Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.5.6

Version Description

  • Added IPv6 support.
  • Fixed links and messaging.
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.5.6
Comparing to
See all releases

Code changes from version 1.5.5 to 1.5.6

Files changed (13) hide show
  1. inc/css/sucuriscan-default-css.css +14 -1
  2. inc/tpl/about.html.tpl +8 -8
  3. inc/tpl/infosys-cronjobs.snippet.tpl +1 -1
  4. inc/tpl/infosys-loggedin.snippet.tpl +2 -2
  5. inc/tpl/infosys-wpconfig.snippet.tpl +1 -1
  6. inc/tpl/initial-page.html.tpl +24 -10
  7. inc/tpl/lastlogins.html.tpl +5 -9
  8. inc/tpl/lastlogins.snippet.tpl +6 -2
  9. inc/tpl/posthack.html.tpl +1 -7
  10. inc/tpl/resetpassword.snippet.tpl +1 -1
  11. inc/tpl/sidebar.html.tpl +1 -1
  12. readme.txt +6 -2
  13. sucuri.php +131 -111
inc/css/sucuriscan-default-css.css CHANGED
@@ -11,7 +11,7 @@
11
  #sidebar .sucuriscan-sidebar{border:1px solid #ccc;border-bottom-left-radius:5px;border-bottom-right-radius:5px;border-top-left-radius:5px;border-top-right-radius:5px;margin:0 0 10px;padding:10px 15px}
12
  #sitecleanup.sucuriscan-sidebar{background-color:#bbe8f5;border-color:#4393ac}
13
  #sucuri-latest-posts.sucuriscan-sidebar{background-color:#ececec;border-color:#999}
14
- .sucuriscan-maincontent #poststuff{padding-top:0}
15
  .sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
16
  .sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
17
  .sucuriscan-maincontent a.lastlogins-showall{display:inline-block;float:right}
@@ -25,6 +25,7 @@
25
  .sucuri-alert-updated p, .sucuri-alert-error p{margin:.5em 0;padding:2px}
26
  .sucuri-inline-error{font-weight:bold;color:red}
27
  .sucuri-list li{list-style:disc;margin:0 0 5px 15px}
 
28
  .sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
29
  .sucuriscan-maincontent table td > table{background:#fff}
30
  .sucuriscan-maincontent table td > table th{padding:4px 8px}
@@ -42,3 +43,15 @@
42
  .sucuriscan-maincontent .sucuriscan-wpcron-list{margin:20px 0 15px 0}
43
  .sucuriscan-maincontent .sucuriscan-wpcron-list td+td+td+td{font-family:Monaco, Monspace, Courier;font-weight:bold}
44
  .sucuriscan-results .icon-ok, .sucuriscan-results .icon-warn, .sucuriscan-results .icon-error{position:relative;top:5px;width:22px;height:22px}
 
 
 
 
 
 
 
 
 
 
 
 
11
  #sidebar .sucuriscan-sidebar{border:1px solid #ccc;border-bottom-left-radius:5px;border-bottom-right-radius:5px;border-top-left-radius:5px;border-top-right-radius:5px;margin:0 0 10px;padding:10px 15px}
12
  #sitecleanup.sucuriscan-sidebar{background-color:#bbe8f5;border-color:#4393ac}
13
  #sucuri-latest-posts.sucuriscan-sidebar{background-color:#ececec;border-color:#999}
14
+ .sucuriscan-maincontent #poststuff{min-width:initial;padding-top:0}
15
  .sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
16
  .sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
17
  .sucuriscan-maincontent a.lastlogins-showall{display:inline-block;float:right}
25
  .sucuri-alert-updated p, .sucuri-alert-error p{margin:.5em 0;padding:2px}
26
  .sucuri-inline-error{font-weight:bold;color:red}
27
  .sucuri-list li{list-style:disc;margin:0 0 5px 15px}
28
+ .sucuriscan-maincontent .alternate{background:#f5f5f5}
29
  .sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
30
  .sucuriscan-maincontent table td > table{background:#fff}
31
  .sucuriscan-maincontent table td > table th{padding:4px 8px}
43
  .sucuriscan-maincontent .sucuriscan-wpcron-list{margin:20px 0 15px 0}
44
  .sucuriscan-maincontent .sucuriscan-wpcron-list td+td+td+td{font-family:Monaco, Monspace, Courier;font-weight:bold}
45
  .sucuriscan-results .icon-ok, .sucuriscan-results .icon-warn, .sucuriscan-results .icon-error{position:relative;top:5px;width:22px;height:22px}
46
+ .sucuriscan-last-logins .sucuriscan-time-ago{}
47
+ .sucuriscan-last-logins .sucuriscan-datetime{font-style:italic;color:#999}
48
+ .sucuriscan-scanner-video{width:100%;background:#fff;border:1px solid #ddd}
49
+ .sucuriscan-clearfix:before, .sucuriscan-clearfix:after{display:table;content:' '}
50
+ .sucuriscan-clearfix:after{clear:both}
51
+ .sucuriscan-column-left, .sucuriscan-column-right{width:49%;min-width:initial !important}
52
+ .sucuriscan-column-left{float:left}
53
+ .sucuriscan-column-right{float:right}
54
+ .sucuriscan-hstatus{position:relative;margin:0 -12px;padding:10px 12px;border:1px solid transparent}
55
+ .sucuriscan-hstatus-1{background-color:#dff0d8;color:#3c763d;border-color:#d6e9c6}
56
+ .sucuriscan-hstatus-0{background-color:#f2dede;color:#a94442;border-color:#ebccd1}
57
+ .sucuriscan-hstatus .button-primary, .sucuriscan-hstatus .button-secondary{position:absolute;top:5px;right:5px}
inc/tpl/about.html.tpl CHANGED
@@ -31,21 +31,21 @@
31
  </thead>
32
 
33
  <tbody>
34
- <tr><td>Sucuri Plugin version</td><td>%%SUCURI.PluginVersion%%</td></li>
35
  <tr><td>Sucuri Plugin MD5Sum (sucuri.php)</td><td>%%SUCURI.PluginMD5%%</td></li>
36
- <tr><td>Sucuri Plugin Last-time scan</td><td>%%SUCURI.PluginRuntimeDatetime%%</td></li>
37
  <tr><td>Operating System</td><td>%%SUCURI.OperatingSystem%%</td></li>
38
- <tr><td>Server</td><td>%%SUCURI.Server%%</td></li>
39
  <tr><td>Memory usage</td><td>%%SUCURI.MemoryUsage%%</td></li>
40
- <tr><td>MYSQL Version</td><td>%%SUCURI.MySQLVersion%%</td></li>
41
  <tr><td>SQL Mode</td><td>%%SUCURI.SQLMode%%</td></li>
42
- <tr><td>PHP Version</td><td>%%SUCURI.PHPVersion%%</td></li>
43
  <tr><td>PHP Safe Mode</td><td>%%SUCURI.SafeMode%%</td></li>
44
- <tr><td>PHP Allow URL fopen</td><td>%%SUCURI.AllowUrlFopen%%</td></li>
45
  <tr><td>PHP Memory Limit</td><td>%%SUCURI.MemoryLimit%%</td></li>
46
- <tr><td>PHP Max Upload Size</td><td>%%SUCURI.UploadMaxFilesize%%</td></li>
47
  <tr><td>PHP Max Post Size</td><td>%%SUCURI.PostMaxSize%%</td></li>
48
- <tr><td>PHP Max Script Execute Time</td><td>%%SUCURI.MaxExecutionTime%%</td></li>
49
  <tr><td>PHP Max Input Time</td><td>%%SUCURI.MaxInputTime%%</td></li>
50
  </tbody>
51
  </table>
31
  </thead>
32
 
33
  <tbody>
34
+ <tr class="alternate"><td>Sucuri Plugin version</td><td>%%SUCURI.PluginVersion%%</td></li>
35
  <tr><td>Sucuri Plugin MD5Sum (sucuri.php)</td><td>%%SUCURI.PluginMD5%%</td></li>
36
+ <tr class="alternate"><td>Sucuri Plugin Last-time scan</td><td>%%SUCURI.PluginRuntimeDatetime%%</td></li>
37
  <tr><td>Operating System</td><td>%%SUCURI.OperatingSystem%%</td></li>
38
+ <tr class="alternate"><td>Server</td><td>%%SUCURI.Server%%</td></li>
39
  <tr><td>Memory usage</td><td>%%SUCURI.MemoryUsage%%</td></li>
40
+ <tr class="alternate"><td>MYSQL Version</td><td>%%SUCURI.MySQLVersion%%</td></li>
41
  <tr><td>SQL Mode</td><td>%%SUCURI.SQLMode%%</td></li>
42
+ <tr class="alternate"><td>PHP Version</td><td>%%SUCURI.PHPVersion%%</td></li>
43
  <tr><td>PHP Safe Mode</td><td>%%SUCURI.SafeMode%%</td></li>
44
+ <tr class="alternate"><td>PHP Allow URL fopen</td><td>%%SUCURI.AllowUrlFopen%%</td></li>
45
  <tr><td>PHP Memory Limit</td><td>%%SUCURI.MemoryLimit%%</td></li>
46
+ <tr class="alternate"><td>PHP Max Upload Size</td><td>%%SUCURI.UploadMaxFilesize%%</td></li>
47
  <tr><td>PHP Max Post Size</td><td>%%SUCURI.PostMaxSize%%</td></li>
48
+ <tr class="alternate"><td>PHP Max Script Execute Time</td><td>%%SUCURI.MaxExecutionTime%%</td></li>
49
  <tr><td>PHP Max Input Time</td><td>%%SUCURI.MaxInputTime%%</td></li>
50
  </tbody>
51
  </table>
inc/tpl/infosys-cronjobs.snippet.tpl CHANGED
@@ -1,4 +1,4 @@
1
- <tr>
2
  <td>%%SUCURI.Cronjob.Task%%</td>
3
  <td>%%SUCURI.Cronjob.Schedule%%</td>
4
  <td>%%SUCURI.Cronjob.Nexttime%%</td>
1
+ <tr class="%%SUCURI.Cronjob.CssClass%%">
2
  <td>%%SUCURI.Cronjob.Task%%</td>
3
  <td>%%SUCURI.Cronjob.Schedule%%</td>
4
  <td>%%SUCURI.Cronjob.Nexttime%%</td>
inc/tpl/infosys-loggedin.snippet.tpl CHANGED
@@ -1,10 +1,10 @@
1
- <tr>
2
  <td>%%SUCURI.LoggedInUsers.Id%%</td>
3
  <td><a href="mailto:%%SUCURI.LoggedInUsers.UserEmail%%">%%SUCURI.LoggedInUsers.UserLogin%%</a></td>
4
  <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.LastActivity%%</td>
5
  <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.Registered%%</td>
6
  <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
7
  <td>
8
- <a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank" class="button-primary">Edit</a>
9
  </td>
10
  </tr>
1
+ <tr class="%%SUCURI.LoggedInUsers.CssClass%%">
2
  <td>%%SUCURI.LoggedInUsers.Id%%</td>
3
  <td><a href="mailto:%%SUCURI.LoggedInUsers.UserEmail%%">%%SUCURI.LoggedInUsers.UserLogin%%</a></td>
4
  <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.LastActivity%%</td>
5
  <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.Registered%%</td>
6
  <td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoveAddr%%</td>
7
  <td>
8
+ <a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank">Edit</a>
9
  </td>
10
  </tr>
inc/tpl/infosys-wpconfig.snippet.tpl CHANGED
@@ -1,4 +1,4 @@
1
- <tr>
2
  <td class="sucuriscan-monospace"><strong>%%SUCURI.WordpressConfig.VariableName%%</strong></td>
3
  <td class="sucuriscan-monospace">%%SUCURI.WordpressConfig.VariableValue%%</td>
4
  </tr>
1
+ <tr class="%%SUCURI.WordpressConfig.CssClass%%">
2
  <td class="sucuriscan-monospace"><strong>%%SUCURI.WordpressConfig.VariableName%%</strong></td>
3
  <td class="sucuriscan-monospace">%%SUCURI.WordpressConfig.VariableValue%%</td>
4
  </tr>
inc/tpl/initial-page.html.tpl CHANGED
@@ -5,21 +5,35 @@
5
  <img src="%%SUCURI.PluginURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
  </a>
7
  <h2>Sucuri SiteCheck Malware Scanner</h2>
8
- <br class="clear"/>
9
  </div>
10
 
11
  <div class="postbox-container" style="width:75%">
12
  <div class="sucuriscan-maincontent">
13
- <div class="postbox">
14
- <div class="inside">
15
- <h2 align="center">Scan your site for malware using <a href="http://sitecheck.sucuri.net">Sucuri SiteCheck</a> right in your WordPress dashboard.</h2>
16
- </div>
17
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
18
 
19
- <form method="post">
20
- <input type="hidden" name="wpsucuri-doscan" value="wpsucuri-doscan" />
21
- <input type="submit" name="wpsucuri_doscanrun" value="Scan this site now!" class="button button-primary button-hero load-customize" />
22
- </form>
23
 
24
  <p>
25
  <strong>If you have any questions about these checks or this plugin, contact us at
5
  <img src="%%SUCURI.PluginURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
  </a>
7
  <h2>Sucuri SiteCheck Malware Scanner</h2>
 
8
  </div>
9
 
10
  <div class="postbox-container" style="width:75%">
11
  <div class="sucuriscan-maincontent">
12
+ <div class="sucuriscan-clearfix">
13
+ <div id="poststuff" class="sucuriscan-column-left">
14
+ <div class="postbox">
15
+ <h3>Sucuri SiteCheck</h3>
16
+ <div class="inside">
17
+ <p>
18
+ <a href="http://sitecheck.sucuri.net/" target="_blank">Sucuri SiteCheck</a> scanner will
19
+ check your website for known malware, blacklisting status, website errors, and out-of-date
20
+ software. <strong>Disclaimer</strong>: Sucuri SiteCheck is a free &amp; remote scanner.
21
+ Although we do our best to provide the best results, 100% accuracy is not realistic, and
22
+ not guaranteed.
23
+ </p>
24
+ </div>
25
+ </div>
26
+
27
+ <form method="post">
28
+ <input type="hidden" name="wpsucuri-doscan" value="wpsucuri-doscan" />
29
+ <input type="submit" name="wpsucuri_doscanrun" value="Scan this site now!" class="button button-primary button-hero load-customize" />
30
+ </form>
31
+ </div>
32
 
33
+ <div class="sucuriscan-column-right">
34
+ <iframe src="https://www.youtube-nocookie.com/embed/QV3OfHmEq5c?controls=0" height="350" class="sucuriscan-scanner-video"></iframe>
35
+ </div>
36
+ </div>
37
 
38
  <p>
39
  <strong>If you have any questions about these checks or this plugin, contact us at
inc/tpl/lastlogins.html.tpl CHANGED
@@ -4,26 +4,22 @@
4
  <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
  <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
  </a>
7
- <h2>Sucuri Security WordPress Plugin</h2>
8
  </div>
9
 
10
  <div class="postbox-container" style="width:75%;">
11
  <div class="sucuriscan-maincontent">
12
- <div class="postbox">
13
- <div class="inside">
14
- <h2 align="center">Sucuri Plugin Last-Logins</h2>
15
- </div>
16
- </div>
17
 
18
- <table class="wp-list-table widefat">
19
  <thead>
20
  <tr>
21
- <th colspan="4">
22
- User logins (latest 10, newest to oldest)
23
  <a href="%%SUCURI.CurrentURL%%&limit=0" class="button button-primary lastlogins-showall sucuri-%%SUCURI.UserList.ShowAll%%">Show all results</a>
24
  </th>
25
  </tr>
26
  <tr>
 
27
  <th class="manage-column">Username</th>
28
  <th class="manage-column">Email</th>
29
  <th class="manage-column">IP Address</th>
4
  <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
  <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
  </a>
7
+ <h2>Sucuri Security WordPress Plugin (Last Logins)</h2>
8
  </div>
9
 
10
  <div class="postbox-container" style="width:75%;">
11
  <div class="sucuriscan-maincontent">
 
 
 
 
 
12
 
13
+ <table class="wp-list-table widefat sucuriscan-last-logins">
14
  <thead>
15
  <tr>
16
+ <th colspan="5">
17
+ User logins (latest %%SUCURI.UserListLimit%%, newest to oldest)
18
  <a href="%%SUCURI.CurrentURL%%&limit=0" class="button button-primary lastlogins-showall sucuri-%%SUCURI.UserList.ShowAll%%">Show all results</a>
19
  </th>
20
  </tr>
21
  <tr>
22
+ <th class="manage-column">No.</th>
23
  <th class="manage-column">Username</th>
24
  <th class="manage-column">Email</th>
25
  <th class="manage-column">IP Address</th>
inc/tpl/lastlogins.snippet.tpl CHANGED
@@ -1,6 +1,10 @@
1
- <tr>
 
2
  <td>%%SUCURI.UserList.Username%%</td>
3
  <td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
4
  <td>%%SUCURI.UserList.RemoteAddr%%</td>
5
- <td>%%SUCURI.UserList.Datetime%%</td>
 
 
 
6
  </tr>
1
+ <tr class="%%SUCURI.UserList.CssClass%%">
2
+ <td>%%SUCURI.UserList.Number%%</td>
3
  <td>%%SUCURI.UserList.Username%%</td>
4
  <td><a href="mailto:%%SUCURI.UserList.Email%%">%%SUCURI.UserList.Email%%</a></td>
5
  <td>%%SUCURI.UserList.RemoteAddr%%</td>
6
+ <td>
7
+ <span class="sucuriscan-time-ago">%%SUCURI.UserList.TimeAgo%%</span>
8
+ <span class="sucuriscan-datetime">(%%SUCURI.UserList.Datetime%%)</span>
9
+ </td>
10
  </tr>
inc/tpl/posthack.html.tpl CHANGED
@@ -4,17 +4,11 @@
4
  <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
  <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
  </a>
7
- <h2>Sucuri Security WordPress Plugin</h2>
8
  </div>
9
 
10
  <div class="postbox-container" style="width:75%;">
11
  <div class="sucuriscan-maincontent">
12
- <div class="postbox">
13
- <div class="inside">
14
- <h2 align="center">Sucuri Plugin Post-Hack</h2>
15
- </div>
16
- </div>
17
-
18
  <div id="poststuff">
19
  <div class="postbox">
20
  <h3>Update WP-Config Keys</h3>
4
  <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
5
  <img src="%%SUCURI.SucuriURL%%/inc/images/logo.png" alt="Sucuri Security" />
6
  </a>
7
+ <h2>Sucuri Security WordPress Plugin (Post-Hack)</h2>
8
  </div>
9
 
10
  <div class="postbox-container" style="width:75%;">
11
  <div class="sucuriscan-maincontent">
 
 
 
 
 
 
12
  <div id="poststuff">
13
  <div class="postbox">
14
  <h3>Update WP-Config Keys</h3>
inc/tpl/resetpassword.snippet.tpl CHANGED
@@ -1,4 +1,4 @@
1
- <tr>
2
  <th class="check-column">
3
  <input type="checkbox" name="user_ids[]" value="%%SUCURI.ResetPassword.UserId%%" />
4
  </th>
1
+ <tr class="%%SUCURI.ResetPassword.CssClass%%">
2
  <th class="check-column">
3
  <input type="checkbox" name="user_ids[]" value="%%SUCURI.ResetPassword.UserId%%" />
4
  </th>
inc/tpl/sidebar.html.tpl CHANGED
@@ -17,7 +17,7 @@
17
  <li>High Security Website Monitoring</li>
18
  <li>Malicious Traffic Filtering</li>
19
  </ul>
20
- <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" class="button button-primary">Subscribe Now!</a>
21
  <a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Read more</a>
22
  </div>
23
  </div>
17
  <li>High Security Website Monitoring</li>
18
  <li>Malicious Traffic Filtering</li>
19
  </ul>
20
+ <a href="http://cloudproxy.sucuri.net/signup" target="_blank" class="button button-primary">Sign up now</a>
21
  <a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Read more</a>
22
  </div>
23
  </div>
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dd@sucuri.net, dremeda
3
  Donate Link: http://sitecheck.sucuri.net
4
  Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
  Requires at least:3.2
6
- Stable tag:1.5.5
7
- Tested up to: 3.8
8
 
9
  The Sucuri Security - SiteCheck Malware Scanner is a security plugin enables you to scan your WordPress site using Sucuri SiteCheck for security and malware issues, and also verifies the security integrity of your core files right in your dashboard. It also includes post-hack security ions to help you reset passwords and secret keys in case it has been already hacked, or infected with malware.
10
 
@@ -66,6 +66,10 @@ the compromise on your site).
66
 
67
  == Changelog ==
68
 
 
 
 
 
69
  = 1.5.5 =
70
  * Added list of logged in users.
71
  * Added system page.
3
  Donate Link: http://sitecheck.sucuri.net
4
  Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
  Requires at least:3.2
6
+ Stable tag:1.5.6
7
+ Tested up to: 3.8.1
8
 
9
  The Sucuri Security - SiteCheck Malware Scanner is a security plugin enables you to scan your WordPress site using Sucuri SiteCheck for security and malware issues, and also verifies the security integrity of your core files right in your dashboard. It also includes post-hack security ions to help you reset passwords and secret keys in case it has been already hacked, or infected with malware.
10
 
66
 
67
  == Changelog ==
68
 
69
+ = 1.5.6 =
70
+ * Added IPv6 support.
71
+ * Fixed links and messaging.
72
+
73
  = 1.5.5 =
74
  * Added list of logged in users.
75
  * Added system page.
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
  You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
 
9
  Author: Sucuri, INC
10
- Version: 1.5.5
11
  Author URI: http://sucuri.net
12
  */
13
 
@@ -15,12 +15,11 @@ Author URI: http://sucuri.net
15
  /**
16
  * Main file to control the plugin.
17
  *
18
- * @category Bootstrap
19
- * @package Sucuri Security - SiteCheck Malware Scanner
20
- * @author Daniel <dcid@sucuri.net>
21
  * @copyright Since 2010 Sucuri Inc.
22
  * @license Released under the GPL - see LICENSE file for details.
23
- * @version HG: $Id$
24
  * @link https://wordpress.sucuri.net/
25
  * @since File available since Release 0.1
26
  */
@@ -40,12 +39,12 @@ define('SUCURISCAN','sucuriscan');
40
  /**
41
  * Current version of the plugin's code.
42
  */
43
- define('SUCURISCAN_VERSION','1.5.5');
44
 
45
  /**
46
  * The local URL where the plugin's files and assets are served.
47
  */
48
- define('SUCURI_URL',plugin_dir_url( __FILE__ ));
49
 
50
  /**
51
  * The name of the Sucuri plugin main file.
@@ -70,7 +69,7 @@ define('SUCURISCAN_PLUGIN_FILEPATH', SUCURISCAN_PLUGIN_PATH.'/'.SUCURISCAN_PLUGI
70
  /**
71
  * The maximum quantity of entries that will be displayed in the last login page.
72
  */
73
- define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
74
 
75
  if( !function_exists('sucuriscan_create_uploaddir') ){
76
  /**
@@ -132,7 +131,7 @@ function sucuriscan_dir_filepath($path = '')
132
  function sucuriscan_menu()
133
  {
134
  add_menu_page('Sucuri Free', 'Sucuri Free', 'manage_options',
135
- 'sucuriscan', 'sucuri_scan_page', SUCURI_URL.'inc/images/menu-icon.png');
136
  add_submenu_page('sucuriscan', 'Sucuri Scanner', 'Sucuri Scanner', 'manage_options',
137
  'sucuriscan', 'sucuri_scan_page');
138
 
@@ -409,7 +408,7 @@ function sucuriscan_get_remoteaddr()
409
  foreach($alternatives as $alternative){
410
  if( !isset($_SERVER[$alternative]) ){ continue; }
411
 
412
- $remote_addr = preg_replace('/[^0-9., ]/', '', $_SERVER[$alternative]);
413
  if($remote_addr) break;
414
  }
415
 
@@ -484,6 +483,35 @@ function sucuriscan_get_htaccess_path(){
484
  return FALSE;
485
  }
486
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
487
  /**
488
  * Print a HTML code with a form from where the administrator can check the state
489
  * of this site through Sucuri SiteCheck.
@@ -691,20 +719,18 @@ function sucuriscan_print_scan()
691
  *
692
  * @return void
693
  */
694
- function sucuriscan_core_integrity_page()
695
- {
696
-
697
- /* WordPress Integrity page. */
698
 
699
- echo '<div class="wrap">';
700
- echo '<h2 id="warnings_hook"></h2>';
701
- echo '<div class="sucuriscan_header">';
702
- echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
703
- echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
704
- echo '</a>';
705
- sucuriscan_pagestop("Sucuri WordPress Integrity");
706
- echo '</div>';
707
 
 
708
  if(!current_user_can('manage_options'))
709
  {
710
  wp_die(__('You do not have sufficient permissions to access this page: Sucuri Integrity Check') );
@@ -713,12 +739,6 @@ function sucuriscan_core_integrity_page()
713
 
714
  <div class="postbox-container" style="width:75%;">
715
  <div class="sucuriscan-maincontent">
716
- <div class="postbox">
717
- <div class="inside">
718
- <h2 align="center">Sucuri WordPress Integrity Checks</h2>
719
- </div>
720
- </div>
721
-
722
  <?php
723
  if( isset($_POST['wpsucuri-core-integrity']) ){
724
  if(!wp_verify_nonce($_POST['sucuriscan_core_integritynonce'], 'sucuriscan_core_integritynonce'))
@@ -942,7 +962,7 @@ function sucuriwp_core_integrity_check()
942
 
943
  if($cp == 0)
944
  {
945
- echo '<p><img style="position:relative;top:5px" height="22" width="22" src="'.SUCURI_URL.'inc/images/warn.png" />'
946
  .'&nbsp; The current version of your site was detected as <code>'.$wp_version.'</code> which is different to the '
947
  .'official latest version. The integrity check can not run using this version number <a href="'.admin_url('update-core.php').'">'
948
  .'update now</a> to be able to run the integrity check.</p>';
@@ -1199,16 +1219,18 @@ function sucuriscan_check_wp_integrity($version=0){
1199
  *
1200
  * @return void
1201
  */
1202
- function sucuriscan_hardening_page(){
1203
- echo '<div class="wrap">';
1204
- echo '<h2 id="warnings_hook"></h2>';
1205
- echo '<div class="sucuriscan_header">';
1206
- echo '<a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">';
1207
- echo '<img src="'.SUCURI_URL.'/inc/images/logo.png" alt="Sucuri Security" />';
1208
- echo '</a>';
1209
- sucuriscan_pagestop("Sucuri 1-Click Hardening Options");
1210
- echo '</div>';
 
1211
 
 
1212
  if(!current_user_can('manage_options'))
1213
  {
1214
  wp_die(__('You do not have sufficient permissions to access this page: Sucuri Hardening') );
@@ -1217,12 +1239,6 @@ function sucuriscan_hardening_page(){
1217
 
1218
  <div class="postbox-container" style="width:75%">
1219
  <div class="sucuriscan-maincontent">
1220
- <div class="postbox">
1221
- <div class="inside">
1222
- <h2 align="center">Help secure your WordPress install with <a href="http://sucuri.net/signup">Sucuri</a> 1-Click Hardening Options.</h2>
1223
- </div>
1224
- </div>
1225
-
1226
  <?php
1227
  if( isset($_POST['wpsucuri-doharden']) ){
1228
  if(!wp_verify_nonce($_POST['sucuriscan_wphardeningnonce'], 'sucuriscan_wphardeningnonce'))
@@ -1332,35 +1348,19 @@ function sucuriscan_harden_status($status=0, $type='', $messageok='', $messagewa
1332
  echo "<p>$desc</p>";
1333
  }
1334
 
1335
- if($status == 1)
1336
- {
1337
- echo '<h4>'.
1338
- '<img style="position:relative;top:5px" height="22" width="22"'.
1339
- 'src="'.SUCURI_URL.'inc/images/ok.png" /> &nbsp; '.
1340
- $messageok.'.</h4>';
1341
-
1342
- if($updatemsg != NULL){ echo $updatemsg; }
1343
-
1344
- if($type != NULL)
1345
- {
1346
- echo "<input type='submit' name='{$type}_unharden' value='Revert hardening' class='button-secondary' />";
1347
- echo '<br /><br />';
1348
  }
1349
  }
1350
- else
1351
- {
1352
- echo '<h4>'.
1353
- '<img style="position:relative;top:5px" height="22" width="22"'.
1354
- 'src="'.SUCURI_URL.'inc/images/warn.png" /> &nbsp; '.
1355
- $messagewarn. '.</h4>';
1356
 
1357
- if($updatemsg != NULL){ echo $updatemsg; }
1358
-
1359
- if($type != NULL)
1360
- {
1361
- echo '<input class="button-primary" type="submit" name="'.$type.'"
1362
- value="Harden it!" />';
1363
- }
1364
  }
1365
  }
1366
 
@@ -1373,42 +1373,38 @@ function sucuriscan_harden_status($status=0, $type='', $messageok='', $messagewa
1373
  function sucuriscan_harden_version()
1374
  {
1375
  global $wp_version;
1376
- $cp = 0;
1377
  $updates = get_core_updates();
1378
- if (!is_array($updates))
1379
- {
1380
- $cp = 1;
1381
- }
1382
- else if(empty($updates))
1383
- {
1384
- $cp = 1;
1385
- }
1386
- else if($updates[0]->response == 'latest')
1387
- {
1388
  $cp = 1;
 
 
1389
  }
 
1390
  if(strcmp($wp_version, "3.7") < 0)
1391
  {
1392
  $cp = 0;
1393
  }
1394
- $wp_version = htmlspecialchars($wp_version);
1395
-
1396
-
1397
- sucuriscan_wrapper_open("Verify WordPress Version");
1398
 
 
 
 
 
 
 
 
 
 
 
 
 
1399
 
1400
- sucuriscan_harden_status($cp, NULL,
1401
- "WordPress is updated", "WordPress is not updated",
1402
- NULL);
1403
-
1404
- if($cp == 0)
1405
- {
1406
- echo "<p>Your current version ($wp_version) is not current.</p><p><a class='button-primary' href='update-core.php'>Update now!</a></p>";
1407
- }
1408
- else
1409
- {
1410
- echo "<p>Your WordPress installation ($wp_version) is current.</p>";
1411
- }
1412
  sucuriscan_wrapper_close();
1413
  }
1414
 
@@ -1581,11 +1577,15 @@ function sucuriscan_harden_wpcontent()
1581
  }
1582
 
1583
  sucuriscan_wrapper_open("Restrict wp-content Access");
1584
- sucuriscan_harden_status($cp, "sucuriscan_harden_wpcontent",
1585
- "WP-content directory properly hardened",
1586
- "WP-content directory not hardened",
1587
- "This option blocks direct PHP access to any file inside wp-content. <p><strong>WARN: <span class='error-message'>Do not enable this option if ".
1588
- "your site uses TimThumb or similar scripts.</span> If you enable and you need to disable, please remove the .htaccess from wp-content.</strong></p>", $upmsg);
 
 
 
 
1589
  sucuriscan_wrapper_close();
1590
  }
1591
 
@@ -1701,20 +1701,22 @@ function sucuriscan_harden_phpversion()
1701
  * @return void
1702
  */
1703
  function sucuriscan_cloudproxy_enabled(){
 
1704
  $enabled = sucuriscan_is_behind_cloudproxy();
 
 
 
1705
 
1706
  sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
1707
  sucuriscan_harden_status(
1708
  $enabled, NULL,
1709
  'Your website is protected by a Website Firewall (WAF)',
1710
- 'Your website is not protected by a Website Firewall (WAF)',
1711
- 'A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS, SQL injections, etc) and helping it remain
1712
- malware and blacklist free. This test checks if your site is using <a href="http://cloudproxy.sucuri.net/" target="_blank">Sucuri\'s CloudProxy WAF</a> to protect your site. ',
 
1713
  NULL
1714
  );
1715
- if( $enabled!==TRUE ){
1716
- echo '<a href="http://cloudproxy.sucuri.net" target="_blank" class="button button-primary">Harden it!</a>';
1717
- }
1718
  sucuriscan_wrapper_close();
1719
  }
1720
 
@@ -1810,13 +1812,16 @@ function sucuriscan_posthack_page()
1810
  }
1811
 
1812
  // Fill the user list for ResetPassword action.
 
1813
  $user_list = get_users();
1814
  foreach($user_list as $user){
 
1815
  $user_snippet = sucuriscan_get_template('resetpassword.snippet.tpl', array(
1816
  'ResetPassword.UserId'=>$user->ID,
1817
  'ResetPassword.Username'=>$user->user_login,
1818
  'ResetPassword.Displayname'=>$user->display_name,
1819
- 'ResetPassword.Email'=>$user->user_email
 
1820
  ));
1821
  $template_variables['ResetPassword.UserList'] .= $user_snippet;
1822
  }
@@ -1844,6 +1849,7 @@ function sucuriscan_lastlogins_page()
1844
  'LastLoginsNonce'=>wp_create_nonce('sucuriscan_lastlogins_nonce'),
1845
  'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
1846
  'UserList'=>'',
 
1847
  'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
1848
  );
1849
 
@@ -1856,14 +1862,19 @@ function sucuriscan_lastlogins_page()
1856
  $limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
1857
  $template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
1858
 
 
1859
  $user_list = sucuriscan_get_logins($limit);
1860
  foreach($user_list as $user){
 
1861
  $user_snippet = sucuriscan_get_template('lastlogins.snippet.tpl', array(
 
1862
  'UserList.UserId'=>intval($user->ID),
1863
  'UserList.Username'=>( !is_null($user->user_login) ? $user->user_login : '<em>Unknown</em>' ),
1864
  'UserList.Email'=>$user->user_email,
1865
  'UserList.RemoteAddr'=>$user->user_remoteaddr,
1866
- 'UserList.Datetime'=>$user->user_lastlogin
 
 
1867
  ));
1868
  $template_variables['UserList'] .= $user_snippet;
1869
  }
@@ -2238,11 +2249,14 @@ function sucuriscan_infosys_wpconfig(){
2238
  }
2239
 
2240
  // Pass the WordPress configuration rules to the template and show them.
 
2241
  foreach( $wp_config_rules as $var_name=>$var_value ){
 
2242
  $template_variables['WordpressConfig.Total'] += 1;
2243
  $template_variables['WordpressConfig.Rules'] .= sucuriscan_get_template('infosys-wpconfig.snippet.tpl', array(
2244
  'WordpressConfig.VariableName' => $var_name,
2245
  'WordpressConfig.VariableValue' => htmlentities($var_value),
 
2246
  ));
2247
  }
2248
  }
@@ -2266,7 +2280,9 @@ function sucuriscan_infosys_loggedin(){
2266
  if( is_array($logged_in_users) && !empty($logged_in_users) ){
2267
  $template_variables['LoggedInUsers.Total'] = count($logged_in_users);
2268
 
 
2269
  foreach( (array)$logged_in_users as $logged_in_user ){
 
2270
  $logged_in_user['last_activity_datetime'] = date('d/M/Y H:i', $logged_in_user['last_activity']);
2271
  $logged_in_user['user_registered_datetime'] = date('d/M/Y H:i', strtotime($logged_in_user['user_registered']));
2272
 
@@ -2278,6 +2294,7 @@ function sucuriscan_infosys_loggedin(){
2278
  'LoggedInUsers.LastActivity' => $logged_in_user['last_activity_datetime'],
2279
  'LoggedInUsers.Registered' => $logged_in_user['user_registered_datetime'],
2280
  'LoggedInUsers.RemoveAddr' => $logged_in_user['remote_addr'],
 
2281
  ));
2282
  }
2283
  }
@@ -2456,10 +2473,12 @@ function sucuriscan_show_cronjobs(){
2456
  $cronjobs = _get_cron_array();
2457
  $schedules = wp_get_schedules();
2458
  $date_format = _x('M j, Y - H:i', 'Publish box date format', 'cron-view' );
 
2459
 
2460
  foreach( $cronjobs as $timestamp=>$cronhooks ){
2461
  foreach( (array)$cronhooks as $hook=>$events ){
2462
  foreach( (array)$events as $key=>$event ){
 
2463
  $cronjob_snippet = '';
2464
  $template_variables['Cronjobs.Total'] += 1;
2465
  $template_variables['Cronjobs.List'] .= sucuriscan_get_template('infosys-cronjobs.snippet.tpl', array(
@@ -2467,7 +2486,8 @@ function sucuriscan_show_cronjobs(){
2467
  'Cronjob.Schedule' => $event['schedule'],
2468
  'Cronjob.Nexttime' => date_i18n($date_format, $timestamp),
2469
  'Cronjob.Hook' => $hook,
2470
- 'Cronjob.Arguments' => implode(', ', $event['args'])
 
2471
  ));
2472
  }
2473
  }
7
  You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
 
9
  Author: Sucuri, INC
10
+ Version: 1.5.6
11
  Author URI: http://sucuri.net
12
  */
13
 
15
  /**
16
  * Main file to control the plugin.
17
  *
18
+ * @package Sucuri Plugin - SiteCheck Malware Scanner
19
+ * @author Yorman Arias <yorman.arias@sucuri.net>
20
+ * @author Daniel Cid <dcid@sucuri.net>
21
  * @copyright Since 2010 Sucuri Inc.
22
  * @license Released under the GPL - see LICENSE file for details.
 
23
  * @link https://wordpress.sucuri.net/
24
  * @since File available since Release 0.1
25
  */
39
  /**
40
  * Current version of the plugin's code.
41
  */
42
+ define('SUCURISCAN_VERSION','1.5.6');
43
 
44
  /**
45
  * The local URL where the plugin's files and assets are served.
46
  */
47
+ define('SUCURI_URL', rtrim(plugin_dir_url( __FILE__ ),'/') );
48
 
49
  /**
50
  * The name of the Sucuri plugin main file.
69
  /**
70
  * The maximum quantity of entries that will be displayed in the last login page.
71
  */
72
+ define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 50);
73
 
74
  if( !function_exists('sucuriscan_create_uploaddir') ){
75
  /**
131
  function sucuriscan_menu()
132
  {
133
  add_menu_page('Sucuri Free', 'Sucuri Free', 'manage_options',
134
+ 'sucuriscan', 'sucuri_scan_page', SUCURI_URL.'/inc/images/menu-icon.png');
135
  add_submenu_page('sucuriscan', 'Sucuri Scanner', 'Sucuri Scanner', 'manage_options',
136
  'sucuriscan', 'sucuri_scan_page');
137
 
408
  foreach($alternatives as $alternative){
409
  if( !isset($_SERVER[$alternative]) ){ continue; }
410
 
411
+ $remote_addr = preg_replace('/[^0-9a-z.,: ]/', '', $_SERVER[$alternative]);
412
  if($remote_addr) break;
413
  }
414
 
483
  return FALSE;
484
  }
485
 
486
+ /**
487
+ * Return the time passed since the specified timestamp until now.
488
+ *
489
+ * @param integer $timestamp The Unix time number of the date/time before now.
490
+ * @return string The time passed since the timestamp specified.
491
+ */
492
+ function sucuriscan_time_ago($timestamp=0){
493
+ if( !is_numeric($timestamp) ){
494
+ $timestamp = strtotime($timestamp);
495
+ }
496
+
497
+ $diff = time() - (int)$timestamp;
498
+
499
+ if( $diff == 0 ){ return 'just now'; }
500
+
501
+ $intervals = array(
502
+ 1 => array('year', 31556926),
503
+ $diff < 31556926 => array('month', 2628000),
504
+ $diff < 2629744 => array('week', 604800),
505
+ $diff < 604800 => array('day', 86400),
506
+ $diff < 86400 => array('hour', 3600),
507
+ $diff < 3600 => array('minute', 60),
508
+ $diff < 60 => array('second', 1)
509
+ );
510
+
511
+ $value = floor($diff/$intervals[1][1]);
512
+ return $value.chr(32).$intervals[1][0].($value > 1 ? 's' : '').' ago';
513
+ }
514
+
515
  /**
516
  * Print a HTML code with a form from where the administrator can check the state
517
  * of this site through Sucuri SiteCheck.
719
  *
720
  * @return void
721
  */
722
+ function sucuriscan_core_integrity_page(){ ?>
 
 
 
723
 
724
+ <div class="wrap">
725
+ <h2 id="warnings_hook"></h2>
726
+ <div class="sucuriscan_header">
727
+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
728
+ <img src="<?php echo SUCURI_URL; ?>/inc/images/logo.png" alt="Sucuri Security" />
729
+ </a>
730
+ <h2>Sucuri Security WordPress Plugin (WordPress Integrity)</h2>
731
+ </div>
732
 
733
+ <?php
734
  if(!current_user_can('manage_options'))
735
  {
736
  wp_die(__('You do not have sufficient permissions to access this page: Sucuri Integrity Check') );
739
 
740
  <div class="postbox-container" style="width:75%;">
741
  <div class="sucuriscan-maincontent">
 
 
 
 
 
 
742
  <?php
743
  if( isset($_POST['wpsucuri-core-integrity']) ){
744
  if(!wp_verify_nonce($_POST['sucuriscan_core_integritynonce'], 'sucuriscan_core_integritynonce'))
962
 
963
  if($cp == 0)
964
  {
965
+ echo '<p><img style="position:relative;top:5px" height="22" width="22" src="'.SUCURI_URL.'/inc/images/warn.png" />'
966
  .'&nbsp; The current version of your site was detected as <code>'.$wp_version.'</code> which is different to the '
967
  .'official latest version. The integrity check can not run using this version number <a href="'.admin_url('update-core.php').'">'
968
  .'update now</a> to be able to run the integrity check.</p>';
1219
  *
1220
  * @return void
1221
  */
1222
+ function sucuriscan_hardening_page(){ ?>
1223
+
1224
+ <div class="wrap">
1225
+ <h2 id="warnings_hook"></h2>
1226
+ <div class="sucuriscan_header">
1227
+ <a href="http://sucuri.net/signup" target="_blank" title="Sucuri Security">
1228
+ <img src="<?php echo SUCURI_URL; ?>/inc/images/logo.png" alt="Sucuri Security" />
1229
+ </a>
1230
+ <h2>Sucuri Security WordPress Plugin (1-Click Hardening)</h2>
1231
+ </div>
1232
 
1233
+ <?php
1234
  if(!current_user_can('manage_options'))
1235
  {
1236
  wp_die(__('You do not have sufficient permissions to access this page: Sucuri Hardening') );
1239
 
1240
  <div class="postbox-container" style="width:75%">
1241
  <div class="sucuriscan-maincontent">
 
 
 
 
 
 
1242
  <?php
1243
  if( isset($_POST['wpsucuri-doharden']) ){
1244
  if(!wp_verify_nonce($_POST['sucuriscan_wphardeningnonce'], 'sucuriscan_wphardeningnonce'))
1348
  echo "<p>$desc</p>";
1349
  }
1350
 
1351
+ $btn_string = '';
1352
+ if( $type != NULL ){
1353
+ if( $status == 1 ){
1354
+ $btn_string = sprintf('<input type="submit" name="%s_unharden" value="Revert hardening" class="button-secondary" />', $type);
1355
+ } else {
1356
+ $btn_string = sprintf('<input type="submit" name="%s" value="Harden" class="button-primary" />', $type);
 
 
 
 
 
 
 
1357
  }
1358
  }
 
 
 
 
 
 
1359
 
1360
+ $message = ( $status == 1 ) ? $messageok : $messagewarn;
1361
+ printf( '<div class="sucuriscan-hstatus sucuriscan-hstatus-%d">%s<span>%s</span></div>', $status, $btn_string, $message );
1362
+ if($updatemsg != NULL){
1363
+ printf( '<p>%s</p>', $updatemsg );
 
 
 
1364
  }
1365
  }
1366
 
1373
  function sucuriscan_harden_version()
1374
  {
1375
  global $wp_version;
1376
+
1377
  $updates = get_core_updates();
1378
+ if(
1379
+ !is_array($updates)
1380
+ || empty($updates)
1381
+ || $updates[0]->response == 'latest'
1382
+ ){
 
 
 
 
 
1383
  $cp = 1;
1384
+ } else {
1385
+ $cp = 0;
1386
  }
1387
+
1388
  if(strcmp($wp_version, "3.7") < 0)
1389
  {
1390
  $cp = 0;
1391
  }
 
 
 
 
1392
 
1393
+ $wp_version = htmlspecialchars($wp_version);
1394
+ $initial_msg = 'Why keep your site updated? WordPress is an open-source
1395
+ project which means that with every update the details of the changes made
1396
+ to the source code are made public, if there were security fixes then
1397
+ someone with malicious intent can use this information to attack any site
1398
+ that has not been upgraded.';
1399
+ $messageok = sprintf('Your WordPress installation (%s) is current.', $wp_version);
1400
+ $messagewarn = sprintf(
1401
+ 'Your current version (%s) is not current.<br>
1402
+ <a href="update-core.php" class="button-primary">Update now!</a>',
1403
+ $wp_version
1404
+ );
1405
 
1406
+ sucuriscan_wrapper_open('Verify WordPress Version');
1407
+ sucuriscan_harden_status( $cp, NULL, $messageok, $messagewarn, $initial_msg );
 
 
 
 
 
 
 
 
 
 
1408
  sucuriscan_wrapper_close();
1409
  }
1410
 
1577
  }
1578
 
1579
  sucuriscan_wrapper_open("Restrict wp-content Access");
1580
+ sucuriscan_harden_status(
1581
+ $cp,
1582
+ 'sucuriscan_harden_wpcontent',
1583
+ 'WP-content directory properly hardened',
1584
+ 'WP-content directory not hardened',
1585
+ 'This option blocks direct PHP access to any file inside wp-content. If you experience any
1586
+ issue after this with a theme or plugin in your site, like for example images not displaying,
1587
+ remove the <code>.htaccess</code> file located at the <code>/wp-content/</code> directory.',
1588
+ $upmsg);
1589
  sucuriscan_wrapper_close();
1590
  }
1591
 
1701
  * @return void
1702
  */
1703
  function sucuriscan_cloudproxy_enabled(){
1704
+ $btn_string = '';
1705
  $enabled = sucuriscan_is_behind_cloudproxy();
1706
+ if( $enabled!==TRUE ){
1707
+ $btn_string = '<a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Harden</a>';
1708
+ }
1709
 
1710
  sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
1711
  sucuriscan_harden_status(
1712
  $enabled, NULL,
1713
  'Your website is protected by a Website Firewall (WAF)',
1714
+ $btn_string . 'Your website is not protected by a Website Firewall (WAF)',
1715
+ 'A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS,
1716
+ SQL injections, etc) and helping it remain malware and blacklist free. This test checks if your site is
1717
+ using <a href="http://cloudproxy.sucuri.net/" target="_blank">Sucuri\'s CloudProxy WAF</a> to protect your site. ',
1718
  NULL
1719
  );
 
 
 
1720
  sucuriscan_wrapper_close();
1721
  }
1722
 
1812
  }
1813
 
1814
  // Fill the user list for ResetPassword action.
1815
+ $counter = 0;
1816
  $user_list = get_users();
1817
  foreach($user_list as $user){
1818
+ $counter += 1;
1819
  $user_snippet = sucuriscan_get_template('resetpassword.snippet.tpl', array(
1820
  'ResetPassword.UserId'=>$user->ID,
1821
  'ResetPassword.Username'=>$user->user_login,
1822
  'ResetPassword.Displayname'=>$user->display_name,
1823
+ 'ResetPassword.Email'=>$user->user_email,
1824
+ 'ResetPassword.CssClass'=>( $counter%2 == 0 ) ? '' : 'alternate'
1825
  ));
1826
  $template_variables['ResetPassword.UserList'] .= $user_snippet;
1827
  }
1849
  'LastLoginsNonce'=>wp_create_nonce('sucuriscan_lastlogins_nonce'),
1850
  'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
1851
  'UserList'=>'',
1852
+ 'UserListLimit'=>SUCURISCAN_LASTLOGINS_USERSLIMIT,
1853
  'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
1854
  );
1855
 
1862
  $limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
1863
  $template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
1864
 
1865
+ $counter = 0;
1866
  $user_list = sucuriscan_get_logins($limit);
1867
  foreach($user_list as $user){
1868
+ $counter += 1;
1869
  $user_snippet = sucuriscan_get_template('lastlogins.snippet.tpl', array(
1870
+ 'UserList.Number'=>$counter,
1871
  'UserList.UserId'=>intval($user->ID),
1872
  'UserList.Username'=>( !is_null($user->user_login) ? $user->user_login : '<em>Unknown</em>' ),
1873
  'UserList.Email'=>$user->user_email,
1874
  'UserList.RemoteAddr'=>$user->user_remoteaddr,
1875
+ 'UserList.Datetime'=>$user->user_lastlogin,
1876
+ 'UserList.TimeAgo'=>sucuriscan_time_ago($user->user_lastlogin),
1877
+ 'UserList.CssClass'=>( $counter%2 == 0 ) ? '' : 'alternate'
1878
  ));
1879
  $template_variables['UserList'] .= $user_snippet;
1880
  }
2249
  }
2250
 
2251
  // Pass the WordPress configuration rules to the template and show them.
2252
+ $counter = 0;
2253
  foreach( $wp_config_rules as $var_name=>$var_value ){
2254
+ $counter += 1;
2255
  $template_variables['WordpressConfig.Total'] += 1;
2256
  $template_variables['WordpressConfig.Rules'] .= sucuriscan_get_template('infosys-wpconfig.snippet.tpl', array(
2257
  'WordpressConfig.VariableName' => $var_name,
2258
  'WordpressConfig.VariableValue' => htmlentities($var_value),
2259
+ 'WordpressConfig.CssClass' => ( $counter%2 == 0 ) ? '' : 'alternate'
2260
  ));
2261
  }
2262
  }
2280
  if( is_array($logged_in_users) && !empty($logged_in_users) ){
2281
  $template_variables['LoggedInUsers.Total'] = count($logged_in_users);
2282
 
2283
+ $counter = 0;
2284
  foreach( (array)$logged_in_users as $logged_in_user ){
2285
+ $counter += 1;
2286
  $logged_in_user['last_activity_datetime'] = date('d/M/Y H:i', $logged_in_user['last_activity']);
2287
  $logged_in_user['user_registered_datetime'] = date('d/M/Y H:i', strtotime($logged_in_user['user_registered']));
2288
 
2294
  'LoggedInUsers.LastActivity' => $logged_in_user['last_activity_datetime'],
2295
  'LoggedInUsers.Registered' => $logged_in_user['user_registered_datetime'],
2296
  'LoggedInUsers.RemoveAddr' => $logged_in_user['remote_addr'],
2297
+ 'LoggedInUsers.CssClass' => ( $counter%2 == 0 ) ? '' : 'alternate'
2298
  ));
2299
  }
2300
  }
2473
  $cronjobs = _get_cron_array();
2474
  $schedules = wp_get_schedules();
2475
  $date_format = _x('M j, Y - H:i', 'Publish box date format', 'cron-view' );
2476
+ $counter = 0;
2477
 
2478
  foreach( $cronjobs as $timestamp=>$cronhooks ){
2479
  foreach( (array)$cronhooks as $hook=>$events ){
2480
  foreach( (array)$events as $key=>$event ){
2481
+ $counter += 1;
2482
  $cronjob_snippet = '';
2483
  $template_variables['Cronjobs.Total'] += 1;
2484
  $template_variables['Cronjobs.List'] .= sucuriscan_get_template('infosys-cronjobs.snippet.tpl', array(
2486
  'Cronjob.Schedule' => $event['schedule'],
2487
  'Cronjob.Nexttime' => date_i18n($date_format, $timestamp),
2488
  'Cronjob.Hook' => $hook,
2489
+ 'Cronjob.Arguments' => implode(', ', $event['args']),
2490
+ 'Cronjob.CssClass' => ( $counter%2 == 0 ) ? '' : 'alternate'
2491
  ));
2492
  }
2493
  }