debug_logger->log_debug("Nonce check failed on disable all security features!",4);
die("Nonce check failed on disable all security features!");
}
AIOWPSecurity_Configure_Settings::turn_off_all_security_features();
//Now let's clear the applicable rules from the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
//Now let's revert the disable editing setting in the wp-config.php file if necessary
$res2 = AIOWPSecurity_Utility::enable_file_edits();
if ($res)
{
$this->show_msg_updated(__('All the security features have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
}
if(!$res2)
{
$this->show_msg_error(__('Could not write to the wp-config.php. Please restore your wp-config.php file manually using the restore functionality in the "wp-config.php File".', 'all-in-one-wp-security-and-firewall'));
}
}
if(isset($_POST['aiowpsec_disable_all_firewall_rules']))//Do form submission tasks
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-disable-all-firewall-rules'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed on disable all firewall rules!",4);
die("Nonce check failed on disable all firewall rules!");
}
AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
//Now let's clear the applicable rules from the .htaccess file
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if ($res)
{
$this->show_msg_updated(__('All firewall rules have been disabled successfully!', 'all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_error(__('Could not write to the .htaccess file. Please restore your .htaccess file manually using the restore functionality in the ".htaccess File".', 'all-in-one-wp-security-and-firewall'));
}
}
if(isset($_POST['aiowps_save_debug_settings']))//Do form submission tasks
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-save-debug-settings'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed on save debug settings!",4);
die("Nonce check failed on save debug settings!");
}
$aio_wp_security->configs->set_value('aiowps_enable_debug',isset($_POST["aiowps_enable_debug"])?'1':'');
$aio_wp_security->configs->save_config();
$this->show_msg_settings_updated();
}
?>
Follow us on Twitter, Google+ or via Email to stay upto date about the new security features of this plugin.
debug_logger->log_debug("Nonce check failed on htaccess file save!",4);
die("Nonce check failed on htaccess file save!");
}
$htaccess_path = ABSPATH . '.htaccess';
$result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path); //Backup the htaccess file
if ($result)
{
$random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10);
$aiowps_backup_dir = WP_CONTENT_DIR.'/'.AIO_WP_SECURITY_BACKUPS_DIR_NAME;
if (rename($aiowps_backup_dir.'/'.'.htaccess.backup', $aiowps_backup_dir.'/'.$random_prefix.'_htaccess_backup.txt'))
{
echo '
';
_e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.','all-in-one-wp-security-and-firewall');
echo '
';
}
else
{
$aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!",4);
$this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.','all-in-one-wp-security-and-firewall'));
}
}
else
{
$aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!",4);
$this->show_msg_error(__('htaccess backup failed.','all-in-one-wp-security-and-firewall'));
}
}
if(isset($_POST['aiowps_restore_htaccess_button']))//Do form submission tasks
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!",4);
die("Nonce check failed on htaccess file restore!");
}
if (empty($_POST['aiowps_htaccess_file']))
{
$this->show_msg_error(__('Please choose a .htaccess to restore from.', 'all-in-one-wp-security-and-firewall'));
}
else
{
//Let's copy the uploaded .htaccess file into the active root file
$new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']);
//TODO
//Verify that file chosen has contents which are relevant to .htaccess file
$is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path);
if ($is_htaccess == 1)
{
$active_root_htaccess = ABSPATH.'.htaccess';
if (!copy($new_htaccess_file_path, $active_root_htaccess))
{
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!",4);
$this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.','all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
}
}
else
{
$aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!",4);
$this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
}
}
}
?>
'.__('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'all-in-one-wp-security-and-firewall').'
'.__('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
'.__('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'all-in-one-wp-security-and-firewall').'
';
?>
debug_logger->log_debug("Nonce check failed on wp-config file restore!",4);
die("Nonce check failed on wp-config file restore!");
}
if (empty($_POST['aiowps_wp_config_file']))
{
$this->show_msg_error(__('Please choose a wp-config.php file to restore from.', 'all-in-one-wp-security-and-firewall'));
}
else
{
//Let's copy the uploaded wp-config.php file into the active root file
$new_wp_config_file_path = trim($_POST['aiowps_wp_config_file']);
//Verify that file chosen is a wp-config.file
$is_wp_config = $this->check_if_wp_config_contents($new_wp_config_file_path);
if ($is_wp_config == 1)
{
$active_root_wp_config = AIOWPSecurity_Utility_File::get_wp_config_file_path();
if (!copy($new_wp_config_file_path, $active_root_wp_config))
{
//Failed to make a backup copy
$aio_wp_security->debug_logger->log_debug("wp-config.php - Restore from backed up wp-config operation failed!",4);
$this->show_msg_error(__('wp-config.php file restore failed. Please attempt to restore this file manually using FTP.','all-in-one-wp-security-and-firewall'));
}
else
{
$this->show_msg_updated(__('Your wp-config.php file has successfully been restored!', 'all-in-one-wp-security-and-firewall'));
}
}
else
{
$aio_wp_security->debug_logger->log_debug("wp-config.php restore failed - Contents of restore file appear invalid!",4);
$this->show_msg_error(__('wp-config.php Restore operation failed! Please check the contents of the file you are trying to restore from.','all-in-one-wp-security-and-firewall'));
}
}
}
?>
'.__('Your "wp-config.php" file is one of the most important in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.', 'all-in-one-wp-security-and-firewall').'
'.__('This feature allows you to backup and save your currently active wp-config.php file should you need to re-use the the backed up file in the future.', 'all-in-one-wp-security-and-firewall').'
'.__('You can also restore your site\'s wp-config.php settings using a backed up wp-config.php file.', 'all-in-one-wp-security-and-firewall').'
';
?>
debug_logger->log_debug("Nonce check failed on remove wp meta info options save!",4);
die("Nonce check failed on remove wp meta info options save!");
}
$aio_wp_security->configs->set_value('aiowps_remove_wp_generator_meta_info',isset($_POST["aiowps_remove_wp_generator_meta_info"])?'1':'');
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
}
?>
'.__('Wordpress generator automatically adds some meta information inside the "head" tags of every page on your site\'s front end. Below is an example of this:', 'all-in-one-wp-security-and-firewall');
echo ' <meta name="generator" content="WordPress 3.5.1" />';
echo ' '.__('The above meta information shows which version of WordPress your site is currently running and thus can help hackers or crawlers scan your site to see if you have an older version of WordPress or one with a known exploit.', 'all-in-one-wp-security-and-firewall').'
'.__('There are also other ways wordpress reveals version info such as during style and script loading. An example of this is:', 'all-in-one-wp-security-and-firewall').'
<link rel="stylesheet" id="jquery-ui-style-css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/themes/smoothness/jquery-ui.css?ver=4.5.2" type="text/css" media="all" />
'.__('This feature will allow you to remove the WP generator meta info and other version info from your site\'s pages.', 'all-in-one-wp-security-and-firewall').'
';
?>
debug_logger->log_debug("Nonce check failed on import AIOWPS settings!",4);
die("Nonce check failed on import AIOWPS settings!");
}
if (empty($_POST['aiowps_import_settings_file']) && empty($_POST['aiowps_import_settings_text']))
{
$this->show_msg_error(__('Please choose a file to import your settings from.', 'all-in-one-wp-security-and-firewall'));
}
else
{
if (empty($_POST['aiowps_import_settings_file'])) {
$import_from = "text";
} else {
$import_from = "file";
}
if ($import_from == "file") {
//Let's get the uploaded import file path
$submitted_import_file_path = trim($_POST['aiowps_import_settings_file']);
$attachment_id = AIOWPSecurity_Utility_File::get_attachment_id_from_url($submitted_import_file_path); //we'll need this later for deleting
//Verify that file chosen has valid AIOWPS settings contents
$aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_file($submitted_import_file_path);
} else {
//Get the string right from the textarea. Still confirm it's in the expected format.
$aiowps_settings_file_contents = $this->check_if_valid_aiowps_settings_text($_POST['aiowps_import_settings_text']);
}
if ($aiowps_settings_file_contents != -1)
{
//Apply the settings and delete the file (if applicable)
$settings_array = json_decode($aiowps_settings_file_contents, true);
$aiowps_settings_applied = update_option('aio_wp_security_configs', $settings_array);
if (!$aiowps_settings_applied)
{
//Failed to import settings
$aio_wp_security->debug_logger->log_debug("Import AIOWPS settings from " . $import_from . " operation failed!",4);
$this->show_msg_error(__('Import AIOWPS settings from ' . $import_from . ' operation failed!','all-in-one-wp-security-and-firewall'));
if ($import_from == "file") {
//Delete the uploaded settings file for security purposes
wp_delete_attachment( $attachment_id, true );
if ( false === wp_delete_attachment( $attachment_id, true ) ){
$this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
}else{
$this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
}
}
}
else
{
$aio_wp_security->configs->configs = $settings_array; //Refresh the configs global variable
//Just in case user submits partial config settings
//Run add_option_values to make sure any missing config items are at least set to default
AIOWPSecurity_Configure_Settings::add_option_values();
if ($import_from == "file") {
//Delete the uploaded settings file for security purposes
wp_delete_attachment( $attachment_id, true );
if ( false === wp_delete_attachment( $attachment_id, true ) ){
$this->show_msg_updated(__('Your AIOWPS settings were successfully imported via file input.', 'all-in-one-wp-security-and-firewall'));
$this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
}else{
$this->show_msg_updated(__('Your AIOWPS settings were successfully imported. The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
}
} else {
$this->show_msg_updated(__('Your AIOWPS settings were successfully imported via text entry.', 'all-in-one-wp-security-and-firewall'));
}
//Now let's refresh the .htaccess file with any modified rules if applicable
$res = AIOWPSecurity_Utility_Htaccess::write_to_htaccess();
if( !$res )
{
$this->show_msg_error(__('Could not write to the .htaccess file. Please check the file permissions.', 'all-in-one-wp-security-and-firewall'));
}
}
}
else
{
//Invalid settings file
$aio_wp_security->debug_logger->log_debug("The contents of your settings file appear invalid!",4);
$this->show_msg_error(__('The contents of your settings file appear invalid. Please check the contents of the file you are trying to import settings from.','all-in-one-wp-security-and-firewall'));
if ($import_from == "file") {
//Let's also delete the uploaded settings file for security purposes
wp_delete_attachment( $attachment_id, true );
if ( false === wp_delete_attachment( $attachment_id, true ) ){
$this->show_msg_error(__('The deletion of the import file failed. Please delete this file manually via the media menu for security purposes.', 'all-in-one-wp-security-and-firewall'));
}else{
$this->show_msg_updated(__('The file you uploaded was also deleted for security purposes because it contains security settings details.', 'all-in-one-wp-security-and-firewall'));
}
}
}
}
}
?>
'.__('This section allows you to export or import your All In One WP Security & Firewall settings.', 'all-in-one-wp-security-and-firewall');
echo ' '.__('This can be handy if you wanted to save time by applying the settings from one site to another site.', 'all-in-one-wp-security-and-firewall').'
'.__('NOTE: Before importing, it is your responsibility to know what settings you are trying to import. Importing settings blindly can cause you to be locked out of your site.', 'all-in-one-wp-security-and-firewall').'
'.__('For Example: If a settings item relies on the domain URL then it may not work correctly when imported into a site with a different domain.','all-in-one-wp-security-and-firewall').'
';
?>
check_is_aiopws_settings($strText)) {
return stripcslashes($strText);
} else {
return -1;
}
}
function check_is_aiopws_settings($strText) {
if(strpos($strText, 'aiowps_enable_login_lockdown') === FALSE){
return false;
} else {
return true;
}
}
//Checks if valid aiowps settings file and returns contents as string
function check_if_valid_aiowps_settings_file($wp_file)
{
$is_aiopws_settings = false;
$file_contents = file_get_contents($wp_file);
if ($file_contents == '' || $file_contents == NULL || $file_contents == false)
{
return -1;
}
//Check a known aiowps config strings to see if it is contained within this file
$is_aiopws_settings = $this->check_is_aiopws_settings($file_contents);
if ($is_aiopws_settings)
{
return $file_contents;
}
else
{
return -1;
}
}
} //end class