Version Description
- Fixing last login and giving better warns on permission errors.
- Making the integrity check messages more clear.
Download this release
Release Info
| Developer | yorman |
| Plugin |  Sucuri Security – Auditing, Malware Scanner and Security Hardening |
| Version | 1.5.0 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4.9 to 1.5.0
- inc/css/sucuriscan-default-css.css +2 -0
- inc/tpl/integrity-admins.snippet.tpl +2 -1
- lib/core_integrity.php +12 -5
- readme.txt +5 -1
- sucuri.php +43 -22
- sucuriscan_core_integrity.php +7 -3
inc/css/sucuriscan-default-css.css
CHANGED
|
@@ -21,3 +21,5 @@
|
|
| 21 |
.sucuri-inline-error{font-weight:bold;color:red}
|
| 22 |
.sucuri-list li{list-style:disc;margin:0 0 5px 15px}
|
| 23 |
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
|
|
|
|
|
|
| 21 |
.sucuri-inline-error{font-weight:bold;color:red}
|
| 22 |
.sucuri-list li{list-style:disc;margin:0 0 5px 15px}
|
| 23 |
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
|
| 24 |
+
.sucuriscan-maincontent table td > table{background:#fff}
|
| 25 |
+
.sucuriscan-maincontent table td > table th{padding:4px 8px}
|
inc/tpl/integrity-admins.snippet.tpl
CHANGED
|
@@ -2,7 +2,8 @@
|
|
| 2 |
<td>%%SUCURI.AdminUsers.Username%%</td>
|
| 3 |
<td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
|
| 4 |
<td class="adminusers-lastlogin">
|
| 5 |
-
<
|
|
|
|
| 6 |
<thead>
|
| 7 |
<tr>
|
| 8 |
<th>IP Address</th>
|
| 2 |
<td>%%SUCURI.AdminUsers.Username%%</td>
|
| 3 |
<td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
|
| 4 |
<td class="adminusers-lastlogin">
|
| 5 |
+
<div class="sucuri-%%SUCURI.AdminUsers.NoLastLogins%%">There isn't information available for this account.</div>
|
| 6 |
+
<table class="widefat sucuri-%%SUCURI.AdminUsers.NoLastLoginsTable%%">
|
| 7 |
<thead>
|
| 8 |
<tr>
|
| 9 |
<th>IP Address</th>
|
lib/core_integrity.php
CHANGED
|
@@ -182,11 +182,18 @@ function sucuriwp_list_admins($userlevel = '10') {
|
|
| 182 |
'AdminUsers.Email'=>$admin->user_email,
|
| 183 |
'AdminUsers.LastLogins'=>''
|
| 184 |
);
|
| 185 |
-
|
| 186 |
-
$user_snippet['AdminUsers.
|
| 187 |
-
|
| 188 |
-
|
| 189 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 190 |
}
|
| 191 |
|
| 192 |
$template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('integrity-admins.snippet.tpl', $user_snippet);
|
| 182 |
'AdminUsers.Email'=>$admin->user_email,
|
| 183 |
'AdminUsers.LastLogins'=>''
|
| 184 |
);
|
| 185 |
+
if( !empty($admin->lastlogins) ){
|
| 186 |
+
$user_snippet['AdminUsers.NoLastLogins'] = 'hidden';
|
| 187 |
+
$user_snippet['AdminUsers.NoLastLoginsTable'] = 'visible';
|
| 188 |
+
foreach($admin->lastlogins as $lastlogin){
|
| 189 |
+
$user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('integrity-admins-lastlogin.snippet.tpl', array(
|
| 190 |
+
'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
|
| 191 |
+
'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
|
| 192 |
+
));
|
| 193 |
+
}
|
| 194 |
+
}else{
|
| 195 |
+
$user_snippet['AdminUsers.NoLastLogins'] = 'visible';
|
| 196 |
+
$user_snippet['AdminUsers.NoLastLoginsTable'] = 'hidden';
|
| 197 |
}
|
| 198 |
|
| 199 |
$template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('integrity-admins.snippet.tpl', $user_snippet);
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
|
|
| 3 |
Donate Link: http://sitecheck.sucuri.net
|
| 4 |
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
|
| 5 |
Requires at least:3.2
|
| 6 |
-
Stable tag:1.
|
| 7 |
Tested up to: 3.6
|
| 8 |
|
| 9 |
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
|
|
@@ -66,6 +66,10 @@ the compromise on your site).
|
|
| 66 |
|
| 67 |
== Changelog ==
|
| 68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 69 |
= 1.4.8 =
|
| 70 |
* New and clean design for the scan results.
|
| 71 |
* Adding a web firewall check on our hardening page.
|
| 3 |
Donate Link: http://sitecheck.sucuri.net
|
| 4 |
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
|
| 5 |
Requires at least:3.2
|
| 6 |
+
Stable tag:1.5.0
|
| 7 |
Tested up to: 3.6
|
| 8 |
|
| 9 |
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
|
| 66 |
|
| 67 |
== Changelog ==
|
| 68 |
|
| 69 |
+
= 1.5.0 =
|
| 70 |
+
* Fixing last login and giving better warns on permission errors.
|
| 71 |
+
* Making the integrity check messages more clear.
|
| 72 |
+
|
| 73 |
= 1.4.8 =
|
| 74 |
* New and clean design for the scan results.
|
| 75 |
* Adding a web firewall check on our hardening page.
|
sucuri.php
CHANGED
|
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
|
|
| 7 |
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
|
| 8 |
|
| 9 |
Author: Sucuri Security
|
| 10 |
-
Version: 1.
|
| 11 |
Author URI: http://sucuri.net
|
| 12 |
*/
|
| 13 |
|
|
@@ -23,11 +23,28 @@ if(!function_exists('add_action'))
|
|
| 23 |
@ignore_user_abort(TRUE);
|
| 24 |
|
| 25 |
define('SUCURISCAN','sucuriscan');
|
| 26 |
-
define('SUCURISCAN_VERSION','1.
|
| 27 |
define('SUCURI_URL',plugin_dir_url( __FILE__ ));
|
| 28 |
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
|
| 29 |
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
|
| 30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 31 |
/* Requires files. */
|
| 32 |
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
|
| 33 |
function sucuriscan_admin_script_style_registration() { ?>
|
|
@@ -140,12 +157,12 @@ function sucuriscan_print_scan()
|
|
| 140 |
echo '</h3>';
|
| 141 |
echo '<div class="inside">';
|
| 142 |
if( !$malware_warns_exists ){
|
| 143 |
-
echo "<
|
| 144 |
-
echo "<
|
| 145 |
-
echo "<
|
| 146 |
-
echo "<
|
| 147 |
-
echo "<
|
| 148 |
-
echo "<
|
| 149 |
}else{
|
| 150 |
foreach($res['MALWARE']['WARN'] as $malres)
|
| 151 |
{
|
|
@@ -188,18 +205,16 @@ function sucuriscan_print_scan()
|
|
| 188 |
}
|
| 189 |
echo '</h3>';
|
| 190 |
echo '<div class="inside">';
|
| 191 |
-
|
| 192 |
-
|
| 193 |
-
|
| 194 |
-
|
| 195 |
-
|
| 196 |
-
|
| 197 |
-
|
| 198 |
-
|
| 199 |
-
|
| 200 |
-
|
| 201 |
-
{
|
| 202 |
-
echo "<b>WARN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
|
| 203 |
}
|
| 204 |
}
|
| 205 |
echo '</div>';
|
|
@@ -209,10 +224,16 @@ function sucuriscan_print_scan()
|
|
| 209 |
|
| 210 |
// Check for general versions in some common services/software used to serve this website.
|
| 211 |
global $wp_version;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 212 |
echo '<div id="poststuff">';
|
| 213 |
echo '<div class="postbox">';
|
| 214 |
echo '<h3>';
|
| 215 |
-
if(
|
| 216 |
{
|
| 217 |
echo '<img style="position:relative;top:5px" height="22" width="22" src="
|
| 218 |
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" />
|
|
@@ -643,7 +664,7 @@ function sucuriscan_lastlogins_page()
|
|
| 643 |
if( !sucuriscan_lastlogins_datastore_is_writable() ){
|
| 644 |
sucuriscan_admin_notice('error', '<strong>Error.</strong> The last-logins datastore
|
| 645 |
file is not writable, gives permissions to write in this location:<br>'.
|
| 646 |
-
'<code>'.
|
| 647 |
}
|
| 648 |
|
| 649 |
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
|
| 7 |
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
|
| 8 |
|
| 9 |
Author: Sucuri Security
|
| 10 |
+
Version: 1.5.0
|
| 11 |
Author URI: http://sucuri.net
|
| 12 |
*/
|
| 13 |
|
| 23 |
@ignore_user_abort(TRUE);
|
| 24 |
|
| 25 |
define('SUCURISCAN','sucuriscan');
|
| 26 |
+
define('SUCURISCAN_VERSION','1.5.0');
|
| 27 |
define('SUCURI_URL',plugin_dir_url( __FILE__ ));
|
| 28 |
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
|
| 29 |
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
|
| 30 |
|
| 31 |
+
if( !function_exists('sucuriscan_create_uploaddir') ){
|
| 32 |
+
function sucuriscan_create_uploaddir(){
|
| 33 |
+
$plugin_upload_folder = sucuriscan_dir_filepath();
|
| 34 |
+
if( !file_exists($plugin_upload_folder) ){
|
| 35 |
+
if( @mkdir($plugin_upload_folder) ){
|
| 36 |
+
sucuriscan_lastlogins_datastore_exists();
|
| 37 |
+
}else{
|
| 38 |
+
sucuriscan_admin_notice('error', "<strong>Error.</strong> Sucuri data folder doesn't
|
| 39 |
+
exists and couldn't be created. You'll need to create this folder manually and
|
| 40 |
+
give it write permissions:<br><code>{$plugin_upload_folder}</code>");
|
| 41 |
+
}
|
| 42 |
+
}
|
| 43 |
+
}
|
| 44 |
+
|
| 45 |
+
add_action('admin_init', 'sucuriscan_create_uploaddir');
|
| 46 |
+
}
|
| 47 |
+
|
| 48 |
/* Requires files. */
|
| 49 |
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
|
| 50 |
function sucuriscan_admin_script_style_registration() { ?>
|
| 157 |
echo '</h3>';
|
| 158 |
echo '<div class="inside">';
|
| 159 |
if( !$malware_warns_exists ){
|
| 160 |
+
echo "<span><strong>Malware:</strong> No.</span><br>";
|
| 161 |
+
echo "<span><strong>Malicious javascript:</strong> No.</span><br>";
|
| 162 |
+
echo "<span><strong>Malicious iframes:</strong> No.</span><br>";
|
| 163 |
+
echo "<span><strong>Suspicious redirections (htaccess):</strong> No.</span><br>";
|
| 164 |
+
echo "<span><strong>Blackhat SEO Spam:</strong> No.</span><br>";
|
| 165 |
+
echo "<span><strong>Anomaly detection:</strong> Clean.</span><br>";
|
| 166 |
}else{
|
| 167 |
foreach($res['MALWARE']['WARN'] as $malres)
|
| 168 |
{
|
| 205 |
}
|
| 206 |
echo '</h3>';
|
| 207 |
echo '<div class="inside">';
|
| 208 |
+
foreach(array(
|
| 209 |
+
'INFO'=>'CLEAN',
|
| 210 |
+
'WARN'=>'WARNING'
|
| 211 |
+
) as $type=>$group_title){
|
| 212 |
+
if( isset($res['BLACKLIST'][$type]) ){
|
| 213 |
+
foreach($res['BLACKLIST'][$type] as $blres){
|
| 214 |
+
$report_site = htmlspecialchars($blres[0]);
|
| 215 |
+
$report_url = htmlspecialchars($blres[1]);
|
| 216 |
+
echo "<b>{$group_title}: </b>{$report_site} <a href='{$report_url}' target='_blank'>{$report_url}</a><br />";
|
| 217 |
+
}
|
|
|
|
|
|
|
| 218 |
}
|
| 219 |
}
|
| 220 |
echo '</div>';
|
| 224 |
|
| 225 |
// Check for general versions in some common services/software used to serve this website.
|
| 226 |
global $wp_version;
|
| 227 |
+
$wordpress_updated = FALSE;
|
| 228 |
+
$updates = function_exists('get_core_updates') ? get_core_updates() : array();
|
| 229 |
+
if( !is_array($updates) || empty($updates) || $updates[0]->response=='latest' ){
|
| 230 |
+
$wordpress_updated = TRUE;
|
| 231 |
+
}
|
| 232 |
+
|
| 233 |
echo '<div id="poststuff">';
|
| 234 |
echo '<div class="postbox">';
|
| 235 |
echo '<h3>';
|
| 236 |
+
if($wordpress_updated)
|
| 237 |
{
|
| 238 |
echo '<img style="position:relative;top:5px" height="22" width="22" src="
|
| 239 |
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" />
|
| 664 |
if( !sucuriscan_lastlogins_datastore_is_writable() ){
|
| 665 |
sucuriscan_admin_notice('error', '<strong>Error.</strong> The last-logins datastore
|
| 666 |
file is not writable, gives permissions to write in this location:<br>'.
|
| 667 |
+
'<code>'.sucuriscan_lastlogins_datastore_filepath().'</code>');
|
| 668 |
}
|
| 669 |
|
| 670 |
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
|
sucuriscan_core_integrity.php
CHANGED
|
@@ -12,14 +12,14 @@ if(!defined('SUCURISCAN'))
|
|
| 12 |
|
| 13 |
/* Sucuri WordPress Integrity page. */
|
| 14 |
|
| 15 |
-
function sucuriscan_core_integrity_function_wrapper($function_name, $description)
|
| 16 |
{
|
| 17 |
echo '<div class="postbox">';
|
| 18 |
echo '<div class="inside">';
|
| 19 |
echo '<form action="" method="post">'.
|
| 20 |
'<input type="hidden" name="'.$function_name.'nonce" value="'.wp_create_nonce($function_name.'nonce').'" />'.
|
| 21 |
'<input type="hidden" name="'.$function_name.'" value="'.$function_name.'" />'.
|
| 22 |
-
|
| 23 |
'<p>'.$description.'</p>'.
|
| 24 |
'<input class="button-primary" type="submit" name="'.$function_name.'" value="Check">'.
|
| 25 |
'</form>';
|
|
@@ -38,7 +38,7 @@ function sucuriscan_core_integrity_wp_content_wrapper()
|
|
| 38 |
echo '<form action="" method="post">'.
|
| 39 |
'<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
|
| 40 |
'<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
|
| 41 |
-
|
| 42 |
'<p>This test will list all files inside wp-content that have been modified in the past
|
| 43 |
|
| 44 |
<select name="sucuriwp_content_check_back">
|
|
@@ -88,6 +88,7 @@ function sucuriscan_core_integrity_lib()
|
|
| 88 |
|
| 89 |
sucuriscan_core_integrity_function_wrapper(
|
| 90 |
'sucuriwp_core_integrity_check',
|
|
|
|
| 91 |
'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
|
| 92 |
);
|
| 93 |
|
|
@@ -95,14 +96,17 @@ function sucuriscan_core_integrity_lib()
|
|
| 95 |
|
| 96 |
sucuriscan_core_integrity_function_wrapper(
|
| 97 |
'sucuriwp_list_admins',
|
|
|
|
| 98 |
'List all administrator users and their latest login time.'
|
| 99 |
);
|
| 100 |
sucuriscan_core_integrity_function_wrapper(
|
| 101 |
'sucuriwp_check_plugins',
|
|
|
|
| 102 |
'This test will list any outdated (active) plugins.'
|
| 103 |
);
|
| 104 |
sucuriscan_core_integrity_function_wrapper(
|
| 105 |
'sucuriwp_check_themes',
|
|
|
|
| 106 |
'This test will list any outdated theme.'
|
| 107 |
);
|
| 108 |
?>
|
| 12 |
|
| 13 |
/* Sucuri WordPress Integrity page. */
|
| 14 |
|
| 15 |
+
function sucuriscan_core_integrity_function_wrapper($function_name, $stitle, $description)
|
| 16 |
{
|
| 17 |
echo '<div class="postbox">';
|
| 18 |
echo '<div class="inside">';
|
| 19 |
echo '<form action="" method="post">'.
|
| 20 |
'<input type="hidden" name="'.$function_name.'nonce" value="'.wp_create_nonce($function_name.'nonce').'" />'.
|
| 21 |
'<input type="hidden" name="'.$function_name.'" value="'.$function_name.'" />'.
|
| 22 |
+
'<h4>'.$stitle.'</h4>'.
|
| 23 |
'<p>'.$description.'</p>'.
|
| 24 |
'<input class="button-primary" type="submit" name="'.$function_name.'" value="Check">'.
|
| 25 |
'</form>';
|
| 38 |
echo '<form action="" method="post">'.
|
| 39 |
'<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
|
| 40 |
'<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
|
| 41 |
+
'<h4>Latest modified files</h4>'.
|
| 42 |
'<p>This test will list all files inside wp-content that have been modified in the past
|
| 43 |
|
| 44 |
<select name="sucuriwp_content_check_back">
|
| 88 |
|
| 89 |
sucuriscan_core_integrity_function_wrapper(
|
| 90 |
'sucuriwp_core_integrity_check',
|
| 91 |
+
'Verify Integrity of WordPress Core Files',
|
| 92 |
'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
|
| 93 |
);
|
| 94 |
|
| 96 |
|
| 97 |
sucuriscan_core_integrity_function_wrapper(
|
| 98 |
'sucuriwp_list_admins',
|
| 99 |
+
'Admin User Dump',
|
| 100 |
'List all administrator users and their latest login time.'
|
| 101 |
);
|
| 102 |
sucuriscan_core_integrity_function_wrapper(
|
| 103 |
'sucuriwp_check_plugins',
|
| 104 |
+
'Outdated Plugin list',
|
| 105 |
'This test will list any outdated (active) plugins.'
|
| 106 |
);
|
| 107 |
sucuriscan_core_integrity_function_wrapper(
|
| 108 |
'sucuriwp_check_themes',
|
| 109 |
+
'Outdated Theme List',
|
| 110 |
'This test will list any outdated theme.'
|
| 111 |
);
|
| 112 |
?>
|
