Get WordPress

Plugin Directory

Changeset 770426

Timestamp:
09/11/2013 09:33:29 PM (11 years ago)
Author:
sean212
Message:

2.1 changes

Location:
lockdown-wp-admin/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • lockdown-wp-admin/trunk/README.md

    r738058 r770426  
    18182. Activate the plugin through the 'Plugins' menu in WordPress
    19193. Navigate to the "Lockdown WP" menu
     20
     21
    2022
    2123### FAQ
     
    9395* Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham)
    9496* Issues with WordPress in a sub-directory
     97
     98
     99
     100
     101

  • lockdown-wp-admin/trunk/admin.php

    r738058 r770426  
    99    <?php endif;
    1010if ( defined('LD_DIS_BASE') && LD_DIS_BASE == TRUE ) : ?>
    11     <div class="updated fade">
     11    <div class="updated fade">
    1212        <p>You can't make that your URL Base! </p>
    1313    </div>
     
    1818<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script><br />
    1919        I tweet a lot of things and often post whenever I update this plugin. You should follow me <a href="http://twitter.com/srtfisher">@srtfisher</a></p>
    20    
     20
    2121    <form method="POST" action="<?php echo admin_url('admin.php?page=lockdown-wp-admin'); ?>">
    2222       
     
    3333            <input type="text" name="login_base" value="<?php echo $this->login_base; ?>" />
    3434            <br />
    35             <em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>black</strong>, it will be disabled.<br />
    36             Say if you put "login" into the box, your new login URL will be <?php echo home_url(); ?>/login/.</em></label>
     35            <em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>blak</strong>, it will be disabled.<br />
     36            Say if you put "" into the box, your new login URL will be <?php echo home_url(); ?>/login/.</em></label>
    3737        <?php
    3838global $auth_obj;
     
    4040?>
    4141        <p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>
     42
     43
     44
     45
     46
     47
     48
     49
    4250        <blockquote>
    4351            <h4>Please Note Something!</h4>

  • lockdown-wp-admin/trunk/lockdown-wp-admin.php

    r738058 r770426  
    55Donate link: http://seanfisher.co/donate/
    66Description: Securing the WordPress Administration interface by concealing the administration dashboard and changing the login page URL.
    7 Version: 2.0.2
     7Version: 2.
    88Author: Sean Fisher
    99Author URI: http://seanfisher.co/
     
    1818 *
    1919 * @author   Sean Fisher <me@seanfisher.co>
    20  * @version  2.0.2
     20 * @version  2.
    2121 * @license   GPL
    2222**/
     
    2929     * @access private
    3030    **/
    31     public $ld_admin_version = '2.0.2';
     31    public $ld_admin_version = '2.';
    3232   
    3333    /**
     
    5454    protected $login_base = FALSE;
    5555   
     56
     57
     58
     59
     60
     61
     62
     63
     64
     65
     66
     67
     68
     69
    5670    public function __construct()
    5771    {
     
    110124    public function update_users()
    111125    {
    112         if (! isset( $_GET['page'] ) )
     126        if (! isset( $_GET['page'] ) )
    113127            return;
    114128       
     
    117131       
    118132        // Nonce
    119         if ( !isset( $_REQUEST['_wpnonce'] ) )
     133        if ( !isset( $_REQUEST['_wpnonce'] ) )
    120134            return;
    121135       
     
    199213        // Nonce
    200214        $nonce = $_POST['_wpnonce'];
    201         if (! wp_verify_nonce($nonce, 'lockdown-wp-admin') )
     215        if (! wp_verify_nonce($nonce, 'lockdown-wp-admin') )
    202216            wp_die('Security error, please try again.');
    203217       
     
    210224            update_option('ld_http_auth', 'none' );
    211225       
    212         if ( !isset( $_POST['hide_wp_admin'] ) )
     226        if ( !isset( $_POST['hide_wp_admin'] ) )
    213227        {
    214228            update_option('ld_hide_wp_admin', 'nope');
     
    224238        if ( isset( $_POST['login_base'] ) )
    225239        {
    226             $exp = explode('/', $_POST['login_base'], 2);
    227             $base = reset( $exp );
    228             $base = sanitize_title_with_dashes( $base);
     240            $base = sanitize_title_with_dashes( $_POST['login_base']);
    229241            $base = str_replace('/', '', $base);
    230242           
    231243            $disallowed = array(
    232244                'user', 'wp-admin', 'wp-content', 'wp-includes', 'wp-feed.php', 'index', 'feed', 'rss', 'robots', 'robots.txt', 'wp-login.php',
     245
    233246            );
    234247            if ( in_array( $base, $disallowed ) )
    235248            {
    236                 define('LD_DIS_BASE', TRUE);
     249                define('LD_DIS_BASE', TRUE);
    237250            }
    238251            else
     
    284297    /**
    285298     * Setup hiding wp-admin
    286      *
    287      * @access void
    288299    **/
    289300    protected function setup_hide_admin()
    290301    {
    291302        $opt = get_option('ld_hide_wp_admin');
    292        
     303
    293304        // Nope, they didn't enable it.
    294         if ( $opt !== 'yep' )
    295             return $this->setup_http_area();
     305        if ( $opt !== 'yep' ) return;
    296306       
    297307        // We're gonna hide it.
     
    305315        $file = end( $explode );
    306316           
     317
     318
     319
     320
    307321            if ( in_array( $file, $no_check_files ) )
    308             {
    309             define('INTERNAL_AUTH_PASSED', TRUE);
    310             return;
    311         }
    312 
    313         // Disable for WP-CLI
    314         if ( defined('WP_CLI') AND WP_CLI )
    315         {
    316             define('INTERNAL_AUTH_PASSED', TRUE);
    317             return;
    318         }
     322            return $this->passed(true);
    319323       
    320324        // We only will hide it if we are in admin (/wp-admin/)
     
    350354    /**
    351355     * Setting up the HTTP Auth
    352      *
    353356     * Here, we only check if it's enabled
    354357     *
     
    384387                // Already logged in?
    385388                if ( $current_uid === $requested_uid )
    386                 {
    387                     define('INTERNAL_AUTH_PASSED', TRUE);
    388                     return;
    389                 }
     389                    return $this->passed(true);
    390390               
    391391                // Attempt to sign them in if they aren't already
     
    404404               
    405405                // They passed!
    406                 define('INTERNAL_AUTH_PASSED', TRUE);
     406                );
    407407            break;
    408408           
     
    430430                if ( $this->user_array_check( $users, $creds['username'], $creds['password'] ) )
    431431                {
    432                     define('INTERNAL_AUTH_PASSED', TRUE);
     432                    );
    433433                    $this->set_current_user( $users, $creds['username'] );
    434434                    return;
     
    552552    {
    553553        $login_base = get_option('ld_login_base');
    554        
     554
    555555        // It's not enabled.
    556556        if ( $login_base == NULL || ! $login_base || $login_base == '' )
     
    666666        exit;
    667667    }
     668
     669
     670
     671
     672
     673
     674
     675
     676
     677
     678
     679
     680
     681
     682
     683
     684
     685
     686
     687
     688
     689
     690
     691
     692
     693
     694
     695
     696
     697
     698
     699
     700
     701
     702
     703
     704
     705
     706
     707
     708
     709
     710
    668711}
    669712
    670713/**
    671714 * The function called at 'init'.
    672  *
    673715 * Sets up the object
    674716 *
    675  * @return void
     717 * @return
    676718 * @access private
    677719 * @since 1.0
     
    683725    $class = apply_filters('ld_class', 'WP_LockAuth');
    684726    $auth_obj = new $class();
     727
     728
    685729}
    686730

  • lockdown-wp-admin/trunk/no-wpmu.php

    r738058 r770426  
    88{
    99    /**
    10      * PHP 4 style constructor
     10     * onstructor
    1111     *
    12      * @access private
    1312     * @return void
    1413    **/
    15     function Disable_WPMS_Plugin_LD()
     14    function ()
    1615    {
    1716        register_activation_hook(LD_FILE_NAME, array( &$this, 'on_activate') );
     
    2524    function on_activate()
    2625    {
    27         /**
    28          * Disable buggy sitewide activation in WPMU and WP 3.0
    29          */
    30         if ((is_multisite() && isset($_GET['sitewide'])) || ($this->is_network_mode() && isset($_GET['networkwide']))) {
    31             $this->network_activate_error();
    32         }
     26        // Disable buggy sitewide activation in WPMU and WP 3.0
     27        if ((is_multisite() && isset($_GET['sitewide'])) || ($this->is_network_mode() && isset($_GET['networkwide'])))
     28            $this->network_activate_error();
    3329       
    3430        // Default options
     
    4238     * @access private
    4339    **/
    44     function network_activate_error()
     40    function network_activate_error()
    4541    {
    4642        // De-activate the plugin
     
    6763        update_site_option('active_sitewide_plugins', $active_plugins_network);
    6864       
    69         ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    70 <html xmlns="http://www.w3.org/1999/xhtml">
    71     <head>
    72         <title>Network Activation Error</title>
    73         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    74     </head>
    75     <body>
    76         <p>
    77             <strong>Error:</strong> This plugin cannot be activated network-wide.
    78         </p>
    79         <p>
    80             <a href="javascript:history.back(-1);">Back</a>         
    81         </p>
    82     </body>
    83 </html>
    84 <?php
    85         exit();
     65        wp_die('The plugin cannot be activate network-wide.');
    8666    }
    8767   
     
    10585
    10686// The object.
    107 $setup_no_wpmu = new Disable_WPMS_Plugin_LD();
     87$setup_no_wpmu = new Disable_WPMS_Plugin_LD;
    10888
    10989/* End of file: no-wpmu.php */

  • lockdown-wp-admin/trunk/readme.txt

    r738058 r770426  
    55Tags: security, secure, lockdown, vulnerability, website security, wp-admin, login, hide login, rename login, http auth, 404, lockdown, srtfisher, secure
    66Requires at least: 3.3
    7 Tested up to: 3.5.1
    8 Stable tag: 2.0.2
     7Tested up to: 3.
     8Stable tag: 2.
    99
    1010Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php) as well as add HTTP authentication to the login system. We can also change the login URL from wp-login.php to whatever you'd like: /login, /log-in-here, etc.
     
    9898* Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham)
    9999* Issues with WordPress in a sub-directory
     100
     101
     102
     103
     104
Note: See TracChangeset for help on using the changeset viewer.