Security Settings:

xmlrpc deaktivieren Autorenscan deaktivieren Scripting in /wp-content/uploads/ deaktivieren Zugriff auf potenziell sensible Dateien blockieren Dateieditor im WP Dashboard deaktivieren Skriptverkettung deaktivieren Skriptausführung im Include-Verzeichnis deaktivieren Zugriff von ungewollten Bots verbieten Auflistung von Verzeichnissen deaktivieren Debug-Ausgaben deaktivieren Login-URL ändern
2024-02-21 21:31:00 +01:00
parent 69322d64f3
commit 80fb6cd452
22 changed files with 1062 additions and 370 deletions
--- a/modules/security/classes/Security.class.php
+++ b/modules/security/classes/Security.class.php
@@ -4,18 +4,15 @@ namespace Bdp\Modules\Security;

 use ZipArchive;

-
-
 class Security
 {
-    public const required_security_plugins = [
-        'wps_hide_login' => ['downloadUrl' => 'https://downloads.wordpress.org/plugin/wps-hide-login.1.9.10.zip'],
-        'limit-login-attempts-reloaded' => ['downloadUrl' => 'https://downloads.wordpress.org/plugin/limit-login-attempts-reloaded.2.25.27.zip']];
-
+    public const required_security_plugins = [];

    public const delete_plugins = [
        'akismet/akismet.php',
-        'hello.php'
+        'hello.php',
+	    'wps_hide_login',
+	    'limit-login-attempts-reloaded'
    ];

    public static function setup()
@@ -27,9 +24,17 @@ class Security
            }
        }

-        $loginUrl = get_option('whl_page', 'bdp_login');
-        update_option('whl_page', $loginUrl);
-
+		$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
+        enable_option_rewrite_url($loginUrl);
+	    enable_option_disable_xmlrpc();
+	    enable_option_block_authorscan();
+	    enable_option_block_execution_in_uploads();
+	    enable_option_prohibit_special_files();
+	    enable_option_file_editor();
+	    enable_option_disable_conatenation();
+	    enable_option_secure_include_dir();
+	    enable_option_prohibit_bot_access();
+	    enable_option_block_directory_listing();
    }

    public static function deletePlugins() {
@@ -37,6 +42,67 @@ class Security
        delete_plugins(self::delete_plugins);
    }

+	public static function ProhibitBots() {
+		$botList = get_prohibitedbot_list();
+
+		if (!is_bot_access_prohibited() || count($botList) == 0) {
+			return;
+		}
+
+		foreach ($botList as $botListEntry) {
+			if (stripos($_SERVER['HTTP_USER_AGENT'], $botListEntry) !== false) {
+				status_header(403);
+				die();
+			}
+		}
+	}
+
+
+	public static function protectAuthorScan()
+	{
+		global $wp;
+
+		if (str_starts_with($wp->request, 'author/') && is_authorscan_blocked()) {
+			status_header(403);
+			die();
+		}
+	}
+
+	public static function SetPageFilters() {
+		global $wp;
+
+		if (str_contains($_SERVER['REQUEST_URI'], 'wp-login.php?action=logout')) {
+			return;
+		}
+
+		add_action('template_redirect', [Security::class, 'protectAuthorScan']);
+		Security::protectLoginSecurity();
+	}
+
+	public static function protectLoginSecurity() {
+		$hideLogin = is_login_rewritten();
+
+		if (null === $hideLogin) {
+			return;
+		}
+
+		if ( str_contains( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && ! isset( $_POST['redirect_to'] ) && $_POST['redirect_to'] !== 'interner-bereich' ) {
+			wp_redirect( home_url() );
+			die();
+		}
+
+		if ( str_contains( $_SERVER['REQUEST_URI'], $hideLogin ) !== false ) {
+			$user_login              = '';
+			$_REQUEST['redirect_to'] = 'interner-bereich';
+			require_once 'wp-login.php';
+			die();
+		}
+
+		if ( str_contains( $_SERVER['REQUEST_URI'], 'interner-bereich' ) !== false ) {
+			wp_redirect( '/wp-admin' );
+			die();
+		}
+	}

    public static function installSecurityPlugin(string $pluginSlug, string $downloadUrl) : bool
    {