Phase 6: AIOS security plugin with conservative login lockdown config (10 attempts)

wp-content/plugins/all-in-one-wp-security-and-firewall/js/password-strength-tool.js

@@ -0,0 +1,137 @@
+(function($) {
+	$.fn.extend({
+		pwdstr: function(crack_time_calculation, crack_time_message, hibp_message) {
+			return this.each(function() {
+				const check_interval = 500;
+				var last_check_time = 0;
+				$(this).keyup(function() {
+					$(crack_time_calculation).html(getTime($(this).val()));
+					$(crack_time_message).show();
+					$(hibp_message).hide();
+
+					setTimeout(() => {
+						if (Date.now() - last_check_time > check_interval) {
+							last_check_time = Date.now();
+							aios_send_command('hibp_check_password', {password: $(this).val()}, function(response) {
+								if (response.pwned) {
+									$(crack_time_message).hide();
+									$(hibp_message).show();
+								}
+							})
+						}
+					}, check_interval);
+				});
+
+				function getTime(str) {
+					var chars = 0;
+					var rate = 2800000000;
+
+					if ((/[a-z]/).test(str)) chars += 26;
+					if ((/[A-Z]/).test(str)) chars += 26;
+					if ((/[0-9]/).test(str)) chars += 10;
+					if ((/[^a-zA-Z0-9]/).test(str)) chars += 32;
+
+					var pos = Math.pow(chars,str.length);
+					var s = pos/rate;
+					var decimalYears = s/(3600*24*365);
+					var years = Math.floor(decimalYears);
+
+					var decimalMonths = (decimalYears-years)*12;
+					var months = Math.floor(decimalMonths);
+
+					var decimalDays = (decimalMonths-months)*30;
+					var days = Math.floor(decimalDays);
+
+					var decimalHours = (decimalDays-days)*24;
+					var hours = Math.floor(decimalHours);
+
+					var decimalMinutes = (decimalHours-hours)*60;
+					var minutes = Math.floor(decimalMinutes);
+
+					var decimalSeconds = (decimalMinutes-minutes)*60;
+					var seconds = Math.floor(decimalSeconds);
+
+					var time = [];
+
+					if (years > 0) {
+						time.push(years + " " + aios_pwtool_trans.years + ", ");
+					}
+					if (months > 0) {
+						time.push(months + " " + aios_pwtool_trans.months + ", ");
+					}
+					if (days > 0) {
+						time.push(days + " " + aios_pwtool_trans.days + ", ");
+					}
+					if (hours > 0) {
+						time.push(hours + " " + aios_pwtool_trans.hours + ", ");
+					}
+					if (minutes > 0) {
+						time.push(minutes + " " + aios_pwtool_trans.minutes + ", ");
+					}
+					if (seconds > 0) {
+						time.push(seconds + " " + aios_pwtool_trans.seconds + ", ");
+					}
+
+					if (time.length <= 0)
+							time = "" + aios_pwtool_trans.less_than_one_second + ", ";
+					else if (time.length == 1)
+							time = time[0];
+					else time = time[0] + time[1];
+					
+					var field = $('#aiowps_password_test');
+					if (s <= 1 || !field.val()) {
+						//Time to crack < 1 sec
+						complexity = 0;
+					} else if (s > 1 && s <= 43200) {
+						//1 sec < Time to crack < 12hrs
+						complexity = 1;
+					} else if (s > 43200 && s <= 86400) {
+						//12 hrs < Time to crack < 1day
+						complexity = 2;
+					} else if (s > 86400 && s <= 604800) {
+						//1 day < Time to crack < 1wk
+						complexity = 3;
+					} else if (s > 604800 && s <= 2678400) {
+						//1wk < Time to crack < 1mth
+						complexity = 4;
+					} else if (s > 2678400 && s <= 15552000) {
+						//1mth < Time to crack < 6mths
+						complexity = 5;
+					} else if (s > 31536000 && s <= 31536000) {
+						//6mths < Time to crack < 1yrs
+						complexity = 6;
+					} else if (s > 31536000 && s <= 315360000) {
+						//1yrs < Time to crack < 10yrs
+						complexity = 7;
+					} else if (s > 315360000 && s <= 3153600000) {
+						//10yrs < Time to crack < 100yrs
+						complexity = 8;
+					} else if (s > 3153600000 && s <= 31536000000) {
+						//100yrs < Time to crack < 1000yrs
+						complexity = 9;
+					} else if (s > 31536000000) {
+						//1000yrs < Time to crack
+						complexity = 10;
+					}
+					// Rotate the arrow
+					var meterFill = $('#aios_meter_fill');
+					if (str.length === 0) {
+						meterFill.css('width', '0').css('background-color', 'transparent');
+					} else if (complexity < 3) {
+						meterFill.css('width', (complexity * 10) + '%').css('background-color', 'red');
+					} else if (complexity < 6) {
+						meterFill.css('width', (complexity * 10) + '%').css('background-color', 'orange');
+					} else {
+						meterFill.css('width', (complexity * 10) + '%').css('background-color', 'green');
+					}
+					
+					return time.substring(0,time.length-2);
+				}
+			});
+		}
+	});
+	$(document).ready(function() {
+		$('#aiowps_password_test').pwdstr('#aiowps_password_crack_time_calculation', '#aiowps_password_crack_info_text', '#aiowps_password_hibp_info_text');
+	});
+})(jQuery);
+

wp-content/plugins/all-in-one-wp-security-and-firewall/js/remove-weak-pw.js

@@ -0,0 +1,4 @@
+jQuery(document).ready(function($) {
+	$('#pw-weak').remove();
+	$('.pw-weak').remove();
+});

wp-content/plugins/all-in-one-wp-security-and-firewall/js/wp-security-front-script.js

@@ -0,0 +1,32 @@
+jQuery(function($) {
+	// antibot keys are expired then add new keys to comment form
+	if ($('.comment-form-aios-antibot-keys').length && $('#aios_antibot_keys_expiry').length) {
+		if ($('#aios_antibot_keys_expiry').val() < Math.floor(Date.now() / 1000)) {
+			jQuery.ajax({
+				url: AIOS_FRONT.ajaxurl,
+				type: 'post',
+				dataType: 'json',
+				cache: false,
+				data: {
+					action: 'get_antibot_keys',
+					nonce: AIOS_FRONT.ajax_nonce
+				},
+				success: function(resp) {
+					if (resp.hasOwnProperty('error_code')) {
+						console.log("ERROR: " + resp.error_message);
+					} else if (resp.hasOwnProperty('data')) {
+						for (var indx in resp.data) {
+							var input = $("<input>").attr("type", "hidden");
+							input.attr("name", resp.data[indx][0]);
+							input.attr("value", resp.data[indx][1]);
+							$('.comment-form-aios-antibot-keys').append(input);
+						}
+					}
+				},
+				error: function(xhr, text_status, error_thrown) {
+					console.log("ERROR: " + text_status + " : " + error_thrown);
+				}
+			});
+		}
+	}
+});