WordPress.org
Get WordPress

Plugin Directory

Changeset 2793604


Ignore:
Timestamp:
10/03/2022 05:25:34 PM (3 years ago)
Author:
guardgiant
Message:

Updating version 2.2.5

Location:
guardgiant/trunk
Files:
2 added
6 edited

Legend:

Unmodified
Added
Removed

  • guardgiant/trunk/README.txt

    r2655897 r2793604  
    33Tags: Brute Force, Brute Force Protection, login security, login protection, limit login, stop brute force attacks, brute force login protection
    44Requires at least: 3.3
    5 Tested up to: 5.9
    6 Stable tag: 2.2.4
     5Tested up to: 6.0
     6Stable tag: 2.2.5
    77Requires PHP: 5.4
    88License: GPLv2 or later
     
    1313== Description ==
    1414
    15 = Security Features =
     15= Brute Force =
    1616* **Brute force protection**
    17 * **Stop brute force attacks to hack passwords**
    18 * **Stop brute force attacks to find WordPress accounts**
    19 * **Limit login attempts**
     17* **Stop brute force attacks**
     18* **Brute force login**
    2019* **Login history**
    21 * **Security audit log**
    22 * **Brute force protection against distributed attacks**
    23 * **Brute force login protection**
     20* **Audit log**
     21
    2422
    2523The only plugin with 100% brute force protection that doesn't lock out genuine users.
     
    243241== Changelog ==
    244242
     243
     244= 2.2.5 =
     245* Added the ability to set how long records are retained in the acitivty log.
     246* Minor bug fixes.
     247
    245248= 2.2.4 =
    246 * Minor bug fixes
     249* Minor bug fixes.
    247250
    248251= 2.2.3 =
     
    252255
    253256= 2.2.2 =
    254 * Performance improvements
     257* Performance improvements.
    255258
    256259= 2.2.1 =

  • guardgiant/trunk/admin/class-guardgiant-admin.php

    r2655902 r2793604  
    6767     */
    6868    public function register_settings_page() {
     69
    6970        // Create our menu page.
     71        Guardgiant_Admin::apply_default_settings_if_needed();
    7072
    7173        add_menu_page(
     
    521523        );
    522524
     525        add_settings_field(
     526            'delete_login_activity_records_from_db_after_days',                                 // ID used to identify the field
     527            __( 'Activity Log', 'guardgiant' ),                 // The label to the left of the option interface element
     528            array( $this, 'settings_field_input_number_callback' ), // The name of the function responsible for rendering the option interface
     529            'guardgiant_general_settings_page',                                 // The page on which this option will be displayed
     530            'guardgiant_general_settings_section',                      // The name of the section to which this field belongs
     531            array(
     532                'label_for' => 'delete_login_activity_records_from_db_after_days',
     533                'before_text'   => 'Keep records for ',
     534                'after_text' => 'days'
     535               
     536            )                                                           // The array of arguments to pass to the callback
     537        );
     538
    523539        // Here we are going to add a section for general settings.
    524540        add_settings_section(
     
    601617        $reverse_proxy_tab_fields = array('auto_detect_reverse_proxy','site_uses_reverse_proxy','reverse_proxy_trusted_header');
    602618
    603         $general_settings_tab_fields = array('obfuscate_login_errors','show_mins_remaining_in_error_msg','use_ip_address_geolocation','disable_xmlrpc','require_wordpress_api_auth');
     619        $general_settings_tab_fields = array('obfuscate_login_errors','show_mins_remaining_in_error_msg','use_ip_address_geolocation','disable_xmlrpc','require_wordpress_api_auth', 'delete_login_activity_records_from_db_after_days');
    604620
    605621        // which tab are we currently working on
     
    685701                    case 'num_of_failed_logins_before_mitigation_starts':
    686702                    case 'mins_to_lockout_account':
     703                    case 'delete_login_activity_records_from_db_after_days':
    687704                        $sanitized_value = sanitize_text_field( trim($value) );
    688705                        if (filter_var($sanitized_value, FILTER_VALIDATE_INT) !== false)
     
    702719            }
    703720        }
    704        
    705721       
    706722        return $new_input;
     
    13651381            $block_api_content = '<p>' . __('Some API endpoints will list all the users on your website. For security reasons it is best to disable guest access to this feature.') . '</p>';
    13661382
     1383            $delete_old_log_records = '<p>' . __('Choose how long to keep entries in the login activity log. Older records will be periodically deleted.','guardgiant') . '</p>';
     1384
    13671385            $current_screen->add_help_tab( array(
    13681386                'id' => 'gg_help_login_errors',
     
    13931411                ); 
    13941412
     1413            $current_screen->add_help_tab( array(
     1414                'id' => 'delete_old_log_records',
     1415                'title' => __('Activity Log','guardgiant'),
     1416                'content' => $delete_old_log_records
     1417                )
     1418                ); 
    13951419               
    13961420        }
    13971421    }
    13981422
     1423
     1424
     1425    /**
     1426     * Checks that default settings have been set
     1427     *
     1428     * @since    1.0.0
     1429     *
     1430     *   
     1431     */
     1432    public static function apply_default_settings_if_needed() {
     1433       
     1434        // if this is a new installation then we record install date etc
     1435        $install_settings = get_option('guardgiant-install');
     1436        if (!$install_settings) {
     1437            $install_settings = array();
     1438            $install_settings['orig_install_date'] = time();
     1439            $install_settings['current_version'] = GUARDGIANT_VERSION;
     1440            add_option('guardgiant-install',$install_settings);
     1441            $prev_installed_version = 'none';
     1442        } else {
     1443           
     1444            // make a note of previous installed version
     1445            $prev_installed_version = $install_settings['current_version'];
     1446            $install_settings['current_version'] = GUARDGIANT_VERSION;
     1447            update_option('guardgiant-install',$install_settings);
     1448           
     1449        }
     1450
     1451        // if this is a new installation then we need to put in some default settings
     1452        $default_settings = get_option('guardgiant-settings');
     1453        if (!$default_settings) {
     1454            $prev_installed_version = 'none';
     1455            $default_settings = array();
     1456            add_option('guardgiant-settings',$default_settings);
     1457        }
     1458
     1459        switch ($prev_installed_version) {
     1460            case 'none':
     1461                $default_settings['enable_blocking_of_ips_with_multiple_failed_login_attempts'] = GUARDGIANT_DEFAULT_ENABLE_BLOCKING_OF_IPS;
     1462                $default_settings['num_of_failed_logins_by_IP_before_mitigation_starts'] = GUARDGIANT_DEFAULT_NUM_OF_FAILED_LOGINS_BY_IP_BEFORE_MITIGATION_STARTS;
     1463                $default_settings['mins_to_block_ip'] = GUARDGIANT_DEFAULT_MINS_TO_BLOCK_IP;
     1464                $default_settings['block_IP_on_each_subsequent_failed_attempt'] = GUARDGIANT_DEFAULT_BLOCK_IP_ON_EACH_SUBSEQUENT_FAILED_ATTEMPT;
     1465                $default_settings['block_IP_on_each_subsequent_failed_attempt_mins'] = GUARDGIANT_DEFAULT_BLOCK_IP_ON_EACH_SUBSEQUENT_FAILED_ATTEMPT_MINS;
     1466                $default_settings['expire_ip_failed_logins_record'] = GUARDGIANT_DEFAULT_EXPIRE_IP_FAILED_LOGINS_RECORD;
     1467                $default_settings['expire_ip_failed_logins_record_in_hours'] = GUARDGIANT_DEFAULT_EXPIRE_IP_FAILED_LOGINS_RECORD_IN_HOURS;
     1468                $default_settings['reset_IP_failed_login_count_after_successful_login'] = GUARDGIANT_DEFAULT_RESET_IP_FAILED_LOGIN_COUNT_AFTER_SUCCESSFUL_LOGIN;
     1469       
     1470                $default_settings['enable_lockout_of_users_with_multiple_failed_login_attempts'] = GUARDGIANT_DEFAULT_ENABLE_LOCKOUT_OF_USERS;
     1471                $default_settings['num_of_failed_logins_before_mitigation_starts'] = GUARDGIANT_DEFAULT_NUM_OF_FAILED_LOGINS_BEFORE_MITIGATION_STARTS;
     1472                $default_settings['mins_to_lockout_account'] = GUARDGIANT_DEFAULT_MINS_TO_LOCKOUT_ACCOUNT;
     1473       
     1474                $default_settings['never_lockout_trusted_users'] = GUARDGIANT_DEFAULT_NEVER_LOCKOUT_TRUSTED_USERS;
     1475                $default_settings['notify_user_of_login_from_new_device'] = GUARDGIANT_DEFAULT_NOTIFY_USER_OF_LOGIN_FROM_NEW_DEVICE;
     1476       
     1477                $default_settings['enable_login_captcha'] = GUARDGIANT_DEFAULT_ENABLE_LOGIN_CAPTCHA;
     1478                $default_settings['num_of_failed_logins_by_IP_before_captcha_shown'] = GUARDGIANT_DEFAULT_NUM_OF_FAILED_LOGINS_BY_IP_BEFORE_CAPTCHA_SHOWN;
     1479       
     1480                $default_settings['whitelist_users'] = '';
     1481                $default_settings['whitelist_ip_addresses'] = '';
     1482                $default_settings['obfuscate_login_errors'] = GUARDGIANT_DEFAULT_OBFUSCATE_LOGIN_ERRORS;
     1483                $default_settings['show_mins_remaining_in_error_msg'] = GUARDGIANT_DEFAULT_SHOW_MINS_REMAINING_IN_ERROR_MSG;
     1484                $default_settings['use_ip_address_geolocation'] = GUARDGIANT_DEFAULT_USE_IP_ADDRESS_GEOLOCATION;
     1485                $default_settings['disable_xmlrpc'] = GUARDGIANT_DEFAULT_DISABLE_XMLRPC;
     1486               
     1487                $default_settings['auto_detect_reverse_proxy'] = GUARDGIANT_AUTO_DETECT_REVERSE_PROXY_SETTINGS;
     1488               
     1489                $default_settings['reverse_proxy_trusted_header'] = GUARDGIANT_DEFAULT_REVERSE_PROXY_TRUSTED_HEADER;
     1490            case '2.1.0':
     1491            case '2.1.1':
     1492            case '2.2.0':
     1493            case '2.2.1':
     1494            case '2.2.2':
     1495                $default_settings['require_wordpress_api_auth'] = GUARDGIANT_DEFAULT_REQUIRE_WORDPRESS_API_AUTH;
     1496            case '2.2.3':
     1497            case '2.2.4':
     1498                $default_settings['delete_login_activity_records_from_db_after_days'] = GUARDGIANT_DELETE_LOGIN_ACTIVITY_RECORDS_FROM_DB_AFTER_DAYS;
     1499
     1500
     1501        }
     1502        update_option('guardgiant-settings',$default_settings);
     1503
     1504    }
     1505
    13991506}
    14001507

  • guardgiant/trunk/guardgiant.php

    r2655902 r2793604  
    1717 * Plugin URI:        https://www.guardgiant.com/
    1818 * Description:       Security plugin with 100% brute force protection that doesn't lock out genuine users.
    19  * Version:           2.2.4
     19 * Version:           2.2.5
    2020 * Author:            GuardGiant Brute Force Protection
    2121 * Author URI:        https://www.guardgiant.com/
     
    3232
    3333
    34 define( 'GUARDGIANT_VERSION', '2.2.4' );
     34define( 'GUARDGIANT_VERSION', '2.2.5' );
    3535
    3636// default settings

  • guardgiant/trunk/includes/class-guardgiant-activator.php

    r2655902 r2793604  
    8686
    8787        // Set up our default settings
     88        Guardgiant_Admin::apply_default_settings_if_needed();
     89
    8890       
    89        
    90        
    91        
    92         // if this is a new installation then we record install date etc
    93         $install_settings = get_option('guardgiant-install');
    94         if (!$install_settings) {
    95             $install_settings = array();
    96             $install_settings['orig_install_date'] = time();
    97             $install_settings['current_version'] = GUARDGIANT_VERSION;
    98             add_option('guardgiant-install',$install_settings);
    99             $prev_installed_version = 'none';
    100         } else {
    101             // make a note of previous installed version
    102             $prev_installed_version = $install_settings['current_version'];
    103             $install_settings['current_version'] = GUARDGIANT_VERSION;
    104             update_option('guardgiant-install',$install_settings);
    105         }
    106 
    107         // if this is a new installation then we need to put in some default settings
    108         $default_settings = get_option('guardgiant-settings');
    109         if (!$default_settings) {
    110             $prev_installed_version = 'none';
    111             $default_settings = array();
    112             add_option('guardgiant-settings',$default_settings);
    113         }
    114 
    115         switch ($prev_installed_version) {
    116             case 'none':
    117                 $default_settings['enable_blocking_of_ips_with_multiple_failed_login_attempts'] = GUARDGIANT_DEFAULT_ENABLE_BLOCKING_OF_IPS;
    118                 $default_settings['num_of_failed_logins_by_IP_before_mitigation_starts'] = GUARDGIANT_DEFAULT_NUM_OF_FAILED_LOGINS_BY_IP_BEFORE_MITIGATION_STARTS;
    119                 $default_settings['mins_to_block_ip'] = GUARDGIANT_DEFAULT_MINS_TO_BLOCK_IP;
    120                 $default_settings['block_IP_on_each_subsequent_failed_attempt'] = GUARDGIANT_DEFAULT_BLOCK_IP_ON_EACH_SUBSEQUENT_FAILED_ATTEMPT;
    121                 $default_settings['block_IP_on_each_subsequent_failed_attempt_mins'] = GUARDGIANT_DEFAULT_BLOCK_IP_ON_EACH_SUBSEQUENT_FAILED_ATTEMPT_MINS;
    122                 $default_settings['expire_ip_failed_logins_record'] = GUARDGIANT_DEFAULT_EXPIRE_IP_FAILED_LOGINS_RECORD;
    123                 $default_settings['expire_ip_failed_logins_record_in_hours'] = GUARDGIANT_DEFAULT_EXPIRE_IP_FAILED_LOGINS_RECORD_IN_HOURS;
    124                 $default_settings['reset_IP_failed_login_count_after_successful_login'] = GUARDGIANT_DEFAULT_RESET_IP_FAILED_LOGIN_COUNT_AFTER_SUCCESSFUL_LOGIN;
    125        
    126                 $default_settings['enable_lockout_of_users_with_multiple_failed_login_attempts'] = GUARDGIANT_DEFAULT_ENABLE_LOCKOUT_OF_USERS;
    127                 $default_settings['num_of_failed_logins_before_mitigation_starts'] = GUARDGIANT_DEFAULT_NUM_OF_FAILED_LOGINS_BEFORE_MITIGATION_STARTS;
    128                 $default_settings['mins_to_lockout_account'] = GUARDGIANT_DEFAULT_MINS_TO_LOCKOUT_ACCOUNT;
    129        
    130                 $default_settings['never_lockout_trusted_users'] = GUARDGIANT_DEFAULT_NEVER_LOCKOUT_TRUSTED_USERS;
    131                 $default_settings['notify_user_of_login_from_new_device'] = GUARDGIANT_DEFAULT_NOTIFY_USER_OF_LOGIN_FROM_NEW_DEVICE;
    132        
    133                 $default_settings['enable_login_captcha'] = GUARDGIANT_DEFAULT_ENABLE_LOGIN_CAPTCHA;
    134                 $default_settings['num_of_failed_logins_by_IP_before_captcha_shown'] = GUARDGIANT_DEFAULT_NUM_OF_FAILED_LOGINS_BY_IP_BEFORE_CAPTCHA_SHOWN;
    135        
    136                 $default_settings['whitelist_users'] = '';
    137                 $default_settings['whitelist_ip_addresses'] = '';
    138                 $default_settings['obfuscate_login_errors'] = GUARDGIANT_DEFAULT_OBFUSCATE_LOGIN_ERRORS;
    139                 $default_settings['show_mins_remaining_in_error_msg'] = GUARDGIANT_DEFAULT_SHOW_MINS_REMAINING_IN_ERROR_MSG;
    140                 $default_settings['use_ip_address_geolocation'] = GUARDGIANT_DEFAULT_USE_IP_ADDRESS_GEOLOCATION;
    141                 $default_settings['disable_xmlrpc'] = GUARDGIANT_DEFAULT_DISABLE_XMLRPC;
    142                
    143                 $default_settings['auto_detect_reverse_proxy'] = GUARDGIANT_AUTO_DETECT_REVERSE_PROXY_SETTINGS;
    144                
    145                 $default_settings['reverse_proxy_trusted_header'] = GUARDGIANT_DEFAULT_REVERSE_PROXY_TRUSTED_HEADER;
    146             case '2.1.0':
    147             case '2.1.1':
    148             case '2.2.0':
    149             case '2.2.1':
    150             case '2.2.2':
    151                 $default_settings['require_wordpress_api_auth'] = GUARDGIANT_DEFAULT_REQUIRE_WORDPRESS_API_AUTH;
    152 
    153         }
    154         update_option('guardgiant-settings',$default_settings);
    155 
    15691        // set up stats if required
    15792        $guardgiant_stats = get_option('guardgiant-stats');

  • guardgiant/trunk/includes/class-guardgiant-login-activity-log.php

    r2430406 r2793604  
    179179        global $wpdb;
    180180
    181         $time_difference = time() - (GUARDGIANT_DELETE_LOGIN_ACTIVITY_RECORDS_FROM_DB_AFTER_DAYS * 86400);  // 86400 = seconds in 1 day
    182        
    183         $tablename = $wpdb->prefix."guardgiant_login_activity_log";
    184         $query = $wpdb->prepare("DELETE FROM {$tablename} WHERE attempt_time < %d " , $time_difference);
    185         $wpdb->query($query);
    186 
     181        $settings = get_option( 'guardgiant-settings' );
     182        if (isset($settings['delete_login_activity_records_from_db_after_days']))
     183            $delete_after_days = $settings['delete_login_activity_records_from_db_after_days'];
     184        else
     185            $delete_after_days = GUARDGIANT_DEFAULT_ITEMS_PER_PAGE_ON_ACTIVITY_LOG;
     186
     187        // sanity check before we do it...
     188        if ( ($delete_after_days >= 1) && ($delete_after_days <= 36500) )
     189        {
     190            $time_difference = time() - ($delete_after_days * 86400);   // 86400 = seconds in 1 day
     191           
     192            $tablename = $wpdb->prefix."guardgiant_login_activity_log";
     193            $query = $wpdb->prepare("DELETE FROM {$tablename} WHERE attempt_time < %d " , $time_difference);
     194            $wpdb->query($query);
     195        }
    187196    }
    188197

  • guardgiant/trunk/public/class-guardgiant-public.php

    r2655902 r2793604  
    203203     *
    204204     */
    205     public function wp_login_failed( $username , $error) {
    206        
     205    public function wp_login_failed( $username , $error = null ) {
     206       
     207        if (!$error) {
     208            $error = new WP_Error('unknown_error', __('Unknown error','guardgiant'));
     209            }
     210
    207211        if ($error->get_error_code() == 'expired_session')
    208212            return;     // we dont need to do anything
     
    230234        // We DONT need to enforce any counter measures if:
    231235        // 1) The user is in the 'user' whitelist OR
    232         // 2) The ip address is in the 'ip_address' whitelist or
     236        // 2) The ip address is in the 'ip_address' whitelist
    233237        $enforce_counter_measures = TRUE;
    234238        if  ( ($remote_ip_address) && (Guardgiant::is_ip_in_whitelist($remote_ip_address,$settings[ 'whitelist_ip_addresses' ])) )
Note: See TracChangeset for help on using the changeset viewer.