iThemes Security (formerly Better WP Security)

Version Description

Bug Fix: Fixed issue that reported invalid counts for host and user lockouts in the daily digest email.
- Bug Fix: Fixed issue that caused the daily digest email to be sent every day, even if no lockouts occurred and no file changes were found.
- Bug Fix: Fixed issue that could prevent saving of File Change settings, resulting in an error messages of "A validation function for file-change received data that did not have the required entry for latest_changes."
- Bug Fix: Fixed iThemes Security Pro logo appearing in daily digest emails.

Release Info

Developer	chrisjean
Plugin	iThemes Security (formerly Better WP Security)
Version	5.6.4
Comparing to
See all releases

Code changes from version 5.6.3 to 5.6.4

Files changed (8) hide show

better-wp-security.php +1 -1
core/class-itsec-notify.php +13 -1
core/history.txt +7 -0
core/lib/class-itsec-mailer.php +1 -0
core/lib/mail-templates/header.html +1 -1
core/modules/file-change/validator.php +7 -6
history.txt +5 -0
readme.txt +9 -3

better-wp-security.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7	* Author: iThemes
8	* Author URI: https://ithemes.com
9	- * Version: 5.6.3
10	* Text Domain: better-wp-security
11	* Network: True
12	* License: GPLv2


6	* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7	* Author: iThemes
8	* Author URI: https://ithemes.com
9	+ * Version: 5.6.4
10	* Text Domain: better-wp-security
11	* Network: True
12	* License: GPLv2

core/class-itsec-notify.php CHANGED Viewed

	@@ -81,6 +81,9 @@ class ITSEC_Notify {
81	global $itsec_lockout;
82
83



84	require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-mailer.php' );
85	$mail = new ITSEC_Mail();
86	$mail->add_header( esc_html__( 'Daily Security Digest', 'better-wp-security' ), sprintf( wp_kses( __( 'Your Daily Security Digest for <b>%s</b>', 'better-wp-security' ), array( 'b' => array() ) ), date_i18n( get_option( 'date_format' ) ) ) );
	@@ -93,7 +96,8 @@ class ITSEC_Notify {
93	$user_count = sizeof( $itsec_lockout->get_lockouts( 'user', true ) );
94
95	if ( $host_count > 0 \|\| $user_count > 0 ) {
96	- $mail->add_lockouts_summary( 2, 1 );

97	} else {
98	$mail->add_text( esc_html__( 'No lockouts since the last email check.', 'better-wp-security' ) );
99	}
	@@ -103,6 +107,7 @@ class ITSEC_Notify {
103	if ( in_array( 'file-change', $this->queue['messages'] ) ) {
104	$mail->add_section_heading( esc_html__( 'File Changes', 'better-wp-security' ), 'folder' );
105	$mail->add_text( esc_html__( 'File changes detected on the site.', 'better-wp-security' ) );

106	}
107
108	$messages = array();
	@@ -121,10 +126,17 @@ class ITSEC_Notify {
121	foreach ( $messages as $message ) {
122	$mail->add_text( $message );
123	}


124	}
125	}
126
127





128	$mail->add_details_box( sprintf( wp_kses( __( 'For more details, <a href="%s"><b>visit your security logs</b></a>', 'better-wp-security' ), array( 'a' => array( 'href' => array() ), 'b' => array() ) ), ITSEC_Core::get_logs_page_url() ) );
129	$mail->add_divider();
130	$mail->add_large_text( esc_html__( 'Is your site as secure as it could be?', 'better-wp-security' ) );


81	global $itsec_lockout;
82
83
84	+ $send_email = false;
85	+
86	+
87	require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-mailer.php' );
88	$mail = new ITSEC_Mail();
89	$mail->add_header( esc_html__( 'Daily Security Digest', 'better-wp-security' ), sprintf( wp_kses( __( 'Your Daily Security Digest for <b>%s</b>', 'better-wp-security' ), array( 'b' => array() ) ), date_i18n( get_option( 'date_format' ) ) ) );

96	$user_count = sizeof( $itsec_lockout->get_lockouts( 'user', true ) );
97
98	if ( $host_count > 0 \|\| $user_count > 0 ) {
99	+ $mail->add_lockouts_summary( $host_count, $user_count );
100	+ $send_email = true;
101	} else {
102	$mail->add_text( esc_html__( 'No lockouts since the last email check.', 'better-wp-security' ) );
103	}

107	if ( in_array( 'file-change', $this->queue['messages'] ) ) {
108	$mail->add_section_heading( esc_html__( 'File Changes', 'better-wp-security' ), 'folder' );
109	$mail->add_text( esc_html__( 'File changes detected on the site.', 'better-wp-security' ) );
110	+ $send_email = true;
111	}
112
113	$messages = array();

126	foreach ( $messages as $message ) {
127	$mail->add_text( $message );
128	}
129	+
130	+ $send_email = true;
131	}
132	}
133
134
135	+ if ( ! $send_email ) {
136	+ return;
137	+ }
138	+
139	+
140	$mail->add_details_box( sprintf( wp_kses( __( 'For more details, <a href="%s"><b>visit your security logs</b></a>', 'better-wp-security' ), array( 'a' => array( 'href' => array() ), 'b' => array() ) ), ITSEC_Core::get_logs_page_url() ) );
141	$mail->add_divider();
142	$mail->add_large_text( esc_html__( 'Is your site as secure as it could be?', 'better-wp-security' ) );

core/history.txt CHANGED Viewed

@@ -434,3 +434,10 @@
             	Enhancement: Added new Daily Digest email design.
 .5.8 - 2016-10-10 - Chris Jean
             	Bug Fix: Fixed error "PHP message: PHP Fatal error:  'continue' not in the 'loop' or 'switch' context".


434	Enhancement: Added new Daily Digest email design.
435	2.5.8 - 2016-10-10 - Chris Jean
436	Bug Fix: Fixed error "PHP message: PHP Fatal error: 'continue' not in the 'loop' or 'switch' context".
437	+ 2.5.9 - 2016-10-13 - Chris Jean
438	+ Bug Fix: Fixed issue that reported invalid counts for host and user lockouts in the daily digest email.
439	+ Bug Fix: Fixed issue that caused the daily digest email to be sent every day, even if no lockouts occurred and no file changes were found.
440	+ 2.5.10 - 2016-10-13 - Chris Jean
441	+ Bug Fix: Fixed issue that could prevent saving of File Change settings, resulting in an error messages of "A validation function for file-change received data that did not have the required entry for latest_changes."
442	+ 2.5.11 - 2016-10-14 - Chris Jean
443	+ Bug Fix: Fixed iThemes Security Pro logo appearing in daily digest emails for iThemes Security users.

core/lib/class-itsec-mailer.php CHANGED Viewed

	@@ -16,6 +16,7 @@ final class ITSEC_Mail {
16	'charset' => esc_attr( get_bloginfo( 'charset' ) ),
17	'title_tag' => $title,
18	'banner_title' => $banner_title,

19	'title' => $title,
20	);
21


16	'charset' => esc_attr( get_bloginfo( 'charset' ) ),
17	'title_tag' => $title,
18	'banner_title' => $banner_title,
19	+ 'logo' => ITSEC_Core::is_pro() ? 'https://ithemes.com/email_images/itsec-pro-logo-300x127.png' : 'https://ithemes.com/email_images/itsec-logo-300x127.png',
20	'title' => $title,
21	);
22

core/lib/mail-templates/header.html CHANGED Viewed

	@@ -127,7 +127,7 @@
127	<table border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;">
128	<tr>
129	<td class="container-cell" valign="top" style="border-collapse: collapse;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #404040;font-family: Helvetica;font-size: 16px;line-height: 150%;text-align: center;padding-bottom: 20px;padding-top: 20px;">
130	- <img class="preserve-ratio" src="~~https://ithemes.com/email_images/itsec-pro-~~logo~~-300x127.png~~" style="max-width: 300px;border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto;" width="300" height="127" alt="" align="center">
131	</td>
132	</tr>
133	</table>


127	<table border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;">
128	<tr>
129	<td class="container-cell" valign="top" style="border-collapse: collapse;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #404040;font-family: Helvetica;font-size: 16px;line-height: 150%;text-align: center;padding-bottom: 20px;padding-top: 20px;">
130	+ <img class="preserve-ratio" src="{{ $logo }}" style="max-width: 300px;border: 0;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;height: auto;" width="300" height="127" alt="" align="center">
131	</td>
132	</tr>
133	</table>

core/modules/file-change/validator.php CHANGED Viewed

	@@ -4,10 +4,10 @@ class ITSEC_File_Change_Validator extends ITSEC_Validator {
4	public function get_id() {
5	return 'file-change';
6	}
7	-
8	protected function sanitize_settings() {
9	$previous_settings = ITSEC_Modules::get_settings( $this->get_id() );
10	-
11	if ( ! isset( $this->settings['last_run'] ) ) {
12	$this->settings['last_run'] = $previous_settings['last_run'];
13	}
	@@ -18,6 +18,7 @@ class ITSEC_File_Change_Validator extends ITSEC_Validator {
18	$this->settings['show_warning'] = $previous_settings['show_warning'];
19	}
20

21	$this->vars_to_skip_validate_matching_types[] = 'last_chunk';
22
23	$this->sanitize_setting( 'bool', 'split', __( 'Split File Scanning', 'better-wp-security' ) );
	@@ -27,13 +28,13 @@ class ITSEC_File_Change_Validator extends ITSEC_Validator {
27	$this->sanitize_setting( 'bool', 'email', __( 'Email File Change Notifications', 'better-wp-security' ) );
28	$this->sanitize_setting( 'bool', 'notify_admin', __( 'Display File Change Admin Warning', 'better-wp-security' ) );
29	$this->sanitize_setting( 'positive-int', 'last_run', __( 'Last Run', 'better-wp-security' ), false );
30	-
31	$this->settings = apply_filters( 'itsec-file-change-sanitize-settings', $this->settings );
32	}
33	-
34	protected function validate_settings() {
35	$current_time = ITSEC_Core::get_current_time();
36	-
37	if ( defined( 'ITSEC_DOING_FILE_CHECK' ) && true === ITSEC_DOING_FILE_CHECK ) {
38	$this->settings['last_run'] = $current_time;
39	} else {
	@@ -42,7 +43,7 @@ class ITSEC_File_Change_Validator extends ITSEC_Validator {
42	} else {
43	$interval = 86340;
44	}
45	-
46	if ( $this->settings['last_run'] <= $current_time - $interval ) {
47	$this->settings['last_run'] = $current_time - $interval + 120;
48	}


4	public function get_id() {
5	return 'file-change';
6	}
7	+
8	protected function sanitize_settings() {
9	$previous_settings = ITSEC_Modules::get_settings( $this->get_id() );
10	+
11	if ( ! isset( $this->settings['last_run'] ) ) {
12	$this->settings['last_run'] = $previous_settings['last_run'];
13	}

18	$this->settings['show_warning'] = $previous_settings['show_warning'];
19	}
20
21	+ $this->set_previous_if_empty( array( 'latest_changes' ) );
22	$this->vars_to_skip_validate_matching_types[] = 'last_chunk';
23
24	$this->sanitize_setting( 'bool', 'split', __( 'Split File Scanning', 'better-wp-security' ) );

28	$this->sanitize_setting( 'bool', 'email', __( 'Email File Change Notifications', 'better-wp-security' ) );
29	$this->sanitize_setting( 'bool', 'notify_admin', __( 'Display File Change Admin Warning', 'better-wp-security' ) );
30	$this->sanitize_setting( 'positive-int', 'last_run', __( 'Last Run', 'better-wp-security' ), false );
31	+
32	$this->settings = apply_filters( 'itsec-file-change-sanitize-settings', $this->settings );
33	}
34	+
35	protected function validate_settings() {
36	$current_time = ITSEC_Core::get_current_time();
37	+
38	if ( defined( 'ITSEC_DOING_FILE_CHECK' ) && true === ITSEC_DOING_FILE_CHECK ) {
39	$this->settings['last_run'] = $current_time;
40	} else {

43	} else {
44	$interval = 86340;
45	}
46	+
47	if ( $this->settings['last_run'] <= $current_time - $interval ) {
48	$this->settings['last_run'] = $current_time - $interval + 120;
49	}

history.txt CHANGED Viewed

	@@ -556,3 +556,8 @@
556	Bug Fix: Removed the "Wget" user agent from the Hack Repair blacklist as it can block wp-cron jobs on some hosts.
557	Bug Fix: Fixed error "PHP message: PHP Fatal error: 'continue' not in the 'loop' or 'switch' context".
558	Enhancement: Added new Daily Digest email design.


556	Bug Fix: Removed the "Wget" user agent from the Hack Repair blacklist as it can block wp-cron jobs on some hosts.
557	Bug Fix: Fixed error "PHP message: PHP Fatal error: 'continue' not in the 'loop' or 'switch' context".
558	Enhancement: Added new Daily Digest email design.
559	+ 5.6.4 - 2016-10-14 - Chris Jean
560	+ Bug Fix: Fixed issue that reported invalid counts for host and user lockouts in the daily digest email.
561	+ Bug Fix: Fixed issue that caused the daily digest email to be sent every day, even if no lockouts occurred and no file changes were found.
562	+ Bug Fix: Fixed issue that could prevent saving of File Change settings, resulting in an error messages of "A validation function for file-change received data that did not have the required entry for latest_changes."
563	+ Bug Fix: Fixed iThemes Security Pro logo appearing in daily digest emails.

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: ithemes, chrisjean, gerroald, mattdanner
3	Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4	Requires at least: 4.2
5	Tested up to: 4.6.1
6	- Stable tag: 5.6.3
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -188,6 +188,12 @@ Free support may be available with the help of the community in the <a href="htt
188
189	== Changelog ==
190






191	= 5.6.3 =
192	* Bug Fix: Removed the "Wget" user agent from the Hack Repair blacklist as it can block wp-cron jobs on some hosts.
193	* Bug Fix: Fixed error "PHP message: PHP Fatal error: 'continue' not in the 'loop' or 'switch' context".
	@@ -1584,5 +1590,5 @@ This release is a complete rewrite from the ground up. Special thanks to Cory Mi
1584
1585	== Upgrade Notice ==
1586
1587	- = 5.6.3 =
1588	- Version 5.6.3 contains ~~bug fixes and~~ a ~~renewed~~ ~~Daily~~ ~~Digest~~ ~~email design~~. It is recommended for all users.


3	Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4	Requires at least: 4.2
5	Tested up to: 4.6.1
6	+ Stable tag: 5.6.4
7	License: GPLv2 or later
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9

188
189	== Changelog ==
190
191	+ = 5.6.4 =
192	+ * Bug Fix: Fixed issue that reported invalid counts for host and user lockouts in the daily digest email.
193	+ * Bug Fix: Fixed issue that caused the daily digest email to be sent every day, even if no lockouts occurred and no file changes were found.
194	+ * Bug Fix: Fixed issue that could prevent saving of File Change settings, resulting in an error messages of "A validation function for file-change received data that did not have the required entry for latest_changes."
195	+ * Bug Fix: Fixed iThemes Security Pro logo appearing in daily digest emails.
196	+
197	= 5.6.3 =
198	* Bug Fix: Removed the "Wget" user agent from the Hack Repair blacklist as it can block wp-cron jobs on some hosts.
199	* Bug Fix: Fixed error "PHP message: PHP Fatal error: 'continue' not in the 'loop' or 'switch' context".

1590
1591	== Upgrade Notice ==
1592
1593	+ = 5.6.4 =
1594	+ Version 5.6.4 contains a number of bug fixes. It is recommended for all users.

iThemes Security (formerly Better WP Security) - Version 5.6.4

Version Description

Release Info

Code changes from version 5.6.3 to 5.6.4