v4.2.1 #1
@@ -19,10 +19,7 @@ use Bdp\Modules\Seo\Seo;
|
||||
require_once dirname(__FILE__) . '/includes/setup.php';
|
||||
|
||||
function bdp_plugin_install() {
|
||||
Seo::setup();
|
||||
Calendar::setup();
|
||||
Security::setup();
|
||||
update_option('kompass_installation', true);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -30,11 +27,14 @@ function bdp_plugin_init() {
|
||||
Security::ProhibitBots();
|
||||
Security::SetPageFilters();
|
||||
|
||||
remove_menu_page( 'admin.php?page=limit-login-attempts&tab=dashboard' );
|
||||
if ( get_option( 'kompass_installation' ) == true ) {
|
||||
delete_option( 'kompass_installation' );
|
||||
if (null == get_option('kompass_already_installed', null)) {
|
||||
Seo::setup();
|
||||
Calendar::setup();
|
||||
Security::setup();
|
||||
update_option('kompass_already_installed', true);
|
||||
wp_redirect( 'site-health.php?tab=bdp_enhanced_security');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
add_action('admin_menu', function () {
|
||||
|
||||
@@ -1,84 +0,0 @@
|
||||
<?php
|
||||
namespace Bdp\Modules\Security;
|
||||
|
||||
|
||||
use ZipArchive;
|
||||
|
||||
|
||||
|
||||
class Security
|
||||
{
|
||||
public const required_security_plugins = [];
|
||||
|
||||
|
||||
public const delete_plugins = [
|
||||
'akismet/akismet.php',
|
||||
'hello.php',
|
||||
'limit-login-attempts-reloaded',
|
||||
'wps-hide-login/wps-hide-login.php'
|
||||
];
|
||||
|
||||
public static function setup()
|
||||
{
|
||||
self::deletePlugins();
|
||||
foreach (self::required_security_plugins as $pluginSlug => $pluginData) {
|
||||
if (!is_dir(WP_PLUGIN_DIR . '/' . $pluginSlug)) {
|
||||
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
|
||||
}
|
||||
}
|
||||
|
||||
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
|
||||
enable_option_rewrite_url($loginUrl);
|
||||
enable_option_disable_xmlrpc();
|
||||
enable_option_block_authorscan();
|
||||
enable_option_block_execution_in_uploads();
|
||||
enable_option_prohibit_special_files();
|
||||
enable_option_file_editor();
|
||||
enable_option_disable_conatenation();
|
||||
enable_option_secure_include_dir();
|
||||
enable_option_prohibit_bot_access();
|
||||
enable_option_block_directory_listing();
|
||||
|
||||
}
|
||||
|
||||
public static function deletePlugins() {
|
||||
deactivate_plugins(self::delete_plugins);
|
||||
delete_plugins(self::delete_plugins);
|
||||
}
|
||||
|
||||
|
||||
public static function installSecurityPlugin(string $pluginSlug, string $downloadUrl) : bool
|
||||
{
|
||||
$ch = curl_init();
|
||||
$source = $downloadUrl;
|
||||
curl_setopt($ch, CURLOPT_URL, $source);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
||||
$data = curl_exec ($ch);
|
||||
curl_close ($ch);
|
||||
|
||||
$destination = WP_PLUGIN_DIR . '/' . $pluginSlug . '.zip';
|
||||
$file = fopen($destination, "w+");
|
||||
fputs($file, $data);
|
||||
fclose($file);
|
||||
|
||||
$zip = new ZipArchive();
|
||||
$zip->open($destination);
|
||||
$zip->extractTo(WP_PLUGIN_DIR);
|
||||
$zip->close();
|
||||
unlink($destination);
|
||||
|
||||
$pluginInfos = get_plugins( '/'.$pluginSlug );
|
||||
$installfile = $pluginSlug . '/';
|
||||
if( ! empty( $pluginInfos ) ) {
|
||||
foreach ($pluginInfos as $file => $info) :
|
||||
$installfile .= $file;
|
||||
endforeach;
|
||||
}
|
||||
|
||||
|
||||
|
||||
$result = activate_plugin($installfile);
|
||||
|
||||
return $result === null;
|
||||
}
|
||||
}
|
||||
@@ -1,22 +0,0 @@
|
||||
<?php
|
||||
echo '<div id="wpbody-content">';
|
||||
echo '<h1>Installation erfolgreich!</h1>';
|
||||
|
||||
?>
|
||||
|
||||
<form method="post" action="admin.php?page=bdp-kompass%2Fmodules%2Findex.php&loadmodule=security">
|
||||
<div class="bdp_security_outer">
|
||||
<fieldset class="bdp_security_inner">
|
||||
<span style="font-weight: bold;">Herzlichen Glückwunsch!</span><br /><br />
|
||||
Das Plugin Kompass wurde soeben erfolgreich installiert.<br />Im Hintergrund wurden bereits erste Optimierungen an der Webseite vorgenommen, so wurde die Navcigation vereinfacht, und falls dies noch nicht der Fall war, wurde die Webseite mit einer suchmaschinenfreundlichen Struktur ausgestattet.<br />
|
||||
Es wurden bereits erste sicherheitsrelevante Plugins installiert. Du findest die Übersicht, welchePlugins aktiv sind, jederzeit <a href="plugins.php">hier</a><br /><br />
|
||||
Über die Kalender-Einstellungen kannst du den Kalender deines Stammes aus dem Wiki auf deiner Webseite einbinden, dieser erscheint dann automatisch unt er der Adresse <a href="<?php echo get_site_url() . '/kalender'; ?>"><?php echo get_site_url() . '/kalender'; ?></a><br /><br />
|
||||
Aus Sicherheitsgründen empfiehlt es sich, die Adresse zum Dashboard deiner Webseite ztu verschleiern. Ein hierfür notwendiges Plugin wurde automatisch installiert. Um dich zukünftig auf deiner Webseite einzuloggen, nutze folgende URL:<br />
|
||||
<label><?php echo get_site_url(); ?>/</label><input style="width: 250px;" class="long_text" type="text" name="login_url" id="login_url" required
|
||||
value = "<?php echo get_option('whl_page', 'bdp_login'); ?>">
|
||||
<br /><input class="bdp_submit" type="submit" name="submit" value="Verändere diese URL noch einmal"><br /><br />
|
||||
Falls du zu diesem Plugin Anmerkungen oder Fragen hast, wende dich bitte an den LB IT.
|
||||
</fieldset>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
<?php
|
||||
|
||||
require_once dirname(__FILE__) . '/classes/Security.class.php';
|
||||
@@ -23,8 +23,11 @@ class Security
|
||||
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
|
||||
}
|
||||
}
|
||||
$loginUrl = get_option('kompass_sec_rewrite_login', null);
|
||||
if (null == $loginUrl) {
|
||||
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
|
||||
}
|
||||
|
||||
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
|
||||
enable_option_rewrite_url($loginUrl);
|
||||
enable_option_disable_xmlrpc();
|
||||
enable_option_block_authorscan();
|
||||
@@ -35,11 +38,20 @@ class Security
|
||||
enable_option_secure_include_dir();
|
||||
enable_option_prohibit_bot_access();
|
||||
enable_option_block_directory_listing();
|
||||
|
||||
delete_option('whl_page');
|
||||
|
||||
}
|
||||
|
||||
public static function deletePlugins() {
|
||||
deactivate_plugins(self::delete_plugins);
|
||||
delete_plugins(self::delete_plugins);
|
||||
$existingPlugins = [];
|
||||
foreach (self::delete_plugins as $curPlugin) {
|
||||
if (file_exists(WP_PLUGIN_DIR . '/' . $curPlugin)) {
|
||||
$existingPlugins[] = $curPlugin;
|
||||
}
|
||||
}
|
||||
deactivate_plugins($existingPlugins);
|
||||
delete_plugins($existingPlugins);
|
||||
}
|
||||
|
||||
public static function ProhibitBots() {
|
||||
|
||||
@@ -57,13 +57,13 @@ function enable_option_secure_include_dir() : bool {
|
||||
|
||||
function enable_option_prohibit_bot_access() {
|
||||
update_option('protect_wp_prohibit_bot_access', true);
|
||||
if (count(get_prohibitedbot_list()) == 0) {
|
||||
set_prohibitedbot_list(_protect_wp_initial_bot_list_array());
|
||||
}
|
||||
}
|
||||
|
||||
function disable_option_prohibit_bot_access() {
|
||||
update_option('protect_wp_prohibit_bot_access', false);
|
||||
if (count(get_prohibitedbot_list()) == 0) {
|
||||
set_prohibitedbot_list(_protect_wp_initial_bot_list_array());
|
||||
}
|
||||
}
|
||||
|
||||
function set_prohibitedbot_list($botList) {
|
||||
|
||||
Reference in New Issue
Block a user