// Prevent update of loginizer free
// This also work for auto update
add_filter('site_transient_update_plugins', 'loginizer_pro_disable_manual_update_for_plugin');
add_filter('pre_site_transient_update_plugins', 'loginizer_pro_disable_manual_update_for_plugin');
// Auto update free version after update pro version
add_action('upgrader_process_complete', 'loginizer_pro_update_free_after_pro', 10, 2);
register_activation_hook(__FILE__, 'loginizer_pro_activation');
register_deactivation_hook(__FILE__, 'loginizer_pro_deactivate');
function loginizer_pro_deactivate(){
delete_option('loginizer_pro_version');
delete_option('loginizer_free_installed');
delete_option('loginizer_version_free_nag');
delete_option('loginizer_version_pro_nag');
add_action('plugins_loaded', 'loginizer_security_init');
function loginizer_security_init(){
loginizer_pro_update_checker();
$loginizer['social_settings'] = get_option('loginizer_social_settings', []);
add_action('init', 'loginizer_security_load_translation_vars', 0);
$options = get_option('loginizer_epl', []);
$loginizer['email_pass_less'] = empty($options['email_pass_less']) ? 0 : $options['email_pass_less'];
$loginizer['passwordless_sub'] = empty($options['passwordless_sub']) ? '' : $options['passwordless_sub'];
$loginizer['passwordless_msg'] = empty($options['passwordless_msg']) ? '' : $options['passwordless_msg'];
$loginizer['passwordless_msg_is_custom'] = empty($options['passwordless_msg']) ? 0 : 1;
$loginizer['passwordless_html'] = empty($options['passwordless_html']) ? 0 : $options['passwordless_html'];
$loginizer['passwordless_redirect'] = empty($options['passwordless_redirect']) ? 0 : $options['passwordless_redirect'];
$loginizer['passwordless_redirect_for'] = empty($options['passwordless_redirect_for']) ? 0 : $options['passwordless_redirect_for'];
$loginizer['passwordless_disabled_for'] = empty($options['passwordless_disabled_for']) ? 0 : $options['passwordless_disabled_for'];
// 2FA OTP Email to Login
$options = get_option('loginizer_2fa_email_template');
$loginizer['2fa_email_d_sub'] = 'OTP : Login at $site_name';
$loginizer['2fa_email_d_msg'] = 'Hi,
A login request was submitted for your account $email at :
Please use the following One Time password (OTP) to login :
Note : The OTP expires after 10 minutes.
If you haven\'t requested for the OTP, please ignore this email.
$loginizer['2fa_email_sub'] = empty($options['2fa_email_sub']) ? $loginizer['2fa_email_d_sub'] : $options['2fa_email_sub'];
$loginizer['2fa_email_msg'] = empty($options['2fa_email_msg']) ? $loginizer['2fa_email_d_msg'] : $options['2fa_email_msg'];
$loginizer['2fa_email_html'] = !empty($options['2fa_email_html']);
// For SitePad its always on
$loginizer['email_pass_less'] = 1;
$options = get_option('loginizer_captcha');
$loginizer['captcha_type'] = empty($options['captcha_type']) ? '' : $options['captcha_type'];
$loginizer['captcha_key'] = empty($options['captcha_key']) ? '' : $options['captcha_key'];
$loginizer['captcha_secret'] = empty($options['captcha_secret']) ? '' : $options['captcha_secret'];
$loginizer['captcha_theme'] = empty($options['captcha_theme']) ? 'light' : $options['captcha_theme'];
$loginizer['captcha_size'] = empty($options['captcha_size']) ? 'normal' : $options['captcha_size'];
$loginizer['captcha_lang'] = empty($options['captcha_lang']) ? '' : $options['captcha_lang'];
$loginizer['captcha_disable_btn'] = empty($options['captcha_disable_btn']) ? '' : $options['captcha_disable_btn'];
$loginizer['turn_captcha_key'] = empty($options['turn_captcha_key']) ? '' : $options['turn_captcha_key'];
$loginizer['turn_captcha_secret'] = empty($options['turn_captcha_secret']) ? '' : $options['turn_captcha_secret'];
$loginizer['turn_captcha_theme'] = empty($options['turn_captcha_theme']) ? 'light' : $options['turn_captcha_theme'];
$loginizer['turn_captcha_size'] = empty($options['turn_captcha_size']) ? 'normal' : $options['turn_captcha_size'];
$loginizer['turn_captcha_lang'] = empty($options['turn_captcha_lang']) ? '' : $options['turn_captcha_lang'];
$loginizer['captcha_user_hide'] = !isset($options['captcha_user_hide']) ? 0 : $options['captcha_user_hide'];
$loginizer['captcha_no_js'] = 1;
$loginizer['captcha_login'] = !isset($options['captcha_login']) ? 1 : $options['captcha_login'];
$loginizer['captcha_lostpass'] = !isset($options['captcha_lostpass']) ? 1 : $options['captcha_lostpass'];
$loginizer['captcha_resetpass'] = !isset($options['captcha_resetpass']) ? 1 : $options['captcha_resetpass'];
$loginizer['captcha_register'] = !isset($options['captcha_register']) ? 1 : $options['captcha_register'];
$loginizer['captcha_comment'] = !isset($options['captcha_comment']) ? 1 : $options['captcha_comment'];
$loginizer['captcha_wc_checkout'] = !isset($options['captcha_wc_checkout']) ? 1 : $options['captcha_wc_checkout'];
$loginizer['captcha_wc_block_checkout'] = !empty($options['captcha_wc_block_checkout']);
$loginizer['captcha_wc_checkout_pos'] = isset($options['captcha_wc_checkout_pos']) ? $options['captcha_wc_checkout_pos'] : '';
$loginizer['captcha_no_google'] = !isset($options['captcha_no_google']) ? 0 : $options['captcha_no_google'];
$loginizer['captcha_domain'] = empty($options['captcha_domain']) ? 'www.google.com' : $options['captcha_domain'];
// We are setting default to low to prevent anything from breaking for users who already have v3 enabled
$loginizer['captcha_score_threshold'] = isset($options['captcha_score_threshold']) ? $options['captcha_score_threshold'] : '';
$loginizer['captcha_text'] = empty($options['captcha_text']) ? '' : $options['captcha_text'];
$loginizer['captcha_time'] = empty($options['captcha_time']) ? 300 : $options['captcha_time'];
$loginizer['captcha_words'] = !isset($options['captcha_words']) ? 0 : $options['captcha_words'];
$loginizer['captcha_add'] = !isset($options['captcha_add']) ? 1 : $options['captcha_add'];
$loginizer['captcha_subtract'] = !isset($options['captcha_subtract']) ? 1 : $options['captcha_subtract'];
$loginizer['captcha_multiply'] = !isset($options['captcha_multiply']) ? 0 : $options['captcha_multiply'];
$loginizer['captcha_divide'] = !isset($options['captcha_divide']) ? 0 : $options['captcha_divide'];
$loginizer['captcha_status'] = !isset($options['captcha_status']) ? 0 : $options['captcha_status'];
$loginizer['hcaptcha_secretkey'] = !isset($options['hcaptcha_secretkey']) ? '' : $options['hcaptcha_secretkey'];
$loginizer['hcaptcha_sitekey'] = !isset($options['hcaptcha_sitekey']) ? '' : $options['hcaptcha_sitekey'];
$loginizer['hcaptcha_theme'] = empty($options['hcaptcha_theme']) ? 'light' : $options['hcaptcha_theme'];
$loginizer['hcaptcha_lang'] = empty($options['hcaptcha_lang']) ? '' : $options['hcaptcha_lang'];
$loginizer['hcaptcha_size'] = empty($options['hcaptcha_size']) ? 'normal' : $options['hcaptcha_size'];
$options = get_option('loginizer_2fa');
$loginizer['2fa_app'] = !isset($options['2fa_app']) ? 0 : $options['2fa_app'];
$loginizer['2fa_email'] = !isset($options['2fa_email']) ? 0 : $options['2fa_email'];
$loginizer['2fa_email_force'] = !isset($options['2fa_email_force']) ? 0 : $options['2fa_email_force'];
$loginizer['2fa_sms'] = !isset($options['2fa_sms']) ? 0 : $options['2fa_sms'];
$loginizer['question'] = !isset($options['question']) ? 0 : $options['question'];
$loginizer['2fa_default'] = empty($options['2fa_default']) ? 'question' : $options['2fa_default'];
$loginizer['2fa_roles'] = empty($options['2fa_roles']) ? array() : $options['2fa_roles'];
$options = get_option('loginizer_security');
$loginizer['login_slug'] = empty($options['login_slug']) ? '' : $options['login_slug'];
$loginizer['rename_login_secret'] = empty($options['rename_login_secret']) ? '' : $options['rename_login_secret'];
$loginizer['hide_wp_admin'] = empty($options['hide_wp_admin']) ? '' : $options['hide_wp_admin'];
$loginizer['login_redirect_url'] = empty($options['login_redirect_url']) ? '' : $options['login_redirect_url'];
$loginizer['xmlrpc_slug'] = empty($options['xmlrpc_slug']) ? '' : $options['xmlrpc_slug'];
$loginizer['xmlrpc_disable'] = empty($options['xmlrpc_disable']) ? '' : $options['xmlrpc_disable'];// Disable XML-RPC
$loginizer['pingbacks_disable'] = empty($options['pingbacks_disable']) ? '' : $options['pingbacks_disable'];// Disable Pingbacks
$options = get_option('loginizer_wp_admin');
$loginizer['admin_slug'] = empty($options['admin_slug']) ? '' : $options['admin_slug'];
$loginizer['restrict_wp_admin'] = empty($options['restrict_wp_admin']) ? '' : $options['restrict_wp_admin'];
$loginizer['wp_admin_msg'] = empty($options['wp_admin_msg']) ? '' : $options['wp_admin_msg'];
$options = get_option('loginizer_checksums');
$loginizer['disable_checksum'] = empty($options['disable_checksum']) ? '' : $options['disable_checksum'];
$loginizer['checksum_time'] = empty($options['checksum_time']) ? '' : $options['checksum_time'];
$loginizer['checksum_frequency'] = empty($options['checksum_frequency']) ? 7 : $options['checksum_frequency'];
$loginizer['no_checksum_email'] = empty($options['no_checksum_email']) ? '' : $options['no_checksum_email'];
$loginizer['checksums_last_run'] = get_option('loginizer_checksums_last_run');
// Auto Blacklist Usernames
$loginizer['username_blacklist'] = get_option('loginizer_username_blacklist');
$loginizer['domains_blacklist'] = get_option('loginizer_domains_blacklist');
$loginizer['enable_csrf_protection'] = get_option('loginizer_csrf_protection');
$loginizer['2fa_custom_login_redirect'] = get_option('loginizer_2fa_custom_redirect');
$loginizer['limit_session'] = get_option('loginizer_limit_session');
// Checking if Ultimate Member plugins is active
if(!isset($loginizer['ultimate-member-active'])){
$um_is_active = in_array('ultimate-member/ultimate-member.php', apply_filters('active_plugins', get_option('active_plugins', [])));
$loginizer['ultimate-member-active'] = !empty($um_is_active) ? true : false;
// Blocking access to wp-admin if user is not logged in.
if(!empty($loginizer['login_slug']) && !empty($loginizer['hide_wp_admin'])){
add_action('wp_loaded', 'loginizer_hide_wp_admin');
// Check if there is a license file and update it in the database
if(file_exists(__DIR__.'/license.key')){
$license = trim(file_get_contents(__DIR__.'/license.key'));
loginizer_pro_load_license($license);
unlink(__DIR__.'/license.key');
loginizer_pro_load_license();
include_once('updater/plugin-update-checker.php');
$loginizer_updater = Loginizer_PucFactory::buildUpdateChecker(loginizer_pro_api_url().'/updates.php?version='.LOGINIZER_PRO_VERSION, LOGINIZER_PRO_FILE);
// Add the license key to query arguments
$loginizer_updater->addQueryArgFilter('loginizer_updater_filter_args');
// Show the text to install the license key
add_filter('puc_manual_final_check_link-loginizer-security', 'loginizer_updater_check_link', 10, 1);
add_filter('plugin_row_meta', 'loginizer_plugin_row_links', 10, 2);
if(!empty($_GET['ssotoken'])){
add_filter('authenticate', 'loginizer_sso_authenticate', 10003, 3);
add_action('wp_login_errors', 'loginizer_error_handler', 10001, 2);
add_action('wp_login', 'loginizer_login_success', 10, 2);
if(!empty($loginizer['enable_csrf_protection']) && loginizer_is_csrf_prot_mod_set()){
add_action('init', 'loginizer_csrf_sess_init');
add_filter('login_redirect', 'loginizer_login_csrf_redirect', 200, 3);
add_action('admin_bar_menu', 'loginizer_csrf_admin_bar_shortcut', 70);
add_filter('admin_url', 'loginizer_csrf_admin_redirects', 100005, 3);
add_filter('wp_redirect', 'loginizer_csrf_wp_redirects');
add_action('set_auth_cookie', 'loginizer_admin_url_cookie'); // Creates session key and handles cookies
add_action('wp_logout', 'loginizer_destroy_csrf_session', 10, 1);
// Handles Concurrent Sessions
if(!empty($loginizer['limit_session']) && !empty($loginizer['limit_session']['enable'])){
add_filter('wp_authenticate_user', 'loginizer_limit_sessions');
add_action('wp_login', 'loginizer_limit_sessions_wp_login');
add_filter('check_password', 'loginizer_limit_destroy_sessions_handler', 10, 4);
add_filter('loginizer_pro_limit_sessions', 'loginizer_limit_sessions', 10);
// MasterStudy Login filter
add_filter('stm_lms_login', 'loginizer_handle_stm_lms_login');
add_filter('loginizer_system_information', 'loginizer_premium_system_info', 10);
add_filter('loginizer_pre_page_dashboard', 'loginizer_premium_page_dashboard', 10);
// A way to remove the settings
if(file_exists(LOGINIZER_PRO_DIR.'/reset_admin.txt')){
update_option('loginizer_wp_admin', array());
delete_option('loginizer_csrf_protection');
// Are we to ban user emails ?
if(!empty($loginizer['domains_blacklist']) && count($loginizer['domains_blacklist']) > 0){
add_filter('registration_errors', 'loginizer_domains_blacklist', 10, 3);
add_filter('woocommerce_registration_errors', 'loginizer_domains_blacklist', 10, 3);
// Is email password less login enabled ?
$sapi_type = defined('PHP_SAPI') ? PHP_SAPI : '';
if(!empty($loginizer['email_pass_less']) && !defined('XMLRPC_REQUEST') && $sapi_type !== 'cli'){
// Add a handler for the GUI Login
add_filter('authenticate', 'loginizer_epl_wp_authenticate', 10002, 3);
// Dont show password error
add_filter('wp_login_errors', 'loginizer_epl_error_handler', 10000, 2);
// Hide the password field
add_action('login_enqueue_scripts', 'loginizer_epl_hide_pass');
add_action('wp_enqueue_scripts', 'loginizer_epl_hide_woocommerce_pass');
// Are we to rename the login ?
if(!empty($loginizer['login_slug'])){
//$loginizer['login_slug'] = 'login';
// Add the filters / actions
add_filter('site_url', 'loginizer_rl_site_url', 10, 2);
add_filter('network_site_url', 'loginizer_rl_site_url', 10, 2);
add_filter('wp_redirect', 'loginizer_rl_wp_redirect', 10, 2);
add_filter('register', 'loginizer_rl_register');
add_action('wp_loaded', 'loginizer_rl_wp_loaded');
// Rename the WP-ADMIN folder
if(!defined('SITEPAD') && !empty($loginizer['admin_slug'])){
add_filter('admin_url', 'loginizer_admin_url', 10001, 3);
add_action('set_auth_cookie', 'loginizer_admin_url_cookie');
add_filter('network_admin_url', 'loginizer_network_admin_url', 10001, 2);
if(!empty($loginizer['restrict_wp_admin']) && preg_match('/\/wp-admin/is', $_SERVER['REQUEST_URI'])){
die(empty($loginizer['wp_admin_msg']) ? $loginizer['wp_admin_d_msg'] : $loginizer['wp_admin_msg']);
// Are we to rename the xmlrpc ?
if(!defined('SITEPAD') && !empty($loginizer['xmlrpc_slug']) && empty($loginizer['xmlrpc_disable'])){
// Add the filters / actions
add_action('wp_loaded', 'loginizer_xml_rename_wp_loaded');
// Are we to DISABLE the xmlrpc ?
if(!empty($loginizer['xmlrpc_disable'])){
// Add the filters / actions
add_filter('xmlrpc_enabled', 'loginizer_xmlrpc_null');
add_filter('bloginfo_url', 'loginizer_xmlrpc_remove_pingback_url', 10000, 2);
add_action('wp_loaded', 'loginizer_xmlrpc_disable');
// Are we to disable pingbacks ?
if(!empty($loginizer['pingbacks_disable'])){
// Add the filters / actions
add_filter('xmlrpc_methods', 'loginizer_pingbacks_disable');
if(!empty($loginizer['ultimate-member-active']) && class_exists('UM')){
add_action('um_user_edit_profile', 'loginizer_user_page_post', 10, 1);
remove_action('template_redirect', array(UM()->account(), 'account_submit'), 10002);
remove_action( 'um_before_form', 'um_add_update_notice', 500 );
//-----------------------------------
// Add the captcha filters / actions
//-----------------------------------
if(!empty($loginizer['social_settings']) && !loginizer_is_blacklisted()){
// Shortcode has options shape|divide|container_alignment|button_alignment
add_shortcode('loginizer_social', 'loginizer_social_shortcode');
if(!empty($_COOKIE['lz_social_error'])){
add_action('woocommerce_before_customer_login_form', 'loginizer_social_wc_error');
if(!empty($loginizer['social_settings']['general']['save_avatar'])){
add_filter('get_avatar', 'loginizer_social_update_avatar', 1, 5);
if(!empty($loginizer['social_settings']['login']['registration_form'])){
add_action('register_form', 'loginizer_social_btn_login', 100);
$lz_active_plugins = apply_filters('active_plugins', get_option('active_plugins'));
if(in_array('woocommerce/woocommerce.php', $lz_active_plugins)){
if(!empty($loginizer['social_settings']['woocommerce']['login_form'])){
add_action('woocommerce_login_form', 'loginizer_social_btn_woocommerce', 100);
if(!empty($loginizer['social_settings']['woocommerce']['registration_form'])){
add_action('woocommerce_register_form', 'loginizer_social_btn_woocommerce');
// Social Login for Ultimate Member plugin
if(in_array('ultimate-member/ultimate-member.php', $lz_active_plugins)){
if(!empty($loginizer['social_settings']['ultimate_member']['enable_buttons'])){
if(strpos($loginizer['social_settings']['ultimate_member']['button_position'], 'below') !== FALSE){
add_action('um_after_form', 'loginizer_social_btn_um', 100);
add_action('um_before_form', 'loginizer_social_btn_um', 100);
if(!empty($loginizer['social_settings']['comment']['enable_buttons'])){
add_action('comment_form_must_log_in_after', 'loginizer_social_btn_comment');
if(!empty($loginizer['captcha_key']) || !empty($loginizer['captcha_no_google']) || !empty($loginizer['captcha_status'])){
add_action('login_init', 'loginizer_cap_session_key');
// Is reCaptcha on for login ?
if(!empty($loginizer['captcha_login']) && !defined('XMLRPC_REQUEST')){
add_filter('authenticate', 'loginizer_cap_login_verify', 10000);
add_action('login_form', 'loginizer_cap_form_login', 100);
add_action('woocommerce_login_form', 'loginizer_cap_form_login', 100);
add_action('login_form_middle', 'loginizer_cap_wp_login_form', 100); // https://developer.wordpress.org/reference/functions/wp_login_form/
if(!empty($loginizer['ultimate-member-active']) && class_exists('UM')){
add_action('um_after_login_fields', 'loginizer_cap_form_um_login', 100);
// Need to make more room for login form
if(empty($loginizer['captcha_remove_css'])){
add_action('login_enqueue_scripts', 'loginizer_cap_login_form');
// Is reCaptcha on for Lost Password utility ?
if(!empty($loginizer['captcha_lostpass'])){
add_action('allow_password_reset', 'loginizer_cap_lostpass_verify', 10, 2);
add_action('lostpassword_form', 'loginizer_cap_form_login', 100);
add_filter('woocommerce_lostpassword_form', 'loginizer_cap_form_login');
// Is reCaptcha on for Reset Password utility ?
if(!empty($loginizer['captcha_resetpass'])){
add_filter('validate_password_reset', 'loginizer_cap_resetpass_verify', 10, 2);
add_action('resetpass_form', 'loginizer_cap_reset_form', 99);
add_filter('woocommerce_resetpassword_form', 'loginizer_cap_form_login');
// Is reCaptcha on for registration ?
if(!empty($loginizer['captcha_register'])){
add_filter('registration_errors', 'loginizer_cap_register_verify', 10, 3);
add_action('register_form', 'loginizer_cap_form_login', 100);
add_filter('bp_signup_validate', 'loginizer_cap_register_verify_buddypress', 10, 3);
add_action('bp_after_signup_profile_fields', 'loginizer_cap_form_login', 100);
add_filter('woocommerce_before_checkout_process', 'loginizer_wc_before_checkout_process', 10);
add_filter('woocommerce_register_form', 'loginizer_cap_form_login');
add_filter('woocommerce_registration_errors', 'loginizer_cap_register_verify', 10, 3);
if(!empty($loginizer['captcha_wc_checkout'])){
// Checkout captcha position was added in v2.0.3 so the action in else was default before that.
if(isset($loginizer['captcha_wc_checkout_pos']) && $loginizer['captcha_wc_checkout_pos'] == 'before_submit'){
add_action('woocommerce_review_order_before_submit', 'loginizer_cap_form_ecommerce', 10);
// This is before payment position
add_action('woocommerce_checkout_order_review', 'loginizer_cap_form_ecommerce');
// For block based checkout
// To add captcha to blocks of Checkout page refer:
// https://developer.woocommerce.com/docs/block-development/tutorials/integrating-protection-checkout-block/
if(!empty($loginizer['captcha_wc_block_checkout'])){
include_once LOGINIZER_PRO_DIR .'/main/integrations/woocommerce.php';
// Checkout captcha position was added in v2.0.3 so the action in else was default before that.
if(isset($loginizer['captcha_wc_checkout_pos']) && $loginizer['captcha_wc_checkout_pos'] == 'before_submit'){
add_filter('render_block_woocommerce/checkout-actions-block', 'loginizer_pro_cap_woo_block_render', 999, 1);
// This is before payment position
add_filter('render_block_woocommerce/checkout-payment-block', 'loginizer_pro_cap_woo_block_render_before_payment', 999, 1);
// For veirification for block based checkout
if(!empty($loginizer['captcha_wc_block_checkout'])){
include_once LOGINIZER_PRO_DIR .'/main/integrations/woocommerce.php';
// Are we to show Captcha for guests only ?
if((is_user_logged_in() && empty($loginizer['captcha_user_hide'])) || !is_user_logged_in()){
// Is reCaptcha on for comment utility ?
if(!empty($loginizer['captcha_comment'])){
add_filter('preprocess_comment', 'loginizer_cap_comment_verify');
add_action('comment_form', 'loginizer_cap_comment_form');
// Is reCaptcha on for WooCommerce Logout utility ?
if(!empty($loginizer['captcha_wc_checkout'])){
add_action('woocommerce_after_checkout_validation', 'loginizer_wc_checkout_verify');
if(isset($loginizer['captcha_wc_checkout_pos']) && $loginizer['captcha_wc_checkout_pos'] == 'before_submit'){
add_action('woocommerce_review_order_before_submit', 'loginizer_cap_form_ecommerce', 10);
// This is before payment position
add_action('woocommerce_checkout_order_review', 'loginizer_cap_form_ecommerce');
if(!defined('SITEPAD') && loginizer_is_2fa_enabled() && !defined('XMLRPC_REQUEST')){
// After username and password check has been verified, are we to redirect ?
add_filter('authenticate', 'loginizer_user_redirect', 10003, 3);
$user_id = get_current_user_id();
$lz_2fa_state = get_transient('loginizer_2fa_'. $user_id);
// To redirect after login
if(!empty($_COOKIE['loginizer_2fa_' . $user_id]) && !empty($lz_2fa_state) && $lz_2fa_state != '2fa'){
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
