API tools faq
paste
Advertisement
MoonWatch

Login Lock - custom WordPress mu-plugin

MoonWatch
Jul 10th, 2013
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.37 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. Plugin Name: Login Lock
  4. Plugin Description: Tries to prevent automated bruteforce attacks on your WordPress site. Put this file in your "wp-content/mu-plugins/" directory. Then change the value for "LL_NONCE_KEY" and "LL_NONCE_VALUE" to something else. Then go to your wp-login page - for instance http://mydomain.com/wp-login.php?LL_NONCE_KEY=LL_NONCE_VALUE - but of course don't forget to replace "LL_NONCE_KEY" and "LL_NONCE_VALUE" with the actual values that you've set.
  5. */
  6.  
  7. // The $_GET key that will be used in the URL
  8. define( 'LL_NONCE_KEY', 'mysecretkey' );
  9. // The value for the above $_GET key. Please don't use the equals("=") or sharp("#") signs here
  10. define( 'LL_NONCE_VALUE', 'myv3ry53cr37n0nc3' );
  11.  
  12. // Checks whether we're on the login page.
  13. function ll_is_login_page() {
  14.     return stripos( $_SERVER['SCRIPT_FILENAME'], 'wp-login.php' ) !== false;
  15. }
  16.  
  17. if ( ll_is_login_page() ) {
  18.     if ( ! isset( $_GET[ LL_NONCE_KEY ] ) || $_GET[ LL_NONCE_KEY ] != LL_NONCE_VALUE ) {
  19.         wp_die( 'Unauthorized access!' );
  20.     }
  21.  
  22.     wp_enqueue_script( 'jquery' );
  23.  
  24.     // Adds some JavaScript that will change the links and the form's "action" attribute to reflect
  25.     // the proper values so you don't get "Unauthorized access!"
  26.     function login_lock_login_footer() {
  27.         if ( isset( $_GET[ LL_NONCE_KEY ] ) && $_GET[ LL_NONCE_KEY ] == LL_NONCE_VALUE ) { ?>
  28.             <script type="text/javascript">
  29.                 (function($){
  30.                     $(document).ready(function(){
  31.                         $('form').attr( 'action', add_query_args( $('form').attr('action') ) );
  32.                         $('body a').each(function(){
  33.                             $(this).attr( 'href', add_query_args( $(this).attr('href') ) );
  34.                         });
  35.                     })
  36.  
  37.                     function add_query_args( url ) {
  38.                         // Don't add the arguments twice - just in case
  39.                         // Also add the arguments only to wp-login.php related links
  40.                         if ( ! has_query_args( url ) && url.indexOf( 'wp-login.php' ) !== -1 ) {
  41.                             var args = '<?php echo esc_js( LL_NONCE_KEY . "=" . LL_NONCE_VALUE ); ?>';
  42.                             if ( url.indexOf( '?' ) !== -1 ) {
  43.                                 url += '&' + args;
  44.                             } else {
  45.                                 url += '?' + args;
  46.                             };
  47.                         };
  48.  
  49.                         return url;
  50.                     }
  51.  
  52.                     function has_query_args( url ) {
  53.                         return url.indexOf( '<?php echo esc_js( LL_NONCE_KEY . "=" . LL_NONCE_VALUE ); ?>' ) !== -1;
  54.                     }
  55.                 })(jQuery)
  56.             </script>
  57.             <?php
  58.         }
  59.     }
  60.     add_action( 'login_footer', 'login_lock_login_footer', 10 );
  61. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!