Sucuri Security – Auditing, Malware Scanner and Security Hardening

Version Description

Adding additional information about .htaccess hacks and the server environment.

Release Info

Developer	dd@sucuri.net
Plugin	Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version	1.5.2
Comparing to
See all releases

Code changes from version 1.5.1 to 1.5.2

Files changed (12) hide show

inc/css/sucuriscan-default-css.css +9 -0
inc/tpl/infosys-htaccess.html.tpl +24 -0
inc/tpl/infosys-loggedin.html.tpl +19 -0
inc/tpl/infosys-loggedin.snippet.tpl +10 -0
inc/tpl/infosys-wpconfig.html.tpl +22 -0
inc/tpl/infosys-wpconfig.snippet.tpl +4 -0
inc/tpl/infosys.html.tpl +23 -0
inc/tpl/initial-page.html.tpl +3 -1
inc/tpl/lastlogins.html.tpl +4 -1
inc/tpl/posthack.html.tpl +4 -1
readme.txt +4 -1
sucuri.php +358 -5

inc/css/sucuriscan-default-css.css CHANGED Viewed

@@ -25,3 +25,12 @@
             .sucuriscan-maincontent table td > table th{padding:4px 8px}
             .sucuriscan-maincontent .sucuriscan-lastmodified td, .sucuriscan-maincontent .sucuriscan-corefiles td{font-family:Monaco, Monspace, Courier;font-weight:bold}
             .sucuriscan-maincontent .sucuriscan-corefiles tr > th{background:#f1f1f1;background-image:-webkit-gradient(linear,left bottom,left top,from(#ececec),to(#f9f9f9));background-image:-webkit-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-moz-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-o-linear-gradient(bottom,#ececec,#f9f9f9);background-image:linear-gradient(to top,#ececec,#f9f9f9)}


25	.sucuriscan-maincontent table td > table th{padding:4px 8px}
26	.sucuriscan-maincontent .sucuriscan-lastmodified td, .sucuriscan-maincontent .sucuriscan-corefiles td{font-family:Monaco, Monspace, Courier;font-weight:bold}
27	.sucuriscan-maincontent .sucuriscan-corefiles tr > th{background:#f1f1f1;background-image:-webkit-gradient(linear,left bottom,left top,from(#ececec),to(#f9f9f9));background-image:-webkit-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-moz-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-o-linear-gradient(bottom,#ececec,#f9f9f9);background-image:linear-gradient(to top,#ececec,#f9f9f9)}
28	+ .sucuriscan-maincontent .thead-with-button span{line-height:24px}
29	+ .sucuriscan-maincontent .thead-with-button .input-text{line-height:22px}
30	+ .sucuriscan-maincontent .thead-topright-action{display:inline-block;float:right}
31	+
32	+ .sucuriscan-monospace{font-family: Monaco, Monospace, Courier;line-height:26px}
33	+ .sucuriscan-maincontent .sucuri-infosys-htaccess{margin:20px 0 0 0}
34	+ .sucuriscan-maincontent .sucuri-full-textarea{width:100%;height:200px;line-height:normal;resize:vertical;padding:10px}
35	+ .sucuriscan-maincontent .sucuri-notice-error{background:#ffebe8;margin:5px 0 15px;padding:0 .6em;border:1px solid #c00;border-radius:3px}
36	+ .sucuriscan-wpconfig-textarea{width:600px;height:525px;background:#f5f5f5;line-height:1.4em;resize:none;margin:15px 0 0 0;padding:10px}

inc/tpl/infosys-htaccess.html.tpl ADDED Viewed

	@@ -0,0 +1,24 @@


1	+
2	+ <div id="poststuff" class="sucuri-infosys-htaccess">
3	+ <div class="postbox">
4	+ <h3>HTAccess Integrity</h3>
5	+ <div class="inside">
6	+ <p>
7	+ The <code>.htaccess</code> is a distributed configuration file, and is how Apache handles
8	+ configuration changes on a per-directory basis. WordPress uses this file to manipulate how
9	+ Apache serves files from its root directory, and subdirectories thereof. Most notably, WP
10	+ modifies this file to be able to handle pretty permalinks.
11	+ </p>
12	+
13	+ <div class="sucuri-notice-error sucuri-alert sucuri-alert-%%SUCURI.HTAccess.MessageType%% %%SUCURI.HTAccess.MessageVisible%%">
14	+ <p>%%SUCURI.HTAccess.Message%%</p>
15	+ </div>
16	+
17	+ <textarea class="sucuri-full-textarea sucuriscan-monospace %%SUCURI.HTAccess.TextareaVisible%%">%%SUCURI.HTAccess.Content%%</textarea>
18	+
19	+ <p>
20	+ <small>Source <a href="http://codex.wordpress.org/htaccess" target="_blank">Codex WordPress HTAccess</a></small>
21	+ </p>
22	+ </div>
23	+ </div>
24	+ </div>

inc/tpl/infosys-loggedin.html.tpl ADDED Viewed

	@@ -0,0 +1,19 @@


1	+
2	+ <table class="wp-list-table widefat sucuri-loggedin-users">
3	+ <thead>
4	+ <tr>
5	+ <th colspan="6">Logged in Users (%%SUCURI.LoggedInUsers.Total%% users)</th>
6	+ </tr>
7	+ <tr>
8	+ <th>ID</th>
9	+ <th>Username</th>
10	+ <th>Last Activity (GMT/UTC)</th>
11	+ <th>Registered (GMT/UTC)</th>
12	+ <th>IP Address</th>
13	+ <th> </th>
14	+ </tr>
15	+ </thead>
16	+ <tbody>
17	+ %%SUCURI.LoggedInUsers.List%%
18	+ </tbody>
19	+ </table>

inc/tpl/infosys-loggedin.snippet.tpl ADDED Viewed

	@@ -0,0 +1,10 @@


1	+ <tr>
2	+ <td>%%SUCURI.LoggedInUsers.Id%%</td>
3	+ <td><a href="mailto:%%SUCURI.LoggedInUsers.UserEmail%%">%%SUCURI.LoggedInUsers.UserLogin%%</a></td>
4	+ <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.LastActivity%%</td>
5	+ <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.Registered%%</td>
6	+ <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
7	+ <td>
8	+ <a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank" class="button-primary">Edit</a>
9	+ </td>
10	+ </tr>

inc/tpl/infosys-wpconfig.html.tpl ADDED Viewed

	@@ -0,0 +1,22 @@


1	+
2	+ <table class="wp-list-table widefat sucuri-wpconfig-rules">
3	+ <thead>
4	+ <th colspan="7" class="thead-with-button">
5	+ <span>WP-Config Variables</span>
6	+ <div class="thead-topright-action">
7	+ <a href="#TB_inline?width=800&height=550&inlineId=sucuri-wpconfig-content" class="button button-primary thickbox">View File</a>
8	+ </div>
9	+ </th>
10	+ <tr>
11	+ <th>Variable Name</th>
12	+ <th>Value</th>
13	+ </tr>
14	+ </thead>
15	+ <tbody>
16	+ %%SUCURI.WordpressConfig.Rules%%
17	+ </tbody>
18	+ </table>
19	+
20	+ <div id="sucuri-wpconfig-content" style="display:none">
21	+ <textarea class="sucuri-full-textarea sucuriscan-wpconfig-textarea sucuriscan-monospace">%%SUCURI.WordpressConfig.Content%%</textarea>
22	+ </div>

inc/tpl/infosys-wpconfig.snippet.tpl ADDED Viewed

	@@ -0,0 +1,4 @@


1	+ <tr>
2	+ <td class="sucuriscan-monospace"><strong>%%SUCURI.WordpressConfig.VariableName%%</strong></td>
3	+ <td class="sucuriscan-monospace">%%SUCURI.WordpressConfig.VariableValue%%</td>
4	+ </tr>

inc/tpl/infosys.html.tpl ADDED Viewed

	@@ -0,0 +1,23 @@


1	+ <div class="wrap">
2	+ <h2 id="warnings_hook"></h2>
3	+ <div class="sucuriscan_header">
4	+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5	+ <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6	+ </a>
7	+ <h2>Sucuri Security WordPress Plugin (Info System)</h2>
8	+ </div>
9	+
10	+
11	+ <div class="postbox-container" style="width:75%;">
12	+ <div class="sucuriscan-maincontent">
13	+ %%SUCURI.LoggedInUsers%%
14	+
15	+ %%SUCURI.HTAccessIntegrity%%
16	+
17	+ %%SUCURI.WordpressConfig%%
18	+ </div><!-- End sucuriscan-maincontent -->
19	+ </div><!-- End postbox-container -->
20	+
21	+ %%SUCURI.SucuriWPSidebar%%
22	+
23	+ </div><!-- End wrap -->

inc/tpl/initial-page.html.tpl CHANGED Viewed

	@@ -1,7 +1,9 @@
1	<div class="wrap">
2	<h2 id="warnings_hook"></h2>
3	<div class="sucuriscan_header">
4	- <~~img~~ ~~src~~="~~%%SUCURI~~.~~PluginURL%%/inc~~/~~images/logo.png~~">


5	<h2>Sucuri SiteCheck Malware Scanner</h2>
6	<br class="clear"/>
7	</div>


1	<div class="wrap">
2	<h2 id="warnings_hook"></h2>
3	<div class="sucuriscan_header">
4	+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5	+ <img src="%%SUCURI.PluginURL%%/inc/images/logo.png" alt="Sucuri Security" />
6	+ </a>
7	<h2>Sucuri SiteCheck Malware Scanner</h2>
8	<br class="clear"/>
9	</div>

inc/tpl/lastlogins.html.tpl CHANGED Viewed

	@@ -1,6 +1,9 @@
1	<div class="wrap">
2	<h2 id="warnings_hook"></h2>
3	- <div class="sucuriscan_header"~~><img src="%%SUCURI.SucuriURL%%/inc/images/logo.png"~~>



4	<h2>Sucuri Security WordPress Plugin</h2>
5	</div>
6


1	<div class="wrap">
2	<h2 id="warnings_hook"></h2>
3	+ <div class="sucuriscan_header">
4	+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5	+ <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6	+ </a>
7	<h2>Sucuri Security WordPress Plugin</h2>
8	</div>
9

inc/tpl/posthack.html.tpl CHANGED Viewed

	@@ -1,6 +1,9 @@
1	<div class="wrap">
2	<h2 id="warnings_hook"></h2>
3	- <div class="sucuriscan_header"~~><img src="%%SUCURI.SucuriURL%%/inc/images/logo.png"~~>



4	<h2>Sucuri Security WordPress Plugin</h2>
5	</div>
6


1	<div class="wrap">
2	<h2 id="warnings_hook"></h2>
3	+ <div class="sucuriscan_header">
4	+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5	+ <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6	+ </a>
7	<h2>Sucuri Security WordPress Plugin</h2>
8	</div>
9

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3	Donate Link: http://sitecheck.sucuri.net
4	Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5	Requires at least:3.2
6	- Stable tag:1.5.1
7	Tested up to: 3.7.1
8
9	The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
	@@ -66,6 +66,9 @@ the compromise on your site).
66
67	== Changelog ==
68



69	= 1.5.0 =
70	* Fixing last login and giving better warns on permission errors.
71	* Making the integrity check messages more clear.


3	Donate Link: http://sitecheck.sucuri.net
4	Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5	Requires at least:3.2
6	+ Stable tag:1.5.2
7	Tested up to: 3.7.1
8
9	The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.

66
67	== Changelog ==
68
69	+ = 1.5.2 =
70	+ * Adding additional information about .htaccess hacks and the server environment.
71	+
72	= 1.5.0 =
73	* Fixing last login and giving better warns on permission errors.
74	* Making the integrity check messages more clear.

sucuri.php CHANGED Viewed

@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
             You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
             Author: Sucuri, INC
-            -
            Version: 1.5.1
             Author URI: http://sucuri.net
             */
@@ -23,7 +23,7 @@ if(!function_exists('add_action'))
             @ignore_user_abort(TRUE);
             define('SUCURISCAN','sucuriscan');
-            -
            define('SUCURISCAN_VERSION','1.5.1');
             define('SUCURI_URL',plugin_dir_url( __FILE__ ));
             define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
             define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
@@ -87,6 +87,9 @@ function sucuriscan_menu()
                 add_submenu_page('sucuriscan', 'Last Logins', 'Last Logins', 'manage_options',
                                  'sucuriscan_lastlogins', 'sucuriscan_lastlogins_page');
+            }
             /* Sucuri malware scan page. */
@@ -118,7 +121,10 @@ function sucuriscan_print_scan()
                 echo '<div class="wrap">';
                     echo '<h2 id="warnings_hook"></h2>';
-            -
                    echo '<div class="sucuriscan_header"><img src="'.SUCURI_URL.'/inc/images/logo.png">';
                     sucuriscan_pagestop("Sucuri SiteCheck Malware Scanner");
                     echo '</div>';
@@ -307,7 +313,10 @@ function sucuriscan_hardening_page()
                 echo '<div class="wrap">';
                 echo '<h2 id="warnings_hook"></h2>';
-            -
                echo '<div class="sucuriscan_header"><img src="'.SUCURI_URL.'/inc/images/logo.png">';
                 sucuriscan_pagestop("Sucuri 1-Click Hardening Options");
                 echo '</div>';
@@ -342,7 +351,10 @@ function sucuriscan_core_integrity_page()
                 echo '<div class="wrap">';
                 echo '<h2 id="warnings_hook"></h2>';
-            -
                echo '<div class="sucuriscan_header"><img src="'.SUCURI_URL.'/inc/images/logo.png">';
                 sucuriscan_pagestop("Sucuri WordPress Integrity");
                 echo '</div>';
@@ -662,6 +674,12 @@ function sucuriscan_is_behind_cloudproxy(){
                 return FALSE;
+            }
             function sucuriscan_lastlogins_page()
+            {
                 if( !current_user_can('manage_options') )
@@ -832,3 +850,338 @@ if( !function_exists('sucuri_get_user_lastlogin') ){
+                }
                 add_action('admin_notices', 'sucuriscan_get_user_lastlogin');
+            }


7	You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9	Author: Sucuri, INC
10	+ Version: 1.5.2
11	Author URI: http://sucuri.net
12	*/
13

23	@ignore_user_abort(TRUE);
24
25	define('SUCURISCAN','sucuriscan');
26	+ define('SUCURISCAN_VERSION','1.5.2');
27	define('SUCURI_URL',plugin_dir_url( __FILE__ ));
28	define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29	define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);

87
88	add_submenu_page('sucuriscan', 'Last Logins', 'Last Logins', 'manage_options',
89	'sucuriscan_lastlogins', 'sucuriscan_lastlogins_page');
90	+
91	+ add_submenu_page('sucuriscan', 'Info System', 'Info System', 'manage_options',
92	+ 'sucuriscan_infosys', 'sucuriscan_infosys_page');
93	}
94
95	/* Sucuri malware scan page. */

121
122	echo '<div class="wrap">';
123	echo '<h2 id="warnings_hook"></h2>';
124	+ echo '<div class="sucuriscan_header">';
125	+ echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
126	+ echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
127	+ echo '</a>';
128	sucuriscan_pagestop("Sucuri SiteCheck Malware Scanner");
129	echo '</div>';
130

313
314	echo '<div class="wrap">';
315	echo '<h2 id="warnings_hook"></h2>';
316	+ echo '<div class="sucuriscan_header">';
317	+ echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
318	+ echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
319	+ echo '</a>';
320	sucuriscan_pagestop("Sucuri 1-Click Hardening Options");
321	echo '</div>';
322

351
352	echo '<div class="wrap">';
353	echo '<h2 id="warnings_hook"></h2>';
354	+ echo '<div class="sucuriscan_header">';
355	+ echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
356	+ echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
357	+ echo '</a>';
358	sucuriscan_pagestop("Sucuri WordPress Integrity");
359	echo '</div>';
360

674	return FALSE;
675	}
676
677	+
678	+ /**
679	+ * Sucuri Scanner - Last Logins
680	+ * @return Functions associated to the Last Logins page.
681	+ */
682	+
683	function sucuriscan_lastlogins_page()
684	{
685	if( !current_user_can('manage_options') )

850	}
851	add_action('admin_notices', 'sucuriscan_get_user_lastlogin');
852	}
853	+
854	+
855	+ /**
856	+ * Sucuri Scanner - Info System
857	+ * @return Functions associated to the Info System page.
858	+ */
859	+
860	+ function sucuriscan_is_multisite(){
861	+ if( function_exists('is_multisite') && is_multisite() ){ return TRUE; }
862	+ return FALSE;
863	+ }
864	+
865	+
866	+ function sucuriscan_get_wpconfig_path(){
867	+ $wp_config_path = ABSPATH.'wp-config.php';
868	+
869	+ // if wp-config.php doesn't exist/not readable check one directory up
870	+ if( !is_readable($wp_config_path)){
871	+ $wp_config_path = ABSPATH.'/../wp-config.php';
872	+ }
873	+ return $wp_config_path;
874	+ }
875	+
876	+
877	+ function sucuriscan_get_htaccess_path(){
878	+ $htaccess_path = ABSPATH.'.htaccess';
879	+ if( file_exists($htaccess_path) ){
880	+ return $htaccess_path;
881	+ }
882	+ return FALSE;
883	+ }
884	+
885	+
886	+ function sucuriscan_infosys_page(){
887	+ if( !current_user_can('manage_options') )
888	+ {
889	+ wp_die(__('You do not have sufficient permissions to access this page: Sucuri Last-Logins') );
890	+ }
891	+
892	+ // Page pseudo-variables initialization.
893	+ $template_variables = array(
894	+ 'SucuriURL'=>SUCURI_URL,
895	+ 'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
896	+ 'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page']
897	+ );
898	+
899	+ $template_variables['LoggedInUsers'] = sucuriscan_infosys_loggedin();
900	+ $template_variables['HTAccessIntegrity'] = sucuriscan_infosys_htaccess();
901	+ $template_variables['WordpressConfig'] = sucuriscan_infosys_wpconfig();
902	+
903	+ echo sucuriscan_get_template('infosys.html.tpl', $template_variables);
904	+ }
905	+
906	+
907	+ function sucuriscan_infosys_htaccess(){
908	+ $htaccess_path = sucuriscan_get_htaccess_path();
909	+ $template_variables = array(
910	+ 'HTAccess.Content' => '',
911	+ 'HTAccess.Message' => '',
912	+ 'HTAccess.MessageType' => '',
913	+ 'HTAccess.MessageVisible' => 'hidden',
914	+ 'HTAccess.TextareaVisible' => 'hidden',
915	+ );
916	+
917	+ if( $htaccess_path ){
918	+ $htaccess_rules = file_get_contents($htaccess_path);
919	+ $template_variables['HTAccess.TextareaVisible'] = 'visible';
920	+ $template_variables['HTAccess.Content'] = $htaccess_rules;
921	+
922	+ if( sucuriscan_htaccess_is_standard($htaccess_rules) ){
923	+ $template_variables['HTAccess.Message'] = '
924	+ The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the
925	+ performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at
926	+ <a href="http://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29" target="_blank">Codex WordPrexx - Creating and editing (.htaccess)</a>';
927	+ $template_variables['HTAccess.MessageType'] = 'updated';
928	+ $template_variables['HTAccess.MessageVisible'] = 'visible';
929	+ }
930	+
931	+ }else{
932	+ $template_variables['HTAccess.Message'] = 'Your website does not contains a <code>.htaccess</code> file or it was not found in the default location.';
933	+ $template_variables['HTAccess.MessageType'] = 'error';
934	+ $template_variables['HTAccess.MessageVisible'] = 'visible';
935	+ }
936	+
937	+ return sucuriscan_get_template('infosys-htaccess.html.tpl', $template_variables);
938	+ }
939	+
940	+
941	+ function sucuriscan_htaccess_is_standard($rules=FALSE){
942	+ if( $rules===FALSE ){
943	+ $htaccess_path = sucuriscan_get_htaccess_path();
944	+ $rules = $htaccess_path ? file_get_contents($htaccess_path) : '';
945	+ }
946	+
947	+ if( !empty($rules) ){
948	+ $standard_lines = array(
949	+ '# BEGIN WordPress',
950	+ '<IfModule mod_rewrite\.c>',
951	+ 'RewriteEngine On',
952	+ 'RewriteBase \/',
953	+ 'RewriteRule .index.\.php. - \[L\]',
954	+ 'RewriteCond %\{REQUEST_FILENAME\} \!-f',
955	+ 'RewriteCond %\{REQUEST_FILENAME\} \!-d',
956	+ 'RewriteRule \. \/index\.php \[L\]',
957	+ '<\/IfModule>',
958	+ '# END WordPress',
959	+ );
960	+ $pattern = '';
961	+ $standard_lines_total = count($standard_lines);
962	+ foreach($standard_lines as $i=>$line){
963	+ if( $i < ($standard_lines_total-1) ){
964	+ $end_of_line = "\n";
965	+ }else{
966	+ $end_of_line = '';
967	+ }
968	+ $pattern .= sprintf("%s%s", $line, $end_of_line);
969	+ }
970	+
971	+ if( preg_match("/{$pattern}/", $rules) ){
972	+ return TRUE;
973	+ }
974	+ }
975	+
976	+ return FALSE;
977	+ }
978	+
979	+
980	+ function sucuriscan_infosys_wpconfig(){
981	+ $template_variables = array(
982	+ 'WordpressConfig.Rules' => '',
983	+ 'WordpressConfig.Total' => 0,
984	+ 'WordpressConfig.Content' => '',
985	+ );
986	+
987	+ $wp_config_path = sucuriscan_get_wpconfig_path();
988	+ if( $wp_config_path ){
989	+ add_thickbox();
990	+ $wp_config_content = file($wp_config_path);
991	+ $template_variables['WordpressConfig.Content'] = file_get_contents($wp_config_path);
992	+
993	+ // Read WordPress main configuration file as text plain.
994	+ $wp_config_rules = array();
995	+ foreach( (array)$wp_config_content as $line ){
996	+ $line = str_replace("\n", '', $line);
997	+
998	+ // Ignore useless lines and append to the clean string the important lines.
999	+ if( preg_match('/^define\(/', $line) ){
1000	+ $line = str_replace('define(', '', $line);
1001	+ $line = str_replace(');', '', $line);
1002	+ $line_parts = explode(',', $line, 2);
1003	+ }
1004	+ else if( preg_match('/^\$[a-zA-Z_]+/', $line) ){
1005	+ $line_parts = explode('=', $line, 2);
1006	+ }
1007	+ else{ continue; }
1008	+
1009	+ // Clean and append the rule to the wp_config_rules variable.
1010	+ if( isset($line_parts) && count($line_parts)==2 ){
1011	+ $key_name = $key_value = '';
1012	+ foreach($line_parts as $i=>$line_part){
1013	+ $line_part = trim($line_part);
1014	+ $line_part = ltrim($line_part, '$');
1015	+ $line_part = rtrim($line_part, ';');
1016	+
1017	+ // Remove single/double quotes at the beginning and end of the string.
1018	+ $line_part = ltrim($line_part, "'");
1019	+ $line_part = rtrim($line_part, "'");
1020	+ $line_part = ltrim($line_part, '"');
1021	+ $line_part = rtrim($line_part, '"');
1022	+
1023	+ // Assign the clean strings to specific variables.
1024	+ if( $i==0 ){ $key_name = $line_part; }
1025	+ if( $i==1 ){ $key_value = $line_part; }
1026	+ }
1027	+ $wp_config_rules[$key_name] = $key_value;
1028	+ }
1029	+ }
1030	+
1031	+ // Pass the WordPress configuration rules to the template and show them.
1032	+ foreach( $wp_config_rules as $var_name=>$var_value ){
1033	+ $template_variables['WordpressConfig.Total'] += 1;
1034	+ $template_variables['WordpressConfig.Rules'] .= sucuriscan_get_template('infosys-wpconfig.snippet.tpl', array(
1035	+ 'WordpressConfig.VariableName' => $var_name,
1036	+ 'WordpressConfig.VariableValue' => htmlentities($var_value),
1037	+ ));
1038	+ }
1039	+ }
1040	+
1041	+ return sucuriscan_get_template('infosys-wpconfig.html.tpl', $template_variables);
1042	+ }
1043	+
1044	+
1045	+ function sucuriscan_infosys_loggedin(){
1046	+ // Get user logged in list.
1047	+ $template_variables = array(
1048	+ 'LoggedInUsers.List' => '',
1049	+ 'LoggedInUsers.Total' => 0,
1050	+ );
1051	+
1052	+ $logged_in_users = sucuriscan_get_online_users();
1053	+ if( is_array($logged_in_users) && !empty($logged_in_users) ){
1054	+ $template_variables['LoggedInUsers.Total'] = count($logged_in_users);
1055	+
1056	+ foreach( (array)$logged_in_users as $logged_in_user ){
1057	+ $logged_in_user['last_activity_datetime'] = date('d/M/Y H:i', $logged_in_user['last_activity']);
1058	+ $logged_in_user['user_registered_datetime'] = date('d/M/Y H:i', strtotime($logged_in_user['user_registered']));
1059	+
1060	+ $template_variables['LoggedInUsers.List'] .= sucuriscan_get_template('infosys-loggedin.snippet.tpl', array(
1061	+ 'LoggedInUsers.Id' => $logged_in_user['user_id'],
1062	+ 'LoggedInUsers.UserURL' => admin_url('user-edit.php?user_id='.$logged_in_user['user_id']),
1063	+ 'LoggedInUsers.UserLogin' => $logged_in_user['user_login'],
1064	+ 'LoggedInUsers.UserEmail' => $logged_in_user['user_email'],
1065	+ 'LoggedInUsers.LastActivity' => $logged_in_user['last_activity_datetime'],
1066	+ 'LoggedInUsers.Registered' => $logged_in_user['user_registered_datetime'],
1067	+ 'LoggedInUsers.RemoveAddr' => $logged_in_user['remote_addr'],
1068	+ ));
1069	+ }
1070	+ }
1071	+
1072	+ return sucuriscan_get_template('infosys-loggedin.html.tpl', $template_variables);
1073	+ }
1074	+
1075	+
1076	+ function sucuriscan_get_online_users(){
1077	+ if( sucuriscan_is_multisite() ){
1078	+ return get_site_transient('online_users');
1079	+ }else{
1080	+ return get_transient('online_users');
1081	+ }
1082	+ }
1083	+
1084	+
1085	+ function sucuriscan_save_online_users($logged_in_users=array()){
1086	+ $expiration = 30 * 60;
1087	+ if( sucuriscan_is_multisite() ){
1088	+ return set_site_transient('online_users', $logged_in_users, $expiration);
1089	+ }else{
1090	+ return set_transient('online_users', $logged_in_users, $expiration);
1091	+ }
1092	+ }
1093	+
1094	+
1095	+ if( !function_exists('sucuriscan_unset_online_user_on_logout') ){
1096	+ function sucuriscan_unset_online_user_on_logout(){
1097	+ $current_user = wp_get_current_user();
1098	+ $user_id = $current_user->ID;
1099	+ $remote_addr = sucuriscan_get_remoteaddr();
1100	+
1101	+ sucuriscan_unset_online_user($user_id, $remote_addr);
1102	+ }
1103	+
1104	+ add_action('wp_logout', 'sucuriscan_unset_online_user_on_logout');
1105	+ }
1106	+
1107	+ function sucuriscan_unset_online_user($user_id=0, $remote_addr=0){
1108	+ $logged_in_users = sucuriscan_get_online_users();
1109	+
1110	+ // Remove the specified user identifier from the list.
1111	+ if( is_array($logged_in_users) && !empty($logged_in_users) ){
1112	+ foreach($logged_in_users as $i=>$user){
1113	+ if(
1114	+ $user['user_id']==$user_id
1115	+ && strcmp($user['remote_addr'],$remote_addr)==0
1116	+ ){
1117	+ unset($logged_in_users[$i]);
1118	+ break;
1119	+ }
1120	+ }
1121	+ }
1122	+
1123	+ return sucuriscan_save_online_users($logged_in_users);
1124	+ }
1125	+
1126	+
1127	+ if( !function_exists('sucuriscan_set_online_user') ){
1128	+ function sucuriscan_set_online_user($user_login='', $user=FALSE){
1129	+ if( $user ){
1130	+ // Get logged in user information.
1131	+ $current_user = ($user instanceof WP_User) ? $user : wp_get_current_user();
1132	+ $current_user_id = $current_user->ID;
1133	+ $remote_addr = sucuriscan_get_remoteaddr();
1134	+ $current_time = current_time('timestamp');
1135	+ $logged_in_users = sucuriscan_get_online_users();
1136	+
1137	+ // Build the dataset array that will be stored in the transient variable.
1138	+ $current_user_info = array(
1139	+ 'user_id' => $current_user_id,
1140	+ 'user_login' => $current_user->user_login,
1141	+ 'user_email' => $current_user->user_email,
1142	+ 'user_registered' => $current_user->user_registered,
1143	+ 'last_activity' => $current_time,
1144	+ 'remote_addr' => $remote_addr
1145	+ );
1146	+
1147	+ if( !is_array($logged_in_users) \|\| empty($logged_in_users) ){
1148	+ $logged_in_users = array( $current_user_info );
1149	+ sucuriscan_save_online_users($logged_in_users);
1150	+ }else{
1151	+ $do_nothing = FALSE;
1152	+ $update_existing = FALSE;
1153	+ $item_index = 0;
1154	+
1155	+ // Check if the user is already in the logged-in-user list and update it if is necessary.
1156	+ foreach($logged_in_users as $i=>$user){
1157	+ if(
1158	+ $user['user_id']==$current_user_id
1159	+ && strcmp($user['remote_addr'],$remote_addr)==0
1160	+ ){
1161	+ if( $user['last_activity'] < ($current_time - (15 * 60)) ){
1162	+ $update_existing = TRUE;
1163	+ $item_index = $i;
1164	+ break;
1165	+ }else{
1166	+ $do_nothing = TRUE;
1167	+ break;
1168	+ }
1169	+ }
1170	+ }
1171	+
1172	+ if($update_existing){
1173	+ $logged_in_users[$item_index] = $current_user_info;
1174	+ sucuriscan_save_online_users($logged_in_users);
1175	+ }else if($do_nothing){
1176	+ // Do nothing.
1177	+ }else{
1178	+ $logged_in_users[] = $current_user_info;
1179	+ sucuriscan_save_online_users($logged_in_users);
1180	+ }
1181	+ }
1182	+ }
1183	+ }
1184	+
1185	+ add_action('wp_login', 'sucuriscan_set_online_user', 10, 2);
1186	+ }
1187	+

Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.5.2

Version Description

Release Info

Code changes from version 1.5.1 to 1.5.2