Security Settings:
xmlrpc deaktivieren Autorenscan deaktivieren Scripting in /wp-content/uploads/ deaktivieren Zugriff auf potenziell sensible Dateien blockieren Dateieditor im WP Dashboard deaktivieren Skriptverkettung deaktivieren Skriptausführung im Include-Verzeichnis deaktivieren Zugriff von ungewollten Bots verbieten Auflistung von Verzeichnissen deaktivieren Debug-Ausgaben deaktivieren Login-URL ändern
This commit is contained in:
160
modules/security/includes/settings_writer.php
Normal file
160
modules/security/includes/settings_writer.php
Normal file
@@ -0,0 +1,160 @@
|
||||
<?php
|
||||
use Bdp\Libs\FileAccess as FileAccess;
|
||||
use Bdp\Libs\WpConfigEditor as WpConfigEditor;
|
||||
|
||||
function disable_option_disable_xmlrpc() {
|
||||
return FileAccess::deleteFromHtaccess(_protect_wp_disablexmlrpc_string());
|
||||
}
|
||||
|
||||
function enable_option_disable_xmlrpc() : bool {
|
||||
return FileAccess::insertInHtaccess(_protect_wp_disablexmlrpc_string());
|
||||
}
|
||||
|
||||
function enable_option_block_authorscan() {
|
||||
update_option('protect_wp_hide_authors', true);
|
||||
}
|
||||
|
||||
function disable_option_block_authorscan() {
|
||||
update_option('protect_wp_hide_authors', false);
|
||||
}
|
||||
|
||||
function disable_option_block_execution_in_uploads() {
|
||||
return FileAccess::deleteFromHtaccess(_protect_wp_disable_script_execution_string(), FileAccess::HTACCESS_UPLOADS);
|
||||
}
|
||||
|
||||
function enable_option_block_execution_in_uploads() {
|
||||
return FileAccess::insertInHtaccess(_protect_wp_disable_script_execution_string(), FileAccess::HTACCESS_UPLOADS);
|
||||
}
|
||||
|
||||
function disable_option_prohibit_special_files() {
|
||||
return FileAccess::deleteFromHtaccess(_protect_wp_disable_special_files_string());
|
||||
}
|
||||
|
||||
function enable_option_prohibit_special_files() {
|
||||
return FileAccess::insertInHtaccess(_protect_wp_disable_special_files_string());
|
||||
}
|
||||
function disable_option_file_editor() {
|
||||
return WpConfigEditor::updateConfig('DISALLOW_FILE_EDIT', 'false');
|
||||
|
||||
}
|
||||
function enable_option_file_editor() {
|
||||
return WpConfigEditor::updateConfig('DISALLOW_FILE_EDIT', 'true');
|
||||
}
|
||||
function enable_option_disable_conatenation() {
|
||||
return WpConfigEditor::updateConfig('CONCATENATE_SCRIPTS', 'true');
|
||||
}
|
||||
function disable_option_disable_conatenation() {
|
||||
return WpConfigEditor::updateConfig('CONCATENATE_SCRIPTS', 'false');
|
||||
}
|
||||
|
||||
function disable_option_secure_include_dir() {
|
||||
return FileAccess::deleteFromHtaccess(_protect_wp_secure_include_dir_string());
|
||||
}
|
||||
|
||||
function enable_option_secure_include_dir() : bool {
|
||||
return FileAccess::insertInHtaccess(_protect_wp_secure_include_dir_string());
|
||||
}
|
||||
|
||||
function enable_option_prohibit_bot_access() {
|
||||
update_option('protect_wp_prohibit_bot_access', true);
|
||||
}
|
||||
|
||||
function disable_option_prohibit_bot_access() {
|
||||
update_option('protect_wp_prohibit_bot_access', false);
|
||||
if (count(get_prohibitedbot_list()) == 0) {
|
||||
set_prohibitedbot_list(_protect_wp_initial_bot_list_array());
|
||||
}
|
||||
}
|
||||
|
||||
function set_prohibitedbot_list($botList) {
|
||||
update_option('protect_wp_prohibit_bot_list', serialize($botList));
|
||||
}
|
||||
|
||||
function enable_option_block_directory_listing() : bool {
|
||||
return FileAccess::insertInHtaccess(_protect_wp_disable_directory_listing_string());
|
||||
}
|
||||
|
||||
function disable_option_block_directory_listing() : bool {
|
||||
return FileAccess::deleteFromHtaccess(_protect_wp_disable_directory_listing_string());
|
||||
}
|
||||
|
||||
function enable_option_disable_wp_debug() {
|
||||
WpConfigEditor::updateConfig('WP_DEBUG', 'false');
|
||||
}
|
||||
|
||||
function disable_option_disable_wp_debug() {
|
||||
WpConfigEditor::updateConfig('WP_DEBUG', 'true');
|
||||
}
|
||||
|
||||
function enable_option_rewrite_url(?string $url = null) {
|
||||
global $_POST;
|
||||
$saveUrl = $url ?? $_POST['rewrite_login'];
|
||||
update_option('kompass_sec_rewrite_login', $saveUrl);
|
||||
}
|
||||
|
||||
function disable_option_rewrite_url() {
|
||||
update_option('kompass_sec_rewrite_login', null);
|
||||
}
|
||||
|
||||
|
||||
|
||||
function kompass_sec_save_settings($settings) {
|
||||
$allPossibleSettings = [
|
||||
'option_disable_xmlrpc',
|
||||
'option_block_authorscan',
|
||||
'option_block_execution_in_uploads',
|
||||
'option_prohibit_special_files',
|
||||
'option_file_editor',
|
||||
'option_disable_conatenation',
|
||||
'option_secure_include_dir',
|
||||
'option_prohibit_bot_access',
|
||||
'option_block_directory_listing',
|
||||
'option_disable_wp_debug',
|
||||
'option_rewrite_url',
|
||||
];
|
||||
|
||||
$enableSettings = array_intersect($allPossibleSettings, $settings);
|
||||
$disableSettings = array_diff($allPossibleSettings, $settings);
|
||||
|
||||
foreach ($disableSettings as $curSetting) {
|
||||
$function = 'disable_' . $curSetting;
|
||||
$function();
|
||||
}
|
||||
|
||||
foreach ($enableSettings as $curSetting) {
|
||||
$function = 'enable_' . $curSetting;
|
||||
$function();
|
||||
}
|
||||
?>
|
||||
<div class="notice notice-success">
|
||||
<p>
|
||||
<?= __('All settings are saved.', BDP_LV_PLUGIN_SLUG); ?>
|
||||
</p>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
function kompass_sec_site_keys() {
|
||||
$content = wp_remote_get('https://api.wordpress.org/secret-key/1.1/salt/');
|
||||
if (!is_array($content) || !isset($content['body'])) {
|
||||
?>
|
||||
<div class="notice notice-error">
|
||||
<p>
|
||||
<?= __('An error occured connecting api.wordpress.org', BDP_LV_PLUGIN_SLUG); ?>
|
||||
</p>
|
||||
</div>
|
||||
<?php
|
||||
return;
|
||||
}
|
||||
|
||||
WpConfigEditor::updateSiteKeys($content['body']);
|
||||
?>
|
||||
<div class="notice notice-success">
|
||||
<p>
|
||||
<?= __('The site keys were updated successfully.', BDP_LV_PLUGIN_SLUG); ?>
|
||||
</p>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
Reference in New Issue
Block a user