th.guenther/kompass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security Settings:

Browse Source 
xmlrpc deaktivieren
 Autorenscan deaktivieren
 Scripting in /wp-content/uploads/ deaktivieren
 Zugriff auf potenziell sensible Dateien blockieren
 Dateieditor im WP Dashboard deaktivieren
 Skriptverkettung deaktivieren
 Skriptausführung im Include-Verzeichnis deaktivieren
 Zugriff von ungewollten Bots verbieten
 Auflistung von Verzeichnissen deaktivieren
 Debug-Ausgaben deaktivieren
 Login-URL ändern
This commit is contained in:
Thomas Günther
2024-02-21 21:31:00 +01:00
parent 69322d64f3
commit 80fb6cd452
22 changed files with 1062 additions and 370 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
bdp-kompass.php
View File

@ -8,22 +8,14 @@
* Requires PHP: 8.2
* Author: Thomas Günther
* Author URI: https://www.sachsen.pfadfinden.de
* Update URI: https://lv-sachsen-main.bdp.mein-verein.online/wordpress/
* Update URI: http://lv-sachsen-main.bdp.mein-verein.online/wordpress/
* Text Domain: bdp-kompass
*/
use Bdp\Modules\Security\Security;
use Bdp\Modules\Seo\Seo;
define('BDP_LV_PLUGIN_DIR', ABSPATH . '/wp-content/plugins/bdp-kompass/');
define('BDP_LV_PLUGIN_URL', plugin_dir_url(__FILE__));
define('BDP_LV_PLUGIN_SLUG', 'bdp-kompass');
require_once BDP_LV_PLUGIN_DIR . 'core/fileloader.php';
bdp_create_menu_structure();
require_once dirname(__FILE__) . '/includes/setup.php';
function bdp_plugin_install() {
Seo::setup();
@ -32,18 +24,19 @@ function bdp_plugin_install() {
update_option('kompass_installation', true);
}
function bdp_plugin_init()
{
remove_menu_page('admin.php?page=limit-login-attempts&tab=dashboard');
if (get_option('kompass_installation') == true) {
delete_option('kompass_installation');
wp_redirect('admin.php?page=bdp-kompass%2Fmodules%2Findex.php&loadmodule=firstusage');
}
function bdp_plugin_init() {
Security::ProhibitBots();
Security::SetPageFilters();
remove_menu_page( 'admin.php?page=limit-login-attempts&tab=dashboard' );
if ( get_option( 'kompass_installation' ) == true ) {
delete_option( 'kompass_installation' );
wp_redirect( 'site-health.php?tab=bdp_enhanced_security');
}
}
register_activation_hook(__FILE__, 'bdp_plugin_install');
add_action('init', 'bdp_plugin_init');
function register_custom_theme_directory() {
$file = ABSPATH . '/wp-content/plugins/bdp-kompass/buena/' ;
@ -55,148 +48,3 @@ function register_custom_theme_directory() {
}
#add_action( 'after_setup_theme', 'register_custom_theme_directory' );
class BdpVersionChecker
{
public $plugin_slug;
public $version;
public $cache_key;
public $cache_allowed;
public $updateUrl;
public function __construct()
{
$plugin_data = get_plugin_data(__FILE__);
$this->plugin_slug = 'bdp-kompass';
$this->updateUrl = $plugin_data['UpdateURI'] . '/info.json';
$this->version = $plugin_data['Version'];
$this->cache_key = 'bdp_kompass_upd';
$this->cache_allowed = true;
add_filter('plugins_api', array($this, 'info'), 20, 3);
add_filter('site_transient_update_plugins', array($this, 'update'));
add_action('upgrader_process_complete', array($this, 'purge'), 10, 2);
}
public function request()
{
$remote = get_transient($this->cache_key);
if (false === $remote || !$this->cache_allowed) {
$remote = wp_remote_get(
$this->updateUrl
,
array(
'timeout' => 10,
'headers' => array(
'Accept' => 'application/json'
)
)
);
if (
is_wp_error($remote)
|| 200 !== wp_remote_retrieve_response_code($remote)
|| empty(wp_remote_retrieve_body($remote))
) {
return false;
}
set_transient($this->cache_key, $remote, 3600);
}
$remote = json_decode(wp_remote_retrieve_body($remote));
return $remote;
}
function info($res = '', $action = '', $args = '')
{
if (!isset($args->slug) || $args->slug !== $this->plugin_slug) {
return $res;
}
// get updates
$remote = $this->request();
if (!$remote) {
return $res;
}
$res = new stdClass();
$res->name = $remote->name;
$res->slug = $remote->slug;
$res->version = $remote->version;
$res->tested = $remote->tested;
$res->requires = $remote->requires;
$res->author = $remote->author;
$res->author_profile = $remote->author_profile;
$res->download_link = $remote->download_url;
$res->trunk = $remote->download_url;
$res->requires_php = $remote->requires_php;
$res->last_updated = $remote->last_updated;
$res->sections = array(
'description' => $remote->sections->description,
'installation' => $remote->sections->installation,
'changelog' => $remote->sections->changelog
);
if (!empty($remote->banners)) {
$res->banners = array(
'low' => $remote->banners->low,
'high' => $remote->banners->high
);
}
return $res;
}
public function update($transient)
{
if (empty($transient->checked)) {
return $transient;
}
$remote = $this->request();
if(
$remote
&& version_compare( $this->version, $remote->version, '<' )
&& version_compare( $remote->requires, get_bloginfo( 'version' ), '<=' )
&& version_compare( $remote->requires_php, PHP_VERSION, '<' )
) {
$res = new stdClass();
$res->slug = $this->plugin_slug;
$res->plugin = plugin_basename( __FILE__ );
$res->new_version = $remote->version;
$res->tested = $remote->tested;
$res->package = $remote->download_url;
$transient->response[ $res->plugin ] = $res;
} else {
$res = new stdClass();
$res->slug = $this->plugin_slug;
$res->plugin = plugin_basename( __FILE__ );
$transient->no_update[ $res->plugin ] = $res;
}
return $transient;
}
public function purge($upgrader, $options)
{
if (
$this->cache_allowed
&& 'update' === $options['action']
&& 'plugin' === $options['type']
) {
delete_transient($this->cache_key);
}
}
}
$class = new BdpVersionChecker();
add_filter( 'plugins_api', array( $class, 'info' ), 20, 3 );