Changeset 2615297

Timestamp:

10/17/2021 08:44:25 AM (4 years ago)

Author:

code9fair

Message:

Update anti brute force login

Location:

code9/trunk

Files:

• code9.php (modified) (3 diffs)
• function/code9_security.php (modified) (4 diffs)
• plugin/security/spa/security.js (modified) (3 diffs)
• plugin/security/spa/security.php (modified) (1 diff)
• readme.txt (modified) (4 diffs)

code9/trunk/code9.php

@@ -4 +4 @@
 Plugin URI: https://wordpress.org/plugins/code9/
 Description: Utility tool for wordpress. 2-step verificatoin code user login.
-Version:     1.0.0
+Version:     1.0.1
 Author:      Code9Fair
 Author URI: https://paypal.me/code9fair/
@@ -31 +31 @@
   $GLOBALS['CODE9_PLUGIN_DIR'] = plugin_dir_path( __FILE__ );
   $GLOBALS['CODE9_PLUGIN_URL'] = plugin_dir_url( __FILE__ );
+  
+  require($GLOBALS['CODE9_PLUGIN_DIR'] . 'function/code9_anti_brute_foce.php');
 
   if(wp_get_current_user()->ID !== 0) {
@@ -39 +41 @@
     require($GLOBALS['CODE9_PLUGIN_DIR'] . 'function/code9_security.php');
     require($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/spa.php');
-    require($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_2_step_get.php');
     require($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_2_step_key_iv_reset.php');
     require($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_2_step_update.php');
+    require($GLOBALS['CODE9_PLUGIN_DIR'] . 'plugin/security/api/security_anti_brute_force_update.php');
+
+    
   }
 

code9/trunk/function/code9_security.php

@@ -92 +92 @@
                 if ($error->getMessage() === '2step-code9') {
 
-                    if (isset($_SESSION['code9_security_auth_' . $admin_id . '_block_time']) === true && $_SESSION['code9_security_auth_' . $admin_id . '_block_time'] > time()) {
+                    if (isset($_SESSION['code9_security_auth_' . $admin_id . '_block_time']) === true && $_SESSION['code9_security_auth_' . $admin_id . '_block_time'] !== null  && $_SESSION['code9_security_auth_' . $admin_id . '_block_time'] > time()) {
 
                         wp_die('<h1>' . __('Account locked', 'c9') . '</h1><p><span id="c9-countdown-container">Wait</span> until account unlock.</p><script type="text/javascript">
@@ -108 +108 @@
                     })();
 
-                    </script><p><a href="' . wp_logout_url('') . '">' . __('Sign out', 'c9') . '</a></p>', "Account has been block - Code9");
+                    </script><p><a href="' . wp_logout_url('') . '">' . __('Sign out', 'c9') . '</a></p>', __("Account has been block", "c9") . " - Code9");
 
                     }
@@ -136 +136 @@
                                             $_SESSION['code9_security_auth_' . $admin_id] = $_COOKIE['code9_security_public'];
 
-                                            $_SESSION['code9_security_auth_' . $admin_id . '_attemp'] = 0;
+                                            $_SESSION['code9_security_auth_' . $admin_id . '_attemp'] = null;
+                                            $_SESSION['code9_security_auth_' . $admin_id . '_block_time'] = null;
                                         } else {
-                                            if (isset($_SESSION['code9_security_auth_' . $admin_id . '_attemp']) !== true) {
+                                            if (isset($_SESSION['code9_security_auth_' . $admin_id . '_attemp']) !== true || $_SESSION['code9_security_auth_' . $admin_id . '_attemp'] === null) {
                                                 $_SESSION['code9_security_auth_' . $admin_id . '_attemp'] = 0;
                                             }
@@ -518 +519 @@
     add_action('edit_user_profile_update', 'code9_security_2_step_code_edit_update');
 }
+

code9/trunk/plugin/security/spa/security.js

@@ -1 +1 @@
 (async function () {
-  var _response = await C9_API("security_2_step_get");
 
-  jQuery("#c9-security_2_step-checkbox").prop('checked', _response.data === '1' ? true: false);
  
   jQuery("#c9-security_2_step-checkbox").on("change", function () {
@@ -12 +10 @@
 
   jQuery('#c9-security_2_step-logout-all-user-button').unbind('click').bind('click', async function() {
-    var _button_html = C9_BUTTON_LOADING(jQuery(this)[0]);
+    var _button_html = C9_DOM_LOADING(jQuery(this)[0]);
 
     var _response = await C9_API("security_2_step_key_iv_reset");
 
-    C9_BUTTON_LOADING(jQuery(this)[0], _button_html);
+    C9_DOM_LOADING(jQuery(this)[0], _button_html);
     
     if(_response.result === true) {
@@ -23 +21 @@
       C9_NOTI(_response.response_text);
     }
-  }); 
+  });
+  
+  jQuery("#c9-security_security_anti_brute_force-checkbox").on("change", function () {
+    console.log(jQuery("#c9-security_security_anti_brute_force-checkbox").prop("checked"))
+    C9_API("security_anti_brute_force_update", {
+      security_anti_brute_force:
+      jQuery("#c9-security_security_anti_brute_force-checkbox").prop("checked") === true ? "1" : "0",
+    });
+  });
+
 })();

code9/trunk/plugin/security/spa/security.php

@@ -9 +9 @@
     </label>
   </div>
-  <div>
+  <div class="c9-margin-bottom-small">
     <button class="button" id="c9-security_2_step-logout-all-user-button"><?php echo __('log out 2 step sign in for all user'); ?></button>
   </div>
+  <div class="c9-margin-bottom-small">
+    <label>
+      <input type="checkbox" value="1" id="c9-security_security_anti_brute_force-checkbox" <?php echo get_option('code9_security_anti_brute_force', '0') === '1' ? 'checked="checked"' : '' ?> />
+      <?php echo __('Use anti brute force attack', 'c9'); ?>
+    </label>
+  </div>
 </div>

code9/trunk/readme.txt

@@ -2 +2 @@
 Contributors: Code9fair
 Donate link: https://paypal.me/code9fair
-Tags: 2-step login, verification password, anti brute force login
+Tags: 2-step login, verification password, anti brute force login, xmlrpc.php
 Requires at least: 5.8
 Tested up to: 5.8
@@ -14 +14 @@
 == Description ==
 
+== 2-Step Verification Code ==
+
 Code9 2-step verification code will add more protection to site admin area.
 
@@ -23 +25 @@
 * Admin can active and deactive 2-step verification code anytime.
 
+== Anti Brute Force ==
+
+Prevent attacker from continuous login. (Including xmlrpc.php) 
+* If plugin detects that there is a continuous login. Plugin will redirect user to Recapcha page before allow user to continue login.
 
 == Installation ==
@@ -42 +48 @@
 8. User can try 2-step verification again when locked time is up.
 9. Install and activate Code9 plugin.
+10. Prevent user to continuous login if user has repeatedly entering wrong username or password.
+
+== Changelog ==
+
+= 1.0.1 =
+ * Add function anti brute force attack.