Phase 6: AIOS security plugin with conservative login lockdown config (10 attempts)

2025-11-28 17:19:54 -06:00
parent 78a744ef06
commit abbd3502e8
430 changed files with 137111 additions and 7 deletions
@@ -0,0 +1,58 @@
+<?php if (!defined('ABSPATH')) die('Access denied.'); ?>
+<h2><?php esc_html_e('Custom .htaccess rules settings', 'all-in-one-wp-security-and-firewall'); ?></h2>
+		<form action="" method="POST" id="aiowpsec-save-custom-rules-settings-form">
+			<div class="aio_blue_box">
+				<?php
+				$info_msg = '';
+
+				$info_msg .= '<p>'. esc_html__('This feature can be used to apply your own custom .htaccess rules and directives.', 'all-in-one-wp-security-and-firewall').'</p>';
+				$info_msg .= '<p>'. esc_html__('It is useful for when you want to tweak our existing firewall rules or when you want to add your own.', 'all-in-one-wp-security-and-firewall').'</p>';
+				$info_msg .= '<p>'. esc_html__('NOTE: This feature can only be used if your site is hosted using the Apache webserver, or another that uses .htaccess files.', 'all-in-one-wp-security-and-firewall').'</p>';
+				// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Escaped earlier.
+				echo $info_msg;
+				?>
+			</div>
+			<div class="aio_yellow_box">
+				<?php
+				/* translators: %s: Warning */
+				$info_msg_2 = '<p>'. sprintf(esc_html__('%s: Only use this feature if you know what you are doing.', 'all-in-one-wp-security-and-firewall'), '<strong>' . esc_html__('Warning', 'all-in-one-wp-security-and-firewall') . '</strong>').'</p>';
+				$info_msg_2 .= '<p>'.esc_html__('Incorrect .htaccess rules or directives can break or prevent access to your site.', 'all-in-one-wp-security-and-firewall').'</p>';
+				$info_msg_2 .= '<p>'.esc_html__('It is your responsibility to ensure that you are entering the correct code!', 'all-in-one-wp-security-and-firewall').'</p>';
+				$info_msg_2 .= '<p>'.esc_html__('If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.', 'all-in-one-wp-security-and-firewall').'</p>';
+				// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Escaped earlier.
+				echo $info_msg_2;
+				?>
+			</div>
+
+			<div class="postbox">
+				<h3 class="hndle"><label for="title"><?php esc_html_e('Custom .htaccess rules', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
+				<div class="inside">
+					<table class="form-table">
+						<tr valign="top">
+							<th scope="row"><?php esc_html_e('Enable custom .htaccess rules', 'all-in-one-wp-security-and-firewall'); ?>:</th>
+							<td>
+								<div class="aiowps_switch_container">
+									<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this to activate the custom rules entered in the text box below', 'all-in-one-wp-security-and-firewall'), 'aiowps_enable_custom_rules', '1' == $aio_wp_security->configs->get_value('aiowps_enable_custom_rules')); ?>
+								</div>
+							</td>
+						</tr>
+						<tr valign="top">
+							<th scope="row"><?php esc_html_e('Place custom rules at the top', 'all-in-one-wp-security-and-firewall');?>:</th>
+							<td>
+								<div class="aiowps_switch_container">
+									<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want to place your custom rules at the beginning of all the rules applied by this plugin', 'all-in-one-wp-security-and-firewall'), 'aiowps_place_custom_rules_at_top', '1' == $aio_wp_security->configs->get_value('aiowps_place_custom_rules_at_top')); ?>
+								</div>
+							</td>
+						</tr>
+						<tr valign="top">
+							<th scope="row"><label for="aiowps_custom_rules"><?php esc_html_e('Enter custom .htaccess rules:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
+							<td>
+								<textarea id="aiowps_custom_rules" name="aiowps_custom_rules" rows="35" cols="50"><?php echo esc_html($aio_wp_security->configs->get_value('aiowps_custom_rules')); ?></textarea>
+								<br />
+								<span class="description"><?php esc_html_e('Enter your custom .htaccess rules/directives.', 'all-in-one-wp-security-and-firewall');?></span>
+							</td>
+						</tr>
+					</table>
+				</div></div>
+			<input type="submit" name="aiowps_save_custom_rules_settings" value="<?php esc_html_e('Save custom rules', 'all-in-one-wp-security-and-firewall'); ?>" class="button-primary">
+		</form>
@@ -0,0 +1,13 @@
+<div class="postbox">
+	<h3 class="hndle">
+		<table>
+			<tr valign="top">
+				<th scope="row">WHOIS: </th>
+				<td><?php echo esc_html($ip_or_domain); ?></td>
+			</tr>
+		</table>
+	</h3>
+	<div class="inside">
+		<pre><?php echo esc_html($result); ?></pre>
+	</div>
+</div>
@@ -0,0 +1,30 @@
+<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
+<h2><?php esc_html_e('Password tool', 'all-in-one-wp-security-and-firewall'); ?></h2>
+<div class="aio_blue_box">
+	<?php
+	echo '<p>'.esc_html__('Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.', 'all-in-one-wp-security-and-firewall').'</p>'.
+	'<p>'.esc_html__('Many people fall into the trap of using a simple word or series of numbers as their password.', 'all-in-one-wp-security-and-firewall') . ' ' . esc_html__('Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.', 'all-in-one-wp-security-and-firewall').'</p>'.
+	'<p>'.esc_html__('The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.', 'all-in-one-wp-security-and-firewall').'</p>'.
+	'<p>'.esc_html__('This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.', 'all-in-one-wp-security-and-firewall').'</p>';
+	?>
+</div>
+<div class="postbox">
+	<h3 class="hndle"><label for="title"><?php esc_html_e('Password strength tool', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
+	<div class="inside">
+		<div class="aio_grey_box"><p><?php esc_html_e('This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.', 'all-in-one-wp-security-and-firewall');?></p></div>
+		<div class="aiowps_password_tool_field">
+			<input size="40" id="aiowps_password_test" name="aiowps_password_test" type="text" placeholder="<?php esc_html_e('Start typing a password.', 'all-in-one-wp-security-and-firewall');?>" />
+			<div class="aios_password_meter">
+				<div class="aios_meter_bar">
+					<div id="aios_meter_fill"></div>
+				</div>
+			</div>
+			<div id="aiowps_pw_tool_main">
+				<?php $hibp_link = '<a href="admin.php?page=' . AIOWPSEC_USER_SECURITY_MENU_SLUG . '&tab=hibp" target="_blank">' . __('HIBP', 'all-in-one-wp-security-and-firewall') . '</a>'; ?>
+				<span id="aiowps_password_crack_info_text"><?php printf(esc_html__('It would take a desktop PC approximately %s to crack your password!', 'all-in-one-wp-security-and-firewall'), '<span id="aiowps_password_crack_time_calculation">' . __('1 sec', 'all-in-one-wp-security-and-firewall') . '</span>'); ?></span>
+				<?php /* translators: %s HIBP link. */ ?>
+				<span id="aiowps_password_hibp_info_text"><?php printf(esc_html__('Pwned according to %s', 'all-in-one-wp-security-and-firewall'), $hibp_link); ?></span>
+			</div>
+		</div>
+	</div>
+</div>
@@ -0,0 +1,43 @@
+<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
+<div class="postbox">
+	<h3 class="hndle"><label for="title"><?php esc_html_e('General visitor lockout', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
+	<div class="inside">
+		<form action="" method="POST" id="aiowpsec-site-lockout-form">
+			<div class="aio_blue_box">
+				<?php
+					echo '<p>'.esc_html__('This feature allows you to put your site into "maintenance mode" by locking down the front-end to all visitors except logged in users with super admin privileges.', 'all-in-one-wp-security-and-firewall').'</p>';
+					echo '<p>'.esc_html__('Locking your site down to general visitors can be useful if you are investigating some issues on your site or perhaps you might be doing some maintenance and wish to keep out all traffic for security reasons.', 'all-in-one-wp-security-and-firewall').'</p>';
+				?>
+			</div>
+			<table class="form-table">
+				<tr valign="top">
+					<th scope="row"><?php esc_html_e('Enable maintenance mode', 'all-in-one-wp-security-and-firewall'); ?>:</th>
+					<td>
+						<div class="aiowps_switch_container">
+							<?php AIOWPSecurity_Utility_UI::setting_checkbox(esc_html__('Enable this if you want all visitors except those who are logged in as an administrator to be locked out of the front-end of your site.', 'all-in-one-wp-security-and-firewall'), 'aiowps_site_lockout', '1' == $aio_wp_security->configs->get_value('aiowps_site_lockout')); ?>
+						</div>
+					</td>
+				</tr>
+				<tr valign="top">
+					<th scope="row"><label for="aiowps_site_lockout_msg_editor_content"><?php esc_html_e('Enter a message:', 'all-in-one-wp-security-and-firewall'); ?></label></th>
+					<td>
+						<?php
+							$aiowps_site_lockout_msg_raw = $aio_wp_security->configs->get_value('aiowps_site_lockout_msg');
+							if (empty($aiowps_site_lockout_msg_raw)) {
+								$aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
+							}
+							$aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
+							$aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg');
+							wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);
+						?>
+						<br/>
+						<span class="description"><?php esc_html_e('Enter a message you wish to display to visitors when your site is in maintenance mode.', 'all-in-one-wp-security-and-firewall');?></span>
+					</td>
+				</tr>
+			</table>
+			<div class="submit">
+				<input type="submit" class="button-primary" name="aiowpsec_save_site_lockout" value="<?php esc_html_e('Save site lockout settings', 'all-in-one-wp-security-and-firewall'); ?>">
+			</div>
+		</form>
+	</div>
+</div>
@@ -0,0 +1,24 @@
+<?php if (!defined('ABSPATH')) die('No direct access.'); ?>
+<div class="aio_blue_box">
+	<p><?php echo esc_html__('The WHOIS lookup feature gives you a way to look up who owns an IP address or domain name.', 'all-in-one-wp-security-and-firewall').' '.esc_html__('You can use this to investigate users engaging in malicious activity on your site.', 'all-in-one-wp-security-and-firewall'); ?></p>
+</div>
+<div class="postbox">
+	<h3 class="hndle"><?php esc_html_e('WHOIS lookup on IP or domain', 'all-in-one-wp-security-and-firewall'); ?></h3>
+	<div class="inside">
+		<form method="post" action="" id="aiowpsec-whois-lookup-form">
+			<table class="form-table">
+				<tr valign="top">
+					<th scope="row">
+						<label for="aiowps_whois_ip_or_domain"><?php esc_html_e('IP address or domain name:', 'all-in-one-wp-security-and-firewall'); ?></label>
+					</th>
+					<td>
+						<input id="aiowps_whois_ip_or_domain" type="text" name="aiowps_whois_ip_or_domain" value="" size="80">
+					</td>
+				</tr>
+			</table>
+			<input class="button-primary" type="submit" value="<?php esc_html_e('Look up IP or domain', 'all-in-one-wp-security-and-firewall'); ?>">
+		</form>
+	</div>
+</div>
+<div id="aios-who-is-lookup-result-container">
+</div>