Changeset 3395378
- Timestamp:
- 11/13/2025 10:44:37 PM (5 months ago)
- Location:
- fuerte-wp/trunk
- Files:
-
- 11 edited
-
. (modified) (1 prop)
-
CHANGELOG.md (modified) (1 diff)
-
README.txt (modified) (2 diffs)
-
SECURITY.md (modified) (1 diff)
-
admin/class-fuerte-wp-admin.php (modified) (3 diffs)
-
fuerte-wp.php (modified) (2 diffs)
-
includes/class-fuerte-wp-activator.php (modified) (1 diff)
-
includes/class-fuerte-wp-enforcer.php (modified) (5 diffs)
-
includes/class-fuerte-wp-ip-manager.php (modified) (1 diff)
-
includes/class-fuerte-wp-login-logger.php (modified) (1 diff)
-
includes/class-fuerte-wp-login-manager.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
fuerte-wp/trunk
- Property svn:ignore
-
fuerte-wp/trunk/CHANGELOG.md
r3395361 r3395378 1 1 # Changelog 2 2 3 # 1.7. 0/ 2025-11-133 # 1.7.1 / 2025-11-13 4 4 - Added comprehensive Login Security system with rate limiting and IP lockout functionality. 5 5 - Implemented failed login attempt tracking with configurable thresholds and lockout durations. -
fuerte-wp/trunk/README.txt
r3395361 r3395378 2 2 Contributors: tcattd 3 3 Tags: security, login, protection, admin, brute-force, GDPR, privacy, access-control, multisite 4 Stable tag: 1.7. 04 Stable tag: 1.7.1 5 5 Requires at least: 6.0 6 6 Tested up to: 6.9 … … 107 107 == Frequently Asked Questions == 108 108 109 = Is this plugin safe for beginners? =110 Absolutely! Fuerte-WP is designed with smart defaults. Simply install, add yourself as a super user, and you're protected. Advanced features are optional.109 = Where is the FAQ? = 110 You can [read the full FAQ at GitHub](https://github.com/EstebanForge/Fuerte-WP/blob/master/FAQ.md). 111 111 112 = Will this slow down my website? =113 No! Fuerte-WP is optimized for performance with intelligent caching and background processing. You won't notice any speed difference.112 = Suggestions, Support? = 113 Please, open [a discussion](https://github.com/EstebanForge/Fuerte-WP/discussions). 114 114 115 = What if I get locked out? =116 Super users can never be locked out. Always add your email to the Super Users list immediately after installation.115 = Found a Bug or Error? = 116 Please, open [an issue](https://github.com/EstebanForge/Fuerte-WP/issues). 117 117 118 = Does this work with multisite networks? =119 Yes! Fuerte-WP is fully compatible with WordPress multisite installations and can be network-activated.120 121 = Can other administrators disable this plugin? =122 No! Fuerte-WP self-protects and can only be disabled by super users or users with server access (FTP, SSH, etc.).123 124 = Is GDPR compliance included? =125 Yes! Built-in privacy notices and logging help with GDPR compliance requirements.126 127 = Do I need technical knowledge? =128 Basic WordPress knowledge is sufficient. The interface is intuitive with helpful explanations for every feature.129 130 = What about support? =131 We offer excellent support through GitHub discussions. Documentation and FAQs are available for self-help.132 133 = Is my login URL really hidden? =134 Yes! Your wp-login.php becomes inaccessible, and attackers are redirected away from your site.135 136 = Can I customize the restrictions? =137 Absolutely! Every security feature can be customized to fit your specific needs.138 139 = What if I forget my custom login URL? =140 Super users can still access wp-admin directly. Always keep your super user email safe!141 118 142 119 == Screenshots == 143 120 144 1. **Security Dashboard** - Real-time monitoring of login attempts and security events 145 2. **Login Security Settings** - Configure custom login URLs and protection settings 146 3. **Super User Configuration** - Manage who has full access to your WordPress site 147 4. **Access Control Panel** - Customize restrictions for different administrator roles 148 5. **Live Attack Monitoring** - Watch security events unfold in real-time 149 6. **GDPR Compliance Settings** - Configure privacy notices and compliance features 121 1. Main options page. 122 2. Emails configuration. 123 3. Restrictions. 124 4. Advanced restrictions. 150 125 151 126 == Changelog == 152 127 153 = 1.7.0 / 2025-11-06 = 154 🚀 **MAJOR SECURITY UPDATE** 128 [Check the changelog at GitHub](https://github.com/EstebanForge/Fuerte-WP/blob/master/CHANGELOG.md). 155 129 156 **NEW LOGIN SECURITY FEATURES:**157 - ✨ **Login URL Hiding** - Hide wp-login.php and wp-admin from attackers158 - ✨ **Custom Login URLs** - Use pretty URLs or query parameters for login159 - ✨ **Brute-Force Protection** - Rate limiting and automatic IP lockouts160 - ✨ **Real-Time Monitoring** - Live dashboard showing login attempts161 - ✨ **GDPR Privacy Notices** - Customizable compliance messages162 - ✨ **Attack Logging** - Comprehensive security event logging163 - ✨ **Export Capabilities** - Download security data for analysis164 165 **ENHANCEMENTS:**166 - 🔧 Improved admin interface with better organization167 - 🔧 Enhanced configuration caching for better performance168 - 🔧 Better multisite compatibility169 - 🔧 Optimized database queries and logging170 - 🔧 Updated user interface with clearer security indicators171 172 **SECURITY IMPROVEMENTS:**173 - 🛡️ Added hidden field validation for login forms174 - 🛡️ Enhanced CSRF protection mechanisms175 - 🛡️ Improved IP detection and blocking176 - 🛡️ Better handling of proxy and CDN configurations177 - 🛡️ Strengthened protection against automated attacks178 179 **BUG FIXES:**180 - 🐛 Fixed GDPR message display duplication181 - 🐛 Resolved configuration caching issues182 - 🐛 Fixed redirect handling for custom login URLs183 - 🐛 Improved compatibility with various hosting environments184 - 🐛 Enhanced error handling and logging185 186 Previous changelog entries available at [GitHub](https://github.com/EstebanForge/Fuerte-WP/blob/master/CHANGELOG.md).187 188 == Upgrade Notice ==189 190 = 1.7.0 =191 🚨 **MAJOR SECURITY UPGRADE** - This release adds powerful new login security features! After upgrading, please visit Settings > Fuerte-WP to configure your custom login URL and review the new security features. Your WordPress site will be more secure than ever before! -
fuerte-wp/trunk/SECURITY.md
r3395361 r3395378 5 5 | Version | Supported | 6 6 | ------- | ------------------ | 7 | 1.7. 0| :white_check_mark: |8 | <1.7. 0| :x: |7 | 1.7.1 | :white_check_mark: | 8 | <1.7.1 | :x: | 9 9 10 10 ## Reporting a Vulnerability -
fuerte-wp/trunk/admin/class-fuerte-wp-admin.php
r3395361 r3395378 19 19 * @author Esteban Cuevas <esteban@attitude.cl> 20 20 */ 21 22 // No access outside WP 23 defined('ABSPATH') || die(); 24 25 // Ensure Carbon Fields functions are available 26 require_once FUERTEWP_PATH . 'vendor/htmlburger/carbon-fields/core/functions.php'; 27 21 28 class Fuerte_Wp_Admin 22 29 { … … 81 88 { 82 89 global $fuertewp; 90 91 // Early exit if not a super admin - fallback capability check for migration compatibility 92 if (!current_user_can('manage_options')) { 93 return; 94 } 83 95 84 96 /* … … 1226 1238 $super_users = carbon_get_theme_option('fuertewp_super_users'); 1227 1239 1240 // Normalize to array format for consistency 1241 if (is_string($super_users) && !empty($super_users)) { 1242 $super_users = [$super_users]; 1243 } 1244 1228 1245 if (empty($super_users) || !is_array($super_users)) { 1229 1246 // No users at all. Add current_user back as super user 1230 1247 carbon_set_theme_option( 1231 1248 'fuertewp_super_users', 1232 $current_user->user_email,1249 [$current_user->user_email], 1233 1250 ); 1234 1251 } else { -
fuerte-wp/trunk/fuerte-wp.php
r3395361 r3395378 6 6 * Plugin URI: https://github.com/EstebanForge/Fuerte-WP 7 7 * Description: Stronger WP. Limit access to critical WordPress areas, even other for admins. 8 * Version: 1.7. 08 * Version: 1.7.1 9 9 * Author: Esteban Cuevas 10 10 * Author URI: https://actitud.xyz … … 164 164 $super_users = carbon_get_theme_option('fuertewp_super_users'); 165 165 166 if (empty($super_users) || !is_array($super_users)) {166 if (empty($super_users)) { 167 167 $current_user = wp_get_current_user(); 168 168 169 169 if ($current_user && $current_user->ID > 0 && current_user_can('manage_options')) { 170 // Add current user as super user 170 // Add current user as super user - store as array for consistency 171 171 carbon_set_theme_option('fuertewp_super_users', [$current_user->user_email]); 172 172 } -
fuerte-wp/trunk/includes/class-fuerte-wp-activator.php
r3395361 r3395378 10 10 // No access outside WP 11 11 defined('ABSPATH') || die(); 12 13 // Ensure Carbon Fields functions are available 14 require_once FUERTEWP_PATH . 'vendor/htmlburger/carbon-fields/core/functions.php'; 12 15 13 16 /** -
fuerte-wp/trunk/includes/class-fuerte-wp-enforcer.php
r3395361 r3395378 13 13 defined('ABSPATH') || die(); 14 14 15 // Ensure Carbon Fields functions are available 16 require_once FUERTEWP_PATH . 'vendor/htmlburger/carbon-fields/core/functions.php'; 17 15 18 /** 16 19 * Main Fuerte-WP Class. … … 73 76 74 77 // Check if super users are already configured (check this first to avoid unnecessary work) 75 $super_users = get_option('_fuertewp_super_users', ''); 76 if (!empty($super_users)) { 78 $existing_super_users = carbon_get_theme_option('fuertewp_super_users'); 79 80 if (!empty($existing_super_users)) { 77 81 return; // Super users already configured 78 82 } … … 90 94 // Import super users from file to database 91 95 $first_super_user = reset($file_config['super_users']); 92 update_option('_fuertewp_super_users', $first_super_user);96 carbon_set_theme_option('fuertewp_super_users', $first_super_user); 93 97 Fuerte_Wp_Logger::info('Super users imported from file: ' . $first_super_user); 94 98 return; … … 99 103 $current_user = wp_get_current_user(); 100 104 if ($current_user && $current_user->ID > 0 && current_user_can('manage_options')) { 101 update_option('_fuertewp_super_users', $current_user->user_email); 102 103 // Also set plugin status if not already set 104 if (get_option('_fuertewp_status') === false) { 105 update_option('_fuertewp_status', 'enabled'); 105 // Store as string for backward compatibility 106 carbon_set_theme_option('fuertewp_super_users', $current_user->user_email); 107 108 // Also set plugin status if not already set using Carbon Fields 109 $status = carbon_get_theme_option('fuertewp_status'); 110 if (empty($status)) { 111 carbon_set_theme_option('fuertewp_status', 'enabled'); 106 112 } 107 113 … … 551 557 if (function_exists('carbon_get_theme_option')) { 552 558 $options['fuertewp_status'] = carbon_get_theme_option('fuertewp_status'); 553 $options[' _fuertewp_super_users'] = carbon_get_theme_option('fuertewp_super_users');559 $options['super_users'] = carbon_get_theme_option('fuertewp_super_users'); 554 560 $options['fuertewp_access_denied_message'] = carbon_get_theme_option('fuertewp_access_denied_message'); 555 561 $options['fuertewp_recovery_email'] = carbon_get_theme_option('fuertewp_recovery_email'); -
fuerte-wp/trunk/includes/class-fuerte-wp-ip-manager.php
r3395361 r3395378 18 18 // Load the helper class 19 19 require_once FUERTEWP_PATH . 'includes/class-fuerte-wp-helper.php'; 20 21 // Ensure Carbon Fields functions are available 22 require_once FUERTEWP_PATH . 'vendor/htmlburger/carbon-fields/core/functions.php'; 20 23 21 24 /** -
fuerte-wp/trunk/includes/class-fuerte-wp-login-logger.php
r3395361 r3395378 15 15 // No access outside WP 16 16 defined('ABSPATH') || die(); 17 18 // Ensure Carbon Fields functions are available 19 require_once FUERTEWP_PATH . 'vendor/htmlburger/carbon-fields/core/functions.php'; 17 20 18 21 /** -
fuerte-wp/trunk/includes/class-fuerte-wp-login-manager.php
r3395361 r3395378 15 15 // No access outside WP 16 16 defined('ABSPATH') || die(); 17 18 // Ensure Carbon Fields functions are available 19 require_once FUERTEWP_PATH . 'vendor/htmlburger/carbon-fields/core/functions.php'; 17 20 18 21 /**
Note: See TracChangeset
for help on using the changeset viewer.