PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.2.6
CloudSecure WP Security v1.2.6
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / cloudsecure-wp.php
cloudsecure-wp-security / modules Last commit date
admin 2 years ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 2 years ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 2 years ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
cloudsecure-wp.php
496 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 require_once __DIR__ . '/common.php';
8 require_once __DIR__ . '/config.php';
9 require_once __DIR__ . '/htaccess.php';
10 require_once __DIR__ . '/login-notification.php';
11 require_once __DIR__ . '/disable-login.php';
12 require_once __DIR__ . '/rename-login-page.php';
13 require_once __DIR__ . '/unify-messages.php';
14 require_once __DIR__ . '/restrict-admin-page.php';
15 require_once __DIR__ . '/disable-xmlrpc.php';
16 require_once __DIR__ . '/disable-author-query.php';
17 require_once __DIR__ . '/disable-restapi.php';
18 require_once __DIR__ . '/update-notice.php';
19 require_once __DIR__ . '/captcha.php';
20 require_once __DIR__ . '/../really-simple-captcha/really-simple-captcha.php';
21 require_once __DIR__ . '/lib/class-time-based-one-time-password.php';
22 require_once __DIR__ . '/login-log.php';
23 require_once __DIR__ . '/two-factor-authentication.php';
24 require_once __DIR__ . '/server-error-notification.php';
25
26 class CloudSecureWP extends CloudSecureWP_Common {
27 private $config;
28 private $htaccess;
29 private $login_notification;
30 private $disable_login;
31 private $rename_login_page;
32 private $unify_messages;
33 private $restrict_admin_page;
34 private $disable_xmlrpc;
35 private $disable_author_query;
36 private $disable_restapi;
37 private $update_notice;
38 private $captcha;
39 private $login_log;
40 private $two_factor_authentication;
41 private $server_error_notification;
42
43 function __construct( array $info ) {
44 parent::__construct( $info );
45 $this->config = new CloudSecureWP_Config( $info );
46 $this->htaccess = new CloudSecureWP_Htaccess( $info );
47 $this->login_notification = new CloudSecureWP_Login_Notification( $info, $this->config );
48 $this->disable_login = new CloudSecureWP_Disable_Login( $info, $this->config );
49 $this->rename_login_page = new CloudSecureWP_Rename_Login_Page( $info, $this->config, $this->htaccess );
50 $this->unify_messages = new CloudSecureWP_Unify_Messages( $info, $this->config, $this->disable_login );
51 $this->restrict_admin_page = new CloudSecureWP_Restrict_Admin_Page( $info, $this->config, $this->htaccess, $this->disable_login );
52 $this->disable_xmlrpc = new CloudSecureWP_Disable_XMLRPC( $info, $this->config, $this->htaccess );
53 $this->disable_author_query = new CloudSecureWP_Disable_Author_Query( $info, $this->config );
54 $this->disable_restapi = new CloudSecureWP_Disable_RESTAPI( $info, $this->config );
55 $this->update_notice = new CloudSecureWP_Update_Notice( $info, $this->config );
56 $this->captcha = new CloudSecureWP_CAPTCHA( $info, $this->config );
57 $this->login_log = new CloudSecureWP_Login_Log( $info, $this->config, $this->disable_login );
58 $this->two_factor_authentication = new CloudSecureWP_Two_Factor_Authentication( $info, $this->config, $this->disable_login );
59 $this->server_error_notification = new CloudSecureWP_Server_Error_Notification( $info, $this->config );
60 }
61
62 /**
63 * プラグイン実行
64 *
65 * @return void
66 */
67 public function run() {
68 if ( ! $this->check_environment() ) {
69 if ( $this->login_notification->is_enabled() ) {
70 $this->login_notification->deactivate();
71 }
72
73 if ( $this->disable_login->is_enabled() ) {
74 $this->disable_login->deactivate();
75 }
76
77 if ( $this->rename_login_page->is_enabled() ) {
78 $this->rename_login_page->deactivate();
79 }
80
81 if ( $this->unify_messages->is_enabled() ) {
82 $this->unify_messages->deactivate();
83 }
84
85 if ( $this->restrict_admin_page->is_enabled() ) {
86 $this->restrict_admin_page->deactivate();
87 }
88
89 if ( $this->disable_xmlrpc->is_enabled() ) {
90 $this->disable_xmlrpc->deactivate();
91 }
92
93 if ( $this->disable_author_query->is_enabled() ) {
94 $this->disable_author_query->deactivate();
95 }
96
97 if ( $this->disable_restapi->is_enabled() ) {
98 $this->disable_restapi->deactivate();
99 }
100
101 if ( $this->update_notice->is_enabled() ) {
102 $this->update_notice->deactivate();
103 }
104
105 if ( $this->captcha->is_enabled() ) {
106 $this->captcha->deactivate();
107 }
108
109 if ( $this->two_factor_authentication->is_enabled() ) {
110 $this->two_factor_authentication->deactivate();
111 }
112
113 if ( $this->server_error_notification->is_enabled() ) {
114 $this->server_error_notification->deactivate();
115 }
116 } else {
117 if ( $this->server_error_notification->is_enabled() ) {
118 add_filter( 'wp_php_error_args', array( $this->server_error_notification, 'notification' ), 10, 2 );
119 }
120
121 add_action( 'wp_login', array( $this->login_log, 'wp_login' ), 1, 1 );
122 add_action( 'xmlrpc_call', array( $this->login_log, 'xmlrpc_call' ), 10 );
123 add_action( 'wp_login_failed', array( $this->login_log, 'wp_login_failed' ), 20, 1 );
124
125 if ( $this->login_notification->is_enabled() ) {
126 add_action( 'wp_login', array( $this->login_notification, 'notification' ), 10, 2 );
127 }
128
129 if ( $this->disable_login->is_enabled() ) {
130 add_filter( 'shake_error_codes', array( $this->disable_login, 'shake_error_codes' ) );
131 add_filter( 'authenticate', array( $this->disable_login, 'authenticate' ), 99, 3 );
132 add_action( 'wp_login_failed', array( $this->disable_login, 'wp_login_failed' ), 10, 1 );
133 }
134
135 if ( $this->rename_login_page->is_enabled() ) {
136 if ( $this->htaccess->setting_tag_exists( $this->rename_login_page->get_feature_key() ) ) {
137 remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
138 add_action( 'plugins_loaded', array( $this->rename_login_page, 'wp_register_404' ), 10 );
139 add_filter( 'login_init', array( $this->rename_login_page, 'login_init' ), 10, 2 );
140 add_filter( 'site_url', array( $this->rename_login_page, 'site_url' ), 10, 4 );
141 add_filter( 'network_site_url', array( $this->rename_login_page, 'network_site_url' ), 10, 3 );
142 add_filter( 'register', array( $this->rename_login_page, 'register' ), 10, 1 );
143 add_filter( 'wp_redirect', array( $this->rename_login_page, 'wp_redirect' ), 10, 2 );
144 add_filter( 'auth_redirect_scheme', array( $this->rename_login_page, 'auth_redirect_scheme' ), 99, 1 );
145
146 } else {
147 $this->rename_login_page->deactivate();
148 }
149 }
150
151 if ( $this->unify_messages->is_enabled() ) {
152 add_filter( 'login_errors', array( $this->unify_messages, 'login_errors' ), 10, 1 );
153 }
154
155 if ( $this->restrict_admin_page->is_enabled() ) {
156 if ( $this->htaccess->setting_tag_exists( $this->restrict_admin_page->get_feature_key() ) ) {
157 add_action( 'wp_login', array( $this->restrict_admin_page, 'update' ), 1, 2 );
158
159 } else {
160 $this->restrict_admin_page->deactivate();
161 }
162 }
163
164 if ( $this->disable_xmlrpc->is_enabled() ) {
165 if ( $this->disable_xmlrpc->is_pingback_disabled() ) {
166 add_filter( 'xmlrpc_methods', array( $this->disable_xmlrpc, 'xmlrpc_methods' ) );
167 }
168
169 if ( $this->disable_xmlrpc->is_xmlrpc_disabled() ) {
170 if ( ! $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
171 $this->disable_xmlrpc->deactivate();
172 }
173 }
174 }
175
176 if ( $this->disable_author_query->is_enabled() ) {
177 add_action( 'init', array( $this->disable_author_query, 'init' ) );
178 }
179
180 if ( $this->disable_restapi->is_enabled() ) {
181 add_filter( 'rest_pre_dispatch', array( $this->disable_restapi, 'rest_pre_dispatch' ), 10, 3 );
182 }
183
184 if ( $this->update_notice->is_enabled() ) {
185 $this->update_notice->set_cron();
186 add_action( $this->update_notice->get_cron_key(), array( $this->update_notice, 'update_notice' ) );
187 }
188
189 if ( $this->captcha->is_enabled() && 'xmlrpc.php' !== basename( sanitize_text_field( $_SERVER['SCRIPT_NAME'] ) ) && ! is_admin() ) {
190 add_filter( 'shake_error_codes', array( $this->captcha, 'shake_error_codes' ) );
191
192 if ( $this->captcha->is_login_form_enabled() ) {
193 add_filter( 'login_form', array( $this->captcha, 'login_form' ) );
194 add_action( 'wp_authenticate_user', array( $this->captcha, 'wp_authenticate_user' ), 10, 2 );
195 }
196
197 if ( $this->captcha->is_comment_form_enabled() ) {
198 add_action( 'comment_form_logged_in_after', array( $this->captcha, 'comment_form_default_fields' ), 1 );
199 add_action( 'comment_form_after_fields', array( $this->captcha, 'comment_form_default_fields' ) );
200 add_filter( 'preprocess_comment', array( $this->captcha, 'preprocess_comment' ) );
201 }
202
203 if ( $this->captcha->is_lost_password_form_enabled() ) {
204 add_filter( 'lostpassword_form', array( $this->captcha, 'lostpassword_form' ) );
205 add_filter( 'allow_password_reset', array( $this->captcha, 'allow_password_reset' ), 10, 2 );
206 }
207
208 if ( $this->captcha->is_register_form_enabled() ) {
209 add_action( 'register_form', array( $this->captcha, 'register_form' ) );
210 add_action( 'register_post', array( $this->captcha, 'register_post' ), 10, 3 );
211 }
212 }
213
214 if ( $this->two_factor_authentication->is_enabled() && 'xmlrpc.php' !== basename( $_SERVER['SCRIPT_NAME'] ) && ! is_admin() ) {
215 add_action( 'wp_login', array( $this->two_factor_authentication, 'wp_login' ), 0, 2 );
216 add_action( 'wp_login', array( $this->two_factor_authentication, 'redirect_if_not_two_factor_authentication_registered' ), 10, 2 );
217 }
218 }
219
220 if ( is_admin() ) {
221 if ( 'cloudsecurewp_rename_login_page' === sanitize_text_field( $_GET['page'] ?? '' ) ) {
222 ob_start();
223 }
224
225 $this->update();
226
227 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
228 }
229 }
230
231 /**
232 * プラグイン有効化
233 */
234 public function activate(): void {
235 $this->config->rm();
236 $this->config->set( 'version', $this->info['version'] );
237 $this->config->save();
238
239 $this->login_notification->activate();
240 $this->disable_login->activate();
241 $this->rename_login_page->activate();
242 $this->unify_messages->activate();
243 $this->restrict_admin_page->activate();
244 $this->disable_xmlrpc->activate();
245 $this->disable_author_query->activate();
246 $this->disable_restapi->activate();
247 $this->update_notice->activate();
248 $this->captcha->activate();
249 $this->login_log->activate();
250 $this->two_factor_authentication->activate();
251 $this->server_error_notification->activate();
252 }
253
254 /**
255 * プラグイン無効化
256 */
257 public function deactivate(): void {
258 $this->config->load_option();
259 $this->login_notification->deactivate();
260 $this->disable_login->deactivate();
261 $this->rename_login_page->deactivate();
262 $this->unify_messages->deactivate();
263 $this->restrict_admin_page->deactivate();
264 $this->disable_xmlrpc->deactivate();
265 $this->disable_author_query->deactivate();
266 $this->disable_restapi->deactivate();
267 $this->update_notice->deactivate();
268 $this->captcha->deactivate();
269 $this->two_factor_authentication->deactivate();
270 $this->server_error_notification->deactivate();
271 }
272
273 /**
274 * admin menuを追加
275 */
276 public function admin_menu(): void {
277 require_once __DIR__ . '/admin/common.php';
278
279 wp_enqueue_style( 'cloudsecurewp', $this->info['plugin_url'] . 'assets/css/style.css' );
280
281 $slug = 'cloudsecurewp';
282 add_menu_page( $this->info['plugin_name'], $this->info['plugin_name'], 'manage_options', $slug, array( $this, 'dashboard' ), $this->info['plugin_url'] . 'assets/images/plugin-icon.png' );
283 add_submenu_page( $slug, 'ダッシュボード', 'ダッシュボード', 'manage_options', $slug, array( $this, 'dashboard' ) );
284 add_submenu_page( $slug, 'ログイン無効化', 'ログイン無効化', 'manage_options', $slug . '_disable_login', array( $this, 'm_disable_login' ) );
285 add_submenu_page( $slug, 'ログインURL変更', 'ログインURL変更', 'manage_options', $slug . '_rename_login_page', array( $this, 'm_rename_login_page' ) );
286 add_submenu_page( $slug, 'ログインエラーメッセージ統一', 'ログインエラーメッセージ統一', 'manage_options', $slug . '_unify_messages', array( $this, 'm_unify_messages' ) );
287 add_submenu_page( $slug, '管理画面アクセス制限', '管理画面アクセス制限', 'manage_options', $slug . '_restrict_admin_page', array( $this, 'm_restrict_admin_page' ) );
288 add_submenu_page( $slug, 'ユーザー名漏えい防止', 'ユーザー名漏えい防止', 'manage_options', $slug . '_disable_author_query', array( $this, 'm_disable_author_query' ) );
289 add_submenu_page( $slug, 'XML-RPC無効化', 'XML-RPC無効化', 'manage_options', $slug . '_disable_xmlrpc', array( $this, 'm_disable_xmlrpc' ) );
290 add_submenu_page( $slug, 'REST API無効化', 'REST API無効化', 'manage_options', $slug . '_disable_restapi', array( $this, 'm_disable_restapi' ) );
291 add_submenu_page( $slug, '画像認証追加', '画像認証追加', 'manage_options', $slug . '_captcha', array( $this, 'm_captcha' ) );
292 add_submenu_page( $slug, '2段階認証', '2段階認証', 'manage_options', $slug . '_two_factor_authentication', array( $this, 'm_two_factor_authentication' ) );
293 add_submenu_page( $slug, 'ログイン通知', 'ログイン通知', 'manage_options', $slug . '_login_notification', array( $this, 'm_login_notification' ) );
294 add_submenu_page( $slug, 'アップデート通知', 'アップデート通知', 'manage_options', $slug . '_update_notification', array( $this, 'm_update_notice' ) );
295 add_submenu_page( $slug, 'サーバーエラー通知', 'サーバーエラー通知', 'manage_options', $slug . '_server_error_notification', array( $this, 'm_server_error_notification' ) );
296 add_submenu_page( $slug, 'ログイン履歴', 'ログイン履歴', 'manage_options', $slug . '_login_log', array( $this, 'm_login_log' ) );
297
298 if ( $this->two_factor_authentication->is_enabled_on_screen() ) {
299 add_menu_page( 'デバイス登録', '2段階認証', 'read', $slug . '_two_factor_authentication_registration', array( $this, 'm_two_factor_authentication_registration' ), 'dashicons-lock', 72 );
300 }
301 }
302
303 /**
304 * ダッシュボードページ
305 *
306 * @return void
307 */
308 public function dashboard(): void {
309 require_once 'admin/dashboard.php';
310
311 $datas = array(
312 $this->login_notification->get_feature_key() => $this->config->get( $this->login_notification->get_feature_key() ),
313 $this->disable_login->get_feature_key() => $this->config->get( $this->disable_login->get_feature_key() ),
314 $this->rename_login_page->get_feature_key() => $this->config->get( $this->rename_login_page->get_feature_key() ),
315 $this->unify_messages->get_feature_key() => $this->config->get( $this->unify_messages->get_feature_key() ),
316 $this->restrict_admin_page->get_feature_key() => $this->config->get( $this->restrict_admin_page->get_feature_key() ),
317 $this->disable_xmlrpc->get_feature_key() => $this->config->get( $this->disable_xmlrpc->get_feature_key() ),
318 $this->disable_author_query->get_feature_key() => $this->config->get( $this->disable_author_query->get_feature_key() ),
319 $this->disable_restapi->get_feature_key() => $this->config->get( $this->disable_restapi->get_feature_key() ),
320 $this->update_notice->get_feature_key() => $this->config->get( $this->update_notice->get_feature_key() ),
321 $this->server_error_notification->get_feature_key() => $this->config->get( $this->server_error_notification->get_feature_key() ),
322 $this->captcha->get_feature_key() => $this->config->get( $this->captcha->get_feature_key() ),
323 $this->two_factor_authentication->get_feature_key() => $this->config->get( $this->two_factor_authentication->get_feature_key() ),
324 );
325
326 new CloudSecureWP_Admin_Dashboard( $this->info, $datas );
327 }
328
329 /**
330 * ログイン通知ページ
331 *
332 * @return void
333 */
334 public function m_login_notification(): void {
335 require_once 'admin/login-notification.php';
336 new CloudSecureWP_Admin_Login_Notification( $this->info, $this->login_notification );
337 }
338
339 /**
340 * ログイン無効化ページ
341 *
342 * @return void
343 */
344 public function m_disable_login(): void {
345 require_once 'admin/disable-login.php';
346 new CloudSecureWP_Admin_Disable_Login( $this->info, $this->disable_login );
347 }
348
349 /**
350 * ログインURL変更
351 *
352 * @return void
353 */
354 public function m_rename_login_page(): void {
355 require_once 'admin/rename-login-page.php';
356 new CloudSecureWP_Admin_Rename_Login_Page( $this->info, $this->rename_login_page );
357 }
358
359 /**
360 * エラーメッセージ単一化機能
361 *
362 * @return void
363 */
364 public function m_unify_messages(): void {
365 require_once 'admin/unify-messages.php';
366 new CloudSecureWP_Admin_Unify_Messages( $this->info, $this->unify_messages );
367 }
368
369 /**
370 * 管理画面アクセス制限
371 *
372 * @return void
373 */
374 public function m_restrict_admin_page(): void {
375 require_once 'admin/restrict-admin-page.php';
376 new CloudSecureWP_Admin_Restrict_Admin_Page( $this->info, $this->restrict_admin_page );
377 }
378
379 /**
380 * XMLRPC無効化
381 *
382 * @return void
383 */
384 public function m_disable_xmlrpc(): void {
385 require_once 'admin/disable-xmlrpc.php';
386 new CloudSecureWP_Admin_Disable_XMLRPC( $this->info, $this->disable_xmlrpc );
387 }
388
389 /**
390 * ユーザー名漏えい防止
391 *
392 * @return void
393 */
394 public function m_disable_author_query(): void {
395 require_once 'admin/disable-author-query.php';
396 new CloudSecureWP_Admin_Disable_Author_Query( $this->info, $this->disable_author_query );
397 }
398
399 /**
400 * REST API無効化
401 *
402 * @return void
403 */
404 public function m_disable_restapi(): void {
405 require_once 'admin/disable-restapi.php';
406 new CloudSecureWP_Admin_Disable_RESTAPI( $this->info, $this->disable_restapi );
407 }
408
409 /**
410 * アップデート通知
411 *
412 * @return void
413 */
414 public function m_update_notice(): void {
415 require_once 'admin/update-notice.php';
416 new CloudSecureWP_Admin_Update_Notice( $this->info, $this->update_notice );
417 }
418
419 /**
420 * 画像認証追加
421 *
422 * @return void
423 */
424 public function m_captcha(): void {
425 require_once 'admin/captcha.php';
426 new CloudSecureWP_Admin_CAPTCHA( $this->info, $this->captcha );
427 }
428
429 /**
430 * ログイン履歴
431 *
432 * @return void
433 */
434 public function m_login_log(): void {
435 require_once 'admin/login-log.php';
436 require_once 'admin/login-log-table.php';
437 new CloudSecureWP_Admin_Login_Log( $this->info, $this->login_log );
438 }
439
440 /**
441 * 2段階認証
442 *
443 * @return void
444 */
445 public function m_two_factor_authentication(): void {
446 require_once 'admin/two-factor-authentication.php';
447 new CloudSecureWP_Admin_Two_Factor_Authentication( $this->info, $this->two_factor_authentication );
448 }
449
450 /**
451 * 2段階認証のデバイス登録
452 *
453 * @return void
454 */
455 public function m_two_factor_authentication_registration(): void {
456 require_once 'admin/two-factor-authentication-registration.php';
457 new CloudSecureWP_Admin_Two_Factor_Authentication_Registration( $this->info, $this->two_factor_authentication );
458 }
459
460 /**
461 * サーバーエラー通知
462 *
463 * @return void
464 */
465 public function m_server_error_notification(): void {
466 require_once 'admin/server-error-notification.php';
467 require_once 'admin/server-error-table.php';
468 new CloudSecureWP_Admin_Server_Error_Notification( $this->info, $this->server_error_notification );
469 }
470
471 /**
472 * プラグイン更新時の処理
473 *
474 */
475 private function update(): void {
476 $old_version = $this->config->get( 'version' );
477 $now_version = $this->info['version'];
478
479 if ( empty( $old_version ) ) {
480 $old_version = '1.0.0';
481 }
482
483 if ( 0 <= version_compare( $old_version, $now_version ) ) {
484 return;
485 }
486
487 if ( version_compare( $old_version, '1.1.0' ) < 0 ) {
488 $this->two_factor_authentication->activate();
489 $this->server_error_notification->activate();
490 }
491
492 $this->config->set( 'version', $now_version );
493 $this->config->save();
494 }
495 }
496