Skip to content

Commit 1aca86c

Browse files
jlorenzo-codekojlorenzo-codeko
authored
Merge pull request #1 from Codeko/NHH-916-auto-updater
feat: add auto updater and security improvements
2 parents 517c1dd + 18e4416 commit 1aca86c

File tree

2 files changed

+569
-0
lines changed

2 files changed

+569
-0
lines changed

index.php

Lines changed: 129 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,129 @@
1+
<?php
2+
/**
3+
* Plugin Name: WP Security
4+
* Description: Improves security of WordPress
5+
* Version: 1.0.0
6+
*/
7+
8+
if (!defined('ABSPATH')) {
9+
exit;
10+
}
11+
12+
add_action( 'init', 'wp_security_github_plugin_updater' );
13+
14+
function wp_security_github_plugin_updater() {
15+
include_once('updater.php');
16+
define( 'WP_GITHUB_FORCE_UPDATE', true );
17+
18+
if (is_admin()) { // note the use of is_admin() to double check that this is happening in the admin
19+
$config = array(
20+
'slug' => plugin_basename(__FILE__), // this is the slug of your plugin
21+
'proper_folder_name' => 'wp-security', // this is the name of the folder your plugin lives in
22+
'api_url' => 'https://api.github.com/repos/Codeko/wp-security', // the GitHub API url of your GitHub repo
23+
'raw_url' => 'https://raw.github.com/Codeko/wp-security/main', // the GitHub raw url of your GitHub repo
24+
'github_url' => 'https://github.com/Codeko/wp-security', // the GitHub url of your GitHub repo
25+
'zip_url' => 'https://github.com/Codeko/wp-security/zipball/main', // the zip url of the GitHub repo
26+
'sslverify' => true, // whether WP should check the validity of the SSL cert when getting an update, see https://github.com/jkudish/WordPress-GitHub-Plugin-Updater/issues/2 and https://github.com/jkudish/WordPress-GitHub-Plugin-Updater/issues/4 for details
27+
'requires' => '6.4.1', // which version of WordPress does your plugin require?
28+
'tested' => '6.4.1', // which version of WordPress is your plugin tested up to?
29+
'readme' => 'README.md', // which file to use as the readme for the version number
30+
);
31+
new WP_GitHub_Updater($config);
32+
}
33+
}
34+
35+
36+
37+
function wp_security_custom_author_url(){
38+
return home_url('/');
39+
}
40+
add_filter('author_link', 'wp_security_custom_author_url');
41+
42+
function wp_security_disable_feed(){
43+
global $wp_query;
44+
$wp_query->set_404();
45+
status_header(404);
46+
nocache_headers();
47+
exit;
48+
}
49+
50+
function wp_security_remove_feed_after_load(){
51+
add_action('do_feed', 'wp_security_disable_feed', 1);
52+
add_action('do_feed_rdf', 'wp_security_disable_feed', 1);
53+
add_action('do_feed_rss', 'wp_security_disable_feed', 1);
54+
add_action('do_feed_rss2', 'wp_security_disable_feed', 1);
55+
add_action('do_feed_atom', 'wp_security_disable_feed', 1);
56+
add_action('do_feed_rss2_comments', 'wp_security_disable_feed', 1);
57+
add_action('do_feed_atom_comments', 'wp_security_disable_feed', 1);
58+
remove_action('wp_head', 'feed_links_extra', 3);
59+
remove_action('wp_head', 'feed_links', 2);
60+
}
61+
62+
add_action('plugins_loaded', 'wp_security_remove_feed_after_load');
63+
64+
function wp_security_sdxrpc_load_textdomain() {
65+
load_plugin_textdomain( 'simple-disable-xml-rpc', false, dirname( plugin_basename( __FILE__ ) ) . '/languages' );
66+
}
67+
add_action( 'plugins_loaded', 'wp_security_sdxrpc_load_textdomain' );
68+
69+
// Add settings page to the admin menu
70+
function wp_security_sdxrpc_disable_menu() {
71+
add_options_page('Simple Disable XML-RPC', 'Simple Disable XML-RPC', 'manage_options', 'simple-disable-xml-rpc', 'sdxrpc_disable_settings_page');
72+
}
73+
add_action('admin_menu', 'wp_security_sdxrpc_disable_menu');
74+
75+
// Register plugin settings
76+
function wp_security_sdxrpc_disable_register_settings() {
77+
register_setting('simple-disable-xml-rpc-group', 'xmlrpc_disable_enabled');
78+
}
79+
add_action('admin_init', 'wp_security_sdxrpc_disable_register_settings');
80+
81+
// Settings page content
82+
function wp_security_sdxrpc_disable_settings_page() {
83+
?>
84+
<div class="wrap">
85+
<h2>Simple Disable XML-RPC Settings</h2>
86+
<form method="post" action="options.php">
87+
<?php settings_fields('simple-disable-xml-rpc-group'); ?>
88+
<?php $enabled = get_option('xmlrpc_disable_enabled'); ?>
89+
<label for="xmlrpc_disable_enabled">
90+
<input type="checkbox" id="xmlrpc_disable_enabled" name="xmlrpc_disable_enabled" <?php checked($enabled, 'on'); ?> />
91+
Disable XML-RPC
92+
</label>
93+
<?php submit_button(); ?>
94+
</form>
95+
</div>
96+
<?php
97+
}
98+
99+
// Filter xmlrpc_enabled based on user settings
100+
function wp_security_sdxrpc_disable_xmlrpc_enabled($enabled) {
101+
$disable = get_option('xmlrpc_disable_enabled');
102+
if ($disable === 'on') {
103+
return false;
104+
}
105+
return $enabled;
106+
}
107+
add_filter('xmlrpc_enabled', 'wp_security_sdxrpc_disable_xmlrpc_enabled');
108+
109+
// Simple Disable XML-RPC Option Links
110+
111+
add_filter( 'plugin_action_links_' . plugin_basename(__FILE__), 'wp_security_sdxr_add_action_links' );
112+
113+
function wp_security_sdxr_add_action_links ( $actions ) {
114+
$mylinks = array(
115+
'<a href="' . admin_url( 'options-general.php?page=simple-disable-xml-rpc' ) . '">Settings</a>',
116+
);
117+
$actions = array_merge( $actions, $mylinks );
118+
return $actions;
119+
}
120+
121+
// Redirect to settings page once the plugin is activated
122+
123+
function wp_security_sdxrpc_activation_redirect( $plugin ) {
124+
if( $plugin == plugin_basename( __FILE__ ) ) {
125+
wp_safe_redirect( admin_url( 'options-general.php?page=simple-disable-xml-rpc' ) );
126+
exit;
127+
}
128+
}
129+
add_action( 'activated_plugin', 'wp_security_sdxrpc_activation_redirect' );

0 commit comments

Comments
 (0)