debug_logger->log_debug("Nonce check failed on login lockdown options save!",4);
die("Nonce check failed on login lockdown options save!");
}
$max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
if(!is_numeric($max_login_attempt_val))
{
$error .= ' '.__('You entered a non numeric value for the max login attempts field. It has been set to the default value.','aiowpsecurity');
$max_login_attempt_val = '3';//Set it to the default value for this field
}
$login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
if(!is_numeric($login_retry_time_period))
{
$error .= ' '.__('You entered a non numeric value for the login retry time period field. It has been set to the default value.','aiowpsecurity');
$login_retry_time_period = '5';//Set it to the default value for this field
}
$lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
if(!is_numeric($lockout_time_length))
{
$error .= ' '.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','aiowpsecurity');
$lockout_time_length = '60';//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_email_address']);
if(!is_email($email_address))
{
$error .= ' '.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','aiowpsecurity');
$email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
}
if($error)
{
$this->show_msg_error(__('Attention!','aiowpsecurity').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_enable_login_lockdown',isset($_POST["aiowps_enable_login_lockdown"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_max_login_attempts',absint($max_login_attempt_val));
$aio_wp_security->configs->set_value('aiowps_retry_time_period',absint($login_retry_time_period));
$aio_wp_security->configs->set_value('aiowps_lockout_time_length',absint($lockout_time_length));
$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg',isset($_POST["aiowps_set_generic_login_msg"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown',isset($_POST["aiowps_enable_invalid_username_lockdown"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_enable_email_notify',isset($_POST["aiowps_enable_email_notify"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_email_address',$email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if(isset($_REQUEST['action'])) //Do list table form row action tasks
{
if($_REQUEST['action'] == 'delete_blocked_ip'){ //Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if($_REQUEST['action'] == 'unlock_ip'){ //Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
?>
Cookie-Based Brute Force Login Prevention';
echo '
'.__('One of the ways hackers try to compromise sites is via a ', 'aiowpsecurity').''.__('Brute Force Login Attack', 'aiowpsecurity').'.
'.__('This is where attackers use repeated login attempts until they guess the password.', 'aiowpsecurity').'
'.__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'aiowpsecurity').
'
'.sprintf( __('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'aiowpsecurity'), $brute_force_login_feature_link).'
prepare_items();
//echo "put table of locked entries here";
?>
debug_logger->log_debug("Nonce check failed on captcha settings save!",4);
die("Nonce check failed on captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_captcha_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_captcha',isset($_POST["aiowps_enable_login_captcha"])?'1':'');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
'.__('This feature allows you to add a captcha form on the WordPress login page.', 'aiowpsecurity').'
'.__('Users who attempt to login will also need to enter the answer to a simple mathematical question - if they enter the wrong answer, the plugin will not allow them login even if they entered the correct username and password.', 'aiowpsecurity').'
'.__('Therefore, adding a captcha form on the login page is another effective yet simple "Brute Force" prevention technique.', 'aiowpsecurity').'
';
?>
debug_logger->log_debug("Nonce check failed for save whitelist settings!",4);
die(__('Nonce check failed for save whitelist settings!','aiowpsecurity'));
}
if (isset($_POST["aiowps_enable_whitelisting"]) && empty($_POST['aiowps_allowed_ip_addresses']))
{
$this->show_msg_error('You must submit at least one IP address!','aiowpsecurity');
}
else
{
if (!empty($_POST['aiowps_allowed_ip_addresses']))
{
$ip_addresses = $_POST['aiowps_allowed_ip_addresses'];
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
if($payload[0] == 1){
//success case
$result = 1;
$list = $payload[1];
$banned_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',$banned_ip_data);
$_POST['aiowps_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
}
else{
$result = -1;
$error_msg = $payload[1][0];
$this->show_msg_error($error_msg);
}
}
else
{
$aio_wp_security->configs->set_value('aiowps_allowed_ip_addresses',''); //Clear the IP address config value
}
if ($result == 1)
{
$aio_wp_security->configs->set_value('aiowps_enable_whitelisting',isset($_POST["aiowps_enable_whitelisting"])?'1':'');
$aio_wp_security->configs->save_config(); //Save the configuration
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
if ($write_result == -1)
{
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','aiowpsecurity'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_whitelist_Menu - The plugin was unable to write to the .htaccess file.");
}
}
}
}
?>
'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'aiowpsecurity').'
'.__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'aiowpsecurity').'
'.__('The plugin achieves this by writing the appropriate directives to your .htaccess file.', 'aiowpsecurity').'
'.__('By allowing/blocking IP addresses via the .htaccess file your are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'aiowpsecurity').'
';
?>
debug_logger->log_debug("Nonce check failed for delete all failed login records operation!",4);
die(__('Nonce check failed for delete all failed login records operation!','aiowpsecurity'));
}
$failed_logins_table = AIOWPSEC_TBL_FAILED_LOGINS;
//Delete all records from the failed logins table
$result = $wpdb->query("truncate $failed_logins_table");
if ($result === FALSE)
{
$aio_wp_security->debug_logger->log_debug("User Login Feature - Delete all failed login records operation failed!",4);
$this->show_msg_error(__('User Login Feature - Delete all failed login records operation failed!','aiowpsecurity'));
}
else
{
$this->show_msg_updated(__('All records from the Failed Logins table were deleted successfully!','aiowpsecurity'));
}
}
include_once 'wp-security-list-login-fails.php'; //For rendering the AIOWPSecurity_List_Table in tab2
$failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts(); //For rendering the AIOWPSecurity_List_Table in tab2
if(isset($_REQUEST['action'])) //Do row action tasks for list table form for failed logins
{
if($_REQUEST['action'] == 'delete_failed_login_rec'){ //Delete link was clicked for a row in list table
$failed_login_list->delete_login_failed_records(strip_tags($_REQUEST['failed_login_id']));
}
}
?>
'.__('This tab displays the failed login attempts for your site.', 'aiowpsecurity').'
'.__('The information below can be handy if you need to do security investigations because it will show you the IP range, username and ID (if applicable) and the time/date of the failed login attempt.', 'aiowpsecurity').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
debug_logger->log_debug("Nonce check failed on force logout options save!",4);
die("Nonce check failed on force logout options save!");
}
$logout_time_period = sanitize_text_field($_POST['aiowps_logout_time_period']);
if(!is_numeric($logout_time_period))
{
$error .= ' '.__('You entered a non numeric value for the logout time period field. It has been set to the default value.','aiowpsecurity');
$logout_time_period = '1';//Set it to the default value for this field
}
if($error)
{
$this->show_msg_error(__('Attention!','aiowpsecurity').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_logout_time_period',absint($logout_time_period));
$aio_wp_security->configs->set_value('aiowps_enable_forced_logout',isset($_POST["aiowps_enable_forced_logout"])?'1':'');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
'.__('Setting an expiry period for your WP administration session is a simple way to protect against unauthorized access to your site from your computer.', 'aiowpsecurity').'
'.__('This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.', 'aiowpsecurity').'
';
?>
'.__('This tab displays the login activity for WordPress admin accounts registered with your site.', 'aiowpsecurity').'
'.__('The information below can be handy if you need to do security investigations because it will show you the last 50 recent login events by username, IP address and time/date.', 'aiowpsecurity').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
debug_logger->log_debug("Nonce check failed for users logged in list!",4);
die(__('Nonce check failed for users logged in list!','aiowpsecurity'));
}
$user_list->prepare_items();
// if(isset($_REQUEST['action'])) //Do list table form row action tasks
// {
//no actions for now
// }
}
?>
'.__('This tab displays all users who are currently logged into your site.', 'aiowpsecurity').'
'.__('If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.', 'aiowpsecurity').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
query($unlock_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected IP ranges were unlocked successfully!','aiowpsecurity'));
}
} elseif ($entries != NULL)
{
//Delete single record
$unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE ID = '".absint($entries)."'";
$result = $wpdb->query($unlock_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected IP range was unlocked successfully!','aiowpsecurity'));
}
}
//$aio_wp_security->debug_logger->log_debug("IP range unlocked from login_lockdown table - lockdown ID: ".$lockdown_id,0);
}
/*
* This function will delete selected records from the "login_lockdown" table.
* The function accepts either an array of IDs or a single ID
*/
function delete_lockdown_records($entries)
{
global $wpdb, $aio_wp_security;
$lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
if (is_array($entries))
{
//Delete multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$lockdown_table." WHERE ID IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected records were deleted successfully!','aiowpsecurity'));
}
} elseif ($entries != NULL)
{
//Delete single record
$delete_command = "DELETE FROM ".$lockdown_table." WHERE ID = '".absint($entries)."'";
$result = $wpdb->query($delete_command);
if($result != NULL)
{
$this->show_msg_updated(__('The selected record was deleted successfully!','aiowpsecurity'));
}
//$aio_wp_security->debug_logger->log_debug("Record deleted from login_lockdown table - lockdown ID: ".$entries,0);
}
}
} //end class