Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.7.13

Version Description

  • Fixed issue affecting site performance
  • Fixed clear hardening of previous versions
  • Modified report and block non-processable ajax actions
  • Added configure DNS lookups for reverse proxy detection
  • Added option to configure comment monitor and logs
  • Added option to configure the XHR monitor and logs
Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.7.13
Comparing to
See all releases

Code changes from version 1.7.12 to 1.7.13

inc/css/sucuriscan-default-css.css CHANGED
@@ -87,6 +87,9 @@
87
.wrap div.sucuriscan-setup-notice p{font-size:14px;line-height:20px;margin:0 0 0 10px;padding:7px 0}
88
.wrap div.sucuriscan-setup-notice, .wrap div.sucuriscan-setup-notice .sucuriscan-setup-image{border-color:#4393ac}
89
.wp-core-ui .sucuriscan-review-hero, .wp-core-ui .button.sucuriscan-review-hero{position:relative;top:-2px;right:-15px;height:initial;line-height:30px;float:right;padding:0 20px}
90
/* Table Styles */
91
.sucuriscan-maincontent .sucuriscan-table{margin-top:12px}
92
.sucuriscan-maincontent .sucuriscan-table tr > th{border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5}
87
.wrap div.sucuriscan-setup-notice p{font-size:14px;line-height:20px;margin:0 0 0 10px;padding:7px 0}
88
.wrap div.sucuriscan-setup-notice, .wrap div.sucuriscan-setup-notice .sucuriscan-setup-image{border-color:#4393ac}
89
.wp-core-ui .sucuriscan-review-hero, .wp-core-ui .button.sucuriscan-review-hero{position:relative;top:-2px;right:-15px;height:initial;line-height:30px;float:right;padding:0 20px}
90
+ .sucuriscan-table-setup{}
91
+ .sucuriscan-table-setup td{vertical-align:top}
92
+ .sucuriscan-table-setup .sucuriscan-description{font-size:12px;margin-top:10px}
93
/* Table Styles */
94
.sucuriscan-maincontent .sucuriscan-table{margin-top:12px}
95
.sucuriscan-maincontent .sucuriscan-table tr > th{border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5}
inc/tpl/settings-general.html.tpl CHANGED
@@ -204,6 +204,42 @@
204
</td>
205
</tr>
206
207
<tr>
208
<td>Display audit report</td>
209
<td>%%SUCURI.AuditReportStatus%%</td>
204
</td>
205
</tr>
206
207
+ <tr>
208
+ <td>Execute DNS lookups</td>
209
+ <td>%%SUCURI.DnsLookupsStatus%%</td>
210
+ <td class="td-with-button">
211
+ <form action="%%SUCURI.URL.Settings%%" method="post">
212
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
213
+ <input type="hidden" name="sucuriscan_dns_lookups" value="%%SUCURI.DnsLookupsSwitchValue%%" />
214
+ <button type="submit" class="button-primary %%SUCURI.DnsLookupsSwitchCssClass%%">%%SUCURI.DnsLookupsSwitchText%%</button>
215
+ </form>
216
+ </td>
217
+ </tr>
218
+
219
+ <tr>
220
+ <td>Allow comment monitor</td>
221
+ <td>%%SUCURI.CommentMonitorStatus%%</td>
222
+ <td class="td-with-button">
223
+ <form action="%%SUCURI.URL.Settings%%" method="post">
224
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
225
+ <input type="hidden" name="sucuriscan_comment_monitor" value="%%SUCURI.CommentMonitorSwitchValue%%" />
226
+ <button type="submit" class="button-primary %%SUCURI.CommentMonitorSwitchCssClass%%">%%SUCURI.CommentMonitorSwitchText%%</button>
227
+ </form>
228
+ </td>
229
+ </tr>
230
+
231
+ <tr>
232
+ <td>Allow XHR monitor</td>
233
+ <td>%%SUCURI.XhrMonitorStatus%%</td>
234
+ <td class="td-with-button">
235
+ <form action="%%SUCURI.URL.Settings%%" method="post">
236
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
237
+ <input type="hidden" name="sucuriscan_xhr_monitor" value="%%SUCURI.XhrMonitorSwitchValue%%" />
238
+ <button type="submit" class="button-primary %%SUCURI.XhrMonitorSwitchCssClass%%">%%SUCURI.XhrMonitorSwitchText%%</button>
239
+ </form>
240
+ </td>
241
+ </tr>
242
+
243
<tr>
244
<td>Display audit report</td>
245
<td>%%SUCURI.AuditReportStatus%%</td>
inc/tpl/settings-trustip.html.tpl CHANGED
@@ -50,7 +50,7 @@
50
<tfoot>
51
<tr>
52
<td colspan="4">
53
- <button type="submit" class="button button-primary">Removed selected</button>
54
</td>
55
</tr>
56
</tfoot>
50
<tfoot>
51
<tr>
52
<td colspan="4">
53
+ <button type="submit" class="button button-primary">Remove selected</button>
54
</td>
55
</tr>
56
</tfoot>
inc/tpl/setup-form.html.tpl CHANGED
@@ -13,11 +13,11 @@
13
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
15
16
- <table class="form-table">
17
<tbody>
18
<tr>
19
- <td>Domain Name:</td>
20
- <td><span>%%SUCURI.CleanDomain%%</span></td>
21
</tr>
22
23
<tr>
@@ -28,6 +28,25 @@
28
</select>
29
</td>
30
</tr>
31
</tbody>
32
</table>
33
13
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
15
16
+ <table class="form-table sucuriscan-table-setup">
17
<tbody>
18
<tr>
19
+ <td width="150">Domain Name:</td>
20
+ <td width=""><span>%%SUCURI.CleanDomain%%</span></td>
21
</tr>
22
23
<tr>
28
</select>
29
</td>
30
</tr>
31
+
32
+ <tr>
33
+ <td>DNS Lookups:</td>
34
+ <td>
35
+ <label>
36
+ <input type="hidden" name="sucuriscan_dns_lookups" value="disable" />
37
+ <input type="checkbox" name="sucuriscan_dns_lookups" value="enable" checked="checked" />
38
+ <span>Enable DNS lookups on startup</span>
39
+ </label>
40
+
41
+ <p class="sucuriscan-description">
42
+ DNS lookups are only necessary if you are planning to use a reverse proxy or
43
+ firewall <em>(like CloudProxy)</em>, this is used to set the correct IP address
44
+ when the firewall/proxy filters the requests. If you are not planning to use any
45
+ of these is better to disable this option, otherwise the load time of your site
46
+ may be affected.
47
+ </p>
48
+ </td>
49
+ </tr>
50
</tbody>
51
</table>
52
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net
3
Donate Link: http://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
- Stable tag:1.7.12
7
Tested up to: 4.2.3
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
@@ -352,6 +352,14 @@ service from the WordPress dashboard.
352
353
== Changelog ==
354
355
= 1.7.12 =
356
* Improved hardening options
357
* Added more logging events
3
Donate Link: http://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
+ Stable tag:1.7.13
7
Tested up to: 4.2.3
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
352
353
== Changelog ==
354
355
+ = 1.7.13 =
356
+ * Fixed issue affecting site performance
357
+ * Fixed clear hardening of previous versions
358
+ * Modified report and block non-processable ajax actions
359
+ * Added configure DNS lookups for reverse proxy detection
360
+ * Added option to configure comment monitor and logs
361
+ * Added option to configure the XHR monitor and logs
362
+
363
= 1.7.12 =
364
* Improved hardening options
365
* Added more logging events
sucuri.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4
Plugin URI: http://wordpress.sucuri.net/
5
Description: The <a href="http://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
- Version: 1.7.12
8
Author URI: http://sucuri.net
9
*/
10
@@ -66,7 +66,7 @@ define( 'SUCURISCAN', 'sucuriscan' );
66
/**
67
* Current version of the plugin's code.
68
*/
69
- define( 'SUCURISCAN_VERSION', '1.7.12' );
70
71
/**
72
* The name of the Sucuri plugin main file.
@@ -310,7 +310,6 @@ if ( defined( 'SUCURISCAN' ) ) {
310
$sucuriscan_hooks = array(
311
'add_attachment',
312
'add_link',
313
- 'all',
314
'create_category',
315
'delete_post',
316
'delete_user',
@@ -329,6 +328,10 @@ if ( defined( 'SUCURISCAN' ) ) {
329
'xmlrpc_publish_post',
330
);
331
332
foreach ( $sucuriscan_hooks as $hook_name ) {
333
$hook_func = 'SucuriScanHook::hook_' . $hook_name;
334
add_action( $hook_name, $hook_func, 50, 5 );
@@ -742,6 +745,28 @@ class SucuriScan {
742
return (bool) ( SucuriScanOption::get_option( ':revproxy' ) === 'enabled' );
743
}
744
745
/**
746
* Check whether the site is behind the Sucuri CloudProxy network.
747
*
@@ -751,17 +776,14 @@ class SucuriScan {
751
public static function is_behind_cloudproxy( $verbose = false ){
752
$http_host = self::get_top_level_domain();
753
754
- if (
755
- defined( 'NOT_USING_CLOUDPROXY' )
756
- && NOT_USING_CLOUDPROXY === true
757
- ) {
758
- $status = false;
759
- $host_by_addr = '::1';
760
- $host_by_name = 'localhost';
761
- } else {
762
$host_by_addr = @gethostbyname( $http_host );
763
$host_by_name = @gethostbyaddr( $host_by_addr );
764
$status = (bool) preg_match( '/^cloudproxy[0-9]+\.sucuri\.net#x2F;', $host_by_name );
765
}
766
767
/*
@@ -2532,7 +2554,9 @@ class SucuriScanOption extends SucuriScanRequest {
2532
'sucuriscan_audit_report' => 'disabled',
2533
'sucuriscan_cloudproxy_apikey' => '',
2534
'sucuriscan_collect_wrong_passwords' => 'disabled',
2535
'sucuriscan_datastore_path' => '',
2536
'sucuriscan_email_subject' => 'Sucuri Alert, :domain, :event',
2537
'sucuriscan_emails_per_hour' => 5,
2538
'sucuriscan_emails_sent' => 0,
@@ -2584,6 +2608,7 @@ class SucuriScanOption extends SucuriScanRequest {
2584
'sucuriscan_sitecheck_counter' => 0,
2585
'sucuriscan_sitecheck_scanner' => 'enabled',
2586
'sucuriscan_verify_ssl_cert' => 'false',
2587
);
2588
2589
return $defaults;
@@ -3886,6 +3911,7 @@ class SucuriScanHook extends SucuriScanEvent {
3886
&& property_exists( $comment, 'comment_ID' )
3887
&& property_exists( $comment, 'comment_agent' )
3888
&& property_exists( $comment, 'comment_author_IP' )
3889
) {
3890
$data_set = array(
3891
'id' => $comment->comment_ID,
@@ -3917,16 +3943,22 @@ class SucuriScanHook extends SucuriScanEvent {
3917
* @return void
3918
*/
3919
public static function hook_all( $action = null, $data = false ){
3920
- global $wp_filter;
3921
3922
if (
3923
is_array( $wp_filter )
3924
- && ! empty( $wp_filter )
3925
&& ! array_key_exists( $action, $wp_filter )
3926
- && preg_match( '/^(admin_post|wp_ajax)_.+/', $action )
3927
) {
3928
$message = sprintf( 'Undefined XHR action %s', $action );
3929
self::report_error_event( $message );
3930
}
3931
}
3932
@@ -7962,6 +7994,7 @@ class SucuriScanHardening extends SucuriScan {
7962
$deny_rules = self::get_rules( $directory );
7963
7964
if ( file_exists( $target ) ) {
7965
$fhandle = @fopen( $target, 'a' );
7966
} else {
7967
$fhandle = @fopen( $target, 'w' );
@@ -8009,6 +8042,29 @@ class SucuriScanHardening extends SucuriScan {
8009
return false;
8010
}
8011
8012
/**
8013
* Check whether a directory is hardened or not.
8014
*
@@ -10864,6 +10920,17 @@ function sucuriscan_settings_form_submissions( $page_nonce = null ){
10864
SucuriScanEvent::notify_event( 'plugin_change', 'Sucuri API key removed' );
10865
}
10866
10867
// Enable or disable the filesystem scanner.
10868
if ( $fs_scanner = SucuriScanRequest::post( ':fs_scanner', '(en|dis)able' ) ) {
10869
$action_d = $fs_scanner . 'd';
@@ -11090,6 +11157,28 @@ function sucuriscan_settings_form_submissions( $page_nonce = null ){
11090
SucuriScanInterface::info( $message );
11091
}
11092
11093
// Update the limit for audit logs report.
11094
if ( $logs4report = SucuriScanRequest::post( ':logs4report', '[0-9]{1,4}' ) ) {
11095
$message = 'Limit for audit logs report set to <code>' . $logs4report . '</code>';
@@ -11500,6 +11589,7 @@ function sucuriscan_settings_general(){
11500
$user_obj !== false
11501
&& user_can( $user_obj, 'administrator' )
11502
) {
11503
if ( SucuriScanAPI::register_site( $user_obj->user_email ) ) {
11504
$api_registered_modal = SucuriScanTemplate::get_modal(
11505
'settings-apiregistered',
@@ -11522,6 +11612,9 @@ function sucuriscan_settings_general(){
11522
$audit_report = SucuriScanOption::get_option( ':audit_report' );
11523
$logs4report = SucuriScanOption::get_option( ':logs4report' );
11524
$revproxy = SucuriScanOption::get_option( ':revproxy' );
11525
$invalid_domain = false;
11526
11527
// Check whether the domain name is valid or not.
@@ -11564,6 +11657,21 @@ function sucuriscan_settings_general(){
11564
'ReverseProxySwitchText' => 'Disable',
11565
'ReverseProxySwitchValue' => 'disable',
11566
'ReverseProxySwitchCssClass' => 'button-danger',
11567
/* API Proxy Settings */
11568
'APIProxy.Host' => 'no_proxy_host',
11569
'APIProxy.Port' => 'no_proxy_port',
@@ -11599,6 +11707,27 @@ function sucuriscan_settings_general(){
11599
$template_variables['ReverseProxySwitchCssClass'] = 'button-success';
11600
}
11601
11602
if ( sucuriscan_collect_wrong_passwords() === true ) {
11603
$template_variables['CollectWrongPasswords'] = '<span class="sucuriscan-label-error">Yes, collect passwords</span>';
11604
}
4
Plugin URI: http://wordpress.sucuri.net/
5
Description: The <a href="http://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
+ Version: 1.7.13
8
Author URI: http://sucuri.net
9
*/
10
66
/**
67
* Current version of the plugin's code.
68
*/
69
+ define( 'SUCURISCAN_VERSION', '1.7.13' );
70
71
/**
72
* The name of the Sucuri plugin main file.
310
$sucuriscan_hooks = array(
311
'add_attachment',
312
'add_link',
313
'create_category',
314
'delete_post',
315
'delete_user',
328
'xmlrpc_publish_post',
329
);
330
331
+ if ( SucuriScanOption::get_option( ':xhr_monitor' ) === 'enabled' ) {
332
+ $sucuriscan_hooks[] = 'all';
333
+ }
334
+
335
foreach ( $sucuriscan_hooks as $hook_name ) {
336
$hook_func = 'SucuriScanHook::hook_' . $hook_name;
337
add_action( $hook_name, $hook_func, 50, 5 );
745
return (bool) ( SucuriScanOption::get_option( ':revproxy' ) === 'enabled' );
746
}
747
748
+ /**
749
+ * Check whether the DNS lookups should be execute or not.
750
+ *
751
+ * DNS lookups are only necessary if you are planning to use a reverse proxy or
752
+ * firewall (like CloudProxy), this is used to set the correct IP address when
753
+ * the firewall/proxy filters the requests. If you are not planning to use any
754
+ * of these is better to disable this option, otherwise the load time of your
755
+ * site may be affected.
756
+ *
757
+ * @return boolean True if the DNS lookups should be executed, false otherwise.
758
+ */
759
+ public static function execute_dns_lookups(){
760
+ if (
761
+ ( defined( 'NOT_USING_CLOUDPROXY' ) && NOT_USING_CLOUDPROXY === true )
762
+ || SucuriScanOption::get_option( ':dns_lookups' ) === 'disabled'
763
+ ) {
764
+ return false;
765
+ }
766
+
767
+ return true;
768
+ }
769
+
770
/**
771
* Check whether the site is behind the Sucuri CloudProxy network.
772
*
776
public static function is_behind_cloudproxy( $verbose = false ){
777
$http_host = self::get_top_level_domain();
778
779
+ if ( self::execute_dns_lookups() ) {
780
$host_by_addr = @gethostbyname( $http_host );
781
$host_by_name = @gethostbyaddr( $host_by_addr );
782
$status = (bool) preg_match( '/^cloudproxy[0-9]+\.sucuri\.net#x2F;', $host_by_name );
783
+ } else {
784
+ $status = false;
785
+ $host_by_addr = '::1';
786
+ $host_by_name = 'localhost';
787
}
788
789
/*
2554
'sucuriscan_audit_report' => 'disabled',
2555
'sucuriscan_cloudproxy_apikey' => '',
2556
'sucuriscan_collect_wrong_passwords' => 'disabled',
2557
+ 'sucuriscan_comment_monitor' => 'disabled',
2558
'sucuriscan_datastore_path' => '',
2559
+ 'sucuriscan_dns_lookups' => 'enabled',
2560
'sucuriscan_email_subject' => 'Sucuri Alert, :domain, :event',
2561
'sucuriscan_emails_per_hour' => 5,
2562
'sucuriscan_emails_sent' => 0,
2608
'sucuriscan_sitecheck_counter' => 0,
2609
'sucuriscan_sitecheck_scanner' => 'enabled',
2610
'sucuriscan_verify_ssl_cert' => 'false',
2611
+ 'sucuriscan_xhr_monitor' => 'disabled',
2612
);
2613
2614
return $defaults;
3911
&& property_exists( $comment, 'comment_ID' )
3912
&& property_exists( $comment, 'comment_agent' )
3913
&& property_exists( $comment, 'comment_author_IP' )
3914
+ && SucuriScanOption::get_option( ':comment_monitor' ) === 'enabled'
3915
) {
3916
$data_set = array(
3917
'id' => $comment->comment_ID,
3943
* @return void
3944
*/
3945
public static function hook_all( $action = null, $data = false ){
3946
+ global $wp_filter, $wp_actions;
3947
3948
if (
3949
is_array( $wp_filter )
3950
+ && is_array( $wp_actions )
3951
+ && array_key_exists( $action, $wp_actions )
3952
&& ! array_key_exists( $action, $wp_filter )
3953
+ && (
3954
+ substr( $action, 0, 11 ) === 'admin_post_'
3955
+ || substr( $action, 0, 8 ) === 'wp_ajax_'
3956
+ )
3957
) {
3958
$message = sprintf( 'Undefined XHR action %s', $action );
3959
self::report_error_event( $message );
3960
+ header( 'HTTP/1.1 400 Bad Request' );
3961
+ exit(1);
3962
}
3963
}
3964
7994
$deny_rules = self::get_rules( $directory );
7995
7996
if ( file_exists( $target ) ) {
7997
+ self::fix_previous_hardening( $directory );
7998
$fhandle = @fopen( $target, 'a' );
7999
} else {
8000
$fhandle = @fopen( $target, 'w' );
8042
return false;
8043
}
8044
8045
+ /**
8046
+ * Remove the hardening applied in previous versions.
8047
+ *
8048
+ * @param string $directory Valid directory path.
8049
+ * @return boolean True if the access control file was fixed.
8050
+ */
8051
+ private static function fix_previous_hardening( $directory = '' ){
8052
+ $fpath = $directory . '/.htaccess';
8053
+ $content = @file_get_contents( $fpath );
8054
+ $rules = "<Files *.php>\ndeny from all\n</Files>";
8055
+
8056
+ if ( $content ) {
8057
+ if ( strpos( $content, $rules ) !== false ) {
8058
+ $content = str_replace( $rules, '', $content );
8059
+ $written = @file_put_contents( $fpath, $content );
8060
+
8061
+ return (bool) ( $written !== false );
8062
+ }
8063
+ }
8064
+
8065
+ return true;
8066
+ }
8067
+
8068
/**
8069
* Check whether a directory is hardened or not.
8070
*
10920
SucuriScanEvent::notify_event( 'plugin_change', 'Sucuri API key removed' );
10921
}
10922
10923
+ // Configure the DNS lookups option for reverse proxy detection.
10924
+ if ( $dns_lookups = SucuriScanRequest::post(':dns_lookups', '(en|dis)able') ) {
10925
+ $action_d = $dns_lookups . 'd';
10926
+ $message = 'DNS lookups for reverse proxy detection <code>' . $action_d . '</code>';
10927
+
10928
+ SucuriScanOption::update_option( ':dns_lookups', $action_d );
10929
+ SucuriScanEvent::report_info_event( $message );
10930
+ SucuriScanEvent::notify_event( 'plugin_change', $message );
10931
+ SucuriScanInterface::info( $message );
10932
+ }
10933
+
10934
// Enable or disable the filesystem scanner.
10935
if ( $fs_scanner = SucuriScanRequest::post( ':fs_scanner', '(en|dis)able' ) ) {
10936
$action_d = $fs_scanner . 'd';
11157
SucuriScanInterface::info( $message );
11158
}
11159
11160
+ // Configure the comment monitor option.
11161
+ if ( $comment_monitor = SucuriScanRequest::post(':comment_monitor', '(en|dis)able') ) {
11162
+ $action_d = $comment_monitor . 'd';
11163
+ $message = 'Comment monitor was <code>' . $action_d . '</code>';
11164
+
11165
+ SucuriScanOption::update_option( ':comment_monitor', $action_d );
11166
+ SucuriScanEvent::report_info_event( $message );
11167
+ SucuriScanEvent::notify_event( 'plugin_change', $message );
11168
+ SucuriScanInterface::info( $message );
11169
+ }
11170
+
11171
+ // Configure the XHR monitor option.
11172
+ if ( $xhr_monitor = SucuriScanRequest::post(':xhr_monitor', '(en|dis)able') ) {
11173
+ $action_d = $xhr_monitor . 'd';
11174
+ $message = 'XHR (XML HTTP Request) monitor was <code>' . $action_d . '</code>';
11175
+
11176
+ SucuriScanOption::update_option( ':xhr_monitor', $action_d );
11177
+ SucuriScanEvent::report_info_event( $message );
11178
+ SucuriScanEvent::notify_event( 'plugin_change', $message );
11179
+ SucuriScanInterface::info( $message );
11180
+ }
11181
+
11182
// Update the limit for audit logs report.
11183
if ( $logs4report = SucuriScanRequest::post( ':logs4report', '[0-9]{1,4}' ) ) {
11184
$message = 'Limit for audit logs report set to <code>' . $logs4report . '</code>';
11589
$user_obj !== false
11590
&& user_can( $user_obj, 'administrator' )
11591
) {
11592
+ // Send request to generate new API key or display form to set manually.
11593
if ( SucuriScanAPI::register_site( $user_obj->user_email ) ) {
11594
$api_registered_modal = SucuriScanTemplate::get_modal(
11595
'settings-apiregistered',
11612
$audit_report = SucuriScanOption::get_option( ':audit_report' );
11613
$logs4report = SucuriScanOption::get_option( ':logs4report' );
11614
$revproxy = SucuriScanOption::get_option( ':revproxy' );
11615
+ $dns_lookups = SucuriScanOption::get_option( ':dns_lookups' );
11616
+ $comment_monitor = SucuriScanOption::get_option( ':comment_monitor' );
11617
+ $xhr_monitor = SucuriScanOption::get_option( ':xhr_monitor' );
11618
$invalid_domain = false;
11619
11620
// Check whether the domain name is valid or not.
11657
'ReverseProxySwitchText' => 'Disable',
11658
'ReverseProxySwitchValue' => 'disable',
11659
'ReverseProxySwitchCssClass' => 'button-danger',
11660
+ /* Execute DNS Lookups */
11661
+ 'DnsLookupsStatus' => 'Enabled',
11662
+ 'DnsLookupsSwitchText' => 'Disable',
11663
+ 'DnsLookupsSwitchValue' => 'disable',
11664
+ 'DnsLookupsSwitchCssClass' => 'button-danger',
11665
+ /* Comment Monitoring */
11666
+ 'CommentMonitorStatus' => 'Enabled',
11667
+ 'CommentMonitorSwitchText' => 'Disable',
11668
+ 'CommentMonitorSwitchValue' => 'disable',
11669
+ 'CommentMonitorSwitchCssClass' => 'button-danger',
11670
+ /* XHR Monitoring */
11671
+ 'XhrMonitorStatus' => 'Enabled',
11672
+ 'XhrMonitorSwitchText' => 'Disable',
11673
+ 'XhrMonitorSwitchValue' => 'disable',
11674
+ 'XhrMonitorSwitchCssClass' => 'button-danger',
11675
/* API Proxy Settings */
11676
'APIProxy.Host' => 'no_proxy_host',
11677
'APIProxy.Port' => 'no_proxy_port',
11707
$template_variables['ReverseProxySwitchCssClass'] = 'button-success';
11708
}
11709
11710
+ if ( $dns_lookups == 'disabled' ) {
11711
+ $template_variables['DnsLookupsStatus'] = 'Disabled';
11712
+ $template_variables['DnsLookupsSwitchText'] = 'Enable';
11713
+ $template_variables['DnsLookupsSwitchValue'] = 'enable';
11714
+ $template_variables['DnsLookupsSwitchCssClass'] = 'button-success';
11715
+ }
11716
+
11717
+ if ( $comment_monitor == 'disabled' ) {
11718
+ $template_variables['CommentMonitorStatus'] = 'Disabled';
11719
+ $template_variables['CommentMonitorSwitchText'] = 'Enable';
11720
+ $template_variables['CommentMonitorSwitchValue'] = 'enable';
11721
+ $template_variables['CommentMonitorSwitchCssClass'] = 'button-success';
11722
+ }
11723
+
11724
+ if ( $xhr_monitor == 'disabled' ) {
11725
+ $template_variables['XhrMonitorStatus'] = 'Disabled';
11726
+ $template_variables['XhrMonitorSwitchText'] = 'Enable';
11727
+ $template_variables['XhrMonitorSwitchValue'] = 'enable';
11728
+ $template_variables['XhrMonitorSwitchCssClass'] = 'button-success';
11729
+ }
11730
+
11731
if ( sucuriscan_collect_wrong_passwords() === true ) {
11732
$template_variables['CollectWrongPasswords'] = '<span class="sucuriscan-label-error">Yes, collect passwords</span>';
11733
}