Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.4.4

Version Description

  • Small bug fixes + forcing a re-scan on every scan attempt (not using the cache anymore).
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.4.4
Comparing to
See all releases

Code changes from version 1.4.3 to 1.4.4

Files changed (11) hide show
  1. inc/css/sucuriscan-default-css.css +6 -1
  2. inc/scripts.php +0 -80
  3. inc/tpl/sucuri-wp-integrity-admins.html.tpl +0 -4
  4. inc/tpl/sucuri-wp-integrity-admins.snippet.tpl +0 -3
  5. inc/tpl/sucuri-wp-lastlogins.html.tpl +1 -5
  6. inc/tpl/sucuri-wp-lastlogins.snippet.tpl +0 -3
  7. inc/tpl/sucuri-wp-posthack.html.tpl +2 -2
  8. lib/core_integrity.php +2 -3
  9. lib/sidebar.php +4 -4
  10. readme.txt +4 -1
  11. sucuri.php +12 -11
inc/css/sucuriscan-default-css.css CHANGED
@@ -78,9 +78,14 @@
78
  position: relative;
79
  }
80
 
 
 
 
 
 
81
  .sucuri-alert > a.close{
82
  position: absolute;
83
  top: 8px;
84
  right: 10px;
85
- font-size: 18px
86
  }
78
  position: relative;
79
  }
80
 
81
+ .sucuri-alert-updated{
82
+ background-color:#bbe8f5!important;
83
+ border-color:#4393ac!important;
84
+ }
85
+
86
  .sucuri-alert > a.close{
87
  position: absolute;
88
  top: 8px;
89
  right: 10px;
90
+ font-size: 18px;
91
  }
inc/scripts.php DELETED
@@ -1,80 +0,0 @@
1
- <?php
2
-
3
- /**
4
- * Admin JavaScript and Stylesheet registration
5
- *
6
- **** This script file was kindly donated to Sucuri by the awesome Brandon Dove - https://twitter.com/brandondove ****
7
- *
8
- * Hooks into the admin_enqueue_scripts action to register scripts and styles that
9
- * are needed throughout the plugin back-end
10
- */
11
- add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
12
- function sucuriscan_admin_script_style_registration() {
13
-
14
- $default_deps = array( 'jquery' );
15
-
16
- echo 'tacos';
17
-
18
- /*
19
- * REGISTER JAVASCRIPT FILES
20
- * 01. Authorization
21
- /****************************************************************************************************************************/
22
- $scripts = array();
23
-
24
- // 1. AUTHORIZATION
25
- $scripts['sucuri-authorization'] = array(
26
- sucuriscan_JS. SUCURI_URL . 'inc/js/authorization.js',
27
- $default_deps,
28
- sucuriscan_VERSION,
29
- true );
30
-
31
- // Register all of our scripts for later use
32
- foreach( $scripts as $slug => $script )
33
- wp_register_script( $slug, $script[0], $script[1], $script[2], $script[3] );
34
-
35
-
36
- /*
37
- * REGISTER CSS FILES
38
- * 01. Authorization
39
- /****************************************************************************************************************************/
40
- $styles = array();
41
-
42
- // 1. AUTHORIZATION
43
- $styles['sucuri-setup'] = array(
44
- sucuriscan_CSS.'setup.css',
45
- array( 'sucuri-ads-common', 'wp-pointer' ),
46
- sucuriscan_VERSION,
47
- 'screen' );
48
-
49
- // Register all of our styles for later use
50
- foreach( $styles as $slug => $style )
51
- wp_register_style( $slug, $style[0], $style[1], $style[2], $style[3] );
52
- }
53
-
54
-
55
- /**
56
- * Public JavaScript and Stylesheet registration
57
- *
58
- * Hooks into the wp_enqueue_scripts action to register scripts and styles that
59
- * are needed on the front end
60
- */
61
- add_action( 'wp_enqueue_scripts', 'sucuriscan_public_script_style_registration', 1 );
62
- function sucuriscan_public_script_style_registration() {
63
-
64
- /*
65
- * REGISTER CSS FILES
66
- * 01. Tracking Filters
67
- /****************************************************************************************************************************/
68
- $styles = array();
69
-
70
- // 1. DEFAULT AD CSS
71
- $styles['sucuri-default-css'] = array(
72
- sucuriscan_CSS.'widget-default.css',
73
- false,
74
- sucuriscan_VERSION,
75
- 'screen' );
76
-
77
- // Register all of our styles for later use
78
- foreach( $styles as $slug => $style )
79
- wp_register_style( $slug, $style[0], $style[1], $style[2], $style[3] );
80
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
inc/tpl/sucuri-wp-integrity-admins.html.tpl CHANGED
@@ -4,10 +4,6 @@
4
  <table class="wp-list-table widefat">
5
  <thead>
6
  <tr>
7
- <th class="manage-column column-cb check-column">
8
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
9
- <input id="cb-select-all-1" type="checkbox">
10
- </th>
11
  <th class="manage-column">Username</th>
12
  <th class="manage-column">Email</th>
13
  <th class="manage-column">Last Logins (newest to oldest)</th>
4
  <table class="wp-list-table widefat">
5
  <thead>
6
  <tr>
 
 
 
 
7
  <th class="manage-column">Username</th>
8
  <th class="manage-column">Email</th>
9
  <th class="manage-column">Last Logins (newest to oldest)</th>
inc/tpl/sucuri-wp-integrity-admins.snippet.tpl CHANGED
@@ -1,7 +1,4 @@
1
  <tr>
2
- <th class="check-column">
3
- <input type="checkbox" name="user_ids[]" value="%%SUCURI.AdminUsers.UserId%%" />
4
- </th>
5
  <td>%%SUCURI.AdminUsers.Username%%</td>
6
  <td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
7
  <td class="adminusers-lastlogin">
1
  <tr>
 
 
 
2
  <td>%%SUCURI.AdminUsers.Username%%</td>
3
  <td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
4
  <td class="adminusers-lastlogin">
inc/tpl/sucuri-wp-lastlogins.html.tpl CHANGED
@@ -14,15 +14,11 @@
14
 
15
  <div id="poststuff">
16
  <div class="postbox">
17
- <h3>Post-Hack - User logins (latest 10, newest to oldest)</h3>
18
  <div class="inside">
19
  <table class="wp-list-table widefat">
20
  <thead>
21
  <tr>
22
- <th class="manage-column column-cb check-column">
23
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
24
- <input id="cb-select-all-1" type="checkbox">
25
- </th>
26
  <th class="manage-column">Username</th>
27
  <th class="manage-column">Email</th>
28
  <th class="manage-column">IP Address</th>
14
 
15
  <div id="poststuff">
16
  <div class="postbox">
17
+ <h3>User logins (latest 10, newest to oldest)</h3>
18
  <div class="inside">
19
  <table class="wp-list-table widefat">
20
  <thead>
21
  <tr>
 
 
 
 
22
  <th class="manage-column">Username</th>
23
  <th class="manage-column">Email</th>
24
  <th class="manage-column">IP Address</th>
inc/tpl/sucuri-wp-lastlogins.snippet.tpl CHANGED
@@ -1,7 +1,4 @@
1
  <tr>
2
- <th class="check-column">
3
- <input type="checkbox" name="user_ids[]" value="%%SUCURI.UserList.UserId%%" />
4
- </th>
5
  <td>%%SUCURI.UserList.Username%%</td>
6
  <td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
7
  <td>%%SUCURI.UserList.RemoteAddr%%</td>
1
  <tr>
 
 
 
2
  <td>%%SUCURI.UserList.Username%%</td>
3
  <td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
4
  <td>%%SUCURI.UserList.RemoteAddr%%</td>
inc/tpl/sucuri-wp-posthack.html.tpl CHANGED
@@ -14,7 +14,7 @@
14
 
15
  <div id="poststuff">
16
  <div class="postbox">
17
- <h3>Post-Hack - Update WP-Config Keys</h3>
18
  <div class="inside">
19
  <form method="post">
20
  <input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
@@ -42,7 +42,7 @@
42
  </div>
43
 
44
  <div class="postbox">
45
- <h3>Post-Hack - Reset user password</h3>
46
  <div class="inside">
47
  <form method="post">
48
  <input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
14
 
15
  <div id="poststuff">
16
  <div class="postbox">
17
+ <h3>Update WP-Config Keys</h3>
18
  <div class="inside">
19
  <form method="post">
20
  <input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
42
  </div>
43
 
44
  <div class="postbox">
45
+ <h3>Reset user password</h3>
46
  <div class="inside">
47
  <form method="post">
48
  <input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
lib/core_integrity.php CHANGED
@@ -169,9 +169,8 @@ function sucuriwp_list_admins($userlevel = '10') {
169
  'SucuriURL'=>SUCURI_URL,
170
  'AdminUsers.UserList'=>''
171
  );
172
-
173
- $wp_user_level = "{$wpdb->prefix}user_level"; // This value is generated through $table_prefix.
174
- $admins = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE meta_key = '{$wp_user_level}' AND meta_value = '$userlevel'");
175
  foreach ( (array) $admins as $user ) {
176
  $admin = get_userdata( $user->user_id );
177
  $admin->lastlogins = sucuriscan_get_logins(4, $admin->ID);
169
  'SucuriURL'=>SUCURI_URL,
170
  'AdminUsers.UserList'=>''
171
  );
172
+
173
+ $admins = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE meta_value = '$userlevel'");
 
174
  foreach ( (array) $admins as $user ) {
175
  $admin = get_userdata( $user->user_id );
176
  $admin->lastlogins = sucuriscan_get_logins(4, $admin->ID);
lib/sidebar.php CHANGED
@@ -10,13 +10,13 @@
10
  </div>
11
 
12
  <div id="sucuri-latest-posts" class="sucuriscan-sidebar">
13
- <h2><span class="promo">Stay updated with WordPress security news. </span></h2>
14
- <p>Check out the <a href="http://blog.sucuri.net/">Sucuri Blog</a>!
15
  </p>
16
  <p>
17
- <a class="button-primary" href="http://blog.sucuri.net/">Read more »</a>
18
  </p>
19
  </div>
20
 
21
  </div>
22
- </div>
10
  </div>
11
 
12
  <div id="sucuri-latest-posts" class="sucuriscan-sidebar">
13
+ <h2><span class="promo">Need extra protection and security for your site? You need a WAF (website firewall)!</span></h2>
14
+ <p>Check out our <a target="_blank" href="http://cloudproxy.sucuri.net/">Sucuri CloudProxy WAF</a>!
15
  </p>
16
  <p>
17
+ <a target="_blank" class="button-primary" href="http://blog.sucuri.net/2013/03/virtual-patching-for-websites-with-sucuri-cloudproxy.html">Read more »</a>
18
  </p>
19
  </div>
20
 
21
  </div>
22
+ </div>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3
  Donate Link: http://sitecheck.sucuri.net
4
  Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
  Requires at least:3.2
6
- Stable tag:1.4.3
7
  Tested up to: 3.6
8
 
9
  The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
@@ -67,6 +67,9 @@ the compromise on your site).
67
 
68
  == Changelog ==
69
 
 
 
 
70
  = 1.4.3 =
71
  * Fixing a few PHP warnings.
72
 
3
  Donate Link: http://sitecheck.sucuri.net
4
  Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
  Requires at least:3.2
6
+ Stable tag:1.4.4
7
  Tested up to: 3.6
8
 
9
  The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
67
 
68
  == Changelog ==
69
 
70
+ = 1.4.4 =
71
+ * Small bug fixes + forcing a re-scan on every scan attempt (not using the cache anymore).
72
+
73
  = 1.4.3 =
74
  * Fixing a few PHP warnings.
75
 
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
  You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
 
9
  Author: Sucuri Security
10
- Version: 1.4.3
11
  Author URI: http://sucuri.net
12
  */
13
 
@@ -18,19 +18,18 @@ if(!function_exists('add_action'))
18
  }
19
 
20
  define('SUCURISCAN','sucuriscan');
21
- define('SUCURISCAN_VERSION','1.4.3');
22
  define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
  define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
  /* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
25
  define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
26
 
27
  /* Requires files. */
28
- //require_once(dirname(__FILE__ ) . '/inc/scripts.php');
29
  add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
30
  function sucuriscan_admin_script_style_registration() { ?>
31
  <link rel="stylesheet" href="<?php echo SUCURI_URL; ?>/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />
32
  <script type="text/javascript">
33
- function sucuri_alert_close(id){
34
  var element = document.getElementById('sucuri-alert-'+id);
35
  element.parentNode.removeChild(element);
36
  }
@@ -121,7 +120,7 @@ function sucuri_scan_page()
121
 
122
  function sucuriscan_print_scan()
123
  {
124
- $myresults = wp_remote_get("http://sitecheck.sucuri.net/scanner/?serialized&fromwp&scan=".home_url(), array("timeout" => 180));
125
 
126
  if(is_wp_error($myresults))
127
  {
@@ -362,8 +361,8 @@ function sucuriscan_admin_notice($type='updated', $message='')
362
  {
363
  $alert_id = rand(100, 999);
364
  if( !empty($message) ): ?>
365
- <div id="sucuri-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuri-alert">
366
- <a href="javascript:void(0)" class="close" onclick="sucuri_alert_close('<?php echo $alert_id; ?>')">&times;</a>
367
  <p><?php _e($message); ?></p>
368
  </div>
369
  <?php endif;
@@ -623,10 +622,12 @@ function sucuriscan_lastlogins_page()
623
  echo sucuriscan_get_template('sucuri-wp-lastlogins.html.tpl', $template_variables);
624
  }
625
 
626
- function sucuri_login_redirect(){
627
- return admin_url('?sucuri_lastlogin_message=1');
 
 
 
628
  }
629
- add_filter('login_redirect', 'sucuri_login_redirect');
630
 
631
  function sucuriscan_get_flashdata()
632
  {
@@ -642,7 +643,7 @@ function sucuriscan_get_flashdata()
642
  sucuriscan_admin_notice('updated', $lastlogin_message);
643
  }
644
  }
645
- add_action('admin_init', 'sucuriscan_get_flashdata');
646
 
647
  function sucuriscan_get_remoteaddr()
648
  {
7
  You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
 
9
  Author: Sucuri Security
10
+ Version: 1.4.4
11
  Author URI: http://sucuri.net
12
  */
13
 
18
  }
19
 
20
  define('SUCURISCAN','sucuriscan');
21
+ define('SUCURISCAN_VERSION','1.4.4');
22
  define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
  define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
  /* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
25
  define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
26
 
27
  /* Requires files. */
 
28
  add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
29
  function sucuriscan_admin_script_style_registration() { ?>
30
  <link rel="stylesheet" href="<?php echo SUCURI_URL; ?>/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />
31
  <script type="text/javascript">
32
+ function sucuriscan_alert_close(id){
33
  var element = document.getElementById('sucuri-alert-'+id);
34
  element.parentNode.removeChild(element);
35
  }
120
 
121
  function sucuriscan_print_scan()
122
  {
123
+ $myresults = wp_remote_get("http://sitecheck.sucuri.net/scanner/?serialized&clear&fromwp&scan=".home_url(), array("timeout" => 180));
124
 
125
  if(is_wp_error($myresults))
126
  {
361
  {
362
  $alert_id = rand(100, 999);
363
  if( !empty($message) ): ?>
364
+ <div id="sucuri-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuri-alert sucuri-alert-<?php echo $type; ?>">
365
+ <a href="javascript:void(0)" class="close" onclick="sucuriscan_alert_close('<?php echo $alert_id; ?>')">&times;</a>
366
  <p><?php _e($message); ?></p>
367
  </div>
368
  <?php endif;
622
  echo sucuriscan_get_template('sucuri-wp-lastlogins.html.tpl', $template_variables);
623
  }
624
 
625
+ if( !function_exists('sucuri_login_redirect') ){
626
+ function sucuri_login_redirect(){
627
+ return admin_url('?sucuri_lastlogin_message=1');
628
+ }
629
+ add_filter('login_redirect', 'sucuri_login_redirect');
630
  }
 
631
 
632
  function sucuriscan_get_flashdata()
633
  {
643
  sucuriscan_admin_notice('updated', $lastlogin_message);
644
  }
645
  }
646
+ add_action('admin_notices', 'sucuriscan_get_flashdata');
647
 
648
  function sucuriscan_get_remoteaddr()
649
  {