Changeset 2124103

Timestamp:

07/16/2019 05:26:35 PM (7 years ago)

Author:

wfryan

Message:

1.0.3 - July 16, 2019

• Improvement: Added additional information about reCAPTCHA to its setting control.
• Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links.
• Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key.
• Improvement: Added a setting to control the reCAPTCHA human/bot threshold.
• Improvement: Added an option to trigger removal of Login Security tables and data on deactivation.
• Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring.
• Fix: Widened the reCAPTCHA key fields to allow the full keys to be visible.
• Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error.
• Fix: Added handling for reCAPTCHA's JavaScript failing to load, which previously blocked logging in.
• Fix: Fixed the functionality of the button to send 2FA grace period notifications.
• Fix: Fixed a missing icon for some help links when running in standalone mode.

Location:

wordfence-login-security

Files:

• tags/1.0.3 (copied) (copied from wordfence-login-security/trunk)
• tags/1.0.3/classes/controller/ajax.php (modified) (3 diffs)
• tags/1.0.3/classes/controller/captcha.php (modified) (1 diff)
• tags/1.0.3/classes/controller/db.php (modified) (1 diff)
• tags/1.0.3/classes/controller/settings.php (modified) (7 diffs)
• tags/1.0.3/classes/controller/time.php (modified) (1 diff)
• tags/1.0.3/classes/controller/users.php (modified) (1 diff)
• tags/1.0.3/classes/controller/wordfencels.php (modified) (7 diffs)
• tags/1.0.3/classes/model/settings/db.php (modified) (1 diff)
• tags/1.0.3/css/admin-global.1559237323.css (deleted)
• tags/1.0.3/css/admin-global.1563297209.css (added)
• tags/1.0.3/css/admin.1559237323.css (deleted)
• tags/1.0.3/css/admin.1563297209.css (added)
• tags/1.0.3/css/colorbox.1559237323.css (deleted)
• tags/1.0.3/css/colorbox.1563297209.css (added)
• tags/1.0.3/css/font-awesome.1559237323.css (deleted)
• tags/1.0.3/css/font-awesome.1563297209.css (added)
• tags/1.0.3/css/ionicons.1559237323.css (deleted)
• tags/1.0.3/css/ionicons.1563297209.css (added)
• tags/1.0.3/css/jquery-ui-timepicker-addon.1559237323.css (deleted)
• tags/1.0.3/css/jquery-ui-timepicker-addon.1563297209.css (added)
• tags/1.0.3/css/jquery-ui.min.1559237323.css (deleted)
• tags/1.0.3/css/jquery-ui.min.1563297209.css (added)
• tags/1.0.3/css/jquery-ui.structure.min.1559237323.css (deleted)
• tags/1.0.3/css/jquery-ui.structure.min.1563297209.css (added)
• tags/1.0.3/css/jquery-ui.theme.min.1559237323.css (deleted)
• tags/1.0.3/css/jquery-ui.theme.min.1563297209.css (added)
• tags/1.0.3/css/login.1559237323.css (deleted)
• tags/1.0.3/css/login.1563297209.css (added)
• tags/1.0.3/css/wfselect2.min.1563297209.css (added)
• tags/1.0.3/js/Chart.bundle.min.1563297209.js (added)
• tags/1.0.3/js/admin-global.1559237323.js (deleted)
• tags/1.0.3/js/admin-global.1563297209.js (added)
• tags/1.0.3/js/admin.1559237323.js (deleted)
• tags/1.0.3/js/admin.1563297209.js (added)
• tags/1.0.3/js/jquery-ui-timepicker-addon.1559237323.js (deleted)
• tags/1.0.3/js/jquery-ui-timepicker-addon.1563297209.js (added)
• tags/1.0.3/js/jquery.colorbox.1559237323.js (deleted)
• tags/1.0.3/js/jquery.colorbox.1563297209.js (added)
• tags/1.0.3/js/jquery.colorbox.min.1559237323.js (deleted)
• tags/1.0.3/js/jquery.colorbox.min.1563297209.js (added)
• tags/1.0.3/js/jquery.qrcode.min.1559237323.js (deleted)
• tags/1.0.3/js/jquery.qrcode.min.1563297209.js (added)
• tags/1.0.3/js/jquery.tmpl.min.1559237323.js (deleted)
• tags/1.0.3/js/jquery.tmpl.min.1563297209.js (added)
• tags/1.0.3/js/login.1559237323.js (deleted)
• tags/1.0.3/js/login.1563297209.js (added)
• tags/1.0.3/js/wfselect2.min.1563297209.js (added)
• tags/1.0.3/readme.txt (modified) (2 diffs)
• tags/1.0.3/views/options/option-captcha-threshold.php (added)
• tags/1.0.3/views/options/option-captcha.php (modified) (2 diffs)
• tags/1.0.3/views/options/option-require-2fa.php (modified) (1 diff)
• tags/1.0.3/views/settings/options.php (modified) (3 diffs)
• tags/1.0.3/wordfence-login-security.php (modified) (2 diffs)
• trunk/classes/controller/ajax.php (modified) (3 diffs)
• trunk/classes/controller/captcha.php (modified) (1 diff)
• trunk/classes/controller/db.php (modified) (1 diff)
• trunk/classes/controller/settings.php (modified) (7 diffs)
• trunk/classes/controller/time.php (modified) (1 diff)
• trunk/classes/controller/users.php (modified) (1 diff)
• trunk/classes/controller/wordfencels.php (modified) (7 diffs)
• trunk/classes/model/settings/db.php (modified) (1 diff)
• trunk/css/admin-global.1559237323.css (deleted)
• trunk/css/admin-global.1563297209.css (added)
• trunk/css/admin.1559237323.css (deleted)
• trunk/css/admin.1563297209.css (added)
• trunk/css/colorbox.1559237323.css (deleted)
• trunk/css/colorbox.1563297209.css (added)
• trunk/css/font-awesome.1559237323.css (deleted)
• trunk/css/font-awesome.1563297209.css (added)
• trunk/css/ionicons.1559237323.css (deleted)
• trunk/css/ionicons.1563297209.css (added)
• trunk/css/jquery-ui-timepicker-addon.1559237323.css (deleted)
• trunk/css/jquery-ui-timepicker-addon.1563297209.css (added)
• trunk/css/jquery-ui.min.1559237323.css (deleted)
• trunk/css/jquery-ui.min.1563297209.css (added)
• trunk/css/jquery-ui.structure.min.1559237323.css (deleted)
• trunk/css/jquery-ui.structure.min.1563297209.css (added)
• trunk/css/jquery-ui.theme.min.1559237323.css (deleted)
• trunk/css/jquery-ui.theme.min.1563297209.css (added)
• trunk/css/login.1559237323.css (deleted)
• trunk/css/login.1563297209.css (added)
• trunk/css/wfselect2.min.1563297209.css (added)
• trunk/js/Chart.bundle.min.1563297209.js (added)
• trunk/js/admin-global.1559237323.js (deleted)
• trunk/js/admin-global.1563297209.js (added)
• trunk/js/admin.1559237323.js (deleted)
• trunk/js/admin.1563297209.js (added)
• trunk/js/jquery-ui-timepicker-addon.1559237323.js (deleted)
• trunk/js/jquery-ui-timepicker-addon.1563297209.js (added)
• trunk/js/jquery.colorbox.1559237323.js (deleted)
• trunk/js/jquery.colorbox.1563297209.js (added)
• trunk/js/jquery.colorbox.min.1559237323.js (deleted)
• trunk/js/jquery.colorbox.min.1563297209.js (added)
• trunk/js/jquery.qrcode.min.1559237323.js (deleted)
• trunk/js/jquery.qrcode.min.1563297209.js (added)
• trunk/js/jquery.tmpl.min.1559237323.js (deleted)
• trunk/js/jquery.tmpl.min.1563297209.js (added)
• trunk/js/login.1559237323.js (deleted)
• trunk/js/login.1563297209.js (added)
• trunk/js/wfselect2.min.1563297209.js (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/views/options/option-captcha-threshold.php (added)
• trunk/views/options/option-captcha.php (modified) (2 diffs)
• trunk/views/options/option-require-2fa.php (modified) (1 diff)
• trunk/views/settings/options.php (modified) (3 diffs)
• trunk/wordfence-login-security.php (modified) (2 diffs)

wordfence-login-security/tags/1.0.3/classes/controller/ajax.php

@@ -73 +73 @@
                 'required_parameters' => array('nonce', 'id'),
             ),
+            'reset_recaptcha_stats' => array(
+                'handler' => array($this, '_ajax_reset_recaptcha_stats_callback'),
+                'permissions' => array(Controller_Permissions::CAP_MANAGE_SETTINGS => __('You do not have permission to reset reCAPTCHA statistics.', 'wordfence-2fa')),
+                'required_parameters' => array('nonce'),
+            ),
         );
         
@@ -400 +405 @@
         foreach ($admins as $a) {
             /** @var \WP_User $a */
-            if (!Controller_Users::shared()->has_2fa_active($a)) {
+            if (Controller_Users::shared()->has_2fa_active($a)) {
                 continue;
             }
@@ -447 +452 @@
         Controller_Notices::shared()->remove_notice($_POST['id'], false, wp_get_current_user());
     }
+    
+    public function _ajax_reset_recaptcha_stats_callback() {
+        Controller_Settings::shared()->set_array(Controller_Settings::OPTION_CAPTCHA_STATS, array('counts' => array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), 'avg' => 0));
+        $response = array('success' => true);
+        return die(json_encode($response));
+    }
 }

wordfence-login-security/tags/1.0.3/classes/controller/captcha.php

@@ -112 +112 @@
      */
     public function is_human($score) {
+        if (Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_CAPTCHA_TEST_MODE)) {
+            return true;
+        }
+        
         $threshold = $this->threshold();
         return ($score >= $threshold || abs($score - $threshold) < 0.0001);

wordfence-login-security/tags/1.0.3/classes/controller/db.php

@@ -59 +59 @@
     }
     
+    public function uninstall() {
+        $tables = array(self::TABLE_2FA_SECRETS, self::TABLE_SETTINGS);
+        foreach ($tables as $table) {
+            global $wpdb;
+            $wpdb->query('DROP TABLE IF EXISTS `' . self::network_table($table) . '`');
+        }
+    }
+    
     protected function _create_schema() {
         $tables = array(

wordfence-login-security/tags/1.0.3/classes/controller/settings.php

@@ -19 +19 @@
     const OPTION_ALLOW_XML_RPC = 'allow-xml-rpc';
     const OPTION_ENABLE_AUTH_CAPTCHA = 'enable-auth-captcha';
+    const OPTION_CAPTCHA_TEST_MODE = 'recaptcha-test-mode';
     const OPTION_RECAPTCHA_SITE_KEY = 'recaptcha-site-key';
     const OPTION_RECAPTCHA_SECRET = 'recaptcha-secret';
     const OPTION_RECAPTCHA_THRESHOLD = 'recaptcha-threshold';
+    const OPTION_DELETE_ON_DEACTIVATION = 'delete-deactivation';
     
     //Internal
@@ -31 +33 @@
     const OPTION_SHARED_SYMMETRIC_SECRET_KEY = 'shared-symmetric-secret';
     const OPTION_DISMISSED_FRESH_INSTALL_MODAL = 'dismissed-fresh-install-modal';
+    const OPTION_CAPTCHA_STATS = 'captcha-stats';
     
     protected $_settingsStorage;
@@ -67 +70 @@
             self::OPTION_ALLOW_XML_RPC => array('value' => true, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
             self::OPTION_ENABLE_AUTH_CAPTCHA => array('value' => false, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
+            self::OPTION_CAPTCHA_STATS => array('value' => '{"counts":[0,0,0,0,0,0,0,0,0,0,0],"avg":0}', 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
             self::OPTION_RECAPTCHA_THRESHOLD => array('value' => 0.5, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
             self::OPTION_LAST_SECRET_REFRESH => array('value' => 0, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
+            self::OPTION_DELETE_ON_DEACTIVATION => array('value' => false, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
         ));
     }
@@ -130 +135 @@
             case self::OPTION_ALLOW_XML_RPC:
             case self::OPTION_ENABLE_AUTH_CAPTCHA:
+            case self::OPTION_CAPTCHA_TEST_MODE:
             case self::OPTION_DISMISSED_FRESH_INSTALL_MODAL:
+            case self::OPTION_DELETE_ON_DEACTIVATION:
                 return true;
                 
@@ -139 +146 @@
             //Array
             case self::OPTION_GLOBAL_NOTICES:
+            case self::OPTION_CAPTCHA_STATS:
                 return preg_match('/^\[.*\]$/', $value) || preg_match('/^\{.*\}$/', $value); //Only a rough JSON validation
                 
@@ -166 +174 @@
             case self::OPTION_RECAPTCHA_THRESHOLD:
                 return is_numeric($value) && $value >= 0 && $value <= 1;
+            case self::OPTION_RECAPTCHA_SITE_KEY:
+                if (empty($value)) {
+                    return true;
+                }
+                
+                $response = wp_remote_get('https://www.google.com/recaptcha/api.js?render=' . urlencode($value));
+                
+                if (!is_wp_error($response)) {
+                    $status = wp_remote_retrieve_response_code($response);
+                    if ($status == 200) {
+                        return true;
+                    }
+                    
+                    $data = wp_remote_retrieve_body($response);
+                    if (strpos($data, 'grecaptcha') === false) {
+                        return __('Unable to validate the reCAPTCHA site key. Please check the key and try again.', 'wordfence-2fa');
+                    }
+                    return true;
+                }
+                return sprintf(__('An error was encountered while validating the reCAPTCHA site key: %s', 'wordfence-2fa'), $response->get_error_message());
         }
         return true;
@@ -202 +230 @@
             case self::OPTION_ALLOW_XML_RPC:
             case self::OPTION_ENABLE_AUTH_CAPTCHA:
+            case self::OPTION_CAPTCHA_TEST_MODE:
             case self::OPTION_DISMISSED_FRESH_INSTALL_MODAL:
+            case self::OPTION_DELETE_ON_DEACTIVATION:
                 return $this->_truthy_to_bool($value);
                 

wordfence-login-security/tags/1.0.3/classes/controller/time.php

@@ -96 +96 @@
         foreach ($servers as $s) {
             $socket = @fsockopen('udp://' . $s, 123, $err_no, $err_str, 1);
-            stream_set_timeout($socket, 1);
             if ($socket) {
+                stream_set_timeout($socket, 1);
                 $remote_originate = microtime(true);
                 $secondsNTP = ((int) $remote_originate) + self::NTP_EPOCH_CONVERT;

wordfence-login-security/tags/1.0.3/classes/controller/users.php

@@ -312 +312 @@
     
     /**
+     * Records the reCAPTCHA score for later display.
+     * 
+     * This is not atomic, which means this can miscount on hits that overlap, but the overhead of being atomic is not 
+     * worth it for our use.
+     * 
+     * @param \WP_User $user|null
+     * @param float $score
+     */
+    public function record_captcha_score($user, $score) {
+        if (!Controller_CAPTCHA::shared()->enabled()) { return; }
+        if ($this->has_2fa_active($user)) { return; } //2FA activated users do not retrieve a score
+        
+        if ($user) { update_user_meta($user->ID, 'wfls-last-captcha-score', $score); }
+        $stats = Controller_Settings::shared()->get_array(Controller_Settings::OPTION_CAPTCHA_STATS);
+        $int_score = min(max((int) ($score * 10), 0), 10);
+        $count = array_sum($stats['counts']);
+        $stats['counts'][$int_score]++;
+        $stats['avg'] = ($stats['avg'] * $count + $int_score) / ($count + 1);
+        Controller_Settings::shared()->set_array(Controller_Settings::OPTION_CAPTCHA_STATS, $stats);
+    }
+    
+    /**
      * Returns the active and inactive user counts.
      * 

wordfence-login-security/tags/1.0.3/classes/controller/wordfencels.php

@@ -125 +125 @@
             }
         }
+        
+        if (Controller_Settings::shared()->get_bool(Controller_Settings::OPTION_CAPTCHA_TEST_MODE) && Controller_CAPTCHA::shared()->enabled() && Controller_Permissions::shared()->can_manage_settings()) {
+            if (is_multisite()) {
+                add_action('network_admin_notices', array($this, '_recaptcha_test_notice'));
+            }
+            else {
+                add_action('admin_notices', array($this, '_recaptcha_test_notice'));
+            }
+        }
     }
     
@@ -135 +144 @@
     }
     
+    public function _recaptcha_test_notice() {
+        echo '<div class="notice notice-warning"><p>' . sprintf(__('reCAPTCHA test mode is enabled. While enabled, login and registration requests will be checked for their score but will not be blocked if the score is below the minimum score. <a href="%s">Manage Settings</a>', 'wordfence-2fa'), esc_url(network_admin_url('admin.php?page=WFLS#top#settings'))) . '</p></div>';
+    }
+    
     /**
      * Installation/Uninstallation
@@ -151 +164 @@
             }
             delete_option($opt);
+        }
+        
+        if (Controller_Settings::shared()->get_bool(Controller_Settings::OPTION_DELETE_ON_DEACTIVATION)) {
+            Controller_DB::shared()->uninstall();
         }
     }
@@ -243 +260 @@
             }
             wp_enqueue_script('wordfence-ls-admin', Model_Asset::js('admin.js'), array('jquery'), WORDFENCE_LS_VERSION);
+            if (!WORDFENCE_LS_FROM_CORE) {
+                wp_register_script('chart-js', Model_Asset::js('Chart.bundle.min.js'), array('jquery'), '2.4.0');
+                wp_register_script('wordfence-select2-js', Model_Asset::js('wfselect2.min.js'), array('jquery'), WORDFENCE_LS_VERSION);
+                wp_register_style('wordfence-select2-css', Model_Asset::css('wfselect2.min.css'), array(), WORDFENCE_LS_VERSION);
+            }
+            wp_enqueue_script('chart-js');
+            wp_enqueue_script('wordfence-select2-js');
+            wp_enqueue_style('wordfence-select2-css');
             wp_enqueue_style('wordfence-ls-admin', Model_Asset::css('admin.css'), array(), WORDFENCE_LS_VERSION);
             wp_enqueue_style('wordfence-ls-colorbox', Model_Asset::css('colorbox.css'), array(), WORDFENCE_LS_VERSION);
             wp_enqueue_style('wordfence-ls-ionicons', Model_Asset::css('ionicons.css'), array(), WORDFENCE_LS_VERSION);
+            if (!WORDFENCE_LS_FROM_CORE) { wp_enqueue_style('wordfence-ls-font-awesome', Model_Asset::css('font-awesome.css'), array(), WORDFENCE_LS_VERSION); }
             wp_localize_script('wordfence-ls-admin', 'WFLSVars', array(
                 'ajaxurl' => admin_url('admin-ajax.php'),
@@ -400 +426 @@
                 }
                 
-                update_user_meta($user->ID, 'wfls-last-captcha-score', $score);
+                Controller_Users::shared()->record_captcha_score($user, $score);
                 
                 if (isset($_REQUEST['wfls-email-verification']) && !empty($_REQUEST['wfls-email-verification']) && is_string($_REQUEST['wfls-email-verification'])) {
@@ -422 +448 @@
                     $encrypted = Model_Symmetric::encrypt((string) $user->ID);
                     if ($encrypted) {
-                        $jwt = new Model_JWT(array('user' => $encrypted), Controller_Time::time() + 60 * 15 /* minutes */);
+                        $jwt = new Model_JWT(array('user' => $encrypted), Controller_Time::time() + 60 * WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES);
                         $view = new Model_View('email/login-verification', array(
                             'siteName' => get_bloginfo('name', 'raw'),
@@ -618 +644 @@
         
         if ($requireCAPTCHA) {
+            Controller_Users::shared()->record_captcha_score(null, $score);
+            
             if (!Controller_CAPTCHA::shared()->is_human($score)) { //Score is below the human threshold, block the user registration
                 $encryptedIP = Model_Symmetric::encrypt(Model_Request::current()->ip());

wordfence-login-security/tags/1.0.3/classes/model/settings/db.php

@@ -26 +26 @@
         if ($wpdb->query($wpdb->prepare("INSERT INTO `{$table}` (`name`, `value`, `autoload`) VALUES (%s, %s, %s) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`), `autoload` = VALUES(`autoload`)", $key, $value, $autoload)) !== false && $autoload != self::AUTOLOAD_NO) {
             $this->_update_cached($key, $value);
+            do_action('wfls_settings_set', $key, $value);
         }
     }

wordfence-login-security/tags/1.0.3/readme.txt

@@ -1 +1 @@
 === Wordfence Login Security ===
-Contributors: wfryan 
+Contributors: wfryan, wfmattr, mmaunder, wfmatt
 Tags: security, login security, 2fa, two factor authentication, captcha, xml-rpc, mfa, 2 factor
 Requires at least: 4.5
 Requires PHP: 5.3
 Tested up to: 5.2
-Stable tag: 1.0.2
+Stable tag: 1.0.3
 
 Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.
@@ -59 +59 @@
 == Changelog ==
 
+= 1.0.3 - July 16, 2019 =
+* Improvement: Added additional information about reCAPTCHA to its setting control.
+* Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links.
+* Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key.
+* Improvement: Added a setting to control the reCAPTCHA human/bot threshold.
+* Improvement: Added an option to trigger removal of Login Security tables and data on deactivation.
+* Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring.
+* Fix: Widened the reCAPTCHA key fields to allow the full keys to be visible.
+* Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error.
+* Fix: Added handling for reCAPTCHA's JavaScript failing to load, which previously blocked logging in.
+* Fix: Fixed the functionality of the button to send 2FA grace period notifications.
+* Fix: Fixed a missing icon for some help links when running in standalone mode.
+
 = 1.0.2 - May 30, 2019 =
 * Initial release

wordfence-login-security/tags/1.0.3/views/options/option-captcha.php

@@ -18 +18 @@
                 <ul class="wfls-flex-vertical wfls-flex-align-left">
                     <li>
-                        <strong id="wfls-enable-auth-captcha-label"><?php _e('Enable reCAPTCHA on the login and user registration pages', 'wordfence-2fa'); ?></strong>
+                        <strong id="wfls-enable-auth-captcha-label"><?php _e('Enable reCAPTCHA on the login and user registration pages', 'wordfence-ls'); ?></strong>
                     </li>
-                    <li class="wfls-option-subtitle"><?php _e('Note: This feature requires a free site key and secret for the <a href="https://www.google.com/recaptcha/intro/v3.html" target="_blank" rel="noopener noreferrer">Google reCAPTCHA v3 Service</a>.', 'wordfence-2fa'); ?></li>
+                    <li class="wfls-option-subtitle"><?php printf(__('reCAPTCHA v3 does not make users solve puzzles or click a checkbox like previous versions. The only visible part is the reCAPTCHA logo. If a visitor\'s browser fails the CAPTCHA, Wordfence will send an email to the user\'s address with a link they can click to verify that they are a user of your site. You can read further details <a href="%s" target="_blank" rel="noopener noreferrer">in our documentation</a>.', 'wordfence-ls'), \WordfenceLS\Controller_Support::esc_supportURL(\WordfenceLS\Controller_Support::ITEM_MODULE_LOGIN_SECURITY_CAPTCHA)); ?></li>
                 </ul>
             </li>
@@ -31 +31 @@
                 <table>
                     <tr class="wfls-option wfls-option-text" data-original-value="<?php echo esc_attr($siteKeyValue); ?>" data-text-option="<?php echo esc_attr($siteKeyOptionName); ?>">
-                        <th id="wfls-enable-captcha-site-key-label" class="wfls-padding-add-bottom"><?php _e('reCAPTCHA v3 Site Key', 'wordfence'); ?></th>
+                        <th id="wfls-enable-captcha-site-key-label" class="wfls-padding-add-bottom"><?php _e('reCAPTCHA v3 Site Key', 'wordfence-ls'); ?></th>
                         <td class="wfls-option-text wfls-padding-add-bottom"><input type="text" name="recaptchaSiteKey" id="input-recaptchaSiteKey" class="wfls-form-control" value="<?php echo esc_attr($siteKeyValue); ?>"<?php if (!$currentEnableValue) { echo ' disabled'; } ?>></td>
                     </tr>
                     <tr class="wfls-option wfls-option-text" data-original-value="<?php echo esc_attr($secretValue); ?>" data-text-option="<?php echo esc_attr($secretOptionName); ?>">
-                        <th id="wfls-enable-captcha-secret-label"><?php _e('reCAPTCHA v3 Secret', 'wordfence'); ?></th>
+                        <th id="wfls-enable-captcha-secret-label"><?php _e('reCAPTCHA v3 Secret', 'wordfence-ls'); ?></th>
                         <td class="wfls-option-text"><input type="text" name="recaptchaSecret" id="input-recaptchaSecret" class="wfls-form-control" value="<?php echo esc_attr($secretValue); ?>"<?php if (!$currentEnableValue) { echo ' disabled'; } ?>></td>
                     </tr>
                 </table>
+            </li>
+        </ul>
+        <ul class="wfls-option wfls-padding-no-top">
+            <li class="wfls-option-spacer"></li>
+            <li class="wfls-option-title">
+                <ul class="wfls-flex-vertical wfls-flex-align-left">
+                    <li class="wfls-option-subtitle"><?php _e('Note: This feature requires a free site key and secret for the <a href="https://www.google.com/recaptcha/intro/v3.html" target="_blank" rel="noopener noreferrer">Google reCAPTCHA v3 Service</a>.', 'wordfence-ls'); ?></li>
+                </ul>
             </li>
         </ul>

wordfence-login-security/tags/1.0.3/views/options/option-require-2fa.php

@@ -54 +54 @@
                 <span id="wfls-require-2fa-grace-period-label" class="wfls-padding-add-left wfls-padding-add-right"><?php _e('Grace period to require 2FA', 'wordfence'); ?> </span>
                 <input type="text" name="require2FAGracePeriod" id="input-require2FAGracePeriod" class="wfls-datetime wfls-form-control" placeholder="Enabled on..." data-value="<?php echo $currentGracePeriodDateValue; ?>" data-original-value="<?php echo $currentGracePeriodDateValue; ?>"<?php echo $currentGracePeriodEnabledValue ? '' : ' disabled'; ?>>
-                <div class="wfls-padding-add-left"><a href="#" id="wfls-send-grace-period-notification" class="wfls-btn wfls-btn-sm wfls-btn-default<?php echo (\WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_ADMIN) && \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED) && \WordfenceLS\Controller_Time::time() < \WordfenceLS\Controller_Settings::shared()->get_int(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD)) ? '' : ' wfls-disabled'; ?>"><?php _e('Send Notification', 'wordfence-2fa'); ?></a></div>
             </li>
+        </ul>
+    </li>
+    <li>
+        <ul class="wfls-option wfls-padding-no-top">
+            <li class="wfls-option-spacer"></li>
+            <li class="wfls-option-spacer"></li>
+            <li><a href="#" id="wfls-send-grace-period-notification" class="wfls-btn wfls-btn-sm wfls-btn-default<?php echo (\WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_ADMIN) && \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED) && \WordfenceLS\Controller_Time::time() < \WordfenceLS\Controller_Settings::shared()->get_int(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD)) ? '' : ' wfls-disabled'; ?>"><?php _e('Send Notification', 'wordfence-2fa'); ?></a></li>
         </ul>
     </li>

wordfence-login-security/tags/1.0.3/views/settings/options.php

@@ -10 +10 @@
         </div>
         <div class="wfls-block-header-action wfls-block-header-action-text wfls-nowrap wfls-padding-add-right-responsive">
-            <a href="#" id="wfls-cancel-changes" class="wfls-btn wfls-btn-sm wfls-btn-default wfls-disabled"><?php _e('Cancel Changes', 'wordfence-2fa'); ?></a>&nbsp;&nbsp;<a href="#" id="wfls-save-changes" class="wfls-btn wfls-btn-sm wfls-btn-primary wfls-disabled"><?php _e('Save Changes', 'wordfence-2fa'); ?></a>
+            <a href="#" id="wfls-cancel-changes" class="wfls-btn wfls-btn-sm wfls-btn-default wfls-disabled"><?php _e('Cancel<span class="wfls-visible-sm-inline"> Changes</span>', 'wordfence-2fa'); ?></a>&nbsp;&nbsp;<a href="#" id="wfls-save-changes" class="wfls-btn wfls-btn-sm wfls-btn-primary wfls-disabled"><?php _e('Save<span class="wfls-visible-sm-inline"> Changes</span>', 'wordfence-2fa'); ?></a>
         </div>
     </div>
@@ -114 +114 @@
                 ?>
             </li>
+            <li>
+                <?php
+                echo \WordfenceLS\Model_View::create('options/option-captcha-threshold', array(
+                ))->render();
+                ?>
+            </li>
+            <li>
+                <?php
+                echo \WordfenceLS\Model_View::create('options/option-toggled', array(
+                    'optionName' => \WordfenceLS\Controller_Settings::OPTION_CAPTCHA_TEST_MODE,
+                    'enabledValue' => '1',
+                    'disabledValue' => '0',
+                    'value' => \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_CAPTCHA_TEST_MODE) ? '1': '0',
+                    'title' => new \WordfenceLS\Text\Model_HTML('<strong>' . __('Run reCAPTCHA in test mode', 'wordfence-2fa') . '</strong>'),
+                    'subtitle' => __('While in test mode, reCAPTCHA will score login and registration requests but not actually block them. The scores will be recorded and can be used to select a human/bot threshold value.', 'wordfence-2fa'),
+                ))->render();
+                ?>
+            </li>
             <?php if (!WORDFENCE_LS_FROM_CORE): ?>
             <li>
@@ -121 +139 @@
             </li>
             <?php endif; ?>
+            <li>
+                <?php
+                echo \WordfenceLS\Model_View::create('options/option-toggled', array(
+                    'optionName' => \WordfenceLS\Controller_Settings::OPTION_DELETE_ON_DEACTIVATION,
+                    'enabledValue' => '1',
+                    'disabledValue' => '0',
+                    'value' => \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_DELETE_ON_DEACTIVATION) ? '1': '0',
+                    'title' => new \WordfenceLS\Text\Model_HTML('<strong>' . __('Delete Login Security tables and data on deactivation', 'wordfence-2fa') . '</strong>'),
+                    'subtitle' => __('If enabled, all settings and 2FA records will be deleted on deactivation. If later reactivated, all users that previously had 2FA active will need to set it up again.', 'wordfence-2fa'),
+                ))->render();
+                ?>
+            </li>
         </ul>
     </div>

wordfence-login-security/tags/1.0.3/wordfence-login-security.php

@@ -5 +5 @@
 Author: Wordfence
 Author URI: http://www.wordfence.com/
-Version: 1.0.2
+Version: 1.0.3
 Network: true
 */
@@ -34 +34 @@
     define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
     
-    define('WORDFENCE_LS_VERSION', '1.0.2');
-    define('WORDFENCE_LS_BUILD_NUMBER', '1559237323');
+    define('WORDFENCE_LS_VERSION', '1.0.3');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1563297209');
+    
+    if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
     
     if (!WORDFENCE_LS_FROM_CORE) {

wordfence-login-security/trunk/classes/controller/ajax.php

@@ -73 +73 @@
                 'required_parameters' => array('nonce', 'id'),
             ),
+            'reset_recaptcha_stats' => array(
+                'handler' => array($this, '_ajax_reset_recaptcha_stats_callback'),
+                'permissions' => array(Controller_Permissions::CAP_MANAGE_SETTINGS => __('You do not have permission to reset reCAPTCHA statistics.', 'wordfence-2fa')),
+                'required_parameters' => array('nonce'),
+            ),
         );
         
@@ -400 +405 @@
         foreach ($admins as $a) {
             /** @var \WP_User $a */
-            if (!Controller_Users::shared()->has_2fa_active($a)) {
+            if (Controller_Users::shared()->has_2fa_active($a)) {
                 continue;
             }
@@ -447 +452 @@
         Controller_Notices::shared()->remove_notice($_POST['id'], false, wp_get_current_user());
     }
+    
+    public function _ajax_reset_recaptcha_stats_callback() {
+        Controller_Settings::shared()->set_array(Controller_Settings::OPTION_CAPTCHA_STATS, array('counts' => array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), 'avg' => 0));
+        $response = array('success' => true);
+        return die(json_encode($response));
+    }
 }

wordfence-login-security/trunk/classes/controller/captcha.php

@@ -112 +112 @@
      */
     public function is_human($score) {
+        if (Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_CAPTCHA_TEST_MODE)) {
+            return true;
+        }
+        
         $threshold = $this->threshold();
         return ($score >= $threshold || abs($score - $threshold) < 0.0001);

wordfence-login-security/trunk/classes/controller/db.php

@@ -59 +59 @@
     }
     
+    public function uninstall() {
+        $tables = array(self::TABLE_2FA_SECRETS, self::TABLE_SETTINGS);
+        foreach ($tables as $table) {
+            global $wpdb;
+            $wpdb->query('DROP TABLE IF EXISTS `' . self::network_table($table) . '`');
+        }
+    }
+    
     protected function _create_schema() {
         $tables = array(

wordfence-login-security/trunk/classes/controller/settings.php

@@ -19 +19 @@
     const OPTION_ALLOW_XML_RPC = 'allow-xml-rpc';
     const OPTION_ENABLE_AUTH_CAPTCHA = 'enable-auth-captcha';
+    const OPTION_CAPTCHA_TEST_MODE = 'recaptcha-test-mode';
     const OPTION_RECAPTCHA_SITE_KEY = 'recaptcha-site-key';
     const OPTION_RECAPTCHA_SECRET = 'recaptcha-secret';
     const OPTION_RECAPTCHA_THRESHOLD = 'recaptcha-threshold';
+    const OPTION_DELETE_ON_DEACTIVATION = 'delete-deactivation';
     
     //Internal
@@ -31 +33 @@
     const OPTION_SHARED_SYMMETRIC_SECRET_KEY = 'shared-symmetric-secret';
     const OPTION_DISMISSED_FRESH_INSTALL_MODAL = 'dismissed-fresh-install-modal';
+    const OPTION_CAPTCHA_STATS = 'captcha-stats';
     
     protected $_settingsStorage;
@@ -67 +70 @@
             self::OPTION_ALLOW_XML_RPC => array('value' => true, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
             self::OPTION_ENABLE_AUTH_CAPTCHA => array('value' => false, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
+            self::OPTION_CAPTCHA_STATS => array('value' => '{"counts":[0,0,0,0,0,0,0,0,0,0,0],"avg":0}', 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
             self::OPTION_RECAPTCHA_THRESHOLD => array('value' => 0.5, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
             self::OPTION_LAST_SECRET_REFRESH => array('value' => 0, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
+            self::OPTION_DELETE_ON_DEACTIVATION => array('value' => false, 'autoload' => Model_Settings::AUTOLOAD_YES, 'allowOverwrite' => false),
         ));
     }
@@ -130 +135 @@
             case self::OPTION_ALLOW_XML_RPC:
             case self::OPTION_ENABLE_AUTH_CAPTCHA:
+            case self::OPTION_CAPTCHA_TEST_MODE:
             case self::OPTION_DISMISSED_FRESH_INSTALL_MODAL:
+            case self::OPTION_DELETE_ON_DEACTIVATION:
                 return true;
                 
@@ -139 +146 @@
             //Array
             case self::OPTION_GLOBAL_NOTICES:
+            case self::OPTION_CAPTCHA_STATS:
                 return preg_match('/^\[.*\]$/', $value) || preg_match('/^\{.*\}$/', $value); //Only a rough JSON validation
                 
@@ -166 +174 @@
             case self::OPTION_RECAPTCHA_THRESHOLD:
                 return is_numeric($value) && $value >= 0 && $value <= 1;
+            case self::OPTION_RECAPTCHA_SITE_KEY:
+                if (empty($value)) {
+                    return true;
+                }
+                
+                $response = wp_remote_get('https://www.google.com/recaptcha/api.js?render=' . urlencode($value));
+                
+                if (!is_wp_error($response)) {
+                    $status = wp_remote_retrieve_response_code($response);
+                    if ($status == 200) {
+                        return true;
+                    }
+                    
+                    $data = wp_remote_retrieve_body($response);
+                    if (strpos($data, 'grecaptcha') === false) {
+                        return __('Unable to validate the reCAPTCHA site key. Please check the key and try again.', 'wordfence-2fa');
+                    }
+                    return true;
+                }
+                return sprintf(__('An error was encountered while validating the reCAPTCHA site key: %s', 'wordfence-2fa'), $response->get_error_message());
         }
         return true;
@@ -202 +230 @@
             case self::OPTION_ALLOW_XML_RPC:
             case self::OPTION_ENABLE_AUTH_CAPTCHA:
+            case self::OPTION_CAPTCHA_TEST_MODE:
             case self::OPTION_DISMISSED_FRESH_INSTALL_MODAL:
+            case self::OPTION_DELETE_ON_DEACTIVATION:
                 return $this->_truthy_to_bool($value);
                 

wordfence-login-security/trunk/classes/controller/time.php

@@ -96 +96 @@
         foreach ($servers as $s) {
             $socket = @fsockopen('udp://' . $s, 123, $err_no, $err_str, 1);
-            stream_set_timeout($socket, 1);
             if ($socket) {
+                stream_set_timeout($socket, 1);
                 $remote_originate = microtime(true);
                 $secondsNTP = ((int) $remote_originate) + self::NTP_EPOCH_CONVERT;

wordfence-login-security/trunk/classes/controller/users.php

@@ -312 +312 @@
     
     /**
+     * Records the reCAPTCHA score for later display.
+     * 
+     * This is not atomic, which means this can miscount on hits that overlap, but the overhead of being atomic is not 
+     * worth it for our use.
+     * 
+     * @param \WP_User $user|null
+     * @param float $score
+     */
+    public function record_captcha_score($user, $score) {
+        if (!Controller_CAPTCHA::shared()->enabled()) { return; }
+        if ($this->has_2fa_active($user)) { return; } //2FA activated users do not retrieve a score
+        
+        if ($user) { update_user_meta($user->ID, 'wfls-last-captcha-score', $score); }
+        $stats = Controller_Settings::shared()->get_array(Controller_Settings::OPTION_CAPTCHA_STATS);
+        $int_score = min(max((int) ($score * 10), 0), 10);
+        $count = array_sum($stats['counts']);
+        $stats['counts'][$int_score]++;
+        $stats['avg'] = ($stats['avg'] * $count + $int_score) / ($count + 1);
+        Controller_Settings::shared()->set_array(Controller_Settings::OPTION_CAPTCHA_STATS, $stats);
+    }
+    
+    /**
      * Returns the active and inactive user counts.
      * 

wordfence-login-security/trunk/classes/controller/wordfencels.php

@@ -125 +125 @@
             }
         }
+        
+        if (Controller_Settings::shared()->get_bool(Controller_Settings::OPTION_CAPTCHA_TEST_MODE) && Controller_CAPTCHA::shared()->enabled() && Controller_Permissions::shared()->can_manage_settings()) {
+            if (is_multisite()) {
+                add_action('network_admin_notices', array($this, '_recaptcha_test_notice'));
+            }
+            else {
+                add_action('admin_notices', array($this, '_recaptcha_test_notice'));
+            }
+        }
     }
     
@@ -135 +144 @@
     }
     
+    public function _recaptcha_test_notice() {
+        echo '<div class="notice notice-warning"><p>' . sprintf(__('reCAPTCHA test mode is enabled. While enabled, login and registration requests will be checked for their score but will not be blocked if the score is below the minimum score. <a href="%s">Manage Settings</a>', 'wordfence-2fa'), esc_url(network_admin_url('admin.php?page=WFLS#top#settings'))) . '</p></div>';
+    }
+    
     /**
      * Installation/Uninstallation
@@ -151 +164 @@
             }
             delete_option($opt);
+        }
+        
+        if (Controller_Settings::shared()->get_bool(Controller_Settings::OPTION_DELETE_ON_DEACTIVATION)) {
+            Controller_DB::shared()->uninstall();
         }
     }
@@ -243 +260 @@
             }
             wp_enqueue_script('wordfence-ls-admin', Model_Asset::js('admin.js'), array('jquery'), WORDFENCE_LS_VERSION);
+            if (!WORDFENCE_LS_FROM_CORE) {
+                wp_register_script('chart-js', Model_Asset::js('Chart.bundle.min.js'), array('jquery'), '2.4.0');
+                wp_register_script('wordfence-select2-js', Model_Asset::js('wfselect2.min.js'), array('jquery'), WORDFENCE_LS_VERSION);
+                wp_register_style('wordfence-select2-css', Model_Asset::css('wfselect2.min.css'), array(), WORDFENCE_LS_VERSION);
+            }
+            wp_enqueue_script('chart-js');
+            wp_enqueue_script('wordfence-select2-js');
+            wp_enqueue_style('wordfence-select2-css');
             wp_enqueue_style('wordfence-ls-admin', Model_Asset::css('admin.css'), array(), WORDFENCE_LS_VERSION);
             wp_enqueue_style('wordfence-ls-colorbox', Model_Asset::css('colorbox.css'), array(), WORDFENCE_LS_VERSION);
             wp_enqueue_style('wordfence-ls-ionicons', Model_Asset::css('ionicons.css'), array(), WORDFENCE_LS_VERSION);
+            if (!WORDFENCE_LS_FROM_CORE) { wp_enqueue_style('wordfence-ls-font-awesome', Model_Asset::css('font-awesome.css'), array(), WORDFENCE_LS_VERSION); }
             wp_localize_script('wordfence-ls-admin', 'WFLSVars', array(
                 'ajaxurl' => admin_url('admin-ajax.php'),
@@ -400 +426 @@
                 }
                 
-                update_user_meta($user->ID, 'wfls-last-captcha-score', $score);
+                Controller_Users::shared()->record_captcha_score($user, $score);
                 
                 if (isset($_REQUEST['wfls-email-verification']) && !empty($_REQUEST['wfls-email-verification']) && is_string($_REQUEST['wfls-email-verification'])) {
@@ -422 +448 @@
                     $encrypted = Model_Symmetric::encrypt((string) $user->ID);
                     if ($encrypted) {
-                        $jwt = new Model_JWT(array('user' => $encrypted), Controller_Time::time() + 60 * 15 /* minutes */);
+                        $jwt = new Model_JWT(array('user' => $encrypted), Controller_Time::time() + 60 * WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES);
                         $view = new Model_View('email/login-verification', array(
                             'siteName' => get_bloginfo('name', 'raw'),
@@ -618 +644 @@
         
         if ($requireCAPTCHA) {
+            Controller_Users::shared()->record_captcha_score(null, $score);
+            
             if (!Controller_CAPTCHA::shared()->is_human($score)) { //Score is below the human threshold, block the user registration
                 $encryptedIP = Model_Symmetric::encrypt(Model_Request::current()->ip());

wordfence-login-security/trunk/classes/model/settings/db.php

@@ -26 +26 @@
         if ($wpdb->query($wpdb->prepare("INSERT INTO `{$table}` (`name`, `value`, `autoload`) VALUES (%s, %s, %s) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`), `autoload` = VALUES(`autoload`)", $key, $value, $autoload)) !== false && $autoload != self::AUTOLOAD_NO) {
             $this->_update_cached($key, $value);
+            do_action('wfls_settings_set', $key, $value);
         }
     }

wordfence-login-security/trunk/readme.txt

@@ -1 +1 @@
 === Wordfence Login Security ===
-Contributors: wfryan 
+Contributors: wfryan, wfmattr, mmaunder, wfmatt
 Tags: security, login security, 2fa, two factor authentication, captcha, xml-rpc, mfa, 2 factor
 Requires at least: 4.5
@@ -59 +59 @@
 == Changelog ==
 
+= 1.0.3 - July 16, 2019 =
+* Improvement: Added additional information about reCAPTCHA to its setting control.
+* Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links.
+* Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key.
+* Improvement: Added a setting to control the reCAPTCHA human/bot threshold.
+* Improvement: Added an option to trigger removal of Login Security tables and data on deactivation.
+* Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring.
+* Fix: Widened the reCAPTCHA key fields to allow the full keys to be visible.
+* Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error.
+* Fix: Added handling for reCAPTCHA's JavaScript failing to load, which previously blocked logging in.
+* Fix: Fixed the functionality of the button to send 2FA grace period notifications.
+* Fix: Fixed a missing icon for some help links when running in standalone mode.
+
 = 1.0.2 - May 30, 2019 =
 * Initial release

wordfence-login-security/trunk/views/options/option-captcha.php

@@ -18 +18 @@
                 <ul class="wfls-flex-vertical wfls-flex-align-left">
                     <li>
-                        <strong id="wfls-enable-auth-captcha-label"><?php _e('Enable reCAPTCHA on the login and user registration pages', 'wordfence-2fa'); ?></strong>
+                        <strong id="wfls-enable-auth-captcha-label"><?php _e('Enable reCAPTCHA on the login and user registration pages', 'wordfence-ls'); ?></strong>
                     </li>
-                    <li class="wfls-option-subtitle"><?php _e('Note: This feature requires a free site key and secret for the <a href="https://www.google.com/recaptcha/intro/v3.html" target="_blank" rel="noopener noreferrer">Google reCAPTCHA v3 Service</a>.', 'wordfence-2fa'); ?></li>
+                    <li class="wfls-option-subtitle"><?php printf(__('reCAPTCHA v3 does not make users solve puzzles or click a checkbox like previous versions. The only visible part is the reCAPTCHA logo. If a visitor\'s browser fails the CAPTCHA, Wordfence will send an email to the user\'s address with a link they can click to verify that they are a user of your site. You can read further details <a href="%s" target="_blank" rel="noopener noreferrer">in our documentation</a>.', 'wordfence-ls'), \WordfenceLS\Controller_Support::esc_supportURL(\WordfenceLS\Controller_Support::ITEM_MODULE_LOGIN_SECURITY_CAPTCHA)); ?></li>
                 </ul>
             </li>
@@ -31 +31 @@
                 <table>
                     <tr class="wfls-option wfls-option-text" data-original-value="<?php echo esc_attr($siteKeyValue); ?>" data-text-option="<?php echo esc_attr($siteKeyOptionName); ?>">
-                        <th id="wfls-enable-captcha-site-key-label" class="wfls-padding-add-bottom"><?php _e('reCAPTCHA v3 Site Key', 'wordfence'); ?></th>
+                        <th id="wfls-enable-captcha-site-key-label" class="wfls-padding-add-bottom"><?php _e('reCAPTCHA v3 Site Key', 'wordfence-ls'); ?></th>
                         <td class="wfls-option-text wfls-padding-add-bottom"><input type="text" name="recaptchaSiteKey" id="input-recaptchaSiteKey" class="wfls-form-control" value="<?php echo esc_attr($siteKeyValue); ?>"<?php if (!$currentEnableValue) { echo ' disabled'; } ?>></td>
                     </tr>
                     <tr class="wfls-option wfls-option-text" data-original-value="<?php echo esc_attr($secretValue); ?>" data-text-option="<?php echo esc_attr($secretOptionName); ?>">
-                        <th id="wfls-enable-captcha-secret-label"><?php _e('reCAPTCHA v3 Secret', 'wordfence'); ?></th>
+                        <th id="wfls-enable-captcha-secret-label"><?php _e('reCAPTCHA v3 Secret', 'wordfence-ls'); ?></th>
                         <td class="wfls-option-text"><input type="text" name="recaptchaSecret" id="input-recaptchaSecret" class="wfls-form-control" value="<?php echo esc_attr($secretValue); ?>"<?php if (!$currentEnableValue) { echo ' disabled'; } ?>></td>
                     </tr>
                 </table>
+            </li>
+        </ul>
+        <ul class="wfls-option wfls-padding-no-top">
+            <li class="wfls-option-spacer"></li>
+            <li class="wfls-option-title">
+                <ul class="wfls-flex-vertical wfls-flex-align-left">
+                    <li class="wfls-option-subtitle"><?php _e('Note: This feature requires a free site key and secret for the <a href="https://www.google.com/recaptcha/intro/v3.html" target="_blank" rel="noopener noreferrer">Google reCAPTCHA v3 Service</a>.', 'wordfence-ls'); ?></li>
+                </ul>
             </li>
         </ul>

wordfence-login-security/trunk/views/options/option-require-2fa.php

@@ -54 +54 @@
                 <span id="wfls-require-2fa-grace-period-label" class="wfls-padding-add-left wfls-padding-add-right"><?php _e('Grace period to require 2FA', 'wordfence'); ?> </span>
                 <input type="text" name="require2FAGracePeriod" id="input-require2FAGracePeriod" class="wfls-datetime wfls-form-control" placeholder="Enabled on..." data-value="<?php echo $currentGracePeriodDateValue; ?>" data-original-value="<?php echo $currentGracePeriodDateValue; ?>"<?php echo $currentGracePeriodEnabledValue ? '' : ' disabled'; ?>>
-                <div class="wfls-padding-add-left"><a href="#" id="wfls-send-grace-period-notification" class="wfls-btn wfls-btn-sm wfls-btn-default<?php echo (\WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_ADMIN) && \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED) && \WordfenceLS\Controller_Time::time() < \WordfenceLS\Controller_Settings::shared()->get_int(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD)) ? '' : ' wfls-disabled'; ?>"><?php _e('Send Notification', 'wordfence-2fa'); ?></a></div>
             </li>
+        </ul>
+    </li>
+    <li>
+        <ul class="wfls-option wfls-padding-no-top">
+            <li class="wfls-option-spacer"></li>
+            <li class="wfls-option-spacer"></li>
+            <li><a href="#" id="wfls-send-grace-period-notification" class="wfls-btn wfls-btn-sm wfls-btn-default<?php echo (\WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_ADMIN) && \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED) && \WordfenceLS\Controller_Time::time() < \WordfenceLS\Controller_Settings::shared()->get_int(\WordfenceLS\Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD)) ? '' : ' wfls-disabled'; ?>"><?php _e('Send Notification', 'wordfence-2fa'); ?></a></li>
         </ul>
     </li>

wordfence-login-security/trunk/views/settings/options.php

@@ -10 +10 @@
         </div>
         <div class="wfls-block-header-action wfls-block-header-action-text wfls-nowrap wfls-padding-add-right-responsive">
-            <a href="#" id="wfls-cancel-changes" class="wfls-btn wfls-btn-sm wfls-btn-default wfls-disabled"><?php _e('Cancel Changes', 'wordfence-2fa'); ?></a>&nbsp;&nbsp;<a href="#" id="wfls-save-changes" class="wfls-btn wfls-btn-sm wfls-btn-primary wfls-disabled"><?php _e('Save Changes', 'wordfence-2fa'); ?></a>
+            <a href="#" id="wfls-cancel-changes" class="wfls-btn wfls-btn-sm wfls-btn-default wfls-disabled"><?php _e('Cancel<span class="wfls-visible-sm-inline"> Changes</span>', 'wordfence-2fa'); ?></a>&nbsp;&nbsp;<a href="#" id="wfls-save-changes" class="wfls-btn wfls-btn-sm wfls-btn-primary wfls-disabled"><?php _e('Save<span class="wfls-visible-sm-inline"> Changes</span>', 'wordfence-2fa'); ?></a>
         </div>
     </div>
@@ -114 +114 @@
                 ?>
             </li>
+            <li>
+                <?php
+                echo \WordfenceLS\Model_View::create('options/option-captcha-threshold', array(
+                ))->render();
+                ?>
+            </li>
+            <li>
+                <?php
+                echo \WordfenceLS\Model_View::create('options/option-toggled', array(
+                    'optionName' => \WordfenceLS\Controller_Settings::OPTION_CAPTCHA_TEST_MODE,
+                    'enabledValue' => '1',
+                    'disabledValue' => '0',
+                    'value' => \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_CAPTCHA_TEST_MODE) ? '1': '0',
+                    'title' => new \WordfenceLS\Text\Model_HTML('<strong>' . __('Run reCAPTCHA in test mode', 'wordfence-2fa') . '</strong>'),
+                    'subtitle' => __('While in test mode, reCAPTCHA will score login and registration requests but not actually block them. The scores will be recorded and can be used to select a human/bot threshold value.', 'wordfence-2fa'),
+                ))->render();
+                ?>
+            </li>
             <?php if (!WORDFENCE_LS_FROM_CORE): ?>
             <li>
@@ -121 +139 @@
             </li>
             <?php endif; ?>
+            <li>
+                <?php
+                echo \WordfenceLS\Model_View::create('options/option-toggled', array(
+                    'optionName' => \WordfenceLS\Controller_Settings::OPTION_DELETE_ON_DEACTIVATION,
+                    'enabledValue' => '1',
+                    'disabledValue' => '0',
+                    'value' => \WordfenceLS\Controller_Settings::shared()->get_bool(\WordfenceLS\Controller_Settings::OPTION_DELETE_ON_DEACTIVATION) ? '1': '0',
+                    'title' => new \WordfenceLS\Text\Model_HTML('<strong>' . __('Delete Login Security tables and data on deactivation', 'wordfence-2fa') . '</strong>'),
+                    'subtitle' => __('If enabled, all settings and 2FA records will be deleted on deactivation. If later reactivated, all users that previously had 2FA active will need to set it up again.', 'wordfence-2fa'),
+                ))->render();
+                ?>
+            </li>
         </ul>
     </div>

wordfence-login-security/trunk/wordfence-login-security.php

@@ -5 +5 @@
 Author: Wordfence
 Author URI: http://www.wordfence.com/
-Version: 1.0.2
+Version: 1.0.3
 Network: true
 */
@@ -34 +34 @@
     define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
     
-    define('WORDFENCE_LS_VERSION', '1.0.2');
-    define('WORDFENCE_LS_BUILD_NUMBER', '1559237323');
+    define('WORDFENCE_LS_VERSION', '1.0.3');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1563297209');
+    
+    if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
     
     if (!WORDFENCE_LS_FROM_CORE) {