Ed Cooper Coopeh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Flow | |
| wp_register_sidebar_widget action - __lambda_func() in /wp-content/plugins/debug-bar-extender/debug-bar-extender.php(222) : runtime-created function::L1 | |
| called from call_user_func_array() in ::L #1 ( 0.00ms @ 0.00ms ) | |
| wp_register_sidebar_widget action - __lambda_func() in /wp-content/plugins/debug-bar-extender/debug-bar-extender.php(222) : runtime-created function::L1 | |
| called from call_user_func_array() in ::L #2 ( 0.40ms @ 0.40ms ) | |
| wp_register_sidebar_widget action - __lambda_func() in /wp-content/plugins/debug-bar-extender/debug-bar-extender.php(222) : runtime-created function::L1 | |
| called from call_user_func_array() in ::L #3 ( 9.81ms @ 10.21ms ) | |
| wp_register_sidebar_widget action - __lambda_func() in /wp-content/plugins/debug-bar-extender/debug-bar-extender.php(222) : runtime-created function::L1 | |
| called from call_user_func_array() in ::L #4 ( 0.13ms @ 10.34ms ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <input type="hidden" name="fromWPForm" value="'. constant('LOGINFORMKEY') .'" /> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <p><label for="' . $label . '">' . __("Password:") . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label><input type="hidden" name="fromWPForm" value="'. constant('LOGINFORMKEY') .'" /><input type="submit" name="Submit" value="' . esc_attr__("Submit") . '" /></p> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <input type="hidden" name="fromWPForm" value="<?php echo constant('LOGINFORMKEY'); ?>;" /> |
Coopeh
/ hidden-login-form-field.php
Created
May 23, 2013 13:36
Add the hidden fields to Wordpress' login, register, lost & retrieve password forms
Coopeh
/ wp-config.php
Created
May 23, 2013 13:24
wp-config define for setting the LOGINFORMKEY variable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define( 'LOGINFORMKEY', 'changeme' ); |
Coopeh
/ wp-login.php
Last active
December 17, 2015 16:00
wp-login.php hack at the top of the file to block POST requests that have not initially requested our login form to fill it in
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Updated 24/05/13 00:04am GMT with support for WordPress mobile apps */ | |
| /* if POST request check for WP custom field and its value set in wp-config. If it is not present die with error 403 */ | |
| if ( isset( $_SERVER['REQUEST_METHOD'] ) && ( $_SERVER['REQUEST_METHOD'] === 'POST' ) ) { | |
| include_once( 'wp-config.php' ); | |
| if ( ! defined( 'LOGINFORMKEY' ) ) | |
| error_log( "Cannot test login form for key, LOGINFORMKEY missing from wp-config.php" ); | |
| else | |
| if ( ( strlen ( strstr ( strtolower ( $_SERVER['HTTP_USER_AGENT'] ), "mobile" ) ) === 0 ) && ( strlen ( strstr ( strtolower ( $_SERVER['HTTP_USER_AGENT'] ), "android" ) ) === 0 ) ) { | |
| if ( !isset( $_POST['fromWPForm'] ) || ( $_POST['fromWPForm'] !== constant( 'LOGINFORMKEY' ) ) ){ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_action('wp_login_failed', 'log_wp_login_fail'); | |
| function log_wp_login_fail($username) { | |
| $ip = ($_SERVER['REMOTE_ADDR'] != '127.0.0.1') ? $_SERVER['REMOTE_ADDR'] : $_SERVER['X_FORWARDED_FOR']; | |
| error_log("Authentication failure for $username from {$ip}"); | |
| } |
Coopeh
/ jail.conf.sample
Created
May 23, 2013 13:03
Fail2Ban jail.conf example for blocking bad auth in WordPress
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [wordpress-admin] | |
| enabled = true | |
| filter = wordpress-admin | |
| action = iptables-allports[name=PrimaryBlogger-admin, protocol=all] | |
| logpath = /var/log/nginx/pblogger-error.log | |
| findtime = 10800 | |
| bantime = 86400 | |
| maxretry = 2 |
Coopeh
/ wordpress-auth.conf
Last active
December 17, 2015 15:59
Fail2Ban filter for blocking administrator, adminadmin and admin usernames on authentication failure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban configuration file | |
| # | |
| # Author: Charles Lecklider | |
| # | |
| [INCLUDES] | |
| # Read common prefixes. If any customizations available -- read them from | |
| # common.local | |
| before = common.conf |