'render_tab1', 'tab2' => 'render_tab2', 'tab3' => 'render_tab3', 'tab4' => 'render_tab4', 'tab5' => 'render_tab5', 'tab6' => 'render_tab6', 'tab7' => 'render_tab7', ); function __construct() { $this->render_menu_page(); } function set_menu_tabs() { $this->menu_tabs = array( 'tab1' => __('Basic Firewall Rules', 'all-in-one-wp-security-and-firewall'), 'tab2' => __('Additional Firewall Rules', 'all-in-one-wp-security-and-firewall'), 'tab3' => __('6G Blacklist Firewall Rules', 'all-in-one-wp-security-and-firewall'), 'tab4' => __('Internet Bots', 'all-in-one-wp-security-and-firewall'), 'tab5' => __('Prevent Hotlinks', 'all-in-one-wp-security-and-firewall'), 'tab6' => __('404 Detection', 'all-in-one-wp-security-and-firewall'), 'tab7' => __('Custom Rules', 'all-in-one-wp-security-and-firewall'), ); } function get_current_tab() { $tab_keys = array_keys($this->menu_tabs); $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0]; return $tab; } /* * Renders our tabs of this menu as nav items */ function render_menu_tabs() { $current_tab = $this->get_current_tab(); echo '

'; foreach ( $this->menu_tabs as $tab_key => $tab_caption ) { $active = $current_tab == $tab_key ? 'nav-tab-active' : ''; echo '' . $tab_caption . ''; } echo '

'; } /* * The menu rendering goes here */ function render_menu_page() { echo '
'; echo '

'.__('Firewall','all-in-one-wp-security-and-firewall').'

';//Interface title $this->set_menu_tabs(); $tab = $this->get_current_tab(); $this->render_menu_tabs(); ?>
menu_tabs); call_user_func(array(&$this, $this->menu_tabs_handler[$tab])); ?>
debug_logger->log_debug("Nonce check failed on enable basic firewall settings!",4); die("Nonce check failed on enable basic firewall settings!"); } //Save settings if(isset($_POST['aiowps_enable_basic_firewall'])) { $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','1'); } else { $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall',''); } $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall',isset($_POST["aiowps_enable_pingback_firewall"])?'1':''); //this disables all xmlrpc functionality $aio_wp_security->configs->set_value('aiowps_disable_xmlrpc_pingback_methods',isset($_POST["aiowps_disable_xmlrpc_pingback_methods"])?'1':''); //this disables only pingback methods of xmlrpc but leaves other methods so that Jetpack and other apps will still work $aio_wp_security->configs->set_value('aiowps_block_debug_log_file_access',isset($_POST["aiowps_block_debug_log_file_access"])?'1':''); //Commit the config settings $aio_wp_security->configs->save_config(); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); //Now let's write the applicable rules to the .htaccess file $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); if ($res) { $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall')); } else { $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall')); } } ?>

backup'; $info_msg = sprintf( __('This should not have any impact on your site\'s general functionality but if you wish you can take a %s of your .htaccess file before proceeding.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link); echo '

'.__('The features in this tab allow you to activate some basic firewall security protection rules for your site.', 'all-in-one-wp-security-and-firewall'). '
'.__('The firewall functionality is achieved via the insertion of special code into your currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'). '
'.$info_msg.'

'; ?>
configs->get_value('aiowps_enable_pingback_firewall')=='1'){ ?>

'.__('Attention: You have enabled the "Completely Block Access To XMLRPC" checkbox which means all XMLRPC functionality will be blocked.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('By leaving this feature enabled you will prevent Jetpack or Wordpress iOS or other apps which need XMLRPC from working correctly on your site.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('If you still need XMLRPC then uncheck the "Completely Block Access To XMLRPC" checkbox and enable only the "Disable Pingback Functionality From XMLRPC" checkbox.', 'all-in-one-wp-security-and-firewall').'

'; ?>

output_feature_details_badge("firewall-basic-rules"); ?>
: configs->get_value('aiowps_enable_basic_firewall')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('This setting will implement the following basic firewall protection mechanisms on your site:', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('1) Protect your htaccess file by denying access to it.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('2) Disable the server signature.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('3) Limit file upload size (10MB).', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('4) Protect your wp-config.php file by denying access to it.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('The above firewall features will be applied via your .htaccess file and should not affect your site\'s overall functionality.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('You are still advised to take a backup of your active .htaccess file just in case.', 'all-in-one-wp-security-and-firewall').'

'; ?>

output_feature_details_badge("firewall-pingback-rules"); ?>
: configs->get_value('aiowps_enable_pingback_firewall')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('This setting will add a directive in your .htaccess to disable access to the WordPress xmlrpc.php file which is responsible for the XML-RPC functionality in WordPress.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('Hackers can exploit various vulnerabilities in the WordPress XML-RPC API in a number of ways such as:', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('1) Denial of Service (DoS) attacks', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('2) Hacking internal routers.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('3) Scanning ports in internal networks to get info from various hosts.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('Apart from the security protection benefit, this feature may also help reduce load on your server, particularly if your site currently has a lot of unwanted traffic hitting the XML-RPC API on your installation.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('NOTE: You should only enable this feature if you are not currently using the XML-RPC functionality on your WordPress installation.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('Leave this feature disabled and use the feature below if you want pingback protection but you still need XMLRPC.', 'all-in-one-wp-security-and-firewall').'

'; ?>
: configs->get_value('aiowps_disable_xmlrpc_pingback_methods')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('NOTE: If you use Jetpack or the Wordpress iOS or other apps then you should enable this feature but leave the "Completely Block Access To XMLRPC" checkbox unchecked.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('The feature will still allow XMLRPC functionality on your site but will disable the pingback methods.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('This feature will also remove the "X-Pingback" header if it is present.', 'all-in-one-wp-security-and-firewall').'

'; ?>

output_feature_details_badge("firewall-block-debug-file-access"); ?>
: configs->get_value('aiowps_block_debug_log_file_access')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('WordPress has an option to turn on the debug logging to a file located in wp-content/debug.log. This file may contain sensitive information.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('Using this optoin will block external access to this file. You can still access this file by logging into your site via FTP', 'all-in-one-wp-security-and-firewall').'

'; ?>
debug_logger->log_debug("Nonce check failed on enable advanced firewall settings!",4); die("Nonce check failed on enable advanced firewall settings!"); } //Save settings if(isset($_POST['aiowps_disable_index_views'])) { $aio_wp_security->configs->set_value('aiowps_disable_index_views','1'); } else { $aio_wp_security->configs->set_value('aiowps_disable_index_views',''); } if(isset($_POST['aiowps_disable_trace_and_track'])) { $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track','1'); } else { $aio_wp_security->configs->set_value('aiowps_disable_trace_and_track',''); } if(isset($_POST['aiowps_forbid_proxy_comments'])) { $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments','1'); } else { $aio_wp_security->configs->set_value('aiowps_forbid_proxy_comments',''); } if(isset($_POST['aiowps_deny_bad_query_strings'])) { $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings','1'); } else { $aio_wp_security->configs->set_value('aiowps_deny_bad_query_strings',''); } if(isset($_POST['aiowps_advanced_char_string_filter'])) { $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter','1'); } else { $aio_wp_security->configs->set_value('aiowps_advanced_char_string_filter',''); } //Commit the config settings $aio_wp_security->configs->save_config(); //Now let's write the applicable rules to the .htaccess file $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); if ($res) { $this->show_msg_updated(__('You have successfully saved the Additional Firewall Protection configuration', 'all-in-one-wp-security-and-firewall')); } else { $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall')); } if($error) { $this->show_msg_error($error); } } ?>

backup'; $info_msg = sprintf( __('Due to the nature of the code being inserted to the .htaccess file, this feature may break some functionality for certain plugins and you are therefore advised to take a %s of .htaccess before applying this configuration.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link); echo '

'.__('This feature allows you to activate more advanced firewall settings to your site.', 'all-in-one-wp-security-and-firewall'). '
'.__('The advanced firewall rules are applied via the insertion of special code to your currently active .htaccess file.', 'all-in-one-wp-security-and-firewall'). '
'.$info_msg.'

'; ?>

output_feature_details_badge("firewall-disable-index-views"); ?>
: configs->get_value('aiowps_disable_index_views')=='1') echo ' checked="checked"'; ?> value="1"/> +

'; _e('This feature will prevent the listing of contents for all directories.', 'all-in-one-wp-security-and-firewall'); echo '
'; _e('NOTE: In order for this feature to work "AllowOverride" of the Indexes directive must be enabled in your httpd.conf file. Ask your hosting provider to check this if you don\'t have access to httpd.conf', 'all-in-one-wp-security-and-firewall'); ?>

output_feature_details_badge("firewall-disable-trace-track"); ?>
: configs->get_value('aiowps_disable_trace_and_track')=='1') echo ' checked="checked"'; ?> value="1"/> +

'; _e('This hacking technique is usually used together with cross site scripting attacks (XSS).', 'all-in-one-wp-security-and-firewall'); echo '
'; _e('Disabling trace and track on your site will help prevent HTTP Trace attacks.', 'all-in-one-wp-security-and-firewall'); ?>

output_feature_details_badge("firewall-forbid-proxy-comments"); ?>
: configs->get_value('aiowps_forbid_proxy_comments')=='1') echo ' checked="checked"'; ?> value="1"/> +

'.__('By forbidding proxy comments you are in effect eliminating some SPAM and other proxy requests.', 'all-in-one-wp-security-and-firewall'); ?>

output_feature_details_badge("firewall-deny-bad-queries"); ?>
: configs->get_value('aiowps_deny_bad_query_strings')=='1') echo ' checked="checked"'; ?> value="1"/> +

'.__('NOTE: Some of these strings might be used for plugins or themes and hence this might break some functionality.', 'all-in-one-wp-security-and-firewall'); echo '
'.__('You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.', 'all-in-one-wp-security-and-firewall').''; ?>

output_feature_details_badge("firewall-advanced-character-string-filter"); ?>
: configs->get_value('aiowps_advanced_char_string_filter')=='1') echo ' checked="checked"'; ?> value="1"/> +

'.__('This setting matches for common malicious string patterns and exploits and will produce a 403 error for the hacker attempting the query.', 'all-in-one-wp-security-and-firewall'); echo '
'.__('NOTE: Some strings for this setting might break some functionality.', 'all-in-one-wp-security-and-firewall'); echo '
'.__('You are therefore strongly advised to take a backup of your active .htaccess file before applying this feature.', 'all-in-one-wp-security-and-firewall').''; ?>

debug_logger->log_debug("Nonce check failed on enable 5G/6G firewall settings!",4); die("Nonce check failed on enable 5G/6G firewall settings!"); } //Save settings if(isset($_POST['aiowps_enable_5g_firewall'])) { $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall','1'); } else { $aio_wp_security->configs->set_value('aiowps_enable_5g_firewall',''); } if(isset($_POST['aiowps_enable_6g_firewall'])) { $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall','1'); } else { $aio_wp_security->configs->set_value('aiowps_enable_6g_firewall',''); } //Commit the config settings $aio_wp_security->configs->save_config(); //Now let's write the applicable rules to the .htaccess file $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); if ($res) { $this->show_msg_updated(__('You have successfully saved the 5G/6G Firewall Protection configuration', 'all-in-one-wp-security-and-firewall')); // Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); } else { $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall')); } } ?>

backup'; $info_msg = '

'.sprintf( __('This feature allows you to activate the %s (or legacy %s) firewall security protection rules designed and produced by %s.', 'all-in-one-wp-security-and-firewall'), '6G', '5G', 'Perishable Press').'

'; $info_msg .= '

'.__('The 6G Blacklist is updated and improved version of 5G Blacklist. If you have 5G Blacklist active, you might consider activating 6G Blacklist instead.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'.__('The 6G Blacklist is a simple, flexible blacklist that helps reduce the number of malicious URL requests that hit your website.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'.__('The added advantage of applying the 6G firewall to your site is that it has been tested and confirmed by the people at PerishablePress.com to be an optimal and least disruptive set of .htaccess security rules for general WP sites running on an Apache server or similar.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'.sprintf( __('Therefore the 6G firewall rules should not have any impact on your site\'s general functionality but if you wish you can take a %s of your .htaccess file before proceeding.', 'all-in-one-wp-security-and-firewall'), $backup_tab_link).'

'; echo $info_msg; ?>

output_feature_details_badge("firewall-enable-5g-6g-blacklist"); ?>
: configs->get_value('aiowps_enable_6g_firewall')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('This setting will implement the 6G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('....and much more.', 'all-in-one-wp-security-and-firewall').'

'; ?>
: configs->get_value('aiowps_enable_5g_firewall')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('This setting will implement the 5G security firewall protection mechanisms on your site which include the following things:', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('1) Block forbidden characters commonly used in exploitative attacks.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('2) Block malicious encoded URL characters such as the ".css(" string.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('3) Guard against the common patterns and specific exploits in the root portion of targeted URLs.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('4) Stop attackers from manipulating query strings by disallowing illicit characters.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('....and much more.', 'all-in-one-wp-security-and-firewall').'

'; ?>
debug_logger->log_debug("Nonce check failed for save internet bot settings!",4); die("Nonce check failed for save internet bot settings!"); } //Save settings if(isset($_POST['aiowps_block_fake_googlebots'])) { $aio_wp_security->configs->set_value('aiowps_block_fake_googlebots','1'); } else { $aio_wp_security->configs->set_value('aiowps_block_fake_googlebots',''); } //Commit the config settings $aio_wp_security->configs->save_config(); $this->show_msg_updated(__('The Internet bot settings were successfully saved', 'all-in-one-wp-security-and-firewall')); } ?>

What is an Internet Bot'; $info_msg .= '

'.sprintf( __('%s?', 'all-in-one-wp-security-and-firewall'), $wiki_link).'

'; $info_msg .= '

'. __('A bot is a piece of software which runs on the Internet and performs automatic tasks. For example when Google indexes your pages it uses automatic bots to achieve this task.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'. __('A lot of bots are legitimate and non-malicous but not all bots are good and often you will find some which try to impersonate legitimate bots such as "Googlebot" but in reality they have nohing to do with Google at all.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'. __('Although most of the bots out there are relatively harmless sometimes website owners want to have more control over which bots they allow into their site.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'. __('This feature allows you to block bots which are impersonating as a Googlebot but actually aren\'t. (In other words they are fake Google bots)', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'.__('Googlebots have a unique indentity which cannot easily be forged and this feature will indentify any fake Google bots and block them from reading your site\'s pages.', 'all-in-one-wp-security-and-firewall').'

'; echo $info_msg; ?>
'. __('Attention: Sometimes non-malicious Internet organizations might have bots which impersonate as a "Googlebot".', 'all-in-one-wp-security-and-firewall').'

'; $info_msg_2 .= '

'.__('Just be aware that if you activate this feature the plugin will block all bots which use the "Googlebot" string in their User Agent information but are NOT officially from Google (irrespective whether they are malicious or not).', 'all-in-one-wp-security-and-firewall').'

'; $info_msg_2 .= '

'.__('All other bots from other organizations such as "Yahoo", "Bing" etc will not be affected by this feature.', 'all-in-one-wp-security-and-firewall').'

'; echo $info_msg_2; ?>

output_feature_details_badge("firewall-block-fake-googlebots"); ?>
: configs->get_value('aiowps_block_fake_googlebots')=='1') echo ' checked="checked"'; ?> value="1"/> +
'.__('This feature will check if the User Agent information of a bot contains the string "Googlebot".', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('It will then perform a few tests to verify if the bot is legitimately from Google and if so it will allow the bot to proceed.', 'all-in-one-wp-security-and-firewall').'

'; echo '

'.__('If the bot fails the checks then the plugin will mark it as being a fake Googlebot and it will block it', 'all-in-one-wp-security-and-firewall').'

'; ?>
debug_logger->log_debug("Nonce check failed on prevent hotlinking options save!",4); die("Nonce check failed on prevent hotlinking options save!"); } $aio_wp_security->configs->set_value('aiowps_prevent_hotlinking',isset($_POST["aiowps_prevent_hotlinking"])?'1':''); $aio_wp_security->configs->save_config(); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); //Now let's write the applicable rules to the .htaccess file $res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); if ($res) { $this->show_msg_updated(__('Settings were successfully saved', 'all-in-one-wp-security-and-firewall')); } else { $this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall')); } } ?>

'.__('A Hotlink is where someone displays an image on their site which is actually located on your site by using a direct link to the source of the image on your server.', 'all-in-one-wp-security-and-firewall'); echo '
'.__('Due to the fact that the image being displayed on the other person\'s site is coming from your server, this can cause leaking of bandwidth and resources for you because your server has to present this image for the people viewing it on someone elses\'s site.','all-in-one-wp-security-and-firewall'); echo '
'.__('This feature will prevent people from directly hotlinking images from your site\'s pages by writing some directives in your .htaccess file.', 'all-in-one-wp-security-and-firewall').'

'; ?>

output_feature_details_badge("prevent-hotlinking"); ?>
: configs->get_value('aiowps_prevent_hotlinking')=='1') echo ' checked="checked"'; ?> value="1"/>
debug_logger->log_debug("Nonce check failed for delete all 404 event logs operation!",4); die(__('Nonce check failed for delete all 404 event logs operation!','all-in-one-wp-security-and-firewall')); } global $wpdb; $events_table_name = AIOWPSEC_TBL_EVENTS; //Delete all 404 records from the events table $where = array('event_type' => '404'); $result = $wpdb->delete($events_table_name, $where); if ($result === FALSE) { $aio_wp_security->debug_logger->log_debug("404 Detection Feature - Delete all 404 event logs operation failed!",4); $this->show_msg_error(__('404 Detection Feature - Delete all 404 event logs operation failed!','all-in-one-wp-security-and-firewall')); } else { $this->show_msg_updated(__('All 404 event logs were deleted from the DB successfully!','all-in-one-wp-security-and-firewall')); } } include_once 'wp-security-list-404.php'; //For rendering the AIOWPSecurity_List_Table in tab1 $event_list_404 = new AIOWPSecurity_List_404(); //For rendering the AIOWPSecurity_List_Table in tab1 if(isset($_POST['aiowps_save_404_detect_options']))//Do form submission tasks { $error = ''; $nonce=$_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-404-detection-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on 404 detection options save!",4); die("Nonce check failed on 404 detection options save!"); } $aio_wp_security->configs->set_value('aiowps_enable_404_logging',isset($_POST["aiowps_enable_404_IP_lockout"])?'1':''); //the "aiowps_enable_404_IP_lockout" checkbox currently controls both the 404 lockout and 404 logging $aio_wp_security->configs->set_value('aiowps_enable_404_IP_lockout',isset($_POST["aiowps_enable_404_IP_lockout"])?'1':''); $lockout_time_length = isset($_POST['aiowps_404_lockout_time_length'])?sanitize_text_field($_POST['aiowps_404_lockout_time_length']):''; if(!is_numeric($lockout_time_length)) { $error .= '
'.__('You entered a non numeric value for the lockout time length field. It has been set to the default value.','all-in-one-wp-security-and-firewall'); $lockout_time_length = '60';//Set it to the default value for this field } $redirect_url = isset($_POST['aiowps_404_lock_redirect_url'])?trim($_POST['aiowps_404_lock_redirect_url']):''; if ($redirect_url == '' || esc_url($redirect_url, array('http', 'https')) == ''){ $error .= '
'.__('You entered an incorrect format for the "Redirect URL" field. It has been set to the default value.','all-in-one-wp-security-and-firewall'); $redirect_url = 'http://127.0.0.1'; } if($error) { $this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error); } $aio_wp_security->configs->set_value('aiowps_404_lockout_time_length',absint($lockout_time_length)); $aio_wp_security->configs->set_value('aiowps_404_lock_redirect_url',$redirect_url); $aio_wp_security->configs->save_config(); //Recalculate points after the feature status/options have been altered $aiowps_feature_mgr->check_feature_status_and_recalculate_points(); $this->show_msg_settings_updated(); } if(isset($_REQUEST['action'])) //Do list table form row action tasks { if($_REQUEST['action'] == 'temp_block'){ //Temp Block link was clicked for a row in list table $event_list_404->block_ip(strip_tags($_REQUEST['ip_address'])); } if($_REQUEST['action'] == 'blacklist_ip'){ //Blacklist IP link was clicked for a row in list table $event_list_404->blacklist_ip_address(strip_tags($_REQUEST['ip_address'])); } if($_REQUEST['action'] == 'delete_event_log'){ //Unlock link was clicked for a row in list table $event_list_404->delete_404_event_records(strip_tags($_REQUEST['id'])); } } ?>

'.__('A 404 or Not Found error occurs when somebody tries to access a non-existent page on your website.', 'all-in-one-wp-security-and-firewall').'
'.__('Typically, most 404 errors happen quite innocently when people have mis-typed a URL or used an old link to page which doesn\'t exist anymore.', 'all-in-one-wp-security-and-firewall').'
'.__('However, in some cases you may find many repeated 404 errors which occur in a relatively short space of time and from the same IP address which are all attempting to access a variety of non-existent page URLs.', 'all-in-one-wp-security-and-firewall').'
'.__('Such behaviour can mean that a hacker might be trying to find a particular page or URL for sinister reasons.', 'all-in-one-wp-security-and-firewall').'

'.__('This feature allows you to monitor all 404 events which occur on your site, and it also gives you the option of blocking IP addresses for a configured length of time.', 'all-in-one-wp-security-and-firewall').'
'.__('If you want to temporarily block an IP address, simply click the "Temp Block" link for the applicable IP entry in the "404 Event Logs" table below.', 'all-in-one-wp-security-and-firewall').'

'; ?>
Smart404 Blocking Addon'; $info_msg = sprintf( __('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link); $info_msg2 = __('This addon allows you to automatically and permanently block IP addresses based on how many 404 errors they produce.', 'all-in-one-wp-security-and-firewall'); echo '

'.$info_msg. '
'.$info_msg2.'

'; ?>

output_feature_details_badge("firewall-enable-404-blocking"); ?>
: configs->get_value('aiowps_enable_404_IP_lockout')=='1') echo ' checked="checked"'; ?> value="1"/> +

: +

'; _e('To temporarily lock an IP address, hover over the ID column and click the "Temp Block" link for the applicable IP entry.', 'all-in-one-wp-security-and-firewall'); ?>

:

prepare_items(); //echo "put table of locked entries here"; ?>
search_box('Search', 'search_404_events'); ?> '; } ?> display(); ?>

debug_logger->log_debug("Nonce check failed for save custom rules settings!",4); die("Nonce check failed for save custom rules settings!"); } //Save settings if (isset($_POST["aiowps_enable_custom_rules"]) && empty($_POST['aiowps_custom_rules'])) { $this->show_msg_error('You must enter some .htaccess directives code in the text box below','all-in-one-wp-security-and-firewall'); } else { if (!empty($_POST['aiowps_custom_rules'])) { // Undo magic quotes that are automatically added to `$_GET`, // `$_POST`, `$_COOKIE`, and `$_SERVER` by WordPress as // they corrupt any custom rule with backslash in it... $custom_rules = stripslashes($_POST['aiowps_custom_rules']); } else { $aio_wp_security->configs->set_value('aiowps_custom_rules',''); //Clear the custom rules config value } $aio_wp_security->configs->set_value('aiowps_custom_rules',$custom_rules); $aio_wp_security->configs->set_value('aiowps_enable_custom_rules',isset($_POST["aiowps_enable_custom_rules"])?'1':''); $aio_wp_security->configs->save_config(); //Save the configuration $this->show_msg_settings_updated(); $write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file if ( !$write_result ) { $this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall')); $aio_wp_security->debug_logger->log_debug("Custom Rules feature - The plugin was unable to write to the .htaccess file."); } } } ?>

'. __('This feature can be used to apply your own custom .htaccess rules and directives.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'. __('It is useful for when you want to tweak our existing firewall rules or when you want to add your own.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg .= '

'. __('NOTE: This feature can only used if your site is hosted in an apache or similar web server.', 'all-in-one-wp-security-and-firewall').'

'; echo $info_msg; ?>
'. __('Warning: Only use this feature if you know what you are doing.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg_2 .= '

'.__('Incorrect .htaccess rules or directives can break or prevent access to your site.', 'all-in-one-wp-security-and-firewall').'

'; $info_msg_2 .= '

'.__('It is your responsibility to ensure that you are entering the correct code!', 'all-in-one-wp-security-and-firewall').'

'; $info_msg_2 .= '

'.__('If you break your site you will need to access your server via FTP or something similar and then edit your .htaccess file and delete the changes you made.', 'all-in-one-wp-security-and-firewall').'

'; echo $info_msg_2; ?>

: configs->get_value('aiowps_enable_custom_rules')=='1') echo ' checked="checked"'; ?> value="1"/>