Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.7.11

Version Description

  • Reverted change for CloudProxy detection to protect legacy users
Download this release

Release Info

Developer akresic
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.7.11
Comparing to
See all releases

Code changes from version 1.7.10 to 1.7.11

inc/css/sucuriscan-default-css.css CHANGED
@@ -41,13 +41,15 @@
41
.wp-core-ui .button-danger-disabled, .wp-core-ui .button-danger.disabled, .wp-core-ui .button-danger:disabled, .wp-core-ui .button-danger[disabled]{color:#e79494 !important;background:#ba2929 !important;border-color:#7f1b1b !important}
42
.wp-core-ui .sucuriscan-btnblock{display:block;width:100%;text-align:center}
43
/* Modal Window */
44
- .sucuriscan-overlay{position:fixed;top:0;left:0;bottom:0;right:0;z-index:800;background:rgba(0, 0, 0, 0.5)}
45
- .sucuriscan-modal{position:fixed;top:100px;left:50%;z-index:900}
46
- .sucuriscan-modal-outside{position:relative;left:-50%;border:1px solid #ddd}
47
.sucuriscan-modal-inside{background:#fff;padding:20px}
48
- .sucuriscan-modal-header{padding:10px 20px;border-bottom:1px solid #ddd}
49
- .sucuriscan-modal-header .sucuriscan-modal-title{min-height:18px;margin:0}
50
- .sucuriscan-modal-close{display:inline-block;position:absolute;top:0;right:0;font-size:16px;font-weight:bold;text-decoration:none;line-height:39px;padding:0 15px;border-left:1px solid #ddd}
51
.sucuriscan-modal-inside p:first-child{margin-top:0}
52
.sucuriscan-modal-inside p:last-child{margin-bottom:0}
53
/* Label and Tags */
@@ -90,6 +92,7 @@
90
.sucuriscan-maincontent .sucuriscan-table tr > th{border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5}
91
.sucuriscan-maincontent .sucuriscan-table tr:first-child th{border-top:0}
92
.sucuriscan-maincontent .sucuriscan-table td.check-column{padding:8px 10px}
93
.sucuriscan-table-double-title tr:first-child th{border-bottom:0}
94
.sucuriscan-table-triple-title tr:first-child th, .sucuriscan-table-triple-title tr:first-child + tr th{border-bottom:0}
95
.sucuriscan-table-quad-title tr:first-child th, .sucuriscan-table-quad-title tr:first-child + tr th, .sucuriscan-table-quad-title tr:first-child + tr + tr th{border-bottom:0}
@@ -283,8 +286,13 @@ td.sucuriscan-corefiles-warning > div{background:#f2dede;color:#a94442;border-co
283
.sucuriscan-about li label{font-weight:bold;vertical-align:initial}
284
/* API Registered Modal */
285
.sucuriscan-apikey-registered{}
286
- .sucuriscan-apikey-registered .sucuriscan-pull-right{width:400px;margin-left:20px}
287
.sucuriscan-apikey-registered .sucuriscan-sitelogo{background-position:0 -17px;height:83px}
288
/* Pagination Styles */
289
.sucuriscan-pagination{display:inline-block;margin:0;padding:0;border-radius:4px}
290
.sucuriscan-pagination>li{display:inline}
@@ -373,7 +381,6 @@ td.sucuriscan-corefiles-warning > div{background:#f2dede;color:#a94442;border-co
373
.sucuriscan-maincontent #poststuff{min-width:initial;padding-top:0}
374
.sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
375
.sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
376
- .sucuriscan-maincontent .alternate{background:#f5f5f5}
377
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
378
.sucuriscan-maincontent table td > table{background:#fff}
379
.sucuriscan-maincontent table td > table th{padding:4px 8px}
41
.wp-core-ui .button-danger-disabled, .wp-core-ui .button-danger.disabled, .wp-core-ui .button-danger:disabled, .wp-core-ui .button-danger[disabled]{color:#e79494 !important;background:#ba2929 !important;border-color:#7f1b1b !important}
42
.wp-core-ui .sucuriscan-btnblock{display:block;width:100%;text-align:center}
43
/* Modal Window */
44
+ .sucuriscan-overlay{position:fixed;top:0;left:0;bottom:0;right:0;z-index:9990;background:rgba(0, 0, 0, 0.5)}
45
+ .sucuriscan-modal{position:fixed;top:52px;left:26%;z-index:9990;width:48%}
46
+ .sucuriscan-modal-outside{position:relative;left:0;border:1px solid #ddd}
47
.sucuriscan-modal-inside{background:#fff;padding:20px}
48
+ .sucuriscan-modal-header{padding:0;border-bottom:1px solid #ddd}
49
+ .sucuriscan-modal-header .sucuriscan-modal-title{float:left;line-height:38px;margin:0;margin-left:10px}
50
+ .sucuriscan-modal-header .sucuriscan-modal-logo{display:inline-block;float:left;margin-top:8px;margin-left:18px}
51
+ .sucuriscan-modal-header .sucuriscan-modal-logo img{height:22px}
52
+ .sucuriscan-modal-close{display:inline-block;position:absolute;top:0;right:0;font-size:16px;font-weight:bold;text-decoration:none;line-height:38px;padding:0 15px;border-left:1px solid #ddd}
53
.sucuriscan-modal-inside p:first-child{margin-top:0}
54
.sucuriscan-modal-inside p:last-child{margin-bottom:0}
55
/* Label and Tags */
92
.sucuriscan-maincontent .sucuriscan-table tr > th{border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5}
93
.sucuriscan-maincontent .sucuriscan-table tr:first-child th{border-top:0}
94
.sucuriscan-maincontent .sucuriscan-table td.check-column{padding:8px 10px}
95
+ .sucuriscan-maincontent .sucuriscan-striped-table tr:nth-child(even){background:#f5f5f5}
96
.sucuriscan-table-double-title tr:first-child th{border-bottom:0}
97
.sucuriscan-table-triple-title tr:first-child th, .sucuriscan-table-triple-title tr:first-child + tr th{border-bottom:0}
98
.sucuriscan-table-quad-title tr:first-child th, .sucuriscan-table-quad-title tr:first-child + tr th, .sucuriscan-table-quad-title tr:first-child + tr + tr th{border-bottom:0}
286
.sucuriscan-about li label{font-weight:bold;vertical-align:initial}
287
/* API Registered Modal */
288
.sucuriscan-apikey-registered{}
289
+ .sucuriscan-apikey-registered .sucuriscan-pull-right{width:400px}
290
.sucuriscan-apikey-registered .sucuriscan-sitelogo{background-position:0 -17px;height:83px}
291
+ /* Setup Instructions Modal */
292
+ .sucuriscan-setup-instructions{}
293
+ .sucuriscan-setup-instructions .form-table{}
294
+ .sucuriscan-setup-instructions .form-table td{padding:0;padding-bottom:12px}
295
+ .sucuriscan-setup-instructions .form-table select{max-width:400px}
296
/* Pagination Styles */
297
.sucuriscan-pagination{display:inline-block;margin:0;padding:0;border-radius:4px}
298
.sucuriscan-pagination>li{display:inline}
381
.sucuriscan-maincontent #poststuff{min-width:initial;padding-top:0}
382
.sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
383
.sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
384
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
385
.sucuriscan-maincontent table td > table{background:#fff}
386
.sucuriscan-maincontent table td > table th{padding:4px 8px}
inc/js/sucuriscan-scripts.js CHANGED
@@ -10,6 +10,18 @@ function sucuriscan_alert_close(id){
10
}
11
12
jQuery(document).ready(function($){
13
if( $('.sucuriscan-tabs').length ){
14
var hidden_class = 'sucuriscan-hidden';
15
var active_class = 'sucuriscan-tab-active';
10
}
11
12
jQuery(document).ready(function($){
13
+ $('.sucuriscan-modal-btn').on('click', function(ev){
14
+ ev.preventDefault();
15
+ var modalid = $(this).data('modalid');
16
+ $('div.' + modalid).removeClass('sucuriscan-hidden');
17
+ });
18
+
19
+ $('.sucuriscan-overlay, .sucuriscan-modal-close').on('click', function(ev){
20
+ ev.preventDefault();
21
+ $('.sucuriscan-overlay').addClass('sucuriscan-hidden');
22
+ $('.sucuriscan-modal').addClass('sucuriscan-hidden');
23
+ });
24
+
25
if( $('.sucuriscan-tabs').length ){
26
var hidden_class = 'sucuriscan-hidden';
27
var active_class = 'sucuriscan-tab-active';
inc/tpl/modalwindow.html.tpl CHANGED
@@ -1,12 +1,15 @@
1
2
- <div class="sucuriscan-overlay"></div>
3
4
- <div class="sucuriscan-modal">
5
<div class="sucuriscan-modal-outside %%SUCURI.CssClass%%">
6
7
- <div class="sucuriscan-modal-header">
8
- <a href="#" class="sucuriscan-modal-close">&times;</a>
9
<h3 class="sucuriscan-modal-title">%%SUCURI.Title%%</h3>
10
</div>
11
12
<div class="sucuriscan-modal-inside">
@@ -15,12 +18,3 @@
15
16
</div>
17
</div>
18
-
19
- <script type="text/javascript">
20
- jQuery(function($){
21
- $('.sucuriscan-overlay, .sucuriscan-modal-close').on('click', function(e){
22
- e.preventDefault();
23
- $('.sucuriscan-overlay, .sucuriscan-modal').remove();
24
- });
25
- });
26
- </script>
1
2
+ <div class="sucuriscan-overlay %%SUCURI.Visibility%% %%SUCURI.Identifier%%"></div>
3
4
+ <div class="sucuriscan-modal %%SUCURI.Visibility%% %%SUCURI.Identifier%%">
5
<div class="sucuriscan-modal-outside %%SUCURI.CssClass%%">
6
7
+ <div class="sucuriscan-modal-header sucuriscan-clearfix">
8
+ <a href="https://sucuri.net/" target="_blank" class="sucuriscan-modal-logo">
9
+ <img src="%%SUCURI.SucuriURL%%/inc/images/antivirus-logo-x42.png" />
10
+ </a>
11
<h3 class="sucuriscan-modal-title">%%SUCURI.Title%%</h3>
12
+ <a href="#" class="sucuriscan-modal-close">&times;</a>
13
</div>
14
15
<div class="sucuriscan-modal-inside">
18
19
</div>
20
</div>
inc/tpl/settings-apiregistered.html.tpl CHANGED
@@ -10,7 +10,6 @@
10
and better posture, all with the intent of reducing risk.
11
</p>
12
13
- <a href="%%SUCURI.URL.Home%%" class="button button-primary">Go to your Dashboard</a>
14
</div>
15
</div>
16
-
10
and better posture, all with the intent of reducing risk.
11
</p>
12
13
+ <a href="%%SUCURI.URL.Home%%" class="button button-primary">Go to the dashboard</a>
14
</div>
15
</div>
inc/tpl/settings-general.html.tpl CHANGED
@@ -1,7 +1,7 @@
1
2
%%SUCURI.ModalWhenAPIRegistered%%
3
4
- <table class="wp-list-table widefat sucuriscan-table sucuriscan-settings">
5
<thead>
6
<tr>
7
<th colspan="3" class="thead-with-button">
@@ -49,7 +49,7 @@
49
</td>
50
</tr>
51
52
- <tr class="alternate">
53
<td width="200">Sucuri API key</td>
54
<td>
55
<span class="sucuriscan-monospace">%%SUCURI.APIKey%%</span>
@@ -85,7 +85,19 @@
85
</td>
86
</tr>
87
88
- <tr class="alternate">
89
<td>Send plugin alerts to</td>
90
<td>%%SUCURI.NotifyTo%%</td>
91
<td class="td-with-button">
@@ -111,7 +123,7 @@
111
</td>
112
</tr>
113
114
- <tr class="alternate">
115
<td>Consider brute-force after</td>
116
<td>%%SUCURI.MaximumFailedLogins%%</td>
117
<td class="td-with-button">
@@ -139,7 +151,7 @@
139
</td>
140
</tr>
141
142
- <tr class="alternate">
143
<td>API request timeout</td>
144
<td>%%SUCURI.RequestTimeout%%</td>
145
<td class="td-with-button">
@@ -157,7 +169,7 @@
157
<td>&nbsp;</td>
158
</tr>
159
160
- <tr class="alternate">
161
<td>API proxy <em>(auth)</em></td>
162
<td>
163
<span class="sucuriscan-monospace">%%SUCURI.APIProxy.Username%%</span>
@@ -180,7 +192,7 @@
180
</td>
181
</tr>
182
183
- <tr class="alternate">
184
<td>Support reverse proxy</td>
185
<td>%%SUCURI.ReverseProxyStatus%%</td>
186
<td class="td-with-button">
@@ -204,7 +216,7 @@
204
</td>
205
</tr>
206
207
- <tr class="alternate">
208
<td>Audit report limit</td>
209
<td>Process latest %%SUCURI.AuditReportLimit%% logs</td>
210
<td class="td-with-button">
@@ -228,7 +240,7 @@
228
</td>
229
</tr>
230
231
- <tr class="alternate">
232
<td>Plugin advertisement</td>
233
<td>%%SUCURI.AdsVisibility%%</td>
234
<td class="td-with-button">
1
2
%%SUCURI.ModalWhenAPIRegistered%%
3
4
+ <table class="wp-list-table widefat sucuriscan-table sucuriscan-striped-table sucuriscan-settings">
5
<thead>
6
<tr>
7
<th colspan="3" class="thead-with-button">
49
</td>
50
</tr>
51
52
+ <tr>
53
<td width="200">Sucuri API key</td>
54
<td>
55
<span class="sucuriscan-monospace">%%SUCURI.APIKey%%</span>
85
</td>
86
</tr>
87
88
+ <tr>
89
+ <td>Test email alerts</td>
90
+ <td><em>(Test ability to send email alerts)</em></td>
91
+ <td class="td-with-button">
92
+ <form action="%%SUCURI.URL.Settings%%" method="post">
93
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
94
+ <input type="hidden" name="sucuriscan_debug_email" value="1" />
95
+ <button type="submit" class="button-primary">Proceed</button>
96
+ </form>
97
+ </td>
98
+ </tr>
99
+
100
+ <tr>
101
<td>Send plugin alerts to</td>
102
<td>%%SUCURI.NotifyTo%%</td>
103
<td class="td-with-button">
123
</td>
124
</tr>
125
126
+ <tr>
127
<td>Consider brute-force after</td>
128
<td>%%SUCURI.MaximumFailedLogins%%</td>
129
<td class="td-with-button">
151
</td>
152
</tr>
153
154
+ <tr>
155
<td>API request timeout</td>
156
<td>%%SUCURI.RequestTimeout%%</td>
157
<td class="td-with-button">
169
<td>&nbsp;</td>
170
</tr>
171
172
+ <tr>
173
<td>API proxy <em>(auth)</em></td>
174
<td>
175
<span class="sucuriscan-monospace">%%SUCURI.APIProxy.Username%%</span>
192
</td>
193
</tr>
194
195
+ <tr>
196
<td>Support reverse proxy</td>
197
<td>%%SUCURI.ReverseProxyStatus%%</td>
198
<td class="td-with-button">
216
</td>
217
</tr>
218
219
+ <tr>
220
<td>Audit report limit</td>
221
<td>Process latest %%SUCURI.AuditReportLimit%% logs</td>
222
<td class="td-with-button">
240
</td>
241
</tr>
242
243
+ <tr>
244
<td>Plugin advertisement</td>
245
<td>%%SUCURI.AdsVisibility%%</td>
246
<td class="td-with-button">
inc/tpl/setup-form.html.tpl ADDED
@@ -0,0 +1,35 @@
1
+
2
+ <p>
3
+ An API key is required to activate some additional tools available in this
4
+ plugin, the keys are free and you can virtually generate an unlimited number of
5
+ them as long as the domain name and email address are different. The key is used
6
+ to authenticate the HTTP requests sent by the plugin to a public API service
7
+ managed by Sucuri Inc. Do not generate the key if you disagree with this.
8
+ Contact us at <a href="mailto:info@sucuri.net">info@sucuri.net</a> if you
9
+ believe that sensitive data is being sent to us.
10
+ </p>
11
+
12
+ <form action="%%SUCURI.URL.Settings%%" method="post">
13
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
+ <input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
15
+
16
+ <table class="form-table">
17
+ <tbody>
18
+ <tr>
19
+ <td>Domain Name:</td>
20
+ <td><span>%%SUCURI.CleanDomain%%</span></td>
21
+ </tr>
22
+
23
+ <tr>
24
+ <td>E-mail Address:</td>
25
+ <td>
26
+ <select name="sucuriscan_setup_user">
27
+ %%SUCURI.AdminEmails%%
28
+ </select>
29
+ </td>
30
+ </tr>
31
+ </tbody>
32
+ </table>
33
+
34
+ <button type="submit" class="button button-primary">Proceed</button>
35
+ </form>
inc/tpl/setup-notice.html.tpl CHANGED
@@ -12,12 +12,9 @@
12
</div>
13
14
<div class="sucuriscan-pull-right sucuriscan-setup-form">
15
- <form action="%%SUCURI.URL.Settings%%" method="post">
16
- <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
17
- <button type="submit" name="sucuriscan_plugin_api_key" class="button button-primary button-hero">
18
- <span class="sucuriscan-button-title">Generate API key</span>
19
- <span class="sucuriscan-button-subtitle">for <b>%%SUCURI.CleanDomain%%</b> / <b>%%SUCURI.AdminEmail%%</b></span>
20
- </button>
21
- </form>
22
</div>
23
</div>
12
</div>
13
14
<div class="sucuriscan-pull-right sucuriscan-setup-form">
15
+ <a href="#" data-modalid="sucuriscan-setup-form-modal"
16
+ class="button button-primary button-hero sucuriscan-modal-btn">
17
+ <span class="sucuriscan-button-title">Generate API Key</span>
18
+ </a>
19
</div>
20
</div>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net
3
Donate Link: http://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
- Stable tag:1.7.10
7
Tested up to: 4.2.2
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
@@ -352,6 +352,9 @@ service from the WordPress dashboard.
352
353
== Changelog ==
354
355
= 1.7.10 =
356
* Added better checks for SSL issues
357
* Fix for audit log timezones
3
Donate Link: http://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
+ Stable tag:1.7.11
7
Tested up to: 4.2.2
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
352
353
== Changelog ==
354
355
+ = 1.7.11 =
356
+ * Reverted change for CloudProxy detection to protect legacy users
357
+
358
= 1.7.10 =
359
* Added better checks for SSL issues
360
* Fix for audit log timezones
sucuri.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4
Plugin URI: http://wordpress.sucuri.net/
5
Description: The <a href="http://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
- Version: 1.7.10
8
Author URI: http://sucuri.net
9
*/
10
@@ -66,7 +66,7 @@ define( 'SUCURISCAN', 'sucuriscan' );
66
/**
67
* Current version of the plugin's code.
68
*/
69
- define( 'SUCURISCAN_VERSION', '1.7.10' );
70
71
/**
72
* The name of the Sucuri plugin main file.
@@ -781,6 +781,68 @@ class SucuriScan {
781
return false;
782
}
783
784
/**
785
* Returns the current time measured in the number of seconds since the Unix Epoch.
786
*
@@ -3236,7 +3298,12 @@ class SucuriScanEvent extends SucuriScan {
3236
}
3237
3238
$title = str_replace( '_', chr( 32 ), $event );
3239
- $mail_sent = SucuriScanMail::send_mail( $email, $title, $content, $email_params );
3240
3241
return $mail_sent;
3242
}
@@ -4303,6 +4370,18 @@ class SucuriScanAPI extends SucuriScanOption {
4303
return $response_data;
4304
}
4305
4306
/**
4307
* Store the API key locally.
4308
*
@@ -4312,7 +4391,7 @@ class SucuriScanAPI extends SucuriScanOption {
4312
*/
4313
public static function set_plugin_key( $api_key = '', $validate = false ){
4314
if ( $validate ) {
4315
- if ( ! preg_match( '/^[a-z0-9]{32}#x2F;', $api_key ) ) {
4316
SucuriScanInterface::error( 'Invalid API key format' );
4317
return false;
4318
}
@@ -4333,7 +4412,10 @@ class SucuriScanAPI extends SucuriScanOption {
4333
public static function get_plugin_key(){
4334
$api_key = self::get_option( ':api_key' );
4335
4336
- if ( $api_key && strlen( $api_key ) > 10 ) {
4337
return $api_key;
4338
}
4339
@@ -4649,11 +4731,16 @@ class SucuriScanAPI extends SucuriScanOption {
4649
/**
4650
* Send a request to the API to register this site.
4651
*
4652
- * @return boolean true if the API key was generated, false otherwise.
4653
*/
4654
- public static function register_site(){
4655
$response = self::api_call_wordpress( 'POST', array(
4656
- 'e' => self::get_site_email(),
4657
's' => self::get_domain(),
4658
'a' => 'register_site',
4659
), false );
@@ -5650,7 +5737,13 @@ class SucuriScanTemplate extends SucuriScanRequest {
5650
$params['PageNonce'] = wp_create_nonce( 'sucuriscan_page_nonce' );
5651
$params['PageStyleClass'] = isset($params['PageStyleClass']) ? $params['PageStyleClass'] : 'base';
5652
$params['CleanDomain'] = self::get_domain();
5653
- $params['AdminEmail'] = self::get_site_email();
5654
5655
// Hide the advertisements from the layout.
5656
$ads_visibility = SucuriScanOption::get_option( ':ads_visibility' );
@@ -5875,6 +5968,8 @@ class SucuriScanTemplate extends SucuriScanRequest {
5875
public static function get_modal( $template = '', $params = array() ){
5876
$required = array(
5877
'Title' => 'Lorem ipsum dolor sit amet',
5878
'CssClass' => '',
5879
'Content' => '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
5880
eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim
@@ -5894,6 +5989,8 @@ class SucuriScanTemplate extends SucuriScanRequest {
5894
}
5895
}
5896
5897
$params = self::shared_params( $params );
5898
5899
return self::get_template( 'modalwindow', $params, 'section' );
@@ -5930,8 +6027,10 @@ class SucuriScanTemplate extends SucuriScanRequest {
5930
}
5931
5932
$options .= sprintf(
5933
- '<option value="%s" %s>%s</option>',
5934
- $option_name, $selected_str, $option_label
5935
);
5936
}
5937
@@ -6433,7 +6532,7 @@ class SucuriScanInterface {
6433
* @return void
6434
*/
6435
public static function initialize(){
6436
- if ( SucuriScan::support_reverse_proxy() ) {
6437
$_SERVER['SUCURIREAL_REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
6438
$_SERVER['REMOTE_ADDR'] = SucuriScan::get_remote_addr();
6439
}
@@ -6632,13 +6731,36 @@ class SucuriScanInterface {
6632
* @return void
6633
*/
6634
private static function admin_notice( $type = 'updated', $message = '' ){
6635
- $alert_id = rand( 100, 999 );
6636
- if ( ! empty($message) ): ?>
6637
- <div id="sucuriscan-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuriscan-alert sucuriscan-alert-<?php echo $type; ?>">
6638
- <a href="javascript:void(0)" class="close" onclick="sucuriscan_alert_close('<?php echo $alert_id; ?>')">&times;</a>
6639
- <p><?php _e( $message ); ?></p>
6640
- </div>
6641
- <?php endif;
6642
}
6643
6644
/**
@@ -6678,6 +6800,11 @@ class SucuriScanInterface {
6678
&& ! SucuriScanRequest::post( ':manual_api_key' )
6679
) {
6680
echo SucuriScanTemplate::get_section( 'setup-notice' );
6681
}
6682
}
6683
@@ -11078,7 +11205,7 @@ function sucuriscan_settings_form_submissions( $page_nonce = null ){
11078
}
11079
11080
// Debug ability of the plugin to send HTTP requests correctly.
11081
- if ( $debug_request = SucuriScanRequest::post( ':debug_request' ) ) {
11082
SucuriScanInterface::info(
11083
sprintf(
11084
'<pre>%s</pre>',
@@ -11086,6 +11213,18 @@ function sucuriscan_settings_form_submissions( $page_nonce = null ){
11086
)
11087
);
11088
}
11089
}
11090
}
11091
@@ -11135,15 +11274,24 @@ function sucuriscan_settings_general(){
11135
$display_manual_key_form = (bool) ( SucuriScanRequest::post( ':recover_key' ) !== false );
11136
11137
if ( $page_nonce && SucuriScanRequest::post( ':plugin_api_key' ) !== false ) {
11138
- $registered = SucuriScanAPI::register_site();
11139
11140
- if ( $registered ) {
11141
- $api_registered_modal = SucuriScanTemplate::get_modal('settings-apiregistered', array(
11142
- 'Title' => 'Site registered successfully',
11143
- 'CssClass' => 'sucuriscan-apikey-registered',
11144
- ));
11145
- } else {
11146
- $display_manual_key_form = true;
11147
}
11148
}
11149
4
Plugin URI: http://wordpress.sucuri.net/
5
Description: The <a href="http://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
+ Version: 1.7.11
8
Author URI: http://sucuri.net
9
*/
10
66
/**
67
* Current version of the plugin's code.
68
*/
69
+ define( 'SUCURISCAN_VERSION', '1.7.11' );
70
71
/**
72
* The name of the Sucuri plugin main file.
781
return false;
782
}
783
784
+ /**
785
+ * Get user data by field and data.
786
+ *
787
+ * @param integer $identifier User account identifier.
788
+ * @return object WordPress user object with data.
789
+ */
790
+ public static function get_user_by_id( $identifier = 0 ){
791
+ if ( function_exists( 'get_user_by' ) ) {
792
+ $user = get_user_by( 'id', $identifier );
793
+
794
+ if ( $user instanceof WP_User ) {
795
+ return $user;
796
+ }
797
+ }
798
+
799
+ return false;
800
+ }
801
+
802
+ /**
803
+ * Retrieve a list of all admin user accounts.
804
+ *
805
+ * @return array List of admin users, false otherwise.
806
+ */
807
+ public static function get_admin_users(){
808
+ if ( function_exists( 'get_users' ) ) {
809
+ $args = array( 'role' => 'administrator' );
810
+
811
+ return get_users( $args );
812
+ }
813
+
814
+ return false;
815
+ }
816
+
817
+ /**
818
+ * Get a list of user emails that can be used to generate an API key for this
819
+ * website. Only accounts with the status in zero will be returned, the status
820
+ * field in the users table is officially deprecated but some 3rd-party plugins
821
+ * still use it to check if the account was activated by the owner of the email,
822
+ * a value different than zero generally means that the email was not verified
823
+ * successfully.
824
+ *
825
+ * @return array List of user identifiers and email addresses.
826
+ */
827
+ public static function get_users_for_api_key(){
828
+ $valid_users = array();
829
+ $users = self::get_admin_users();
830
+
831
+ if ( $users !== false ) {
832
+ foreach ( $users as $user ) {
833
+ if ( $user->user_status === '0' ) {
834
+ $valid_users[ $user->ID ] = sprintf(
835
+ '%s - %s',
836
+ $user->user_login,
837
+ $user->user_email
838
+ );
839
+ }
840
+ }
841
+ }
842
+
843
+ return $valid_users;
844
+ }
845
+
846
/**
847
* Returns the current time measured in the number of seconds since the Unix Epoch.
848
*
3298
}
3299
3300
$title = str_replace( '_', chr( 32 ), $event );
3301
+ $mail_sent = SucuriScanMail::send_mail(
3302
+ $email,
3303
+ $title,
3304
+ $content,
3305
+ $email_params
3306
+ );
3307
3308
return $mail_sent;
3309
}
4370
return $response_data;
4371
}
4372
4373
+ /**
4374
+ * Check whether the plugin API key is valid or not.
4375
+ *
4376
+ * @param string $api_key An unique string to identify this installation.
4377
+ * @return boolean True if the API key is valid, false otherwise.
4378
+ */
4379
+ private static function is_valid_key( $api_key = '' ){
4380
+ $pattern = '/^[a-z0-9]{32}#x2F;';
4381
+
4382
+ return (bool) ( @preg_match( $pattern, $api_key ) );
4383
+ }
4384
+
4385
/**
4386
* Store the API key locally.
4387
*
4391
*/
4392
public static function set_plugin_key( $api_key = '', $validate = false ){
4393
if ( $validate ) {
4394
+ if ( ! self::is_valid_key( $api_key ) ) {
4395
SucuriScanInterface::error( 'Invalid API key format' );
4396
return false;
4397
}
4412
public static function get_plugin_key(){
4413
$api_key = self::get_option( ':api_key' );
4414
4415
+ if (
4416
+ is_string( $api_key )
4417
+ && self::is_valid_key( $api_key )
4418
+ ) {
4419
return $api_key;
4420
}
4421
4731
/**
4732
* Send a request to the API to register this site.
4733
*
4734
+ * @param string $email Optional email address for the registration.
4735
+ * @return boolean True if the API key was generated, false otherwise.
4736
*/
4737
+ public static function register_site( $email = '' ){
4738
+ if ( ! is_string($email) || empty( $email ) ) {
4739
+ $email = self::get_site_email();
4740
+ }
4741
+
4742
$response = self::api_call_wordpress( 'POST', array(
4743
+ 'e' => $email,
4744
's' => self::get_domain(),
4745
'a' => 'register_site',
4746
), false );
5737
$params['PageNonce'] = wp_create_nonce( 'sucuriscan_page_nonce' );
5738
$params['PageStyleClass'] = isset($params['PageStyleClass']) ? $params['PageStyleClass'] : 'base';
5739
$params['CleanDomain'] = self::get_domain();
5740
+ $params['AdminEmails'] = '';
5741
+
5742
+ // Get a list of admin users for the API key generation.
5743
+ if ( SucuriScanAPI::get_plugin_key() === false ) {
5744
+ $admin_users = SucuriScan::get_users_for_api_key();
5745
+ $params['AdminEmails'] = self::get_select_options( $admin_users );
5746
+ }
5747
5748
// Hide the advertisements from the layout.
5749
$ads_visibility = SucuriScanOption::get_option( ':ads_visibility' );
5968
public static function get_modal( $template = '', $params = array() ){
5969
$required = array(
5970
'Title' => 'Lorem ipsum dolor sit amet',
5971
+ 'Visibility' => 'visible',
5972
+ 'Identifier' => 'foobar',
5973
'CssClass' => '',
5974
'Content' => '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do
5975
eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim
5989
}
5990
}
5991
5992
+ $params['Visibility'] = 'sucuriscan-' . $params['Visibility'];
5993
+ $params['Identifier'] = 'sucuriscan-' . $template . '-modal';
5994
$params = self::shared_params( $params );
5995
5996
return self::get_template( 'modalwindow', $params, 'section' );
6027
}
6028
6029
$options .= sprintf(
6030
+ "<option value=\"%s\" %s>%s</option>\n",
6031
+ SucuriScan::escape( $option_name ),
6032
+ SucuriScan::escape( $selected_str ),
6033
+ SucuriScan::escape( $option_label )
6034
);
6035
}
6036
6532
* @return void
6533
*/
6534
public static function initialize(){
6535
+ if ( SucuriScan::is_behind_cloudproxy() ) {
6536
$_SERVER['SUCURIREAL_REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
6537
$_SERVER['REMOTE_ADDR'] = SucuriScan::get_remote_addr();
6538
}
6731
* @return void
6732
*/
6733
private static function admin_notice( $type = 'updated', $message = '' ){
6734
+ $display_notice = true;
6735
+
6736
+ /**
6737
+ * Do not render notice during user authentication.
6738
+ *
6739
+ * There are some special cases when the error or warning messages should not be
6740
+ * rendered to the end user because it may break the default functionality of
6741
+ * the request handler. For instance, rendering an HTML alert like this when the
6742
+ * user authentication process is executed may cause a "headers already sent"
6743
+ * error.
6744
+ */
6745
+ if (
6746
+ ! empty( $_POST )
6747
+ && SucuriScanRequest::post( 'log' )
6748
+ && SucuriScanRequest::post( 'pwd' )
6749
+ && SucuriScanRequest::post( 'wp-submit' )
6750
+ ) {
6751
+ $display_notice = false;
6752
+ }
6753
+
6754
+ // Display the HTML notice to the current user.
6755
+ if ( $display_notice === true ) {
6756
+ $alert_id = rand( 100, 999 );
6757
+ if ( ! empty($message) ): ?>
6758
+ <div id="sucuriscan-alert-<?php echo $alert_id; ?>" class="<?php echo $type; ?> sucuriscan-alert sucuriscan-alert-<?php echo $type; ?>">
6759
+ <a href="javascript:void(0)" class="close" onclick="sucuriscan_alert_close('<?php echo $alert_id; ?>')">&times;</a>
6760
+ <p><?php _e( $message ); ?></p>
6761
+ </div>
6762
+ <?php endif;
6763
+ }
6764
}
6765
6766
/**
6800
&& ! SucuriScanRequest::post( ':manual_api_key' )
6801
) {
6802
echo SucuriScanTemplate::get_section( 'setup-notice' );
6803
+ echo SucuriScanTemplate::get_modal('setup-form', array(
6804
+ 'Visibility' => 'hidden',
6805
+ 'Title' => 'Sucuri API key generation',
6806
+ 'CssClass' => 'sucuriscan-setup-instructions',
6807
+ ));
6808
}
6809
}
6810
11205
}
11206
11207
// Debug ability of the plugin to send HTTP requests correctly.
11208
+ if ( SucuriScanRequest::post( ':debug_request' ) ) {
11209
SucuriScanInterface::info(
11210
sprintf(
11211
'<pre>%s</pre>',
11213
)
11214
);
11215
}
11216
+
11217
+ // Debug ability of the plugin to send email alerts correctly.
11218
+ if ( SucuriScanRequest::post( ':debug_email' ) ) {
11219
+ $recipient = SucuriScanOption::get_option( ':notify_to' );
11220
+ $mail_sent = SucuriScanMail::send_mail(
11221
+ $recipient,
11222
+ 'Test email alert',
11223
+ sprintf( 'Test email alert sent at %s', date('r') ),
11224
+ array( 'Force' => true )
11225
+ );
11226
+ SucuriScanInterface::info( 'Test email alert sent, check your inbox.' );
11227
+ }
11228
}
11229
}
11230
11274
$display_manual_key_form = (bool) ( SucuriScanRequest::post( ':recover_key' ) !== false );
11275
11276
if ( $page_nonce && SucuriScanRequest::post( ':plugin_api_key' ) !== false ) {
11277
+ $user_id = SucuriScanRequest::post(':setup_user');
11278
+ $user_obj = SucuriScan::get_user_by_id( $user_id );
11279
11280
+ if (
11281
+ $user_obj !== false
11282
+ && user_can( $user_obj, 'administrator' )
11283
+ ) {
11284
+ if ( SucuriScanAPI::register_site( $user_obj->user_email ) ) {
11285
+ $api_registered_modal = SucuriScanTemplate::get_modal(
11286
+ 'settings-apiregistered',
11287
+ array(
11288
+ 'Title' => 'Site registered successfully',
11289
+ 'CssClass' => 'sucuriscan-apikey-registered',
11290
+ )
11291
+ );
11292
+ } else {
11293
+ $display_manual_key_form = true;
11294
+ }
11295
}
11296
}
11297