Ubuntu

title = __( 'Check if the security keys are correctly set.', 'secupress' ); $this->more = __( 'WordPress provides 8 security keys, each key has its own purpose. These keys must be set with long random strings: don\'t keep the default value, don\'t store them in the database, don\'t hardcode them.', 'secupress' ); $this->more_fix = __( 'Create a must-use plugin to replace your actual keys stored in wp-config.php or in your database to keep them safer.', 'secupress' ); } /** * Get messages. * * @since 1.0 * * @param (int) $message_id A message ID. * * @return (string|array) A message if a message ID is provided. An array containing all messages otherwise. */ public static function get_messages( $message_id = null ) { $messages = array( // "good" 0 => __( 'All security keys are properly set.', 'secupress' ), // "warning" 100 => __( 'This fix is pending, please reload the page to apply it now.', 'secupress' ), 101 => __( 'The wp-config.php file could not be located.', 'secupress' ), // "bad" 200 => __( 'The following security keys are not set correctly:', 'secupress' ), 201 => _n_noop( '· Not Set: %s.', '· Not Set: %s.', 'secupress' ), 202 => _n_noop( '· Default Value: %s.', '· Default Value: %s.', 'secupress' ), 203 => _n_noop( '· Too Short: %s.', '· Too Short: %s.', 'secupress' ), 204 => _n_noop( '· Hardcoded: %s.', '· Hardcoded: %s.', 'secupress' ), 205 => _n_noop( '· From DB: %s.', '· From DB: %s.', 'secupress' ), // "cantfix" 300 => __( 'The wp-config.php file is not writable, security keys could not be changed.', 'secupress' ), 301 => __( 'The security keys fix has been applied but there is still keys that could not be modified so far.', 'secupress' ), ); if ( isset( $message_id ) ) { return isset( $messages[ $message_id ] ) ? $messages[ $message_id ] : __( 'Unknown message', 'secupress' ); } return $messages; } /** Getters. ================================================================================ */ /** * Get the documentation URL. * * @since 1.2.3 * * @return (string) */ public static function get_docs_url() { return __( 'http://docs.secupress.me/article/92-security-keys-scan', 'secupress' ); } /** Scan. =================================================================================== */ /** * Scan for flaw(s). * * @since 1.0 * * @return (array) The scan results. */ public function scan() { $activated = secupress_filter_scanner( __CLASS__ ); if ( true === $activated ) { $this->add_message( 0 ); return parent::scan(); } $wpconfig_filepath = secupress_find_wpconfig_path(); if ( ! $wpconfig_filepath ) { // "warning" $this->add_message( 100 ); return parent::scan(); } // Get code only from `wp-config.php`. $wp_config_content = php_strip_whitespace( $wpconfig_filepath ); $keys = $this->get_keys(); $bad_keys = array( 201 => array(), 202 => array(), 203 => array(), 204 => array(), 205 => array(), ); preg_match_all( '/' . implode( '|', $keys ) . '/', $wp_config_content, $matches ); if ( ! empty( $matches[0] ) ) { // Hardcoded. $bad_keys[204] = self::wrap_in_tag( $matches[0] ); } foreach ( $keys as $key ) { // Check constant. $constant = defined( $key ) ? constant( $key ) : null; switch ( true ) { case is_null( $constant ) : // Not Set. $bad_keys[201][] = '' . $key . ''; break; case 'put your unique phrase here' === $constant : // Default Value. $bad_keys[202][] = '' . $key . ''; break; case strlen( $constant ) < 64 : // Too Short. $bad_keys[203][] = '' . $key . ''; break; } // Check DB. $key = strtolower( $key ); $db = get_site_option( $key, null ); if ( ! is_null( $db ) ) { // From DB. $bad_keys[205][] = '' . $key . ''; } } $bad_keys = array_filter( $bad_keys ); if ( count( $bad_keys ) ) { // "bad" $this->add_message( 200 ); foreach ( $bad_keys as $message_id => $keys ) { $this->add_message( $message_id, array( count( $keys ), $keys ) ); } } // "good" $this->maybe_set_status( 0 ); return parent::scan(); } /** Fix. ==================================================================================== */ /** * Try to fix the flaw(s). * * @since 1.4.5 * * @return (array) The fix results. */ public function need_manual_fix() { return [ 'fix' => 'fix' ]; } /** * Get an array containing ALL the forms that would fix the scan if it requires user action. * * @since 1.4.5 * * @return (array) An array of HTML templates (form contents most of the time). */ protected function get_fix_action_template_parts() { return [ 'fix' => ' ' ]; } /** * Try to fix the flaw(s) after requiring user action. * * @since 1.4.5 * * @return (array) The fix results. */ public function manual_fix() { if ( $this->has_fix_action_part( 'fix' ) ) { $this->fix(); } // "good" $this->add_fix_message( 1 ); return parent::manual_fix(); } /** * Try to fix the flaw(s). * * @since 1.0 * * @return (array) The fix results. */ public function fix() { global $current_user; $is_wpconfig_writable = secupress_is_wpconfig_writable(); if ( defined( 'SECUPRESS_SALT_KEYS_ACTIVE' ) ) { // "cantfix" $this->add_fix_message( 301 ); } if ( is_null( $is_wpconfig_writable ) ) { // "warning" $this->add_fix_message( 101 ); } elseif ( ! $is_wpconfig_writable ) { // "cantfix" $this->add_fix_message( 300 ); } if ( isset( $current_user->ID ) ) { secupress_set_site_transient( 'secupress-add-salt-muplugin', array( 'ID' => $current_user->ID, 'username' => $current_user->user_login ) ); // "warning" $this->add_fix_message( 100 ); } // "good" $this->maybe_set_fix_status( 0 ); return parent::fix(); } /** Tools. ================================================================================== */ /** * Get salt keys. * * @since 1.0 * * @return (array) */ protected static function get_keys() { return array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT' ); } }