Anti-Malware Security and Brute-Force Firewall

Version Description

Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
Added firewall options for better compatibility with WP Firewall 2.
Fixed an XSS vulnerability in the debug output of the nonce token.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.16.17
Comparing to
See all releases

Code changes from version 4.15.49 to 4.16.17

Files changed (3) hide show

images/index.php +19 -13
index.php +76 -42
readme.txt +12 -4

images/index.php CHANGED Viewed

	@@ -126,7 +126,7 @@ if (function_exists("get_option")) {
126
127	if (!function_exists("GOTMLS_Invalid_Nonce")) {
128	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
129	- return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?$_REQUEST["GOTMLS_mt"].(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:"!found"):"GOTMLS_mt!set");
130	}}
131
132	if (!function_exists("GOTMLS_set_nonce")) {
	@@ -173,8 +173,6 @@ if (isset($_REQEUST['img']) && substr(strtolower($_SERVER["SCRIPT_FILENAME"]), -
173	include(dirname(__FILE__)."/../safe-load/index.php");
174	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
175	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
176	- if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"]))
177	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = 0;
178	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
179	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
180	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))
	@@ -232,10 +230,11 @@ function GOTMLS_loaded() {
232	if (!is_numeric($linenum))
233	$linenum = __("unknown",'gotmls');
234	$GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
235	- } elseif (~~!session_id() &&~~ isset($_GET["SESSION"]))
236	@session_start();
237	- if (session_id() && ~~isset(~~$_GET["SESSION"]) ~~&& $_GET["SESSION"]~~ == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
238	- $_SESSION["GOTMLS_debug"]=array();

239	}
240
241	if (!function_exists("add_action")) {
	@@ -366,16 +365,16 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
366
367	function GOTMLS_scanfile($file) {
368	global $wp_version, $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;

369	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
370	$gt = ">";
371	$lt = "<";
372	$found = false;
373	$threat_link = "";
374	$className = "scanned";
375	- $~~clean_file~~ = ~~GOTMLS_encode~~($file);
376	- $~~file_name~~ = ~~GOTMLS_explode_dir~~($~~file~~);
377	- $~~file_parts~~ = ~~explode~~(".", "."~~.array_pop~~($~~file_name~~));
378	- if (is_file($file) && ($filesize = filesize($file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
379	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]))
380	$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
381	else
	@@ -423,17 +422,19 @@ function GOTMLS_scanfile($file) {
423	}
424	}
425	} else {
426	- $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = (is_file($~~file~~)?(is_readable($~~file~~)?(filesize($~~file~~)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($~~file~~, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls'));
427	- // $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $~~file~~);
428	$className = "errors";
429	}
430	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
431	$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."431").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
432	if ($className == "errors") {

433	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
434	$imageFile = "/blocked";
435	} elseif ($className != "potential") {
436	if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {

437	if (GOTMLS_get_nonce()) {
438	if ($className == "timthumb") {
439	if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)
	@@ -469,6 +470,7 @@ function GOTMLS_scanfile($file) {
469	return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";
470	}
471	}

472	$threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
473	$imageFile = "threat";
474	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
	@@ -478,10 +480,13 @@ function GOTMLS_scanfile($file) {
478	$imageFile = "question";
479	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
480	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {

481	echo __("Already Fixed!",'gotmls');
482	return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
483	- } else

484	return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);

485	}
486
487	function GOTMLS_remove_dots($dir) {
	@@ -761,6 +766,7 @@ function GOTMLS_check_file($file) {
761	else {
762	try {
763	echo @GOTMLS_scanfile($file);

764	} catch (Exception $e) {
765	die("//Exception:".GOTMLS_strip4java($e));
766	}


126
127	if (!function_exists("GOTMLS_Invalid_Nonce")) {
128	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
129	+ return $pre.__("Invalid or expired Nonce Token!",'gotmls').((isset($_REQUEST["GOTMLS_mt"]) && is_numeric($_REQUEST["GOTMLS_mt"]))?$_REQUEST["GOTMLS_mt"].(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:"!found"):"GOTMLS_mt!set");
130	}}
131
132	if (!function_exists("GOTMLS_set_nonce")) {

173	include(dirname(__FILE__)."/../safe-load/index.php");
174	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
175	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];


176	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
177	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"] = 2;
178	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"]))

230	if (!is_numeric($linenum))
231	$linenum = __("unknown",'gotmls');
232	$GLOBALS["GOTMLS"]["tmp"]["HeadersError"] = '<div class="error">'.sprintf(__('<b>Headers already sent</b> in %1$s on line %2$s.<br />This is not a good sign, it may just be a poorly written plugin but Headers should not have been sent at this point.<br />Check the code in the above mentioned file to fix this problem.','gotmls'), $filename, $linenum).'</div>';
233	+ } elseif (isset($_GET["SESSION"]) && !session_id()) {
234	@session_start();
235	+ if (session_id() && $_GET["SESSION"] == "GOTMLS_debug" && !isset($_SESSION["GOTMLS_debug"]))
236	+ $_SESSION["GOTMLS_debug"]=array();
237	+ }
238	}
239
240	if (!function_exists("add_action")) {

365
366	function GOTMLS_scanfile($file) {
367	global $wp_version, $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
368	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Scanning...";
369	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
370	$gt = ">";
371	$lt = "<";
372	$found = false;
373	$threat_link = "";
374	$className = "scanned";
375	+ $real_file = realpath($file);
376	+ $clean_file = GOTMLS_encode($real_file);
377	+ if (is_file($real_file) && ($filesize = filesize($real_file)) && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($real_file))) {

378	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]))
379	$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
380	else

422	}
423	}
424	} else {
425	+ $GLOBALS["GOTMLS"]["tmp"]["file_contents"] = (is_file($real_file)?(is_readable($real_file)?(filesize($real_file)?__("Failed to read file contents!",'gotmls'):__("Empty file!",'gotmls')):(isset($_GET["eli"])?(@chmod($real_file, $GOTMLS_chmod_file)?__("Fixed file permissions! (try again)",'gotmls'):__("File permissions read-only!",'gotmls')):__("File not readable!",'gotmls'))):__("File does not exist!",'gotmls'));
426	+ // $threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $real_file);
427	$className = "errors";
428	}
429	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
430	$threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&'.GOTMLS_set_nonce(__FUNCTION__."431").'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|GOTMLS_mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left; white-space: nowrap;"'.$gt.__("Examine File",'gotmls').' ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.htmlspecialchars(GOTMLS_strip4java($file), ENT_NOQUOTES)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
431	if ($className == "errors") {
432	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="errors";
433	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
434	$imageFile = "/blocked";
435	} elseif ($className != "potential") {
436	if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
437	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="GOTMLS_fix";
438	if (GOTMLS_get_nonce()) {
439	if ($className == "timthumb") {
440	if (($source = GOTMLS_get_URL("http://$className.googlecode.com/svn/trunk/$className.php")) && strlen($source) > 500)

470	return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";
471	}
472	}
473	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]=isset($_POST["GOTMLS_fix"])?"GOTMLS_fix=".htmlspecialchars(print_r($_POST["GOTMLS_fix"],1)):"!potential";
474	$threat_link = $lt.'input type="checkbox" name="GOTMLS_fix[]" value="'.$clean_file.'" id="check_'.$clean_file.(($className != "wp_core")?'" checked="'.$className:'').'" /'.$gt.$threat_link;
475	$imageFile = "threat";
476	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {

480	$imageFile = "question";
481	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
482	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
483	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="Already Fixed";
484	echo __("Already Fixed!",'gotmls');
485	return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
486	+ } else {
487	+ $GLOBALS["GOTMLS"]["tmp"]["debug_fix"]="no threat";
488	return GOTMLS_return_threat($className, ($className=="scanned"?"checked":"blocked").".gif?$className", $file, $threat_link);
489	+ }
490	}
491
492	function GOTMLS_remove_dots($dir) {

766	else {
767	try {
768	echo @GOTMLS_scanfile($file);
769	+ echo "//debug_fix:".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"];
770	} catch (Exception $e) {
771	die("//Exception:".GOTMLS_strip4java($e));
772	}

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.15.49
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -18,7 +18,7 @@ else
18	* / /\ GOTMLS Main Plugin File
19	* / /:/ @package GOTMLS
20	* /__/::\
21	- Copyright \__\/\:\__ © 2012-~~2015~~ Eli Scheetz (email: eli@gotmls.net)
22	* \ \:\/\
23	* \__\::/ This program is free software; you can redistribute it
24	* ___ /__/:/ and/or modify it under the terms of the GNU General Public
	@@ -57,23 +57,18 @@ function GOTMLS_user_can() {
57	}
58
59	function GOTMLS_menu() {
60	- if (GOTMLS_user_can() && GOTMLS_get_nonce() && isset($_POST["GOTMLS_menu_group"]) && is_numeric($_POST["GOTMLS_menu_group"])) {
61	- $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"] = $_POST["GOTMLS_menu_group"];
62	- update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
63	- }
64	$GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
65	$base_page = "GOTMLS-settings";
66	$base_function = "GOTMLS_settings";
67	$pluginTitle = "Anti-Malware";
68	$pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE;
69	- if (~~!function_exists~~(~~"add_object_page"~~) ~~\|\| $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"])~~
70	$my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
71	- ~~else~~
72	- ~~$my_admin_page = add_object_page~~($~~pageTitle~~, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function~~, $GOTMLS_Full_plugin_logo_URL~~);
73	- ~~add_action~~(~~'load~~-~~'.$my_admin_page~~, ~~'GOTMLS_admin_add_help_tab'~~);
74	- add_submenu_page($base_page, "$pluginTitle ".~~GOTMLS_Scan_Settings_LANGUAGE~~, ~~GOTMLS_Scan_Settings_LANGUAGE~~, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], ~~$base_page~~, ~~$base_function~~);
75	- ~~add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options");~~
76	- add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
77	}
78
79	function GOTMLS_admin_add_help_tab() {
	@@ -91,18 +86,6 @@ function GOTMLS_admin_add_help_tab() {
91	'content' => '<p>'.preg_replace('/\[(.+?)\]$(.+?)$/', "<a target=\"_blank\" href=\"\\2\">\\1</a>", preg_replace('/[\r\n]+= /', "</p><b>", preg_replace('/ =[\r\n]+/', "</b><p>", $readme[0]))).'</p>'
92	));
93	}
94	- if (is_multisite() && current_user_can("manage_network"))
95	- $GOTMLS_menu_groups = array(__("Main Menu Item placed at the <b>Top</b>",'gotmls'),__("Main Menu Item placed at the <b>Bottom</b>",'gotmls'));
96	- else
97	- $GOTMLS_menu_groups = array(__("Main Menu Item placed below <b>Comments</b> and above <b>Appearance</b>",'gotmls'),__("Main Menu Item placed below <b>Settings</b>",'gotmls'));
98	- $menu_opts = '<h5>'.__("Menu Item Placement Options",'gotmls').'</h5>';
99	- foreach ($GOTMLS_menu_groups as $mg => $GOTMLS_menu_group)
100	- $menu_opts .= '<div style="padding: 4px;" id="menu_group_div_'.$mg.'"><input type="radio" name="GOTMLS_menu_group" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["menu_group"]==$mg?' checked':'').' onchange="document.GOTMLS_menu_Form.submit();" />'.$GOTMLS_menu_group.'</div>';
101	- $screen->add_help_tab(array(
102	- 'id' => 'GOTMLS_Menu_Placement',
103	- 'title' => __("Menu Placement", 'gotmls'),
104	- 'content' => '<form method="POST" name="GOTMLS_menu_Form" action="'.admin_url('admin.php?page=GOTMLS-settings&'.GOTMLS_set_nonce(__FUNCTION__."109")).'">'.$menu_opts.'</form>'
105	- ));
106	}
107
108	function GOTMLS_close_button($box_id, $margin = '6px') {
	@@ -133,6 +116,10 @@ function GOTMLS_display_header($optional_box = "") {
133	}
134	$Update_Link .= "\">$new_version</a></div>";
135	$defLatest = (is_numeric($Latest = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]))) && is_numeric($Default = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"]))) && $Latest > $Default)?1:0;




136	$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
137	echo '
138	span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
	@@ -365,7 +352,7 @@ setDiv("div_file");
365	'.GOTMLS_box(__("Updates & Registration",'gotmls'), '<ul style=""><li>WordPress: <span class="GOTMLS_date">'.$wp_version.'</span></li>
366	<li>Plugin: <span class="GOTMLS_date">'.GOTMLS_Version.'</span></li>
367	<li>Definitions: <span class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li>
368	- <li>'.(!$defLatest?'<span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="~~button~~" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(\'Definition_Updates\');" /></span><div id="GOTMLS_Key" style="display: none; ':'<div style="').'margin: 0;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div></li></ul>
369	<form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.GOTMLS_set_nonce(__FUNCTION__."373").'">
370	<img style="display: none; float: right; margin-right: 14px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions file updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true);">
371	'.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'
	@@ -441,7 +428,7 @@ setDiv("div_file");
441	setDivNAtext();
442	'.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
443	}
444	- if ('.$defLatest.')
445	check_for_updates("Definition_Updates");
446	// else showhide("registerKeyForm", true);
447	if (divNAtext)
	@@ -487,7 +474,7 @@ setDiv("div_file");
487	</ul>
488	</div>
489	</form>
490	- <a target="_blank" href="~~http~~://~~safebrowsing~~.~~clients.~~google.com/safebrowsing/diagnostic~~?site~~='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").'
491	'.GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").'
492	'.$optional_box.'
493	</div>';
	@@ -722,6 +709,7 @@ function GOTMLS_View_Quarantine() {
722	}
723
724	function GOTMLS_Firewall_Options() {

725	GOTMLS_update_definitions();
726	GOTMLS_display_header();
727	$GOTMLS_nonce_found = GOTMLS_get_nonce();
	@@ -747,7 +735,7 @@ function GOTMLS_Firewall_Options() {
747	"icon" => "threat"
748	)
749	);
750	- $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" style="display: none;" id="GOTMLS_XMLRPC_patch_button"'.$gt.$lt.'div id="GOTMLS_XMLRPC_patch_searching"'.$gt.__("Checking .htaccess file ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="~~padding~~: ~~0 30px~~;"'.$gt.$lt.'~~p'.$gt.$lt.'b'.$gt.$lt.'img~~ ~~src~~="~~'.GOTMLS_images_path.'question.gif~~"~~'.$gt.'Allow/Block~~ ~~XMLRPC~~ ~~Access (~~';
751	$patch_found = false;
752	$find = '\|<Files[^>]+xmlrpc.php>(.+?)</Files>\s(# END GOTMLS Patch to Block XMLRPC Access\s)*\|is';
753	$head = str_replace(array('\|<Files[^>]+', '(.+?)', '\\s(', '\\s)*\|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);
	@@ -757,18 +745,18 @@ function GOTMLS_Firewall_Options() {
757	$patch_found = preg_match($find, $htaccess);
758	if ($patch_found) {
759	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
760	- $patch_action .= $lt.'img src="'.GOTMLS_images_path.'~~checked~~.gif"'.$gt.' Now Allowing';
761	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
762	- $patch_action = ~~str_replace(~~'1"'.$gt.$lt.'input type="submit" value="~~Block',~~ '-1"~~'.$~~gt.$lt.'~~input~~ ~~type~~="~~submit"~~ ~~value=~~"~~Unblock~~'~~, $patch_action)~~.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still ~~Blocked~~: '.sprintf(__("Failed to remove XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
763	else
764	- $patch_action = ~~str_replace(~~'1"'.$gt.$lt.'input type="submit" value="~~Block',~~ '-1"~~'.$~~gt.$lt.'~~input~~ ~~type~~="~~submit~~" ~~value~~="~~Unblock~~'~~, $patch_action)~~.'Currently Blocked';
765	} else {
766	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
767	- $patch_action = ~~str_replace(~~'1"'.$gt.$lt.'input type="submit" value="~~Block',~~ '-1"~~'.$~~gt.$lt.'~~input~~ ~~type~~="~~submit"~~ ~~value=~~"~~Unblock~~'~~, $patch_action)~~.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now ~~Blocking~~';
768	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
769	- $patch_action .= $lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still ~~Allowed~~: '.sprintf(__("Failed to install XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
770	else
771	- $patch_action .= 'Currently ~~Allowed~~';
772	}
773	$patch_action .= ")$lt/b$gt$lt/p$gt".__("Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
774	$patch_status = 0;
	@@ -814,18 +802,43 @@ function GOTMLS_Firewall_Options() {
814	'.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
815	$admin_notice = "";
816	if ($current_user->user_login == "admin") {
817	- ~~if (~~$~~GOTMLS_nonce_found~~ && ~~isset(~~$~~_POST["GOTMLS_admin_username"])~~ ~~&& ("admin" != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match(~~'~~/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {~~
818	- if ($~~wpdb->update~~($~~wpdb->users,~~ ~~array~~("user_login" => trim($_POST["GOTMLS_admin_username"])), ~~array~~("~~user_login~~" => "~~admin~~")))

819	$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
820	else
821	- $admin_notice .= $lt.'div class="~~updated~~"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;
822	} else {
823	- $admin_notice .= $lt.'hr /'.$gt;
824	if (isset($_POST["GOTMLS_admin_username"]))
825	$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
826	- $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="~~admin~~"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt;
827	}
828	}

























829	echo GOTMLS_box(__("Firewall Options",'gotmls'), $sec_opts.$admin_notice)."\n</div></div></div>";
830	}
831
	@@ -1249,6 +1262,27 @@ function GOTMLS_ajax_logintime() {
1249	add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1250	add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1251





















1252	function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1253	if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1254	$links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'"><span class="dashicons dashicons-admin-settings"></span>'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
	@@ -1437,7 +1471,7 @@ function GOTMLS_ajax_fix() {
1437	if (is_file($path)) {
1438	echo "<li>Fixing $path ... ";
1439	$li_js .= GOTMLS_scanfile($path);
1440	- echo "</li>\n$li_js/-->"."/\n$callAlert\n</script>\n";
1441	$li_js = "<script type=\"text/javascript\">\n/<!--"."/";
1442	} else
1443	echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";
	@@ -1576,7 +1610,7 @@ function GOTMLS_ajax_scan() {
1576	}
1577	}
1578	window.parent.showhide("GOTMLS_iFrame", true);
1579	- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1583")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1580	}
1581	}
1582	}


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.16.17
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

18	* / /\ GOTMLS Main Plugin File
19	* / /:/ @package GOTMLS
20	* /__/::\
21	+ Copyright \__\/\:\__ © 2012-2016 Eli Scheetz (email: eli@gotmls.net)
22	* \ \:\/\
23	* \__\::/ This program is free software; you can redistribute it
24	* ___ /__/:/ and/or modify it under the terms of the GNU General Public

57	}
58
59	function GOTMLS_menu() {




60	$GOTMLS_Full_plugin_logo_URL = GOTMLS_images_path.'GOTMLS-16x16.gif';
61	$base_page = "GOTMLS-settings";
62	$base_function = "GOTMLS_settings";
63	$pluginTitle = "Anti-Malware";
64	$pageTitle = "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE;
65	+ if (GOTMLS_user_can()) {
66	$my_admin_page = add_menu_page($pageTitle, $pluginTitle, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function, $GOTMLS_Full_plugin_logo_URL);
67	+ add_action('load-'.$my_admin_page, 'GOTMLS_admin_add_help_tab');
68	+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_Scan_Settings_LANGUAGE, GOTMLS_Scan_Settings_LANGUAGE, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], $base_page, $base_function);
69	+ add_submenu_page($base_page, "$pluginTitle Firewall Options", "Firewall Options", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-Firewall-Options", "GOTMLS_Firewall_Options");
70	+ add_submenu_page($base_page, "$pluginTitle ".GOTMLS_View_Quarantine_LANGUAGE, GOTMLS_View_Quarantine_LANGUAGE.(($Qs = GOTMLS_get_quarantine(true))?' <span class="awaiting-mod count-'.$Qs.'"><span class="awaiting-mod">'.$Qs.'</span></span>':""), $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["user_can"], "GOTMLS-View-Quarantine", "GOTMLS_View_Quarantine");
71	+ }

72	}
73
74	function GOTMLS_admin_add_help_tab() {

86	'content' => '<p>'.preg_replace('/\[(.+?)\]$(.+?)$/', "<a target=\"_blank\" href=\"\\2\">\\1</a>", preg_replace('/[\r\n]+= /', "</p><b>", preg_replace('/ =[\r\n]+/', "</b><p>", $readme[0]))).'</p>'
87	));
88	}












89	}
90
91	function GOTMLS_close_button($box_id, $margin = '6px') {

116	}
117	$Update_Link .= "\">$new_version</a></div>";
118	$defLatest = (is_numeric($Latest = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"]))) && is_numeric($Default = preg_replace('/[^0-9]/', "", GOTMLS_sexagesimal($GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"]))) && $Latest > $Default)?1:0;
119	+ if (is_array($keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array()))) && array_key_exists(GOTMLS_installation_key, $keys))
120	+ $isRegistered = $keys[GOTMLS_installation_key];
121	+ else
122	+ $isRegistered = "";
123	$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
124	echo '
125	span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}

352	'.GOTMLS_box(__("Updates & Registration",'gotmls'), '<ul style=""><li>WordPress: <span class="GOTMLS_date">'.$wp_version.'</span></li>
353	<li>Plugin: <span class="GOTMLS_date">'.GOTMLS_Version.'</span></li>
354	<li>Definitions: <span class="GOTMLS_date">'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"].'</span></li>
355	+ <li>'.((!$defLatest && !$isRegistered)?'<form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."349")).'" target="GOTMLS_iFrame" name="GOTMLS_Form_lognewkey"><input type="hidden" name="GOTMLS_installation_key" value="'.GOTMLS_installation_key.'"><input type="hidden" name="action" value="GOTMLS_lognewkey"><span style="color: #F00;" id="GOTMLS_No_Key">No Key! <input type="submit" style="float: right;" value="'.__("Get FREE Key!",'gotmls').'" class="button-primary" onclick="showhide(\'GOTMLS_No_Key\');showhide(\'GOTMLS_Key\', true);check_for_updates(\'Definition_Updates\');" /></span></form><div id="GOTMLS_Key" style="display: none; ':'<div style="').'margin: 0;">Key: <span style="float: right;">'.GOTMLS_installation_key.'</span></div></li></ul>
356	<form id="updateform" method="post" name="updateform" action="'.str_replace("GOTMLS_mt=", "GOTMLS_last_mt=", GOTMLS_script_URI).'&'.GOTMLS_set_nonce(__FUNCTION__."373").'">
357	<img style="display: none; float: right; margin-right: 14px;" src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="definitions file updated" id="autoUpdateDownload" onclick="showhide(\'autoUpdateForm\', true);">
358	'.str_replace('findUpdates', 'Definition_Updates', $Update_Div).'

428	setDivNAtext();
429	'.$GLOBALS["GOTMLS"]["tmp"]["onLoad"].'
430	}
431	+ if ('.($defLatest+strlen($isRegistered)).')
432	check_for_updates("Definition_Updates");
433	// else showhide("registerKeyForm", true);
434	if (divNAtext)

474	</ul>
475	</div>
476	</form>
477	+ <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").'
478	'.GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").'
479	'.$optional_box.'
480	</div>';

709	}
710
711	function GOTMLS_Firewall_Options() {
712	+ global $current_user, $wpdb;
713	GOTMLS_update_definitions();
714	GOTMLS_display_header();
715	$GOTMLS_nonce_found = GOTMLS_get_nonce();

735	"icon" => "threat"
736	)
737	);
738	+ $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="';
739	$patch_found = false;
740	$find = '\|<Files[^>]+xmlrpc.php>(.+?)</Files>\s(# END GOTMLS Patch to Block XMLRPC Access\s)*\|is';
741	$head = str_replace(array('\|<Files[^>]+', '(.+?)', '\\s(', '\\s)*\|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);

745	$patch_found = preg_match($find, $htaccess);
746	if ($patch_found) {
747	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
748	+ $patch_action .= '1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" /'."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Block XMLRPC Access (Now Allowing Access';
749	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
750	+ $patch_action .= '-1"'.$gt.$lt.'input type="submit" value="Unblock XMLRPC Access" /'."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.'Block XMLRPC Access (Still Blocking: '.sprintf(__("Failed to remove XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
751	else
752	+ $patch_action .= '-1"'.$gt.$lt.'input type="submit" value="Unblock XMLRPC Access" /'."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.'Block XMLRPC Access (Currently Blocked';
753	} else {
754	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
755	+ $patch_action .= '-1"'.$gt.$lt.'input type="submit" value="Unblock XMLRPC Access" /'."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.'Block XMLRPC Access (Now Blocked';
756	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
757	+ $patch_action .= '1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" /'."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
758	else
759	+ $patch_action .= '1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" /'."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Block XMLRPC Access (Currently Allowing Access';
760	}
761	$patch_action .= ")$lt/b$gt$lt/p$gt".__("Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
762	$patch_status = 0;

802	'.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
803	$admin_notice = "";
804	if ($current_user->user_login == "admin") {
805	+ $admin_notice .= $lt.'hr /'.$gt;
806	+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_admin_username"]) && ($current_user->user_login != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {
807	+ if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => $current_user->user_login)))
808	$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
809	else
810	+ $admin_notice .= $lt.'div class="error"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;
811	} else {

812	if (isset($_POST["GOTMLS_admin_username"]))
813	$admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
814	+ $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1235")).'"'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="'.$current_user->user_login.'"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("Your username is \"admin\", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt;
815	}
816	}
817	+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_wpfirewall_action"])) {
818	+ if ($_POST["GOTMLS_wpfirewall_action"] == "exclude_terms")
819	+ update_option("WP_firewall_exclude_terms", "");
820	+ elseif ($_POST["GOTMLS_wpfirewall_action"] == "whitelisted_ip" && isset($_SERVER["REMOTE_ADDR"])) {
821	+ $ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"));
822	+ if (is_array($ips))
823	+ $ips = array_merge($ips, array($_SERVER["REMOTE_ADDR"]));
824	+ else
825	+ $ips = array($_SERVER["REMOTE_ADDR"]);
826	+ update_option("WP_firewall_whitelisted_ip", serialize($ips));
827	+ }
828	+ }
829	+ if (get_option("WP_firewall_exclude_terms", "Not Found!") == "allow") {
830	+ $end = "$lt/div$gt$lt/form$gt\n{$lt}hr /$gt";
831	+ $img = 'threat.gif"';
832	+ $button = $lt.'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'exclude_terms\';" value="'.__("Disable this Rule",'gotmls').'"'.$gt;
833	+ $wpfirewall_action = $lt.'form method="POST" name="GOTMLS_Form_wpfirewall2"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_wpfirewall_action" id="GOTMLS_wpfirewall_action" value=""'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1223")).'"'.$gt.$button.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$img.$gt.$lt.'b'.$gt."WP Firewall 2 (Conflicting Firewall Rule)$lt/b$gt$lt/p$gt".__("The Conflicting Firewall Rule (WP_firewall_exclude_terms) activated by the WP Firewall 2 plugin has been shown to interfere with the Definition Updates and WP Core File Scans in my Anti-Malware plugin. I recommend that you disable this rule in the WP Firewall 2 plugin.",'gotmls').$end;
834	+ if (isset($_SERVER["REMOTE_ADDR"])) {
835	+ if (is_array($ips = maybe_unserialize(get_option("WP_firewall_whitelisted_ip", "not Array!"))) && in_array($_SERVER["REMOTE_ADDR"], $ips))
836	+ $wpfirewall_action = str_replace(array($img, $end), array('question.gif"', __(" However, your current IP has been Whitelisted so you could probably keep this rule enabled if you really want to.",'gotmls').$end), $wpfirewall_action);
837	+ else
838	+ $wpfirewall_action = str_replace(array($button, $end), array($button.$lt."br /$gt$lt".'input type="submit" onclick="document.getElementById(\'GOTMLS_wpfirewall_action\').value=\'whitelisted_ip\';" value="'.__("Whitelist your IP",'gotmls').'"'.$gt, __(" However, if you would like to keep this rule enabled you should at least Whitelist your IP.",'gotmls').$end), $wpfirewall_action);
839	+ }
840	+ $sec_opts = $wpfirewall_action.$sec_opts;
841	+ }
842	echo GOTMLS_box(__("Firewall Options",'gotmls'), $sec_opts.$admin_notice)."\n</div></div></div>";
843	}
844

1262	add_action('wp_ajax_nopriv_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1263	add_action('wp_ajax_GOTMLS_logintime', 'GOTMLS_ajax_logintime');
1264
1265	+ function GOTMLS_ajax_lognewkey() {
1266	+ @header("Content-type: text/javascript");
1267	+ if (GOTMLS_get_nonce()) {
1268	+ if (isset($_POST["GOTMLS_installation_key"]) && ($_POST["GOTMLS_installation_key"] == GOTMLS_installation_key)) {
1269	+ $keys = maybe_unserialize(get_option('GOTMLS_Installation_Keys', array()));
1270	+ if (is_array($keys)) {
1271	+ $count = count($keys);
1272	+ if (!array_key_exists(GOTMLS_installation_key, $keys))
1273	+ $keys = array_merge($keys, array(GOTMLS_installation_key => GOTMLS_siteurl));
1274	+ } else
1275	+ $keys = array(GOTMLS_installation_key => GOTMLS_siteurl);
1276	+ update_option("GOTMLS_Installation_Keys", serialize($keys));
1277	+ die("\n//$count~".count($keys));
1278	+ } else
1279	+ die("\n//0");
1280	+ } else
1281	+ die(GOTMLS_Invalid_Nonce("\n//Log New Key Error: ")."\n");
1282	+ }
1283	+ add_action('wp_ajax_GOTMLS_lognewkey', 'GOTMLS_ajax_lognewkey');
1284	+ add_action('wp_ajax_nopriv_GOTMLS_lognewkey', 'GOTMLS_ajax_nopriv');
1285	+
1286	function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1287	if ($plugin_file == substr(str_replace("\\", "/", __FILE__), (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1288	$links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'"><span class="dashicons dashicons-admin-settings"></span>'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);

1471	if (is_file($path)) {
1472	echo "<li>Fixing $path ... ";
1473	$li_js .= GOTMLS_scanfile($path);
1474	+ echo "</li>\n$li_js/-->"."/\n$callAlert\n//".$GLOBALS["GOTMLS"]["tmp"]["debug_fix"]."\n</script>\n";
1475	$li_js = "<script type=\"text/javascript\">\n/<!--"."/";
1476	} else
1477	echo "<li>".__("File ".htmlentities($path)." not found!",'gotmls')."</li>";

1610	}
1611	}
1612	window.parent.showhide("GOTMLS_iFrame", true);
1613	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1583")).'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details: '.basename($file).'</b><br />in: '.dirname(realpath($file)).'<br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize(realpath($file)).'bytes)<br />permissions: '.GOTMLS_fileperms(realpath($file)).'<br />Owner/Group: '.fileowner(realpath($file)).'/'.filegroup(realpath($file)).' (you are: '.getmyuid().'/'.getmygid().')<br />modified:'.date(" Y-m-d H:i:s ", filemtime(realpath($file))).'<br />changed:'.date(" Y-m-d H:i:s ", filectime(realpath($file))).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1614	}
1615	}
1616	}

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.15.49
9	- Stable tag: 4.15.49
10	Requires at least: 3.3
11	- Tested up to: 4.4
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	- Updated ~~December~~ ~~11th~~
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
	@@ -93,6 +93,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
93
94	== Changelog ==
95





96	= 4.15.49 =
97	* Moved the Firewall Options to it's own page linked to from the admin menu.
98	* Moved the Quick Scan from the admin menu to the top of the Scan Settings page.
	@@ -381,6 +386,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
381
382	== Upgrade Notice ==
383



384	= 4.15.49 =
385	Moved the Firewall Options to it's own page and moved the Quick Scan to the top of the Scan Settings page.
386


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.16.17
9	+ Stable tag: 4.16.17
10	Requires at least: 3.3
11	+ Tested up to: 4.5.2
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	+ Updated May 10th
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33

93
94	== Changelog ==
95
96	+ = 4.16.17 =
97	+ * Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
98	+ * Added firewall options for better compatibility with WP Firewall 2.
99	+ * Fixed an XSS vulnerability in the debug output of the nonce token.
100	+
101	= 4.15.49 =
102	* Moved the Firewall Options to it's own page linked to from the admin menu.
103	* Moved the Quick Scan from the admin menu to the top of the Scan Settings page.

386
387	== Upgrade Notice ==
388
389	+ = 4.16.17 =
390	+ Removed Menu Item Placement Options that were deprecated in WP 4.5, Added firewall options for better compatibility with WP Firewall 2, and fixed an XSS vulnerability in the debug output of the nonce token.
391	+
392	= 4.15.49 =
393	Moved the Firewall Options to it's own page and moved the Quick Scan to the top of the Scan Settings page.
394

Anti-Malware Security and Brute-Force Firewall - Version 4.16.17

Version Description

Release Info

Code changes from version 4.15.49 to 4.16.17