fernleafsystems / shield-security-for-wordpress Goto Github PK

Hey

The existing icon and other icons surrounding it:

Shield Security icon looks really dark.

Add some white color to it...

It would be helpful to begin looking through all the options in the Dashboard to see which would be natural to merge together into common groupings/screens.

Right now there are just too many open options.

Overview - Dashboard

Remove: Bottom green bar mentioning Upgrade to Pro Protection. There is no need to have the bar here. Upgrading is very obvious in many places

Remove: Shield Help from the Overview screen. This can be added to another screen. Such as a documentation / docs screen in the left WP sidebar. Just above the Go Pro! link.

Remove: Tabs and the green dot. Takes too much attention away from what is important on this screen.

Remove the top menu:

No need to have the menu here. These are items located in other screens. Just keep Settings and Overview links.

https://wordpress.org/support/topic/blank-page-after-login-how-to-reset-plugin?replies=1

Add the xml-rpc file to the white list for when it's missing
see: https://wordpress.org/support/topic/ignore-files-for-hacker-protection

Please consider changing the order of Third Party Services fields, to match the order on Google's own ReCaptcha page : Site Key, then Secret Key

In addition, please provide a link from Login Protection > Brute Force > Google ReCaptcha box to the Dashboard > Third Party Services page, and vice versa.

Note camelCaps of "ReCaptcha" on Third Party Services.

Assuming there will be other Third Party Services, consider grouping both ReCaptcha green boxes under one box labeled "ReCaptcha Keys".

Reported: https://wordpress.org/support/topic/core-file-warnings-on-licens-sv_setxt

Shield Security 14.0.3 on WordPress 5.9.

I get this in the log:

WordPress database error Duplicate entry '\x03\x87\xE5\xA3' for key 'ip' for the query INSERT INTO wp_icwp_wpsf_ips (ip,created_at) VALUES (INET6_ATON('3.135.229.163'), 1645042774) done by shutdown_action_hook, do_action('shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->onWpShutdown, do_action('icwp-wpsf-pre_plugin_shutdown'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\NotBot\NotBotHandler->FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\NotBot{closure}, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotEventListener->fireEventForIP, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsRecord->updateSignalField, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsRecord->retrieve, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsRecord->getIPRecord, FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\IPs\IPRecords->loadIP, FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\IPs\IPRecords->addIP, FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\IPs\Ops\Insert->insert, FernleafSystems\Wordpress\Services\Core\Db->doSql

Just a suggestion. I get that it's tricky to find a good place to locate the help button given the various page layouts in the admin section but on some pages it gets in the way. For instance, on the Audit Trail page:

I suggest either making it smaller, moving it somewhere else, or giving me the ability to dismiss it. If it were in the header then that would fix it completely. Otherwise, if it were pushed more toward the bottom right corner or I could close it completely that would work as well.

Thank you for considering this request.

In the case where users have removed the Site Title from WP Settings, there's no link or indication as to which site has a problem. Perhaps default to site URL, and/or make sure there's always a link in every Shield email to the WP Site URL in question. Example email rec'd:

Subject: Warning - Core WordPress Files(s) Discovered That May Have Been Modified.
WordPress Security Firewall has detected files on your site with potential problems.
This is part of the Hack Protection feature for the WordPress Core File Scanner. [More Info]
Site -
Details for the problem files are below:

...

Hey

There is no need to add arrows before and after the Go Pro link. That feels a bit pushy.
Create a great free product and people will want to get the pro version because it offers additional features people experience they want.

What it looks like today:

Remove the arrows and the 5* Rate This Plugin links.

How it really should look like:

The overall site security score shown on the Dashboard widget and on MainWP doesn't reflect exactly the overall score shown on the main Dashboard Overview screen. The calculations are slightly different.

1. How can I change the message that appears on the login form when 2-factor email authentication is enabled?
2. How can I change the body of the email that is sent to the user with the authorization link?

Also, I have a multilingual site but I didn't manage to find these texts on the english .po file.

Hi,
I'm not sure why happened, is there a way to debug this?

[01-Mar-2022 19:55:57 UTC] WordPress database error Deadlock found when trying to get lock; try restarting transaction for the query DELETE FROM `wp_options` WHERE `option_name` = '_site_transient_apto-db-ready-721ffaf864' done by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, icwp_wpsf_init, require_once('/plugins/wp-simple-firewall/init.php'), ICWP_WPSF_Shield_Security->start, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->loadAllFeatures, do_action('icwp-wpsf-run_processors'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->onRunProcessors, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->doExecuteProcessor, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Processor->execute, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Processor->run, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer->execute, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotSignalsController->run, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer->execute, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\Lib\Bots\BotEventListener->canRun, FernleafSystems\Wordpress\Plugin\Shield\Modules\IPs\ModCon->getDbH_BotSignal, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Databases->loadDbH, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->execute, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->run, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->tableInit, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->isReady, FernleafSystems\Wordpress\Services\Utilities\Options\Transient::Get, FernleafSystems\Wordpress\Services\Core\General->getTransient, get_site_transient, delete_site_option, delete_network_option, delete_option
[01-Mar-2022 19:55:57 UTC] WordPress database error Deadlock found when trying to get lock; try restarting transaction for the query DELETE FROM `wp_options` WHERE `option_name` = '_site_transient_apto-db-ready-fdaa4a3e87' done by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, icwp_wpsf_init, require_once('/plugins/wp-simple-firewall/init.php'), ICWP_WPSF_Shield_Security->start, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->loadAllFeatures, do_action('icwp-wpsf-run_processors'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->onRunProcessors, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->isReadyToExecute, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->getDbH_ScanResults, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->getDbH_ResultItems, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Databases->loadDbH, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->execute, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->run, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->tableInit, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->isReady, FernleafSystems\Wordpress\Services\Utilities\Options\Transient::Get, FernleafSystems\Wordpress\Services\Core\General->getTransient, get_site_transient, delete_site_option, delete_network_option, delete_option

Hey

I am going through your plugin, and installed it on my tutorial site easywebdesigntutorials.com. It is really nice how you built the wizard! If I begin a video and click the next button the next screen shows up but the video from the last screen is still playing in the background.

https://wordpress.org/support/topic/wordpress-automatic-updates-1

See: https://wordpress.org/support/topic/autoblacklist-not-stopping-a-particular-forced-login-attempt

Reference:
https://wordpress.org/support/topic/shield-security-hide-wordpress-login-page-breaks-link-in-password-reset-email/

Conditions:

• Shield's Rename WP Login setting is active
• A user requests a password reset using a username that contains spaces, (or any characters that would need to be URL encoded)

Result:
Password reset link doesn't contain URL encoded username and so the resulting URL is broken.

This appears to be a fault, as far as we can see, with how WP's own add_query_args was working as it wasn't properly URL encoding query parameters.

This needs removed for cleanup on any version that follows the next release, whatever that is - likely 4.5.2

We receive daily warnings that Core WP files have been modified, like these:
The following official WordPress core files are missing from your site:

• wp-content/themes/index.php (WordPress.org source file)
• wp-content/plugins/index.php (WordPress.org source file)
• wp-content/index.php (WordPress.org source file)

These files don't actually exist, b/c we use an alternate directory for wp-content (a very effective security measure against script kiddies):
/** Tweak the place where user content and plugins are stored **/
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/wpZZZ-content' );
define( 'WP_CONTENT_URL', 'http://www.xyz.com/wpZZZ-content');

Please check WP_CONTENT_DIR when looking for modified files.

https://wordpress.org/support/topic/manage-whitelist-or-auto-blacklist-window-wont-load

WordPress handles /login automatically, but when this is used in the rename wp-login feature, it breaks it altogether.

It would likely be helpful to have a docs page in the WP menu sidebar. Just above the Go Pro! link.

Docs.
Containing Shield Help.
Updates and Changes.
Free Trial.
Info about upgrading.
Logs
Reports
Debug.

A docs page for sharing common tips on using the plugin. Perhaps an accordion for Updates and Changes. A simple text link for Free trial of the premium version.

A section in the docs page for Logs, Reports and Debug.

e.g. email
see: https://wordpress.org/support/topic/small-issue-with-two-factor-authentication-email-link

Need to remove the legacy IP white list in favour of the newer automatic IP lists.

When I access the admin panel of WordPress most requests are correctly assigned to the IP of my pc, but some are assigned to the IP of the web server (aruba.it hosting) and this cause this issue: Access to an established user session (***) from a different IP address.
Shield Security detect: "This Server"

Audit trail:

These are the requests that appear done by the IP of the web server:

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=dbcb61408c
	58 minuti fa
10:20 AM 24 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=324089bcc3
	1 giorno fa
09:13 AM 23 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=9192ffeae4
	1 giorno fa
09:09 AM 23 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=f1cd841450
	1 giorno fa
09:06 AM 23 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=4261edd210
	1 giorno fa
09:03 AM 23 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=f3bc48af65
	1 giorno fa
08:53 AM 23 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=b8bcd8cb8d
	2 giorni fa
08:43 AM 22 Marzo 2022
	
Code: 302
Offesa: No

POST :
/wp-admin/admin-ajax.php
Query:?action=as_async_request_queue_runner&nonce=7ef5d81b66
	3 giorni fa
09:13 AM 21 Marzo 2022
	
Code: 302
Offesa: No

Our WP core file warning email contains a duplicate SUBJECT header line:

Fri, 11 Mar 2016 11:07:37 -0000
To: [email protected]
Subject: Warning - Core WordPress Files(s) Discovered That May Have Been Modified.
X-PHP-Originating-Script: 4000:class-phpmailer.php
Date: Fri, 11 Mar 2016 11:07:37 +0000
From: - WordPress Security Firewall < [email protected] >
Message-ID: f35a28bb8403b0477795c22c5d6f92fb@xxxxxxxxxxxxxxxxxxxxx
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Subject: Warning - Core WordPress Files(s) Discovered That May Have Been Modified.
X-Mailer: PHP/5.6.17-0+deb8u1
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I get an update to version 14.1.1 and then I get a lot of:
PHP Warning: Undefined array key 1 in wp-content/plugins/wp-simple-firewall/src/lib/src/Modules/Data/Lib/UpgradeReqLogsTable.php on line 76

error:
Warning: setcookie() expects parameter 3 to be integer, float given in wp-simple-firewall/src/common/icwp-data.php on line 710

from support:
https://wordpress.org/support/topic/cannot-login-into-my-site

General settings

Existing:

Add a dash of air:

I cleaned up the overview screen.
As there were too many options and menus. Different sizes. In general it is hard to get an overview because the screen was so busy.

What I removed is likely in other setting pages. I would again suggest that you merge some options into the same screens.

Anyhow here is a new Overview screen. Which I mocked up for you.

The following is the focus of this screen.

I removed the top menu. Spread the links into various setting screens.
Removed tabs as these are too big and is less important. These should not be on the overview screen.

Cleaned up some of the language.

For me this is a lot easier to read and understand. My eyes can easier rest while taking in the information.

Option to modify text displayed in the plugin badge

https://wordpress.org/support/topic/wpmandrill-e-mail-looks-weird

Need to make 'redirect_to' a default white listed parameter so as not to trigger the firewall on login

Use file hashes as a means of determining where options should be rebuilt and fall-back to the rebuild-flags

I am seeing a double Settings menu.
Open to the left in each Settings page, and then also the drop down.

Please remove the one located directly in each Settings page. That would also help clean up each page as well.

Hey Paul

I would change the dark green WP menu icon from a dark green to a light grey similar to the dashicons.
Then just keep the green logo color of the Shield in the settings screen.

Dark green.

Light grey

Turns out esc_url() function randomly thinks it's important to prepend the given "url" with 'http://'
Rediculous logic, but there it is.

https://wordpress.org/support/topic/editor-blocked

Today I got overflowed by errors:

[23-Mar-2022 08:07:29 UTC] WordPress database error Cannot add foreign key constraint for the query CREATE TABLE `wp_icwp_wpsf_scanresults` (
                id int(11) UNSIGNED NOT NULL AUTO_INCREMENT  COMMENT 'Primary ID', 
scan_ref int(11) UNSIGNED NOT NULL  COMMENT 'Foreign Key For Primary ID', 
resultitem_ref int(11) UNSIGNED NOT NULL  COMMENT 'Foreign Key For Primary ID', 
created_at int(15) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'Created', 
PRIMARY KEY  (id), 
FOREIGN KEY (scan_ref) REFERENCES wp_icwp_wpsf_scans(id) ON DELETE CASCADE ON UPDATE CASCADE, 
FOREIGN KEY (resultitem_ref) REFERENCES wp_icwp_wpsf_resultitems(id) ON DELETE CASCADE ON UPDATE CASCADE
			) DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_520_ci; done by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, icwp_wpsf_init, require_once('/plugins/wp-simple-firewall/init.php'), ICWP_WPSF_Shield_Security->start, FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller->loadAllFeatures, do_action('icwp-wpsf-run_processors'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\ModCon->onRunProcessors, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->isReadyToExecute, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\ModCon->getDbH_ScanResults, FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Databases->loadDbH, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->execute, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->run, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->tableInit, FernleafSystems\Wordpress\Plugin\Core\Databases\Base\Handler->isReady, FernleafSystems\Wordpress\Plugin\Core\Databases\Common\AlignTableWithSchema->align, FernleafSystems\Wordpress\Services\Core\Db->doSql

...

23-Mar-2022 10:54:41 UTC] WordPress database error Table 'Sql_1.wp_icwp_wpsf_scanresults' doesn't exist for query SELECT COUNT(*)
						FROM `wp_icwp_wpsf_scanresults` as sr
						INNER JOIN `wp_icwp_wpsf_scans` as `scans`
							ON `sr`.scan_ref = `scans`.id
						INNER JOIN `wp_icwp_wpsf_resultitems` as `ri`
							ON `sr`.resultitem_ref = `ri`.id
						INNER JOIN `wp_icwp_wpsf_resultitem_meta` as `rim`
							ON `rim`.`ri_ref` = `ri`.id
						WHERE `sr`.`scan_ref`=253 AND `ri`.`auto_filtered_at`=0 AND `ri`.`ignored_at` = 0 AND `ri`.`item_repaired_at`=0 AND `ri`.`item_deleted_at`=0 AND `ri`.`deleted_at`=0 AND `ri`.notified_at=0; made by do_action_ref_array('icwp-wpsf-hourly'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Crons\HourlyCron->runCron, do_action('icwp-wpsf-hourly_cron'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->runHourlyCron, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildAndSendReport, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildReportAlerts, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BaseBuilder->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BuilderAlerts->gather, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\ScanAlerts->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\Query\ScanCounts->standard, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Scan\Results\Retrieve->count, FernleafSystems\Wordpress\Services\Core\Db->getVar23-Mar-2022 10:54:41 UTC] WordPress database error Table 'Sql_1.wp_icwp_wpsf_scanresults' doesn't exist for query SELECT COUNT(*)
						FROM `wp_icwp_wpsf_scanresults` as sr
						INNER JOIN `wp_icwp_wpsf_scans` as `scans`
							ON `sr`.scan_ref = `scans`.id
						INNER JOIN `wp_icwp_wpsf_resultitems` as `ri`
							ON `sr`.resultitem_ref = `ri`.id
						INNER JOIN `wp_icwp_wpsf_resultitem_meta` as `rim`
							ON `rim`.`ri_ref` = `ri`.id
						WHERE `sr`.`scan_ref`=253 AND `ri`.`auto_filtered_at`=0 AND `ri`.`ignored_at` = 0 AND `ri`.`item_repaired_at`=0 AND `ri`.`item_deleted_at`=0 AND `ri`.`deleted_at`=0 AND `ri`.notified_at=0; made by do_action_ref_array('icwp-wpsf-hourly'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Crons\HourlyCron->runCron, do_action('icwp-wpsf-hourly_cron'), WP_Hook->do_action, WP_Hook->apply_filters, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->runHourlyCron, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildAndSendReport, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\ReportingController->buildReportAlerts, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BaseBuilder->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\Reporting\Lib\Reports\Build\BuilderAlerts->gather, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\ScanAlerts->build, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Lib\Reports\Query\ScanCounts->standard, FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Scan\Results\Retrieve->count, FernleafSystems\Wordpress\Services\Core\Db->getVar

Full log: debug.log

Currently a global recaptcha cfg is required.. Dashboard > Google. This is used for all g-recaptcha.

The description should be expanded to detail where and why this could be used... i.e. login, comments etc. With possible links to the admin parts...

Possible is also allowing separate recaptcha keys per item.. login/comment/etc. SO when enabling a specific also allow overriding the global?

Just an idea

Currently 'reset' returns all plugin options to their default state. We now want it to delete all database tables - essentially start the plugin like a fresh installation.

On this page:
/wp-admin/admin.php?page=icwp-wpsf-insights&inav=settings&subnav=ips#tab-section_logins
selecting "Verify log only", "Disabled" or "Immediately block" works fine but selecting the other 2 seem to work but autorevert to the previous setting.

Going from:

To:

Removing the double settings menu. Removing Audit Areas/Audit Trail Options/On/Off (I believe these can be directly done on the page for each item.
Removing Save Shield Settings green button. It should auto save. There can also be a save button on the bottom or perhaps just under the logo.
Removing the top menu items.
Settings drop down shows the current selected setting page.