debug_logger->log_debug("Nonce check failed on login lockdown options save!",4);
die("Nonce check failed on login lockdown options save!");
}
$max_login_attempt_val = sanitize_text_field($_POST['aiowps_max_login_attempts']);
if(!is_numeric($max_login_attempt_val))
{
$error .= ' '.__('You entered a non numeric value for the max login attempts field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
$max_login_attempt_val = '3';//Set it to the default value for this field
}
$login_retry_time_period = sanitize_text_field($_POST['aiowps_retry_time_period']);
if(!is_numeric($login_retry_time_period))
{
$error .= ' '.__('You entered a non numeric value for the login retry time period field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
$login_retry_time_period = '5';//Set it to the default value for this field
}
$lockout_time_length = sanitize_text_field($_POST['aiowps_lockout_time_length']);
if(!is_numeric($lockout_time_length))
{
$error .= ' '.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
$lockout_time_length = '60';//Set it to the default value for this field
}
$email_address = sanitize_email($_POST['aiowps_email_address']);
if(!is_email($email_address))
{
$error .= ' '.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','all-in-one-wp-security-and-firewall');
$email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
}
// Instantly lockout specific usernames
$_ilsu = isset($_POST['aiowps_instantly_lockout_specific_usernames']) ? $_POST['aiowps_instantly_lockout_specific_usernames'] : '';
// Read into array, sanitize, filter empty and keep only unique usernames.
$instantly_lockout_specific_usernames
= array_unique(
array_filter(
array_map(
'sanitize_user',
AIOWPSecurity_Utility::explode_trim_filter_empty($_ilsu)
),
'strlen'
)
)
;
if($error)
{
$this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
}
//Save all the form values to the options
$random_20_digit_string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20); //Generate random 20 char string for use during captcha encode/decode
$aio_wp_security->configs->set_value('aiowps_unlock_request_secret_key', $random_20_digit_string);
$aio_wp_security->configs->set_value('aiowps_enable_login_lockdown',isset($_POST["aiowps_enable_login_lockdown"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_allow_unlock_requests',isset($_POST["aiowps_allow_unlock_requests"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_max_login_attempts',absint($max_login_attempt_val));
$aio_wp_security->configs->set_value('aiowps_retry_time_period',absint($login_retry_time_period));
$aio_wp_security->configs->set_value('aiowps_lockout_time_length',absint($lockout_time_length));
$aio_wp_security->configs->set_value('aiowps_set_generic_login_msg',isset($_POST["aiowps_set_generic_login_msg"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_enable_invalid_username_lockdown',isset($_POST["aiowps_enable_invalid_username_lockdown"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_instantly_lockout_specific_usernames', $instantly_lockout_specific_usernames);
$aio_wp_security->configs->set_value('aiowps_enable_email_notify',isset($_POST["aiowps_enable_email_notify"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_email_address',$email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
if(isset($_REQUEST['action'])) //Do list table form row action tasks
{
if($_REQUEST['action'] == 'delete_blocked_ip'){ //Delete link was clicked for a row in list table
$locked_ip_list->delete_lockdown_records(strip_tags($_REQUEST['lockdown_id']));
}
if($_REQUEST['action'] == 'unlock_ip'){ //Unlock link was clicked for a row in list table
$locked_ip_list->unlock_ip_range(strip_tags($_REQUEST['lockdown_id']));
}
}
//login lockdown whitelist settings
$result = 1;
if (isset($_POST['aiowps_save_lockdown_whitelist_settings']))
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-lockdown-whitelist-settings-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save lockdown whitelist settings!",4);
die(__('Nonce check failed for save lockdown whitelist settings!','aiowpsecurity'));
}
if (isset($_POST["aiowps_lockdown_enable_whitelisting"]) && empty($_POST['aiowps_lockdown_allowed_ip_addresses']))
{
$this->show_msg_error('You must submit at least one IP address!','aiowpsecurity');
}
else
{
if (!empty($_POST['aiowps_lockdown_allowed_ip_addresses']))
{
$ip_addresses = $_POST['aiowps_lockdown_allowed_ip_addresses'];
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'whitelist');
if($payload[0] == 1){
//success case
$result = 1;
$list = $payload[1];
$banned_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses',$banned_ip_data);
$_POST['aiowps_lockdown_allowed_ip_addresses'] = ''; //Clear the post variable for the banned address list
}
else{
$result = -1;
$error_msg = $payload[1][0];
$this->show_msg_error($error_msg);
}
}
else
{
$aio_wp_security->configs->set_value('aiowps_lockdown_allowed_ip_addresses',''); //Clear the IP address config value
}
if ($result == 1)
{
$aio_wp_security->configs->set_value('aiowps_lockdown_enable_whitelisting',isset($_POST["aiowps_lockdown_enable_whitelisting"])?'1':'');
$aio_wp_security->configs->save_config(); //Save the configuration
$this->show_msg_settings_updated();
}
}
}
?>
Cookie-Based Brute Force Login Prevention';
echo '
'.__('One of the ways hackers try to compromise sites is via a ', 'all-in-one-wp-security-and-firewall').''.__('Brute Force Login Attack', 'all-in-one-wp-security-and-firewall').'. '.__('This is where attackers use repeated login attempts until they guess the password.', 'all-in-one-wp-security-and-firewall').'
'.__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'all-in-one-wp-security-and-firewall').
'
'.sprintf( esc_html(__('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'all-in-one-wp-security-and-firewall')), $brute_force_login_feature_link).'
'.sprintf( __('To see a list of all locked IP addresses and ranges go to the %s tab in the dashboard menu.', 'all-in-one-wp-security-and-firewall'), $locked_ips_link).'
';
?>
debug_logger->log_debug("Nonce check failed for delete all failed login records operation!",4);
die(__('Nonce check failed for delete all failed login records operation!','all-in-one-wp-security-and-firewall'));
}
$failed_logins_table = AIOWPSEC_TBL_FAILED_LOGINS;
//Delete all records from the failed logins table
$result = $wpdb->query("truncate $failed_logins_table");
if ($result === FALSE)
{
$aio_wp_security->debug_logger->log_debug("User Login Feature - Delete all failed login records operation failed!",4);
$this->show_msg_error(__('User Login Feature - Delete all failed login records operation failed!','all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_updated(__('All records from the Failed Logins table were deleted successfully!','all-in-one-wp-security-and-firewall'));
}
}
include_once 'wp-security-list-login-fails.php'; //For rendering the AIOWPSecurity_List_Table in tab2
$failed_login_list = new AIOWPSecurity_List_Login_Failed_Attempts(); //For rendering the AIOWPSecurity_List_Table in tab2
if(isset($_REQUEST['action'])) //Do row action tasks for list table form for failed logins
{
if($_REQUEST['action'] == 'delete_failed_login_rec'){ //Delete link was clicked for a row in list table
$failed_login_list->delete_login_failed_records(strip_tags($_REQUEST['failed_login_id']));
}
}
AIOWPSecurity_Admin_Menu::display_bulk_result_message();
?>
'.__('This tab displays the failed login attempts for your site.', 'all-in-one-wp-security-and-firewall').'
'.__('The information below can be handy if you need to do security investigations because it will show you the IP range, username and ID (if applicable) and the time/date of the failed login attempt.', 'all-in-one-wp-security-and-firewall').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
debug_logger->log_debug("Nonce check failed on force logout options save!",4);
die("Nonce check failed on force logout options save!");
}
$logout_time_period = sanitize_text_field($_POST['aiowps_logout_time_period']);
if(!is_numeric($logout_time_period))
{
$error .= ' '.__('You entered a non numeric value for the logout time period field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
$logout_time_period = '1';//Set it to the default value for this field
}
else
{
if($logout_time_period < 1){
$logout_time_period = '1';
}
}
if($error)
{
$this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_logout_time_period',absint($logout_time_period));
$aio_wp_security->configs->set_value('aiowps_enable_forced_logout',isset($_POST["aiowps_enable_forced_logout"])?'1':'');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
'.__('Setting an expiry period for your WP administration session is a simple way to protect against unauthorized access to your site from your computer.', 'all-in-one-wp-security-and-firewall').'
'.__('This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.', 'all-in-one-wp-security-and-firewall').'
';
?>
'.__('This tab displays the activity for accounts registered with your site that have logged in using the WordPress login form.', 'all-in-one-wp-security-and-firewall').'
'.__('The information below can be handy if you need to do security investigations because it will show you the last 50 recent login events by username, IP address and time/date.', 'all-in-one-wp-security-and-firewall').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>
force_user_logout(strip_tags($_REQUEST['logged_in_id']), strip_tags($_REQUEST['ip_address']));
}
}
if (isset($_POST['aiowps_refresh_logged_in_user_list']))
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-logged-in-users-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for users logged in list!",4);
die(__('Nonce check failed for users logged in list!','all-in-one-wp-security-and-firewall'));
}
$user_list->prepare_items();
}
?>
'.__('This tab displays all users who are currently logged into your site.', 'all-in-one-wp-security-and-firewall').'
'.__('If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.', 'all-in-one-wp-security-and-firewall').'
'.__('You can also instantly log them out by clicking on the "Force Logout" link when you hover over the row in the User Id column.', 'all-in-one-wp-security-and-firewall').'
';
?>
prepare_items();
//echo "put table of locked entries here";
?>