Changeset 900620
- Timestamp:
- 04/23/2014 03:09:07 AM (12 years ago)
- Location:
- project-force-field
- Files:
-
- 10 added
- 3 edited
-
tags/0.5.1 (added)
-
tags/0.5.1/classes (added)
-
tags/0.5.1/classes/class-base-file-manager.php (added)
-
tags/0.5.1/classes/class-base-system-manager.php (added)
-
tags/0.5.1/classes/class-force-field-rewrite-manager.php (added)
-
tags/0.5.1/classes/class-force-field.php (added)
-
tags/0.5.1/classes/class-wordpress-file-manager.php (added)
-
tags/0.5.1/classes/class-wordpress-system-manager.php (added)
-
tags/0.5.1/project-force-field.php (added)
-
tags/0.5.1/readme.txt (added)
-
trunk/classes/class-force-field.php (modified) (2 diffs)
-
trunk/project-force-field.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
project-force-field/trunk/classes/class-force-field.php
r897390 r900620 47 47 $this->system_manager = $system_manager; 48 48 49 $this->new_login = $new_login;50 51 49 // Add actions to display important messages 52 50 add_action( 'admin_footer', array( $this, 'display_warnings' ) ); 53 51 54 // Add filters to fix the login url 55 add_filter( 'site_url', array( $this, 'fix_the_login_path' ), 10, 4 ); 56 add_filter( 'network_site_url', array( $this, 'fix_network_login_path' ), 10, 3 ); 57 add_filter( 'wp_redirect', array( $this, 'fix_redirect_login_path' ) ); 58 59 // Add action that makes sure the new login path is correct 60 add_action( 'init', array( $this, 'check_polarity' ) ); 61 62 // Add filters/actions for monitoring Brute Force Attacks 63 add_filter( 'wp_login_errors', array( $this, 'sustain_hit' ) ); 64 add_action( self::CHECK_ATTACK_TASK, array( $this, 'check_hits' ) ); 65 add_action( self::STABALIZE_POLARITY_TASK, array( $this, 'stabalize_polarity' ) ); 52 // Only add filters and hooks if Project Force Field is compatible with the site 53 if ( $this->is_force_field_compatible() ) { 54 55 $this->new_login = $new_login; 56 57 // Add filters to fix the login url 58 add_filter( 'site_url', array( $this, 'fix_the_login_path' ), 10, 4 ); 59 add_filter( 'network_site_url', array( $this, 'fix_network_login_path' ), 10, 3 ); 60 add_filter( 'wp_redirect', array( $this, 'fix_redirect_login_path' ) ); 61 62 // Add action that makes sure the new login path is correct 63 add_action( 'init', array( $this, 'check_polarity' ) ); 64 65 // Add filters/actions for monitoring Brute Force Attacks 66 add_filter( 'wp_login_errors', array( $this, 'sustain_hit' ) ); 67 add_action( self::CHECK_ATTACK_TASK, array( $this, 'check_hits' ) ); 68 add_action( self::STABALIZE_POLARITY_TASK, array( $this, 'stabalize_polarity' ) ); 69 70 } 66 71 } 67 72 … … 124 129 ); 125 130 } 131 132 if ( is_multisite() ) { 133 printf( 134 '<div class="error"><p><strong>%s</strong><br />%s</p></div>', 135 __( "Project Force Field doesn't work on WordPress Multisite!", 'project-force-field' ), 136 __( "I'm sorry for the inconvenience, but check back in the future for multisite support.", 'project-force-field' ), 137 $ogff_section_content 138 ); 139 } 140 } 141 142 /** 143 * Checks if Project Force Field is compatible with the current website. 144 * 145 * @since 0.5.1 146 * @todo Remove multisite failure when multisite is supported. 147 * 148 * @return bool true if Project Force Field is compatible with the current site. 149 */ 150 public function is_force_field_compatible() { 151 if ( ! $this->system_manager->is_mod_rewrite_enabled() ) { 152 global $is_apache; 153 if ( ! $is_apache ) { 154 return false; 155 } 156 } 157 158 if ( is_multisite() ) { 159 return false; 160 } 161 162 return true; 126 163 } 127 164 -
project-force-field/trunk/project-force-field.php
r897390 r900620 5 5 * Author: Faison Zutavern 6 6 * Author URI: http://www.orionweb.net/ 7 * Version: 0.5. 07 * Version: 0.5.1 8 8 */ 9 9 … … 32 32 include_once( ABSPATH . 'wp-admin/includes/misc.php' ); 33 33 34 $ new_login = OG_Force_Field::DEFAULT_NEW_LOGIN;34 $ogff_new_login = OG_Force_Field::DEFAULT_NEW_LOGIN; 35 35 36 36 if ( defined( 'OGFF_LOGIN' ) && OGFF_LOGIN ) { 37 $ new_login = OGFF_LOGIN;37 $ogff_new_login = OGFF_LOGIN; 38 38 } 39 39 40 $og_force_field = new OG_Force_Field( new FZ_WordPress_System_Manager(), $ new_login );40 $og_force_field = new OG_Force_Field( new FZ_WordPress_System_Manager(), $ogff_new_login ); 41 41 42 register_activation_hook( __FILE__, array( $og_force_field, 'activate' ) ); 43 register_deactivation_hook( __FILE__, array( $og_force_field, 'deactivate' ) ); 42 if ( $og_force_field->is_force_field_compatible() ) { 43 register_activation_hook( __FILE__, array( $og_force_field, 'activate' ) ); 44 register_deactivation_hook( __FILE__, array( $og_force_field, 'deactivate' ) ); 44 45 45 do_action( 'ogff_ready' ); 46 do_action( 'ogff_ready' ); 47 } -
project-force-field/trunk/readme.txt
r898750 r900620 4 4 Requires at least: 3.8 5 5 Tested up to: 3.9 6 Stable tag: 0.5. 06 Stable tag: 0.5.1 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 21 21 = Features! = 22 22 23 * **Sends a 403 error code to anyone visiting /wp-login.php** - All brute force attacks we've seen target /wp-login.php. By responding with a 403 error, your WordPress files aren't loaded, the Database isn't queried, and the attacker doesn't figure out your password.23 * **Sends a 403 error code to anyone visiting /wp-login.php** - All brute force attacks we've seen target /wp-login.php. By responding with a 403 error, **your WordPress files aren't loaded, the Database isn't queried**, and the attacker doesn't figure out your password. 24 24 * **Changes the default login url** - While a so-called hacker is being deflected by your new Force Field, you will log in with ease at /wp-admin/. When you do that, WordPress will redirect you to the new, proper login url. 25 25 * **Automatically changes the login when a Brute Force Attack is detected** - When too many login failures occur within a minute, Project Force Field shifts polarity! The new login you previously used now responds with a 403 error, and a large random number is now used as your login url! After some time, the login will return back to normal. … … 55 55 Nope. We use Apache, so adding support for any other server wouldn\'t be productive for us. If you, however, are a programmer and know how to make this feature for your server of choice, take what you want from this plugin, develop your version, and let me know so I can link to it :) 56 56 57 = Couldn't you handle this with the WordPress Rewrite API? = 58 59 We wanted to avoid running PHP and loading WordPress just to block a request to wp-login.php. We were experiencing over 100 requests a minute, that started to eat up server resources fast! By taking advantage of Apache's mod_rewrite module, we can block all requests to wp-login.php without loading WordPress. It's great that WordPress has a Rewrite API, but it just isn't the right solution for Project Force Field. 60 57 61 = How do I enable mod_rewrite? = 58 62 … … 73 77 == Changelog == 74 78 79 = 0.5.1 = 80 * **Bugfix**: Prefixed the variable `$new_login` in the file `project-force-field.php` with `ogff_` to avoid potential conflicts with other plugins, themes, or custom code. 81 * **Bugfix**: Added code to stop Project Force Field from trying to work on non-Apache servers and on multisites. 82 * **Enhancement**: Added warning on multisites regarding how Project Force Field doesn't currently work on multisites. 83 75 84 = 0.5.0 = 76 85 * Initial Release. … … 78 87 == Upgrade Notice == 79 88 89 = 0.5.1 = 90 This version stops Project Force Field from running on sites that it can't work on, which includes non-Apache servers and multisites. Also adds a quick bugfix to avoid potential plugin/theme conflicts. 91 80 92 = 0.5.0 = 81 93 You shouldn't have a version before this, so you should update now!
Note: See TracChangeset
for help on using the changeset viewer.