module WpTarget::WpLoginProtection

Constants

LOGIN_PROTECTION_METHOD_PATTERN

Public Instance Methods

has_login_protection?() click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 9
def has_login_protection?
  !login_protection_plugin().nil?
end
login_protection_plugin() click to toggle source

Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 return a WpPlugin object or nil if no one is found

# File lib/wpscan/wp_target/wp_login_protection.rb, line 16
def login_protection_plugin
  unless @login_protection_plugin
    protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call|

      if send(symbol_to_call)
        plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-')

        return @login_protection_plugin = WpPlugin.new(
          @uri,
          name:           plugin_name,
          wp_content_dir: wp_content_dir,
          wp_plugins_dir: wp_plugins_dir
        )
      end
    end
    @login_protection_plugin = nil
  end
  @login_protection_plugin
end

Protected Instance Methods

better_wp_security_url() click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 62
def better_wp_security_url
  plugin_url('better-wp-security/')
end
bluetrait_event_viewer_url() click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 98
def bluetrait_event_viewer_url
  plugin_url('bluetrait-event-viewer')
end
has_better_wp_security_protection?() click to toggle source

wordpress.org/extend/plugins/better-wp-security/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 49
def has_better_wp_security_protection?
  Browser.get(better_wp_security_url).code != 404
end
has_bluetrait_event_viewer_protection?() click to toggle source

wordpress.org/extend/plugins/bluetrait-event-viewer/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 94
def has_bluetrait_event_viewer_protection?
  Browser.get(bluetrait_event_viewer_url).code != 404
end
has_limit_login_attempts_protection?() click to toggle source

wordpress.org/extend/plugins/limit-login-attempts/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 85
def has_limit_login_attempts_protection?
  Browser.get(limit_login_attempts_url).code != 404
end
has_login_lock_protection?() click to toggle source

wordpress.org/extend/plugins/login-lock/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 44
def has_login_lock_protection?
  Browser.get(login_url).body =~ %r{LOGIN LOCK} ? true : false
end
has_login_lockdown_protection?() click to toggle source

Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 39
def has_login_lockdown_protection?
  Browser.get(login_url).body =~ %r{Login LockDown} ? true : false
end
has_login_security_solution_protection?() click to toggle source

wordpress.org/extend/plugins/login-security-solution/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 76
def has_login_security_solution_protection?
  Browser.get(login_security_solution_url()).code != 404
end
has_simple_login_lockdown_protection?() click to toggle source

wordpress.org/extend/plugins/simple-login-lockdown/

# File lib/wpscan/wp_target/wp_login_protection.rb, line 67
def has_simple_login_lockdown_protection?
  Browser.get(simple_login_lockdown_url).code != 404
end
limit_login_attempts_url() click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 89
def limit_login_attempts_url
  plugin_url('limit-login-attempts')
end
login_security_solution_url() click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 80
def login_security_solution_url
  plugin_url('login-security-solution')
end
plugin_url(plugin_name) click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 53
def plugin_url(plugin_name)
  WpPlugin.new(
    @uri,
    name:           plugin_name,
    wp_content_dir: wp_content_dir,
    wp_plugins_dir: wp_plugins_dir
  ).url
end
simple_login_lockdown_url() click to toggle source
# File lib/wpscan/wp_target/wp_login_protection.rb, line 71
def simple_login_lockdown_url
  plugin_url('simple-login-lockdown/')
end