Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.4.4

Version Description

  • Small bug fixes + forcing a re-scan on every scan attempt (not using the cache anymore).
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.4.4
Comparing to
See all releases

Code changes from version 1.4.3 to 1.4.4

inc/css/sucuriscan-default-css.css CHANGED
@@ -78,9 +78,14 @@
78
position: relative;
79
}
80
81
.sucuri-alert > a.close{
82
position: absolute;
83
top: 8px;
84
right: 10px;
85
- font-size: 18px
86
}
78
position: relative;
79
}
80
81
+ .sucuri-alert-updated{
82
+ background-color:#bbe8f5!important;
83
+ border-color:#4393ac!important;
84
+ }
85
+
86
.sucuri-alert > a.close{
87
position: absolute;
88
top: 8px;
89
right: 10px;
90
+ font-size: 18px;
91
}
inc/scripts.php DELETED
@@ -1,80 +0,0 @@
1
- <?php
2
-
3
- /**
4
- * Admin JavaScript and Stylesheet registration
5
- *
6
- **** This script file was kindly donated to Sucuri by the awesome Brandon Dove - https://twitter.com/brandondove ****
7
- *
8
- * Hooks into the admin_enqueue_scripts action to register scripts and styles that
9
- * are needed throughout the plugin back-end
10
- */
11
- add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
12
- function sucuriscan_admin_script_style_registration() {
13
-
14
- $default_deps = array( 'jquery' );
15
-
16
- echo 'tacos';
17
-
18
- /*
19
- * REGISTER JAVASCRIPT FILES
20
- * 01. Authorization
21
- /****************************************************************************************************************************/
22
- $scripts = array();
23
-
24
- // 1. AUTHORIZATION
25
- $scripts['sucuri-authorization'] = array(
26
- sucuriscan_JS. SUCURI_URL . 'inc/js/authorization.js',
27
- $default_deps,
28
- sucuriscan_VERSION,
29
- true );
30
-
31
- // Register all of our scripts for later use
32
- foreach( $scripts as $slug => $script )
33
- wp_register_script( $slug, $script[0], $script[1], $script[2], $script[3] );
34
-
35
-
36
- /*
37
- * REGISTER CSS FILES
38
- * 01. Authorization
39
- /****************************************************************************************************************************/
40
- $styles = array();
41
-
42
- // 1. AUTHORIZATION
43
- $styles['sucuri-setup'] = array(
44
- sucuriscan_CSS.'setup.css',
45
- array( 'sucuri-ads-common', 'wp-pointer' ),
46
- sucuriscan_VERSION,
47
- 'screen' );
48
-
49
- // Register all of our styles for later use
50
- foreach( $styles as $slug => $style )
51
- wp_register_style( $slug, $style[0], $style[1], $style[2], $style[3] );
52
- }
53
-
54
-
55
- /**
56
- * Public JavaScript and Stylesheet registration
57
- *
58
- * Hooks into the wp_enqueue_scripts action to register scripts and styles that
59
- * are needed on the front end
60
- */
61
- add_action( 'wp_enqueue_scripts', 'sucuriscan_public_script_style_registration', 1 );
62
- function sucuriscan_public_script_style_registration() {
63
-
64
- /*
65
- * REGISTER CSS FILES
66
- * 01. Tracking Filters
67
- /****************************************************************************************************************************/
68
- $styles = array();
69
-
70
- // 1. DEFAULT AD CSS
71
- $styles['sucuri-default-css'] = array(
72
- sucuriscan_CSS.'widget-default.css',
73
- false,
74
- sucuriscan_VERSION,
75
- 'screen' );
76
-
77
- // Register all of our styles for later use
78
- foreach( $styles as $slug => $style )
79
- wp_register_style( $slug, $style[0], $style[1], $style[2], $style[3] );
80
- }
inc/tpl/sucuri-wp-integrity-admins.html.tpl CHANGED
@@ -4,10 +4,6 @@
4
<table class="wp-list-table widefat">
5
<thead>
6
<tr>
7
- <th class="manage-column column-cb check-column">
8
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
9
- <input id="cb-select-all-1" type="checkbox">
10
- </th>
11
<th class="manage-column">Username</th>
12
<th class="manage-column">Email</th>
13
<th class="manage-column">Last Logins (newest to oldest)</th>
4
<table class="wp-list-table widefat">
5
<thead>
6
<tr>
7
<th class="manage-column">Username</th>
8
<th class="manage-column">Email</th>
9
<th class="manage-column">Last Logins (newest to oldest)</th>
inc/tpl/sucuri-wp-integrity-admins.snippet.tpl CHANGED
@@ -1,7 +1,4 @@
1
<tr>
2
- <th class="check-column">
3
- <input type="checkbox" name="user_ids[]" value="%%SUCURI.AdminUsers.UserId%%" />
4
- </th>
5
<td>%%SUCURI.AdminUsers.Username%%</td>
6
<td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
7
<td class="adminusers-lastlogin">
1
<tr>
2
<td>%%SUCURI.AdminUsers.Username%%</td>
3
<td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
4
<td class="adminusers-lastlogin">
inc/tpl/sucuri-wp-lastlogins.html.tpl CHANGED
@@ -14,15 +14,11 @@
14
15
<div id="poststuff">
16
<div class="postbox">
17
- <h3>Post-Hack - User logins (latest 10, newest to oldest)</h3>
18
<div class="inside">
19
<table class="wp-list-table widefat">
20
<thead>
21
<tr>
22
- <th class="manage-column column-cb check-column">
23
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
24
- <input id="cb-select-all-1" type="checkbox">
25
- </th>
26
<th class="manage-column">Username</th>
27
<th class="manage-column">Email</th>
28
<th class="manage-column">IP Address</th>
14
15
<div id="poststuff">
16
<div class="postbox">
17
+ <h3>User logins (latest 10, newest to oldest)</h3>
18
<div class="inside">
19
<table class="wp-list-table widefat">
20
<thead>
21
<tr>
22
<th class="manage-column">Username</th>
23
<th class="manage-column">Email</th>
24
<th class="manage-column">IP Address</th>
inc/tpl/sucuri-wp-lastlogins.snippet.tpl CHANGED
@@ -1,7 +1,4 @@
1
<tr>
2
- <th class="check-column">
3
- <input type="checkbox" name="user_ids[]" value="%%SUCURI.UserList.UserId%%" />
4
- </th>
5
<td>%%SUCURI.UserList.Username%%</td>
6
<td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
7
<td>%%SUCURI.UserList.RemoteAddr%%</td>
1
<tr>
2
<td>%%SUCURI.UserList.Username%%</td>
3
<td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
4
<td>%%SUCURI.UserList.RemoteAddr%%</td>
inc/tpl/sucuri-wp-posthack.html.tpl CHANGED
@@ -14,7 +14,7 @@
14
15
<div id="poststuff">
16
<div class="postbox">
17
- <h3>Post-Hack - Update WP-Config Keys</h3>
18
<div class="inside">
19
<form method="post">
20
<input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
@@ -42,7 +42,7 @@
42
</div>
43
44
<div class="postbox">
45
- <h3>Post-Hack - Reset user password</h3>
46
<div class="inside">
47
<form method="post">
48
<input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
14
15
<div id="poststuff">
16
<div class="postbox">
17
+ <h3>Update WP-Config Keys</h3>
18
<div class="inside">
19
<form method="post">
20
<input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
42
</div>
43
44
<div class="postbox">
45
+ <h3>Reset user password</h3>
46
<div class="inside">
47
<form method="post">
48
<input type="hidden" name="sucuri_posthack_nonce" value="%%SUCURI.PosthackNonce%%" />
lib/core_integrity.php CHANGED
@@ -169,9 +169,8 @@ function sucuriwp_list_admins($userlevel = '10') {
169
'SucuriURL'=>SUCURI_URL,
170
'AdminUsers.UserList'=>''
171
);
172
-
173
- $wp_user_level = "{$wpdb->prefix}user_level"; // This value is generated through $table_prefix.
174
- $admins = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE meta_key = '{$wp_user_level}' AND meta_value = '$userlevel'");
175
foreach ( (array) $admins as $user ) {
176
$admin = get_userdata( $user->user_id );
177
$admin->lastlogins = sucuriscan_get_logins(4, $admin->ID);
169
'SucuriURL'=>SUCURI_URL,
170
'AdminUsers.UserList'=>''
171
);
172
+
173
+ $admins = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE meta_value = '$userlevel'");
174
foreach ( (array) $admins as $user ) {
175
$admin = get_userdata( $user->user_id );
176
$admin->lastlogins = sucuriscan_get_logins(4, $admin->ID);
lib/sidebar.php CHANGED
@@ -10,13 +10,13 @@
10
</div>
11
12
<div id="sucuri-latest-posts" class="sucuriscan-sidebar">
13
- <h2><span class="promo">Stay updated with WordPress security news. </span></h2>
14
- <p>Check out the <a href="http://blog.sucuri.net/">Sucuri Blog</a>!
15
</p>
16
<p>
17
- <a class="button-primary" href="http://blog.sucuri.net/">Read more »</a>
18
</p>
19
</div>
20
21
</div>
22
- </div>
10
</div>
11
12
<div id="sucuri-latest-posts" class="sucuriscan-sidebar">
13
+ <h2><span class="promo">Need extra protection and security for your site? You need a WAF (website firewall)!</span></h2>
14
+ <p>Check out our <a target="_blank" href="http://cloudproxy.sucuri.net/">Sucuri CloudProxy WAF</a>!
15
</p>
16
<p>
17
+ <a target="_blank" class="button-primary" href="http://blog.sucuri.net/2013/03/virtual-patching-for-websites-with-sucuri-cloudproxy.html">Read more »</a>
18
</p>
19
</div>
20
21
</div>
22
+ </div>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
- Stable tag:1.4.3
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
@@ -67,6 +67,9 @@ the compromise on your site).
67
68
== Changelog ==
69
70
= 1.4.3 =
71
* Fixing a few PHP warnings.
72
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
+ Stable tag:1.4.4
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
67
68
== Changelog ==
69
70
+ = 1.4.4 =
71
+ * Small bug fixes + forcing a re-scan on every scan attempt (not using the cache anymore).
72
+
73
= 1.4.3 =
74
* Fixing a few PHP warnings.
75
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
- Version: 1.4.3
11
Author URI: http://sucuri.net
12
*/
13
@@ -18,19 +18,18 @@ if(!function_exists('add_action'))
18
}
19
20
define('SUCURISCAN','sucuriscan');
21
- define('SUCURISCAN_VERSION','1.4.3');
22
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
25
define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
26
27
/* Requires files. */
28
- //require_once(dirname(__FILE__ ) . '/inc/scripts.php');
29
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
30
function sucuriscan_admin_script_style_registration() { ?>
31
<link rel="stylesheet" href="<?php echo SUCURI_URL; ?>/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />
32
<script type="text/javascript">
33
- function sucuri_alert_close(id){
34
var element = document.getElementById('sucuri-alert-'+id);
35
element.parentNode.removeChild(element);
36
}
@@ -121,7 +120,7 @@ function sucuri_scan_page()
121
122
function sucuriscan_print_scan()
123
{
124
- $myresults = wp_remote_get("http://sitecheck.sucuri.net/scanner/?serialized&fromwp&scan=".home_url(), array("timeout" => 180));
125
126
if(is_wp_error($myresults))
127
{
@@ -362,8 +361,8 @@ function sucuriscan_admin_notice($type='updated', $message='')
362
{
363
$alert_id = rand(100, 999);
364
if( !empty($message) ): ?>
365
- <div id="sucuri-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuri-alert">
366
- <a href="javascript:void(0)" class="close" onclick="sucuri_alert_close('<?php echo $alert_id; ?>')">&times;</a>
367
<p><?php _e($message); ?></p>
368
</div>
369
<?php endif;
@@ -623,10 +622,12 @@ function sucuriscan_lastlogins_page()
623
echo sucuriscan_get_template('sucuri-wp-lastlogins.html.tpl', $template_variables);
624
}
625
626
- function sucuri_login_redirect(){
627
- return admin_url('?sucuri_lastlogin_message=1');
628
}
629
- add_filter('login_redirect', 'sucuri_login_redirect');
630
631
function sucuriscan_get_flashdata()
632
{
@@ -642,7 +643,7 @@ function sucuriscan_get_flashdata()
642
sucuriscan_admin_notice('updated', $lastlogin_message);
643
}
644
}
645
- add_action('admin_init', 'sucuriscan_get_flashdata');
646
647
function sucuriscan_get_remoteaddr()
648
{
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
+ Version: 1.4.4
11
Author URI: http://sucuri.net
12
*/
13
18
}
19
20
define('SUCURISCAN','sucuriscan');
21
+ define('SUCURISCAN_VERSION','1.4.4');
22
define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
23
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
24
/* Sucuri Free/Paid Plugin will use the same tablename, check: sucuriscan_lastlogins_table_exists() */
25
define('SUCURISCAN_LASTLOGINS_TABLENAME', "{$table_prefix}sucuri_lastlogins");
26
27
/* Requires files. */
28
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
29
function sucuriscan_admin_script_style_registration() { ?>
30
<link rel="stylesheet" href="<?php echo SUCURI_URL; ?>/inc/css/sucuriscan-default-css.css" type="text/css" media="all" />
31
<script type="text/javascript">
32
+ function sucuriscan_alert_close(id){
33
var element = document.getElementById('sucuri-alert-'+id);
34
element.parentNode.removeChild(element);
35
}
120
121
function sucuriscan_print_scan()
122
{
123
+ $myresults = wp_remote_get("http://sitecheck.sucuri.net/scanner/?serialized&clear&fromwp&scan=".home_url(), array("timeout" => 180));
124
125
if(is_wp_error($myresults))
126
{
361
{
362
$alert_id = rand(100, 999);
363
if( !empty($message) ): ?>
364
+ <div id="sucuri-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuri-alert sucuri-alert-<?php echo $type; ?>">
365
+ <a href="javascript:void(0)" class="close" onclick="sucuriscan_alert_close('<?php echo $alert_id; ?>')">&times;</a>
366
<p><?php _e($message); ?></p>
367
</div>
368
<?php endif;
622
echo sucuriscan_get_template('sucuri-wp-lastlogins.html.tpl', $template_variables);
623
}
624
625
+ if( !function_exists('sucuri_login_redirect') ){
626
+ function sucuri_login_redirect(){
627
+ return admin_url('?sucuri_lastlogin_message=1');
628
+ }
629
+ add_filter('login_redirect', 'sucuri_login_redirect');
630
}
631
632
function sucuriscan_get_flashdata()
633
{
643
sucuriscan_admin_notice('updated', $lastlogin_message);
644
}
645
}
646
+ add_action('admin_notices', 'sucuriscan_get_flashdata');
647
648
function sucuriscan_get_remoteaddr()
649
{