functions.php — Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.5.0.1

really-simple-ssl / security / functions.php

really-simple-ssl / security Last commit date

includes 1 year ago server 9 months ago tests 1 year ago wordpress 9 months ago class-rsssl-htaccess-file-manager.php 9 months ago cron.php 1 year ago deactivate-integration.php 3 years ago firewall-manager.php 9 months ago functions.php 9 months ago hardening.php 1 year ago index.php 2 years ago integrations.php 1 year ago notices.php 1 year ago security.php 9 months ago sync-settings.php 1 year ago tests.php 1 year ago

functions.php

659 lines

1	<?php
2
3	use RSSSL\Security\RSSSL_Htaccess_File_Manager;
4
5	defined( 'ABSPATH' ) or die( );
6	/**
7	* Back-end available only
8	*/
9	if ( !function_exists('rsssl_do_fix')) {
10	/**
11	* Complete a fix for an issue, either user triggered, or automatic
12	*
13	* @param $fix
14	*
15	* @return void
16	*/
17	function rsssl_do_fix( $fix ) {
18	if ( ! rsssl_user_can_manage() ) {
19	return;
20	}
21
22	if ( ! rsssl_has_fix( $fix ) && function_exists( $fix ) ) {
23	$completed[] = $fix;
24	$fix();
25	$completed = get_option( 'rsssl_completed_fixes', [] );
26	$completed[] = $fix;
27	update_option( 'rsssl_completed_fixes', $completed );
28	} else if ( $fix && ! function_exists( $fix ) ) {
29	}
30
31	}
32	}
33	if ( !function_exists('rsssl_has_fix')) {
34
35	/**
36	* Check if this has been fixed already
37	*
38	* @param $fix
39	*
40	* @return bool
41	*/
42	function rsssl_has_fix( $fix ) {
43	$completed = get_option( 'rsssl_completed_fixes', [] );
44	if ( ! in_array( $fix, $completed ) ) {
45	return false;
46	}
47
48	return true;
49	}
50	}
51
52	if ( !function_exists('rsssl_admin_url')) {
53	/**
54	* Get admin url, adjusted for multisite
55	* @param array $args //query args
56	* @param string $path //hash slug for the settings pages (e.g. #dashboard)
57	* @return string
58	*/
59	function rsssl_admin_url(array $args = [], string $path = ''): string {
60	$url = is_multisite() ? network_admin_url('admin.php') : admin_url('admin.php');
61	$args = wp_parse_args($args, ['page' => 'really-simple-security']);
62	return add_query_arg($args, $url) . $path;
63	}
64	}
65
66	if ( !function_exists('rsssl_maybe_clear_transients')) {
67	/**
68	* If the corresponding setting has been changed, clear the test cache and re-run it.
69	*
70	* @return void
71	*/
72	function rsssl_maybe_clear_transients( $field_id, $field_value, $prev_value, $field_type ) {
73	if ( $field_id === 'mixed_content_fixer' && $field_value ) {
74	delete_transient( 'rsssl_mixed_content_fixer_detected' );
75	RSSSL()->admin->mixed_content_fixer_detected();
76	}
77
78	//expire in five minutes
79	$headers = get_transient('rsssl_can_use_curl_headers_check');
80	set_transient('rsssl_can_use_curl_headers_check', $headers, 5 * MINUTE_IN_SECONDS);
81
82	//no change
83	if ( $field_value === $prev_value ) {
84	return;
85	}
86
87	if ( $field_id === 'disable_http_methods' ) {
88	delete_option( 'rsssl_http_methods_allowed' );
89	rsssl_http_methods_allowed();
90	}
91	if ( $field_id === 'xmlrpc' ) {
92	delete_transient( 'rsssl_xmlrpc_allowed' );
93	rsssl_xmlrpc_allowed();
94	}
95	if ( $field_id === 'disable_indexing' ) {
96	delete_transient( 'rsssl_directory_indexing_status' );
97	rsssl_directory_indexing_allowed();
98	}
99	if ( $field_id === 'block_code_execution_uploads' ) {
100	delete_transient( 'rsssl_code_execution_allowed_status' );
101	rsssl_code_execution_allowed();
102	}
103	if ( $field_id === 'hide_wordpress_version' ) {
104	delete_option( 'rsssl_wp_version_detected' );
105	rsssl_src_contains_wp_version();
106	}
107	if ( $field_id === 'rename_admin_user' ) {
108	delete_transient('rsssl_admin_user_count');
109	rsssl_has_admin_user();
110	}
111
112	}
113
114	add_action( "rsssl_after_save_field", 'rsssl_maybe_clear_transients', 100, 4 );
115	}
116
117	if ( !function_exists('rsssl_remove_htaccess_security_edits') ) {
118	/**
119	* Clean up on deactivation
120	*
121	* @return void
122	*/
123	function rsssl_remove_htaccess_security_edits() {
124
125	if ( ! rsssl_user_can_manage() ) {
126	return;
127	}
128
129	if ( ! rsssl_uses_htaccess() ) {
130	return;
131	}
132
133	$htaccess_file = RSSSL()->admin->htaccess_file();
134	if ( ! file_exists( $htaccess_file ) ) {
135	return;
136	}
137
138	$start = "\n" . '#Begin Really Simple Security';
139	$end = '#End Really Simple Security' . "\n";
140	$pattern = '/'.$start.'(.*?)'.$end.'/is';
141
142	/**
143	* htaccess in uploads dir
144	*/
145	$upload_dir = wp_get_upload_dir();
146	$htaccess_file_uploads = trailingslashit( $upload_dir['basedir']).'.htaccess';
147	$content_htaccess_uploads = is_file($htaccess_file_uploads ) ? file_get_contents($htaccess_file_uploads) : '';
148	if (preg_match($pattern, $content_htaccess_uploads) && is_writable( $htaccess_file_uploads )) {
149	$content_htaccess_uploads = preg_replace($pattern, "", $content_htaccess_uploads);
150	error_log('Removing security edits from uploads .htaccess file');
151	file_put_contents( $htaccess_file_uploads, $content_htaccess_uploads );
152	}
153	// Uses the new conversion of the htaccess file manager
154	$root_htaccess_file = RSSSL()->admin->htaccess_file();
155
156	$root_manager = RSSSL_Htaccess_File_Manager::get_instance();
157
158	/*
159	* This is the root .htaccess file, which is used for security rules.
160	* We will clear the security rules from this file.
161	* This is done by clearing the rules that were added by the plugin.
162	* The rules are identified by their marker, which is a comment line in the .htaccess file.
163	* The marker is used to identify the rules that were added by the plugin.
164	*
165	* note: Only this is for the root .htaccess file, not the uploads .htaccess file.
166	*/
167	if ( $root_manager->validate_htaccess_file_path() ) {
168	// Clear redirect rules block
169	$root_manager->clear_rule( 'Really Simple Security Redirect', 'clear redirect 1' );
170	//Legacy rules
171	$root_manager->clear_legacy_rule( 'Really Simple Security Redirect' );
172	// Clear any remaining security rules block
173	$root_manager->clear_legacy_rule( 'Really Simple Security' );
174	// Clear no-indexing block
175	$root_manager->clear_rule( 'Really Simple Security No Index', 'clear no index' );
176	// Clear legacy Really Simple SSL block
177	$root_manager->clear_legacy_rule( 'rlrssslReallySimpleSSL' );
178	}
179	}
180	}
181
182
183	/**
184	* Wrap the security headers
185	*/
186	if ( ! function_exists('rsssl_wrap_htaccess' ) ) {
187	function rsssl_wrap_htaccess() {
188	if ( ! rsssl_htaccess_should_wrap() ) {
189	return;
190	}
191	update_option( 'rsssl_htaccess_should_wrap', true, false );
192
193	rsssl_htaccess_clear_errors();
194	rsssl_handle_uploads_htaccess();
195	rsssl_handle_root_htaccess();
196	rsssl_htaccess_finalize();
197	}
198	add_action('admin_init', 'rsssl_wrap_htaccess' );
199	add_action('rsssl_after_saved_fields', 'rsssl_wrap_htaccess', 30);
200	}
201
202	/**
203	* Check whether we should wrap htaccess.
204	*
205	* @return bool
206	*/
207	function rsssl_htaccess_should_wrap(): bool {
208	if ( ! rsssl_user_can_manage() \|\| ! rsssl_uses_htaccess() ) {
209	return false;
210	}
211	if ( rsssl_get_option('do_not_edit_htaccess') ) {
212	delete_site_option('rsssl_htaccess_error');
213	delete_site_option('rsssl_htaccess_rules');
214	return false;
215	}
216
217	if ( get_option('rsssl_updating_htaccess') ) {
218	return false;
219	}
220	return true;
221	}
222
223	/**
224	* Finalize htaccess wrapping by removing the updating flag.
225	*/
226	function rsssl_htaccess_finalize(): void {
227	delete_option('rsssl_updating_htaccess');
228	}
229
230	/**
231	* Handle root directory .htaccess wrapping.
232	*/
233	function rsssl_handle_root_htaccess(): void {
234	$rules = apply_filters( 'rsssl_htaccess_security_rules', [] );
235	$htaccess_file = RSSSL()->admin->htaccess_file();
236	// If there are no rules at all, nothing to do (or record an error)
237	if ( empty( $rules ) ) {
238	delete_site_option( 'rsssl_htaccess_error' );
239	delete_site_option( 'rsssl_htaccess_rules' );
240	return;
241	}
242
243	// If file doesn’t exist yet, record that and cache the rules for later
244	if ( ! is_file( $htaccess_file ) ) {
245	update_site_option( 'rsssl_htaccess_error', 'not-exists' );
246	update_site_option( 'rsssl_htaccess_rules', implode( '', array_column( $rules, 'rules' ) ) );
247	return;
248	}
249
250	if ( is_file( $htaccess_file ) ) {
251	// Main path: file exists and we have rules
252	$manager = new RSSSL_Htaccess_File_Manager();
253	$manager->set_htaccess_file_path( $htaccess_file );
254
255	$definition = '';
256	$no_index_definition = '';
257
258	// 1) Drop any legacy blocks
259	rsssl_clear_legacy_rules( $manager );
260
261	// 2) Build the new redirect‐rules block
262	foreach ( $rules as $idx => $rule ) {
263	if ( isset( $rule['identifier'] ) && $rule['identifier'] === 'RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1' ) {
264	// removing the identifier from the rule, as it is not used in the new htaccess file manager
265	unset( $rule['identifier'] );
266	// 2.2) Add the redirect block
267	$definition = rsssl_build_redirect_block( $manager, $rule );
268	// remove this rule
269	unset( $rules[ $idx ] );
270	break; // stop after first match
271	}
272	}
273
274	foreach ( $rules as $idx => $rule ) {
275	if ( isset( $rule['identifier'] ) && $rule['identifier'] === 'Options -Indexes' ) {
276	// removing the identifier from the rule, as it is not used in the new htaccess file manager
277	unset( $rule['identifier'] );
278	// 2.1) Add the no-indexing block
279	$no_index_definition = rsssl_build_no_index_block( $manager );
280	// remove this rule
281	unset( $rules[ $idx ] );
282	break; // stop after first match
283	}
284	}
285
286	// 3) If the file isn’t writable, record an error; otherwise write it
287	if ( ! is_writable( $htaccess_file ) ) {
288	update_site_option( 'rsssl_htaccess_error', 'not-writable' );
289
290	if (is_array($definition) && !empty($definition['lines'])) {
291	update_site_option( 'rsssl_htaccess_rules', implode( "\n", $definition['lines']));
292	}
293	return;
294	}
295
296	delete_site_option( 'rsssl_htaccess_error' );
297	delete_site_option( 'rsssl_htaccess_rules' );
298
299	if( !empty( $no_index_definition['lines'] ) ) {
300	// If we have a no-indexing block, write it first
301	$manager->write_rule( $no_index_definition, 'Writing no index block' );
302	} elseif( ! rsssl_get_option( 'disable_indexing', false ) ) {
303	// If we don’t have a no-indexing block, clear it
304	$manager->clear_rule( 'Really Simple Security No Index', 'clear no index' );
305	}
306	// // 4) Write the redirect block but only if it’s not empty
307	if ( ! empty( $definition['lines'] ) ) {
308	$manager->write_rule( $definition, 'Writing redirect block' );
309	}
310	if ( empty( $definition['lines'] ) && rsssl_get_option('redirect') !== 'htaccess' ) {
311	$manager->clear_rule( 'Really Simple Security Redirect', 'clear redirect 2 and value of config:' . rsssl_get_option('redirect') );
312	}
313	}
314	}
315
316	/**
317	* Build the redirect block for the .htaccess file.
318	*
319	* @param RSSSL_Htaccess_File_Manager $m
320	* @param array $lines the lines for the redirect block.
321	*
322	* @return array
323	*/
324	function rsssl_build_redirect_block( RSSSL_Htaccess_File_Manager $m, array $lines = [] ): array
325	{
326	if ( empty($lines) ) {
327	return [
328	'marker' => 'Really Simple Security Redirect',
329	'lines' => [],
330	];
331	}
332
333	// In case legacy markers are present, skip the rule. They should be
334	// cleared before this function is called.
335	$legacyMarkerPresent = $m->are_markers_present([
336	'#BEGIN Really Simple Security Redirect',
337	'#END Really Simple Security Redirect',
338	]);
339
340	return [
341	'marker' => 'Really Simple Security Redirect',
342	'lines' => $lines,
343	];
344	}
345
346	function rsssl_build_no_index_block( RSSSL_Htaccess_File_Manager $m ): array {
347	$content = $m->get_htaccess_content() ?: '';
348	$no_index = 'Options -Indexes';
349	if ( strpos( $content, $no_index ) !== false ) {
350	return [];
351	}
352
353	return [
354	'marker' => 'Really Simple Security No Index',
355	'lines' => [ $no_index ],
356	];
357	}
358
359	/**
360	* Handle uploads directory .htaccess wrapping.
361	* TODO also needs to convert to the new file manager.
362	*/
363	function rsssl_handle_uploads_htaccess(): void {
364	$start = '#Begin Really Simple Security';
365	$end = "\n" . '#End Really Simple Security' . "\n";
366	$pattern_content = '/' . preg_quote( $start, '/' ) . '(.*?)' . preg_quote( $end, '/' ) . '/is';
367	$pattern = '/' . preg_quote( $start, '/' ) . '.*?' . preg_quote( $end, '/' ) . '/is';
368	$rules_uploads = apply_filters( 'rsssl_htaccess_security_rules_uploads', [] );
369	$upload_dir = wp_get_upload_dir();
370	$htaccess_uploads = trailingslashit( $upload_dir['basedir'] ) . '.htaccess';
371
372	if ( ! is_file( $htaccess_uploads ) && count( $rules_uploads ) > 0 ) {
373	if ( is_writable( trailingslashit( $upload_dir['basedir'] ) ) ) {
374	file_put_contents( $htaccess_uploads, '' );
375	} else {
376	update_site_option( 'rsssl_uploads_htaccess_error', 'not-writable' );
377	$rules_uploads_result = implode( '', array_column( $rules_uploads, 'rules' ) );
378	update_site_option( 'rsssl_uploads_htaccess_rules', $rules_uploads_result );
379	}
380	}
381
382	if ( is_file( $htaccess_uploads ) ) {
383	$content = file_get_contents( $htaccess_uploads );
384	preg_match( $pattern_content, $content, $matches );
385
386	if ( ( ! empty( $matches[1] ) && empty( $rules_uploads ) ) \|\| ! empty( $rules_uploads ) ) {
387	$rules_uploads_result = '';
388	foreach ( $rules_uploads as $rule ) {
389	if ( strpos( $content, $rule['identifier'] ) !== false && ! preg_match( '/' . preg_quote( $start, '/' ) . '.?(' . preg_quote( $rule['identifier'], '/' ) . ').?' . preg_quote( $end, '/' ) . '/is', $content ) ) {
390	continue;
391	}
392	$rules_uploads_result .= $rule['rules'];
393	}
394
395	$has_block = preg_match( '/#Begin Really Simple Security.*?#End Really Simple Security/is', $content );
396	if ( ! empty( $rules_uploads_result ) \|\| $has_block ) {
397	if ( ! is_file( $htaccess_uploads ) ) {
398	file_put_contents( $htaccess_uploads, '' );
399	}
400	$new_block = empty( $rules_uploads_result ) ? '' : $start . $rules_uploads_result . $end;
401
402	if ( ! is_writable( $htaccess_uploads ) ) {
403	update_site_option( 'rsssl_uploads_htaccess_error', 'not-writable' );
404	update_site_option( 'rsssl_uploads_htaccess_rules', $rules_uploads_result );
405	} else {
406	delete_site_option( 'rsssl_uploads_htaccess_error' );
407	delete_site_option( 'rsssl_uploads_htaccess_rules' );
408	$cleaned = preg_replace( $pattern, '', $content );
409	$new = $cleaned . "\n" . $new_block;
410	$new = preg_replace( "/\n{3,}/", "\n\n", $new );
411	if ( file_get_contents( $htaccess_uploads ) !== $new ) {
412	file_put_contents( $htaccess_uploads, $new );
413	}
414	}
415	}
416	}
417	}
418	}
419
420	/**
421	* Clear any stored htaccess errors/options.
422	*/
423	function rsssl_htaccess_clear_errors(): void {
424	delete_site_option('rsssl_htaccess_error');
425	delete_site_option('rsssl_htaccess_rules');
426	delete_site_option('rsssl_uploads_htaccess_error');
427	delete_site_option('rsssl_uploads_htaccess_rules');
428	}
429
430	function rsssl_clear_legacy_rules( RSSSL_Htaccess_File_Manager $m ) {
431	foreach ( [
432	'rlrssslReallySimpleSSL',
433	'Really Simple Security',
434	'Really Simple Security Redirect',
435	] as $marker ) {
436	$m->clear_legacy_rule( $marker );
437	}
438	}
439
440	/**
441	* Store warning blocks for later use in the mailer
442	*
443	* @param array $changed_fields
444	*
445	* @return void
446	*/
447	function rsssl_gather_warning_blocks_for_mail( array $changed_fields ){
448	if (!rsssl_user_can_manage() ) {
449	return;
450	}
451
452	if ( !rsssl_get_option('send_notifications_email') ) {
453	return;
454	}
455
456	$fields = array_filter($changed_fields, static function($field) {
457	// Check if email_condition exists and call the function, else assume true
458	if ( !isset($field['email']['condition']) ) {
459	$email_condition_result = true;
460	} else if (is_array($field['email']['condition'])) {
461	//rsssl option check
462	$fieldname = array_key_first($field['email']['condition']);
463	$value = $field['email']['condition'][$fieldname];
464	$email_condition_result = rsssl_get_option($fieldname) === $value;
465	} else {
466	//function check
467	$function = $field['email']['condition'];
468	$email_condition_result = function_exists($function) && $function();
469	}
470	return isset($field['email']['message']) && $field['value'] && $email_condition_result;
471	});
472
473	if ( count($fields)===0 ) {
474	return;
475	}
476	$current_fields = get_option('rsssl_email_warning_fields', []);
477	//if it's empty, we start counting time. 30 mins later we send a mail.
478	update_option('rsssl_email_warning_fields_saved', time(), false );
479
480	$current_ids = array_column($current_fields, 'id');
481	foreach ($fields as $field){
482	if ( !in_array( $field['id'], $current_ids, true ) ) {
483	$current_fields[] = $field;
484	}
485	}
486	update_option('rsssl_email_warning_fields', $current_fields, false);
487	}
488	add_action('rsssl_after_saved_fields', 'rsssl_gather_warning_blocks_for_mail', 40);
489
490	/**
491	* Check if server uses .htaccess
492	* @return bool
493	*/
494	function rsssl_uses_htaccess() {
495	//when using WP CLI, the get_server check does not work, so we assume .htaccess is being used
496	//and rely on the file exists check to catch if not.
497	if ( defined( 'WP_CLI' ) && WP_CLI ) {
498	return true;
499	}
500	return rsssl_get_server() === 'apache' \|\| rsssl_get_server() === 'litespeed';
501	}
502
503	/**
504	* Get htaccess status
505	* @return string \| bool
506	*/
507	function rsssl_htaccess_status(){
508	if ( empty(get_site_option('rsssl_htaccess_rules','')) ) {
509	return false;
510	}
511	return get_site_option('rsssl_htaccess_error');
512	}
513
514	/**
515	* Get htaccess status
516	* @return string \| bool
517	*/
518
519	function rsssl_uploads_htaccess_status(){
520	if ( empty(get_site_option('rsssl_uploads_htaccess_rules','')) ) {
521	return false;
522	}
523	return get_site_option('rsssl_uploads_htaccess_error');
524	}
525
526	/**
527	* @return string\|null
528	* Get the wp-config.php path
529	*/
530	function rsssl_find_wp_config_path() {
531	if ( ! rsssl_user_can_manage() ) {
532	return null;
533	}
534
535	// Allow the wp-config.php path to be overridden via a filter.
536	$filtered_path = apply_filters( 'rsssl_wpconfig_path', '' );
537
538	// If a filtered path is provided, validate it.
539	if ( ! empty( $filtered_path ) ) {
540	$directory = dirname( $filtered_path );
541
542	// Ensure the directory exists before checking for the file.
543	if ( is_dir( $directory ) && file_exists( $filtered_path ) ) {
544	return $filtered_path;
545	}
546	}
547
548	// Limit number of iterations to 10
549	$i = 0;
550	$dir = __DIR__;
551	do {
552	$i ++;
553	if ( file_exists( $dir . "/wp-config.php" ) ) {
554	return $dir . "/wp-config.php";
555	}
556	} while ( ( $dir = realpath( "$dir/.." ) ) && ( $i < 10 ) );
557
558	return null;
559	}
560
561	/**
562	* Returns the server type of the plugin user.
563	*
564	* @return string\|bool server type the user is using of false if undetectable.
565	*/
566
567	function rsssl_get_server() {
568	//Allows to override server authentication for testing or other reasons.
569	if ( defined( 'RSSSL_SERVER_OVERRIDE' ) ) {
570	return RSSSL_SERVER_OVERRIDE;
571	}
572
573	$server_raw = strtolower( htmlspecialchars( $_SERVER['SERVER_SOFTWARE'], ENT_QUOTES \| ENT_HTML5 ) );
574
575	//figure out what server they're using
576	if ( strpos( $server_raw, 'apache' ) !== false ) {
577	return 'apache';
578	} elseif ( strpos( $server_raw, 'nginx' ) !== false ) {
579	return 'nginx';
580	} elseif ( strpos( $server_raw, 'litespeed' ) !== false ) {
581	return 'litespeed';
582	} else { //unsupported server
583	return false;
584	}
585	}
586
587	/**
588	* @return string
589	* Generate a random prefix
590	*/
591
592	function rsssl_generate_random_string($length) {
593	$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
594	$randomString = '';
595
596	for ( $i = 0; $i < $length; $i++ ) {
597	$index = rand(0, strlen($characters) - 1);
598	$randomString .= $characters[$index];
599	}
600
601	return $randomString;
602	}
603
604	/**
605	* @return string
606	*
607	* Get users as string to display
608	*/
609	function rsssl_list_users_where_display_name_is_login_name() {
610
611	if ( !rsssl_user_can_manage() ) {
612	return '';
613	}
614	$users = rsssl_get_users_where_display_name_is_login( true );
615	if ( is_array( $users ) ) {
616	$ext = count($users)>=10 ? '...' : '';
617	$users = array_slice($users, 0, 10);
618	return implode( ', ', $users ).$ext;
619	}
620
621	return '';
622	}
623
624	/**
625	* Check if user e-mail is verified
626	* @return bool
627	*/
628	function rsssl_is_email_verified() {
629	$verificationStatus = get_option('rsssl_email_verification_status');
630	if (rsssl_user_can_manage() && $verificationStatus == 'completed') {
631	return true;
632	}
633
634	// User cannot manage or status is ['started', 'email_changed']
635	return false;
636	}
637
638	function rsssl_remove_prefix_from_version($version) {
639	return preg_replace('/^[^\d]*(?=\d)/', '', $version);
640	}
641	function rsssl_version_compare($version, $compare_to, $operator = null) {
642	$version = rsssl_remove_prefix_from_version($version);
643	$compare_to = rsssl_remove_prefix_from_version($compare_to);
644	return version_compare($version, $compare_to, $operator);
645	}
646
647	function rsssl_maybe_disable_404_blocking() {
648	$option_value = get_option( 'rsssl_homepage_contains_404_resources', false );
649	// Explicitly check for boolean true or string "true"
650	return $option_value === true \|\| $option_value === "true";
651	}
652
653	function rsssl_lock_file_exists() {
654	if ( file_exists( trailingslashit( WP_CONTENT_DIR ) . 'rsssl-safe-mode.lock' ) ) {
655	return true;
656	}
657
658	return false;
659	}