Changeset 3303789

Timestamp:

05/30/2025 08:46:48 PM (10 months ago)

Author:

wpiron

Message:

update new version

Location:

iron-security

Files:

• tags/2.3.4 (copied) (copied from iron-security/trunk)
• tags/2.3.4/LICENSE.txt (copied) (copied from iron-security/trunk/LICENSE.txt)
• tags/2.3.4/README.txt (copied) (copied from iron-security/trunk/README.txt) (2 diffs)
• tags/2.3.4/admin (copied) (copied from iron-security/trunk/admin)
• tags/2.3.4/admin/class-iron-security-admin.php (copied) (copied from iron-security/trunk/admin/class-iron-security-admin.php) (2 diffs)
• tags/2.3.4/admin/classes/general-security.php (copied) (copied from iron-security/trunk/admin/classes/general-security.php)
• tags/2.3.4/admin/classes/login-logout-functionality.php (copied) (copied from iron-security/trunk/admin/classes/login-logout-functionality.php) (25 diffs)
• tags/2.3.4/admin/classes/tracking-access.php (copied) (copied from iron-security/trunk/admin/classes/tracking-access.php)
• tags/2.3.4/admin/css/dashboard.css (copied) (copied from iron-security/trunk/admin/css/dashboard.css)
• tags/2.3.4/admin/css/iron-security-admin.css (copied) (copied from iron-security/trunk/admin/css/iron-security-admin.css) (1 diff)
• tags/2.3.4/admin/css/transitions.css (copied) (copied from iron-security/trunk/admin/css/transitions.css)
• tags/2.3.4/admin/js/2fa.js (copied) (copied from iron-security/trunk/admin/js/2fa.js)
• tags/2.3.4/admin/js/components/Dashboard.jsx (copied) (copied from iron-security/trunk/admin/js/components/Dashboard.jsx) (2 diffs)
• tags/2.3.4/admin/js/components/FileDirectoryProectionSettings.jsx (copied) (copied from iron-security/trunk/admin/js/components/FileDirectoryProectionSettings.jsx)
• tags/2.3.4/admin/js/components/GeneralSettings.jsx (copied) (copied from iron-security/trunk/admin/js/components/GeneralSettings.jsx)
• tags/2.3.4/admin/js/components/HttpSecurityHeadersSettings.jsx (copied) (copied from iron-security/trunk/admin/js/components/HttpSecurityHeadersSettings.jsx)
• tags/2.3.4/admin/js/components/LoginLogoutSettings.jsx (copied) (copied from iron-security/trunk/admin/js/components/LoginLogoutSettings.jsx)
• tags/2.3.4/admin/js/components/SecurityLogs.jsx (copied) (copied from iron-security/trunk/admin/js/components/SecurityLogs.jsx)
• tags/2.3.4/admin/js/dashboard.js (copied) (copied from iron-security/trunk/admin/js/dashboard.js)
• tags/2.3.4/admin/js/dist/dashboard.409171eb914877d3afe7.js (copied) (copied from iron-security/trunk/admin/js/dist/dashboard.409171eb914877d3afe7.js)
• tags/2.3.4/admin/js/dist/dashboard.6931e43c4d8629f63bd9.js (added)
• tags/2.3.4/admin/js/dist/dashboard.6931e43c4d8629f63bd9.js.LICENSE.txt (added)
• tags/2.3.4/admin/js/dist/dashboard.bundle.js (copied) (copied from iron-security/trunk/admin/js/dist/dashboard.bundle.js)
• tags/2.3.4/admin/js/dist/dashboard.d4938437720f6eface82.js (copied) (copied from iron-security/trunk/admin/js/dist/dashboard.d4938437720f6eface82.js)
• tags/2.3.4/admin/js/dist/manifest.json (copied) (copied from iron-security/trunk/admin/js/dist/manifest.json) (1 diff)
• tags/2.3.4/admin/js/dist/vendors.6faccb462d3791bbb518.js (copied) (copied from iron-security/trunk/admin/js/dist/vendors.6faccb462d3791bbb518.js)
• tags/2.3.4/admin/js/dist/vendors.6faccb462d3791bbb518.js.LICENSE.txt (copied) (copied from iron-security/trunk/admin/js/dist/vendors.6faccb462d3791bbb518.js.LICENSE.txt)
• tags/2.3.4/admin/js/dist/vendors.91782840b9e9337a9a5f.js (copied) (copied from iron-security/trunk/admin/js/dist/vendors.91782840b9e9337a9a5f.js)
• tags/2.3.4/admin/js/dist/vendors.91782840b9e9337a9a5f.js.LICENSE.txt (copied) (copied from iron-security/trunk/admin/js/dist/vendors.91782840b9e9337a9a5f.js.LICENSE.txt)
• tags/2.3.4/admin/js/dist/vendors.b4116fd1b25e74ca1789.js (added)
• tags/2.3.4/admin/js/dist/vendors.b4116fd1b25e74ca1789.js.LICENSE.txt (added)
• tags/2.3.4/admin/js/iron-security-admin.js (copied) (copied from iron-security/trunk/admin/js/iron-security-admin.js)
• tags/2.3.4/build (copied) (copied from iron-security/trunk/build)
• tags/2.3.4/composer.json (copied) (copied from iron-security/trunk/composer.json)
• tags/2.3.4/composer.lock (copied) (copied from iron-security/trunk/composer.lock)
• tags/2.3.4/includes (copied) (copied from iron-security/trunk/includes)
• tags/2.3.4/includes/class-iron-security-deactivator.php (copied) (copied from iron-security/trunk/includes/class-iron-security-deactivator.php)
• tags/2.3.4/includes/class-iron-security-logger.php (copied) (copied from iron-security/trunk/includes/class-iron-security-logger.php)
• tags/2.3.4/includes/class-iron-security.php (copied) (copied from iron-security/trunk/includes/class-iron-security.php) (2 diffs)
• tags/2.3.4/includes/ss.json (copied) (copied from iron-security/trunk/includes/ss.json)
• tags/2.3.4/index.php (copied) (copied from iron-security/trunk/index.php)
• tags/2.3.4/iron-security.php (copied) (copied from iron-security/trunk/iron-security.php) (2 diffs)
• tags/2.3.4/languages (copied) (copied from iron-security/trunk/languages)
• tags/2.3.4/package.json (copied) (copied from iron-security/trunk/package.json)
• tags/2.3.4/pnpm-lock.yaml (copied) (copied from iron-security/trunk/pnpm-lock.yaml)
• tags/2.3.4/public (copied) (copied from iron-security/trunk/public)
• tags/2.3.4/public/class-iron-security-public.php (copied) (copied from iron-security/trunk/public/class-iron-security-public.php)
• tags/2.3.4/uninstall.php (copied) (copied from iron-security/trunk/uninstall.php)
• tags/2.3.4/vendor (copied) (copied from iron-security/trunk/vendor)
• tags/2.3.4/webpack.config.js (copied) (copied from iron-security/trunk/webpack.config.js)
• trunk/README.txt (modified) (2 diffs)
• trunk/admin/class-iron-security-admin.php (modified) (2 diffs)
• trunk/admin/classes/login-logout-functionality.php (modified) (25 diffs)
• trunk/admin/css/iron-security-admin.css (modified) (1 diff)
• trunk/admin/js/components/Dashboard.jsx (modified) (2 diffs)
• trunk/admin/js/dist/dashboard.6931e43c4d8629f63bd9.js (added)
• trunk/admin/js/dist/dashboard.6931e43c4d8629f63bd9.js.LICENSE.txt (added)
• trunk/admin/js/dist/manifest.json (modified) (1 diff)
• trunk/admin/js/dist/vendors.b4116fd1b25e74ca1789.js (added)
• trunk/admin/js/dist/vendors.b4116fd1b25e74ca1789.js.LICENSE.txt (added)
• trunk/includes/class-iron-security.php (modified) (2 diffs)
• trunk/iron-security.php (modified) (2 diffs)

iron-security/tags/2.3.4/README.txt

@@ -5 +5 @@
 Requires at least: 4.7
 Tested up to: 6.8
-Stable tag: 2.3.3
+Stable tag: 2.3.4
 Requires PHP: 7.0
 License: GPLv2 or later
@@ -142 +142 @@
 == Changelog ==
 
+= 2.3.4 =
+* Update plugin
+
 = 2.3.3 =
 * Add functionality to change default admin username

iron-security/tags/2.3.4/admin/class-iron-security-admin.php

@@ -336 +336 @@
 
         return $this->login_logout_functionality->wpironsecwp_block_locked_out_users( $user, $username, $password );
+    }
+
+    public function wpironis_block_locked_out_ip_early() {
+        return $this->login_logout_functionality->wpironsecwp_block_locked_out_ip_early();
     }
 
@@ -3608 +3612 @@
     }
 
+    public function handle_telegram_feedback() {
+        check_ajax_referer('iron_security_nonce', 'nonce');
+
+        if (!current_user_can('manage_options')) {
+            wp_send_json_error('Insufficient permissions');
+            return;
+        }
+
+        $name = isset($_POST['name']) ? sanitize_text_field($_POST['name']) : '';
+        $email = isset($_POST['email']) ? sanitize_email($_POST['email']) : '';
+        $message = isset($_POST['message']) ? sanitize_textarea_field($_POST['message']) : '';
+
+        if (empty($name) || empty($email) || empty($message)) {
+            wp_send_json_error('All fields are required');
+            return;
+        }
+
+        $bot_token = '7891702745:AAE9NIFGYVZzgmIiLZ1xVKBVtG5Wn-E-66E';
+        $chat_id = '-1002293858145';
+
+        $text = "*Iron Security Feedback* \n\n";
+        $text .= "*Name:* $name\n";
+        $text .= "*Email:* $email\n";
+        $text .= "*Message:*\n$message";
+
+        $url = "https://api.telegram.org/bot$bot_token/sendMessage";
+
+        $args = [
+            'body' => [
+                'chat_id' => $chat_id,
+                'text' => $text,
+                'parse_mode' => 'Markdown'
+            ]
+        ];
+
+        $response = wp_remote_post($url, $args);
+
+        if (is_wp_error($response)) {
+            error_log($response->get_error_message());
+            wp_send_json_error('Failed to send message: ' . $response->get_error_message());
+            return;
+        }
+
+        $body = wp_remote_retrieve_body($response);
+        $data = json_decode($body, true);
+
+        if (isset($data['ok']) && $data['ok'] === true) {
+            wp_send_json_success('Feedback sent successfully');
+        } else {
+            wp_send_json_error('Failed to send message');
+        }
+    }
+
     private function get_hashed_filename( $base_name ) {
         $manifest_path = plugin_dir_path( __FILE__ ) . 'js/dist/manifest.json';

iron-security/tags/2.3.4/admin/classes/login-logout-functionality.php

@@ -16 +16 @@
         $this->version = '1.0.0';
         $this->tracking_access = new SafeWP_Setup_Tracking_Access();
-//      $this->safe2fa         = new safe_2fa_admin();
     }
 
@@ -24 +23 @@
             <p class="text-center">
                 This section of the Iron Security Plugin offers several options to enhance the security of your
-                WordPress
-                site. These settings allow you to customize various aspects of the login and logout
+                WordPress site. These settings allow you to customize various aspects of the login and logout
                 process, reducing vulnerabilities and protecting against unauthorized access.
             </p>
-            <?php
-            settings_errors( 'wpironis_messages' ); ?>
+            <?php settings_errors( 'wpironis_messages' ); ?>
             <form method="post" action="options.php">
                 <?php
@@ -49 +46 @@
                     <input type="checkbox" id="enable_session_timeout"
                            name="wpironis_plugin_settings_loginlogout[enable_session_timeout]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -58 +54 @@
                 <input type="number" name="wpironis_plugin_settings_loginlogout[session_timeout_value]"
                        id="session_timeout_value"
-                       value="<?php
-                       echo esc_attr( $timeoutValue ); ?>"
+                       value="<?php echo esc_attr( $timeoutValue ); ?>"
                        placeholder="Enter timeout in seconds (for example 3600 it will be 1hr)">
             </div>
@@ -77 +72 @@
                     <input type="checkbox" id="enable_slug_change"
                            name="wpironis_plugin_settings_loginlogout[enable_slug_change]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -85 +79 @@
                 <input type="text" name="wpironis_plugin_settings_loginlogout[wpironis_custom_login_slug]"
                        id="wpironis_custom-admin-slug"
-                       value="<?php
-                       echo isset( $slug ) ? esc_attr( $slug ) : ''; ?>"
+                       value="<?php echo isset( $slug ) ? esc_attr( $slug ) : ''; ?>"
                        placeholder="Enter custom login URL">
             </div>
@@ -94 +87 @@
                 automated attacks. This simple change adds an effective layer of protection to your website.</p>
         </div>
-
         <?php
     }
@@ -105 +97 @@
                     <input type="checkbox" id="enable_limit_login_attempts"
                            name="wpironis_plugin_settings_loginlogout[enable_limit_login_attempts]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -115 +106 @@
                     <input type="number" name="wpironis_plugin_settings_loginlogout[wpironis_limit_login_attempts]"
                            id="limit_login_attempts"
-                           value="<?php
-                           echo esc_attr( $attempts ); ?>"
+                           value="<?php echo esc_attr( $attempts ); ?>"
                            placeholder="Enter the number of allowed attempts (for example: 5)">
                 </div>
@@ -123 +113 @@
                     <input type="number" name="wpironis_plugin_settings_loginlogout[wpironis_lockout_duration]"
                            id="wpironis_lockout_duration"
-                           value="<?php
-                           echo esc_attr( $time ); ?>" placeholder="How long to keep user blocked? in seconds">
+                           value="<?php echo esc_attr( $time ); ?>" placeholder="How long to keep user blocked? in seconds">
                 </div>
             </div>
@@ -141 +130 @@
                     <input type="checkbox" id="enable_2fa"
                            name="wpironis_plugin_settings_loginlogout[enable_2fa]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -154 +142 @@
                             <input type="checkbox" id="wpironis_2fa_google_auth_field"
                                    name="wpironis_plugin_settings_loginlogout[wpironis_2fa_google_auth]"
-                                   value="1" <?php
-                            checked( 1, $googleAuth, true ); ?>>
+                                   value="1" <?php checked( 1, $googleAuth, true ); ?>>
                             <span class="slider round"></span>
                         </label>
@@ -178 +165 @@
             strtoupper( sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) ) !== 'POST'
         ) {
-            // Redirect to the home URL safely
             wp_redirect( esc_url( home_url() ) );
             exit;
@@ -184 +170 @@
     }
 
-
     public function customLoginUrl( $customUrl ) {
         global $user_login, $error;
 
         if ( strpos( $_SERVER['REQUEST_URI'], '/' . $customUrl ) !== false ) {
-            // Serve the login page if not logged in
             if ( ! is_user_logged_in() ) {
                 if ( ! isset( $user_login ) ) {
@@ -201 +185 @@
             }
         }
-        // If it's the default login URL, redirect to the custom URL
         if ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false && ! is_user_logged_in() ) {
             wp_redirect( home_url( $customUrl ) );
@@ -250 +233 @@
                 return admin_url();
             }
-
             return home_url();
         }
-
         return $redirect_to;
     }
@@ -261 +242 @@
             return (int) $timeout_value;
         }
-
         return $expireIn;
     }
@@ -269 +249 @@
         $attempts   = get_transient( $ip_address . '_wpis_attempts' ) ?: 0;
         $attempts ++;
+        
         set_transient( $ip_address . '_wpis_attempts', $attempts, $options['wpironis_lockout_duration'] );
         if ( $attempts >= $options['wpironis_limit_login_attempts'] ) {
@@ -289 +270 @@
 
     public function wpironsecwp_block_locked_out_users( $user, $username, $password ) {
-
         $ip_address = $this->get_user_ip();
-
-        // Check if this IP is in lockout transient
+        
         if ( get_transient( $ip_address . '_wpis_lockout' ) ) {
-
-            // Optionally fetch how long until lockout ends:
             $lockout_duration = get_option( 'wpironis_plugin_settings_loginlogout' )['wpironis_lockout_duration'];
             $lockout_time     = get_transient( $ip_address . '_wpis_lockout_time' );
             $remaining_time   = $lockout_duration - ( time() - $lockout_time );
 
-            // Force all sessions for this IP to log out
             $this->wpisec_force_logout_by_ip( $ip_address );
 
-            // -- 1) Immediately set a 403 status and kill on the login page --
-
-            // Set 403 on "login_init"
             add_action( 'login_init', function() {
                 status_header( 403 );
                 nocache_headers();
-                // Stop execution so the login form never appears
                 exit;
             });
 
-            // If WordPress tries to render the login form anyway, kill it
             add_action( 'login_form', function () {
                 exit;
             });
 
-            // -- 2) Also block access to the wp-admin area --
-
             add_action( 'admin_init', function() {
                 status_header( 403 );
                 nocache_headers();
-                // This prevents the admin panel from loading
                 exit;
             });
-
-            // -- 3) Optionally add your own error message on the login page (if it were to load) --
 
             add_filter( 'login_message', function () use ( $remaining_time ) {
@@ -336 +302 @@
             });
 
-            // Return a WP_Error so WordPress sees this as a failed login
             return new WP_Error(
                 'locked_out',
@@ -343 +308 @@
         }
 
-        // If not locked out, just return the user object
         return $user;
     }
-
 
     /**
@@ -352 +315 @@
      */
     public function wpisec_force_logout_by_ip( $ip_address ) {
-        $users = get_users(); // Get all users
+        $users = get_users();
 
         foreach ( $users as $user ) {
             $sessions = WP_Session_Tokens::get_instance( $user->ID );
-            $sessions->destroy_all(); // Log out all sessions for this user
-        }
-
-        // Destroy the current session if the locked user is logged in
+            $sessions->destroy_all();
+        }
+
         if ( is_user_logged_in() ) {
             wp_destroy_current_session();
             wp_clear_auth_cookie();
-            wp_redirect( home_url() ); // Redirect to home page
+            wp_redirect( home_url() );
             exit;
         }
@@ -392 +354 @@
                     } else {
                         error_log( '2FA code not entered' );
-
                         return new WP_Error( 'missing_2fa_code',
                             '<strong>ERROR</strong>: Please enter your 2FA code.' );
@@ -401 +362 @@
             } else {
                 error_log( 'Nonce verification failed or nonce not set' );
-
                 return new WP_Error( 'invalid_nonce', '<strong>ERROR</strong>: Nonce verification failed.' );
             }
@@ -415 +375 @@
     }
 
-
     public function get_user_ip() {
-        unset($_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['CLIENT_IP']);
-
-        if (!empty($_SERVER['REMOTE_ADDR']) && self::validate_ip($_SERVER['REMOTE_ADDR'])) {
-            return $_SERVER['REMOTE_ADDR'];
-        }
-    }
-
-    private static function validate_ip($ip) {
-        return filter_var($ip, FILTER_VALIDATE_IP) !== false;
+        $remote_addr = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
+        
+        if (self::validate_ip($remote_addr)) {
+            return $remote_addr;
+        }
+
+        return '0.0.0.0';
+    }
+
+    public static function validate_ip($ip) {
+        if (filter_var($ip, FILTER_VALIDATE_IP) === false) {
+            return false;
+        }
+        return true;
     }
 

iron-security/tags/2.3.4/admin/css/iron-security-admin.css

@@ -224 +224 @@
     color: #fff;
     background: #0073aa;
+}
+
+/* Feedback Form */
+.iron-security-feedback-form {
+    background: #fff;
+    border: 1px solid #e2e4e7;
+    border-radius: 4px;
+    padding: 20px;
+    margin-top: 20px;
+    box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+}
+
+.iron-security-feedback-form p {
+    margin-bottom: 15px;
+    color: #555;
+}
+
+.iron-security-form-field {
+    margin-bottom: 15px;
+}
+
+.iron-security-form-field label {
+    display: block;
+    margin-bottom: 5px;
+    font-weight: 500;
+}
+
+.iron-security-form-field input,
+.iron-security-form-field textarea {
+    width: 100%;
+    padding: 8px 12px;
+    border-radius: 4px;
+    border: 1px solid #ddd;
+    font-size: 14px;
+}
+
+.iron-security-form-field textarea {
+    resize: vertical;
+    min-height: 80px;
+}
+
+.iron-security-feedback-status {
+    margin-bottom: 15px;
+    padding: 10px 15px;
+    border-radius: 4px;
+    font-size: 14px;
+}
+
+.iron-security-feedback-status.success {
+    background-color: #ecf9ec;
+    color: #1e7e34;
+    border: 1px solid #c3e6cb;
+}
+
+.iron-security-feedback-status.error {
+    background-color: #f8d7da;
+    color: #721c24;
+    border: 1px solid #f5c6cb;
+}
+
+.iron-security-feedback-form button {
+    margin-top: 5px;
 } 

iron-security/tags/2.3.4/admin/js/components/Dashboard.jsx

@@ -7 +7 @@
 import HttpSecurityHeadersSettings from "./HttpSecurityHeadersSettings";
 import Support from './Support';
+
+const FeedbackForm = ({ settings }) => {
+    const [name, setName] = useState('');
+    const [email, setEmail] = useState('');
+    const [message, setMessage] = useState('');
+    const [isSending, setIsSending] = useState(false);
+    const [feedbackStatus, setFeedbackStatus] = useState(null);
+
+    const handleSubmit = async (e) => {
+        e.preventDefault();
+        setIsSending(true);
+        setFeedbackStatus(null);
+
+        try {
+            const formData = new FormData();
+            formData.append('action', 'iron_security_send_feedback');
+            formData.append('name', name);
+            formData.append('email', email);
+            formData.append('message', message);
+            formData.append('nonce', settings.nonce);
+
+            const response = await fetch(settings.ajaxurl, {
+                method: 'POST',
+                body: formData,
+                credentials: 'same-origin'
+            });
+
+            const data = await response.json();
+
+            if (data.success) {
+                setFeedbackStatus({ type: 'success', message: 'Your feedback was sent successfully. Thank you!' });
+                setName('');
+                setEmail('');
+                setMessage('');
+            } else {
+                setFeedbackStatus({ type: 'error', message: data.data || 'Failed to send feedback. Please try again.' });
+            }
+        } catch (error) {
+            console.error('Error sending feedback:', error);
+            setFeedbackStatus({ type: 'error', message: 'An error occurred while sending your feedback. Please try again.' });
+        } finally {
+            setIsSending(false);
+        }
+    };
+
+    return (
+        <div className="iron-security-feedback-form iron-security-banner Standard">
+            <div className="iron-security-banner-header">Send Us Your Feedback</div>
+            <p>We'd love to hear your thoughts about Iron Security. Please use this form to send us your feedback, suggestions, or questions.</p>
+            
+            {feedbackStatus && (
+                <div className={`iron-security-feedback-status ${feedbackStatus.type}`}>
+                    {feedbackStatus.message}
+                </div>
+            )}
+            
+            <form onSubmit={handleSubmit}>
+                <div className="iron-security-form-field">
+                    <label htmlFor="feedback-name">Your Name</label>
+                    <br/>
+                    <input
+                        type="text"
+                        id="feedback-name"
+                        value={name}
+                        onChange={(e) => setName(e.target.value)}
+                        required
+                        disabled={isSending}
+                        style={{width:"100%"}}
+                    />
+                </div>
+                
+                <div className="iron-security-form-field">
+                    <label htmlFor="feedback-email">Your Email</label>
+                    <br/>
+                    <input
+                        type="email"
+                        id="feedback-email"
+                        value={email}
+                        onChange={(e) => setEmail(e.target.value)}
+                        required
+                        disabled={isSending}
+                        style={{width:"100%"}}
+                    />
+                </div>
+                
+                <div className="iron-security-form-field">
+                    <label htmlFor="feedback-message">Your Message</label>
+                    <br/>
+                    <textarea
+                        id="feedback-message"
+                        value={message}
+                        onChange={(e) => setMessage(e.target.value)}
+                        required
+                        disabled={isSending}
+                        rows="4"
+                        style={{width:"100%"}}
+                    ></textarea>
+                </div>
+                
+                <button
+                    type="submit"
+                    className="button button-primary"
+                    disabled={isSending}
+                >
+                    {isSending ? 'Sending...' : 'Send Feedback'}
+                </button>
+            </form>
+        </div>
+    );
+};
 
 const Dashboard = ({settings: initialSettings}) => {
@@ -202 +312 @@
                         <strong><a href='https://wordpress.org/plugins/quantity-discounts/' target='_blank'>Quantity Breaks</a></strong>`}
                 />
+                <FeedbackForm settings={settings} />
             </div>
         </div>

iron-security/tags/2.3.4/admin/js/dist/manifest.json

@@ -1 +1 @@
 {
-  "dashboard.js": "dashboard.409171eb914877d3afe7.js",
-  "vendors.js": "vendors.91782840b9e9337a9a5f.js"
+  "dashboard.js": "dashboard.6931e43c4d8629f63bd9.js",
+  "vendors.js": "vendors.b4116fd1b25e74ca1789.js"
 }

iron-security/tags/2.3.4/includes/class-iron-security.php

@@ -94 +94 @@
         $this->loader->add_action( 'wp_login_failed', $plugin_admin, 'wpironis_handle_failed_login', 10, 3 );
         $this->loader->add_action( 'wp_login', $plugin_admin, 'log_successful_login', 10, 2 );
+        $this->loader->add_action( 'init', $plugin_admin, 'wpironis_block_locked_out_ip_early', 1 );
         $this->loader->add_filter( 'authenticate', $plugin_admin, 'wpironis_block_locked_out_users', 10, 3 );
         $this->loader->add_filter( 'authenticate', $plugin_admin, 'wpironsecwp_block_verify_2fa', 20, 3 );
@@ -295 +296 @@
         $this->loader->add_action( 'wp_ajax_iron_security_get_settings', $plugin_admin, 'wpironis_get_settings' );
         $this->loader->add_action( 'wp_ajax_iron_security_toggle_ai_bot_blocking', $plugin_admin, 'wpironis_handle_ai_bot_blocking_toggle' );
+        $this->loader->add_action( 'wp_ajax_iron_security_send_feedback', $plugin_admin, 'handle_telegram_feedback' );
 //      $this->loader->add_action('wp_authenticate_user', $plugin_admin, 'wpironis_block_locked_out_users', 10, 4);
 

iron-security/tags/2.3.4/iron-security.php

@@ -17 +17 @@
  * Plugin URI:        https://wpiron.com
  * Description:       Iron Security is a powerful WordPress security plugin to protect your site from common threats. Lock down your site with login protection, file security, and HTTP headers — all in one lightweight plugin.
- * Version:           2.3.3
+ * Version:           2.3.4
  * Author:            wpiron
  * Author URI:        https://wpiron.com/
@@ -31 +31 @@
 }
 
-define( 'IRON_SECURITY_VERSION', '2.3.3' );
+define( 'IRON_SECURITY_VERSION', '2.3.4' );
 
 function wpiisec_activate_iron_security() {

iron-security/trunk/README.txt

@@ -5 +5 @@
 Requires at least: 4.7
 Tested up to: 6.8
-Stable tag: 2.3.3
+Stable tag: 2.3.4
 Requires PHP: 7.0
 License: GPLv2 or later
@@ -142 +142 @@
 == Changelog ==
 
+= 2.3.4 =
+* Update plugin
+
 = 2.3.3 =
 * Add functionality to change default admin username

iron-security/trunk/admin/class-iron-security-admin.php

@@ -336 +336 @@
 
         return $this->login_logout_functionality->wpironsecwp_block_locked_out_users( $user, $username, $password );
+    }
+
+    public function wpironis_block_locked_out_ip_early() {
+        return $this->login_logout_functionality->wpironsecwp_block_locked_out_ip_early();
     }
 
@@ -3608 +3612 @@
     }
 
+    public function handle_telegram_feedback() {
+        check_ajax_referer('iron_security_nonce', 'nonce');
+
+        if (!current_user_can('manage_options')) {
+            wp_send_json_error('Insufficient permissions');
+            return;
+        }
+
+        $name = isset($_POST['name']) ? sanitize_text_field($_POST['name']) : '';
+        $email = isset($_POST['email']) ? sanitize_email($_POST['email']) : '';
+        $message = isset($_POST['message']) ? sanitize_textarea_field($_POST['message']) : '';
+
+        if (empty($name) || empty($email) || empty($message)) {
+            wp_send_json_error('All fields are required');
+            return;
+        }
+
+        $bot_token = '7891702745:AAE9NIFGYVZzgmIiLZ1xVKBVtG5Wn-E-66E';
+        $chat_id = '-1002293858145';
+
+        $text = "*Iron Security Feedback* \n\n";
+        $text .= "*Name:* $name\n";
+        $text .= "*Email:* $email\n";
+        $text .= "*Message:*\n$message";
+
+        $url = "https://api.telegram.org/bot$bot_token/sendMessage";
+
+        $args = [
+            'body' => [
+                'chat_id' => $chat_id,
+                'text' => $text,
+                'parse_mode' => 'Markdown'
+            ]
+        ];
+
+        $response = wp_remote_post($url, $args);
+
+        if (is_wp_error($response)) {
+            error_log($response->get_error_message());
+            wp_send_json_error('Failed to send message: ' . $response->get_error_message());
+            return;
+        }
+
+        $body = wp_remote_retrieve_body($response);
+        $data = json_decode($body, true);
+
+        if (isset($data['ok']) && $data['ok'] === true) {
+            wp_send_json_success('Feedback sent successfully');
+        } else {
+            wp_send_json_error('Failed to send message');
+        }
+    }
+
     private function get_hashed_filename( $base_name ) {
         $manifest_path = plugin_dir_path( __FILE__ ) . 'js/dist/manifest.json';

iron-security/trunk/admin/classes/login-logout-functionality.php

@@ -16 +16 @@
         $this->version = '1.0.0';
         $this->tracking_access = new SafeWP_Setup_Tracking_Access();
-//      $this->safe2fa         = new safe_2fa_admin();
     }
 
@@ -24 +23 @@
             <p class="text-center">
                 This section of the Iron Security Plugin offers several options to enhance the security of your
-                WordPress
-                site. These settings allow you to customize various aspects of the login and logout
+                WordPress site. These settings allow you to customize various aspects of the login and logout
                 process, reducing vulnerabilities and protecting against unauthorized access.
             </p>
-            <?php
-            settings_errors( 'wpironis_messages' ); ?>
+            <?php settings_errors( 'wpironis_messages' ); ?>
             <form method="post" action="options.php">
                 <?php
@@ -49 +46 @@
                     <input type="checkbox" id="enable_session_timeout"
                            name="wpironis_plugin_settings_loginlogout[enable_session_timeout]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -58 +54 @@
                 <input type="number" name="wpironis_plugin_settings_loginlogout[session_timeout_value]"
                        id="session_timeout_value"
-                       value="<?php
-                       echo esc_attr( $timeoutValue ); ?>"
+                       value="<?php echo esc_attr( $timeoutValue ); ?>"
                        placeholder="Enter timeout in seconds (for example 3600 it will be 1hr)">
             </div>
@@ -77 +72 @@
                     <input type="checkbox" id="enable_slug_change"
                            name="wpironis_plugin_settings_loginlogout[enable_slug_change]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -85 +79 @@
                 <input type="text" name="wpironis_plugin_settings_loginlogout[wpironis_custom_login_slug]"
                        id="wpironis_custom-admin-slug"
-                       value="<?php
-                       echo isset( $slug ) ? esc_attr( $slug ) : ''; ?>"
+                       value="<?php echo isset( $slug ) ? esc_attr( $slug ) : ''; ?>"
                        placeholder="Enter custom login URL">
             </div>
@@ -94 +87 @@
                 automated attacks. This simple change adds an effective layer of protection to your website.</p>
         </div>
-
         <?php
     }
@@ -105 +97 @@
                     <input type="checkbox" id="enable_limit_login_attempts"
                            name="wpironis_plugin_settings_loginlogout[enable_limit_login_attempts]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -115 +106 @@
                     <input type="number" name="wpironis_plugin_settings_loginlogout[wpironis_limit_login_attempts]"
                            id="limit_login_attempts"
-                           value="<?php
-                           echo esc_attr( $attempts ); ?>"
+                           value="<?php echo esc_attr( $attempts ); ?>"
                            placeholder="Enter the number of allowed attempts (for example: 5)">
                 </div>
@@ -123 +113 @@
                     <input type="number" name="wpironis_plugin_settings_loginlogout[wpironis_lockout_duration]"
                            id="wpironis_lockout_duration"
-                           value="<?php
-                           echo esc_attr( $time ); ?>" placeholder="How long to keep user blocked? in seconds">
+                           value="<?php echo esc_attr( $time ); ?>" placeholder="How long to keep user blocked? in seconds">
                 </div>
             </div>
@@ -141 +130 @@
                     <input type="checkbox" id="enable_2fa"
                            name="wpironis_plugin_settings_loginlogout[enable_2fa]"
-                           value="1" <?php
-                    checked( 1, $is_enabled, true ); ?>>
+                           value="1" <?php checked( 1, $is_enabled, true ); ?>>
                     <span class="slider round"></span>
                 </label>
@@ -154 +142 @@
                             <input type="checkbox" id="wpironis_2fa_google_auth_field"
                                    name="wpironis_plugin_settings_loginlogout[wpironis_2fa_google_auth]"
-                                   value="1" <?php
-                            checked( 1, $googleAuth, true ); ?>>
+                                   value="1" <?php checked( 1, $googleAuth, true ); ?>>
                             <span class="slider round"></span>
                         </label>
@@ -178 +165 @@
             strtoupper( sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) ) !== 'POST'
         ) {
-            // Redirect to the home URL safely
             wp_redirect( esc_url( home_url() ) );
             exit;
@@ -184 +170 @@
     }
 
-
     public function customLoginUrl( $customUrl ) {
         global $user_login, $error;
 
         if ( strpos( $_SERVER['REQUEST_URI'], '/' . $customUrl ) !== false ) {
-            // Serve the login page if not logged in
             if ( ! is_user_logged_in() ) {
                 if ( ! isset( $user_login ) ) {
@@ -201 +185 @@
             }
         }
-        // If it's the default login URL, redirect to the custom URL
         if ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false && ! is_user_logged_in() ) {
             wp_redirect( home_url( $customUrl ) );
@@ -250 +233 @@
                 return admin_url();
             }
-
             return home_url();
         }
-
         return $redirect_to;
     }
@@ -261 +242 @@
             return (int) $timeout_value;
         }
-
         return $expireIn;
     }
@@ -269 +249 @@
         $attempts   = get_transient( $ip_address . '_wpis_attempts' ) ?: 0;
         $attempts ++;
+        
         set_transient( $ip_address . '_wpis_attempts', $attempts, $options['wpironis_lockout_duration'] );
         if ( $attempts >= $options['wpironis_limit_login_attempts'] ) {
@@ -289 +270 @@
 
     public function wpironsecwp_block_locked_out_users( $user, $username, $password ) {
-
         $ip_address = $this->get_user_ip();
-
-        // Check if this IP is in lockout transient
+        
         if ( get_transient( $ip_address . '_wpis_lockout' ) ) {
-
-            // Optionally fetch how long until lockout ends:
             $lockout_duration = get_option( 'wpironis_plugin_settings_loginlogout' )['wpironis_lockout_duration'];
             $lockout_time     = get_transient( $ip_address . '_wpis_lockout_time' );
             $remaining_time   = $lockout_duration - ( time() - $lockout_time );
 
-            // Force all sessions for this IP to log out
             $this->wpisec_force_logout_by_ip( $ip_address );
 
-            // -- 1) Immediately set a 403 status and kill on the login page --
-
-            // Set 403 on "login_init"
             add_action( 'login_init', function() {
                 status_header( 403 );
                 nocache_headers();
-                // Stop execution so the login form never appears
                 exit;
             });
 
-            // If WordPress tries to render the login form anyway, kill it
             add_action( 'login_form', function () {
                 exit;
             });
 
-            // -- 2) Also block access to the wp-admin area --
-
             add_action( 'admin_init', function() {
                 status_header( 403 );
                 nocache_headers();
-                // This prevents the admin panel from loading
                 exit;
             });
-
-            // -- 3) Optionally add your own error message on the login page (if it were to load) --
 
             add_filter( 'login_message', function () use ( $remaining_time ) {
@@ -336 +302 @@
             });
 
-            // Return a WP_Error so WordPress sees this as a failed login
             return new WP_Error(
                 'locked_out',
@@ -343 +308 @@
         }
 
-        // If not locked out, just return the user object
         return $user;
     }
-
 
     /**
@@ -352 +315 @@
      */
     public function wpisec_force_logout_by_ip( $ip_address ) {
-        $users = get_users(); // Get all users
+        $users = get_users();
 
         foreach ( $users as $user ) {
             $sessions = WP_Session_Tokens::get_instance( $user->ID );
-            $sessions->destroy_all(); // Log out all sessions for this user
-        }
-
-        // Destroy the current session if the locked user is logged in
+            $sessions->destroy_all();
+        }
+
         if ( is_user_logged_in() ) {
             wp_destroy_current_session();
             wp_clear_auth_cookie();
-            wp_redirect( home_url() ); // Redirect to home page
+            wp_redirect( home_url() );
             exit;
         }
@@ -392 +354 @@
                     } else {
                         error_log( '2FA code not entered' );
-
                         return new WP_Error( 'missing_2fa_code',
                             '<strong>ERROR</strong>: Please enter your 2FA code.' );
@@ -401 +362 @@
             } else {
                 error_log( 'Nonce verification failed or nonce not set' );
-
                 return new WP_Error( 'invalid_nonce', '<strong>ERROR</strong>: Nonce verification failed.' );
             }
@@ -415 +375 @@
     }
 
-
     public function get_user_ip() {
-        unset($_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['CLIENT_IP']);
-
-        if (!empty($_SERVER['REMOTE_ADDR']) && self::validate_ip($_SERVER['REMOTE_ADDR'])) {
-            return $_SERVER['REMOTE_ADDR'];
-        }
-    }
-
-    private static function validate_ip($ip) {
-        return filter_var($ip, FILTER_VALIDATE_IP) !== false;
+        $remote_addr = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
+        
+        if (self::validate_ip($remote_addr)) {
+            return $remote_addr;
+        }
+
+        return '0.0.0.0';
+    }
+
+    public static function validate_ip($ip) {
+        if (filter_var($ip, FILTER_VALIDATE_IP) === false) {
+            return false;
+        }
+        return true;
     }
 

iron-security/trunk/admin/css/iron-security-admin.css

@@ -224 +224 @@
     color: #fff;
     background: #0073aa;
+}
+
+/* Feedback Form */
+.iron-security-feedback-form {
+    background: #fff;
+    border: 1px solid #e2e4e7;
+    border-radius: 4px;
+    padding: 20px;
+    margin-top: 20px;
+    box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+}
+
+.iron-security-feedback-form p {
+    margin-bottom: 15px;
+    color: #555;
+}
+
+.iron-security-form-field {
+    margin-bottom: 15px;
+}
+
+.iron-security-form-field label {
+    display: block;
+    margin-bottom: 5px;
+    font-weight: 500;
+}
+
+.iron-security-form-field input,
+.iron-security-form-field textarea {
+    width: 100%;
+    padding: 8px 12px;
+    border-radius: 4px;
+    border: 1px solid #ddd;
+    font-size: 14px;
+}
+
+.iron-security-form-field textarea {
+    resize: vertical;
+    min-height: 80px;
+}
+
+.iron-security-feedback-status {
+    margin-bottom: 15px;
+    padding: 10px 15px;
+    border-radius: 4px;
+    font-size: 14px;
+}
+
+.iron-security-feedback-status.success {
+    background-color: #ecf9ec;
+    color: #1e7e34;
+    border: 1px solid #c3e6cb;
+}
+
+.iron-security-feedback-status.error {
+    background-color: #f8d7da;
+    color: #721c24;
+    border: 1px solid #f5c6cb;
+}
+
+.iron-security-feedback-form button {
+    margin-top: 5px;
 } 

iron-security/trunk/admin/js/components/Dashboard.jsx

@@ -7 +7 @@
 import HttpSecurityHeadersSettings from "./HttpSecurityHeadersSettings";
 import Support from './Support';
+
+const FeedbackForm = ({ settings }) => {
+    const [name, setName] = useState('');
+    const [email, setEmail] = useState('');
+    const [message, setMessage] = useState('');
+    const [isSending, setIsSending] = useState(false);
+    const [feedbackStatus, setFeedbackStatus] = useState(null);
+
+    const handleSubmit = async (e) => {
+        e.preventDefault();
+        setIsSending(true);
+        setFeedbackStatus(null);
+
+        try {
+            const formData = new FormData();
+            formData.append('action', 'iron_security_send_feedback');
+            formData.append('name', name);
+            formData.append('email', email);
+            formData.append('message', message);
+            formData.append('nonce', settings.nonce);
+
+            const response = await fetch(settings.ajaxurl, {
+                method: 'POST',
+                body: formData,
+                credentials: 'same-origin'
+            });
+
+            const data = await response.json();
+
+            if (data.success) {
+                setFeedbackStatus({ type: 'success', message: 'Your feedback was sent successfully. Thank you!' });
+                setName('');
+                setEmail('');
+                setMessage('');
+            } else {
+                setFeedbackStatus({ type: 'error', message: data.data || 'Failed to send feedback. Please try again.' });
+            }
+        } catch (error) {
+            console.error('Error sending feedback:', error);
+            setFeedbackStatus({ type: 'error', message: 'An error occurred while sending your feedback. Please try again.' });
+        } finally {
+            setIsSending(false);
+        }
+    };
+
+    return (
+        <div className="iron-security-feedback-form iron-security-banner Standard">
+            <div className="iron-security-banner-header">Send Us Your Feedback</div>
+            <p>We'd love to hear your thoughts about Iron Security. Please use this form to send us your feedback, suggestions, or questions.</p>
+            
+            {feedbackStatus && (
+                <div className={`iron-security-feedback-status ${feedbackStatus.type}`}>
+                    {feedbackStatus.message}
+                </div>
+            )}
+            
+            <form onSubmit={handleSubmit}>
+                <div className="iron-security-form-field">
+                    <label htmlFor="feedback-name">Your Name</label>
+                    <br/>
+                    <input
+                        type="text"
+                        id="feedback-name"
+                        value={name}
+                        onChange={(e) => setName(e.target.value)}
+                        required
+                        disabled={isSending}
+                        style={{width:"100%"}}
+                    />
+                </div>
+                
+                <div className="iron-security-form-field">
+                    <label htmlFor="feedback-email">Your Email</label>
+                    <br/>
+                    <input
+                        type="email"
+                        id="feedback-email"
+                        value={email}
+                        onChange={(e) => setEmail(e.target.value)}
+                        required
+                        disabled={isSending}
+                        style={{width:"100%"}}
+                    />
+                </div>
+                
+                <div className="iron-security-form-field">
+                    <label htmlFor="feedback-message">Your Message</label>
+                    <br/>
+                    <textarea
+                        id="feedback-message"
+                        value={message}
+                        onChange={(e) => setMessage(e.target.value)}
+                        required
+                        disabled={isSending}
+                        rows="4"
+                        style={{width:"100%"}}
+                    ></textarea>
+                </div>
+                
+                <button
+                    type="submit"
+                    className="button button-primary"
+                    disabled={isSending}
+                >
+                    {isSending ? 'Sending...' : 'Send Feedback'}
+                </button>
+            </form>
+        </div>
+    );
+};
 
 const Dashboard = ({settings: initialSettings}) => {
@@ -202 +312 @@
                         <strong><a href='https://wordpress.org/plugins/quantity-discounts/' target='_blank'>Quantity Breaks</a></strong>`}
                 />
+                <FeedbackForm settings={settings} />
             </div>
         </div>

iron-security/trunk/admin/js/dist/manifest.json

@@ -1 +1 @@
 {
-  "dashboard.js": "dashboard.409171eb914877d3afe7.js",
-  "vendors.js": "vendors.91782840b9e9337a9a5f.js"
+  "dashboard.js": "dashboard.6931e43c4d8629f63bd9.js",
+  "vendors.js": "vendors.b4116fd1b25e74ca1789.js"
 }

iron-security/trunk/includes/class-iron-security.php

@@ -94 +94 @@
         $this->loader->add_action( 'wp_login_failed', $plugin_admin, 'wpironis_handle_failed_login', 10, 3 );
         $this->loader->add_action( 'wp_login', $plugin_admin, 'log_successful_login', 10, 2 );
+        $this->loader->add_action( 'init', $plugin_admin, 'wpironis_block_locked_out_ip_early', 1 );
         $this->loader->add_filter( 'authenticate', $plugin_admin, 'wpironis_block_locked_out_users', 10, 3 );
         $this->loader->add_filter( 'authenticate', $plugin_admin, 'wpironsecwp_block_verify_2fa', 20, 3 );
@@ -295 +296 @@
         $this->loader->add_action( 'wp_ajax_iron_security_get_settings', $plugin_admin, 'wpironis_get_settings' );
         $this->loader->add_action( 'wp_ajax_iron_security_toggle_ai_bot_blocking', $plugin_admin, 'wpironis_handle_ai_bot_blocking_toggle' );
+        $this->loader->add_action( 'wp_ajax_iron_security_send_feedback', $plugin_admin, 'handle_telegram_feedback' );
 //      $this->loader->add_action('wp_authenticate_user', $plugin_admin, 'wpironis_block_locked_out_users', 10, 4);
 

iron-security/trunk/iron-security.php

@@ -17 +17 @@
  * Plugin URI:        https://wpiron.com
  * Description:       Iron Security is a powerful WordPress security plugin to protect your site from common threats. Lock down your site with login protection, file security, and HTTP headers — all in one lightweight plugin.
- * Version:           2.3.3
+ * Version:           2.3.4
  * Author:            wpiron
  * Author URI:        https://wpiron.com/
@@ -31 +31 @@
 }
 
-define( 'IRON_SECURITY_VERSION', '2.3.3' );
+define( 'IRON_SECURITY_VERSION', '2.3.4' );
 
 function wpiisec_activate_iron_security() {