Version Description
- Fixed potential "Nesting level too deep recursive dependency" error message in the backend.
- You can select the verbosity of the PHP backtrace attached to email notifications: low, medium or high verbosity. See "Event Notification > PHP backtrace".
- Added a new policy to protect the
admin-ajax.phpscript against malicious bots and scanners. See "Firewall Policy > Basic Policies > WordPress AJAX". - WP+ Edition (Premium): NinjaFirewall can check for security rules updates as often as every 15 minutes (versus one hour for the free WP Edition). See "Rules Update > Check for updates".
- WP+ Edition (Premium): Added a new access control section: "User Input Access Control". It can be used to ignore or block specific user input (GET, POST and COOKIE). See "Access Control > User Input".
- WP+ Edition (Premium): Role-based Access Control has been improved: it will display all user roles available on the blog, including custom ones from all third-party applications (e.g., WooCommerce, bbPress etc) so that they can be whitelisted too.
- WP+ Edition (Premium): The
/character is now allowed in the Bot Access Control. - Improved user_roles protection to prevent blocking third-party applications than may modify it when a non-administrator user is logged-in.
- Many small fixes, adjustments and improvements.
Download this release
Release Info
| Developer | nintechnet |
| Plugin |  NinjaFirewall (WP Edition) |
| Version | 3.9.1 |
| Comparing to | |
| See all releases | |
Code changes from version 3.9 to 3.9.1
- lib/utils.php +20 -3
- ninjafirewall.php +2 -2
- readme.txt +5 -3
lib/utils.php
CHANGED
|
@@ -1076,6 +1076,21 @@ function nf_monitor_options( $value, $option, $old_value ) {
|
|
| 1076 |
|
| 1077 |
// Admin check is done in nfw_load_optmon().
|
| 1078 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1079 |
$nfw_options = nfw_get_option( 'nfw_options' );
|
| 1080 |
|
| 1081 |
if ( empty( $nfw_options['enabled'] ) || empty( $nfw_options['disallow_settings'] ) ) {
|
|
@@ -1083,9 +1098,9 @@ function nf_monitor_options( $value, $option, $old_value ) {
|
|
| 1083 |
}
|
| 1084 |
|
| 1085 |
// User-defined exclusion list (undocumented), NF options/rules (which are protected
|
| 1086 |
-
// by the firewall)
|
| 1087 |
if ( ( defined('NFW_OPTMON_EXCLUDE') && strpos( NFW_OPTMON_EXCLUDE, $option ) !== false ) ||
|
| 1088 |
-
$option
|
| 1089 |
|
| 1090 |
return $value;
|
| 1091 |
}
|
|
@@ -1118,6 +1133,8 @@ function nf_monitor_options( $value, $option, $old_value ) {
|
|
| 1118 |
// Not what we are looking for? Scan it anyway:
|
| 1119 |
if (! in_array( $option, $monitor ) && ! in_array( $option, $monitor2 ) ) {
|
| 1120 |
|
|
|
|
|
|
|
| 1121 |
// Options can be an array or object:
|
| 1122 |
if ( is_array( $value ) || is_object( $value ) ) {
|
| 1123 |
$tmp = serialize( $value );
|
|
@@ -1195,7 +1212,7 @@ function nf_monitor_options( $value, $option, $old_value ) {
|
|
| 1195 |
|
| 1196 |
function nfw_load_optmon() {
|
| 1197 |
|
| 1198 |
-
if (! current_user_can('manage_options')
|
| 1199 |
add_filter( 'pre_update_option', 'nf_monitor_options', 10, 3 );
|
| 1200 |
}
|
| 1201 |
}
|
| 1076 |
|
| 1077 |
// Admin check is done in nfw_load_optmon().
|
| 1078 |
|
| 1079 |
+
// Similarly to https://core.trac.wordpress.org/ticket/38903, an integer will
|
| 1080 |
+
// trigger a DB UPDATE query even if it matches the character stored in the DB
|
| 1081 |
+
// (e.g.: 0 vs '0'). We must not block that, hence will use '===' only on arrays
|
| 1082 |
+
// and objects (and that will prevent "Nesting level too deep" error as well):
|
| 1083 |
+
if ( is_array( $value ) || is_object( $value ) ) {
|
| 1084 |
+
if ( $value === $old_value ) {
|
| 1085 |
+
return $value;
|
| 1086 |
+
}
|
| 1087 |
+
} else {
|
| 1088 |
+
// Simple comparison operator for integers and strings:
|
| 1089 |
+
if ( $value == $old_value ) {
|
| 1090 |
+
return $value;
|
| 1091 |
+
}
|
| 1092 |
+
}
|
| 1093 |
+
|
| 1094 |
$nfw_options = nfw_get_option( 'nfw_options' );
|
| 1095 |
|
| 1096 |
if ( empty( $nfw_options['enabled'] ) || empty( $nfw_options['disallow_settings'] ) ) {
|
| 1098 |
}
|
| 1099 |
|
| 1100 |
// User-defined exclusion list (undocumented), NF options/rules (which are protected
|
| 1101 |
+
// by the firewall):
|
| 1102 |
if ( ( defined('NFW_OPTMON_EXCLUDE') && strpos( NFW_OPTMON_EXCLUDE, $option ) !== false ) ||
|
| 1103 |
+
$option === 'nfw_options' || $option === 'nfw_rules' ) {
|
| 1104 |
|
| 1105 |
return $value;
|
| 1106 |
}
|
| 1133 |
// Not what we are looking for? Scan it anyway:
|
| 1134 |
if (! in_array( $option, $monitor ) && ! in_array( $option, $monitor2 ) ) {
|
| 1135 |
|
| 1136 |
+
return $value;
|
| 1137 |
+
|
| 1138 |
// Options can be an array or object:
|
| 1139 |
if ( is_array( $value ) || is_object( $value ) ) {
|
| 1140 |
$tmp = serialize( $value );
|
| 1212 |
|
| 1213 |
function nfw_load_optmon() {
|
| 1214 |
|
| 1215 |
+
if (! current_user_can('manage_options') && ! nfw_is_whitelisted() ) {
|
| 1216 |
add_filter( 'pre_update_option', 'nf_monitor_options', 10, 3 );
|
| 1217 |
}
|
| 1218 |
}
|
ninjafirewall.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: NinjaFirewall (WP Edition)
|
| 4 |
Plugin URI: https://nintechnet.com/
|
| 5 |
Description: A true Web Application Firewall to protect and secure WordPress.
|
| 6 |
-
Version: 3.9
|
| 7 |
Author: The Ninja Technologies Network
|
| 8 |
Author URI: https://nintechnet.com/
|
| 9 |
License: GPLv3 or later
|
|
@@ -19,7 +19,7 @@ Domain Path: /languages
|
|
| 19 |
| (c) NinTechNet - https://nintechnet.com/ |
|
| 20 |
+---------------------------------------------------------------------+
|
| 21 |
*/
|
| 22 |
-
define( 'NFW_ENGINE_VERSION', '3.9' );
|
| 23 |
/*
|
| 24 |
+---------------------------------------------------------------------+
|
| 25 |
| This program is free software: you can redistribute it and/or |
|
| 3 |
Plugin Name: NinjaFirewall (WP Edition)
|
| 4 |
Plugin URI: https://nintechnet.com/
|
| 5 |
Description: A true Web Application Firewall to protect and secure WordPress.
|
| 6 |
+
Version: 3.9.1
|
| 7 |
Author: The Ninja Technologies Network
|
| 8 |
Author URI: https://nintechnet.com/
|
| 9 |
License: GPLv3 or later
|
| 19 |
| (c) NinTechNet - https://nintechnet.com/ |
|
| 20 |
+---------------------------------------------------------------------+
|
| 21 |
*/
|
| 22 |
+
define( 'NFW_ENGINE_VERSION', '3.9.1' );
|
| 23 |
/*
|
| 24 |
+---------------------------------------------------------------------+
|
| 25 |
| This program is free software: you can redistribute it and/or |
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: nintechnet, bruandet
|
| 3 |
Tags: security, firewall, malware, antispam, virus, scanner, hacked site, brute force, seguridad, seguranca, sicherheit, sicurezza, veiligheid
|
| 4 |
Requires at least: 3.7
|
| 5 |
-
Tested up to: 5.
|
| 6 |
-
Stable tag: 3.9
|
| 7 |
Requires PHP: 5.3
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -199,8 +199,9 @@ NinjaFirewall works on Unix-like servers only. There is no Microsoft Windows ver
|
|
| 199 |
|
| 200 |
== Changelog ==
|
| 201 |
|
| 202 |
-
= 3.9 =
|
| 203 |
|
|
|
|
| 204 |
* You can select the verbosity of the PHP backtrace attached to email notifications: low, medium or high verbosity. See "Event Notification > PHP backtrace".
|
| 205 |
* Added a new policy to protect the `admin-ajax.php` script against malicious bots and scanners. See "Firewall Policy > Basic Policies > WordPress AJAX".
|
| 206 |
* WP+ Edition (Premium): NinjaFirewall can check for security rules updates as often as every 15 minutes (versus one hour for the free WP Edition). See "Rules Update > Check for updates".
|
|
@@ -343,3 +344,4 @@ NinjaFirewall works on Unix-like servers only. There is no Microsoft Windows ver
|
|
| 343 |
* [WP+ Edition] Fixed a bug where IPs that were whitelisted in the "Access Control" page could not connect to the REST API if its access was disabled in the "Firewall Policies".
|
| 344 |
* [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
|
| 345 |
* Minor fixes.
|
|
|
| 2 |
Contributors: nintechnet, bruandet
|
| 3 |
Tags: security, firewall, malware, antispam, virus, scanner, hacked site, brute force, seguridad, seguranca, sicherheit, sicurezza, veiligheid
|
| 4 |
Requires at least: 3.7
|
| 5 |
+
Tested up to: 5.2
|
| 6 |
+
Stable tag: 3.9.1
|
| 7 |
Requires PHP: 5.3
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 199 |
|
| 200 |
== Changelog ==
|
| 201 |
|
| 202 |
+
= 3.9.1 =
|
| 203 |
|
| 204 |
+
* Fixed potential "Nesting level too deep – recursive dependency" error message in the backend.
|
| 205 |
* You can select the verbosity of the PHP backtrace attached to email notifications: low, medium or high verbosity. See "Event Notification > PHP backtrace".
|
| 206 |
* Added a new policy to protect the `admin-ajax.php` script against malicious bots and scanners. See "Firewall Policy > Basic Policies > WordPress AJAX".
|
| 207 |
* WP+ Edition (Premium): NinjaFirewall can check for security rules updates as often as every 15 minutes (versus one hour for the free WP Edition). See "Rules Update > Check for updates".
|
| 344 |
* [WP+ Edition] Fixed a bug where IPs that were whitelisted in the "Access Control" page could not connect to the REST API if its access was disabled in the "Firewall Policies".
|
| 345 |
* [WP+ Edition] Updated IPv4/IPv6 GeoIP databases.
|
| 346 |
* Minor fixes.
|
| 347 |
+
|
