user_email; } $data = array( 'key' => $api_key, 'email' => $email, 'name' => get_option('blogname'), 'site' => get_option('home'), 'feedback' => plugins_url('feedback.php', __FILE__), ); $http_client->post(ACCESS_WATCH__BASE_API_URL . '/key/register', $data); } function access_watch_get_api_key() { $http_client = access_watch_http_client(); $api_key = $http_client->get(ACCESS_WATCH__BASE_API_URL . '/key'); if ($api_key) { update_option('access_watch_api_key', $api_key); } return $api_key; } function access_watch_access_token() { $access_token = get_option('access_watch_access_token'); if (empty($access_token)) { $api_key = access_watch_api_key(); $http_client = access_watch_http_client($api_key); $result = $http_client->get(ACCESS_WATCH__BASE_API_URL . '/wordpress/token'); if (!empty($result['access_token'])) { $access_token = $result['access_token']; update_option('access_watch_access_token', $access_token); } if (!empty($result['site_id'])) { update_option('access_watch_site_id', $result['site_id']); } if (!empty($result['user_email'])) { update_option('access_watch_user_email', $result['user_email']); } } return $access_token; } function access_watch_site_id() { $access_token = access_watch_access_token(); $site_id = get_option('access_watch_site_id'); if (empty($site_id)) { $api_key = access_watch_api_key(); $http_client = access_watch_http_client($api_key); $result = $http_client->get(ACCESS_WATCH__BASE_API_URL . '/wordpress'); $site_id = $result['site_id']; update_option('access_watch_site_id', $site_id); } return $site_id; } function access_watch_user_email() { $access_token = access_watch_access_token(); $user_email = get_option('access_watch_user_email'); if (empty($user_email)) { $api_key = access_watch_api_key(); $http_client = access_watch_http_client($api_key); $result = $http_client->get(ACCESS_WATCH__BASE_API_URL . '/wordpress'); $user_email = $result['user_email']; update_option('access_watch_user_email', $user_email); } return $user_email; } function access_watch_cache() { static $cache; if (empty($cache)) { $cache = new \Bouncer\Cache\WordpressCache(); } return $cache; } function access_watch_http_client($api_key = null) { static $http_client; if (empty($http_client)) { $http_client = new \Bouncer\Http\WordpressClient(); } if ($api_key) { $http_client->setApiKey($api_key); } return $http_client; } function access_watch_instance() { static $instance; if (empty($instance)) { $access_watch_api_key = access_watch_api_key(); if ($access_watch_api_key) { $instance = new \AccessWatch\AccessWatch(array( 'apiKey' => $access_watch_api_key, 'baseUrl' => ACCESS_WATCH__BASE_API_URL, 'baseLogUrl' => ACCESS_WATCH__BASE_LOG_URL, 'httpClient' => access_watch_http_client(), 'cache' => access_watch_cache(), 'cookiePath' => COOKIEPATH, )); } } return $instance; } add_action( 'admin_menu', 'access_watch_plugin_menu' ); function access_watch_plugin_menu() { $page = add_menu_page( $page_title = 'Access Watch', $menu_title = 'Access Watch', $capability = 'manage_options', $menu_slug = 'access-watch-dashboard', $function = 'access_watch_dashboard', $icon_url = 'dashicons-groups' ); add_action( 'load-' . $page, 'access_watch_admin_assets' ); add_submenu_page ( $parent_slug = 'access-watch-dashboard', $page_title = 'Access Watch', $menu_title = 'Access Watch', $capability = 'manage_options', $menu_slug = 'access-watch-dashboard', $function = 'access_watch_dashboard' ); add_submenu_page ( $parent_slug = 'access-watch-dashboard', $page_title = 'About ‹ Access Watch ', $menu_title = 'About', $capability = 'manage_options', $menu_slug = 'access-watch-about', $function = 'access_watch_about' ); } function access_watch_about() { if ( !current_user_can( 'manage_options' ) ) { wp_die( __( 'You do not have sufficient permissions to access this page.' ) ); } if (isset($_POST['reset'])) { delete_option('access_watch_api_key'); delete_option('access_watch_api_key_registered'); delete_option('access_watch_site_id'); delete_option('access_watch_access_token'); } echo '
'; echo '

Access Watch

'; if ($api_key = access_watch_api_key()) { echo '

API Key: ' . $api_key . '

'; if ($site_id = access_watch_site_id()) { echo '

Site Id: ' . $site_id . '

'; } if ($user_email = access_watch_user_email()) { echo '

User Email: ' . $user_email . '

'; } echo '
'; echo ''; echo '
'; } else { echo '

The plugin is currently unregistered. Register an API Key now!

'; } echo '
'; echo '

If you have any question, you can use the WordPress.org forum, or send us an email: wordpress@access.watch.

'; echo '
'; } function access_watch_dashboard() { if ( !current_user_can( 'manage_options' ) ) { wp_die( __( 'You do not have sufficient permissions to access this page.' ) ); } if (isset($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $api_key = access_watch_get_api_key(); update_option('access_watch_api_key', $api_key); access_watch_register_api_key($api_key, $_POST['email']); } if (isset($_POST['api_key']) && preg_match('/[a-f0-9]{32}/i', $_POST['api_key'])) { $api_key = $_POST['api_key']; update_option('access_watch_api_key', $api_key); access_watch_register_api_key($api_key); } $api_key = access_watch_api_key(); if (true) { echo '
'; echo '

Access Watch

'; echo '

End of life

'; echo '

Thank you for using Access Watch.

'; echo '

The Access Watch plugin for WordPress is not supported anymore and the plugin is disabled.

'; echo '

Feel free to uninstall the plugin now.

'; echo '

Sorry!

'; echo '
'; echo '

If you have any question, you can use the WordPress.org forum, or send us an email: wordpress@access.watch.

'; echo '
'; } elseif (!$api_key) { echo '
'; echo '

Welcome to Access Watch

'; $email = get_option('admin_email'); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $current_user = wp_get_current_user(); $email = $current_user->user_email; } echo '
'; echo '
'; echo '

Create new API Key

'; echo '
'; echo ''; echo ''; echo '
'; echo '
'; echo '
'; echo '

Use existing API Key

'; echo '
'; echo ''; echo ''; echo '
'; echo '
'; echo '
'; echo '
'; } else { echo '
'; echo '
'; $site_id = access_watch_site_id(); $access_token = access_watch_access_token(); $asset_base_url = plugin_dir_url( ACCESS_WATCH__PLUGIN_FILE ); $script_url = plugins_url( 'main.js?v=' . ACCESS_WATCH__PLUGIN_VERSION, ACCESS_WATCH__PLUGIN_FILE ); echo ''; } } function access_watch_admin_assets() { add_action( 'admin_enqueue_scripts', 'access_watch_enqueue_assets' ); } function access_watch_enqueue_assets() { wp_register_style( 'access-watch', plugin_dir_url( __FILE__ ) . 'assets/access-watch.css', array(), ACCESS_WATCH__PLUGIN_VERSION ); wp_enqueue_style( 'access-watch'); } function access_watch_notices() { global $hook_suffix; if ( $hook_suffix == 'plugins.php' && !access_watch_api_key() ) { ?>

Almost done! Configure Access Watch to finally understand your website traffic activity.

parse()) { return $message; } } } function access_watch_xmlrpc_extra() { $extra = array(); $xmlrpc_message = access_watch_xmlrpc_message(); if ($xmlrpc_message) { $extra['xmlrpc_method_name'] = $xmlrpc_message->methodName; // Multicall methods if ($extra['xmlrpc_method_name'] == 'system.multicall') { $multicall_methods = array(); foreach ($xmlrpc_message->params[0] as $call) { $multicall_methods[] = $call['methodName']; } $extra['xmlrpc_multicall_methods'] = array_unique($multicall_methods); } // Pingback params elseif ($extra['xmlrpc_method_name'] == 'pingback.ping') { $extra['xmlrpc_pingback_params'] = $xmlrpc_message->params[0]; } } return $extra; } function access_watch_post_extra($ignore = array()) { return array_diff_key($_POST, array_flip($ignore)); } function access_watch_start() { $access_watch = access_watch_instance(); if ($access_watch) { $access_watch->start(); $access_watch->initSession(); $identity = $access_watch->getIdentity(); $session = $identity->getSession(); $isBlocked = $session && $session->isBlocked(); // Authenticated User $current_user = wp_get_current_user(); if ($current_user && $current_user->user_login) { $access_watch->addContext('user', array( 'username' => $current_user->user_login, )); // Stop there for Authenticated Users return; } // For now, we're only throttling/blocking POST requests if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Block Brute Force Login if (strpos($_SERVER['REQUEST_URI'], '/wp-login.php?action=register') !== false) { if ($isBlocked || $identity->isBad()) { $extra = access_watch_post_extra(); $access_watch->block('registration_blocked', $extra); } } elseif (strpos($_SERVER['REQUEST_URI'], '/wp-login.php') !== false) { if ($isBlocked || $identity->isBad()) { $extra = access_watch_post_extra(array('pwd')); $access_watch->block('login_blocked', $extra); } } // Block Comment Spam if (strpos($_SERVER['REQUEST_URI'], '/wp-comments-post.php') !== false) { $extra = access_watch_post_extra(); if ($isBlocked || $identity->isBad()) { $access_watch->block('comment_blocked', $extra); } else { $access_watch->registerEvent('comment', $extra); } } // Block Trackback if (strpos($_SERVER['REQUEST_URI'], '/trackback') !== false) { if ($isBlocked || $identity->isBad()) { $access_watch->block('trackback_blocked'); } else { $access_watch->registerEvent('trackback'); } } // Block XML-RPC if (strpos($_SERVER['REQUEST_URI'], '/xmlrpc.php') !== false) { $extra = access_watch_xmlrpc_extra(); if ($isBlocked || $identity->isBad()) { $access_watch->block('xmlrpc_blocked', $extra); } else { $access_watch->registerEvent('xmlrpc', $extra); } } // Users Ultra Membership Plugin support // https://wordpress.org/plugins/users-ultra/ if (strpos($_SERVER['REQUEST_URI'], '/login') !== false) { if ($isBlocked || $identity->isBad()) { $extra = access_watch_post_extra(array('login_user_pass')); $access_watch->block('login_blocked', $extra); } } if (strpos($_SERVER['REQUEST_URI'], '/registration') !== false) { if ($isBlocked || $identity->isBad()) { $extra = access_watch_post_extra(array('user_pass', 'user_pass_confirm')); $access_watch->block('registration_blocked', $extra); } } // Budypress support // https://wordpress.org/plugins/buddypress/ if (strpos($_SERVER['REQUEST_URI'], '/register/') !== false) { if ($isBlocked || $identity->isBad()) { $extra = access_watch_post_extra(array('signup_password', 'signup_password_confirm')); $access_watch->block('registration_blocked', $extra); } } } // Block Bad Referers $access_watch->blockBadReferers(); // Block Bad Sessions $access_watch->blockBadSessions(); // If it's suspicious/bad and not alreay blocked, throttle if ($identity->isSuspicious() || $identity->isBad()) { $access_watch->throttle(); } } } // add_action( 'init' , 'access_watch_start' ); function access_watch_login_failed( $username ) { if (strpos($_SERVER['REQUEST_URI'], '/xmlrpc.php') !== false) { return; } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { return; } $access_watch = access_watch_instance(); if ($access_watch) { $access_watch->registerEvent( 'login_failed', array( 'username' => $username ) ); } } add_action( 'wp_login_failed' , 'access_watch_login_failed', 10, 1 ); function access_watch_login( $user_login, $user ) { if (strpos($_SERVER['REQUEST_URI'], '/xmlrpc.php') !== false) { return; } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { return; } $access_watch = access_watch_instance(); if ($access_watch) { $username = $user && $user->user_login ? $user->user_login : $user_login; $access_watch->registerEvent( 'login_succeeded', array( 'username' => $username ) ); } } add_action( 'wp_login', 'access_watch_login', 10, 2 ); function access_watch_wpcf7_submit( $wpcf7_contact_form, $result ) { $access_watch = access_watch_instance(); if ($access_watch) { $identity = $access_watch->getIdentity(); $extra = access_watch_post_extra(); if ($identity && $identity->isBad()) { $access_watch->block('form_blocked', $extra); } else { $access_watch->registerEvent('form', $extra); } } } add_action( 'wpcf7_submit', 'access_watch_wpcf7_submit', 10, 2 );