fernleafsystems / shield-security-for-wordpress Goto Github PK
View Code? Open in Web Editor NEWReflection of the Shield plugin on WordPress.org
Home Page: https://getshieldsecurity.com
Reflection of the Shield plugin on WordPress.org
Home Page: https://getshieldsecurity.com
It would be helpful to begin looking through all the options in the Dashboard to see which would be natural to merge together into common groupings/screens.
Right now there are just too many open options.
Overview - Dashboard
Remove: Bottom green bar mentioning Upgrade to Pro Protection. There is no need to have the bar here. Upgrading is very obvious in many places
Remove: Shield Help from the Overview screen. This can be added to another screen. Such as a documentation / docs screen in the left WP sidebar. Just above the Go Pro! link.
Remove: Tabs and the green dot. Takes too much attention away from what is important on this screen.
Remove the top menu:
No need to have the menu here. These are items located in other screens. Just keep Settings and Overview links.
Add the xml-rpc file to the white list for when it's missing
see: https://wordpress.org/support/topic/ignore-files-for-hacker-protection
Please consider changing the order of Third Party Services fields, to match the order on Google's own ReCaptcha page : Site Key, then Secret Key
In addition, please provide a link from Login Protection > Brute Force > Google ReCaptcha box to the Dashboard > Third Party Services page, and vice versa.
Note camelCaps of "ReCaptcha" on Third Party Services.
Assuming there will be other Third Party Services, consider grouping both ReCaptcha green boxes under one box labeled "ReCaptcha Keys".
Shield Security 14.0.3 on WordPress 5.9.
I get this in the log:
WordPress database error Duplicate entry '\x03\x87\xE5\xA3' for key 'ip' for the query INSERT INTO
wp_icwp_wpsf_ips
(ip
,created_at
) VALUES (INET6_ATON('3.135.229.163'), 1645042774) done by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->onWpShutdown, do_action('icwp-wpsf-pre_plugin_shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\NotBot\NotBotHandler->FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\NotBot{closure}, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotEventListener->fireEventForIP, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsRecord->updateSignalField, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsRecord->retrieve, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsRecord->getIPRecord, FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\IPs\IPRecords->loadIP, FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\IPs\IPRecords->addIP, FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\IPs\Ops\Insert->insert, FernleafSystems\Wordpress\Services\Core\Db->doSql
Just a suggestion. I get that it's tricky to find a good place to locate the help button given the various page layouts in the admin section but on some pages it gets in the way. For instance, on the Audit Trail page:
I suggest either making it smaller, moving it somewhere else, or giving me the ability to dismiss it. If it were in the header then that would fix it completely. Otherwise, if it were pushed more toward the bottom right corner or I could close it completely that would work as well.
Thank you for considering this request.
Subject: Warning - Core WordPress Files(s) Discovered That May Have Been Modified.
WordPress Security Firewall has detected files on your site with potential problems.
This is part of the Hack Protection feature for the WordPress Core File Scanner. [More Info]
Site -
Details for the problem files are below:
Hey
There is no need to add arrows before and after the Go Pro link. That feels a bit pushy.
Create a great free product and people will want to get the pro version because it offers additional features people experience they want.
Remove the arrows and the 5* Rate This Plugin links.
The overall site security score shown on the Dashboard widget and on MainWP doesn't reflect exactly the overall score shown on the main Dashboard Overview screen. The calculations are slightly different.
Also, I have a multilingual site but I didn't manage to find these texts on the english .po file.
Hi,
I'm not sure why happened, is there a way to debug this?
[01-Mar-2022 19:55:57 UTC] WordPress database error Deadlock found when trying to get lock; try restarting transaction for the query DELETE FROM `wp_options` WHERE `option_name` = '_site_transient_apto-db-ready-721ffaf864' done by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, icwp_wpsf_init, require_once('/plugins/wp-simple-firewall/init.php'), ICWP_WPSF_Shield_Security->start, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->loadAllFeatures, do_action('icwp-wpsf-run_processors'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->onRunProcessors, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->doExecuteProcessor, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Processor->execute, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Processor->run, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer->execute, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsController->run, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer->execute, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotEventListener->canRun, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\ModCon->getDbH_BotSignal, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Databases->loadDbH, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->execute, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->run, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->tableInit, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->isReady, FernleafSystems\Wordpress\Services\Utilities\Options\Transient::Get, FernleafSystems\Wordpress\Services\Core\General->getTransient, get_site_transient, delete_site_option, delete_network_option, delete_option
[01-Mar-2022 19:55:57 UTC] WordPress database error Deadlock found when trying to get lock; try restarting transaction for the query DELETE FROM `wp_options` WHERE `option_name` = '_site_transient_apto-db-ready-fdaa4a3e87' done by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, icwp_wpsf_init, require_once('/plugins/wp-simple-firewall/init.php'), ICWP_WPSF_Shield_Security->start, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->loadAllFeatures, do_action('icwp-wpsf-run_processors'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->onRunProcessors, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->isReadyToExecute, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->getDbH_ScanResults, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->getDbH_ResultItems, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Databases->loadDbH, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->execute, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->run, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->tableInit, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->isReady, FernleafSystems\Wordpress\Services\Utilities\Options\Transient::Get, FernleafSystems\Wordpress\Services\Core\General->getTransient, get_site_transient, delete_site_option, delete_network_option, delete_option
Hey
I am going through your plugin, and installed it on my tutorial site easywebdesigntutorials.com. It is really nice how you built the wizard! If I begin a video and click the next button the next screen shows up but the video from the last screen is still playing in the background.
Conditions:
Result:
Password reset link doesn't contain URL encoded username and so the resulting URL is broken.
This appears to be a fault, as far as we can see, with how WP's own add_query_args
was working as it wasn't properly URL encoding query parameters.
This needs removed for cleanup on any version that follows the next release, whatever that is - likely 4.5.2
We receive daily warnings that Core WP files have been modified, like these:
The following official WordPress core files are missing from your site:
These files don't actually exist, b/c we use an alternate directory for wp-content (a very effective security measure against script kiddies):
/** Tweak the place where user content and plugins are stored **/
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/wpZZZ-content' );
define( 'WP_CONTENT_URL', 'http://www.xyz.com/wpZZZ-content');
Please check WP_CONTENT_DIR when looking for modified files.
WordPress handles /login automatically, but when this is used in the rename wp-login feature, it breaks it altogether.
It would likely be helpful to have a docs page in the WP menu sidebar. Just above the Go Pro! link.
Docs.
Containing Shield Help.
Updates and Changes.
Free Trial.
Info about upgrading.
Logs
Reports
Debug.
A docs page for sharing common tips on using the plugin. Perhaps an accordion for Updates and Changes. A simple text link for Free trial of the premium version.
A section in the docs page for Logs, Reports and Debug.
Need to remove the legacy IP white list in favour of the newer automatic IP lists.
When I access the admin panel of WordPress most requests are correctly assigned to the IP of my pc, but some are assigned to the IP of the web server (aruba.it hosting) and this cause this issue: Access to an established user session (***) from a different IP address.
Shield Security detect: "This Server"
These are the requests that appear done by the IP of the web server:
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=dbcb61408c
58 minuti fa
10:20 AM 24 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=324089bcc3
1 giorno fa
09:13 AM 23 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=9192ffeae4
1 giorno fa
09:09 AM 23 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=f1cd841450
1 giorno fa
09:06 AM 23 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=4261edd210
1 giorno fa
09:03 AM 23 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=f3bc48af65
1 giorno fa
08:53 AM 23 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=b8bcd8cb8d
2 giorni fa
08:43 AM 22 Marzo 2022
Code: 302
Offesa: No
POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=7ef5d81b66
3 giorni fa
09:13 AM 21 Marzo 2022
Code: 302
Offesa: No
Our WP core file warning email contains a duplicate SUBJECT header line:
Fri, 11 Mar 2016 11:07:37 -0000
To: [email protected]
Subject: Warning - Core WordPress Files(s) Discovered That May Have Been Modified.
X-PHP-Originating-Script: 4000:class-phpmailer.php
Date: Fri, 11 Mar 2016 11:07:37 +0000
From: - WordPress Security Firewall < [email protected] >
Message-ID: f35a28bb8403b0477795c22c5d6f92fb@xxxxxxxxxxxxxxxxxxxxx
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Subject: Warning - Core WordPress Files(s) Discovered That May Have Been Modified.
X-Mailer: PHP/5.6.17-0+deb8u1
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I get an update to version 14.1.1 and then I get a lot of:
PHP Warning: Undefined array key 1 in wp-content/plugins/wp-simple-firewall/src/lib/src/Modules/Data/Lib/UpgradeReqLogsTable.php on line 76
error:
Warning: setcookie() expects parameter 3 to be integer, float given in wp-simple-firewall/src/common/icwp-data.php on line 710
from support:
https://wordpress.org/support/topic/cannot-login-into-my-site
I cleaned up the overview screen.
As there were too many options and menus. Different sizes. In general it is hard to get an overview because the screen was so busy.
What I removed is likely in other setting pages. I would again suggest that you merge some options into the same screens.
Anyhow here is a new Overview screen. Which I mocked up for you.
The following is the focus of this screen.
I removed the top menu. Spread the links into various setting screens.
Removed tabs as these are too big and is less important. These should not be on the overview screen.
Cleaned up some of the language.
For me this is a lot easier to read and understand. My eyes can easier rest while taking in the information.
Option to modify text displayed in the plugin badge
Need to make 'redirect_to' a default white listed parameter so as not to trigger the firewall on login
Use file hashes as a means of determining where options should be rebuilt and fall-back to the rebuild-flags
Turns out esc_url() function randomly thinks it's important to prepend the given "url" with 'http://'
Rediculous logic, but there it is.
Today I got overflowed by errors:
[23-Mar-2022 08:07:29 UTC] WordPress database error Cannot add foreign key constraint for the query CREATE TABLE `wp_icwp_wpsf_scanresults` (
id int(11) UNSIGNED NOT NULL AUTO_INCREMENT COMMENT 'Primary ID',
scan_ref int(11) UNSIGNED NOT NULL COMMENT 'Foreign Key For Primary ID',
resultitem_ref int(11) UNSIGNED NOT NULL COMMENT 'Foreign Key For Primary ID',
created_at int(15) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Created',
PRIMARY KEY (id),
FOREIGN KEY (scan_ref) REFERENCES wp_icwp_wpsf_scans(id) ON DELETE CASCADE ON UPDATE CASCADE,
FOREIGN KEY (resultitem_ref) REFERENCES wp_icwp_wpsf_resultitems(id) ON DELETE CASCADE ON UPDATE CASCADE
) DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_520_ci; done by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, icwp_wpsf_init, require_once('/plugins/wp-simple-firewall/init.php'), ICWP_WPSF_Shield_Security->start, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->loadAllFeatures, do_action('icwp-wpsf-run_processors'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->onRunProcessors, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->isReadyToExecute, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->getDbH_ScanResults, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Databases->loadDbH, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->execute, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->run, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->tableInit, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->isReady, FernleafSystems\Wordpress\Plugin\Core\Databases\Common\AlignTableWithSchema->align, FernleafSystems\Wordpress\Services\Core\Db->doSql
...
23-Mar-2022 10:54:41 UTC] WordPress database error Table 'Sql_1.wp_icwp_wpsf_scanresults' doesn't exist for query SELECT COUNT(*)
FROM `wp_icwp_wpsf_scanresults` as sr
INNER JOIN `wp_icwp_wpsf_scans` as `scans`
ON `sr`.scan_ref = `scans`.id
INNER JOIN `wp_icwp_wpsf_resultitems` as `ri`
ON `sr`.resultitem_ref = `ri`.id
INNER JOIN `wp_icwp_wpsf_resultitem_meta` as `rim`
ON `rim`.`ri_ref` = `ri`.id
WHERE `sr`.`scan_ref`=253 AND `ri`.`auto_filtered_at`=0 AND `ri`.`ignored_at` = 0 AND `ri`.`item_repaired_at`=0 AND `ri`.`item_deleted_at`=0 AND `ri`.`deleted_at`=0 AND `ri`.notified_at=0; made by do_action_ref_array('icwp-wpsf-hourly'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Crons\HourlyCron->runCron, do_action('icwp-wpsf-hourly_cron'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->runHourlyCron, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildAndSendReport, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildReportAlerts, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BaseBuilder->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BuilderAlerts->gather, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\ScanAlerts->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\Query\ScanCounts->standard, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Scan\Results\Retrieve->count, FernleafSystems\Wordpress\Services\Core\Db->getVar23-Mar-2022 10:54:41 UTC] WordPress database error Table 'Sql_1.wp_icwp_wpsf_scanresults' doesn't exist for query SELECT COUNT(*)
FROM `wp_icwp_wpsf_scanresults` as sr
INNER JOIN `wp_icwp_wpsf_scans` as `scans`
ON `sr`.scan_ref = `scans`.id
INNER JOIN `wp_icwp_wpsf_resultitems` as `ri`
ON `sr`.resultitem_ref = `ri`.id
INNER JOIN `wp_icwp_wpsf_resultitem_meta` as `rim`
ON `rim`.`ri_ref` = `ri`.id
WHERE `sr`.`scan_ref`=253 AND `ri`.`auto_filtered_at`=0 AND `ri`.`ignored_at` = 0 AND `ri`.`item_repaired_at`=0 AND `ri`.`item_deleted_at`=0 AND `ri`.`deleted_at`=0 AND `ri`.notified_at=0; made by do_action_ref_array('icwp-wpsf-hourly'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Crons\HourlyCron->runCron, do_action('icwp-wpsf-hourly_cron'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->runHourlyCron, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildAndSendReport, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildReportAlerts, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BaseBuilder->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BuilderAlerts->gather, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\ScanAlerts->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\Query\ScanCounts->standard, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Scan\Results\Retrieve->count, FernleafSystems\Wordpress\Services\Core\Db->getVar
Full log: debug.log
Currently a global recaptcha cfg is required.. Dashboard > Google. This is used for all g-recaptcha.
The description should be expanded to detail where and why this could be used... i.e. login, comments etc. With possible links to the admin parts...
Possible is also allowing separate recaptcha keys per item.. login/comment/etc. SO when enabling a specific also allow overriding the global?
Just an idea
Currently 'reset' returns all plugin options to their default state. We now want it to delete all database tables - essentially start the plugin like a fresh installation.
On this page:
/wp-admin/admin.php?page=icwp-wpsf-insights&inav=settings&subnav=ips#tab-section_logins
selecting "Verify log only", "Disabled" or "Immediately block" works fine but selecting the other 2 seem to work but autorevert to the previous setting.
Going from:
To:
Removing the double settings menu. Removing Audit Areas/Audit Trail Options/On/Off (I believe these can be directly done on the page for each item.
Removing Save Shield Settings green button. It should auto save. There can also be a save button on the bottom or perhaps just under the logo.
Removing the top menu items.
Settings drop down shows the current selected setting page.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.