Skip to content

Commit

Permalink
Merge pull request #75 from erommel/registration-honeypot
Browse files Browse the repository at this point in the history 
Registration honeypot
  • Loading branch information
@Arsenal21
Arsenal21 authored Feb 1, 2017
2 parents 8d5dcb6 + ed5a8e7 commit 527fbf3
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 3 deletions.
64 changes: 63 additions & 1 deletion all-in-one-wp-security/admin/wp-security-user-registration-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
var $menu_tabs_handler = array(
'tab1' => 'render_tab1',
'tab2' => 'render_tab2',
'tab3' => 'render_tab3',
);

function __construct()
Expand All @@ -22,6 +23,7 @@ function set_menu_tabs()
$this->menu_tabs = array(
'tab1' => __('Manual Approval', 'all-in-one-wp-security-and-firewall'),
'tab2' => __('Registration Captcha', 'all-in-one-wp-security-and-firewall'),
'tab3' => __('Registration Honeypot', 'all-in-one-wp-security-and-firewall'),
);
}

Expand Down Expand Up @@ -240,6 +242,66 @@ function render_tab2()
<?php
}
}


function render_tab3()
{
global $aio_wp_security;
global $aiowps_feature_mgr;

if(isset($_POST['aiowpsec_save_registration_honeypot_settings']))//Do form submission tasks
{
$error = '';
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-registration-honeypot-settings-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed on registration honeypot settings save!",4);
die("Nonce check failed on registration honeypot settings save!");
}

//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_enable_registration_honeypot',isset($_POST["aiowps_enable_registration_honeypot"])?'1':'');
$aio_wp_security->configs->save_config();

//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();

$this->show_msg_settings_updated();
}
?>
<div class="aio_blue_box">
<?php
echo '<p>'.__('This feature allows you to add a special hidden "honeypot" field on the WordPress registration page. This will only be visible to robots and not humans.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('Since robots usually fill in every input field from a registration form, they will also submit a value for the special hidden honeypot field.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('Therefore, if the plugin detects that this field has a value when the registration form is submitted, then the robot which is attempting to register on your site will be redirected to its localhost address - http://127.0.0.1.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<form action="" method="POST">
<div class="postbox">
<h3 class="hndle"><label for="title"><?php _e('Registration Form Honeypot Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("registration-honeypot");
?>

<?php wp_nonce_field('aiowpsec-registration-honeypot-settings-nonce'); ?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable Honeypot On Registration Page', 'all-in-one-wp-security-and-firewall')?>:</th>
<td>
<input name="aiowps_enable_registration_honeypot" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_registration_honeypot')=='1') echo ' checked="checked"'; ?> value="1"/>
<span class="description"><?php _e('Check this if you want to enable the honeypot feature for the registration page', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
</table>
</div></div>

<input type="submit" name="aiowpsec_save_registration_honeypot_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
</form>
<?php
}

} //end class
18 changes: 17 additions & 1 deletion all-in-one-wp-security/classes/grade-system/wp-security-feature-item-manager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ function initialize_features()
$this->feature_items[] = new AIOWPSecurity_Feature_Item("manually-approve-registrations", __("Registration Approval", "all-in-one-wp-security-and-firewall"), $this->feature_point_4, $this->sec_level_basic);
//Registration Captcha
$this->feature_items[] = new AIOWPSecurity_Feature_Item("user-registration-captcha", __("Registration Captcha", "all-in-one-wp-security-and-firewall"), $this->feature_point_4, $this->sec_level_basic);
//Registration Honeypot
$this->feature_items[] = new AIOWPSecurity_Feature_Item("registration-honeypot", __("Enable Registration Honeypot", "all-in-one-wp-security-and-firewall"), $this->feature_point_2, $this->sec_level_inter);

//Database Security Menu Features
//DB Prefix
Expand Down Expand Up @@ -222,7 +224,10 @@ function check_and_set_feature_status()
{
$this->check_registration_captcha_feature($item);
}

if($item->feature_id == "registration-honeypot")
{
$this->check_enable_registration_honeypot_feature($item);
}

if($item->feature_id == "filesystem-file-permissions")
{
Expand Down Expand Up @@ -509,6 +514,17 @@ function check_registration_captcha_feature($item)
}
}

function check_enable_registration_honeypot_feature($item)
{
global $aio_wp_security;
if ($aio_wp_security->configs->get_value('aiowps_enable_registration_honeypot') == '1') {
$item->set_feature_status($this->feature_active);
}
else
{
$item->set_feature_status($this->feature_inactive);
}
}

function check_db_security_db_prefix_feature($item)
{
Expand Down
4 changes: 3 additions & 1 deletion all-in-one-wp-security/classes/wp-security-configure-settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ static function set_default_settings()
//User registration
$aio_wp_security->configs->set_value('aiowps_enable_manual_registration_approval','');//Checkbox
$aio_wp_security->configs->set_value('aiowps_enable_registration_page_captcha','');//Checkbox
$aio_wp_security->configs->set_value('aiowps_enable_registration_honeypot','');//Checkbox

//DB Security feature
//$aio_wp_security->configs->set_value('aiowps_new_manual_db_pefix',''); //text field
Expand Down Expand Up @@ -183,7 +184,8 @@ static function add_option_values()
//User registration
$aio_wp_security->configs->add_value('aiowps_enable_manual_registration_approval','');//Checkbox
$aio_wp_security->configs->add_value('aiowps_enable_registration_page_captcha','');//Checkbox

$aio_wp_security->configs->set_value('aiowps_enable_registration_honeypot','');//Checkbox

//DB Security feature
//$aio_wp_security->configs->add_value('aiowps_new_manual_db_pefix',''); //text field
$aio_wp_security->configs->add_value('aiowps_enable_random_prefix','');//Checkbox
Expand Down
7 changes: 7 additions & 0 deletions all-in-one-wp-security/classes/wp-security-general-init-tasks.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,13 @@ function __construct(){
add_action('login_form', array(&$this, 'insert_honeypot_hidden_field'));
}
}

//For registration honeypot feature
if($aio_wp_security->configs->get_value('aiowps_enable_registration_honeypot') == '1'){
if (!is_user_logged_in()) {
add_action('register_form', array(&$this, 'insert_honeypot_hidden_field'));
}
}

//For lost password captcha feature
if($aio_wp_security->configs->get_value('aiowps_enable_lost_password_captcha') == '1'){
Expand Down

0 comments on commit 527fbf3

Please sign in to comment.