Fork a small plugin to showcase new security page

Plugins
1

I was wondering if someone could fork the plugin Brute Force Login Protection

This is only a tiny plugin with one php file that probably needs to be changed, and would be an ideal candidate to showcase the new Security page in the admin panel of CP v1.1.0

The plugin still works with this version, even though it hasnā€™t been updated for 2 years and I use it on all my sites. It is a last-resort backstop that catches people trying to guess the login details, when all my other plugins missed it. It even catches people trying to get in via the back door, and not the actual login form.

I particularly like it because it permanently blocks the IP address in .htaccess ( I set it to 3 attempts) and sends me an email letting me know.

I read the information for developers using the Security page, but donā€™t feel confident enough to try modifying it myself.

If someone could fork it, then I can write a post at ClassicPress.club with screen shots of how it is displayed in the admin panel.

I think it would help to have an example plugin, especially a small but useful one such as this.

4 Likes
2

Done, but just as an exercise. :rofl:
https://github.com/xxsimoxx/CP-Brute-Force-Login-Protection
Iā€™ve not much time now, but if you like, there are some things to do, like:

  • testing
  • rename the plugin in readme, translationsā€¦
  • plugin is still searching for updates on wp.org, so Iā€™ve just bumped version
  • correctly credits the original author and say in a good english something about the fork
  • check newer PHP compatibility
  • chech CP <1.1.0 compatibility

If you want to contribute you are welcome!
And if you want (and Iā€™d like to very much) I can transfer to you the ownership of the repo.

What Iā€™ve done actually:

  • Pushed 2 PR:
    • one fixed compatibility for Apache 2.4
    • one added some good styling and pt_BR language
  • corrected a bug when PHP is compiled out of apache
  • of course moved to Security menu when itā€™s available

I think at this time is really not ready for that :sweat_smile:

Simone.

5 Likes
3

@Simone

Thanks for that!

Itā€™s midnight here, but Iā€™ll test it tomorrow. I wouldnā€™t know how to do anything with the coding side of things, so no point in me owning the repo.

Maybe @anon71687268 would like to add it to his collection?

1 Like
4

Pass. :wink:

1 Like
5

@Simone

The plugin did not work. It was in the list of installed plugins, and showing as active, but could not be accessed from Settings (or anywhere else) in the admin panel, and nothing showed under Security.

The .htaccess file did show the code block ready for blocked IPā€™s.

I was then unable to activate the original plugin by uploading it. There was a ā€œformat errorā€ message. It installed and activated okay by downloading it from the plugin page though.

Hope that helps you.

1 Like
6

For what itā€™s worth, I see the original GitHub page is showing the structure for a development version. It contains files that are not present in the actual v1.5.3 plugin zip file.

I also notice under ā€œIssuesā€ that this plugin only works with Apache and not Nginx, so maybe itā€™s not a good plugin to use as an example.

7

:+1: Iā€™m in the middle of a blackout :sweat_smile:! To what user do you want to be passed?

2 Likes
8

Nginx doesnā€™t support htaccess (that seems to be evil for speed :sunglasses:).
Many configurations use Nginx only as proxy, so htaccess is parsed.

Iā€™ve installed on a production site and it works, it displays correctly in the security page.
Any warnings?

image
image1104Ɨ372 32 KB

9

No, no warnings or error log entries. It just seemed to be invisible to the admin panel.

I did notice the screen went blank when activating the plugin, with no details showing what was in progress, as you usually get.

One of lifeā€™s many mysteries.

Maybe something remained in the database when I uninstalled the original plugin. You wouldnā€™t have had that problem. I might try again and do a search of the records before installing your version.

10

I just installed on a test site and Iā€™m not seeing anything in the security area. Canā€™t see anywhere at all to access settings.

11

@Aussie, @ozfiddler : whatā€™s the name of the folder of the plugin?

This is ok, because if there is a Security page the original settings are not displayed.

12

I think I may see the problem.

Looking at the GitHub page files and those on my website, there are significant differences. I downloaded the zip file from the ā€œClone or Downloadā€ dropdown. I think I should have downloaded v1.5.2 from the ā€œReleasesā€ page, even though itā€™s dated 2015. That file is actually your new one and not the original v1.5.2 one.

That is not clear to someone who doesnā€™t understand GitHub.

13

Iā€™ve just had a quick play. The plugin folder must be CP-Brute-Force-Login-Protection, the same as the menu slug. Seems to work fineā€¦for me at least.

1 Like
14

Yes, this could be the problem if the folder name is CP-Brute-Force-Login-Protection-develop as if you download the ZIP from GitHub.

1 Like
15

Okay, I finally got it to work before my server crashed on me. I downloaded the version from ā€œClone or Downloadā€ and renamed the folder before activating the plugin.

It showed under ā€œSecurityā€ and I could configure it.

So why is the folder not correctly named initially?

1 Like
16

I think this is the correct way GitHub worksā€¦ Working with wp-cli automatically corrects this.

17

Passed :wink:

18

Plugins should not be dependent on their folder name.

1 Like
19

I unzipped it, renamed the folder and zipped up again.

20

But the plugin slug is the name of the dir, and add_security_page() is looking at this.

Passing to $menu_slug something like dirname(__FILE__) instead of hardcoding it could be a workaround. What do you think about it?