Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Plugin Name: Login Lock
- Plugin Description: Tries to prevent automated bruteforce attacks on your WordPress site. Put this file in your "wp-content/mu-plugins/" directory. Then change the value for "LL_NONCE_KEY" and "LL_NONCE_VALUE" to something else. Then go to your wp-login page - for instance http://mydomain.com/wp-login.php?LL_NONCE_KEY=LL_NONCE_VALUE - but of course don't forget to replace "LL_NONCE_KEY" and "LL_NONCE_VALUE" with the actual values that you've set.
- */
- // The $_GET key that will be used in the URL
- define( 'LL_NONCE_KEY', 'mysecretkey' );
- // The value for the above $_GET key. Please don't use the equals("=") or sharp("#") signs here
- define( 'LL_NONCE_VALUE', 'myv3ry53cr37n0nc3' );
- // Checks whether we're on the login page.
- function ll_is_login_page() {
- return stripos( $_SERVER['SCRIPT_FILENAME'], 'wp-login.php' ) !== false;
- }
- if ( ll_is_login_page() ) {
- if ( ! isset( $_GET[ LL_NONCE_KEY ] ) || $_GET[ LL_NONCE_KEY ] != LL_NONCE_VALUE ) {
- wp_die( 'Unauthorized access!' );
- }
- wp_enqueue_script( 'jquery' );
- // Adds some JavaScript that will change the links and the form's "action" attribute to reflect
- // the proper values so you don't get "Unauthorized access!"
- function login_lock_login_footer() {
- if ( isset( $_GET[ LL_NONCE_KEY ] ) && $_GET[ LL_NONCE_KEY ] == LL_NONCE_VALUE ) { ?>
- <script type="text/javascript">
- (function($){
- $(document).ready(function(){
- $('form').attr( 'action', add_query_args( $('form').attr('action') ) );
- $('body a').each(function(){
- $(this).attr( 'href', add_query_args( $(this).attr('href') ) );
- });
- })
- function add_query_args( url ) {
- // Don't add the arguments twice - just in case
- // Also add the arguments only to wp-login.php related links
- if ( ! has_query_args( url ) && url.indexOf( 'wp-login.php' ) !== -1 ) {
- var args = '<?php echo esc_js( LL_NONCE_KEY . "=" . LL_NONCE_VALUE ); ?>';
- if ( url.indexOf( '?' ) !== -1 ) {
- url += '&' + args;
- } else {
- url += '?' + args;
- };
- };
- return url;
- }
- function has_query_args( url ) {
- return url.indexOf( '<?php echo esc_js( LL_NONCE_KEY . "=" . LL_NONCE_VALUE ); ?>' ) !== -1;
- }
- })(jQuery)
- </script>
- <?php
- }
- }
- add_action( 'login_footer', 'login_lock_login_footer', 10 );
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement