v4.2.1 #1
@ -19,10 +19,7 @@ use Bdp\Modules\Seo\Seo;
|
|||||||
require_once dirname(__FILE__) . '/includes/setup.php';
|
require_once dirname(__FILE__) . '/includes/setup.php';
|
||||||
|
|
||||||
function bdp_plugin_install() {
|
function bdp_plugin_install() {
|
||||||
Seo::setup();
|
|
||||||
Calendar::setup();
|
|
||||||
Security::setup();
|
|
||||||
update_option('kompass_installation', true);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -30,11 +27,14 @@ function bdp_plugin_init() {
|
|||||||
Security::ProhibitBots();
|
Security::ProhibitBots();
|
||||||
Security::SetPageFilters();
|
Security::SetPageFilters();
|
||||||
|
|
||||||
remove_menu_page( 'admin.php?page=limit-login-attempts&tab=dashboard' );
|
if (null == get_option('kompass_already_installed', null)) {
|
||||||
if ( get_option( 'kompass_installation' ) == true ) {
|
Seo::setup();
|
||||||
delete_option( 'kompass_installation' );
|
Calendar::setup();
|
||||||
|
Security::setup();
|
||||||
|
update_option('kompass_already_installed', true);
|
||||||
wp_redirect( 'site-health.php?tab=bdp_enhanced_security');
|
wp_redirect( 'site-health.php?tab=bdp_enhanced_security');
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
add_action('admin_menu', function () {
|
add_action('admin_menu', function () {
|
||||||
|
@ -1,84 +0,0 @@
|
|||||||
<?php
|
|
||||||
namespace Bdp\Modules\Security;
|
|
||||||
|
|
||||||
|
|
||||||
use ZipArchive;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class Security
|
|
||||||
{
|
|
||||||
public const required_security_plugins = [];
|
|
||||||
|
|
||||||
|
|
||||||
public const delete_plugins = [
|
|
||||||
'akismet/akismet.php',
|
|
||||||
'hello.php',
|
|
||||||
'limit-login-attempts-reloaded',
|
|
||||||
'wps-hide-login/wps-hide-login.php'
|
|
||||||
];
|
|
||||||
|
|
||||||
public static function setup()
|
|
||||||
{
|
|
||||||
self::deletePlugins();
|
|
||||||
foreach (self::required_security_plugins as $pluginSlug => $pluginData) {
|
|
||||||
if (!is_dir(WP_PLUGIN_DIR . '/' . $pluginSlug)) {
|
|
||||||
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
|
|
||||||
enable_option_rewrite_url($loginUrl);
|
|
||||||
enable_option_disable_xmlrpc();
|
|
||||||
enable_option_block_authorscan();
|
|
||||||
enable_option_block_execution_in_uploads();
|
|
||||||
enable_option_prohibit_special_files();
|
|
||||||
enable_option_file_editor();
|
|
||||||
enable_option_disable_conatenation();
|
|
||||||
enable_option_secure_include_dir();
|
|
||||||
enable_option_prohibit_bot_access();
|
|
||||||
enable_option_block_directory_listing();
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public static function deletePlugins() {
|
|
||||||
deactivate_plugins(self::delete_plugins);
|
|
||||||
delete_plugins(self::delete_plugins);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public static function installSecurityPlugin(string $pluginSlug, string $downloadUrl) : bool
|
|
||||||
{
|
|
||||||
$ch = curl_init();
|
|
||||||
$source = $downloadUrl;
|
|
||||||
curl_setopt($ch, CURLOPT_URL, $source);
|
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
||||||
$data = curl_exec ($ch);
|
|
||||||
curl_close ($ch);
|
|
||||||
|
|
||||||
$destination = WP_PLUGIN_DIR . '/' . $pluginSlug . '.zip';
|
|
||||||
$file = fopen($destination, "w+");
|
|
||||||
fputs($file, $data);
|
|
||||||
fclose($file);
|
|
||||||
|
|
||||||
$zip = new ZipArchive();
|
|
||||||
$zip->open($destination);
|
|
||||||
$zip->extractTo(WP_PLUGIN_DIR);
|
|
||||||
$zip->close();
|
|
||||||
unlink($destination);
|
|
||||||
|
|
||||||
$pluginInfos = get_plugins( '/'.$pluginSlug );
|
|
||||||
$installfile = $pluginSlug . '/';
|
|
||||||
if( ! empty( $pluginInfos ) ) {
|
|
||||||
foreach ($pluginInfos as $file => $info) :
|
|
||||||
$installfile .= $file;
|
|
||||||
endforeach;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$result = activate_plugin($installfile);
|
|
||||||
|
|
||||||
return $result === null;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
<?php
|
|
||||||
echo '<div id="wpbody-content">';
|
|
||||||
echo '<h1>Installation erfolgreich!</h1>';
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
<form method="post" action="admin.php?page=bdp-kompass%2Fmodules%2Findex.php&loadmodule=security">
|
|
||||||
<div class="bdp_security_outer">
|
|
||||||
<fieldset class="bdp_security_inner">
|
|
||||||
<span style="font-weight: bold;">Herzlichen Glückwunsch!</span><br /><br />
|
|
||||||
Das Plugin Kompass wurde soeben erfolgreich installiert.<br />Im Hintergrund wurden bereits erste Optimierungen an der Webseite vorgenommen, so wurde die Navcigation vereinfacht, und falls dies noch nicht der Fall war, wurde die Webseite mit einer suchmaschinenfreundlichen Struktur ausgestattet.<br />
|
|
||||||
Es wurden bereits erste sicherheitsrelevante Plugins installiert. Du findest die Übersicht, welchePlugins aktiv sind, jederzeit <a href="plugins.php">hier</a><br /><br />
|
|
||||||
Über die Kalender-Einstellungen kannst du den Kalender deines Stammes aus dem Wiki auf deiner Webseite einbinden, dieser erscheint dann automatisch unt er der Adresse <a href="<?php echo get_site_url() . '/kalender'; ?>"><?php echo get_site_url() . '/kalender'; ?></a><br /><br />
|
|
||||||
Aus Sicherheitsgründen empfiehlt es sich, die Adresse zum Dashboard deiner Webseite ztu verschleiern. Ein hierfür notwendiges Plugin wurde automatisch installiert. Um dich zukünftig auf deiner Webseite einzuloggen, nutze folgende URL:<br />
|
|
||||||
<label><?php echo get_site_url(); ?>/</label><input style="width: 250px;" class="long_text" type="text" name="login_url" id="login_url" required
|
|
||||||
value = "<?php echo get_option('whl_page', 'bdp_login'); ?>">
|
|
||||||
<br /><input class="bdp_submit" type="submit" name="submit" value="Verändere diese URL noch einmal"><br /><br />
|
|
||||||
Falls du zu diesem Plugin Anmerkungen oder Fragen hast, wende dich bitte an den LB IT.
|
|
||||||
</fieldset>
|
|
||||||
</div>
|
|
||||||
</form>
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
require_once dirname(__FILE__) . '/classes/Security.class.php';
|
|
@ -23,8 +23,11 @@ class Security
|
|||||||
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
|
self::installSecurityPlugin($pluginSlug, $pluginData['downloadUrl']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$loginUrl = get_option('kompass_sec_rewrite_login', null);
|
||||||
|
if (null == $loginUrl) {
|
||||||
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
|
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
|
||||||
|
}
|
||||||
|
|
||||||
enable_option_rewrite_url($loginUrl);
|
enable_option_rewrite_url($loginUrl);
|
||||||
enable_option_disable_xmlrpc();
|
enable_option_disable_xmlrpc();
|
||||||
enable_option_block_authorscan();
|
enable_option_block_authorscan();
|
||||||
@ -35,11 +38,20 @@ class Security
|
|||||||
enable_option_secure_include_dir();
|
enable_option_secure_include_dir();
|
||||||
enable_option_prohibit_bot_access();
|
enable_option_prohibit_bot_access();
|
||||||
enable_option_block_directory_listing();
|
enable_option_block_directory_listing();
|
||||||
|
|
||||||
|
delete_option('whl_page');
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function deletePlugins() {
|
public static function deletePlugins() {
|
||||||
deactivate_plugins(self::delete_plugins);
|
$existingPlugins = [];
|
||||||
delete_plugins(self::delete_plugins);
|
foreach (self::delete_plugins as $curPlugin) {
|
||||||
|
if (file_exists(WP_PLUGIN_DIR . '/' . $curPlugin)) {
|
||||||
|
$existingPlugins[] = $curPlugin;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
deactivate_plugins($existingPlugins);
|
||||||
|
delete_plugins($existingPlugins);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function ProhibitBots() {
|
public static function ProhibitBots() {
|
||||||
|
@ -57,13 +57,13 @@ function enable_option_secure_include_dir() : bool {
|
|||||||
|
|
||||||
function enable_option_prohibit_bot_access() {
|
function enable_option_prohibit_bot_access() {
|
||||||
update_option('protect_wp_prohibit_bot_access', true);
|
update_option('protect_wp_prohibit_bot_access', true);
|
||||||
|
if (count(get_prohibitedbot_list()) == 0) {
|
||||||
|
set_prohibitedbot_list(_protect_wp_initial_bot_list_array());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function disable_option_prohibit_bot_access() {
|
function disable_option_prohibit_bot_access() {
|
||||||
update_option('protect_wp_prohibit_bot_access', false);
|
update_option('protect_wp_prohibit_bot_access', false);
|
||||||
if (count(get_prohibitedbot_list()) == 0) {
|
|
||||||
set_prohibitedbot_list(_protect_wp_initial_bot_list_array());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function set_prohibitedbot_list($botList) {
|
function set_prohibitedbot_list($botList) {
|
||||||
|
Loading…
Reference in New Issue
Block a user