PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.2.5
CloudSecure WP Security v1.2.5
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / cloudsecure-wp.php
cloudsecure-wp-security / modules Last commit date
admin 2 years ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 2 years ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 2 years ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
cloudsecure-wp.php
495 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 require_once __DIR__ . '/common.php';
8 require_once __DIR__ . '/config.php';
9 require_once __DIR__ . '/htaccess.php';
10 require_once __DIR__ . '/login-notification.php';
11 require_once __DIR__ . '/disable-login.php';
12 require_once __DIR__ . '/rename-login-page.php';
13 require_once __DIR__ . '/unify-messages.php';
14 require_once __DIR__ . '/restrict-admin-page.php';
15 require_once __DIR__ . '/disable-xmlrpc.php';
16 require_once __DIR__ . '/disable-author-query.php';
17 require_once __DIR__ . '/disable-restapi.php';
18 require_once __DIR__ . '/update-notice.php';
19 require_once __DIR__ . '/captcha.php';
20 require_once __DIR__ . '/../really-simple-captcha/really-simple-captcha.php';
21 require_once __DIR__ . '/lib/class-time-based-one-time-password.php';
22 require_once __DIR__ . '/login-log.php';
23 require_once __DIR__ . '/two-factor-authentication.php';
24 require_once __DIR__ . '/server-error-notification.php';
25
26 class CloudSecureWP extends CloudSecureWP_Common {
27 private $config;
28 private $htaccess;
29 private $login_notification;
30 private $disable_login;
31 private $rename_login_page;
32 private $unify_messages;
33 private $restrict_admin_page;
34 private $disable_xmlrpc;
35 private $disable_author_query;
36 private $disable_restapi;
37 private $update_notice;
38 private $captcha;
39 private $login_log;
40 private $two_factor_authentication;
41 private $server_error_notification;
42
43 function __construct( array $info ) {
44 parent::__construct( $info );
45 $this->config = new CloudSecureWP_Config( $info );
46 $this->htaccess = new CloudSecureWP_Htaccess( $info );
47 $this->login_notification = new CloudSecureWP_Login_Notification( $info, $this->config );
48 $this->disable_login = new CloudSecureWP_Disable_Login( $info, $this->config );
49 $this->rename_login_page = new CloudSecureWP_Rename_Login_Page( $info, $this->config, $this->htaccess );
50 $this->unify_messages = new CloudSecureWP_Unify_Messages( $info, $this->config, $this->disable_login );
51 $this->restrict_admin_page = new CloudSecureWP_Restrict_Admin_Page( $info, $this->config, $this->htaccess, $this->disable_login );
52 $this->disable_xmlrpc = new CloudSecureWP_Disable_XMLRPC( $info, $this->config, $this->htaccess );
53 $this->disable_author_query = new CloudSecureWP_Disable_Author_Query( $info, $this->config );
54 $this->disable_restapi = new CloudSecureWP_Disable_RESTAPI( $info, $this->config );
55 $this->update_notice = new CloudSecureWP_Update_Notice( $info, $this->config );
56 $this->captcha = new CloudSecureWP_CAPTCHA( $info, $this->config );
57 $this->login_log = new CloudSecureWP_Login_Log( $info, $this->config, $this->disable_login );
58 $this->two_factor_authentication = new CloudSecureWP_Two_Factor_Authentication( $info, $this->config, $this->disable_login );
59 $this->server_error_notification = new CloudSecureWP_Server_Error_Notification( $info, $this->config );
60 }
61
62 /**
63 * プラグイン実行
64 *
65 * @return void
66 */
67 public function run() {
68 if ( ! $this->check_environment() ) {
69 if ( $this->login_notification->is_enabled() ) {
70 $this->login_notification->deactivate();
71 }
72
73 if ( $this->disable_login->is_enabled() ) {
74 $this->disable_login->deactivate();
75 }
76
77 if ( $this->rename_login_page->is_enabled() ) {
78 $this->rename_login_page->deactivate();
79 }
80
81 if ( $this->unify_messages->is_enabled() ) {
82 $this->unify_messages->deactivate();
83 }
84
85 if ( $this->restrict_admin_page->is_enabled() ) {
86 $this->restrict_admin_page->deactivate();
87 }
88
89 if ( $this->disable_xmlrpc->is_enabled() ) {
90 $this->disable_xmlrpc->deactivate();
91 }
92
93 if ( $this->disable_author_query->is_enabled() ) {
94 $this->disable_author_query->deactivate();
95 }
96
97 if ( $this->disable_restapi->is_enabled() ) {
98 $this->disable_restapi->deactivate();
99 }
100
101 if ( $this->update_notice->is_enabled() ) {
102 $this->update_notice->deactivate();
103 }
104
105 if ( $this->captcha->is_enabled() ) {
106 $this->captcha->deactivate();
107 }
108
109 if ( $this->two_factor_authentication->is_enabled() ) {
110 $this->two_factor_authentication->deactivate();
111 }
112
113 if ( $this->server_error_notification->is_enabled() ) {
114 $this->server_error_notification->deactivate();
115 }
116 } else {
117 if ( $this->server_error_notification->is_enabled() ) {
118 add_filter( 'wp_php_error_args', array( $this->server_error_notification, 'notification' ), 10, 2 );
119 }
120
121 add_action( 'wp_login', array( $this->login_log, 'wp_login' ), 1, 1 );
122 add_action( 'xmlrpc_call', array( $this->login_log, 'xmlrpc_call' ), 10 );
123 add_action( 'wp_login_failed', array( $this->login_log, 'wp_login_failed' ), 20, 1 );
124
125 if ( $this->login_notification->is_enabled() ) {
126 add_action( 'wp_login', array( $this->login_notification, 'notification' ), 10, 2 );
127 }
128
129 if ( $this->disable_login->is_enabled() ) {
130 add_filter( 'shake_error_codes', array( $this->disable_login, 'shake_error_codes' ) );
131 add_filter( 'authenticate', array( $this->disable_login, 'authenticate' ), 99, 3 );
132 add_action( 'wp_login_failed', array( $this->disable_login, 'wp_login_failed' ), 10, 1 );
133 }
134
135 if ( $this->rename_login_page->is_enabled() ) {
136 if ( $this->htaccess->setting_tag_exists( $this->rename_login_page->get_feature_key() ) ) {
137 remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
138 add_filter( 'login_init', array( $this->rename_login_page, 'login_init' ), 10, 2 );
139 add_filter( 'site_url', array( $this->rename_login_page, 'site_url' ), 10, 4 );
140 add_filter( 'network_site_url', array( $this->rename_login_page, 'network_site_url' ), 10, 3 );
141 add_filter( 'register', array( $this->rename_login_page, 'register' ), 10, 1 );
142 add_filter( 'wp_redirect', array( $this->rename_login_page, 'wp_redirect' ), 10, 2 );
143 add_filter( 'auth_redirect_scheme', array( $this->rename_login_page, 'auth_redirect_scheme' ), 99, 1 );
144
145 } else {
146 $this->rename_login_page->deactivate();
147 }
148 }
149
150 if ( $this->unify_messages->is_enabled() ) {
151 add_filter( 'login_errors', array( $this->unify_messages, 'login_errors' ), 10, 1 );
152 }
153
154 if ( $this->restrict_admin_page->is_enabled() ) {
155 if ( $this->htaccess->setting_tag_exists( $this->restrict_admin_page->get_feature_key() ) ) {
156 add_action( 'wp_login', array( $this->restrict_admin_page, 'update' ), 1, 2 );
157
158 } else {
159 $this->restrict_admin_page->deactivate();
160 }
161 }
162
163 if ( $this->disable_xmlrpc->is_enabled() ) {
164 if ( $this->disable_xmlrpc->is_pingback_disabled() ) {
165 add_filter( 'xmlrpc_methods', array( $this->disable_xmlrpc, 'xmlrpc_methods' ) );
166 }
167
168 if ( $this->disable_xmlrpc->is_xmlrpc_disabled() ) {
169 if ( ! $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
170 $this->disable_xmlrpc->deactivate();
171 }
172 }
173 }
174
175 if ( $this->disable_author_query->is_enabled() ) {
176 add_action( 'init', array( $this->disable_author_query, 'init' ) );
177 }
178
179 if ( $this->disable_restapi->is_enabled() ) {
180 add_filter( 'rest_pre_dispatch', array( $this->disable_restapi, 'rest_pre_dispatch' ), 10, 3 );
181 }
182
183 if ( $this->update_notice->is_enabled() ) {
184 $this->update_notice->set_cron();
185 add_action( $this->update_notice->get_cron_key(), array( $this->update_notice, 'update_notice' ) );
186 }
187
188 if ( $this->captcha->is_enabled() && 'xmlrpc.php' !== basename( sanitize_text_field( $_SERVER['SCRIPT_NAME'] ) ) && ! is_admin() ) {
189 add_filter( 'shake_error_codes', array( $this->captcha, 'shake_error_codes' ) );
190
191 if ( $this->captcha->is_login_form_enabled() ) {
192 add_filter( 'login_form', array( $this->captcha, 'login_form' ) );
193 add_action( 'wp_authenticate_user', array( $this->captcha, 'wp_authenticate_user' ), 10, 2 );
194 }
195
196 if ( $this->captcha->is_comment_form_enabled() ) {
197 add_action( 'comment_form_logged_in_after', array( $this->captcha, 'comment_form_default_fields' ), 1 );
198 add_action( 'comment_form_after_fields', array( $this->captcha, 'comment_form_default_fields' ) );
199 add_filter( 'preprocess_comment', array( $this->captcha, 'preprocess_comment' ) );
200 }
201
202 if ( $this->captcha->is_lost_password_form_enabled() ) {
203 add_filter( 'lostpassword_form', array( $this->captcha, 'lostpassword_form' ) );
204 add_filter( 'allow_password_reset', array( $this->captcha, 'allow_password_reset' ), 10, 2 );
205 }
206
207 if ( $this->captcha->is_register_form_enabled() ) {
208 add_action( 'register_form', array( $this->captcha, 'register_form' ) );
209 add_action( 'register_post', array( $this->captcha, 'register_post' ), 10, 3 );
210 }
211 }
212
213 if ( $this->two_factor_authentication->is_enabled() && 'xmlrpc.php' !== basename( $_SERVER['SCRIPT_NAME'] ) && ! is_admin() ) {
214 add_action( 'wp_login', array( $this->two_factor_authentication, 'wp_login' ), 0, 2 );
215 add_action( 'wp_login', array( $this->two_factor_authentication, 'redirect_if_not_two_factor_authentication_registered' ), 10, 2 );
216 }
217 }
218
219 if ( is_admin() ) {
220 if ( 'cloudsecurewp_rename_login_page' === sanitize_text_field( $_GET['page'] ?? '' ) ) {
221 ob_start();
222 }
223
224 $this->update();
225
226 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
227 }
228 }
229
230 /**
231 * プラグイン有効化
232 */
233 public function activate(): void {
234 $this->config->rm();
235 $this->config->set( 'version', $this->info['version'] );
236 $this->config->save();
237
238 $this->login_notification->activate();
239 $this->disable_login->activate();
240 $this->rename_login_page->activate();
241 $this->unify_messages->activate();
242 $this->restrict_admin_page->activate();
243 $this->disable_xmlrpc->activate();
244 $this->disable_author_query->activate();
245 $this->disable_restapi->activate();
246 $this->update_notice->activate();
247 $this->captcha->activate();
248 $this->login_log->activate();
249 $this->two_factor_authentication->activate();
250 $this->server_error_notification->activate();
251 }
252
253 /**
254 * プラグイン無効化
255 */
256 public function deactivate(): void {
257 $this->config->load_option();
258 $this->login_notification->deactivate();
259 $this->disable_login->deactivate();
260 $this->rename_login_page->deactivate();
261 $this->unify_messages->deactivate();
262 $this->restrict_admin_page->deactivate();
263 $this->disable_xmlrpc->deactivate();
264 $this->disable_author_query->deactivate();
265 $this->disable_restapi->deactivate();
266 $this->update_notice->deactivate();
267 $this->captcha->deactivate();
268 $this->two_factor_authentication->deactivate();
269 $this->server_error_notification->deactivate();
270 }
271
272 /**
273 * admin menuを追加
274 */
275 public function admin_menu(): void {
276 require_once __DIR__ . '/admin/common.php';
277
278 wp_enqueue_style( 'cloudsecurewp', $this->info['plugin_url'] . 'assets/css/style.css' );
279
280 $slug = 'cloudsecurewp';
281 add_menu_page( $this->info['plugin_name'], $this->info['plugin_name'], 'manage_options', $slug, array( $this, 'dashboard' ), $this->info['plugin_url'] . 'assets/images/plugin-icon.png' );
282 add_submenu_page( $slug, 'ダッシュボード', 'ダッシュボード', 'manage_options', $slug, array( $this, 'dashboard' ) );
283 add_submenu_page( $slug, 'ログイン無効化', 'ログイン無効化', 'manage_options', $slug . '_disable_login', array( $this, 'm_disable_login' ) );
284 add_submenu_page( $slug, 'ログインURL変更', 'ログインURL変更', 'manage_options', $slug . '_rename_login_page', array( $this, 'm_rename_login_page' ) );
285 add_submenu_page( $slug, 'ログインエラーメッセージ統一', 'ログインエラーメッセージ統一', 'manage_options', $slug . '_unify_messages', array( $this, 'm_unify_messages' ) );
286 add_submenu_page( $slug, '管理画面アクセス制限', '管理画面アクセス制限', 'manage_options', $slug . '_restrict_admin_page', array( $this, 'm_restrict_admin_page' ) );
287 add_submenu_page( $slug, 'ユーザー名漏えい防止', 'ユーザー名漏えい防止', 'manage_options', $slug . '_disable_author_query', array( $this, 'm_disable_author_query' ) );
288 add_submenu_page( $slug, 'XML-RPC無効化', 'XML-RPC無効化', 'manage_options', $slug . '_disable_xmlrpc', array( $this, 'm_disable_xmlrpc' ) );
289 add_submenu_page( $slug, 'REST API無効化', 'REST API無効化', 'manage_options', $slug . '_disable_restapi', array( $this, 'm_disable_restapi' ) );
290 add_submenu_page( $slug, '画像認証追加', '画像認証追加', 'manage_options', $slug . '_captcha', array( $this, 'm_captcha' ) );
291 add_submenu_page( $slug, '2段階認証', '2段階認証', 'manage_options', $slug . '_two_factor_authentication', array( $this, 'm_two_factor_authentication' ) );
292 add_submenu_page( $slug, 'ログイン通知', 'ログイン通知', 'manage_options', $slug . '_login_notification', array( $this, 'm_login_notification' ) );
293 add_submenu_page( $slug, 'アップデート通知', 'アップデート通知', 'manage_options', $slug . '_update_notification', array( $this, 'm_update_notice' ) );
294 add_submenu_page( $slug, 'サーバーエラー通知', 'サーバーエラー通知', 'manage_options', $slug . '_server_error_notification', array( $this, 'm_server_error_notification' ) );
295 add_submenu_page( $slug, 'ログイン履歴', 'ログイン履歴', 'manage_options', $slug . '_login_log', array( $this, 'm_login_log' ) );
296
297 if ( $this->two_factor_authentication->is_enabled_on_screen() ) {
298 add_menu_page( 'デバイス登録', '2段階認証', 'read', $slug . '_two_factor_authentication_registration', array( $this, 'm_two_factor_authentication_registration' ), 'dashicons-lock', 72 );
299 }
300 }
301
302 /**
303 * ダッシュボードページ
304 *
305 * @return void
306 */
307 public function dashboard(): void {
308 require_once 'admin/dashboard.php';
309
310 $datas = array(
311 $this->login_notification->get_feature_key() => $this->config->get( $this->login_notification->get_feature_key() ),
312 $this->disable_login->get_feature_key() => $this->config->get( $this->disable_login->get_feature_key() ),
313 $this->rename_login_page->get_feature_key() => $this->config->get( $this->rename_login_page->get_feature_key() ),
314 $this->unify_messages->get_feature_key() => $this->config->get( $this->unify_messages->get_feature_key() ),
315 $this->restrict_admin_page->get_feature_key() => $this->config->get( $this->restrict_admin_page->get_feature_key() ),
316 $this->disable_xmlrpc->get_feature_key() => $this->config->get( $this->disable_xmlrpc->get_feature_key() ),
317 $this->disable_author_query->get_feature_key() => $this->config->get( $this->disable_author_query->get_feature_key() ),
318 $this->disable_restapi->get_feature_key() => $this->config->get( $this->disable_restapi->get_feature_key() ),
319 $this->update_notice->get_feature_key() => $this->config->get( $this->update_notice->get_feature_key() ),
320 $this->server_error_notification->get_feature_key() => $this->config->get( $this->server_error_notification->get_feature_key() ),
321 $this->captcha->get_feature_key() => $this->config->get( $this->captcha->get_feature_key() ),
322 $this->two_factor_authentication->get_feature_key() => $this->config->get( $this->two_factor_authentication->get_feature_key() ),
323 );
324
325 new CloudSecureWP_Admin_Dashboard( $this->info, $datas );
326 }
327
328 /**
329 * ログイン通知ページ
330 *
331 * @return void
332 */
333 public function m_login_notification(): void {
334 require_once 'admin/login-notification.php';
335 new CloudSecureWP_Admin_Login_Notification( $this->info, $this->login_notification );
336 }
337
338 /**
339 * ログイン無効化ページ
340 *
341 * @return void
342 */
343 public function m_disable_login(): void {
344 require_once 'admin/disable-login.php';
345 new CloudSecureWP_Admin_Disable_Login( $this->info, $this->disable_login );
346 }
347
348 /**
349 * ログインURL変更
350 *
351 * @return void
352 */
353 public function m_rename_login_page(): void {
354 require_once 'admin/rename-login-page.php';
355 new CloudSecureWP_Admin_Rename_Login_Page( $this->info, $this->rename_login_page );
356 }
357
358 /**
359 * エラーメッセージ単一化機能
360 *
361 * @return void
362 */
363 public function m_unify_messages(): void {
364 require_once 'admin/unify-messages.php';
365 new CloudSecureWP_Admin_Unify_Messages( $this->info, $this->unify_messages );
366 }
367
368 /**
369 * 管理画面アクセス制限
370 *
371 * @return void
372 */
373 public function m_restrict_admin_page(): void {
374 require_once 'admin/restrict-admin-page.php';
375 new CloudSecureWP_Admin_Restrict_Admin_Page( $this->info, $this->restrict_admin_page );
376 }
377
378 /**
379 * XMLRPC無効化
380 *
381 * @return void
382 */
383 public function m_disable_xmlrpc(): void {
384 require_once 'admin/disable-xmlrpc.php';
385 new CloudSecureWP_Admin_Disable_XMLRPC( $this->info, $this->disable_xmlrpc );
386 }
387
388 /**
389 * ユーザー名漏えい防止
390 *
391 * @return void
392 */
393 public function m_disable_author_query(): void {
394 require_once 'admin/disable-author-query.php';
395 new CloudSecureWP_Admin_Disable_Author_Query( $this->info, $this->disable_author_query );
396 }
397
398 /**
399 * REST API無効化
400 *
401 * @return void
402 */
403 public function m_disable_restapi(): void {
404 require_once 'admin/disable-restapi.php';
405 new CloudSecureWP_Admin_Disable_RESTAPI( $this->info, $this->disable_restapi );
406 }
407
408 /**
409 * アップデート通知
410 *
411 * @return void
412 */
413 public function m_update_notice(): void {
414 require_once 'admin/update-notice.php';
415 new CloudSecureWP_Admin_Update_Notice( $this->info, $this->update_notice );
416 }
417
418 /**
419 * 画像認証追加
420 *
421 * @return void
422 */
423 public function m_captcha(): void {
424 require_once 'admin/captcha.php';
425 new CloudSecureWP_Admin_CAPTCHA( $this->info, $this->captcha );
426 }
427
428 /**
429 * ログイン履歴
430 *
431 * @return void
432 */
433 public function m_login_log(): void {
434 require_once 'admin/login-log.php';
435 require_once 'admin/login-log-table.php';
436 new CloudSecureWP_Admin_Login_Log( $this->info, $this->login_log );
437 }
438
439 /**
440 * 2段階認証
441 *
442 * @return void
443 */
444 public function m_two_factor_authentication(): void {
445 require_once 'admin/two-factor-authentication.php';
446 new CloudSecureWP_Admin_Two_Factor_Authentication( $this->info, $this->two_factor_authentication );
447 }
448
449 /**
450 * 2段階認証のデバイス登録
451 *
452 * @return void
453 */
454 public function m_two_factor_authentication_registration(): void {
455 require_once 'admin/two-factor-authentication-registration.php';
456 new CloudSecureWP_Admin_Two_Factor_Authentication_Registration( $this->info, $this->two_factor_authentication );
457 }
458
459 /**
460 * サーバーエラー通知
461 *
462 * @return void
463 */
464 public function m_server_error_notification(): void {
465 require_once 'admin/server-error-notification.php';
466 require_once 'admin/server-error-table.php';
467 new CloudSecureWP_Admin_Server_Error_Notification( $this->info, $this->server_error_notification );
468 }
469
470 /**
471 * プラグイン更新時の処理
472 *
473 */
474 private function update(): void {
475 $old_version = $this->config->get( 'version' );
476 $now_version = $this->info['version'];
477
478 if ( empty( $old_version ) ) {
479 $old_version = '1.0.0';
480 }
481
482 if ( 0 <= version_compare( $old_version, $now_version ) ) {
483 return;
484 }
485
486 if ( version_compare( $old_version, '1.1.0' ) < 0 ) {
487 $this->two_factor_authentication->activate();
488 $this->server_error_notification->activate();
489 }
490
491 $this->config->set( 'version', $now_version );
492 $this->config->save();
493 }
494 }
495