Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3453596

Timestamp:

02/04/2026 08:17:27 AM (5 weeks ago)

Author:

basecloud

Message:

Update to version 1.3.0 from GitHub

Location:

basecloud-shield

Files:

: 6 edited
: 1 copied

tags/1.3.0 (copied) (copied from basecloud-shield/trunk)
tags/1.3.0/CHANGELOG.md (modified) (1 diff)
tags/1.3.0/basecloud-shield.php (modified) (8 diffs)
tags/1.3.0/readme.txt (modified) (2 diffs)
trunk/CHANGELOG.md (modified) (1 diff)
trunk/basecloud-shield.php (modified) (8 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

basecloud-shield/tags/1.3.0/CHANGELOG.md

-                      r3452630
+                      r3453596
 All notable changes to BaseCloud Shield will be documented in this file.
+## [1.3.0] - 2026-02-04
+### 🎯 New Features: Advanced IP Management
+- **IP Whitelist**: Add trusted IPs that bypass all lockout and rate limiting
+  - Support for exact IPs (e.g., `169.0.79.28`)
+  - Support for wildcards (e.g., `192.168.*.*`)
+  - Support for CIDR notation (e.g., `10.0.0.0/24`)
+  - Current IP displayed for easy whitelisting
+  - Multiple IPs supported (one per line)
+- **IP Blacklist**: Permanently block malicious IPs from accessing your site
+  - Immediate denial of access for blacklisted IPs
+  - Same flexible format support as whitelist
+- **Manual IP Unlock**: Real-time IP lockout management
+  - View all currently locked IPs in admin panel
+  - See time remaining until auto-unlock
+  - One-click manual unlock button
+  - Audit trail logging for all manual unlocks
+### 🛡️ Security Improvements
+- Whitelisted IPs now bypass both lockout checks and rate limiting
+- Blacklist check occurs before any authentication processing
+- Enhanced security event logging for whitelist/blacklist activities
+- Admin AJAX endpoint with proper nonce verification for IP unlocking
+### 🎨 UI/UX Enhancements
+- New "Security Controls" section in admin settings
+- Real-time display of locked IPs with countdown timers
+- Improved admin interface with color-coded IP status indicators
+- Current user IP prominently displayed for convenience
 ## [1.2.8] - 2026-02-03

basecloud-shield/tags/1.3.0/basecloud-shield.php

-                      r3452630
+                      r3453596
  * Plugin Name:       BaseCloud Shield
  * Description:       Enterprise-grade 2FA security. Supports Central Manager Notifications, WP Email, SendGrid, WhatsApp, SMS, and Webhooks.
  * Version:           1.2.8
+ * Version:           1.3.0
  * Author:            BaseCloud Team
  * Author URI:        https://www.basecloudglobal.com/
 …
 if (!defined('ABSPATH')) { exit; }
 define('BCSHIELD_VERSION', '1.2.8');
+define('BCSHIELD_VERSION', '1.3.0');
 define('BCSHIELD_MAX_ATTEMPTS', 5);
 define('BCSHIELD_LOCKOUT_DURATION', 900);
 …
         add_action('init', array($this, 'render_otp_form'));
         add_action('wp_enqueue_scripts', array($this, 'enqueue_frontend_styles'));
+        // AJAX handlers
+        add_action('wp_ajax_bcshield_unlock_ip', array($this, 'ajax_unlock_ip'));
+    }
 …
         $clean['otp_validity'] = max(1, min(30, intval($input['otp_validity'] ?? 10)));
+        // Security Controls - Whitelist/Blacklist
+        $clean['whitelist_ips'] = sanitize_textarea_field($input['whitelist_ips'] ?? '');
+        $clean['blacklist_ips'] = sanitize_textarea_field($input['blacklist_ips'] ?? '');
         return $clean;
+    }
 …
         $user_agent = $this->get_user_agent();
+        // Security: Check if IP is locked out due to too many failed attempts
+        if ($this->is_ip_locked_out($client_ip)) {
+        // Security: Check if IP is blacklisted
+        if ($this->is_ip_blacklisted($client_ip, $opts)) {
+            $this->log_security_event('blacklist_block', $user->ID, $client_ip, 'Access denied - IP is blacklisted');
+            return new WP_Error('ip_blacklisted', 'Access denied. Your IP has been blocked.');
+        }
+        // Security: Check if IP is whitelisted (skip lockout checks)
+        $is_whitelisted = $this->is_ip_whitelisted($client_ip, $opts);
+        // Security: Check if IP is locked out due to too many failed attempts (skip if whitelisted)
+        if (!$is_whitelisted && $this->is_ip_locked_out($client_ip)) {
             $this->log_security_event('ip_lockout', $user->ID, $client_ip, 'IP locked out due to multiple failed attempts');
             return new WP_Error('ip_locked', 'Too many failed attempts. Please try again later.');
+        }
         // Security: Rate limit OTP generation per user
         if ($this->is_otp_rate_limited($user->ID, $client_ip)) {
+        // Security: Rate limit OTP generation per user (skip if whitelisted)
+        if (!$is_whitelisted && $this->is_otp_rate_limited($user->ID, $client_ip)) {
             $this->log_security_event('rate_limited', $user->ID, $client_ip, 'OTP generation rate limited');
             return new WP_Error('rate_limited', 'Too many OTP requests. Please wait before trying again.');
 …
+    }
+    private function is_ip_whitelisted($ip, $opts) {
+        if (empty($opts['whitelist_ips'])) return false;
+        $whitelist = array_filter(array_map('trim', explode("\n", $opts['whitelist_ips'])));
+        foreach ($whitelist as $whitelisted_ip) {
+            // Support CIDR notation and wildcards
+            if ($this->ip_matches($ip, $whitelisted_ip)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    private function is_ip_blacklisted($ip, $opts) {
+        if (empty($opts['blacklist_ips'])) return false;
+        $blacklist = array_filter(array_map('trim', explode("\n", $opts['blacklist_ips'])));
+        foreach ($blacklist as $blacklisted_ip) {
+            if ($this->ip_matches($ip, $blacklisted_ip)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    private function ip_matches($ip, $pattern) {
+        // Exact match
+        if ($ip === $pattern) return true;
+        // Wildcard match (e.g., 192.168.*.*)
+        $pattern_regex = '/^' . str_replace(['*', '.'], ['[0-9]+', '\.'], $pattern) . '$/';
+        if (preg_match($pattern_regex, $ip)) return true;
+        // CIDR match (e.g., 192.168.1.0/24)
+        if (strpos($pattern, '/') !== false) {
+            list($subnet, $mask) = explode('/', $pattern);
+            $ip_long = ip2long($ip);
+            $subnet_long = ip2long($subnet);
+            $mask_long = -1 << (32 - (int)$mask);
+            return ($ip_long & $mask_long) === ($subnet_long & $mask_long);
+        }
+        return false;
+    }
+    private function get_locked_ips() {
+        global $wpdb;
+        $locked = array();
+        // Get all transients that match lockout pattern
+        $results = $wpdb->get_results(
+            "SELECT option_name, option_value FROM $wpdb->options WHERE option_name LIKE '_transient_timeout_bcshield_lockout_%'"
+        );
+        foreach ($results as $row) {
+            $timeout = (int)$row->option_value;
+            if ($timeout > time()) {
+                // Extract IP hash from transient name
+                $ip_hash = str_replace('_transient_timeout_bcshield_lockout_', '', $row->option_name);
+                $remaining = $timeout - time();
+                $locked[] = array(
+                    'ip_hash' => $ip_hash,
+                    'expires_in' => $remaining,
+                    'expires_at' => date('Y-m-d H:i:s', $timeout)
+                );
+            }
+        }
+        return $locked;
+    }
+    private function unlock_ip($ip_hash) {
+        delete_transient('bcshield_lockout_' . $ip_hash);
+    }
     private function log_security_event($event_type, $user_id, $ip, $details) {
         $log_entry = array(
 …
                     </div>
+                    <!-- Security Controls -->
+                    <div class="bc-section-title">🛡️ Security Controls</div>
+                    <div class="bc-row">
+                        <div class="bc-label">
+                            <strong>IP Whitelist</strong>
+                            <span>Trusted IPs that bypass lockout and rate limiting (one per line). Supports wildcards (192.168.*.*) and CIDR (192.168.1.0/24)</span>
+                        </div>
+                        <textarea class="bc-input bc-input-full" name="<?php echo $this->option_name; ?>[whitelist_ips]" rows="5" placeholder="<?php echo esc_attr($this->get_client_ip()); ?>&#10;192.168.1.*&#10;10.0.0.0/24"><?php echo esc_textarea($opts['whitelist_ips'] ?? ''); ?></textarea>
+                        <div style="margin-top: 10px; padding: 10px; background: rgba(75, 196, 106, 0.1); border-left: 3px solid var(--bc-green); border-radius: 4px; font-size: 13px;">
+                            <strong>Your current IP:</strong> <?php echo esc_html($this->get_client_ip()); ?>
+                        </div>
+                    </div>
+                    <div class="bc-row">
+                        <div class="bc-label">
+                            <strong>IP Blacklist</strong>
+                            <span>Blocked IPs that are denied access immediately (one per line)</span>
+                        </div>
+                        <textarea class="bc-input bc-input-full" name="<?php echo $this->option_name; ?>[blacklist_ips]" rows="5" placeholder="123.45.67.89&#10;98.76.54.*&#10;"><?php echo esc_textarea($opts['blacklist_ips'] ?? ''); ?></textarea>
+                    </div>
+                    <div class="bc-row">
+                        <div class="bc-label">
+                            <strong>Currently Locked IPs</strong>
+                            <span>IPs that are temporarily locked due to failed attempts</span>
+                        </div>
+                        <div id="locked-ips-list" style="margin-top: 10px;">
+                            <?php
+                            $locked_ips = $this->get_locked_ips();
+                            if (empty($locked_ips)) {
+                                echo '<p style="color: rgba(255,255,255,0.5); font-style: italic;">No IPs currently locked</p>';
+                            } else {
+                                foreach ($locked_ips as $locked) {
+                                    $minutes = ceil($locked['expires_in'] / 60);
+                                    echo '<div class="locked-ip-item" data-hash="' . esc_attr($locked['ip_hash']) . '" style="background: rgba(231, 76, 60, 0.1); padding: 12px; margin-bottom: 8px; border-radius: 6px; display: flex; justify-content: space-between; align-items: center; border-left: 3px solid #e74c3c;">';
+                                    echo '<div>';
+                                    echo '<strong style="font-family: monospace; color: #e74c3c;">IP Hash: ' . esc_html(substr($locked['ip_hash'], 0, 16)) . '...</strong><br>';
+                                    echo '<span style="font-size: 12px; opacity: 0.8;">Unlocks in ' . $minutes . ' minute(s) | ' . esc_html($locked['expires_at']) . '</span>';
+                                    echo '</div>';
+                                    echo '<button type="button" class="unlock-ip-btn" data-hash="' . esc_attr($locked['ip_hash']) . '" style="background: var(--bc-green); color: #0f2c52; border: none; padding: 8px 16px; border-radius: 6px; cursor: pointer; font-weight: 600; font-size: 13px;">Unlock Now</button>';
+                                    echo '</div>';
+                                }
+                            }
+                            ?>
+                        </div>
+                    </div>
                     <!-- General Settings -->
                     <div class="bc-section-title">⚙️ General Settings</div>
 …
                 $('input[name="<?php echo $this->option_name; ?>[delivery_methods][]"]').on('change', toggleDeliveryConfigs);
                 toggleDeliveryConfigs();
+                // Unlock IP functionality
+                $(document).on('click', '.unlock-ip-btn', function(e) {
+                    e.preventDefault();
+                    const btn = $(this);
+                    const ipHash = btn.data('hash');
+                    const container = btn.closest('.locked-ip-item');
+                    if (!confirm('Are you sure you want to unlock this IP?')) return;
+                    btn.prop('disabled', true).text('Unlocking...');
+                    $.ajax({
+                        url: ajaxurl,
+                        type: 'POST',
+                        data: {
+                            action: 'bcshield_unlock_ip',
+                            nonce: '<?php echo wp_create_nonce('bcshield_unlock_nonce'); ?>',
+                            ip_hash: ipHash
+                        },
+                        success: function(response) {
+                            if (response.success) {
+                                container.fadeOut(300, function() {
+                                    $(this).remove();
+                                    if ($('.locked-ip-item').length === 0) {
+                                        $('#locked-ips-list').html('<p style="color: rgba(255,255,255,0.5); font-style: italic;">No IPs currently locked</p>');
+                                    }
+                                });
+                            } else {
+                                alert('Failed to unlock IP: ' + response.data);
+                                btn.prop('disabled', false).text('Unlock Now');
+                            }
+                        },
+                        error: function() {
+                            alert('Error unlocking IP. Please try again.');
+                            btn.prop('disabled', false).text('Unlock Now');
+                        }
+                    });
+                });
             });
         })(jQuery);

basecloud-shield/tags/1.3.0/readme.txt

-                      r3452630
+                      r3453596
 Requires at least: 5.0
 Tested up to: 6.9
 Stable tag: 1.2.8
+Stable tag: 1.3.0
 Requires PHP: 7.4
 License: GPLv2 or later
 …
 == Changelog ==
+= 1.3.0 =
+**Release Update**
+• Bug fixes and improvements
+• Updated version for deployment
+= 1.3.0 =
+**Advanced IP Management & Security Controls**
+**NEW FEATURES:**
+• IP Whitelist: Add trusted IPs that bypass lockout and rate limiting
+  - Support for exact IPs (169.0.79.28)
+  - Support for wildcards (192.168.*.*)
+  - Support for CIDR notation (10.0.0.0/24)
+  - Current IP displayed for easy whitelisting
+• IP Blacklist: Permanently block malicious IPs from accessing site
+• Manual IP Unlock: Real-time lockout management
+  - View all currently locked IPs in admin panel
+  - See countdown timers for auto-unlock
+  - One-click manual unlock button
+  - Audit trail for all unlock actions
+**SECURITY IMPROVEMENTS:**
+• Whitelisted IPs bypass all lockout checks and rate limiting
+• Blacklist check occurs before authentication processing
+• Enhanced logging for whitelist/blacklist activities
+• Secure AJAX endpoint for IP unlock with nonce verification
+**UI/UX ENHANCEMENTS:**
+• New "Security Controls" section in admin settings
+• Real-time locked IP display with status indicators
+• Color-coded security interface
+• Improved admin panel organization
 = 1.2.8 =

basecloud-shield/trunk/CHANGELOG.md

-                      r3452630
+                      r3453596
 All notable changes to BaseCloud Shield will be documented in this file.
+## [1.3.0] - 2026-02-04
+### 🎯 New Features: Advanced IP Management
+- **IP Whitelist**: Add trusted IPs that bypass all lockout and rate limiting
+  - Support for exact IPs (e.g., `169.0.79.28`)
+  - Support for wildcards (e.g., `192.168.*.*`)
+  - Support for CIDR notation (e.g., `10.0.0.0/24`)
+  - Current IP displayed for easy whitelisting
+  - Multiple IPs supported (one per line)
+- **IP Blacklist**: Permanently block malicious IPs from accessing your site
+  - Immediate denial of access for blacklisted IPs
+  - Same flexible format support as whitelist
+- **Manual IP Unlock**: Real-time IP lockout management
+  - View all currently locked IPs in admin panel
+  - See time remaining until auto-unlock
+  - One-click manual unlock button
+  - Audit trail logging for all manual unlocks
+### 🛡️ Security Improvements
+- Whitelisted IPs now bypass both lockout checks and rate limiting
+- Blacklist check occurs before any authentication processing
+- Enhanced security event logging for whitelist/blacklist activities
+- Admin AJAX endpoint with proper nonce verification for IP unlocking
+### 🎨 UI/UX Enhancements
+- New "Security Controls" section in admin settings
+- Real-time display of locked IPs with countdown timers
+- Improved admin interface with color-coded IP status indicators
+- Current user IP prominently displayed for convenience
 ## [1.2.8] - 2026-02-03

basecloud-shield/trunk/basecloud-shield.php

-                      r3452630
+                      r3453596
  * Plugin Name:       BaseCloud Shield
  * Description:       Enterprise-grade 2FA security. Supports Central Manager Notifications, WP Email, SendGrid, WhatsApp, SMS, and Webhooks.
  * Version:           1.2.8
+ * Version:           1.3.0
  * Author:            BaseCloud Team
  * Author URI:        https://www.basecloudglobal.com/
 …
 if (!defined('ABSPATH')) { exit; }
 define('BCSHIELD_VERSION', '1.2.8');
+define('BCSHIELD_VERSION', '1.3.0');
 define('BCSHIELD_MAX_ATTEMPTS', 5);
 define('BCSHIELD_LOCKOUT_DURATION', 900);
 …
         add_action('init', array($this, 'render_otp_form'));
         add_action('wp_enqueue_scripts', array($this, 'enqueue_frontend_styles'));
+        // AJAX handlers
+        add_action('wp_ajax_bcshield_unlock_ip', array($this, 'ajax_unlock_ip'));
+    }
 …
         $clean['otp_validity'] = max(1, min(30, intval($input['otp_validity'] ?? 10)));
+        // Security Controls - Whitelist/Blacklist
+        $clean['whitelist_ips'] = sanitize_textarea_field($input['whitelist_ips'] ?? '');
+        $clean['blacklist_ips'] = sanitize_textarea_field($input['blacklist_ips'] ?? '');
         return $clean;
+    }
 …
         $user_agent = $this->get_user_agent();
+        // Security: Check if IP is locked out due to too many failed attempts
+        if ($this->is_ip_locked_out($client_ip)) {
+        // Security: Check if IP is blacklisted
+        if ($this->is_ip_blacklisted($client_ip, $opts)) {
+            $this->log_security_event('blacklist_block', $user->ID, $client_ip, 'Access denied - IP is blacklisted');
+            return new WP_Error('ip_blacklisted', 'Access denied. Your IP has been blocked.');
+        }
+        // Security: Check if IP is whitelisted (skip lockout checks)
+        $is_whitelisted = $this->is_ip_whitelisted($client_ip, $opts);
+        // Security: Check if IP is locked out due to too many failed attempts (skip if whitelisted)
+        if (!$is_whitelisted && $this->is_ip_locked_out($client_ip)) {
             $this->log_security_event('ip_lockout', $user->ID, $client_ip, 'IP locked out due to multiple failed attempts');
             return new WP_Error('ip_locked', 'Too many failed attempts. Please try again later.');
+        }
         // Security: Rate limit OTP generation per user
         if ($this->is_otp_rate_limited($user->ID, $client_ip)) {
+        // Security: Rate limit OTP generation per user (skip if whitelisted)
+        if (!$is_whitelisted && $this->is_otp_rate_limited($user->ID, $client_ip)) {
             $this->log_security_event('rate_limited', $user->ID, $client_ip, 'OTP generation rate limited');
             return new WP_Error('rate_limited', 'Too many OTP requests. Please wait before trying again.');
 …
+    }
+    private function is_ip_whitelisted($ip, $opts) {
+        if (empty($opts['whitelist_ips'])) return false;
+        $whitelist = array_filter(array_map('trim', explode("\n", $opts['whitelist_ips'])));
+        foreach ($whitelist as $whitelisted_ip) {
+            // Support CIDR notation and wildcards
+            if ($this->ip_matches($ip, $whitelisted_ip)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    private function is_ip_blacklisted($ip, $opts) {
+        if (empty($opts['blacklist_ips'])) return false;
+        $blacklist = array_filter(array_map('trim', explode("\n", $opts['blacklist_ips'])));
+        foreach ($blacklist as $blacklisted_ip) {
+            if ($this->ip_matches($ip, $blacklisted_ip)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    private function ip_matches($ip, $pattern) {
+        // Exact match
+        if ($ip === $pattern) return true;
+        // Wildcard match (e.g., 192.168.*.*)
+        $pattern_regex = '/^' . str_replace(['*', '.'], ['[0-9]+', '\.'], $pattern) . '$/';
+        if (preg_match($pattern_regex, $ip)) return true;
+        // CIDR match (e.g., 192.168.1.0/24)
+        if (strpos($pattern, '/') !== false) {
+            list($subnet, $mask) = explode('/', $pattern);
+            $ip_long = ip2long($ip);
+            $subnet_long = ip2long($subnet);
+            $mask_long = -1 << (32 - (int)$mask);
+            return ($ip_long & $mask_long) === ($subnet_long & $mask_long);
+        }
+        return false;
+    }
+    private function get_locked_ips() {
+        global $wpdb;
+        $locked = array();
+        // Get all transients that match lockout pattern
+        $results = $wpdb->get_results(
+            "SELECT option_name, option_value FROM $wpdb->options WHERE option_name LIKE '_transient_timeout_bcshield_lockout_%'"
+        );
+        foreach ($results as $row) {
+            $timeout = (int)$row->option_value;
+            if ($timeout > time()) {
+                // Extract IP hash from transient name
+                $ip_hash = str_replace('_transient_timeout_bcshield_lockout_', '', $row->option_name);
+                $remaining = $timeout - time();
+                $locked[] = array(
+                    'ip_hash' => $ip_hash,
+                    'expires_in' => $remaining,
+                    'expires_at' => date('Y-m-d H:i:s', $timeout)
+                );
+            }
+        }
+        return $locked;
+    }
+    private function unlock_ip($ip_hash) {
+        delete_transient('bcshield_lockout_' . $ip_hash);
+    }
     private function log_security_event($event_type, $user_id, $ip, $details) {
         $log_entry = array(
 …
                     </div>
+                    <!-- Security Controls -->
+                    <div class="bc-section-title">🛡️ Security Controls</div>
+                    <div class="bc-row">
+                        <div class="bc-label">
+                            <strong>IP Whitelist</strong>
+                            <span>Trusted IPs that bypass lockout and rate limiting (one per line). Supports wildcards (192.168.*.*) and CIDR (192.168.1.0/24)</span>
+                        </div>
+                        <textarea class="bc-input bc-input-full" name="<?php echo $this->option_name; ?>[whitelist_ips]" rows="5" placeholder="<?php echo esc_attr($this->get_client_ip()); ?>&#10;192.168.1.*&#10;10.0.0.0/24"><?php echo esc_textarea($opts['whitelist_ips'] ?? ''); ?></textarea>
+                        <div style="margin-top: 10px; padding: 10px; background: rgba(75, 196, 106, 0.1); border-left: 3px solid var(--bc-green); border-radius: 4px; font-size: 13px;">
+                            <strong>Your current IP:</strong> <?php echo esc_html($this->get_client_ip()); ?>
+                        </div>
+                    </div>
+                    <div class="bc-row">
+                        <div class="bc-label">
+                            <strong>IP Blacklist</strong>
+                            <span>Blocked IPs that are denied access immediately (one per line)</span>
+                        </div>
+                        <textarea class="bc-input bc-input-full" name="<?php echo $this->option_name; ?>[blacklist_ips]" rows="5" placeholder="123.45.67.89&#10;98.76.54.*&#10;"><?php echo esc_textarea($opts['blacklist_ips'] ?? ''); ?></textarea>
+                    </div>
+                    <div class="bc-row">
+                        <div class="bc-label">
+                            <strong>Currently Locked IPs</strong>
+                            <span>IPs that are temporarily locked due to failed attempts</span>
+                        </div>
+                        <div id="locked-ips-list" style="margin-top: 10px;">
+                            <?php
+                            $locked_ips = $this->get_locked_ips();
+                            if (empty($locked_ips)) {
+                                echo '<p style="color: rgba(255,255,255,0.5); font-style: italic;">No IPs currently locked</p>';
+                            } else {
+                                foreach ($locked_ips as $locked) {
+                                    $minutes = ceil($locked['expires_in'] / 60);
+                                    echo '<div class="locked-ip-item" data-hash="' . esc_attr($locked['ip_hash']) . '" style="background: rgba(231, 76, 60, 0.1); padding: 12px; margin-bottom: 8px; border-radius: 6px; display: flex; justify-content: space-between; align-items: center; border-left: 3px solid #e74c3c;">';
+                                    echo '<div>';
+                                    echo '<strong style="font-family: monospace; color: #e74c3c;">IP Hash: ' . esc_html(substr($locked['ip_hash'], 0, 16)) . '...</strong><br>';
+                                    echo '<span style="font-size: 12px; opacity: 0.8;">Unlocks in ' . $minutes . ' minute(s) | ' . esc_html($locked['expires_at']) . '</span>';
+                                    echo '</div>';
+                                    echo '<button type="button" class="unlock-ip-btn" data-hash="' . esc_attr($locked['ip_hash']) . '" style="background: var(--bc-green); color: #0f2c52; border: none; padding: 8px 16px; border-radius: 6px; cursor: pointer; font-weight: 600; font-size: 13px;">Unlock Now</button>';
+                                    echo '</div>';
+                                }
+                            }
+                            ?>
+                        </div>
+                    </div>
                     <!-- General Settings -->
                     <div class="bc-section-title">⚙️ General Settings</div>
 …
                 $('input[name="<?php echo $this->option_name; ?>[delivery_methods][]"]').on('change', toggleDeliveryConfigs);
                 toggleDeliveryConfigs();
+                // Unlock IP functionality
+                $(document).on('click', '.unlock-ip-btn', function(e) {
+                    e.preventDefault();
+                    const btn = $(this);
+                    const ipHash = btn.data('hash');
+                    const container = btn.closest('.locked-ip-item');
+                    if (!confirm('Are you sure you want to unlock this IP?')) return;
+                    btn.prop('disabled', true).text('Unlocking...');
+                    $.ajax({
+                        url: ajaxurl,
+                        type: 'POST',
+                        data: {
+                            action: 'bcshield_unlock_ip',
+                            nonce: '<?php echo wp_create_nonce('bcshield_unlock_nonce'); ?>',
+                            ip_hash: ipHash
+                        },
+                        success: function(response) {
+                            if (response.success) {
+                                container.fadeOut(300, function() {
+                                    $(this).remove();
+                                    if ($('.locked-ip-item').length === 0) {
+                                        $('#locked-ips-list').html('<p style="color: rgba(255,255,255,0.5); font-style: italic;">No IPs currently locked</p>');
+                                    }
+                                });
+                            } else {
+                                alert('Failed to unlock IP: ' + response.data);
+                                btn.prop('disabled', false).text('Unlock Now');
+                            }
+                        },
+                        error: function() {
+                            alert('Error unlocking IP. Please try again.');
+                            btn.prop('disabled', false).text('Unlock Now');
+                        }
+                    });
+                });
             });
         })(jQuery);

basecloud-shield/trunk/readme.txt

-                      r3452630
+                      r3453596
 Requires at least: 5.0
 Tested up to: 6.9
 Stable tag: 1.2.8
+Stable tag: 1.3.0
 Requires PHP: 7.4
 License: GPLv2 or later
 …
 == Changelog ==
+= 1.3.0 =
+**Release Update**
+• Bug fixes and improvements
+• Updated version for deployment
+= 1.3.0 =
+**Advanced IP Management & Security Controls**
+**NEW FEATURES:**
+• IP Whitelist: Add trusted IPs that bypass lockout and rate limiting
+  - Support for exact IPs (169.0.79.28)
+  - Support for wildcards (192.168.*.*)
+  - Support for CIDR notation (10.0.0.0/24)
+  - Current IP displayed for easy whitelisting
+• IP Blacklist: Permanently block malicious IPs from accessing site
+• Manual IP Unlock: Real-time lockout management
+  - View all currently locked IPs in admin panel
+  - See countdown timers for auto-unlock
+  - One-click manual unlock button
+  - Audit trail for all unlock actions
+**SECURITY IMPROVEMENTS:**
+• Whitelisted IPs bypass all lockout checks and rate limiting
+• Blacklist check occurs before authentication processing
+• Enhanced logging for whitelist/blacklist activities
+• Secure AJAX endpoint for IP unlock with nonce verification
+**UI/UX ENHANCEMENTS:**
+• New "Security Controls" section in admin settings
+• Real-time locked IP display with status indicators
+• Color-coded security interface
+• Improved admin panel organization
 = 1.2.8 =

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: