Anti-Malware Security and Brute-Force Firewall

Version Description

Added more firewall options.
Moved Scan Log from the Quarantine page to the main Setings page.
Fixed PHP Warning about an invalid argument in foreach and some other bugs too.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.16.38
Comparing to
See all releases

Code changes from version 4.16.26 to 4.16.38

Files changed (3) hide show

images/index.php +87 -55
index.php +46 -32
readme.txt +12 -4

images/index.php CHANGED Viewed

	@@ -24,16 +24,45 @@ function __($text, $domain) {
24	return $text;
25	}}
26

27	$GLOBALS["GOTMLS"] = array(
28	"tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
29	"skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
30	"mt" => ((isset($_REQUEST["mt"])&&is_numeric($_REQUEST["mt"]))?$_REQUEST["mt"]:microtime(true)),
31	"threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
32	"threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
33	- "default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "~~fla~~", "~~flv~~", "~~mov~~", "~~mp3~~", "~~exe~~", "~~zip~~", "pdf", "css", "pot", "po", "mo", "so", "~~doc~~", "~~docx~~", "~~svg~~", "~~ttf~~"),
34	"execution_time" => 60,
35	- "default" => array("msg_position" => array('80px', '40px', '400px', '600px'))~~));~~
36	- ~~GOTMLS_define(~~"~~GOTMLS_script_URI~~", ~~preg_replace('/\&(last_)?mt=[0-9\.]+/',~~ ~~'', str_replace~~(~~'&', '&', htmlspecialchars($_SERVER[~~"~~REQUEST_URI~~"], ~~ENT_QUOTES))).'&mt='.$GLOBALS[~~"~~GOTMLS~~"~~]["tmp"]["mt"]~~);




























37
38	if (!function_exists("GOTMLS_encode")) {
39	function GOTMLS_encode($unencoded_string) {
	@@ -43,7 +72,7 @@ function GOTMLS_encode($unencoded_string) {
43	$encoded_string = mb_convert_encoding($unencoded_string, "BASE64", "UTF-8");
44	else
45	$encoded_string = "Cannot encode: $unencoded_string function_exists: ";
46	- $encoded_array = explode("=", $encoded_string.'=');
47	return strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
48	}}
49
	@@ -94,25 +123,10 @@ GOTMLS_define("GOTMLS_Scan_Settings_LANGUAGE", __("Scan Settings",'gotmls'));
94	GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
95	GOTMLS_define("GOTMLS_Automatically_Fix_LANGUAGE", __("Automatically Fix SELECTED Files Now",'gotmls'));
96
97	- if (isset($_SERVER['HTTP_HOST']))
98	- $SERVER_HTTP = 'HOST://'.$_SERVER['HTTP_HOST'];
99	- elseif (isset($_SERVER['SERVER_NAME']))
100	- $SERVER_HTTP = 'NAME://'.$_SERVER['SERVER_NAME'];
101	- elseif (isset($_SERVER['SERVER_ADDR']))
102	- $SERVER_HTTP = 'ADDR://'.$_SERVER['SERVER_ADDR'];
103	- else
104	- $SERVER_HTTP = 'NULL://not.anything.com';
105	- if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"])
106	- $SERVER_HTTP .= ":".$_SERVER["SERVER_PORT"];
107	- $SERVER_parts = explode(":", $SERVER_HTTP);
108	- if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" \|\| $_SERVER["HTTPS"] == 1)) \|\| (count($SERVER_parts) > 2 && $SERVER_parts[2] == '443'))
109	- $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
110	- else
111	- $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
112	if (function_exists("get_option")) {
113	$GLOBALS["GOTMLS"]["tmp"]["nonce"] = get_option('GOTMLS_nonce_array', array());
114	$GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
115	- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = get_option('GOTMLS_definitions_array', ~~array(~~));
116	GOTMLS_define("GOTMLS_siteurl", get_option("siteurl"));
117	$GLOBALS["GOTMLS"]["log"] = get_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS"]["tmp"]["mt"], array());
118	if (!(isset($GLOBALS["GOTMLS"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"])))
	@@ -121,8 +135,9 @@ if (function_exists("get_option")) {
121	GOTMLS_define("GOTMLS_siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' \|\| $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/");
122	$GLOBALS["GOTMLS"]["log"] = array();
123	$GLOBALS["GOTMLS"]["tmp"]["settings_array"] = array();
124	- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array();
125	}


126
127	if (!function_exists("GOTMLS_Invalid_Nonce")) {
128	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
	@@ -131,12 +146,13 @@ function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
131
132	if (!function_exists("GOTMLS_set_nonce")) {
133	function GOTMLS_set_nonce($context = "NULL") {
134	- $~~transient_name~~ = ~~md5~~(~~GOTMLS_installation_key.GOTMLS_plugin_path.$~~GLOBALS["GOTMLS"]["tmp"]["mt"]);

135	foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $nonce_value)
136	- if ($nonce_value < ($~~GLOBALS["GOTMLS"]["tmp"]["mt"] - (60 * 60 * 24~~)))
137	unset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$nonce_value]);
138	if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
139	- $GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $~~GLOBALS["GOTMLS"]["tmp"]["mt"]~~;
140	if (!update_option('GOTMLS_nonce_array', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
141	return ("$context=DB-err:".preg_replace('/[\r\n]+/', " ", htmlspecialchars(print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
142	}
	@@ -151,7 +167,6 @@ function GOTMLS_get_nonce() {
151	return false;
152	}}
153
154	- GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
155	if (function_exists("plugins_url"))
156	GOTMLS_define("GOTMLS_images_path", plugins_url('/', __FILE__));
157	elseif (function_exists("plugin_dir_url"))
	@@ -168,9 +183,36 @@ $GOTMLS_chmod_dir = (0755);
168	$GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X", "question"=>"?", "threat"=>"!");
169	$GOTMLS_dir_at_depth = array();
170	$GOTMLS_dirs_at_depth = array();
171	-
172	- if (isset($~~_REQEUST['img']~~) && ~~substr~~(~~strtolower(~~$~~_SERVER["SCRIPT_FILENAME"]~~)~~, -15~~) ~~== "/admin-ajax.php" && !in_array(GOTMLS_get_ext($_REQEUST['img']), $GLOBALS["GOTMLS"]["tmp"]["skip_ext"]))~~
173	- ~~include~~(~~dirname(__FILE__~~)~~."/../safe-load/index.php");~~



























174	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
175	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
176	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
	@@ -181,7 +223,7 @@ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]) && is_ar
181	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = $GLOBALS["GOTMLS"]["tmp"]["skip_ext"];
182	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
183	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
184	- if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['exclude_dir']) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]['exclude_dir'])))
185	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
186	$GOTMLS_total_percent = 0;
187	function GOTMLS_admin_notices() {
	@@ -219,7 +261,7 @@ function GOTMLS_update_scan_log($scan_log) {
219	if (isset($GLOBALS["GOTMLS"]["log"]["scan"]["percent"]) && is_numeric($GLOBALS["GOTMLS"]["log"]["scan"]["percent"]) && ($GLOBALS["GOTMLS"]["log"]["scan"]["percent"] >= 100))
220	$GLOBALS["GOTMLS"]["log"]["scan"]["finish"] = time();
221	if (isset($GLOBALS["GOTMLS"]["log"]["scan"]))
222	- update_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS"]["tmp"]["mt"], $GLOBALS["GOTMLS"]["log"]);
223	}
224	}
225
	@@ -379,11 +421,13 @@ function GOTMLS_scanfile($file) {
379	$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
380	else
381	$whitelist = array();
382	- ~~foreach~~ ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $~~whitelist_file=>$non_threats~~) {
383	- if (~~is_array(~~$~~non_threats)~~ && ~~count(~~$non_threats) ~~> 1)~~ {
384	- if (~~isset~~($non_threats~~[0]~~))
385	- ~~unset~~($non_threats[0]);
386	- ~~$whitelist = array_merge~~($~~whitelist, $~~non_threats);


387	}
388	}
389	if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.$filesize]))
	@@ -397,13 +441,15 @@ function GOTMLS_scanfile($file) {
397	$_SESSION["GOTMLS_debug"]["file"] = $file;
398	$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
399	}
400	- ~~foreach~~ ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $~~threat_level~~) {
401	- if (~~isset(~~$~~_SESSION~~["~~GOTMLS_debug~~"])) {
402	- $_SESSION["GOTMLS_debug"]~~["threat_level"]~~ ~~= $threat_level;~~
403	- $_SESSION["GOTMLS_debug"]["~~last"]["~~threat_level"] = ~~microtime(true)~~;




404	}
405	- if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" \|\| (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) \|\| (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
406	- $className = $threat_level;
407	}
408	if (isset($_SESSION["GOTMLS_debug"])) {
409	$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);
	@@ -848,20 +894,6 @@ function GOTMLS_reset_settings($item, $key) {
848	unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
849	}
850
851	- $GLOBALS["GOTMLS"]["tmp"]["default_ext"] .= "com";
852	- GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gotmls.net/');
853	- GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key.'/');
854	- GOTMLS_define("GOTMLS_blog_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"].'//wordpress.'.$GLOBALS["GOTMLS"]["tmp"]["default_ext"]);
855	- $GLOBALS["GOTMLS"]["tmp"]["Definition"]["Default"] = "CCIGG";
856	- if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]) && count($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])))
857	- $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = array("potential"=>array(
858	- "eval"=>array("CCIGG", "/[^a-z_\\/'\"]eval\$.+\$+\\s*;/i"),
859	- "preg_replace /e"=>array("CCIGG", "/preg_replace[\\s\$]+(['\"])([\\!\\/\\#\\\|\\@\\%\\^\\\\~]).+?\\2[imsx]e[imsx]\\1\\s*,[^,]+,[^\$]+[\\);\\s]+(\\?>\|\$)/i"),
860	- "auth_pass"=>array("CCIGG", "/\\\$auth_pass\\s*=.+;/i"),
861	- "function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
862	- "Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
863	- "protected by copyright"=>array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")));
864	-
865	function GOTMLS_file_put_contents($file, $content) {
866	global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
867	if ((is_dir(dirname($file)) \|\| @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))


24	return $text;
25	}}
26
27	+ $bad = array("eval", "preg_replace", "auth_pass");
28	$GLOBALS["GOTMLS"] = array(
29	"tmp"=>array("HeadersError"=>"", "onLoad"=>"", "file_contents"=>"", "new_contents"=>"", "threats_found"=>array(),
30	"skip_dirs" => array(".", ".."), "scanfiles" => array(), "nonce"=>array(),
31	"mt" => ((isset($_REQUEST["mt"])&&is_numeric($_REQUEST["mt"]))?$_REQUEST["mt"]:microtime(true)),
32	"threat_files" => array("htaccess"=>".htaccess","timthumb"=>"thumb.php"),
33	"threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
34	+ "default_ext"=>"ieonly", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "svg", "ico", "doc", "docx", "ttf", "fla", "flv", "mov", "mp3", "pdf", "css", "pot", "po", "mo", "so", "exe", "zip", "7z", "gz", "rar"),
35	"execution_time" => 60,
36	+ "default" => array("msg_position" => array("80px", "40px", "400px", "600px")),
37	+ "Definition" => array("default" => "CCIGG"),
38	+ "definitions_array" => array(
39	+ "potential"=>array(
40	+ $bad[0]=>array("CCIGG", "/[^a-z_\\/'\"]".$bad[0]."\$.+\$+\\s*;/i"),
41	+ $bad[1]." /e"=>array("CCIGG", "/".$bad[1]."[\\s\$]+(['\"])([\\!\\/\\#\\\|\\@\\%\\^\\\\~]).+?\\2[imsx]e[imsx]\\1\\s*,[^,]+,[^\$]+[\\);\\s]+(\\?>\|\$)/i"),
42	+ $bad[2]=>array("CCIGG", "/\\\$".$bad[2]."\\s*=.+;/i"),
43	+ "function add_action wp_enqueue_script json2"=>array("CCIGG", "/json2\\.min\\.js/i"),
44	+ "Tagged Code"=>array("CCIGG", "/\\#(\\w+)\\#.+?\\#\\/\\1\\#/is"),
45	+ "protected by copyright"=>array("CCIGG", "/\\/\\* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. \\*\\//i")),
46	+ )
47	+ )
48	+ );
49	+ if (isset($_SERVER["HTTP_HOST"]))
50	+ $SERVER_HTTP = 'HOST://'.$_SERVER["HTTP_HOST"];
51	+ elseif (isset($_SERVER["SERVER_NAME"]))
52	+ $SERVER_HTTP = 'NAME://'.$_SERVER["SERVER_NAME"];
53	+ elseif (isset($_SERVER["SERVER_ADDR"]))
54	+ $SERVER_HTTP = 'ADDR://'.$_SERVER["SERVER_ADDR"];
55	+ else
56	+ $SERVER_HTTP = "NULL://not.anything.com";
57	+ if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"])
58	+ $SERVER_HTTP .= ":".$_SERVER["SERVER_PORT"];
59	+ $SERVER_parts = explode(":", $SERVER_HTTP);
60	+ if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" \|\| $_SERVER["HTTPS"] == 1)) \|\| (count($SERVER_parts) > 2 && $SERVER_parts[2] == "443"))
61	+ $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
62	+ else
63	+ $GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
64	+ GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/i', '', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
65	+ GOTMLS_define("GOTMLS_plugin_home", $GLOBALS["GOTMLS"]["tmp"]["protocol"]."//gotmls.net/");
66
67	if (!function_exists("GOTMLS_encode")) {
68	function GOTMLS_encode($unencoded_string) {

72	$encoded_string = mb_convert_encoding($unencoded_string, "BASE64", "UTF-8");
73	else
74	$encoded_string = "Cannot encode: $unencoded_string function_exists: ";
75	+ $encoded_array = explode("=", $encoded_string."=");
76	return strtr($encoded_array[0], "+/0", "-_=").(count($encoded_array)-1);
77	}}
78

123	GOTMLS_define("GOTMLS_Loading_LANGUAGE", __("Loading, Please Wait ...",'gotmls'));
124	GOTMLS_define("GOTMLS_Automatically_Fix_LANGUAGE", __("Automatically Fix SELECTED Files Now",'gotmls'));
125















126	if (function_exists("get_option")) {
127	$GLOBALS["GOTMLS"]["tmp"]["nonce"] = get_option('GOTMLS_nonce_array', array());
128	$GLOBALS["GOTMLS"]["tmp"]["settings_array"] = get_option('GOTMLS_settings_array', array());
129	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = get_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
130	GOTMLS_define("GOTMLS_siteurl", get_option("siteurl"));
131	$GLOBALS["GOTMLS"]["log"] = get_option('GOTMLS_scan_log/'.(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0").'/'.$GLOBALS["GOTMLS"]["tmp"]["mt"], array());
132	if (!(isset($GLOBALS["GOTMLS"]["log"]["settings"]) && is_array($GLOBALS["GOTMLS"]["log"]["settings"])))

135	GOTMLS_define("GOTMLS_siteurl", $GLOBALS["GOTMLS"]["tmp"]["protocol"].$SERVER_parts[1].((count($SERVER_parts) > 2 && ($SERVER_parts[2] == '80' \|\| $SERVER_parts[2] == '443'))?"":":".$SERVER_parts[2])."/");
136	$GLOBALS["GOTMLS"]["log"] = array();
137	$GLOBALS["GOTMLS"]["tmp"]["settings_array"] = array();

138	}
139	+ GOTMLS_define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
140	+ GOTMLS_define("GOTMLS_update_home", "http://updates.gotmls.net/".GOTMLS_installation_key."/");
141
142	if (!function_exists("GOTMLS_Invalid_Nonce")) {
143	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {

146
147	if (!function_exists("GOTMLS_set_nonce")) {
148	function GOTMLS_set_nonce($context = "NULL") {
149	+ $hour = round(($GLOBALS["GOTMLS"]["tmp"]["mt"]/60)/60);
150	+ $transient_name = md5(GOTMLS_installation_key.GOTMLS_plugin_path.$hour);
151	foreach ($GLOBALS["GOTMLS"]["tmp"]["nonce"] as $nonce_key => $nonce_value)
152	+ if (($nonce_value + 24) < $hour)
153	unset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$nonce_value]);
154	if (!isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name])) {
155	+ $GLOBALS["GOTMLS"]["tmp"]["nonce"][$transient_name] = $hour;
156	if (!update_option('GOTMLS_nonce_array', $GLOBALS["GOTMLS"]["tmp"]["nonce"]))
157	return ("$context=DB-err:".preg_replace('/[\r\n]+/', " ", htmlspecialchars(print_r($GLOBALS["GOTMLS"]["tmp"]["nonce"],1).$wpdb->last_error)));
158	}

167	return false;
168	}}
169

170	if (function_exists("plugins_url"))
171	GOTMLS_define("GOTMLS_images_path", plugins_url('/', __FILE__));
172	elseif (function_exists("plugin_dir_url"))

183	$GOTMLS_image_alt = array("wait"=>"...", "checked"=>"✔", "blocked"=>"X", "question"=>"?", "threat"=>"!");
184	$GOTMLS_dir_at_depth = array();
185	$GOTMLS_dirs_at_depth = array();
186	+ $GLOBAL_STRING = array("REQUEST" => "&","SERVER" => "&","FILES" => "&");
187	+ if (isset($_REQUEST) && is_array($_REQUEST))
188	+ foreach ($_REQUEST as $req => $val)
189	+ $GLOBAL_STRING["REQUEST"] .= "$req=$val&";
190	+ if (isset($_SERVER) && is_array($_SERVER))
191	+ foreach ($_SERVER as $req => $val)
192	+ $GLOBAL_STRING["SERVER"] .= "$req=$val&";
193	+ if (isset($_FILES) && is_array($_FILES))
194	+ foreach ($_FILES as $req => $fila)
195	+ foreach (array("tmp_name","name") as $val)
196	+ if (isset($fila["$val"]))
197	+ $GLOBAL_STRING["FILES"] .= "$req.$val=".$fila["$val"]."&";
198	+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
199	+ $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
200	+ "RevSlider"=>array("CCIGG", __("Revolution Slider Exploit Protection",'gotmls'), __("This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.",'gotmls'), array('/\/admin-ajax\.php/i' => "SERVER", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i' => "REQUEST")),
201	+ "Traversal"=>array("CCIGG", __("Directory Traversal Protection",'gotmls'), __("This protection is automatically activated because this type of attack is quite common. This protection can prevent hackers from accessing secure files in parent directories (or user's folders outside the site_root).",'gotmls'), array('/=[\s\/]*\.\.\//' => "REQUEST")),
202	+ "UploadPHP"=>array("CCIGG", __("Upload PHP File Protection",'gotmls'), __("This protection is automatically activated because this type of attack is extremely dangerous. This protection can prevent hackers from uploading malicious code via web scripts.",'gotmls'), array('/name=[^\&]*\.php\&/' => "FILES"))
203	+ );
204	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) {
205	+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"])) {
206	+ $GLOBALS["GOTMLS"]["detected_attacks"] = "&attack[]=FW_$TP";
207	+ if (is_array($VA) && count($VA) > 3 && is_array($VA[3]))
208	+ foreach ($VA[3] as $reg => $arr)
209	+ if (!preg_match($reg, $GLOBAL_STRING[$arr]))
210	+ $GLOBALS["GOTMLS"]["detected_attacks"] = "";
211	+ if ($GLOBALS["GOTMLS"]["detected_attacks"])
212	+ include(dirname(__FILE__)."/../safe-load/index.php");
213	+ }
214	+ }
215	+ $GLOBALS["GOTMLS"]["detected_attacks"] = "";
216	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) && count($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"]) == 4))
217	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["msg_position"] = $GLOBALS["GOTMLS"]["tmp"]["default"]["msg_position"];
218	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))

223	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"] = $GLOBALS["GOTMLS"]["tmp"]["skip_ext"];
224	if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]))
225	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"] = "";
226	+ if (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"])))
227	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"] = array();
228	$GOTMLS_total_percent = 0;
229	function GOTMLS_admin_notices() {

261	if (isset($GLOBALS["GOTMLS"]["log"]["scan"]["percent"]) && is_numeric($GLOBALS["GOTMLS"]["log"]["scan"]["percent"]) && ($GLOBALS["GOTMLS"]["log"]["scan"]["percent"] >= 100))
262	$GLOBALS["GOTMLS"]["log"]["scan"]["finish"] = time();
263	if (isset($GLOBALS["GOTMLS"]["log"]["scan"]))
264	+ update_option("GOTMLS_scan_log/".(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"0.0.0.0")."/".$GLOBALS["GOTMLS"]["tmp"]["mt"], $GLOBALS["GOTMLS"]["log"]);
265	}
266	}
267

421	$whitelist = array_flip($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]);
422	else
423	$whitelist = array();
424	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"])) {
425	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["whitelist"] as $whitelist_file=>$non_threats) {
426	+ if (is_array($non_threats) && count($non_threats) > 1) {
427	+ if (isset($non_threats[0]))
428	+ unset($non_threats[0]);
429	+ $whitelist = array_merge($whitelist, $non_threats);
430	+ }
431	}
432	}
433	if (isset($whitelist[md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.$filesize]))

441	$_SESSION["GOTMLS_debug"]["file"] = $file;
442	$_SESSION["GOTMLS_debug"]["last"]["total"] = microtime(true);
443	}
444	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["threat_levels"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threat_levels"])) {
445	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level) {
446	+ if (isset($_SESSION["GOTMLS_debug"])) {
447	+ $_SESSION["GOTMLS_debug"]["threat_level"] = $threat_level;
448	+ $_SESSION["GOTMLS_debug"]["last"]["threat_level"] = microtime(true);
449	+ }
450	+ if (in_array($threat_level, $GLOBALS["GOTMLS"]["log"]["settings"]["check"]) && !$found && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level]) && ($threat_level != "wp_core" \|\| (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]["$wp_version"]["$path"]))) && (!array_key_exists($threat_level, $GLOBALS["GOTMLS"]["tmp"]["threat_files"]) \|\| (substr($file."e", (-1 * strlen($GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e"))) == $GLOBALS["GOTMLS"]["tmp"]["threat_files"][$threat_level]."e")) && ($found = GOTMLS_check_threat($GLOBALS["GOTMLS"]["tmp"]["definitions_array"][$threat_level],$file)))
451	+ $className = $threat_level;
452	}


453	}
454	if (isset($_SESSION["GOTMLS_debug"])) {
455	$file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["total"], 5);

894	unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"][$key]);
895	}
896














897	function GOTMLS_file_put_contents($file, $content) {
898	global $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
899	if ((is_dir(dirname($file)) \|\| @mkdir(dirname($file), $GOTMLS_chmod_dir, true)) && !is_writable(dirname($file)) && ($GOTMLS_chmod_dir = @fileperms(dirname($file))))

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.16.26
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -105,7 +105,7 @@ function GOTMLS_display_header($optional_box = "") {
105	echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
106	else
107	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
108	- $Update_Definitions = GOTMLS_plugin_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&js='.GOTMLS_Version.'&p=GOTMLS&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
109	$Update_Link = '<div style="text-align: center;"><a href="';
110	$new_version = "";
111	$file = basename(GOTMLS_plugin_path).'/index.php';
	@@ -468,15 +468,14 @@ setDiv("div_file");
468	<li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls">Plugin Reviews</a></li>
469	</ul></li>
470	<li><img src="//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=16" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
471	- <li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="'.~~GOTMLS_blog_home~~.'/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
472	<li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
473	<li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
474	</ul>
475	</div>
476	</form>
477	- <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").'
478	- '.~~GOTMLS_box(__("Last Scan Status",~~'~~gotmls'), GOTMLS_scan_log(), "stuffbox").'~~
479	- '.$optional_box.'
480	</div>';
481	if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) {
482	echo '
	@@ -702,10 +701,8 @@ function GOTMLS_View_Quarantine() {
702	if (!isset($_GET['Whitelists']))
703	$echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
704	$echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine());
705	- if (isset($_GET['Scanlog']))
706	- $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
707	GOTMLS_display_header();
708	- echo $echo.~~GOTMLS_box(__(~~"~~Scan Logs",'gotmls'), GOTMLS_get_scanlog())."~~\n</div></div></div>";
709	}
710
711	function GOTMLS_Firewall_Options() {
	@@ -715,6 +712,7 @@ function GOTMLS_Firewall_Options() {
715	$GOTMLS_nonce_found = GOTMLS_get_nonce();
716	$gt = ">";
717	$lt = "<";

718	$patch_attr = array(
719	array(
720	"icon" => "blocked",
	@@ -735,7 +733,7 @@ function GOTMLS_Firewall_Options() {
735	"icon" => "threat"
736	)
737	);
738	- $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="~~float~~: ~~right~~;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="';
739	$patch_found = false;
740	$find = '\|<Files[^>]+xmlrpc.php>(.+?)</Files>\s(# END GOTMLS Patch to Block XMLRPC Access\s)*\|is';
741	$head = str_replace(array('\|<Files[^>]+', '(.+?)', '\\s(', '\\s)*\|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);
	@@ -745,20 +743,20 @@ function GOTMLS_Firewall_Options() {
745	$patch_found = preg_match($find, $htaccess);
746	if ($patch_found) {
747	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
748	- $patch_action .= '1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" /'~~."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'~~.$gt.$lt.'p'.$gt.$lt.'~~b'.$gt.$lt.'~~img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Block XMLRPC Access (Now Allowing Access';
749	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
750	- $patch_action .= '-1"'.$gt.$lt.'input type="submit" value="Unblock XMLRPC Access" /'~~."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'~~.$gt.$lt.'p'.$gt.$lt.'~~b'.$gt.$lt.'~~img src="'.GOTMLS_images_path.'threat.gif"'.$gt.'Block XMLRPC Access (Still Blocking: '.sprintf(__("Failed to remove XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
751	else
752	- $patch_action .= '-1"'.$gt.$lt.'input type="submit" value="Unblock XMLRPC Access" /'~~."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'~~.$gt.$lt.'p'.$gt.$lt.'~~b'.$gt.$lt.'~~img src="'.GOTMLS_images_path.'checked.gif"'.$gt.'Block XMLRPC Access (Currently Blocked';
753	} else {
754	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
755	- $patch_action .= '-1"'.$gt.$lt.'input type="submit" value="Unblock XMLRPC Access" /'~~."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'~~.$gt.$lt.'p'.$gt.$lt.'~~b'.$gt.$lt.'~~img src="'.GOTMLS_images_path.'checked.gif"'.$gt.'Block XMLRPC Access (Now Blocked';
756	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
757	- $patch_action .= '1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" /'~~."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'~~.$gt.$lt.'p'.$gt.$lt.'~~b'.$gt.$lt.'~~img src="'.GOTMLS_images_path.'threat.gif"'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
758	else
759	- $patch_action .= '1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" /'~~."$gt$lt/div$gt$lt".'div style="padding: 0 30px;"'~~.$gt.$lt.'p'.$gt.$lt.'~~b'.$gt.$lt.'~~img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Block XMLRPC Access (Currently Allowing Access';
760	}
761	- $patch_action .= ")$lt/b$gt$lt/p$gt".__("Most WordPress ~~site~~ do not use the XMLRPC features and hack ~~attempt~~ on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
762	$patch_status = 0;
763	$patch_found = -1;
764	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
	@@ -797,9 +795,19 @@ function GOTMLS_Firewall_Options() {
797	else
798	$patch_status = 2;
799	}
800	- $~~sec_opts~~ = $~~lt.'div style=~~"~~padding:~~ 0 ~~30px;~~"~~'.$gt.$lt.'p'.$gt.$lt.'img src=~~"~~'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution~~ ~~Slider~~ ~~Exploit Protection~~ (~~Automatically Enabled~~)~~'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("This~~ ~~protection~~ is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed."~~,'gotmls'~~)~~.$lt.'/div'.$gt.$lt.'hr~~ ~~/'.$gt.'~~
801	- ~~'.$patch_action.'~~
802	- ~~'.$lt.'form~~ ~~method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="'.str_replace~~(~~'=', '" value="', GOTMLS_set_nonce~~(~~__FUNCTION__.~~"~~1223~~")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",~~'gotmls').'~~ '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$~~patch_status]~~["~~icon~~"]~~.'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr~~[~~$patch_status][~~"~~status~~"]~~.$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr~~[~~$patch_status][~~"~~language~~"]~~.__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls'~~)~~.' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls'~~)."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";










803	$admin_notice = "";
804	if ($current_user->user_login == "admin") {
805	$admin_notice .= $lt.'hr /'.$gt;
	@@ -839,7 +847,7 @@ function GOTMLS_Firewall_Options() {
839	}
840	$sec_opts = $wpfirewall_action.$sec_opts;
841	}
842	- echo GOTMLS_box(__("Firewall Options",'gotmls'), $sec_opts.$admin_notice)."\n</div></div></div>";
843	}
844
845	function GOTMLS_update_definitions() {
	@@ -850,41 +858,44 @@ function GOTMLS_update_definitions() {
850	if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
851	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
852	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
853	- if (isset($~~_POST~~["UPDATE_definitions_array"]) && strlen($~~_POST~~["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
854	- if (strlen($~~_POST~~["UPDATE_definitions_array"]) > 1) {
855	- $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($~~_POST~~["UPDATE_definitions_array"]));
856	if (is_array($GOTnew_definitions))
857	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
858	} elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
859	if (!(isset($_REQUEST["check"]) && is_array($_REQUEST["check"])))
860	$_REQUEST["check"] = array();
861	foreach ($GOTnew_definitions as $threat_level=>$definition_names)
862	- if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$threat_level"]) && !(is_array($GLOBALS["GOTMLS"]["tmp"]["~~settings~~"]["check"]) && in_array("$threat_level", $GLOBALS["GOTMLS"]["tmp"]["~~settings~~"]["check"])) && !in_array("$threat_level", $_REQUEST["check"]))
863	$_REQUEST["check"][] = "$threat_level";
864	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
865	$GOTnew_definitions = array();
866	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
867	} else
868	$GOTnew_definitions = "";
869	- } ~~//elseif (file_exists(GOTMLS_plugin_path.'definitions_update.txt')) $GOTnew_definitions = maybe_unserialize(GOTMLS_decode(file_get_contents(GOTMLS_plugin_path.'definitions_update.txt')));~~
870	if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
871	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
872	if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
873	@unlink(GOTMLS_plugin_path.'definitions_update.txt');
874	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
875	unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
876	- update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
877	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
878	foreach ($definition_names as $definition_name=>$definition_version)
879	if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
880	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
881	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];


882	}
883	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
884	asort($GOTMLS_definitions_versions);
885	foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
886	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
887	}

888
889	function GOTMLS_settings() {
890	global $current_user, $wpdb, $wp_version, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
	@@ -999,7 +1010,7 @@ function GOTMLS_settings() {
999	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
1000	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
1001	if (isset($_GET["eli"])) {//still testing this option
1002	- $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n~~$lt~~"~~.'div style="padding: 10px~~;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom Code to be Checked:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. If you enter anything in this box then no other files will be scanned on your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'textarea name="check_code" style="width: 100%;" rows=3'.$gt.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_code"])."$lt/textarea$gt$lt/div$gt\n";
1003	}
1004	$QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
1005	foreach (array("Plugins", "Themes") as $ScanFolder)
	@@ -1124,18 +1135,20 @@ function showOnly(what) {
1124	}
1125	var startTime = 0;
1126	'.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts);

1127	if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") {
1128	if ($GOTMLS_nonce_found) {
1129	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1130	- echo ~~"\n{~~$~~lt}div onclick=\"this.style.display='none';\" style='position: relative~~; ~~top: -50px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";~~
1131	} else
1132	echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");

1133	} elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1134	if ($GOTMLS_nonce_found) {
1135	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1136	$GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1137	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1138	- echo ~~"\n{~~$~~lt}div onclick=\"this.style.display='none';\" style='position: relative~~; ~~top: -50px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";~~
1139	if (!isset($_REQUEST["scan_type"]))
1140	$_REQUEST["scan_type"] = "Complete Scan";
1141	echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1030")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
	@@ -1148,7 +1161,7 @@ var startTime = 0;
1148	echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
1149	}
1150	}
1151	- echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");'.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1152	$scan_groups_UL = "";
1153	foreach ($scan_groups as $scan_name => $scan_group)
1154	$scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;
	@@ -1246,7 +1259,8 @@ var startTime = 0;
1246	echo "/--{$gt}"."/\n$lt/script$gt";
1247	} else
1248	echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1249	- }

1250	echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1251	}
1252


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.16.38
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

105	echo '<div id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.__("Tested your site. It appears we didn't break anything",'gotmls').' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu, .error, .updated, .update-nag {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody, html.wp-toolbar {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;}';
106	else
107	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
108	+ $Update_Definitions = GOTMLS_plugin_home.'definitions.js'.$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"].'&js='.GOTMLS_Version.'&p=GOTMLS&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl).'&'.GOTMLS_set_nonce(__FUNCTION__."108");
109	$Update_Link = '<div style="text-align: center;"><a href="';
110	$new_version = "";
111	$file = basename(GOTMLS_plugin_path).'/index.php';

468	<li><a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls">Plugin Reviews</a></li>
469	</ul></li>
470	<li><img src="//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=16" border="0" alt="Plugin site:"><b><a target="_blank" href="'.GOTMLS_plugin_home.'">GOTMLS.NET</a></b></li>
471	+ <li><img src="//gravatar.com/avatar/8151cac22b3fc543d099241fd573d176?s=16" border="0" alt="Developer site:"><b><a target="_blank" href="http://wordpress.ieonly.com/category/my-plugins/anti-malware/">Eli\'s Blog</a></b></li>
472	<li><img src="https://ssl.gstatic.com/ui/v1/icons/mail/favicon.ico" border="0" alt="mail:"><b><a target="_blank" href="mailto:eli@gotmls.net">Email Eli</a></b></li>
473	<li><iframe allowtransparency="true" frameborder="0" scrolling="no" src="https://platform.twitter.com/widgets/follow_button.html?screen_name=GOTMLS&show_count=false" style="width:125px; height:20px;"></iframe></li>
474	</ul>
475	</div>
476	</form>
477	+ <a target="_blank" href="https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url='.urlencode(GOTMLS_siteurl).'">Google Safe Browsing Diagnostic</a>', "stuffbox").//GOTMLS_box(__("Last Scan Status",'gotmls'), GOTMLS_scan_log(), "stuffbox").
478	+ $optional_box.'

479	</div>';
480	if (isset($GLOBALS["GOTMLS"]["tmp"]["stuffbox"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["stuffbox"])) {
481	echo '

701	if (!isset($_GET['Whitelists']))
702	$echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
703	$echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine());


704	GOTMLS_display_header();
705	+ echo $echo."\n</div></div></div>";
706	}
707
708	function GOTMLS_Firewall_Options() {

712	$GOTMLS_nonce_found = GOTMLS_get_nonce();
713	$gt = ">";
714	$lt = "<";
715	+ $save_action = "";
716	$patch_attr = array(
717	array(
718	"icon" => "blocked",

733	"icon" => "threat"
734	)
735	);
736	+ $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."1159")).'"'.$gt.$lt.'script'.$gt."\nfunction setFirewall(opt, val) {\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_opt'))\n\t\tautoUpdateDownloadGIF.value = opt;\n\tif (autoUpdateDownloadGIF = document.getElementById('fw_val'))\n\t\tautoUpdateDownloadGIF.value = val;\n}\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="';
737	$patch_found = false;
738	$find = '\|<Files[^>]+xmlrpc.php>(.+?)</Files>\s(# END GOTMLS Patch to Block XMLRPC Access\s)*\|is';
739	$head = str_replace(array('\|<Files[^>]+', '(.+?)', '\\s(', '\\s)*\|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);

743	$patch_found = preg_match($find, $htaccess);
744	if ($patch_found) {
745	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
746	+ $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Allowing Access';
747	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
748	+ $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Blocking: '.sprintf(__("Failed to remove XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
749	else
750	+ $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Blocked';
751	} else {
752	if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
753	+ $patch_action .= '-1"'.$gt.$lt.'input style="float: right;" type="submit" value="Unblock XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Now Blocked';
754	elseif ($GOTMLS_nonce_found && isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
755	+ $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Still Allowing Access: '.sprintf(__("Failed to install XMLRPC Protection [.htaccess %s]",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write?':'only!'):"unreadable!").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
756	else
757	+ $patch_action .= '1"'.$gt.$lt.'input style="float: right;" type="submit" value="Block XMLRPC Access" /'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.$lt.'b'.$gt.'Block XMLRPC Access (Currently Allowing Access';
758	}
759	+ $patch_action .= ")$lt/b$gt$lt/p$gt".__("Most WordPress sites do not use the XMLRPC features and hack attempts on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit, these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
760	$patch_status = 0;
761	$patch_found = -1;
762	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";

795	else
796	$patch_status = 2;
797	}
798	+ if ($GOTMLS_nonce_found && isset($_POST["GOTMLS_firewall_option"]) && strlen($_POST["GOTMLS_firewall_option"]) && isset($_POST["GOTMLS_firewall_value"]) && strlen($_POST["GOTMLS_firewall_value"])) {
799	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"][$_POST["GOTMLS_firewall_option"]] = $_POST["GOTMLS_firewall_value"];
800	+ if (update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]))
801	+ $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";
802	+ else
803	+ $save_action = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -40px; margin: 0 300px 0 130px;' class='updated'$gt\nSave Failed!$lt/div$gt\n";
804	+ }
805	+ $sec_opts = $lt.'form method="POST" name="GOTMLS_Form_firewall"'.$gt.$lt.'input type="hidden" id="fw_opt" name="GOTMLS_firewall_option" value="traversal"'.$gt.$lt.'input type="hidden" name="GOTMLS_firewall_value" id="fw_val" value="0"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."805")).'"'.$gt;
806	+ if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]))
807	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
808	+ if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
809	+ $sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
810	+ $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
811	$admin_notice = "";
812	if ($current_user->user_login == "admin") {
813	$admin_notice .= $lt.'hr /'.$gt;

847	}
848	$sec_opts = $wpfirewall_action.$sec_opts;
849	}
850	+ echo GOTMLS_box(__("Firewall Options",'gotmls'), $save_action.$sec_opts.$admin_notice)."\n</div></div></div>";
851	}
852
853	function GOTMLS_update_definitions() {

858	if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
859	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
860	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
861	+ if (isset($_REQUEST["UPDATE_definitions_array"]) && strlen($_REQUEST["UPDATE_definitions_array"]) && GOTMLS_get_nonce()) {
862	+ if (strlen($_REQUEST["UPDATE_definitions_array"]) > 1) {
863	+ $GOTnew_definitions = maybe_unserialize(GOTMLS_decode($_REQUEST["UPDATE_definitions_array"]));
864	if (is_array($GOTnew_definitions))
865	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('Downloaded Definitions');";
866	} elseif (($DEF = GOTMLS_get_URL(GOTMLS_update_home.'definitions.php?ver='.GOTMLS_Version.'&wp='.$wp_version.'&ts='.date("YmdHis").'&d='.ur1encode(GOTMLS_siteurl))) && (($GOT_definitions = GOTMLS_decode($DEF)) != serialize($GLOBALS["GOTMLS"]["tmp"]["definitions_array"])) && is_array($GOTnew_definitions = maybe_unserialize($GOT_definitions)) && count($GOTnew_definitions)) {
867	if (!(isset($_REQUEST["check"]) && is_array($_REQUEST["check"])))
868	$_REQUEST["check"] = array();
869	foreach ($GOTnew_definitions as $threat_level=>$definition_names)
870	+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$threat_level"]) && !(is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]) && in_array("$threat_level", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"])) && !in_array("$threat_level", $_REQUEST["check"]))
871	$_REQUEST["check"][] = "$threat_level";
872	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = $GOTnew_definitions;
873	$GOTnew_definitions = array();
874	$GLOBALS["GOTMLS"]["tmp"]["onLoad"] .= "updates_complete('New Definitions Automatically Installed :-)');";
875	} else
876	$GOTnew_definitions = "";
877	+ }
878	if (isset($GOTnew_definitions) && is_array($GOTnew_definitions)) {
879	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"] = GOTMLS_array_replace_recursive($GLOBALS["GOTMLS"]["tmp"]["definitions_array"], $GOTnew_definitions);
880	if (file_exists(GOTMLS_plugin_path.'definitions_update.txt'))
881	@unlink(GOTMLS_plugin_path.'definitions_update.txt');
882	if (isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]))
883	unset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check"]);
884	+ $saved = update_option('GOTMLS_definitions_array', $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]);
885	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"] as $threat_level=>$definition_names)
886	foreach ($definition_names as $definition_name=>$definition_version)
887	if (is_array($definition_version) && isset($definition_version[0]) && strlen($definition_version[0]) == 5)
888	if (!isset($GOTMLS_definitions_versions[$threat_level]) \|\| $definition_version[0] > $GOTMLS_definitions_versions[$threat_level])
889	$GOTMLS_definitions_versions[$threat_level] = $definition_version[0];
890	+ if (isset($_SERVER["SCRIPT_FILENAME"]) && preg_match('/\/admin-ajax\.php/i', $_SERVER["SCRIPT_FILENAME"]) && isset($_REQUEST["action"]) && $_REQUEST["action"] == "GOTMLS_auto_update")
891	+ die("//".($saved?"saved: ".maybe_serialize($GOTMLS_definitions_versions):"update_option Failed!"));
892	}
893	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] = '?div=Definition_Updates';
894	asort($GOTMLS_definitions_versions);
895	foreach ($GOTMLS_definitions_versions as $definition_name=>$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"])
896	$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Updates"] .= "&ver[$definition_name]=".$GLOBALS["GOTMLS"]["tmp"]["Definition"]["Latest"];
897	}
898	+ add_action('wp_ajax_nopriv_GOTMLS_auto_update', 'GOTMLS_update_definitions');
899
900	function GOTMLS_settings() {
901	global $current_user, $wpdb, $wp_version, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;

1010	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
1011	if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
1012	if (isset($_GET["eli"])) {//still testing this option
1013	+ $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n";
1014	}
1015	$QuickScan = $lt.((is_dir(dirname(__FILE__)."/../../../wp-includes") && is_dir(dirname(__FILE__)."/../../../wp-admin"))?'a href="'.admin_url("admin.php?page=GOTMLS-settings&scan_type=Quick+Scan&$GOTMLS_nonce_URL").'" class="button-primary" style="height: 22px; line-height: 13px; padding: 3px;">WP_Core</a':"!-- No wp-includes or wp-admin --").$gt;
1016	foreach (array("Plugins", "Themes") as $ScanFolder)

1135	}
1136	var startTime = 0;
1137	'.$lt.'/script'.$gt.GOTMLS_box($ScanSettings, $scan_opts);
1138	+ $Settings_Saved = "\n{$lt}div onclick=\"this.style.display='none';\" style='position: relative; top: -50px; margin: 0 300px 0 130px;' class='updated'$gt\nSettings Saved!$lt/div$gt\n";//script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";
1139	if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save") {
1140	if ($GOTMLS_nonce_found) {
1141	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1142	+ echo $Settings_Saved;
1143	} else
1144	echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Saving these settings requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1145	+ echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog());
1146	} elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1147	if ($GOTMLS_nonce_found) {
1148	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1149	$GLOBALS["GOTMLS"]["log"]["settings"]["check"] = array();
1150	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1151	+ echo $Settings_Saved;
1152	if (!isset($_REQUEST["scan_type"]))
1153	$_REQUEST["scan_type"] = "Complete Scan";
1154	echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."1030")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;

1161	echo $lt.'input type="hidden" name="'.$name.'" value="'.htmlspecialchars($value).'"'.$gt;
1162	}
1163	}
1164	+ echo "\n$lt".'script type="text/javascript"'.$gt.'showhide("inside_'.md5($ScanSettings).'");window.onbeforeunload=function(event){event.returnValue="The details on this page will be lost if you leave.";};'.$lt.'/script'.$gt.GOTMLS_box(htmlentities($_REQUEST["scan_type"]).' Status', $lt.'div id="status_text"'.$gt.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."'.$gt.' '.GOTMLS_Loading_LANGUAGE.$lt.'/div'.$gt.$lt.'div id="status_bar"'.$gt.$lt.'/div'.$gt.$lt.'p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"'.$gt.$lt.'input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /'.$gt.$lt.'/p'.$gt.$lt.'div id="status_counts"'.$gt.$lt.'/div'.$gt.$lt.'p id="fix_button" style="display: none; text-align: center;"'.$gt.$lt.'input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /'.$gt.$lt.'/p'.$gt);
1165	$scan_groups_UL = "";
1166	foreach ($scan_groups as $scan_name => $scan_group)
1167	$scan_groups_UL .= "\n{$lt}ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"$gt{$lt}a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\"{$gt}X$lt/a$gt{$lt}h3$gt$scan_name$lt/h3$gt\n".($scan_group=='potential'?$lt.'p'.$gt.'   * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').$lt.'/p'.$gt:($scan_group=='wp_core'?$lt.'p'.$gt.'   * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-core-files/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.').'.$lt.'/p'.$gt:$lt.'br /'.$gt)).$lt.'/ul'.$gt;

1259	echo "/--{$gt}"."/\n$lt/script$gt";
1260	} else
1261	echo GOTMLS_box(GOTMLS_Invalid_Nonce(""), __("Starting a Complete Scan requires a valid Nonce Token. No valid Nonce Token was found at this time, either because the token have expired or because the data was invalid. Please try re-submitting the form above.",'gotmls')."\n{$lt}script type='text/javascript'$gt\nalert('".GOTMLS_Invalid_Nonce("")."');\n$lt/script$gt\n");
1262	+ } else
1263	+ echo GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog());
1264	echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1265	}
1266

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.16.26
9	- Stable tag: 4.16.26
10	Requires at least: 3.3
11	- Tested up to: 4.5.3
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	- Updated ~~July~~ ~~5th~~
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
	@@ -93,6 +93,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
93
94	== Changelog ==
95





96	= 4.16.26 =
97	* Fixed "What to look for" Options so that changes are saved.
98	* Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5
	@@ -390,6 +395,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
390
391	== Upgrade Notice ==
392



393	= 4.16.26 =
394	Fixed "What to look for" Options so that changes are saved, and changed get_currentuserinfo to wp_get_current_user.
395


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.16.38
9	+ Stable tag: 4.16.38
10	Requires at least: 3.3
11	+ Tested up to: 4.6.1
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	+ Updated September 14th
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33

93
94	== Changelog ==
95
96	+ = 4.16.38 =
97	+ * Added more firewall options.
98	+ * Moved Scan Log from the Quarantine page to the main Setings page.
99	+ * Fixed PHP Warning about an invalid argument in foreach and some other bugs too.
100	+
101	= 4.16.26 =
102	* Fixed "What to look for" Options so that changes are saved.
103	* Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5

395
396	== Upgrade Notice ==
397
398	+ = 4.16.38 =
399	+ Added more firewall options, moved Scan Log from to the main Setings page, and fixed PHP Warning about an invalid argument and some other bugs too.
400	+
401	= 4.16.26 =
402	Fixed "What to look for" Options so that changes are saved, and changed get_currentuserinfo to wp_get_current_user.
403

Anti-Malware Security and Brute-Force Firewall - Version 4.16.38

Version Description

Release Info

Code changes from version 4.16.26 to 4.16.38