Anti-Malware Security and Brute-Force Firewall - Version 4.14.59

Version Description

  • Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
  • Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.14.59
Comparing to
See all releases

Code changes from version 4.14.55 to 4.14.59

Files changed (7) hide show
  1. images/.htaccess +2 -2
  2. images/index.php +2 -2
  3. index.php +20 -20
  4. readme.txt +10 -3
  5. safe-load/.htaccess +2 -2
  6. safe-load/index.php +1 -1
  7. safe-load/session.php +1 -1
images/.htaccess CHANGED
@@ -1,8 +1,8 @@
1
- # BEGIN WordPress
2
  <IfModule mod_rewrite.c>
3
  RewriteEngine On
4
  RewriteCond %{REQUEST_FILENAME} !-f
5
  RewriteCond %{REQUEST_FILENAME} !-d
6
  RewriteRule . index.php [L]
7
  </IfModule>
8
- # END WordPress
1
+ # BEGIN GOTMLS Directory Protection
2
  <IfModule mod_rewrite.c>
3
  RewriteEngine On
4
  RewriteCond %{REQUEST_FILENAME} !-f
5
  RewriteCond %{REQUEST_FILENAME} !-d
6
  RewriteRule . index.php [L]
7
  </IfModule>
8
+ # END GOTMLS Directory Protection
images/index.php CHANGED
@@ -10,7 +10,7 @@ function GOTMLS_define($DEF, $val) {
10
  define($DEF, $val);
11
  }}
12
 
13
- GOTMLS_define("GOTMLS_Version", "4.14.55");
14
  GOTMLS_define("GOTMLS_require_version", "3.3");
15
  GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16
  GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
@@ -46,7 +46,7 @@ function GOTMLS_decode($encoded_string) {
46
  return "Cannot decode: $encoded_string";
47
  }}
48
 
49
- if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) || !defined("GOTMLS_plugin_path")) {
50
  $file = explode("?", GOTMLS_script_URI."?");
51
  if (isset($_GET["test"]) && GOTMLS_get_ext($file[0]) == "js") {
52
  $file = explode("/", $file[0]);
10
  define($DEF, $val);
11
  }}
12
 
13
+ GOTMLS_define("GOTMLS_Version", "4.14.59");
14
  GOTMLS_define("GOTMLS_require_version", "3.3");
15
  GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
16
  GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
46
  return "Cannot decode: $encoded_string";
47
  }}
48
 
49
+ if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__))) || !defined("GOTMLS_plugin_path")) {
50
  $file = explode("?", GOTMLS_script_URI."?");
51
  if (isset($_GET["test"]) && GOTMLS_get_ext($file[0]) == "js") {
52
  $file = explode("/", $file[0]);
index.php CHANGED
@@ -8,9 +8,9 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
- Version: 4.14.55
12
  */
13
- if (isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
15
  else
16
  require_once(dirname(__FILE__)."/images/index.php");
@@ -46,19 +46,18 @@ function GOTMLS_install() {
46
  register_activation_hook(__FILE__, "GOTMLS_install");
47
 
48
  function GOTMLS_menu() {
49
- if ($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] > 2 && is_multisite()) {
50
- $_POST["GOTMLS_menu_group"] = 1;
51
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
52
- } elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
53
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
54
  if (isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
55
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
56
- $capabilities = array();
57
  if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
58
  foreach (get_editable_roles() as $role)
59
  $capabilities = array_merge($capabilities, $role["capabilities"]);
60
  if (isset($_POST["GOTMLS_user_can"]) && in_array($_POST["GOTMLS_user_can"], $capabilities))
61
- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = $_POST["GOTMLS_user_can"];
62
  update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
63
  }
64
  $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
@@ -77,12 +76,6 @@ function GOTMLS_menu() {
77
  }
78
 
79
  function GOTMLS_admin_add_help_tab() {
80
- $GOTMLS_menu_groups = array(__("Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>",'gotmls'),__("Main Menu Item placed below <b>Settings</b>",'gotmls'));
81
- if (is_multisite() && current_user_can("manage_network"))
82
- $GOTMLS_menu_groups[] = __("ONLY SHOW for <b>Network Admins</b>",'gotmls');
83
- $menu_opts = '<h5>'.__("Menu Item Placement Options",'gotmls').'</h5>';
84
- foreach ($GOTMLS_menu_groups as $mg => $GOTMLS_menu_group)
85
- $menu_opts .= '<div style="padding: 4px;" id="menu_group_div_'.$mg.'"><input type="radio" name="GOTMLS_menu_group" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"]==$mg?' checked':'').' onchange="document.GOTMLS_menu_Form.submit();" />'.$GOTMLS_menu_group.'</div>';
86
  $screen = get_current_screen();
87
  $screen->add_help_tab(array(
88
  'id' => "GOTMLS_Getting_Started",
@@ -97,6 +90,13 @@ function GOTMLS_admin_add_help_tab() {
97
  'content' => '<p>'.preg_replace('/\[(.+?)\]\((.+?)\)/', "<a target=\"_blank\" href=\"\\2\">\\1</a>", preg_replace('/[\r\n]+= /', "</p><b>", preg_replace('/ =[\r\n]+/', "</b><p>", $readme[0]))).'</p>'
98
  ));
99
  }
 
 
 
 
 
 
 
100
  $screen->add_help_tab(array(
101
  'id' => 'GOTMLS_Menu_Placement',
102
  'title' => __("Menu Placement", 'gotmls'),
@@ -364,7 +364,7 @@ setDiv("div_file");
364
  <div>
365
  <div>'.__("Plugin Installation Key:",'gotmls').'</div>
366
  <input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
367
- <input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>', "stuffbox").'
368
  <script type="text/javascript">
369
  function check_for_updates(update_type) {
370
  showhide(update_type, true);
@@ -1022,10 +1022,10 @@ showhide("pause_button", true);'."\n/*<!--*"."/";
1022
  $patch_status = 0;
1023
  $patch_found = -1;
1024
  $patch_action = "";
1025
- $find = "#if\s*\(\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#";
1026
- $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/'), $find);
1027
  if (file_exists(dirname(__FILE__).'/../../../wp-config.php') && ($config = @file_get_contents(dirname(__FILE__).'/../../../wp-config.php')) && strlen($config) && ($patch_found = preg_match($find, $config))) {
1028
- if (strpos($config, $head)) {
1029
  if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', preg_replace('#<\?[ph\s]+(//.*\s*)*\?>#i', "", preg_replace($find, "", $config))))
1030
  $patch_action .= '<div class="error">'.__("Removed Brute-Force Protection",'gotmls').'</div>';
1031
  else
@@ -1051,10 +1051,10 @@ showhide("pause_button", true);'."\n/*<!--*"."/";
1051
  $sec_opts = '
1052
  <p><img src="'.GOTMLS_images_path.'checked.gif"><b>Revolution Slider Exploit Protection (Automatically Enabled)</b></p><div style="padding: 0 30px;">'.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').'</div><hr />
1053
  '.$patch_action.'
1054
- <form method="POST" name="GOTMLS_Form_patch"><p style="float: right;"><input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'">':' display: none;" id="GOTMLS_patch_button"><div id="GOTMLS_patch_searching" style="float: right;">'.__("Checking for session compatability ...",'gotmls').' <img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /></div>').'<input type="hidden" name="GOTMLS_patching" value="1"></p><p><img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"><b>Brute-force Protection '.$patch_attr[$patch_status]["status"].'</b></p><div style="padding: 0 30px;"> &nbsp; * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' <a target="_blank" href="http://gotmls.net/tag/wp-login-php/">'.__("read my blog",'gotmls').'</a>.</div></form>
1055
  <script type="text/javascript">
1056
- stopSettingSession = checkupdateserver("'.GOTMLS_images_path.'session.js?test='.$js.'", "GOTMLS_patch_button");
1057
- stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'session.js?test='.$js.'", "GOTMLS_patch_button");
1058
  </script>';
1059
  $admin_notice = "";
1060
  if ($current_user->user_login == "admin") {
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.14.59
12
  */
13
+ if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
15
  else
16
  require_once(dirname(__FILE__)."/images/index.php");
46
  register_activation_hook(__FILE__, "GOTMLS_install");
47
 
48
  function GOTMLS_menu() {
49
+ if (is_multisite())
 
50
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "manage_network";
51
+ elseif (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]) || $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] == "manage_network")
52
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = "activate_plugins";
53
  if (isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
54
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
55
+ /* $capabilities = array();
56
  if (current_user_can($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"]))
57
  foreach (get_editable_roles() as $role)
58
  $capabilities = array_merge($capabilities, $role["capabilities"]);
59
  if (isset($_POST["GOTMLS_user_can"]) && in_array($_POST["GOTMLS_user_can"], $capabilities))
60
+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"] = $_POST["GOTMLS_user_can"];*/
61
  update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
62
  }
63
  $GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
76
  }
77
 
78
  function GOTMLS_admin_add_help_tab() {
 
 
 
 
 
 
79
  $screen = get_current_screen();
80
  $screen->add_help_tab(array(
81
  'id' => "GOTMLS_Getting_Started",
90
  'content' => '<p>'.preg_replace('/\[(.+?)\]\((.+?)\)/', "<a target=\"_blank\" href=\"\\2\">\\1</a>", preg_replace('/[\r\n]+= /', "</p><b>", preg_replace('/ =[\r\n]+/', "</b><p>", $readme[0]))).'</p>'
91
  ));
92
  }
93
+ if (is_multisite() && current_user_can("manage_network"))
94
+ $GOTMLS_menu_groups = array(__("Main Menu Item placed at the <b>Top</b>",'gotmls'),__("Main Menu Item placed at the <b>Bottom</b>",'gotmls'));
95
+ else
96
+ $GOTMLS_menu_groups = array(__("Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>",'gotmls'),__("Main Menu Item placed below <b>Settings</b>",'gotmls'));
97
+ $menu_opts = '<h5>'.__("Menu Item Placement Options",'gotmls').'</h5>';
98
+ foreach ($GOTMLS_menu_groups as $mg => $GOTMLS_menu_group)
99
+ $menu_opts .= '<div style="padding: 4px;" id="menu_group_div_'.$mg.'"><input type="radio" name="GOTMLS_menu_group" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"]==$mg?' checked':'').' onchange="document.GOTMLS_menu_Form.submit();" />'.$GOTMLS_menu_group.'</div>';
100
  $screen->add_help_tab(array(
101
  'id' => 'GOTMLS_Menu_Placement',
102
  'title' => __("Menu Placement", 'gotmls'),
364
  <div>
365
  <div>'.__("Plugin Installation Key:",'gotmls').'</div>
366
  <input style="width: 100%;" id="installation_key" type="text" name="installation_key" value="'.GOTMLS_installation_key.'" readonly /><input id="old_key" type="hidden" name="old_key" value="'.md5($GOTMLS_url_parts[2]).'" /></div>
367
+ <input style="width: 100%;" id="wp-submit" type="submit" name="wp-submit" value="Register Now!" /></form></div>'.$Update_Link, "stuffbox").'
368
  <script type="text/javascript">
369
  function check_for_updates(update_type) {
370
  showhide(update_type, true);
1022
  $patch_status = 0;
1023
  $patch_found = -1;
1024
  $patch_action = "";
1025
+ $find = "#if\s*\(([^\&]+\&\&)?\s*file_exists\((.+?)(safe-load|wp-login)\.php'\)\)\s*require(_once)?\((.+?)(safe-load|wp-login)\.php'\);#";
1026
+ $head = str_replace(array('#', '\\(', '\\)', '(_once)?', ')\\.', '\\s*', '(.+?)(', '|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1027
  if (file_exists(dirname(__FILE__).'/../../../wp-config.php') && ($config = @file_get_contents(dirname(__FILE__).'/../../../wp-config.php')) && strlen($config) && ($patch_found = preg_match($find, $config))) {
1028
+ if (strpos($config, substr($head, strpos($head, "file_exists")))) {
1029
  if (isset($_POST["GOTMLS_patching"]) && GOTMLS_file_put_contents(dirname(__FILE__).'/../../../wp-config.php', preg_replace('#<\?[ph\s]+(//.*\s*)*\?>#i', "", preg_replace($find, "", $config))))
1030
  $patch_action .= '<div class="error">'.__("Removed Brute-Force Protection",'gotmls').'</div>';
1031
  else
1051
  $sec_opts = '
1052
  <p><img src="'.GOTMLS_images_path.'checked.gif"><b>Revolution Slider Exploit Protection (Automatically Enabled)</b></p><div style="padding: 0 30px;">'.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').'</div><hr />
1053
  '.$patch_action.'
1054
+ <form method="POST" name="GOTMLS_Form_patch"><p style="float: right;"><input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'">':' display: none;" id="GOTMLS_patch_button"><div id="GOTMLS_patch_searching" style="float: right;">'.__("Checking for session compatibility ...",'gotmls').' <img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /></div>').'<input type="hidden" name="GOTMLS_patching" value="1"></p><p><img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"><b>Brute-force Protection '.$patch_attr[$patch_status]["status"].'</b></p><div style="padding: 0 30px;"> &nbsp; * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' <a target="_blank" href="http://gotmls.net/tag/wp-login-php/">'.__("read my blog",'gotmls').'</a>.</div></form>
1055
  <script type="text/javascript">
1056
+ stopSettingSession = checkupdateserver("'.GOTMLS_images_path.'session.js?test='.$js.'", "GOTMLS_patch_searching");
1057
+ stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'session.js?test='.$js.'", "GOTMLS_patch_searching");
1058
  </script>';
1059
  $admin_notice = "";
1060
  if ($current_user->user_login == "admin") {
readme.txt CHANGED
@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
- Version: 4.14.55
9
- Stable tag: 4.14.55
10
  Requires at least: 3.3
11
  Tested up to: 4.1
12
 
@@ -24,7 +24,7 @@ This Anti-Malware plugin searches for Malware and other Virus like threats and s
24
  * Run a Complete Scan from the Settings Page.
25
  * Download Definition Updates to protect against new threats.
26
 
27
- Updated January 17th
28
 
29
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
 
@@ -89,6 +89,10 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
89
 
90
  == Changelog ==
91
 
 
 
 
 
92
  = 4.14.55 =
93
  * Added link to view a simple scan history on the Quarantine page.
94
  * Updated firewall to better protect agains new variations of the RevSlider Exploit.
@@ -288,6 +292,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
288
 
289
  == Upgrade Notice ==
290
 
 
 
 
291
  = 4.14.55 =
292
  Added link to scan history, improved check for session support before giving installing Brute-Force patch, and updated firewall to better protect agains the RevSlider Exploit.
293
 
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.14.59
9
+ Stable tag: 4.14.59
10
  Requires at least: 3.3
11
  Tested up to: 4.1
12
 
24
  * Run a Complete Scan from the Settings Page.
25
  * Download Definition Updates to protect against new threats.
26
 
27
+ Updated February 6th
28
 
29
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
 
89
 
90
  == Changelog ==
91
 
92
+ = 4.14.59 =
93
+ * Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
94
+ * Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.
95
+
96
  = 4.14.55 =
97
  * Added link to view a simple scan history on the Quarantine page.
98
  * Updated firewall to better protect agains new variations of the RevSlider Exploit.
292
 
293
  == Upgrade Notice ==
294
 
295
+ = 4.14.59 =
296
+ Improved session check for the Brute-Force Protection and support for Multisite menu.
297
+
298
  = 4.14.55 =
299
  Added link to scan history, improved check for session support before giving installing Brute-Force patch, and updated firewall to better protect agains the RevSlider Exploit.
300
 
safe-load/.htaccess CHANGED
@@ -1,8 +1,8 @@
1
- # BEGIN WordPress
2
  <IfModule mod_rewrite.c>
3
  RewriteEngine On
4
  RewriteCond %{REQUEST_FILENAME} !-f
5
  RewriteCond %{REQUEST_FILENAME} !-d
6
  RewriteRule . index.php [L]
7
  </IfModule>
8
- # END WordPress
1
+ # BEGIN GOTMLS Directory Protection
2
  <IfModule mod_rewrite.c>
3
  RewriteEngine On
4
  RewriteCond %{REQUEST_FILENAME} !-f
5
  RewriteCond %{REQUEST_FILENAME} !-d
6
  RewriteRule . index.php [L]
7
  </IfModule>
8
+ # END GOTMLS Directory Protection
safe-load/index.php CHANGED
@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
12
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
  foreach (array("log") as $var)
14
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15
- header("location: http://safe-load.gotmls.net/report.php?ver=4.14.55".$_SESSION["GOTMLS_detected_attacks"]);
16
  die();
12
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
  foreach (array("log") as $var)
14
  $_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15
+ header("location: http://safe-load.gotmls.net/report.php?ver=4.14.59".$_SESSION["GOTMLS_detected_attacks"]);
16
  die();
safe-load/session.php CHANGED
@@ -4,7 +4,7 @@
4
  * @package GOTMLS
5
  */
6
 
7
- if (!defined(GOTMLS_SESSION_TIME))
8
  define("GOTMLS_SESSION_TIME", microtime(true));
9
  if (!@session_id())
10
  @session_start();
4
  * @package GOTMLS
5
  */
6
 
7
+ if (!defined("GOTMLS_SESSION_TIME"))
8
  define("GOTMLS_SESSION_TIME", microtime(true));
9
  if (!@session_id())
10
  @session_start();