Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.5.1

Version Description

Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.5.1
Comparing to
See all releases

Code changes from version 1.5.0 to 1.5.1

Files changed (7) hide show
  1. inc/css/sucuriscan-default-css.css +2 -0
  2. inc/tpl/posthack.html.tpl +2 -2
  3. lib/core_integrity.php +66 -84
  4. lib/hardening.php +2 -7
  5. readme.txt +2 -2
  6. sucuri.php +21 -4
  7. sucuriscan_core_integrity.php +82 -49
inc/css/sucuriscan-default-css.css CHANGED
@@ -23,3 +23,5 @@
23
  .sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
24
  .sucuriscan-maincontent table td > table{background:#fff}
25
  .sucuriscan-maincontent table td > table th{padding:4px 8px}
 
 
23
  .sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
24
  .sucuriscan-maincontent table td > table{background:#fff}
25
  .sucuriscan-maincontent table td > table th{padding:4px 8px}
26
+ .sucuriscan-maincontent .sucuriscan-lastmodified td, .sucuriscan-maincontent .sucuriscan-corefiles td{font-family:Monaco, Monspace, Courier;font-weight:bold}
27
+ .sucuriscan-maincontent .sucuriscan-corefiles tr > th{background:#f1f1f1;background-image:-webkit-gradient(linear,left bottom,left top,from(#ececec),to(#f9f9f9));background-image:-webkit-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-moz-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-o-linear-gradient(bottom,#ececec,#f9f9f9);background-image:linear-gradient(to top,#ececec,#f9f9f9)}
inc/tpl/posthack.html.tpl CHANGED
@@ -22,7 +22,7 @@
22
 
23
  <p>
24
  Use this button to update the security keys stored in the <code>wp-config.php</code>
25
- file, we will use the official Wordpress Secret-Key API Generator. After the
26
  update your current session will be closed and you'll need to login again.
27
  </p>
28
 
@@ -51,7 +51,7 @@
51
  <p>
52
  Use this button to reset the current password for some specific users or for all
53
  of them. We will send an email to each of those users adivising the password change
54
- that includes the new password automatically generated by Wordpress. After the
55
  password reset your current session will be closed and you'll need to login again.
56
  </p>
57
 
22
 
23
  <p>
24
  Use this button to update the security keys stored in the <code>wp-config.php</code>
25
+ file, we will use the official WordPress Secret-Key API Generator. After the
26
  update your current session will be closed and you'll need to login again.
27
  </p>
28
 
51
  <p>
52
  Use this button to reset the current password for some specific users or for all
53
  of them. We will send an email to each of those users adivising the password change
54
+ that includes the new password automatically generated by WordPress. After the
55
  password reset your current session will be closed and you'll need to login again.
56
  </p>
57
 
lib/core_integrity.php CHANGED
@@ -8,18 +8,6 @@ if(!defined('SUCURISCAN'))
8
  return(0);
9
  }
10
 
11
- function sucuriscan_core_integrity_wrapper($content, $msg)
12
- {
13
- echo '<div class="postbox">';
14
- echo '<h3>'.$msg.'</h3>';
15
- echo '<div class="inside">';
16
- foreach ($content as $key => $value) {
17
- echo "<p>$key</p>";
18
- }
19
- echo '</div>';
20
- echo '</div>';
21
- }
22
-
23
  function read_dir_r($dir = "./", $recursiv = false)
24
  {
25
  $skipname = basename(__FILE__);
@@ -70,19 +58,10 @@ function sucuriwp_core_integrity_check()
70
 
71
  $cp = 0;
72
  $updates = get_core_updates();
73
- if (!is_array($updates))
74
- {
75
  $cp = 1;
76
  }
77
- else if(empty($updates))
78
- {
79
- $cp = 1;
80
- }
81
- else if($updates[0]->response == 'latest')
82
- {
83
- $cp = 1;
84
- }
85
- if(strcmp($wp_version, "3.4.2") < 0)
86
  {
87
  $cp = 0;
88
  }
@@ -90,69 +69,91 @@ function sucuriwp_core_integrity_check()
90
 
91
  if($cp == 0)
92
  {
93
- echo '<p><img style="position:relative;top:5px" height="22" width="22"'.
94
- 'src="'.SUCURI_URL.'images/warn.png" /> &nbsp; Your current version ('.$wp_version.') is not the latest. <a class="button-primary" href="update-core.php">Update now!</a> to be able to run the integrity check.</p>';
 
95
  }
96
  else
97
  {
 
 
 
98
 
99
- $wp_core_latest_hashes = json_decode(file_get_contents("http://wordpress.sucuri.net/wp_core_latest_hashes.json"), true);
 
 
100
 
101
- $wp_includes_hashes = read_dir_r( ABSPATH . "wp-includes", true);
102
- $wp_admin_hashes = read_dir_r( ABSPATH . "wp-admin", true);
103
- $wp_top_hashes = read_dir_r( ABSPATH , false);
104
 
105
- $wp_core_hashes = array_merge( $wp_includes_hashes , $wp_admin_hashes );
106
- $wp_core_hashes = array_merge( $wp_core_hashes , $wp_top_hashes );
 
 
 
 
107
 
108
- $added = @array_diff_assoc( $wp_core_hashes, $wp_core_latest_hashes ); //files added
109
- $removed = @array_diff_assoc( $wp_core_latest_hashes, $wp_core_hashes ); //files deleted
110
- unset($removed['wp_version']); //ignore wp_version key
111
- $compcurrent = @array_diff_key( $wp_core_hashes, $added ); //remove all added files from current filelist
112
- $complog = @array_diff_key( $wp_core_latest_hashes, $removed ); //remove all deleted files from old file list
113
- $modified = array(); //array of modified files
114
 
115
- //compare file hashes and mod dates
116
- foreach ( $compcurrent as $currfile => $currattr) {
117
 
118
- if ( array_key_exists( $currfile, $complog ) ) {
 
 
 
119
 
120
- //if attributes differ added to modified files array
121
- if ( strcmp( $currattr['md5'], $complog[$currfile]['md5'] ) != 0 ) {
122
- $modified[$currfile]['md5'] = $currattr['md5'];
123
  }
124
 
125
  }
126
 
127
- }
 
 
 
 
128
 
129
- //ignore some junk files
130
- if($curlang != "en_US")
131
- {
132
- //ignore added files
133
- unset($added['./licencia.txt']);
134
 
135
- //ignore removed files
136
- unset($removed['./license.txt']);
 
 
 
 
137
 
138
- //ignore modified files
139
- unset($modified['./wp-includes/version.php']);
140
- unset($modified['./wp-admin/setup-config.php']);
141
- unset($modified['./readme.html']);
142
- unset($modified['./wp-config-sample.php']);
 
 
143
  }
144
-
145
- //get count of changes
146
- $addcount = sizeof( $added );
147
- $removecount = sizeof( $removed );
148
- $changecount = sizeof( $modified );
149
-
150
- sucuriscan_core_integrity_wrapper($added, "Core File Added: $addcount");
151
- sucuriscan_core_integrity_wrapper($removed, "Core File Removed: $removecount");
152
- sucuriscan_core_integrity_wrapper($modified, "Core File Modified: $changecount");
153
  }
154
  }
155
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
156
  function sucuriwp_list_admins($userlevel = '10') {
157
 
158
  global $wpdb;
@@ -202,25 +203,6 @@ function sucuriwp_list_admins($userlevel = '10') {
202
  echo sucuriscan_get_template('integrity-admins.html.tpl', $template_variables);
203
  }
204
 
205
- function sucuriwp_content_check()
206
- {
207
- $wp_content_hashes = read_dir_r( ABSPATH . "wp-content", true);
208
- $days = htmlspecialchars(trim((int)$_POST['sucuriwp_content_check_back']));
209
- $back_days = current_time( 'timestamp' ) - ( $days * 86400);
210
-
211
- echo '<div class="postbox">';
212
- echo "<h3>wp_content latest modified files</h3>";
213
- echo '<div class="inside">';
214
- foreach ( $wp_content_hashes as $key => $value) {
215
- if ($value['time'] >= $back_days ){
216
- $date = date('d-m-Y H:i:s', $value['time']);
217
- echo "<p>$key : $date </p>";
218
- }
219
- }
220
- echo '</div>';
221
- echo '</div>';
222
- }
223
-
224
  function sucuriwp_check_plugins()
225
  {
226
  do_action("wp_update_plugins"); // force WP to check plugins for updates
8
  return(0);
9
  }
10
 
 
 
 
 
 
 
 
 
 
 
 
 
11
  function read_dir_r($dir = "./", $recursiv = false)
12
  {
13
  $skipname = basename(__FILE__);
58
 
59
  $cp = 0;
60
  $updates = get_core_updates();
61
+ if( !is_array($updates) || empty($updates) || $updates[0]->response=='latest' ){
 
62
  $cp = 1;
63
  }
64
+ if(strcmp($wp_version, "3.7") < 0)
 
 
 
 
 
 
 
 
65
  {
66
  $cp = 0;
67
  }
69
 
70
  if($cp == 0)
71
  {
72
+ echo '<p><img style="position:relative;top:5px" height="22" width="22" '
73
+ .'src="'.SUCURI_URL.'images/warn.png" /> &nbsp; Your current version ('.$wp_version.') is not the latest. '
74
+ .'<a class="button-primary" href="update-core.php">Update now!</a> to be able to run the integrity check.</p>';
75
  }
76
  else
77
  {
78
+ $latest_hashes = @file_get_contents("http://wordpress.sucuri.net/wp_core_latest_hashes.json");
79
+ if($latest_hashes){
80
+ $wp_core_latest_hashes = json_decode($latest_hashes, true);
81
 
82
+ $wp_includes_hashes = read_dir_r( ABSPATH . "wp-includes", true);
83
+ $wp_admin_hashes = read_dir_r( ABSPATH . "wp-admin", true);
84
+ $wp_top_hashes = read_dir_r( ABSPATH , false);
85
 
86
+ $wp_core_hashes = array_merge( $wp_includes_hashes , $wp_admin_hashes );
87
+ $wp_core_hashes = array_merge( $wp_core_hashes , $wp_top_hashes );
 
88
 
89
+ $added = @array_diff_assoc( $wp_core_hashes, $wp_core_latest_hashes ); //files added
90
+ $removed = @array_diff_assoc( $wp_core_latest_hashes, $wp_core_hashes ); //files deleted
91
+ unset($removed['wp_version']); //ignore wp_version key
92
+ $compcurrent = @array_diff_key( $wp_core_hashes, $added ); //remove all added files from current filelist
93
+ $complog = @array_diff_key( $wp_core_latest_hashes, $removed ); //remove all deleted files from old file list
94
+ $modified = array(); //array of modified files
95
 
96
+ //compare file hashes and mod dates
97
+ foreach ( $compcurrent as $currfile => $currattr) {
 
 
 
 
98
 
99
+ if ( array_key_exists( $currfile, $complog ) ) {
 
100
 
101
+ //if attributes differ added to modified files array
102
+ if ( strcmp( $currattr['md5'], $complog[$currfile]['md5'] ) != 0 ) {
103
+ $modified[$currfile]['md5'] = $currattr['md5'];
104
+ }
105
 
 
 
 
106
  }
107
 
108
  }
109
 
110
+ //ignore some junk files
111
+ if($curlang != "en_US")
112
+ {
113
+ //ignore added files
114
+ unset($added['./licencia.txt']);
115
 
116
+ //ignore removed files
117
+ unset($removed['./license.txt']);
 
 
 
118
 
119
+ //ignore modified files
120
+ unset($modified['./wp-includes/version.php']);
121
+ unset($modified['./wp-admin/setup-config.php']);
122
+ unset($modified['./readme.html']);
123
+ unset($modified['./wp-config-sample.php']);
124
+ }
125
 
126
+ sucuriscan_draw_corefiles_status(array(
127
+ 'added'=>$added,
128
+ 'removed'=>$removed,
129
+ 'modified'=>$modified
130
+ ));
131
+ }else{
132
+ sucuriscan_admin_notice('error', 'Error retrieving the wordpress core hashes, try again.');
133
  }
 
 
 
 
 
 
 
 
 
134
  }
135
  }
136
 
137
+ function sucuriscan_draw_corefiles_status($list=array()){
138
+ if( is_array($list) && !empty($list) ): ?>
139
+ <table class="wp-list-table widefat sucuriscan-corefiles">
140
+ <thead>
141
+ <tr><th>Core files altered</th></tr>
142
+ </thead>
143
+ <tbody>
144
+ <?php
145
+ foreach($list as $core_file_type=>$core_file_list){
146
+ printf('<tr><th>Core File %s: %d</th></tr>', ucwords($core_file_type), sizeof($core_file_list));
147
+ foreach($core_file_list as $filepath=>$extrainfo){
148
+ printf('<tr><td>%s</td></tr>', $filepath);
149
+ }
150
+ }
151
+ ?>
152
+ </tbody>
153
+ </table>
154
+ <?php endif; ?>
155
+ <?php }
156
+
157
  function sucuriwp_list_admins($userlevel = '10') {
158
 
159
  global $wpdb;
203
  echo sucuriscan_get_template('integrity-admins.html.tpl', $template_variables);
204
  }
205
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
206
  function sucuriwp_check_plugins()
207
  {
208
  do_action("wp_update_plugins"); // force WP to check plugins for updates
lib/hardening.php CHANGED
@@ -93,7 +93,7 @@ function sucuriscan_harden_version()
93
  {
94
  $cp = 1;
95
  }
96
- if(strcmp($wp_version, "3.4.2") < 0)
97
  {
98
  $cp = 0;
99
  }
@@ -361,12 +361,7 @@ function sucuriscan_harden_phpversion()
361
  }
362
 
363
  function sucuriscan_cloudproxy_enabled(){
364
- $enabled = FALSE;
365
-
366
- if(
367
- isset($_SERVER['SUCURIREAL_REMOTE_ADDR'])
368
- || preg_match('/cloudproxy.*\.sucuri\.net/', gethostbyaddr(gethostbyname($_SERVER['HTTP_HOST'])))
369
- ){ $enabled = TRUE; }
370
 
371
  sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
372
  sucuriscan_harden_status(
93
  {
94
  $cp = 1;
95
  }
96
+ if(strcmp($wp_version, "3.7") < 0)
97
  {
98
  $cp = 0;
99
  }
361
  }
362
 
363
  function sucuriscan_cloudproxy_enabled(){
364
+ $enabled = sucuriscan_is_behind_cloudproxy();
 
 
 
 
 
365
 
366
  sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
367
  sucuriscan_harden_status(
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dd@sucuri.net, dremeda
3
  Donate Link: http://sitecheck.sucuri.net
4
  Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
  Requires at least:3.2
6
- Stable tag:1.5.0
7
- Tested up to: 3.6
8
 
9
  The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
10
 
3
  Donate Link: http://sitecheck.sucuri.net
4
  Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
  Requires at least:3.2
6
+ Stable tag:1.5.1
7
+ Tested up to: 3.7.1
8
 
9
  The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
10
 
sucuri.php CHANGED
@@ -6,8 +6,8 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
6
 
7
  You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
 
9
- Author: Sucuri Security
10
- Version: 1.5.0
11
  Author URI: http://sucuri.net
12
  */
13
 
@@ -23,7 +23,7 @@ if(!function_exists('add_action'))
23
  @ignore_user_abort(TRUE);
24
 
25
  define('SUCURISCAN','sucuriscan');
26
- define('SUCURISCAN_VERSION','1.5.0');
27
  define('SUCURI_URL',plugin_dir_url( __FILE__ ));
28
  define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29
  define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
@@ -136,6 +136,8 @@ function sucuriscan_print_scan()
136
  echo '</div>';
137
  echo '</div>';
138
  echo '</div>';
 
 
139
  }else{
140
  $res = unserialize($myresults['body']);
141
 
@@ -543,7 +545,7 @@ function sucuriscan_posthack_page()
543
  if( isset($_POST['sucuri_posthack_action']) ){
544
  if( !wp_verify_nonce($_POST['sucuri_posthack_nonce'], 'sucuri_posthack_nonce') )
545
  {
546
- wp_die(__('Wordpress Nonce verification failed, try again going back and checking the form.') );
547
  }
548
 
549
  switch($_POST['sucuri_posthack_action']){
@@ -645,6 +647,21 @@ function sucuriscan_get_remoteaddr()
645
  return $remote_addr;
646
  }
647
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
648
  function sucuriscan_lastlogins_page()
649
  {
650
  if( !current_user_can('manage_options') )
6
 
7
  You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
 
9
+ Author: Sucuri, INC
10
+ Version: 1.5.1
11
  Author URI: http://sucuri.net
12
  */
13
 
23
  @ignore_user_abort(TRUE);
24
 
25
  define('SUCURISCAN','sucuriscan');
26
+ define('SUCURISCAN_VERSION','1.5.1');
27
  define('SUCURI_URL',plugin_dir_url( __FILE__ ));
28
  define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29
  define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
136
  echo '</div>';
137
  echo '</div>';
138
  echo '</div>';
139
+ }else if( preg_match('/^ERROR:/', $myresults['body']) ){
140
+ sucuriscan_admin_notice('error', $myresults['body'].' The URL scanned was: <code>'.$website_scanned.'</code>');
141
  }else{
142
  $res = unserialize($myresults['body']);
143
 
545
  if( isset($_POST['sucuri_posthack_action']) ){
546
  if( !wp_verify_nonce($_POST['sucuri_posthack_nonce'], 'sucuri_posthack_nonce') )
547
  {
548
+ wp_die(__('WordPress Nonce verification failed, try again going back and checking the form.') );
549
  }
550
 
551
  switch($_POST['sucuri_posthack_action']){
647
  return $remote_addr;
648
  }
649
 
650
+ function sucuriscan_is_behind_cloudproxy(){
651
+ $http_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '127.0.0.1';
652
+ if( preg_match('/^(.*):.*/', $http_host, $match) ){ $http_host = $match[1]; }
653
+ $host = gethostbyaddr(gethostbyname($http_host));
654
+
655
+ if(
656
+ isset($_SERVER['SUCURIREAL_REMOTE_ADDR'])
657
+ || preg_match('/cloudproxy.*\.sucuri\.net/', $host)
658
+ ){
659
+ return TRUE;
660
+ }
661
+
662
+ return FALSE;
663
+ }
664
+
665
  function sucuriscan_lastlogins_page()
666
  {
667
  if( !current_user_can('manage_options') )
sucuriscan_core_integrity.php CHANGED
@@ -12,51 +12,84 @@ if(!defined('SUCURISCAN'))
12
 
13
  /* Sucuri WordPress Integrity page. */
14
 
15
- function sucuriscan_core_integrity_function_wrapper($function_name, $stitle, $description)
16
- {
17
- echo '<div class="postbox">';
18
- echo '<div class="inside">';
19
- echo '<form action="" method="post">'.
20
- '<input type="hidden" name="'.$function_name.'nonce" value="'.wp_create_nonce($function_name.'nonce').'" />'.
21
- '<input type="hidden" name="'.$function_name.'" value="'.$function_name.'" />'.
22
- '<h4>'.$stitle.'</h4>'.
23
- '<p>'.$description.'</p>'.
24
- '<input class="button-primary" type="submit" name="'.$function_name.'" value="Check">'.
25
- '</form>';
26
- echo '</div>';
27
- echo '</div>';
28
-
29
- if (isset($_POST[$function_name.'nonce']) && isset($_POST[$function_name])) {
30
- $function_name();
31
- }
32
- }
33
-
34
- function sucuriscan_core_integrity_wp_content_wrapper()
35
- {
36
- echo '<div class="postbox">';
37
- echo '<div class="inside">';
38
- echo '<form action="" method="post">'.
39
- '<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
40
- '<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
41
- '<h4>Latest modified files</h4>'.
42
- '<p>This test will list all files inside wp-content that have been modified in the past
43
-
44
- <select name="sucuriwp_content_check_back">
45
- <option value="1">1</option>
46
- <option value="3">3</option>
47
- <option value="7">7</option>
48
- <option value="30">30</option>
49
- </select> days. (select the number of days first)</p>'.
50
-
51
- '<input class="button-primary" type="submit" name="sucuriwp_content_check" value="Check">'.
52
- '</form>';
53
- echo '</div>';
54
- echo '</div>';
55
-
56
- if (isset($_POST['sucuriwp_content_checknonce']) && isset($_POST['sucuriwp_content_check'])) {
57
- sucuriwp_content_check();
58
- }
59
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
60
 
61
  function sucuriscan_core_integrity_lib()
62
  {
@@ -87,7 +120,7 @@ function sucuriscan_core_integrity_lib()
87
  <?php
88
 
89
  sucuriscan_core_integrity_function_wrapper(
90
- 'sucuriwp_core_integrity_check',
91
  'Verify Integrity of WordPress Core Files',
92
  'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
93
  );
@@ -95,17 +128,17 @@ function sucuriscan_core_integrity_lib()
95
  sucuriscan_core_integrity_wp_content_wrapper();
96
 
97
  sucuriscan_core_integrity_function_wrapper(
98
- 'sucuriwp_list_admins',
99
  'Admin User Dump',
100
  'List all administrator users and their latest login time.'
101
  );
102
  sucuriscan_core_integrity_function_wrapper(
103
- 'sucuriwp_check_plugins',
104
  'Outdated Plugin list',
105
  'This test will list any outdated (active) plugins.'
106
  );
107
  sucuriscan_core_integrity_function_wrapper(
108
- 'sucuriwp_check_themes',
109
  'Outdated Theme List',
110
  'This test will list any outdated theme.'
111
  );
12
 
13
  /* Sucuri WordPress Integrity page. */
14
 
15
+ function sucuriscan_core_integrity_function_wrapper($function_name, $stitle, $description){ ?>
16
+ <div class="postbox">
17
+ <div class="inside">
18
+ <form method="post">
19
+ <input type="hidden" name="<?php echo $function_name; ?>nonce" value="<?php echo wp_create_nonce($function_name.'nonce'); ?>" />
20
+ <input type="hidden" name="<?php echo $function_name; ?>" value="1" />
21
+ <h4><?php echo $stitle; ?></h4>
22
+ <p><?php echo $description; ?></p>
23
+ <input class="button-primary" type="submit" name="<?php echo $function_name; ?>" value="Check" />
24
+ </form>
25
+ <br />
26
+ <?php
27
+ if (isset($_POST[$function_name.'nonce']) && isset($_POST[$function_name])) {
28
+ if( function_exists($function_name) ){
29
+ $function_name();
30
+ }
31
+ }
32
+ ?>
33
+ </div>
34
+ </div>
35
+ <?php }
36
+
37
+ function sucuriscan_core_integrity_wp_content_wrapper(){ ?>
38
+ <div class="postbox">
39
+ <h3>Latest modified files</h3>
40
+ <div class="inside">
41
+ <form method="post">
42
+ <input type="hidden" name="sucuriwp_content_checknonce" value="<?php echo wp_create_nonce('sucuriwp_content_checknonce'); ?>" />
43
+ <input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />
44
+ <p>
45
+ This test will list all files inside wp-content that have been modified in the past
46
+ <select name="sucuriwp_content_check_back">
47
+ <?php foreach(array( 1,3,7,30 ) as $days): ?>
48
+ <?php $selected =
49
+ ( isset($_POST['sucuriwp_content_check_back']) && $_POST['sucuriwp_content_check_back']==$days )
50
+ ? 'selected="selected"' : ''; ?>
51
+ <option value="<?php echo $days; ?>" <?php echo $selected; ?>><?php echo $days; ?></option>
52
+ <?php endforeach; ?>
53
+ </select> days. (select the number of days first)
54
+ </p>
55
+ <input class="button-primary" type="submit" name="sucuriwp_content_check" value="Check">
56
+ </form>
57
+
58
+ <?php if (
59
+ isset($_POST['sucuriwp_content_checknonce'])
60
+ // && wp_verify_nonce($_POST['sucuriwp_content_checknonce'], 'sucuriwp_content_checknonce')
61
+ && isset($_POST['sucuriwp_content_check'])
62
+ ): ?>
63
+ <br />
64
+ <table class="wp-list-table widefat sucuriscan-lastmodified">
65
+ <thead>
66
+ <tr>
67
+ <th colspan="2">wp_content latest modified files</th>
68
+ </tr>
69
+ <tr>
70
+ <th class="manage-column">Filepath</th>
71
+ <th class="manage-column">Modification date/time</th>
72
+ </tr>
73
+ </thead>
74
+ <tbody>
75
+ <?php
76
+ $wp_content_hashes = read_dir_r(ABSPATH.'wp-content', true);
77
+ $days = htmlspecialchars(trim((int)$_POST['sucuriwp_content_check_back']));
78
+ $back_days = current_time( 'timestamp' ) - ( $days * 86400);
79
+
80
+ foreach ( $wp_content_hashes as $key => $value) {
81
+ if ($value['time'] >= $back_days ){
82
+ $date = date('d-m-Y H:i:s', $value['time']);
83
+ printf('<tr><td>%s</td><td>%s</td></tr>', $key, $date);
84
+ }
85
+ }
86
+ ?>
87
+ </tbody>
88
+ </table>
89
+ <?php endif; ?>
90
+ </div>
91
+ </div>
92
+ <?php }
93
 
94
  function sucuriscan_core_integrity_lib()
95
  {
120
  <?php
121
 
122
  sucuriscan_core_integrity_function_wrapper(
123
+ 'sucuriwp_core_integrity_check',
124
  'Verify Integrity of WordPress Core Files',
125
  'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
126
  );
128
  sucuriscan_core_integrity_wp_content_wrapper();
129
 
130
  sucuriscan_core_integrity_function_wrapper(
131
+ 'sucuriwp_list_admins',
132
  'Admin User Dump',
133
  'List all administrator users and their latest login time.'
134
  );
135
  sucuriscan_core_integrity_function_wrapper(
136
+ 'sucuriwp_check_plugins',
137
  'Outdated Plugin list',
138
  'This test will list any outdated (active) plugins.'
139
  );
140
  sucuriscan_core_integrity_function_wrapper(
141
+ 'sucuriwp_check_themes',
142
  'Outdated Theme List',
143
  'This test will list any outdated theme.'
144
  );