PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.2.7
CloudSecure WP Security v1.2.7
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / cloudsecure-wp.php
cloudsecure-wp-security / modules Last commit date
admin 1 year ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 1 year ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 1 year ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
cloudsecure-wp.php
512 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 require_once __DIR__ . '/common.php';
8 require_once __DIR__ . '/config.php';
9 require_once __DIR__ . '/htaccess.php';
10 require_once __DIR__ . '/login-notification.php';
11 require_once __DIR__ . '/disable-login.php';
12 require_once __DIR__ . '/rename-login-page.php';
13 require_once __DIR__ . '/unify-messages.php';
14 require_once __DIR__ . '/restrict-admin-page.php';
15 require_once __DIR__ . '/disable-xmlrpc.php';
16 require_once __DIR__ . '/disable-author-query.php';
17 require_once __DIR__ . '/disable-restapi.php';
18 require_once __DIR__ . '/update-notice.php';
19 require_once __DIR__ . '/captcha.php';
20 require_once __DIR__ . '/../really-simple-captcha/really-simple-captcha.php';
21 require_once __DIR__ . '/lib/class-time-based-one-time-password.php';
22 require_once __DIR__ . '/login-log.php';
23 require_once __DIR__ . '/two-factor-authentication.php';
24 require_once __DIR__ . '/server-error-notification.php';
25
26 class CloudSecureWP extends CloudSecureWP_Common {
27 private $config;
28 private $htaccess;
29 private $login_notification;
30 private $disable_login;
31 private $rename_login_page;
32 private $unify_messages;
33 private $restrict_admin_page;
34 private $disable_xmlrpc;
35 private $disable_author_query;
36 private $disable_restapi;
37 private $update_notice;
38 private $captcha;
39 private $login_log;
40 private $two_factor_authentication;
41 private $server_error_notification;
42
43 function __construct( array $info ) {
44 parent::__construct( $info );
45 $this->config = new CloudSecureWP_Config( $info );
46 $this->htaccess = new CloudSecureWP_Htaccess( $info );
47 $this->login_notification = new CloudSecureWP_Login_Notification( $info, $this->config );
48 $this->disable_login = new CloudSecureWP_Disable_Login( $info, $this->config );
49 $this->rename_login_page = new CloudSecureWP_Rename_Login_Page( $info, $this->config, $this->htaccess );
50 $this->unify_messages = new CloudSecureWP_Unify_Messages( $info, $this->config, $this->disable_login );
51 $this->restrict_admin_page = new CloudSecureWP_Restrict_Admin_Page( $info, $this->config, $this->htaccess, $this->disable_login );
52 $this->disable_xmlrpc = new CloudSecureWP_Disable_XMLRPC( $info, $this->config, $this->htaccess );
53 $this->disable_author_query = new CloudSecureWP_Disable_Author_Query( $info, $this->config );
54 $this->disable_restapi = new CloudSecureWP_Disable_RESTAPI( $info, $this->config );
55 $this->update_notice = new CloudSecureWP_Update_Notice( $info, $this->config );
56 $this->captcha = new CloudSecureWP_CAPTCHA( $info, $this->config );
57 $this->login_log = new CloudSecureWP_Login_Log( $info, $this->config, $this->disable_login );
58 $this->two_factor_authentication = new CloudSecureWP_Two_Factor_Authentication( $info, $this->config, $this->disable_login );
59 $this->server_error_notification = new CloudSecureWP_Server_Error_Notification( $info, $this->config );
60 }
61
62 /**
63 * プラグイン実行
64 *
65 * @return void
66 */
67 public function run() {
68 if ( ! $this->check_environment() ) {
69 if ( $this->login_notification->is_enabled() ) {
70 $this->login_notification->deactivate();
71 }
72
73 if ( $this->disable_login->is_enabled() ) {
74 $this->disable_login->deactivate();
75 }
76
77 if ( $this->rename_login_page->is_enabled() ) {
78 $this->rename_login_page->deactivate();
79 }
80
81 if ( $this->unify_messages->is_enabled() ) {
82 $this->unify_messages->deactivate();
83 }
84
85 if ( $this->restrict_admin_page->is_enabled() ) {
86 $this->restrict_admin_page->deactivate();
87 }
88
89 if ( $this->disable_xmlrpc->is_enabled() ) {
90 $this->disable_xmlrpc->deactivate();
91 }
92
93 if ( $this->disable_author_query->is_enabled() ) {
94 $this->disable_author_query->deactivate();
95 }
96
97 if ( $this->disable_restapi->is_enabled() ) {
98 $this->disable_restapi->deactivate();
99 }
100
101 if ( $this->update_notice->is_enabled() ) {
102 $this->update_notice->deactivate();
103 }
104
105 if ( $this->captcha->is_enabled() ) {
106 $this->captcha->deactivate();
107 }
108
109 if ( $this->two_factor_authentication->is_enabled() ) {
110 $this->two_factor_authentication->deactivate();
111 }
112
113 if ( $this->server_error_notification->is_enabled() ) {
114 $this->server_error_notification->deactivate();
115 }
116 } else {
117 if ( $this->server_error_notification->is_enabled() ) {
118 add_filter( 'wp_php_error_args', array( $this->server_error_notification, 'notification' ), 10, 2 );
119 }
120
121 add_action( 'wp_login', array( $this->login_log, 'wp_login' ), 1, 1 );
122 add_action( 'xmlrpc_call', array( $this->login_log, 'xmlrpc_call' ), 10 );
123 add_action( 'wp_login_failed', array( $this->login_log, 'wp_login_failed' ), 20, 1 );
124
125 if ( $this->login_notification->is_enabled() ) {
126 add_action( 'wp_login', array( $this->login_notification, 'notification' ), 10, 2 );
127 }
128
129 if ( $this->disable_login->is_enabled() ) {
130 add_filter( 'shake_error_codes', array( $this->disable_login, 'shake_error_codes' ) );
131 add_filter( 'authenticate', array( $this->disable_login, 'authenticate' ), 99, 3 );
132 add_action( 'wp_login_failed', array( $this->disable_login, 'wp_login_failed' ), 10, 1 );
133 }
134
135 if ( $this->rename_login_page->is_enabled() ) {
136 if ( $this->htaccess->setting_tag_exists( $this->rename_login_page->get_feature_key() ) ) {
137 remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
138 add_action( 'plugins_loaded', array( $this->rename_login_page, 'wp_register_404' ), 10 );
139 add_filter( 'login_init', array( $this->rename_login_page, 'login_init' ), 10, 2 );
140 add_filter( 'site_url', array( $this->rename_login_page, 'site_url' ), 10, 4 );
141 add_filter( 'network_site_url', array( $this->rename_login_page, 'network_site_url' ), 10, 3 );
142 add_filter( 'register', array( $this->rename_login_page, 'register' ), 10, 1 );
143 add_filter( 'wp_redirect', array( $this->rename_login_page, 'wp_redirect' ), 10, 2 );
144 add_filter( 'auth_redirect_scheme', array( $this->rename_login_page, 'auth_redirect_scheme' ), 99, 1 );
145
146 } else {
147 $this->rename_login_page->deactivate();
148 }
149 } else {
150 if ( $this->htaccess->setting_tag_exists( $this->rename_login_page->get_feature_key() ) ) {
151 $this->rename_login_page->deactivate();
152 }
153 }
154
155 if ( $this->unify_messages->is_enabled() ) {
156 add_filter( 'login_errors', array( $this->unify_messages, 'login_errors' ), 10, 1 );
157 }
158
159 if ( $this->restrict_admin_page->is_enabled() ) {
160 if ( $this->htaccess->setting_tag_exists( $this->restrict_admin_page->get_feature_key() ) ) {
161 add_action( 'wp_login', array( $this->restrict_admin_page, 'update' ), 1, 2 );
162
163 } else {
164 $this->restrict_admin_page->deactivate();
165 }
166 } else {
167 if ( $this->htaccess->setting_tag_exists( $this->restrict_admin_page->get_feature_key() ) ) {
168 $this->restrict_admin_page->deactivate();
169 }
170 }
171
172 if ( $this->disable_xmlrpc->is_enabled() ) {
173 if ( $this->disable_xmlrpc->is_pingback_disabled() ) {
174 if ( $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
175 $this->disable_xmlrpc->deactivate();
176 } else {
177 add_filter( 'xmlrpc_methods', array( $this->disable_xmlrpc, 'xmlrpc_methods' ) );
178 }
179 }
180
181 if ( $this->disable_xmlrpc->is_xmlrpc_disabled() ) {
182 if ( ! $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
183 $this->disable_xmlrpc->deactivate();
184 }
185 }
186 } else {
187 if ( $this->htaccess->setting_tag_exists( $this->disable_xmlrpc->get_feature_key() ) ) {
188 $this->disable_xmlrpc->deactivate();
189 }
190 }
191
192 if ( $this->disable_author_query->is_enabled() ) {
193 add_action( 'init', array( $this->disable_author_query, 'init' ) );
194 }
195
196 if ( $this->disable_restapi->is_enabled() ) {
197 add_filter( 'rest_pre_dispatch', array( $this->disable_restapi, 'rest_pre_dispatch' ), 10, 3 );
198 }
199
200 if ( $this->update_notice->is_enabled() ) {
201 $this->update_notice->set_cron();
202 add_action( $this->update_notice->get_cron_key(), array( $this->update_notice, 'update_notice' ) );
203 }
204
205 if ( $this->captcha->is_enabled() && 'xmlrpc.php' !== basename( sanitize_text_field( $_SERVER['SCRIPT_NAME'] ) ) && ! is_admin() ) {
206 add_filter( 'shake_error_codes', array( $this->captcha, 'shake_error_codes' ) );
207
208 if ( $this->captcha->is_login_form_enabled() ) {
209 add_filter( 'login_form', array( $this->captcha, 'login_form' ) );
210 add_action( 'wp_authenticate_user', array( $this->captcha, 'wp_authenticate_user' ), 10, 2 );
211 }
212
213 if ( $this->captcha->is_comment_form_enabled() ) {
214 add_action( 'comment_form_logged_in_after', array( $this->captcha, 'comment_form_default_fields' ), 1 );
215 add_action( 'comment_form_after_fields', array( $this->captcha, 'comment_form_default_fields' ) );
216 add_filter( 'preprocess_comment', array( $this->captcha, 'preprocess_comment' ) );
217 }
218
219 if ( $this->captcha->is_lost_password_form_enabled() ) {
220 add_filter( 'lostpassword_form', array( $this->captcha, 'lostpassword_form' ) );
221 add_filter( 'allow_password_reset', array( $this->captcha, 'allow_password_reset' ), 10, 2 );
222 }
223
224 if ( $this->captcha->is_register_form_enabled() ) {
225 add_action( 'register_form', array( $this->captcha, 'register_form' ) );
226 add_action( 'register_post', array( $this->captcha, 'register_post' ), 10, 3 );
227 }
228 }
229
230 if ( $this->two_factor_authentication->is_enabled() && 'xmlrpc.php' !== basename( $_SERVER['SCRIPT_NAME'] ) && ! is_admin() ) {
231 add_action( 'wp_login', array( $this->two_factor_authentication, 'wp_login' ), 0, 2 );
232 add_action( 'wp_login', array( $this->two_factor_authentication, 'redirect_if_not_two_factor_authentication_registered' ), 10, 2 );
233 }
234 }
235
236 if ( is_admin() ) {
237 if ( 'cloudsecurewp_rename_login_page' === sanitize_text_field( $_GET['page'] ?? '' ) ) {
238 ob_start();
239 }
240
241 $this->update();
242
243 add_action( 'admin_menu', array( $this, 'admin_menu' ) );
244 }
245 }
246
247 /**
248 * プラグイン有効化
249 */
250 public function activate(): void {
251 $this->config->rm();
252 $this->config->set( 'version', $this->info['version'] );
253 $this->config->save();
254
255 $this->login_notification->activate();
256 $this->disable_login->activate();
257 $this->rename_login_page->activate();
258 $this->unify_messages->activate();
259 $this->restrict_admin_page->activate();
260 $this->disable_xmlrpc->activate();
261 $this->disable_author_query->activate();
262 $this->disable_restapi->activate();
263 $this->update_notice->activate();
264 $this->captcha->activate();
265 $this->login_log->activate();
266 $this->two_factor_authentication->activate();
267 $this->server_error_notification->activate();
268 }
269
270 /**
271 * プラグイン無効化
272 */
273 public function deactivate(): void {
274 $this->config->load_option();
275 $this->login_notification->deactivate();
276 $this->disable_login->deactivate();
277 $this->rename_login_page->deactivate();
278 $this->unify_messages->deactivate();
279 $this->restrict_admin_page->deactivate();
280 $this->disable_xmlrpc->deactivate();
281 $this->disable_author_query->deactivate();
282 $this->disable_restapi->deactivate();
283 $this->update_notice->deactivate();
284 $this->captcha->deactivate();
285 $this->two_factor_authentication->deactivate();
286 $this->server_error_notification->deactivate();
287 }
288
289 /**
290 * admin menuを追加
291 */
292 public function admin_menu(): void {
293 require_once __DIR__ . '/admin/common.php';
294
295 wp_enqueue_style( 'cloudsecurewp', $this->info['plugin_url'] . 'assets/css/style.css' );
296
297 $slug = 'cloudsecurewp';
298 add_menu_page( $this->info['plugin_name'], $this->info['plugin_name'], 'manage_options', $slug, array( $this, 'dashboard' ), $this->info['plugin_url'] . 'assets/images/plugin-icon.png' );
299 add_submenu_page( $slug, 'ダッシュボード', 'ダッシュボード', 'manage_options', $slug, array( $this, 'dashboard' ) );
300 add_submenu_page( $slug, 'ログイン無効化', 'ログイン無効化', 'manage_options', $slug . '_disable_login', array( $this, 'm_disable_login' ) );
301 add_submenu_page( $slug, 'ログインURL変更', 'ログインURL変更', 'manage_options', $slug . '_rename_login_page', array( $this, 'm_rename_login_page' ) );
302 add_submenu_page( $slug, 'ログインエラーメッセージ統一', 'ログインエラーメッセージ統一', 'manage_options', $slug . '_unify_messages', array( $this, 'm_unify_messages' ) );
303 add_submenu_page( $slug, '管理画面アクセス制限', '管理画面アクセス制限', 'manage_options', $slug . '_restrict_admin_page', array( $this, 'm_restrict_admin_page' ) );
304 add_submenu_page( $slug, 'ユーザー名漏えい防止', 'ユーザー名漏えい防止', 'manage_options', $slug . '_disable_author_query', array( $this, 'm_disable_author_query' ) );
305 add_submenu_page( $slug, 'XML-RPC無効化', 'XML-RPC無効化', 'manage_options', $slug . '_disable_xmlrpc', array( $this, 'm_disable_xmlrpc' ) );
306 add_submenu_page( $slug, 'REST API無効化', 'REST API無効化', 'manage_options', $slug . '_disable_restapi', array( $this, 'm_disable_restapi' ) );
307 add_submenu_page( $slug, '画像認証追加', '画像認証追加', 'manage_options', $slug . '_captcha', array( $this, 'm_captcha' ) );
308 add_submenu_page( $slug, '2段階認証', '2段階認証', 'manage_options', $slug . '_two_factor_authentication', array( $this, 'm_two_factor_authentication' ) );
309 add_submenu_page( $slug, 'ログイン通知', 'ログイン通知', 'manage_options', $slug . '_login_notification', array( $this, 'm_login_notification' ) );
310 add_submenu_page( $slug, 'アップデート通知', 'アップデート通知', 'manage_options', $slug . '_update_notification', array( $this, 'm_update_notice' ) );
311 add_submenu_page( $slug, 'サーバーエラー通知', 'サーバーエラー通知', 'manage_options', $slug . '_server_error_notification', array( $this, 'm_server_error_notification' ) );
312 add_submenu_page( $slug, 'ログイン履歴', 'ログイン履歴', 'manage_options', $slug . '_login_log', array( $this, 'm_login_log' ) );
313
314 if ( $this->two_factor_authentication->is_enabled_on_screen() ) {
315 add_menu_page( 'デバイス登録', '2段階認証', 'read', $slug . '_two_factor_authentication_registration', array( $this, 'm_two_factor_authentication_registration' ), 'dashicons-lock', 72 );
316 }
317 }
318
319 /**
320 * ダッシュボードページ
321 *
322 * @return void
323 */
324 public function dashboard(): void {
325 require_once 'admin/dashboard.php';
326
327 $datas = array(
328 $this->login_notification->get_feature_key() => $this->config->get( $this->login_notification->get_feature_key() ),
329 $this->disable_login->get_feature_key() => $this->config->get( $this->disable_login->get_feature_key() ),
330 $this->rename_login_page->get_feature_key() => $this->config->get( $this->rename_login_page->get_feature_key() ),
331 $this->unify_messages->get_feature_key() => $this->config->get( $this->unify_messages->get_feature_key() ),
332 $this->restrict_admin_page->get_feature_key() => $this->config->get( $this->restrict_admin_page->get_feature_key() ),
333 $this->disable_xmlrpc->get_feature_key() => $this->config->get( $this->disable_xmlrpc->get_feature_key() ),
334 $this->disable_author_query->get_feature_key() => $this->config->get( $this->disable_author_query->get_feature_key() ),
335 $this->disable_restapi->get_feature_key() => $this->config->get( $this->disable_restapi->get_feature_key() ),
336 $this->update_notice->get_feature_key() => $this->config->get( $this->update_notice->get_feature_key() ),
337 $this->server_error_notification->get_feature_key() => $this->config->get( $this->server_error_notification->get_feature_key() ),
338 $this->captcha->get_feature_key() => $this->config->get( $this->captcha->get_feature_key() ),
339 $this->two_factor_authentication->get_feature_key() => $this->config->get( $this->two_factor_authentication->get_feature_key() ),
340 );
341
342 new CloudSecureWP_Admin_Dashboard( $this->info, $datas );
343 }
344
345 /**
346 * ログイン通知ページ
347 *
348 * @return void
349 */
350 public function m_login_notification(): void {
351 require_once 'admin/login-notification.php';
352 new CloudSecureWP_Admin_Login_Notification( $this->info, $this->login_notification );
353 }
354
355 /**
356 * ログイン無効化ページ
357 *
358 * @return void
359 */
360 public function m_disable_login(): void {
361 require_once 'admin/disable-login.php';
362 new CloudSecureWP_Admin_Disable_Login( $this->info, $this->disable_login );
363 }
364
365 /**
366 * ログインURL変更
367 *
368 * @return void
369 */
370 public function m_rename_login_page(): void {
371 require_once 'admin/rename-login-page.php';
372 new CloudSecureWP_Admin_Rename_Login_Page( $this->info, $this->rename_login_page );
373 }
374
375 /**
376 * エラーメッセージ単一化機能
377 *
378 * @return void
379 */
380 public function m_unify_messages(): void {
381 require_once 'admin/unify-messages.php';
382 new CloudSecureWP_Admin_Unify_Messages( $this->info, $this->unify_messages );
383 }
384
385 /**
386 * 管理画面アクセス制限
387 *
388 * @return void
389 */
390 public function m_restrict_admin_page(): void {
391 require_once 'admin/restrict-admin-page.php';
392 new CloudSecureWP_Admin_Restrict_Admin_Page( $this->info, $this->restrict_admin_page );
393 }
394
395 /**
396 * XMLRPC無効化
397 *
398 * @return void
399 */
400 public function m_disable_xmlrpc(): void {
401 require_once 'admin/disable-xmlrpc.php';
402 new CloudSecureWP_Admin_Disable_XMLRPC( $this->info, $this->disable_xmlrpc );
403 }
404
405 /**
406 * ユーザー名漏えい防止
407 *
408 * @return void
409 */
410 public function m_disable_author_query(): void {
411 require_once 'admin/disable-author-query.php';
412 new CloudSecureWP_Admin_Disable_Author_Query( $this->info, $this->disable_author_query );
413 }
414
415 /**
416 * REST API無効化
417 *
418 * @return void
419 */
420 public function m_disable_restapi(): void {
421 require_once 'admin/disable-restapi.php';
422 new CloudSecureWP_Admin_Disable_RESTAPI( $this->info, $this->disable_restapi );
423 }
424
425 /**
426 * アップデート通知
427 *
428 * @return void
429 */
430 public function m_update_notice(): void {
431 require_once 'admin/update-notice.php';
432 new CloudSecureWP_Admin_Update_Notice( $this->info, $this->update_notice );
433 }
434
435 /**
436 * 画像認証追加
437 *
438 * @return void
439 */
440 public function m_captcha(): void {
441 require_once 'admin/captcha.php';
442 new CloudSecureWP_Admin_CAPTCHA( $this->info, $this->captcha );
443 }
444
445 /**
446 * ログイン履歴
447 *
448 * @return void
449 */
450 public function m_login_log(): void {
451 require_once 'admin/login-log.php';
452 require_once 'admin/login-log-table.php';
453 new CloudSecureWP_Admin_Login_Log( $this->info, $this->login_log );
454 }
455
456 /**
457 * 2段階認証
458 *
459 * @return void
460 */
461 public function m_two_factor_authentication(): void {
462 require_once 'admin/two-factor-authentication.php';
463 new CloudSecureWP_Admin_Two_Factor_Authentication( $this->info, $this->two_factor_authentication );
464 }
465
466 /**
467 * 2段階認証のデバイス登録
468 *
469 * @return void
470 */
471 public function m_two_factor_authentication_registration(): void {
472 require_once 'admin/two-factor-authentication-registration.php';
473 new CloudSecureWP_Admin_Two_Factor_Authentication_Registration( $this->info, $this->two_factor_authentication );
474 }
475
476 /**
477 * サーバーエラー通知
478 *
479 * @return void
480 */
481 public function m_server_error_notification(): void {
482 require_once 'admin/server-error-notification.php';
483 require_once 'admin/server-error-table.php';
484 new CloudSecureWP_Admin_Server_Error_Notification( $this->info, $this->server_error_notification );
485 }
486
487 /**
488 * プラグイン更新時の処理
489 *
490 */
491 private function update(): void {
492 $old_version = $this->config->get( 'version' );
493 $now_version = $this->info['version'];
494
495 if ( empty( $old_version ) ) {
496 $old_version = '1.0.0';
497 }
498
499 if ( 0 <= version_compare( $old_version, $now_version ) ) {
500 return;
501 }
502
503 if ( version_compare( $old_version, '1.1.0' ) < 0 ) {
504 $this->two_factor_authentication->activate();
505 $this->server_error_notification->activate();
506 }
507
508 $this->config->set( 'version', $now_version );
509 $this->config->save();
510 }
511 }
512