Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.1.3

Version Description

  • Cleaning up the results.
    • Added 1-click hardening.
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.1.3
Comparing to
See all releases

Code changes from version 1.1.2 to 1.1.3

Files changed (3) hide show
  1. LICENSE +1 -1
  2. readme.txt +9 -6
  3. sucuri.php +134 -48
LICENSE CHANGED
@@ -2,7 +2,7 @@
2
Version 2, June 1991
3
4
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
5
- 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
6
Everyone is permitted to copy and distribute verbatim copies
7
of this license document, but changing it is not allowed.
8
2
Version 2, June 1991
3
4
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
5
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
6
Everyone is permitted to copy and distribute verbatim copies
7
of this license document, but changing it is not allowed.
8
readme.txt CHANGED
@@ -1,12 +1,12 @@
1
- === Sucuri Sitecheck Free Security Scanner ===
2
- Contributors: dd@sucuri.net,dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware,security,scan,spam,virus
5
- Requires at least:3.2.1
6
- Stable tag:1.1.2
7
Tested up to: 3.2.1
8
9
- Get Sucuri SiteCheck scan results directly in your WordPress dashboard. The best way to know if your site is infected with malware or blacklist by Google, in the click of a button.
10
11
== Description ==
12
@@ -24,6 +24,9 @@ You can also scan your site at <a href="http://sitecheck.sucuri.net">http://site
24
25
== Changelog ==
26
27
28
= 1.1.2 =
29
* First release that is good to be used (debugging code removed).
@@ -34,5 +37,5 @@ You can also scan your site at <a href="http://sitecheck.sucuri.net">http://site
34
35
== Credits ==
36
37
- * <a href="http://sucuri.net">http://sucuri.net</a>
38
1
+ === Sucuri Sitecheck Malware Scanner ===
2
+ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware,security,scan,spam,virus
5
+ Requires at least:3.0
6
+ Stable tag:1.1.3
7
Tested up to: 3.2.1
8
9
+ Get free Sucuri SiteCheck scan results directly in your WordPress dashboard. The best way to know if your site is infected with malware or blacklist by Google, all with the click of a button.
10
11
== Description ==
12
24
25
== Changelog ==
26
27
+ = 1.1.3 =
28
+ * Cleaning up the results.
29
+ * Added 1-click hardening.
30
31
= 1.1.2 =
32
* First release that is good to be used (debugging code removed).
37
38
== Credits ==
39
40
+ * <a href="http://sucuri.net">Sucuri Security</a>
41
sucuri.php CHANGED
@@ -2,18 +2,26 @@
2
/*
3
Plugin Name: Sucuri Scanner
4
Plugin URI: http://sitecheck.sucuri.net/
5
- Description: This plugin allows you to execute a remote malware scanner on your WordPres site. It will check for malware, spam, blacklisting and other security issues (htaccess redirections, hidden code, etc). And yes, it is free. Similar to the scan provided online at http://sitecheck.sucuri.net
6
Author: http://sucuri.net
7
- Version: 1.1.2
8
Author URI: http://sucuri.net
9
*/
10
11
define('SUCURISCAN','sucuriscan');
12
- define('SUCURISCAN_VERSION','1.1.2');
13
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
14
define( 'SUCURI_IMG',SUCURI_URL.'images/');
15
16
17
/* Starting Sucuri Scan side bar. */
18
function sucuriscan_menu()
19
{
@@ -22,6 +30,9 @@ function sucuriscan_menu()
22
add_submenu_page('sucuriscan', 'Sucuri Scanner', 'Sucuri Scanner', 'manage_options',
23
'sucuriscan', 'sucuri_scan_page');
24
25
add_submenu_page('sucuriscan', 'Malware removal', 'Malware removal', 'manage_options',
26
'sucuriscan_removal', 'sucuri_removal_page');
27
}
@@ -44,7 +55,7 @@ function sucuri_removal_page()
44
45
echo "<hr />";
46
47
- echo "<p>If our scanner is identifying any security problem on your site, we can get that
48
cleaned for you. Just sign up with us here: <a href='http://sucuri.net/signup'>http://sucuri.net/signup</a> and our team will take care of it for you.</p>";
49
echo "<hr />";
50
echo "<h3>Get your site cleaned in under 4 hours (3 simple steps)</h3>";
@@ -55,7 +66,7 @@ function sucuri_removal_page()
55
echo "</ol>";
56
?>
57
<br /><br />
58
- <b>If you have any question about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></b>
59
<br />
60
61
</div>
@@ -73,11 +84,6 @@ function sucuri_scan_page()
73
wp_die(__('You do not have sufficient permissions to access this page.') );
74
}
75
76
- if(!function_exists('curl_init'))
77
- {
78
- wp_die(__('This plugin requires the CURL functions to be available. Please contact your hosting company to enable it.') );
79
- }
80
-
81
82
if(isset($_POST['wpsucuri-doscan']))
83
{
@@ -88,10 +94,10 @@ function sucuri_scan_page()
88
89
/* Setting's header. */
90
echo '<div class="wrap">';
91
- echo '<h2>Sucuri Malware Scanner</h2><hr />';
92
93
94
- echo '<h3>Execute an external malware scanner on your site, using the <a href="http://sucuri.net">Sucuri</a> scanner. It will alert you if your site is compromised with malware, blackhat spam, defaced, or with any security problem.</h3>';
95
?>
96
97
<form action="" method="post">
@@ -100,7 +106,7 @@ function sucuri_scan_page()
100
</form>
101
102
<br /><br />
103
- <b>If you have any question about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></b>
104
<br />
105
</div>
106
@@ -111,47 +117,38 @@ function sucuri_scan_page()
111
112
function sucuriscan_print_scan()
113
{
114
- $docurl = curl_init();
115
- curl_setopt($docurl, CURLOPT_URL, "http://sitecheck.sucuri.net/scanner/?serialized&scan=".home_url());
116
- curl_setopt($docurl, CURLOPT_VERBOSE, 0);
117
- curl_setopt($docurl, CURLOPT_HEADER, 0);
118
- curl_setopt($docurl, CURLOPT_RETURNTRANSFER, 1);
119
120
- $doresult = curl_exec($docurl);
121
- $res = unserialize($doresult);
122
123
- echo '<div class="wrap">';
124
- echo '<h2><a href="http://sitecheck.sucuri.net">Sucuri Malware Scanner</a></h2>';
125
- echo "<h3>System info</h3>";
126
127
-
128
129
- echo "Site: ".$res['SCAN']['SITE'][0]." (".$res['SCAN']['IP'][0].")<br />\n";
130
- foreach($res['SYSTEM']['NOTICE'] as $notres)
131
- {
132
- if(is_array($notres))
133
- {
134
- echo htmlspecialchars($notres[0]). " ".htmlspecialchars($notres[1]);
135
- }
136
- else
137
- {
138
- echo htmlspecialchars($notres)."<br />\n";
139
- }
140
- }
141
142
- echo "<h3>Security Scan</h3>";
143
if(!isset($res['MALWARE']['WARN']))
144
{
145
- echo "<p>Malware not identified.</p>";
146
- echo "<p>Malware: No.</p>";
147
- echo "<p>Malicious javascript: No.</p>";
148
- echo "<p>Malicious iframes: No.</p>";
149
- echo "<p>Suspicious redirections (htaccess): No.</p>";
150
- echo "<p>Blackhat SEO Spam: No.</p>";
151
- echo "<p>Anomaly detection: Clean.</p>";
152
}
153
else
154
{
155
foreach($res['MALWARE']['WARN'] as $malres)
156
{
157
if(!is_array($malres))
@@ -169,28 +166,117 @@ function sucuriscan_print_scan()
169
echo '<i>More details here <a href="http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'">http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'</a></i>';
170
171
172
- echo "<h3>Blacklisting</h3>";
173
foreach($res['BLACKLIST']['INFO'] as $blres)
174
{
175
- echo "CLEAN: ".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
176
}
177
foreach($res['BLACKLIST']['WARN'] as $blres)
178
{
179
- echo "WARN: ".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
180
}
181
182
?>
183
<br /><br />
184
- <b>If you have any question about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></b>
185
<br />
186
</div>
187
<?php
188
}
189
190
191
192
/* Sucuri's admin menu. */
193
add_action('admin_menu', 'sucuriscan_menu');
194
195
196
?>
2
/*
3
Plugin Name: Sucuri Scanner
4
Plugin URI: http://sitecheck.sucuri.net/
5
+ Description: This plugin allows you to scan your website using the Sucuri SiteCheck Malware Scanner on your WordPress site. It will check for malware, spam, blacklisting and other security issues (htaccess redirections, hidden code, etc). Yes, it is free. Similar to the scans provided online at http://sitecheck.sucuri.net
6
Author: http://sucuri.net
7
+ Version: 1.1.3
8
Author URI: http://sucuri.net
9
*/
10
11
+
12
+ /* No direct access. */
13
+ if(!function_exists('add_action'))
14
+ {
15
+ exit(0);
16
+ }
17
+
18
define('SUCURISCAN','sucuriscan');
19
+ define('SUCURISCAN_VERSION','1.1.3');
20
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
21
define( 'SUCURI_IMG',SUCURI_URL.'images/');
22
23
24
+
25
/* Starting Sucuri Scan side bar. */
26
function sucuriscan_menu()
27
{
30
add_submenu_page('sucuriscan', 'Sucuri Scanner', 'Sucuri Scanner', 'manage_options',
31
'sucuriscan', 'sucuri_scan_page');
32
33
+ add_submenu_page('sucuriscan', '1-click Hardening', '1-click Hardening', 'manage_options',
34
+ 'sucuriscan_hardening', 'sucuriscan_hardening_page');
35
+
36
add_submenu_page('sucuriscan', 'Malware removal', 'Malware removal', 'manage_options',
37
'sucuriscan_removal', 'sucuri_removal_page');
38
}
55
56
echo "<hr />";
57
58
+ echo "<p>If our scanner is identifying any security problems on your site, we can get that
59
cleaned for you. Just sign up with us here: <a href='http://sucuri.net/signup'>http://sucuri.net/signup</a> and our team will take care of it for you.</p>";
60
echo "<hr />";
61
echo "<h3>Get your site cleaned in under 4 hours (3 simple steps)</h3>";
66
echo "</ol>";
67
?>
68
<br /><br />
69
+ <b>If you have any questions about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></b>
70
<br />
71
72
</div>
84
wp_die(__('You do not have sufficient permissions to access this page.') );
85
}
86
87
88
if(isset($_POST['wpsucuri-doscan']))
89
{
94
95
/* Setting's header. */
96
echo '<div class="wrap">';
97
+ echo '<h2>Sucuri SiteCheck Malware Scanner</h2>';
98
99
100
+ echo '<h3>Scan your site for malware using <a href="http://sitecheck.sucuri.net">Sucuri SiteCheck</a> right in your WordPress dashboard. The Sucuri SiteCheck scans will let you know if your site is compromised with malware, blackhat spam, website defacement, or if you are blacklisted.</h3>';
101
?>
102
103
<form action="" method="post">
106
</form>
107
108
<br /><br />
109
+ <strong>If you have any questions about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">sucuri.net</a></strong>
110
<br />
111
</div>
112
117
118
function sucuriscan_print_scan()
119
{
120
+ $myresults = wp_remote_get("http://sitecheck.sucuri.net/scanner/?serialized&fromwp&scan=".home_url(), array("timeout" => 180));
121
122
+ if(is_wp_error($myresults))
123
+ {
124
+ print_r($myresults);
125
+ return;
126
+ }
127
128
129
+ $res = unserialize($myresults['body']);
130
131
+ echo '<div class="wrap">';
132
+ echo '<h2>Sucuri SiteCheck Malware Scanner</h2>';
133
134
if(!isset($res['MALWARE']['WARN']))
135
{
136
+ echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
137
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
138
+ No malware was identified</h3>';
139
+
140
+ echo "<p><strong>Malware:</strong> No.</p>";
141
+ echo "<p><strong>Malicious javascript:</strong> No.</p>";
142
+ echo "<p><strong>Malicious iframes:</strong> No.</p>";
143
+ echo "<p><strong>Suspicious redirections (htaccess):</strong> No.</p>";
144
+ echo "<p><strong>Blackhat SEO Spam:</strong> No.</p>";
145
+ echo "<p><strong>Anomaly detection:</strong> Clean.</p>";
146
}
147
else
148
{
149
+ echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
150
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
151
+ Site compromised (malware was identified)</h3>';
152
foreach($res['MALWARE']['WARN'] as $malres)
153
{
154
if(!is_array($malres))
166
echo '<i>More details here <a href="http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'">http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'</a></i>';
167
168
169
+ echo "<hr />\n";
170
+ if(isset($res['BLACKLIST']['WARN']))
171
+ {
172
+ echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
173
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
174
+ Site blacklisted</h3>';
175
+ }
176
+ else
177
+ {
178
+ echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
179
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
180
+ Site blacklist-free</h3>';
181
+ }
182
+
183
foreach($res['BLACKLIST']['INFO'] as $blres)
184
{
185
+ echo "<b>CLEAN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
186
}
187
foreach($res['BLACKLIST']['WARN'] as $blres)
188
{
189
+ echo "<b>WARN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
190
+ }
191
+
192
+
193
+ echo "<hr />\n";
194
+ global $wp_version;
195
+ if(strcmp($wp_version, "3.2.1") >= 0)
196
+ {
197
+ echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
198
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
199
+ System info (WordPress upgraded)</h3>';
200
+ }
201
+ else
202
+ {
203
+ echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
204
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
205
+ System info (WordPress outdated)</h3>';
206
+ }
207
+
208
+
209
+ echo "<b>Site:</b> ".$res['SCAN']['SITE'][0]." (".$res['SCAN']['IP'][0].")<br />\n";
210
+ echo "<b>WordPress: </b> $wp_version<br />\n";
211
+ echo "<b>PHP: </b> ".phpversion()."<br />\n";
212
+ foreach($res['SYSTEM']['NOTICE'] as $notres)
213
+ {
214
+ if(is_array($notres))
215
+ {
216
+ echo htmlspecialchars($notres[0]). " ".htmlspecialchars($notres[1]);
217
+ }
218
+ else
219
+ {
220
+ echo htmlspecialchars($notres)."<br />\n";
221
+ }
222
}
223
224
?>
225
<br /><br />
226
+ <b>If you have any questions about these scan results, or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></b>
227
<br />
228
</div>
229
<?php
230
}
231
232
233
+ /* Sucuri one-click hardening page. */
234
+ function sucuriscan_hardening_page()
235
+ {
236
+ if(!current_user_can('manage_options'))
237
+ {
238
+ wp_die(__('You do not have sufficient permissions to access this page.') );
239
+ }
240
+ include_once("sucuriscan_hardening.php");
241
+
242
+
243
+
244
+ /* Hardening page. */
245
+ echo '<div class="wrap">';
246
+ echo '<h2>Sucuri 1-Click WordPress Hardening</h2>';
247
+
248
+ echo '<h3>Secure your WordPress with a one-click hardening.</h3>';
249
+
250
+ echo "<hr />";
251
+ sucuriscan_harden_version();
252
+ echo "<hr />";
253
+ sucuriscan_harden_removegenerator();
254
+ echo "<hr />";
255
+ sucuriscan_harden_upload();
256
+ echo "<hr />";
257
+ sucuriscan_harden_dbtables();
258
+ echo "<hr />";
259
+ sucuriscan_harden_adminuser();
260
+ echo "<hr />";
261
+ sucuriscan_harden_readme();
262
+ echo "<hr />";
263
+ sucuriscan_harden_phpversion();
264
+ echo "<hr />";
265
+ ?>
266
+ <br /><br />
267
+ <b>If you have any question about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></b>
268
+ <br />
269
+
270
+ </div>
271
+ <?php
272
+ }
273
+
274
+
275
+
276
277
/* Sucuri's admin menu. */
278
add_action('admin_menu', 'sucuriscan_menu');
279
+ remove_action('wp_head', 'wp_generator');
280
281
282
?>