Sucuri Security – Auditing, Malware Scanner and Security Hardening

Version Description

Small bug fixes.
Adding last IP to the last login page.

Release Info

Developer	dd@sucuri.net
Plugin	Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version	1.4.1
Comparing to
See all releases

Code changes from version 1.4 to 1.4.1

Files changed (11) hide show

inc/css/sucuriscan-default-css.css +23 -0
inc/tpl/sucuri-wp-integrity-admins-lastlogin.snippet.tpl +4 -0
inc/tpl/sucuri-wp-integrity-admins.html.tpl +22 -0
inc/tpl/sucuri-wp-integrity-admins.snippet.tpl +20 -0
inc/tpl/sucuri-wp-notification.html.tpl +38 -0
inc/tpl/sucuri-wp-notification.txt.tpl +12 -0
lib/core_integrity.php +47 -24
readme.txt +6 -1
sucuri.php +52 -14
sucuriscan_core_integrity.php +30 -4
sucuriscan_hardening.php +1 -1

inc/css/sucuriscan-default-css.css CHANGED Viewed

@@ -58,6 +58,29 @@
                 border-color:#999;
+            }
             .sucuriscan-maincontent a.lastlogins-showall{
                 margin: 10px auto 0 auto;
+            }


58	border-color:#999;
59	}
60
61	+ .sucuriscan-maincontent .widefat tbody th.check-column{
62	+ padding: 6px 0 3px 0
63	+ }
64	+
65	.sucuriscan-maincontent a.lastlogins-showall{
66	margin: 10px auto 0 auto;
67	}
68	+
69	+ .sucuriscan-maincontent .adminusers-lastlogin{
70	+ padding: 0
71	+ }
72	+
73	+ .sucuriscan-maincontent .adminusers-lastlogin>table{
74	+ width: 100%
75	+ }
76	+
77	+ .sucuri-alert{
78	+ position: relative;
79	+ }
80	+
81	+ .sucuri-alert > a.close{
82	+ position: absolute;
83	+ top: 8px;
84	+ right: 10px;
85	+ font-size: 18px
86	+ }

inc/tpl/sucuri-wp-integrity-admins-lastlogin.snippet.tpl ADDED Viewed

	@@ -0,0 +1,4 @@


1	+ <tr>
2	+ <td>%%SUCURI.AdminUsers.RemoteAddr%%</td>
3	+ <td>%%SUCURI.AdminUsers.Datetime%%</td>
4	+ </tr>

inc/tpl/sucuri-wp-integrity-admins.html.tpl ADDED Viewed

	@@ -0,0 +1,22 @@


1	+ <div class="postbox">
2	+ <h3>Administrator Users</h3>
3	+ <div class="inside">
4	+ <table class="wp-list-table widefat">
5	+ <thead>
6	+ <tr>
7	+ <th class="manage-column column-cb check-column">
8	+ <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
9	+ <input id="cb-select-all-1" type="checkbox">
10	+ </th>
11	+ <th class="manage-column">Username</th>
12	+ <th class="manage-column">Email</th>
13	+ <th class="manage-column">Last Logins (newest to oldest)</th>
14	+ </tr>
15	+ </thead>
16	+
17	+ <tbody>
18	+ %%SUCURI.AdminUsers.UserList%%
19	+ </tbody>
20	+ </table>
21	+ </div>
22	+ </div>

inc/tpl/sucuri-wp-integrity-admins.snippet.tpl ADDED Viewed

	@@ -0,0 +1,20 @@


1	+ <tr>
2	+ <th class="check-column">
3	+ <input type="checkbox" name="user_ids[]" value="%%SUCURI.AdminUsers.UserId%%" />
4	+ </th>
5	+ <td>%%SUCURI.AdminUsers.Username%%</td>
6	+ <td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
7	+ <td class="adminusers-lastlogin">
8	+ <table>
9	+ <thead>
10	+ <tr>
11	+ <th>IP Address</th>
12	+ <th>Date & Time</th>
13	+ </tr>
14	+ </thead>
15	+ <tbody>
16	+ %%SUCURI.AdminUsers.LastLogins%%
17	+ </tbody>
18	+ </table>
19	+ </td>
20	+ </tr>

inc/tpl/sucuri-wp-notification.html.tpl ADDED Viewed

	@@ -0,0 +1,38 @@


1	+ <!DOCTYPE html>
2	+ <html>
3	+ <head>
4	+ <title>%%SUCURI.TemplateTitle%%</title>
5	+ </head>
6	+ <body>
7	+ <table class="sucuri-template" style="width:90%;font-family:Arial,Helvetica,sans-serif;border-spacing:0">
8	+ <thead sytle="border-bottom:1px solid #ccc">
9	+ <tr style="background-color:#4b4b4b;background-image:-moz-linear-gradient(top, #555555, #3b3b3b);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#555555), to(#3b3b3b));background-image:-webkit-linear-gradient(top, #555555, #3b3b3b);background-image:-o-linear-gradient(top, #555555, #3b3b3b);background-image:linear-gradient(to bottom, #555555, #3b3b3b);background-repeat:repeat-x">
10	+ <td sytle="font-size:20px;font-weight:normal;color:#ffffff;padding:10px;border-right:1px solid #2f2f2f;border-left:1px solid #6f6f6f;-webkit-box-shadow:inset 0 1px 0 #888888;-moz-box-shadow:inset 0 1px 0 #888888;box-shadow:inset 0 1px 0 #888888;text-shadow:1px 1px 2px rgba(0, 0, 0, 0.5)">
11	+ <a href="http://sucuri.net/" style="text-decoration:none;display:inline-block;margin:8px 0 5px 20px">
12	+ <img src="http://sucuri.net/wp-content/themes/sucuri-two/images/main-logo.png" style="border:none" />
13	+ </a>
14	+ <span style="display:inline-block;line-height:46px;margin:0 20px 0 0;float:right;color:#ffffff">%%SUCURI.TemplateTitle%%</span>
15	+ </td>
16	+ </tr>
17	+ </thead>
18	+ <tbody>
19	+ <tr>
20	+ <td style="padding:20px 20px 10px 20px;border:1px solid #ccc;border-top:none">
21	+ <h4 style="margin:0">Information:</h4>
22	+ <p style="margin:0 0 10px 0">
23	+ User: %%SUCURI.User%%<br />
24	+ Alert Time: %%SUCURI.Time%%<br />
25	+ </p>
26	+ <h4 style="text-transform:uppercase;margin:0">Website Information:</h4>
27	+ <p style="margin:0 0 10px 0">
28	+ Site: <a href="%%SUCURI.Website%%">%%SUCURI.Website%%</a><br />
29	+ IP Address: %%SUCURI.RemoteAddress%%<br />
30	+ </p>
31	+ <h4 style="text-transform:uppercase;margin:0">Notification Message:</h4>
32	+ <p style="margin:0 0 10px 0">%%SUCURI.Message%%</p>
33	+ </td>
34	+ </tr>
35	+ </tbody>
36	+ </table>
37	+ </body>
38	+ </html>

inc/tpl/sucuri-wp-notification.txt.tpl ADDED Viewed

	@@ -0,0 +1,12 @@


1	+ Subject: %%SUCURI.Subject%%
2	+
3	+ Login Info:
4	+ Username: %%SUCURI.User%%
5	+ Time: %%SUCURI.Time%%
6	+
7	+ Website Info:
8	+ Site: %%SUCURI.Website%%
9	+ IP Address: %%SUCURI.RemoteAddress%%
10	+
11	+ Notification:
12	+ %%SUCURI.Message%%

lib/core_integrity.php CHANGED Viewed

	@@ -89,8 +89,8 @@ function sucuriwp_core_integrity_check()
89	$wp_version = htmlspecialchars($wp_version);
90
91	if($cp == 0)
92	- {
93	- echo '<p><img style="position:relative;top:5px" height="22" width="22"'.
94	'src="'.SUCURI_URL.'images/warn.png" />   Your current version ('.$wp_version.') is not the latest. <a class="button-primary" href="update-core.php">Update now!</a> to be able to run the integrity check.</p>';
95	}
96	else
	@@ -116,12 +116,12 @@ function sucuriwp_core_integrity_check()
116	foreach ( $compcurrent as $currfile => $currattr) {
117
118	if ( array_key_exists( $currfile, $complog ) ) {
119	-
120	//if attributes differ added to modified files array
121	if ( strcmp( $currattr['md5'], $complog[$currfile]['md5'] ) != 0 ) {
122	$modified[$currfile]['md5'] = $currattr['md5'];
123	}
124	-
125	}
126
127	}
	@@ -162,36 +162,55 @@ function sucuriwp_list_admins($userlevel = '10') {
162	3 = author
163	7 = publisher
164	10 = administrator
165	- */
166	- ~~echo '<div class="postbox">';~~
167	- ~~echo~~ ~~"<h3>Administrator~~ ~~Users</h3>";~~
168	- ~~echo~~ ~~'<div~~ ~~class="inside">';~~















169
170	- $~~admins~~ = ~~$wpdb->get_results~~(~~"SELECT * from $wpdb->usermeta WHERE meta_key = 'wp_user_level' AND meta_value = '$userlevel'");~~
171	- ~~foreach ( (array) $admins as $~~admin ~~) {~~
172	- $admin ~~= get_userdata( $admin~~->~~user_id );~~
173	- ~~$userlevel = $admin->wp2_user_level;~~
174	- ~~$name = $admin->nickname~~;
175	- if ( $~~show_fullname && ($~~admin->~~first_name~~ != ~~'' &&~~ $~~admin->last_name != ''~~) ) {
176	- $~~name~~ = ~~"$admin->first_name~~ ~~$admin->last_name";~~
177	- }
178	- ~~echo "<p>User: $admin~~->~~nickname - Full Name : $name</p>";~~
179	- }
180	- ~~echo '</div>';~~
181	- ~~echo '</div>';~~


182

183	}
184
185	function sucuriwp_content_check()
186	{
187	$wp_content_hashes = read_dir_r( ABSPATH . "wp-content", true);
188	- $~~back_3_days~~ = ~~current_time~~( '~~timestamp~~' ) ~~- (3 * 24 * 3600~~);

189
190	echo '<div class="postbox">';
191	echo "<h3>wp_content latest modified files</h3>";
192	echo '<div class="inside">';
193	foreach ( $wp_content_hashes as $key => $value) {
194	- if ($value['time'] >= $~~back_3_days~~ ){
195	$date = date('d-m-Y H:i:s', $value['time']);
196	echo "<p>$key : $date </p>";
197	}
	@@ -229,6 +248,10 @@ function sucuriwp_check_plugins()
229	echo "<p>All plugins are up-to-date!</p>";
230	}
231	}




232	echo '</div>';
233	echo '</div>';
234	}
	@@ -238,13 +261,13 @@ function sucuriwp_check_themes()
238	do_action("wp_update_themes"); // force WP to check for theme updates
239	wp_update_themes();
240	$update_themes = get_site_transient('update_themes'); // get information of updates
241	-
242	echo '<div class="postbox">';
243	echo "<h3>Outdated Themes</h3>";
244	echo '<div class="inside">';
245	if (!empty($update_themes->response)) { // any theme updates available?
246	$themes_need_update = $update_themes->response; // themes that need updating
247	-
248	if(count($themes_need_update) >= 1) { // any themes need updating after all the filtering gone on above?
249	foreach($themes_need_update as $key => $data) { // loop through the themes that need updating
250	$theme_info = get_theme_data(WP_CONTENT_DIR . "/themes/" . $key . "/style.css"); // get theme info


89	$wp_version = htmlspecialchars($wp_version);
90
91	if($cp == 0)
92	+ {
93	+ echo '<p><img style="position:relative;top:5px" height="22" width="22"'.
94	'src="'.SUCURI_URL.'images/warn.png" />   Your current version ('.$wp_version.') is not the latest. <a class="button-primary" href="update-core.php">Update now!</a> to be able to run the integrity check.</p>';
95	}
96	else

116	foreach ( $compcurrent as $currfile => $currattr) {
117
118	if ( array_key_exists( $currfile, $complog ) ) {
119	+
120	//if attributes differ added to modified files array
121	if ( strcmp( $currattr['md5'], $complog[$currfile]['md5'] ) != 0 ) {
122	$modified[$currfile]['md5'] = $currattr['md5'];
123	}
124	+
125	}
126
127	}

162	3 = author
163	7 = publisher
164	10 = administrator
165	+ */
166	+
167	+ // Page pseudo-variables initialization.
168	+ $template_variables = array(
169	+ 'SucuriURL'=>SUCURI_URL,
170	+ 'AdminUsers.UserList'=>''
171	+ );
172	+
173	+ $wp_user_level = "{$wpdb->prefix}user_level"; // This value is generated through $table_prefix.
174	+ $admins = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE meta_key = '{$wp_user_level}' AND meta_value = '$userlevel'");
175	+ foreach ( (array) $admins as $user ) {
176	+ $admin = get_userdata( $user->user_id );
177	+ $admin->lastlogins = sucuriscan_get_logins(4, $admin->ID);
178	+ $userlevel = $admin->wp2_user_level;
179	+ $name = $admin->nickname;
180	+
181	+ if ( $show_fullname && ($admin->first_name != '' && $admin->last_name != '') ) {
182	+ $name = "$admin->first_name $admin->last_name";
183	+ }
184
185	+ $user_snippet = array(
186	+ 'AdminUsers.Username'=>$admin->user_login,
187	+ 'AdminUsers.Email'=>$admin->user_email,
188	+ 'AdminUsers.LastLogins'=>''
189	+ );
190	+ foreach($admin->lastlogins as $lastlogin){
191	+ $user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('sucuri-wp-integrity-admins-lastlogin.snippet.tpl', array(
192	+ 'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
193	+ 'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
194	+ ));
195	+ }
196	+
197	+ $template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('sucuri-wp-integrity-admins.snippet.tpl', $user_snippet);
198	+ }
199
200	+ echo sucuriscan_get_template('sucuri-wp-integrity-admins.html.tpl', $template_variables);
201	}
202
203	function sucuriwp_content_check()
204	{
205	$wp_content_hashes = read_dir_r( ABSPATH . "wp-content", true);
206	+ $days = htmlspecialchars(trim((int)$_POST['sucuriwp_content_check_back']));
207	+ $back_days = current_time( 'timestamp' ) - ( $days * 86400);
208
209	echo '<div class="postbox">';
210	echo "<h3>wp_content latest modified files</h3>";
211	echo '<div class="inside">';
212	foreach ( $wp_content_hashes as $key => $value) {
213	+ if ($value['time'] >= $back_days ){
214	$date = date('d-m-Y H:i:s', $value['time']);
215	echo "<p>$key : $date </p>";
216	}

248	echo "<p>All plugins are up-to-date!</p>";
249	}
250	}
251	+ else
252	+ {
253	+ echo "<p>All plugins are up-to-date!</p>";
254	+ }
255	echo '</div>';
256	echo '</div>';
257	}

261	do_action("wp_update_themes"); // force WP to check for theme updates
262	wp_update_themes();
263	$update_themes = get_site_transient('update_themes'); // get information of updates
264	+
265	echo '<div class="postbox">';
266	echo "<h3>Outdated Themes</h3>";
267	echo '<div class="inside">';
268	if (!empty($update_themes->response)) { // any theme updates available?
269	$themes_need_update = $update_themes->response; // themes that need updating
270	+
271	if(count($themes_need_update) >= 1) { // any themes need updating after all the filtering gone on above?
272	foreach($themes_need_update as $key => $data) { // loop through the themes that need updating
273	$theme_info = get_theme_data(WP_CONTENT_DIR . "/themes/" . $key . "/style.css"); // get theme info

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3	Donate Link: http://sitecheck.sucuri.net
4	Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5	Requires at least:3.2
6	- Stable tag:1.4
7	Tested up to: 3.6
8
9	The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
	@@ -67,6 +67,11 @@ the compromise on your site).
67
68	== Changelog ==
69





70	= 1.4 =
71	* Added post-hack options (reset all passwords).
72	* Added last-login.


3	Donate Link: http://sitecheck.sucuri.net
4	Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5	Requires at least:3.2
6	+ Stable tag:1.4.1
7	Tested up to: 3.6
8
9	The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.

67
68	== Changelog ==
69
70	+
71	+ = 1.4.1 =
72	+ * Small bug fixes.
73	+ * Adding last IP to the last login page.
74	+
75	= 1.4 =
76	* Added post-hack options (reset all passwords).
77	* Added last-login.

sucuri.php CHANGED Viewed

	@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7	You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9	Author: Sucuri Security
10	- Version: 1.4
11	Author URI: http://sucuri.net
12	*/
13
	@@ -18,7 +18,7 @@ if(!function_exists('add_action'))
18	}
19
20	define('SUCURISCAN','sucuriscan');
21	- define('SUCURISCAN_VERSION','1.4');
22	define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23	define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24	/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
	@@ -27,11 +27,15 @@ define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
27	/* Requires files. */
28	//require_once(dirname(__FILE__ ) . '/inc/scripts.php');
29	add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
30	- function sucuriscan_admin_script_style_registration() {
31	-
32	- ~~echo '~~<~~link~~ ~~rel="stylesheet" href="'.SUCURI_URL.'/inc/css/sucuriscan-default-css.css"~~ type="text/~~css~~" ~~media="all" />';~~
33	-
34	- }




35
36	/* sucuri_dir_filepath:
37	* Returns the system filepath to the relevant user uploads
	@@ -350,14 +354,18 @@ function sucuriscan_send_mail($to='', $subject='', $message='', $data_set=array(
350	if($debug){
351	die($message);
352	}else{
353	- wp_mail($to, "Sucuri WP Notification: {$wp_domain}: {$subject}" , $message, $headers);
354	}
355	}
356
357	function sucuriscan_admin_notice($type='updated', $message='')
358	{

359	if( !empty($message) ): ?>
360	- <div ~~class~~="<?php echo $~~type~~; ?>"~~><p><?~~php ~~_e(~~$~~message)~~; ~~?></p></div~~>



361	<?php endif;
362	}
363
	@@ -538,7 +546,7 @@ function sucuriscan_posthack_page()
538
539	foreach($user_identifiers as $user_id){
540	if( sucuriscan_new_password($user_id) ){
541	- $~~passwords_changed~~[] = $user_id;
542	}else{
543	$pwd_not_changed[] = $user_id;
544	}
	@@ -613,7 +621,8 @@ function sucuriscan_set_flashdata($key='', $value='')
613	/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
614	$session_name = "wp-sucuri_{$key}";
615	$expire = time() + 60*5;
616	- ~~setcookie(~~$~~session_name,~~ $value~~, $expire, SITECOOKIEPATH.'wp-admin'~~);

617	}
618
619	function sucuriscan_get_flashdata()
	@@ -621,13 +630,34 @@ function sucuriscan_get_flashdata()
621	/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
622	foreach($_COOKIE as $key=>$value){
623	if( preg_match('/^(wp\-sucuri_.*)$/', $key) ){

624	sucuriscan_admin_notice('updated', $value);
625	- setcookie($key, NULL, time()-3600);
626	}
627	}
628	}
629	add_action('admin_init', 'sucuriscan_get_flashdata');
630




















631	function sucuriscan_lastlogins_table_exists()
632	{
633	global $wpdb;
	@@ -657,13 +687,21 @@ function sucuriscan_set_lastlogin($user_login='')
657	if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
658	$table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
659	$current_user = get_user_by('login', $user_login);








660
661	- sucuriscan_set_flashdata('lastlogin', ~~'Last user login at '.date('Y/M/d H:i:s'~~)~~.' from '.$_SERVER['REMOTE_ADDR'])~~;
662
663	$wpdb->insert($table_name, array(
664	'user_id'=>$current_user->ID,
665	'user_login'=>$current_user->user_login,
666	- 'user_remoteaddr'~~=>isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'127.0.0.1'~~,
667	'user_lastlogin'=>current_time('mysql')
668	));
669	}


7	You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9	Author: Sucuri Security
10	+ Version: 1.4.1
11	Author URI: http://sucuri.net
12	*/
13

18	}
19
20	define('SUCURISCAN','sucuriscan');
21	+ define('SUCURISCAN_VERSION','1.4.1');
22	define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23	define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24	/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */

27	/* Requires files. */
28	//require_once(dirname(__FILE__ ) . '/inc/scripts.php');
29	add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
30	+ function sucuriscan_admin_script_style_registration() { ?>
31	+ <link rel="stylesheet" href="<?php echo SUCURI_URL; ?>/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />
32	+ <script type="text/javascript">
33	+ function sucuri_alert_close(id){
34	+ var element = document.getElementById('sucuri-alert-'+id);
35	+ element.parentNode.removeChild(element);
36	+ }
37	+ </script>
38	+ <?php }
39
40	/* sucuri_dir_filepath:
41	* Returns the system filepath to the relevant user uploads

354	if($debug){
355	die($message);
356	}else{
357	+ wp_mail($to, "Sucuri WP Notification: {$wp_domain} - {$subject}" , $message, $headers);
358	}
359	}
360
361	function sucuriscan_admin_notice($type='updated', $message='')
362	{
363	+ $alert_id = rand(100, 999);
364	if( !empty($message) ): ?>
365	+ <div id="sucuri-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuri-alert">
366	+ <a href="javascript:void(0)" class="close" onclick="sucuri_alert_close('<?php echo $alert_id; ?>')">×</a>
367	+ <p><?php _e($message); ?></p>
368	+ </div>
369	<?php endif;
370	}
371

546
547	foreach($user_identifiers as $user_id){
548	if( sucuriscan_new_password($user_id) ){
549	+ $pwd_changed[] = $user_id;
550	}else{
551	$pwd_not_changed[] = $user_id;
552	}

621	/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
622	$session_name = "wp-sucuri_{$key}";
623	$expire = time() + 60*5;
624	+ $value = base64_encode($value);
625	+ @setcookie($session_name, $value, $expire, SITECOOKIEPATH.'wp-admin');
626	}
627
628	function sucuriscan_get_flashdata()

630	/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
631	foreach($_COOKIE as $key=>$value){
632	if( preg_match('/^(wp\-sucuri_.*)$/', $key) ){
633	+ $value = base64_decode($value);
634	sucuriscan_admin_notice('updated', $value);
635	+ @setcookie($key, NULL, time()-3600); // Take care with "Cannot modify header" error.
636	}
637	}
638	}
639	add_action('admin_init', 'sucuriscan_get_flashdata');
640
641	+ function sucuriscan_get_remoteaddr()
642	+ {
643	+ $alternatives = array(
644	+ 'HTTP_CLIENT_IP',
645	+ 'HTTP_X_FORWARDED_FOR',
646	+ 'HTTP_X_FORWARDED',
647	+ 'HTTP_FORWARDED_FOR',
648	+ 'HTTP_FORWARDED',
649	+ 'REMOTE_ADDR'
650	+ );
651	+ foreach($alternatives as $alternative){
652	+ if( !isset($_SERVER[$alternative]) ){ continue; }
653	+
654	+ $remote_addr = preg_replace('/[^0-9., ]/', '', $_SERVER[$alternative]);
655	+ if($remote_addr) break;
656	+ }
657	+
658	+ return $remote_addr;
659	+ }
660	+
661	function sucuriscan_lastlogins_table_exists()
662	{
663	global $wpdb;

687	if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
688	$table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
689	$current_user = get_user_by('login', $user_login);
690	+ $remote_addr = sucuriscan_get_remoteaddr();
691	+
692	+ $lastlogin_message = 'Last user login at <strong>'.date('Y/M/d H:i:s').'</strong>';
693	+ $lastlogin_message .= chr(32).'from <strong>'.$remote_addr.' - '.gethostbyaddr($remote_addr).'</strong>';
694	+ if( isset($_SERVER['GEOIP_REGION']) && isset($_SERVER['GEOIP_CITY']) ){
695	+ $lastlogin_message .= chr(32)."{$_SERVER['GEOIP_CITY']}/{$_SERVER['GEOIP_REGION']}";
696	+ }
697	+ $lastlogin_message .= chr(32).'(<a href="'.site_url('wp-admin/admin.php?page=sucuriscan_lastlogins').'">View Last-Logins</a>)';
698
699	+ sucuriscan_set_flashdata('lastlogin', $lastlogin_message);
700
701	$wpdb->insert($table_name, array(
702	'user_id'=>$current_user->ID,
703	'user_login'=>$current_user->user_login,
704	+ 'user_remoteaddr'=>$remote_addr,
705	'user_lastlogin'=>current_time('mysql')
706	));
707	}

sucuriscan_core_integrity.php CHANGED Viewed

@@ -31,6 +31,33 @@ function sucuriscan_core_integrity_function_wrapper($function_name, $description
+                }
+            }
             function sucuriscan_core_integrity_lib()
+            {
                     echo '<h2 id="warnings_hook"></h2>';
@@ -63,14 +90,13 @@ function sucuriscan_core_integrity_lib()
                                 'sucuriwp_core_integrity_check',
                                 'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
                                 );
                             sucuriscan_core_integrity_function_wrapper(
                                 'sucuriwp_list_admins',
                                 'List all administrator users and their latest login time.'
                                 );
-            -
                            sucuriscan_core_integrity_function_wrapper(
-            -
                                'sucuriwp_content_check',
-            -
                                'This test will list all files inside wp-content that have been modified in the past 3 days.'
-            -
                                );
                             sucuriscan_core_integrity_function_wrapper(
                                 'sucuriwp_check_plugins',
                                 'This test will list any outdated (active) plugins.'


31	}
32	}
33
34	+ function sucuriscan_core_integrity_wp_content_wrapper()
35	+ {
36	+ echo '<div class="postbox">';
37	+ echo '<div class="inside">';
38	+ echo '<form action="" method="post">'.
39	+ '<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
40	+ '<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
41	+
42	+ '<p>This test will list all files inside wp-content that have been modified in the past
43	+
44	+ <select name="sucuriwp_content_check_back">
45	+ <option value="1">1</option>
46	+ <option value="3">3</option>
47	+ <option value="7">7</option>
48	+ <option value="30">30</option>
49	+ </select> days. (select the number of days first)</p>'.
50	+
51	+ '<input class="button-primary" type="submit" name="sucuriwp_content_check" value="Check">'.
52	+ '</form>';
53	+ echo '</div>';
54	+ echo '</div>';
55	+
56	+ if (isset($_POST['sucuriwp_content_checknonce']) && isset($_POST['sucuriwp_content_check'])) {
57	+ sucuriwp_content_check();
58	+ }
59	+ }
60	+
61	function sucuriscan_core_integrity_lib()
62	{
63	echo '<h2 id="warnings_hook"></h2>';

90	'sucuriwp_core_integrity_check',
91	'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
92	);
93	+
94	+ sucuriscan_core_integrity_wp_content_wrapper();
95	+
96	sucuriscan_core_integrity_function_wrapper(
97	'sucuriwp_list_admins',
98	'List all administrator users and their latest login time.'
99	);




100	sucuriscan_core_integrity_function_wrapper(
101	'sucuriwp_check_plugins',
102	'This test will list any outdated (active) plugins.'

sucuriscan_hardening.php CHANGED Viewed

	@@ -53,7 +53,7 @@ function sucuriscan_hardening_lib()
53	echo '</form>'
54	?>
55
56	- <p align="center"><strong>If you have any questions about these checks or this plugin, contact us at ~~support~~@sucuri.net or visit <a href="http://sucuri.net">Sucuri Security</a></strong></p>
57
58	</div>
59


53	echo '</form>'
54	?>
55
56	+ <p align="center"><strong>If you have any questions about these checks or this plugin, contact us at <a href="mailto:info@sucuri.net">info@sucuri.net</a> or visit <a href="http://sucuri.net">Sucuri Security</a></strong></p>
57
58	</div>
59

Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.4.1

Version Description

Release Info

Code changes from version 1.4 to 1.4.1