brianhansonxyz/homeproz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 6: AIOS security plugin with conservative login lockdown config (10 attempts)

Browse Source
This commit is contained in:
Hanson.xyz Dev
2025-11-28 17:19:54 -06:00
parent 78a744ef06
commit abbd3502e8
430 changed files with 137111 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/advanced-settings.php
Executable
+223
View File
@@ -0,0 +1,223 @@
<?php if (!defined('AIO_WP_SECURITY_PATH')) die('No direct access allowed'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('IP address detection settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('The IP address detection settings allow you to specify how visitors\' IP addresses are made known to PHP (and hence to WordPress and its plugins).', 'all-in-one-wp-security-and-firewall').
'<br />' . esc_html__('Usually, this is automatic and there is only one choice.', 'all-in-one-wp-security-and-firewall').
' ' . esc_html__('However in some setups, such as those using proxies (including load-balancers and security firewalls like Cloudflare), it may be necessary to set this manually.', 'all-in-one-wp-security-and-firewall').
'</p><p><strong>' . esc_html__('Attention', 'all-in-one-wp-security-and-firewall') . ':</strong> ' . esc_html__('It is important to set this correctly - otherwise you may make it possible for a hacker to ban all your visitors (e.g. via banning Cloudflare from connecting to you) instead of the hacker being banned.', 'all-in-one-wp-security-and-firewall') . '</p><p>' . esc_html__("The default is to use the REMOTE_ADDR PHP server variable.", 'all-in-one-wp-security-and-firewall') . " " . esc_html__("If this variable does not contain the visitor's IP address, then whilst you can make a different selection below, it is better to ask your web hosting company to have it correctly set.", 'all-in-one-wp-security-and-firewall') . ' ' .
esc_html__("This is the most secure setup, because when set correctly it is immune from being spoofed by an attacker.", 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<?php
if (empty($server_suitable_ip_methods)) {
echo '<br><strong>' . esc_html__('You have no available IP address detection method(s); you must contact your web hosting company.', 'all-in-one-wp-security-and-firewall') . '</strong>';
}
?>
<br><br>
<?php
/* translators: %s: Cloudflare */
echo sprintf(esc_html__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'Cloudflare');
?>
<span id="aios-cloudflare-ip-address"></span>
<br>
<?php
/* translators: %s: IPIFY IPv4 */
echo sprintf(esc_html__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'ipify (IPv4)');
?>
<span id="aios-ipify-ip-address"></span>
<br>
<?php
/* translators: %s: IPIFY IPv6 */
echo sprintf(esc_html__('Your detected IP address according to %s:', 'all-in-one-wp-security-and-firewall'), 'ipify (IPv6)');
?>
<span id="aios-ipify-ip-64-address"></span>
<?php
if ($is_localhost) {
echo '<br>';
echo esc_html__("If your site is setup on localhost, you won't see your external IP address using your server's IP detection setting; but on a localhost-served site (not available to the outside world), the setting is irrelevant and can be ignored.", 'all-in-one-wp-security-and-firewall');
}
?>
<style>
#aiowps_ip_retrieve_method option:disabled { color: #cccccc; }
.aios-ip-error { color: #ff0000; }
</style>
<form action="" method="POST" id="aiowpsec-ip-settings-form">
<table class="form-table">
<tr valign="top">
<td>
<select id="aiowps_ip_retrieve_method" name="aiowps_ip_retrieve_method">
<?php
foreach ($ip_retrieve_methods as $ip_method_id => $vals) {
?>
<option value="<?php echo esc_attr($ip_method_id); ?>" <?php selected($current_ip_retrieve_method, $ip_method_id); ?> <?php disabled($vals['is_enabled'], false); ?>><?php echo esc_html($vals['ip_method']); ?></option>
<?php
}
?>
</select>
<span class="description">
<?php esc_html_e("Choose a \$_SERVER variable you would like to detect visitors' IP address using.", 'all-in-one-wp-security-and-firewall'); ?>
</span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php esc_html_e('More info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<p class="description">
<?php
esc_html_e('If your chosen server variable fails the plugin will automatically fall back to retrieving the IP address from $_SERVER["REMOTE_ADDR"]', 'all-in-one-wp-security-and-firewall');
?>
</p>
</div>
<div class="description">
<?php
echo esc_html__('Your IP address if using this setting:', 'all-in-one-wp-security-and-firewall') . ' ';
?>
<span id="aios-ip-address-of-method"><?php esc_html_e('fetching...', 'all-in-one-wp-security-and-firewall'); ?></span>
</div>
<script>
jQuery(function() {
var get_ip_error_count = 0;
var unexpected_response_text = '<?php esc_html_e('Unexpected response:', 'all-in-one-wp-security-and-firewall'); ?> ';
var getting_text = ' ' + '<?php esc_html_e('getting...', 'all-in-one-wp-security-and-firewall'); ?>'
jQuery('#aios-cloudflare-ip-address').html(getting_text);
function aios_get_ip_error() {
get_ip_error_count++;
if (get_ip_error_count > 3) {
var additional_error_msg = ' ' + '(<?php esc_html_e('look-up possibly blocked by an ad-blocker or similar tool', 'all-in-one-wp-security-and-firewall'); ?>)';
jQuery('#aios-cloudflare-ip-address').html(getting_text);
jQuery('#aios-ipify-ip-address').html(getting_text);
jQuery('#aios-ipify-ip-64-address').html(getting_text);
}
}
jQuery.ajax({
type: 'GET',
url: 'https://www.cloudflare.com/cdn-cgi/trace',
success: function (response, status) {
try {
// Convert key-value pairs to JSON
// https://stackoverflow.com/a/39284735/452587
var data = response.trim().split('\n').reduce(function (obj, pair) {
pair = pair.split('=');
return obj[pair[0]] = pair[1], obj;
}, {});
} catch (e) {
var error_msg =
unexpected_response_text+' '+response;
jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
console.log(e);
console.log(response);
return;
}
if (data.hasOwnProperty('ip')) {
jQuery('#aios-cloudflare-ip-address').html(data.ip);
} else {
var error_msg = "failure: The IP line doesn't exist in the response. Response: " + response + " Status: " + status;
jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
}
},
error: function (response, status, error_code) {
var error_msg = "failure: " + status + " (" + error_code + ")";
jQuery('#aios-cloudflare-ip-address').addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
aios_get_ip_error();
}
});
function aios_fill_ipify_ip_address($is_ipv6) {
if ($is_ipv6) {
var url = 'https://api64.ipify.org?format=json';
var selector = '#aios-ipify-ip-64-address';
var error_msg = 'IPv4 ';
} else { // IPv4
var url = 'https://api.ipify.org?format=json';
var selector = '#aios-ipify-ip-address';
var error_msg = 'IPv6 ';
}
jQuery(selector).html(getting_text);
jQuery.ajax({
type: 'GET',
dataType: 'json',
url: url,
success: function (response, status) {
if (response.hasOwnProperty('ip')) {
jQuery(selector).html(response.ip);
} else {
error_msg += "failure: The IP line doesn't exist in the response. Response: " + JSON.stringify(response) + " Status: " + status;
jQuery(selector).addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
}
},
error: function (response, status, error_code) {
error_msg += "failure: " + status + " (" + error_code + ")";
jQuery(selector).addClass('aios-ip-error').html(error_msg);
console.log(error_msg);
console.log(response);
aios_get_ip_error();
}
});
}
aios_fill_ipify_ip_address(false);
aios_fill_ipify_ip_address(true); // IPv6
jQuery('#aiowps_ip_retrieve_method').on('change', function() {
jQuery('#aios-ip-address-of-method').html(getting_text);
var ip_retrieve_method = jQuery('#aiowps_ip_retrieve_method').val();
// If selected disabled option, we get null value.
// Previously saved value and the option is disabled now.
if (null == ip_retrieve_method) {
jQuery('#aios-ip-address-of-method').html('');
return;
}
aios_send_command('get_ip_address_of_given_method', {
ip_retrieve_method: jQuery('#aiowps_ip_retrieve_method').val()
}, function (resp) {
jQuery('#aios-ip-address-of-method').html("<?php esc_html_e('getting...', 'all-in-one-wp-security-and-firewall'); ?>");
if (resp.hasOwnProperty('ip_address')) {
jQuery('#aios-ip-address-of-method').html(resp.ip_address);
} else {
alert(unexpected_response_text + JSON.stringify(resp));
console.log(resp);
}
}, {
error_callback: function (response, status, error_code, resp) {
if (typeof resp !== 'undefined' && resp.hasOwnProperty('fatal_error')) {
console.error(resp.fatal_error_message);
alert(resp.fatal_error_message);
} else {
var error_message = "aios_send_command: error: " + status + " (" + error_code + ")";
console.log(error_message);
alert(error_message);
console.log(response);
}
}
});
});
jQuery('#aiowps_ip_retrieve_method').change();
});
</script>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_advanced_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall');?>" class="button-primary" />
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/delete-plugin-settings.php
Executable
+41
View File
@@ -0,0 +1,41 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Manage delete plugin tasks', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" id="aiowpsec-delete-plugin-settings-form">
<div class="aio_yellow_box">
<p>
<?php echo esc_html__('NOTE: Even if these options are disabled, the plugin settings will still be inactive when the plugin is uninstalled, but they will be remembered for the next time the plugin is installed and activated.', 'all-in-one-wp-security-and-firewall'); ?>
</p>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Delete database tables', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to remove all database tables for this site when uninstalling the plugin.', 'all-in-one-wp-security-and-firewall'), 'aiowps_on_uninstall_delete_db_tables', '1' == $aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_db_tables')); ?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php esc_html_e('Delete settings', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<?php
$delete_configs_description = esc_html__('Enable this to remove all plugin settings for this site when uninstalling the plugin.', 'all-in-one-wp-security-and-firewall');
if (is_main_site()) {
$delete_configs_description .= ' ' . esc_html__('It will also remove all firewall rules that were added by this plugin.', 'all-in-one-wp-security-and-firewall');
}
?>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox($delete_configs_description, 'aiowps_on_uninstall_delete_configs', '1' == $aio_wp_security->configs->get_value('aiowps_on_uninstall_delete_configs')); ?>
</div>
</td>
</tr>
</table>
<div class="submit">
<input type="submit" class="button-primary" name="aiowpsec_save_delete_plugin_settings" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/general-settings.php
Executable
+116
View File
@@ -0,0 +1,116 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<div class="aio_grey_box">
<p><?php esc_html_e('For information, updates and documentation, please visit', 'all-in-one-wp-security-and-firewall'); ?> <a href="https://teamupdraft.com/all-in-one-security/?utm_source=aios-plugin&utm_medium=referral&utm_campaign=paac&utm_content=documentation-from-settings&utm_creative_format=notice" target="_blank"><?php echo esc_html('All-In-One Security'); ?></a> <?php esc_html_e('Page', 'all-in-one-wp-security-and-firewall'); ?>.</p>
</div>
<?php
if (!is_super_admin()) {
// Hide config settings if multisite and not super admin.
AIOWPSecurity_Utility::display_multisite_super_admin_message();
} else {
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('All-In-One Security', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<p>
<?php
esc_html_e('Thank you for using the All-In-One Security plugin.', 'all-in-one-wp-security-and-firewall');
?>
&nbsp;
<?php
esc_html_e('There are a lot of security features in this plugin.', 'all-in-one-wp-security-and-firewall');
?>
</p>
<p>
<?php
esc_html_e('To start, go through each security option and enable the "basic" options.', 'all-in-one-wp-security-and-firewall');
?>
&nbsp;
<?php
esc_html_e('The more features you enable, the more security points you will achieve.', 'all-in-one-wp-security-and-firewall');
?>
</p>
<p><?php esc_html_e('Before doing anything we advise taking a backup of your .htaccess file, database and wp-config.php.', 'all-in-one-wp-security-and-firewall'); ?></p>
<p>
<ul class="aiowps_admin_ul_grp1">
<li><a href="admin.php?page=aiowpsec_database&tab=database-backup" target="_blank"><?php esc_html_e('Backup your database', 'all-in-one-wp-security-and-firewall'); ?></a></li>
<li><a href="admin.php?page=aiowpsec_settings&tab=htaccess-file-operations" target="_blank"><?php esc_html_e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
<li><a href="admin.php?page=aiowpsec_settings&tab=wp-config-file-operations" target="_blank"><?php esc_html_e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></a></li>
</ul>
</p>
</div>
</div> <!-- end postbox-->
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Disable security features', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-disable-all-features-form">
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('If you think that some plugin functionality on your site is broken due to a security feature you enabled in this plugin, then use the following option to turn off all the security features of this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="submit">
<input type="submit" class="button" name="aiowpsec_disable_all_features" value="<?php esc_html_e('Disable all security features', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div> <!-- end postbox-->
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-disable-all-firewall-rules-form">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This feature will disable all firewall rules which are currently active in this plugin and it will also delete these rules from your .htaccess file.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Use it if you think one of the firewall rules is causing an issue on your site.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<div class="submit">
<input type="submit" class="button" name="aiowpsec_disable_all_firewall_rules" value="<?php esc_html_e('Disable all firewall rules', 'all-in-one-wp-security-and-firewall'); ?>">
</div>
</form>
</div>
</div> <!-- end postbox-->
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-reset-settings-form">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This feature will delete all of your settings related to the All-In-One Security plugin.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p>' . esc_html__('This feature will reset/empty all the database tables of the security plugin also.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p>' . esc_html__('Use this feature if you were locked out by the All-In-One Security plugin and/or you are having issues logging in when that plugin is activated.', 'all-in-one-wp-security-and-firewall') . '</p>';
echo '<p>' . esc_html__('In addition to the settings it will also delete any directives which were added to the .htaccess file by the All-In-One Security Plugin.', 'all-in-one-wp-security-and-firewall') . '</p>';
/* translators: 1: Open strong tag, 2: Close strong tag. */
echo '<p>' . sprintf(esc_html__('%1$sNOTE: %2$sAfter deleting the settings you will need to re-configure the All-In-One Security plugin.', 'all-in-one-wp-security-and-firewall'), '<strong>', '</strong>') . '</p>';
?>
</div>
<div class="submit">
<input type="submit" name="aiowps_reset_settings" value="<?php esc_html_e('Reset settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button">
</div>
</form>
</div>
</div> <!-- end postbox-->
<?php
} // End if statements
?>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Debug settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form method="post" action="" id="aiowpsec-save-debug-settings-form">
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This setting allows you to enable/disable debug for this plugin.', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Enable debug', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable debug mode.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('You should keep this option disabled after you have finished debugging the issue.', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_debug', '1' == $aio_wp_security->configs->get_value('aiowps_enable_debug')); ?>
</div>
</td>
</tr>
</table>
</form>
</div>
</div> <!-- end postbox-->
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/htaccess-file-operations.php
Executable
+37
View File
@@ -0,0 +1,37 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('.htaccess file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Save the current .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-save-htaccess-form">
<p class="description"><?php esc_html_e('Press the button below to backup and save the currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'); ?></p>
<input type="submit" name="aiowps_save_htaccess" value="<?php esc_html_e('Backup .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Restore from a backed up .htaccess file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form id="aiowps_restore_htaccess_form" action="" method="POST">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_restore_htaccess_button"><?php esc_html_e('.htaccess file to restore from', 'all-in-one-wp-security-and-firewall'); ?></label>:</th>
<td>
<input type="submit" name="aiowps_restore_htaccess_button" class="button button-primary" value="<?php esc_html_e('Restore your .htaccess file', 'all-in-one-wp-security-and-firewall'); ?>">
<input name="aiowps_restore_htaccess" type="hidden" value="1">
<input name="aiowps_htaccess_file" type="file" id="aiowps_htaccess_file">
<input name="aiowps_htaccess_file_contents" type="hidden" id="aiowps_htaccess_file_contents">
</td>
</tr>
</table>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/settings-file-operations.php
Executable
+45
View File
@@ -0,0 +1,45 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('Export or import your AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>' . esc_html__('This section allows you to export or import your All-In-One Security settings.', 'all-in-one-wp-security-and-firewall');
echo '<br />' .esc_html__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-export-settings-form">
<table class="form-table">
<tr valign="top">
<span class="description"><?php echo esc_html__('To export your All-In-One Security settings press the button below.', 'all-in-one-wp-security-and-firewall'); ?></span>
</tr>
</table>
<input type="submit" name="aiowps_export_settings" value="<?php esc_html_e('Export AIOS settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Import AIOS settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form id="aiowps_restore_settings_form" action="" method="POST">
<table class="form-table">
<tr valign="top">
<span class="description"><?php echo esc_html__('Use this section to import your All-In-One Security settings from a file.', 'all-in-one-wp-security-and-firewall'); ?></span>
<th scope="row">
<label for="aiowps_import_settings_file_button"><?php esc_html_e('Settings file to restore from', 'all-in-one-wp-security-and-firewall'); ?>:</label>
</th>
<td>
<input type="submit" id="aiowps_import_settings_file_button" name="aiowps_import_settings_file_button" class="button button-primary" value="<?php esc_html_e('Select your import settings file', 'all-in-one-wp-security-and-firewall'); ?>">
<input name="aiowps_import_settings" type="hidden" value="1">
<input name="aiowps_import_settings_file" type="file" id="aiowps_import_settings_file">
<input name="aiowps_import_settings_file_contents" type="hidden" id="aiowps_import_settings_file_contents">
</td>
</tr>
</table>
</form>
</div>
</div>
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/wp-config-file-operations.php
Executable
+47
View File
@@ -0,0 +1,47 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('wp-config.php file operations', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('Your "wp-config.php" file is one of the most important files in your WordPress installation.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
<br />'.esc_html__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Save the current wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form action="" method="POST" id="aiowpsec-save-wp-config-form">
<p class="description"><?php esc_html_e('Press the button below to backup and download the contents of the currently active wp-config.php file.', 'all-in-one-wp-security-and-firewall'); ?></p>
<input type="submit" name="aiowps_save_wp_config" value="<?php esc_html_e('Backup wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('Restore from a backed up wp-config file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<form id="aiowps_restore_wp_config_form" action="" method="POST">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="aiowps_restore_wp_config_button"><?php esc_html_e('wp-config file to restore from', 'all-in-one-wp-security-and-firewall'); ?></label>:</th>
<td>
<input type="submit" name="aiowps_restore_wp_config_button" class="button button-primary" value="<?php esc_html_e('Restore your wp-config file', 'all-in-one-wp-security-and-firewall'); ?>">
<input name="aiowps_restore_wp_config" type="hidden" value="1">
<input name="aiowps_wp_config_file" type="file" id="aiowps_wp_config_file">
<input name="aiowps_wp_config_file_contents" type="hidden" id="aiowps_wp_config_file_contents">
</td>
</tr>
</table>
</form>
</div>
</div>
<!-- <div class="postbox">
<h3 class="hndle"><label for="title"><?php // esc_html_e('View Contents of the currently active wp-config.php file', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
// $wp_config_file = AIOWPSecurity_Utility_File::get_wp_config_file_path();
// $wp_config_contents = AIOWPSecurity_Utility_File::get_file_contents($wp_config_file); -->
?>
<textarea class="aio_text_area_file_output aio_width_80 aio_spacer_10_tb" rows="20" readonly><?php // echo $wp_config_contents; ?></textarea>
</div>
</div> -->
wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/wp-version-info.php
Executable
+38
View File
@@ -0,0 +1,38 @@
<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
<h2><?php esc_html_e('WP generator meta tag and version info', 'all-in-one-wp-security-and-firewall'); ?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.esc_html__('WordPress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end, below is an example of this:', 'all-in-one-wp-security-and-firewall');
echo '<br /><strong>&lt;meta name="generator" content="WordPress 3.5.1" /&gt;</strong>';
echo '<br />'.esc_html__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
<br /><br />'.esc_html__('There are also other ways Wordpress reveals version info such as during style and script loading, an example of this is:', 'all-in-one-wp-security-and-firewall');
// phpcs:ignore WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet -- PCP error. Example code. Not an actual stylesheet.
echo '<br /><strong>&lt;link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" /&gt;</strong>
<br /><br />'.esc_html__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php esc_html_e('WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<div id="wp-generator-meta-tag-badge">
<?php
// Display security info badge
$aiowps_feature_mgr->output_feature_details_badge("wp-generator-meta-tag");
?>
</div>
<form action="" method="POST" id="aiowpsec-remove-wp-meta-info-form">
<table class="form-table">
<tr valign="top">
<th scope="row"><?php esc_html_e('Remove WP generator meta info', 'all-in-one-wp-security-and-firewall'); ?>:</th>
<td>
<div class="aiowps_switch_container">
<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to remove the version and meta info produced by WP from all pages', 'all-in-one-wp-security-and-firewall'), 'aiowps_remove_wp_generator_meta_info', '1' == $aio_wp_security->configs->get_value('aiowps_remove_wp_generator_meta_info')); ?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_remove_wp_meta_info" value="<?php esc_html_e('Save settings', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
</form>
</div>
</div>