$res=AIOWPSecurity_Utility_Htaccess::write_to_htaccess();//Delete the cookie based directives if that feature is active
if($res){
$this->show_msg_settings_updated();
}
else{
$this->show_msg_error(__('Could not delete the Cookie-based directives from the .htaccess file. Please check the file permissions.','all-in-one-wp-security-and-firewall'));
$cookie_based_feature_url='<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab2" target="_blank">Cookie Based Brute Force Prevention</a>';
$white_list_feature_url='<a href="admin.php?page='.AIOWPSEC_BRUTE_FORCE_MENU_SLUG.'&tab=tab4" target="_blank">Login Page White List</a>';
echo'<p>'.__('An effective Brute Force prevention technique is to change the default WordPress login page URL.','all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.__('Normally if you wanted to login to WordPress you would type your site\'s home URL followed by wp-login.php.','all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.__('This feature allows you to change the login URL by setting your own slug and renaming the last portion of the login URL which contains the <strong>wp-login.php</strong> to any string that you like.','all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.__('By doing this, malicious bots and hackers will not be able to access your login page because they will not know the correct login page URL.','all-in-one-wp-security-and-firewall').'</p>'.
'<div class="aio_section_separator_1"></div>'.
'<p>'.__('You may also be interested in the following alternative brute force prevention features:','all-in-one-wp-security-and-firewall').'</p>'.
'<p>'.$cookie_based_feature_url.'</p>'.
'<p>'.$white_list_feature_url.'</p>';
?>
</div>
<?php
//Show the user the new login URL if this feature is active
<p><strong><?php_e('NOTE: If you already had the Cookie-Based Brute Force Prevention feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.','all-in-one-wp-security-and-firewall');?></strong></p>
$read_link='<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">must read this message</a>';
echo'<p>'.sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.','all-in-one-wp-security-and-firewall'),$read_link).'</p>';
echo'<p>'.__("NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.","all-in-one-wp-security-and-firewall").'</p>';
<spanclass="description"><?php_e('Enter a string which will represent your secure login page slug. You are enouraged to choose something which is hard to guess and only you will remember.','all-in-one-wp-security-and-firewall');?></span>
$msg='<p>'.__('Settings have not been saved - your secret word must consist only of alphanumeric characters, ie, letters and/or numbers only!','all-in-one-wp-security-and-firewall').'</p>';
$msg.='<p>'.__('It is important that you save this URL value somewhere in case you forget it, OR,','all-in-one-wp-security-and-firewall').'</p>';
$msg.='<p>'.sprintf(__('simply remember to add a "?%s=1" to your current site URL address.','all-in-one-wp-security-and-firewall'),$brute_force_feature_secret_word).'</p>';
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.','all-in-one-wp-security-and-firewall'));
}
}
else
{
$this->show_msg_error($msg);
}
}
?>
<h2><?php_e('Brute Force Prevention Firewall Settings','all-in-one-wp-security-and-firewall')?></h2>
<divclass="aio_blue_box">
<?php
//TODO - need to fix the following message
echo'<p>'.__('A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.','all-in-one-wp-security-and-firewall').
'<br />'.__('Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server\'s memory and performance.','all-in-one-wp-security-and-firewall').
'<br />'.__('The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts.','all-in-one-wp-security-and-firewall').'</p>';
$info_msg=sprintf(__('Even though this feature should not have any impact on your site\'s general functionality <strong>you are strongly encouraged to take a %s of your .htaccess file before proceeding</strong>.','all-in-one-wp-security-and-firewall'),$backup_tab_link);
$info_msg1=__('If this feature is not used correctly, you can get locked out of your site. A backed up .htaccess file will come in handy if that happens.','all-in-one-wp-security-and-firewall');
$info_msg2=sprintf(__('To learn more about how to use this feature please watch the following %s.','all-in-one-wp-security-and-firewall'),$video_link);
$brute_force_login_feature_link='<a href="admin.php?page='.AIOWPSEC_FIREWALL_MENU_SLUG.'&tab=tab4" target="_blank">Cookie-Based Brute Force Login Prevention</a>';
echo'<p>'.$info_msg.
'<br />'.$info_msg1.
'<br />'.$info_msg2.'</p>';
?>
</div>
<?php
//Show the user the new login URL if this feature is active
<p><strong><?php_e('NOTE: If you already had the Rename Login Page feature active, the plugin has automatically deactivated it because only one of these features can be active at any one time.','all-in-one-wp-security-and-firewall');?></strong></p>
</div>
<?php
}
?>
<divclass="postbox">
<h3class="hndle"><labelfor="title"><?php_e('Cookie Based Brute Force Login Prevention','all-in-one-wp-security-and-firewall');?></label></h3>
<?php_e('This feature can lock you out of admin if it doesn\'t work correctly on your site. You <a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">must read this message</a> before activating this feature.','all-in-one-wp-security-and-firewall');?>
</p>
</div>
<tableclass="form-table">
<trvalign="top">
<thscope="row"><?php_e('Enable Brute Force Attack Prevention','all-in-one-wp-security-and-firewall')?>:</th>
<spanclass="description"><?php_e('Check this if you want to protect your login page from Brute Force Attack.','all-in-one-wp-security-and-firewall');?></span>
_e('This feature will deny access to your WordPress login page for all people except those who have a special cookie in their browser.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('To use this feature do the following:','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('1) Enable the checkbox.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('2) Enter a secret word consisting of alphanumeric characters which will be difficult to guess. This secret word will be useful whenever you need to know the special URL which you will use to access the login page (see point below).','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('3) You will then be provided with a special login URL. You will need to use this URL to login to your WordPress site instead of the usual login URL. NOTE: The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.','all-in-one-wp-security-and-firewall');
<spanclass="description"><?php_e('Choose a secret word consisting of alphanumeric characters which you can use to access your special URL. Your are highly encouraged to choose a word which will be difficult to guess.','all-in-one-wp-security-and-firewall');?></span>
_e('The URL specified here can be any site\'s URL and does not have to be your own. For example you can be as creative as you like and send hackers to the CIA or NSA home page.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('This field will default to: http://127.0.0.1 if you do not enter a value.','all-in-one-wp-security-and-firewall');
_e('It\'s a good idea to not redirect attempted brute force login attempts to your site because it increases the load on your server.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('Redirecting a hacker or malicious bot back to "http://127.0.0.1" is ideal because it deflects them back to their own local host and puts the load on their server instead of yours.','all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</td>
</tr>
<trvalign="top">
<thscope="row"><?php_e('My Site Has Posts Or Pages Which Are Password Protected','all-in-one-wp-security-and-firewall')?>:</th>
<spanclass="description"><?php_e('Check this if you are using the native WordPress password protection feature for some or all of your blog posts or pages.','all-in-one-wp-security-and-firewall');?></span>
_e('In the cases where you are protecting some of your posts or pages using the in-built WordPress password protection feature, a few extra lines of directives and exceptions need to be added to your .htacces file so that people trying to access pages are not automatically blocked.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that people trying to access these pages are not automatically blocked.','all-in-one-wp-security-and-firewall');
_e('If you do not use the WordPress password protection feature for your posts or pages then it is highly recommended that you leave this checkbox disabled.','all-in-one-wp-security-and-firewall');
?>
</p>
</div>
</td>
</tr>
<trvalign="top">
<thscope="row"><?php_e('My Site Has a Theme or Plugins Which Use AJAX','all-in-one-wp-security-and-firewall')?>:</th>
_e('In the cases where your WordPress installation has a theme or plugins which use AJAX, a few extra lines of directives and exceptions need to be added to your .htacces file to prevent AJAX requests from being automatically blocked by the brute force prevention feature.','all-in-one-wp-security-and-firewall');
echo'<br />';
_e('By enabling this checkbox the plugin will add the necessary rules and exceptions to your .htacces file so that AJAX operations will work as expected.','all-in-one-wp-security-and-firewall');
_e('The cookie test failed on this server. So this feature cannot be used on this site.','all-in-one-wp-security-and-firewall');
echo'</p></div>';
}
echo'<div class="aio_yellow_box"><p>';
_e("Before using this feature you are required to perform a cookie test first. This is to make sure that your browser cookie is working correctly and that you won't lock yourself out.",'all-in-one-wp-security-and-firewall');
$aio_wp_security->debug_logger->log_debug("Nonce check failed on captcha settings save!",4);
die("Nonce check failed on captcha settings save!");
}
//Save all the form values to the options
$random_20_digit_string=AIOWPSecurity_Utility::generate_alpha_numeric_random_string(20);//Generate random 20 char string for use during captcha encode/decode
<spanclass="description"><?php_e('Check this if you want to insert captcha on a custom login form generated by the following WP function: wp_login_form()','all-in-one-wp-security-and-firewall');?></span>
<spanclass="description"><?php_e('Check this if you want to insert captcha on a Woocommerce login form','all-in-one-wp-security-and-firewall');?></span>
<spanclass="description"><?php_e('Check this if you want to insert captcha on a Woocommerce registration form','all-in-one-wp-security-and-firewall');?></span>
<spanclass="description"><?php_e('Check this if you want to insert a captcha form on the lost password page','all-in-one-wp-security-and-firewall');?></span>
echo'<p>'.__('The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.','all-in-one-wp-security-and-firewall').'
echo'<p>'.sprintf(__('Attention: If in addition to enabling the white list feature, you also have one of the %s or %s features enabled, <strong>you will still need to use your secret word or special slug in the URL when trying to access your WordPress login page</strong>.','all-in-one-wp-security-and-firewall'),$brute_force_login_feature_link,$rename_login_feature_link).'</p>
<spanclass="description"><?php_e('Check this if you want to enable the whitelisting of selected IP addresses specified in the settings below','all-in-one-wp-security-and-firewall');?></span>
</td>
</tr>
<trvalign="top">
<thscope="row"><?php_e('Your Current IP Address','all-in-one-wp-security-and-firewall')?>:</th>
<spanclass="description"><?php_e('You can copy and paste this address in the text box below if you want to include it in your login whitelist.','all-in-one-wp-security-and-firewall');?></span>
</td>
</tr>
<trvalign="top">
<thscope="row"><?php_e('Enter Whitelisted IP Addresses:','all-in-one-wp-security-and-firewall')?></th>
<spanclass="description"><?php_e('Enter one or more IP addresses or IP ranges you wish to include in your whitelist. Only the addresses specified here will have access to the WordPress login page.','all-in-one-wp-security-and-firewall');?></span>
echo'<p class="description"><strong>'.__('Each IP address must be on a new line.','all-in-one-wp-security-and-firewall').'</strong></p>';
echo'<p class="description">'.__('To specify an IPv4 range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:','all-in-one-wp-security-and-firewall').'</p>';
echo'<p class="description">'.__('Or you can enter an IPv6 address (NOTE: ranges/wildcards are currently not supported for ipv6)','all-in-one-wp-security-and-firewall').'</p>';
echo'<p>'.__('This feature allows you to add a special hidden "honeypot" field on the WordPress login page. This will only be visible to robots and not humans.','all-in-one-wp-security-and-firewall').'
<spanclass="description"><?php_e('Check this if you want to enable the honeypot feature for the login page','all-in-one-wp-security-and-firewall');?></span>
