} $message = "<html>\n{$message}</html>\n"; //Setup the remainder of the email $recipients = ITSEC_Modules::get_setting('global', 'notification_email'); $subject = sprintf(__('[%1$s] WordPress Login Address Changed', 'better-wp-security'), get_site_url()); $subject = apply_filters('itsec_lockout_email_subject', $subject); $headers = 'From: ' . get_bloginfo('name') . ' <' . get_option('admin_email') . '>' . "\r\n"; //Use HTML Content type add_filter('wp_mail_content_type', array($this, 'get_html_content_type')); //Send emails to all recipients foreach ($recipients as $recipient) { $recipient = trim($recipient); if (is_email($recipient)) { wp_mail($recipient, $subject, $message, $headers); } } //Remove HTML Content type remove_filter('wp_mail_content_type', array($this, 'get_html_content_type')); } /** * Set HTML content type for email * * @return string html content type */ public function get_html_content_type() { return 'text/html'; } } ITSEC_Modules::register_validator(new ITSEC_Hide_Backend_Validator());
$this->set_default_if_empty(array('log_location', 'nginx_file')); $this->sanitize_setting('bool', 'write_files', __('Write to Files', 'better-wp-security')); $this->sanitize_setting('bool', 'digest_email', __('Send Digest Email', 'better-wp-security')); $this->sanitize_setting('bool', 'blacklist', __('Blacklist Repeat Offender', 'better-wp-security')); $this->sanitize_setting('bool', 'email_notifications', __('Email Lockout Notifications', 'better-wp-security')); $this->sanitize_setting('bool', 'allow_tracking', __('Allow Data Tracking', 'better-wp-security')); $this->sanitize_setting('bool', 'lock_file', __('Disable File Locking', 'better-wp-security')); $this->sanitize_setting('bool', 'proxy_override', __('Override Proxy Detection', 'better-wp-security')); $this->sanitize_setting('bool', 'hide_admin_bar', __('Hide Security Menu in Admin Bar', 'better-wp-security')); $this->sanitize_setting('bool', 'show_error_codes', __('Show Error Codes', 'better-wp-security')); $this->sanitize_setting('string', 'lockout_message', __('Host Lockout Message', 'better-wp-security')); $this->sanitize_setting('string', 'user_lockout_message', __('User Lockout Message', 'better-wp-security')); $this->sanitize_setting('string', 'community_lockout_message', __('Community Lockout Message', 'better-wp-security')); $this->sanitize_setting('writable-directory', 'log_location', __('Path to Log Files', 'better-wp-security')); $this->sanitize_setting('positive-int', 'blacklist_count', __('Blacklist Threshold', 'better-wp-security')); $this->sanitize_setting('positive-int', 'blacklist_period', __('Blacklist Lockout Period', 'better-wp-security')); $this->sanitize_setting('positive-int', 'lockout_period', __('Lockout Period', 'better-wp-security')); $this->sanitize_setting('positive-int', 'log_rotation', __('Days to Keep Database Logs', 'better-wp-security')); $log_types = array_keys($this->get_valid_log_types()); $this->sanitize_setting($log_types, 'log_type', __('Log Type', 'better-wp-security')); $this->sanitize_setting('newline-separated-ips', 'lockout_white_list', __('Lockout White List', 'better-wp-security')); $this->sanitize_setting('newline-separated-emails', 'notification_email', __('Notification Email', 'better-wp-security')); $this->sanitize_setting('newline-separated-emails', 'backup_email', __('Backup Delivery Email', 'better-wp-security')); $allowed_tags = array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'h1' => array(), 'h2' => array(), 'h3' => array(), 'h4' => array(), 'h5' => array(), 'h6' => array(), 'div' => array('style' => array())); $this->settings['lockout_message'] = trim(wp_kses($this->settings['lockout_message'], $allowed_tags)); $this->settings['user_lockout_message'] = trim(wp_kses($this->settings['user_lockout_message'], $allowed_tags)); $this->settings['community_lockout_message'] = trim(wp_kses($this->settings['community_lockout_message'], $allowed_tags)); } } ITSEC_Modules::register_validator(new ITSEC_Global_Validator());
} $previous_settings = ITSEC_Modules::get_settings($this->get_id()); $diff = array_diff_assoc($this->settings, $previous_settings); if (!empty($diff)) { ITSEC_Response::regenerate_server_config(); } if ($this->settings['write_permissions']) { // Always set permissions to 0444 when saving the settings. // This ensures that the file permissions are fixed each time the settings are saved. $new_permissions = 0444; } else { if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) { // Only revert the settings to the defaults when disabling the setting. // This avoids changing the file permissions when the setting has yet to be enabled and disabled. $new_permissions = 0664; } } if (isset($new_permissions)) { // Only change the permissions when needed. require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php'; require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php'; $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path(); $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); ITSEC_Lib_File::chmod($server_config_file, $new_permissions); ITSEC_Lib_File::chmod($wp_config_file, $new_permissions); ITSEC_Response::reload_module('file-permissions'); } } } ITSEC_Modules::register_validator(new ITSEC_System_Tweaks_Validator());
//username didn't validate $itsec_files->release_file_lock('admin_user'); return false; } else { //only changing the id $user_login = $user_object->user_login; } if ($id === true) { //change the user id $wpdb->query("DELETE FROM `" . $wpdb->users . "` WHERE ID = 1;"); $wpdb->insert($wpdb->users, array('user_login' => $user_login, 'user_pass' => $user_object->user_pass, 'user_nicename' => $user_object->user_nicename, 'user_email' => $user_object->user_email, 'user_url' => $user_object->user_url, 'user_registered' => $user_object->user_registered, 'user_activation_key' => $user_object->user_activation_key, 'user_status' => $user_object->user_status, 'display_name' => $user_object->display_name)); if (is_multisite() && $username !== null && validate_username($new_user)) { //process sitemeta if we're in a multi-site situation $oldAdmins = $wpdb->get_var("SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'"); $newAdmins = str_replace('5:"admin"', strlen($new_user) . ':"' . esc_sql($new_user) . '"', $oldAdmins); $wpdb->query("UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql($newAdmins) . "' WHERE meta_key = 'site_admins'"); } $new_user = $wpdb->insert_id; $wpdb->query("UPDATE `" . $wpdb->posts . "` SET post_author = '" . $new_user . "' WHERE post_author = 1;"); $wpdb->query("UPDATE `" . $wpdb->usermeta . "` SET user_id = '" . $new_user . "' WHERE user_id = 1;"); $wpdb->query("UPDATE `" . $wpdb->comments . "` SET user_id = '" . $new_user . "' WHERE user_id = 1;"); $wpdb->query("UPDATE `" . $wpdb->links . "` SET link_owner = '" . $new_user . "' WHERE link_owner = 1;"); $itsec_files->release_file_lock('admin_user'); return true; } } return false; } } ITSEC_Modules::register_validator(new ITSEC_Admin_User_Validator());
<?php class ITSEC_Core_Validator extends ITSEC_Validator { public function get_id() { return 'core'; } protected function preprocess_settings() { } protected function validate_settings() { } } ITSEC_Modules::register_validator(new ITSEC_Core_Validator());
protected function validate_settings() { if (!$this->can_save()) { return; } if (isset($this->settings['email'])) { require_once dirname(__FILE__) . '/utilities.php'; $key = ITSEC_Network_Brute_Force_Utilities::get_api_key($this->settings['email'], $this->settings['updates_optin']); if (is_wp_error($key)) { $this->set_can_save(false); $this->add_error($key); } else { $secret = ITSEC_Network_Brute_Force_Utilities::activate_api_key($key); if (is_wp_error($secret)) { $this->set_can_save(false); $this->add_error($secret); } else { $this->settings['api_key'] = $key; $this->settings['api_secret'] = $secret; $this->settings['api_nag'] = false; ITSEC_Response::reload_module($this->get_id()); } } } if ($this->can_save()) { unset($this->settings['email']); } } } ITSEC_Modules::register_validator(new ITSEC_Network_Brute_Force_Validator());
$this->set_can_save(false); } else { if (false === ITSEC_Away_Mode_Utilities::is_current_timestamp_active($this->settings['start'], $this->settings['end'], true)) { /* translators: 1: "End Date", 2: "End Time" */ $this->add_error(new WP_Error("itsec-validator-{$id}-end-already-ended", sprintf(__('The selected restriction date and time has already ended. Please select an %1$s and %2$s that has not already ended.', 'better-wp-security'), __('End Date', 'better-wp-security'), __('End Time', 'better-wp-security')))); $this->set_can_save(false); } else { if (ITSEC_Core::is_interactive() && ITSEC_Away_Mode_Utilities::is_current_timestamp_active($this->settings['start'], $this->settings['end'])) { /* translators: 1: "Start Date", 2: "Start Time" */ $this->add_error(new WP_Error("itsec-validator-{$id}-start-already-started", sprintf(__('The selected restriction date and time has already started and would result in locking you out immediately. Please select a %1$s and %2$s that has not already started.', 'better-wp-security'), __('Start Date', 'better-wp-security'), __('Start Time', 'better-wp-security')))); $this->set_can_save(false); } } } } else { if ($this->settings['start_time'] === $this->settings['end_time']) { /* translators: 1: "Start Time", 2: "End Time" */ $this->add_error(new WP_Error("itsec-validator-{$id}-start-equals-end", sprintf(__('The %1$s and %2$s cannot be the same.', 'better-wp-security'), __('Start Time', 'better-wp-security'), __('End Time', 'better-wp-security')))); $this->set_can_save(false); } else { if (ITSEC_Core::is_interactive() && ITSEC_Away_Mode_Utilities::is_current_time_active($this->settings['start_time'], $this->settings['end_time'])) { /* translators: 1: "Start Time", 2: "End Time" */ $this->add_error(new WP_Error("itsec-validator-{$id}-settings-result-in-current-lockout", sprintf(__('The %1$s and %2$s settings restrict the current time and would result in locking you out immediately. Please select a %1$s and %2$s that does not restrict the current time.', 'better-wp-security'), __('Start Time', 'better-wp-security'), __('End Time', 'better-wp-security')))); $this->set_can_save(false); } } } } } ITSEC_Modules::register_validator(new ITSEC_Away_Mode_Validator());
if (!isset($this->settings['safe_jquery'])) { $this->settings['safe_jquery'] = false; } $this->sanitize_setting('bool', 'wlwmanifest_header', __('Windows Live Writer Header', 'better-wp-security')); $this->sanitize_setting('bool', 'edituri_header', __('EditURI Header', 'better-wp-security')); $this->sanitize_setting('bool', 'comment_spam', __('Comment Spam', 'better-wp-security')); $this->sanitize_setting('bool', 'file_editor', __('File Editor', 'better-wp-security')); $this->sanitize_setting('positive-int', 'disable_xmlrpc', __('XML-RPC', 'better-wp-security')); $this->sanitize_setting(array(0, 1, 2), 'disable_xmlrpc', __('XML-RPC', 'better-wp-security')); $this->sanitize_setting('bool', 'allow_xmlrpc_multiauth', __('Multiple Authentication Attempts per XML-RPC Request', 'better-wp-security')); $this->sanitize_setting('bool', 'safe_jquery', __('Replace jQuery With a Safe Version', 'better-wp-security')); $this->sanitize_setting('bool', 'login_errors', __('Login Error Messages', 'better-wp-security')); $this->sanitize_setting('bool', 'force_unique_nicename', __('Force Unique Nickname', 'better-wp-security')); $this->sanitize_setting('bool', 'disable_unused_author_pages', __('Disable Extra User Archives', 'better-wp-security')); } protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if ($this->settings['file_editor'] !== $previous_settings['file_editor']) { ITSEC_Response::regenerate_wp_config(); } if ($this->settings['disable_xmlrpc'] !== $previous_settings['disable_xmlrpc'] || $this->settings['comment_spam'] !== $previous_settings['comment_spam']) { ITSEC_Response::regenerate_server_config(); } } } ITSEC_Modules::register_validator(new ITSEC_WordPress_Tweaks_Validator());
class ITSEC_Four_Oh_Four_Validator extends ITSEC_Validator { public function get_id() { return '404-detection'; } protected function sanitize_settings() { $this->sanitize_setting('positive-int', 'check_period', __('Minutes to Remember 404 Error (Check Period)', 'better-wp-security')); $this->sanitize_setting('positive-int', 'error_threshold', __('Error Threshold', 'better-wp-security')); $this->sanitize_setting(array($this, 'sanitize_white_list_entry'), 'white_list', __('404 File/Folder White List', 'better-wp-security')); $this->sanitize_setting(array($this, 'sanitize_types_entry'), 'types', __('404 File/Folder White List', 'better-wp-security')); } protected function sanitize_white_list_entry($entry) { if ('/' !== substr($entry, 0, 1)) { return false; } return $entry; } protected function sanitize_types_entry($entry) { if ('.' !== substr($entry, 0, 1)) { return false; } return $entry; } } ITSEC_Modules::register_validator(new ITSEC_Four_Oh_Four_Validator());
$this->settings['show_warning'] = $previous_settings['show_warning']; } $this->vars_to_skip_validate_matching_types[] = 'last_chunk'; $this->sanitize_setting('bool', 'split', __('Split File Scanning', 'better-wp-security')); $this->sanitize_setting(array('exclude', 'include'), 'method', __('Include/Exclude Files and Folders', 'better-wp-security')); $this->sanitize_setting('newline-separated-array', 'file_list', __('Files and Folders List', 'better-wp-security')); $this->sanitize_setting('newline-separated-extensions', 'types', __('Ignore File Types', 'better-wp-security')); $this->sanitize_setting('bool', 'email', __('Email File Change Notifications', 'better-wp-security')); $this->sanitize_setting('bool', 'notify_admin', __('Display File Change Admin Warning', 'better-wp-security')); $this->sanitize_setting('positive-int', 'last_run', __('Last Run', 'better-wp-security'), false); $this->settings = apply_filters('itsec-file-change-sanitize-settings', $this->settings); } protected function validate_settings() { $current_time = ITSEC_Core::get_current_time(); if (defined('ITSEC_DOING_FILE_CHECK') && true === ITSEC_DOING_FILE_CHECK) { $this->settings['last_run'] = $current_time; } else { if ($this->settings['split']) { $interval = 12282; } else { $interval = 86340; } if ($this->settings['last_run'] <= $current_time - $interval) { $this->settings['last_run'] = $current_time - $interval + 120; } } } } ITSEC_Modules::register_validator(new ITSEC_File_Change_Validator());
<?php class ITSEC_SSL_Validator extends ITSEC_Validator { public function get_id() { return 'ssl'; } protected function sanitize_settings() { $this->sanitize_setting('positive-int', 'frontend', __('Front End SSL Mode', 'better-wp-security')); $this->sanitize_setting(array(0, 1, 2), 'frontend', __('Front End SSL Mode', 'better-wp-security')); $this->sanitize_setting('bool', 'admin', __('SSL for Dashboard', 'better-wp-security')); } protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if ($this->settings['admin'] !== $previous_settings['admin']) { ITSEC_Response::regenerate_wp_config(); if ($this->settings['admin']) { ITSEC_Response::force_logout(); } } } } ITSEC_Modules::register_validator(new ITSEC_SSL_Validator());
<?php class ITSEC_Backup_Validator extends ITSEC_Validator { public function get_id() { return 'backup'; } protected function sanitize_settings() { $previous_settings = ITSEC_Modules::get_settings($this->get_id()); if (!isset($this->settings['interval'])) { $this->settings['interval'] = $previous_settings['interval']; } if (!isset($this->settings['last_run'])) { $this->settings['last_run'] = $previous_settings['last_run']; } $this->sanitize_setting('bool', 'all_sites', __('Backup Full Database', 'better-wp-security')); $this->sanitize_setting('positive-int', 'method', __('Backup Method', 'better-wp-security')); $this->sanitize_setting(array(0, 1, 2), 'method', __('Backup Method', 'better-wp-security')); $this->sanitize_setting('writable-directory', 'location', __('Backup Location', 'better-wp-security')); $this->sanitize_setting('positive-int', 'retain', __('Backups to Retain', 'better-wp-security')); $this->sanitize_setting('bool', 'zip', __('Compress Backup Files', 'better-wp-security')); $this->sanitize_setting('newline-separated-array', 'exclude', __('Exclude Tables', 'better-wp-security')); $this->sanitize_setting('bool', 'enabled', __('Schedule Database Backups', 'better-wp-security')); $this->sanitize_setting('positive-int', 'interval', __('Backup Interval', 'better-wp-security')); $this->sanitize_setting('positive-int', 'last_run', __('Last Run', 'better-wp-security'), false); } } ITSEC_Modules::register_validator(new ITSEC_Backup_Validator());
$whitelisted_hosts[] = $host; } } if (!empty($whitelisted_hosts)) { $this->set_can_save(false); /* translators: 1: input name, 2: invalid host list */ $this->add_error(wp_sprintf(_n('The following IP in %1$s is whitelisted and cannot be banned: %2$l', 'The following IPs in %1$s are whitelisted and cannot be banned: %2$l', count($whitelisted_hosts), 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $whitelisted_hosts)); } } $this->sanitize_setting(array($this, 'sanitize_agent_list_entry'), 'agent_list', __('Ban User Agents', 'better-wp-security')); } protected function sanitize_agent_list_entry($entry) { return trim(sanitize_text_field($entry)); } protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); foreach ($this->settings as $key => $val) { if (!isset($previous_settings[$key]) || $previous_settings[$key] != $val) { ITSEC_Response::regenerate_server_config(); break; } } } } ITSEC_Modules::register_validator(new ITSEC_Ban_Users_Validator());
<?php class ITSEC_Strong_Passwords_Validator extends ITSEC_Validator { public function get_id() { return 'strong-passwords'; } protected function sanitize_settings() { $this->sanitize_setting(array('administrator', 'editor', 'author', 'contributor', 'subscriber'), 'role', __('Select Role for Strong Passwords', 'better-wp-security')); } } ITSEC_Modules::register_validator(new ITSEC_Strong_Passwords_Validator());
<?php class ITSEC_Multisite_Tweaks_Validator extends ITSEC_Validator { public function get_id() { return 'multisite-tweaks'; } protected function preprocess_settings() { $this->sanitize_setting('bool', 'theme_updates', __('Theme Update Notifications', 'better-wp-security')); $this->sanitize_setting('bool', 'plugin_updates', __('Plugin Update Notifications', 'better-wp-security')); $this->sanitize_setting('bool', 'core_updates', __('Core Update Notifications', 'better-wp-security')); } } ITSEC_Modules::register_validator(new ITSEC_Multisite_Tweaks_Validator());