kompass/modules/security/classes/Security.class.php

165 lines
4.5 KiB
PHP
Raw Normal View History

2023-12-30 14:28:21 +01:00
<?php
namespace Bdp\Modules\Security;
use ZipArchive;
class Security
{
public const required_security_plugins = [];
2023-12-30 14:28:21 +01:00
public const delete_plugins = [
'akismet/akismet.php',
'hello.php',
2024-02-21 21:41:11 +01:00
'wps-hide-login/wps-hide-login.php',
'limit-login-attempts-reloaded'
2023-12-30 14:28:21 +01:00
];
public static function setup()
{
self::deletePlugins();
foreach (self::required_security_plugins as $pluginSlug => $pluginData) {
if (!is_dir(WP_PLUGIN_DIR . '/' . $pluginSlug)) {
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
}
}
2024-02-27 11:33:24 +01:00
$loginUrl = get_option('kompass_sec_rewrite_login', null);
if (null == $loginUrl) {
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
}
2023-12-30 14:28:21 +01:00
enable_option_rewrite_url($loginUrl);
enable_option_disable_xmlrpc();
enable_option_block_authorscan();
enable_option_block_execution_in_uploads();
enable_option_prohibit_special_files();
enable_option_file_editor();
enable_option_disable_conatenation();
enable_option_secure_include_dir();
enable_option_prohibit_bot_access();
enable_option_block_directory_listing();
2024-02-27 11:57:38 +01:00
self::resetLimitLoginAttempts();
2024-02-27 11:33:24 +01:00
delete_option('whl_page');
2023-12-30 14:28:21 +01:00
}
public static function deletePlugins() {
2024-02-27 11:33:24 +01:00
$existingPlugins = [];
foreach (self::delete_plugins as $curPlugin) {
if (file_exists(WP_PLUGIN_DIR . '/' . $curPlugin)) {
$existingPlugins[] = $curPlugin;
}
}
deactivate_plugins($existingPlugins);
delete_plugins($existingPlugins);
2023-12-30 14:28:21 +01:00
}
public static function ProhibitBots() {
$botList = get_prohibitedbot_list();
if (!is_bot_access_prohibited() || count($botList) == 0) {
return;
}
foreach ($botList as $botListEntry) {
if (stripos($_SERVER['HTTP_USER_AGENT'], $botListEntry) !== false) {
status_header(403);
die();
}
}
}
public static function protectAuthorScan()
{
global $wp;
if (str_starts_with($wp->request, 'author/') && is_authorscan_blocked()) {
status_header(403);
die();
}
}
public static function SetPageFilters() {
global $wp;
if (str_contains($_SERVER['REQUEST_URI'], 'wp-login.php?action=logout')) {
return;
}
add_action('template_redirect', [Security::class, 'protectAuthorScan']);
Security::protectLoginSecurity();
}
public static function protectLoginSecurity() {
$hideLogin = is_login_rewritten();
if (null === $hideLogin) {
return;
}
if ( str_contains( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && ! isset( $_POST['redirect_to'] ) && $_POST['redirect_to'] !== 'interner-bereich' ) {
wp_redirect( home_url() );
die();
}
if ( str_contains( $_SERVER['REQUEST_URI'], $hideLogin ) !== false ) {
$user_login = '';
$_REQUEST['redirect_to'] = 'interner-bereich';
require_once 'wp-login.php';
die();
}
if ( str_contains( $_SERVER['REQUEST_URI'], 'interner-bereich' ) !== false ) {
wp_redirect( '/wp-admin' );
die();
}
}
2023-12-30 14:28:21 +01:00
public static function installSecurityPlugin(string $pluginSlug, string $downloadUrl) : bool
{
$ch = curl_init();
$source = $downloadUrl;
curl_setopt($ch, CURLOPT_URL, $source);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec ($ch);
curl_close ($ch);
$destination = WP_PLUGIN_DIR . '/' . $pluginSlug . '.zip';
$file = fopen($destination, "w+");
fputs($file, $data);
fclose($file);
$zip = new ZipArchive();
$zip->open($destination);
$zip->extractTo(WP_PLUGIN_DIR);
$zip->close();
unlink($destination);
$pluginInfos = get_plugins( '/'.$pluginSlug );
$installfile = $pluginSlug . '/';
if( ! empty( $pluginInfos ) ) {
foreach ($pluginInfos as $file => $info) :
$installfile .= $file;
endforeach;
}
$result = activate_plugin($installfile);
return $result === null;
}
2024-02-27 11:57:38 +01:00
public static function resetLimitLoginAttempts() {
update_option('kompass_limit_login_lockout_duration', 900);
update_option('kompass_limit_login_allowed_retries', 3);
update_option('kompass_limit_login_allowed_lockouts', 3);
update_option('kompass_password_minimal_strength', 3);
update_option('kompass_limit_login_client_type', 'REMOTE_ADDR');
update_option('kompass_limit_login_long_duration', 86400);
update_option('kompass_limit_login_lockout_notify', ['email']);
update_option('kompass_limit_login_notify_email_after', 3);
update_option('kompass_limit_login_cookies',0);
}
2023-12-30 14:28:21 +01:00
}