Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.5.6

Version Description

  • Added IPv6 support.
  • Fixed links and messaging.
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.5.6
Comparing to
See all releases

Code changes from version 1.5.5 to 1.5.6

inc/css/sucuriscan-default-css.css CHANGED
@@ -11,7 +11,7 @@
11
#sidebar .sucuriscan-sidebar{border:1px solid #ccc;border-bottom-left-radius:5px;border-bottom-right-radius:5px;border-top-left-radius:5px;border-top-right-radius:5px;margin:0 0 10px;padding:10px 15px}
12
#sitecleanup.sucuriscan-sidebar{background-color:#bbe8f5;border-color:#4393ac}
13
#sucuri-latest-posts.sucuriscan-sidebar{background-color:#ececec;border-color:#999}
14
- .sucuriscan-maincontent #poststuff{padding-top:0}
15
.sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
16
.sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
17
.sucuriscan-maincontent a.lastlogins-showall{display:inline-block;float:right}
@@ -25,6 +25,7 @@
25
.sucuri-alert-updated p, .sucuri-alert-error p{margin:.5em 0;padding:2px}
26
.sucuri-inline-error{font-weight:bold;color:red}
27
.sucuri-list li{list-style:disc;margin:0 0 5px 15px}
28
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
29
.sucuriscan-maincontent table td > table{background:#fff}
30
.sucuriscan-maincontent table td > table th{padding:4px 8px}
@@ -42,3 +43,15 @@
42
.sucuriscan-maincontent .sucuriscan-wpcron-list{margin:20px 0 15px 0}
43
.sucuriscan-maincontent .sucuriscan-wpcron-list td+td+td+td{font-family:Monaco, Monspace, Courier;font-weight:bold}
44
.sucuriscan-results .icon-ok, .sucuriscan-results .icon-warn, .sucuriscan-results .icon-error{position:relative;top:5px;width:22px;height:22px}
11
#sidebar .sucuriscan-sidebar{border:1px solid #ccc;border-bottom-left-radius:5px;border-bottom-right-radius:5px;border-top-left-radius:5px;border-top-right-radius:5px;margin:0 0 10px;padding:10px 15px}
12
#sitecleanup.sucuriscan-sidebar{background-color:#bbe8f5;border-color:#4393ac}
13
#sucuri-latest-posts.sucuriscan-sidebar{background-color:#ececec;border-color:#999}
14
+ .sucuriscan-maincontent #poststuff{min-width:initial;padding-top:0}
15
.sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
16
.sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
17
.sucuriscan-maincontent a.lastlogins-showall{display:inline-block;float:right}
25
.sucuri-alert-updated p, .sucuri-alert-error p{margin:.5em 0;padding:2px}
26
.sucuri-inline-error{font-weight:bold;color:red}
27
.sucuri-list li{list-style:disc;margin:0 0 5px 15px}
28
+ .sucuriscan-maincontent .alternate{background:#f5f5f5}
29
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
30
.sucuriscan-maincontent table td > table{background:#fff}
31
.sucuriscan-maincontent table td > table th{padding:4px 8px}
43
.sucuriscan-maincontent .sucuriscan-wpcron-list{margin:20px 0 15px 0}
44
.sucuriscan-maincontent .sucuriscan-wpcron-list td+td+td+td{font-family:Monaco, Monspace, Courier;font-weight:bold}
45
.sucuriscan-results .icon-ok, .sucuriscan-results .icon-warn, .sucuriscan-results .icon-error{position:relative;top:5px;width:22px;height:22px}
46
+ .sucuriscan-last-logins .sucuriscan-time-ago{}
47
+ .sucuriscan-last-logins .sucuriscan-datetime{font-style:italic;color:#999}
48
+ .sucuriscan-scanner-video{width:100%;background:#fff;border:1px solid #ddd}
49
+ .sucuriscan-clearfix:before, .sucuriscan-clearfix:after{display:table;content:' '}
50
+ .sucuriscan-clearfix:after{clear:both}
51
+ .sucuriscan-column-left, .sucuriscan-column-right{width:49%;min-width:initial !important}
52
+ .sucuriscan-column-left{float:left}
53
+ .sucuriscan-column-right{float:right}
54
+ .sucuriscan-hstatus{position:relative;margin:0 -12px;padding:10px 12px;border:1px solid transparent}
55
+ .sucuriscan-hstatus-1{background-color:#dff0d8;color:#3c763d;border-color:#d6e9c6}
56
+ .sucuriscan-hstatus-0{background-color:#f2dede;color:#a94442;border-color:#ebccd1}
57
+ .sucuriscan-hstatus .button-primary, .sucuriscan-hstatus .button-secondary{position:absolute;top:5px;right:5px}
inc/tpl/about.html.tpl CHANGED
@@ -31,21 +31,21 @@
31
</thead>
32
33
<tbody>
34
- <tr><td>Sucuri Plugin version</td><td>%%SUCURI.PluginVersion%%</td></li>
35
<tr><td>Sucuri Plugin MD5Sum (sucuri.php)</td><td>%%SUCURI.PluginMD5%%</td></li>
36
- <tr><td>Sucuri Plugin Last-time scan</td><td>%%SUCURI.PluginRuntimeDatetime%%</td></li>
37
<tr><td>Operating System</td><td>%%SUCURI.OperatingSystem%%</td></li>
38
- <tr><td>Server</td><td>%%SUCURI.Server%%</td></li>
39
<tr><td>Memory usage</td><td>%%SUCURI.MemoryUsage%%</td></li>
40
- <tr><td>MYSQL Version</td><td>%%SUCURI.MySQLVersion%%</td></li>
41
<tr><td>SQL Mode</td><td>%%SUCURI.SQLMode%%</td></li>
42
- <tr><td>PHP Version</td><td>%%SUCURI.PHPVersion%%</td></li>
43
<tr><td>PHP Safe Mode</td><td>%%SUCURI.SafeMode%%</td></li>
44
- <tr><td>PHP Allow URL fopen</td><td>%%SUCURI.AllowUrlFopen%%</td></li>
45
<tr><td>PHP Memory Limit</td><td>%%SUCURI.MemoryLimit%%</td></li>
46
- <tr><td>PHP Max Upload Size</td><td>%%SUCURI.UploadMaxFilesize%%</td></li>
47
<tr><td>PHP Max Post Size</td><td>%%SUCURI.PostMaxSize%%</td></li>
48
- <tr><td>PHP Max Script Execute Time</td><td>%%SUCURI.MaxExecutionTime%%</td></li>
49
<tr><td>PHP Max Input Time</td><td>%%SUCURI.MaxInputTime%%</td></li>
50
</tbody>
51
</table>
31
</thead>
32
33
<tbody>
34
+ <tr class="alternate"><td>Sucuri Plugin version</td><td>%%SUCURI.PluginVersion%%</td></li>
35
<tr><td>Sucuri Plugin MD5Sum (sucuri.php)</td><td>%%SUCURI.PluginMD5%%</td></li>
36
+ <tr class="alternate"><td>Sucuri Plugin Last-time scan</td><td>%%SUCURI.PluginRuntimeDatetime%%</td></li>
37
<tr><td>Operating System</td><td>%%SUCURI.OperatingSystem%%</td></li>
38
+ <tr class="alternate"><td>Server</td><td>%%SUCURI.Server%%</td></li>
39
<tr><td>Memory usage</td><td>%%SUCURI.MemoryUsage%%</td></li>
40
+ <tr class="alternate"><td>MYSQL Version</td><td>%%SUCURI.MySQLVersion%%</td></li>
41
<tr><td>SQL Mode</td><td>%%SUCURI.SQLMode%%</td></li>
42
+ <tr class="alternate"><td>PHP Version</td><td>%%SUCURI.PHPVersion%%</td></li>
43
<tr><td>PHP Safe Mode</td><td>%%SUCURI.SafeMode%%</td></li>
44
+ <tr class="alternate"><td>PHP Allow URL fopen</td><td>%%SUCURI.AllowUrlFopen%%</td></li>
45
<tr><td>PHP Memory Limit</td><td>%%SUCURI.MemoryLimit%%</td></li>
46
+ <tr class="alternate"><td>PHP Max Upload Size</td><td>%%SUCURI.UploadMaxFilesize%%</td></li>
47
<tr><td>PHP Max Post Size</td><td>%%SUCURI.PostMaxSize%%</td></li>
48
+ <tr class="alternate"><td>PHP Max Script Execute Time</td><td>%%SUCURI.MaxExecutionTime%%</td></li>
49
<tr><td>PHP Max Input Time</td><td>%%SUCURI.MaxInputTime%%</td></li>
50
</tbody>
51
</table>
inc/tpl/infosys-cronjobs.snippet.tpl CHANGED
@@ -1,4 +1,4 @@
1
- <tr>
2
<td>%%SUCURI.Cronjob.Task%%</td>
3
<td>%%SUCURI.Cronjob.Schedule%%</td>
4
<td>%%SUCURI.Cronjob.Nexttime%%</td>
1
+ <tr class="%%SUCURI.Cronjob.CssClass%%">
2
<td>%%SUCURI.Cronjob.Task%%</td>
3
<td>%%SUCURI.Cronjob.Schedule%%</td>
4
<td>%%SUCURI.Cronjob.Nexttime%%</td>
inc/tpl/infosys-loggedin.snippet.tpl CHANGED
@@ -1,10 +1,10 @@
1
- <tr>
2
<td>%%SUCURI.LoggedInUsers.Id%%</td>
3
<td><a href="mailto:%%SUCURI.LoggedInUsers.UserEmail%%">%%SUCURI.LoggedInUsers.UserLogin%%</a></td>
4
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.LastActivity%%</td>
5
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.Registered%%</td>
6
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
7
<td>
8
- <a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank" class="button-primary">Edit</a>
9
</td>
10
</tr>
1
+ <tr class="%%SUCURI.LoggedInUsers.CssClass%%">
2
<td>%%SUCURI.LoggedInUsers.Id%%</td>
3
<td><a href="mailto:%%SUCURI.LoggedInUsers.UserEmail%%">%%SUCURI.LoggedInUsers.UserLogin%%</a></td>
4
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.LastActivity%%</td>
5
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.Registered%%</td>
6
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
7
<td>
8
+ <a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank">Edit</a>
9
</td>
10
</tr>
inc/tpl/infosys-wpconfig.snippet.tpl CHANGED
@@ -1,4 +1,4 @@
1
- <tr>
2
<td class="sucuriscan-monospace"><strong>%%SUCURI.WordpressConfig.VariableName%%</strong></td>
3
<td class="sucuriscan-monospace">%%SUCURI.WordpressConfig.VariableValue%%</td>
4
</tr>
1
+ <tr class="%%SUCURI.WordpressConfig.CssClass%%">
2
<td class="sucuriscan-monospace"><strong>%%SUCURI.WordpressConfig.VariableName%%</strong></td>
3
<td class="sucuriscan-monospace">%%SUCURI.WordpressConfig.VariableValue%%</td>
4
</tr>
inc/tpl/initial-page.html.tpl CHANGED
@@ -5,21 +5,35 @@
5
<img src="%%SUCURI.PluginURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
</a>
7
<h2>Sucuri SiteCheck Malware Scanner</h2>
8
- <br class="clear"/>
9
</div>
10
11
<div class="postbox-container" style="width:75%">
12
<div class="sucuriscan-maincontent">
13
- <div class="postbox">
14
- <div class="inside">
15
- <h2 align="center">Scan your site for malware using <a href="http://sitecheck.sucuri.net">Sucuri SiteCheck</a> right in your WordPress dashboard.</h2>
16
- </div>
17
- </div>
18
19
- <form method="post">
20
- <input type="hidden" name="wpsucuri-doscan" value="wpsucuri-doscan" />
21
- <input type="submit" name="wpsucuri_doscanrun" value="Scan this site now!" class="button button-primary button-hero load-customize" />
22
- </form>
23
24
<p>
25
<strong>If you have any questions about these checks or this plugin, contact us at
5
<img src="%%SUCURI.PluginURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
</a>
7
<h2>Sucuri SiteCheck Malware Scanner</h2>
8
</div>
9
10
<div class="postbox-container" style="width:75%">
11
<div class="sucuriscan-maincontent">
12
+ <div class="sucuriscan-clearfix">
13
+ <div id="poststuff" class="sucuriscan-column-left">
14
+ <div class="postbox">
15
+ <h3>Sucuri SiteCheck</h3>
16
+ <div class="inside">
17
+ <p>
18
+ <a href="http://sitecheck.sucuri.net/" target="_blank">Sucuri SiteCheck</a> scanner will
19
+ check your website for known malware, blacklisting status, website errors, and out-of-date
20
+ software. <strong>Disclaimer</strong>: Sucuri SiteCheck is a free &amp; remote scanner.
21
+ Although we do our best to provide the best results, 100% accuracy is not realistic, and
22
+ not guaranteed.
23
+ </p>
24
+ </div>
25
+ </div>
26
+
27
+ <form method="post">
28
+ <input type="hidden" name="wpsucuri-doscan" value="wpsucuri-doscan" />
29
+ <input type="submit" name="wpsucuri_doscanrun" value="Scan this site now!" class="button button-primary button-hero load-customize" />
30
+ </form>
31
+ </div>
32
33
+ <div class="sucuriscan-column-right">
34
+ <iframe src="https://www.youtube-nocookie.com/embed/QV3OfHmEq5c?controls=0" height="350" class="sucuriscan-scanner-video"></iframe>
35
+ </div>
36
+ </div>
37
38
<p>
39
<strong>If you have any questions about these checks or this plugin, contact us at
inc/tpl/lastlogins.html.tpl CHANGED
@@ -4,26 +4,22 @@
4
<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
<img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
</a>
7
- <h2>Sucuri Security WordPress Plugin</h2>
8
</div>
9
10
<div class="postbox-container" style="width:75%;">
11
<div class="sucuriscan-maincontent">
12
- <div class="postbox">
13
- <div class="inside">
14
- <h2 align="center">Sucuri Plugin Last-Logins</h2>
15
- </div>
16
- </div>
17
18
- <table class="wp-list-table widefat">
19
<thead>
20
<tr>
21
- <th colspan="4">
22
- User logins (latest 10, newest to oldest)
23
<a href="%%SUCURI.CurrentURL%%&limit=0" class="button button-primary lastlogins-showall sucuri-%%SUCURI.UserList.ShowAll%%">Show all results</a>
24
</th>
25
</tr>
26
<tr>
27
<th class="manage-column">Username</th>
28
<th class="manage-column">Email</th>
29
<th class="manage-column">IP Address</th>
4
<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
<img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
</a>
7
+ <h2>Sucuri Security WordPress Plugin (Last Logins)</h2>
8
</div>
9
10
<div class="postbox-container" style="width:75%;">
11
<div class="sucuriscan-maincontent">
12
13
+ <table class="wp-list-table widefat sucuriscan-last-logins">
14
<thead>
15
<tr>
16
+ <th colspan="5">
17
+ User logins (latest %%SUCURI.UserListLimit%%, newest to oldest)
18
<a href="%%SUCURI.CurrentURL%%&limit=0" class="button button-primary lastlogins-showall sucuri-%%SUCURI.UserList.ShowAll%%">Show all results</a>
19
</th>
20
</tr>
21
<tr>
22
+ <th class="manage-column">No.</th>
23
<th class="manage-column">Username</th>
24
<th class="manage-column">Email</th>
25
<th class="manage-column">IP Address</th>
inc/tpl/lastlogins.snippet.tpl CHANGED
@@ -1,6 +1,10 @@
1
- <tr>
2
<td>%%SUCURI.UserList.Username%%</td>
3
<td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
4
<td>%%SUCURI.UserList.RemoteAddr%%</td>
5
- <td>%%SUCURI.UserList.Datetime%%</td>
6
</tr>
1
+ <tr class="%%SUCURI.UserList.CssClass%%">
2
+ <td>%%SUCURI.UserList.Number%%</td>
3
<td>%%SUCURI.UserList.Username%%</td>
4
<td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
5
<td>%%SUCURI.UserList.RemoteAddr%%</td>
6
+ <td>
7
+ <span class="sucuriscan-time-ago">%%SUCURI.UserList.TimeAgo%%</span>
8
+ <span class="sucuriscan-datetime">(%%SUCURI.UserList.Datetime%%)</span>
9
+ </td>
10
</tr>
inc/tpl/posthack.html.tpl CHANGED
@@ -4,17 +4,11 @@
4
<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
<img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
</a>
7
- <h2>Sucuri Security WordPress Plugin</h2>
8
</div>
9
10
<div class="postbox-container" style="width:75%;">
11
<div class="sucuriscan-maincontent">
12
- <div class="postbox">
13
- <div class="inside">
14
- <h2 align="center">Sucuri Plugin Post-Hack</h2>
15
- </div>
16
- </div>
17
-
18
<div id="poststuff">
19
<div class="postbox">
20
<h3>Update WP-Config Keys</h3>
4
<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
<img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
</a>
7
+ <h2>Sucuri Security WordPress Plugin (Post-Hack)</h2>
8
</div>
9
10
<div class="postbox-container" style="width:75%;">
11
<div class="sucuriscan-maincontent">
12
<div id="poststuff">
13
<div class="postbox">
14
<h3>Update WP-Config Keys</h3>
inc/tpl/resetpassword.snippet.tpl CHANGED
@@ -1,4 +1,4 @@
1
- <tr>
2
<th class="check-column">
3
<input type="checkbox" name="user_ids[]" value="%%SUCURI.ResetPassword.UserId%%" />
4
</th>
1
+ <tr class="%%SUCURI.ResetPassword.CssClass%%">
2
<th class="check-column">
3
<input type="checkbox" name="user_ids[]" value="%%SUCURI.ResetPassword.UserId%%" />
4
</th>
inc/tpl/sidebar.html.tpl CHANGED
@@ -17,7 +17,7 @@
17
<li>High Security Website Monitoring</li>
18
<li>Malicious Traffic Filtering</li>
19
</ul>
20
- <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" class="button button-primary">Subscribe Now!</a>
21
<a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Read more</a>
22
</div>
23
</div>
17
<li>High Security Website Monitoring</li>
18
<li>Malicious Traffic Filtering</li>
19
</ul>
20
+ <a href="http://cloudproxy.sucuri.net/signup" target="_blank" class="button button-primary">Sign up now</a>
21
<a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Read more</a>
22
</div>
23
</div>
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
- Stable tag:1.5.5
7
- Tested up to: 3.8
8
9
The Sucuri Security - SiteCheck Malware Scanner is a security plugin enables you to scan your WordPress site using Sucuri SiteCheck for security and malware issues, and also verifies the security integrity of your core files right in your dashboard. It also includes post-hack security ions to help you reset passwords and secret keys in case it has been already hacked, or infected with malware.
10
@@ -66,6 +66,10 @@ the compromise on your site).
66
67
== Changelog ==
68
69
= 1.5.5 =
70
* Added list of logged in users.
71
* Added system page.
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
+ Stable tag:1.5.6
7
+ Tested up to: 3.8.1
8
9
The Sucuri Security - SiteCheck Malware Scanner is a security plugin enables you to scan your WordPress site using Sucuri SiteCheck for security and malware issues, and also verifies the security integrity of your core files right in your dashboard. It also includes post-hack security ions to help you reset passwords and secret keys in case it has been already hacked, or infected with malware.
10
66
67
== Changelog ==
68
69
+ = 1.5.6 =
70
+ * Added IPv6 support.
71
+ * Fixed links and messaging.
72
+
73
= 1.5.5 =
74
* Added list of logged in users.
75
* Added system page.
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri, INC
10
- Version: 1.5.5
11
Author URI: http://sucuri.net
12
*/
13
@@ -15,12 +15,11 @@ Author URI: http://sucuri.net
15
/**
16
* Main file to control the plugin.
17
*
18
- * @category Bootstrap
19
- * @package Sucuri Security - SiteCheck Malware Scanner
20
- * @author Daniel <dcid@sucuri.net>
21
* @copyright Since 2010 Sucuri Inc.
22
* @license Released under the GPL - see LICENSE file for details.
23
- * @version HG: $Id$
24
* @link https://wordpress.sucuri.net/
25
* @since File available since Release 0.1
26
*/
@@ -40,12 +39,12 @@ define('SUCURISCAN','sucuriscan');
40
/**
41
* Current version of the plugin's code.
42
*/
43
- define('SUCURISCAN_VERSION','1.5.5');
44
45
/**
46
* The local URL where the plugin's files and assets are served.
47
*/
48
- define('SUCURI_URL',plugin_dir_url( __FILE__ ));
49
50
/**
51
* The name of the Sucuri plugin main file.
@@ -70,7 +69,7 @@ define('SUCURISCAN_PLUGIN_FILEPATH', SUCURISCAN_PLUGIN_PATH.'/'.SUCURISCAN_PLUGI
70
/**
71
* The maximum quantity of entries that will be displayed in the last login page.
72
*/
73
- define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
74
75
if( !function_exists('sucuriscan_create_uploaddir') ){
76
/**
@@ -132,7 +131,7 @@ function sucuriscan_dir_filepath($path = '')
132
function sucuriscan_menu()
133
{
134
add_menu_page('Sucuri Free', 'Sucuri Free', 'manage_options',
135
- 'sucuriscan', 'sucuri_scan_page', SUCURI_URL.'inc/images/menu-icon.png');
136
add_submenu_page('sucuriscan', 'Sucuri Scanner', 'Sucuri Scanner', 'manage_options',
137
'sucuriscan', 'sucuri_scan_page');
138
@@ -409,7 +408,7 @@ function sucuriscan_get_remoteaddr()
409
foreach($alternatives as $alternative){
410
if( !isset($_SERVER[$alternative]) ){ continue; }
411
412
- $remote_addr = preg_replace('/[^0-9., ]/', '', $_SERVER[$alternative]);
413
if($remote_addr) break;
414
}
415
@@ -484,6 +483,35 @@ function sucuriscan_get_htaccess_path(){
484
return FALSE;
485
}
486
487
/**
488
* Print a HTML code with a form from where the administrator can check the state
489
* of this site through Sucuri SiteCheck.
@@ -691,20 +719,18 @@ function sucuriscan_print_scan()
691
*
692
* @return void
693
*/
694
- function sucuriscan_core_integrity_page()
695
- {
696
-
697
- /* WordPress Integrity page. */
698
699
- echo '<div class="wrap">';
700
- echo '<h2 id="warnings_hook"></h2>';
701
- echo '<div class="sucuriscan_header">';
702
- echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
703
- echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
704
- echo '</a>';
705
- sucuriscan_pagestop("Sucuri WordPress Integrity");
706
- echo '</div>';
707
708
if(!current_user_can('manage_options'))
709
{
710
wp_die(__('You do not have sufficient permissions to access this page: Sucuri Integrity Check') );
@@ -713,12 +739,6 @@ function sucuriscan_core_integrity_page()
713
714
<div class="postbox-container" style="width:75%;">
715
<div class="sucuriscan-maincontent">
716
- <div class="postbox">
717
- <div class="inside">
718
- <h2 align="center">Sucuri WordPress Integrity Checks</h2>
719
- </div>
720
- </div>
721
-
722
<?php
723
if( isset($_POST['wpsucuri-core-integrity']) ){
724
if(!wp_verify_nonce($_POST['sucuriscan_core_integritynonce'], 'sucuriscan_core_integritynonce'))
@@ -942,7 +962,7 @@ function sucuriwp_core_integrity_check()
942
943
if($cp == 0)
944
{
945
- echo '<p><img style="position:relative;top:5px" height="22" width="22" src="'.SUCURI_URL.'inc/images/warn.png" />'
946
.'&nbsp; The current version of your site was detected as <code>'.$wp_version.'</code> which is different to the '
947
.'official latest version. The integrity check can not run using this version number <a href="'.admin_url('update-core.php').'">'
948
.'update now</a> to be able to run the integrity check.</p>';
@@ -1199,16 +1219,18 @@ function sucuriscan_check_wp_integrity($version=0){
1199
*
1200
* @return void
1201
*/
1202
- function sucuriscan_hardening_page(){
1203
- echo '<div class="wrap">';
1204
- echo '<h2 id="warnings_hook"></h2>';
1205
- echo '<div class="sucuriscan_header">';
1206
- echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
1207
- echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
1208
- echo '</a>';
1209
- sucuriscan_pagestop("Sucuri 1-Click Hardening Options");
1210
- echo '</div>';
1211
1212
if(!current_user_can('manage_options'))
1213
{
1214
wp_die(__('You do not have sufficient permissions to access this page: Sucuri Hardening') );
@@ -1217,12 +1239,6 @@ function sucuriscan_hardening_page(){
1217
1218
<div class="postbox-container" style="width:75%">
1219
<div class="sucuriscan-maincontent">
1220
- <div class="postbox">
1221
- <div class="inside">
1222
- <h2 align="center">Help secure your WordPress install with <a href="http://sucuri.net/signup">Sucuri</a> 1-Click Hardening Options.</h2>
1223
- </div>
1224
- </div>
1225
-
1226
<?php
1227
if( isset($_POST['wpsucuri-doharden']) ){
1228
if(!wp_verify_nonce($_POST['sucuriscan_wphardeningnonce'], 'sucuriscan_wphardeningnonce'))
@@ -1332,35 +1348,19 @@ function sucuriscan_harden_status($status=0, $type='', $messageok='', $messagewa
1332
echo "<p>$desc</p>";
1333
}
1334
1335
- if($status == 1)
1336
- {
1337
- echo '<h4>'.
1338
- '<img style="position:relative;top:5px" height="22" width="22"'.
1339
- 'src="'.SUCURI_URL.'inc/images/ok.png" /> &nbsp; '.
1340
- $messageok.'.</h4>';
1341
-
1342
- if($updatemsg != NULL){ echo $updatemsg; }
1343
-
1344
- if($type != NULL)
1345
- {
1346
- echo "<input type='submit' name='{$type}_unharden' value='Revert hardening' class='button-secondary' />";
1347
- echo '<br /><br />';
1348
}
1349
}
1350
- else
1351
- {
1352
- echo '<h4>'.
1353
- '<img style="position:relative;top:5px" height="22" width="22"'.
1354
- 'src="'.SUCURI_URL.'inc/images/warn.png" /> &nbsp; '.
1355
- $messagewarn. '.</h4>';
1356
1357
- if($updatemsg != NULL){ echo $updatemsg; }
1358
-
1359
- if($type != NULL)
1360
- {
1361
- echo '<input class="button-primary" type="submit" name="'.$type.'"
1362
- value="Harden it!" />';
1363
- }
1364
}
1365
}
1366
@@ -1373,42 +1373,38 @@ function sucuriscan_harden_status($status=0, $type='', $messageok='', $messagewa
1373
function sucuriscan_harden_version()
1374
{
1375
global $wp_version;
1376
- $cp = 0;
1377
$updates = get_core_updates();
1378
- if (!is_array($updates))
1379
- {
1380
- $cp = 1;
1381
- }
1382
- else if(empty($updates))
1383
- {
1384
- $cp = 1;
1385
- }
1386
- else if($updates[0]->response == 'latest')
1387
- {
1388
$cp = 1;
1389
}
1390
if(strcmp($wp_version, "3.7") < 0)
1391
{
1392
$cp = 0;
1393
}
1394
- $wp_version = htmlspecialchars($wp_version);
1395
-
1396
-
1397
- sucuriscan_wrapper_open("Verify WordPress Version");
1398
1399
1400
- sucuriscan_harden_status($cp, NULL,
1401
- "WordPress is updated", "WordPress is not updated",
1402
- NULL);
1403
-
1404
- if($cp == 0)
1405
- {
1406
- echo "<p>Your current version ($wp_version) is not current.</p><p><a class='button-primary' href='update-core.php'>Update now!</a></p>";
1407
- }
1408
- else
1409
- {
1410
- echo "<p>Your WordPress installation ($wp_version) is current.</p>";
1411
- }
1412
sucuriscan_wrapper_close();
1413
}
1414
@@ -1581,11 +1577,15 @@ function sucuriscan_harden_wpcontent()
1581
}
1582
1583
sucuriscan_wrapper_open("Restrict wp-content Access");
1584
- sucuriscan_harden_status($cp, "sucuriscan_harden_wpcontent",
1585
- "WP-content directory properly hardened",
1586
- "WP-content directory not hardened",
1587
- "This option blocks direct PHP access to any file inside wp-content. <p><strong>WARN: <span class='error-message'>Do not enable this option if ".
1588
- "your site uses TimThumb or similar scripts.</span> If you enable and you need to disable, please remove the .htaccess from wp-content.</strong></p>", $upmsg);
1589
sucuriscan_wrapper_close();
1590
}
1591
@@ -1701,20 +1701,22 @@ function sucuriscan_harden_phpversion()
1701
* @return void
1702
*/
1703
function sucuriscan_cloudproxy_enabled(){
1704
$enabled = sucuriscan_is_behind_cloudproxy();
1705
1706
sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
1707
sucuriscan_harden_status(
1708
$enabled, NULL,
1709
'Your website is protected by a Website Firewall (WAF)',
1710
- 'Your website is not protected by a Website Firewall (WAF)',
1711
- 'A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS, SQL injections, etc) and helping it remain
1712
- malware and blacklist free. This test checks if your site is using <a href="http://cloudproxy.sucuri.net/" target="_blank">Sucuri\'s CloudProxy WAF</a> to protect your site. ',
1713
NULL
1714
);
1715
- if( $enabled!==TRUE ){
1716
- echo '<a href="http://cloudproxy.sucuri.net" target="_blank" class="button button-primary">Harden it!</a>';
1717
- }
1718
sucuriscan_wrapper_close();
1719
}
1720
@@ -1810,13 +1812,16 @@ function sucuriscan_posthack_page()
1810
}
1811
1812
// Fill the user list for ResetPassword action.
1813
$user_list = get_users();
1814
foreach($user_list as $user){
1815
$user_snippet = sucuriscan_get_template('resetpassword.snippet.tpl', array(
1816
'ResetPassword.UserId'=>$user->ID,
1817
'ResetPassword.Username'=>$user->user_login,
1818
'ResetPassword.Displayname'=>$user->display_name,
1819
- 'ResetPassword.Email'=>$user->user_email
1820
));
1821
$template_variables['ResetPassword.UserList'] .= $user_snippet;
1822
}
@@ -1844,6 +1849,7 @@ function sucuriscan_lastlogins_page()
1844
'LastLoginsNonce'=>wp_create_nonce('sucuriscan_lastlogins_nonce'),
1845
'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
1846
'UserList'=>'',
1847
'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
1848
);
1849
@@ -1856,14 +1862,19 @@ function sucuriscan_lastlogins_page()
1856
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
1857
$template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
1858
1859
$user_list = sucuriscan_get_logins($limit);
1860
foreach($user_list as $user){
1861
$user_snippet = sucuriscan_get_template('lastlogins.snippet.tpl', array(
1862
'UserList.UserId'=>intval($user->ID),
1863
'UserList.Username'=>( !is_null($user->user_login) ? $user->user_login : '<em>Unknown</em>' ),
1864
'UserList.Email'=>$user->user_email,
1865
'UserList.RemoteAddr'=>$user->user_remoteaddr,
1866
- 'UserList.Datetime'=>$user->user_lastlogin
1867
));
1868
$template_variables['UserList'] .= $user_snippet;
1869
}
@@ -2238,11 +2249,14 @@ function sucuriscan_infosys_wpconfig(){
2238
}
2239
2240
// Pass the WordPress configuration rules to the template and show them.
2241
foreach( $wp_config_rules as $var_name=>$var_value ){
2242
$template_variables['WordpressConfig.Total'] += 1;
2243
$template_variables['WordpressConfig.Rules'] .= sucuriscan_get_template('infosys-wpconfig.snippet.tpl', array(
2244
'WordpressConfig.VariableName' => $var_name,
2245
'WordpressConfig.VariableValue' => htmlentities($var_value),
2246
));
2247
}
2248
}
@@ -2266,7 +2280,9 @@ function sucuriscan_infosys_loggedin(){
2266
if( is_array($logged_in_users) && !empty($logged_in_users) ){
2267
$template_variables['LoggedInUsers.Total'] = count($logged_in_users);
2268
2269
foreach( (array)$logged_in_users as $logged_in_user ){
2270
$logged_in_user['last_activity_datetime'] = date('d/M/Y H:i', $logged_in_user['last_activity']);
2271
$logged_in_user['user_registered_datetime'] = date('d/M/Y H:i', strtotime($logged_in_user['user_registered']));
2272
@@ -2278,6 +2294,7 @@ function sucuriscan_infosys_loggedin(){
2278
'LoggedInUsers.LastActivity' => $logged_in_user['last_activity_datetime'],
2279
'LoggedInUsers.Registered' => $logged_in_user['user_registered_datetime'],
2280
'LoggedInUsers.RemoveAddr' => $logged_in_user['remote_addr'],
2281
));
2282
}
2283
}
@@ -2456,10 +2473,12 @@ function sucuriscan_show_cronjobs(){
2456
$cronjobs = _get_cron_array();
2457
$schedules = wp_get_schedules();
2458
$date_format = _x('M j, Y - H:i', 'Publish box date format', 'cron-view' );
2459
2460
foreach( $cronjobs as $timestamp=>$cronhooks ){
2461
foreach( (array)$cronhooks as $hook=>$events ){
2462
foreach( (array)$events as $key=>$event ){
2463
$cronjob_snippet = '';
2464
$template_variables['Cronjobs.Total'] += 1;
2465
$template_variables['Cronjobs.List'] .= sucuriscan_get_template('infosys-cronjobs.snippet.tpl', array(
@@ -2467,7 +2486,8 @@ function sucuriscan_show_cronjobs(){
2467
'Cronjob.Schedule' => $event['schedule'],
2468
'Cronjob.Nexttime' => date_i18n($date_format, $timestamp),
2469
'Cronjob.Hook' => $hook,
2470
- 'Cronjob.Arguments' => implode(', ', $event['args'])
2471
));
2472
}
2473
}
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri, INC
10
+ Version: 1.5.6
11
Author URI: http://sucuri.net
12
*/
13
15
/**
16
* Main file to control the plugin.
17
*
18
+ * @package Sucuri Plugin - SiteCheck Malware Scanner
19
+ * @author Yorman Arias <yorman.arias@sucuri.net>
20
+ * @author Daniel Cid <dcid@sucuri.net>
21
* @copyright Since 2010 Sucuri Inc.
22
* @license Released under the GPL - see LICENSE file for details.
23
* @link https://wordpress.sucuri.net/
24
* @since File available since Release 0.1
25
*/
39
/**
40
* Current version of the plugin's code.
41
*/
42
+ define('SUCURISCAN_VERSION','1.5.6');
43
44
/**
45
* The local URL where the plugin's files and assets are served.
46
*/
47
+ define('SUCURI_URL', rtrim(plugin_dir_url( __FILE__ ),'/') );
48
49
/**
50
* The name of the Sucuri plugin main file.
69
/**
70
* The maximum quantity of entries that will be displayed in the last login page.
71
*/
72
+ define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 50);
73
74
if( !function_exists('sucuriscan_create_uploaddir') ){
75
/**
131
function sucuriscan_menu()
132
{
133
add_menu_page('Sucuri Free', 'Sucuri Free', 'manage_options',
134
+ 'sucuriscan', 'sucuri_scan_page', SUCURI_URL.'/inc/images/menu-icon.png');
135
add_submenu_page('sucuriscan', 'Sucuri Scanner', 'Sucuri Scanner', 'manage_options',
136
'sucuriscan', 'sucuri_scan_page');
137
408
foreach($alternatives as $alternative){
409
if( !isset($_SERVER[$alternative]) ){ continue; }
410
411
+ $remote_addr = preg_replace('/[^0-9a-z.,: ]/', '', $_SERVER[$alternative]);
412
if($remote_addr) break;
413
}
414
483
return FALSE;
484
}
485
486
+ /**
487
+ * Return the time passed since the specified timestamp until now.
488
+ *
489
+ * @param integer $timestamp The Unix time number of the date/time before now.
490
+ * @return string The time passed since the timestamp specified.
491
+ */
492
+ function sucuriscan_time_ago($timestamp=0){
493
+ if( !is_numeric($timestamp) ){
494
+ $timestamp = strtotime($timestamp);
495
+ }
496
+
497
+ $diff = time() - (int)$timestamp;
498
+
499
+ if( $diff == 0 ){ return 'just now'; }
500
+
501
+ $intervals = array(
502
+ 1 => array('year', 31556926),
503
+ $diff < 31556926 => array('month', 2628000),
504
+ $diff < 2629744 => array('week', 604800),
505
+ $diff < 604800 => array('day', 86400),
506
+ $diff < 86400 => array('hour', 3600),
507
+ $diff < 3600 => array('minute', 60),
508
+ $diff < 60 => array('second', 1)
509
+ );
510
+
511
+ $value = floor($diff/$intervals[1][1]);
512
+ return $value.chr(32).$intervals[1][0].($value > 1 ? 's' : '').' ago';
513
+ }
514
+
515
/**
516
* Print a HTML code with a form from where the administrator can check the state
517
* of this site through Sucuri SiteCheck.
719
*
720
* @return void
721
*/
722
+ function sucuriscan_core_integrity_page(){ ?>
723
724
+ <div class="wrap">
725
+ <h2 id="warnings_hook"></h2>
726
+ <div class="sucuriscan_header">
727
+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
728
+ <img src="<?php echo SUCURI_URL; ?>/inc/images/logo.png" alt="Sucuri Security" />
729
+ </a>
730
+ <h2>Sucuri Security WordPress Plugin (WordPress Integrity)</h2>
731
+ </div>
732
733
+ <?php
734
if(!current_user_can('manage_options'))
735
{
736
wp_die(__('You do not have sufficient permissions to access this page: Sucuri Integrity Check') );
739
740
<div class="postbox-container" style="width:75%;">
741
<div class="sucuriscan-maincontent">
742
<?php
743
if( isset($_POST['wpsucuri-core-integrity']) ){
744
if(!wp_verify_nonce($_POST['sucuriscan_core_integritynonce'], 'sucuriscan_core_integritynonce'))
962
963
if($cp == 0)
964
{
965
+ echo '<p><img style="position:relative;top:5px" height="22" width="22" src="'.SUCURI_URL.'/inc/images/warn.png" />'
966
.'&nbsp; The current version of your site was detected as <code>'.$wp_version.'</code> which is different to the '
967
.'official latest version. The integrity check can not run using this version number <a href="'.admin_url('update-core.php').'">'
968
.'update now</a> to be able to run the integrity check.</p>';
1219
*
1220
* @return void
1221
*/
1222
+ function sucuriscan_hardening_page(){ ?>
1223
+
1224
+ <div class="wrap">
1225
+ <h2 id="warnings_hook"></h2>
1226
+ <div class="sucuriscan_header">
1227
+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
1228
+ <img src="<?php echo SUCURI_URL; ?>/inc/images/logo.png" alt="Sucuri Security" />
1229
+ </a>
1230
+ <h2>Sucuri Security WordPress Plugin (1-Click Hardening)</h2>
1231
+ </div>
1232
1233
+ <?php
1234
if(!current_user_can('manage_options'))
1235
{
1236
wp_die(__('You do not have sufficient permissions to access this page: Sucuri Hardening') );
1239
1240
<div class="postbox-container" style="width:75%">
1241
<div class="sucuriscan-maincontent">
1242
<?php
1243
if( isset($_POST['wpsucuri-doharden']) ){
1244
if(!wp_verify_nonce($_POST['sucuriscan_wphardeningnonce'], 'sucuriscan_wphardeningnonce'))
1348
echo "<p>$desc</p>";
1349
}
1350
1351
+ $btn_string = '';
1352
+ if( $type != NULL ){
1353
+ if( $status == 1 ){
1354
+ $btn_string = sprintf('<input type="submit" name="%s_unharden" value="Revert hardening" class="button-secondary" />', $type);
1355
+ } else {
1356
+ $btn_string = sprintf('<input type="submit" name="%s" value="Harden" class="button-primary" />', $type);
1357
}
1358
}
1359
1360
+ $message = ( $status == 1 ) ? $messageok : $messagewarn;
1361
+ printf( '<div class="sucuriscan-hstatus sucuriscan-hstatus-%d">%s<span>%s</span></div>', $status, $btn_string, $message );
1362
+ if($updatemsg != NULL){
1363
+ printf( '<p>%s</p>', $updatemsg );
1364
}
1365
}
1366
1373
function sucuriscan_harden_version()
1374
{
1375
global $wp_version;
1376
+
1377
$updates = get_core_updates();
1378
+ if(
1379
+ !is_array($updates)
1380
+ || empty($updates)
1381
+ || $updates[0]->response == 'latest'
1382
+ ){
1383
$cp = 1;
1384
+ } else {
1385
+ $cp = 0;
1386
}
1387
+
1388
if(strcmp($wp_version, "3.7") < 0)
1389
{
1390
$cp = 0;
1391
}
1392
1393
+ $wp_version = htmlspecialchars($wp_version);
1394
+ $initial_msg = 'Why keep your site updated? WordPress is an open-source
1395
+ project which means that with every update the details of the changes made
1396
+ to the source code are made public, if there were security fixes then
1397
+ someone with malicious intent can use this information to attack any site
1398
+ that has not been upgraded.';
1399
+ $messageok = sprintf('Your WordPress installation (%s) is current.', $wp_version);
1400
+ $messagewarn = sprintf(
1401
+ 'Your current version (%s) is not current.<br>
1402
+ <a href="update-core.php" class="button-primary">Update now!</a>',
1403
+ $wp_version
1404
+ );
1405
1406
+ sucuriscan_wrapper_open('Verify WordPress Version');
1407
+ sucuriscan_harden_status( $cp, NULL, $messageok, $messagewarn, $initial_msg );
1408
sucuriscan_wrapper_close();
1409
}
1410
1577
}
1578
1579
sucuriscan_wrapper_open("Restrict wp-content Access");
1580
+ sucuriscan_harden_status(
1581
+ $cp,
1582
+ 'sucuriscan_harden_wpcontent',
1583
+ 'WP-content directory properly hardened',
1584
+ 'WP-content directory not hardened',
1585
+ 'This option blocks direct PHP access to any file inside wp-content. If you experience any
1586
+ issue after this with a theme or plugin in your site, like for example images not displaying,
1587
+ remove the <code>.htaccess</code> file located at the <code>/wp-content/</code> directory.',
1588
+ $upmsg);
1589
sucuriscan_wrapper_close();
1590
}
1591
1701
* @return void
1702
*/
1703
function sucuriscan_cloudproxy_enabled(){
1704
+ $btn_string = '';
1705
$enabled = sucuriscan_is_behind_cloudproxy();
1706
+ if( $enabled!==TRUE ){
1707
+ $btn_string = '<a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Harden</a>';
1708
+ }
1709
1710
sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
1711
sucuriscan_harden_status(
1712
$enabled, NULL,
1713
'Your website is protected by a Website Firewall (WAF)',
1714
+ $btn_string . 'Your website is not protected by a Website Firewall (WAF)',
1715
+ 'A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS,
1716
+ SQL injections, etc) and helping it remain malware and blacklist free. This test checks if your site is
1717
+ using <a href="http://cloudproxy.sucuri.net/" target="_blank">Sucuri\'s CloudProxy WAF</a> to protect your site. ',
1718
NULL
1719
);
1720
sucuriscan_wrapper_close();
1721
}
1722
1812
}
1813
1814
// Fill the user list for ResetPassword action.
1815
+ $counter = 0;
1816
$user_list = get_users();
1817
foreach($user_list as $user){
1818
+ $counter += 1;
1819
$user_snippet = sucuriscan_get_template('resetpassword.snippet.tpl', array(
1820
'ResetPassword.UserId'=>$user->ID,
1821
'ResetPassword.Username'=>$user->user_login,
1822
'ResetPassword.Displayname'=>$user->display_name,
1823
+ 'ResetPassword.Email'=>$user->user_email,
1824
+ 'ResetPassword.CssClass'=>( $counter%2 == 0 ) ? '' : 'alternate'
1825
));
1826
$template_variables['ResetPassword.UserList'] .= $user_snippet;
1827
}
1849
'LastLoginsNonce'=>wp_create_nonce('sucuriscan_lastlogins_nonce'),
1850
'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
1851
'UserList'=>'',
1852
+ 'UserListLimit'=>SUCURISCAN_LASTLOGINS_USERSLIMIT,
1853
'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
1854
);
1855
1862
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
1863
$template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
1864
1865
+ $counter = 0;
1866
$user_list = sucuriscan_get_logins($limit);
1867
foreach($user_list as $user){
1868
+ $counter += 1;
1869
$user_snippet = sucuriscan_get_template('lastlogins.snippet.tpl', array(
1870
+ 'UserList.Number'=>$counter,
1871
'UserList.UserId'=>intval($user->ID),
1872
'UserList.Username'=>( !is_null($user->user_login) ? $user->user_login : '<em>Unknown</em>' ),
1873
'UserList.Email'=>$user->user_email,
1874
'UserList.RemoteAddr'=>$user->user_remoteaddr,
1875
+ 'UserList.Datetime'=>$user->user_lastlogin,
1876
+ 'UserList.TimeAgo'=>sucuriscan_time_ago($user->user_lastlogin),
1877
+ 'UserList.CssClass'=>( $counter%2 == 0 ) ? '' : 'alternate'
1878
));
1879
$template_variables['UserList'] .= $user_snippet;
1880
}
2249
}
2250
2251
// Pass the WordPress configuration rules to the template and show them.
2252
+ $counter = 0;
2253
foreach( $wp_config_rules as $var_name=>$var_value ){
2254
+ $counter += 1;
2255
$template_variables['WordpressConfig.Total'] += 1;
2256
$template_variables['WordpressConfig.Rules'] .= sucuriscan_get_template('infosys-wpconfig.snippet.tpl', array(
2257
'WordpressConfig.VariableName' => $var_name,
2258
'WordpressConfig.VariableValue' => htmlentities($var_value),
2259
+ 'WordpressConfig.CssClass' => ( $counter%2 == 0 ) ? '' : 'alternate'
2260
));
2261
}
2262
}
2280
if( is_array($logged_in_users) && !empty($logged_in_users) ){
2281
$template_variables['LoggedInUsers.Total'] = count($logged_in_users);
2282
2283
+ $counter = 0;
2284
foreach( (array)$logged_in_users as $logged_in_user ){
2285
+ $counter += 1;
2286
$logged_in_user['last_activity_datetime'] = date('d/M/Y H:i', $logged_in_user['last_activity']);
2287
$logged_in_user['user_registered_datetime'] = date('d/M/Y H:i', strtotime($logged_in_user['user_registered']));
2288
2294
'LoggedInUsers.LastActivity' => $logged_in_user['last_activity_datetime'],
2295
'LoggedInUsers.Registered' => $logged_in_user['user_registered_datetime'],
2296
'LoggedInUsers.RemoveAddr' => $logged_in_user['remote_addr'],
2297
+ 'LoggedInUsers.CssClass' => ( $counter%2 == 0 ) ? '' : 'alternate'
2298
));
2299
}
2300
}
2473
$cronjobs = _get_cron_array();
2474
$schedules = wp_get_schedules();
2475
$date_format = _x('M j, Y - H:i', 'Publish box date format', 'cron-view' );
2476
+ $counter = 0;
2477
2478
foreach( $cronjobs as $timestamp=>$cronhooks ){
2479
foreach( (array)$cronhooks as $hook=>$events ){
2480
foreach( (array)$events as $key=>$event ){
2481
+ $counter += 1;
2482
$cronjob_snippet = '';
2483
$template_variables['Cronjobs.Total'] += 1;
2484
$template_variables['Cronjobs.List'] .= sucuriscan_get_template('infosys-cronjobs.snippet.tpl', array(
2486
'Cronjob.Schedule' => $event['schedule'],
2487
'Cronjob.Nexttime' => date_i18n($date_format, $timestamp),
2488
'Cronjob.Hook' => $hook,
2489
+ 'Cronjob.Arguments' => implode(', ', $event['args']),
2490
+ 'Cronjob.CssClass' => ( $counter%2 == 0 ) ? '' : 'alternate'
2491
));
2492
}
2493
}