Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.4.1

Version Description

  • Small bug fixes.
  • Adding last IP to the last login page.
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.4.1
Comparing to
See all releases

Code changes from version 1.4 to 1.4.1

inc/css/sucuriscan-default-css.css CHANGED
@@ -58,6 +58,29 @@
58
border-color:#999;
59
}
60
61
.sucuriscan-maincontent a.lastlogins-showall{
62
margin: 10px auto 0 auto;
63
}
58
border-color:#999;
59
}
60
61
+ .sucuriscan-maincontent .widefat tbody th.check-column{
62
+ padding: 6px 0 3px 0
63
+ }
64
+
65
.sucuriscan-maincontent a.lastlogins-showall{
66
margin: 10px auto 0 auto;
67
}
68
+
69
+ .sucuriscan-maincontent .adminusers-lastlogin{
70
+ padding: 0
71
+ }
72
+
73
+ .sucuriscan-maincontent .adminusers-lastlogin>table{
74
+ width: 100%
75
+ }
76
+
77
+ .sucuri-alert{
78
+ position: relative;
79
+ }
80
+
81
+ .sucuri-alert > a.close{
82
+ position: absolute;
83
+ top: 8px;
84
+ right: 10px;
85
+ font-size: 18px
86
+ }
inc/tpl/sucuri-wp-integrity-admins-lastlogin.snippet.tpl ADDED
@@ -0,0 +1,4 @@
1
+ <tr>
2
+ <td>%%SUCURI.AdminUsers.RemoteAddr%%</td>
3
+ <td>%%SUCURI.AdminUsers.Datetime%%</td>
4
+ </tr>
inc/tpl/sucuri-wp-integrity-admins.html.tpl ADDED
@@ -0,0 +1,22 @@
1
+ <div class="postbox">
2
+ <h3>Administrator Users</h3>
3
+ <div class="inside">
4
+ <table class="wp-list-table widefat">
5
+ <thead>
6
+ <tr>
7
+ <th class="manage-column column-cb check-column">
8
+ <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
9
+ <input id="cb-select-all-1" type="checkbox">
10
+ </th>
11
+ <th class="manage-column">Username</th>
12
+ <th class="manage-column">Email</th>
13
+ <th class="manage-column">Last Logins (newest to oldest)</th>
14
+ </tr>
15
+ </thead>
16
+
17
+ <tbody>
18
+ %%SUCURI.AdminUsers.UserList%%
19
+ </tbody>
20
+ </table>
21
+ </div>
22
+ </div>
inc/tpl/sucuri-wp-integrity-admins.snippet.tpl ADDED
@@ -0,0 +1,20 @@
1
+ <tr>
2
+ <th class="check-column">
3
+ <input type="checkbox" name="user_ids[]" value="%%SUCURI.AdminUsers.UserId%%" />
4
+ </th>
5
+ <td>%%SUCURI.AdminUsers.Username%%</td>
6
+ <td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
7
+ <td class="adminusers-lastlogin">
8
+ <table>
9
+ <thead>
10
+ <tr>
11
+ <th>IP Address</th>
12
+ <th>Date & Time</th>
13
+ </tr>
14
+ </thead>
15
+ <tbody>
16
+ %%SUCURI.AdminUsers.LastLogins%%
17
+ </tbody>
18
+ </table>
19
+ </td>
20
+ </tr>
inc/tpl/sucuri-wp-notification.html.tpl ADDED
@@ -0,0 +1,38 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>%%SUCURI.TemplateTitle%%</title>
5
+ </head>
6
+ <body>
7
+ <table class="sucuri-template" style="width:90%;font-family:Arial,Helvetica,sans-serif;border-spacing:0">
8
+ <thead sytle="border-bottom:1px solid #ccc">
9
+ <tr style="background-color:#4b4b4b;background-image:-moz-linear-gradient(top, #555555, #3b3b3b);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#555555), to(#3b3b3b));background-image:-webkit-linear-gradient(top, #555555, #3b3b3b);background-image:-o-linear-gradient(top, #555555, #3b3b3b);background-image:linear-gradient(to bottom, #555555, #3b3b3b);background-repeat:repeat-x">
10
+ <td sytle="font-size:20px;font-weight:normal;color:#ffffff;padding:10px;border-right:1px solid #2f2f2f;border-left:1px solid #6f6f6f;-webkit-box-shadow:inset 0 1px 0 #888888;-moz-box-shadow:inset 0 1px 0 #888888;box-shadow:inset 0 1px 0 #888888;text-shadow:1px 1px 2px rgba(0, 0, 0, 0.5)">
11
+ <a href="http://sucuri.net/" style="text-decoration:none;display:inline-block;margin:8px 0 5px 20px">
12
+ <img src="http://sucuri.net/wp-content/themes/sucuri-two/images/main-logo.png" style="border:none" />
13
+ </a>
14
+ <span style="display:inline-block;line-height:46px;margin:0 20px 0 0;float:right;color:#ffffff">%%SUCURI.TemplateTitle%%</span>
15
+ </td>
16
+ </tr>
17
+ </thead>
18
+ <tbody>
19
+ <tr>
20
+ <td style="padding:20px 20px 10px 20px;border:1px solid #ccc;border-top:none">
21
+ <h4 style="margin:0">Information:</h4>
22
+ <p style="margin:0 0 10px 0">
23
+ User: %%SUCURI.User%%<br />
24
+ Alert Time: %%SUCURI.Time%%<br />
25
+ </p>
26
+ <h4 style="text-transform:uppercase;margin:0">Website Information:</h4>
27
+ <p style="margin:0 0 10px 0">
28
+ Site: <a href="%%SUCURI.Website%%">%%SUCURI.Website%%</a><br />
29
+ IP Address: %%SUCURI.RemoteAddress%%<br />
30
+ </p>
31
+ <h4 style="text-transform:uppercase;margin:0">Notification Message:</h4>
32
+ <p style="margin:0 0 10px 0">%%SUCURI.Message%%</p>
33
+ </td>
34
+ </tr>
35
+ </tbody>
36
+ </table>
37
+ </body>
38
+ </html>
inc/tpl/sucuri-wp-notification.txt.tpl ADDED
@@ -0,0 +1,12 @@
1
+ Subject: %%SUCURI.Subject%%
2
+
3
+ Login Info:
4
+ Username: %%SUCURI.User%%
5
+ Time: %%SUCURI.Time%%
6
+
7
+ Website Info:
8
+ Site: %%SUCURI.Website%%
9
+ IP Address: %%SUCURI.RemoteAddress%%
10
+
11
+ Notification:
12
+ %%SUCURI.Message%%
lib/core_integrity.php CHANGED
@@ -89,8 +89,8 @@ function sucuriwp_core_integrity_check()
89
$wp_version = htmlspecialchars($wp_version);
90
91
if($cp == 0)
92
- {
93
- echo '<p><img style="position:relative;top:5px" height="22" width="22"'.
94
'src="'.SUCURI_URL.'images/warn.png" /> &nbsp; Your current version ('.$wp_version.') is not the latest. <a class="button-primary" href="update-core.php">Update now!</a> to be able to run the integrity check.</p>';
95
}
96
else
@@ -116,12 +116,12 @@ function sucuriwp_core_integrity_check()
116
foreach ( $compcurrent as $currfile => $currattr) {
117
118
if ( array_key_exists( $currfile, $complog ) ) {
119
-
120
//if attributes differ added to modified files array
121
if ( strcmp( $currattr['md5'], $complog[$currfile]['md5'] ) != 0 ) {
122
$modified[$currfile]['md5'] = $currattr['md5'];
123
}
124
-
125
}
126
127
}
@@ -162,36 +162,55 @@ function sucuriwp_list_admins($userlevel = '10') {
162
3 = author
163
7 = publisher
164
10 = administrator
165
- */
166
- echo '<div class="postbox">';
167
- echo "<h3>Administrator Users</h3>";
168
- echo '<div class="inside">';
169
170
- $admins = $wpdb->get_results("SELECT * from $wpdb->usermeta WHERE meta_key = 'wp_user_level' AND meta_value = '$userlevel'");
171
- foreach ( (array) $admins as $admin ) {
172
- $admin = get_userdata( $admin->user_id );
173
- $userlevel = $admin->wp2_user_level;
174
- $name = $admin->nickname;
175
- if ( $show_fullname && ($admin->first_name != '' && $admin->last_name != '') ) {
176
- $name = "$admin->first_name $admin->last_name";
177
- }
178
- echo "<p>User: $admin->nickname - Full Name : $name</p>";
179
- }
180
- echo '</div>';
181
- echo '</div>';
182
183
}
184
185
function sucuriwp_content_check()
186
{
187
$wp_content_hashes = read_dir_r( ABSPATH . "wp-content", true);
188
- $back_3_days = current_time( 'timestamp' ) - (3 * 24 * 3600);
189
190
echo '<div class="postbox">';
191
echo "<h3>wp_content latest modified files</h3>";
192
echo '<div class="inside">';
193
foreach ( $wp_content_hashes as $key => $value) {
194
- if ($value['time'] >= $back_3_days ){
195
$date = date('d-m-Y H:i:s', $value['time']);
196
echo "<p>$key : $date </p>";
197
}
@@ -229,6 +248,10 @@ function sucuriwp_check_plugins()
229
echo "<p>All plugins are up-to-date!</p>";
230
}
231
}
232
echo '</div>';
233
echo '</div>';
234
}
@@ -238,13 +261,13 @@ function sucuriwp_check_themes()
238
do_action("wp_update_themes"); // force WP to check for theme updates
239
wp_update_themes();
240
$update_themes = get_site_transient('update_themes'); // get information of updates
241
-
242
echo '<div class="postbox">';
243
echo "<h3>Outdated Themes</h3>";
244
echo '<div class="inside">';
245
if (!empty($update_themes->response)) { // any theme updates available?
246
$themes_need_update = $update_themes->response; // themes that need updating
247
-
248
if(count($themes_need_update) >= 1) { // any themes need updating after all the filtering gone on above?
249
foreach($themes_need_update as $key => $data) { // loop through the themes that need updating
250
$theme_info = get_theme_data(WP_CONTENT_DIR . "/themes/" . $key . "/style.css"); // get theme info
89
$wp_version = htmlspecialchars($wp_version);
90
91
if($cp == 0)
92
+ {
93
+ echo '<p><img style="position:relative;top:5px" height="22" width="22"'.
94
'src="'.SUCURI_URL.'images/warn.png" /> &nbsp; Your current version ('.$wp_version.') is not the latest. <a class="button-primary" href="update-core.php">Update now!</a> to be able to run the integrity check.</p>';
95
}
96
else
116
foreach ( $compcurrent as $currfile => $currattr) {
117
118
if ( array_key_exists( $currfile, $complog ) ) {
119
+
120
//if attributes differ added to modified files array
121
if ( strcmp( $currattr['md5'], $complog[$currfile]['md5'] ) != 0 ) {
122
$modified[$currfile]['md5'] = $currattr['md5'];
123
}
124
+
125
}
126
127
}
162
3 = author
163
7 = publisher
164
10 = administrator
165
+ */
166
+
167
+ // Page pseudo-variables initialization.
168
+ $template_variables = array(
169
+ 'SucuriURL'=>SUCURI_URL,
170
+ 'AdminUsers.UserList'=>''
171
+ );
172
+
173
+ $wp_user_level = "{$wpdb->prefix}user_level"; // This value is generated through $table_prefix.
174
+ $admins = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE meta_key = '{$wp_user_level}' AND meta_value = '$userlevel'");
175
+ foreach ( (array) $admins as $user ) {
176
+ $admin = get_userdata( $user->user_id );
177
+ $admin->lastlogins = sucuriscan_get_logins(4, $admin->ID);
178
+ $userlevel = $admin->wp2_user_level;
179
+ $name = $admin->nickname;
180
+
181
+ if ( $show_fullname && ($admin->first_name != '' && $admin->last_name != '') ) {
182
+ $name = "$admin->first_name $admin->last_name";
183
+ }
184
185
+ $user_snippet = array(
186
+ 'AdminUsers.Username'=>$admin->user_login,
187
+ 'AdminUsers.Email'=>$admin->user_email,
188
+ 'AdminUsers.LastLogins'=>''
189
+ );
190
+ foreach($admin->lastlogins as $lastlogin){
191
+ $user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('sucuri-wp-integrity-admins-lastlogin.snippet.tpl', array(
192
+ 'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
193
+ 'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
194
+ ));
195
+ }
196
+
197
+ $template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('sucuri-wp-integrity-admins.snippet.tpl', $user_snippet);
198
+ }
199
200
+ echo sucuriscan_get_template('sucuri-wp-integrity-admins.html.tpl', $template_variables);
201
}
202
203
function sucuriwp_content_check()
204
{
205
$wp_content_hashes = read_dir_r( ABSPATH . "wp-content", true);
206
+ $days = htmlspecialchars(trim((int)$_POST['sucuriwp_content_check_back']));
207
+ $back_days = current_time( 'timestamp' ) - ( $days * 86400);
208
209
echo '<div class="postbox">';
210
echo "<h3>wp_content latest modified files</h3>";
211
echo '<div class="inside">';
212
foreach ( $wp_content_hashes as $key => $value) {
213
+ if ($value['time'] >= $back_days ){
214
$date = date('d-m-Y H:i:s', $value['time']);
215
echo "<p>$key : $date </p>";
216
}
248
echo "<p>All plugins are up-to-date!</p>";
249
}
250
}
251
+ else
252
+ {
253
+ echo "<p>All plugins are up-to-date!</p>";
254
+ }
255
echo '</div>';
256
echo '</div>';
257
}
261
do_action("wp_update_themes"); // force WP to check for theme updates
262
wp_update_themes();
263
$update_themes = get_site_transient('update_themes'); // get information of updates
264
+
265
echo '<div class="postbox">';
266
echo "<h3>Outdated Themes</h3>";
267
echo '<div class="inside">';
268
if (!empty($update_themes->response)) { // any theme updates available?
269
$themes_need_update = $update_themes->response; // themes that need updating
270
+
271
if(count($themes_need_update) >= 1) { // any themes need updating after all the filtering gone on above?
272
foreach($themes_need_update as $key => $data) { // loop through the themes that need updating
273
$theme_info = get_theme_data(WP_CONTENT_DIR . "/themes/" . $key . "/style.css"); // get theme info
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
- Stable tag:1.4
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
@@ -67,6 +67,11 @@ the compromise on your site).
67
68
== Changelog ==
69
70
= 1.4 =
71
* Added post-hack options (reset all passwords).
72
* Added last-login.
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
+ Stable tag:1.4.1
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
67
68
== Changelog ==
69
70
+
71
+ = 1.4.1 =
72
+ * Small bug fixes.
73
+ * Adding last IP to the last login page.
74
+
75
= 1.4 =
76
* Added post-hack options (reset all passwords).
77
* Added last-login.
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
- Version: 1.4
11
Author URI: http://sucuri.net
12
*/
13
@@ -18,7 +18,7 @@ if(!function_exists('add_action'))
18
}
19
20
define('SUCURISCAN','sucuriscan');
21
- define('SUCURISCAN_VERSION','1.4');
22
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
@@ -27,11 +27,15 @@ define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
27
/* Requires files. */
28
//require_once(dirname(__FILE__ ) . '/inc/scripts.php');
29
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
30
- function sucuriscan_admin_script_style_registration() {
31
-
32
- echo '<link rel="stylesheet" href="'.SUCURI_URL.'/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />';
33
-
34
- }
35
36
/* sucuri_dir_filepath:
37
* Returns the system filepath to the relevant user uploads
@@ -350,14 +354,18 @@ function sucuriscan_send_mail($to='', $subject='', $message='', $data_set=array(
350
if($debug){
351
die($message);
352
}else{
353
- wp_mail($to, "Sucuri WP Notification: {$wp_domain}: {$subject}" , $message, $headers);
354
}
355
}
356
357
function sucuriscan_admin_notice($type='updated', $message='')
358
{
359
if( !empty($message) ): ?>
360
- <div class="<?php echo $type; ?>"><p><?php _e($message); ?></p></div>
361
<?php endif;
362
}
363
@@ -538,7 +546,7 @@ function sucuriscan_posthack_page()
538
539
foreach($user_identifiers as $user_id){
540
if( sucuriscan_new_password($user_id) ){
541
- $passwords_changed[] = $user_id;
542
}else{
543
$pwd_not_changed[] = $user_id;
544
}
@@ -613,7 +621,8 @@ function sucuriscan_set_flashdata($key='', $value='')
613
/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
614
$session_name = "wp-sucuri_{$key}";
615
$expire = time() + 60*5;
616
- setcookie($session_name, $value, $expire, SITECOOKIEPATH.'wp-admin');
617
}
618
619
function sucuriscan_get_flashdata()
@@ -621,13 +630,34 @@ function sucuriscan_get_flashdata()
621
/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
622
foreach($_COOKIE as $key=>$value){
623
if( preg_match('/^(wp\-sucuri_.*)#x2F;', $key) ){
624
sucuriscan_admin_notice('updated', $value);
625
- setcookie($key, NULL, time()-3600);
626
}
627
}
628
}
629
add_action('admin_init', 'sucuriscan_get_flashdata');
630
631
function sucuriscan_lastlogins_table_exists()
632
{
633
global $wpdb;
@@ -657,13 +687,21 @@ function sucuriscan_set_lastlogin($user_login='')
657
if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
658
$table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
659
$current_user = get_user_by('login', $user_login);
660
661
- sucuriscan_set_flashdata('lastlogin', 'Last user login at '.date('Y/M/d H:i:s').' from '.$_SERVER['REMOTE_ADDR']);
662
663
$wpdb->insert($table_name, array(
664
'user_id'=>$current_user->ID,
665
'user_login'=>$current_user->user_login,
666
- 'user_remoteaddr'=>isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'127.0.0.1',
667
'user_lastlogin'=>current_time('mysql')
668
));
669
}
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
+ Version: 1.4.1
11
Author URI: http://sucuri.net
12
*/
13
18
}
19
20
define('SUCURISCAN','sucuriscan');
21
+ define('SUCURISCAN_VERSION','1.4.1');
22
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
27
/* Requires files. */
28
//require_once(dirname(__FILE__ ) . '/inc/scripts.php');
29
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
30
+ function sucuriscan_admin_script_style_registration() { ?>
31
+ <link rel="stylesheet" href="<?php echo SUCURI_URL; ?>/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />
32
+ <script type="text/javascript">
33
+ function sucuri_alert_close(id){
34
+ var element = document.getElementById('sucuri-alert-'+id);
35
+ element.parentNode.removeChild(element);
36
+ }
37
+ </script>
38
+ <?php }
39
40
/* sucuri_dir_filepath:
41
* Returns the system filepath to the relevant user uploads
354
if($debug){
355
die($message);
356
}else{
357
+ wp_mail($to, "Sucuri WP Notification: {$wp_domain} - {$subject}" , $message, $headers);
358
}
359
}
360
361
function sucuriscan_admin_notice($type='updated', $message='')
362
{
363
+ $alert_id = rand(100, 999);
364
if( !empty($message) ): ?>
365
+ <div id="sucuri-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuri-alert">
366
+ <a href="javascript:void(0)" class="close" onclick="sucuri_alert_close('<?php echo $alert_id; ?>')">&times;</a>
367
+ <p><?php _e($message); ?></p>
368
+ </div>
369
<?php endif;
370
}
371
546
547
foreach($user_identifiers as $user_id){
548
if( sucuriscan_new_password($user_id) ){
549
+ $pwd_changed[] = $user_id;
550
}else{
551
$pwd_not_changed[] = $user_id;
552
}
621
/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
622
$session_name = "wp-sucuri_{$key}";
623
$expire = time() + 60*5;
624
+ $value = base64_encode($value);
625
+ @setcookie($session_name, $value, $expire, SITECOOKIEPATH.'wp-admin');
626
}
627
628
function sucuriscan_get_flashdata()
630
/* Use wp-sucuri_ to give compatibility between Sucuri Free/Paid Plugin */
631
foreach($_COOKIE as $key=>$value){
632
if( preg_match('/^(wp\-sucuri_.*)#x2F;', $key) ){
633
+ $value = base64_decode($value);
634
sucuriscan_admin_notice('updated', $value);
635
+ @setcookie($key, NULL, time()-3600); // Take care with "Cannot modify header" error.
636
}
637
}
638
}
639
add_action('admin_init', 'sucuriscan_get_flashdata');
640
641
+ function sucuriscan_get_remoteaddr()
642
+ {
643
+ $alternatives = array(
644
+ 'HTTP_CLIENT_IP',
645
+ 'HTTP_X_FORWARDED_FOR',
646
+ 'HTTP_X_FORWARDED',
647
+ 'HTTP_FORWARDED_FOR',
648
+ 'HTTP_FORWARDED',
649
+ 'REMOTE_ADDR'
650
+ );
651
+ foreach($alternatives as $alternative){
652
+ if( !isset($_SERVER[$alternative]) ){ continue; }
653
+
654
+ $remote_addr = preg_replace('/[^0-9., ]/', '', $_SERVER[$alternative]);
655
+ if($remote_addr) break;
656
+ }
657
+
658
+ return $remote_addr;
659
+ }
660
+
661
function sucuriscan_lastlogins_table_exists()
662
{
663
global $wpdb;
687
if( defined('SUCURISCAN_LASTLOGINS_TABLENAME') ){
688
$table_name = SUCURISCAN_LASTLOGINS_TABLENAME;
689
$current_user = get_user_by('login', $user_login);
690
+ $remote_addr = sucuriscan_get_remoteaddr();
691
+
692
+ $lastlogin_message = 'Last user login at <strong>'.date('Y/M/d H:i:s').'</strong>';
693
+ $lastlogin_message .= chr(32).'from <strong>'.$remote_addr.' - '.gethostbyaddr($remote_addr).'</strong>';
694
+ if( isset($_SERVER['GEOIP_REGION']) && isset($_SERVER['GEOIP_CITY']) ){
695
+ $lastlogin_message .= chr(32)."{$_SERVER['GEOIP_CITY']}/{$_SERVER['GEOIP_REGION']}";
696
+ }
697
+ $lastlogin_message .= chr(32).'(<a href="'.site_url('wp-admin/admin.php?page=sucuriscan_lastlogins').'">View Last-Logins</a>)';
698
699
+ sucuriscan_set_flashdata('lastlogin', $lastlogin_message);
700
701
$wpdb->insert($table_name, array(
702
'user_id'=>$current_user->ID,
703
'user_login'=>$current_user->user_login,
704
+ 'user_remoteaddr'=>$remote_addr,
705
'user_lastlogin'=>current_time('mysql')
706
));
707
}
sucuriscan_core_integrity.php CHANGED
@@ -31,6 +31,33 @@ function sucuriscan_core_integrity_function_wrapper($function_name, $description
31
}
32
}
33
34
function sucuriscan_core_integrity_lib()
35
{
36
echo '<h2 id="warnings_hook"></h2>';
@@ -63,14 +90,13 @@ function sucuriscan_core_integrity_lib()
63
'sucuriwp_core_integrity_check',
64
'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
65
);
66
sucuriscan_core_integrity_function_wrapper(
67
'sucuriwp_list_admins',
68
'List all administrator users and their latest login time.'
69
);
70
- sucuriscan_core_integrity_function_wrapper(
71
- 'sucuriwp_content_check',
72
- 'This test will list all files inside wp-content that have been modified in the past 3 days.'
73
- );
74
sucuriscan_core_integrity_function_wrapper(
75
'sucuriwp_check_plugins',
76
'This test will list any outdated (active) plugins.'
31
}
32
}
33
34
+ function sucuriscan_core_integrity_wp_content_wrapper()
35
+ {
36
+ echo '<div class="postbox">';
37
+ echo '<div class="inside">';
38
+ echo '<form action="" method="post">'.
39
+ '<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
40
+ '<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
41
+
42
+ '<p>This test will list all files inside wp-content that have been modified in the past
43
+
44
+ <select name="sucuriwp_content_check_back">
45
+ <option value="1">1</option>
46
+ <option value="3">3</option>
47
+ <option value="7">7</option>
48
+ <option value="30">30</option>
49
+ </select> days. (select the number of days first)</p>'.
50
+
51
+ '<input class="button-primary" type="submit" name="sucuriwp_content_check" value="Check">'.
52
+ '</form>';
53
+ echo '</div>';
54
+ echo '</div>';
55
+
56
+ if (isset($_POST['sucuriwp_content_checknonce']) && isset($_POST['sucuriwp_content_check'])) {
57
+ sucuriwp_content_check();
58
+ }
59
+ }
60
+
61
function sucuriscan_core_integrity_lib()
62
{
63
echo '<h2 id="warnings_hook"></h2>';
90
'sucuriwp_core_integrity_check',
91
'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
92
);
93
+
94
+ sucuriscan_core_integrity_wp_content_wrapper();
95
+
96
sucuriscan_core_integrity_function_wrapper(
97
'sucuriwp_list_admins',
98
'List all administrator users and their latest login time.'
99
);
100
sucuriscan_core_integrity_function_wrapper(
101
'sucuriwp_check_plugins',
102
'This test will list any outdated (active) plugins.'
sucuriscan_hardening.php CHANGED
@@ -53,7 +53,7 @@ function sucuriscan_hardening_lib()
53
echo '</form>'
54
?>
55
56
- <p align="center"><strong>If you have any questions about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">Sucuri Security</a></strong></p>
57
58
</div>
59
53
echo '</form>'
54
?>
55
56
+ <p align="center"><strong>If you have any questions about these checks or this plugin, contact us at <a href="mailto:info@sucuri.net">info@sucuri.net</a> or visit <a href="http://sucuri.net">Sucuri Security</a></strong></p>
57
58
</div>
59