Configuration Version: 4.2.2 Author: AskApache Author URI: http://www.askapache.com == Installation == 1. Extract zip in plugins directory 2. Activate the Plugin 3. Setup plugin options */ /* /--------------------------------------------------------------------\ | | | License: GPL | | | | AskApache Password Protect Plugin - Adds HTTP Basic Authentication | | Copyright (C) 2008, AskApache, www.askapache.com | | All rights reserved. | | | | This program is free software; you can redistribute it and/or | | modify it under the terms of the GNU General Public License | | as published by the Free Software Foundation; either version 2 | | of the License, or (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU General Public License for more details. | | | | You should have received a copy of the GNU General Public License | | along with this program; if not, write to the | | Free Software Foundation, Inc. | | 51 Franklin Street, Fifth Floor | | Boston, MA 02110-1301, USA | | | \--------------------------------------------------------------------/ */ ?>

by | Google 404 Plugin - .htaccess tutorial - .htaccess help forum

NOTE: This is an incredibly powerful plugin that modifies your server not wordpress. This can easily take your site down. If you experience a bad error, delete the .htaccess files on the server using ftp, ssh, webftp, or contact support, etc..

" method="post"> '; print_r($aa_PP); $g=aa_pp_extract_mark($aa_PP['blog_root_htaccess'],'WordPress');print_r($g); if(function_exists('apache_get_modules'))print_r(apache_get_modules()); ob_start();phpinfo(8);$g=ob_get_clean();echo $g; echo ''; } ?>

Installation

Create User and Pass for .htpasswd

Protect Admin Folder Immediately?

Pop-Up Message Auth-Name / Realm:

Username:

Password:

Try to pick an .htpasswd location above your document_root, in other words, not in site.com/htdocs/.htpasswda1 but site.com/.htpasswda1

.htpasswd location:

Modify Main Password Settings

Auth Name:

.htpasswd location:

Add User

Username:

Password:

Username

Manage .htaccess Security Modules

$sid){ if($n[0]!='s')continue; ?> >

SID	Protection	Description	Response	Enable
				/>

New modules added with every upgrade. Submit your module suggestions/bugs here.

Root .htaccess

0){?>

wp-admin .htaccess

About This Plugin

'.$aa_PP['plugin_data']['Version'].''; ?>

AskApache Links

· Google 404 Plugin

· .htpasswd Generator

· htaccess tutorial

Security Articles

· Hardening WordPress

· mod_security tricks

· WordPress File Perms

/> CRYPT -
/> SHA1 -
/> MD5 -
/> PLAIN TEXT -

CRYPT -

SHA1 -

MD5 -

PLAIN TEXT -

', 'Order Deny,Allow', 'Deny from All', 'Satisfy Any', '', 'AuthName "'.$aa_PP['realm'].'"', 'AuthUserFile '.$aa_PP['htpasswd'], 'AuthType Basic', 'Require valid-user', '' ); break; case 'sid900': $sidrules=array( 'DirectoryIndex index.php /index.php', '', 'Order Deny,Allow', 'Deny from All', 'Satisfy Any', '', 'AuthName "'.$aa_PP['realm'].'"', 'AuthUserFile '.$aa_PP['htpasswd'], 'AuthType Basic', 'Require valid-user', '', '', 'Allow from All', '', '', '', 'Allow from All', '' ); break; case 'modrewrite': $sidrules=array( 'RewriteEngine On', 'RewriteBase /' ); break; case 'sid1000': $sidrules=array( 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-content/.*$ [NC]', 'RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$', 'RewriteRule .* - [F,NS]' ); break; case 'sid1010': $sidrules=array( 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-includes/.*$ [NC]', 'RewriteCond %{REQUEST_FILENAME} ^.+\.php$', 'RewriteRule .* - [F,NS]' ); break; case 'sid1011': $sidrules=array( 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*%20.*\ HTTP/ [NC,OR]', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*(main|load|image|start)\.php.*\ HTTP/ [NC,OR]', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]', 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]', 'RewriteRule .* - [F,NS]' ); break; case 'sid1012': $sidrules=array( 'RewriteCond %{HTTP_REFERER} !^$', 'RewriteCond %{HTTP_REFERER} !^'.$aa_PP['scheme'].'://'.$_SERVER['HTTP_HOST'].'.*$ [NC]', 'RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS]' ); break; case 'sid1015': $sidrules=array( 'RewriteCond %{REQUEST_METHOD} !^(GET|POST|OPTIONS|PUT|HEAD)$ [NC]', 'RewriteRule .* - [F,L]' ); break; case 'sid1030': $sidrules=array( 'RewriteCond %{HTTPS} !=on [NC]', 'RewriteRule .* '.$aa_PP['scheme'].'://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]' ); break; case 'modsecurity': $sidrules=array( 'SecFilterEngine On', 'SecFilterCheckURLEncoding On', 'SecFilterCheckUnicodeEncoding Off', 'SecFilterScanPOST On', 'SecFilterDefaultAction "deny,nolog,noauditlog,status:403"' ); break; case 'sid2000': $sidrules=array( 'SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" "chain"', 'SecFilterSelective HTTP_Content-Length "!^$"', '', 'SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" "chain"', 'SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;)"', '', 'SecFilterSelective REQUEST_METHOD "^POST$" "chain"', 'SecFilterSelective HTTP_Content-Length "^$"', '', 'SecFilterSelective ARG_cache_lastpostdate "<\?php"', '', '', 'SecFilterSelective ARG_comment_post_ID "^$"', '' ); break; } return $sidrules; } function aa_pp_erase_sid($sid){ global $aa_PP; $aa_PP['S']["$sid"]['ON']='0'; if(!aa_pp_insert_mark($aa_PP['S'][$sid]['FILE'],"AskApache $sid",''))die('Failed to erase '.$sid."-".$aa_PP['S']["$sid"]['FILE']); } function aa_pp_activate_sid($sid){ global $aa_PP; $aa_PP['S']["$sid"]['ON']='1'; if(!aa_pp_insert_mark($aa_PP['S']["$sid"]['FILE'],"AskApache $sid",aa_pp_generate_sid_rules($sid)))die('Failed to create '.$sid."-".$aa_PP['S']["$sid"]['FILE']); } function aa_pp_get_post_values(){ global $aa_PP; check_admin_referer('askapache-password-protect-update_modify'); $aa_PP=get_option('askapache_password_protect'); if(isset($_POST['resetaapp']))aa_pp_activate(); if(isset($_POST['aapptestingdone']))$aa_PP['config_step']='2'; if(isset($_POST['aappsetupcomplete']))$aa_PP['config_step']='3'; /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ if(isset($_POST['adduser'])){ if(isset($_POST['addhtaccessuser'])&&isset($_POST['addhtaccesspass']) && isset($_POST['aapassformat'])){ $aa_current_htpasswd_users=aa_pp_extract_mark($aa_PP['htpasswd'],'AskApache PassPro'); $aa_PP['HTPASSWD_RULES']=array_merge($aa_current_htpasswd_users,array(aa_pp_hashit($_POST['aapassformat'],$_POST['addhtaccessuser'],$_POST['addhtaccesspass']))); if(!aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',$aa_PP['HTPASSWD_RULES'])) die('Error Creating '.$aa_PP['htpasswd']); } } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ else if(isset($_POST['changepasswordsettings'])){ if(isset($_POST['htaccessrealm']) && $aa_PP['realm']=$_POST['htaccessrealm']) { $newrealm1=$_POST['htaccessrealm']; if(strlen($newrealm1)>45)$newrealm1=substr($newrealm1, 0, 45); $aa_PP['realm']=$newrealm1; if($aa_PP['S']['sid900']['ON']=='1')aa_pp_activate_sid('sid900'); if($aa_PP['S']['sid800']['ON']=='1')aa_pp_activate_sid('sid800'); } if(isset($_POST['htpasswdfile']) && $_POST['htpasswdfile']!=$aa_PP['htpasswd']){ if(!is_writable(dirname($_POST['htpasswdfile'])) && !touch($_POST['htpasswdfile'])) die($_POST['htpasswdfile'].' location is not writable!'); else { if(!aa_pp_insert_mark($_POST['htpasswdfile'],'AskApache PassPro',aa_pp_extract_mark($aa_PP['htpasswd'],'AskApache PassPro')))die('error writing new password file.'); else aa_pp_unlink($aa_PP['htpasswd']); $aa_PP['htpasswd']=$_POST['htpasswdfile']; if($aa_PP['S']['sid900']['ON']=='1')aa_pp_activate_sid('sid900'); if($aa_PP['S']['sid800']['ON']=='1')aa_pp_activate_sid('sid800'); } } } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ else if(isset($_POST['aappsetupcomplete'])){ if(isset($_POST['aapassformat']))$aa_PP['format']=$_POST['aapassformat']; if(isset($_POST['htaccessuser']) && isset($_POST['htaccesspass'])) $aa_PP['user']=$_POST['htaccessuser']; if(isset($_POST['htaccessrealm']) && $aa_PP['realm']!=$_POST['htaccessrealm']) { if(strlen($aa_PP['realm'])>45)$aa_PP['realm']=substr($aa_PP['realm'], 0, 45); } if(isset($_POST['htpasswdfile'])){ if(!is_writable(dirname($_POST['htpasswdfile'])) && !touch($_POST['htpasswdfile'])) die($_POST['htpasswdfile'].' location is not writable!'); else $aa_PP['htpasswd']=$_POST['htpasswdfile']; } $aa_PP['HTPASSWD_RULES']=array(aa_pp_hashit($_POST['aapassformat'],$_POST['htaccessuser'],$_POST['htaccesspass'])); if(!aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',$aa_PP['HTPASSWD_RULES'])) die('Error Creating '.$aa_PP['htpasswd']); if(isset($_POST['sid900']))aa_pp_activate_sid('sid900'); else aa_pp_erase_sid('sid900'); } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ else if(isset($_POST['updatemodules'])){ if(isset($_POST['sid700']))aa_pp_activate_sid('sid700'); else aa_pp_erase_sid('sid700'); if(isset($_POST['sid800']))aa_pp_activate_sid('sid800'); else aa_pp_erase_sid('sid800'); if(isset($_POST['sid900']))aa_pp_activate_sid('sid900'); else aa_pp_erase_sid('sid900'); if($aa_PP['mod_rewrite_support']=='1'){ if(isset($_POST['sid1000']) || isset($_POST['sid1010']) || isset($_POST['sid1012']) || isset($_POST['sid1015']) || isset($_POST['sid1030'])) aa_pp_activate_sid('modrewrite'); else aa_pp_erase_sid('modrewrite'); if(isset($_POST['sid1000']))aa_pp_activate_sid('sid1000'); else aa_pp_erase_sid('sid1000'); if(isset($_POST['sid1010']))aa_pp_activate_sid('sid1010'); else aa_pp_erase_sid('sid1010'); if(isset($_POST['sid1011']))aa_pp_activate_sid('sid1011'); else aa_pp_erase_sid('sid1011'); if(isset($_POST['sid1012']))aa_pp_activate_sid('sid1012'); else aa_pp_erase_sid('sid1012'); if(isset($_POST['sid1015']))aa_pp_activate_sid('sid1015'); else aa_pp_erase_sid('sid1015'); if(isset($_POST['sid1030']))aa_pp_activate_sid('sid1030'); else aa_pp_erase_sid('sid1030'); } if($aa_PP['mod_security_support']=='1') { if(isset($_POST['sid2000']))aa_pp_activate_sid('modsecurity'); else aa_pp_erase_sid('modsecurity'); if(isset($_POST['sid2000']))aa_pp_activate_sid('sid2000'); else aa_pp_erase_sid('sid2000'); } } if(AA_PP_DEBUG){echo '

';print_r($_POST);echo '

';} update_option('askapache_password_protect',$aa_PP); } // aa_pp_current_users function aa_pp_current_users($HTPASS, $mark){ $CURRENT_USERS=array(); $cu=array(); @ $cu=aa_pp_extract_mark($HTPASS, $mark); if(is_array($cu) && sizeof($cu)>0){ foreach($cu as $key){ $CURRENT_USERS[]=preg_replace('/(.+):(.+)/', "\\1", $key, 1); } } return $CURRENT_USERS; } // aa_pp_unlink function aa_pp_unlink($f) { @ unlink($f); if(!file_exists($f))return true; @ chmod($f,0777); @ unlink($f);if(!file_exists($f))return true; $stat = stat(dirname($f)); $dir_perms = $stat['mode'] & 0007777; @ chmod(dirname($f),$dir_perms); @ unlink($f); if(!file_exists($f))return true; else { die("Couldnt delete $f"); return false; } if(AA_PP_DEBUG){aa_pp_mess('deleted '.$f);} } // aa_pp_file_put_c function aa_pp_file_put_c($filename,$content){ if (function_exists("file_put_contents")) { @ file_put_contents($filename, $content); return true; } else { $fh = @ fopen($filename, 'wb'); if ($fh) { @ fwrite($fh, $content); @ fclose($fh); } else return false; } if(AA_PP_DEBUG){aa_pp_mess('created '.$filename);} return true; } // aa_pp_readfile function aa_pp_readfile($fn,$g=0){ if(file_exists($fn) && filesize($fn)>0) { if(!$f = @fopen($fn, 'rb'))return false; $filecontent = fread($f, filesize($fn)); }else return false; if(fclose($f)){ if($g!==0)return $filecontent; else echo htmlspecialchars($filecontent); } } // aa_pp_mktempdir function aa_pp_mktempdir($dirname,$prefix){ $TRpdirname=tempnam(ABSPATH.'wp-content', $prefix); $stat = stat(ABSPATH.'wp-content'); $dir_perms = $stat['mode'] & 0007777; @ chmod($TRpdirname, $dir_perms); aa_pp_unlink($TRpdirname); if (! @ mkdir($TRpdirname, 0777)) die("Error creating directory $dirname with $prefix"); if(AA_PP_DEBUG){aa_pp_mess('Created temporary directory at'.$TRpdirname);} return $TRpdirname; } // aa_pp_run_tests function aa_pp_run_tests(){ global $aa_PP; echo "

Test for read/write permissions"; if(!is_writable(ABSPATH) || !is_writable(ABSPATH.'wp-admin/') || !is_writable(ABSPATH.'wp-content/')) { echo " [ FAILED ]

"; if(!is_writable(ABSPATH))echo ABSPATH.' needs to be writable by php
'; if(!is_writable(ABSPATH.'wp-admin/'))echo ABSPATH.'wp-admin/ needs to be writable by php
'; if(!is_writable(ABSPATH.'wp-content/'))echo ABSPATH.'wp-content/ needs to be writable by php
'; echo "

NOTE: Never chmod 777 anything, if you must, for directories use 766 but only if 755 will not work and 750 is even better. Likewise the highest you should ever set a file is 666.

"; echo "

Please make the required directories writable by php and reload this page.

"; } else { echo ' [ SUCCESS ]'; $testerror401file= "\n". ''. "\n\n401 Authorization Required\n\n\n

Authorization Required

\n". '

Protected by AskApache Password Protection

'. "\n\n\n"; $testimagefile= ""; if(AA_PP_DEBUG){ aa_pp_mess('Test File 401.php'); aa_pp_mess('

'.htmlentities($testerror401file).'

'); aa_pp_mess('Test File test.php'); aa_pp_mess('

'.htmlentities($testimagefile).'

'); } $absolute_to_root_modrewrite=aa_pp_mktempdir(ABSPATH.'wp-content/', 'askapache'); $rel_to_docroot_mod_rewrite=$aa_PP['root_path'].basename($absolute_to_root_modrewrite).'/'; $testing_mods=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_modrewrite).'/test.php'; $testing_mods_401=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_modrewrite).'/401.php'; $testing_mods_root=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_modrewrite).'/'; if(!aa_pp_file_put_c("$absolute_to_root_modrewrite/401.php",$testerror401file)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); if(!aa_pp_file_put_c("$absolute_to_root_modrewrite/test.php",$testimagefile)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); $modrewritetesthtaccess=array( "DirectoryIndex $rel_to_docroot_mod_rewrite401.php 401.php", "ErrorDocument 401 $rel_to_docroot_mod_rewrite401.php", "ErrorDocument 403 $rel_to_docroot_mod_rewrite401.php", "", "RewriteEngine On", "RewriteBase /", 'RewriteCond %{QUERY_STRING} !^$ [NC]', 'RewriteCond %{QUERY_STRING} !askapachetest1 [NC]', 'RewriteRule .* /? [R=307,L]', "", "", "SecFilterEngine On", 'SecFilter askapachetest1 "deny,nolog,noauditlog,status:503"', "", "", "RedirectMatch 305 ^.*askapacheredirecttest$ ".$aa_PP['scheme']."://".$_SERVER['HTTP_HOST']."/", ""); echo "

Test for .htaccess capability"; if(!aa_pp_insert_mark("$absolute_to_root_modrewrite/.htaccess", 'Test', $modrewritetesthtaccess)) die("Couldnt create $absolute_to_root_modrewrite/.htaccess file!"); $rv=aa_pp_test_userpass(" "," ",$testing_mods_401); if($rv!='500'){ echo ' [ SUCCESS ]'; $aa_PP['htaccess_support']='1'; }else echo ' [ FAILED ]'; echo "

"; echo '

401 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; echo "

Test for mod_alias capability"; $rv=aa_pp_test_userpass(" "," ",$testing_mods_root.'askapacheredirecttest'); if($rv=='305'){ echo ' [ SUCCESS ]'; $aa_PP['mod_alias_support']='1'; }else echo ' [ FAILED ]'; echo "

"; echo '

305 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; echo "

Test for mod_rewrite capability"; $rv=aa_pp_test_userpass(" "," ",$testing_mods."?Q"); if($rv=='307'){ echo ' [ SUCCESS ]'; $aa_PP['mod_rewrite_support']='1'; }else echo ' [ FAILED ]'; echo "

"; echo '

307 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; echo "

Test for mod_security capability"; $rv=aa_pp_test_userpass(" "," ",$testing_mods."?askapachetest1"); if($rv=='503'){ echo ' [ SUCCESS ]'; $aa_PP['mod_security_support']='1'; } else echo ' [ FAILED ]'; echo "

"; echo '

503 Response: '.$rv; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rv); echo '

'; $htpasswds=array(aa_pp_hashit('CRYPT','testCRYPT','testCRYPT'),aa_pp_hashit('MD5','testMD5','testMD5'),aa_pp_hashit('SHA1','testSHA1','testSHA1'),aa_pp_hashit('PLAIN','testPLAIN','testPLAIN')); $absolute_to_root_encryptions=aa_pp_mktempdir(ABSPATH.'wp-content/', 'askapache'); $rel_to_docroot_encryptions=$aa_PP['root_path'].basename($absolute_to_root_encryptions).'/'; $testing_encryptions=$aa_PP['root_path'].'wp-content/'.basename($absolute_to_root_encryptions).'/test.php'; if(!aa_pp_insert_mark("$absolute_to_root_encryptions/.htpasswda1", 'Test', $htpasswds)) die("Error Creating $absolute_to_root_encryptions .htpasswda1 Test files!"); if(!aa_pp_file_put_c("$absolute_to_root_encryptions/401.php",$testerror401file)) die("Error Creating test pages for HTTP Authentication Enabled Test files!"); if(!aa_pp_file_put_c("$absolute_to_root_encryptions/test.php",$testimagefile)) die("Error Creating $absolute_to_root_encryptions test.php for HTTP Authentication Enabled Test files!"); $encryptiontest=array( "DirectoryIndex $rel_to_docroot_encryptions401.php 401.php", "ErrorDocument 401 $rel_to_docroot_encryptions401.php", "ErrorDocument 403 $rel_to_docroot_encryptions401.php", 'Order Deny,Allow','Deny from All','Satisfy Any', 'AuthName "askapache test"', "AuthUserFile $absolute_to_root_encryptions/.htpasswda1", "AuthType Basic", "Require valid-user"); if(!aa_pp_insert_mark("$absolute_to_root_encryptions/.htaccess", 'Test', $encryptiontest)) die("Couldnt create $absolute_to_root_encryptions/.htaccess file!"); foreach($aa_PP['algorithms'] as $key=>$value){ $rg=aa_pp_test_userpass("test$key","test".$key,$testing_encryptions); $rb=aa_pp_test_userpass("fail$key","fail".$key,$testing_encryptions); sleep(1); if($rb=='401'){ $aa_PP['algorithms'][$key]['enabled']='1'; $aa_PP['htaccess_support']='1'; } else $aa_PP['algorithms'][$key]['enabled']='0'; if($rg=='200'){ $aa_PP['algorithms'][$key]['enabled']='1'; $aa_PP['htaccess_support']='1'; } else $aa_PP['algorithms'][$key]['enabled']='0'; echo "

Test for $key encryption capability"; if($aa_PP['algorithms'][$key]['enabled']=='1')echo ' [ SUCCESS ]'; else echo ' [ FAILED ]'; echo "

"; echo '

200 Response: '.$rg; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rg); echo ''; echo '
401 Response:: '.$rb; if(function_exists('get_status_header_desc'))echo ' '.get_status_header_desc($rb); echo '

'; } aa_pp_clean_test(ABSPATH.'wp-content'); update_option('askapache_password_protect',$aa_PP); } return true; } // aa_pp_test_userpass function aa_pp_test_userpass($u,$p,$path){ global $aa_PP; if ( !function_exists('fsockopen') )die('bad fsockopen, couldnt open a socket to your server!'); $response_code=$response=''; $UA='Mozilla/5.0 (compatible; AskApache/'.$aa_PP['plugin_data']['Version'].'; +http://www.askapache.com/)'; $target=(isset($_SERVER["SERVER_ADDR"])) ? $_SERVER["SERVER_ADDR"] : gethostbyname($_SERVER['HTTP_HOST']); if(isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on' || $aa_PP['scheme']=='https') { if(version_compare(phpversion(),'4.3.0','>=')&&function_exists('openssl_open')) $target="ssl://".$target.$_SERVER['SERVER_PORT']; else die('bad'); } $usr=(strlen($u)>3) ? "Authorization: Basic ".base64_encode($u.":".$p)."\r\n\r\n" : "\r\n"; $http_req= "GET $path HTTP/1.1\r\n". "Host: ".$_SERVER['HTTP_HOST']."\r\n". "User-Agent: ".$UA."\r\n". "Accept: */*\r\n". "Referer: http://www.askapache.com\r\n". "Connection: Close\r\n". $usr; if(AA_PP_DEBUG){aa_pp_mess('

Sending this request for the test

');aa_pp_mess('

'.htmlentities($http_req).'

');} if( false!= ($fp = @fsockopen($target, $_SERVER['SERVER_PORT'], $errno, $errstr, 15)) && is_resource($fp)){ @socket_set_timeout($fp,15); if(!fwrite($fp,$http_req,strlen($http_req)))die('bad');; do{ $respons .= fgets($fp, 1160); $fp_status = @socket_get_status($fp); if( $fp_status['timed_out'] ) break; }while (true && !feof($fp)); if(@fclose($fp)){ if(preg_match("|^HTTP/[^\s]*\s(.*?)\s|",$respons, $status))$response_code=$status[1]; else return false;//return false; $respons;//die('garbled response!'); $response = explode("\r\n\r\n", $respons, 2); } }else die('bad fsockopen, couldnt open a socket using the php function fsockopen to your server!'); if(AA_PP_DEBUG){aa_pp_mess('

'.htmlentities($respons).'

');} return $response_code; } // aa_pp_clean_test function aa_pp_clean_test($path, $d=0){ if (substr($path,strlen($path)-1)!= '/') $path .= '/'; if ($handle = opendir ($path)){ while (false !== ($file=readdir($handle))){ if ($file == '.' || $file == '..' || strpos($file,'askapache')===false && $d <= 0) continue; $file = $path.$file; if (!is_dir ($file) && !is_link($file)) @unlink($file); elseif(!is_link($file)) { aa_pp_clean_test($file.'/', $d+1); @rmdir($file.'/'); } } closedir ($handle); } if(AA_PP_DEBUG){aa_pp_mess('Removed temporary test directory'.$path);} } // aa_pp_notify_mail function aa_pp_notify_mail($username,$pass){ $result=false; if ( !is_object( $aappmailer ) || !is_a( $aappmailer, 'PHPMailer' ) && file_exists(ABSPATH . WPINC . '/class-phpmailer.php')) { require_once ABSPATH . WPINC . '/class-phpmailer.php'; $aappmailer = new PHPMailer(); //$attach1=aa_pp_gzip($aa_PP['blog_root_htaccess'],ABSPATH.'wp-admin/htaccess-backup.zip'); //$attach2=aa_pp_gzip(ABSPATH.'wp-admin/.htaccess',ABSPATH.'wp-admin/wpadmin-htaccess-backup.zip'); $message = sprintf("Your AskApache Protected WordPress blog has been modified, keep this email for your records. You can log in to the administrator account with the following information: Username: %1\$s Password: %2\$s We hope you enjoy your new security. Thanks! --AskApache http://www.askapache.com/ ",$username,$pass); $sitename = str_replace('www.','','wordpress@'.strtolower( $_SERVER['SERVER_NAME'])); $user = wp_get_current_user(); $aappmailer->ClearAddresses(); $aappmailer->ClearAllRecipients(); $aappmailer->ClearAttachments(); $aappmailer->ClearBCCs(); $aappmailer->ClearCCs(); $aappmailer->ClearCustomHeaders(); $aappmailer->ClearReplyTos(); $aappmailer->FromName='WordPress'; $aappmailer->From=$from_email; $aappmailer->AddAddress( $user->user_email ); $aappmailer->Subject = '['.get_option('blogname').'] AskApache Password Protection'; $aappmailer->Body = $message; //$aappmailer->AddAttachment($attach1); //$aappmailer->AddAttachment($attach2); $aappmailer->IsMail(); $aappmailer->IsHTML( false ); $aappmailer->CharSet=get_bloginfo( 'charset' ); $result = @$aappmailer->Send(); } aa_pp_unlink($attach1); aa_pp_unlink($attach2); return $result; } // aa_pp_generate_password function aa_pp_generate_password($length = 5) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$!"; $p = ''; for ( $i = 0; $i < $length; $i++ )$p .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); return $p; } // aa_pp_mess function aa_pp_mess($message=''){ ?>

$markerline) { if (strpos($markerline,'# BEGIN '.$marker)!== false)$state = false; if($state) { if ($n+1 < count($markerdata))fwrite($f,"{$markerline}\n"); else fwrite($f, "{$markerline}"); } if (strpos($markerline, '# END ' . $marker) !== false) { if(is_array($insertion) && count($insertion) > 0){ fwrite($f,"# BEGIN {$marker}\n"); if (is_array($insertion)) foreach ( $insertion as $insertline ) fwrite($f, "{$insertline}\n"); fwrite($f, "# END {$marker}\n"); } $state=true; $foundit=true; } } } if (!$foundit) { if(is_array($insertion) && count($insertion) > 0){ fwrite($f,"# BEGIN {$marker}\n"); foreach ($insertion as $insertline)fwrite($f, "{$insertline}\n"); fwrite($f,"# END {$marker}\n"); } } fclose($f); return true; } // aa_pp_hashit function aa_pp_hashit($format,$user='',$pass=''){ if(!function_exists('crypt') || !function_exists('sha1'))die("Error Creating .htpasswd hashes! Need crypt or sha1"); $hash=''; switch ($format){ case 'PLAIN': $hash=$user.':'.$pass; break; case 'CRYPT': $seed = NULL; for ($i = 0; $i < 8; $i++) {$seed .= substr('0123456789abcdef', rand(0,15), 1);} $hash=$user.':'.crypt($pass, "$1$".$seed); break; case 'SHA1': $hash=$user.':{SHA}'.base64_encode(pack("H*", sha1($pass))); break; case 'MD5': // php.net/crypt.php#73619 $saltt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8); $len = strlen($pass);$text = $pass.'$apr1$'.$saltt;$bin = pack("H32", md5($pass.$saltt.$pass)); for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); } for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $pass{0}; } $bin = pack("H32", md5($text)); for($i=0; $i<1000; $i++) { $new = ($i & 1) ? $pass : $bin; if ($i % 3) $new .= $saltt; if ($i % 7) $new .= $pass; $new .= ($i & 1) ? $bin : $pass; $bin = pack("H32", md5($new)); } for($i=0; $i<5; $i++) { $k = $i + 6; $j=$i + 12; if($j==16){ $j = 5; } $TRp = $bin[$i].$bin[$k].$bin[$j].$TRp; } $TRp = chr(0).chr(0).$bin[11].$TRp; $TRp = strtr(strrev(substr(base64_encode($TRp), 2)),"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"); $hash="$user:$"."apr1"."$".$saltt."$".$TRp; break; } if(AA_PP_DEBUG){aa_pp_mess('Created '.$format.' Hash for '.$user.' with Password '.$pass);aa_pp_mess('

'.$hash.'

');} return $hash; } // aa_pp_activate function aa_pp_activate(){ global $aa_PP; $aa_PP=array(); $oldoptions=array('aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message','aa_plugin_version','aa_home','aa_wpadmin', 'aa_htpasswd_f','aa_htaccess_f','aa_user','aa_plugin_message','aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message', 'aa_plugin_version','aa_pp_docroot_htaccess','aa_pp_wp_includes_htaccess','aa_pp_wp_content_htaccess','aa_pp_wp_includes_htaccess','aa_pp_main_base64','aa_pp_ok'); foreach($oldoptions as $key)delete_option($key); $aa_PP['htpasswd'] = ABSPATH.'.htpasswda1'; $aa_PP['htaccessusers']=aa_pp_current_users($aa_PP['htpasswd'],'AskApache PassPro'); $aa_PP['realm']='Protected By AskApache'; $aa_PP['user']='admin'; $aa_PP['format']='SHA1'; $home_path = parse_url(get_option('home')); $aa_PP['scheme'] =$home_path['scheme']; $aa_PP['plugin_data'] =get_plugin_data(__FILE__); $aa_PP['pass'] =aa_pp_generate_password(); $aa_PP['blog_root_htaccess'] = ABSPATH.'.htaccess'; $aa_PP['root_path'] =$home_path['path'].'/'; $aa_PP['config_step'] ='1'; $aa_PP['htaccess_support'] ='0'; $aa_PP['mod_alias_support'] ='0'; $aa_PP['mod_security_support'] ='0'; $aa_PP['mod_rewrite_support'] ='0'; $aa_PP['algorithms']=array( 'CRYPT' => array('enabled'=>0,'desc'=>'Unix only. Uses the traditional Unix crypt function with a randomly-generated 32-bit salt.'), 'MD5' => array('enabled'=>0,'desc'=>'Base64-encoded SHA-1 digest of the password.'), 'SHA1' => array('enabled'=>0,'desc'=>'Apache-specific algorithm using an iterated MD5 digest of random 32-bit salt and the password.'), 'PLAIN' => array('enabled'=>0,'desc'=>'(i.e. unencrypted) Windows, BEOS, & Netware only') ); $aa_PP['S']['sid700']=array( 'ON'=>'0', 'TITLE'=>'Directory Protection', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'Disable', 'DESC'=>'Enable the DirectoryIndex Protection, preventing directory index listings'); $aa_PP['S']['sid800']=array( 'ON'=>'0', 'TITLE'=>'Password Protect wp-login.php', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'401', 'DESC'=>'Requires a valid user/pass to access the login page'); $aa_PP['S']['sid900']=array( 'ON'=>'0', 'TITLE'=>'Password Protect wp-admin', 'FILE'=>ABSPATH.'wp-admin/.htaccess', 'RESP'=>'401', 'DESC'=>'Requires a valid user/pass to access any non-static (css, js, images) file in this directory'); $aa_PP['S']['modrewrite']=array( 'ON'=>'0', 'TITLE'=>'Mod_Rewrite Support', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'Read More', 'DESC'=>'Uses the Apache Module mod_rewrite'); $aa_PP['S']['sid1000']=array( 'ON'=>'0', 'TITLE'=>'Protect wp-content', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'401', 'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden'); $aa_PP['S']['sid1010']=array( 'ON'=>'0', 'TITLE'=>'Protect wp-includes', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'403', 'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden'); $aa_PP['S']['sid1011']=array( 'ON'=>'0', 'TITLE'=>'Common Exploits', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'403', 'DESC'=>'Block common exploit requests with 403 Forbidden'); $aa_PP['S']['sid1012']=array( 'ON'=>'0', 'TITLE'=>'Stop Hotlinking', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'403', 'DESC'=>'Denies any request for static files (images, css, etc) if bad referrer'); $aa_PP['S']['sid1015']=array( 'ON'=>'0', 'TITLE'=>'Safe Request Methods', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'403', 'DESC'=>'Denies any request not using GET,POST,OPTIONS,PUT,HEAD'); $aa_PP['S']['sid1030']=array( 'ON'=>'0', 'TITLE'=>'SSL-Only Site', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'301', 'DESC'=>'Redirects all non-SSL (https) requests to your https-enabled url'); $aa_PP['S']['modsecurity']=array( 'ON'=>'0', 'TITLE'=>'Mod_Security Support', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'Read More', 'DESC'=>'Uses the Apache Module mod_security'); $aa_PP['S']['sid2000']=array( 'ON'=>'0', 'TITLE'=>'Anti-Spam, Anti-Exploits', 'FILE'=>$aa_PP['blog_root_htaccess'], 'RESP'=>'Read More', 'DESC'=>'Denies Obvious Spam and uses advanced mod_security protection'); // delete these old files if(is_file(ABSPATH.'wp-includes/.htaccess')) aa_pp_unlink(ABSPATH.'wp-includes/.htaccess'); if(is_file(ABSPATH.'wp-content/.htaccess')) aa_pp_unlink(ABSPATH.'wp-content/.htaccess'); aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', ''); foreach($aa_PP['S'] as $n=>$sid)aa_pp_erase_sid($n); update_option('askapache_password_protect',$aa_PP); } // aa_pp_deactivate function aa_pp_deactivate(){ global $aa_PP; $aa_PP=get_option('askapache_password_protect'); foreach($aa_PP['S'] as $n=>$sid)aa_pp_erase_sid($n); aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', ''); delete_option('askapache_password_protect'); } register_activation_hook(__FILE__, 'aa_pp_activate'); register_deactivation_hook(__FILE__, 'aa_pp_deactivate'); if( strpos($_SERVER['REQUEST_URI'], basename(__FILE__))!==false ) add_action('admin_head', 'aa_pp_admin_header'); add_action('admin_menu', 'aa_pp_options_setup1'); ?>