Enable|Disable BPS Plugin AutoUpdates: Clicking this link enables or disables BPS Plugin automatic updates for the BPS plugin only. Enable|Disable BPS Folder|Deactivation Checks: Clicking this link enables or disables checks for whether the /bulletproof-security/ plugin folder has been renamed or deleted. Checks for whether the BPS plugin has been deactivated. Email alerts are sent every 5 minutes when the BPS plugin folder has been renamed or deleted or the BPS plugin has been deactivated. To disable these checks and the email alerts click the Disable BPS Folder|Deactivation Checks link. Note: When you click disable links you will then see enable links and vice versa. Version: 4.0 Author: AITpro Author URI: https://forum.ait-pro.com/forums/forum/bulletproof-security-free/ License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html */ ## IMPORTANT!!!!: error_reporting(0); cannot be used generally in this file or all PHP Error Logging will be broken, but can be used safely within certain conditions. ## Important Note: If you would like to add additional customizations to this file it is recommended that you make a copy of this file after you make any customizations. ## Most likely additional things will be added/created in this BPS Pro must-use file at a later time. ## If you customize this BPS file then you will lose your customizations if/when this file is updated in the future. ## The MU Tools auto-update function: bpsPro_mu_tools_plugin_copy() is located in general-functions.php at code line: 816 ## 1.0: Added Toggle Action Links and DB options so that BPS MU Tools can be enabled or disabled. ## 2.0: Added CSRF Nonce verification to Toggle GET links. ## 2.7: BugFix for SSL sites nonce verification failing. ## 3.2: Disabling all functions except for the BPS Plugin automatic update function. ## Uncommenting these filters below and commenting out this BPS filter: add_filter( 'auto_update_plugin', 'bpsPro_autoupdate_bps_plugin', 10, 2 ); ## will allow ALL plugin and theme automatic updates on your website. At a later time|version this BPS MU plugin file will include options to enable|disable these things. /** add_filter( 'auto_update_plugin', '__return_true' ); add_filter( 'auto_update_theme', '__return_true' ); **/ function bpsPro_autoupdate_bps_plugin( $update, $item ) { $MUTools_Options = get_option('bulletproof_security_options_MU_tools_free'); if ( @$MUTools_Options['bps_mu_tools_enable_disable_autoupdate'] == 'disable' ) { return; } // Array of plugin slugs to AutoUpdate $plugins = array ( 'bulletproof-security', ); // AutoUpdate plugins in the $plugins array if ( in_array( $item->slug, $plugins ) ) { return true; } else { // For any/all other plugins that are not in the $plugins array, return the WP $update API response return $update; } } add_filter( 'auto_update_plugin', 'bpsPro_autoupdate_bps_plugin', 10, 2 ); // Check if the /bulletproof-security/ plugin folder has been renamed or deleted. // Writes a log entry and sends an email alert once every 5 minutes. function bpsPro_plugin_folder_check() { $MUTools_Options = get_option('bulletproof_security_options_MU_tools_free'); if ( @$MUTools_Options['bps_mu_tools_enable_disable_deactivation'] == 'disable' ) { return; } if ( defined('DISABLE_WP_CRON') && DISABLE_WP_CRON === true ) { return; } if ( time() > $MUTools_Options['bps_mu_tools_timestamp'] ) { if ( ! is_dir( WP_PLUGIN_DIR . '/bulletproof-security' ) ) { global $blog_id; if ( is_multisite() && $blog_id != 1 ) { return; } else { $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt'; $timeNow = time(); $gmt_offset = get_option( 'gmt_offset' ) * 3600; $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset); $log_contents = "\r\n" . '[BPS Plugin Folder Renamed or Deleted: ' . $timestamp . ']' . "\r\n" . 'This Security Log entry is created when the /bulletproof-security/ plugin folder is renamed or deleted. An email alert is also sent to you when the /bulletproof-security/ plugin folder is renamed or deleted.'."\r\n"; if ( is_writable( $bpsProLog ) ) { if ( ! $handle = fopen( $bpsProLog, 'a' ) ) { exit; } if ( fwrite( $handle, $log_contents) === FALSE ) { exit; } fclose($handle); } $EmailOptions = get_option('bulletproof_security_options_email'); $bps_email_to = $EmailOptions['bps_send_email_to']; $bps_email_from = $EmailOptions['bps_send_email_from']; $bps_email_cc = $EmailOptions['bps_send_email_cc']; $bps_email_bcc = $EmailOptions['bps_send_email_bcc']; $justUrl = get_site_url(); $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; $headers .= "From: " . $bps_email_from . "\r\n"; $headers .= "Cc: " . $bps_email_cc . "\r\n"; $headers .= "Bcc: " . $bps_email_bcc . "\r\n"; $subject = " BPS Alert: The /bulletproof-security/ plugin folder has been renamed or deleted - $timestamp "; $message = '

When the /bulletproof-security/ plugin folder is renamed or deleted this email alert will be sent to you every 5 minutes. To stop these email alerts from being sent, go to the WordPress Plugins page, click the Must-Use link, click the BPS MU Tools Disable BPS Folder|Deactivation Checks link.

'; $message .= '

Website: '.$justUrl.'

'; mail( $bps_email_to, $subject, $message, $headers ); $MUTools_Option_settings = array( 'bps_mu_tools_timestamp' => time() + 300, 'bps_mu_tools_enable_disable_autoupdate' => $MUTools_Options['bps_mu_tools_enable_disable_autoupdate'], 'bps_mu_tools_enable_disable_deactivation' => $MUTools_Options['bps_mu_tools_enable_disable_deactivation'] ); foreach ( $MUTools_Option_settings as $key => $value ) { update_option('bulletproof_security_options_MU_tools_free', $MUTools_Option_settings); } } } } } //bpsPro_plugin_folder_check(); // Check if the BPS plugin has been deactivated. // Writes a log entry and sends an email alert once every 5 minutes. function bpsPro_plugin_deactivation_check() { $MUTools_Options = get_option('bulletproof_security_options_MU_tools_free'); if ( @$MUTools_Options['bps_mu_tools_enable_disable_deactivation'] == 'disable' ) { return; } if ( defined('DISABLE_WP_CRON') && DISABLE_WP_CRON === true ) { return; } global $blog_id; if ( is_multisite() && $blog_id != 1 ) { return; } if ( time() > $MUTools_Options['bps_mu_tools_timestamp'] ) { // The require_once for plugin.php will cause a php warning error: headers already being sent. if ( ! function_exists( 'is_plugin_active_for_network' ) ) { require_once( ABSPATH . '/wp-admin/includes/plugin.php' ); } $bps_plugin = 'bulletproof-security/bulletproof-security.php'; @$bps_plugin_active = in_array( $bps_plugin, apply_filters('active_plugins', get_option('active_plugins') ) ); if ( $bps_plugin_active != 1 && ! is_plugin_active_for_network( $bps_plugin ) ) { $bpsProLog = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt'; $timeNow = time(); $gmt_offset = get_option( 'gmt_offset' ) * 3600; $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset); $log_contents = "\r\n" . '[BPS Plugin Deactivated: ' . $timestamp . ']' . "\r\n" . 'This Security Log entry is created when the BPS plugin is deactivated. An email alert is also sent to you when the BPS plugin is deactivated.'."\r\n"; if ( is_writable( $bpsProLog ) ) { if ( ! $handle = fopen( $bpsProLog, 'a' ) ) { exit; } if ( fwrite( $handle, $log_contents) === FALSE ) { exit; } fclose($handle); } $EmailOptions = get_option('bulletproof_security_options_email'); $bps_email_to = $EmailOptions['bps_send_email_to']; $bps_email_from = $EmailOptions['bps_send_email_from']; $bps_email_cc = $EmailOptions['bps_send_email_cc']; $bps_email_bcc = $EmailOptions['bps_send_email_bcc']; $justUrl = get_site_url(); $timestamp = date_i18n(get_option('date_format'), strtotime("11/15-1976")) . ' - ' . date_i18n(get_option('time_format'), $timeNow + $gmt_offset); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; $headers .= "From: " . $bps_email_from . "\r\n"; $headers .= "Cc: " . $bps_email_cc . "\r\n"; $headers .= "Bcc: " . $bps_email_bcc . "\r\n"; $subject = " BPS Pro Alert: The BPS plugin has been deactivated - $timestamp "; $message = '

The BPS plugin has been deactivated on website: '.$justUrl.'. To stop these email alerts from being sent while BPS is deactivated, go to the WordPress Plugins page, click the Must-Use link, click the BPS MU Tools Disable BPS Folder|Deactivation Checks link. If you just upgraded BPS you can ignore this email alert.

'; $message .= '

Note: If you are troubleshooting the BPS plugin then click this BPS Troubleshooting link: https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting. The BPS plugin has built-in troubleshooting capability and should not be deactivated for troubleshooting. Deactivating BPS removes the built-in troubleshooting tools/capabilities. You can turn all BPS security features On or Off for troubleshooting to isolate exactly which BPS security feature is causing an issue/problem or to confirm or eliminate BPS as the cause of an issue/problem.

'; mail( $bps_email_to, $subject, $message, $headers ); $MUTools_Option_settings = array( 'bps_mu_tools_timestamp' => time() + 300, 'bps_mu_tools_enable_disable_autoupdate' => $MUTools_Options['bps_mu_tools_enable_disable_autoupdate'], 'bps_mu_tools_enable_disable_deactivation' => $MUTools_Options['bps_mu_tools_enable_disable_deactivation'] ); foreach ( $MUTools_Option_settings as $key => $value ) { update_option('bulletproof_security_options_MU_tools_free', $MUTools_Option_settings); } } } } //bpsPro_plugin_deactivation_check(); // Note: you cannot use current_user_can('manage_options') in a must-use plugin. function bpsPro_toggle_links() { if ( is_admin() && preg_match( '/\/wp-admin\/plugins\.php/', esc_html($_SERVER['REQUEST_URI']) ) || is_network_admin() && preg_match( '/\/wp-admin\/network\/plugins\.php/', esc_html($_SERVER['REQUEST_URI']) ) ) { if ( isset( $_GET['bps_toggle_a'] ) || isset( $_GET['bps_toggle_d'] ) ) { if ( ! function_exists( 'wp_verify_nonce' ) ) { require_once( ABSPATH . '/wp-includes/pluggable.php' ); } if ( ! defined( 'COOKIEHASH' ) ) { $siteurl = get_site_option( 'siteurl' ); if ( $siteurl ) define( 'COOKIEHASH', md5( $siteurl ) ); else define( 'COOKIEHASH', '' ); } if ( ! defined('AUTH_COOKIE') ) define('AUTH_COOKIE', 'wordpress_' . COOKIEHASH); if ( ! defined('SECURE_AUTH_COOKIE') ) define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH); if ( ! defined('LOGGED_IN_COOKIE') ) define('LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH); if ( empty( $_REQUEST['_wpnonce'] ) ) { $nonce = ''; } else { $nonce = $_REQUEST['_wpnonce']; } if ( ! wp_verify_nonce( $nonce, 'bps-anti-csrf' ) ) { die( 'CSRF Error: Invalid Nonce used in BPS MU Tools must-use plugin GET Request' ); } else { $MUTools_Options = get_option('bulletproof_security_options_MU_tools_free'); if ( ! isset( $_GET['bps_toggle_a'] ) ) { $bps_toggle_a = $MUTools_Options['bps_mu_tools_enable_disable_autoupdate']; } elseif ( 'enable' == $_GET['bps_toggle_a'] ) { $bps_toggle_a = 'enable'; } elseif ( 'disable' == $_GET['bps_toggle_a'] ) { $bps_toggle_a = 'disable'; } if ( ! isset( $_GET['bps_toggle_d'] ) ) { $bps_toggle_d = $MUTools_Options['bps_mu_tools_enable_disable_deactivation']; } elseif ( 'enable' == $_GET['bps_toggle_d'] ) { $bps_toggle_d = 'enable'; } elseif ( 'disable' == $_GET['bps_toggle_d'] ) { $bps_toggle_d = 'disable'; } $MUTools_Option_settings = array( 'bps_mu_tools_timestamp' => time() + 300, 'bps_mu_tools_enable_disable_autoupdate' => $bps_toggle_a, 'bps_mu_tools_enable_disable_deactivation' => $bps_toggle_d ); foreach ( $MUTools_Option_settings as $key => $value ) { update_option('bulletproof_security_options_MU_tools_free', $MUTools_Option_settings); } } } } } bpsPro_toggle_links(); function bpsPro_mu_plugin_actlinks( $links, $file ) { static $this_plugin; if ( ! $this_plugin ) $this_plugin = plugin_basename(__FILE__); if ( $file == $this_plugin ) { $MUTools_Options = get_option('bulletproof_security_options_MU_tools_free'); if ( ! function_exists( 'wp_create_nonce' ) ) { require_once( ABSPATH . '/wp-includes/pluggable.php' ); } $nonce = wp_create_nonce( 'bps-anti-csrf' ); if ( $MUTools_Options['bps_mu_tools_enable_disable_autoupdate'] == 'enable' ) { if ( is_multisite() ) { $links[] = 'Disable BPS Plugin AutoUpdates'; } else { $links[] = 'Disable BPS Plugin AutoUpdates'; } } else { if ( $MUTools_Options['bps_mu_tools_enable_disable_autoupdate'] == 'disable' ) { if ( is_multisite() ) { $links[] = 'Enable BPS Plugin AutoUpdates'; } else { $links[] = 'Enable BPS Plugin AutoUpdates'; } } } if ( $MUTools_Options['bps_mu_tools_enable_disable_deactivation'] == 'enable' ) { if ( is_multisite() ) { $links[] = '
Disable BPS Folder|Deactivation Checks'; } else { $links[] = '
Disable BPS Folder|Deactivation Checks'; } } else { if ( $MUTools_Options['bps_mu_tools_enable_disable_deactivation'] == 'disable' ) { if ( is_multisite() ) { $links[] = '
Enable BPS Folder|Deactivation Checks'; } else { $links[] = '
Enable BPS Folder|Deactivation Checks'; } } } } return $links; } add_filter( 'plugin_action_links', 'bpsPro_mu_plugin_actlinks', 10, 2 ); add_filter( 'network_admin_plugin_action_links', 'bpsPro_mu_plugin_actlinks', 10, 2 ); ?>