Changeset 770426
- Timestamp:
- 09/11/2013 09:33:29 PM (11 years ago)
- Location:
- lockdown-wp-admin/trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
lockdown-wp-admin/trunk/README.md
r738058 r770426 18 18 2. Activate the plugin through the 'Plugins' menu in WordPress 19 19 3. Navigate to the "Lockdown WP" menu 20 21 20 22 21 23 ### FAQ … … 93 95 * Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham) 94 96 * Issues with WordPress in a sub-directory 97 98 99 100 101 -
lockdown-wp-admin/trunk/admin.php
r738058 r770426 9 9 <?php endif; 10 10 if ( defined('LD_DIS_BASE') && LD_DIS_BASE == TRUE ) : ?> 11 <div class="updated fade">11 <div class="updated fade"> 12 12 <p>You can't make that your URL Base! </p> 13 13 </div> … … 18 18 <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script><br /> 19 19 I tweet a lot of things and often post whenever I update this plugin. You should follow me <a href="http://twitter.com/srtfisher">@srtfisher</a></p> 20 20 21 21 <form method="POST" action="<?php echo admin_url('admin.php?page=lockdown-wp-admin'); ?>"> 22 22 … … 33 33 <input type="text" name="login_base" value="<?php echo $this->login_base; ?>" /> 34 34 <br /> 35 <em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>bla ck</strong>, it will be disabled.<br />36 Say if you put " login" into the box, your new login URL will be <?php echo home_url(); ?>/login/.</em></label>35 <em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>blak</strong>, it will be disabled.<br /> 36 Say if you put "" into the box, your new login URL will be <?php echo home_url(); ?>/login/.</em></label> 37 37 <?php 38 38 global $auth_obj; … … 40 40 ?> 41 41 <p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p> 42 43 44 45 46 47 48 49 42 50 <blockquote> 43 51 <h4>Please Note Something!</h4> -
lockdown-wp-admin/trunk/lockdown-wp-admin.php
r738058 r770426 5 5 Donate link: http://seanfisher.co/donate/ 6 6 Description: Securing the WordPress Administration interface by concealing the administration dashboard and changing the login page URL. 7 Version: 2. 0.27 Version: 2. 8 8 Author: Sean Fisher 9 9 Author URI: http://seanfisher.co/ … … 18 18 * 19 19 * @author Sean Fisher <me@seanfisher.co> 20 * @version 2. 0.220 * @version 2. 21 21 * @license GPL 22 22 **/ … … 29 29 * @access private 30 30 **/ 31 public $ld_admin_version = '2. 0.2';31 public $ld_admin_version = '2.'; 32 32 33 33 /** … … 54 54 protected $login_base = FALSE; 55 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 56 70 public function __construct() 57 71 { … … 110 124 public function update_users() 111 125 { 112 if ( ! isset( $_GET['page'] ) )126 if (! isset( $_GET['page'] ) ) 113 127 return; 114 128 … … 117 131 118 132 // Nonce 119 if ( ! isset( $_REQUEST['_wpnonce'] ) )133 if ( !isset( $_REQUEST['_wpnonce'] ) ) 120 134 return; 121 135 … … 199 213 // Nonce 200 214 $nonce = $_POST['_wpnonce']; 201 if ( ! wp_verify_nonce($nonce, 'lockdown-wp-admin') )215 if (! wp_verify_nonce($nonce, 'lockdown-wp-admin') ) 202 216 wp_die('Security error, please try again.'); 203 217 … … 210 224 update_option('ld_http_auth', 'none' ); 211 225 212 if ( ! isset( $_POST['hide_wp_admin'] ) )226 if ( !isset( $_POST['hide_wp_admin'] ) ) 213 227 { 214 228 update_option('ld_hide_wp_admin', 'nope'); … … 224 238 if ( isset( $_POST['login_base'] ) ) 225 239 { 226 $exp = explode('/', $_POST['login_base'], 2); 227 $base = reset( $exp ); 228 $base = sanitize_title_with_dashes( $base); 240 $base = sanitize_title_with_dashes( $_POST['login_base']); 229 241 $base = str_replace('/', '', $base); 230 242 231 243 $disallowed = array( 232 244 'user', 'wp-admin', 'wp-content', 'wp-includes', 'wp-feed.php', 'index', 'feed', 'rss', 'robots', 'robots.txt', 'wp-login.php', 245 233 246 ); 234 247 if ( in_array( $base, $disallowed ) ) 235 248 { 236 define('LD_DIS_BASE', TRUE);249 define('LD_DIS_BASE', TRUE); 237 250 } 238 251 else … … 284 297 /** 285 298 * Setup hiding wp-admin 286 *287 * @access void288 299 **/ 289 300 protected function setup_hide_admin() 290 301 { 291 302 $opt = get_option('ld_hide_wp_admin'); 292 303 293 304 // Nope, they didn't enable it. 294 if ( $opt !== 'yep' ) 295 return $this->setup_http_area(); 305 if ( $opt !== 'yep' ) return; 296 306 297 307 // We're gonna hide it. … … 305 315 $file = end( $explode ); 306 316 317 318 319 320 307 321 if ( in_array( $file, $no_check_files ) ) 308 { 309 define('INTERNAL_AUTH_PASSED', TRUE); 310 return; 311 } 312 313 // Disable for WP-CLI 314 if ( defined('WP_CLI') AND WP_CLI ) 315 { 316 define('INTERNAL_AUTH_PASSED', TRUE); 317 return; 318 } 322 return $this->passed(true); 319 323 320 324 // We only will hide it if we are in admin (/wp-admin/) … … 350 354 /** 351 355 * Setting up the HTTP Auth 352 *353 356 * Here, we only check if it's enabled 354 357 * … … 384 387 // Already logged in? 385 388 if ( $current_uid === $requested_uid ) 386 { 387 define('INTERNAL_AUTH_PASSED', TRUE); 388 return; 389 } 389 return $this->passed(true); 390 390 391 391 // Attempt to sign them in if they aren't already … … 404 404 405 405 // They passed! 406 define('INTERNAL_AUTH_PASSED', TRUE);406 ); 407 407 break; 408 408 … … 430 430 if ( $this->user_array_check( $users, $creds['username'], $creds['password'] ) ) 431 431 { 432 define('INTERNAL_AUTH_PASSED', TRUE);432 ); 433 433 $this->set_current_user( $users, $creds['username'] ); 434 434 return; … … 552 552 { 553 553 $login_base = get_option('ld_login_base'); 554 554 555 555 // It's not enabled. 556 556 if ( $login_base == NULL || ! $login_base || $login_base == '' ) … … 666 666 exit; 667 667 } 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 668 711 } 669 712 670 713 /** 671 714 * The function called at 'init'. 672 *673 715 * Sets up the object 674 716 * 675 * @return void717 * @return 676 718 * @access private 677 719 * @since 1.0 … … 683 725 $class = apply_filters('ld_class', 'WP_LockAuth'); 684 726 $auth_obj = new $class(); 727 728 685 729 } 686 730 -
lockdown-wp-admin/trunk/no-wpmu.php
r738058 r770426 8 8 { 9 9 /** 10 * PHP 4 style constructor10 * onstructor 11 11 * 12 * @access private13 12 * @return void 14 13 **/ 15 function Disable_WPMS_Plugin_LD()14 function () 16 15 { 17 16 register_activation_hook(LD_FILE_NAME, array( &$this, 'on_activate') ); … … 25 24 function on_activate() 26 25 { 27 /** 28 * Disable buggy sitewide activation in WPMU and WP 3.0 29 */ 30 if ((is_multisite() && isset($_GET['sitewide'])) || ($this->is_network_mode() && isset($_GET['networkwide']))) { 31 $this->network_activate_error(); 32 } 26 // Disable buggy sitewide activation in WPMU and WP 3.0 27 if ((is_multisite() && isset($_GET['sitewide'])) || ($this->is_network_mode() && isset($_GET['networkwide']))) 28 $this->network_activate_error(); 33 29 34 30 // Default options … … 42 38 * @access private 43 39 **/ 44 function network_activate_error()40 function network_activate_error() 45 41 { 46 42 // De-activate the plugin … … 67 63 update_site_option('active_sitewide_plugins', $active_plugins_network); 68 64 69 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 70 <html xmlns="http://www.w3.org/1999/xhtml"> 71 <head> 72 <title>Network Activation Error</title> 73 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 74 </head> 75 <body> 76 <p> 77 <strong>Error:</strong> This plugin cannot be activated network-wide. 78 </p> 79 <p> 80 <a href="javascript:history.back(-1);">Back</a> 81 </p> 82 </body> 83 </html> 84 <?php 85 exit(); 65 wp_die('The plugin cannot be activate network-wide.'); 86 66 } 87 67 … … 105 85 106 86 // The object. 107 $setup_no_wpmu = new Disable_WPMS_Plugin_LD ();87 $setup_no_wpmu = new Disable_WPMS_Plugin_LD; 108 88 109 89 /* End of file: no-wpmu.php */ -
lockdown-wp-admin/trunk/readme.txt
r738058 r770426 5 5 Tags: security, secure, lockdown, vulnerability, website security, wp-admin, login, hide login, rename login, http auth, 404, lockdown, srtfisher, secure 6 6 Requires at least: 3.3 7 Tested up to: 3. 5.18 Stable tag: 2. 0.27 Tested up to: 3. 8 Stable tag: 2. 9 9 10 10 Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php) as well as add HTTP authentication to the login system. We can also change the login URL from wp-login.php to whatever you'd like: /login, /log-in-here, etc. … … 98 98 * Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham) 99 99 * Issues with WordPress in a sub-directory 100 101 102 103 104
Note: See TracChangeset
for help on using the changeset viewer.