Changeset 3115542
- Timestamp:
- 07/10/2024 11:18:49 AM (2 weeks ago)
- Location:
- hide-my-wp/tags/5.2.04
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
hide-my-wp/tags/5.2.04/controllers/SecurityCheck.php
r3104347 r3115542 227 227 'message' => __("Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use WP_DEBUG. <br /><br />Unfortunately, many developers forget the debug mode, even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", 'hide-my-wp'), 228 228 'solution' => __("Disable WP_DEBUG for live websites in wp-config.php <code>define('WP_DEBUG', false);</code>", 'hide-my-wp'), 229 'javascript' => " pro",229 'javascript' => "", 230 230 ), 231 231 'checkDBDebug' => array( … … 245 245 'message' => __("Every good developer should turn on debugging before getting started on a new plugin or theme. In fact, the WordPress Codex 'highly recommends' that developers use SCRIPT_DEBUG. Unfortunately, many developers forget the debug mode even when the website is live. Showing debug logs in the frontend will let hackers know a lot about your WordPress website.", 'hide-my-wp'), 246 246 'solution' => __("Disable SCRIPT_DEBUG for live websites in wp-config.php <code>define('SCRIPT_DEBUG', false);</code>", 'hide-my-wp'), 247 'javascript' => " pro",247 'javascript' => "", 248 248 ), 249 249 'checkDisplayErrors' => array( … … 423 423 'message' => __( "The most common way to hack a website is by accessing the domain and adding harmful queries in order to reveal information from files and database.<br /> These attacks are made on any website, WordPress or not, and if a call succeeds … it will probably be too late to save the website.", 'hide-my-wp' ), 424 424 'solution' => sprintf( esc_html__( "Activate the firewall and select the firewall strength that works for your website %s %s > Change Paths > Firewall & Headers %s", 'hide-my-wp' ), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=firewall').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu') , '</a>'), 425 'javascript' => " pro",425 'javascript' => "", 426 426 ), 427 427 'checkVersionDisplayed' => array( … … 432 432 'message' => __("WordPress, plugins and themes add their version info to the source code, so anyone can see it. <br /><br />Hackers can easily find a website with vulnerable version plugins or themes, and target these with Zero-Day Exploits.", 'hide-my-wp'), 433 433 'solution' => sprintf(esc_html__("Switch on %s %s > Tweaks > %s %s", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_tweaks#tab=hide').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), esc_html__('Hide Versions from Images, CSS and JS', 'hide-my-wp'), '</a>'), 434 'javascript' => " pro",434 'javascript' => "", 435 435 ), 436 436 'checkRegisterGlobals' => array( … … 473 473 'message' => __("The plugins and themes file editor is a very convenient tool because it enables you to make quick changes without the need to use FTP. <br /><br />Unfortunately, it's also a security issue because it not only shows the PHP source code, it also enables attackers to inject malicious code into your site if they manage to gain access to admin.", 'hide-my-wp'), 474 474 'solution' => __("Disable DISALLOW_FILE_EDIT for live websites in wp-config.php <code>define('DISALLOW_FILE_EDIT', true);</code>", 'hide-my-wp'), 475 'javascript' => " pro",475 'javascript' => "", 476 476 ), 477 477 'checkUploadsBrowsable' => array( … … 491 491 'message' => esc_html__("If you're not using Windows Live Writer there's really no valid reason to have its link in the page header, because this tells the whole world you're using WordPress.", 'hide-my-wp'), 492 492 'solution' => sprintf(esc_html__("Switch on %s %s > Tweaks > Hide WLW Manifest scripts%s", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_tweaks#tab=hide').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>'), 493 'javascript' => " pro",493 'javascript' => "", 494 494 ), 495 495 'checkXmlrpc' => array( … … 500 500 'message' => __("WordPress XML-RPC is a specification that aims to standardize communications between different systems. It uses HTTP as the transport mechanism and XML as encoding mechanism to enable a wide range of data to be transmitted. <br /><br />The two biggest assets of the API are its extendibility and its security. XML-RPC authenticates using basic authentication. It sends the username and password with each request, which is a big no-no in security circles.", 'hide-my-wp'), 501 501 'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Disable XML-RPC access%s", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=api').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>'), 502 'javascript' => " pro",502 'javascript' => "", 503 503 ), 504 504 'checkRDS' => array( … … 509 509 'message' => __("If you're not using any Really Simple Discovery services such as pingbacks, there's no need to advertise that endpoint (link) in the header. Please note that for most sites this is not a security issue because they \"want to be discovered\", but if you want to hide the fact that you're using WP, this is the way to go.", 'hide-my-wp'), 510 510 'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Hide RSD Endpoint%s", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=api').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>'), 511 'javascript' => " pro",511 'javascript' => "", 512 512 ), 513 513 // 'checkMysqlPermissions' => array( … … 526 526 'message' => __("Usernames (unlike passwords) are not secret. By knowing someone's username, you can't log in to their account. You also need the password. <br /><br />However, by knowing the username, you are one step closer to logging in using the username to brute-force the password, or to gain access in a similar way. <br /><br />That's why it's advisable to keep the list of usernames private, at least to some degree. By default, by accessing siteurl.com/?author={id} and looping through IDs from 1 you can get a list of usernames, because WP will redirect you to siteurl.com/author/user/ if the ID exists in the system.", 'hide-my-wp'), 527 527 'solution' => sprintf(esc_html__("Switch on %s %s > Change Paths > Hide Author ID URL%s", 'hide-my-wp'), '<a href="'.HMWP_Classes_Tools::getSettingsUrl('hmwp_permalinks#tab=author').'" >', HMWP_Classes_Tools::getOption('hmwp_plugin_menu'), '</a>'), 528 'javascript' => " pro",528 'javascript' => "", 529 529 ), 530 530 'checkBlogDescription' => array( … … 670 670 $message[] = esc_html__('Great! The new paths are loading correctly.', 'hide-my-wp'); 671 671 if(HMWP_Classes_Tools::getOption('prevent_slow_loading')){ 672 $message[] = '<a href="' . esc_url(HMWP_Classes_Tools::getSettingsUrl('hmwp_advanced#tab=rollback', true) ) . '" target="_blank" style="word-break: break-word;line-height: 35px;font-weight: 700;">' . sprintf(esc_html__("You can now turn off '%s' option.", 'hide-my-wp'), __('Prevent Broken Website Layout', 'hide-my-wp')) . '</a>'; 672 $message[] = '<form id="hmwp_fixsettings_form" method="POST"> 673 '.wp_nonce_field('hmwp_fixsettings', 'hmwp_nonce', false, false).' 674 <input type="hidden" name="action" value="hmwp_fixsettings"/> 675 676 <div class="col-sm-12 p-0 my-2 switch switch-xxs" style="font-size: 0.9rem;"> 677 <input type="checkbox" id="prevent_slow_loading" name="prevent_slow_loading" onChange="jQuery(this).hmwp_fixSettings(\'prevent_slow_loading\',0);" class="switch" '. (HMWP_Classes_Tools::getOption('prevent_slow_loading') ? 'checked="checked"' : '') .' value="1"/> 678 <label for="prevent_slow_loading">'.sprintf(esc_html__("You can now turn off '%s' option.", 'hide-my-wp'), __('Prevent Broken Website Layout', 'hide-my-wp')).'</label> 679 </div> 680 </form>'; 673 681 } 674 682 wp_send_json_success(join('<br />', $message)); … … 678 686 679 687 case 'hmwp_fixsettings': 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 680 725 case 'hmwp_fixconfig': 681 726 682 wp_send_json_error(esc_html__('Could not fix it. You need to change it manually.', 'hide-my-wp')); 727 $name = HMWP_Classes_Tools::getValue('name'); 728 $value = HMWP_Classes_Tools::getValue('value', null); 729 730 if (!in_array($name, array('WP_DEBUG', 'SCRIPT_DEBUG', 'DISALLOW_FILE_EDIT')) || !in_array($value, array('true', 'false')) ) { 731 732 if(HMWP_Classes_Tools::isAjax()) { 733 wp_send_json_error(esc_html__('Could not fix it. You need to change it manually.', 'hide-my-wp')); 734 } 683 735 break; 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 684 775 685 776 case 'hmwp_securityexclude': … … 860 951 return array( 861 952 'value' => $wp_version, 862 'valid' => version_compare($wp_version, $wp_lastversion, ' =='),953 'valid' => version_compare($wp_version, $wp_lastversion, '='), 863 954 'version' => $wp_lastversion, 864 955 ); -
hide-my-wp/tags/5.2.04/models/Settings.php
r3104347 r3115542 277 277 return; 278 278 } 279 280 279 281 280 //INSERT SEURITY RULES -
hide-my-wp/tags/5.2.04/view/SecurityCheck.php
r3097017 r3115542 134 134 <button class="btn btn-default rounded-0 px-3 float-right m-1" type="button" onclick="jQuery('#hmwp_securitydetail<?php echo esc_attr($index) ?>').modal('show');" ><?php echo esc_html__('Info', 'hide-my-wp') ?></button> 135 135 <?php 136 if (!$row['valid'] && isset($row['javascript']) && $row['javascript'] <> '' ){ 137 ?> <button type="button" class="btn btn-warning mx-0 my-1 rounded-0 float-right m-1" onclick="jQuery('#hmwp_ghost_mode_modal').modal('show')"><?php echo esc_html__('PRO', 'hide-my-wp') ?></button> <?php 136 if (!$row['valid'] && isset($row['javascript'])){ 137 if($row['javascript'] <> 'pro'){ 138 ?> <button type="button" id="fix<?php echo esc_attr($index) ?>" class="btn btn-success mx-0 my-1 rounded-0 float-right m-1" onclick="<?php echo esc_attr($row['javascript']) ?>"><?php echo esc_html__('Fix it', 'hide-my-wp') ?></button> <?php 139 }else{ 140 ?> <button type="button" class="btn btn-warning mx-0 my-1 rounded-0 float-right m-1" onclick="jQuery('#hmwp_ghost_mode_modal').modal('show')"><?php echo esc_html__('PRO', 'hide-my-wp') ?></button> <?php 141 } 138 142 } 139 143 ?> … … 156 160 <?php } ?> 157 161 </div> 162 163 164 165 166 167 168 169 158 170 <div class="col-sm-12 text-right"> 159 171 <form id="hmwp_resetexclude" method="POST">
Note: See TracChangeset
for help on using the changeset viewer.