (\$args ~* \"\\.\\./\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"\\.(bash|git|hg|log|svn|swp|cvs)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"etc/passwd\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"boot.ini\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"ftp:\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"http:\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"https:\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"(<|%3C).*script.*(>|%3E)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"mosConfig_[a-zA-Z_]{1,21}(=|%3D)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"base64_encode\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"(%24&x)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"(127.0)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"(globals|encode|localhost|loopback)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args ~* \"(request|insert|concat|union|declare)\") { set \$susquery 1; }\n";
$modification .= "\tif (\$args !~ \"^loggedout=true\") { set \$susquery 0; }\n";
$modification .= "\tif (\$args !~ \"^action=jetpack-sso\") { set \$susquery 0; }\n";
$modification .= "\tif (\$args !~ \"^action=rp\") { set \$susquery 0; }\n";
$modification .= "\tif (\$http_cookie !~ \"^.*wordpress_logged_in_.*\$\") { set \$susquery 0; }\n";
$modification .= "\tif (\$http_referer !~ \"^http://maps.googleapis.com(.*)\$\") { set \$susquery 0; }\n";
$modification .= "\tif (\$susquery = 1) { return 403; } \n";
}
// Process filtering of foreign characters
if ($input['non_english_characters']) {
$modification .= "\n";
$modification .= "\t# " . __('Filter Non-English Characters - Security > Settings > System Tweaks > Non-English Characters', 'better-wp-security') . "\n";
$modification .= "\tif (\$args ~* \"(%0|%A|%B|%C|%D|%E|%F)\") { return 403; }\n";
}
return $modification;
}
