# File lib/wpscan/modules/wp_login_protection.rb, line 25 def has_login_protection? !login_protection_plugin().nil? end
Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 return a WpPlugin object or nil if no one is found
# File lib/wpscan/modules/wp_login_protection.rb, line 32 def login_protection_plugin unless @login_protection_plugin protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call| if send(symbol_to_call) plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-') return @login_protection_plugin = WpPlugin.new( name: plugin_name, base_url: @uri, path: "/plugins/#{plugin_name}/", wp_content_dir: @wp_content_dir ) end end @login_protection_plugin = nil end @login_protection_plugin end
# File lib/wpscan/modules/wp_login_protection.rb, line 69 def better_wp_security_url WpPlugin.new(wp_content_dir: @wp_content_dir, base_url: @uri, path: '/plugins/better-wp-security/', name: 'better-wp-security' ).get_url_without_filename end
# File lib/wpscan/modules/wp_login_protection.rb, line 121 def bluetrait_event_viewer_url WpPlugin.new(wp_content_dir: @wp_content_dir, base_url: @uri, path: '/plugins/bluetrait-event-viewer/', name: 'bluetrait-event-viewer' ).get_url_without_filename end
wordpress.org/extend/plugins/better-wp-security/
# File lib/wpscan/modules/wp_login_protection.rb, line 65 def has_better_wp_security_protection? Browser.instance.get(better_wp_security_url()).code != 404 end
wordpress.org/extend/plugins/bluetrait-event-viewer/
# File lib/wpscan/modules/wp_login_protection.rb, line 117 def has_bluetrait_event_viewer_protection? Browser.instance.get(bluetrait_event_viewer_url()).code != 404 end
wordpress.org/extend/plugins/limit-login-attempts/
# File lib/wpscan/modules/wp_login_protection.rb, line 104 def has_limit_login_attempts_protection? Browser.instance.get(limit_login_attempts_url()).code != 404 end
wordpress.org/extend/plugins/login-lock/
# File lib/wpscan/modules/wp_login_protection.rb, line 60 def has_login_lock_protection? Browser.instance.get(login_url()).body =~ %r{LOGIN LOCK} ? true : false end
Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/
# File lib/wpscan/modules/wp_login_protection.rb, line 55 def has_login_lockdown_protection? Browser.instance.get(login_url()).body =~ %r{Login LockDown} ? true : false end
wordpress.org/extend/plugins/login-security-solution/
# File lib/wpscan/modules/wp_login_protection.rb, line 91 def has_login_security_solution_protection? Browser.instance.get(login_security_solution_url()).code != 404 end
wordpress.org/extend/plugins/simple-login-lockdown/
# File lib/wpscan/modules/wp_login_protection.rb, line 78 def has_simple_login_lockdown_protection? Browser.instance.get(simple_login_lockdown_url()).code != 404 end
# File lib/wpscan/modules/wp_login_protection.rb, line 108 def limit_login_attempts_url WpPlugin.new(wp_content_dir: @wp_content_dir, base_url: @uri, path: '/plugins/limit-login-attempts/', name: 'limit-login-attempts' ).get_url_without_filename end
# File lib/wpscan/modules/wp_login_protection.rb, line 95 def login_security_solution_url WpPlugin.new(wp_content_dir: @wp_content_dir, base_url: @uri, path: '/plugins/login-security-solution/', name: 'login-security-solution' ).get_url_without_filename end
# File lib/wpscan/modules/wp_login_protection.rb, line 82 def simple_login_lockdown_url WpPlugin.new(wp_content_dir: @wp_content_dir, base_url: @uri, path: '/plugins/simple-login-lockdown/', name: 'simple-login-lockdown' ).get_url_without_filename end