brianhansonxyz/homeproz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 6: AIOS security plugin with conservative login lockdown config (10 attempts)

Browse Source
This commit is contained in:
Hanson.xyz Dev
2025-11-28 17:19:54 -06:00
parent 78a744ef06
commit abbd3502e8
430 changed files with 137111 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/admin/incompatible-plugin.php
Executable
+20
View File
@@ -0,0 +1,20 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="wrap">
<div>
<h1><?php esc_html_e('Two Factor Authentication', 'all-in-one-wp-security-and-firewall'); ?></h1>
</div>
<div class="error">
<h3><?php esc_html_e('Two Factor Authentication currently disabled', 'all-in-one-wp-security-and-firewall');?></h3>
<p>
<?php /* translators: %s: Incompatible plugin name. */ ?>
<?php printf(esc_html__('Two factor authentication in All In One WP Security is currently disabled because the incompatible plugin %s is active.', 'all-in-one-wp-security-and-firewall'), esc_html($incompatible_plugin)); ?>
</p>
</div>
<?php /* translators: %s: Incompatible plugin name. */ ?>
<div><?php printf(esc_html__('Two factor authentication in All In One WP Security is currently disabled because the incompatible plugin %s is active.', 'all-in-one-wp-security-and-firewall'), esc_html($incompatible_plugin)); ?></div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/info/ip-address-ip-range-info.php
Executable
+16
View File
@@ -0,0 +1,16 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__("You can add comments to the IP entries by placing a '#' at the start of a line.", 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('This can be useful for annotating each IP address with notes (e.g., identifying the individual or system associated with the IP).', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('To specify an IPv4 range use a wildcard "*" character, acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('To specify an IPv6 range use CIDR format as shown in the examples below:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('Example 4: 2401:4900:54c3:af15:2:2:5dc0:0/112', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('Example 5: 2001:db8:1263::/48', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/cookie-based-brute-force-prevention-disabled.php
Executable
+9
View File
@@ -0,0 +1,9 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="error">
<h3><?php echo esc_html__('Cookie based brute force login prevention currently disabled', 'all-in-one-wp-security-and-firewall');?></h3>
<p>
<?php /* translators %s: wp-config.php path */ ?>
<?php echo sprintf(esc_html__('Cookie based brute force login prevention is currently disabled via the AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION constant (which is most likely to be defined in your %s)', 'all-in-one-wp-security-and-firewall'), esc_html(AIOWPSecurity_Utility_File::get_home_path()) . 'wp-config.php'); ?>
</p>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/custom-notice.php
Executable
+39
View File
@@ -0,0 +1,39 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="aiowps_ad_container error">
<div class="aiowps_notice_container">
<div class="aiowps_advert_content_right">
<h3 class="aiowps_advert_heading">
<?php // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. Escaping done in wp-security-notices.php ?>
<?php echo $title; ?>
<div class="aiowps_advert_dismiss">
<?php if (!empty($dismiss_time)) { ?>
<a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>'}});"><?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
<?php } else { ?>
<a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp();"><?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
<?php } ?>
</div>
</h3>
<p>
<?php // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP errpr. Escaping done in wp-security-notices.php ?>
<?php echo $text; ?>
</p>
<?php
if (!empty($button_link) && !empty($button_meta)) {
?>
<p>
<a class="aiowps_notice_link button button-primary" href="<?php esc_url($button_link);?>">
<?php echo esc_html($button_meta); ?>
</a>
<a class="aiowps_notice_link button button-secondary" style="margin-left: 8px;" href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', dismiss_forever: '1'}});">
<?php esc_html_e('No', 'all-in-one-wp-security-and-firewall'); ?>
</a>
</p>
<?php
}
?>
</div>
</div>
<div class="clear"></div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/disable-login-whitelist.php
Executable
+8
View File
@@ -0,0 +1,8 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="error">
<h3><?php esc_html_e('Login whitelisting currently disabled', 'all-in-one-wp-security-and-firewall');?></h3>
<p>
<?php esc_html_e('Login whitelisting is currently disabled via the AIOS_DISABLE_LOGIN_WHITELIST constant (which is mostly likely to be defined in your wp-config.php)', 'all-in-one-wp-security-and-firewall'); ?>
</p>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/firewall-installed-notice.php
Executable
+9
View File
@@ -0,0 +1,9 @@
<div id="aios-firewall-installed-notice" class='notice notice-success is-dismissible'>
<p><strong><?php esc_html_e('All-In-One Security', 'all-in-one-wp-security-and-firewall'); ?></strong></p>
<p>
<?php
echo esc_html__('Your firewall has been installed with the highest level of protection.', 'all-in-one-wp-security-and-firewall').' '.
esc_html__('You may have to wait 5 minutes for the changes to take effect.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/firewall-setup-notice.php
Executable
+33
View File
@@ -0,0 +1,33 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div id="aios-firewall-setup-notice" class="notice notice-information">
<form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="POST">
<?php wp_nonce_field('aiowpsec-firewall-setup'); ?>
<input type="hidden" name="action" value="aiowps_firewall_setup">
<p>
<strong><?php esc_html_e('All-In-One Security', 'all-in-one-wp-security-and-firewall'); ?></strong>
</p>
<p>
<?php echo esc_html__('Our PHP-based firewall has been created to give you even greater protection.', 'all-in-one-wp-security-and-firewall') . ' ' .
esc_html__('To ensure the PHP-based firewall runs before any potentially vulnerable code in your WordPress site can be reached, it will need to be set up.', 'all-in-one-wp-security-and-firewall');
?>
</p>
<p>
<?php esc_html_e('If you already have our .htaccess-based firewall enabled, you will still need to set up the PHP-based firewall to benefit from its protection.', 'all-in-one-wp-security-and-firewall'); ?>
</p>
<p>
<?php esc_html_e('To set up the PHP-based firewall, press the \'Set up now\' button below:', 'all-in-one-wp-security-and-firewall'); ?>
</p>
<div style='padding-bottom: 10px; padding-top:10px;'>
<input class="button button-primary" type="submit" name="btn_setup_now" value="<?php esc_html_e('Set up now', 'all-in-one-wp-security-and-firewall'); ?>">
</form>
<?php if ($show_dismiss) { ?>
<form action="<?php echo esc_url(admin_url('admin-post.php')); ?>" method="POST" style='display:inline;'>
<?php wp_nonce_field('aiowpsec-firewall-setup-dismiss'); ?>
<input type="hidden" name="action" value="aiowps_firewall_setup_dismiss">
<input class="button button-secondary" type="submit" name="btn_dismiss_setup_now" value="<?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?>">
</form>
<?php } ?>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/horizontal-notice.php
Executable
+104
View File
@@ -0,0 +1,104 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<?php if (!empty($button_meta) && 'review' == $button_meta) : ?>
<div class="aiowps_ad_container updated">
<div class="aiowps_notice_container aiowps_review_notice_container">
<div class="aiowps_advert_content_left_extra">
<?php // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- PCP error. Image hard coded. Cannot be enqueued. ?>
<img src="<?php echo esc_url(AIO_WP_SECURITY_URL) . '/images/' . esc_attr($image);?>" width="100" alt="<?php esc_html_e('notice image', 'all-in-one-wp-security-and-firewall');?>" />
</div>
<div class="aiowps_advert_content_right">
<p>
<?php echo wp_kses_post($text); ?>
</p>
<?php if (!empty($button_link)) { ?>
<div class="aiowps_advert_button_container">
<a class="button button-primary" href="<?php echo esc_url($button_link);?>" target="_blank" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', dismiss_forever: '1'}});">
<?php esc_html_e('Review', 'all-in-one-wp-security-and-firewall'); ?>
</a>
<div class="dashicons dashicons-calendar"></div>
<a class="aiowps_notice_link" href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', dismiss_forever: '0'}});">
<?php esc_html_e('Maybe later', 'all-in-one-wp-security-and-firewall'); ?>
</a>
<div class="dashicons dashicons-no-alt"></div>
<a class="aiowps_notice_link" href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', dismiss_forever: '1'}});">
<?php esc_html_e('Never', 'all-in-one-wp-security-and-firewall'); ?>
</a>
</div>
<?php } ?>
</div>
</div>
<div class="clear"></div>
</div>
<?php else : ?>
<div class="aiowps_ad_container updated">
<div class="aiowps_notice_container">
<div class="aiowps_advert_content_left">
<?php // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- PCP error. Image hard coded. Cannot be enqueued. ?>
<img src="<?php echo esc_url(AIO_WP_SECURITY_URL) . '/images/' . esc_attr($image);?>" width="60" height="60" alt="<?php esc_html_e('notice image', 'all-in-one-wp-security-and-firewall');?>" />
</div>
<div class="aiowps_advert_content_right">
<h3 class="aiowps_advert_heading">
<?php
if (!empty($prefix)) echo esc_html($prefix) . ' ';
echo wp_kses_post($title);
?>
<div class="aiowps_advert_dismiss">
<?php if (!empty($dismiss_time)) { ?>
<a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>'}});"><?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
<?php } else { ?>
<a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp();"><?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
<?php } ?>
</div>
</h3>
<p>
<?php
echo wp_kses_post($text);
if ('inline' == $button_meta) {
?>
<br>
<a href="<?php echo esc_attr(apply_filters('updraftplus_com_link', $button_link));?>"><strong><?php echo esc_html($button_text); ?></strong></a>
<?php
echo wp_kses_post($text2);
}
if (isset($discount_code)) echo ' <b>' . esc_html($discount_code) . '</b>';
if (!empty($button_link) && !empty($button_meta) && 'inline' != $button_meta) {
?>
<a class="aiowps_notice_link" href="<?php echo esc_url($button_link);?>"><?php
if ('updraftcentral' == $button_meta) {
esc_html_e('Get UpdraftCentral', 'all-in-one-wp-security-and-firewall');
} elseif ('updraftplus' == $button_meta) {
esc_html_e('Get UpdraftPlus', 'all-in-one-wp-security-and-firewall');
} elseif ('wp-optimize' == $button_meta) {
esc_html_e('Get WP-Optimize', 'all-in-one-wp-security-and-firewall');
} elseif ('all-in-one-wp-security-and-firewall' == $button_meta) {
esc_html_e('Get Premium.', 'all-in-one-wp-security-and-firewall');
} elseif ('signup' == $button_meta) {
esc_html_e('Sign up', 'all-in-one-wp-security-and-firewall');
} elseif ('go_there' == $button_meta) {
esc_html_e('Go there', 'all-in-one-wp-security-and-firewall');
} elseif ('learn_more' == $button_meta) {
esc_html_e('Learn more', 'all-in-one-wp-security-and-firewall');
} else {
esc_html_e('Read more', 'all-in-one-wp-security-and-firewall');
}
?></a>
<?php
}
?>
</p>
</div>
</div>
<div class="clear"></div>
</div>
<?php
endif;
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/htaccess-to-php-feature-notice.php
Executable
+43
View File
@@ -0,0 +1,43 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="aiowps_ad_container error">
<div class="aiowps_notice_container">
<div class="aiowps_advert_content_right">
<h3 class="aiowps_advert_heading">
<?php echo esc_html($title); ?>
<div class="aiowps_advert_dismiss">
<?php if (!empty($dismiss_time)) { ?>
<a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>'}});"><?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
<?php } else { ?>
<a href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp();"><?php esc_html_e('Dismiss', 'all-in-one-wp-security-and-firewall'); ?></a>
<?php } ?>
</div>
</h3>
<p>
<?php echo wp_kses_post($text); ?>
</p>
<?php
if (!empty($button_link) && !empty($button_meta)) {
?>
<p>
<a class="aiowps_notice_link button button-secondary" href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', turn_it_back_on: '1'}});">
<?php echo esc_html($action_button_text); //Turn it back on ?>
</a>
<a class="aiowps_notice_link button button-secondary" style="margin-left: 8px;" href="#" onclick="jQuery(this).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', dismiss_forever: '1'}});">
<?php echo esc_html($dismiss_text); // Keep it off ?>
</a>
<a style="margin-left: 8px;" class="aiowps_notice_link button button-secondary" href="javascript:void(0);" onclick="jQuery(this).prop('disabled', true ).closest('.aiowps_ad_container').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: '<?php echo esc_js($dismiss_time);?>', dismiss_forever: '1'}}, function(resp) {
window.location.href = '<?php echo esc_js($button_link); ?>';
return false;
}).done(function() { jQuery(this).prop('disabled', false); });">
<?php echo esc_js($button_meta); // Edit the settings ?>
</a>
</p>
<?php
}
?>
</div>
</div>
<div class="clear"></div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/notices/thanks-for-using-main-dash.php
Executable
+84
View File
@@ -0,0 +1,84 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div id="aiowps-dashnotice" class="updated">
<?php /* translators: %s: Number of months */ ?>
<div style="float: right;"><a href="#" onclick="jQuery('#aiowps-dashnotice').slideUp(); jQuery.post(ajaxurl, {action: 'aios_ajax', subaction: 'dismiss_notice', nonce: '<?php echo esc_js(wp_create_nonce('wp-security-ajax-nonce')); ?>', data: { notice: 'dismissdashnotice'}});"><?php printf(esc_html__('Dismiss (for %s months)', 'all-in-one-wp-security-and-firewall'), 12); ?></a></div>
<h3>
<?php
if (AIOWPSecurity_Utility_Permissions::is_premium_installed()) {
esc_html_e('Thank you for using All-In-One Security Premium!', 'all-in-one-wp-security-and-firewall');
} else {
esc_html_e('Thank you for using All-In-One Security!', 'all-in-one-wp-security-and-firewall');
}
?>
</h3>
<?php // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- Image does not have an attachment number. Cannot use image attachment API. ?>
<a href="https://teamupdraft.com/all-in-one-security/"><img id="aiowps-notice-logo" alt="All-In-One Security" src="<?php echo esc_url(AIO_WP_SECURITY_URL) . '/images/plugin-logos/aios_logo_wide.svg'; ?>"></a>
<div id="aiowps-dashnotice_wrapper" style="max-width: 800px;">
<p>
<?php
esc_html_e('Protect your investment with the ultimate in WordPress website security.', 'all-in-one-wp-security-and-firewall');
echo '&nbsp;';
if (!AIOWPSecurity_Utility_Permissions::is_premium_installed()) {
printf(
/* translators: %s 'AIOS Premium' URL */
esc_html__('Get malware scanning, country blocking, premium support and more advanced security features with %s.', 'all-in-one-wp-security-and-firewall'),
'<a href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=aios-premium&utm_creative_format=advert" target="_blank">' . esc_html__('AIOS Premium', 'all-in-one-wp-security-and-firewall') . '</a>'
);
}
?>
</p>
<p><?php esc_html_e('Explore more top-rated plugins', 'all-in-one-wp-security-and-firewall'); ?> :</p>
<ul>
<li>
<a href="https://teamupdraft.com/wp-optimize/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=wp-optimize-premium&utm_creative_format=advert" target="_blank">
<strong><?php esc_html_e('WP-Optimize Premium:', 'all-in-one-wp-security-and-firewall'); ?></strong>
</a>
<?php
esc_html_e('Unlock new ways to speed up your WordPress website.', 'all-in-one-wp-security-and-firewall');
echo '&nbsp;';
esc_html_e('Optimize from the WP-CLI, cache multilingual and multi currency websites and more.', 'all-in-one-wp-security-and-firewall');
?>
</li>
<li>
<a href="https://teamupdraft.com/updraftplus/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=updraftplus-premium&utm_creative_format=advert" target="_blank">
<strong><?php esc_html_e('UpdraftPlus Premium:', 'all-in-one-wp-security-and-firewall'); ?></strong>
</a>
<?php
esc_html_e('Schedule automatic backups, run backups before updates, and restore with ease.', 'all-in-one-wp-security-and-firewall');
?>
</li>
<li>
<a href="https://burst-statistics.com/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=burst-statistics&utm_creative_format=advert" target="_blank">
<strong><?php esc_html_e('Burst Statistics:', 'all-in-one-wp-security-and-firewall'); ?></strong>
</a>
<?php
esc_html_e('Privacy-friendly analytics that lets you track traffic without collecting personal data.', 'all-in-one-wp-security-and-firewall');
?>
</li>
<li>
<a href="https://www.internallinkjuicer.com/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=internal-link-juicer&utm_creative_format=advert" target="_blank">
<strong><?php esc_html_e('Internal Link Juicer:', 'all-in-one-wp-security-and-firewall'); ?></strong>
</a>
<?php
esc_html_e('Automatically build internal links to save time and boost SEO.', 'all-in-one-wp-security-and-firewall');
echo '&nbsp;';
esc_html_e('You dont have to be an SEO expert to use this plugin!', 'all-in-one-wp-security-and-firewall');
?>
</li>
<li>
<a href="https://wpovernight.com/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=wp-overnight&utm_creative_format=advert" target="_blank">
<strong><?php esc_html_e('WP Overnight:', 'all-in-one-wp-security-and-firewall'); ?></strong>
</a>
<?php
esc_html_e('Premium WooCommerce add-ons built to optimize your store, improve UX, and increase revenue.', 'all-in-one-wp-security-and-firewall');
?>
</li>
</ul>
<p>
<?php echo '<strong>' . esc_html__('Browse more', 'all-in-one-wp-security-and-firewall') . ' </strong>' . '<a href="https://www.simbahosting.co.uk/s3/shop/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-woocommerce-plugins&utm_creative_format=advert" target="_blank">' . esc_html__('Premium WooCommerce plugins', 'all-in-one-wp-security-and-firewall') . '</a>'; ?>
</p>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/partials/non-apache-feature-notice.php
Executable
+16
View File
@@ -0,0 +1,16 @@
<?php
if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed');
if (!AIOWPSecurity_Utility::is_apache_server()) {
?>
<div class="aio_red_box">
<p>
<?php
echo '<strong>' . esc_html__('Attention:', 'all-in-one-wp-security-and-firewall') . '</strong> ' . esc_html__('This feature works only on the Apache server.', 'all-in-one-wp-security-and-firewall') . ' ';
/* translators: %s: Server software */
echo sprintf(esc_html__("You are using the non-apache server %s, so this feature won't work on your site.", 'all-in-one-wp-security-and-firewall'), esc_html(AIOWPSecurity_Utility::get_server_software()));
?>
</p>
</div>
<?php
}
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/404-detection.php
Executable
+130
View File
@@ -0,0 +1,130 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('404 detection configuration', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'. esc_html__('A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.', 'all-in-one-wp-security-and-firewall') . '
<br />' . esc_html__('Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn\'t exist anymore.', 'all-in-one-wp-security-and-firewall').'
<br />' . esc_html__('However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs.', 'all-in-one-wp-security-and-firewall').'
<br />' . esc_html__('Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons.', 'all-in-one-wp-security-and-firewall');
// translators: %1$s - Open strong tag, %2$s - Close strong tag.
echo '<br/>' . wp_kses_post(apply_filters('aios_smart_404_notice', __('With this feature enabled, you can use the table below to manually temporarily block IP addresses.', 'all-in-one-wp-security-and-firewall') . '<br />' . sprintf(__('The %1$s Smart 404 %2$s feature in Premium automatically detects and blocks these IP addresses.', 'all-in-one-wp-security-and-firewall'), '<strong>', '</strong>')));
?>
</div>
<?php
if (!defined('AIOWPSECURITY_NOADS_B') || !AIOWPSECURITY_NOADS_B) {
?>
<div class="aio_grey_box">
<?php
$premium_plugin_link = '<strong><a href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-cta-on-brute-force-tab&utm_creative_format=text" target="_blank">'.esc_html__('All-In-One Security Premium', 'all-in-one-wp-security-and-firewall').'</a></strong>';
/* translators: %s: Premium upgrade link */
$info_msg = sprintf(esc_html__('You may also be interested in %s.', 'all-in-one-wp-security-and-firewall'), $premium_plugin_link);
/* translators: 1: open strong tag, 2: close strong tag. */
$info_msg2 = sprintf(esc_html__('This plugin adds a number of extra features including %1$s and %2$s.', 'all-in-one-wp-security-and-firewall'), '<strong>'.esc_html__('smart 404 blocking', 'all-in-one-wp-security-and-firewall').'</strong>', '<strong>'.esc_html__('country IP blocking', 'all-in-one-wp-security-and-firewall').'</strong>');
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variables already escaped.
echo '<p>'. $info_msg . '<br />' . $info_msg2 . '</p>';
?>
</div>
<?php
}
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('404 detection options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-enable-404-blocking-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-enable-404-blocking");
?>
</div>
<form action="" id="aios-404-detection-settings-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable 404 IP detection', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this option to detect IP addresses that return 404 errors.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_404_IP_lockout', '1' == $aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout')); ?>
</div>
</td>
</tr>
<!-- currently this option is automatically set when the aiowps_enable_404_IP_lockout feature is turned on
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable 404 event logging', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<input name="aiowps_enable_404_logging" type="checkbox"<?php if ($aio_wp_security->configs->get_value('aiowps_enable_404_logging')=='1') echo ' checked="checked"'; ?> value="1"/>
<span class="description"><?php esc_html_e('Check this if you want to enable the logging of 404 events', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
-->
<tr valign="top">
<th scope="row"><label for="aiowps_404_lockout_time_length"><?php esc_html_e('Time length of 404 lockout (minutes)', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_404_lockout_time_length" type="text" size="5" name="aiowps_404_lockout_time_length" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_404_lockout_time_length')); ?>" />
<span class="description"><?php esc_html_e('Set the length of time for which a blocked IP address will be prevented from visiting your site', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_404_lock_redirect_url"><?php esc_html_e('404 lockout redirect URL', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_404_lock_redirect_url" type="text" size="50" name="aiowps_404_lock_redirect_url" value="<?php echo esc_url($aio_wp_security->configs->get_value('aiowps_404_lock_redirect_url'), array('http', 'https')); ?>" />
<span class="description"><?php esc_html_e('A blocked visitor will be automatically redirected to this URL.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_404_detect_options" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="aios-404-detection-container <?php if ('1' !== $aio_wp_security->configs->get_value('aiowps_enable_404_IP_lockout')) echo 'aio_hidden'; ?>">
<div class="postbox" id="aios-404-event-logs-table">
<h3 class="hndle"><label for="title"><?php esc_html_e('404 event logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
// translators: %1$d - Purge event records after number of days.
echo '<p>' . esc_html__('This list displays the 404 event logs when somebody tries to access a non-existent page on your website.', 'all-in-one-wp-security-and-firewall').'<br/><strong>'.sprintf(esc_html__('404 event logs that are older than %1$d days are purged automatically.', 'all-in-one-wp-security-and-firewall'), esc_html(apply_filters('aios_purge_events_records_after_days', AIOS_PURGE_EVENTS_RECORDS_AFTER_DAYS))).'</strong></p>';
// Fetch, prepare, sort, and filter our data...
$event_list_404->prepare_items();
// echo "put table of locked entries here";
?>
<form id="tables-filter" method="post">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
<?php $event_list_404->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_404_events'); ?>
<?php
if (isset($tab)) {
echo '<input type="hidden" name="tab" value="'.esc_attr($tab).'" />';
}
?>
<!-- Now we can render the completed list table -->
<?php $event_list_404->display(); ?>
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Export to CSV', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="POST" action="">
<?php wp_nonce_field('aiowpsec-export-404-event-logs-to-csv-nonce'); ?>
<table class="form-table">
<tr valign="top">
<span class="description"><?php esc_html_e('Press this button if you wish to download this log in CSV format.', 'all-in-one-wp-security-and-firewall'); ?></span>
</tr>
</table>
<input type="submit" name="aiowps_export_404_event_logs_to_csv" value="<?php esc_html_e('Export to CSV', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary"/>
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Delete all 404 event logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" id="aios-delete-404-form">
<table class="form-table">
<tr valign="top">
<span class="description"><?php esc_html_e('Press this button if you wish to purge all 404 event logs from the DB.', 'all-in-one-wp-security-and-firewall'); ?></span>
</tr>
</table>
<input type="submit" name="aiowps_delete_404_event_records" value="<?php esc_html_e('Delete all 404 event logs', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" onclick="return confirm('<?php echo esc_js(__('Are you sure you want to delete all records?', 'all-in-one-wp-security-and-firewall'));?>')">
</form>
</div>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/captcha-provider.php
Executable
+93
View File
@@ -0,0 +1,93 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php _e('CAPTCHA provider', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside aiowps-settings">
<?php if ($aio_wp_security->is_login_lockdown_by_const()) { ?>
<div class="aio_red_box">
<p>
<?php
echo __('CAPTCHA will not work because you have disabled login lockout by activating the AIOS_DISABLE_LOGIN_LOCKOUT constant value in a configuration file.', 'all-in-one-wp-security-and-firewall').'
<br>'.__('To enable it, define AIOS_DISABLE_LOGIN_LOCKOUT constant value as false, or remove it.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
<?php } ?>
<?php
$turnstile_link = '<a href="https://developers.cloudflare.com/turnstile/get-started/" target="_blank">Cloudflare Turnstile</a>';
$recaptcha_link = '<a href="https://www.google.com/recaptcha" target="_blank">Google reCAPTCHA v2</a>';
echo sprintf('<p>' . __('This feature allows you to add a CAPTCHA form on various WordPress login pages and forms.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Adding a CAPTCHA form on a login page or form is another effective yet simple "Brute Force" prevention technique.', 'all-in-one-wp-security-and-firewall') .
'<br>' . __('You have the option of using either %s, %s or a plain maths CAPTCHA form.', 'all-in-one-wp-security-and-firewall') . '</p>', $turnstile_link, $recaptcha_link);
echo sprintf('<p>' . __('We recommend %s as a more privacy-respecting option than %s', 'all-in-one-wp-security-and-firewall') . '</p>', '<a href="https://blog.cloudflare.com/turnstile-private-captcha-alternative/" target="_blank">Cloudflare Turnstile</a>', 'Google reCAPTCHA');
?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Default CAPTCHA', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<select name="aiowps_default_captcha" id="aiowps_default_captcha">
<?php
$output = '';
foreach ($supported_captchas as $key => $value) {
$output .= "<option value=\"".esc_attr($key)."\" ";
if ($key == $default_captcha) $output .= 'selected="selected"';
$output .= ">".htmlspecialchars($value) ."</option>\n";
}
echo $output;
?>
</select>
</td>
</tr>
</table>
<div id="aios-cloudflare-turnstile" class="aio_grey_box captcha_settings <?php if ('cloudflare-turnstile' !== $default_captcha) echo 'aio_hidden'; ?>">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_turnstile_site_key"><?php _e('Site key', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_turnstile_site_key" type="text" size="50" name="aiowps_turnstile_site_key" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_turnstile_site_key')); ?>" />
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_turnstile_secret_key"><?php _e('Secret key', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<input id="aiowps_turnstile_secret_key" type="text" size="50" name="aiowps_turnstile_secret_key" value="<?php echo esc_attr(AIOWPSecurity_Utility::mask_string($aio_wp_security->configs->get_value('aiowps_turnstile_secret_key'))); ?>">
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_turnstile_theme"><?php _e('Theme', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<select name="aiowps_turnstile_theme" id="aiowps_turnstile_theme">
<?php
$output = '';
foreach ($captcha_themes as $key => $value) {
$output .= "<option value=\"".esc_attr($key)."\" ";
if ($key == $captcha_theme) $output .= 'selected="selected"';
$output .= ">".htmlspecialchars($value) ."</option>\n";
}
echo $output;
?>
</select>
</td>
</tr>
</table>
</div>
<div id="aios-google-recaptcha-v2" class="aio_grey_box captcha_settings <?php if ('google-recaptcha-v2' !== $default_captcha) echo 'aio_hidden'; ?>">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_recaptcha_site_key"><?php _e('Site key', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_recaptcha_site_key" type="text" size="50" name="aiowps_recaptcha_site_key" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_recaptcha_site_key')); ?>" />
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_recaptcha_secret_key"><?php _e('Secret key', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<input id="aiowps_recaptcha_secret_key" type="text" size="50" name="aiowps_recaptcha_secret_key" value="<?php echo esc_attr(AIOWPSecurity_Utility::mask_string($aio_wp_security->configs->get_value('aiowps_recaptcha_secret_key'))); ?>">
</td>
</tr>
</table>
</div>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/captcha-settings.php
Executable
+64
View File
@@ -0,0 +1,64 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<form action="" id="aios-captcha-settings-form">
<?php
$templates = array(
'wordpress-forms' => array(
'title' => __('Wordpress forms', 'all-in-one-wp-security-and-firewall'),
),
'woo-captcha' => array(
'title' => __('Woocommerce forms', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility', 'is_woocommerce_plugin_active'),
),
'other-plugins' => array(
'title' => __('Other forms', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility', 'is_other_form_plugins_active'),
),
);
$aio_wp_security->include_template('wp-admin/brute-force/captcha-provider.php', false, array('default_captcha' => $default_captcha, 'supported_captchas' => $supported_captchas, 'captcha_themes' => $captcha_themes, 'captcha_theme' => $captcha_theme));
$templates = apply_filters('aiowps_modify_captcha_settings_template', $templates);
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Nonce check occurred outside of template.
$subtab = isset($_GET['subtab']) ? sanitize_text_field(wp_unslash($_GET['subtab'])) : '';
?>
<div id="aios-captcha-options" <?php if ('none' === $default_captcha) echo 'class="aio_hidden"'; ?>>
<div class="aiowps-postbox-container">
<div class="aiowps-rules">
<h3 class="hndle"><?php esc_html_e('Settings', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div id="aiowps-rule-search">
<span class="dashicons dashicons-search"></span>
<input type="text" placeholder="<?php esc_html_e('Search', 'all-in-one-wp-security-and-firewall'); ?>" class="aiowps-search">
<span class="dashicons dashicons-no-alt clear-search"></span>
</div>
<ul class="aiowps-rule-list">
<?php
if (empty($templates)) return;
$first_template = reset($templates);
$first_title = $first_template['title'];
foreach ($templates as $key => $template) {
// Check if the current title is the first title
$title = $template['title'];
$class = 'class="aiowps-template-list-item';
$class .= ($key === $subtab || $title === $first_title) ? " aiowps-active" : '';
$class .= '"';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- No user input for $class.
echo '<li data-template="' . esc_attr($key) . '" ' . $class . '><span class="aiowps-rule-title">' . esc_html($title) . '</span></li>';
}
?>
</ul>
</div>
<div class="aiowps-settings">
<?php
foreach ($templates as $key => $template) {
$aio_wp_security->include_template('wp-admin/brute-force/partials/' . esc_attr($key) . '.php');
}
?>
</div>
</div>
</div>
<div class="aiowps-actions">
<?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_captcha_settings');?>
</div>
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/cookie-based-brute-force-prevention.php
Executable
+165
View File
@@ -0,0 +1,165 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Brute force prevention firewall settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
// TODO - need to fix the following message
echo '<p>' . esc_html__('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.', 'all-in-one-wp-security-and-firewall').'<br>' . esc_html__('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.', 'all-in-one-wp-security-and-firewall').'<br>' . esc_html__('The features in this tab will stop the majority of brute force login attacks thus providing even better protection for your WP login page.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div class="aio_yellow_box">
<?php
$tutorial_link = '<a href="https://teamupdraft.com/documentation/all-in-one-security/faqs/how-to-use-cookie-based-brute-force-login-attack-prevention-feature/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=tutorial-on-brute-force-prevention&utm_creative_format=text" target="_blank">' . esc_html__('Read our tutorial on how to use the cookie-based brute force prevention feature', 'all-in-one-wp-security-and-firewall') . '</a>';
/* translators: %s: Tutorial link. */
$info_msg = sprintf(esc_html__('%s.', 'all-in-one-wp-security-and-firewall'), $tutorial_link);
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Data already escaped.
echo '<p>' . $info_msg . '</p>';
?>
</div>
<?php
if (defined('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION') && AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION) {
$aio_wp_security->include_template('notices/cookie-based-brute-force-prevention-disabled.php');
}
?>
<div id="aios-brute-force-info-box"></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Cookie based brute force login prevention', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-enable-brute-force-attack-prevention-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-enable-brute-force-attack-prevention");
?>
</div>
<form action="" id="aios-cookie-based-settings-form">
<div class="aio_orange_box">
<p>
<?php /* translators: %s: Notes link. */ ?>
<?php echo esc_html__('This feature can lock you out of admin if it doesn\'t work correctly on your site.', 'all-in-one-wp-security-and-firewall').' ' . sprintf(esc_html__('Before activating this feature, please read the following %s.', 'all-in-one-wp-security-and-firewall'), '<a href="https://teamupdraft.com/documentation/all-in-one-security/faqs/important-note-on-intermediate-and-advanced-features/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=you-must-read-this-to-activate-brute-force-login-prevention-feature&utm_creative_format=text" target="_blank">' . esc_html__('message', 'all-in-one-wp-security-and-firewall') . '</a>'); ?>
</p>
</div>
<div id="cookie-test-result-div">
</div>
<div id="aios-perform-cookie-test-div">
<?php
$cookie_test_value = $aio_wp_security->configs->get_value('aiowps_cookie_test_success');
$disable_brute_force_feature_input = true;
// If the cookie test is successful or if the feature is already enabled then go ahead as normal
if ('1' == $cookie_test_value || '1' == $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')) {
$disable_brute_force_feature_input = false;
} else {
$aio_wp_security->include_template('wp-admin/brute-force/partials/cookie-test-container.php', false);
}
$disable_brute_force_sub_fields = !$aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention');
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable brute force attack prevention', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to protect your login page from a brute force attack.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_brute_force_attack_prevention', $aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('To use this feature do the following:', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('1) Enable the checkbox.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
echo esc_html__('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).', 'all-in-one-wp-security-and-firewall');
echo '<br>';
echo esc_html__('3) You will then be provided with a special login URL.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('You will need to use this URL to login to your WordPress site instead of the usual login URL.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_brute_force_secret_word"><?php esc_html_e('Secret word', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_brute_force_secret_word" type="text" size="40" name="aiowps_brute_force_secret_word" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_brute_force_secret_word')); ?>"<?php disabled($disable_brute_force_sub_fields); ?>>
<span class="description"><?php echo esc_html__('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('You are highly encouraged to choose a word which will be difficult to guess.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_cookie_based_brute_force_redirect_url"><?php esc_html_e('Re-direct URL', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_cookie_based_brute_force_redirect_url" type="text" size="40" name="aiowps_cookie_based_brute_force_redirect_url" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_cookie_based_brute_force_redirect_url')); ?>" <?php disabled($disable_brute_force_sub_fields); ?> />
<span class="description">
<?php
esc_html_e('Specify a URL to redirect a hacker to when they try to access your WordPress login page.', 'all-in-one-wp-security-and-firewall');
?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('The URL specified here can be any site\'s URL and does not have to be your own.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('This field will default to: http://127.0.0.1 if you do not enter a value.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('Useful Tip:', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('My site has posts or pages which are password protected', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.', 'all-in-one-wp-security-and-firewall'), 'aiowps_brute_force_attack_prevention_pw_protected_exception', '1' == $aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_pw_protected_exception')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added so that people trying to access pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('By enabling this checkbox, the plugin will add the necessary rules and exceptions so that people trying to access these pages are not automatically blocked.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
echo "<strong>" . esc_html__('Helpful Tip:', 'all-in-one-wp-security-and-firewall') . "</strong>";
echo '<br>';
esc_html_e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('My site has a theme or plugins which use AJAX', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if your site uses AJAX functionality.', 'all-in-one-wp-security-and-firewall'), 'aiowps_brute_force_attack_prevention_ajax_exception', '1' == $aio_wp_security->configs->get_value('aiowps_brute_force_attack_prevention_ajax_exception')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('In the cases where your WordPress installation has a theme or plugin that uses AJAX, a few extra lines of directives and exceptions need to be added to prevent AJAX requests from being automatically blocked by the brute force prevention feature.', 'all-in-one-wp-security-and-firewall');
echo '<br>';
esc_html_e('By enabling this checkbox, the plugin will add the necessary rules and exceptions so that AJAX operations will work as expected.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
</table>
<?php
$other_attributes = $disable_brute_force_feature_input ? array('disabled' => 'disabled') : array();
submit_button(esc_html__('Save feature settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_apply_cookie_based_bruteforce_firewall', false, $other_attributes);
?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/honeypot.php
Executable
+51
View File
@@ -0,0 +1,51 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This feature allows you to add a special hidden "honeypot" field on WordPress login and registration pages.', 'all-in-one-wp-security-and-firewall'). ' ' . esc_html__('This will only be visible to robots and not humans.', 'all-in-one-wp-security-and-firewall') . '<br>' . esc_html__('Since robots usually fill in every input field on a form, they will also submit a value for the special hidden honeypot field.', 'all-in-one-wp-security-and-firewall') . '<br>' . esc_html__('The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.', 'all-in-one-wp-security-and-firewall') . '<br>' . esc_html__('Therefore, if the plugin detects that this field has a value when the form is submitted, then the robot which is attempting to submit the form on your site will be redirected to its localhost address - http://127.0.0.1.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<form action="" id="aios-honeypot-settings-form">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Login form honeypot settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="login-honeypot-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("login-honeypot");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable honeypot on login page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the honeypot feature for the login page', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_login_honeypot', '1' == $aio_wp_security->configs->get_value('aiowps_enable_login_honeypot')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Registration form honeypot settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="registration-honeypot-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("registration-honeypot");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable honeypot on registration page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the honeypot feature for the registration page', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_registration_honeypot', '1' == $aio_wp_security->configs->get_value('aiowps_enable_registration_honeypot')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
<?php submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_honeypot_settings');?>
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/login-whitelist.php
Executable
+66
View File
@@ -0,0 +1,66 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Login whitelist', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('The All-In-One Security whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.', 'all-in-one-wp-security-and-firewall') . '<br>' . esc_html__('This feature will deny login access for all IP addresses which are not in your whitelist as configured in the settings below.', 'all-in-one-wp-security-and-firewall') . '<br>' . esc_html__('By allowing/blocking IP addresses, you are using the most secure first line of defence because login access will only be granted to whitelisted IP addresses and other addresses will be blocked as soon as they try to access your login page.', 'all-in-one-wp-security-and-firewall') .'</p>';
?>
</div>
<div class="aio_grey_box">
<?php
/* translators: %s: AIOS Constant. */
echo '<p>' . sprintf(esc_html__('If you are locked out by the login whitelist feature and you do not have a static IP address, define the following constant %s in wp-config.php to disable the feature.', 'all-in-one-wp-security-and-firewall'), '<strong>define(\'AIOS_DISABLE_LOGIN_WHITELIST\', true);</strong>') . '</p>';
?>
</div>
<div class="aio_yellow_box">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=cookie-based-brute-force-prevention" target="_blank">' . esc_html__('Cookie-Based brute force login prevention', 'all-in-one-wp-security-and-firewall') . '</a>';
$rename_login_feature_link = '<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=rename-login" target="_blank">' . esc_html__('Rename login page', 'all-in-one-wp-security-and-firewall') . '</a>';
/* translators: 1: Brute force link, 2: Rename login link 3: Open strong tag, 4: Close strong tag. */
echo '<p>' . sprintf(esc_html__('Attention: If in addition to enabling the white list feature, you also have one of the %1$s or %2$s features enabled, %3$s you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page %4$s', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link, $rename_login_feature_link, '<strong>', '</strong>') . '</p><p>' . esc_html__('These features are NOT functionally related.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Having both of them enabled on your site means you are creating 2 layers of security.', 'all-in-one-wp-security-and-firewall') . '</p>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variables already escaped.
?>
</div>
<?php
if (defined('AIOS_DISABLE_LOGIN_WHITELIST') && AIOS_DISABLE_LOGIN_WHITELIST) {
$aio_wp_security->include_template('notices/disable-login-whitelist.php');
}
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Login IP whitelist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="whitelist-manager-ip-login-whitelisting-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("whitelist-manager-ip-login-whitelisting");
?>
</div>
<form action="" id="aios-login-whitelist-settings-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable IP whitelisting', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_whitelisting', '1' == $aio_wp_security->configs->get_value('aiowps_enable_whitelisting')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_user_ip"><?php esc_html_e('Your current IP address', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<input id="aiowps_user_ip" class="copy-to-clipboard" size="40" name="aiowps_user_ip" type="text" value="<?php echo esc_attr($your_ip_address); ?>" readonly>
<br />
<span id="aios-ipify-ip-address"></span>
<input id="aios_user_ip_maybe_also" class="copy-to-clipboard aio_hidden" size="40" name="aios_user_ip_maybe_also" type="text" value="" ip_maybe="<?php echo (true == $ip_v4) ? 'v6' : 'v4'; ?>" getting_text="<?php esc_html_e('getting...', 'all-in-one-wp-security-and-firewall'); ?>" readonly>
<br />
<span class="description"><?php esc_html_e('You can copy and paste the above address(es) in the text box below if you want to include it in your login whitelist.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<?php
AIOWPSecurity_Utility_UI::ip_input_textarea(__('Enter whitelisted IP addresses:', 'all-in-one-wp-security-and-firewall'), 'aiowps_allowed_ip_addresses', $aiowps_allowed_ip_addresses, __('Enter one or more IP addresses or IP ranges you wish to include in your whitelist.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Only the addresses specified here will have access to the WordPress login page.', 'all-in-one-wp-security-and-firewall'));
?>
</tr>
</table>
<?php submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_whitelist_settings');?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/partials/cookie-test-container.php
Executable
+11
View File
@@ -0,0 +1,11 @@
<div class="aio_yellow_box">
<p>
<?php
esc_html_e('Before using this feature, you must perform a cookie test first.', 'all-in-one-wp-security-and-firewall');
echo ' ';
echo esc_html__("This ensures that your browser cookie is working correctly and that you won't lock yourself out.", 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
<?php
submit_button(esc_html__('Perform cookie test', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_do_cookie_test_for_bfla', true, array('id' => 'aios-perform-cookie-test'));
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/partials/other-plugins.php
Executable
+74
View File
@@ -0,0 +1,74 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="other-plugins">
<h3 class="hndle"><label for="title"><?php _e('Other forms CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<?php if (AIOWPSecurity_Utility::is_buddypress_plugin_active()) { ?>
<div class="inside">
<div id="bp-register-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("bp-register-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on BuddyPress registration form', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert a CAPTCHA field on the %s registration forms.', 'all-in-one-wp-security-and-firewall'), 'BuddyPress'), 'aiowps_enable_bp_register_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_bp_register_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<?php } ?>
<?php if (AIOWPSecurity_Utility::is_bbpress_plugin_active()) { ?>
<div class="inside">
<div id="bbp-new-topic-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("bbp-new-topic-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on bbPress new topic form', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert a CAPTCHA field on the %s new topic forms.', 'all-in-one-wp-security-and-firewall'), 'bbPress'), 'aiowps_enable_bbp_new_topic_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_bbp_new_topic_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<?php } ?>
<?php if (AIOWPSecurity_Utility::is_contact_form_7_plugin_active()) { ?>
<div class="inside">
<div id="contact-form-7-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("contact-form-7-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php echo sprintf(__('Enable CAPTCHA on %s', 'all-in-one-wp-security-and-firewall'), 'Contact Form 7'); ?>:</label></th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert a CAPTCHA field on %s forms.', 'all-in-one-wp-security-and-firewall'), 'Contact Form 7'), 'aiowps_enable_contact_form_7_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_contact_form_7_captcha')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'. sprintf(__('%s will automatically try to insert a CAPTCHA field before the form\'s submit button', 'all-in-one-wp-security-and-firewall'), 'AIOS') .'</p>';
echo '<p class="description">'. sprintf(__('For the exact placement of the CAPTCHA you can use the following shortcode in your %s template', 'all-in-one-wp-security-and-firewall'), 'Contact Form 7') .'</p>';
echo '<pre>[' . AIOWPSEC_CAPTCHA_SHORTCODE .']</pre>';
echo '<p class="description">'. sprintf(__('This feature requires %s version %s or greater', 'all-in-one-wp-security-and-firewall'), 'Contact Form 7', '5.0') .'</p>';
echo '<p class="description">'. sprintf(__('The validation message will be displayed only when using %s version %s or greater', 'all-in-one-wp-security-and-firewall'), 'Contact Form 7', '5.6') .'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
</div>
<?php } ?>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/partials/rename-login-notice.php
Executable
+10
View File
@@ -0,0 +1,10 @@
<?php
if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')) {
?>
<div class="aio_yellow_box">
<p><?php esc_html_e('Your WordPress login page URL has been renamed.', 'all-in-one-wp-security-and-firewall'); ?></p>
<p><?php esc_html_e('Your current login URL is:', 'all-in-one-wp-security-and-firewall'); ?></p>
<p><strong><?php echo esc_url($home_url) . esc_html($aio_wp_security->configs->get_value('aiowps_login_page_slug')); ?></strong></p>
</div>
<?php
}
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/partials/woo-captcha.php
Executable
+85
View File
@@ -0,0 +1,85 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="woo-captcha">
<h3 class="hndle"><label for="title"><?php _e('WooCommerce forms CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="woo-login-captcha-badge">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("woo-login-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on WooCommerce login form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert CAPTCHA on a %s login form.', 'all-in-one-wp-security-and-firewall'), 'WooCommerce'), 'aiowps_enable_woo_login_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_login_captcha')); ?>
</div>
</td>
</tr>
</table>
<hr>
<div id="woo-lostpassword-captcha-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge("woo-lostpassword-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on WooCommerce lost password form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert CAPTCHA on a %s lost password form.', 'all-in-one-wp-security-and-firewall'), 'WooCommerce'), 'aiowps_enable_woo_lostpassword_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_lostpassword_captcha')); ?>
</div>
</td>
</tr>
</table>
<hr>
<div id="woo-register-captcha-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge("woo-register-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on WooCommerce registration form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert CAPTCHA on a %s registration form.', 'all-in-one-wp-security-and-firewall'), 'WooCommerce'), 'aiowps_enable_woo_register_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_register_captcha')); ?>
</div>
</td>
</tr>
</table>
<hr>
<div id="woo-checkout-captcha-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge("woo-checkout-captcha");
?>
</div>
<table class="form-table">
<?php $is_enanled_guest_checkout = ('yes' == get_option('woocommerce_enable_guest_checkout')) ? 1 : 0; ?>
<div class="<?php echo $is_enanled_guest_checkout ? "aio_blue_box" : "aio_red_box"; ?>">
<p>
<?php
if (!$is_enanled_guest_checkout) {
echo __('Guest checkout is not enabled in your WooCommerce settings.', 'all-in-one-wp-security-and-firewall') . ' ' . __('Therefore, the setting below is not relevant.', 'all-in-one-wp-security-and-firewall');
$checkout_checkbox_attributes = array('disabled' => 'disabled');
} else {
echo __('Guest checkout allows a customer to place an order without an account or being logged in.', 'all-in-one-wp-security-and-firewall');
$checkout_checkbox_attributes = array();
}
?>
</p>
</div>
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on the WooCommerce checkout page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert a CAPTCHA on the %s checkout page when a guest places an order.', 'all-in-one-wp-security-and-firewall'), 'WooCommerce'), 'aiowps_enable_woo_checkout_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_woo_checkout_captcha'), $checkout_checkbox_attributes); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/partials/wordpress-forms.php
Executable
+114
View File
@@ -0,0 +1,114 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="wordpress-forms">
<h3 class="hndle"><label for="title"><?php _e('Wordpress forms CAPTCHA settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="user-login-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("user-login-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on login page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to insert a CAPTCHA form on the login page.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_login_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_login_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<div class="inside">
<div id="user-registration-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("user-registration-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on registration page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to insert a CAPTCHA form on the WordPress user registration page (if you allow user registration).', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_registration_page_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<div class="inside">
<div id="lost-password-captcha-badge">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("lost-password-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on lost password page', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to insert a CAPTCHA form on the lost password page.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_lost_password_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<div class="inside">
<div id="custom-login-captcha-badge">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("custom-login-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on custom login form', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Enable this if you want to insert CAPTCHA on a custom login form generated by the following WP function: %s', 'all-in-one-wp-security-and-firewall'), 'wp_login_form()'), 'aiowps_enable_custom_login_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_custom_login_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<div class="inside">
<div id="comment-form-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("comment-form-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on comment forms', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to insert a CAPTCHA field on the comment forms.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_comment_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_comment_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
<div class="inside">
<div id="password_protected-captcha-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("password_protected-captcha");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable CAPTCHA on password protected pages/posts', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to insert a CAPTCHA field on password-protected posts and pages.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_password_protected_captcha', '1' == $aio_wp_security->configs->get_value('aiowps_enable_password_protected_captcha')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/brute-force/rename-login.php
Executable
+55
View File
@@ -0,0 +1,55 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('An effective Brute Force prevention technique is to change the default WordPress login page URL.', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p>' . esc_html__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p>' . esc_html__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p>' . esc_html__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.', 'all-in-one-wp-security-and-firewall') . '</p>';
if (!is_multisite() || 1 == get_current_blog_id()) {
$cookie_based_feature_url = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=cookie-based-brute-force-prevention" target="_blank">' . esc_html__('Cookie based brute force prevention', 'all-in-one-wp-security-and-firewall').'</a>';
$white_list_feature_url = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=login-whitelist" target="_blank">' . esc_html__('Login page white list', 'all-in-one-wp-security-and-firewall').'</a>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- URLs escaped above.
echo '<div class="aio_section_separator_1"></div><p>' . esc_html__('You may also be interested in the following alternative brute force prevention features:', 'all-in-one-wp-security-and-firewall') . '</p><p>' . $cookie_based_feature_url . '</p><p>' . $white_list_feature_url . '</p>';
}
?>
</div>
<div id="aios-rename-login-notice">
<?php
$aio_wp_security->include_template('wp-admin/brute-force/partials/rename-login-notice.php', false, array('home_url' => $home_url));
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Rename login page settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="bf-rename-login-page-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("bf-rename-login-page");
?>
</div>
<form action="" id="aios-rename-login-page-form">
<div class="aio_orange_box">
<?php
/* translators: %s: Notes URL. */
echo '<p>' . esc_html__('This feature can lock you out of admin if it doesn\'t work correctly on your site.', 'all-in-one-wp-security-and-firewall') . ' '. sprintf(esc_html__('Before activating this feature, you must read the following %s.', 'all-in-one-wp-security-and-firewall'), '<a href="https://teamupdraft.com/documentation/all-in-one-security/faqs/important-note-on-intermediate-and-advanced-features/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=you-must-read-this-to-activate-rename-login-feature&utm_creative_format=text" target="_blank">' . esc_html__('message', 'all-in-one-wp-security-and-firewall').'</a>') . '</p>';
echo '<p>' . esc_html__("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.", 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable rename login page feature', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the rename login page feature', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_rename_login_page', '1' == $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_login_page_slug"><?php esc_html_e('Login page URL', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><code><?php echo esc_url($home_url); ?></code><input id="aiowps_login_page_slug" type="text" size="15" name="aiowps_login_page_slug" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_login_page_slug')); ?>">
<span class="description"><?php echo esc_html__('Enter a string which will represent your secure login page slug.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('You are encouraged to choose something which is hard to guess and only you will remember.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
</table>
<?php submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_rename_login_page_settings');?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/audit-logs.php
Executable
+18
View File
@@ -0,0 +1,18 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Audit logs', 'all-in-one-wp-security-and-firewall');?></label></h3>
<div class="inside" id="audit-log-list-table">
<?php $audit_log_list->prepare_items(); ?>
<form id="tables-filter" method="post">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
<?php
if (!empty($tab)) {
echo '<input type="hidden" name="tab" value="'.esc_attr($tab).'" />';
}
$audit_log_list->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_audit_events');
$audit_log_list->display();
?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/debug-logs.php
Executable
+44
View File
@@ -0,0 +1,44 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="inside">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Debug log options', 'all-in-one-wp-security-and-firewall');?></label></h3>
<div class="inside">
<form action="" id="aios-clear-debug-logs" method="POST">
<input name="aiowpsec_clear_logs" type="submit" value="<?php esc_attr_e('Clear logs', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary aios-clear-debug-logs" data-message="<?php echo esc_js(__('Are you sure you want to clear all the debug logs?', 'all-in-one-wp-security-and-firewall')); ?>">
</form>
</div>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Debug logs', 'all-in-one-wp-security-and-firewall');?></label></h3>
<div class="inside" id="debug-list-table">
<?php
$debug_log_list->prepare_items();
$debug_log_list->display();
?>
</div>
</div>
<div class="aio_blue_box">
<?php
echo '<p>' . __('This section displays information valuable for diagnosing conflicts, configuration discrepancies, or compatibility concerns with other plugins, themes, or the hosting environment.', 'all-in-one-wp-security-and-firewall') . '</p>'
.'<p>' . __('You can use this information to help troubleshoot issues you may be experiencing with your WordPress site or send a report to the AIOS team.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<?php
do_action('aiowp_security_before_report_sections');
echo $aio_wp_security->debug_obj->generate_report();
do_action('aiowp_security_after_report_sections');
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php _e('Copy/send report', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside" id="report-actions">
<?php
echo $aio_wp_security->debug_obj->generate_report_textarea(esc_html__('All-In-One Security diagnostics report', 'all-in-one-wp-security-and-firewall'));
echo '<div><button class="button" id="copy-report">' . __('Copy to clipboard', 'all-in-one-wp-security-and-firewall') . '</button></div>';
do_action('aiowp_security_additional_report_actions');
?>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/locked-ip.php
Executable
+28
View File
@@ -0,0 +1,28 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
$login_lockout_feature_url = '<a href="admin.php?page=' . esc_attr(AIOWPSEC_USER_SECURITY_MENU_SLUG) . '&tab=login-lockout" target="_blank">' . esc_html__('Login lockout', 'all-in-one-wp-security-and-firewall').'</a>';
echo '<p>' . esc_html__('This tab displays the list of all IP addresses which are currently temporarily locked out.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Currently locked out IP addresses and ranges', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside" id="locked-ip-list-table">
<?php
// Fetch, prepare, sort, and filter our data...
$locked_ip_list->prepare_items();
// echo "put table of locked entries here";
?>
<form id="tables-filter" method="post">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>"/>
<?php
if (!empty($tab)) {
echo '<input type="hidden" name="tab" value="' . esc_attr($tab) . '" />';
}
?>
<!-- Now we can render the completed list table -->
<?php $locked_ip_list->display(); ?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/may-also-like.php
Executable
+398
View File
@@ -0,0 +1,398 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="aiowps_col aiowps_half_width aiowps_feature_cont">
<header>
<h3><?php echo esc_html__('All-In-One Security Free vs Premium Comparison Chart', 'all-in-one-wp-security-and-firewall'); ?></h3>
<p>
<a target="_blank" href="https://teamupdraft.com/documentation/all-in-one-security/faqs/?utm_source=aios_plugin&utm_medium=plugin&utm_content=premium_upgrade_tab&utm_term=faqs"><?php esc_html_e('FAQs', 'all-in-one-wp-security-and-firewall'); ?></a>
|
<a target="_blank" href="https://teamupdraft.com/contact/?utm_source=aios_plugin&utm_medium=plugin&utm_content=premium_upgrade_tab&utm_term=contact_us"><?php esc_html_e('Ask a pre-sales question', 'all-in-one-wp-security-and-firewall'); ?></a>
</p>
</header>
<table class="aiowps_feat_table">
<tbody>
<tr>
<td></td>
<td>
<?php // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- Hard coded image. ?>
<img src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/aios_logo_wide.svg'; ?>" alt="<?php esc_attr_e('All-In-One Security Free', 'all-in-one-wp-security-and-firewall'); ?>" width="auto" height="80">
<p class="aio_bold"><?php esc_html_e('Free', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<?php // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- Hard coded image. ?>
<img src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/aios_logo_wide.svg'; ?>" alt="<?php esc_attr_e('All-In-One Security Premium', 'all-in-one-wp-security-and-firewall'); ?>" width="auto" height="80">
<p class="aio_bold"><?php esc_html_e('Premium', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
</tr>
<tr>
<td></td>
<td>
<p><?php esc_html_e('Installed', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<a class="button button-primary" href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios_plugin&utm_medium=plugin&utm_content=premium_upgrade_tab&utm_term=upgrade_now" target="_blank"><?php esc_html_e('Upgrade', 'all-in-one-wp-security-and-firewall'); ?></a>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php _e('Login security feature suite', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo __('Upgrade your WordPress security and protect against brute-force attacks with login and user security features.', 'all-in-one-wp-security-and-firewall').' '.__('Limit login attempts, rename the login page to hide it from bots, add CAPTCHA and more.', 'all-in-one-wp-security-and-firewall'); ?></p>
<br>
<?php /* translators: %s: Features URL */ ?>
<p><?php echo sprintf(esc_html__('%s', 'all-in-one-wp-security-and-firewall'), '<a href="https://teamupdraft.com/all-in-one-security/features/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-upgrade-login-security-features&utm_creative_format=text" target="_blank">' . esc_html__('See all login security features', 'all-in-one-wp-security-and-firewall') . '.</a>'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text" colspan="3">
<h4><?php esc_html_e('Two-factor authentication (TFA)', 'all-in-one-wp-security-and-firewall'); ?></h4>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Supports Google Authenticator, Microsoft Authenticator, Authy and more.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Configure TFA by user role.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Control how often TFA is required on trusted devices.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Adjust the TFA design to match your brand.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Generate one-time use emergency codes to regain access if you lose your TFA device.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('TFA works consistently in subsites of WordPress multisite networks.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Integrate TFA with third party login forms without additional coding.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td></td>
<td>
<p><?php esc_html_e('Installed', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<a class="button button-primary" href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-upgrade-tab-upgrade-link-tfa&utm_creative_format=text" target="_blank"><?php esc_html_e('Upgrade', 'all-in-one-wp-security-and-firewall'); ?></a>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php esc_html_e('Firewall', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo esc_html__('Get PHP, .htaccess and 6G firewall rules.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Spot and block fake Google Bots and more!', 'all-in-one-wp-security-and-firewall'); ?></p>
<br>
<?php /* translators: %s: Features URL */ ?>
<p><?php echo sprintf(esc_html__('%s', 'all-in-one-wp-security-and-firewall'), '<a href="https://teamupdraft.com/all-in-one-security/features/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-upgrade-firewall-features&utm_creative_format=text" target="_blank">' . esc_html__('See all firewall features', 'all-in-one-wp-security-and-firewall') . '.</a>'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php esc_html_e('File and database security', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo esc_html__('Block access to files like readme.html to hide key information from hackers.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Hide your WordPress database, scan critical folders and files to spot and fix insecure file permissions and more.', 'all-in-one-wp-security-and-firewall'); ?></p>
<br>
<?php /* translators: %s: Features URL */ ?>
<p><?php echo sprintf(esc_html__('%s', 'all-in-one-wp-security-and-firewall'), '<a href="https://teamupdraft.com/all-in-one-security/features/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-upgrade-database-security-features&utm_creative_format=text" target="_blank">' . esc_html__('See all file and database security features', 'all-in-one-wp-security-and-firewall') . '.</a>'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php esc_html_e('Spam prevention', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo esc_html__('Prevent annoying spam comments and reduce unnecessary server load.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Automatically and permanently block IP addresses that exceed a set number of spam comments.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text" colspan="3">
<h4><?php esc_html_e('Site Scanner', 'all-in-one-wp-security-and-firewall'); ?></h4>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php esc_html_e('Monitors and alerts you to file changes outside of normal operations.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php esc_html_e('Monitors and alerts you to infection by malware', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php esc_html_e('Monitors and alerts you to blacklisting by search engines.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Monitors and alerts you to downtime.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td class="aiowps-feature-text">
<p><?php echo esc_html__('Monitors and alerts you to response time issues.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td></td>
<td>
<p><?php esc_html_e('Installed', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<a class="button button-primary" href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-upgrade-tab-upgrade-link-site-scanner&utm_creative_format=text" target="_blank"><?php esc_html_e('Upgrade', 'all-in-one-wp-security-and-firewall'); ?></a>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php esc_html_e('Smart 404 blocking', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo esc_html__('Automatically block IP addresses based on how many 404 errors they generate.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Handy charts show how many 404s have occurred and where theyre coming from.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php esc_html_e('Country blocking', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo esc_html__('Most attacks come from a handful of countries.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Prevent most of them by blocking traffic based on country of origin to 99.5% accuracy.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr class="aiowps-main-feature-row">
<td class="aiowps-feature-text">
<h4><?php esc_html_e('Premium support', 'all-in-one-wp-security-and-firewall'); ?></h4>
<p><?php echo esc_html__('We can do more to support you via our own support channels than is allowed in the WordPress forums.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('90% of tickets are responded to within 24 hours.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<p><span class="dashicons dashicons-no-alt" aria-label="<?php esc_attr_e('No', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
<td>
<p><span class="dashicons dashicons-yes" aria-label="<?php esc_attr_e('Yes', 'all-in-one-wp-security-and-firewall'); ?>"></span></p>
</td>
</tr>
<tr>
<td></td>
<td>
<p><?php esc_html_e('Installed', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
<td>
<a class="button button-primary" href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=premium-upgrade-tab-upgrade-link-premium-support&utm_creative_format=text" target="_blank"><?php esc_html_e('Upgrade', 'all-in-one-wp-security-and-firewall'); ?></a>
</td>
</tr>
</tbody>
</table>
</div>
<div class="aiowps_col aiowps_half_width aiowps_plugin_family_cont aiowps-plugin-family__free">
<header>
<h3><?php esc_html_e('Our other plugins', 'all-in-one-wp-security-and-firewall'); ?></h3>
<p>
<a href="https://teamupdraft.com/updraftplus/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><?php echo 'UpdraftPlus'; ?></a>
|
<a href="https://teamupdraft.com/wp-optimize/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><?php echo 'WP-Optimize'; ?></a>
|
<a href="https://teamupdraft.com/updraftcentral/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=udc-cta-on-premium-updrade-tab&utm_creative_format=text"><?php echo 'UpdraftCentral'; ?></a>
|
<a href="https://easyupdatesmanager.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-eum&utm_campaign=ad"><?php echo 'Easy Updates Manager'; ?></a>
|
<a href="https://www.internallinkjuicer.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-ilj&utm_campaign=ad"><?php echo 'Internal Link Juicer'; ?></a>
|
<a href="https://wpovernight.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wp-overnight&utm_campaign=ad"><?php echo 'WP Overnight'; ?></a>
|
<a href="https://wpgetapi.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wpgetapi&utm_campaign=ad"><?php echo 'WPGetAPI'; ?></a>
</p>
</header>
<div class="aiowps-plugin-family__plugins">
<div class="aiowps-plugin-family__plugin">
<a href="https://teamupdraft.com/updraftplus/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><img class="addons" alt="UpdraftPlus" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/updraftplus_logo.svg'; ?>"></a>
<a class="other-plugin-title" href="https://teamupdraft.com/updraftplus/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><h3><?php esc_html_e('UpdraftPlus the ultimate protection for your site, hard work and business', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p><?php echo esc_html__('Simplifies backups and restoration.', 'all-in-one-wp-security-and-firewall').' '.__('It is the world\'s highest ranking and most popular scheduled backup plugin, with over three million currently-active installs.', 'all-in-one-wp-security-and-firewall'); ?></p>
<a href="https://teamupdraft.com/updraftplus/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><?php esc_html_e('Learn more about UpdraftPlus', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
<div class="aiowps-plugin-family__plugin">
<a href="https://teamupdraft.com/wp-optimize/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><img class="addons" alt="WP-Optimize" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/wp-optimize.svg'; ?>"></a>
<a class="other-plugin-title" href="https://teamupdraft.com/wp-optimize/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><h3><?php esc_html_e('WP-Optimize keep your database fast and efficient', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p><?php echo esc_html__('Makes your site fast and efficient.', 'all-in-one-wp-security-and-firewall').' '.__('It cleans the database, compresses images and caches pages for ultimate speed.', 'all-in-one-wp-security-and-firewall'); ?></p>
<a href="https://teamupdraft.com/wp-optimize/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=cta-on-premium-updrade-tab&utm_creative_format=text"><?php esc_html_e('Learn more about WP-Optimize', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
<div class="aiowps-plugin-family__plugin">
<a href="https://teamupdraft.com/updraftcentral/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=udc-cta-on-premium-updrade-tab&utm_creative_format=text"><img class="addons" alt="UpdraftCentral" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/updraftcentral-logo.svg'; ?>"></a>
<a class="other-plugin-title" href="https://teamupdraft.com/updraftcentral/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=udc-cta-on-premium-updrade-tab&utm_creative_format=text"><h3><?php esc_html_e('UpdraftCentral save hours managing multiple WP sites from one place', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p><?php esc_html_e('Highly efficient way to manage, optimize, update and backup multiple websites from one place.', 'all-in-one-wp-security-and-firewall'); ?></p>
<a href="https://teamupdraft.com/updraftcentral/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=udc-cta-on-premium-updrade-tab&utm_creative_format=text"><?php esc_html_e('Learn more about UpdraftCentral', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
<div class="aiowps-plugin-family__plugin">
<a href="https://easyupdatesmanager.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-eum&utm_campaign=ad"><img class="addons" alt="Easy Updates Manager" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/easy-updates-manager-logo.svg'; ?>"></a>
<a class="other-plugin-title" href="https://easyupdatesmanager.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-eum&utm_campaign=ad"><h3><?php esc_html_e('Easy Updates Manager - keep your WordPress site up to date and bug free', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p>
<?php
echo esc_html__("A light yet powerful plugin that allows you to manage all kinds of updates.", 'all-in-one-wp-security-and-firewall') . "&nbsp;" .
esc_html__("With a huge number of settings for endless customization.", 'all-in-one-wp-security-and-firewall') . "&nbsp;" .
esc_html__("Easy Updates Manager is an obvious choice for anyone wanting to take control of their website updates.", 'all-in-one-wp-security-and-firewall');
?>
</p>
<a href="https://easyupdatesmanager.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-eum&utm_campaign=ad"><?php esc_html_e('Try for free', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
<div class="aiowps-plugin-family__plugin">
<?php // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- Hard coded image. ?>
<a href="https://www.internallinkjuicer.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-ilj&utm_campaign=ad"><img class="addons" alt="Internal Link Juicer" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/internal-link-juicer-logo-sm.svg'; ?>"></a>
<a class="other-plugin-title" href="https://www.internallinkjuicer.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-ilj&utm_campaign=ad"><h3><?php esc_html_e('Internal Link Juicer - a five-star rated internal linking plugin for WordPress', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p>
<?php
echo esc_html__("This five-star rated plugin automates internal linking.", 'all-in-one-wp-security-and-firewall') . "&nbsp;" .
esc_html__("It strategically places relevant links within your content.", 'all-in-one-wp-security-and-firewall');
?>
</p>
<p>
<?php esc_html_e("Improve your SEO with just a few clicks.", 'all-in-one-wp-security-and-firewall');?>
</p>
<a href="https://www.internallinkjuicer.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-ilj&utm_campaign=ad"><?php esc_html_e('Try for free', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
<div class="aiowps-plugin-family__plugin">
<a href="https://wpovernight.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wp-overnight&utm_campaign=ad"><img class="addons" alt="WP Overnight" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/wp-overnight-sm.png'; ?>"></a>
<a class="other-plugin-title" href="https://wpovernight.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wp-overnight&utm_campaign=ad"><h3><?php esc_html_e('WP Overnight - quality plugins for your WooCommerce store. 5 star rated invoicing, order and product management tools', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p>
<?php
echo esc_html__("WP Overnight is an independent plugin shop with a range of WooCommerce plugins.", 'all-in-one-wp-security-and-firewall') . "&nbsp;" .
esc_html__("Our range of plugins have over 7,500,000 downloads and thousands of loyal customers.", 'all-in-one-wp-security-and-firewall');
?>
</p>
<p>
<?php esc_html_e("Create PDF invoices, automations, barcodes, reports and so much more.", 'all-in-one-wp-security-and-firewall');?>
<?php esc_html_e("Create PDF invoices, automations, barcodes, reports and so much more.", 'all-in-one-wp-security-and-firewall');?>
</p>
<a href="https://wpovernight.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wp-overnight&utm_campaign=ad"><?php esc_html_e('Try for free', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
<div class="aiowps-plugin-family__plugin">
<a href="https://wpgetapi.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wpgetapi&utm_campaign=ad"><img class="addons" alt="WP Get API" src="<?php echo AIO_WP_SECURITY_URL.'/images/plugin-logos/wpgetapi-sm.png'; ?>"></a>
<a class="other-plugin-title" href="https://wpgetapi.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wpgetapi&utm_campaign=ad"><h3><?php esc_html_e('WPGetAPI - connect WordPress to APIs without a developer', 'all-in-one-wp-security-and-firewall'); ?></h3></a>
<p>
<?php
echo esc_html__("The easiest way to connect your WordPress website to an external API.", 'all-in-one-wp-security-and-firewall') . "&nbsp;" .
esc_html__("WPGetAPI is free, powerful and easy to use.", 'all-in-one-wp-security-and-firewall') . "&nbsp;" .
esc_html__("Connect to virtually any REST API and retrieve data without writing a line of code.", 'all-in-one-wp-security-and-firewall');
?>
</p>
<a href="https://wpgetapi.com/?utm_medium=software&utm_source=aios&utm_content=aios-mayalso-like-tab&utm_term=try-now-wpgetapi&utm_campaign=ad"><?php esc_html_e('Try for free', 'all-in-one-wp-security-and-firewall'); ?></a>
</div>
</div><!-- END aiowps-plugin-family__plugins -->
</div>
<div class="clear"></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/permanent-block.php
Executable
+27
View File
@@ -0,0 +1,27 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This tab displays the list of all permanently blocked IP addresses.', 'all-in-one-wp-security-and-firewall') . '</p>' . '<p>' . esc_html__('NOTE: This feature does NOT use the .htaccess file to permanently block the IP addresses so it should be compatible with all web servers running WordPress.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Permanently blocked IP addresses', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside" id="permanent-ip-list-table">
<?php
// Fetch, prepare, sort, and filter our data...
$blocked_ip_list->prepare_items();
?>
<form id="tables-filter" method="post">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>"/>
<?php
$blocked_ip_list->search_box(__('Search', 'all-in-one-wp-security-and-firewall'), 'search_permanent_block');
if (!empty($tab)) {
echo '<input type="hidden" name="tab" value="' . esc_attr($tab) . '" />';
}
?>
<!-- Now we can render the completed list table -->
<?php $blocked_ip_list->display(); ?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/widget-bar-chart.php
Executable
+47
View File
@@ -0,0 +1,47 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="aiowps_feature_status_container">
<?php
$day_wise_chart_data = array();
for ($i = 0; $i < $chart_data['last_days']; $i++) {
$day_wise_chart_data[date("Y-m-d", strtotime($i." days ago"))] = 0;
}
$day_wise_chart_data = array_reverse($day_wise_chart_data); // bar chart to show date ascending 7-Nov to 13-Nov
foreach ($chart_data['data'] as $data) {
$created_date = date("Y-m-d", $data['created']);
if (isset($day_wise_chart_data[$created_date])) $day_wise_chart_data[$created_date]++; // only last 7 days including today to consider not the 8th day.
}
// Prepare chart columns
$chart_columns = array(
$chart_data['columns'][0],
$chart_data['columns'][1],
);
// Prepare chart rows
$chart_rows = array();
foreach ($day_wise_chart_data as $date => $total) {
$chart_rows[] = array(
date("d-M", strtotime($date)), // Format the date
(int) $total, // Ensure the total is an integer
);
}
// Combine columns and rows for chart data
$xdays_chart_data = array_merge(array($chart_columns), $chart_rows);
?>
<script type="text/javascript">
google.charts.load('current', {'packages':['bar','corechart']});
google.charts.setOnLoadCallback(drawChart);
function drawChart() {
var data = google.visualization.arrayToDataTable(<?php echo wp_json_encode($xdays_chart_data); ?>);
var options = {
height: '300',
legend: {position:'none'},
backgroundColor: 'F6F6F6',
colors: ['#563C82']
};
var chart = new google.charts.Bar(document.getElementById('<?php echo esc_html($chart_data['id']); ?>_chart_div'));
chart.draw(data, options);
}
</script>
<div id='<?php echo esc_html($chart_data['id']); ?>_chart_div'></div>
</div>
<div class="aio_clear_float"></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/widget-summary.php
Executable
+29
View File
@@ -0,0 +1,29 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="aiowps_feature_status_container">
<?php if (!empty($widget_data['title'])) { ?>
<p><?php echo esc_html($widget_data['title']); ?></p>
<?php } ?>
<table class="widefat aiowps_dashboard_table">
<?php if (is_array($widget_data['columns'])) { ?>
<thead>
<tr>
<?php foreach ($widget_data['columns'] as $column) { ?>
<th><?php echo esc_html($column); ?></th>
<?php } ?>
</tr>
</thead>
<?php } ?>
<?php if (is_array($widget_data['data'])) { ?>
<?php foreach ($widget_data['data'] as $row) { ?>
<tr>
<?php if (is_array($row)) { ?>
<?php foreach ($row as $entry) { ?>
<td><?php echo esc_html($entry); ?></td>
<?php } ?>
<?php } ?>
</tr>
<?php } ?>
<?php } ?>
</table>
<div class="aio_clear_float"></div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/database-security/database-backup.php
Executable
+41
View File
@@ -0,0 +1,41 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Manual backup', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php if (empty($install_activate_link)) { ?>
<p>
<?php
$backup_link = UpdraftPlus_Options::admin_page_url().'?page=updraftplus#updraft-existing-backups-heading';
?>
<a href="<?php echo esc_url($backup_link); ?>" title="<?php esc_html_e('UpdraftPlus Backup/Restore', 'all-in-one-wp-security-and-firewall'); ?>" alt="<?php esc_html_e('UpdraftPlus Backup/Restore', 'all-in-one-wp-security-and-firewall'); ?>"><?php echo esc_html__('Your backups are on the UpdraftPlus Backup/Restore admin page.', 'all-in-one-wp-security-and-firewall'); ?></a>
</p>
<button type="button" id="aios-manual-db-backup-now" class="button-primary"><?php esc_html_e('Create database backup now', 'all-in-one-wp-security-and-firewall'); ?></button>
<?php } else { ?>
<p>
<?php echo wp_kses($install_activate_link, array('a' => array('title' => array(), 'href' => array()))); ?>
</p>
<?php } ?>
</div>
</div>
<div class="postbox">
<h3 id="automated-scheduled-backups-heading" class="hndle"><label for="title"><?php esc_html_e('Automated scheduled backups', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<p>
<?php
if (empty($install_activate_link)) {
$link_title = esc_html__('Automate backup in the UpdraftPlus plugin', 'all-in-one-wp-security-and-firewall');
?>
<?php
echo esc_html__('The automated backup feature in All-In-One Security was removed as of version 5.0.0.', 'all-in-one-wp-security-and-firewall') . ' ' . __('For a reliable backup solution, we recommend', 'all-in-one-wp-security-and-firewall');
?>
<a href="https://teamupdraft.com/updraftplus/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=automated-back-up-feature-info&utm_creative_format=notice" title="<?php echo $link_title; ?>" alt="<?php echo $link_title; ?>">
UpdraftPlus
</a>
<?php
} else {
echo wp_kses($install_activate_link, array('a' => array('title' => array(), 'href' => array())));
}
?>
</p>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/database-security/database-prefix.php
Executable
+58
View File
@@ -0,0 +1,58 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Change database prefix', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Your WordPress database is the most important asset of your website because it contains a lot of your site\'s precious information.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('The database is also a target for hackers via methods such as SQL injections and malicious and automated code which targets certain tables.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('One way to add a layer of protection for your DB is to change the default WordPress table prefix from "wp_" to something else which will be difficult for hackers to guess.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('This feature allows you to easily change the prefix to a value of your choice or to a random value set by this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Database prefix options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("db-security-db-prefix");
?>
<div class="aio_red_box">
<p>
<strong>
<?php
$backup_tab_link = '<a href="admin.php?page=' . AIOWPSEC_DB_SEC_MENU_SLUG . '&tab=database-backup">' . esc_html__('database backup', 'all-in-one-wp-security-and-firewall') . '</a>';
/* translators: %s: Backup link. */
printf(esc_html__('It is recommended that you perform a %s before using this feature', 'all-in-one-wp-security-and-firewall'), $backup_tab_link); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- URL already escaped.
?>
</strong>
</p>
</div>
<form action="" method="POST">
<?php wp_nonce_field('aiowpsec-db-prefix-change-nonce'); ?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Current database table prefix', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<span class="aiowpsec_field_value"><strong><?php echo esc_html($wpdb->prefix); ?></strong></span>
<?php
// now let's display a warning notification if default prefix is used
if ('wp_' == $old_db_prefix) {
echo '&nbsp;&nbsp;&nbsp;<span class="aio_error_with_icon">'.esc_html__('Your site is currently using the default WordPress database prefix value of "wp_".', 'all-in-one-wp-security-and-firewall').' '.esc_html__('To increase your site\'s security you should consider changing the database prefix value to another value.', 'all-in-one-wp-security-and-firewall').'</span>';
}
?>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_new_manual_db_prefix"><?php esc_html_e('Generate new database table prefix', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the plugin to generate a random 6 character string for the table prefix', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_random_prefix', '1' == $aio_wp_security->configs->get_value('aiowps_enable_random_prefix')); ?>
<br><?php esc_html_e('OR', 'all-in-one-wp-security-and-firewall'); ?>
<br><input type="text" size="10" id="aiowps_new_manual_db_prefix" name="aiowps_new_manual_db_prefix" value="" />
<label for="aiowps_new_manual_db_prefix" class="description"><?php esc_html_e('Choose your own database prefix by specifying a string which contains letters and/or numbers and/or underscores, example: xyz_', 'all-in-one-wp-security-and-firewall'); ?></label>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_db_prefix_change" value="<?php esc_html_e('Change database prefix', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/copy-protection.php
Executable
+33
View File
@@ -0,0 +1,33 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Disable the ability to copy text', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside" id="aios-copy-protection-settings">
<div id="enable-copy-protection-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("enable-copy-protection");
?>
</div>
<form action="" id="aios-copy-protection-settings-form" method="POST">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This feature allows you to disable the ability to select and copy text from your front end.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('When admin user is logged in, the feature is automatically disabled for his session.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable copy protection', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to disable the "Right click", "Text selection" and "Copy" options on the front end of your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_copy_protection', '1' == $aio_wp_security->configs->get_value('aiowps_copy_protection')); ?>
</div>
</td>
</tr>
</table>
<div class="submit">
<input type="submit" class="button-primary" name="aiowpsec_save_copy_protection" value="<?php esc_html_e('Save copy protection settings', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/file-permissions.php
Executable
+37
View File
@@ -0,0 +1,37 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('File permissions scan', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Your WordPress file and folder permission settings govern the accessibility and read/write privileges of the files and folders which make up your WP installation.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('Your WP installation already comes with reasonably secure file permission settings for the filesystem.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files such that they end up making their site less secure because they chose the wrong permission values.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('This feature will scan the critical WP core folders and files and will highlight any permission settings which are insecure.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<?php
$detected_os = strtoupper(PHP_OS);
if (false !== strpos($detected_os, "WIN") && "DARWIN" != $detected_os) {
echo '<div class="aio_yellow_box">';
echo '<p>'.esc_html__('This plugin has detected that your site is running on a Windows server.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This feature is not applicable for Windows server installations.', 'all-in-one-wp-security-and-firewall').'
</p>';
echo '</div>';
} else {
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('WP directory and file permissions scan results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside" id="aios-file-permissions-container" >
<div id="filesystem-file-permissions-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("filesystem-file-permissions");
?>
</div>
<form action="" method="POST" id="aios-file-permissions-form" >
<input type="hidden" name="aiowps_permission_chg_file" id="aiowps_permission_chg_file" value="">
<input type="hidden" name="aiowps_recommended_permissions" id="aiowps_recommended_permissions" value="">
<div id="aios_file_permissions_table">
<?php $aio_wp_security->include_template('wp-admin/filesystem-security/partials/file-permissions-table.php', false, array('files_dirs_to_check' => $files_dirs_to_check, 'file_utility' => $file_utility)); ?>
</div>
</form>
</div>
</div>
<?php
}
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/file-protection.php
Executable
+62
View File
@@ -0,0 +1,62 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('File protection', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
$info_msg = __('These features allow you to protect your files and assets.', 'all-in-one-wp-security-and-firewall');
echo '<p>'.esc_html($info_msg) . ' ' . esc_html__('By protecting your files and assets, you can help prevent nefarious users gain key information and protect your server\'s resources.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div id="aios-file-protection-settings-message" ></div>
<form action="" method="POST" id="aios-file-protection-settings-form">
<?php
$templates = array(
'wp-file-access' => array(
'title' => __('Delete default WP files', 'all-in-one-wp-security-and-firewall')
),
'prevent-hotlinks' => array(
'title' => __('Prevent hotlinking', 'all-in-one-wp-security-and-firewall')
),
'php-file-editing' => array(
'title' => __('Disable PHP file editing', 'all-in-one-wp-security-and-firewall')
),
);
$templates = apply_filters('aiowps_modify_file_protection_template', $templates);
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce.
$subtab = isset($_GET['subtab']) ? sanitize_text_field(wp_unslash($_GET['subtab'])) : '';
?>
<div class="aiowps-postbox-container">
<div class="aiowps-rules">
<h3 class="hndle"><?php esc_html_e('Settings', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div id="aiowps-rule-search">
<span class="dashicons dashicons-search"></span>
<input type="text" placeholder="<?php esc_html_e('Search', 'all-in-one-wp-security-and-firewall'); ?>" class="aiowps-search">
<span class="dashicons dashicons-no-alt clear-search"></span>
</div>
<ul class="aiowps-rule-list">
<?php
if (empty($templates)) return;
$first_template = reset($templates);
$first_title = $first_template['title'];
foreach ($templates as $key => $template) {
// Check if the current title is the first title
$is_active = ($key === $subtab || $template['title'] === $first_title) ? 'class="aiowps-active"' : '';
$title = $template['title'];
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. $is_active has no user input to escape.
echo '<li data-template="' . esc_attr($key) . '" ' . $is_active . '><span class="aiowps-rule-title">' . esc_html($title) . '</span></li>';
}
?>
</ul>
</div>
<div class="aiowps-settings">
<?php
foreach ($templates as $key => $template) {
$aio_wp_security->include_template('wp-admin/filesystem-security/partials/' . $key . '.php', false, array('show_disallow_file_edit_warning' => $show_disallow_file_edit_warning));
}
?>
</div>
</div>
<div class="aiowps-actions">
<input type="submit" name="aiowps_save_file_protection" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</div>
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/filesystem-log-result.php
Executable
+21
View File
@@ -0,0 +1,21 @@
<?php if (!defined('ABSPATH')) die('No direct access.');
if ($last_50_entries) { ?>
<table class="widefat file_permission_table">
<thead>
<tr>
<?php /* translators: %s: File path. */ ?>
<th><?php echo sprintf(esc_html__('Showing latest entries for file: %s', 'all-in-one-wp-security-and-firewall'), '<strong>' . esc_html($filepath) . '</strong>'); ?></th>
</tr>
</thead>
<tbody>
<?php foreach ($last_50_entries as $entry) { ?>
<tr>
<td><?php echo esc_html($entry); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } else {
/* translators: %s: File path. */
echo '<div class="aio_red_box"><p>'.sprintf(esc_html__('The file %s could not be read', 'all-in-one-wp-security-and-firewall'), '<strong>' . esc_html($filepath) . '</strong>') . '</p></div>';
}
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/frames.php
Executable
+34
View File
@@ -0,0 +1,34 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div id="aios-file-protection-settings-message" ></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Prevent your site from being displayed in a frame', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside" id="aios-frame-display-settings">
<div id="enable-frame-protection-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("enable-frame-protection");
?>
</div>
<form action="" id="aios-frame-display-settings-form" method="POST">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This feature allows you to prevent other sites from displaying any of your content via a frame or iframe.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('When enabled, this feature will set the "X-Frame-Options" parameter to "sameorigin" in the HTTP header.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable iFrame protection', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to stop other sites from displaying your content in a frame or iframe.', 'all-in-one-wp-security-and-firewall'), 'aiowps_prevent_site_display_inside_frame', '1' == $aio_wp_security->configs->get_value('aiowps_prevent_site_display_inside_frame')); ?>
</div>
</td>
</tr>
</table>
<div class="submit">
<input type="submit" class="button-primary" name="aiowpsec_save_frame_display_prevent" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/host-system-logs.php
Executable
+29
View File
@@ -0,0 +1,29 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('System logs', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Sometimes your hosting platform will produce error or warning logs in a file called "error_log".', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation.', 'all-in-one-wp-security-and-firewall').'<br />'.esc_html__('By occasionally viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div id="aios-host-system-logs-message" ></div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('View system logs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div id="aios-host-system-logs" class="inside">
<p><?php esc_html_e('Please press the button below to view the latest system logs', 'all-in-one-wp-security-and-firewall'); ?>:</p>
<form action="" id="aios-host-system-logs-form" method="POST">
<input type="hidden" name="aiowps_search_error_files"value="1"/>
<div>
<label for="aiowps_system_log_file"><?php esc_html_e('Enter System Log File Name', 'all-in-one-wp-security-and-firewall'); ?>:</label>
<input id="aiowps_system_log_file" type="text" size="25" name="aiowps_system_log_file" value="<?php echo esc_html($sys_log_file); ?>" />
<span class="description"><?php esc_html_e('Enter your system log file name. (Defaults to error_log)', 'all-in-one-wp-security-and-firewall'); ?></span>
</div>
<div class="aio_spacer_15"></div>
<input type="submit" value="<?php esc_html_e('View latest system logs', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary search-error-files">
<div id="aiowps_activejobs_table">
</div>
</form>
</div>
</div>
<div id="aios-host-system-logs-results" ></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/partials/file-permissions-table.php
Executable
+27
View File
@@ -0,0 +1,27 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<table class="wp-list-table widefat file_permission_table">
<thead>
<tr>
<th><?php esc_html_e('Name', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('File/Folder', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('Current permissions', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('Recommended permissions', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('Recommended action', 'all-in-one-wp-security-and-firewall'); ?></th>
</tr>
</thead>
<tbody>
<?php
foreach ($files_dirs_to_check as $file_or_dir) {
$file_utility->show_wp_filesystem_permission_status($file_or_dir['name'], $file_or_dir['path'], $file_or_dir['permissions']);
}
?>
</tbody>
<tfoot>
<tr>
<th class="column-primary"><?php esc_html_e('Name', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('File/Folder', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('Current permissions', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('Recommended permissions', 'all-in-one-wp-security-and-firewall'); ?></th>
<th><?php esc_html_e('Recommended action', 'all-in-one-wp-security-and-firewall'); ?></th>
</tfoot>
</table>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/partials/php-file-editing.php
Executable
+31
View File
@@ -0,0 +1,31 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox aio_hidden" data-template="php-file-editing">
<h3 class="hndle"><label for="title"><?php esc_html_e('Disable PHP file editing', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('This is often the first tool an attacker will use if able to login, since it allows code execution.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('This feature will disable the ability for people to edit PHP files via the dashboard.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div id="filesystem-file-editing-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("filesystem-file-editing");
if ($show_disallow_file_edit_warning) {
echo '<div class="aio_red_box"><p>' . esc_html__('The DISALLOW_FILE_EDIT constant has already been defined, please remove it before enabling this feature.', 'all-in-one-wp-security-and-firewall') . '<br />' . esc_html__('The constant is likely already defined in your wp-config.php file.', 'all-in-one-wp-security-and-firewall') . '</p></div>';
}
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable ability to edit PHP files', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to remove the ability for people to edit PHP files via the WP dashboard', 'all-in-one-wp-security-and-firewall'), 'aiowps_disable_file_editing', '1' == $aio_wp_security->configs->get_value('aiowps_disable_file_editing')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/partials/prevent-hotlinks.php
Executable
+29
View File
@@ -0,0 +1,29 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="prevent-hotlinks">
<h3 class="hndle"><label for="title"><?php esc_html_e('Prevent hotlinking', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('A hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.', 'all-in-one-wp-security-and-firewall');
echo '<br />'.esc_html__('Due to the fact that the image being displayed on the other person\'s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses\'s site.', 'all-in-one-wp-security-and-firewall');
echo '<br />'.esc_html__('This feature will prevent people from directly hotlinking images from your site\'s pages by writing some directives in your .htaccess file.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div id="prevent-hotlinking-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("prevent-hotlinking");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Prevent image hotlinking', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to prevent hotlinking to images on your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_prevent_hotlinking', '1' == $aio_wp_security->configs->get_value('aiowps_prevent_hotlinking')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/partials/wp-file-access.php
Executable
+34
View File
@@ -0,0 +1,34 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox aio_hidden" data-template="wp-file-access">
<h3 class="hndle"><label for="title"><?php esc_html_e('Delete default WP files', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
/* translators: 1: readme.txt, 2: license text, 3: wp-config-sample.php */
$info_msg = sprintf(esc_html__('This feature allows you to auto delete files such as %1$s, %2$s and %3$s which are delivered with all WP installations.', 'all-in-one-wp-security-and-firewall'), 'readme.html', 'license.txt', 'wp-config-sample.php');
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo '<p>' . $info_msg . '</p>' . '<p>' . esc_html__('By deleting these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div id="auto-delete-wp-files-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("auto-delete-wp-files");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row">
<?php /* translators: 1: readme.txt, 2: license text, 3: wp-config-sample.php */ ?>
<?php echo sprintf(esc_html__('Delete %1$s, %2$s, and %3$s:', 'all-in-one-wp-security-and-firewall'), 'readme.html', 'license.txt', 'wp-config-sample.php'); ?>
</th>
<td>
<div class="aiowps_switch_container">
<button style="margin-right: 15px" type="button" id="aiowps_delete_default_wp_files" class="button-primary"><?php esc_html_e('Delete', 'all-in-one-wp-security-and-firewall'); ?></button>
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Automatically delete the files after a WP core update.', 'all-in-one-wp-security-and-firewall'), 'aiowps_auto_delete_default_wp_files', '1' == $aio_wp_security->configs->get_value('aiowps_auto_delete_default_wp_files')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/5g.php
Executable
+35
View File
@@ -0,0 +1,35 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<h2><?php esc_html_e('Firewall settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<form action="" id="aios-5g-firewall-settings-form">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('5G firewall settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="dep-warning">
<span class="dashicons dashicons-warning"></span>
<span class="dep-warning-text"><?php esc_html_e('This feature is marked for deprecation and will be removed in a future version of the plugin.', 'all-in-one-wp-security-and-firewall'); ?></span>
</div>
<div class="inside">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable legacy 5G firewall protection', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to apply the 5G firewall protection from perishablepress.com to your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_5g_firewall', '1' == $aio_wp_security->configs->get_value('aiowps_enable_5g_firewall')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('....and much more.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
</div>
</div>
<input type="submit" name="aiowps_apply_5g_firewall_settings" value="<?php esc_attr_e('Save 5G firewall settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/advanced-settings.php
Executable
+5
View File
@@ -0,0 +1,5 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<h2><?php esc_html_e('Advanced settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<?php
$aio_wp_security->include_template('wp-admin/firewall/partials/firewall-setup.php');
$aio_wp_security->include_template('wp-admin/firewall/partials/upgrade-unsafe-http-calls.php', false, $advanced_settings_data);
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/block-and-allow-lists.php
Executable
+87
View File
@@ -0,0 +1,87 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php _e('Ban IPs or user agents', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>' . __('The All-In-One Security blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
<br />' . __('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
<br />' . __('Black-listed visitors will be blocked as soon as WordPress loads, preventing them from gaining any further access.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<?php
if (!defined('AIOWPSECURITY_NOADS_B') || !AIOWPSECURITY_NOADS_B) {
?>
<div class="aio_grey_box">
<?php
$premium_plugin_link = '<strong><a href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=firewall-tab-cta-for-premium&utm_creative_format=text" target="_blank">' . htmlspecialchars(__('All-In-One Security Premium', 'all-in-one-wp-security-and-firewall')) . '</a></strong>';
$info_msg = sprintf(__('You may also be interested in %s.', 'all-in-one-wp-security-and-firewall'), $premium_plugin_link);
$info_msg2 = sprintf(__('This plugin adds a number of extra features including %s and %s.', 'all-in-one-wp-security-and-firewall'), '<strong>' . __('smart 404 blocking', 'all-in-one-wp-security-and-firewall') . '</strong>', '<strong>' . __('country IP blocking', 'all-in-one-wp-security-and-firewall') . '</strong>');
echo '<p>' . $info_msg . '<br />' . $info_msg2 . '</p>';
?>
</div>
<?php
}
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php _e('IP hosts and user agent blacklist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="blacklist-manager-ip-user-agent-blacklisting-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
?>
</div>
<form action="" id="aios-blacklist-settings-form">
<div class="aio_orange_box">
<p>
<?php
$read_link = '<a href="https://teamupdraft.com/documentation/all-in-one-security/faqs/important-note-on-intermediate-and-advanced-features/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=you-must-read-this-to-activate-blacklist-feature&utm_creative_format=text" target="_blank">' . __('please read the following message', 'all-in-one-wp-security-and-firewall') . '</a>';
echo __('This feature can lock you out of admin if it doesn\'t work correctly on your site.', 'all-in-one-wp-security-and-firewall'). ' ' . sprintf(__('You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
?>
</p>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable IP or user agent blacklisting', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_blacklisting', '1' == $aiowps_enable_blacklisting); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_banned_ip_addresses"><?php _e('Enter IP addresses:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
<td>
<textarea id="aiowps_banned_ip_addresses" name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php echo esc_textarea($aiowps_banned_ip_addresses); ?></textarea>
<br />
<span class="description"><?php _e('Enter one or more IP addresses or IP ranges.', 'all-in-one-wp-security-and-firewall');?></span>
<?php $aio_wp_security->include_template('info/ip-address-ip-range-info.php');?>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_banned_user_agents"><?php _e('Enter user agents:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
<td>
<textarea id="aiowps_banned_user_agents" name="aiowps_banned_user_agents" rows="5" cols="50"><?php echo esc_textarea($aiowps_banned_user_agents); ?></textarea>
<br />
<span class="description">
<?php _e('Enter one or more user agent strings.', 'all-in-one-wp-security-and-firewall');?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . __('The user agent string will be checked in a case-insensitive manner.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . __('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">SquigglebotBot</p>';
echo '<p class="description">' . __('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
?>
</div>
</td>
</tr>
</table>
<?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_blacklist_settings');?>
</form>
</div>
</div>
<?php
$aio_wp_security->include_template('wp-admin/firewall/partials/allowlist.php', false, compact('allowlist'));
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/htaccess-firewall-rules.php
Executable
+58
View File
@@ -0,0 +1,58 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<h2><?php esc_html_e('.htaccess firewall settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<form action="" id="aios-htaccess-firewall-settings-form">
<?php
$templates = array(
'basic-firewall-settings' => array(
'title' => __('Basic firewall settings', 'all-in-one-wp-security-and-firewall')
),
'block-debug-log' => array(
'title' => __('Block debug log', 'all-in-one-wp-security-and-firewall')
),
'listing-directory-contents' => array(
'title' => __('Listing directory content', 'all-in-one-wp-security-and-firewall')
),
);
$templates = apply_filters('aiowps_modify_htaccess_firewall_rules_template', $templates);
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce.
$subtab = isset($_GET['subtab']) ? sanitize_text_field(wp_unslash($_GET['subtab'])) : '';
?>
<div class="aiowps-postbox-container">
<div class="aiowps-rules">
<h3 class="hndle"><?php esc_html_e('Rules', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div id="aiowps-rule-search">
<span class="dashicons dashicons-search"></span>
<input type="text" placeholder="<?php esc_html_e('Search', 'all-in-one-wp-security-and-firewall'); ?>" class="aiowps-search">
<span class="dashicons dashicons-no-alt clear-search"></span>
</div>
<ul class="aiowps-rule-list">
<?php
if (empty($templates)) return;
$first_template = reset($templates);
$first_title = $first_template['title'];
foreach ($templates as $key => $template) {
// Check if the current title is the first title
$is_active = ($key === $subtab || $template['title'] === $first_title) ? 'class="aiowps-active"' : '';
$title = $template['title'];
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. No user input to escape.
echo '<li data-template="' . esc_attr($key) . '" ' . $is_active . '><span class="aiowps-rule-title">' . esc_attr($title) . '</span></li>';
}
?>
</ul>
</div>
<div class="aiowps-settings">
<?php
foreach ($templates as $key => $template) {
$aio_wp_security->include_template('wp-admin/firewall/partials/' . $key . '.php', false, $htaccess_rules_data);
}
?>
</div>
</div>
<div class="aiowps-actions">
<input type="submit" name="aiowps_apply_htaccess_firewall_settings" value="<?php esc_html_e('Save .htaccess firewall settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</div>
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/advanced-character-filter.php
Executable
+31
View File
@@ -0,0 +1,31 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="advanced-character-filter">
<h3 class="hndle"><label for="title"><?php esc_html_e('Advanced character string filter', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-advanced-character-string-filter-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-advanced-character-string-filter");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable advanced character string filter', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('This will block character sequences which resemble XSS attacks.', 'all-in-one-wp-security-and-firewall'), 'aiowps_advanced_char_string_filter', $aiowps_advanced_char_string_filter); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('This is an advanced character string filter to prevent malicious string attacks on your site coming from Cross Site Scripting (XSS).', 'all-in-one-wp-security-and-firewall');
echo '<br />' . esc_html__('This setting matches for common malicious string patterns and exploits and will produce a 403 error for the hacker attempting the query.', 'all-in-one-wp-security-and-firewall');
echo '<br />' . esc_html__('NOTE: Some strings for this setting might break some functionality.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/advanced-settings-6g.php
Executable
+70
View File
@@ -0,0 +1,70 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<h3><?php esc_html_e('Block request methods', 'all-in-one-wp-security-and-firewall'); ?></h3>
<span data-tooltip="<?php echo esc_attr__('HTTP request methods are used by browsers and clients to communicate with servers to get responses.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_attr__('The below request methods are not necessary for every site to function and you may disable all HTTP request methods that are not essential for your site to function.', 'all-in-one-wp-security-and-firewall'); ?>">
<span class="dashicons dashicons-editor-help"></span>
</span>
<div class="options">
<table class="form-table">
<?php foreach ($block_request_methods as $block_request_method) {?>
<tr>
<?php /* translators: %s: Block method */ ?>
<th><?php printf(esc_html__('Block %s method', 'all-in-one-wp-security-and-firewall'), esc_html(strtoupper($block_request_method)));?>:</th>
<td>
<div class="aiowps_switch_container">
<?php /* translators: %s: Block request method */ ?>
<?php AIOWPSecurity_Utility_UI::setting_checkbox(sprintf(__('Check this to block the %s request method', 'all-in-one-wp-security-and-firewall'), strtoupper($block_request_method)), "aiowps_block_request_method_{$block_request_method}", in_array(strtoupper($block_request_method), $methods)); ?>
<?php if ('put' == $block_request_method) {?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('Some WooCommerce extensions use the PUT request method in addition to GET and POST.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__("This means WooCommerce users shouldn't block the PUT request method.", 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('A few REST requests use the PUT request method.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('If your site is communicated by the WP REST API, you should not block the PUT request method.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</div>
<?php } ?>
</td>
</tr>
<?php } ?>
</table>
</div>
<h3><?php esc_html_e('Other settings', 'all-in-one-wp-security-and-firewall'); ?></h3>
<span data-tooltip="<?php esc_attr_e('The 6G firewall provides other settings for blocking malicious query strings, request strings, referers and user-agents; you can configure their settings below.', 'all-in-one-wp-security-and-firewall'); ?>">
<span class="dashicons dashicons-editor-help"></span>
</span>
<div class="options">
<table class="form-table">
<tr>
<th><?php esc_html_e('Block query strings', 'all-in-one-wp-security-and-firewall');?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to block all query strings recommended by 6G', 'all-in-one-wp-security-and-firewall'), 'aiowps_block_query', $blocked_query); ?>
</div>
</td>
</tr>
<tr>
<th><?php esc_html_e('Block request strings', 'all-in-one-wp-security-and-firewall');?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to block all request strings recommended by 6G', 'all-in-one-wp-security-and-firewall'), 'aiowps_block_request', $blocked_request); ?>
</div>
</td>
</tr>
<tr>
<th><?php esc_html_e('Block referers', 'all-in-one-wp-security-and-firewall');?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to block all referers recommended by 6G', 'all-in-one-wp-security-and-firewall'), 'aiowps_block_refs', $blocked_referrers); ?>
</div>
</td>
</tr>
<tr>
<th><?php esc_html_e('Block user-agents', 'all-in-one-wp-security-and-firewall');?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to block all user-agents recommended by 6G', 'all-in-one-wp-security-and-firewall'), 'aiowps_block_agents', $blocked_agents); ?>
</div>
</td>
</tr>
</table>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/allowlist.php
Executable
+19
View File
@@ -0,0 +1,19 @@
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Allow list', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<p>
<?php esc_html_e('This option allows you to add IP addresses to your allow list.', 'all-in-one-wp-security-and-firewall'); ?><br>
<?php esc_html_e('All IPs in your allow list will no longer be affected by the firewall\'s rules.', 'all-in-one-wp-security-and-firewall'); ?><br>
</p>
</div>
<form action="" method='post' id="aios-firewall-allowlist-form">
<table class="form-table">
<tr valign="top">
<?php AIOWPSecurity_Utility_UI::ip_input_textarea(__('Enter IP addresses:', 'all-in-one-wp-security-and-firewall'), 'aios_firewall_allowlist', $allowlist, __('Enter one or more IP addresses or IP ranges.', 'all-in-one-wp-security-and-firewall')); ?>
</tr>
</table>
<?php submit_button(esc_html__('Save allow list', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_firewall_allowlist');?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/bad-query-strings.php
Executable
+30
View File
@@ -0,0 +1,30 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="bad-query-strings">
<h3 class="hndle"><label for="title"><?php esc_html_e('Bad query strings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-deny-bad-queries-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-deny-bad-queries");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Deny bad query strings', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('This will help protect you against malicious queries via XSS.', 'all-in-one-wp-security-and-firewall'), 'aiowps_deny_bad_query_strings', $aiowps_deny_bad_query_strings); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('This feature will prevent malicious string attacks on your site using XSS.', 'all-in-one-wp-security-and-firewall');
echo '<br />'.esc_html__('NOTE: Some of these strings might be used for plugins or themes and hence this might break some functionality.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/basic-firewall-settings.php
Executable
+42
View File
@@ -0,0 +1,42 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="basic-firewall-settings">
<h3 class="hndle"><label for="title"><?php esc_html_e('Basic firewall settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-basic-rules-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-basic-rules");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable basic firewall protection', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to apply basic firewall protection to your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_basic_firewall', '1' == $aiowps_enable_basic_firewall); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This setting will implement the following basic firewall protection mechanisms on your site:', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('1) Protect your htaccess file by denying access to it.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('2) Disable the server signature.', 'all-in-one-wp-security-and-firewall').'</p>';
/* translators: %s: Upload limit. */
echo '<p class="description">'.sprintf(esc_html__('3) Limit file upload size (%sMB).', 'all-in-one-wp-security-and-firewall'), esc_html(AIOS_FIREWALL_MAX_FILE_UPLOAD_LIMIT_MB)).'</p>';
echo '<p class="description">'.esc_html__('4) Protect your wp-config.php file by denying access to it.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('The above firewall features will be applied via your .htaccess file and should not affect your site\'s overall functionality.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('You are still advised to take a backup of your active .htaccess file just in case.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_max_file_upload_size"><?php esc_html_e('Max file upload size (MB)', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_max_file_upload_size" type="number" min="0" step="1" name="aiowps_max_file_upload_size" value="<?php echo esc_html($aiowps_max_file_upload_size); ?>" />
<?php /* translators: %s: Upload limit. */ ?>
<span class="description"><?php echo sprintf(esc_html__('The value for the maximum file upload size used in the .htaccess file. (Defaults to %sMB if left blank)', 'all-in-one-wp-security-and-firewall'), esc_html(AIOS_FIREWALL_MAX_FILE_UPLOAD_LIMIT_MB)); ?></span>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/blank-ref-and-useragent.php
Executable
+27
View File
@@ -0,0 +1,27 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<table class="form-table">
<tr valign="top">
<div id="firewall-ban-post-blank-headers-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-ban-post-blank-headers");
?>
</div>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Ban POST requests that have a blank user-agent and referer', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to ban POST requests that have a blank user-agent and referer.', 'all-in-one-wp-security-and-firewall'), 'aiowps_ban_post_blank_headers', $aiowps_ban_post_blank_headers); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This feature will check whether the user-agent and referer HTTP headers are blank.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('If they are both blank, the IP address associated with the request will be added to your permanent block list.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/block-debug-log.php
Executable
+30
View File
@@ -0,0 +1,30 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="block-debug-log">
<h3 class="hndle"><label for="title"><?php esc_html_e('Block access to debug log file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-block-debug-file-access-badge">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("firewall-block-debug-file-access");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Block access to debug.log file', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to block access to the debug.log file that WordPress creates when debug logging is enabled.', 'all-in-one-wp-security-and-firewall'), 'aiowps_block_debug_log_file_access', '1' == $aiowps_block_debug_log_file_access); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('WordPress has an option to turn on the debug logging to a file located in wp-content/debug.log.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('This file may contain sensitive information.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">' . esc_html__('Using this option will block external access to this file.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('You can still access this file by logging into your site via FTP.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/disable-rss-atom.php
Executable
+30
View File
@@ -0,0 +1,30 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="disable-rss-atom">
<h3 class="hndle"><?php esc_html_e('Disable WordPress RSS and ATOM feeds', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div class="inside">
<div id="firewall-disable-rss-and-atom-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-disable-rss-and-atom");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable RSS and ATOM feeds:', 'all-in-one-wp-security-and-firewall'); ?></th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you do not want users using feeds.', 'all-in-one-wp-security-and-firewall') . ' ' .__('RSS and ATOM feeds are used to read content from your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_disable_rss_and_atom_feeds', '1' == $aiowps_disable_rss_and_atom_feeds); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('Most users will want to share their site content widely, but some may prefer to prevent automated site scraping.', 'all-in-one-wp-security-and-firewall').'</p>';
/* translators: %s: FAQ URL. */
echo '<p class="description">' . sprintf(esc_html__('For more information, check the %s', 'all-in-one-wp-security-and-firewall'), '<a target="_blank" href="https://teamupdraft.com/documentation/all-in-one-security/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=php-rules-faq&utm_creative_format=text">' . esc_html__('documentation', 'all-in-one-wp-security-and-firewall').'</a>').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/disable-trace.php
Executable
+34
View File
@@ -0,0 +1,34 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Trace and track', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-disable-trace-track-badge">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("firewall-disable-trace-track");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable trace and track', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this to disable trace and track.', 'all-in-one-wp-security-and-firewall'), 'aiowps_disable_trace_and_track', '1' == $aio_wp_security->configs->get_value('aiowps_disable_trace_and_track')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('HTTP Trace attack (XST) can be used to return header requests and grab cookies and other information.', 'all-in-one-wp-security-and-firewall');
echo '<br />';
esc_html_e('This hacking technique is usually used together with cross site scripting attacks (XSS).', 'all-in-one-wp-security-and-firewall');
echo '<br />';
esc_html_e('Disabling trace and track on your site will help prevent HTTP Trace attacks.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/fake-googlebots.php
Executable
+44
View File
@@ -0,0 +1,44 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="aio_blue_box">
<?php
$info_msg = '<p>' . esc_html__('This feature allows you to block bots which are impersonating as a Googlebot but actually aren\'t. (In other words they are fake Google bots)', 'all-in-one-wp-security-and-firewall') . '</p>';
$info_msg .= '<p>'. esc_html__('Googlebots have a unique identity which cannot easily be forged and this feature will identify any fake Google bots and block them from reading your site\'s pages.', 'all-in-one-wp-security-and-firewall').'</p>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo $info_msg;
?>
</div>
<div class="aio_yellow_box">
<?php
$info_msg_2 = '<p><strong>'. esc_html__('Attention', 'all-in-one-wp-security-and-firewall').'</strong>: '.__('Sometimes non-malicious Internet organizations might have bots which impersonate as a "Googlebot".', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg_2 .= '<p>'.esc_html__('Just be aware that if you activate this feature the plugin will block all bots which use the "Googlebot" string in their User Agent information but are NOT officially from Google (irrespective of whether they are malicious or not).', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg_2 .= '<p>'.esc_html__('All other bots from other organizations such as "Yahoo", "Bing" etc will not be affected by this feature.', 'all-in-one-wp-security-and-firewall').'</p>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo $info_msg_2;
?>
</div>
<table class="form-table">
<tr valign="top">
<div id="firewall-block-fake-googlebots-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-block-fake-googlebots");
?>
</div>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Block fake Googlebots', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to block all fake Googlebots.', 'all-in-one-wp-security-and-firewall'), 'aiowps_block_fake_googlebots', $aiowps_block_fake_googlebots); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This feature will check if the User Agent information of a bot contains the string "Googlebot".', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/firewall-downgrade-button.php
Executable
+5
View File
@@ -0,0 +1,5 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<form method="POST" style="display: inline;" id="aiowps-firewall-downgrade-form">
<input type="hidden" name="action" value="aiowps_firewall_downgrade">
<input class="button button-primary" type="submit" name="btn_downgrade_protection" value="<?php esc_html_e('Downgrade firewall', 'all-in-one-wp-security-and-firewall'); ?>">
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/firewall-set-up-button.php
Executable
+5
View File
@@ -0,0 +1,5 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<form method="POST" style="display: inline;" id="aiowpsec-firewall-setup-form">
<input type="hidden" name="action" value="aiowps_firewall_setup">
<input class="button button-primary" type="submit" name="btn_try_again" value="<?php esc_html_e('Set up firewall', 'all-in-one-wp-security-and-firewall'); ?>">
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/firewall-setup.php
Executable
+30
View File
@@ -0,0 +1,30 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Firewall setup', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<p>
<?php esc_html_e('This option allows you to set up or downgrade the firewall.', 'all-in-one-wp-security-and-firewall'); ?><br>
<?php esc_html_e('We recommend you set up the firewall for greater protection, but if for whatever reason you wish to downgrade the firewall, then you can do so here.', 'all-in-one-wp-security-and-firewall'); ?><br>
</p>
</div>
<table class="form-table">
<tr valign="row">
<th scope="row"><?php esc_html_e('Firewall', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div id="aiowps-firewall-status-container" style="display: inline">
<?php AIOWPSecurity_Utility_Firewall::is_firewall_setup() ? $aio_wp_security->include_template('wp-admin/firewall/partials/firewall-downgrade-button.php') : $aio_wp_security->include_template('wp-admin/firewall/partials/firewall-set-up-button.php'); ?>
</div>
<span style='margin-top: 5px;' class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description"><strong><?php esc_html_e('Set up firewall', 'all-in-one-wp-security-and-firewall');?>: </strong><?php esc_html_e('This will attempt to set up the firewall in order to give you the highest level of protection it has to offer.', 'all-in-one-wp-security-and-firewall');?><p>
<p class="description"><strong><?php esc_html_e('Downgrade firewall', 'all-in-one-wp-security-and-firewall');?>: </strong><?php esc_html_e('This will undo the changes performed by the set-up mechanism.', 'all-in-one-wp-security-and-firewall');?><p>
<p class="description"><?php esc_html_e('The firewall will still be active if it is downgraded or not set up, but you will have reduced protection.', 'all-in-one-wp-security-and-firewall');?><p>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/internet-bots.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="internet-bots">
<h3 class="hndle"><label for="title"><?php esc_html_e('Internet bot settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
$info_msg = '';
$wiki_link = '<a href="http://en.wikipedia.org/wiki/Internet_bot" target="_blank">'.esc_html__('What is an Internet Bot', 'all-in-one-wp-security-and-firewall').'</a>';
/* translators: s%: Wiki URL. */
$info_msg .= '<p><strong>'.sprintf(__('%s?', 'all-in-one-wp-security-and-firewall'), $wiki_link).'</strong></p>';
$info_msg .= '<p>'. esc_html__('A bot is a piece of software which runs on the Internet and performs automatic tasks.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('For example when Google indexes your pages it uses bots to achieve this task.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg .= '<p>'. esc_html__('A lot of bots are legitimate and non-malicious but not all bots are good and often you will find some which try to impersonate legitimate bots such as "Googlebot" but in reality they have nohing to do with Google at all.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg .= '<p>'. esc_html__('Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site.', 'all-in-one-wp-security-and-firewall').'</p>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo $info_msg;
?>
</div>
<?php $aio_wp_security->include_template('wp-admin/firewall/partials/fake-googlebots.php', false, compact('aiowps_block_fake_googlebots')); ?>
<?php $aio_wp_security->include_template('wp-admin/firewall/partials/blank-ref-and-useragent.php', false, compact('aiowps_ban_post_blank_headers')); ?>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/listing-directory-contents.php
Executable
+34
View File
@@ -0,0 +1,34 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="listing-directory-contents">
<h3 class="hndle"><label for="title"><?php esc_html_e('Listing of directory contents', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-disable-index-views-badge">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("firewall-disable-index-views");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable index views', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to disable directory and file listing.', 'all-in-one-wp-security-and-firewall'), 'aiowps_disable_index_views', '1' == $aiowps_disable_index_views); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('By default, an Apache server will allow the listing of the contents of a directory if it doesn\'t contain an index.php file.', 'all-in-one-wp-security-and-firewall');
echo '<br />';
esc_html_e('This feature will prevent the listing of contents for all directories.', 'all-in-one-wp-security-and-firewall');
echo '<br />';
echo esc_html__('NOTE: In order for this feature to work "AllowOverride" of the Indexes directive must be enabled in your httpd.conf file.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Ask your hosting provider to check this if you don\'t have access to httpd.conf', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/ng.php
Executable
+56
View File
@@ -0,0 +1,56 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div id="aios-6g-firewall-settings-container" class="postbox aio_hidden" data-template="ng">
<h3 class="hndle"><label for="title"><?php esc_html_e('6G firewall settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
/* translators: 1: 8G URL, 2: 5G URL, 3: Perishable Press URL */
$info_msg = '<p>'.sprintf(esc_html__('This feature allows you to activate the %1$s (or legacy %2$s) firewall security protection rules designed and produced by %3$s.', 'all-in-one-wp-security-and-firewall'), '<a href="http://perishablepress.com/6g/" target="_blank">6G</a>', '<a href="http://perishablepress.com/5g-blacklist-2013/" target="_blank">5G</a>', '<a href="http://perishablepress.com/" target="_blank">Perishable Press</a>').'</p>';
$info_msg .= '<p>'.esc_html__('The 6G firewall is an updated and improved version of the 5G firewall that is PHP-based and doesn\'t use a .htaccess file.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('If you have the 5G firewall active, you might consider activating the 6G firewall instead.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg .= '<p>'.esc_html__('The 6G firewall is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg .= '<p>'.esc_html__('The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of security rules for general WP sites.', 'all-in-one-wp-security-and-firewall').'</p>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo $info_msg;
?>
</div>
<div id="firewall-enable-6g-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-enable-6g");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable 6G firewall protection', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to apply the recommended 6G firewall protection.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_6g_firewall', '1' == $ng_settings['aiowps_enable_6g_firewall']); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('....and much more.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
<button type="button" class="button button-link aios-toggle-advanced-options<?php if ($ng_settings['advanced_options_disabled']) echo ' advanced-options-disabled';?>">
<span class="text">
<span class="dashicons dashicons-arrow-down-alt2"></span>
<span class="aios-toggle-advanced-options__text-show"><?php esc_html_e('Show advanced options', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aios-toggle-advanced-options__text-hide"><?php esc_html_e('Hide advanced options', 'all-in-one-wp-security-and-firewall'); ?></span>
</span>
</button>
<div class="aios-advanced-options-panel">
<?php $aio_wp_security->include_template('wp-admin/firewall/partials/advanced-settings-6g.php', false, array('methods' => $ng_settings['methods'], 'blocked_query' => $ng_settings['blocked_query'], 'blocked_request' => $ng_settings['blocked_request'], 'blocked_referrers' => $ng_settings['blocked_referrers'], 'blocked_agents' => $ng_settings['blocked_agents'], 'block_request_methods' => $ng_settings['block_request_methods'])); ?>
</div>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/proxy-comment.php
Executable
+30
View File
@@ -0,0 +1,30 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="proxy-comment">
<h3 class="hndle"><label for="title"><?php esc_html_e('Proxy comment posting', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-forbid-proxy-comments-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-forbid-proxy-comments");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Forbid proxy comment posting', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to forbid proxy comment posting.', 'all-in-one-wp-security-and-firewall'), 'aiowps_forbid_proxy_comments', $aiowps_forbid_proxy_comments); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('This setting will deny any requests that use a proxy server when posting comments.', 'all-in-one-wp-security-and-firewall');
echo '<br>'.esc_html__('By forbidding proxy comments you are in effect eliminating some spam and other proxy requests.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</div>
</td>
</tr>
</table>
</div></div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/rest-route-whitelist.php
Executable
+21
View File
@@ -0,0 +1,21 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="aio_yellow_box">
<p><?php echo sprintf(esc_html__('%s this REST route allows websites to display core content, such as posts, pages, and other WordPress data.', 'all-in-one-wp-security-and-firewall'), '<strong>wp:</strong>') . ' ' . esc_html__('This route is essential for the WordPress block editor and API integrations.', 'all-in-one-wp-security-and-firewall') . ' ' .esc_html__('Disabling it may break plugins and themes.', 'all-in-one-wp-security-and-firewall');?></p>
<p><?php echo sprintf(esc_html__('%s this REST route enables embedding content from your site on external platforms (e.g., Twitter, Facebook, and WordPress embeds).', 'all-in-one-wp-security-and-firewall'), '<strong>oembed:</strong>') . ' ' . esc_html__('Disabling this may prevent your site\'s content from being embedded in social media and other platforms.', 'all-in-one-wp-security-and-firewall');?></p>
</div>
<br>
<table class="form-table">
<?php if (!empty($route_namespaces)) { ?>
<tr valign="top">
<th scope="row"><?php _e('Whitelist REST routes', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<?php foreach ($route_namespaces as $route_namespace) { ?>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox($route_namespace, 'aios_whitelisted_rest_routes_'.str_replace('-', '_', $route_namespace), in_array($route_namespace, $aios_whitelisted_rest_routes)); ?>
</div>
<br>
<?php } ?>
</td>
</tr>
<?php } ?>
</table>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/upgrade-unsafe-http-calls.php
Executable
+48
View File
@@ -0,0 +1,48 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Upgrade unsafe HTTP calls', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="upgrade-unsafe-http-calls-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge('upgrade-unsafe-http-calls');
?>
</div>
<form action="" id="aios-upgrade-unsafe-http-calls-settings-form">
<div class="aio_blue_box">
<?php
/* translators: 1: Bold unsafe function name, 2: Bold safe function name. */
echo '<p>' . sprintf(esc_html__('This feature allows you to upgrade all unsafe HTTP calls on your site using %1$s to %2$s.', 'all-in-one-wp-security-and-firewall'), '<strong>wp_remote_*</strong>', '<strong>wp_safe_remote_*</strong>') . '</p>';
/* translators: %s Bold unsafe function name. */
echo '<p>' . sprintf(esc_html__('You can also specify a list of URLs that are allowed to be contacted with the unsafe %s calls.', 'all-in-one-wp-security-and-firewall'), '<strong>wp_remote_*</strong>') . '</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox('', 'aiowps_upgrade_unsafe_http_calls', '1' == $aiowps_upgrade_unsafe_http_calls); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_upgrade_unsafe_http_calls_url_exceptions"><?php esc_html_e('URL exceptions', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<textarea id="aiowps_upgrade_unsafe_http_calls_url_exceptions" name="aiowps_upgrade_unsafe_http_calls_url_exceptions" rows="5" cols="50"><?php echo esc_textarea($aiowps_upgrade_unsafe_http_calls_url_exceptions); ?></textarea>
<br>
<span class="description"><?php esc_html_e('Enter URL exceptions.', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('Each URL must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('All localhost URLs are already an exception.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" class="button-primary" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/wp-rest-api.php
Executable
+59
View File
@@ -0,0 +1,59 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<?php
$route_namespaces = AIOWPSecurity_Utility::get_rest_namespaces();
$user_roles = AIOWPSecurity_Utility_Permissions::get_user_roles();
?>
<div class="postbox aio_hidden" data-template="wp-rest-api">
<h3 class="hndle"><label for="title"><?php esc_html_e('WP REST API settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div>
<div id="disallow-unauthorised-requests-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("disallow-unauthorised-requests");
?>
</div>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This feature allows you to block WordPress REST API access for unauthorized requests.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('When enabled this feature will only allow REST requests to be processed if the user is logged in.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('Only REST requests made by logged-in users with a role permitted below will succeed, unless the REST API endpoint has been white-listed for others to also use.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('You can whitelist REST routes by selecting from the list of all registered rest routes for all users, including those who are not logged in.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<?php if (empty($route_namespaces)) { ?>
<div class="aio_red_box">
<p>
<?php
echo esc_html__('You do not have any registered REST API routes to block unauthorized access.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
<?php } ?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disallow unauthorized REST requests', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to stop REST API access for non-logged in requests.', 'all-in-one-wp-security-and-firewall'), 'aiowps_disallow_unauthorized_rest_requests', '1' == $aiowps_disallow_unauthorized_rest_requests); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e('User roles allowed access when logged in', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<?php foreach ($user_roles as $id => $name) { ?>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox($name, 'aios_allowed_roles_rest_requests_'.$id, !in_array($id, $aios_roles_disallowed_rest_requests)); // Default all roles are allowed, only disallowed roles considered ?>
</div>
<br>
<?php } ?>
</td>
</tr>
</table>
<div class="aios-rest-white-list-options-panel<?php echo ('1' == $aiowps_disallow_unauthorized_rest_requests) ? "" : " hidden";?>">
<?php $aio_wp_security->include_template('wp-admin/firewall/partials/rest-route-whitelist.php', false, compact('route_namespaces', 'aios_whitelisted_rest_routes')); ?>
</div>
</div>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/xmlrpc-pingback-protection.php
Executable
+52
View File
@@ -0,0 +1,52 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="postbox aio_hidden" data-template="xmlrpc-pingback-protection">
<h3 class="hndle"><label for="title"><?php esc_html_e('WordPress XMLRPC and pingback vulnerability protection', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="firewall-pingback-rules-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("firewall-pingback-rules");
?>
</div>
<?php $aio_wp_security->include_template('wp-admin/firewall/partials/xmlrpc-warning-notice.php'); ?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Completely block access to XMLRPC', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you are not using the WP XML-RPC functionality and you want to completely block external access to XMLRPC.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_pingback_firewall', $aiowps_enable_pingback_firewall); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This setting will disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality in WordPress.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('Hackers can exploit various vulnerabilities in the WordPress XML-RPC API in a number of ways such as:', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('1) Denial of Service (DoS) attacks', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('2) Hacking internal routers.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('3) Scanning ports in internal networks to get info from various hosts.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('Leave this feature disabled and use the feature below if you want pingback protection but you still need XMLRPC.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable pingback functionality from XMLRPC', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('If you use Jetpack or WP iOS or other apps which need WP XML-RPC functionality then check this.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('This will enable protection against WordPress pingback vulnerabilities.', 'all-in-one-wp-security-and-firewall'), 'aiowps_disable_xmlrpc_pingback_methods', '1' == $aiowps_disable_xmlrpc_pingback_methods); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the "Completely Block Access To XMLRPC" checkbox unchecked.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('This feature will also remove the "X-Pingback" header if it is present.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/xmlrpc-warning-notice.php
Executable
+11
View File
@@ -0,0 +1,11 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<div class="xmlrpc_warning_box aio_orange_box <?php if (!$aiowps_firewall_config->get_value('aiowps_enable_pingback_firewall')) echo ' aio_hidden';?>">
<p>
<?php
echo '<p>'.esc_html__('Attention:', 'all-in-one-wp-security-and-firewall').' '.esc_html__('You have enabled the "Completely Block Access To XMLRPC" checkbox which means all XMLRPC functionality will be blocked.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('By leaving this feature enabled you will prevent Jetpack or Wordpress iOS or other apps which need XMLRPC from working correctly on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('If you still need XMLRPC then uncheck the "Completely Block Access To XMLRPC" checkbox and enable only the "Disable Pingback Functionality From XMLRPC" checkbox.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</p>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/php-firewall-rules.php
Executable
+81
View File
@@ -0,0 +1,81 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<h2><?php esc_html_e('PHP firewall settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<form action="" id="aios-php-firewall-settings-form">
<?php
$templates = array(
'xmlrpc-pingback-protection' => array(
'title' => __('Security enhancements', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'disable-rss-atom' => array(
'title' => __('Feed control', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'proxy-comment' => array(
'title' => __('Comment protection', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'bad-query-strings' => array(
'title' => __('URL security', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'advanced-character-filter' => array(
'title' => __('String filtering', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'ng' => array(
'title' => __('nG firewall rules', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'wp-rest-api' => array(
'title' => __('WP REST API', 'all-in-one-wp-security-and-firewall')
),
'internet-bots' => array(
'title' => __('Internet bot settings', 'all-in-one-wp-security-and-firewall'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
)
);
$templates = apply_filters('aiowps_modify_php_firewall_rules_template', $templates);
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce.
$subtab = isset($_GET['subtab']) ? sanitize_text_field(wp_unslash($_GET['subtab'])) : '';
?>
<div class="aiowps-postbox-container">
<div class="aiowps-rules">
<h3 class="hndle"><?php esc_html_e('Rules', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div id="aiowps-rule-search">
<span class="dashicons dashicons-search"></span>
<input type="text" placeholder="<?php esc_html_e('Search', 'all-in-one-wp-security-and-firewall'); ?>" class="aiowps-search">
<span class="dashicons dashicons-no-alt clear-search"></span>
</div>
<ul class="aiowps-rule-list">
<?php
if (empty($templates)) return;
$first_template = reset($templates);
$first_title = $first_template['title'];
foreach ($templates as $key => $template) {
// Check if the current title is the first title
$is_active = ($key === $subtab || $template['title'] === $first_title) ? 'class="aiowps-active"' : '';
$title = $template['title'];
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. No user input to escape.
echo '<li data-template="' . esc_attr($key) . '" ' . $is_active . '><span class="aiowps-rule-title">' . esc_html($title) . '</span></li>';
}
?>
</ul>
</div>
<div class="aiowps-settings">
<?php
foreach ($templates as $key => $template) {
$aio_wp_security->include_template('wp-admin/firewall/partials/' . esc_attr($key) . '.php', false, $php_firewall_data);
}
?>
</div>
</div>
<div class="aiowps-actions">
<input type="submit" name="aiowps_apply_php_firewall_settings" value="<?php esc_html_e('Save PHP firewall settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</div>
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/general/moved.php
Executable
+28
View File
@@ -0,0 +1,28 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<?php
$info = array(
'6g' => array(
'title' => __('6G firewall rules', 'all-in-one-wp-security-and-firewall'),
'uri' => 'aiowpsec_firewall&tab=php-rules&subtab=ng'
),
'internet-bots' => array(
'title' => __('Internet bots', 'all-in-one-wp-security-and-firewall'),
'uri' => 'aiowpsec_firewall&tab=php-rules&subtab=internet-bots'
),
);
if (empty($info)) return;
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php echo esc_html($info[$key]['title']); ?></label></h3>
<div class="inside">
<?php
$new_location_link = '<a href="admin.php?page=' . esc_html($info[$key]['uri']) . '">' . esc_html__('here', 'all-in-one-wp-security-and-firewall') . '</a>';
echo '<div class="aio_orange_box"><p>';
/* translators: 1: Old location 2: New location */
echo sprintf(esc_html__('The %1$s feature is now located %2$s.', 'all-in-one-wp-security-and-firewall'), esc_html($info[$key]['title']), $new_location_link) . ' ' . esc_html__('This page will be removed in a future release.', 'all-in-one-wp-security-and-firewall'); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Link already escaped.
echo '</p></div>';
?>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/scanner/file-change-detect.php
Executable
+148
View File
@@ -0,0 +1,148 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<?php
// Display an alert warning message if a file change was detected
if ($aiowps_fcds_change_detected) {
echo '<div id="aiowps_fcds_change_detected" class="error"><p><strong>' . esc_html__('The scan has detected that there was a change in your website\'s files.', 'all-in-one-wp-security-and-firewall') .' <a href="#" data-reset_change_detected="1" class="aiowps_view_last_fcd_results" >'.esc_html__('View the scan results and clear this message', 'all-in-one-wp-security-and-firewall').'</a></strong></p></div>';
}
?>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.', 'all-in-one-wp-security-and-firewall') .'<br>' . esc_html__('Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.', 'all-in-one-wp-security-and-firewall') .'<br>' . esc_html__('In general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.', 'all-in-one-wp-security-and-firewall') .'<br>' . esc_html__('The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system\'s files.', 'all-in-one-wp-security-and-firewall') .'<br>' . esc_html__('This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div class="postbox aiowps_next_scheduled_scan_wrapper">
<div class="schedule">
<div class="aiowps_next_scheduled_entity">
<div class="aiowps_next_scheduled_heading">
<strong><?php echo esc_html__('Next file scan', 'all-in-one-wp-security-and-firewall').':';?></strong>
</div>
<div id="aiowps-next-files-scan-inner">
<?php
if (false === $next_fcd_scan_time) {
echo '<span>' . esc_html__('Nothing is currently scheduled', 'all-in-one-wp-security-and-firewall') . '</span>';
} else {
echo '<span class="aiowps_next_scheduled_date_time">' . esc_html($next_fcd_scan_time) . '</span>';
}
?>
</div>
</div>
<div class="aiowps_next_scheduled_entity">
<div class="aiowps_next_scheduled_heading">
<strong><?php echo esc_html__('Previous file scan results', 'all-in-one-wp-security-and-firewall').':';?></strong>
</div>
<div id="aiowps-previous-files-scan-inner">
<span>
<?php
if ($previous_scan) {
echo '<a href="#" class="aiowps_view_last_fcd_results">' . esc_html__('View the last file scan results', 'all-in-one-wp-security-and-firewall') . '</a>';
} else {
esc_html_e('No previous scan results', 'all-in-one-wp-security-and-firewall');
}
?>
</span>
</div>
</div>
<div class="aiowps_time_now_wrapper">
<?php
// wp_date() is WP 5.3+, but performs translation into the site locale
$current_time = AIOWPSecurity_Utility::convert_timestamp(null, 'D, F j, Y H:i');
?>
<span class="aiowps_time_now_label"><?php echo esc_html__('Time now', 'all-in-one-wp-security-and-firewall').': ';?></span>
<span class="aiowps_time_now"><?php echo esc_html($current_time);?></span>
</div>
</div>
<div class="aiowps_scan_btn_wrapper">
<button id="aiowps_manual_fcd_scan" type="button" class="button button-primary button-large button-hero"><?php esc_html_e('Scan now', 'all-in-one-wp-security-and-firewall'); ?></button>
<p><?php echo esc_html__('or schedule regular file scans below.', 'all-in-one-wp-security-and-firewall');?></p>
</div>
<div id="aiowps_activejobs_table">
</div>
<div id="aiowps_previous_scan_wrapper">
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('File change detection settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="scan-file-change-detection-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge('scan-file-change-detection');
?>
</div>
<div id="aios-file-change-info-box"></div>
<form action="" method="POST" id="aiowpsec-scheduled-fcd-scan-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable automated file change detection scan', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the system to automatically and periodically scan your files to check for file changes based on the settings below', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_automated_fcd_scan', '1' == $aiowps_enable_automated_fcd_scan); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_fcd_scan_frequency"><?php esc_html_e('Scan time interval', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_fcd_scan_frequency" type="text" size="5" name="aiowps_fcd_scan_frequency" value="<?php echo esc_attr($aiowps_fcd_scan_frequency); ?>" />
<select id="backup_interval" name="aiowps_fcd_scan_interval">
<option value="0" <?php selected($aiowps_fcd_scan_interval, '0'); ?>><?php esc_html_e('Hours', 'all-in-one-wp-security-and-firewall'); ?></option>
<option value="1" <?php selected($aiowps_fcd_scan_interval, '1'); ?>><?php esc_html_e('Days', 'all-in-one-wp-security-and-firewall'); ?></option>
<option value="2" <?php selected($aiowps_fcd_scan_interval, '2'); ?>><?php esc_html_e('Weeks', 'all-in-one-wp-security-and-firewall'); ?></option>
</select>
<span class="description"><?php esc_html_e('Set the value for how often you would like a scan to occur', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_fcd_exclude_filetypes"><?php esc_html_e('File types to ignore', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<textarea id="aiowps_fcd_exclude_filetypes" name="aiowps_fcd_exclude_filetypes" rows="5" cols="50"><?php echo esc_textarea($aiowps_fcd_exclude_filetypes); ?></textarea>
<br>
<span class="description"><?php esc_html_e('Enter each file type or extension on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('You can exclude file types from the scan which would not normally pose any security threat if they were changed.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('These can include things such as image files.', 'all-in-one-wp-security-and-firewall') . '</p>';
/* translators: 1. JPG, 2. PNG, 3. BMP. */
echo '<p class="description">' . sprintf(esc_html__('Example: If you want the scanner to ignore files of type %1$s, %2$s, and %3$s, then you would enter the following:', 'all-in-one-wp-security-and-firewall'), 'jpg', 'png', 'bmp'). '</p>';
echo '<p class="description">' . 'jpg' . '</p>';
echo '<p class="description">' . 'png' . '</p>';
echo '<p class="description">' . 'bmp' . '</p>';
?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_fcd_exclude_files"><?php esc_html_e('Files/Directories to ignore', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<textarea id="aiowps_fcd_exclude_files" name="aiowps_fcd_exclude_files" rows="5" cols="50"><?php echo esc_textarea($aiowps_fcd_exclude_files); ?></textarea>
<br>
<span class="description"><?php esc_html_e('Enter each file or directory on a new line which you wish to exclude from the file change detection scan.', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('You can exclude specific files/directories from the scan which would not normally pose any security threat if they were changed.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('These can include things such as log files.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('Example: If you want the scanner to ignore certain files in different directories or whole directories, then you would enter the following:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . 'cache/config/master.php' . '</p>';
echo '<p class="description">' . esc_html__('somedirectory', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_fcd_scan_email_address"><?php esc_html_e('Send email when change detected', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the system to email you if a file change was detected', 'all-in-one-wp-security-and-firewall'), 'aiowps_send_fcd_scan_email', '1' == $aiowps_send_fcd_scan_email); ?>
</div>
<br>
<textarea name="aiowps_fcd_scan_email_address" id="aiowps_fcd_scan_email_address" rows="5" cols="50"><?php echo esc_textarea(wp_unslash(AIOWPSecurity_Utility::get_textarea_str_val($aiowps_fcd_scan_email_address))); ?></textarea>
<br>
<span class="description"><?php esc_html_e('Enter one or more email addresses on a new line.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
</table>
<input type="submit" name="aiowps_schedule_fcd_scan" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/scanner/malware-scan.php
Executable
+25
View File
@@ -0,0 +1,25 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
echo '<h2>' . esc_html__('What is malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
echo '<p>' . esc_html__('The word malware stands for malicious software.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall') . '</p>' .'<p>' . esc_html__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall') . '</p>' .'<p>' . esc_html__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall') . '</p>';
$site_scanners_link = '<a href="https://teamupdraft.com/all-in-one-security/pricing/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=learn-more-malware-scan&utm_creative_format=text" target="_blank">' . esc_html__('here', 'all-in-one-wp-security-and-firewall'). '</a>';
echo '<h2>' . esc_html__('Scanning for malware', 'all-in-one-wp-security-and-firewall') . '</h2>';
echo '<p>' . esc_html__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall') . '</p>'.'<p>'.esc_html__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware weekly and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>' . esc_html__('This service is included with the premium plugin and provides the following:', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<ul class="aiowps_admin_ul_grp1">
<li>' . esc_html__('Automatic weekly scans', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('Automatic malware and blacklist monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('Automatic email alerting', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('Site uptime monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('Site response time monitoring', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('We provide advice for malware cleanup', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('Blacklist removal', 'all-in-one-wp-security-and-firewall') . '</li>
<li>' . esc_html__('No contract (cancel anytime)', 'all-in-one-wp-security-and-firewall') . '</li>
</ul>';
/* translators: %s: Scanner URL. */
echo '<p>' . sprintf(esc_html__('Learn more %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link) . '</p>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- variable already escaped.
?>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/scanner/scan-result.php
Executable
+42
View File
@@ -0,0 +1,42 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div>
<h3 class="hndle"><label for="title"><?php esc_html_e('Latest file change scan results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
$last_scan_results = $fcd_data['last_scan_result'];
$file_change_types = array(
'files_added' => esc_html__('The following files were added to your website.', 'all-in-one-wp-security-and-firewall'),
'files_removed' => esc_html__('The following files were removed from your website.', 'all-in-one-wp-security-and-firewall'),
'files_changed' => esc_html__('The following files were changed on your website.', 'all-in-one-wp-security-and-firewall')
);
foreach ($file_change_types as $type => $description) {
if (empty($last_scan_results[$type])) continue;
echo '<div class="aio_info_with_icon aio_spacer_10_tb">' . esc_html($description) . '</div>';
$output = '<div class="aiowps_table_container">';
$output .= '<table class="widefat aiowps_scan_result_table">';
$output .= '<thead class="aiowps_scan_result_table_header">';
$output .= '<tr>';
$output .= '<th>' . esc_html__('File', 'all-in-one-wp-security-and-firewall') . '</th>';
$output .= '<th>' . esc_html__('File size', 'all-in-one-wp-security-and-firewall') . '</th>';
$output .= '<th>' . esc_html__('File modified', 'all-in-one-wp-security-and-firewall') . '</th>';
$output .= '</tr>';
$output .= '</thead>';
foreach ($last_scan_results[$type] as $key => $value) {
$output .= '<tr>';
$output .= '<td>' . esc_html($key) . '</td>';
$file_size = AIOWPSecurity_Utility::convert_numeric_size_to_text($value['filesize']);
$output .= '<td>' . esc_html($file_size) . '</td>';
$last_modified = AIOWPSecurity_Utility::convert_timestamp($value['last_modified']);
$output .= '<td>' . esc_html($last_modified) . '</td>';
$output .= '</tr>';
}
$output .= '</table>';
$output .= '</div>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variables escaped early inside HTML.
echo $output;
echo '<div class="aio_spacer_15"></div>';
}
?>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/advanced-settings.php
Executable
+223
View File
@@ -0,0 +1,223 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('IP address detection settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('The IP address detection settings allow you to specify how visitors\' IP addresses are made known to PHP (and hence to WordPress and its plugins).', 'all-in-one-wp-security-and-firewall').
'<br />' . esc_html__('Usually, this is automatic and there is only one choice.', 'all-in-one-wp-security-and-firewall').
' ' . esc_html__('However in some setups, such as those using proxies (including load-balancers and security firewalls like Cloudflare), it may be necessary to set this manually.', 'all-in-one-wp-security-and-firewall').
'</p><p><strong>' . esc_html__('Attention', 'all-in-one-wp-security-and-firewall') . ':</strong> ' . esc_html__('It is important to set this correctly - otherwise you may make it possible for a hacker to ban all your visitors (e.g. via banning Cloudflare from connecting to you) instead of the hacker being banned.', 'all-in-one-wp-security-and-firewall') . '</p><p>' . esc_html__("The default is to use the REMOTE_ADDR PHP server variable.", 'all-in-one-wp-security-and-firewall') . " " . esc_html__("If this variable does not contain the visitor's IP address, then whilst you can make a different selection below, it is better to ask your web hosting company to have it correctly set.", 'all-in-one-wp-security-and-firewall') . ' ' .
esc_html__("This is the most secure setup, because when set correctly it is immune from being spoofed by an attacker.", 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<?php
if (empty($server_suitable_ip_methods)) {
echo '<br><strong>' . esc_html__('You have no available IP address detection method(s); you must contact your web hosting company.', 'all-in-one-wp-security-and-firewall') . '</strong>';
}
?>
<br><br>
<?php
/* translators: %s: Cloudflare */
echo sprintf(esc_html__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'Cloudflare');
?>
<span id="aios-cloudflare-ip-address"></span>
<br>
<?php
/* translators: %s: IPIFY IPv4 */
echo sprintf(esc_html__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'ipify (IPv4)');
?>
<span id="aios-ipify-ip-address"></span>
<br>
<?php
/* translators: %s: IPIFY IPv6 */
echo sprintf(esc_html__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'ipify (IPv6)');
?>
<span id="aios-ipify-ip-64-address"></span>
<?php
if ($is_localhost) {
echo '<br>';
echo esc_html__("If your site is setup on localhost, you won't see your external IP address using your server's IP detection setting; but on a localhost-served site (not available to the outside world), the setting is irrelevant and can be ignored.", 'all-in-one-wp-security-and-firewall');
}
?>
<style>
#aiowps_ip_retrieve_method option:disabled { color: #cccccc; }
.aios-ip-error { color: #ff0000; }
</style>
<form action="" method="POST" id="aiowpsec-ip-settings-form">
<table class="form-table">
<tr valign="top">
<td>
<select id="aiowps_ip_retrieve_method" name="aiowps_ip_retrieve_method">
<?php
foreach ($ip_retrieve_methods as $ip_method_id => $vals) {
?>
<option value="<?php echo esc_attr($ip_method_id); ?>" <?php selected($current_ip_retrieve_method, $ip_method_id); ?> <?php disabled($vals['is_enabled'], false); ?>><?php echo esc_html($vals['ip_method']); ?></option>
<?php
}
?>
</select>
<span class="description">
<?php esc_html_e("Choose a \$_SERVER variable you would like to detect visitors' IP address using.", 'all-in-one-wp-security-and-firewall'); ?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER["REMOTE_ADDR"]', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
<div class="description">
<?php
echo esc_html__('Your IP address if using this setting:', 'all-in-one-wp-security-and-firewall') . ' ';
?>
<span id="aios-ip-address-of-method"><?php esc_html_e('fetching...', 'all-in-one-wp-security-and-firewall'); ?></span>
</div>
<script>
jQuery(function() {
var get_ip_error_count = 0;
var unexpected_response_text = '<?php esc_html_e('Unexpected response:', 'all-in-one-wp-security-and-firewall'); ?> ';
var getting_text = ' ' + '<?php esc_html_e('getting...', 'all-in-one-wp-security-and-firewall'); ?>'
jQuery('#aios-cloudflare-ip-address').html(getting_text);
function aios_get_ip_error() {
get_ip_error_count++;
if (get_ip_error_count > 3) {
var additional_error_msg = ' ' + '(<?php esc_html_e('look-up possibly blocked by an ad-blocker or similar tool', 'all-in-one-wp-security-and-firewall'); ?>)';
jQuery('#aios-cloudflare-ip-address').html(getting_text);
jQuery('#aios-ipify-ip-address').html(getting_text);
jQuery('#aios-ipify-ip-64-address').html(getting_text);
}
}
jQuery.ajax({
type: 'GET',
url: 'https://www.cloudflare.com/cdn-cgi/trace',
success: function (response, status) {
try {
// Convert key-value pairs to JSON
// https://stackoverflow.com/a/39284735/452587
var data = response.trim().split('\n').reduce(function (obj, pair) {
pair = pair.split('=');
return obj[pair[0]] = pair[1], obj;
}, {});
} catch (e) {
var error_msg =
unexpected_response_text+' '+response;
jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
console.log(e);
console.log(response);
return;
}
if (data.hasOwnProperty('ip')) {
jQuery('#aios-cloudflare-ip-address').html(data.ip);
} else {
var error_msg = "failure: The IP line doesn't exist in the response. Response: " + response + " Status: " + status;
jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
}
},
error: function (response, status, error_code) {
var error_msg = "failure: " + status + " (" + error_code + ")";
jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
aios_get_ip_error();
}
});
function aios_fill_ipify_ip_address($is_ipv6) {
if ($is_ipv6) {
var url = 'https://api64.ipify.org?format=json';
var selector = '#aios-ipify-ip-64-address';
var error_msg = 'IPv4 ';
} else { // IPv4
var url = 'https://api.ipify.org?format=json';
var selector = '#aios-ipify-ip-address';
var error_msg = 'IPv6 ';
}
jQuery(selector).html(getting_text);
jQuery.ajax({
type: 'GET',
dataType: 'json',
url: url,
success: function (response, status) {
if (response.hasOwnProperty('ip')) {
jQuery(selector).html(response.ip);
} else {
error_msg += "failure: The IP line doesn't exist in the response. Response: " + JSON.stringify(response) + " Status: " + status;
jQuery(selector).addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
}
},
error: function (response, status, error_code) {
error_msg += "failure: " + status + " (" + error_code + ")";
jQuery(selector).addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
aios_get_ip_error();
}
});
}
aios_fill_ipify_ip_address(false);
aios_fill_ipify_ip_address(true); // IPv6
jQuery('#aiowps_ip_retrieve_method').on('change', function() {
jQuery('#aios-ip-address-of-method').html(getting_text);
var ip_retrieve_method = jQuery('#aiowps_ip_retrieve_method').val();
// If selected disabled option, we get null value.
// Previously saved value and the option is disabled now.
if (null == ip_retrieve_method) {
jQuery('#aios-ip-address-of-method').html('');
return;
}
aios_send_command('get_ip_address_of_given_method', {
ip_retrieve_method: jQuery('#aiowps_ip_retrieve_method').val()
}, function (resp) {
jQuery('#aios-ip-address-of-method').html("<?php esc_html_e('getting...', 'all-in-one-wp-security-and-firewall'); ?>");
if (resp.hasOwnProperty('ip_address')) {
jQuery('#aios-ip-address-of-method').html(resp.ip_address);
} else {
alert(unexpected_response_text + JSON.stringify(resp));
console.log(resp);
}
}, {
error_callback: function (response, status, error_code, resp) {
if (typeof resp !== 'undefined' && resp.hasOwnProperty('fatal_error')) {
console.error(resp.fatal_error_message);
alert(resp.fatal_error_message);
} else {
var error_message = "aios_send_command: error: " + status + " (" + error_code + ")";
console.log(error_message);
alert(error_message);
console.log(response);
}
}
});
});
jQuery('#aiowps_ip_retrieve_method').change();
});
</script>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_advanced_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall');?>" class="button-primary" />
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/delete-plugin-settings.php
Executable
+41
View File
@@ -0,0 +1,41 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Manage delete plugin tasks', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" id="aiowpsec-delete-plugin-settings-form">
<div class="aio_yellow_box">
<p>
<?php echo esc_html__('NOTE: Even if these options are disabled, the plugin settings will still be inactive when the plugin is uninstalled, but they will be remembered for the next time the plugin is installed and activated.', 'all-in-one-wp-security-and-firewall'); ?>
</p>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Delete database tables', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to remove all database tables for this site when uninstalling the plugin.', 'all-in-one-wp-security-and-firewall'), 'aiowps_on_uninstall_delete_db_tables', '1' == $aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_db_tables')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Delete settings', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<?php
$delete_configs_description = esc_html__('Enable this to remove all plugin settings for this site when uninstalling the plugin.', 'all-in-one-wp-security-and-firewall');
if (is_main_site()) {
$delete_configs_description .= ' ' . esc_html__('It will also remove all firewall rules that were added by this plugin.', 'all-in-one-wp-security-and-firewall');
}
?>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox($delete_configs_description, 'aiowps_on_uninstall_delete_configs', '1' == $aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_configs')); ?>
</div>
</td>
</tr>
</table>
<div class="submit">
<input type="submit" class="button-primary" name="aiowpsec_save_delete_plugin_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/general-settings.php
Executable
+116
View File
@@ -0,0 +1,116 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_grey_box">
<p><?php esc_html_e('For information, updates and documentation, please visit', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://teamupdraft.com/all-in-one-security/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=documentation-from-settings&utm_creative_format=notice" target="_blank"><?php echo esc_html('All-In-One Security'); ?></a> <?php esc_html_e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
</div>
<?php
if (!is_super_admin()) {
// Hide config settings if multisite and not super admin.
AIOWPSecurity_Utility::display_multisite_super_admin_message();
} else {
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('All-In-One Security', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<p>
<?php
esc_html_e('Thank you for using the All-In-One Security plugin.', 'all-in-one-wp-security-and-firewall');
?>
&nbsp;
<?php
esc_html_e('There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall');
?>
</p>
<p>
<?php
esc_html_e('To start, go through each security option and enable the "basic" options.', 'all-in-one-wp-security-and-firewall');
?>
&nbsp;
<?php
esc_html_e('The more features you enable, the more security points you will achieve.', 'all-in-one-wp-security-and-firewall');
?>
</p>
<p><?php esc_html_e('Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php.', 'all-in-one-wp-security-and-firewall'); ?></p>
<p>
<ul class="aiowps_admin_ul_grp1">
<li><a href="admin.php?page=aiowpsec_database&tab=database-backup" target="_blank"><?php esc_html_e('Backup your database', 'all-in-one-wp-security-and-firewall'); ?></a></li>
<li><a href="admin.php?page=aiowpsec_settings&tab=htaccess-file-operations" target="_blank"><?php esc_html_e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
<li><a href="admin.php?page=aiowpsec_settings&tab=wp-config-file-operations" target="_blank"><?php esc_html_e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
</ul>
</p>
</div>
</div> <!-- end postbox-->
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Disable security features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-disable-all-features-form">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="submit">
<input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php esc_html_e('Disable all security features', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div> <!-- end postbox-->
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-disable-all-firewall-rules-form">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htaccess file.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Use it if you think one of the firewall rules is causing an issue on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="submit">
<input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php esc_html_e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div> <!-- end postbox-->
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-reset-settings-form">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This feature will delete all of your settings related to the All-In-One Security plugin.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p>' . esc_html__('This feature will reset/empty all the database tables of the security plugin also.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p>' . esc_html__('Use this feature if you were locked out by the All-In-One Security plugin and/or you are having issues logging in when that plugin is activated.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p>' . esc_html__('In addition to the settings it will also delete any directives which were added to the .htaccess file by the All-In-One Security Plugin.', 'all-in-one-wp-security-and-firewall') . '</p>';
/* translators: 1: Open strong tag, 2: Close strong tag. */
echo '<p>' . sprintf(esc_html__('%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All-In-One Security plugin.', 'all-in-one-wp-security-and-firewall'), '<strong>', '</strong>') . '</p>';
?>
</div>
<div class="submit">
<input type="submit" name="aiowps_reset_settings" value="<?php esc_html_e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button">
</div>
</form>
</div>
</div> <!-- end postbox-->
<?php
} // End if statements
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Debug settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-save-debug-settings-form">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable debug', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable debug mode.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('You should keep this option disabled after you have finished debugging the issue.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_debug', '1' == $aio_wp_security->configs->get_value('aiowps_enable_debug')); ?>
</div>
</td>
</tr>
</table>
</form>
</div>
</div> <!-- end postbox-->
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/htaccess-file-operations.php
Executable
+37
View File
@@ -0,0 +1,37 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('.htaccess file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-save-htaccess-form">
<p class="description"><?php esc_html_e('Press the button below to backup and save the currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'); ?></p>
<input type="submit" name="aiowps_save_htaccess" value="<?php esc_html_e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form id="aiowps_restore_htaccess_form" action="" method="POST">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_restore_htaccess_button"><?php esc_html_e('.htaccess file to restore from', 'all-in-one-wp-security-and-firewall'); ?></label>:</th>
<td>
<input type="submit" name="aiowps_restore_htaccess_button" class="button button-primary" value="<?php esc_html_e('Restore your .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>">
<input name="aiowps_restore_htaccess" type="hidden" value="1">
<input name="aiowps_htaccess_file" type="file" id="aiowps_htaccess_file">
<input name="aiowps_htaccess_file_contents" type="hidden" id="aiowps_htaccess_file_contents">
</td>
</tr>
</table>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/settings-file-operations.php
Executable
+45
View File
@@ -0,0 +1,45 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Export or import your AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This section allows you to export or import your All-In-One Security settings.', 'all-in-one-wp-security-and-firewall');
echo '<br />' .esc_html__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-export-settings-form">
<table class="form-table">
<tr valign="top">
<span class="description"><?php echo esc_html__('To export your All-In-One Security settings press the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
</tr>
</table>
<input type="submit" name="aiowps_export_settings" value="<?php esc_html_e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Import AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form id="aiowps_restore_settings_form" action="" method="POST">
<table class="form-table">
<tr valign="top">
<span class="description"><?php echo esc_html__('Use this section to import your All-In-One Security settings from a file.', 'all-in-one-wp-security-and-firewall'); ?></span>
<th scope="row">
<label for="aiowps_import_settings_file_button"><?php esc_html_e('Settings file to restore from', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<input type="submit" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button button-primary" value="<?php esc_html_e('Select your import settings file', 'all-in-one-wp-security-and-firewall'); ?>">
<input name="aiowps_import_settings" type="hidden" value="1">
<input name="aiowps_import_settings_file" type="file" id="aiowps_import_settings_file">
<input name="aiowps_import_settings_file_contents" type="hidden" id="aiowps_import_settings_file_contents">
</td>
</tr>
</table>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/wp-config-file-operations.php
Executable
+47
View File
@@ -0,0 +1,47 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('wp-config.php file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Your "wp-config.php" file is one of the most important files in your WordPress installation.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-save-wp-config-form">
<p class="description"><?php esc_html_e('Press the button below to backup and download the contents of the currently active wp-config.php file.', 'all-in-one-wp-security-and-firewall'); ?></p>
<input type="submit" name="aiowps_save_wp_config" value="<?php esc_html_e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form id="aiowps_restore_wp_config_form" action="" method="POST">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_restore_wp_config_button"><?php esc_html_e('wp-config file to restore from', 'all-in-one-wp-security-and-firewall'); ?></label>:</th>
<td>
<input type="submit" name="aiowps_restore_wp_config_button" class="button button-primary" value="<?php esc_html_e('Restore your wp-config file', 'all-in-one-wp-security-and-firewall'); ?>">
<input name="aiowps_restore_wp_config" type="hidden" value="1">
<input name="aiowps_wp_config_file" type="file" id="aiowps_wp_config_file">
<input name="aiowps_wp_config_file_contents" type="hidden" id="aiowps_wp_config_file_contents">
</td>
</tr>
</table>
</form>
</div>
</div>
<!-- <div class="postbox">
<h3 class="hndle"><label for="title"><?php // esc_html_e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
// $wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
// $wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file); -->
?>
<textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly><?php // echo $wp_config_contents; ?></textarea>
</div>
</div> -->
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/wp-version-info.php
Executable
+38
View File
@@ -0,0 +1,38 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('WP generator meta tag and version info', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('WordPress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end, below is an example of this:', 'all-in-one-wp-security-and-firewall');
echo '<br /><strong>&lt;meta name="generator" content="WordPress 3.5.1" /&gt;</strong>';
echo '<br />'.esc_html__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
<br /><br />'.esc_html__('There are also other ways Wordpress reveals version info such as during style and script loading, an example of this is:', 'all-in-one-wp-security-and-firewall');
// phpcs:ignore WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet -- PCP error. Example code. Not an actual stylesheet.
echo '<br /><strong>&lt;link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" /&gt;</strong>
<br /><br />'.esc_html__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="wp-generator-meta-tag-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("wp-generator-meta-tag");
?>
</div>
<form action="" method="POST" id="aiowpsec-remove-wp-meta-info-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Remove WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to remove the version and meta info produced by WP from all pages', 'all-in-one-wp-security-and-firewall'), 'aiowps_remove_wp_generator_meta_info', '1' == $aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info')); ?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_remove_wp_meta_info" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/spam-prevention/comment-spam-ip-monitoring.php
Executable
+116
View File
@@ -0,0 +1,116 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox" id="aios-auto-spam-block-container">
<h3 class="hndle"><label for="title"><?php esc_html_e('Auto block spammer IPs', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
if ('1' == $aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip') && '1' != $aio_wp_security->configs->get_value('aiowps_enable_spambot_detecting')) {
$comment_spam_detect_link = "<a href='".esc_url(admin_url(sanitize_url(sprintf('admin.php?page=%s&tab=%s', AIOWPSEC_SPAM_MENU_SLUG, 'comment-spam'))))."'>" . esc_html__('spam comment detection', 'all-in-one-wp-security-and-firewall') . "</a>";
/* translators: %s: Feature URL. */
$info_msg = sprintf(esc_html__('This feature has detected that %s is not active.', 'all-in-one-wp-security-and-firewall'), $comment_spam_detect_link) . ' ' . esc_html__('It is highly recommended that you activate to make the most of this feature.', 'all-in-one-wp-security-and-firewall');
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo '<div class="aio_orange_box" id="message"><p><strong>'.$info_msg.'</strong></p></div>';
}
?>
<div id="auto-block-spam-ips-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge("auto-block-spam-ips");
?>
</div>
<form action="" id="aios-auto-spam-block-form" method="POST">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This feature allows you to automatically and permanently block IP addresses which have exceeded a certain number of spam comments.', 'all-in-one-wp-security-and-firewall').'</p>'.'<p>'.esc_html__('Comments are considered spam if the "Spam comment detection" feature is enabled or an administrator manually marks a comment as "spam" from the WordPress Comments menu.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div id="aios-blocked-comments-output">
<?php
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variable already escaped.
echo $block_comments_output;
// Display security info badge
// $aiowps_feature_mgr->output_feature_details_badge("auto-block-spam-ip");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable auto block of spam comment IPs', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want this plugin to automatically block IP addresses which submit spam comments.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_autoblock_spam_ip', '1' == $aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_spam_ip_min_comments_block"><?php esc_html_e('Minimum number of spam comments', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_spam_ip_min_comments_block" type="text" size="5" name="aiowps_spam_ip_min_comments_block" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments_block')); ?>" />
<span class="description"><?php esc_html_e('Specify the minimum number of spam comments for an IP address before it is permanently blocked.', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('Example 1: Setting this value to "1" will block ALL IP addresses which were used to submit at least one spam comment.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('Example 2: Setting this value to "5" will block only those IP addresses which were used to submit 5 spam comments or more on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</td>
</tr>
<!-- <tr valign="top"> -->
<!-- <th scope="row"> --><?php //esc_html_e('Run now', 'all-in-one-wp-security-and-firewall'); ?><!--:</th>-->
<!-- <td><input type="submit" name="aiowps_auto_spam_block_run" value=" --><?php //esc_html_e('Run spam IP blocking now', 'all-in-one-wp-security-and-firewall'); ?><!--" class="button-secondary" />-->
<!-- <span class="description">--><?php //esc_html_e('This feature normally runs automatically whenever a comment is submitted but you can run it manually by clicking this button. (useful for older comments)', 'all-in-one-wp-security-and-firewall');?><!--</span>-->
<!-- </td> -->
<!-- </tr> -->
</table>
<input type="submit" name="aiowps_auto_spam_block" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox" id="aios-spam-ip-search-container">
<h3 class="hndle"><label for="title"><?php esc_html_e('List spammer IP addresses', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This section displays a list of the IP addresses of the people or bots who have left spam comments on your site.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('This information can be handy for identifying the most persistent IP addresses or ranges used by spammers.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('By inspecting the IP address data coming from spammers you will be in a better position to determine which addresses or address ranges you should block by adding them to the permanent block list.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('To add one or more of the IP addresses displayed in the table below to your blacklist, simply press the "Block" link for the individual row or select more than one address using the checkboxes and then choose the "block" option from the Bulk Actions dropdown list and press the "Apply" button.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<form action="" id="aios-spam-ip-search-form" method="POST">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_spam_ip_min_comments"><?php esc_html_e('Minimum number of spam comments per IP', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td>
<input id="aiowps_spam_ip_min_comments" type="text" size="5" name="aiowps_spam_ip_min_comments" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_spam_ip_min_comments')); ?>" />
<span class="description"><?php esc_html_e('This field allows you to list only those IP addresses which have been used to post X or more spam comments.', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('Example 1: Setting this value to "1" will list ALL IP addresses which were used to submit at least 1 spam comment.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('Example 2: Setting this value to "5" will list only those IP addresses which were used to submit 5 spam comments or more on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_ip_spam_comment_search" value="<?php esc_html_e('Find IP addresses', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox" id="aios-spammer-list-table">
<h3 class="hndle"><label for="title"><?php esc_html_e('Spammer IP address results', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
if (!is_main_site()) {
echo '<div class="aio_yellow_box">';
echo '<p>'.esc_html__('The plugin has detected that you are using a Multi-Site WordPress installation.', 'all-in-one-wp-security-and-firewall').'</p><p>'.esc_html__('Only the "superadmin" can block IP addresses from the main site.', 'all-in-one-wp-security-and-firewall').'</p><p>'.esc_html__('Take note of the IP addresses you want blocked and ask the superadmin to add these to the blacklist using the "Blacklist Manager" on the main site.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '</div>';
}
// Fetch, prepare, sort, and filter our data...
$spammer_ip_list->prepare_items();
// echo "put table of locked entries here";
?>
<form id="tables-filter" method="post">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
<input type="hidden" name="tab" value="<?php echo esc_attr($tab); ?>" />
<!-- Now we can render the completed list table -->
<?php $spammer_ip_list->display(); ?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/spam-prevention/comment-spam.php
Executable
+99
View File
@@ -0,0 +1,99 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Comment spam settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div id="aios-spam-prevention-container">
<form action="" id="aios-spam-prevention-form" method="POST">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Spam comment detect', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('A large portion of WordPress blog comment spam is produced by automated bots rather than by humans.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('This feature will reduce the useless and unnecessary traffic and load on your server resulting from spam comments.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('In other words, if the comment was not submitted by a human, the request will be discarded or marked as spam.', 'all-in-one-wp-security-and-firewall').'<br>'.esc_html__('This feature uses cookies and JavaScript.', 'all-in-one-wp-security-and-firewall').' '.esc_html__('If your visitors have either cookies or JavaScript disabled, their comments will automatically be discarded or marked as spam.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<div id="detect-spambots-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("detect-spambots");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Detect spambots posting comments', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to detect comments originating from spambots.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_spambot_detecting', $aio_wp_security->configs->get_value('aiowps_enable_spambot_detecting')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This feature will detect comment attempts which originate from spambots.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('A legitimate comment is one which is submitted by a human who physically fills out the comment form and presses the submit button.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('A comment submitted by a spambot is done by directly calling the wp-comments-post.php file.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('This feature will detect these comments and either discard them completely or mark them as spam.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Use cookies to detect comment spam', 'all-in-one-wp-security-and-firewall'); ?></th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Using cookies may prevent caches from caching pages containing comment forms.', 'all-in-one-wp-security-and-firewall'), 'aiowps_spambot_detect_usecookies', $aio_wp_security->configs->get_value('aiowps_spambot_detect_usecookies')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This feature uses cookies.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Unless your cache (e.g. Cloudflare) is configured to ignore these cookies, it may decide to not cache any of these pages.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.esc_html__('Cloudflare detects that the set-cookie header is set and will not cache the page by default.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
</div>
<h3 class="hndle"><label for="title"><?php esc_html_e('Comment processing', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<table class="form-table">
<tr valign="top">
<th scope="row">
<label for="aiowps_spam_comments_should"><?php esc_html_e('Spam comments detected should be', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<select id="aiowps_spam_comments_should" name="aiowps_spam_comments_should">
<option value="0" <?php selected($aio_wp_security->configs->get_value('aiowps_spam_comments_should'), '0'); ?>><?php esc_html_e('Discarded', 'all-in-one-wp-security-and-firewall'); ?></option>
<option value="1" <?php selected($aio_wp_security->configs->get_value('aiowps_spam_comments_should'), '1'); ?>><?php esc_html_e('Marked as spam', 'all-in-one-wp-security-and-firewall'); ?></option>
</select>
<span class="description"><?php esc_html_e('Select the value for how you would like a comment detected as spam to be processed', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_trash_spam_comments_after_days"><?php esc_html_e('Trash spam comments', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<?php AIOWPSecurity_Utility_UI::setting_checkbox('', 'aiowps_enable_trash_spam_comments', '1' == $aio_wp_security->configs->get_value('aiowps_enable_trash_spam_comments')); ?>
<?php
$disabled = '';
if (!$aio_wp_security->configs->get_value('aiowps_enable_trash_spam_comments')) $disabled = "disabled";
echo '<label for="aiowps_enable_trash_spam_comments" class="description">';
printf(
/* translators: %s: Spam comments day threshold. */
esc_html__('Move spam comments to trash after %s days.', 'all-in-one-wp-security-and-firewall'),
'</label><input type="number" min="1" max="99" id="aiowps_trash_spam_comments_after_days" name="aiowps_trash_spam_comments_after_days" value="' . esc_attr($aio_wp_security->configs->get_value('aiowps_trash_spam_comments_after_days')) . '" ' . esc_attr($disabled) . '><label for="aiowps_enable_trash_spam_comments">'
);
echo '</label>';
?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('Enable this feature in order to move the spam comments to trash after given number of days.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</td>
</tr>
</table>
</div>
</div>
<input type="submit" name="aiowps_apply_comment_spam_prevention_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/tools/custom-htaccess.php
Executable
+58
View File
@@ -0,0 +1,58 @@
<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
<h2><?php esc_html_e('Custom .htaccess rules settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<form action="" method="POST" id="aiowpsec-save-custom-rules-settings-form">
<div class="aio_blue_box">
<?php
$info_msg = '';
$info_msg .= '<p>'. esc_html__('This feature can be used to apply your own custom .htaccess rules and directives.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg .= '<p>'. esc_html__('It is useful for when you want to tweak our existing firewall rules or when you want to add your own.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg .= '<p>'. esc_html__('NOTE: This feature can only be used if your site is hosted using the Apache webserver, or another that uses .htaccess files.', 'all-in-one-wp-security-and-firewall').'</p>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Escaped earlier.
echo $info_msg;
?>
</div>
<div class="aio_yellow_box">
<?php
/* translators: %s: Warning */
$info_msg_2 = '<p>'. sprintf(esc_html__('%s: Only use this feature if you know what you are doing.', 'all-in-one-wp-security-and-firewall'), '<strong>' . esc_html__('Warning', 'all-in-one-wp-security-and-firewall') . '</strong>').'</p>';
$info_msg_2 .= '<p>'.esc_html__('Incorrect .htaccess rules or directives can break or prevent access to your site.', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg_2 .= '<p>'.esc_html__('It is your responsibility to ensure that you are entering the correct code!', 'all-in-one-wp-security-and-firewall').'</p>';
$info_msg_2 .= '<p>'.esc_html__('If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.', 'all-in-one-wp-security-and-firewall').'</p>';
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Escaped earlier.
echo $info_msg_2;
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Custom .htaccess rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable custom .htaccess rules', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to activate the custom rules entered in the text box below', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_custom_rules', '1' == $aio_wp_security->configs->get_value('aiowps_enable_custom_rules')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Place custom rules at the top', 'all-in-one-wp-security-and-firewall');?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to place your custom rules at the beginning of all the rules applied by this plugin', 'all-in-one-wp-security-and-firewall'), 'aiowps_place_custom_rules_at_top', '1' == $aio_wp_security->configs->get_value('aiowps_place_custom_rules_at_top')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_custom_rules"><?php esc_html_e('Enter custom .htaccess rules:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
<td>
<textarea id="aiowps_custom_rules" name="aiowps_custom_rules" rows="35" cols="50"><?php echo esc_html($aio_wp_security->configs->get_value('aiowps_custom_rules')); ?></textarea>
<br />
<span class="description"><?php esc_html_e('Enter your custom .htaccess rules/directives.', 'all-in-one-wp-security-and-firewall');?></span>
</td>
</tr>
</table>
</div></div>
<input type="submit" name="aiowps_save_custom_rules_settings" value="<?php esc_html_e('Save custom rules', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/tools/partials/who-is-lookup-result.php
Executable
+13
View File
@@ -0,0 +1,13 @@
<div class="postbox">
<h3 class="hndle">
<table>
<tr valign="top">
<th scope="row">WHOIS: </th>
<td><?php echo esc_html($ip_or_domain); ?></td>
</tr>
</table>
</h3>
<div class="inside">
<pre><?php echo esc_html($result); ?></pre>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/tools/password-tool.php
Executable
+30
View File
@@ -0,0 +1,30 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Password tool', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.', 'all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.esc_html__('Many people fall into the trap of using a simple word or series of numbers as their password.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.', 'all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.esc_html__('The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.', 'all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.esc_html__('This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Password strength tool', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_grey_box"><p><?php esc_html_e('This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.', 'all-in-one-wp-security-and-firewall');?></p></div>
<div class="aiowps_password_tool_field">
<input size="40" id="aiowps_password_test" name="aiowps_password_test" type="text" placeholder="<?php esc_html_e('Start typing a password.', 'all-in-one-wp-security-and-firewall');?>" />
<div class="aios_password_meter">
<div class="aios_meter_bar">
<div id="aios_meter_fill"></div>
</div>
</div>
<div id="aiowps_pw_tool_main">
<?php $hibp_link = '<a href="admin.php?page=' . AIOWPSEC_USER_SECURITY_MENU_SLUG . '&tab=hibp" target="_blank">' . __('HIBP', 'all-in-one-wp-security-and-firewall') . '</a>'; ?>
<span id="aiowps_password_crack_info_text"><?php printf(esc_html__('It would take a desktop PC approximately %s to crack your password!', 'all-in-one-wp-security-and-firewall'), '<span id="aiowps_password_crack_time_calculation">' . __('1 sec', 'all-in-one-wp-security-and-firewall') . '</span>'); ?></span>
<?php /* translators: %s HIBP link. */ ?>
<span id="aiowps_password_hibp_info_text"><?php printf(esc_html__('Pwned according to %s', 'all-in-one-wp-security-and-firewall'), $hibp_link); ?></span>
</div>
</div>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/tools/visitor-lockout.php
Executable
+43
View File
@@ -0,0 +1,43 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('General visitor lockout', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-site-lockout-form">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This feature allows you to put your site into "maintenance mode" by locking down the front-end to all visitors except logged in users with super admin privileges.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('Locking your site down to general visitors can be useful if you are investigating some issues on your site or perhaps you might be doing some maintenance and wish to keep out all traffic for security reasons.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable maintenance mode', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want all visitors except those who are logged in as an administrator to be locked out of the front-end of your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_site_lockout', '1' == $aio_wp_security->configs->get_value('aiowps_site_lockout')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_site_lockout_msg_editor_content"><?php esc_html_e('Enter a message:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
<td>
<?php
$aiowps_site_lockout_msg_raw = $aio_wp_security->configs->get_value('aiowps_site_lockout_msg');
if (empty($aiowps_site_lockout_msg_raw)) {
$aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
}
$aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
$aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg');
wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);
?>
<br/>
<span class="description"><?php esc_html_e('Enter a message you wish to display to visitors when your site is in maintenance mode.', 'all-in-one-wp-security-and-firewall');?></span>
</td>
</tr>
</table>
<div class="submit">
<input type="submit" class="button-primary" name="aiowpsec_save_site_lockout" value="<?php esc_html_e('Save site lockout settings', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/tools/whois-lookup.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<p><?php echo esc_html__('The WHOIS lookup feature gives you a way to look up who owns an IP address or domain name.', 'all-in-one-wp-security-and-firewall').' '.esc_html__('You can use this to investigate users engaging in malicious activity on your site.', 'all-in-one-wp-security-and-firewall'); ?></p>
</div>
<div class="postbox">
<h3 class="hndle"><?php esc_html_e('WHOIS lookup on IP or domain', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-whois-lookup-form">
<table class="form-table">
<tr valign="top">
<th scope="row">
<label for="aiowps_whois_ip_or_domain"><?php esc_html_e('IP address or domain name:', 'all-in-one-wp-security-and-firewall'); ?></label>
</th>
<td>
<input id="aiowps_whois_ip_or_domain" type="text" name="aiowps_whois_ip_or_domain" value="" size="80">
</td>
</tr>
</table>
<input class="button-primary" type="submit" value="<?php esc_html_e('Look up IP or domain', 'all-in-one-wp-security-and-firewall'); ?>">
</form>
</div>
</div>
<div id="aios-who-is-lookup-result-container">
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/additional.php
Executable
+32
View File
@@ -0,0 +1,32 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('WordPress 5.6 introduced a new feature called "Application passwords".', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This allows you to create a token from the WordPress dashboard which then can be used in the authorization header.', 'all-in-one-wp-security-and-firewall').'<br /><br />'.esc_html__('This feature allows you to disable application passwords as they can leave your site vulnerable to social engineering and phishing scams.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Additional settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aios-disable-application-password-form">
<div id="disable-application-password-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge("disable-application-password");
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable application password', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to disable the application password.', 'all-in-one-wp-security-and-firewall'), 'aiowps_disable_application_password', '1' == $aio_wp_security->configs->get_value('aiowps_disable_application_password')); ?>
</div>
</td>
</tr>
</table>
<?php
submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_additonal_settings');
?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/force-logout.php
Executable
+40
View File
@@ -0,0 +1,40 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Setting an expiry period for your administration session is a simple way to protect against unauthorized access to your site from your computer.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This feature allows you to specify a time period in minutes after which the admin session will expire and the user will be forced to log back in.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Force user logout options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="user-login-force-logout-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("user-login-force-logout");
?>
</div>
<form action="" method="POST" id="aios-force-user-logout-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable force user logout', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to force a user to be logged out after a configured amount of time', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_forced_logout', '1' == $aio_wp_security->configs->get_value('aiowps_enable_forced_logout')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_logout_time_period"><?php esc_html_e('Logout the user after X minutes', 'all-in-one-wp-security-and-firewall'); ?></label>:</th>
<td><input id="aiowps_logout_time_period" type="text" size="5" name="aiowps_logout_time_period" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_logout_time_period')); ?>" />
<span class="description"><?php esc_html_e('(Minutes) The user will be forced to log back in after this time period has elapased.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
</table>
<?php
submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowpsec_save_force_logout_settings');
?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/hibp.php
Executable
+35
View File
@@ -0,0 +1,35 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<p>
<?php printf(__('%s (Have I Been Pwned?) is a website that allows people to check if their email or password has shown up in a data breach.', 'all-in-one-wp-security-and-firewall'), '<a href="https://haveibeenpwned.com/Passwords" target="_blank">' . __('HIBP', 'all-in-one-wp-security-and-firewall') . '</a>'); ?>
</p>
</div>
<div class="postbox">
<h3 class="hndle"><?php _e('HIBP password settings', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div class="inside">
<form action="" method="POST" id="aios-hibp-password-settings-form">
<div id="hibp-badge">
<?php $aiowps_feature_mgr->output_feature_details_badge('hibp'); ?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enforce on profile update', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to enforce passwords not being in the HIBP database when updating user profiles.', 'all-in-one-wp-security-and-firewall'), 'aiowps_hibp_user_profile_update', '1' == $aio_wp_security->configs->get_value('aiowps_hibp_user_profile_update')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e('Enforce on password reset', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to enforce passwords not being in the HIBP database when resetting passwords.', 'all-in-one-wp-security-and-firewall'), 'aiowps_http_password_reset', '1' == $aio_wp_security->configs->get_value('aiowps_http_password_reset')); ?>
</div>
</td>
</tr>
</table>
<?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary'); ?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/http-authentication.php
Executable
+104
View File
@@ -0,0 +1,104 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_blue_box">
<p><?php echo __('The HTTP authentication feature gives you a way to add a login username and password to your site through the use of the WWW-Authenticate header.', 'all-in-one-wp-security-and-firewall').' '.__('Only enable this feature for the frontend of your site if you don\'t want your site to be public.', 'all-in-one-wp-security-and-firewall'); ?></p>
<p>
<?php echo __('The username and password will only be secure if you\'re enforcing the use of TLS(https) on your site.', 'all-in-one-wp-security-and-firewall'); ?>
<?php if (is_ssl()) { ?>
<span class="aio_green_box"><?php echo __('Your site is currently using https.', 'all-in-one-wp-security-and-firewall'); ?></span>
<?php } else { ?>
<span class="aio_red_box"><?php echo __('Your site is currently not using https.', 'all-in-one-wp-security-and-firewall'); ?></span>
<?php } ?>
</p>
</div>
<?php if (defined('AIOS_DISABLE_HTTP_AUTHENTICATION') && AIOS_DISABLE_HTTP_AUTHENTICATION) { ?>
<div class="error">
<p>
<?php _e('HTTP authentication is currently disabled via the AIOS_DISABLE_HTTP_AUTHENTICATION constant (which is mostly likely to be defined in your wp-config.php)', 'all-in-one-wp-security-and-firewall'); ?>
</p>
</div>
<?php } else { ?>
<div class="aio_grey_box">
<?php
echo '<p>' . sprintf(__('If you are locked out by the HTTP authentication feature, define the following constant %s in wp-config.php to disable the feature.', 'all-in-one-wp-security-and-firewall'), '<strong>define(\'AIOS_DISABLE_HTTP_AUTHENTICATION\', true);</strong>') . '</p>';
?>
</div>
<?php } ?>
<?php if (!$aio_wp_security->configs->get_value('aiowps_http_authentication_admin') && !$aio_wp_security->configs->get_value('aiowps_http_authentication_frontend')) { ?>
<?php if ((isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != $aio_wp_security->configs->get_value('aiowps_http_authentication_username')) || (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != $aio_wp_security->configs->get_value('aiowps_http_authentication_password'))) { ?>
<div class="aio_orange_box">
<p><?php echo __('Your web browser is already sending a username/password.', 'all-in-one-wp-security-and-firewall') . ' ' . __('If this is because you previously activated this feature then no action is required.', 'all-in-one-wp-security-and-firewall'); ?></p>
<p><?php echo __('However, if this is because you have HTTP authentication set up elsewhere, such as another plugin or at the webserver level, then this feature either shouldn\'t be activated, or should only be activated with the same username/password.', 'all-in-one-wp-security-and-firewall'); ?></p>
</div>
<?php } ?>
<?php } ?>
<form method="post" action="">
<?php wp_nonce_field('aiowpsec-http-authentication-settings-nonce'); ?>
<div class="postbox">
<h3 class="hndle"><?php _e('HTTP authentication for WordPress dashboard and frontend', 'all-in-one-wp-security-and-firewall'); ?></h3>
<div class="inside">
<?php
// Display security info badge.
$aiowps_feature_mgr->output_feature_details_badge('http-authentication-admin-frontend');
?>
<table class="form-table">
<tr valign="top">
<th scope="row">
<label for="aiowps_http_authentication_admin"><?php _e('Enable for WordPress dashboard:', 'all-in-one-wp-security-and-firewall'); ?></label>
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Check this if you want to protect the WordPress dashboard area of your site with HTTP authentication.', 'all-in-one-wp-security-and-firewall'), 'aiowps_http_authentication_admin', '1' == $aio_wp_security->configs->get_value('aiowps_http_authentication_admin')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_http_authentication_frontend"><?php _e('Enable for frontend:', 'all-in-one-wp-security-and-firewall'); ?></label>
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Check this if you want to protect the frontend of your site with HTTP authentication.', 'all-in-one-wp-security-and-firewall'), 'aiowps_http_authentication_frontend', '1' == $aio_wp_security->configs->get_value('aiowps_http_authentication_frontend')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_http_authentication_username"><?php _e('Username:', 'all-in-one-wp-security-and-firewall'); ?></label>
</th>
<td>
<input id="aiowps_http_authentication_username" type="text" name="aiowps_http_authentication_username" value="<?php echo $aio_wp_security->configs->get_value('aiowps_http_authentication_username'); ?>" size="15">
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_password_test"><?php _e('Password:', 'all-in-one-wp-security-and-firewall'); ?></label>
</th>
<td>
<input id="aiowps_password_test" type="text" name="aiowps_http_authentication_password" value="<?php echo $aio_wp_security->configs->get_value('aiowps_http_authentication_password'); ?>" size="15">
<br>
<?php
$crack_time = '<span id="aiowps_password_crack_time_calculation">' . __('1 sec', 'all-in-one-wp-security-and-firewall') . '</span>';
$password_tool_link = '<a href="admin.php?page=' . AIOWPSEC_TOOLS_MENU_SLUG . '&tab=password-tool" target="_blank">' . __('Password tool', 'all-in-one-wp-security-and-firewall') . '</a>';
$hibp_link = '<a href="admin.php?page=' . AIOWPSEC_USER_SECURITY_MENU_SLUG . '&tab=hibp" target="_blank">' . __('HIBP', 'all-in-one-wp-security-and-firewall') . '</a>';
?>
<span id="aiowps_password_crack_info_text"><?php printf(__('%s to crack by a desktop PC according to the %s.', 'all-in-one-wp-security-and-firewall'), $crack_time, $password_tool_link); ?></span>
<span id="aiowps_password_hibp_info_text"><?php printf(__('Pwned according to %s', 'all-in-one-wp-security-and-firewall'), $hibp_link); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label><?php _e('Failure message:', 'all-in-one-wp-security-and-firewall'); ?></label>
</th>
<td>
<?php
$aiowps_failure_message = $aio_wp_security->configs->get_value('aiowps_http_authentication_failure_message');
$aiowps_failure_message_raw = html_entity_decode($aiowps_failure_message, ENT_COMPAT, 'UTF-8');
wp_editor($aiowps_failure_message_raw, 'aiowps_http_authentication_failure_message');
?>
</td>
</tr>
</table>
</div>
</div>
<?php submit_button(__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_http_authentication_settings'); ?>
</form>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/logged-in-users.php
Executable
+31
View File
@@ -0,0 +1,31 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Refresh logged in user data', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aios-refresh-logged-in-user-list-form">
<input type="submit" name="aiowps_refresh_logged_in_user_list" value="<?php esc_html_e('Refresh data', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
</form>
</div>
</div>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This tab displays all users who are currently logged into your site.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('If you suspect there is a user or users who are logged in which should not be, you can block them by inspecting the IP addresses from the data below and adding them to your blacklist.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('You can also instantly log them out by pressing on the "Force logout" link when you hover over the row in the user id column.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox" id="aios-logged-in-users-table">
<h3 class="hndle"><label for="title"><?php esc_html_e('Currently logged in users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
// Fetch, prepare, sort, and filter our data...
$user_list->prepare_items();
// echo "put table of locked entries here";
?>
<form id="tables-filter" method="get">
<!-- Now we can render the completed list table -->
<?php $user_list->display(); ?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/login-lockout.php
Executable
+188
View File
@@ -0,0 +1,188 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Login lockout configuration', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
$brute_force_login_feature_link = '<a href="admin.php?page=' . AIOWPSEC_BRUTE_FORCE_MENU_SLUG . '&tab=cookie-based-brute-force-prevention">' . esc_html__('Cookie-based brute force login prevention', 'all-in-one-wp-security-and-firewall').'</a>';
echo '<p>' . esc_html__('One of the ways hackers try to compromise sites is via a', 'all-in-one-wp-security-and-firewall') . ' ' .'<strong>' . esc_html__('Brute force login attack', 'all-in-one-wp-security-and-firewall') . '</strong>. ' . esc_html__('This is where attackers use repeated login attempts until they guess the password.', 'all-in-one-wp-security-and-firewall').'
<br />' . esc_html__('Apart from choosing strong passwords, monitoring and blocking IP addresses which are involved in repeated login failures in a short period of time is a very effective way to stop these types of attacks.', 'all-in-one-wp-security-and-firewall').
/* translators: %s: Brute force feature link. */
'<p>' . sprintf(esc_html__('You may also want to checkout our %s feature for another secure way to protect against these types of attacks.', 'all-in-one-wp-security-and-firewall'), $brute_force_login_feature_link) . '</p>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Link already escaped.
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Login lockout options', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="user-login-login-lockdown-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("user-login-login-lockdown");
?>
</div>
<form action="" method="POST" id="aios-user-login-lockdown-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable login lockout feature', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to turn on the login lockout feature', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_login_lockdown', '1' == $aio_wp_security->configs->get_value('aiowps_enable_login_lockdown')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Allow unlock requests', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to allow users to generate an automated unlock request link which will unlock their account', 'all-in-one-wp-security-and-firewall'), 'aiowps_allow_unlock_requests', '1' == $aio_wp_security->configs->get_value('aiowps_allow_unlock_requests')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_max_login_attempts"><?php esc_html_e('Max login attempts', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_max_login_attempts" type="text" size="5" name="aiowps_max_login_attempts" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_max_login_attempts')); ?>" />
<span class="description"><?php esc_html_e('Set the value for the maximum login retries before IP address is locked out', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row"><label for="aiowps_retry_time_period"><?php esc_html_e('Login retry time period (min)', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input id="aiowps_retry_time_period" type="text" size="5" name="aiowps_retry_time_period" value="<?php echo esc_html($aio_wp_security->configs->get_value('aiowps_retry_time_period')); ?>" />
<span class="description"><?php esc_html_e('If the maximum number of failed login attempts for a particular IP address occur within this time period the plugin will lock out that address', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_lockout_time_length"><?php esc_html_e('Minimum lockout time length', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<input type="text" size="5" name="aiowps_lockout_time_length" id="aiowps_lockout_time_length" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_lockout_time_length')); ?>" />
<span class="description">
<?php
echo esc_html__('Set the minimum time period in minutes of lockout.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('This failed login lockout time will be tripled on each failed login.', 'all-in-one-wp-security-and-firewall');
?>
</span>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_max_lockout_time_length"><?php esc_html_e('Maximum lockout time length', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td><input type="text" size="5" name="aiowps_max_lockout_time_length" id="aiowps_max_lockout_time_length" value="<?php echo esc_attr($aio_wp_security->configs->get_value('aiowps_max_lockout_time_length')); ?>" />
<span class="description">
<?php
echo esc_html__('Set the maximum time period in minutes of lockout.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('No IP address will be blocked for more than this time period after making a failed login attempt.', 'all-in-one-wp-security-and-firewall')
?>
</span>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Display generic error message', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to show a generic error message when a login attempt fails', 'all-in-one-wp-security-and-firewall'), 'aiowps_set_generic_login_msg', '1' == $aio_wp_security->configs->get_value('aiowps_set_generic_login_msg')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Instantly lockout invalid usernames', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to instantly lockout login attempts with usernames which do not exist on your system', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_invalid_username_lockdown', '1' == $aio_wp_security->configs->get_value('aiowps_enable_invalid_username_lockdown')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_instantly_lockout_specific_usernames"><?php esc_html_e('Instantly lockout specific usernames', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<?php
$instant_lockout_users_list = $aio_wp_security->configs->get_value('aiowps_instantly_lockout_specific_usernames');
if (empty($instant_lockout_users_list)) {
$instant_lockout_users_list = array();
}
?>
<textarea id="aiowps_instantly_lockout_specific_usernames" name="aiowps_instantly_lockout_specific_usernames" cols="50" rows="5"><?php echo esc_textarea(implode("\n", $instant_lockout_users_list)); ?></textarea><br>
<span class="description"><?php echo esc_html__('Insert one username per line.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Existing usernames are not blocked even if present in the list.', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row">
<label for="aiowps_email_address"><?php esc_html_e('Notify by email', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to receive an email when someone has been locked out due to maximum failed login attempts', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_email_notify', '1' == $aio_wp_security->configs->get_value('aiowps_enable_email_notify')); ?>
</div>
<br />
<textarea id="aiowps_email_address" name="aiowps_email_address" cols="50" rows="5"><?php echo esc_textarea(AIOWPSecurity_Utility::get_textarea_str_val($aio_wp_security->configs->get_value('aiowps_email_address'))); ?></textarea><br>
<span class="description"><?php esc_html_e('Fill in one email address per line.', 'all-in-one-wp-security-and-firewall'); ?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">' . esc_html__('Each email address must be on a new line.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('If a valid email address has not been filled in, it will not be saved.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p class="description">' . esc_html__('The valid email address format is userid@example.com', 'all-in-one-wp-security-and-firewall') . '</p>';
/* translators: %s: Email example. */
echo '<p class="description">' . sprintf(esc_html__('Example: %s', 'all-in-one-wp-security-and-firewall'), 'rick@wordpress.org') . '</p>';
?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row">
<?php esc_html_e('Enable PHP backtrace in email', 'all-in-one-wp-security-and-firewall'); ?>:
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to include the PHP backtrace in notification emails.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_php_backtrace_in_email', '1' == $aio_wp_security->configs->get_value('aiowps_enable_php_backtrace_in_email')); ?>
</div>
</td>
</tr>
</table>
<?php
submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_login_lockdown');
?>
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Currently locked out IP address ranges', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box aio_width_80">
<?php
$locked_ips_link = '<a href="admin.php?page=' . AIOWPSEC_MAIN_MENU_SLUG . '&tab=locked-ip">Locked IP addresses</a>';
/* translators: %s: Locked IP link. */
echo '<p>' . sprintf(esc_html__('To see a list of all locked IP addresses and ranges go to the %s tab in the dashboard menu.', 'all-in-one-wp-security-and-firewall'), $locked_ips_link) . '</p>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Link already escaped.
?>
</div>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Login lockout IP whitelist settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="user-login-lockout-ip-whitelisting-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("user-login-lockout-ip-whitelisting");
?>
</div>
<form action="" method="POST" id="aios-user-login-lockout-whitelist-settings-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_lockdown_enable_whitelisting"><?php esc_html_e('Enable login lockout IP whitelist', 'all-in-one-wp-security-and-firewall'); ?></label>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want the whitelisting of selected IP addresses specified in the settings below', 'all-in-one-wp-security-and-firewall'), 'aiowps_lockdown_enable_whitelisting', '1' == $aio_wp_security->configs->get_value('aiowps_lockdown_enable_whitelisting')); ?>
</div>
</td>
</tr>
<tr valign="top">
<?php
AIOWPSecurity_Utility_UI::ip_input_textarea(__('Enter whitelisted IP addresses:', 'all-in-one-wp-security-and-firewall'), 'aiowps_lockdown_allowed_ip_addresses', $aiowps_lockdown_allowed_ip_addresses, __('Enter one or more IP addresses or IP ranges you wish to include in your whitelist.', 'all-in-one-wp-security-and-firewall') . ' ' . __('The addresses specified here will never be blocked by the login lockout feature.', 'all-in-one-wp-security-and-firewall'));
?>
</tr>
</table>
<?php
submit_button(esc_html__('Save settings', 'all-in-one-wp-security-and-firewall'), 'primary', 'aiowps_save_lockdown_whitelist_settings');
?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/manual-approval.php
Executable
+57
View File
@@ -0,0 +1,57 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('User registration settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Manually approve new registrations', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('If your site allows people to create their own accounts via the WordPress registration form, then you can minimize spam or bogus registrations by manually approving each registration.', 'all-in-one-wp-security-and-firewall').
'<br>'.esc_html__('This feature will automatically set a newly registered account to "pending" until the administrator activates it.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Therefore undesirable registrants will be unable to log in without your express approval.', 'all-in-one-wp-security-and-firewall').
'<br>'.esc_html__('You can view all accounts which have been newly registered via the handy table below and you can also perform bulk activation/deactivation/deletion tasks on each account.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div id="manually-approve-registrations-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("manually-approve-registrations");
?>
</div>
<form action="" method="POST" id="aios-manually-approve-registrations-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable manual approval of new registrations', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to automatically disable all newly registered accounts so that you can approve them manually.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_manual_registration_approval', '1' == $aio_wp_security->configs->get_value('aiowps_enable_manual_registration_approval')); ?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_user_registration_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Refresh manual approval data', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aios-refresh-manual-approval-list-form">
<input type="submit" name="aiowps_refresh_manual_approval_list" value="<?php esc_html_e('Refresh data', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary" />
</form>
</div>
</div>
<div class="postbox" id="aios-manual-approval-table">
<h3 class="hndle"><label for="title"><?php esc_html_e('Approve registered users', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
// Fetch, prepare, sort, and filter our data...
$user_list->prepare_items();
?>
<form id="tables-filter" method="post">
<?php
$user_list->search_box(esc_html__('Search', 'all-in-one-wp-security-and-firewall'), 'search_user_registration');
?>
<!-- Now we can render the completed list table -->
<?php $user_list->display(); ?>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/partials/display-name.php
Executable
+41
View File
@@ -0,0 +1,41 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Display name security', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('When you submit a post or answer a comment, WordPress will usually display your "nickname".', 'all-in-one-wp-security-and-firewall');
echo '<br />'.esc_html__('By default the nickname is set to the login (or user) name of your account.', 'all-in-one-wp-security-and-firewall');
echo '<br />'.esc_html__('From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account\'s login credentials.', 'all-in-one-wp-security-and-firewall');
/* translators: 1. Open strong tag, 2. Close strong tag. */
echo '<br /><br />'.sprintf(esc_html__('Therefore to further tighten your site\'s security you are advised to change your %1$snickname%2$s and %1$sDisplay name%2$s to be different from your %1$sUsername%2$s.', 'all-in-one-wp-security-and-firewall'), '<strong>', '</strong>');
echo '</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Modify accounts with identical login name and display name', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
$aiowps_feature_mgr->output_feature_details_badge("user-accounts-display-name");
// now let's find any accounts which have login name same as display name
$login_nick_name_accounts = AIOWPSecurity_Utility::check_identical_login_and_nick_names();
if ($login_nick_name_accounts) {
echo '<div class="aio_red_box"><p>'.esc_html__('Your site currently has the following accounts with identical login and display names.', 'all-in-one-wp-security-and-firewall').'<span class="description">('.esc_html__('Follow the link to edit the user profile of that particular user account, change Nickname, choose a different Display name compared to Username, and press the "Update Profile" button.', 'all-in-one-wp-security-and-firewall').')</span></p></div>';
?>
<table class="form-table">
<?php
$edit_user_page = network_site_url('wp-admin/user-edit.php?user_id=');
foreach ($login_nick_name_accounts as $usr) {
echo '<tr valign="top">';
// echo '<th scope="row"><label for="UserID'.$usr['ID'].'"> Login Name: </label></th>';
echo '<td><a href="' . esc_url($edit_user_page) . esc_attr($usr['ID']) . '" target="_blank">' . esc_html($usr['user_login']) . '</a></td>';
echo '</tr>';
}
?>
</table>
<?php
} else {
echo '<div id="aios_message" class="aio_green_box"><p><strong>'.esc_html__('No action required.', 'all-in-one-wp-security-and-firewall').'</strong><br/>'.esc_html__('Your site does not have a user account where the display name is identical to the username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
}
?>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/partials/enforce-strong-password.php
Executable
+28
View File
@@ -0,0 +1,28 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Enforce strong password', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="enforce-strong-password-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("enforce-strong-password");
?>
</div>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('This feature allows you to enforce the use of strong user passwords', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p>'.esc_html__('When enabled, this feature will hide the "confirm weak password" checkbox on forms.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enforce strong password', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(__('Enable this if you want to force your users to use a strong password.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enforce_strong_password', '1' == $aio_wp_security->configs->get_value('aiowps_enforce_strong_password')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/partials/user-enumeration.php
Executable
+29
View File
@@ -0,0 +1,29 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Prevent user enumeration', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="disable-users-enumeration-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("disable-users-enumeration");
?>
</div>
<div class="aio_blue_box">
<?php
/* translators: 1: Author example, 2: REST API prefix. */
echo '<p>'.sprintf(esc_html__('This feature allows you to prevent external users/bots from fetching the user info with URLs like "%1$s", "%2$s", oEmbed request.', 'all-in-one-wp-security-and-firewall'), '/?author=1', '/' . esc_html(rest_get_url_prefix()) . '/wp/v2/users').'</p>';
echo '<p>' . esc_html__('When enabled, this feature will print a "forbidden" error rather than the user information.', 'all-in-one-wp-security-and-firewall') . '</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Disable user enumeration', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to stop user enumeration.', 'all-in-one-wp-security-and-firewall'), 'aiowps_prevent_users_enumeration', '1' == $aio_wp_security->configs->get_value('aiowps_prevent_users_enumeration')); ?>
</div>
</td>
</tr>
</table>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/partials/wp-username-content.php
Executable
+26
View File
@@ -0,0 +1,26 @@
<?php
if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin')) {
echo '<div class="aio_red_box"><p>' . esc_html__('Your site currently has an account which uses the "admin" username.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('It is highly recommended that you change this name to something else.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
?>
<form action="" method="POST" id="aios-change-admin-username-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_new_user_name"><?php esc_html_e('New admin username', 'all-in-one-wp-security-and-firewall'); ?>:</label></th>
<td><input type="text" size="16" id="aiowps_new_user_name" name="aiowps_new_user_name" />
<p class="description"><?php esc_html_e('Choose a new username for admin.', 'all-in-one-wp-security-and-firewall'); ?></p>
</td>
</tr>
</table>
<input type="submit" name="aiowps_change_admin_username" value="<?php esc_html_e('Change username', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
<div class="aio_spacer_15"></div>
<p class="description"><?php esc_html_e('NOTE: If you are currently logged in as "admin" you will be automatically logged out after changing your username and will be required to log back in.', 'all-in-one-wp-security-and-firewall'); ?></p>
</form>
<?php
} else {
echo '<div id="aios_message" class="aio_green_box"><p><strong>';
esc_html_e('No action required.', 'all-in-one-wp-security-and-firewall');
echo '</strong><br />';
echo esc_html__('Your site does not have any account which uses the "admin" username.', 'all-in-one-wp-security-and-firewall');
esc_html_e('This is good security practice.', 'all-in-one-wp-security-and-firewall');
echo '</p></div>';
}
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/partials/wp-username.php
Executable
+38
View File
@@ -0,0 +1,38 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Admin user security', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Depending on how you installed WordPress, you could have a default administrator with the username "admin".', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('Hackers can try to take advantage of this information by attempting "Brute force login attacks" where they repeatedly try to guess the password by using "admin" for username.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('From a security perspective, changing the username "admin" is one of the first and smartest things you should do on your site.', 'all-in-one-wp-security-and-firewall').'
<br /><br />'.esc_html__('This feature will allow you to change your "admin" username to a more secure name of your choosing.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<?php
// display a list of all administrator accounts for this site
$postbox_title = esc_html__('List of administrator accounts', 'all-in-one-wp-security-and-firewall');
$AIOWPSecurity_User_Security_Menu->postbox($postbox_title, $user_accounts);
if (!is_super_admin()) {
// Hide config settings if multisite and not super admin.
AIOWPSecurity_Utility::display_multisite_super_admin_message();
} else {
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Change admin username', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="user-accounts-change-admin-user-badge">
<?php
$aiowps_feature_mgr->output_feature_details_badge("user-accounts-change-admin-user");
?>
</div>
<div id="change-admin-username-content">
<?php
$aio_wp_security->include_template('wp-admin/user-security/partials/wp-username-content.php', false);
?>
</div>
</div>
</div>
<?php
} // End if statements
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/salt.php
Executable
+53
View File
@@ -0,0 +1,53 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Add salt postfix', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="enable-salt-postfix-badge">
<?php
//Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("enable-salt-postfix");
?>
</div>
<form action="" method="POST" id="aios-enable-salt-postfix-form">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('WordPress "salts" are secret phrases which are combined with user passwords when those passwords are stored, with the end result that they become much harder for an attacker to crack even if he managed to steal the database of your website.', 'all-in-one-wp-security-and-firewall').' <a href="https://teamupdraft.com/blog/wordpress-salts-security-added-to-aios-free-and-premium/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=salts-security-info&utm_creative_format=text" target="_blank">'.esc_html__('Learn more about WordPress Salts.', 'all-in-one-wp-security-and-firewall').'</a></p>';
?>
</div>
<div class="aio_orange_box">
<p>
<?php
esc_html_e('When you enable this feature, you and all other logged-in users will be logged out so that AIOS can append the additional code (the salt) to all users login information.', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row">
<label>
<?php esc_html_e('Enable salt postfix', 'all-in-one-wp-security-and-firewall'); ?>:
</label>
</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to activate the salt postfix feature.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_salt_postfix', '1' == $aio_wp_security->configs->get_value('aiowps_enable_salt_postfix')); ?>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.esc_html__('This setting will suffix the salt with an additional 64 characters.', 'all-in-one-wp-security-and-firewall').' '.esc_html__("It improves your WordPress site's cryptographic mechanism.", 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</div>
</td>
</tr>
</table>
<div class="submit">
<input type="submit" class="button-primary" name="aios_save_salt_postfix_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div>

Some files were not shown because too many files have changed in this diff Show More