Sucuri Security – Auditing, Malware Scanner and Security Hardening

Version Description

Release Info

Developer	dd@sucuri.net
Plugin	Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version	1.1.4
Comparing to
See all releases

Code changes from version 1.1.3 to 1.1.4

Files changed (3) hide show

readme.txt +1 -1
sucuri.php +2 -2
sucuriscan_hardening.php +334 -0

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3	Donate Link: http://sitecheck.sucuri.net
4	Tags: malware,security,scan,spam,virus
5	Requires at least:3.0
6	- Stable tag:1.1.3
7	Tested up to: 3.2.1
8
9	Get free Sucuri SiteCheck scan results directly in your WordPress dashboard. The best way to know if your site is infected with malware or blacklist by Google, all with the click of a button.


3	Donate Link: http://sitecheck.sucuri.net
4	Tags: malware,security,scan,spam,virus
5	Requires at least:3.0
6	+ Stable tag:1.1.4
7	Tested up to: 3.2.1
8
9	Get free Sucuri SiteCheck scan results directly in your WordPress dashboard. The best way to know if your site is infected with malware or blacklist by Google, all with the click of a button.

sucuri.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: Sucuri Scanner
4	Plugin URI: http://sitecheck.sucuri.net/
5	Description: This plugin allows you to scan your website using the Sucuri SiteCheck Malware Scanner on your WordPress site. It will check for malware, spam, blacklisting and other security issues (htaccess redirections, hidden code, etc). Yes, it is free. Similar to the scans provided online at http://sitecheck.sucuri.net
6	Author: http://sucuri.net
7	- Version: 1.1.3
8	Author URI: http://sucuri.net
9	*/
10
	@@ -16,7 +16,7 @@ if(!function_exists('add_action'))
16	}
17
18	define('SUCURISCAN','sucuriscan');
19	- define('SUCURISCAN_VERSION','1.1.3');
20	define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
21	define( 'SUCURI_IMG',SUCURI_URL.'images/');
22


4	Plugin URI: http://sitecheck.sucuri.net/
5	Description: This plugin allows you to scan your website using the Sucuri SiteCheck Malware Scanner on your WordPress site. It will check for malware, spam, blacklisting and other security issues (htaccess redirections, hidden code, etc). Yes, it is free. Similar to the scans provided online at http://sitecheck.sucuri.net
6	Author: http://sucuri.net
7	+ Version: 1.1.4
8	Author URI: http://sucuri.net
9	*/
10

16	}
17
18	define('SUCURISCAN','sucuriscan');
19	+ define('SUCURISCAN_VERSION','1.1.4');
20	define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
21	define( 'SUCURI_IMG',SUCURI_URL.'images/');
22

sucuriscan_hardening.php ADDED Viewed

	@@ -0,0 +1,334 @@


1	+ <?php
2	+ /* Sucuri Security WordPress Plugin
3	+ * Copyright (C) 2011 Sucuri Security - http://sucuri.net
4	+ * Released under the GPL - see LICENSE file for details.
5	+ */
6	+
7	+
8	+ if(!defined('SUCURISCAN'))
9	+ {
10	+ exit(0);
11	+ }
12	+
13	+ if(!function_exists('file_put_contents'))
14	+ {
15	+ exit(0);
16	+ }
17	+
18	+
19	+ if(isset($_POST['wpscansucuri-doharden']) &&
20	+ !wp_verify_nonce($_POST['sucuriscan-harden-action'],'sucuriscan-nonce'))
21	+ {
22	+ echo '<div id="message" class="error"><p>Internal error. Please try again.</p></div>';
23	+ return;
24	+ }
25	+
26	+
27	+ function sucuriscan_harden_error($message)
28	+ {
29	+ return('<div id="message" class="error"><p>'.$message.'</p></div>');
30	+ }
31	+
32	+
33	+ function sucuriscan_harden_ok($message)
34	+ {
35	+ return( '<div id="message" class="updated"><p>'.$message.'</p></div>');
36	+ }
37	+
38	+
39	+ function sucuriscan_harden_status($status, $type, $messageok, $messagewarn,
40	+ $desc = NULL, $updatemsg = NULL)
41	+ {
42	+ if($status == 1)
43	+ {
44	+ echo '<h3>'.
45	+ '<img style="position:relative;top:5px" height="22" width="22"'.
46	+ 'src="'.site_url().
47	+ '/wp-content/plugins/sucuri-scanner/images/ok.png" />   '.
48	+ $messageok.'.</h3>';
49	+
50	+ if($updatemsg != NULL){ echo $updatemsg; }
51	+ }
52	+ else
53	+ {
54	+ echo '<h3>'.
55	+ '<img style="position:relative;top:5px" height="22" width="22"'.
56	+ 'src="'.site_url().
57	+ '/wp-content/plugins/sucuri-scanner/images/warn.png" />   '.
58	+ $messagewarn. '.</h3>';
59	+
60	+ if($updatemsg != NULL){ echo $updatemsg; }
61	+
62	+ if($type != NULL)
63	+ {
64	+ echo '<form action="" method="post">'.
65	+ wp_nonce_field('sucuriscan-nonce', 'sucuriscan-harden-action').
66	+ '<input type="hidden" name="wpscansucuri-doharden" value="wpscansucuri-doharden" />'.
67	+ '<input type="hidden" name="'.$type.'" '.
68	+ 'value="'.$type.'" />'.
69	+ '<input class="button-primary" type="submit" name="wpscansucuri-dohardenform" value="Harden it!" />'.
70	+ '</form><br />';
71	+ }
72	+ }
73	+ if($desc != NULL)
74	+ {
75	+ echo "<i>$desc</i>";
76	+ }
77	+
78	+ }
79	+
80	+
81	+ function sucuriscan_harden_version()
82	+ {
83	+ global $wp_version;
84	+ $cp = 0;
85	+ $updates = get_core_updates();
86	+ if (!is_array($updates))
87	+ {
88	+ $cp = 1;
89	+ }
90	+ else if(empty($updates))
91	+ {
92	+ $cp = 1;
93	+ }
94	+ else if($updates[0]->response == 'latest')
95	+ {
96	+ $cp = 1;
97	+ }
98	+ if(strcmp($wp_version, "3.2.1") < 0)
99	+ {
100	+ $cp = 0;
101	+ }
102	+
103	+
104	+ sucuriscan_harden_status($cp, NULL,
105	+ "WordPress is updated", "WordPress is not updated",
106	+ NULL);
107	+
108	+ if($cp == 0)
109	+ {
110	+ echo "<i>Your current version ($wp_version) is not current. Please update it <a href='update-core.php'>now!</a></i>";
111	+ }
112	+ else
113	+ {
114	+ echo "<i>Your WordPress installation ($wp_version) is current.</i>";
115	+ }
116	+ }
117	+
118	+
119	+ function sucuriscan_harden_removegenerator()
120	+ {
121	+ /* Enabled by default with this plugin. */
122	+ $cp = 1;
123	+
124	+ sucuriscan_harden_status($cp, "sucuri_harden_removegenerator",
125	+ "WordPress version properly hidden", NULL,
126	+ "It checks if your WordPress version is being hidden".
127	+ " from being displayed in the generator tag ".
128	+ "(enabled by default with this plugin).");
129	+ }
130	+
131	+
132	+
133	+ function sucuriscan_harden_upload()
134	+ {
135	+ $cp = 1;
136	+ $upmsg = NULL;
137	+ if(!is_readable(ABSPATH."/wp-content/uploads/.htaccess"))
138	+ {
139	+ $cp = 0;
140	+ }
141	+ else
142	+ {
143	+ $cp = 0;
144	+ $fcontent = file(ABSPATH."/wp-content/uploads/.htaccess");
145	+ foreach($fcontent as $fline)
146	+ {
147	+ if(strpos($fline, "deny from all") !== FALSE)
148	+ {
149	+ $cp = 1;
150	+ break;
151	+ }
152	+ }
153	+ }
154	+
155	+ if(isset($_POST['sucuriscan_harden_upload']) && isset($_POST['wpscansucuri-doharden']) &&
156	+ $cp == 0)
157	+ {
158	+ if(file_put_contents(ABSPATH."/wp-content/uploads/.htaccess",
159	+ "\n".
160	+ "<Files *.php>\ndeny from all\n</Files>")===FALSE)
161	+ {
162	+ $upmsg = sucuriscan_harden_error("ERROR: Unable to create .htaccess file.");
163	+ }
164	+ else
165	+ {
166	+ $upmsg = sucuriscan_harden_ok("Completed. Upload directory successfully secured.");
167	+ $cp = 1;
168	+ }
169	+ }
170	+
171	+ sucuriscan_harden_status($cp, "sucuriscan_harden_upload",
172	+ "Upload directory properly protected",
173	+ "Upload directory not protected",
174	+ "It checks if your upload directory allows PHP ".
175	+ "execution or if it is browsable.", $upmsg);
176	+ }
177	+
178	+
179	+
180	+ function sucuriscan_harden_dbtables()
181	+ {
182	+ global $table_prefix;
183	+
184	+
185	+ if($table_prefix == "wp_")
186	+ {
187	+ $cp = 0;
188	+ }
189	+ else
190	+ {
191	+ $cp = 1;
192	+ }
193	+
194	+ sucuriscan_harden_status($cp, "sucuri_harden_dbtables",
195	+ "Database table prefix properly modified",
196	+ "Database table set to the default value. Not recommended",
197	+ "It checks whether your database table prefix has ".
198	+ "been changed from the default 'wp_'.");
199	+
200	+ if($cp == 0)
201	+ {
202	+ echo '<br /><i>*We do not offer the option to automatically change the table prefix, but it will be available soon on a next release.</i>';
203	+ }
204	+ }
205	+
206	+
207	+
208	+ function sucuriscan_harden_adminuser()
209	+ {
210	+ global $table_prefix;
211	+ global $wpdb;
212	+ $upmsg = NULL;
213	+
214	+ $res = $wpdb->get_results("SELECT user_login from ".
215	+ $table_prefix."users where user_login='admin'");
216	+
217	+ $cp = 0;
218	+ if(count($res) == 0)
219	+ {
220	+ $cp = 1;
221	+ }
222	+ if(isset($_POST['sucuriscan_harden_adminuser']) && isset($_POST['wpscansucuri-doharden']) &&
223	+ $cp == 0)
224	+ {
225	+ if(!isset($_POST['sucuriscan_harden_adminusernew']))
226	+ {
227	+ $upmsg = sucuriscan_harden_error("New admin user name not chosen.");
228	+ }
229	+ else
230	+ {
231	+ $_POST['sucuriscan_harden_adminusernew'] = trim($_POST['sucuri_harden_adminusernew']);
232	+ $_POST['sucuriscan_harden_adminusernew'] = htmlspecialchars($_POST['sucuri_harden_adminusernew']);
233	+
234	+ if(strlen($_POST['sucuriscan_harden_adminusernew']) < 2)
235	+ {
236	+ $upmsg = sucuriscan_harden_error("New admin user name not chosen.");
237	+ }
238	+ else if(!preg_match('/^[a-zA-Z0-9_-]+$/',
239	+ $_POST['sucuriscan_harden_adminusernew'], $regs,
240	+ PREG_OFFSET_CAPTURE, 0))
241	+ {
242	+ $upmsg = sucuriscan_harden_error("Invalid user name. Only letters and numbers are allowed.");
243	+ }
244	+ else
245	+ {
246	+ $res = $wpdb->query("UPDATE ".$table_prefix."users ".
247	+ "SET user_login = '".
248	+ $_POST['sucuriscan_harden_adminusernew']."'".
249	+ "WHERE user_login='admin'");
250	+ $cp = 1;
251	+ $upmsg = sucuriscan_harden_ok("User name changed to: ".
252	+ $_POST['sucuriscan_harden_adminusernew'].
253	+ ". You will be now logged out.");
254	+ }
255	+ }
256	+ }
257	+
258	+ sucuriscan_harden_status($cp, NULL,
259	+ "Default admin user name (admin) not being used",
260	+ "Default admin user name (admin) being used. Not recommended",
261	+ "It checks whether you have the default 'admin' ".
262	+ "account enabled. Security guidelines recommend ".
263	+ "creating a new admin user name.", $upmsg);
264	+
265	+ if($cp == 0)
266	+ {
267	+ echo '<br /> <br />Choose your new admin name (used to login):';
268	+ echo '<form action="" method="post">'.
269	+ wp_nonce_field('sucuriscan-nonce', 'sucuriscan-harden-action').
270	+ '<input type="hidden" name="wpscansucuri-doharden" value="wpscansucuri-doharden" />'.
271	+ '<input type="hidden" name="sucuriscan_harden_adminuser" '.
272	+ 'value="sucuriscan_harden_adminuser" />'.
273	+ '<input type="text" name="sucuriscan_harden_adminusernew" value="" />'.
274	+ '<input type="submit" name="wpsucuri-dohardenform" value="Rename the admin user" />'.
275	+ '</form>';
276	+ echo '<b>*Make sure you remember your new admin login name! '.
277	+ 'Otherwise you will not be able to login back. You will be logged out after changing it!</b>';
278	+ }
279	+ }
280	+
281	+
282	+
283	+ function sucuriscan_harden_readme()
284	+ {
285	+ $upmsg = NULL;
286	+ $cp = 0;
287	+ if(!is_readable(ABSPATH."/readme.html"))
288	+ {
289	+ $cp = 1;
290	+ }
291	+
292	+ if(isset($_POST['sucuriscan_harden_readme']) &&
293	+ isset($_POST['wpscansucuri-doharden']) &&
294	+ $cp == 0)
295	+ {
296	+ if(unlink(ABSPATH."/readme.html") === FALSE)
297	+ {
298	+ $upmsg = sucuriscan_harden_error("Unable to remove readme file.");
299	+ }
300	+ else
301	+ {
302	+ $cp = 1;
303	+ $upmsg = sucuriscan_harden_ok("Readme file removed.");
304	+ }
305	+ }
306	+
307	+ sucuriscan_harden_status($cp, "sucuriscan_harden_readme",
308	+ "Readme file properly deleted",
309	+ "Readme file not deleted and leaking the WordPress version",
310	+ "It checks whether you have the readme.html file ".
311	+ "available that leaks your WordPress version.", $upmsg);
312	+ }
313	+
314	+
315	+
316	+ function sucuriscan_harden_phpversion()
317	+ {
318	+ $phpv = phpversion();
319	+
320	+ if(strncmp($phpv, "5.2", 3) < 0)
321	+ {
322	+ $cp = 0;
323	+ }
324	+ else
325	+ {
326	+ $cp = 1;
327	+ }
328	+
329	+ sucuriscan_harden_status($cp, NULL,
330	+ "Using an updated version of PHP (v $phpv)",
331	+ "The version of PHP you are using ($phpv) is not current. Not recommended and not supported",
332	+ "It checks if you have the latest version of PHP installed.", NULL);
333	+ }
334	+ ?>

Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.1.4

Version Description

Release Info

Code changes from version 1.1.3 to 1.1.4