Changeset 761916

Timestamp:

08/25/2013 04:49:48 AM (12 years ago)

Author:

planetzuda

Message:

The previous version were flawed. This plugin doesn't do anything anymore. It is merely a placeholder.

Location:

disable-insecure-features/trunk

Files:

• functions.php (modified) (3 diffs)
• readme.txt (modified) (1 diff)

disable-insecure-features/trunk/functions.php

@@ -4 +4 @@
 Plugin URI: http://www.planetzuda.com/news/plugins/
 Description: This automatically disables pingbacks on old posts and pages, not new ones. This locks down htaccess, hides readme.html, and other files. Credit to Shivanand Sharma from http://binaryturf.com for  SQL statements to disable old post pingbacks.  Version 0.1 through 0.3 said xmlrpc was turned off. We discovered with the help from tw2113 that the WordPress code that claims it disables the xmlrpc, doesn't disable it. This means the plugin disable xmlrpc is useless. We are working to see if there is a way to disable the xmlrpc via plugin. 
-Version: 0.4
+Version: 0.5
 Author: Planet Zuda, LLC
 Author URI: http://www.planetzuda.com/news/
@@ -10 +10 @@
 */
 
-
-function swph_is_available() {
-    // this function made available by http://stackoverflow.com/questions/3938120/check-if-exec-is-disabled
-    static $available;
-
-    if (!isset($available)) {
-        $available = true;
-        if (ini_get('safe_mode')) {
-            $available = false;
-            ?>
-            
-                    The plugin will not be able to secure everything due to your web hosts setup. <br /> We are working on a solution for your web host setup. It will be available in the future.
-    <?php
-        } else {
-            $d = ini_get('disable_functions');
-            $s = ini_get('suhosin.executor.func.blacklist');
-            if ("$d$s") {
-                $array = preg_split('/,\s*/', "$d,$s");
-                if (in_array('chmod', $array)) {
-                    $available = false;
-                    echo 'The plugin will not be able to secure everything due to your web hosts setup.' . '<br />' . 'We are working on a solution for your web host setup. It will be available in the future';
-
-                }
-            }
-        }
-    }
-
-    return $available;
-}
 
 function swph_setup()
@@ -46 +17 @@
 add_action('admin_menu','swph_setup');
 
-
-
-function swph_auto_disabled_features()
+function swph_form()
 {
 
-    
-// the following turns off pingbacks for already published posts and pages
-global $wpdb;
-
-$wpdb->query("UPDATE $wpdb->posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';");
-$wpdb->query("UPDATE $wpdb->posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';");
-
-//thank you to http://wordpress.stackexchange.com/questions/78780/xmlrpc-enabled-filter-not-called for this answer and tw2113 for helping out in the wordpress IRC. This may be implemented in the future.
-
-$swph_readme = ABSPATH . 'readme.html'; // you don't want people to see what version of WordPress you're running.
-if(file_exists($swph_readme))
-{
-chmod($swph_readme,0600); // makes it seem like the file doesn't exist for users who look for it. 
-}
-
-// this will hide the license.txt so hackers can't see it.
-$swph_license = ABSPATH . 'license.txt';
-if(file_exists($swph_license))
-{
-chmod($swph_license,0600);
-}
-// lock down the wp-config.php so hackers can't read it.
-$swph_config = ABSPATH . 'wp-config.php';
-if(file_exists($swph_config))
-{
-chmod($swph_config,0600);
-}
-
-// lock down the .htaccess so hackers can't write to it via bad permissions.
-$swph_access = ABSPATH . '.htaccess';
-if(file_exists($swph_access))
-{
-chmod($swph_access,0644);
-}
-} // closes function 
-register_activation_hook(__FILE__,'swph_auto_disabled_features');
-
-
-function swph_form()
-{
-// settings page put all variables up here to make it clean then generate the form.
- 
 ?>      
- Disable pingbacks for future posts by going to <a href="<?php $swph_url; ?>/wp-admin/options-discussion.php"> settings->discussion </a> and uncheck the box that say "Allow link notifications from other blogs (pingbacks and trackbacks)"
+This plugin is now just a shell that will be updated when we release our latest security project. 
  <br /> 
 <?php

disable-insecure-features/trunk/readme.txt

@@ -11 +11 @@
 == Description ==
 
-This disables pingbacks on previously published posts and pages,hides the readme.html, license.txt and fixes wp-config.php and .htaccess permissions so hackers can't modify them. 
+This plugin doesn't do anything right now. 
 == Installation ==
-1. Go to your WordPress admin dashboard and go to  plugins > add new and then type disable insecure features. Our plugin will come up.
-   click install now and then hit activate now.
-   2. You are now more secure.
+
    
 == Credits ==
 We would like to give credit where credit is due. We would like to thank Shivanand Sharma from http://binaryturf.com for his article on disabling pingbacks from previously published posts and pages. 
 == Frequently Asked Questions ==
-
-= Is there an admin interface for this plugin? =
-
-Yes, but it currently doesn't do anything since pingbacks on published posts and pages and the xml-rpc are automatically disabled when you activate the plugin.
-The admin interface is at settings > disable insecure features.  We plan to let you re-enable different insecure features in that area in an update.
-
-= Does this disable all pingbacks? =
-Not currently, because There is a built-in feature in WordPress to turn off pingbacks for future posts and pages. It is located in settings > discussion and uncheck llow link notifications from other blogs (pingbacks and trackbacks), then click the Save Changes button.    
-= Will the xml-rpc re-enable if I delete this plugin? =
-Yes.
-= Will previously published Posts and pages allow pingbacks if I delete this plugin? =
-Nope. 
-= Will the readme.html, license.txt, wp-config.php, .htaccess or any other file reset to insecure permissions if I delete this plugin? =
-No. 
-= Does this plugin disable the XMLRPC?
-No. Code has been passed around WordPress claiming that it disables the XMLRPC and there is even a plugin called disable xmlrpc using that code, but it doesn't work
-= Will you be disabling the xmlrpc in the future?
-Hopefully. We are looking into how we can turn it off via the plugin. 
-= I don't want pingbacks turned off for future posts. WIll this plugin do that?
-Whenever you update the core or reactivate the plugin your pingbacks for all published posts and pages will be turned off. 
+What does this plugin do?
+Right now it doesn't do anything.
 == Changelog ==
+== 0.5 ==
+This plugin doesn't do anything anymore. We may update it in the future with a new security plugin. The previous versions weren't functioning properly.
 =0.4=
 We discovered that the code everyone is using to disable the xmlrpc for 3.5 and up isn't disabling the xmlrpc, so we've removed that feature. We hope to actually disable the xmlrpc if at all possible.