PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.1.2
CloudSecure WP Security v1.1.2
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / cloudsecure-wp.php
cloudsecure-wp-security / modules Last commit date
admin 2 years ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 2 years ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 2 years ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
cloudsecure-wp.php
494 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 require_once __DIR__ . '/common.php';
8 require_once __DIR__ . '/config.php';
9 require_once __DIR__ . '/htaccess.php';
10 require_once __DIR__ . '/login-notification.php';
11 require_once __DIR__ . '/disable-login.php';
12 require_once __DIR__ . '/rename-login-page.php';
13 require_once __DIR__ . '/unify-messages.php';
14 require_once __DIR__ . '/restrict-admin-page.php';
15 require_once __DIR__ . '/disable-xmlrpc.php';
16 require_once __DIR__ . '/disable-author-query.php';
17 require_once __DIR__ . '/disable-restapi.php';
18 require_once __DIR__ . '/update-notice.php';
19 require_once __DIR__ . '/captcha.php';
20 require_once __DIR__ . '/../really-simple-captcha/really-simple-captcha.php';
21 require_once __DIR__ . '/lib/class-time-based-one-time-password.php';
22 require_once __DIR__ . '/login-log.php';
23 require_once __DIR__ . '/two-factor-authentication.php';
24 require_once __DIR__ . '/server-error-notification.php';
25
26 class CloudSecureWP extends CloudSecureWP_Common {
27 private $config;
28 private $htaccess;
29 private $login_notification;
30 private $disable_login;
31 private $rename_login_page;
32 private $unify_messages;
33 private $restrict_admin_page;
34 private $disable_xmlrpc;
35 private $disable_author_query;
36 private $disable_restapi;
37 private $update_notice;
38 private $captcha;
39 private $login_log;
40 private $two_factor_authentication;
41 private $server_error_notification;
42
43 function __construct( array $info ) {
44 parent::__construct( $info );
45 $this->config = new CloudSecureWP_Config( $info );
46 $this->htaccess = new CloudSecureWP_Htaccess( $info );
47 $this->login_notification = new CloudSecureWP_Login_Notification( $info, $this->config );
48 $this->disable_login = new CloudSecureWP_Disable_Login( $info, $this->config );
49 $this->rename_login_page = new CloudSecureWP_Rename_Login_Page( $info, $this->config, $this->htaccess );
50 $this->unify_messages = new CloudSecureWP_Unify_Messages( $info, $this->config, $this->disable_login );
51 $this->restrict_admin_page = new CloudSecureWP_Restrict_Admin_Page( $info, $this->config, $this->htaccess, $this->disable_login );
52 $this->disable_xmlrpc = new CloudSecureWP_Disable_XMLRPC( $info, $this->config, $this->htaccess );
53 $this->disable_author_query = new CloudSecureWP_Disable_Author_Query( $info, $this->config );
54 $this->disable_restapi = new CloudSecureWP_Disable_RESTAPI( $info, $this->config );
55 $this->update_notice = new CloudSecureWP_Update_Notice( $info, $this->config );
56 $this->captcha = new CloudSecureWP_CAPTCHA( $info, $this->config );
57 $this->login_log = new CloudSecureWP_Login_Log( $info, $this->config, $this->disable_login );
58 $this->two_factor_authentication = new CloudSecureWP_Two_Factor_Authentication( $info, $this->config, $this->disable_login );
59 $this->server_error_notification = new CloudSecureWP_Server_Error_Notification( $info, $this->config );
60 }
61
62 /**
63 * プラグイン実行
64 *
65 * @return void
66 */
67 public function run() {
68 if ( ! $this->check_environment() ) {
69 if ( $this->login_notification->is_enabled() ) {
70 $this->login_notification->deactivate();
71 }
72
73 if ( $this->disable_login->is_enabled() ) {
74 $this->disable_login->deactivate();
75 }
76
77 if ( $this->rename_login_page->is_enabled() ) {
78 $this->rename_login_page->deactivate();
79 }
80
81 if ( $this->unify_messages->is_enabled() ) {
82 $this->unify_messages->deactivate();
83 }
84
85 if ( $this->restrict_admin_page->is_enabled() ) {
86 $this->restrict_admin_page->deactivate();
87 }
88
89 if ( $this->disable_xmlrpc->is_enabled() ) {
90 $this->disable_xmlrpc->deactivate();
91 }
92
93 if ( $this->disable_author_query->is_enabled() ) {
94 $this->disable_author_query->deactivate();
95 }
96
97 if ( $this->disable_restapi->is_enabled() ) {
98 $this->disable_restapi->deactivate();
99 }
100
101 if ( $this->update_notice->is_enabled() ) {
102 $this->update_notice->deactivate();
103 }
104
105 if ( $this->captcha->is_enabled() ) {
106 $this->captcha->deactivate();
107 }
108
109 if ( $this->two_factor_authentication->is_enabled() ) {
110 $this->two_factor_authentication->deactivate();
111 }
112
113 if ( $this->server_error_notification->is_enabled() ) {
114 $this->server_error_notification->deactivate();
115 }
116 } else {
117 add_action( 'wp_login', array( $this->login_log, 'wp_login' ), 1, 1 );
118 add_action( 'xmlrpc_call', array( $this->login_log, 'xmlrpc_call' ), 10 );
119 add_action( 'wp_login_failed', array( $this->login_log, 'wp_login_failed' ), 20, 1 );
120
121 if ( $this->login_notification->is_enabled() ) {
122 add_action( 'wp_login', array( $this->login_notification, 'notification' ), 10, 2 );
123 }
124
125 if ( $this->disable_login->is_enabled() ) {
126 add_filter( 'shake_error_codes', array( $this->disable_login, 'shake_error_codes' ) );
127 add_filter( 'authenticate', array( $this->disable_login, 'authenticate' ), 99, 3 );
128 add_action( 'wp_login_failed', array( $this->disable_login, 'wp_login_failed' ), 10, 1 );
129 }
130
131 if ( $this->rename_login_page->is_enabled() ) {
132 if ( $this->htaccess->setting_tag_exists( $this->rename_login_page->get_feature_key() ) ) {
133 remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
134 add_filter( 'login_init', array( $this->rename_login_page, 'login_init' ), 10, 2 );
135 add_filter( 'site_url', array( $this->rename_login_page, 'site_url' ), 10, 4 );
136 add_filter( 'network_site_url', array( $this->rename_login_page, 'network_site_url' ), 10, 3 );
137 add_filter( 'register', array( $this->rename_login_page, 'register' ), 10, 1 );
138 add_filter( 'wp_redirect', array( $this->rename_login_page, 'wp_redirect' ), 10, 2 );
139 add_filter( 'auth_redirect_scheme', array( $this->rename_login_page, 'auth_redirect_scheme' ), 99, 1 );
140
141 } else {
142 $this->rename_login_page->deactivate();
143 }
144 }
145
146 if ( $this->unify_messages->is_enabled() ) {
147 add_filter( 'login_errors', array( $this->unify_messages, 'login_errors' ), 10, 1 );
148 }
149
150 if ( $this->restrict_admin_page->is_enabled() ) {
151 if ( $this->htaccess->setting_tag_exists( $this->restrict_admin_page->get_feature_key() ) ) {
152 add_action( 'wp_login', array( $this->restrict_admin_page, 'update' ), 1, 2 );
153
154 } else {
155 $this->restrict_admin_page->deactivate();
156 }
157 }
158
159 if ( $this->disable_xmlrpc->is_enabled() ) {
160 if ( $this->disable_xmlrpc->is_pingback_disabled() ) {
161 add_filter( 'xmlrpc_methods', array( $this->disable_xmlrpc, 'xmlrpc_methods' ) );
162 }
163
164 if ( $this->disable_xmlrpc->is_xmlrpc_disabled() ) {
165 if ( ! $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
166 $this->disable_xmlrpc->deactivate();
167 }
168 }
169 }
170
171 if ( $this->disable_author_query->is_enabled() ) {
172 add_action( 'init', array( $this->disable_author_query, 'init' ) );
173 }
174
175 if ( $this->disable_restapi->is_enabled() ) {
176 add_filter( 'rest_pre_dispatch', array( $this->disable_restapi, 'rest_pre_dispatch' ), 10, 3 );
177 }
178
179 if ( $this->update_notice->is_enabled() ) {
180 add_action( $this->update_notice->get_cron_key(), array( $this->update_notice, 'update_notice' ) );
181 }
182
183 if ( $this->captcha->is_enabled() && 'xmlrpc.php' !== basename( sanitize_text_field( $_SERVER['SCRIPT_NAME'] ) ) && ! is_admin() ) {
184 add_filter( 'shake_error_codes', array( $this->captcha, 'shake_error_codes' ) );
185
186 if ( $this->captcha->is_login_form_enabled() ) {
187 add_filter( 'login_form', array( $this->captcha, 'login_form' ) );
188 add_action( 'wp_authenticate_user', array( $this->captcha, 'wp_authenticate_user' ), 10, 2 );
189 }
190
191 if ( $this->captcha->is_comment_form_enabled() ) {
192 add_action( 'comment_form_logged_in_after', array( $this->captcha, 'comment_form_default_fields' ), 1 );
193 add_action( 'comment_form_after_fields', array( $this->captcha, 'comment_form_default_fields' ) );
194 add_filter( 'preprocess_comment', array( $this->captcha, 'preprocess_comment' ) );
195 }
196
197 if ( $this->captcha->is_lost_password_form_enabled() ) {
198 add_filter( 'lostpassword_form', array( $this->captcha, 'lostpassword_form' ) );
199 add_filter( 'allow_password_reset', array( $this->captcha, 'allow_password_reset' ), 10, 2 );
200 }
201
202 if ( $this->captcha->is_register_form_enabled() ) {
203 add_action( 'register_form', array( $this->captcha, 'register_form' ) );
204 add_action( 'register_post', array( $this->captcha, 'register_post' ), 10, 3 );
205 }
206 }
207
208 if ( $this->two_factor_authentication->is_enabled() && 'xmlrpc.php' !== basename( $_SERVER['SCRIPT_NAME'] ) && ! is_admin() ) {
209 add_action( 'wp_login', array( $this->two_factor_authentication, 'wp_login' ), 0, 2 );
210 add_action( 'wp_login', array( $this->two_factor_authentication, 'redirect_if_not_two_factor_authentication_registered' ), 10, 2 );
211 }
212
213 if ( $this->server_error_notification->is_enabled() ) {
214 add_filter( 'wp_php_error_args', array( $this->server_error_notification, 'notification' ), 10, 2 );
215 }
216 }
217
218 if ( is_admin() ) {
219 if ( 'rename_login_page' === sanitize_text_field( $_GET['page'] ?? '' ) ) {
220 ob_start();
221 }
222
223 $this->update();
224
225 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
226 }
227 }
228
229 /**
230 * プラグイン有効化
231 */
232 public function activate(): void {
233 $this->config->rm();
234 $this->config->set( 'version', $this->info['version'] );
235 $this->config->save();
236
237 $this->login_notification->activate();
238 $this->disable_login->activate();
239 $this->rename_login_page->activate();
240 $this->unify_messages->activate();
241 $this->restrict_admin_page->activate();
242 $this->disable_xmlrpc->activate();
243 $this->disable_author_query->activate();
244 $this->disable_restapi->activate();
245 $this->update_notice->activate();
246 $this->captcha->activate();
247 $this->login_log->activate();
248 $this->two_factor_authentication->activate();
249 $this->server_error_notification->activate();
250 }
251
252 /**
253 * プラグイン無効化
254 */
255 public function deactivate(): void {
256 $this->config->load_option();
257 $this->login_notification->deactivate();
258 $this->disable_login->deactivate();
259 $this->rename_login_page->deactivate();
260 $this->unify_messages->deactivate();
261 $this->restrict_admin_page->deactivate();
262 $this->disable_xmlrpc->deactivate();
263 $this->disable_author_query->deactivate();
264 $this->disable_restapi->deactivate();
265 $this->update_notice->deactivate();
266 $this->captcha->deactivate();
267 $this->two_factor_authentication->deactivate();
268 $this->server_error_notification->deactivate();
269 }
270
271 /**
272 * admin menuを追加
273 */
274 public function admin_menu(): void {
275 require_once __DIR__ . '/admin/common.php';
276
277 wp_enqueue_style( 'cloudsecurewp', $this->info['plugin_url'] . 'assets/css/style.css' );
278
279 $slug = 'cloudsecurewp';
280 add_menu_page( $this->info['plugin_name'], $this->info['plugin_name'], 'manage_options', $slug, array( $this, 'dashboard' ), $this->info['plugin_url'] . 'assets/images/plugin-icon.png' );
281 add_submenu_page( $slug, 'ダッシュボード', 'ダッシュボード', 'manage_options', $slug, array( $this, 'dashboard' ) );
282 add_submenu_page( $slug, 'ログイン無効化', 'ログイン無効化', 'manage_options', 'disable_login', array( $this, 'm_disable_login' ) );
283 add_submenu_page( $slug, 'ログインURL変更', 'ログインURL変更', 'manage_options', 'rename_login_page', array( $this, 'm_rename_login_page' ) );
284 add_submenu_page( $slug, 'ログインエラーメッセージ統一', 'ログインエラーメッセージ統一', 'manage_options', 'unify_messages', array( $this, 'm_unify_messages' ) );
285 add_submenu_page( $slug, '管理画面アクセス制限', '管理画面アクセス制限', 'manage_options', 'restrict_admin_page', array( $this, 'm_restrict_admin_page' ) );
286 add_submenu_page( $slug, 'ユーザー名漏えい防止', 'ユーザー名漏えい防止', 'manage_options', 'disable_author_query', array( $this, 'm_disable_author_query' ) );
287 add_submenu_page( $slug, 'XML-RPC無効化', 'XML-RPC無効化', 'manage_options', 'disable_xmlrpc', array( $this, 'm_disable_xmlrpc' ) );
288 add_submenu_page( $slug, 'REST API無効化', 'REST API無効化', 'manage_options', 'disable_restapi', array( $this, 'm_disable_restapi' ) );
289 add_submenu_page( $slug, '画像認証追加', '画像認証追加', 'manage_options', 'captcha', array( $this, 'm_captcha' ) );
290 add_submenu_page( $slug, '2段階認証', '2段階認証', 'manage_options', 'two_factor_authentication', array( $this, 'm_two_factor_authentication' ) );
291 add_submenu_page( $slug, 'ログイン通知', 'ログイン通知', 'manage_options', 'login_notification', array( $this, 'm_login_notification' ) );
292 add_submenu_page( $slug, 'アップデート通知', 'アップデート通知', 'manage_options', 'update_notification', array( $this, 'm_update_notice' ) );
293 add_submenu_page( $slug, 'サーバーエラー通知', 'サーバーエラー通知', 'manage_options', 'server_error_notification', array( $this, 'm_server_error_notification' ) );
294 add_submenu_page( $slug, 'ログイン履歴', 'ログイン履歴', 'manage_options', 'login_log', array( $this, 'm_login_log' ) );
295
296 if ( $this->two_factor_authentication->is_enabled_on_screen() ) {
297 add_menu_page( 'デバイス登録', '2段階認証', 'read', 'two_factor_authentication_registration', array( $this, 'm_two_factor_authentication_registration' ), 'dashicons-lock', 72 );
298 }
299 }
300
301 /**
302 * ダッシュボードページ
303 *
304 * @return void
305 */
306 public function dashboard(): void {
307 require_once 'admin/dashboard.php';
308
309 $datas = array(
310 $this->login_notification->get_feature_key() => $this->config->get( $this->login_notification->get_feature_key() ),
311 $this->disable_login->get_feature_key() => $this->config->get( $this->disable_login->get_feature_key() ),
312 $this->rename_login_page->get_feature_key() => $this->config->get( $this->rename_login_page->get_feature_key() ),
313 $this->unify_messages->get_feature_key() => $this->config->get( $this->unify_messages->get_feature_key() ),
314 $this->restrict_admin_page->get_feature_key() => $this->config->get( $this->restrict_admin_page->get_feature_key() ),
315 $this->disable_xmlrpc->get_feature_key() => $this->config->get( $this->disable_xmlrpc->get_feature_key() ),
316 $this->disable_author_query->get_feature_key() => $this->config->get( $this->disable_author_query->get_feature_key() ),
317 $this->disable_restapi->get_feature_key() => $this->config->get( $this->disable_restapi->get_feature_key() ),
318 $this->update_notice->get_feature_key() => $this->config->get( $this->update_notice->get_feature_key() ),
319 $this->server_error_notification->get_feature_key() => $this->config->get( $this->server_error_notification->get_feature_key() ),
320 $this->captcha->get_feature_key() => $this->config->get( $this->captcha->get_feature_key() ),
321 $this->two_factor_authentication->get_feature_key() => $this->config->get( $this->two_factor_authentication->get_feature_key() ),
322 );
323
324 new CloudSecureWP_Admin_Dashboard( $this->info, $datas );
325 }
326
327 /**
328 * ログイン通知ページ
329 *
330 * @return void
331 */
332 public function m_login_notification(): void {
333 require_once 'admin/login-notification.php';
334 new CloudSecureWP_Admin_Login_Notification( $this->info, $this->login_notification );
335 }
336
337 /**
338 * ログイン無効化ページ
339 *
340 * @return void
341 */
342 public function m_disable_login(): void {
343 require_once 'admin/disable-login.php';
344 new CloudSecureWP_Admin_Disable_Login( $this->info, $this->disable_login );
345 }
346
347 /**
348 * ログインURL変更
349 *
350 * @return void
351 */
352 public function m_rename_login_page(): void {
353 require_once 'admin/rename-login-page.php';
354 new CloudSecureWP_Admin_Rename_Login_Page( $this->info, $this->rename_login_page );
355 }
356
357 /**
358 * エラーメッセージ単一化機能
359 *
360 * @return void
361 */
362 public function m_unify_messages(): void {
363 require_once 'admin/unify-messages.php';
364 new CloudSecureWP_Admin_Unify_Messages( $this->info, $this->unify_messages );
365 }
366
367 /**
368 * 管理画面アクセス制限
369 *
370 * @return void
371 */
372 public function m_restrict_admin_page(): void {
373 require_once 'admin/restrict-admin-page.php';
374 new CloudSecureWP_Admin_Restrict_Admin_Page( $this->info, $this->restrict_admin_page );
375 }
376
377 /**
378 * XMLRPC無効化
379 *
380 * @return void
381 */
382 public function m_disable_xmlrpc(): void {
383 require_once 'admin/disable-xmlrpc.php';
384 new CloudSecureWP_Admin_Disable_XMLRPC( $this->info, $this->disable_xmlrpc );
385 }
386
387 /**
388 * ユーザー名漏えい防止
389 *
390 * @return void
391 */
392 public function m_disable_author_query(): void {
393 require_once 'admin/disable-author-query.php';
394 new CloudSecureWP_Admin_Disable_Author_Query( $this->info, $this->disable_author_query );
395 }
396
397 /**
398 * REST API無効化
399 *
400 * @return void
401 */
402 public function m_disable_restapi(): void {
403 require_once 'admin/disable-restapi.php';
404 new CloudSecureWP_Admin_Disable_RESTAPI( $this->info, $this->disable_restapi );
405 }
406
407 /**
408 * アップデート通知
409 *
410 * @return void
411 */
412 public function m_update_notice(): void {
413 require_once 'admin/update-notice.php';
414 new CloudSecureWP_Admin_Update_Notice( $this->info, $this->update_notice );
415 }
416
417 /**
418 * 画像認証追加
419 *
420 * @return void
421 */
422 public function m_captcha(): void {
423 require_once 'admin/captcha.php';
424 new CloudSecureWP_Admin_CAPTCHA( $this->info, $this->captcha );
425 }
426
427 /**
428 * ログイン履歴
429 *
430 * @return void
431 */
432 public function m_login_log(): void {
433 require_once 'admin/login-log.php';
434 require_once 'admin/login-log-table.php';
435 new CloudSecureWP_Admin_Login_Log( $this->info, $this->login_log );
436 }
437
438 /**
439 * 2段階認証
440 *
441 * @return void
442 */
443 public function m_two_factor_authentication(): void {
444 require_once 'admin/two-factor-authentication.php';
445 new CloudSecureWP_Admin_Two_Factor_Authentication( $this->info, $this->two_factor_authentication );
446 }
447
448 /**
449 * 2段階認証のデバイス登録
450 *
451 * @return void
452 */
453 public function m_two_factor_authentication_registration(): void {
454 require_once 'admin/two-factor-authentication-registration.php';
455 new CloudSecureWP_Admin_Two_Factor_Authentication_Registration( $this->info, $this->two_factor_authentication );
456 }
457
458 /**
459 * サーバーエラー通知
460 *
461 * @return void
462 */
463 public function m_server_error_notification(): void {
464 require_once 'admin/server-error-notification.php';
465 require_once 'admin/server-error-table.php';
466 new CloudSecureWP_Admin_Server_Error_Notification( $this->info, $this->server_error_notification );
467 }
468
469 /**
470 * プラグイン更新時の処理
471 *
472 */
473 private function update(): void {
474 $old_version = $this->config->get( 'version' );
475 $now_version = $this->info['version'];
476
477 if ( empty( $old_version ) ) {
478 $old_version = '1.0.0';
479 }
480
481 if ( 0 <= version_compare( $old_version, $now_version ) ) {
482 return;
483 }
484
485 if ( version_compare( $old_version, '1.1.0' ) < 0 ) {
486 $this->two_factor_authentication->activate();
487 $this->server_error_notification->activate();
488 }
489
490 $this->config->set( 'version', $now_version );
491 $this->config->save();
492 }
493 }
494