<?php
if ( ! class_exists( 'bwps_admin_common' ) ) {
class bwps_admin_common extends bit51_bwps {
/**
* Redirects to homepage if awaymode is active
*
**/
function awaycheck() {
global $bwps;
if( $bwps->checkaway() ) {
wp_redirect( get_option( 'siteurl' ) );
wp_clear_auth_cookie();
}
}
/**
* Changes user id of given user
*
* Changes the WordPress user id of the user given
*
* @param $username sting the username to change
* @return bool success or failure
*
**/
function changeuserid() {
global $wpdb;
$user = get_user_by( 'id', '1' );
if ( $user === false ) {
return false;
}
$wpdb->query( "DELETE FROM `" . $wpdb->users . "` WHERE ID = 1;" );
$wpdb->insert(
$wpdb->users,
array(
'user_login' => $user->user_login,
'user_pass' => $user->user_pass,
'user_nicename' => $user->user_nicename,
'user_email' => $user->user_email,
'user_url' => $user->user_url,
'user_registered' => $user->user_registered,
'user_activation_key' => $user->user_activation_key,
'user_status' => $user->user_status,
'display_name' => $user->display_name
)
);
$newUser = $wpdb->insert_id;
$wpdb->query( "UPDATE `" . $wpdb->posts . "` SET post_author = '" . $newUser . "' WHERE post_author = 1;" );
$wpdb->query( "UPDATE `" . $wpdb->usermeta . "` SET user_id = '" . $newUser . "' WHERE user_id = 1;" );
$wpdb->query( "UPDATE `" . $wpdb->comments . "` SET user_id = '" . $newUser . "' WHERE user_id = 1;" );
$wpdb->query( "UPDATE `" . $wpdb->links . "` SET link_owner = '" . $newUser . "' WHERE link_owner = 1;" );
return true;
}
/**
* Determine if one-click protection has been activated
*
* @return bool success or failure
*
**/
function checkoneclick() {
global $bwpsoptions, $bwpsmemlimit;
if ( $bwpsoptions['id_fileenabled'] == 0 && $bwpsmemlimit >= 128 ) {
$idfilecheck = 0;
} else {
$idfilecheck = 1;
}
if ( $bwpsoptions['ll_enabled'] == 1 && $bwpsoptions['id_enabled'] == 1 && $bwpsoptions['st_generator'] == 1 && $bwpsoptions['st_manifest'] == 1 && $bwpsoptions['st_themenot'] == 1 && $bwpsoptions['st_pluginnot'] == 1 && $bwpsoptions['st_corenot'] == 1 && $bwpsoptions['st_enablepassword'] == 1 && $bwpsoptions['st_loginerror'] == 1 && $idfilecheck == 1 ) {
return true;
} else {
return false;
}
}
/**
* Deletes BWPS options from .htaccess
*
* Deletes all possible BWPS options from .htaccess and cleans for rewrite
*
* @return int -1 for failure, 1 for success
*
**/
function deletehtaccess( $section = 'Better WP Security' ) {
global $bwpsoptions;
$htaccess = ABSPATH . '.htaccess';
@ini_set( 'auto_detect_line_endings', true );
if ( ! file_exists( $htaccess ) ) {
$ht = @fopen( $htaccess, 'a+' );
@fclose( $ht );
}
$markerdata = explode( PHP_EOL, implode( '', file( $htaccess ) ) ); //parse each line of file into array
if ( $markerdata ) { //as long as there are lines in the file
$state = true;
if ( ! $f = @fopen( $htaccess, 'w+' ) ) {
@chmod( $htaccess, 0644 );
if ( ! $f = @fopen( $htaccess, 'w+' ) ) {
return -1;
}
}
foreach ( $markerdata as $n => $markerline ) { //for each line in the file
if ( strpos( $markerline, '# BEGIN ' . $section ) !== false ) { //if we're at the beginning of the section
$state = false;
}
if ( $state == true ) { //as long as we're not in the section keep writing
fwrite( $f, trim( $markerline ) . PHP_EOL );
}
if ( strpos( $markerline, '# END ' . $section ) !== false ) { //see if we're at the end of the section
$state = true;
}
}
@fclose( $f );
if ( $bwpsoptions['st_fileperm'] == 1 ) {
@chmod( $htaccess, 0444 );
}
return 1;
}
return 1; //nothing to write
}
/**
* Deletes BWPS options from wp-config
*
* Deletes all possible BWPS options from wp-config and cleans for rewrite
*
* @return int -1 for failure, 1 for success
*
**/
function deletewpconfig() {
global $bwpsoptions;
$configfile = $this->getConfig();
@ini_set( 'auto_detect_line_endings', true );
$lines = explode( PHP_EOL, implode( '', file( $configfile ) ) );
if ( isset( $lines ) ) { //as long as there are lines in the file
$state = true;
if ( ! $f = @fopen( $configfile, 'w+' ) ) {
@chmod( $configfile, 0644 );
if ( ! $f = @fopen( $configfile, 'w+' ) ) {
return -1;
}
}
foreach ( $lines as $line ) { //for each line in the file
if ( ! strstr( $line, 'BWPS_FILECHECK' ) && ! strstr( $line, 'BWPS_AWAY_MODE' ) && ! strstr( $line, 'DISALLOW_FILE_EDIT' ) && ! strstr( $line, 'FORCE_SSL_LOGIN' ) && ! strstr( $line, 'FORCE_SSL_ADMIN' ) ) {
fwrite( $f, trim( $line ) . PHP_EOL );
}
}
@fclose( $f );
if ( $bwpsoptions['st_fileperm'] == 1 ) {
@chmod( $configfile, 0444 );
}
return 1;
}
return 1; //nothing to write
}
/**
* Gets location of wp-config.php
*
* Finds and returns path to wp-config.php
*
* @return string path to wp-config.php
*
**/
function getConfig() {
if ( file_exists( trailingslashit( ABSPATH ) . 'wp-config.php' ) ) {
return trailingslashit( ABSPATH ) . 'wp-config.php';
} else {
return trailingslashit( dirname( ABSPATH ) ) . 'wp-config.php';
}
}
/**
* Generates rewrite rules
*
* Generates rewrite rules for use in Apache or NGINX
*
* @return string|boolean Rewrite rules or false if unsupported server
*
**/
function getrules() {
global $bwpsoptions;
@ini_set( 'auto_detect_line_endings', true );
//figure out what server they're using
if ( strstr( strtolower( filter_var( $_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING ) ), 'apache' ) ) {
$bwpsserver = 'apache';
} else if ( strstr( strtolower( filter_var( $_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING ) ), 'nginx' ) ) {
$bwpsserver = 'nginx';
} else if ( strstr( strtolower( filter_var( $_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING ) ), 'litespeed' ) ) {
$bwpsserver = 'litespeed';
} else { //unsupported server
return false;
}
$rules = '';
//remove directory indexing
if ( $bwpsoptions['st_ht_browsing'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "Options -Indexes" . PHP_EOL . PHP_EOL;
}
}
//ban hosts
if ( $bwpsoptions['bu_blacklist'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$blacklist = file_get_contents( plugin_dir_path( __FILE__ ) . 'hackrepair-apache.inc' );
} else {
$blacklist = file_get_contents( plugin_dir_path( __FILE__ ) . 'hackrepair-nginx.inc' );
}
$rules .= $blacklist . PHP_EOL;
}
if ( $bwpsoptions['bu_enabled'] == 1 ) {
$hosts = explode( PHP_EOL, $bwpsoptions['bu_banlist'] );
if ( ! empty( $hosts ) && ! ( sizeof( $hosts ) == 1 && trim( $hosts[0] ) == '' ) ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "Order allow,deny" . PHP_EOL .
"Allow from all" . PHP_EOL;
}
$phosts = array();
foreach ( $hosts as $host ) {
$host = trim( $host );
if ( ! in_array( $host, $phosts ) ) {
if ( strstr( $host, '*' ) ) {
$parts = array_reverse ( explode( '.', $host ) );
$netmask = 32;
foreach ( $parts as $part ) {
if ( strstr( trim( $part ), '*' ) ) {
$netmask = $netmask - 8;
}
}
$dhost = trim( str_replace('*', '0', implode( '.', array_reverse( $parts ) ) ) . '/' . $netmask );
if ( strlen( $dhost ) > 4 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$trule = "Deny from " . $dhost . PHP_EOL;
if ( trim( $trule ) != 'Deny From' ) {
$rules .= $trule;
}
} else {
$rules .= "\tdeny " . $dhost . ';' . PHP_EOL;
}
}
} else {
$dhost = trim( $host );
if ( strlen( $dhost ) > 4 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "Deny from " . $dhost . PHP_EOL;
} else {
$rules .= "\tdeny " . $dhost. ";" . PHP_EOL;
}
}
}
}
$phosts[] = $host;
}
}
}
//lockdown files
if ( $bwpsoptions['st_ht_files'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .=
"<files .htaccess>" . PHP_EOL .
"Order allow,deny" . PHP_EOL .
"Deny from all" . PHP_EOL .
"</files>" . PHP_EOL . PHP_EOL .
"<files readme.html>" . PHP_EOL .
"Order allow,deny" . PHP_EOL .
"Deny from all" . PHP_EOL .
"</files>" . PHP_EOL . PHP_EOL .
"<files readme.txt>" . PHP_EOL .
"Order allow,deny" . PHP_EOL .
"Deny from all" . PHP_EOL .
"</files>" . PHP_EOL . PHP_EOL .
"<files install.php>" . PHP_EOL .
"Order allow,deny" . PHP_EOL .
"Deny from all" . PHP_EOL .
"</files>" . PHP_EOL . PHP_EOL .
"<files wp-config.php>" . PHP_EOL .
"Order allow,deny" . PHP_EOL .
"Deny from all" . PHP_EOL .
"</files>" . PHP_EOL . PHP_EOL;
} else {
$rules .=
"\tlocation ~ /\.ht { deny all; }" . PHP_EOL .
"\tlocation ~ wp-config.php { deny all; }" . PHP_EOL .
"\tlocation ~ readme.html { deny all; }" . PHP_EOL .
"\tlocation ~ readme.txt { deny all; }" . PHP_EOL .
"\tlocation ~ /install.php { deny all; }" . PHP_EOL;
}
}
//start mod_rewrite rules
if ( $bwpsoptions['st_ht_request'] == 1 || $bwpsoptions['st_comment'] == 1 || $bwpsoptions['st_ht_query'] == 1 || $bwpsoptions['hb_enabled'] == 1 || ( $bwpsoptions['bu_enabled'] == 1 && strlen( $bwpsoptions['bu_banagent'] ) > 0 ) ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "<IfModule mod_rewrite.c>" . PHP_EOL .
"RewriteEngine On" . PHP_EOL . PHP_EOL;
} else {
$rules .=
"\tset \$susquery 0;" . PHP_EOL .
"\tset \$rule_2 0;" . PHP_EOL .
"\tset \$rule_3 0;" . PHP_EOL;
}
}
//ban hosts and agents
if ( $bwpsoptions['bu_enabled'] == 1 && strlen( $bwpsoptions['bu_banagent'] ) > 0 ) {
$agents = explode( PHP_EOL, $bwpsoptions['bu_banagent'] );
if ( ! empty( $agents ) && ! ( sizeof( $agents ) == 1 && trim( $agents[0] ) == '' ) ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$count = 1;
foreach ( $agents as $agent ) {
$rules .= "RewriteCond %{HTTP_USER_AGENT} ^" . trim( $agent );
if ( $count < sizeof( $agents ) ) {
$rules .= " [NC,OR]" . PHP_EOL;
$count++;
} else {
$rules .= " [NC]" . PHP_EOL;
}
}
$rules .= "RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
} else {
$count = 1;
$alist = '';
foreach ( $agents as $agent ) {
$alist .= trim( $agent );
if ( $count < sizeof( $agents ) ) {
$alist .= '|';
$count++;
}
}
$rules .=
"\tif (\$http_user_agent ~* " . $alist . ") { return 403; }" . PHP_EOL;
}
}
}
if ( $bwpsoptions['st_ht_files'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "RewriteRule ^wp-admin/includes/ - [F,L]" . PHP_EOL .
"RewriteRule !^wp-includes/ - [S=3]" . PHP_EOL .
"RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php" . PHP_EOL .
"RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]" . PHP_EOL .
"RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]" . PHP_EOL .
"RewriteRule ^wp-includes/theme-compat/ - [F,L]" . PHP_EOL . PHP_EOL;
} else {
$rules .=
"\trewrite ^wp-includes/(.*).php /not_found last;" . PHP_EOL .
"\trewrite ^/wp-admin/includes(.*)$ /not_found last;" . PHP_EOL;
}
}
if ( $bwpsoptions['st_ht_request'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]" . PHP_EOL .
"RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
} else {
$rules .=
"\tif (\$request_method ~* \"^(TRACE|DELETE|TRACK)\"){ return 403; }" . PHP_EOL;
}
}
if ( $bwpsoptions['st_comment'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "RewriteCond %{REQUEST_METHOD} POST" . PHP_EOL .
"RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*" . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^" . $this->topdomain( get_option( 'siteurl' ) ) . ".* " . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]" . PHP_EOL .
"RewriteCond %{HTTP_USER_AGENT} ^$" . PHP_EOL .
"RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
} else {
$rules .=
"\tlocation /wp-comments-post.php {" . PHP_EOL .
"\t\tvalid_referers jetpack.wordpress.com/jetpack-comment/ " . $this->topdomain( get_option( 'siteurl' ), false ) . ";" . PHP_EOL .
"\t\tset \$rule_0 0;" . PHP_EOL .
"\t\tif (\$request_method ~ \"POST\"){ set \$rule_0 1\$rule_0; }" . PHP_EOL .
"\t\tif (\$invalid_referer) { set \$rule_0 2\$rule_0; }" . PHP_EOL .
"\t\tif (\$http_user_agent ~ \"^$\"){ set \$rule_0 3\$rule_0; }" . PHP_EOL .
"\t\tif (\$rule_0 = \"3210\") { return 403; }" . PHP_EOL .
"\t}";
}
}
//filter suspicious queries
if ( $bwpsoptions['st_ht_query'] == 1 ) {
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ftp\: [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} http\: [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} https\: [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|\"|;|\?|\*|=$).* [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^.*(request|select|concat|insert|union|declare).* [NC]" . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^loggedout=true" . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^action=rp" . PHP_EOL .
"RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$" . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$" . PHP_EOL .
"RewriteRule ^(.*)$ - [F,L]" . PHP_EOL . PHP_EOL;
} else {
$rules .=
"\tif (\$args ~* \"\\.\\./\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \".(bash|git|hg|log|svn|swp|cvs)\") { set \$susquery 1; }" .PHP_EOL .
"\tif (\$args ~* \"etc/passwd\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"boot.ini\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"ftp:\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"http:\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"https:\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"(<|%3C).*script.*(>|%3E)\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"mosConfig_[a-zA-Z_]{1,21}(=|%3D)\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"base64_encode\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"(%24&x)\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"(\\[|\\]|\\(|\\)|<|>|ê|\\\"|;|\?|\*|=$)\"){ set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"("|'|<|>|\|{|||%24&x)\"){ set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"(%0|%A|%B|%C|%D|%E|%F|127.0)\") { set \$susquery 1; }" . PHP_EOL .
"\tif (\$args ~* \"(globals|encode|localhost|loopback)\") { set \$susquery 1; }" .PHP_EOL .
"\tif (\$args ~* \"(request|select|insert|concat|union|declare)\") { set \$susquery 1; }" . PHP_EOL;
}
}
if ( $bwpsserver == 'nginx' ) {
$rules .=
"\tif (\$http_cookie !~* \"wordpress_logged_in_\" ) {" . PHP_EOL .
"\t\tset \$susquery 2\$susquery;" . PHP_EOL .
"\t\tset \$rule_2 1;" . PHP_EOL .
"\t\tset \$rule_3 1;" . PHP_EOL .
"\t}" . PHP_EOL .
"\tif (\$args !~ \"^loggedout=true\") { set \$susquery 3\$susquery; }" . PHP_EOL;
"\tif (\$args !~ \"^action=rp\") { set \$susquery 4\$susquery; }" . PHP_EOL;
}
if ( $bwpsoptions['st_ht_query'] == 1 ) {
if ( $bwpsserver == 'nginx' ) {
$rules .=
"\tif (\$susquery = 4321) { return 403; }" . PHP_EOL;
}
}
//hide backend rules
if ( $bwpsoptions['hb_enabled'] == 1 ) {
//get the slugs
$login = $bwpsoptions['hb_login'];
$admin = $bwpsoptions['hb_admin'];
$register = $bwpsoptions['hb_register'];
//generate the key
$key = $bwpsoptions['hb_key'];
//get the domain without subdomain
$reDomain = $this->topdomain( get_option( 'siteurl' ) );
$siteurl = explode( '/', get_option( 'siteurl' ) );
if ( isset ( $siteurl[3] ) ) {
$dir = '/' . $siteurl[3] . '/';
} else {
$dir = '/';
}
//hide wordpress backend
if ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) {
$rules .= "RewriteRule ^" . $login . "/?$ " . $dir . "wp-login.php?" . $key . " [R,L]" . PHP_EOL . PHP_EOL .
"RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$" . PHP_EOL .
"RewriteRule ^" . $admin . "/?$ " . $dir . "wp-login.php?" . $key . "&redirect_to=" . $dir . "wp-admin/ [R,L]" . PHP_EOL . PHP_EOL .
"RewriteRule ^" . $admin . "/?$ " . $dir . "wp-admin/?" . $key . " [R,L]" . PHP_EOL . PHP_EOL .
"RewriteRule ^" . $register . "/?$ " . $dir . "wp-login.php?" . $key . "&action=register [R,L]" . PHP_EOL . PHP_EOL .
"RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php" . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^" . $reDomain . $dir . "wp-admin" . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^" . $reDomain . $dir . "wp-login\.php" . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^" . $reDomain . $dir . $login . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^" . $reDomain . $dir . $admin . PHP_EOL .
"RewriteCond %{HTTP_REFERER} !^" . $reDomain . $dir . $register . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^" . $key . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^action=logout" . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^action=rp" . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^action=register" . PHP_EOL .
"RewriteCond %{QUERY_STRING} !^action=postpass" . PHP_EOL .
"RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$" . PHP_EOL .
"RewriteRule ^.*wp-admin/?|^.*wp-login\.php " . $dir . "not_found [R,L]" . PHP_EOL . PHP_EOL .
"RewriteCond %{QUERY_STRING} ^loggedout=true" . PHP_EOL .
"RewriteRule ^.*$ " . $dir . "wp-login.php?" . $key . " [R,L]" . PHP_EOL;
} else {
$rules .=
"\trewrite ^" . $dir . $login . "/?$ " . $dir . "wp-login.php?" . $key . " redirect;" . PHP_EOL .
"\tif (\$rule_2 = 1) { rewrite ^" . $dir . $admin . "/?$ " . $dir . "wp-login.php?" . $key . "&redirect_to=/wp-admin/ redirect; }" . PHP_EOL .
"\tif (\$rule_2 = 0) { rewrite ^" . $dir . $admin . "/?$ " . $dir . "wp-admin/?" . $key . " redirect; }" . PHP_EOL .
"\trewrite ^" . $dir . $register . "/?$ " . $dir . "wp-login.php?" . $key . "&action=register redirect;" . PHP_EOL .
"\tif (\$uri !~ \"^(.*)admin-ajax.php\") { set \$rule_3 2\$rule_3; }" . PHP_EOL .
"\tif (\$http_referer !~* wp-admin ) { set \$rule_3 3\$rule_3; }" . PHP_EOL .
"\tif (\$http_referer !~* wp-login.php ) { set \$rule_3 4\$rule_3; }" . PHP_EOL .
"\tif (\$http_referer !~* " . $login . " ) { set \$rule_3 5\$rule_3; }" . PHP_EOL .
"\tif (\$http_referer !~* " . $admin . " ) { set \$rule_3 6\$rule_3; }" . PHP_EOL .
"\tif (\$http_referer !~* " . $register . " ) { set \$rule_3 7\$rule_3; }" . PHP_EOL .
"\tif (\$args !~ \"^action=logout\") { set \$rule_3 8\$rule_3; }" . PHP_EOL .
"\tif (\$args !~ \"^" . $key . "\") { set \$rule_3 9\$rule_3; }" . PHP_EOL .
"\tif (\$args !~ \"^action=rp\") { set \$rule_3 0\$rule_3; }" . PHP_EOL .
"\tif (\$args !~ \"^action=register\") { set \$rule_3 a\$rule_3; }" . PHP_EOL .
"\tif (\$args !~ \"^action=postpass\") { set \$rule_3 b\$rule_3; }" . PHP_EOL .
"\tif (\$rule_3 = ba0987654321) {" . PHP_EOL .
"\t\trewrite ^(.*/)?wp-login.php " . $dir . "not_found redirect;" . PHP_EOL .
"\t\trewrite ^" . $dir . "wp-admin(.*)$ " . $dir . "not_found redirect;" . PHP_EOL .
"\t}" . PHP_EOL;
}
}
//close mod_rewrite
if ( $bwpsoptions['st_ht_request'] == 1 || $bwpsoptions['st_comment'] == 1 || $bwpsoptions['st_ht_query'] == 1 || $bwpsoptions['hb_enabled'] == 1 || ( $bwpsoptions['bu_enabled'] == 1 && strlen( $bwpsoptions['bu_banagent'] ) > 0 ) ) {
if ( ( $bwpsserver == 'apache' || $bwpsserver == 'litespeed' ) ) {
$rules .= "</IfModule>" . PHP_EOL;
}
}
//add markers if we have rules
if ( $rules != '' ) {
$rules = "# BEGIN Better WP Security" . PHP_EOL . $rules . "# END Better WP Security" . PHP_EOL;
}
return implode( PHP_EOL, array_diff( explode( PHP_EOL, $rules ), array( 'Deny from ', 'Deny from' ) ) );
}
/**
* Generates wp-confing rules
*
* Generates wp-confing rules
*
* @return string wp-confing rules
*
**/
function getwpcontent() {
global $bwpsoptions;
@ini_set( 'auto_detect_line_endings', true );
if ( $bwpsoptions['id_fileenabled'] == 1 || $bwpsoptions['am_enabled'] == 1 || $bwpsoptions['st_fileedit'] == 1 || $bwpsoptions['ssl_forcelogin'] == 1 || $bwpsoptions['ssl_forceadmin'] == 1 ) {
$rules = "//BEGIN Better WP Security" . PHP_EOL;
if ( $bwpsoptions['st_fileedit'] == 1 ) {
$rules .= "define( 'DISALLOW_FILE_EDIT', true );" . PHP_EOL;
}
if ( $bwpsoptions['ssl_forcelogin'] == 1 ) {
$rules .= "define( 'FORCE_SSL_LOGIN', true );" . PHP_EOL;
}
if ( $bwpsoptions['ssl_forceadmin'] == 1 ) {
$rules .= "define( 'FORCE_SSL_ADMIN', true );" . PHP_EOL;
}
if ( $bwpsoptions['am_enabled'] == 1 ) {
$rules .= "define( 'BWPS_AWAY_MODE', true );" . PHP_EOL;
}
if ( $bwpsoptions['id_fileenabled'] == 1 ) {
$rules .= "define( 'BWPS_FILECHECK', true );" . PHP_EOL;
}
$rules .= "//END Better WP Security" . PHP_EOL;
} else {
$rules = '';
}
return $rules;
}
/**
* Generates secret key
*
* Generates secret key for hide backend function
*
* @return string key
*
**/
function hidebe_genKey() {
$size = 20; //length of key
$chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; //available characters
srand( ( double ) microtime() * 1000000 ); //random seed
$pass = '' ;
for ( $i = 0; $i <= $size; $i++ ) {
$num = rand() % 33;
$tmp = substr( $chars, $num, 1 );
$pass = $pass . $tmp;
}
return $pass;
}
/**
* Download the 404 log in .csv format
*
**/
function log404csv() {
global $wpdb;
@header( 'Content-type: text/x-csv' );
@header( 'Content-Transfer-Encoding: binary' );
@header( 'Content-Disposition: attachment; filename=404errors.csv' );
@header( 'Cache-Control: no-cache, must-revalidate' );
@header( 'Expires: Thu, 22 Jun 1978 00:28:00 GMT' );
@ini_set( 'auto_detect_line_endings', true );
$headers = array(
'url',
'time',
'host',
'referrer'
);
$errors = $wpdb->get_results( "SELECT url, timestamp, host, referrer, url FROM `" . $wpdb->base_prefix . "bwps_log` WHERE `type` = 2;", ARRAY_A );
array_unshift( $errors, $headers );
foreach ( $errors as $error ) {
foreach ( $error as $attr ) {
echo $attr . ',';
}
echo PHP_EOL;
}
exit;
}
/**
* Return primary domain from given url
*
* Returns primary domsin name (without subdomains) of given URL
*
* @param string $address address to filter
* @param boolean $apache[true] does this require an apache style wildcard
* @return string domain name
*
**/
function topdomain( $address, $apache = true ) {
preg_match( "/^(http:\/\/)?([^\/]+)/i", $address, $matches );
$host = $matches[2];
preg_match( "/[^\.\/]+\.[^\.\/]+$/", $host, $matches );
if ( $apache == true ) {
$wc = '(.*)';
} else {
$wc = '*.';
}
return $wc . $matches[0] ;;
}
/**
* Checks if user exists
*
* Checks to see if WordPress user with given username or user id exists
*
* @param string $username login username or user id of user to check
* @return bool true if user exists otherwise false
*
**/
function user_exists( $username ) {
global $wpdb;
//return false if username is null
if ( $username == '' ) {
return false;
}
//queary the user table to see if the user is there
$user = $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login = '%s';", sanitize_text_field( $username ) ) );
$userid = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM `" . $wpdb->users . "` WHERE ID='%s';", sanitize_text_field( $username ) ) );
if ( $user == $username || $userid == $username ) {
return true;
} else {
return false;
}
}
/**
* Writes .htaccess options
*
* Writes various Better WP Security options to the .htaccess file
*
* @return int Write results -1 for error, 1 for success
*
**/
function writehtaccess() {
global $bwpsoptions;
//clean up old rules first
if ( $this->deletehtaccess() == -1 ) {
return -1; //we can't write to the file
}
$htaccess = ABSPATH . '.htaccess';
//get the subdirectory if it is installed in one
$siteurl = explode( '/', get_option( 'siteurl' ) );
if ( isset ( $siteurl[3] ) ) {
$dir = '/' . $siteurl[3] . '/';
} else {
$dir = '/';
}
if ( ! $f = @fopen( $htaccess, 'a+' ) ) {
@chmod( $htaccess, 0644 );
if ( ! $f = @fopen( $htaccess, 'a+' ) ) {
return -1;
}
}
@ini_set( 'auto_detect_line_endings', true );
$ht = explode( PHP_EOL, implode( '', file( $htaccess ) ) ); //parse each line of file into array
$rules = $this->getrules();
$rulesarray = explode( PHP_EOL, $rules );
$contents = array_merge( $rulesarray, $ht );
if ( ! $f = @fopen( $htaccess, 'w+' ) ) {
return -1; //we can't write to the file
}
$blank = false;
//write each line to file
foreach ( $contents as $insertline ) {
if ( trim( $insertline ) == '' ) {
if ( $blank == false ) {
fwrite( $f, PHP_EOL . trim( $insertline ) );
}
$blank = true;
} else {
$blank = false;
fwrite( $f, PHP_EOL . trim( $insertline ) );
}
}
@fclose( $f );
if ( $bwpsoptions['st_fileperm'] == 1 ) {
@chmod( $htaccess, 0444 );
}
return 1; //success
}
/**
* Writes wp-config.php options
*
* Writes various Better WP Security options to the wp-config.php file
*
* @return int Write results -1 for error, 1 for success
*
**/
function writewpconfig() {
global $bwpsoptions;
//clear the old rules first
if ( $this->deletewpconfig() == -1 ) {
return -1; //we can't write to the file
}
$lines = '';
$configfile = $this->getconfig();
@ini_set( 'auto_detect_line_endings', true );
$config = explode( PHP_EOL, implode( '', file( $configfile ) ) );
if ( $bwpsoptions['st_fileedit'] == 1 ) {
$lines .= "define( 'DISALLOW_FILE_EDIT', true );" . PHP_EOL . PHP_EOL;
}
if ( $bwpsoptions['ssl_forcelogin'] == 1 ) {
$lines .= "define( 'FORCE_SSL_LOGIN', true );" . PHP_EOL;
}
if ( $bwpsoptions['ssl_forceadmin'] == 1 ) {
$lines .= "define( 'FORCE_SSL_ADMIN', true );" . PHP_EOL . PHP_EOL;
}
if ( $bwpsoptions['am_enabled'] == 1 ) {
$lines .= "define( 'BWPS_AWAY_MODE', true );" . PHP_EOL;
}
if ( $bwpsoptions['id_fileenabled'] == 1 ) {
$lines .= "define( 'BWPS_FILECHECK', true );" . PHP_EOL;
}
if ( ! $f = @fopen( $configfile, 'w+' ) ) {
@chmod( $configfile, 0644 );
if ( ! $f = @fopen( $configfile, 'w+' ) ) {
return -1;
}
}
$blank = false;
//rewrite each appropriate line
foreach ($config as $line) {
if ( strstr( $line, "<?php" ) ) {
$line = $line . PHP_EOL . PHP_EOL . $lines; //paste ending
}
if ( trim( $line ) == '' ) {
if ( $blank == false ) {
fwrite( $f, PHP_EOL . trim( $line ) );
}
$blank = true;
} else {
$blank = false;
if ( strstr( $line, '<?php' ) ) {
fwrite( $f, trim( $line ) );
} else {
fwrite( $f, PHP_EOL . trim( $line ) );
}
}
}
@fclose( $f );
if ( $bwpsoptions['st_fileperm'] == 1 ) {
@chmod( $configfile, 0444 );
}
return 1; //success
}
}
}