New module jetpack, replacement of wp-stats

Update akismet, limit-login-attempts, smart-youtube, wp-importer

5 files changed, 253 insertions, 132 deletions

diff --git a/plugins/limit-login-attempts/limit-login-attempts-sv_SE.mo b/plugins/limit-login-attempts/limit-login-attempts-sv_SE.mo
index 472bdc24..fa77728e 100644
--- a/plugins/limit-login-attempts/limit-login-attempts-sv_SE.mo
+++ b/plugins/limit-login-attempts/limit-login-attempts-sv_SE.mo
diff --git a/plugins/limit-login-attempts/limit-login-attempts-sv_SE.po b/plugins/limit-login-attempts/limit-login-attempts-sv_SE.po
index 65335770..faaf1d50 100755
--- a/plugins/limit-login-attempts/limit-login-attempts-sv_SE.po
+++ b/plugins/limit-login-attempts/limit-login-attempts-sv_SE.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: limit-login-attempts 1.2\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tag/limit-login-attempts\n"
-"POT-Creation-Date: 2011-02-17 15:08:09+00:00\n"
-"PO-Revision-Date: 2011-02-17 16:15+0100\n"
+"POT-Creation-Date: 2012-05-20 10:43:32+00:00\n"
+"PO-Revision-Date: 2012-05-20 12:51+0100\n"
 "Last-Translator: Johan Eenfeldt <johan.eenfeldt@kostdoktorn.se>\n"
 "Language-Team: Swedish\n"
 "MIME-Version: 1.0\n"
@@ -16,222 +16,230 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: limit-login-attempts.php:474
+#: limit-login-attempts.php:522
 msgid "%d hour"
 msgid_plural "%d hours"
 msgstr[0] "%d timme"
 msgstr[1] "%d timmar"
 
-#: limit-login-attempts.php:480
+#: limit-login-attempts.php:528
 msgid "%d minute"
 msgid_plural "%d minutes"
 msgstr[0] "%d minut"
 msgstr[1] "%d minuter"
 
-#: limit-login-attempts.php:485
+#: limit-login-attempts.php:534
+msgid "[%s] Failed login attempts from whitelisted IP"
+msgstr "[%s] För många misslyckade inloggningar från IP i vitlista"
+
+#: limit-login-attempts.php:538
 msgid "[%s] Too many failed login attempts"
 msgstr "[%s] För många misslyckade inloggningar"
 
-#: limit-login-attempts.php:487
+#: limit-login-attempts.php:543
 msgid "%d failed login attempts (%d lockout(s)) from IP: %s"
 msgstr "%d misslyckade inloggningar (blockad %d gång(er)) från IP: %s"
 
-#: limit-login-attempts.php:491
+#: limit-login-attempts.php:547
 msgid "Last user attempted: %s"
 msgstr "Misslyckades senast med användare : %s"
 
-#: limit-login-attempts.php:494
+#: limit-login-attempts.php:551
+msgid "IP was NOT blocked because of external whitelist."
+msgstr "IP blockerades INTE på grund av extern vitlista."
+
+#: limit-login-attempts.php:553
 msgid "IP was blocked for %s"
 msgstr "IP blockerades i %s"
 
-#: limit-login-attempts.php:551
+#: limit-login-attempts.php:615
 msgid "<strong>ERROR</strong>: Too many failed login attempts."
 msgstr "<strong>Fel</strong>: F&ouml;r m&aring;nga misslyckade f&ouml;rs&ouml;k."
 
-#: limit-login-attempts.php:555
+#: limit-login-attempts.php:619
 msgid "Please try again later."
 msgstr "F&ouml;rs&ouml;k igen senare."
 
-#: limit-login-attempts.php:562
+#: limit-login-attempts.php:626
 msgid "Please try again in %d hour."
 msgid_plural "Please try again in %d hours."
 msgstr[0] "F&ouml;rs&ouml;k igen om %d timme."
 msgstr[1] "F&ouml;rs&ouml;k igen om %d timmar."
 
-#: limit-login-attempts.php:564
+#: limit-login-attempts.php:628
 msgid "Please try again in %d minute."
 msgid_plural "Please try again in %d minutes."
 msgstr[0] "F&ouml;rs&ouml;k igen om %d minut."
 msgstr[1] "F&ouml;rs&ouml;k igen om %d minuter."
 
-#: limit-login-attempts.php:593
+#: limit-login-attempts.php:657
 msgid "<strong>%d</strong> attempt remaining."
 msgid_plural "<strong>%d</strong> attempts remaining."
 msgstr[0] "<strong>%d</strong> f&ouml;rs&ouml;k &aring;terst&aring;r."
 msgstr[1] "<strong>%d</strong> f&ouml;rs&ouml;k &aring;terst&aring;r."
 
-#: limit-login-attempts.php:658
+#: limit-login-attempts.php:728
 msgid "<strong>ERROR</strong>: Incorrect username or password."
 msgstr "<strong>Fel</strong>: Felaktigt anv&auml;ndarnamn eller l&ouml;senord."
 
-#: limit-login-attempts.php:826
+#: limit-login-attempts.php:896
 msgctxt "Internet address"
 msgid "IP"
 msgstr "IP"
 
-#: limit-login-attempts.php:826
+#: limit-login-attempts.php:896
 msgid "Tried to log in as"
 msgstr "F&ouml;rs&ouml;kte logga in som"
 
-#: limit-login-attempts.php:831
+#: limit-login-attempts.php:901
 msgid "%d lockout"
 msgid_plural "%d lockouts"
 msgstr[0] "%d blockering"
 msgstr[1] "%d blockeringar"
 
-#: limit-login-attempts.php:860
+#: limit-login-attempts.php:930
 msgid "Cleared IP log"
 msgstr "Rensade IP loggen"
 
-#: limit-login-attempts.php:868
+#: limit-login-attempts.php:938
 msgid "Reset lockout count"
 msgstr "Nollst&auml;llde r&auml;knaren f&ouml;r blockeringar"
 
-#: limit-login-attempts.php:876
+#: limit-login-attempts.php:946
 msgid "Cleared current lockouts"
 msgstr "Tog bort aktuella blockeringar"
 
-#: limit-login-attempts.php:905
+#: limit-login-attempts.php:975
 msgid "Options changed"
 msgstr "Inst&auml;llningar &auml;ndrade"
 
-#: limit-login-attempts.php:923
+#: limit-login-attempts.php:993
 msgid "It appears the site is reached directly (from your IP: %s)"
 msgstr "Sajten tycks vara direktansluten (från din IP: %s)"
 
-#: limit-login-attempts.php:925
+#: limit-login-attempts.php:995
 msgid "It appears the site is reached through a proxy server (proxy IP: %s, your IP: %s)"
 msgstr "Sajten tycks ansluta genom en proxy server (proxy IP: %s, din IP: %s)"
 
-#: limit-login-attempts.php:933
+#: limit-login-attempts.php:1003
 msgid "<strong>Current setting appears to be invalid</strong>. Please make sure it is correct. Further information can be found <a href=\"%s\" title=\"FAQ\">here</a>"
 msgstr "<strong>Nuvarande inställningar kan vara fel</strong>. Säkerställ att de är korrekta. Mer information kan hittas <a href=\"%s\" title=\"FAQ\">här</a>"
 
-#: limit-login-attempts.php:941
+#: limit-login-attempts.php:1011
 msgid "Limit Login Attempts Settings"
 msgstr "Limit Login Attempts Inst&auml;llningar"
 
-#: limit-login-attempts.php:942
+#: limit-login-attempts.php:1012
 msgid "Statistics"
 msgstr "Statistik"
 
-#: limit-login-attempts.php:947
+#: limit-login-attempts.php:1017
 msgid "Total lockouts"
 msgstr "Antal blockeringar"
 
-#: limit-login-attempts.php:950
+#: limit-login-attempts.php:1020
 msgid "Reset Counter"
 msgstr "Nollst&auml;ll r&auml;knare"
 
-#: limit-login-attempts.php:951
+#: limit-login-attempts.php:1021
 msgid "%d lockout since last reset"
 msgid_plural "%d lockouts since last reset"
 msgstr[0] "%d blockering sedan r&auml;knaren nollst&auml;lldes"
 msgstr[1] "%d blockeringar sedan r&auml;knaren nollst&auml;lldes"
 
-#: limit-login-attempts.php:952
+#: limit-login-attempts.php:1022
 msgid "No lockouts yet"
 msgstr "Inga blockeringar har skett &auml;nnu"
 
-#: limit-login-attempts.php:957
+#: limit-login-attempts.php:1027
 msgid "Active lockouts"
 msgstr "Aktiva blockeringar"
 
-#: limit-login-attempts.php:959
+#: limit-login-attempts.php:1029
 msgid "Restore Lockouts"
 msgstr "Ta bort blockeringar"
 
-#: limit-login-attempts.php:960
+#: limit-login-attempts.php:1030
 msgid "%d IP is currently blocked from trying to log in"
 msgstr "%d IP &auml;r f&ouml;r n&auml;rvarande blockerade fr&aring;n att logga in"
 
-#: limit-login-attempts.php:966
+#: limit-login-attempts.php:1036
 msgid "Options"
 msgstr "Inst&auml;llningar"
 
-#: limit-login-attempts.php:971
+#: limit-login-attempts.php:1041
 msgid "Lockout"
 msgstr "Blockering"
 
-#: limit-login-attempts.php:973
+#: limit-login-attempts.php:1043
 msgid "allowed retries"
 msgstr "till&aring;tna misslyckanden"
 
-#: limit-login-attempts.php:974
+#: limit-login-attempts.php:1044
 msgid "minutes lockout"
 msgstr "minuters blockering"
 
-#: limit-login-attempts.php:975
+#: limit-login-attempts.php:1045
 msgid "lockouts increase lockout time to"
 msgstr "blockeringar &ouml;kar tiden till"
 
-#: limit-login-attempts.php:975
+#: limit-login-attempts.php:1045
 msgid "hours"
 msgstr "timmar"
 
-#: limit-login-attempts.php:976
+#: limit-login-attempts.php:1046
 msgid "hours until retries are reset"
 msgstr "timmar tills misslyckanden nollst&auml;lls"
 
-#: limit-login-attempts.php:980
+#: limit-login-attempts.php:1050
 msgid "Site connection"
 msgstr "Sajten ansluter"
 
-#: limit-login-attempts.php:986
+#: limit-login-attempts.php:1056
 msgid "Direct connection"
 msgstr "Direktansluten"
 
-#: limit-login-attempts.php:991
+#: limit-login-attempts.php:1061
 msgid "From behind a reversy proxy"
 msgstr "Bakom en reverse proxy"
 
-#: limit-login-attempts.php:997
+#: limit-login-attempts.php:1067
 msgid "Handle cookie login"
 msgstr "Hantera inloggning med kakor"
 
-#: limit-login-attempts.php:999
+#: limit-login-attempts.php:1069
 msgid "Yes"
 msgstr "Ja"
 
-#: limit-login-attempts.php:999
+#: limit-login-attempts.php:1069
 msgid "No"
 msgstr "Nej"
 
-#: limit-login-attempts.php:1003
+#: limit-login-attempts.php:1073
 msgid "Notify on lockout"
 msgstr "Notifiera om blockering"
 
-#: limit-login-attempts.php:1005
+#: limit-login-attempts.php:1075
 msgid "Log IP"
 msgstr "Logga IP"
 
-#: limit-login-attempts.php:1006
+#: limit-login-attempts.php:1076
 msgid "Email to admin after"
 msgstr "E-post till administrat&ouml;r efter"
 
-#: limit-login-attempts.php:1006
+#: limit-login-attempts.php:1076
 msgid "lockouts"
 msgstr "blockeringar"
 
-#: limit-login-attempts.php:1011
+#: limit-login-attempts.php:1081
 msgid "Change Options"
 msgstr "&Auml;ndra Inst&auml;llningar"
 
-#: limit-login-attempts.php:1019
+#: limit-login-attempts.php:1089
 msgid "Lockout log"
 msgstr "Log &ouml;ver blockeringar"
 
-#: limit-login-attempts.php:1024
+#: limit-login-attempts.php:1094
 msgid "Clear Log"
 msgstr "Rensa Log"
 
diff --git a/plugins/limit-login-attempts/limit-login-attempts.php b/plugins/limit-login-attempts/limit-login-attempts.php
index a92f5b62..3bbfa7b8 100755
--- a/plugins/limit-login-attempts/limit-login-attempts.php
+++ b/plugins/limit-login-attempts/limit-login-attempts.php
@@ -6,9 +6,9 @@
   Author: Johan Eenfeldt
   Author URI: http://devel.kostdoktorn.se
   Text Domain: limit-login-attempts
-  Version: 1.6.2
+  Version: 1.7.1
 
-  Copyright 2008 - 2011 Johan Eenfeldt
+  Copyright 2008 - 2012 Johan Eenfeldt
 
   Thanks to Michael Skerwiderski for reverse proxy handling suggestions.
 
@@ -43,7 +43,7 @@ define('LIMIT_LOGIN_LOCKOUT_NOTIFY_ALLOWED', 'log,email');
 /*
  * Variables
  *
- * Assignments are for default value -- change in admin page.
+ * Assignments are for default value -- change on admin page.
  */
 
 $limit_login_options =
@@ -85,7 +85,7 @@ $limit_login_nonempty_credentials = false; /* user and pwd nonempty */
  * Startup
  */
 
-add_action('init', 'limit_login_setup');
+add_action('plugins_loaded', 'limit_login_setup', 99999);
 
 
 /*
@@ -102,7 +102,7 @@ function limit_login_setup() {
 	/* Filters and actions */
 	add_action('wp_login_failed', 'limit_login_failed');
 	if (limit_login_option('cookies')) {
-		add_action('plugins_loaded', 'limit_login_handle_cookies', 99999);
+		limit_login_handle_cookies();
 		add_action('auth_cookie_bad_username', 'limit_login_failed_cookie');
 
 		global $wp_version;
@@ -175,10 +175,40 @@ function limit_login_get_address($type_name = '') {
 }
 
 
+/*
+ * Check if IP is whitelisted.
+ *
+ * This function allow external ip whitelisting using a filter. Note that it can
+ * be called multiple times during the login process.
+ *
+ * Note that retries and statistics are still counted and notifications
+ * done as usual for whitelisted ips , but no lockout is done.
+ *
+ * Example:
+ * function my_ip_whitelist($allow, $ip) {
+ * 	return ($ip == 'my-ip') ? true : $allow;
+ * }
+ * add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);
+ */
+function is_limit_login_ip_whitelisted($ip = null) {
+	if (is_null($ip)) {
+		$ip = limit_login_get_address();
+	}
+	$whitelisted = apply_filters('limit_login_whitelist_ip', false, $ip);
+
+	return ($whitelisted === true);
+}
+
+
 /* Check if it is ok to login */
 function is_limit_login_ok() {
 	$ip = limit_login_get_address();
 
+	/* Check external whitelist filter */
+	if (is_limit_login_ip_whitelisted($ip)) {
+		return true;
+	}
+
 	/* lockout active? */
 	$lockouts = get_option('limit_login_lockouts');
 	return (!is_array($lockouts) || !isset($lockouts[$ip]) || time() >= $lockouts[$ip]);
@@ -209,7 +239,7 @@ function limit_login_failure_shake($error_codes) {
 
 
 /*
- * Action: called in plugin_loaded (really early) to make sure we do not allow
+ * Must be called in plugin_loaded (really early) to make sure we do not allow
  * auth cookies while locked out.
  */
 function limit_login_handle_cookies() {
@@ -324,6 +354,9 @@ function limit_login_clear_auth_cookie() {
  *
  * Increase nr of retries (if necessary). Reset valid value. Setup
  * lockout if nr of retries are above threshold. And more!
+ *
+ * A note on external whitelist: retries and statistics are still counted and
+ * notifications done as usual, but no lockout is done.
  */
 function limit_login_failed($username) {
 	$ip = limit_login_get_address();
@@ -369,20 +402,34 @@ function limit_login_failed($username) {
 
 	/* lockout! */
 
-	global $limit_login_just_lockedout;
-	$limit_login_just_lockedout = true;
+	$whitelisted = is_limit_login_ip_whitelisted($ip);
 
-	/* setup lockout, reset retries as needed */
 	$retries_long = limit_login_option('allowed_retries')
-	    * limit_login_option('allowed_lockouts');
-	if ($retries[$ip] >= $retries_long) {
-	    /* long lockout */
-	    $lockouts[$ip] = time() + limit_login_option('long_duration');
-	    unset($retries[$ip]);
-	    unset($valid[$ip]);
+		* limit_login_option('allowed_lockouts');
+
+	/* 
+	 * Note that retries and statistics are still counted and notifications
+	 * done as usual for whitelisted ips , but no lockout is done.
+	 */
+	if ($whitelisted) {
+		if ($retries[$ip] >= $retries_long) {
+			unset($retries[$ip]);
+			unset($valid[$ip]);
+		}
 	} else {
-	    /* normal lockout */
-	    $lockouts[$ip] = time() + limit_login_option('lockout_duration');
+		global $limit_login_just_lockedout;
+		$limit_login_just_lockedout = true;
+
+		/* setup lockout, reset retries as needed */
+		if ($retries[$ip] >= $retries_long) {
+			/* long lockout */
+			$lockouts[$ip] = time() + limit_login_option('long_duration');
+			unset($retries[$ip]);
+			unset($valid[$ip]);
+		} else {
+			/* normal lockout */
+			$lockouts[$ip] = time() + limit_login_option('lockout_duration');
+		}
 	}
 
 	/* do housecleaning and save values */
@@ -394,9 +441,9 @@ function limit_login_failed($username) {
 	/* increase statistics */
 	$total = get_option('limit_login_lockouts_total');
 	if ($total === false || !is_numeric($total)) {
-	    add_option('limit_login_lockouts_total', 1, '', 'no');
+		add_option('limit_login_lockouts_total', 1, '', 'no');
 	} else {
-	    update_option('limit_login_lockouts_total', $total + 1);
+		update_option('limit_login_lockouts_total', $total + 1);
 	}
 }
 
@@ -451,6 +498,7 @@ function is_limit_login_multisite() {
 /* Email notification of lockout to admin (if configured) */
 function limit_login_notify_email($user) {
 	$ip = limit_login_get_address();
+	$whitelisted = is_limit_login_ip_whitelisted($ip);
 
 	$retries = get_option('limit_login_retries');
 	if (!is_array($retries)) {
@@ -482,8 +530,16 @@ function limit_login_notify_email($user) {
 
 	$blogname = is_limit_login_multisite() ? get_site_option('site_name') : get_option('blogname');	
 
-	$subject = sprintf(__("[%s] Too many failed login attempts", 'limit-login-attempts')
-			   , $blogname);
+	if ($whitelisted) {
+		$subject = sprintf(__("[%s] Failed login attempts from whitelisted IP"
+				      , 'limit-login-attempts')
+				   , $blogname);
+	} else {
+		$subject = sprintf(__("[%s] Too many failed login attempts"
+				      , 'limit-login-attempts')
+				   , $blogname);
+	}
+
 	$message = sprintf(__("%d failed login attempts (%d lockout(s)) from IP: %s"
 			      , 'limit-login-attempts') . "\r\n\r\n"
 			   , $count, $lockouts, $ip);
@@ -491,7 +547,11 @@ function limit_login_notify_email($user) {
 		$message .= sprintf(__("Last user attempted: %s", 'limit-login-attempts')
 				    . "\r\n\r\n" , $user);
 	}
-	$message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when);
+	if ($whitelisted) {
+		$message .= __("IP was NOT blocked because of external whitelist.", 'limit-login-attempts');
+	} else {
+		$message .= sprintf(__("IP was blocked for %s", 'limit-login-attempts'), $when);
+	}
 
 	$admin_email = is_limit_login_multisite() ? get_site_option('admin_email') : get_option('admin_email');
 
@@ -600,6 +660,12 @@ function limit_login_retries_remaining_msg() {
 
 /* Return current (error) message to show, if any */
 function limit_login_get_message() {
+	/* Check external whitelist */
+	if (is_limit_login_ip_whitelisted()) {
+		return '';
+	}
+
+	/* Is lockout in effect? */
 	if (!is_limit_login_ok()) {
 		return limit_login_error_msg();
 	}
diff --git a/plugins/limit-login-attempts/limit-login-attempts.pot b/plugins/limit-login-attempts/limit-login-attempts.pot
index 58a32f03..49eed1bd 100755
--- a/plugins/limit-login-attempts/limit-login-attempts.pot
+++ b/plugins/limit-login-attempts/limit-login-attempts.pot
@@ -1,238 +1,246 @@
-# Copyright (C) 2010 Limit Login Attempts
+# Copyright (C) 2012 Limit Login Attempts
 # This file is distributed under the same license as the Limit Login Attempts package.
 msgid ""
 msgstr ""
-"Project-Id-Version: Limit Login Attempts 1.6.1\n"
+"Project-Id-Version: Limit Login Attempts 1.7.0\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tag/limit-login-attempts\n"
-"POT-Creation-Date: 2011-02-17 15:08:09+00:00\n"
+"POT-Creation-Date: 2012-05-20 10:43:32+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2010-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2012-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 
-#: limit-login-attempts.php:474
+#: limit-login-attempts.php:522
 msgid "%d hour"
 msgid_plural "%d hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:480
+#: limit-login-attempts.php:528
 msgid "%d minute"
 msgid_plural "%d minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:485
+#: limit-login-attempts.php:534
+msgid "[%s] Failed login attempts from whitelisted IP"
+msgstr ""
+
+#: limit-login-attempts.php:538
 msgid "[%s] Too many failed login attempts"
 msgstr ""
 
-#: limit-login-attempts.php:487
+#: limit-login-attempts.php:543
 msgid "%d failed login attempts (%d lockout(s)) from IP: %s"
 msgstr ""
 
-#: limit-login-attempts.php:491
+#: limit-login-attempts.php:547
 msgid "Last user attempted: %s"
 msgstr ""
 
-#: limit-login-attempts.php:494
+#: limit-login-attempts.php:551
+msgid "IP was NOT blocked because of external whitelist."
+msgstr ""
+
+#: limit-login-attempts.php:553
 msgid "IP was blocked for %s"
 msgstr ""
 
-#: limit-login-attempts.php:551
+#: limit-login-attempts.php:615
 msgid "<strong>ERROR</strong>: Too many failed login attempts."
 msgstr ""
 
-#: limit-login-attempts.php:555
+#: limit-login-attempts.php:619
 msgid "Please try again later."
 msgstr ""
 
-#: limit-login-attempts.php:562
+#: limit-login-attempts.php:626
 msgid "Please try again in %d hour."
 msgid_plural "Please try again in %d hours."
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:564
+#: limit-login-attempts.php:628
 msgid "Please try again in %d minute."
 msgid_plural "Please try again in %d minutes."
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:593
+#: limit-login-attempts.php:657
 msgid "<strong>%d</strong> attempt remaining."
 msgid_plural "<strong>%d</strong> attempts remaining."
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:658
+#: limit-login-attempts.php:728
 msgid "<strong>ERROR</strong>: Incorrect username or password."
 msgstr ""
 
-#: limit-login-attempts.php:826
+#: limit-login-attempts.php:896
 msgctxt "Internet address"
 msgid "IP"
 msgstr ""
 
-#: limit-login-attempts.php:826
+#: limit-login-attempts.php:896
 msgid "Tried to log in as"
 msgstr ""
 
-#: limit-login-attempts.php:831
+#: limit-login-attempts.php:901
 msgid "%d lockout"
 msgid_plural "%d lockouts"
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:860
+#: limit-login-attempts.php:930
 msgid "Cleared IP log"
 msgstr ""
 
-#: limit-login-attempts.php:868
+#: limit-login-attempts.php:938
 msgid "Reset lockout count"
 msgstr ""
 
-#: limit-login-attempts.php:876
+#: limit-login-attempts.php:946
 msgid "Cleared current lockouts"
 msgstr ""
 
-#: limit-login-attempts.php:905
+#: limit-login-attempts.php:975
 msgid "Options changed"
 msgstr ""
 
-#: limit-login-attempts.php:923
+#: limit-login-attempts.php:993
 msgid "It appears the site is reached directly (from your IP: %s)"
 msgstr ""
 
-#: limit-login-attempts.php:925
+#: limit-login-attempts.php:995
 msgid ""
 "It appears the site is reached through a proxy server (proxy IP: %s, your "
 "IP: %s)"
 msgstr ""
 
-#: limit-login-attempts.php:933
+#: limit-login-attempts.php:1003
 msgid ""
 "<strong>Current setting appears to be invalid</strong>. Please make sure it "
 "is correct. Further information can be found <a href=\"%s\" title=\"FAQ"
 "\">here</a>"
 msgstr ""
 
-#: limit-login-attempts.php:941
+#: limit-login-attempts.php:1011
 msgid "Limit Login Attempts Settings"
 msgstr ""
 
-#: limit-login-attempts.php:942
+#: limit-login-attempts.php:1012
 msgid "Statistics"
 msgstr ""
 
-#: limit-login-attempts.php:947
+#: limit-login-attempts.php:1017
 msgid "Total lockouts"
 msgstr ""
 
-#: limit-login-attempts.php:950
+#: limit-login-attempts.php:1020
 msgid "Reset Counter"
 msgstr ""
 
-#: limit-login-attempts.php:951
+#: limit-login-attempts.php:1021
 msgid "%d lockout since last reset"
 msgid_plural "%d lockouts since last reset"
 msgstr[0] ""
 msgstr[1] ""
 
-#: limit-login-attempts.php:952
+#: limit-login-attempts.php:1022
 msgid "No lockouts yet"
 msgstr ""
 
-#: limit-login-attempts.php:957
+#: limit-login-attempts.php:1027
 msgid "Active lockouts"
 msgstr ""
 
-#: limit-login-attempts.php:959
+#: limit-login-attempts.php:1029
 msgid "Restore Lockouts"
 msgstr ""
 
-#: limit-login-attempts.php:960
+#: limit-login-attempts.php:1030
 msgid "%d IP is currently blocked from trying to log in"
 msgstr ""
 
-#: limit-login-attempts.php:966
+#: limit-login-attempts.php:1036
 msgid "Options"
 msgstr ""
 
-#: limit-login-attempts.php:971
+#: limit-login-attempts.php:1041
 msgid "Lockout"
 msgstr ""
 
-#: limit-login-attempts.php:973
+#: limit-login-attempts.php:1043
 msgid "allowed retries"
 msgstr ""
 
-#: limit-login-attempts.php:974
+#: limit-login-attempts.php:1044
 msgid "minutes lockout"
 msgstr ""
 
-#: limit-login-attempts.php:975
+#: limit-login-attempts.php:1045
 msgid "lockouts increase lockout time to"
 msgstr ""
 
-#: limit-login-attempts.php:975
+#: limit-login-attempts.php:1045
 msgid "hours"
 msgstr ""
 
-#: limit-login-attempts.php:976
+#: limit-login-attempts.php:1046
 msgid "hours until retries are reset"
 msgstr ""
 
-#: limit-login-attempts.php:980
+#: limit-login-attempts.php:1050
 msgid "Site connection"
 msgstr ""
 
-#: limit-login-attempts.php:986
+#: limit-login-attempts.php:1056
 msgid "Direct connection"
 msgstr ""
 
-#: limit-login-attempts.php:991
+#: limit-login-attempts.php:1061
 msgid "From behind a reversy proxy"
 msgstr ""
 
-#: limit-login-attempts.php:997
+#: limit-login-attempts.php:1067
 msgid "Handle cookie login"
 msgstr ""
 
-#: limit-login-attempts.php:999
+#: limit-login-attempts.php:1069
 msgid "Yes"
 msgstr ""
 
-#: limit-login-attempts.php:999
+#: limit-login-attempts.php:1069
 msgid "No"
 msgstr ""
 
-#: limit-login-attempts.php:1003
+#: limit-login-attempts.php:1073
 msgid "Notify on lockout"
 msgstr ""
 
-#: limit-login-attempts.php:1005
+#: limit-login-attempts.php:1075
 msgid "Log IP"
 msgstr ""
 
-#: limit-login-attempts.php:1006
+#: limit-login-attempts.php:1076
 msgid "Email to admin after"
 msgstr ""
 
-#: limit-login-attempts.php:1006
+#: limit-login-attempts.php:1076
 msgid "lockouts"
 msgstr ""
 
-#: limit-login-attempts.php:1011
+#: limit-login-attempts.php:1081
 msgid "Change Options"
 msgstr ""
 
-#: limit-login-attempts.php:1019
+#: limit-login-attempts.php:1089
 msgid "Lockout log"
 msgstr ""
 
-#: limit-login-attempts.php:1024
+#: limit-login-attempts.php:1094
 msgid "Clear Log"
 msgstr ""
 
diff --git a/plugins/limit-login-attempts/readme.txt b/plugins/limit-login-attempts/readme.txt
index 5c375647..c6023671 100755
--- a/plugins/limit-login-attempts/readme.txt
+++ b/plugins/limit-login-attempts/readme.txt
@@ -2,8 +2,8 @@
 Contributors: johanee

 Tags: login, security, authentication

 Requires at least: 2.8

-Tested up to: 3.2.1

-Stable tag: 1.6.2

+Tested up to: 3.3.2

+Stable tag: 1.7.1

 

 Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

 

@@ -22,6 +22,7 @@ Features
 * Informs user about remaining retries or lockout time on login page

 * Optional logging, optional email notification

 * Handles server behind reverse proxy

+* It is possible to whitelist IPs using a filter. But you probably shouldn't. :-)

 

 Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish

 

@@ -51,10 +52,26 @@ The option default to NOT being behind a proxy -- which should be by far the com
 

 You probably are not or you would know. We show a pretty good guess on the option page. Set the option using this unless you are sure you know better.

 

+= Can I whitelist my IP so I don't get locked out? =

+

+First please consider if you really need this. Generally speaking it is not a good idea to have exceptions to your security policies.

+

+That said, there is now a filter which allows you to do it: "limit_login_whitelist_ip".

+

+Example:

+function my_ip_whitelist($allow, $ip) {

+	 return ($ip == 'my-ip') ? true : $allow;

+}

+add_filter('limit_login_whitelist_ip', 'my_ip_whitelist', 10, 2);

+

+Note that we still do notification and logging as usual. This is meant to allow you to be aware of any suspicious activity from whitelisted IPs.

+

 = I locked myself out testing this thing, what do I do? =

 

 Either wait, or:

 

+If you know how to edit / add to PHP files you can use the IP whitelist functionality described above. You should then use the "Restore Lockouts" button on the plugin settings page and remove the whitelist function again.

+

 If you have ftp / ssh access to the site rename the file "wp-content/plugins/limit-login-attempts/limit-login-attempts.php" to deactivate the plugin.

 

 If you have access to the database (for example through phpMyAdmin) you can clear the limit_login_lockouts option in the wordpress options table. In a default setup this would work: "UPDATE wp_options SET option_value = '' WHERE option_name = 'limit_login_lockouts'"

@@ -67,6 +84,23 @@ If you have access to the database (for example through phpMyAdmin) you can clea
 

 == Changelog ==

 

+= 1.7.1 =

+This version fixes a security bug in version 1.6.2 and 1.7.0. Please upgrade immediately.

+

+"Auth cookies" are special cookies set at login that authenticating you to the system. It is how WordPress "remembers" that you are logged in between page loads.

+

+During lockout these are supposed to be cleared, but a change in 1.6.2 broke this. It allowed an attacker to keep trying to break these cookies during a lockout.

+

+Lockout of normal password login attempts still worked as it should, and it appears that all "auth cookie" attempts would keep getting logged.

+

+In theory the "auth cookie" is quite resistant to brute force attack. It contains a cryptographic hash of the user password, and the difficulty to break it is not based on the password strength but instead on the cryptographic operations used and the length of the hash value. In theory it should take many many years to break this hash. As theory and practice does not always agree it is still a good idea to have working lockouts of any such attempts.

+

+= 1.7.0 =

+* Added filter that allows whitelisting IP. Please use with care!!

+* Update to Spanish translation, thanks to Marcelo Pedra

+* Updated Swedish translation

+* Tested against WordPress 3.3.2

+

 = 1.6.2 =

 * Fix bug where log would not get updated after it had been cleared

 * Do plugin setup in 'init' action

@@ -145,3 +179,8 @@ If you have access to the database (for example through phpMyAdmin) you can clea
 

 = 1.0 =

 * Initial version

+

+== Upgrade Notice ==

+

+= 1.7.1 =

+Users of version 1.6.2 and 1.7.0 should upgrade immediately. There was a problem with "auth cookie" lockout enforcement. Lockout of normal password login attempts still worked as it should. Please see plugin Changelog for more information.