# File lib/wpscan/wp_target/wp_login_protection.rb, line 9 def has_login_protection? !login_protection_plugin().nil? end
Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 return a WpPlugin object or nil if no one is found
# File lib/wpscan/wp_target/wp_login_protection.rb, line 16 def login_protection_plugin unless @login_protection_plugin protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call| if send(symbol_to_call) plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-') return @login_protection_plugin = WpPlugin.new( @uri, name: plugin_name, wp_content_dir: wp_content_dir, wp_plugins_dir: wp_plugins_dir ) end end @login_protection_plugin = nil end @login_protection_plugin end
# File lib/wpscan/wp_target/wp_login_protection.rb, line 62 def better_wp_security_url plugin_url('better-wp-security/') end
# File lib/wpscan/wp_target/wp_login_protection.rb, line 98 def bluetrait_event_viewer_url plugin_url('bluetrait-event-viewer') end
wordpress.org/extend/plugins/better-wp-security/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 49 def has_better_wp_security_protection? Browser.get(better_wp_security_url).code != 404 end
wordpress.org/extend/plugins/bluetrait-event-viewer/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 94 def has_bluetrait_event_viewer_protection? Browser.get(bluetrait_event_viewer_url).code != 404 end
wordpress.org/extend/plugins/limit-login-attempts/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 85 def has_limit_login_attempts_protection? Browser.get(limit_login_attempts_url).code != 404 end
wordpress.org/extend/plugins/login-lock/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 44 def has_login_lock_protection? Browser.get(login_url).body =~ %r{LOGIN LOCK} ? true : false end
Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 39 def has_login_lockdown_protection? Browser.get(login_url).body =~ %r{Login LockDown} ? true : false end
wordpress.org/extend/plugins/login-security-solution/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 76 def has_login_security_solution_protection? Browser.get(login_security_solution_url()).code != 404 end
wordpress.org/extend/plugins/simple-login-lockdown/
# File lib/wpscan/wp_target/wp_login_protection.rb, line 67 def has_simple_login_lockdown_protection? Browser.get(simple_login_lockdown_url).code != 404 end
# File lib/wpscan/wp_target/wp_login_protection.rb, line 89 def limit_login_attempts_url plugin_url('limit-login-attempts') end
# File lib/wpscan/wp_target/wp_login_protection.rb, line 80 def login_security_solution_url plugin_url('login-security-solution') end
# File lib/wpscan/wp_target/wp_login_protection.rb, line 53 def plugin_url(plugin_name) WpPlugin.new( @uri, name: plugin_name, wp_content_dir: wp_content_dir, wp_plugins_dir: wp_plugins_dir ).url end
# File lib/wpscan/wp_target/wp_login_protection.rb, line 71 def simple_login_lockdown_url plugin_url('simple-login-lockdown/') end