Changeset 2929413 for anrghg

Timestamp:

06/21/2023 11:19:04 PM (3 years ago)

Author:

anrghg

Message:

1.10.1,0

1.10.1 (2023-06-21)

• Settings: Security: Modify the warning about shared hosting, after validation by a hosting provider.
• Documentation: Security: Modify the warning about shared hosting, after validation by a hosting provider.

Location:

anrghg

Files:

• tags/1.10.1 (copied) (copied from anrghg/trunk)
• tags/1.10.1/admin/options/settings-cb-access.php (modified) (1 diff)
• tags/1.10.1/anrghg.php (modified) (7 diffs)
• tags/1.10.1/package.json (modified) (1 diff)
• tags/1.10.1/readme.txt (modified) (4 diffs)
• tags/1.10.1/svn-revs.txt (modified) (1 diff)
• tags/1.10.1/template-filter-config.php (modified) (4 diffs)
• tags/1.10.1/template-mini-plugin.php (modified) (6 diffs)
• tags/1.10.1/template-wp-config.php (modified) (1 diff)
• trunk/admin/options/settings-cb-access.php (modified) (1 diff)
• trunk/anrghg.php (modified) (7 diffs)
• trunk/package.json (modified) (1 diff)
• trunk/readme.txt (modified) (4 diffs)
• trunk/svn-revs.txt (modified) (1 diff)
• trunk/template-filter-config.php (modified) (4 diffs)
• trunk/template-mini-plugin.php (modified) (6 diffs)
• trunk/template-wp-config.php (modified) (1 diff)

anrghg/tags/1.10.1/admin/options/settings-cb-access.php

@@ -56 +56 @@
     anrghg_introduction(
         'important',
-        __( 'This security feature is efficient only on websites hosted on a Virtual Private Server (VPS) or a dedicated server.', 'anrghg' ),
-        __( 'Shared hosting can be hacked by webshell, from any website in the same root directory.', 'anrghg' )
+        __( 'This security feature is efficient only on websites hosted on a dedicated server, a Virtual Private Server (VPS), or shared hosting with VPS level security set up by the hosting provider.', 'anrghg' ),
+        __( 'Unless the hosting provider has set up VPS level security, shared hosting can be hacked by web shell from any website in the same root directory.', 'anrghg' )
     );
     anrghg_introduction(

anrghg/tags/1.10.1/anrghg.php

@@ -14 +14 @@
  * Tested PHP up to: 8.1
  * CAUTION: The following field is parsed in the `stable tag` folder for upgrade configuration:
- * Version: 1.10.0
+ * Version: 1.10.1
  * Author: ANRGHG
  * Author URI: https://anrghg.sunsite.fr
@@ -39 +39 @@
  *
  * Fixes:
+ * @todo Add option to clean up errand meta tags in HTML output, or in editor. Raise issue to WP Core.
  * @todo Code: Switch to object oriented.
  * @todo Documentation: Plugin list: Add mention “AMP compatible”.
@@ -117 +118 @@
  * @var string C_S_ANRGHG_VER  Plugin version constant.
  */
-define( 'C_S_ANRGHG_VER', '1.10.0' );
+define( 'C_S_ANRGHG_VER', '1.10.1' );
 
 /**
@@ -191 +192 @@
  * its development without making sure that the job will be done effectively. The
  * unaddressed Footnotes user requests are followed up in this new plugin started
- * after it had become clear to me that there was no other way left.
+ * after it had become clear to me that there remained no other way forward.
  * @pewgeuges provided support to Footnotes users from 2020-10-26 to 2022-03-29,
  * until the Footnotes plugin was abandoned on 2022-04-14.
@@ -221 +222 @@
  * Style sheets.
  *
- * @see * Outputs internal CSS.
- * @see anrghg_protected_echo().
  * External style sheets appear to have too many and too serious downsides:
  *
@@ -235 +234 @@
  *   internal.
  *
+ * @see * Outputs internal CSS.
+ * @see anrghg_protected_echo().
+ *
+ *
+ * Separators in class names:
+ *
  * Class names derived from settings keys still contain underscores but as far as
  * possible, CSS classes use hyphen only. Identifiers used in URLs, likewise. But
@@ -248 +253 @@
  * are even harder to keep in sync. Loading partials has certainly downsides from
  * a performance perspective.
+ *
  * Instead, filters may be added to a set of output hooks.
  */

anrghg/tags/1.10.1/package.json

@@ -1 +1 @@
 {
     "name": "anrghg",
-    "version": " 1.10.0",
+    "version": " 1.10.1",
     "description": "A.N.R.GHG Publishing Toolkit",
     "main": "index.js",

anrghg/tags/1.10.1/readme.txt

@@ -8 +8 @@
 Requires PHP: 5.6
 Tested PHP up to: 8.1
-Package Version: 1.10.0.0
-Version: 1.10.0
+Package Version: 1.10.1.0
+Version: 1.10.1
 CAUTION: The following field is parsed in `trunk/` for release configuration:
-Stable Tag: 1.10.0
+Stable Tag: 1.10.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -46 +46 @@
 * Display the login activation status by icon in the Admin bar;
 * Blank the login dialog out if it is convenient to access the WordPress Admin area through the hosting platform exclusively.
-* CAUTION: Shared hosting is prone to being hacked by webshell even if only a single one of the hundreds of websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a Virtual Private Server (VPS) or a dedicated server.
+* CAUTION: Unless the hosting provider has set up VPS level security, shared hosting is prone to being hacked by web shell even if only a single one of the websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a dedicated server, a Virtual Private Server (VPS), or shared hosting with VPS level security set up by the hosting provider.
 
 
@@ -174 +174 @@
 = Security =
 
-Shared hosting is prone to being hacked by webshell even if only a single one of the hundreds of websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a Virtual Private Server (VPS) or a dedicated server.
+Unless the hosting provider has set up VPS level security, shared hosting is prone to being hacked by web shell even if only a single one of the websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a dedicated server, a Virtual Private Server (VPS), or shared hosting with VPS level security set up by the hosting provider.
 
 For an additional layer of security, it is recommended to deny access to the `wp-config.php` file, and to the `debug.log` file in case there is any. To achieve this, please add the code snippet provided for the purpose near the bottom of the `template-wp-config.php` file by copy-pasting it from this file in the `anrghg/` plugin folder to the `.htaccess` file in the WordPress root directory.
@@ -586 +586 @@
 = 1.10.0 (2023-05-27) =
 
-* Settings: Security: Add warning in the Security section introduction.
-* Documentation: Security: Add warning in the Security notice of the Installation section.
-* Documentation: Security: Add warning in the Security feature description.
-* Documentation: Security: Add warning in the “How about using jQuery?” FAQ item.
-* Documentation: Change plugin name from “A.N.R.GHG Publishing Helper“ to “A.N.R.GHG Publishing Toolkit”.
-* Documentation: Rename template files from `tpl-*.php` to `template-*.php`.
+* Settings: Security: Add a warning in the Security section introduction.
+* Documentation: Security: Add a warning in the Security notice of the Installation section.
+* Documentation: Security: Add a warning in the Security feature description.
+* Documentation: Security: Add a warning in the “How about using jQuery?” FAQ item.
+* Documentation: Change the plugin name from “A.N.R.GHG Publishing Helper” to “A.N.R.GHG Publishing Toolkit”.
+* Documentation: Rename the template files from `tpl-*.php` to `template-*.php`.
 * Documentation: Remove the sample `anrghg-thanks-block.json` file for now.
 

anrghg/tags/1.10.1/svn-revs.txt

@@ -11 +11 @@
 Past revisions:
 
+1.10.0.0       2918017  2023-05-27 09:02:28 +0000 (Sat, 27 May 2023)
 1.9.4.0        2914557  2023-05-19 02:11:49 +0000 (Fri, 19 May 2023)
 1.9.3.0        2913991  2023-05-17 22:06:16 +0000 (Wed, 17 May 2023)

anrghg/tags/1.10.1/template-filter-config.php

@@ -65 +65 @@
  *
  * CAUTION: This security feature is efficient only on websites hosted on
- *          a Virtual Private Server (VPS) or a dedicated server.
- *
- *          Shared hosting can be hacked by webshell, from any website in
- *          the same root directory.
+ *          a dedicated server, a Virtual Private Server (VPS), or shared
+ *          hosting with VPS level security set up by the hosting provider.
+ *
+ *          Unless the hosting provider has set up VPS level security,
+ *          shared hosting can be hacked by web shell from any website
+ *          in the same root directory.
+ *
+ * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
+ * @date updated_date="05/05/2015" posted_date="05/05/2015"
+ * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
+ * @date updated_time="2023-01-06T07:34:56+00:00" published_time="2021-02-25T14:16:20+00:00"
+ * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
+ * @date Updated on December 8, 2021
+ * @link https://www.getastra.com/blog/knowledge-base/shared-hosting-security-risks/
+ * @date Updated on: July 22, 2022
+ * @link https://secure.wphackedhelp.com/blog/web-shell-php-exploit/
+ * @date Updated on January 4, 2023
+ *
+ * Unlike hosting platform login information, WordPress login information
+ * may be transparent to SQL injection attacks.
+ *
+ * Logging into WordPress may be done through the Hosting Platform.
+ * If this is the only way used to access the Admin area, then the login
+ * dialog may be blanked out. An optional message may then be displayed
+ * in its place.
  *
  * This security enhancement optionally prevents a WordPress website from
@@ -77 +98 @@
  * bots to monitor that availability in real time.
  *
- * Unlike hosting platform login information, WordPress login information
- * may be transparent to SQL injection attacks.
- *
- * Logging into WordPress may be done through the Hosting Platform.
- * If this is the only way used to access the Admin area, then the login
- * dialog may be blanked out. An optional message may then be displayed
- * in its place.
- *
  * If logging in on a public page is desired, the authentication cookie
  * generation may be active during narrow windows of opportunity.
@@ -104 +117 @@
  * FTP client for editing the file locally.
  *
- * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
- * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
- * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
- *
  * The name of the constant is `ANRGHG_WP_LOGIN_ACTIVE` (by default) or
  * `ANRGHG_WP_LOGIN_` plus some letters and underscore as configured so
@@ -113 +122 @@
  * @see template in `template-mini-plugin.php`.
  *
- *     // Turn login off by replacing true with false:
- *     define( 'ANRGHG_WP_LOGIN_ACTIVE', true );
- *
  * If the login dialog is not used any longer, alternative high-profile
  * or standard behavior blanks the dialog out and displays a message in
- * its place (high profile) or does not elaborate (standard).
+ * its place, for high profile, or does not elaborate, for standard.
  *
  * This option is based on code from Jonathan Daggerhart (@daggerhart on GitHub).

anrghg/tags/1.10.1/template-mini-plugin.php

@@ -6 +6 @@
  * @package WordPress
  *
- * Description: My configuration filters and output filters.
+ * Description: Access toggle, configuration filters and output filters.
  *
  * Installation:
@@ -17 +17 @@
  *
  * Once this mini plugin is activated, the filters copy-pasted from the filter template
- * files, become effective and override the settings.
+ * files or already present below become effective and override the settings configured
+ * on the A.N.R.GHG Publishing Toolkit’s Settings page. Also the access toggle constanẗ
+ * starts determining whether authentication cookies are sent, or whether logging in is
+ * available at all, depending on the settings.
  *
  * @see anrghg/template-filter-config.php
@@ -40 +43 @@
  *
  * CAUTION: This security feature is efficient only on websites hosted on
- *          a Virtual Private Server (VPS) or a dedicated server.
+ *          a dedicated server, a Virtual Private Server (VPS), or shared
+ *          hosting with VPS level security set up by the hosting provider.
  *
- *          Shared hosting can be hacked by webshell, from any website in
- *          the same root directory.
+ *          Unless the hosting provider has set up VPS level security,
+ *          shared hosting can be hacked by web shell from any website
+ *          in the same root directory.
  *
- * This security enhancement optionally prevents a WordPress website from
- * sending auth cookies, either by blocking auth cookie generation, or by
- * making the login dialog unavailable in the first place, an option that
- * must not be chosen if the login dialog is still used sporadically.
- * Making a public page reflect the availability of an action would allow
- * bots to monitor that availability in real time.
+ * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
+ * @date updated_date="05/05/2015" posted_date="05/05/2015"
+ * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
+ * @date updated_time="2023-01-06T07:34:56+00:00" published_time="2021-02-25T14:16:20+00:00"
+ * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
+ * @date Updated on December 8, 2021
+ * @link https://www.getastra.com/blog/knowledge-base/shared-hosting-security-risks/
+ * @date Updated on: July 22, 2022
+ * @link https://secure.wphackedhelp.com/blog/web-shell-php-exploit/
+ * @date Updated on January 4, 2023
  *
  * Unlike hosting platform login information, WordPress login information
@@ -59 +68 @@
  * dialog may be blanked out. An optional message may then be displayed
  * in its place.
+ *
+ * This security enhancement optionally prevents a WordPress website from
+ * sending auth cookies, either by blocking auth cookie generation, or by
+ * making the login dialog unavailable in the first place, an option that
+ * must not be chosen if the login dialog is still used sporadically.
+ * Making a public page reflect the availability of an action would allow
+ * bots to monitor that availability in real time.
  *
  * If logging in on a public page is desired, the authentication cookie
@@ -79 +95 @@
  * FTP client for editing the file locally.
  *
- * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
- * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
- * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
- *
  * The name of the constant is `ANRGHG_WP_LOGIN_ACTIVE` (by default) or
  * `ANRGHG_WP_LOGIN_` plus some letters and underscore as configured so
@@ -88 +100 @@
  * @see template in `template-mini-plugin.php`.
  *
- *     // Turn login off by replacing true with false:
- *     define( 'ANRGHG_WP_LOGIN_ACTIVE', true );
- *
  * If the login dialog is not used any longer, alternative high-profile
  * or standard behavior blanks the dialog out and displays a message in
- * its place (high profile) or does not elaborate (standard).
+ * its place, for high profile, or does not elaborate, for standard.
  *
  * This option is based on code from Jonathan Daggerhart (@daggerhart on GitHub).

anrghg/tags/1.10.1/template-wp-config.php

@@ -69 +69 @@
 // In the process, the wp-config.php file should be protected as well
 // by adding "wp-config.php" in the start tag of the Files directive,
-// with extended regular expressions supported:
+// with extended regular expressions supported due to the "~" in the
+// opening tag of the "Files" directive:
 /*
 

anrghg/trunk/admin/options/settings-cb-access.php

@@ -56 +56 @@
     anrghg_introduction(
         'important',
-        __( 'This security feature is efficient only on websites hosted on a Virtual Private Server (VPS) or a dedicated server.', 'anrghg' ),
-        __( 'Shared hosting can be hacked by webshell, from any website in the same root directory.', 'anrghg' )
+        __( 'This security feature is efficient only on websites hosted on a dedicated server, a Virtual Private Server (VPS), or shared hosting with VPS level security set up by the hosting provider.', 'anrghg' ),
+        __( 'Unless the hosting provider has set up VPS level security, shared hosting can be hacked by web shell from any website in the same root directory.', 'anrghg' )
     );
     anrghg_introduction(

anrghg/trunk/anrghg.php

@@ -14 +14 @@
  * Tested PHP up to: 8.1
  * CAUTION: The following field is parsed in the `stable tag` folder for upgrade configuration:
- * Version: 1.10.0
+ * Version: 1.10.1
  * Author: ANRGHG
  * Author URI: https://anrghg.sunsite.fr
@@ -39 +39 @@
  *
  * Fixes:
+ * @todo Add option to clean up errand meta tags in HTML output, or in editor. Raise issue to WP Core.
  * @todo Code: Switch to object oriented.
  * @todo Documentation: Plugin list: Add mention “AMP compatible”.
@@ -117 +118 @@
  * @var string C_S_ANRGHG_VER  Plugin version constant.
  */
-define( 'C_S_ANRGHG_VER', '1.10.0' );
+define( 'C_S_ANRGHG_VER', '1.10.1' );
 
 /**
@@ -191 +192 @@
  * its development without making sure that the job will be done effectively. The
  * unaddressed Footnotes user requests are followed up in this new plugin started
- * after it had become clear to me that there was no other way left.
+ * after it had become clear to me that there remained no other way forward.
  * @pewgeuges provided support to Footnotes users from 2020-10-26 to 2022-03-29,
  * until the Footnotes plugin was abandoned on 2022-04-14.
@@ -221 +222 @@
  * Style sheets.
  *
- * @see * Outputs internal CSS.
- * @see anrghg_protected_echo().
  * External style sheets appear to have too many and too serious downsides:
  *
@@ -235 +234 @@
  *   internal.
  *
+ * @see * Outputs internal CSS.
+ * @see anrghg_protected_echo().
+ *
+ *
+ * Separators in class names:
+ *
  * Class names derived from settings keys still contain underscores but as far as
  * possible, CSS classes use hyphen only. Identifiers used in URLs, likewise. But
@@ -248 +253 @@
  * are even harder to keep in sync. Loading partials has certainly downsides from
  * a performance perspective.
+ *
  * Instead, filters may be added to a set of output hooks.
  */

anrghg/trunk/package.json

@@ -1 +1 @@
 {
     "name": "anrghg",
-    "version": " 1.10.0",
+    "version": " 1.10.1",
     "description": "A.N.R.GHG Publishing Toolkit",
     "main": "index.js",

anrghg/trunk/readme.txt

@@ -8 +8 @@
 Requires PHP: 5.6
 Tested PHP up to: 8.1
-Package Version: 1.10.0.0
-Version: 1.10.0
+Package Version: 1.10.1.0
+Version: 1.10.1
 CAUTION: The following field is parsed in `trunk/` for release configuration:
-Stable Tag: 1.10.0
+Stable Tag: 1.10.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -46 +46 @@
 * Display the login activation status by icon in the Admin bar;
 * Blank the login dialog out if it is convenient to access the WordPress Admin area through the hosting platform exclusively.
-* CAUTION: Shared hosting is prone to being hacked by webshell even if only a single one of the hundreds of websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a Virtual Private Server (VPS) or a dedicated server.
+* CAUTION: Unless the hosting provider has set up VPS level security, shared hosting is prone to being hacked by web shell even if only a single one of the websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a dedicated server, a Virtual Private Server (VPS), or shared hosting with VPS level security set up by the hosting provider.
 
 
@@ -174 +174 @@
 = Security =
 
-Shared hosting is prone to being hacked by webshell even if only a single one of the hundreds of websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a Virtual Private Server (VPS) or a dedicated server.
+Unless the hosting provider has set up VPS level security, shared hosting is prone to being hacked by web shell even if only a single one of the websites sharing the same server’s root directory is compromised. Therefore, the A.N.R.GHG Publishing Toolkit’s security feature is efficient only on websites hosted on a dedicated server, a Virtual Private Server (VPS), or shared hosting with VPS level security set up by the hosting provider.
 
 For an additional layer of security, it is recommended to deny access to the `wp-config.php` file, and to the `debug.log` file in case there is any. To achieve this, please add the code snippet provided for the purpose near the bottom of the `template-wp-config.php` file by copy-pasting it from this file in the `anrghg/` plugin folder to the `.htaccess` file in the WordPress root directory.
@@ -586 +586 @@
 = 1.10.0 (2023-05-27) =
 
-* Settings: Security: Add warning in the Security section introduction.
-* Documentation: Security: Add warning in the Security notice of the Installation section.
-* Documentation: Security: Add warning in the Security feature description.
-* Documentation: Security: Add warning in the “How about using jQuery?” FAQ item.
-* Documentation: Change plugin name from “A.N.R.GHG Publishing Helper“ to “A.N.R.GHG Publishing Toolkit”.
-* Documentation: Rename template files from `tpl-*.php` to `template-*.php`.
+* Settings: Security: Add a warning in the Security section introduction.
+* Documentation: Security: Add a warning in the Security notice of the Installation section.
+* Documentation: Security: Add a warning in the Security feature description.
+* Documentation: Security: Add a warning in the “How about using jQuery?” FAQ item.
+* Documentation: Change the plugin name from “A.N.R.GHG Publishing Helper” to “A.N.R.GHG Publishing Toolkit”.
+* Documentation: Rename the template files from `tpl-*.php` to `template-*.php`.
 * Documentation: Remove the sample `anrghg-thanks-block.json` file for now.
 

anrghg/trunk/svn-revs.txt

@@ -11 +11 @@
 Past revisions:
 
+1.10.0.0       2918017  2023-05-27 09:02:28 +0000 (Sat, 27 May 2023)
 1.9.4.0        2914557  2023-05-19 02:11:49 +0000 (Fri, 19 May 2023)
 1.9.3.0        2913991  2023-05-17 22:06:16 +0000 (Wed, 17 May 2023)

anrghg/trunk/template-filter-config.php

@@ -65 +65 @@
  *
  * CAUTION: This security feature is efficient only on websites hosted on
- *          a Virtual Private Server (VPS) or a dedicated server.
- *
- *          Shared hosting can be hacked by webshell, from any website in
- *          the same root directory.
+ *          a dedicated server, a Virtual Private Server (VPS), or shared
+ *          hosting with VPS level security set up by the hosting provider.
+ *
+ *          Unless the hosting provider has set up VPS level security,
+ *          shared hosting can be hacked by web shell from any website
+ *          in the same root directory.
+ *
+ * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
+ * @date updated_date="05/05/2015" posted_date="05/05/2015"
+ * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
+ * @date updated_time="2023-01-06T07:34:56+00:00" published_time="2021-02-25T14:16:20+00:00"
+ * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
+ * @date Updated on December 8, 2021
+ * @link https://www.getastra.com/blog/knowledge-base/shared-hosting-security-risks/
+ * @date Updated on: July 22, 2022
+ * @link https://secure.wphackedhelp.com/blog/web-shell-php-exploit/
+ * @date Updated on January 4, 2023
+ *
+ * Unlike hosting platform login information, WordPress login information
+ * may be transparent to SQL injection attacks.
+ *
+ * Logging into WordPress may be done through the Hosting Platform.
+ * If this is the only way used to access the Admin area, then the login
+ * dialog may be blanked out. An optional message may then be displayed
+ * in its place.
  *
  * This security enhancement optionally prevents a WordPress website from
@@ -77 +98 @@
  * bots to monitor that availability in real time.
  *
- * Unlike hosting platform login information, WordPress login information
- * may be transparent to SQL injection attacks.
- *
- * Logging into WordPress may be done through the Hosting Platform.
- * If this is the only way used to access the Admin area, then the login
- * dialog may be blanked out. An optional message may then be displayed
- * in its place.
- *
  * If logging in on a public page is desired, the authentication cookie
  * generation may be active during narrow windows of opportunity.
@@ -104 +117 @@
  * FTP client for editing the file locally.
  *
- * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
- * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
- * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
- *
  * The name of the constant is `ANRGHG_WP_LOGIN_ACTIVE` (by default) or
  * `ANRGHG_WP_LOGIN_` plus some letters and underscore as configured so
@@ -113 +122 @@
  * @see template in `template-mini-plugin.php`.
  *
- *     // Turn login off by replacing true with false:
- *     define( 'ANRGHG_WP_LOGIN_ACTIVE', true );
- *
  * If the login dialog is not used any longer, alternative high-profile
  * or standard behavior blanks the dialog out and displays a message in
- * its place (high profile) or does not elaborate (standard).
+ * its place, for high profile, or does not elaborate, for standard.
  *
  * This option is based on code from Jonathan Daggerhart (@daggerhart on GitHub).

anrghg/trunk/template-mini-plugin.php

@@ -6 +6 @@
  * @package WordPress
  *
- * Description: My configuration filters and output filters.
+ * Description: Access toggle, configuration filters and output filters.
  *
  * Installation:
@@ -17 +17 @@
  *
  * Once this mini plugin is activated, the filters copy-pasted from the filter template
- * files, become effective and override the settings.
+ * files or already present below become effective and override the settings configured
+ * on the A.N.R.GHG Publishing Toolkit’s Settings page. Also the access toggle constanẗ
+ * starts determining whether authentication cookies are sent, or whether logging in is
+ * available at all, depending on the settings.
  *
  * @see anrghg/template-filter-config.php
@@ -40 +43 @@
  *
  * CAUTION: This security feature is efficient only on websites hosted on
- *          a Virtual Private Server (VPS) or a dedicated server.
+ *          a dedicated server, a Virtual Private Server (VPS), or shared
+ *          hosting with VPS level security set up by the hosting provider.
  *
- *          Shared hosting can be hacked by webshell, from any website in
- *          the same root directory.
+ *          Unless the hosting provider has set up VPS level security,
+ *          shared hosting can be hacked by web shell from any website
+ *          in the same root directory.
  *
- * This security enhancement optionally prevents a WordPress website from
- * sending auth cookies, either by blocking auth cookie generation, or by
- * making the login dialog unavailable in the first place, an option that
- * must not be chosen if the login dialog is still used sporadically.
- * Making a public page reflect the availability of an action would allow
- * bots to monitor that availability in real time.
+ * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
+ * @date updated_date="05/05/2015" posted_date="05/05/2015"
+ * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
+ * @date updated_time="2023-01-06T07:34:56+00:00" published_time="2021-02-25T14:16:20+00:00"
+ * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
+ * @date Updated on December 8, 2021
+ * @link https://www.getastra.com/blog/knowledge-base/shared-hosting-security-risks/
+ * @date Updated on: July 22, 2022
+ * @link https://secure.wphackedhelp.com/blog/web-shell-php-exploit/
+ * @date Updated on January 4, 2023
  *
  * Unlike hosting platform login information, WordPress login information
@@ -59 +68 @@
  * dialog may be blanked out. An optional message may then be displayed
  * in its place.
+ *
+ * This security enhancement optionally prevents a WordPress website from
+ * sending auth cookies, either by blocking auth cookie generation, or by
+ * making the login dialog unavailable in the first place, an option that
+ * must not be chosen if the login dialog is still used sporadically.
+ * Making a public page reflect the availability of an action would allow
+ * bots to monitor that availability in real time.
  *
  * If logging in on a public page is desired, the authentication cookie
@@ -79 +95 @@
  * FTP client for editing the file locally.
  *
- * @link https://resources.infosecinstitute.com/topic/hacking-a-wordpress-site/
- * @link https://secure.wphackedhelp.com/blog/hack-wordpress-website/
- * @link https://www.cloudways.com/blog/wordpress-sql-injection-protection/
- *
  * The name of the constant is `ANRGHG_WP_LOGIN_ACTIVE` (by default) or
  * `ANRGHG_WP_LOGIN_` plus some letters and underscore as configured so
@@ -88 +100 @@
  * @see template in `template-mini-plugin.php`.
  *
- *     // Turn login off by replacing true with false:
- *     define( 'ANRGHG_WP_LOGIN_ACTIVE', true );
- *
  * If the login dialog is not used any longer, alternative high-profile
  * or standard behavior blanks the dialog out and displays a message in
- * its place (high profile) or does not elaborate (standard).
+ * its place, for high profile, or does not elaborate, for standard.
  *
  * This option is based on code from Jonathan Daggerhart (@daggerhart on GitHub).

anrghg/trunk/template-wp-config.php

@@ -69 +69 @@
 // In the process, the wp-config.php file should be protected as well
 // by adding "wp-config.php" in the start tag of the Files directive,
-// with extended regular expressions supported:
+// with extended regular expressions supported due to the "~" in the
+// opening tag of the "Files" directive:
 /*