Merge branch 'release-0.8.0'

README.md

@@ -24,6 +24,8 @@ BC Security features a checklist of common security practices. In the moment, th
 1. Are there no common usernames like admin or administrator on the system?
 1. Are user passwords hashed with some non-default hashing algorithm?
 
+Checklist check is run whenever a dedicated page in backend is visited, but can be also set to run periodically in the background. Note that in such case, only checks that passed at the time of activation (or update) of background monitoring are run as it makes little sense to report issues that are known already.
+
 ### WordPress hardening
 
 BC Security allows you to:

bc-security.php

@@ -3,12 +3,14 @@
  * Plugin Name: BC Security
  * Plugin URI: https://github.com/chesio/bc-security
  * Description: Helps keeping WordPress websites secure. Plugin requires PHP 7.0 or newer to run.
- * Version: 0.7.0
+ * Version: 0.8.0
  * Author: Česlav Przywara <[email protected]>
  * Author URI: https://www.chesio.com
- * Requires at least: 4.7
+ * Requires PHP: 7.0
+ * Requires WP: 4.7
  * Tested up to: 4.9
  * Text Domain: bc-security
+ * GitHub Plugin URI: https://github.com/chesio/bc-security
  */
 
 if (version_compare(PHP_VERSION, '7.0', '<')) {
@@ -42,7 +44,7 @@
 require_once __DIR__ . '/autoload.php';
 
 // Construct plugin instance.
-$bc_security = new \BlueChip\Security\Plugin(plugin_basename(__FILE__), $GLOBALS['wpdb']);
+$bc_security = new \BlueChip\Security\Plugin(__FILE__, $GLOBALS['wpdb']);
 
 // Register activation hook.
 register_activation_hook(__FILE__, [$bc_security, 'activate']);

classes/BlueChip/Security/Admin.php

@@ -30,14 +30,14 @@ class Admin
     /**
      * Initialize admin area of the plugin.
      *
-     * @param string $plugin_basename
+     * @param string $plugin_filename
      * @return self
      */
-    public function init(string $plugin_basename): self
+    public function init(string $plugin_filename): self
     {
         add_action('admin_menu', [$this, 'makeAdminMenu']);
         add_action('admin_init', [$this, 'initAdminPages']);
-        add_filter('plugin_action_links_' . $plugin_basename, [$this, 'filterActionLinks']);
+        add_filter('plugin_action_links_' . plugin_basename($plugin_filename), [$this, 'filterActionLinks']);
         return $this;
     }
 

classes/BlueChip/Security/Core/Admin/SettingsPage.php

@@ -90,6 +90,26 @@ public function setSettingsPage(string $page)
     }
 
 
+    //// Helpers ///////////////////////////////////////////////////////////////
+
+    /**
+     * Get base properties (arguments) for setting field with given $key.
+     *
+     * @param string $key
+     * @param mixed $value [optional] Value to use instead of current value of setting with $key.
+     * @return array
+     */
+    protected function getFieldBaseProperties(string $key, $value = null): array
+    {
+        return [
+            'label_for' => sprintf('%s-%s', $this->option_name, $key), // "label_for" is WP reserved name
+            'key' => $key,
+            'name' => sprintf('%s[%s]', $this->option_name, $key),
+            'value' => is_null($value) ? $this->settings[$key] : $value,
+        ];
+    }
+
+
     //// WP wrappers ///////////////////////////////////////////////////////////
 
     /**
@@ -143,12 +163,7 @@ public function addSettingsField(string $key, string $title, callable $callback,
             $callback,
             $this->recent_page, // $page
             $this->recent_section, // $section
-            array_merge($args, [ // $args
-                'label_for' => sprintf('%s-%s', $this->option_name, $key), // "label_for" is WP reserved name
-                'key' => $key,
-                'name' => sprintf('%s[%s]', $this->option_name, $key),
-                'value' => $this->settings[$key],
-            ])
+            array_merge($args, $this->getFieldBaseProperties($key)) // $args
         );
     }
 

classes/BlueChip/Security/Core/ListTable.php

@@ -126,7 +126,7 @@ protected function renderRowAction(string $action, int $id, string $class, strin
      * @param array $item
      * @return string
      */
-    public function column_cb($item) // @codingStandardsIgnoreLine
+    public function column_cb($item) // phpcs:ignore
     {
         return sprintf('<input type="checkbox" name="ids[]" value="%d" />', $item['id']);
     }
@@ -139,7 +139,7 @@ public function column_cb($item) // @codingStandardsIgnoreLine
      * @param string $column_name
      * @return string
      */
-    public function column_default($item, $column_name) // @codingStandardsIgnoreLine
+    public function column_default($item, $column_name) // phpcs:ignore
     {
         return isset($item[$column_name]) ? $item[$column_name] : '';
     }
@@ -148,7 +148,7 @@ public function column_default($item, $column_name) // @codingStandardsIgnoreLin
     /**
      * Output "no items" message.
      */
-    public function no_items() // @codingStandardsIgnoreLine
+    public function no_items() // phpcs:ignore
     {
         esc_html_e('No records to display.', 'bc-security');
     }

classes/BlueChip/Security/Helpers/FormHelper.php

@@ -46,6 +46,25 @@ public static function printCheckbox(array $args)
     }
 
 
+    /**
+     * Print <input type="hidden"> element.
+     *
+     * @param array $args
+     */
+    public static function printHiddenInput(array $args)
+    {
+        // Field properties
+        $properties = [
+            'type'      => 'hidden',
+            'value'     => $args['value'],
+            'id'        => $args['label_for'],
+            'name'      => $args['name'],
+        ];
+
+        echo '<input ' . self::renderFieldProperties($properties) . '>';
+    }
+
+
     /**
      * Print <input type="number> element.
      *