PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.1.0
CloudSecure WP Security v1.1.0
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / cloudsecure-wp.php
cloudsecure-wp-security / modules Last commit date
admin 2 years ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 2 years ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 2 years ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
cloudsecure-wp.php
491 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 require_once __DIR__ . '/common.php';
8 require_once __DIR__ . '/config.php';
9 require_once __DIR__ . '/htaccess.php';
10 require_once __DIR__ . '/login-notification.php';
11 require_once __DIR__ . '/disable-login.php';
12 require_once __DIR__ . '/rename-login-page.php';
13 require_once __DIR__ . '/unify-messages.php';
14 require_once __DIR__ . '/restrict-admin-page.php';
15 require_once __DIR__ . '/disable-xmlrpc.php';
16 require_once __DIR__ . '/disable-author-query.php';
17 require_once __DIR__ . '/disable-restapi.php';
18 require_once __DIR__ . '/update-notice.php';
19 require_once __DIR__ . '/captcha.php';
20 require_once __DIR__ . '/../really-simple-captcha/really-simple-captcha.php';
21 require_once __DIR__ . '/lib/class-time-based-one-time-password.php';
22 require_once __DIR__ . '/login-log.php';
23 require_once __DIR__ . '/two-factor-authentication.php';
24 require_once __DIR__ . '/server-error-notification.php';
25
26 class CloudSecureWP extends CloudSecureWP_Common {
27 private $config;
28 private $htaccess;
29 private $login_notification;
30 private $disable_login;
31 private $rename_login_page;
32 private $unify_messages;
33 private $restrict_admin_page;
34 private $disable_xmlrpc;
35 private $disable_author_query;
36 private $disable_restapi;
37 private $update_notice;
38 private $captcha;
39 private $login_log;
40 private $two_factor_authentication;
41 private $server_error_notification;
42
43 function __construct( array $info ) {
44 parent::__construct( $info );
45 $this->config = new CloudSecureWP_Config( $info );
46 $this->htaccess = new CloudSecureWP_Htaccess( $info );
47 $this->login_notification = new CloudSecureWP_Login_Notification( $info, $this->config );
48 $this->disable_login = new CloudSecureWP_Disable_Login( $info, $this->config );
49 $this->rename_login_page = new CloudSecureWP_Rename_Login_Page( $info, $this->config, $this->htaccess );
50 $this->unify_messages = new CloudSecureWP_Unify_Messages( $info, $this->config, $this->disable_login );
51 $this->restrict_admin_page = new CloudSecureWP_Restrict_Admin_Page( $info, $this->config, $this->htaccess, $this->disable_login );
52 $this->disable_xmlrpc = new CloudSecureWP_Disable_XMLRPC( $info, $this->config, $this->htaccess );
53 $this->disable_author_query = new CloudSecureWP_Disable_Author_Query( $info, $this->config );
54 $this->disable_restapi = new CloudSecureWP_Disable_RESTAPI( $info, $this->config );
55 $this->update_notice = new CloudSecureWP_Update_Notice( $info, $this->config );
56 $this->captcha = new CloudSecureWP_CAPTCHA( $info, $this->config );
57 $this->login_log = new CloudSecureWP_Login_Log( $info, $this->config, $this->disable_login );
58 $this->two_factor_authentication = new CloudSecureWP_Two_Factor_Authentication( $info, $this->config, $this->disable_login );
59 $this->server_error_notification = new CloudSecureWP_Server_Error_Notification( $info, $this->config );
60 }
61
62 /**
63 * プラグイン実行
64 *
65 * @return void
66 */
67 public function run() {
68 if ( ! $this->check_environment() ) {
69 if ( $this->login_notification->is_enabled() ) {
70 $this->login_notification->deactivate();
71 }
72
73 if ( $this->disable_login->is_enabled() ) {
74 $this->disable_login->deactivate();
75 }
76
77 if ( $this->rename_login_page->is_enabled() ) {
78 $this->rename_login_page->deactivate();
79 }
80
81 if ( $this->unify_messages->is_enabled() ) {
82 $this->unify_messages->deactivate();
83 }
84
85 if ( $this->restrict_admin_page->is_enabled() ) {
86 $this->restrict_admin_page->deactivate();
87 }
88
89 if ( $this->disable_xmlrpc->is_enabled() ) {
90 $this->disable_xmlrpc->deactivate();
91 }
92
93 if ( $this->disable_author_query->is_enabled() ) {
94 $this->disable_author_query->deactivate();
95 }
96
97 if ( $this->disable_restapi->is_enabled() ) {
98 $this->disable_restapi->deactivate();
99 }
100
101 if ( $this->update_notice->is_enabled() ) {
102 $this->update_notice->deactivate();
103 }
104
105 if ( $this->captcha->is_enabled() ) {
106 $this->captcha->deactivate();
107 }
108
109 if ( $this->two_factor_authentication->is_enabled() ) {
110 $this->two_factor_authentication->deactivate();
111 }
112
113 if ( $this->server_error_notification->is_enabled() ) {
114 $this->server_error_notification->deactivate();
115 }
116 } else {
117 add_action( 'wp_login', array( $this->login_log, 'wp_login' ), 1, 1 );
118 add_action( 'xmlrpc_call', array( $this->login_log, 'xmlrpc_call' ), 10 );
119 add_action( 'wp_login_failed', array( $this->login_log, 'wp_login_failed' ), 20, 1 );
120
121 if ( $this->login_notification->is_enabled() ) {
122 add_action( 'wp_login', array( $this->login_notification, 'notification' ), 10, 2 );
123 }
124
125 if ( $this->disable_login->is_enabled() ) {
126 add_filter( 'shake_error_codes', array( $this->disable_login, 'shake_error_codes' ) );
127 add_filter( 'authenticate', array( $this->disable_login, 'authenticate' ), 99, 3 );
128 add_action( 'wp_login_failed', array( $this->disable_login, 'wp_login_failed' ), 10, 1 );
129 }
130
131 if ( $this->rename_login_page->is_enabled() ) {
132 if ( $this->htaccess->setting_tag_exists( $this->rename_login_page->get_feature_key() ) ) {
133 remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
134 add_filter( 'login_init', array( $this->rename_login_page, 'login_init' ), 10, 2 );
135 add_filter( 'site_url', array( $this->rename_login_page, 'site_url' ), 10, 4 );
136 add_filter( 'network_site_url', array( $this->rename_login_page, 'network_site_url' ), 10, 3 );
137 add_filter( 'register', array( $this->rename_login_page, 'register' ), 10, 1 );
138 add_filter( 'wp_redirect', array( $this->rename_login_page, 'wp_redirect' ), 10, 2 );
139 add_filter( 'auth_redirect_scheme', array( $this->rename_login_page, 'auth_redirect_scheme' ), 99, 1 );
140
141 } else {
142 $this->rename_login_page->deactivate();
143 }
144 }
145
146 if ( $this->unify_messages->is_enabled() ) {
147 add_filter( 'login_errors', array( $this->unify_messages, 'login_errors' ), 10, 1 );
148 }
149
150 if ( $this->restrict_admin_page->is_enabled() ) {
151 if ( $this->htaccess->setting_tag_exists( $this->restrict_admin_page->get_feature_key() ) ) {
152 add_action( 'wp_login', array( $this->restrict_admin_page, 'update' ), 1, 2 );
153
154 } else {
155 $this->restrict_admin_page->deactivate();
156 }
157 }
158
159 if ( $this->disable_xmlrpc->is_enabled() ) {
160 if ( $this->disable_xmlrpc->is_pingback_disabled() ) {
161 add_filter( 'xmlrpc_methods', array( $this->disable_xmlrpc, 'xmlrpc_methods' ) );
162 }
163
164 if ( $this->disable_xmlrpc->is_xmlrpc_disabled() ) {
165 if ( ! $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
166 $this->disable_xmlrpc->deactivate();
167 }
168 }
169 }
170
171 if ( $this->disable_author_query->is_enabled() ) {
172 add_action( 'init', array( $this->disable_author_query, 'init' ) );
173 }
174
175 if ( $this->disable_restapi->is_enabled() ) {
176 add_filter( 'rest_pre_dispatch', array( $this->disable_restapi, 'rest_pre_dispatch' ), 10, 3 );
177 }
178
179 if ( $this->update_notice->is_enabled() ) {
180 add_action( $this->update_notice->get_cron_key(), array( $this->update_notice, 'update_notice' ) );
181 }
182
183 if ( $this->captcha->is_enabled() && 'xmlrpc.php' !== basename( sanitize_text_field( $_SERVER['SCRIPT_NAME'] ) ) && ! is_admin() ) {
184 add_filter( 'shake_error_codes', array( $this->captcha, 'shake_error_codes' ) );
185
186 if ( $this->captcha->is_login_form_enabled() ) {
187 add_filter( 'login_form', array( $this->captcha, 'login_form' ) );
188 add_action( 'wp_authenticate_user', array( $this->captcha, 'wp_authenticate_user' ), 10, 2 );
189 }
190
191 if ( $this->captcha->is_comment_form_enabled() ) {
192 add_action( 'comment_form_logged_in_after', array( $this->captcha, 'comment_form_default_fields' ), 1 );
193 add_action( 'comment_form_after_fields', array( $this->captcha, 'comment_form_default_fields' ) );
194 add_filter( 'preprocess_comment', array( $this->captcha, 'preprocess_comment' ) );
195 }
196
197 if ( $this->captcha->is_lost_password_form_enabled() ) {
198 add_filter( 'lostpassword_form', array( $this->captcha, 'lostpassword_form' ) );
199 add_filter( 'allow_password_reset', array( $this->captcha, 'allow_password_reset' ), 10, 2 );
200 }
201
202 if ( $this->captcha->is_register_form_enabled() ) {
203 add_action( 'register_form', array( $this->captcha, 'register_form' ) );
204 add_action( 'register_post', array( $this->captcha, 'register_post' ), 10, 3 );
205 }
206 }
207
208 if ( $this->two_factor_authentication->is_enabled() && 'xmlrpc.php' !== basename( $_SERVER['SCRIPT_NAME'] ) && ! is_admin() ) {
209 add_action( 'wp_login', array( $this->two_factor_authentication, 'wp_login' ), 0, 2 );
210 add_action( 'wp_login', array( $this->two_factor_authentication, 'redirect_if_not_two_factor_authentication_registered' ), 10, 2 );
211 }
212
213 if ( $this->server_error_notification->is_enabled() ) {
214 add_filter( 'wp_php_error_args', array( $this->server_error_notification, 'notification' ), 10, 2 );
215 }
216 }
217
218 if ( is_admin() ) {
219 if ( 'rename_login_page' === sanitize_text_field( $_GET['page'] ?? '' ) ) {
220 ob_start();
221 }
222
223 $this->update();
224
225 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
226 }
227 }
228
229 /**
230 * プラグイン有効化
231 */
232 public function activate(): void {
233 $this->config->rm();
234 $this->login_notification->activate();
235 $this->disable_login->activate();
236 $this->rename_login_page->activate();
237 $this->unify_messages->activate();
238 $this->restrict_admin_page->activate();
239 $this->disable_xmlrpc->activate();
240 $this->disable_author_query->activate();
241 $this->disable_restapi->activate();
242 $this->update_notice->activate();
243 $this->captcha->activate();
244 $this->login_log->activate();
245 $this->two_factor_authentication->activate();
246 $this->server_error_notification->activate();
247 }
248
249 /**
250 * プラグイン無効化
251 */
252 public function deactivate(): void {
253 $this->config->load_option();
254 $this->login_notification->deactivate();
255 $this->disable_login->deactivate();
256 $this->rename_login_page->deactivate();
257 $this->unify_messages->deactivate();
258 $this->restrict_admin_page->deactivate();
259 $this->disable_xmlrpc->deactivate();
260 $this->disable_author_query->deactivate();
261 $this->disable_restapi->deactivate();
262 $this->update_notice->deactivate();
263 $this->captcha->deactivate();
264 $this->two_factor_authentication->deactivate();
265 $this->server_error_notification->deactivate();
266 }
267
268 /**
269 * admin menuを追加
270 */
271 public function admin_menu(): void {
272 require_once __DIR__ . '/admin/common.php';
273
274 wp_enqueue_style( 'cloudsecurewp', $this->info['plugin_url'] . 'assets/css/style.css' );
275
276 $slug = 'cloudsecurewp';
277 add_menu_page( $this->info['plugin_name'], $this->info['plugin_name'], 'manage_options', $slug, array( $this, 'dashboard' ), $this->info['plugin_url'] . 'assets/images/plugin-icon.png' );
278 add_submenu_page( $slug, 'ダッシュボード', 'ダッシュボード', 'manage_options', $slug, array( $this, 'dashboard' ) );
279 add_submenu_page( $slug, 'ログイン無効化', 'ログイン無効化', 'manage_options', 'disable_login', array( $this, 'm_disable_login' ) );
280 add_submenu_page( $slug, 'ログインURL変更', 'ログインURL変更', 'manage_options', 'rename_login_page', array( $this, 'm_rename_login_page' ) );
281 add_submenu_page( $slug, 'ログインエラーメッセージ統一', 'ログインエラーメッセージ統一', 'manage_options', 'unify_messages', array( $this, 'm_unify_messages' ) );
282 add_submenu_page( $slug, '管理画面アクセス制限', '管理画面アクセス制限', 'manage_options', 'restrict_admin_page', array( $this, 'm_restrict_admin_page' ) );
283 add_submenu_page( $slug, 'ユーザー名漏えい防止', 'ユーザー名漏えい防止', 'manage_options', 'disable_author_query', array( $this, 'm_disable_author_query' ) );
284 add_submenu_page( $slug, 'XML-RPC無効化', 'XML-RPC無効化', 'manage_options', 'disable_xmlrpc', array( $this, 'm_disable_xmlrpc' ) );
285 add_submenu_page( $slug, 'REST API無効化', 'REST API無効化', 'manage_options', 'disable_restapi', array( $this, 'm_disable_restapi' ) );
286 add_submenu_page( $slug, '画像認証追加', '画像認証追加', 'manage_options', 'captcha', array( $this, 'm_captcha' ) );
287 add_submenu_page( $slug, '2段階認証', '2段階認証', 'manage_options', 'two_factor_authentication', array( $this, 'm_two_factor_authentication' ) );
288 add_submenu_page( $slug, 'ログイン通知', 'ログイン通知', 'manage_options', 'login_notification', array( $this, 'm_login_notification' ) );
289 add_submenu_page( $slug, 'アップデート通知', 'アップデート通知', 'manage_options', 'update_notification', array( $this, 'm_update_notice' ) );
290 add_submenu_page( $slug, 'サーバーエラー通知', 'サーバーエラー通知', 'manage_options', 'server_error_notification', array( $this, 'm_server_error_notification' ) );
291 add_submenu_page( $slug, 'ログイン履歴', 'ログイン履歴', 'manage_options', 'login_log', array( $this, 'm_login_log' ) );
292
293 if ( $this->two_factor_authentication->is_enabled_on_screen() ) {
294 add_menu_page( 'デバイス登録', '2段階認証', 'read', 'two_factor_authentication_registration', array( $this, 'm_two_factor_authentication_registration' ), 'dashicons-lock', 72 );
295 }
296 }
297
298 /**
299 * ダッシュボードページ
300 *
301 * @return void
302 */
303 public function dashboard(): void {
304 require_once 'admin/dashboard.php';
305
306 $datas = array(
307 $this->login_notification->get_feature_key() => $this->config->get( $this->login_notification->get_feature_key() ),
308 $this->disable_login->get_feature_key() => $this->config->get( $this->disable_login->get_feature_key() ),
309 $this->rename_login_page->get_feature_key() => $this->config->get( $this->rename_login_page->get_feature_key() ),
310 $this->unify_messages->get_feature_key() => $this->config->get( $this->unify_messages->get_feature_key() ),
311 $this->restrict_admin_page->get_feature_key() => $this->config->get( $this->restrict_admin_page->get_feature_key() ),
312 $this->disable_xmlrpc->get_feature_key() => $this->config->get( $this->disable_xmlrpc->get_feature_key() ),
313 $this->disable_author_query->get_feature_key() => $this->config->get( $this->disable_author_query->get_feature_key() ),
314 $this->disable_restapi->get_feature_key() => $this->config->get( $this->disable_restapi->get_feature_key() ),
315 $this->update_notice->get_feature_key() => $this->config->get( $this->update_notice->get_feature_key() ),
316 $this->server_error_notification->get_feature_key() => $this->config->get( $this->server_error_notification->get_feature_key() ),
317 $this->captcha->get_feature_key() => $this->config->get( $this->captcha->get_feature_key() ),
318 $this->two_factor_authentication->get_feature_key() => $this->config->get( $this->two_factor_authentication->get_feature_key() ),
319 );
320
321 new CloudSecureWP_Admin_Dashboard( $this->info, $datas );
322 }
323
324 /**
325 * ログイン通知ページ
326 *
327 * @return void
328 */
329 public function m_login_notification(): void {
330 require_once 'admin/login-notification.php';
331 new CloudSecureWP_Admin_Login_Notification( $this->info, $this->login_notification );
332 }
333
334 /**
335 * ログイン無効化ページ
336 *
337 * @return void
338 */
339 public function m_disable_login(): void {
340 require_once 'admin/disable-login.php';
341 new CloudSecureWP_Admin_Disable_Login( $this->info, $this->disable_login );
342 }
343
344 /**
345 * ログインURL変更
346 *
347 * @return void
348 */
349 public function m_rename_login_page(): void {
350 require_once 'admin/rename-login-page.php';
351 new CloudSecureWP_Admin_Rename_Login_Page( $this->info, $this->rename_login_page );
352 }
353
354 /**
355 * エラーメッセージ単一化機能
356 *
357 * @return void
358 */
359 public function m_unify_messages(): void {
360 require_once 'admin/unify-messages.php';
361 new CloudSecureWP_Admin_Unify_Messages( $this->info, $this->unify_messages );
362 }
363
364 /**
365 * 管理画面アクセス制限
366 *
367 * @return void
368 */
369 public function m_restrict_admin_page(): void {
370 require_once 'admin/restrict-admin-page.php';
371 new CloudSecureWP_Admin_Restrict_Admin_Page( $this->info, $this->restrict_admin_page );
372 }
373
374 /**
375 * XMLRPC無効化
376 *
377 * @return void
378 */
379 public function m_disable_xmlrpc(): void {
380 require_once 'admin/disable-xmlrpc.php';
381 new CloudSecureWP_Admin_Disable_XMLRPC( $this->info, $this->disable_xmlrpc );
382 }
383
384 /**
385 * ユーザー名漏えい防止
386 *
387 * @return void
388 */
389 public function m_disable_author_query(): void {
390 require_once 'admin/disable-author-query.php';
391 new CloudSecureWP_Admin_Disable_Author_Query( $this->info, $this->disable_author_query );
392 }
393
394 /**
395 * REST API無効化
396 *
397 * @return void
398 */
399 public function m_disable_restapi(): void {
400 require_once 'admin/disable-restapi.php';
401 new CloudSecureWP_Admin_Disable_RESTAPI( $this->info, $this->disable_restapi );
402 }
403
404 /**
405 * アップデート通知
406 *
407 * @return void
408 */
409 public function m_update_notice(): void {
410 require_once 'admin/update-notice.php';
411 new CloudSecureWP_Admin_Update_Notice( $this->info, $this->update_notice );
412 }
413
414 /**
415 * 画像認証追加
416 *
417 * @return void
418 */
419 public function m_captcha(): void {
420 require_once 'admin/captcha.php';
421 new CloudSecureWP_Admin_CAPTCHA( $this->info, $this->captcha );
422 }
423
424 /**
425 * ログイン履歴
426 *
427 * @return void
428 */
429 public function m_login_log(): void {
430 require_once 'admin/login-log.php';
431 require_once 'admin/login-log-table.php';
432 new CloudSecureWP_Admin_Login_Log( $this->info, $this->login_log );
433 }
434
435 /**
436 * 2段階認証
437 *
438 * @return void
439 */
440 public function m_two_factor_authentication(): void {
441 require_once 'admin/two-factor-authentication.php';
442 new CloudSecureWP_Admin_Two_Factor_Authentication( $this->info, $this->two_factor_authentication );
443 }
444
445 /**
446 * 2段階認証のデバイス登録
447 *
448 * @return void
449 */
450 public function m_two_factor_authentication_registration(): void {
451 require_once 'admin/two-factor-authentication-registration.php';
452 new CloudSecureWP_Admin_Two_Factor_Authentication_Registration( $this->info, $this->two_factor_authentication );
453 }
454
455 /**
456 * サーバーエラー通知
457 *
458 * @return void
459 */
460 public function m_server_error_notification(): void {
461 require_once 'admin/server-error-notification.php';
462 require_once 'admin/server-error-table.php';
463 new CloudSecureWP_Admin_Server_Error_Notification( $this->info, $this->server_error_notification );
464 }
465
466 /**
467 * プラグイン更新時の処理
468 *
469 */
470 private function update(): void {
471 $old_version = $this->config->get( 'version' );
472 $now_version = $this->info['version'];
473
474 if ( empty( $old_version ) ) {
475 $old_version = '1.0.0';
476 }
477
478 if ( 0 <= version_compare( $old_version, $now_version ) ) {
479 return;
480 }
481
482 if ( version_compare( $old_version, '1.1.1' ) < 0 ) {
483 $this->two_factor_authentication->activate();
484 $this->server_error_notification->activate();
485 }
486
487 $this->config->set( 'version', $now_version );
488 $this->config->save();
489 }
490 }
491