File Editor
Directories:
.. (Back)
Files:
debug.php
firewall-status.php
option-rate-limit.php
option-rules.php
option-whitelist.php
options-group-advanced-firewall.php
options-group-basic-firewall.php
options-group-brute-force.php
options-group-rate-limiting.php
options-group-whitelisted.php
status-tooltip-learning-mode.php
waf-install-manual.php
waf-install-success.php
waf-install.php
waf-modal-wrapper.php
waf-uninstall-success.php
waf-uninstall.php
Create New File
Create
Edit File: options-group-brute-force.php
<?php if (!defined('WORDFENCE_VERSION')) { exit; } /** * Presents the Brute Force Protection group. * * Expects $firewall, $waf, and $stateKey. * * @var wfFirewall $firewall * @var wfWAF $waf * @var string $stateKey The key under which the collapse state is stored. * @var bool $collapseable If defined, specifies whether or not this grouping can be collapsed. Defaults to true. */ $config = $waf->getStorageEngine(); if (!isset($collapseable)) { $collapseable = true; } ?> <div class="wf-row"> <div class="wf-col-xs-12"> <div class="wf-block<?php if (!$collapseable) { echo ' wf-always-active'; } else { echo (wfPersistenceController::shared()->isActive($stateKey) ? ' wf-active' : ''); } ?>" data-persistence-key="<?php echo esc_attr($stateKey); ?>"> <div class="wf-block-header"> <div class="wf-block-header-content"> <div class="wf-block-title"> <strong><?php esc_html_e('Brute Force Protection', 'wordfence'); ?></strong> </div> <?php if ($collapseable): ?><div class="wf-block-header-action"><div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive($stateKey) ? 'true' : 'false'); ?>" tabindex="0"></div></div><?php endif; ?> </div> </div> <div class="wf-block-content"> <ul class="wf-block-list"> <li> <?php echo wfView::create('options/option-switch', array( 'optionName' => 'loginSecurityEnabled', 'value' => wfConfig::get('loginSecurityEnabled') ? '1': '0', 'titleHTML' => '<strong>' . esc_html__('Enable brute force protection', 'wordfence') . '</strong>', 'subtitle' => __('This option enables all "Brute Force Protection" options, including strong password enforcement and invalid login throttling. You can modify individual options below.', 'wordfence'), 'states' => array( array('value' => '0', 'label' => __('Off', 'wordfence')), array('value' => '1', 'label' => __('On', 'wordfence')), ), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_ENABLE_LOGIN_SECURITY), 'noSpacer' => true, 'alignment' => 'wf-right', ))->render(); ?> </li> <li> <?php $breakpoints = array(2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 30, 40, 50, 100, 200, 500); $options = array(); foreach ($breakpoints as $b) { $options[] = array('value' => $b, 'label' => $b); } echo wfView::create('options/option-select', array( 'selectOptionName' => 'loginSec_maxFailures', 'selectOptions' => $options, 'selectValue' => wfConfig::get('loginSec_maxFailures'), 'title' => __('Lock out after how many login failures', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_LOCK_OUT_FAILURE_COUNT), ))->render(); ?> </li> <li> <?php $breakpoints = array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 30, 40, 50, 100, 200, 500); $options = array(); foreach ($breakpoints as $b) { $options[] = array('value' => $b, 'label' => $b); } echo wfView::create('options/option-select', array( 'selectOptionName' => 'loginSec_maxForgotPasswd', 'selectOptions' => $options, 'selectValue' => wfConfig::get('loginSec_maxForgotPasswd'), 'title' => __('Lock out after how many forgot password attempts', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_LOCK_OUT_FORGOT_PASSWORD_COUNT), ))->render(); ?> </li> <li> <?php $breakpoints = array(5, 10, 30, 60, 120, 240, 360, 720, 1440); $options = array(); foreach ($breakpoints as $b) { $options[] = array('value' => $b, 'label' => wfUtils::makeDuration($b * 60)); } echo wfView::create('options/option-select', array( 'selectOptionName' => 'loginSec_countFailMins', 'selectOptions' => $options, 'selectValue' => wfConfig::getInt('loginSec_countFailMins'), 'title' => __('Count failures over what time period', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_COUNT_TIME_PERIOD), ))->render(); ?> </li> <li> <?php $breakpoints = array(5, 10, 30, 60, 120, 240, 360, 720, 1440, 2880, 7200, 14400, 28800, 43200, 86400); $options = array(); foreach ($breakpoints as $b) { $options[] = array('value' => $b, 'label' => wfUtils::makeDuration($b * 60)); } echo wfView::create('options/option-select', array( 'selectOptionName' => 'loginSec_lockoutMins', 'selectOptions' => $options, 'selectValue' => wfConfig::getInt('loginSec_lockoutMins'), 'title' => __('Amount of time a user is locked out', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_LOCKOUT_DURATION), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'loginSec_lockInvalidUsers', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('loginSec_lockInvalidUsers') ? 1 : 0, 'title' => __('Immediately lock out invalid usernames', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_IMMEDIATELY_LOCK_OUT_INVALID_USERS), ))->render(); ?> </li> <li> <?php $blacklist = wfConfig::get('loginSec_userBlacklist', ''); if (empty($blacklist)) { $users = array(); } else { $users = explode("\n", wfUtils::cleanupOneEntryPerLine($blacklist)); } echo wfView::create('options/option-token', array( 'tokenOptionName' => 'loginSec_userBlacklist', 'tokenValue' => $users, 'title' => __('Immediately block the IP of users who try to sign in as these usernames', 'wordfence'), 'subtitle' => __('Hit enter to add a username', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_IMMEDIATELY_BLOCK_USERS), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled-select', array( 'toggleOptionName' => 'loginSec_breachPasswds_enabled', 'enabledToggleValue' => 1, 'disabledToggleValue' => 0, 'toggleValue' => !!wfConfig::get('loginSec_breachPasswds_enabled') ? 1 : 0, 'selectOptionName' => 'loginSec_breachPasswds', 'selectOptions' => array(array('value' => 'admins', 'label' => __('For admins only', 'wordfence')), array('value' => 'pubs', 'label' => __('For all users with "publish posts" capability', 'wordfence'))), 'selectValue' => wfConfig::get('loginSec_breachPasswds'), 'title' => __('Prevent the use of passwords leaked in data breaches', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_PREVENT_BREACH_PASSWORDS), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-label', array( 'titleHTML' => '<strong>' . esc_html__('Additional Options', 'wordfence') . '</strong>', 'noSpacer' => true, ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled-select', array( 'toggleOptionName' => 'loginSec_strongPasswds_enabled', 'enabledToggleValue' => 1, 'disabledToggleValue' => 0, 'toggleValue' => !!wfConfig::get('loginSec_strongPasswds_enabled') ? 1 : 0, 'selectOptionName' => 'loginSec_strongPasswds', 'selectOptions' => array(array('value' => 'pubs', 'label' => __('Force admins and publishers to use strong passwords (recommended)', 'wordfence')), array('value' => 'all', 'label' => __('Force all members to use strong passwords', 'wordfence'))), 'selectValue' => wfConfig::get('loginSec_strongPasswds'), 'title' => __('Enforce strong passwords', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_ENFORCE_STRONG_PASSWORDS), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'loginSec_maskLoginErrors', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('loginSec_maskLoginErrors') ? 1 : 0, 'title' => __('Don\'t let WordPress reveal valid users in login errors', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_MASK_LOGIN_ERRORS), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'loginSec_blockAdminReg', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('loginSec_blockAdminReg') ? 1 : 0, 'title' => __('Prevent users registering \'admin\' username if it doesn\'t exist', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_PREVENT_ADMIN_REGISTRATION), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'loginSec_disableAuthorScan', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('loginSec_disableAuthorScan') ? 1 : 0, 'title' => __('Prevent discovery of usernames through \'/?author=N\' scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_PREVENT_AUTHOR_SCAN), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'loginSec_disableApplicationPasswords', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('loginSec_disableApplicationPasswords') ? 1 : 0, 'title' => __('Disable WordPress application passwords', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_DISABLE_APPLICATION_PASSWORDS), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'other_blockBadPOST', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('other_blockBadPOST') ? 1 : 0, 'title' => __('Block IPs who send POST requests with blank User-Agent and Referer', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_BLOCK_BAD_POST), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-textarea', array( 'textOptionName' => 'blockCustomText', 'textValue' => wfConfig::get('blockCustomText'), 'title' => __('Custom text shown on block pages', 'wordfence'), 'alignTitle' => 'top', 'subtitleHTML' => esc_html__('HTML tags will be stripped prior to output and line breaks will be converted into the appropriate tags.', 'wordfence'), 'subtitlePosition' => 'value', 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_CUSTOM_BLOCK_TEXT), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'other_pwStrengthOnUpdate', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('other_pwStrengthOnUpdate') ? 1 : 0, 'title' => __('Check password strength on profile update', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_CHECK_PASSWORD), ))->render(); ?> </li> <li> <?php echo wfView::create('options/option-toggled', array( 'optionName' => 'other_WFNet', 'enabledValue' => 1, 'disabledValue' => 0, 'value' => wfConfig::get('other_WFNet') ? 1 : 0, 'title' => __('Participate in the Real-Time Wordfence Security Network', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_FIREWALL_WAF_OPTION_PARTICIPATE_WFSN), ))->render(); ?> </li> </ul> </div> </div> </div> </div> <!-- end brute force protection -->
Save Changes
Rename File
Rename