debug_logger->log_debug("Nonce check failed for manual DB backup operation!",4);
die(__('Nonce check failed for manual DB backup operation!','all-in-one-wp-security-and-firewall'));
}
if (isset($_POST['aiowps_permission_chg_file']))
{
$folder_or_file = $_POST['aiowps_permission_chg_file'];
$rec_perm_oct_string = $_POST['aiowps_recommended_permissions']; //Convert the octal string to dec so the chmod func will accept it
$rec_perm_dec = octdec($rec_perm_oct_string); //Convert the octal string to dec so the chmod func will accept it
$perm_result = @chmod($_POST['aiowps_permission_chg_file'], $rec_perm_dec);
if ($perm_result === true)
{
$msg = sprintf( __('The permissions for %s were succesfully changed to %s', 'all-in-one-wp-security-and-firewall'), $folder_or_file, $rec_perm_oct_string);
$this->show_msg_updated($msg);
}else if($perm_result === false)
{
$msg = sprintf( __('Unable to change permissions for %s!', 'all-in-one-wp-security-and-firewall'), $folder_or_file);
$this->show_msg_error($msg);
}
}
}
?>
'.__('Your WordPress file and folder permission settings govern the accessability and read/write privileges of the files and folders which make up your WP installation.', 'all-in-one-wp-security-and-firewall').'
'.__('Your WP installation already comes with reasonably secure file permission settings for the filesystem.', 'all-in-one-wp-security-and-firewall').'
'.__('However, sometimes people or other plugins modify the various permission settings of certain core WP folders or files such that they end up making their site less secure because they chose the wrong permission values.', 'all-in-one-wp-security-and-firewall').'
'.__('This feature will scan the critical WP core folders and files and will highlight any permission settings which are insecure.', 'all-in-one-wp-security-and-firewall').'
';
?>
debug_logger->log_debug("Nonce check failed on disable PHP file edit options save!",4);
die("Nonce check failed on disable PHP file edit options save!");
}
if(isset($_POST['aiowps_disable_file_editing']))
{
$res = AIOWPSecurity_Utility::disable_file_edits();//$this->disable_file_edits();
} else
{
$res = AIOWPSecurity_Utility::enable_file_edits();//$this->enable_file_edits();
}
if ($res)
{
//Save settings if no errors
$aio_wp_security->configs->set_value('aiowps_disable_file_editing',isset($_POST["aiowps_disable_file_editing"])?'1':'');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_updated(__('Your PHP file editing settings were saved successfully.', 'all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_error(__('Operation failed! Unable to modify or make a backup of wp-config.php file!', 'all-in-one-wp-security-and-firewall'));
}
//$this->show_msg_settings_updated();
}
else {
// Make sure the setting value is up-to-date with current value in WP config
$aio_wp_security->configs->set_value('aiowps_disable_file_editing', defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? '1' : '');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
}
?>
'.__('The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.', 'all-in-one-wp-security-and-firewall').'
'.__('This is often the first tool an attacker will use if able to login, since it allows code execution.', 'all-in-one-wp-security-and-firewall').'
'.__('This feature will disable the ability for people to edit PHP files via the dashboard.', 'all-in-one-wp-security-and-firewall').'
';
?>
debug_logger->log_debug("Nonce check failed on enable basic firewall settings!",4);
die("Nonce check failed on enable basic firewall settings!");
}
//Save settings
if(isset($_POST['aiowps_prevent_default_wp_file_access']))
{
$aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','1');
}
else
{
$aio_wp_security->configs->set_value('aiowps_prevent_default_wp_file_access','');
}
//Commit the config settings
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
//Now let's write the applicable rules to the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res)
{
$this->show_msg_updated(__('You have successfully saved the Prevent Access to Default WP Files configuration.', 'all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
}
}
?>
'.$info_msg.''.'
'.__('By preventing access to these files you are hiding some key pieces of information (such as WordPress version info) from potential hackers.', 'all-in-one-wp-security-and-firewall').'
'.__('Sometimes your hosting platform will produce error or warning logs in a file called "error_log".', 'all-in-one-wp-security-and-firewall').'
'.__('Depending on the nature and cause of the error or warning, your hosting server can create multiple instances of this file in numerous directory locations of your WordPress installation.', 'all-in-one-wp-security-and-firewall').'
'.__('By occassionally viewing the contents of these logs files you can keep informed of any underlying problems on your system which you might need to address.', 'all-in-one-wp-security-and-firewall').'
';
?>
Please click the button below to view the latest system logs:
debug_logger->log_debug("Nonce check failed on view system log operation!",4);
die("Nonce check failed on view system log operation!");
}
$logResults = AIOWPSecurity_Utility_File::recursive_file_search($sys_log_file, 0, ABSPATH);
if (empty($logResults) || $logResults == NULL || $logResults == '' || $logResults === FALSE)
{
$this->show_msg_updated(__('No system logs were found!', 'all-in-one-wp-security-and-firewall'));
}
else
{
foreach($logResults as $file)
{
$this->display_system_logs_in_table($file);
}
}
}
}
/*
* Scans WP key core files and directory permissions and populates a wp wide_fat table
* Displays a red background entry with a "Fix" button for permissions which are "777"
* Displays a yellow background entry with a "Fix" button for permissions which are less secure than the recommended
* Displays a green entry for permissions which are as secure or better than the recommended
*/
function show_wp_filesystem_permission_status($name,$path,$recommended)
{
$fix = false;
$configmod = AIOWPSecurity_Utility_File::get_file_permission($path);
if ($configmod == "0777"){
$trclass = "aio_table_row_red"; //Display a red background if permissions are set as least secure ("777")
$fix = true;
}
else if($configmod != $recommended)
{
//$res = $this->is_file_permission_secure($recommended, $configmod);
$res = AIOWPSecurity_Utility_File::is_file_permission_secure($recommended, $configmod);
if ($res)
{
$trclass = "aio_table_row_green"; //If the current permissions are even tighter than recommended then display a green row
$fix = true;
}
else
{
$trclass = "aio_table_row_yellow"; //Display a yellow background if permissions are set to something different than recommended
$fix = true;
}
}
else
{
$trclass = "aio_table_row_green";
}
echo "