Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.7.9

Version Description

  • Improved reinstallation process
  • Updated sidebar banners
  • Various bugfixes and improvements
Download this release

Release Info

Developer akresic
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.7.9
Comparing to
See all releases

Code changes from version 1.7.8 to 1.7.9

inc/css/sucuriscan-default-css.css CHANGED
@@ -9,13 +9,24 @@
9
.sucuriscan-clearfix:after{clear:both}
10
.sucuriscan-visible{}
11
.sucuriscan-hidden{display:none !important}
12
- .sucuriscan-monospace{font-family:Monospace, Courier}
13
.sucuriscan-ellipsis{overflow:hidden;display:inline-block;white-space:nowrap;text-overflow:ellipsis}
14
.sucuriscan-wraptext{word-break:break-all}
15
.sucuriscan-pull-left{float:left}
16
.sucuriscan-pull-right{float:right}
17
.sucuriscan-list li{list-style:disc;margin:0 0 5px 15px}
18
- .sucuriscan-gradient, .sucuriscan-modal-header, .sucuriscan-maincontent .sucuriscan-table tr > th{background:#f1f1f1;background-image:-webkit-gradient(linear,left bottom,left top,from(#ececec),to(#f9f9f9));background-image:-webkit-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-moz-linear-gradient(bottom,#ececec,#f9f9f9);background-image:-o-linear-gradient(bottom,#ececec,#f9f9f9);background-image:linear-gradient(to top,#ececec,#f9f9f9)}
19
/* WordPress Extra Buttons (success) */
20
.wp-core-ui .button-success, .wp-core-ui .button-success.focus, .wp-core-ui .button-success.hover, .wp-core-ui .button-success:focus, .wp-core-ui .button-success:hover{background:#8dcd5a;border-color:#48a325;box-shadow:inset 0 1px 0 rgba(195, 230, 180, 0.6)}
21
.wp-core-ui .button-success.focus, .wp-core-ui .button-success.hover, .wp-core-ui .button-success:focus, .wp-core-ui .button-success:hover{background:#69be48}
@@ -28,6 +39,7 @@
28
.wp-core-ui .button-danger.focus, .wp-core-ui .button-danger:focus{border-color:#500e0e}
29
.wp-core-ui .button-danger.active, .wp-core-ui .button-danger.active:focus, .wp-core-ui .button-danger.active:hover, .wp-core-ui .button-danger:active{background:#a61b1b;border-color:#840000}
30
.wp-core-ui .button-danger-disabled, .wp-core-ui .button-danger.disabled, .wp-core-ui .button-danger:disabled, .wp-core-ui .button-danger[disabled]{color:#e79494 !important;background:#ba2929 !important;border-color:#7f1b1b !important}
31
/* Modal Window */
32
.sucuriscan-overlay{position:fixed;top:0;left:0;bottom:0;right:0;z-index:800;background:rgba(0, 0, 0, 0.5)}
33
.sucuriscan-modal{position:fixed;top:100px;left:50%;z-index:900}
@@ -83,7 +95,6 @@
83
.sucuriscan-table-quad-title tr:first-child th, .sucuriscan-table-quad-title tr:first-child + tr th, .sucuriscan-table-quad-title tr:first-child + tr + tr th{border-bottom:0}
84
.sucuriscan-table-description{border-left-width:1px !important;box-shadow:none}
85
.sucuriscan-table-description .inside{border-bottom:0 !important}
86
- .sucuriscan-maincontent .sucuriscan-lastmodified td{font-family:Monospace, Courier, serif;font-weight:bold}
87
.widefat td.td-with-button{text-align:right;padding:3px 10px}
88
.widefat td.td-with-button button{min-width:90px}
89
.widefat td.td-with-button select{height:initial;line-height:initial;vertical-align:top;margin:0;padding:2px 0 3px 0}
@@ -98,19 +109,38 @@
98
.sucuriscan-maincontent .thead-with-button select{margin:0;padding:0}
99
.sucuriscan-maincontent .thead-topright-action{display:inline-block;float:right}
100
/* Sidebar Styles */
101
- .sucuriscan-sidebar .sucuriscan-ad{margin-bottom:20px}
102
- .sucuriscan-sidebar .sucuriscan-ad-content{padding:1.5em;padding-bottom:0.5em;border:1px solid #ccc;border-bottom:0;border-radius:3px 3px 0 0}
103
- .sucuriscan-sidebar .sucuriscan-ad:nth-child(odd) .sucuriscan-ad-content{background-color:#bbe8f5;border-color:#4393ac}
104
- .sucuriscan-sidebar .sucuriscan-ad:nth-child(even) .sucuriscan-ad-content{background-color:#ececec;border-color:#999}
105
- .sucuriscan-sidebar .sucuriscan-ad-content h2{font-size:18px;line-height:normal;padding:0}
106
- .sucuriscan-sidebar .sucuriscan-ad-content .sucuriscan-list li{margin-left:17px}
107
- .sucuriscan-sidebar .sucuriscan-ad-footer{margin-bottom:0}
108
- .sucuriscan-sidebar .sucuriscan-ad-footer .button{width:50%;height:initial;text-align:center;line-height:36px}
109
- .sucuriscan-sidebar .sucuriscan-ad-footer .button:first-child{border-right:0}
110
- .sucuriscan-sidebar .sucuriscan-ad-footer .button.sucuriscan-pull-left{border-radius:0 0 0 3px}
111
- .sucuriscan-sidebar .sucuriscan-ad-footer .button.sucuriscan-pull-right{border-radius:0 0 3px 0}
112
.sucuriscan-scanner-video{width:100%;background:#fff;border:1px solid #ddd}
113
.sucuriscan-sidebar .sucuriscan-supportbtn{width:100%;height:initial;text-align:center;line-height:36px;margin-top:15px;padding:0}
114
/* WordPress Alerts */
115
div.sucuriscan-alert{position:relative;margin:0 0 20px 0}
116
div.sucuriscan-alert > a.close{position:absolute;top:10px;right:10px;font-size:18px;font-weight:bold;text-decoration:none}
@@ -156,12 +186,13 @@ div.sucuriscan-alert > a.close{position:absolute;top:10px;right:10px;font-size:1
156
.sucuriscan-maincontent .sucuriscan-border-good, .sucuriscan-maincontent .sucuriscan-border-success{border-left-color:#7ad03a}
157
.sucuriscan-maincontent .sucuriscan-border-bad, .sucuriscan-maincontent .sucuriscan-border-danger{border-left-color:#dd3d36}
158
.sucuriscan-maincontent .sucuriscan-border-info{border-left-color:#2ea2cc}
159
- .sucuriscan-maincontent .sucuriscan-cleanup-btn{display:block;text-align:center;margin:20px 0 0 0}
160
.sucuriscan-scanner-results .sucuriscan-scanner-details tr:nth-child(even),
161
.sucuriscan-scanner-results .sucuriscan-scanner-links tr:nth-child(even){background:#f5f5f5}
162
.sucuriscan-scanner-results td.sucuriscan-border-bad{border-left-width:4px;border-left-style:solid}
163
.sucuriscan-scanner-results .sucuriscan-malware-link{text-align:right}
164
.sucuriscan-scanner-results .sucuriscan-malware-link a:hover{color:#fff}
165
/* Generic Panel Magin Styles */
166
.sucuriscan-maincontent .sucuriscan-corefiles,
167
.sucuriscan-maincontent .sucuriscan-integrity-message,
@@ -171,7 +202,7 @@ div.sucuriscan-alert > a.close{position:absolute;top:10px;right:10px;font-size:1
171
.sucuriscan-maincontent .sucuriscan-auditlogs{margin-bottom:0}
172
.sucuriscan-auditlogs .sucuriscan-list-as-table{margin-bottom:0}
173
.sucuriscan-auditlogs .sucuriscan-maxper-page{text-align:right}
174
- .sucuriscan-auditlogs .sucuriscan-label{display:inline-block;width:56px;line-height:13px}
175
.sucuriscan-auditlogs .sucuriscan-auditlog-success, .sucuriscan-label-added{background:#5cb85c}
176
.sucuriscan-auditlogs .sucuriscan-auditlog-debug{background:#c690ec}
177
.sucuriscan-auditlogs .sucuriscan-auditlog-info{background:#5bc0de}
@@ -179,16 +210,6 @@ div.sucuriscan-alert > a.close{position:absolute;top:10px;right:10px;font-size:1
179
.sucuriscan-auditlogs .sucuriscan-auditlog-warning, .sucuriscan-label-modified{background:#f0ad4e}
180
.sucuriscan-auditlogs .sucuriscan-auditlog-error, .sucuriscan-label-removed{background:#f27d7d}
181
.sucuriscan-auditlogs .sucuriscan-auditlog-critical{background:#000000}
182
- .sucuriscan-auditlogs tbody tr:hover .sucuriscan-tooltip{display:block}
183
- .sucuriscan-auditlogs .sucuriscan-tooltip{display:none;position:absolute;width:initial;margin:-17px 0px 0px 62px}
184
- .sucuriscan-auditlogs .sucuriscan-tooltip:before{content:' ';position:absolute;top:5px;left:-5px;border:4px solid #000;border-left:none;border-right-width:5px;border-top-color:transparent;border-bottom-color:transparent}
185
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-success:before{border-right-color:#5cb85c}
186
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-debug:before{border-right-color:#c690ec}
187
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-info:before{border-right-color:#5bc0de}
188
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-notice:before{border-right-color:#428bca}
189
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-warning:before{border-right-color:#f0ad4e}
190
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-error:before{border-right-color:#f27d7d}
191
- .sucuriscan-auditlogs .sucuriscan-severity .sucuriscan-auditlog-critical:before{border-right-color:#000000}
192
/* Audit Report Styles */
193
.sucuriscan-maincontent .sucuriscan-audit-report{border-left-width:1px}
194
.sucuriscan-audit-report .sucuriscan-report-row{margin-bottom:10px}
@@ -208,6 +229,10 @@ td.sucuriscan-corefiles-warning > div{background:#f2dede;color:#a94442;border-co
208
.sucuriscan-maincontent .sucuriscan-integrity-message{position:relative}
209
.sucuriscan-maincontent .sucuriscan-integrity-message .sucuriscan-integrity-mark{position:absolute;top:1px;right:1px;background:#7ad03a;font-weight:bold;color:#fff;line-height:35px;padding:0 10px;border-left:1px solid #ddd}
210
.sucuriscan-maincontent .sucuriscan-ignoredfiles{margin-top:0}
211
.sucuriscan-maincontent .sucuriscan-modifiedfiles .sucuriscan-ellipsis{width:100px}
212
/* Monitoring Styles */
213
.sucuriscan-monitoring-settings{margin-bottom:20px}
@@ -231,7 +256,7 @@ td.sucuriscan-corefiles-warning > div{background:#f2dede;color:#a94442;border-co
231
.sucuriscan-request-summary{margin:-15px;margin-top:-3px}
232
.sucuriscan-request-summary td{font-size:14px}
233
.sucuriscan-request-summary tr td:first-child{font-weight:bold}
234
- .sucuriscan-request-summary td+td{font-family:monospace;word-break:break-all}
235
/* Hardening Status */
236
.sucuriscan-hstatus{position:relative;margin:0 -12px;padding:10px 12px;border:1px solid transparent}
237
.sucuriscan-hstatus-0{background-color:#f2dede;color:#a94442;border-color:#ebccd1}
@@ -260,7 +285,7 @@ td.sucuriscan-corefiles-warning > div{background:#f2dede;color:#a94442;border-co
260
.sucuriscan-pagination>li:last-child>a, .sucuriscan-pagination>li:last-child>span{border-radius:0 4px 4px 0}
261
.sucuriscan-pagination>li>a.sucuriscan-pagination-active, .sucuriscan-pagination>li>a:hover{background:#0074a2;color:#fff}
262
/* Resetter Styles */
263
- .sucuriscan_wpconfig_keys_updated textarea{width:100%;height:250px;background:#f5f5f5;font-family:monospace;font-size:12px;resize:vertical;margin:20px 0 0 0}
264
.sucuriscan-maincontent .sucuriscan-last-logins{margin-top:0}
265
.sucuriscan-maincontent .sucuriscan-last-logins .sucuriscan-ellipsis{width:150px;line-height:inherit}
266
.sucuriscan-maincontent .sucuriscan-full-textarea{width:100%;height:400px;line-height:normal;resize:vertical;padding:10px}
@@ -273,18 +298,12 @@ td.sucuriscan-corefiles-warning > div{background:#f2dede;color:#a94442;border-co
273
.sucuriscan-maincontent .sucuriscan-settings-trustip{margin-top:0}
274
.sucuriscan-maincontent .sucuriscan-settings-heartbeat{}
275
.sucuriscan-maincontent .sucuriscan-wpcron-list{margin-top:0}
276
.sucuriscan-maincontent .sucuriscan-infosys-htaccess .inside .sucuriscan-inline-alert-updated{margin-bottom:10px}
277
.sucuriscan-maincontent .sucuriscan-errorlogs .inside .sucuriscan-inline-alert-error{margin-top:10px}
278
.sucuriscan-maincontent .sucuriscan-errorlogs-list{}
279
.sucuriscan-maincontent .sucuriscan-subject-formats{margin:0}
280
.sucuriscan-maincontent .sucuriscan-subject-formats input[type=text]{width:40%;margin-left:10px}
281
- /* Parent Resetter: Midnight */
282
- .admin-color-blue .wrap div.sucuriscan-setup-notice, .admin-color-blue .sucuriscan-ad:nth-child(odd){background:#e5d1ae;border-color:#d39323}
283
- .admin-color-coffee .wrap div.sucuriscan-setup-notice, .admin-color-coffee .sucuriscan-ad:nth-child(odd){background:#e4cfbe;border-color:#b78a66}
284
- .admin-color-ectoplasm .wrap div.sucuriscan-setup-notice, .admin-color-ectoplasm .sucuriscan-ad:nth-child(odd){background:#ccd894;border-color:#a3b745}
285
- .admin-color-midnight .wrap div.sucuriscan-setup-notice, .admin-color-midnight .sucuriscan-ad:nth-child(odd){background:#f1b8b4;border-color:#d02a21}
286
- .admin-color-ocean .wrap div.sucuriscan-setup-notice, .admin-color-ocean .sucuriscan-ad:nth-child(odd){background:#c6e7c8;border-color:#719a74}
287
- .admin-color-sunrise .wrap div.sucuriscan-setup-notice, .admin-color-sunrise .sucuriscan-ad:nth-child(odd){background:#ecc2a2;border-color:#c36822}
288
/* 3CJS Chart styles */
289
.c3 svg{font:10px sans-serif}
290
.c3 line,.c3 path{fill:none;stroke:#000}
9
.sucuriscan-clearfix:after{clear:both}
10
.sucuriscan-visible{}
11
.sucuriscan-hidden{display:none !important}
12
+ .sucuriscan-opacity{opacity:0.6}
13
+ .sucuriscan-monospace{font-family:Menlo, Monaco, monospace, courier}
14
.sucuriscan-ellipsis{overflow:hidden;display:inline-block;white-space:nowrap;text-overflow:ellipsis}
15
.sucuriscan-wraptext{word-break:break-all}
16
.sucuriscan-pull-left{float:left}
17
.sucuriscan-pull-right{float:right}
18
.sucuriscan-list li{list-style:disc;margin:0 0 5px 15px}
19
+ .sucuriscan-gradient, .sucuriscan-modal-header, .sucuriscan-maincontent .sucuriscan-table tr > th{
20
+ background-color: #f1f1f1;
21
+ background-image: -webkit-gradient(linear, left top, left bottom, from(#f9f9f9), to(#ececec));
22
+ background-image: -webkit-linear-gradient(top, #f9f9f9, #ececec);
23
+ background-image: -moz-linear-gradient(top, #f9f9f9, #ececec);
24
+ background-image: -ms-linear-gradient(top, #f9f9f9, #ececec);
25
+ background-image: -o-linear-gradient(top, #f9f9f9, #ececec);
26
+ background-image: linear-gradient(top, #f9f9f9, #ececec);
27
+ filter: "progid:DXImageTransform.Microsoft.Gradient(startColorstr=#f9f9f9, endColorstr=#ececec)";
28
+ -ms-filter: "progid:DXImageTransform.Microsoft.Gradient(startColorstr=#f9f9f9, endColorstr=#ececec)";
29
+ }
30
/* WordPress Extra Buttons (success) */
31
.wp-core-ui .button-success, .wp-core-ui .button-success.focus, .wp-core-ui .button-success.hover, .wp-core-ui .button-success:focus, .wp-core-ui .button-success:hover{background:#8dcd5a;border-color:#48a325;box-shadow:inset 0 1px 0 rgba(195, 230, 180, 0.6)}
32
.wp-core-ui .button-success.focus, .wp-core-ui .button-success.hover, .wp-core-ui .button-success:focus, .wp-core-ui .button-success:hover{background:#69be48}
39
.wp-core-ui .button-danger.focus, .wp-core-ui .button-danger:focus{border-color:#500e0e}
40
.wp-core-ui .button-danger.active, .wp-core-ui .button-danger.active:focus, .wp-core-ui .button-danger.active:hover, .wp-core-ui .button-danger:active{background:#a61b1b;border-color:#840000}
41
.wp-core-ui .button-danger-disabled, .wp-core-ui .button-danger.disabled, .wp-core-ui .button-danger:disabled, .wp-core-ui .button-danger[disabled]{color:#e79494 !important;background:#ba2929 !important;border-color:#7f1b1b !important}
42
+ .wp-core-ui .sucuriscan-btnblock{display:block;width:100%;text-align:center}
43
/* Modal Window */
44
.sucuriscan-overlay{position:fixed;top:0;left:0;bottom:0;right:0;z-index:800;background:rgba(0, 0, 0, 0.5)}
45
.sucuriscan-modal{position:fixed;top:100px;left:50%;z-index:900}
95
.sucuriscan-table-quad-title tr:first-child th, .sucuriscan-table-quad-title tr:first-child + tr th, .sucuriscan-table-quad-title tr:first-child + tr + tr th{border-bottom:0}
96
.sucuriscan-table-description{border-left-width:1px !important;box-shadow:none}
97
.sucuriscan-table-description .inside{border-bottom:0 !important}
98
.widefat td.td-with-button{text-align:right;padding:3px 10px}
99
.widefat td.td-with-button button{min-width:90px}
100
.widefat td.td-with-button select{height:initial;line-height:initial;vertical-align:top;margin:0;padding:2px 0 3px 0}
109
.sucuriscan-maincontent .thead-with-button select{margin:0;padding:0}
110
.sucuriscan-maincontent .thead-topright-action{display:inline-block;float:right}
111
/* Sidebar Styles */
112
+ .sucuriscan-ad {color:#fff;padding:20px;margin-bottom:20px}
113
+ .sucuriscan-ad h3, .sucuriscan-ad h4, .sucuriscan-ad .sucuriscan-ad-btn {font-family:Arial, Helvetica, sans-serif;color:#fff;margin:0}
114
+ .sucuriscan-ad h3 {font-size:18px;font-weight:300}
115
+ .sucuriscan-ad h4 {font-size:22px;font-weight:bold;margin-top:10px}
116
+ .sucuriscan-ad .sucuriscan-ad-btn {display:block;font-size:13px;font-weight:bold;text-align:center;text-decoration:none;text-transform:uppercase;margin-top:20px;padding:5px;border-radius:20px}
117
+ .sucuriscan-ad .sucuriscan-ad-footer {margin-top:20px;margin-bottom:0}
118
+ .sucuriscan-ad .sucuriscan-ad-footer ul {margin:0}
119
+ .sucuriscan-ad .sucuriscan-ad-footer li {font-size:12px;color:#fff;list-style:disc;margin:0 0 0 16px}
120
+ .sucuriscan-ad .sucuriscan-ad-footer li.featured {color:#fde44c}
121
.sucuriscan-scanner-video{width:100%;background:#fff;border:1px solid #ddd}
122
.sucuriscan-sidebar .sucuriscan-supportbtn{width:100%;height:initial;text-align:center;line-height:36px;margin-top:15px;padding:0}
123
+ /* Sidebar Firewall Styles */
124
+ .sucuriscan-ad-firewall {background:#606e77}
125
+ .sucuriscan-ad-firewall .sucuriscan-ad-btn {background:#606e77;border:1px solid #fff}
126
+ .sucuriscan-ad-firewall .sucuriscan-ad-btn:hover {background:#85929b}
127
+ /* Sidebar Antivirus Styles */
128
+ .sucuriscan-ad-antivirus {background:#04833e;padding-bottom:0}
129
+ .sucuriscan-ad-antivirus .sucuriscan-ad-website {display:block;text-decoration:none;margin-top:20px}
130
+ .sucuriscan-ad-antivirus .sucuriscan-ad-website img {display:block;max-width:100%}
131
+ .sucuriscan-ad-antivirus .sucuriscan-ad-btn {
132
+ background-color: #e8840a;
133
+ background-image: -webkit-gradient(linear, left top, left bottom, from(#e8840a), to(#ef7f02));
134
+ background-image: -webkit-linear-gradient(top, #e8840a, #ef7f02);
135
+ background-image: -moz-linear-gradient(top, #e8840a, #ef7f02);
136
+ background-image: -ms-linear-gradient(top, #e8840a, #ef7f02);
137
+ background-image: -o-linear-gradient(top, #e8840a, #ef7f02);
138
+ background-image: linear-gradient(top, #e8840a, #ef7f02);
139
+ filter: "progid:DXImageTransform.Microsoft.Gradient(startColorstr=#e8840a, endColorstr=#ef7f02)";
140
+ -ms-filter: "progid:DXImageTransform.Microsoft.Gradient(startColorstr=#e8840a, endColorstr=#ef7f02)";
141
+ box-shadow: inset 0px 1px 1px #eaac3a;
142
+ border:1px solid #d17301;
143
+ }
144
/* WordPress Alerts */
145
div.sucuriscan-alert{position:relative;margin:0 0 20px 0}
146
div.sucuriscan-alert > a.close{position:absolute;top:10px;right:10px;font-size:18px;font-weight:bold;text-decoration:none}
186
.sucuriscan-maincontent .sucuriscan-border-good, .sucuriscan-maincontent .sucuriscan-border-success{border-left-color:#7ad03a}
187
.sucuriscan-maincontent .sucuriscan-border-bad, .sucuriscan-maincontent .sucuriscan-border-danger{border-left-color:#dd3d36}
188
.sucuriscan-maincontent .sucuriscan-border-info{border-left-color:#2ea2cc}
189
+ .sucuriscan-maincontent .sucuriscan-cleanup-btn{margin:20px 0 0 0}
190
.sucuriscan-scanner-results .sucuriscan-scanner-details tr:nth-child(even),
191
.sucuriscan-scanner-results .sucuriscan-scanner-links tr:nth-child(even){background:#f5f5f5}
192
.sucuriscan-scanner-results td.sucuriscan-border-bad{border-left-width:4px;border-left-style:solid}
193
.sucuriscan-scanner-results .sucuriscan-malware-link{text-align:right}
194
.sucuriscan-scanner-results .sucuriscan-malware-link a:hover{color:#fff}
195
+ .sucuriscan-malware-payload{background:#f5f5f5;word-break:break-all;margin:-2px -15px -15px -15px;padding:15px}
196
/* Generic Panel Magin Styles */
197
.sucuriscan-maincontent .sucuriscan-corefiles,
198
.sucuriscan-maincontent .sucuriscan-integrity-message,
202
.sucuriscan-maincontent .sucuriscan-auditlogs{margin-bottom:0}
203
.sucuriscan-auditlogs .sucuriscan-list-as-table{margin-bottom:0}
204
.sucuriscan-auditlogs .sucuriscan-maxper-page{text-align:right}
205
+ .sucuriscan-auditlogs .sucuriscan-label{display:inline-block;width:18px;text-transform:uppercase;line-height:13px;cursor:pointer;border-radius:50%}
206
.sucuriscan-auditlogs .sucuriscan-auditlog-success, .sucuriscan-label-added{background:#5cb85c}
207
.sucuriscan-auditlogs .sucuriscan-auditlog-debug{background:#c690ec}
208
.sucuriscan-auditlogs .sucuriscan-auditlog-info{background:#5bc0de}
210
.sucuriscan-auditlogs .sucuriscan-auditlog-warning, .sucuriscan-label-modified{background:#f0ad4e}
211
.sucuriscan-auditlogs .sucuriscan-auditlog-error, .sucuriscan-label-removed{background:#f27d7d}
212
.sucuriscan-auditlogs .sucuriscan-auditlog-critical{background:#000000}
213
/* Audit Report Styles */
214
.sucuriscan-maincontent .sucuriscan-audit-report{border-left-width:1px}
215
.sucuriscan-audit-report .sucuriscan-report-row{margin-bottom:10px}
229
.sucuriscan-maincontent .sucuriscan-integrity-message{position:relative}
230
.sucuriscan-maincontent .sucuriscan-integrity-message .sucuriscan-integrity-mark{position:absolute;top:1px;right:1px;background:#7ad03a;font-weight:bold;color:#fff;line-height:35px;padding:0 10px;border-left:1px solid #ddd}
231
.sucuriscan-maincontent .sucuriscan-ignoredfiles{margin-top:0}
232
+ .sucuriscan-ignore-file form{padding:10px;padding-top:0;border-bottom:1px solid #ddd;border-right:1px solid #ddd}
233
+ .sucuriscan-ignore-file p{border-bottom:none}
234
+ .sucuriscan-ignore-file-input{width:80%}
235
+ .sucuriscan-ignore-file-button{width:18%}
236
.sucuriscan-maincontent .sucuriscan-modifiedfiles .sucuriscan-ellipsis{width:100px}
237
/* Monitoring Styles */
238
.sucuriscan-monitoring-settings{margin-bottom:20px}
256
.sucuriscan-request-summary{margin:-15px;margin-top:-3px}
257
.sucuriscan-request-summary td{font-size:14px}
258
.sucuriscan-request-summary tr td:first-child{font-weight:bold}
259
+ .sucuriscan-request-summary td+td{word-break:break-all}
260
/* Hardening Status */
261
.sucuriscan-hstatus{position:relative;margin:0 -12px;padding:10px 12px;border:1px solid transparent}
262
.sucuriscan-hstatus-0{background-color:#f2dede;color:#a94442;border-color:#ebccd1}
285
.sucuriscan-pagination>li:last-child>a, .sucuriscan-pagination>li:last-child>span{border-radius:0 4px 4px 0}
286
.sucuriscan-pagination>li>a.sucuriscan-pagination-active, .sucuriscan-pagination>li>a:hover{background:#0074a2;color:#fff}
287
/* Resetter Styles */
288
+ .sucuriscan_wpconfig_keys_updated textarea{width:100%;height:250px;background:#f5f5f5;font-size:12px;resize:vertical;margin:20px 0 0 0}
289
.sucuriscan-maincontent .sucuriscan-last-logins{margin-top:0}
290
.sucuriscan-maincontent .sucuriscan-last-logins .sucuriscan-ellipsis{width:150px;line-height:inherit}
291
.sucuriscan-maincontent .sucuriscan-full-textarea{width:100%;height:400px;line-height:normal;resize:vertical;padding:10px}
298
.sucuriscan-maincontent .sucuriscan-settings-trustip{margin-top:0}
299
.sucuriscan-maincontent .sucuriscan-settings-heartbeat{}
300
.sucuriscan-maincontent .sucuriscan-wpcron-list{margin-top:0}
301
+ .sucuriscan-maincontent .sucuriscan-infosys-htaccess .inside{border-bottom:1px solid #ddd !important}
302
.sucuriscan-maincontent .sucuriscan-infosys-htaccess .inside .sucuriscan-inline-alert-updated{margin-bottom:10px}
303
.sucuriscan-maincontent .sucuriscan-errorlogs .inside .sucuriscan-inline-alert-error{margin-top:10px}
304
.sucuriscan-maincontent .sucuriscan-errorlogs-list{}
305
.sucuriscan-maincontent .sucuriscan-subject-formats{margin:0}
306
.sucuriscan-maincontent .sucuriscan-subject-formats input[type=text]{width:40%;margin-left:10px}
307
/* 3CJS Chart styles */
308
.c3 svg{font:10px sans-serif}
309
.c3 line,.c3 path{fill:none;stroke:#000}
inc/images/antivirus-logo-x42.png ADDED
Binary file
inc/images/cloudproxy-logo-x42.png ADDED
Binary file
inc/images/sucuri-website.png ADDED
Binary file
inc/tpl/base.html.tpl CHANGED
@@ -27,39 +27,56 @@
27
28
<div class="sucuriscan-sidebar sucuriscan-%%SUCURI.AdsVisibility%%">
29
30
- <div class="sucuriscan-ad">
31
- <div class="sucuriscan-ad-content">
32
- <h2>Is your website infected with malware? Blacklisted by Google?</h2>
33
- <p>Don't know where to start? Get cleared today by <a href="http://sucuri.net/signup" target="_blank">Sucuri Security</a>!</p>
34
</div>
35
36
- <div class="sucuriscan-ad-footer sucuriscan-clearfix">
37
- <a href="http://sucuri.net/website-antivirus/signup" target="_blank"
38
- class="button button-primary sucuriscan-pull-left">Sign up now</a>
39
- <a href="http://sucuri.net/website-antivirus/" target="_blank"
40
- class="button button-primary sucuriscan-pull-right">Read more</a>
41
- </div>
42
- </div>
43
44
- <div class="sucuriscan-ad">
45
- <div class="sucuriscan-ad-content">
46
- <h2>Preventive website security in the cloud!</h2>
47
-
48
- <ul class="sucuriscan-list">
49
- <li>Web Application Firewall (WAF) Protection</li>
50
<li>Virtual Website Patching</li>
51
- <li>Cloud Intrusion Prevention System (IPS)</li>
52
<li>High Security Website Monitoring</li>
53
<li>Malicious Traffic Filtering</li>
54
</ul>
55
</div>
56
57
<div class="sucuriscan-ad-footer sucuriscan-clearfix">
58
- <a href="http://sucuri.net/website-firewall/signup" target="_blank"
59
- class="button button-primary sucuriscan-pull-left">Sign up now</a>
60
- <a href="http://sucuri.net/website-firewall/" target="_blank"
61
- class="button button-primary sucuriscan-pull-right">Read more</a>
62
</div>
63
</div>
64
65
<iframe src="https://www.youtube-nocookie.com/embed/EVa9FY3nKuQ" height="250" class="sucuriscan-scanner-video" allowfullscreen></iframe>
27
28
<div class="sucuriscan-sidebar sucuriscan-%%SUCURI.AdsVisibility%%">
29
30
+ <div class="sucuriscan-ad sucuriscan-ad-firewall">
31
+ <div class="sucuriscan-clearfix">
32
+ <div class="sucuriscan-pull-left">
33
+ <h3>Do you want to</h3>
34
+ <h4>Stop Hackers?</h4>
35
+ </div>
36
+ <div class="sucuriscan-pull-right">
37
+ <img src="%%SUCURI.SucuriURL%%/inc/images/cloudproxy-logo-x42.png" alt="CloudProxy WAF" />
38
+ </div>
39
</div>
40
41
+ <a href="http://goo.gl/9sD2sh" target="_blank" class="sucuriscan-ad-btn">Protect Your Website Today</a>
42
43
+ <div class="sucuriscan-ad-footer">
44
+ <ul>
45
+ <li>Sucuri CloudProxy Firewall</li>
46
+ <li class="featured">Stopping 33M+ attacks a month</li>
47
+ <li>Web Application Firewall Protection</li>
48
<li>Virtual Website Patching</li>
49
+ <li>Cloud Intrusion Prevention System</li>
50
<li>High Security Website Monitoring</li>
51
<li>Malicious Traffic Filtering</li>
52
</ul>
53
</div>
54
+ </div>
55
+
56
+ <div class="sucuriscan-ad sucuriscan-ad-antivirus">
57
+ <div class="sucuriscan-clearfix">
58
+ <h3>Have you been hacked?</h3>
59
+ <h4>Blacklisted by Google?</h4>
60
+ </div>
61
+
62
+ <a href="http://goo.gl/vEwZq6" target="_blank" class="sucuriscan-ad-btn">Get Clean Today</a>
63
64
<div class="sucuriscan-ad-footer sucuriscan-clearfix">
65
+ <div class="sucuriscan-pull-left">
66
+ <ul>
67
+ <li>Sucuri Antivirus</li>
68
+ <li class="featured">Servicing 250k+ domains</li>
69
+ <li class="featured">Cleaning 300+ websites a day</li>
70
+ </ul>
71
+ </div>
72
+ <div class="sucuriscan-pull-right">
73
+ <img src="%%SUCURI.SucuriURL%%/inc/images/antivirus-logo-x42.png" alt="Sucuri Antivirus" />
74
+ </div>
75
</div>
76
+
77
+ <a href="https://sucuri.net/" target="_blank" class="sucuriscan-ad-website">
78
+ <img src="%%SUCURI.SucuriURL%%/inc/images/sucuri-website.png" alt="Sucuri Website" />
79
+ </a>
80
</div>
81
82
<iframe src="https://www.youtube-nocookie.com/embed/EVa9FY3nKuQ" height="250" class="sucuriscan-scanner-video" allowfullscreen></iframe>
inc/tpl/hardening.html.tpl ADDED
@@ -0,0 +1,39 @@
1
+
2
+ <div id="poststuff">
3
+
4
+ <form method="post">
5
+
6
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
7
+ <input type="hidden" name="sucuriscan_run_hardening" value="1" />
8
+
9
+ %%SUCURI.Hardening.Version%%
10
+
11
+ %%SUCURI.Hardening.CloudProxy%%
12
+
13
+ %%SUCURI.Hardening.RemoveGenerator%%
14
+
15
+ %%SUCURI.Hardening.NginxPhpFpm%%
16
+
17
+ %%SUCURI.Hardening.Upload%%
18
+
19
+ %%SUCURI.Hardening.WpContent%%
20
+
21
+ %%SUCURI.Hardening.WpIncludes%%
22
+
23
+ %%SUCURI.Hardening.PhpVersion%%
24
+
25
+ %%SUCURI.Hardening.SecretKeys%%
26
+
27
+ %%SUCURI.Hardening.Readme%%
28
+
29
+ %%SUCURI.Hardening.AdminUser%%
30
+
31
+ %%SUCURI.Hardening.FileEditor%%
32
+
33
+ %%SUCURI.Hardening.DBTables%%
34
+
35
+ %%SUCURI.Hardening.ErrorLog%%
36
+
37
+ </form>
38
+
39
+ </div>
inc/tpl/hardening.snippet.tpl ADDED
@@ -0,0 +1,19 @@
1
+
2
+ <div class="postbox">
3
+ <h3>%%SUCURI.Hardening.Title%%</h3>
4
+
5
+ <div class="inside">
6
+ %%SUCURI.Hardening.Description%%
7
+
8
+ <div class="sucuriscan-hstatus sucuriscan-hstatus-%%SUCURI.Hardening.Status%%">
9
+ <input type="submit" name="%%SUCURI.Hardening.FieldName%%"
10
+ value="%%SUCURI.Hardening.FieldValue%%"
11
+ %%SUCURI.Hardening.FieldAttributes%%
12
+ class="button-secondary" />
13
+
14
+ <span>%%SUCURI.Hardening.Information%%</span>
15
+ </div>
16
+
17
+ %%SUCURI.Hardening.UpdateMessage%%
18
+ </div>
19
+ </div>
inc/tpl/infosys-htaccess.html.tpl CHANGED
@@ -1,6 +1,6 @@
1
2
<div id="poststuff" class="sucuriscan-infosys-htaccess">
3
- <div class="postbox">
4
<h3>Access File Integrity</h3>
5
6
<div class="inside">
1
2
<div id="poststuff" class="sucuriscan-infosys-htaccess">
3
+ <div class="postbox sucuriscan-border sucuriscan-table-description">
4
<h3>Access File Integrity</h3>
5
6
<div class="inside">
inc/tpl/integrity-auditlogs.html.tpl CHANGED
@@ -2,7 +2,7 @@
2
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-auditlogs">
3
<thead>
4
<tr>
5
- <th colspan="4" class="thead-with-button">
6
<span>Audit Logs (%%SUCURI.AuditLogs.Count%% latest logs)</span>
7
<form action="%%SUCURI.URL.Settings%%" method="post"
8
class="thead-topright-action sucuriscan-%%SUCURI.AuditLogs.EnableAuditReportVisibility%%">
@@ -15,6 +15,7 @@
15
16
<tr>
17
<th>&nbsp;</th>
18
<th>Username</th>
19
<th>IP Address</th>
20
<th>Event Message</th>
@@ -25,13 +26,13 @@
25
%%SUCURI.AuditLogs.List%%
26
27
<tr class="sucuriscan-%%SUCURI.AuditLogs.NoItemsVisibility%%">
28
- <td colspan="4">
29
<em>No logs so far.</em>
30
</td>
31
</tr>
32
33
<tr class="sucuriscan-%%SUCURI.AuditLogs.PaginationVisibility%%">
34
- <td colspan="4">
35
<ul class="sucuriscan-pagination">
36
%%SUCURI.AuditLogs.PaginationLinks%%
37
</ul>
2
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-auditlogs">
3
<thead>
4
<tr>
5
+ <th colspan="5" class="thead-with-button">
6
<span>Audit Logs (%%SUCURI.AuditLogs.Count%% latest logs)</span>
7
<form action="%%SUCURI.URL.Settings%%" method="post"
8
class="thead-topright-action sucuriscan-%%SUCURI.AuditLogs.EnableAuditReportVisibility%%">
15
16
<tr>
17
<th>&nbsp;</th>
18
+ <th width="160">Date</th>
19
<th>Username</th>
20
<th>IP Address</th>
21
<th>Event Message</th>
26
%%SUCURI.AuditLogs.List%%
27
28
<tr class="sucuriscan-%%SUCURI.AuditLogs.NoItemsVisibility%%">
29
+ <td colspan="5">
30
<em>No logs so far.</em>
31
</td>
32
</tr>
33
34
<tr class="sucuriscan-%%SUCURI.AuditLogs.PaginationVisibility%%">
35
+ <td colspan="5">
36
<ul class="sucuriscan-pagination">
37
%%SUCURI.AuditLogs.PaginationLinks%%
38
</ul>
inc/tpl/integrity-auditlogs.snippet.tpl CHANGED
@@ -1,11 +1,10 @@
1
2
<tr class="%%SUCURI.AuditLog.CssClass%%">
3
<td>
4
- <div class="sucuriscan-severity">
5
- <span class="sucuriscan-label sucuriscan-auditlog-%%SUCURI.AuditLog.Event%%">%%SUCURI.AuditLog.EventTitle%%</span>
6
- <span class="sucuriscan-tooltip sucuriscan-label sucuriscan-auditlog-%%SUCURI.AuditLog.Event%%">%%SUCURI.AuditLog.DateTime%%</span>
7
- </div>
8
</td>
9
<td><span class="sucuriscan-monospace">%%SUCURI.AuditLog.Username%%</span></td>
10
<td><span class="sucuriscan-monospace">%%SUCURI.AuditLog.RemoteAddress%%</span></td>
11
<td>
1
2
<tr class="%%SUCURI.AuditLog.CssClass%%">
3
<td>
4
+ <span class="sucuriscan-label sucuriscan-auditlog-%%SUCURI.AuditLog.Event%%"
5
+ title="%%SUCURI.AuditLog.EventTitle%%">&nbsp;</span>
6
</td>
7
+ <td>%%SUCURI.AuditLog.DateTime%%</td>
8
<td><span class="sucuriscan-monospace">%%SUCURI.AuditLog.Username%%</span></td>
9
<td><span class="sucuriscan-monospace">%%SUCURI.AuditLog.RemoteAddress%%</span></td>
10
<td>
inc/tpl/integrity-corefiles.html.tpl CHANGED
@@ -14,20 +14,22 @@
14
<table class="wp-list-table widefat sucuriscan-table sucuriscan-corefiles sucuriscan-%%SUCURI.CoreFiles.BadVisibility%%">
15
<thead>
16
<tr>
17
- <th colspan="4" class="sucuriscan-clearfix thead-with-button">
18
<span>Core integrity (%%SUCURI.CoreFiles.ListCount%% files)</span>
19
<button id="sucuriscan-corefiles-show" class="button button-primary thead-topright-action" data-action="show">Show files</button>
20
</th>
21
</tr>
22
23
<tr>
24
- <td colspan="4" class="sucuriscan-corefiles-warning">
25
<div>
26
<p>
27
- Changes in the integrity of your core files were detected. There are files that
28
- were added, modified, and/or removed in the core directories <code>/&lt;root&gt;</code>,
29
- <code>/wp-admin</code> and/or <code>/wp-includes</code>. You may want to check
30
- each file to determine if they were infected with malicious code.
31
</p>
32
</div>
33
</td>
@@ -40,6 +42,7 @@
40
</th>
41
<th width="80" class="manage-column">Status</th>
42
<th width="100" class="manage-column">File Size</th>
43
<th class="manage-column">File Path</th>
44
</tr>
45
</thead>
@@ -50,13 +53,14 @@
50
51
<tfoot>
52
<tr>
53
- <td colspan="4">
54
<p>
55
- The action to restore the content of a file will only work with files that were
56
- <b>modified</b> or <b>removed</b>, for files that were <b>added</b> you must
57
- either remove or mark as fixed. Files marked as <b>fixed</b> will always be
58
- ignored from the integrity checks, an attacker can use this option to hide a
59
- malicious file, so always check what files are being ignored.
60
</p>
61
62
<label>
14
<table class="wp-list-table widefat sucuriscan-table sucuriscan-corefiles sucuriscan-%%SUCURI.CoreFiles.BadVisibility%%">
15
<thead>
16
<tr>
17
+ <th colspan="5" class="sucuriscan-clearfix thead-with-button">
18
<span>Core integrity (%%SUCURI.CoreFiles.ListCount%% files)</span>
19
<button id="sucuriscan-corefiles-show" class="button button-primary thead-topright-action" data-action="show">Show files</button>
20
</th>
21
</tr>
22
23
<tr>
24
+ <td colspan="5" class="sucuriscan-corefiles-warning">
25
<div>
26
<p>
27
+ Changes in the integrity of your core files were detected, you may want to check
28
+ each file to determine if they were infected with malicious code. The WordPress
29
+ core directories <code>/&lt;root&gt;</code>, <code>/wp-admin</code> and <code>
30
+ /wp-includes</code> are the only ones being scanned; the content, uploads, and
31
+ custom directories are not part of the official archives so you have to check
32
+ them manually.
33
</p>
34
</div>
35
</td>
42
</th>
43
<th width="80" class="manage-column">Status</th>
44
<th width="100" class="manage-column">File Size</th>
45
+ <th width="170" class="manage-column">Modified At</th>
46
<th class="manage-column">File Path</th>
47
</tr>
48
</thead>
53
54
<tfoot>
55
<tr>
56
+ <td colspan="5">
57
<p>
58
+ <strong>Note.</strong> This is not a malware scanner but an integrity checker
59
+ which is a completely different thing, if you want to check if your site is
60
+ generating malicious code then use the <a href="%%SUCURI.URL.Scanner%%">malware
61
+ scan</a> tool. If you see the text <em>"must be fixed manually"</em> in any of
62
+ these files that means that they do not have write permissions so you can not
63
+ fix them using this tool.
64
</p>
65
66
<label>
inc/tpl/integrity-corefiles.snippet.tpl CHANGED
@@ -1,10 +1,16 @@
1
2
<tr class="%%SUCURI.CoreFiles.CssClass%% sucuriscan-hidden">
3
<td class="check-column">
4
- <input type="checkbox" name="sucuriscan_integrity_files[]" value="%%SUCURI.CoreFiles.FilePath%%" />
5
- <input type="hidden" name="sucuriscan_integrity_types[]" value="%%SUCURI.CoreFiles.StatusType%%" />
6
</td>
7
<td><span class="sucuriscan-label sucuriscan-label-%%SUCURI.CoreFiles.StatusType%%">%%SUCURI.CoreFiles.StatusType%%</span></td>
8
<td><em title="%%SUCURI.CoreFiles.FileSizeNumber%% bytes">~%%SUCURI.CoreFiles.FileSizeHuman%%</em></td>
9
- <td><span class="sucuriscan-monospace sucuriscan-wraptext">%%SUCURI.CoreFiles.FilePath%%</span></td>
10
</tr>
1
2
<tr class="%%SUCURI.CoreFiles.CssClass%% sucuriscan-hidden">
3
<td class="check-column">
4
+ <input type="checkbox" name="sucuriscan_integrity_files[]"
5
+ value="%%SUCURI.CoreFiles.FilePath%%" %%SUCURI.CoreFiles.IsFixtableFile%% />
6
+ <input type="hidden" name="sucuriscan_integrity_types[]"
7
+ value="%%SUCURI.CoreFiles.StatusType%%" %%SUCURI.CoreFiles.IsFixtableFile%% />
8
</td>
9
<td><span class="sucuriscan-label sucuriscan-label-%%SUCURI.CoreFiles.StatusType%%">%%SUCURI.CoreFiles.StatusType%%</span></td>
10
<td><em title="%%SUCURI.CoreFiles.FileSizeNumber%% bytes">~%%SUCURI.CoreFiles.FileSizeHuman%%</em></td>
11
+ <td>%%SUCURI.CoreFiles.ModifiedAt%%</td>
12
+ <td>
13
+ <span class="sucuriscan-monospace sucuriscan-wraptext">%%SUCURI.CoreFiles.FilePath%%</span>
14
+ <em>%%SUCURI.CoreFiles.IsNotFixable%%</em>
15
+ </td>
16
</tr>
inc/tpl/integrity-wpoutdate.html.tpl CHANGED
@@ -1,29 +1,10 @@
1
2
- <div class="postbox sucuriscan-wordpress-outdated sucuriscan-border sucuriscan-border-bad sucuriscan-%%SUCURI.WordPress.UpdateVisibility%%">
3
- <h3>WordPress version outdated</h3>
4
-
5
- <div class="inside">
6
- <p>
7
- The current version of your site was detected as
8
- <code>%%SUCURI.WordPress.Version%%</code> which is different to the official
9
- latest version. The integrity check can not run using this version number
10
- <a href="%%SUCURI.WordPress.UpgradeURL%%" target="_blank">update now</a> to
11
- be able to run the integrity check.
12
- </p>
13
- </div>
14
- </div>
15
-
16
- <div class="postbox sucuriscan-wordpress-beta sucuriscan-border sucuriscan-border-info sucuriscan-%%SUCURI.WordPressBeta.Visibility%%">
17
- <h3>WordPress beta version</h3>
18
-
19
- <div class="inside">
20
- <p>
21
- You are using a development version of WordPress. Beta testers will have a set up to
22
- install updates of future beta versions automatically. You can update to the latest
23
- nightly build <code>%%SUCURI.WordPressBeta.Version%%</code> automatically from
24
- <a href="%%SUCURI.WordPressBeta.UpdateURL%%" target="_blank">here</a> or download the
25
- nightly build from <a href="%%SUCURI.WordPressBeta.DownloadURL%%" target="_blank">here</a>
26
- and install it manually.
27
- </p>
28
- </div>
29
</div>
1
2
+ <div class="sucuriscan-wordpress-outdated sucuriscan-%%SUCURI.WordPress.UpdateVisibility%%">
3
+ <a href="%%SUCURI.WordPress.UpdateURL%%" target="_blank"
4
+ class="button button-primary button-danger button-hero sucuriscan-btnblock">
5
+ WordPress %%SUCURI.WordPress.Version%% is Outdated
6
+ &nbsp;-&nbsp;
7
+ Install New Version %%SUCURI.WordPress.NewVersion%%
8
+ <em>(%%SUCURI.WordPress.NewLocale%%)</em>
9
+ </a>
10
</div>
inc/tpl/malwarescan-appdetail.snippet.tpl ADDED
@@ -0,0 +1,5 @@
1
+
2
+ <tr>
3
+ <td>%%SUCURI.InformationTitle%%</td>
4
+ <td><span class="sucuriscan-monospace">%%SUCURI.InformationValue%%</span></td>
5
+ </tr>
inc/tpl/malwarescan-outdated.snippet.tpl ADDED
@@ -0,0 +1,8 @@
1
+
2
+ <tr>
3
+ <td colspan="2" class="sucuriscan-border-bad">
4
+ <strong>%%SUCURI.OutdatedSoftwareTitle%%</strong>
5
+ <em>(%%SUCURI.OutdatedSoftwareUrl%%)</em>
6
+ <span>%%SUCURI.OutdatedSoftwareValue%%</span>
7
+ </td>
8
+ </tr>
inc/tpl/malwarescan-recommendation.snippet.tpl ADDED
@@ -0,0 +1,11 @@
1
+
2
+ <tr>
3
+ <td colspan="2" class="sucuriscan-border-bad">
4
+ <strong>%%SUCURI.RecommendationTitle%%</strong><br>
5
+ <span>%%SUCURI.RecommendationValue%%</span><br>
6
+
7
+ <a href="%%SUCURI.RecommendationUrl%%" target="_blank">
8
+ %%SUCURI.RecommendationUrlTitle%%
9
+ </a>
10
+ </td>
11
+ </tr>
inc/tpl/malwarescan-resblacklist.html.tpl ADDED
@@ -0,0 +1,18 @@
1
+
2
+ <table class="wp-list-table widefat sucuriscan-table sucuriscan-scanner-details">
3
+
4
+ <thead>
5
+ <tr>
6
+ <th colspan="3" class="thead-with-button">
7
+ <span>%%SUCURI.BlacklistStatusTitle%%</span>
8
+ </th>
9
+ </tr>
10
+ </thead>
11
+
12
+ <tbody>
13
+
14
+ %%SUCURI.BlacklistStatusList%%
15
+
16
+ </tbody>
17
+
18
+ </table>
inc/tpl/malwarescan-resblacklist.snippet.tpl ADDED
@@ -0,0 +1,12 @@
1
+
2
+ <tr>
3
+ <td>
4
+ <span class="sucuriscan-label sucuriscan-label-%%SUCURI.BlacklistStatusCssClass%%">
5
+ %%SUCURI.BlacklistStatusGroupTitle%%
6
+ </span>
7
+ </td>
8
+ <td>%%SUCURI.BlacklistStatusReporterName%%</td>
9
+ <td>
10
+ <a href="%%SUCURI.BlacklistStatusReporterUrl%%" target="_blank">More details</a>
11
+ </td>
12
+ </tr>
inc/tpl/malwarescan-resmalware.html.tpl ADDED
@@ -0,0 +1,104 @@
1
+
2
+ <table class="wp-list-table widefat sucuriscan-table sucuriscan-scanner-details">
3
+
4
+ <thead>
5
+
6
+ <tr>
7
+ <th colspan="3" class="thead-with-button">
8
+ <span>%%SUCURI.WebsiteStatus%%</span>
9
+ <a href="http://sucuri.net/website-antivirus/" target="_blank"
10
+ class="thead-topright-action button-primary sucuriscan-%%SUCURI.FixButtonVisibility%%">
11
+ Request Malware Cleanup</a>
12
+ </th>
13
+ </tr>
14
+
15
+ </thead>
16
+
17
+ <tbody>
18
+
19
+ %%SUCURI.MalwarePayloadList%%
20
+
21
+ <tr class="sucuriscan-%%SUCURI.NoMalwareRowVisibility%%">
22
+ <td><span class="sucuriscan-label sucuriscan-label-success">CLEAN</span></td>
23
+ <td colspan="3">Malware</td>
24
+ </tr>
25
+
26
+ <tr class="sucuriscan-%%SUCURI.NoMalwareRowVisibility%%">
27
+ <td><span class="sucuriscan-label sucuriscan-label-success">CLEAN</span></td>
28
+ <td width="220">
29
+ <a href="http://kb.sucuri.net/malware/encoded-javascript" target="_blank">
30
+ Malicious javascript
31
+ </a>
32
+ </td>
33
+ <td>
34
+ <div>
35
+ JavaScript is a language (code) that can be executed directly by the browser and
36
+ many other applications that support it (PDF, email readers, etc). Because it is
37
+ a full programming language executed by the browser, attackers use it heavily to
38
+ run malicious code from the compromised sites.
39
+ </div>
40
+ </td>
41
+ </tr>
42
+
43
+ <tr class="sucuriscan-%%SUCURI.NoMalwareRowVisibility%%">
44
+ <td><span class="sucuriscan-label sucuriscan-label-success">CLEAN</span></td>
45
+ <td width="220">
46
+ <a href="http://kb.sucuri.net/malware/malicious-iframes" target="_blank">
47
+ Malicious iframes
48
+ </a>
49
+ </td>
50
+ <td>
51
+ <div>
52
+ An inline frame (iframe) is used to embed another document within the current
53
+ HTML document. Because as the definition implies, it allows you to insert
54
+ another document inside the current HTML page. And the attackers use that
55
+ feature to insert malicious content into the compromised sites (to redirect to
56
+ spam, exploit kits, Fake AV, phishing, etc).
57
+ </div>
58
+ </td>
59
+ </tr>
60
+
61
+ <tr class="sucuriscan-%%SUCURI.NoMalwareRowVisibility%%">
62
+ <td><span class="sucuriscan-label sucuriscan-label-success">CLEAN</span></td>
63
+ <td width="220">
64
+ <a href="http://kb.sucuri.net/malware/conditional-redirections" target="_blank">
65
+ Suspicious redirections (htaccess)
66
+ </a>
67
+ </td>
68
+ <td>
69
+ <div>
70
+ Conditional redirections are classified differently than the iframe/javascript
71
+ ones, because they are generally done though the HTTP headers (via .htaccess) to
72
+ redirect users from certain browsers or locations to malware/malicious
73
+ locations.
74
+ </div>
75
+ </td>
76
+ </tr>
77
+
78
+ <tr class="sucuriscan-%%SUCURI.NoMalwareRowVisibility%%">
79
+ <td><span class="sucuriscan-label sucuriscan-label-success">CLEAN</span></td>
80
+ <td colspan="3">Blackhat SEO Spam</td>
81
+ </tr>
82
+
83
+ <tr class="sucuriscan-%%SUCURI.NoMalwareRowVisibility%%">
84
+ <td><span class="sucuriscan-label sucuriscan-label-success">CLEAN</span></td>
85
+ <td colspan="3">Anomaly detection</td>
86
+ </tr>
87
+
88
+ <tr>
89
+ <td colspan="3">
90
+ <hr/>
91
+ <em>
92
+ More details at <a href="http://sitecheck.sucuri.net/results/%%SUCURI.ScannedDomainName%%"
93
+ target="_blank">SiteCheck/%%SUCURI.ScannedDomainName%%</a>. If our free scanner
94
+ did not detect any issue, you may have a more complicated and hidden problem.
95
+ You can <a href="http://sucuri.net/signup" target="_blank">sign up</a> with
96
+ Sucuri for a complete and in depth scan+cleanup <strong>(not included in the
97
+ free checks)</strong>.
98
+ </em>
99
+ </td>
100
+ </tr>
101
+
102
+ </tbody>
103
+
104
+ </table>
inc/tpl/malwarescan-resmalware.snippet.tpl ADDED
@@ -0,0 +1,27 @@
1
+
2
+ <tr>
3
+
4
+ <td>
5
+ <a href="%%SUCURI.MalwareDocs%%" target="_blank">%%SUCURI.AlertMessage%%</a>
6
+ </td>
7
+
8
+ <td>
9
+ <span class="sucuriscan-monospace">%%SUCURI.MalwareType%%</span>
10
+ </td>
11
+
12
+ <td>
13
+ <div class="sucuriscan-malware-link">
14
+ <a href="%%SUCURI.InfectedUrl%%" target="_blank"
15
+ class="sucuriscan-label sucuriscan-label-warning">View infected URL</a>
16
+
17
+ <a href="#TB_inline?width=600&height=500&inlineId=sucuriscan-malware-%%SUCURI.MalwareKey%%"
18
+ title="SiteCheck: Malware Payload" class="thickbox sucuriscan-label sucuriscan-label-danger">
19
+ View malware</a>
20
+ </div>
21
+
22
+ <div id="sucuriscan-malware-%%SUCURI.MalwareKey%%" style="display:none">
23
+ <div class="sucuriscan-malware-payload sucuriscan-monospace">%%SUCURI.MalwarePayload%%</div>
24
+ </div>
25
+ </td>
26
+
27
+ </tr>
inc/tpl/malwarescan-results.html.tpl ADDED
@@ -0,0 +1,52 @@
1
+ <div class="sucuriscan-tabs">
2
+
3
+ <ul>
4
+ <li class="%%SUCURI.ScannerResults.CssClass%%">
5
+ <a href="#" data-tabname="sitecheck-results">Remote Scanner Results</a>
6
+ </li>
7
+ <li class="%%SUCURI.WebsiteDetails.CssClass%%">
8
+ <a href="#" data-tabname="website-details">Website Details</a>
9
+ </li>
10
+ <li class="%%SUCURI.WebsiteLinks.CssClass%%">
11
+ <a href="#" data-tabname="website-links">IFrames / Links / Scripts</a>
12
+ </li>
13
+ <li class="%%SUCURI.BlacklistStatus.CssClass%%">
14
+ <a href="#" data-tabname="blacklist-status">Blacklist Status</a>
15
+ </li>
16
+ <li class="%%SUCURI.ModifiedFiles.CssClass%%">
17
+ <a href="#" data-tabname="modified-files">Modified Files</a>
18
+ </li>
19
+ </ul>
20
+
21
+ <div class="sucuriscan-tab-containers">
22
+
23
+ <div id="sucuriscan-sitecheck-results">
24
+ %%SUCURI.ScannerResults.Content%%
25
+ </div>
26
+
27
+ <div id="sucuriscan-website-details">
28
+ %%SUCURI.WebsiteDetails.Content%%
29
+ </div>
30
+
31
+ <div id="sucuriscan-website-links">
32
+ %%SUCURI.WebsiteLinks.Content%%
33
+ </div>
34
+
35
+ <div id="sucuriscan-blacklist-status">
36
+ %%SUCURI.BlacklistStatus.Content%%
37
+ </div>
38
+
39
+ <div id="sucuriscan-modified-files">
40
+ %%SUCURI.ModifiedFiles.Content%%
41
+ </div>
42
+
43
+ </div>
44
+
45
+ </div>
46
+
47
+ <div>
48
+ <a href="http://sucuri.net/signup/" target="_blank"
49
+ class="button button-primary button-hero sucuriscan-cleanup-btn
50
+ sucuriscan-btnblock sucuriscan-%%SUCURI.SignupButtonVisibility%%">
51
+ Get your site protected with Sucuri</a>
52
+ </div>
inc/tpl/malwarescan-reswebdetails.html.tpl ADDED
@@ -0,0 +1,51 @@
1
+
2
+ <table class="wp-list-table widefat sucuriscan-table sucuriscan-scanner-details">
3
+
4
+ <thead>
5
+
6
+ <tr>
7
+ <th colspan="2" class="thead-with-button">
8
+ <span>System information</span>
9
+
10
+ <a href="%%SUCURI.AdminUrlForUpdates%%"
11
+ class="button button-primary thead-topright-action
12
+ sucuriscan-%%SUCURI.UpdateWebsiteButtonVisibility%%">
13
+ Update to %%SUCURI.VersionNumberOfTheUpdate%%
14
+ </a>
15
+ </th>
16
+ </tr>
17
+
18
+ </thead>
19
+
20
+ <tbody>
21
+
22
+ <!-- List of generic information from the site. -->
23
+ %%SUCURI.GenericInformationList%%
24
+
25
+ <!-- List of application details from the site. -->
26
+ <tr>
27
+ <th colspan="2">Web application details</th>
28
+ </tr>
29
+
30
+ %%SUCURI.ApplicationDetailsList%%
31
+
32
+ %%SUCURI.SystemNoticeList%%
33
+
34
+ <tr class="sucuriscan-%%SUCURI.NoAppDetailsVisibility%%">
35
+ <td colspan="2"><em>No more information was found.</em></td>
36
+ </tr>
37
+
38
+ <!-- Possible recommendations or outdated software on the site. -->
39
+ <tr class="sucuriscan-%%SUCURI.HasRecommendationsVisibility%%">
40
+ <th colspan="2">Recommendations for the site</th>
41
+ </tr>
42
+
43
+ <!-- Possible outdated software on the site. -->
44
+ %%SUCURI.OutdatedSoftwareList%%
45
+
46
+ <!-- Possible recommendations for the site. -->
47
+ %%SUCURI.SecurityRecomendationList%%
48
+
49
+ </tbody>
50
+
51
+ </table>
inc/tpl/malwarescan-resweblinks.html.tpl ADDED
@@ -0,0 +1,13 @@
1
+
2
+ <table class="wp-list-table widefat sucuriscan-table sucuriscan-scanner-links">
3
+ <tbody>
4
+
5
+ %%SUCURI.WebsiteLinksAllList%%
6
+
7
+ <tr class="sucuriscan-%%SUCURI.NoLinksVisibility%%">
8
+ <td><em>No iFrames, links, or script files were found.</em></td>
9
+ </tr>
10
+
11
+ </tbody>
12
+
13
+ </table>
inc/tpl/malwarescan-sysnotice.snippet.tpl ADDED
@@ -0,0 +1,6 @@
1
+
2
+ <tr>
3
+ <td colspan="2">
4
+ <span class="sucuriscan-monospace">%%SUCURI.SystemNotice%%</span>
5
+ </td>
6
+ </tr>
inc/tpl/malwarescan-weblinkitems.snippet.tpl ADDED
@@ -0,0 +1,6 @@
1
+
2
+ <tr>
3
+ <td colspan="2">
4
+ <span class="sucuriscan-monospace sucuriscan-wraptext">%%SUCURI.WebsiteLinksItemTitle%%</span>
5
+ </td>
6
+ </tr>
inc/tpl/malwarescan-weblinktitle.snippet.tpl ADDED
@@ -0,0 +1,9 @@
1
+
2
+ <tr>
3
+ <th colspan="2">
4
+ %%SUCURI.WebsiteLinksSectionTitle%%
5
+ (%%SUCURI.WebsiteLinksSectionTotal%% found)
6
+ </th>
7
+ </tr>
8
+
9
+ %%SUCURI.WebsiteLinksSectionItems%%
inc/tpl/monitoring-logs.snippet.tpl CHANGED
@@ -25,43 +25,43 @@
25
<tbody>
26
<tr class="alternate">
27
<td>Blocked Reason</td>
28
- <td>%%SUCURI.AuditLog.SucuriBlockReason%%</td>
29
</tr>
30
<tr>
31
<td>Remote Address</td>
32
- <td>%%SUCURI.AuditLog.RemoteAddr%%</td>
33
</tr>
34
<tr class="alternate">
35
<td>Date &amp; Time (Local Time)</td>
36
- <td>%%SUCURI.AuditLog.LocalRequestTime%%</td>
37
</tr>
38
<tr>
39
<td>Resource Path</td>
40
- <td>%%SUCURI.AuditLog.ResourcePath%%</td>
41
</tr>
42
<tr class="alternate">
43
<td>Request Method</td>
44
- <td>%%SUCURI.AuditLog.RequestMethod%%</td>
45
</tr>
46
<tr>
47
<td>HTTP Protocol</td>
48
- <td>%%SUCURI.AuditLog.HttpProtocol%%</td>
49
</tr>
50
<tr class="alternate">
51
<td>HTTP Status</td>
52
- <td>%%SUCURI.AuditLog.HttpStatus%% %%SUCURI.AuditLog.HttpStatusTitle%%</td>
53
</tr>
54
<tr>
55
<td>HTTP Bytes Sent</td>
56
- <td>%%SUCURI.AuditLog.HttpBytesSent%%</td>
57
</tr>
58
<tr class="alternate">
59
<td>HTTP Referer</td>
60
- <td>%%SUCURI.AuditLog.HttpReferer%%</td>
61
</tr>
62
<tr>
63
<td>HTTP User Agent</td>
64
- <td>%%SUCURI.AuditLog.HttpUserAgent%%</td>
65
</tr>
66
</tbody>
67
</table>
25
<tbody>
26
<tr class="alternate">
27
<td>Blocked Reason</td>
28
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.SucuriBlockReason%%</td>
29
</tr>
30
<tr>
31
<td>Remote Address</td>
32
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.RemoteAddr%%</td>
33
</tr>
34
<tr class="alternate">
35
<td>Date &amp; Time (Local Time)</td>
36
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.LocalRequestTime%%</td>
37
</tr>
38
<tr>
39
<td>Resource Path</td>
40
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.ResourcePath%%</td>
41
</tr>
42
<tr class="alternate">
43
<td>Request Method</td>
44
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.RequestMethod%%</td>
45
</tr>
46
<tr>
47
<td>HTTP Protocol</td>
48
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.HttpProtocol%%</td>
49
</tr>
50
<tr class="alternate">
51
<td>HTTP Status</td>
52
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.HttpStatus%% %%SUCURI.AuditLog.HttpStatusTitle%%</td>
53
</tr>
54
<tr>
55
<td>HTTP Bytes Sent</td>
56
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.HttpBytesSent%%</td>
57
</tr>
58
<tr class="alternate">
59
<td>HTTP Referer</td>
60
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.HttpReferer%%</td>
61
</tr>
62
<tr>
63
<td>HTTP User Agent</td>
64
+ <td class="sucuriscan-monospace">%%SUCURI.AuditLog.HttpUserAgent%%</td>
65
</tr>
66
</tbody>
67
</table>
inc/tpl/posthack-resetplugins.html.tpl CHANGED
@@ -15,6 +15,15 @@
15
<strong>premium plugins will not be re-installed</strong>.
16
</p>
17
18
<table class="wp-list-table widefat sucuriscan-table">
19
<thead>
20
<tr>
15
<strong>premium plugins will not be re-installed</strong>.
16
</p>
17
18
+ <div class="sucuriscan-inline-alert-info">
19
+ <p>
20
+ The information shown here is cache for %%SUCURI.ResetPlugin.CacheLifeTime%%
21
+ seconds, this is necessary to reduce the quantity of HTTP requests sent to the
22
+ WordPress servers and the bandwidth of your site. Currently there is no option
23
+ to recreate this cache so you have to wait until it resets itself.
24
+ </p>
25
+ </div>
26
+
27
<table class="wp-list-table widefat sucuriscan-table">
28
<thead>
29
<tr>
inc/tpl/posthack-updatesecretkeys.html.tpl CHANGED
@@ -45,7 +45,7 @@
45
<input type="submit" value="Generate New Security Keys" class="button button-primary" />
46
</form>
47
48
- <div class="sucuriscan_wpconfig_keys_updated sucuriscan-%%SUCURI.WPConfigUpdate.Visibility%%">
49
<textarea>%%SUCURI.WPConfigUpdate.NewConfig%%</textarea>
50
</div>
51
</div>
45
<input type="submit" value="Generate New Security Keys" class="button button-primary" />
46
</form>
47
48
+ <div class="sucuriscan_wpconfig_keys_updated sucuriscan-monospace sucuriscan-%%SUCURI.WPConfigUpdate.Visibility%%">
49
<textarea>%%SUCURI.WPConfigUpdate.NewConfig%%</textarea>
50
</div>
51
</div>
inc/tpl/settings-ignorescanning.html.tpl CHANGED
@@ -20,6 +20,26 @@
20
to the <em>Scanner Settings</em> panel to enable it.
21
</p>
22
</div>
23
</div>
24
</div>
25
</div>
20
to the <em>Scanner Settings</em> panel to enable it.
21
</p>
22
</div>
23
+
24
+ <div class="sucuriscan-inline-alert-info sucuriscan-ignore-file">
25
+ <p>
26
+ You can also force the plugin to ignore specific files during the file system
27
+ scans using this form, add the absolute path of the file or symbolic link that
28
+ you want to skip. <strong>Note.</strong> You can not use wildcards to select
29
+ multiple files following a pattern in their names, this is intentional to
30
+ prevent the misuse of this tool.
31
+ </p>
32
+
33
+ <form action="%%SUCURI.URL.Settings%%#settings-ignorescanning" method="post">
34
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
35
+ <input type="hidden" name="sucuriscan_ignorescanning_action" value="ignore" />
36
+ <input type="text" name="sucuriscan_ignorescanning_file"
37
+ placeholder="e.g. /public_html/private/ssl_certificate.crt"
38
+ class="sucuriscan-ignore-file-input" />
39
+ <button type="submit" class="button button-primary
40
+ sucuriscan-ignore-file-button">Proceed</button>
41
+ </form>
42
+ </div>
43
</div>
44
</div>
45
</div>
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dd@sucuri.net
3
Donate Link: http://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
- Stable tag:1.7.8
7
- Tested up to: 4.1.1
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
@@ -352,6 +352,11 @@ service from the WordPress dashboard.
352
353
== Changelog ==
354
355
= 1.7.8 =
356
* Fixed bug on the secret keys hardening.
357
3
Donate Link: http://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
+ Stable tag:1.7.9
7
+ Tested up to: 4.2.2
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
352
353
== Changelog ==
354
355
+ = 1.7.9 =
356
+ * Improved reinstallation process
357
+ * Updated sidebar banners
358
+ * Various bugfixes and improvements
359
+
360
= 1.7.8 =
361
* Fixed bug on the secret keys hardening.
362
sucuri.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4
Plugin URI: http://wordpress.sucuri.net/
5
Description: The <a href="http://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
- Version: 1.7.8
8
Author URI: http://sucuri.net
9
*/
10
@@ -66,7 +66,7 @@ define( 'SUCURISCAN', 'sucuriscan' );
66
/**
67
* Current version of the plugin's code.
68
*/
69
- define( 'SUCURISCAN_VERSION', '1.7.8' );
70
71
/**
72
* The name of the Sucuri plugin main file.
@@ -156,8 +156,7 @@ define( 'SUCURISCAN_GET_PLUGINS_LIFETIME', 1800 );
156
* conditional will act as a container helping in the readability of the code
157
* considering the total number of lines that this file will have.
158
*/
159
- if ( defined( 'SUCURISCAN' ) ){
160
-
161
/**
162
* List an associative array with the sub-pages of this plugin.
163
*
@@ -293,7 +292,7 @@ if ( defined( 'SUCURISCAN' ) ){
293
*
294
* @see Class SucuriScanHook
295
*/
296
- if ( class_exists( 'SucuriScanHook' ) ){
297
$sucuriscan_hooks = array(
298
// Passes.
299
'add_attachment',
@@ -315,7 +314,7 @@ if ( defined( 'SUCURISCAN' ) ){
315
'wp_trash_post',
316
);
317
318
- foreach ( $sucuriscan_hooks as $hook_name ){
319
$hook_func = 'SucuriScanHook::hook_' . $hook_name;
320
add_action( $hook_name, $hook_func, 50 );
321
}
@@ -352,7 +351,6 @@ if ( defined( 'SUCURISCAN' ) ){
352
add_filter( 'heartbeat_received', 'SucuriScanHeartbeat::respond_to_received', 10, 3 );
353
add_filter( 'heartbeat_nopriv_send', 'SucuriScanHeartbeat::respond_to_send', 10, 3 );
354
add_filter( 'heartbeat_nopriv_received', 'SucuriScanHeartbeat::respond_to_received', 10, 3 );
355
-
356
}
357
358
/**
@@ -382,7 +380,7 @@ class SucuriScan {
382
* @return string Full name of the variable with the extra characters (if needed).
383
*/
384
public static function variable_prefix( $var_name = '' ){
385
- if ( preg_match( '/^:(.*)/', $var_name, $match ) ){
386
$var_name = sprintf( '%s_%s', SUCURISCAN, $match[1] );
387
}
388
@@ -398,8 +396,8 @@ class SucuriScan {
398
public static function ini_get( $property = '' ){
399
$ini_value = ini_get( $property );
400
401
- if ( empty($ini_value) || is_null( $ini_value ) ){
402
- switch ( $property ){
403
case 'error_log': $ini_value = 'error_log'; break;
404
case 'safe_mode': $ini_value = 'Off'; break;
405
case 'allow_url_fopen': $ini_value = '1'; break;
@@ -427,7 +425,7 @@ class SucuriScan {
427
*/
428
public static function escape( $text = '' ){
429
// Escape the value of the variable using a built-in function if possible.
430
- if ( function_exists( 'esc_attr' ) ){
431
$text = esc_attr( $text );
432
} else {
433
$text = htmlspecialchars( $text );
@@ -446,7 +444,7 @@ class SucuriScan {
446
$string = '';
447
$chars = range( 'a','z' );
448
449
- for ( $i = 0; $i < $length; $i++ ){
450
$string .= $chars[ rand( 0, count( $chars ) -1 ) ];
451
}
452
@@ -518,7 +516,7 @@ class SucuriScan {
518
if (
519
function_exists( 'is_multisite' )
520
&& is_multisite()
521
- ){
522
return true;
523
}
524
@@ -539,9 +537,7 @@ class SucuriScan {
539
if ( file_exists( $wp_version_path ) ) {
540
include($wp_version_path);
541
$wp_version = isset($wp_version) ? $wp_version : '0.0';
542
- }
543
-
544
- else {
545
$option_version = get_option( 'version' );
546
$wp_version = $option_version ? $option_version : '0.0';
547
}
@@ -558,18 +554,18 @@ class SucuriScan {
558
* @return string Absolute path of the WordPress configuration file.
559
*/
560
public static function get_wpconfig_path(){
561
- if ( defined( 'ABSPATH' ) ){
562
$file_path = ABSPATH . '/wp-config.php';
563
564
// if wp-config.php doesn't exist, or is not readable check one directory up.
565
- if ( ! file_exists( $file_path ) ){
566
$file_path = ABSPATH . '/../wp-config.php';
567
}
568
569
// Remove duplicated double slashes.
570
$file_path = @realpath( $file_path );
571
572
- if ( $file_path ){
573
return $file_path;
574
}
575
}
@@ -583,17 +579,17 @@ class SucuriScan {
583
* @return string Absolute path of the main WordPress htaccess file.
584
*/
585
public static function get_htaccess_path(){
586
- if ( defined( 'ABSPATH' ) ){
587
$base_dirs = array(
588
rtrim( ABSPATH, '/' ),
589
dirname( ABSPATH ),
590
dirname( dirname( ABSPATH ) ),
591
);
592
593
- foreach ( $base_dirs as $base_dir ){
594
$htaccess_path = sprintf( '%s/.htaccess', $base_dir );
595
596
- if ( file_exists( $htaccess_path ) ){
597
return $htaccess_path;
598
}
599
}
@@ -637,28 +633,26 @@ class SucuriScan {
637
'REMOTE_ADDR',
638
);
639
640
- foreach ( $alternatives as $alternative ){
641
if (
642
isset($_SERVER[ $alternative ])
643
&& self::is_valid_ip( $_SERVER[ $alternative ] )
644
- ){
645
$remote_addr = $_SERVER[ $alternative ];
646
$header_used = $alternative;
647
break;
648
}
649
}
650
- }
651
-
652
- elseif ( isset($_SERVER['REMOTE_ADDR']) ) {
653
$remote_addr = $_SERVER['REMOTE_ADDR'];
654
$header_used = 'REMOTE_ADDR';
655
}
656
657
- if ( $remote_addr == '::1' ){
658
$remote_addr = '127.0.0.1';
659
}
660
661
- if ( $return_header ){
662
return $header_used;
663
}
664
@@ -680,7 +674,7 @@ class SucuriScan {
680
* @return string The user-agent from the current request.
681
*/
682
public static function get_user_agent(){
683
- if ( isset($_SERVER['HTTP_USER_AGENT']) ){
684
return self::escape( $_SERVER['HTTP_USER_AGENT'] );
685
}
686
@@ -747,7 +741,7 @@ class SucuriScan {
747
$status = true;
748
}
749
750
- if ( $verbose ){
751
return array(
752
'http_host' => $http_host,
753
'host_name' => $host_by_name,
@@ -769,7 +763,7 @@ class SucuriScan {
769
public static function get_site_email(){
770
$email = get_option( 'admin_email' );
771
772
- if ( self::is_valid_email( $email ) ){
773
return $email;
774
}
775
@@ -782,7 +776,7 @@ class SucuriScan {
782
* @return integer Return current Unix timestamp.
783
*/
784
public static function local_time(){
785
- if ( function_exists( 'current_time' ) ){
786
return current_time( 'timestamp' );
787
} else {
788
return time();
@@ -800,7 +794,7 @@ class SucuriScan {
800
* @return string The date, translated if locale specifies it.
801
*/
802
public static function datetime( $timestamp = 0 ){
803
- if ( is_numeric( $timestamp ) && $timestamp > 0 ){
804
$date_format = get_option( 'date_format' );
805
$time_format = get_option( 'time_format' );
806
$timezone_format = sprintf( '%s %s', $date_format, $time_format );
@@ -829,23 +823,25 @@ class SucuriScan {
829
* @return string The time passed since the timestamp specified.
830
*/
831
public static function time_ago( $timestamp = 0 ){
832
- if ( ! is_numeric( $timestamp ) ){
833
$timestamp = strtotime( $timestamp );
834
}
835
836
$local_time = self::local_time();
837
$diff = abs( $local_time - intval( $timestamp ) );
838
839
- if ( $diff == 0 ){ return 'just now'; }
840
841
$intervals = array(
842
- 1 => array( 'year', 31556926, ),
843
- $diff < 31556926 => array( 'month', 2592000, ),
844
- $diff < 2592000 => array( 'week', 604800, ),
845
- $diff < 604800 => array( 'day', 86400, ),
846
- $diff < 86400 => array( 'hour', 3600, ),
847
- $diff < 3600 => array( 'minute', 60, ),
848
- $diff < 60 => array( 'second', 1, ),
849
);
850
851
$value = floor( $diff / $intervals[1][1] );
@@ -892,18 +888,16 @@ class SucuriScan {
892
* @return boolean Whether the IP address specified is valid or not.
893
*/
894
public static function is_valid_ip( $remote_addr = '' ){
895
- // Check for IPv4 and IPv6.
896
- if ( function_exists( 'filter_var' ) ){
897
return (bool) filter_var( $remote_addr, FILTER_VALIDATE_IP );
898
- }
899
-
900
- // Assuming older version of PHP and server, so only will check for IPv4.
901
- elseif ( strlen( $remote_addr ) >= 7 ) {
902
- $pattern = '/^([0-9]{1,3}\.){3}[0-9]{1,3}#x2F;';
903
904
- if ( preg_match( $pattern, $remote_addr, $match ) ){
905
- for ( $i = 0; $i < 4; $i++ ){
906
- if ( $match[ $i ] > 255 ){ return false; }
907
}
908
909
return true;
@@ -969,7 +963,7 @@ class SucuriScan {
969
* @return boolean TRUE if the email address passed to the function is valid, FALSE if not.
970
*/
971
public static function is_valid_email( $email = '' ){
972
- if ( function_exists( 'filter_var' ) ){
973
return (bool) filter_var( $email, FILTER_VALIDATE_EMAIL );
974
} else {
975
$pattern = '/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}#x2F;ix';
@@ -977,6 +971,20 @@ class SucuriScan {
977
}
978
}
979
980
/**
981
* Return a string with all the valid email addresses.
982
*
@@ -994,16 +1002,14 @@ class SucuriScan {
994
) {
995
$addresses = explode( ',', $email );
996
997
- foreach ( $addresses as $address ){
998
$address = trim( $address );
999
1000
- if ( self::is_valid_email( $address ) ){
1001
$valid_emails[] = $address;
1002
}
1003
}
1004
- }
1005
-
1006
- elseif (
1007
$is_valid_string === true
1008
&& self::is_valid_email( $email )
1009
) {
@@ -1033,7 +1039,7 @@ class SucuriScan {
1033
public static function excerpt( $text = '', $length = 10 ){
1034
$text_length = strlen( $text );
1035
1036
- if ( $text_length > $length ){
1037
return substr( $text, 0, $length ) . '...';
1038
}
1039
@@ -1062,7 +1068,7 @@ class SucuriScan {
1062
* @return boolean TRUE if the list is multidimensional, FALSE otherwise.
1063
*/
1064
public static function is_multi_list( $list = array() ){
1065
- if ( ! empty($list) ){
1066
foreach ( (array) $list as $item ) {
1067
if ( is_array( $item ) ) {
1068
return true;
@@ -1081,10 +1087,10 @@ class SucuriScan {
1081
* @return string String of all the items in the list, with the separator between them.
1082
*/
1083
public static function implode( $separator = '', $list = array() ){
1084
- if ( self::is_multi_list( $list ) ){
1085
$pieces = array();
1086
1087
- foreach ( $list as $items ){
1088
$pieces[] = @implode( $separator, $items );
1089
}
1090
@@ -1167,30 +1173,30 @@ class SucuriScanRequest extends SucuriScan {
1167
is_array( $list )
1168
&& is_string( $key )
1169
&& isset($list[ $key ])
1170
- ){
1171
// Select the key from the list and escape its content.
1172
$key_value = $list[ $key ];
1173
1174
// Define regular expressions for specific value types.
1175
- if ( $pattern === '' ){
1176
$pattern = '/.*/';
1177
} else {
1178
- switch ( $pattern ){
1179
case '_nonce': $pattern = '/^[a-z0-9]{10}#x2F;'; break;
1180
case '_page': $pattern = '/^[a-z_]+#x2F;'; break;
1181
case '_array': $pattern = '_array'; break;
1182
- case '_yyyymmdd': $pattern = '/^[0-9]{4}(\-[0-9]{2}){2}#x2F;'; break;
1183
default: $pattern = '/^'.$pattern.'#x2F;'; break;
1184
}
1185
}
1186
1187
// If the request data is an array, then only cast the value.
1188
- if ( $pattern == '_array' && is_array( $key_value ) ){
1189
return (array) $key_value;
1190
}
1191
1192
// Check the format of the request data with a regex defined above.
1193
- if ( @preg_match( $pattern, $key_value ) ){
1194
return self::escape( $key_value );
1195
}
1196
}
@@ -1290,6 +1296,19 @@ class SucuriScanFileInfo extends SucuriScan {
1290
*/
1291
public $run_recursively = true;
1292
1293
/**
1294
* Class constructor.
1295
*/
@@ -1311,18 +1330,18 @@ class SucuriScanFileInfo extends SucuriScan {
1311
$abs_path = rtrim( ABSPATH, DIRECTORY_SEPARATOR );
1312
$files = $this->get_directory_tree( $directory );
1313
1314
- if ( $as_array ){
1315
$project_signatures = array();
1316
}
1317
1318
- if ( $files ){
1319
sort( $files );
1320
1321
- foreach ( $files as $filepath ){
1322
$file_checksum = @md5_file( $filepath );
1323
$filesize = @filesize( $filepath );
1324
1325
- if ( $as_array ){
1326
$basename = str_replace( $abs_path . DIRECTORY_SEPARATOR, '', $filepath );
1327
$project_signatures[ $basename ] = array(
1328
'filepath' => $filepath,
@@ -1356,17 +1375,17 @@ class SucuriScanFileInfo extends SucuriScan {
1356
* @return array List of files in the main and subdirectories of the folder specified.
1357
*/
1358
public function get_directory_tree( $directory = '' ){
1359
- if ( file_exists( $directory ) && is_dir( $directory ) ){
1360
$tree = array();
1361
1362
// Check whether the ignore scanning feature is enabled or not.
1363
- if ( SucuriScanFSScanner::will_ignore_scanning() ){
1364
$this->ignored_directories = SucuriScanFSScanner::get_ignored_directories();
1365
}
1366
1367
- switch ( $this->scan_interface ){
1368
case 'spl':
1369
- if ( $this->is_spl_available() ){
1370
$tree = $this->get_directory_tree_with_spl( $directory );
1371
} else {
1372
$this->scan_interface = 'opendir';
@@ -1408,15 +1427,15 @@ class SucuriScanFileInfo extends SucuriScan {
1408
if (
1409
is_null( $directory )
1410
&& defined( 'ABSPATH' )
1411
- ){
1412
$directory = ABSPATH;
1413
}
1414
1415
- if ( is_dir( $directory ) ){
1416
$dir_tree = $this->get_directory_tree( $directory );
1417
1418
- foreach ( $dir_tree as $filepath ){
1419
- if ( stripos( $filepath, $filename ) !== false ){
1420
$file_paths[] = $filepath;
1421
}
1422
}
@@ -1455,8 +1474,14 @@ class SucuriScanFileInfo extends SucuriScan {
1455
private function get_directory_tree_with_spl( $directory = '' ){
1456
$files = array();
1457
$filepath = @realpath( $directory );
1458
1459
- if ( ! class_exists( 'FilesystemIterator' ) ){
1460
$this->scan_interface = 'opendir';
1461
SucuriScanOption::update_option( ':scan_interface', $this->scan_interface );
1462
$alternative_tree = $this->get_directory_tree( $directory );
@@ -1464,34 +1489,50 @@ class SucuriScanFileInfo extends SucuriScan {
1464
return $alternative_tree;
1465
}
1466
1467
- if ( $this->run_recursively ){
1468
- $flags = FilesystemIterator::KEY_AS_PATHNAME
1469
- | FilesystemIterator::CURRENT_AS_FILEINFO
1470
- | FilesystemIterator::SKIP_DOTS
1471
- | FilesystemIterator::UNIX_PATHS;
1472
- $objects = new RecursiveIteratorIterator(
1473
- new RecursiveDirectoryIterator( $filepath, $flags ),
1474
- RecursiveIteratorIterator::SELF_FIRST,
1475
- RecursiveIteratorIterator::CATCH_GET_CHILD
1476
- );
1477
- } else {
1478
- $objects = new DirectoryIterator( $filepath );
1479
}
1480
1481
- foreach ( $objects as $filepath => $fileinfo ){
1482
- if ( $fileinfo->isDir() ) { continue; }
1483
1484
- if ( $this->run_recursively ){
1485
$directory = dirname( $filepath );
1486
- $filename = $fileinfo->getFilename();
1487
} else {
1488
$directory = $fileinfo->getPath();
1489
- $filename = $fileinfo->getFilename();
1490
$filepath = $directory . '/' . $filename;
1491
}
1492
1493
- if ( $this->ignore_folderpath( $directory, $filename ) ){ continue; }
1494
- if ( $this->ignore_filepath( $filename ) ){ continue; }
1495
1496
$files[] = $filepath;
1497
}
@@ -1509,29 +1550,31 @@ class SucuriScanFileInfo extends SucuriScan {
1509
*/
1510
private function get_directory_tree_with_glob( $directory = '' ){
1511
$files = array();
1512
1513
- $directory_pattern = sprintf( '%s/*', rtrim( $directory,'/' ) );
1514
- $files_found = glob( $directory_pattern );
1515
-
1516
- if ( is_array( $files_found ) ){
1517
- foreach ( $files_found as $filepath ){
1518
$filepath = @realpath( $filepath );
1519
$directory = dirname( $filepath );
1520
$filepath_parts = explode( '/', $filepath );
1521
$filename = array_pop( $filepath_parts );
1522
1523
- if ( is_dir( $filepath ) ){
1524
- if ( $this->ignore_folderpath( $directory, $filename ) ){ continue; }
1525
1526
- if ( $this->run_recursively ){
1527
$sub_files = $this->get_directory_tree_with_glob( $filepath );
1528
1529
- if ( $sub_files ){
1530
$files = array_merge( $files, $sub_files );
1531
}
1532
}
1533
} else {
1534
- if ( $this->ignore_filepath( $filename ) ){ continue; }
1535
$files[] = $filepath;
1536
}
1537
}
@@ -1552,25 +1595,31 @@ class SucuriScanFileInfo extends SucuriScan {
1552
$files = array();
1553
$dh = @opendir( $directory );
1554
1555
- if ( ! $dh ) { return false; }
1556
1557
- while ( ($filename = readdir( $dh )) !== false ){
1558
$filepath = @realpath( $directory . '/' . $filename );
1559
1560
if ( $filepath === false ) {
1561
continue;
1562
- } elseif ( is_dir( $filepath ) ){
1563
- if ( $this->ignore_folderpath( $directory, $filename ) ){ continue; }
1564
1565
- if ( $this->run_recursively ){
1566
$sub_files = $this->get_directory_tree_with_opendir( $filepath );
1567
1568
- if ( $sub_files ){
1569
$files = array_merge( $files, $sub_files );
1570
}
1571
}
1572
} else {
1573
- if ( $this->ignore_filepath( $filename ) ){ continue; }
1574
$files[] = $filepath;
1575
}
1576
}
@@ -1588,21 +1637,26 @@ class SucuriScanFileInfo extends SucuriScan {
1588
*/
1589
private function ignore_folderpath( $directory = '', $filename = '' ){
1590
// Ignoring current and parent folders.
1591
- if ( $filename == '.' || $filename == '..' ){ return true; }
1592
1593
- if ( $this->ignore_directories ){
1594
// Ignore directories based on a common regular expression.
1595
$filepath = @realpath( $directory . '/' . $filename );
1596
$pattern = '/\/wp-content\/(uploads|cache|backup|w3tc)/';
1597
1598
- if ( preg_match( $pattern, $filepath ) ){
1599
return true;
1600
}
1601
1602
// Ignore directories specified by the administrator.
1603
- if ( ! empty($this->ignored_directories) ){
1604
- foreach ( $this->ignored_directories['directories'] as $ignored_dir ){
1605
- if ( strpos( $directory, $ignored_dir ) !== false ){
1606
return true;
1607
}
1608
}
@@ -1619,10 +1673,14 @@ class SucuriScanFileInfo extends SucuriScan {
1619
* @return boolean Either TRUE or FALSE representing that the scan should ignore this filename or not.
1620
*/
1621
private function ignore_filepath( $filename = '' ){
1622
- if ( ! $this->ignore_files ){ return false; }
1623
1624
// Ignoring backup files from our clean ups.
1625
- if ( strpos( $filename, '_sucuribackup.' ) !== false ){ return true; }
1626
1627
// Any file maching one of these rules WILL NOT be ignored.
1628
if (
@@ -1631,7 +1689,9 @@ class SucuriScanFileInfo extends SucuriScan {
1631
( strpos( $filename, '.js' ) !== false) ||
1632
( strcmp( $filename, '.htaccess' ) == 0 ) ||
1633
( strcmp( $filename, 'php.ini' ) == 0 )
1634
- ){ return false; }
1635
1636
return true;
1637
}
@@ -1645,18 +1705,18 @@ class SucuriScanFileInfo extends SucuriScan {
1645
public function get_diretories_only( $dir_tree = array() ){
1646
$dirs = array();
1647
1648
- if ( is_string( $dir_tree ) ){
1649
$dir_tree = $this->get_directory_tree( $dir_tree );
1650
}
1651
1652
- if ( is_array( $dir_tree ) && ! empty($dir_tree) ){
1653
- foreach ( $dir_tree as $filepath ){
1654
$dir_path = dirname( $filepath );
1655
1656
if (
1657
! in_array( $dir_path, $dirs )
1658
&& ! in_array( $dir_path, $this->ignored_directories['directories'] )
1659
- ){
1660
$dirs[] = $dir_path;
1661
}
1662
}
@@ -1672,27 +1732,29 @@ class SucuriScanFileInfo extends SucuriScan {
1672
* @return boolean TRUE if all the files and folder inside the directory were removed.
1673
*/
1674
public function remove_directory_tree( $directory = '' ){
1675
- $all_removed = true;
1676
$dir_tree = $this->get_directory_tree( $directory );
1677
1678
- if ( $dir_tree ){
1679
$dirs_only = array();
1680
1681
- foreach ( $dir_tree as $filepath ){
1682
- if ( is_file( $filepath ) ){
1683
- $removed = @unlink( $filepath );
1684
1685
- if ( ! $removed ){
1686
- $all_removed = false;
1687
- }
1688
- }
1689
-
1690
- elseif ( is_dir( $filepath ) ){
1691
$dirs_only[] = $filepath;
1692
}
1693
}
1694
1695
- if ( ! function_exists( 'sucuriscan_strlen_diff' ) ){
1696
/**
1697
* Evaluates the difference between the length of two strings.
1698
*
@@ -1705,14 +1767,19 @@ class SucuriScanFileInfo extends SucuriScan {
1705
}
1706
}
1707
1708
usort( $dirs_only, 'sucuriscan_strlen_diff' );
1709
1710
- foreach ( $dirs_only as $dir_path ){
1711
@rmdir( $dir_path );
1712
}
1713
}
1714
1715
- return $all_removed;
1716
}
1717
1718
/**
@@ -1737,18 +1804,24 @@ class SucuriScanFileInfo extends SucuriScan {
1737
* @param boolean $adaptive Whether the buffer will adapt to a specific number of bytes or not.
1738
* @return string Text contained at the end of the file.
1739
*/
1740
- public static function tail_file( $file_path = '', $lines = 1, $adaptive = true ) {
1741
$file = @fopen( $file_path, 'rb' );
1742
$limit = $lines;
1743
1744
if ( $file ) {
1745
fseek( $file, -1, SEEK_END );
1746
1747
- if ( $adaptive && $lines < 2 ) { $buffer = 64; }
1748
- elseif ( $adaptive && $lines < 10 ) { $buffer = 512; }
1749
- else { $buffer = 4096; }
1750
1751
- if ( fread( $file, 1 ) != "\n" ) { $lines -= 1; }
1752
1753
$output = '';
1754
$chunk = '';
@@ -1804,6 +1877,24 @@ class SucuriScanFileInfo extends SucuriScan {
1804
return 0;
1805
}
1806
1807
}
1808
1809
/**
@@ -1859,9 +1950,9 @@ class SucuriScanCache extends SucuriScan {
1859
* @param string $datastore Unique name (or identifier) of the file with the data.
1860
* @return void
1861
*/
1862
- public function __construct( $datastore = '' ){
1863
$this->datastore = $datastore;
1864
- $this->datastore_path = $this->datastore_file_path();
1865
$this->usable_datastore = (bool) $this->datastore_path;
1866
}
1867
@@ -1891,12 +1982,12 @@ class SucuriScanCache extends SucuriScan {
1891
$info_is_available = (bool) isset($finfo['info']);
1892
$info = "<?php\n";
1893
1894
- foreach ( $attrs as $attr_name => $attr_value ){
1895
if (
1896
$info_is_available
1897
&& $attr_name != 'updated_on'
1898
&& isset($finfo['info'][ $attr_name ])
1899
- ){
1900
$attr_value = $finfo['info'][ $attr_name ];
1901
}
1902
@@ -1914,18 +2005,25 @@ class SucuriScanCache extends SucuriScan {
1914
* user running the server, in case that it does not exists the function will
1915
* tries to create it by itself with the right permissions to use it.
1916
*
1917
- * @return string The full path where the datastore file is located, FALSE otherwise.
1918
*/
1919
- private function datastore_file_path(){
1920
- if ( ! is_null( $this->datastore ) ){
1921
$folder_path = $this->datastore_folder_path();
1922
$file_path = $folder_path . 'sucuri-' . $this->datastore . '.php';
1923
1924
// Create the datastore file is it does not exists and the folder is writable.
1925
if (
1926
! file_exists( $file_path )
1927
&& is_writable( $folder_path )
1928
- ){
1929
@file_put_contents( $file_path, $this->datastore_info(), LOCK_EX );
1930
}
1931
@@ -1934,7 +2032,7 @@ class SucuriScanCache extends SucuriScan {
1934
file_exists( $file_path )
1935
&& is_writable( $file_path )
1936
&& is_readable( $file_path )
1937
- ){
1938
return $file_path;
1939
}
1940
}
@@ -1951,15 +2049,15 @@ class SucuriScanCache extends SucuriScan {
1951
* @return string Cache key pattern.
1952
*/
1953
private function key_pattern( $action = 'valid' ){
1954
- if ( $action == 'valid' ){
1955
return '/^([0-9a-zA-Z_]+)#x2F;';
1956
}
1957
1958
- if ( $action == 'content' ){
1959
return '/^([0-9a-zA-Z_]+):(.+)/';
1960
}
1961
1962
- if ( $action == 'header' ){
1963
return '/^\/\/ ([a-z_]+)=(.*);#x2F;';
1964
}
1965
@@ -1985,9 +2083,9 @@ class SucuriScanCache extends SucuriScan {
1985
private function save_new_entries( $finfo = array() ){
1986
$data_string = $this->datastore_info( $finfo );
1987
1988
- if ( ! empty($finfo) ){
1989
- foreach ( $finfo['entries'] as $key => $data ){
1990
- if ( $this->valid_key_name( $key ) ){
1991
$data = json_encode( $data );
1992
$data_string .= sprintf( "%s:%s\n", $key, $data );
1993
}
@@ -2014,20 +2112,18 @@ class SucuriScanCache extends SucuriScan {
2014
'entries' => array(),
2015
);
2016
2017
- if ( $this->usable_datastore ){
2018
$data_lines = SucuriScanFileInfo::file_lines( $this->datastore_path );
2019
2020
- if ( ! empty($data_lines) ){
2021
- foreach ( $data_lines as $line ){
2022
- if ( preg_match( $this->key_pattern( 'header' ), $line, $match ) ){
2023
$data_object['info'][ $match[1] ] = $match[2];
2024
- }
2025
-
2026
- elseif ( preg_match( $this->key_pattern( 'content' ), $line, $match ) ){
2027
if (
2028
$this->valid_key_name( $match[1] )
2029
&& ! array_key_exists( $match[1], $data_object )
2030
- ){
2031
$data_object['entries'][ $match[1] ] = @json_decode( $match[2], $assoc );
2032
}
2033
}
@@ -2053,7 +2149,7 @@ class SucuriScanCache extends SucuriScan {
2053
public function get_datastore_info(){
2054
$finfo = $this->get_datastore_content();
2055
2056
- if ( ! empty($finfo['info']) ){
2057
return $finfo['info'];
2058
}
2059
@@ -2067,7 +2163,7 @@ class SucuriScanCache extends SucuriScan {
2067
* @return integer Total number of unique entries found in the datastore file.
2068
*/
2069
public function get_count( $finfo = null ){
2070
- if ( ! is_array( $finfo ) ){
2071
$finfo = $this->get_datastore_content();
2072
}
2073
@@ -2085,14 +2181,14 @@ class SucuriScanCache extends SucuriScan {
2085
* @return boolean TRUE if the life time of the data has expired, FALSE otherwise.
2086
*/
2087
public function data_has_expired( $lifetime = 0, $finfo = null ){
2088
- if ( is_null( $finfo ) ){
2089
$finfo = $this->get_datastore_content();
2090
}
2091
2092
- if ( $lifetime > 0 && ! empty($finfo['info']) ){
2093
$diff_time = time() - intval( $finfo['info']['updated_on'] );
2094
2095
- if ( $diff_time >= $lifetime ){
2096
return true;
2097
}
2098
}
@@ -2111,14 +2207,14 @@ class SucuriScanCache extends SucuriScan {
2111
* @return boolean TRUE if the operation finished successfully, FALSE otherwise.
2112
*/
2113
private function handle_key_data( $key = '', $data = null, $action = '', $lifetime = 0, $assoc = false ){
2114
- if ( preg_match( '/^(add|set|get|get_all|exists|delete)#x2F;', $action ) ){
2115
if (
2116
$this->valid_key_name( $key )
2117
&& $this->usable_datastore
2118
- ){
2119
$finfo = $this->get_datastore_content( $assoc );
2120
2121
- switch ( $action ){
2122
case 'add': /* no_break */
2123
case 'set':
2124
$finfo['entries'][ $key ] = $data;
@@ -2128,7 +2224,7 @@ class SucuriScanCache extends SucuriScan {
2128
if (
2129
! $this->data_has_expired( $lifetime, $finfo )
2130
&& array_key_exists( $key, $finfo['entries'] )
2131
- ){
2132
return $finfo['entries'][ $key ];
2133
}
2134
break;
@@ -2140,7 +2236,7 @@ class SucuriScanCache extends SucuriScan {
2140
if (
2141
! $this->data_has_expired( $lifetime, $finfo )
2142
&& array_key_exists( $key, $finfo['entries'] )
2143
- ){
2144
return true;
2145
}
2146
break;
@@ -2339,7 +2435,7 @@ class SucuriScanOption extends SucuriScanRequest {
2339
*
2340
* @return array Name of all valid plugin's options.
2341
*/
2342
- public static function get_default_option_names() {
2343
$options = self::get_default_option_values();
2344
$names = array_keys( $options );
2345
@@ -2352,7 +2448,7 @@ class SucuriScanOption extends SucuriScanRequest {
2352
* @param string $option_name Name of the option that will be checked.
2353
* @return boolean True if the option is part of the plugin, False otherwise.
2354
*/
2355
- public static function is_valid_plugin_option( $option_name = '' ) {
2356
$valid_options = self::get_default_option_names();
2357
$is_valid_option = (bool) array_key_exists( $option_name, $valid_options );
2358
@@ -2377,7 +2473,7 @@ class SucuriScanOption extends SucuriScanRequest {
2377
2378
if ( is_array( $settings ) ) {
2379
foreach ( $default_options as $option_name => $option_value ) {
2380
- if ( ! isset($settings[ $option_name ]) ){
2381
$settings[ $option_name ] = $option_value;
2382
}
2383
}
@@ -2418,7 +2514,7 @@ class SucuriScanOption extends SucuriScanRequest {
2418
$option_name = self::variable_prefix( $option_name );
2419
$option_value = get_option( $option_name );
2420
2421
- if ( $option_value === false && preg_match( '/^sucuriscan_/', $option_name ) ){
2422
$option_value = self::get_default_options( $option_name );
2423
}
2424
@@ -2530,11 +2626,11 @@ class SucuriScanOption extends SucuriScanRequest {
2530
2531
$site_options = self::get_site_options();
2532
2533
- foreach ( $request as $req_name => $req_value ){
2534
if (
2535
array_key_exists( $req_name, $site_options )
2536
&& $site_options[ $req_name ] != $req_value
2537
- ){
2538
$options_changed['original'][ $req_name ] = $site_options[ $req_name ];
2539
$options_changed['changed'][ $req_name ] = $req_value;
2540
}
@@ -2553,16 +2649,16 @@ class SucuriScanOption extends SucuriScanRequest {
2553
if (
2554
! isset($_POST['option_page'])
2555
&& isset($_POST['permalink_structure'])
2556
- ){
2557
$_POST['option_page'] = 'permalink';
2558
}
2559
2560
// Check if the option_page has an allowed value.
2561
- if ( $option_page = SucuriScanRequest::post( 'option_page' ) ){
2562
$nonce = '_wpnonce';
2563
$action = '';
2564
2565
- switch ( $option_page ){
2566
case 'general': /* no_break */
2567
case 'writing': /* no_break */
2568
case 'reading': /* no_break */
@@ -2581,7 +2677,7 @@ class SucuriScanOption extends SucuriScanRequest {
2581
! empty($action)
2582
&& isset($_REQUEST[ $nonce ])
2583
&& wp_verify_nonce( $_REQUEST[ $nonce ], $action )
2584
- ){
2585
return true;
2586
}
2587
}
@@ -2600,7 +2696,7 @@ class SucuriScanOption extends SucuriScanRequest {
2600
$post_types_arr = false;
2601
2602
// Encode (old) serialized data into JSON.
2603
- if ( self::is_serialized( $post_types ) ){
2604
$post_types_arr = @unserialize( $post_types );
2605
$post_types_fix = json_encode( $post_types_arr );
2606
self::update_option( ':ignored_events', $post_types_fix );
@@ -2609,11 +2705,11 @@ class SucuriScanOption extends SucuriScanRequest {
2609
}
2610
2611
// Decode JSON-encoded data as an array.
2612
- elseif ( preg_match( '/^\{.+\}#x2F;', $post_types ) ){
2613
$post_types_arr = @json_decode( $post_types, true );
2614
}
2615
2616
- if ( ! is_array( $post_types_arr ) ){
2617
$post_types_arr = array();
2618
}
2619
@@ -2627,15 +2723,15 @@ class SucuriScanOption extends SucuriScanRequest {
2627
* @return boolean Whether the event was ignored or not.
2628
*/
2629
public static function add_ignored_event( $event_name = '' ){
2630
- if ( function_exists( 'get_post_types' ) ){
2631
$post_types = get_post_types();
2632
2633
// Check if the event is a registered post-type.
2634
- if ( array_key_exists( $event_name, $post_types ) ){
2635
$ignored_events = self::get_ignored_events();
2636
2637
// Check if the event is not ignored already.
2638
- if ( ! array_key_exists( $event_name, $ignored_events ) ){
2639
$ignored_events[ $event_name ] = time();
2640
$saved = self::update_option( ':ignored_events', json_encode( $ignored_events ) );
2641
@@ -2656,7 +2752,7 @@ class SucuriScanOption extends SucuriScanRequest {
2656
public static function remove_ignored_event( $event_name = '' ){
2657
$ignored_events = self::get_ignored_events();
2658
2659
- if ( array_key_exists( $event_name, $ignored_events ) ){
2660
unset( $ignored_events[ $event_name ] );
2661
$saved = self::update_option( ':ignored_events', json_encode( $ignored_events ) );
2662
@@ -2676,7 +2772,7 @@ class SucuriScanOption extends SucuriScanRequest {
2676
$event_name = strtolower( $event_name );
2677
$ignored_events = self::get_ignored_events();
2678
2679
- if ( array_key_exists( $event_name, $ignored_events ) ){
2680
return true;
2681
}
2682
@@ -2706,11 +2802,11 @@ class SucuriScanOption extends SucuriScanRequest {
2706
'SECURE_AUTH_SALT',
2707
);
2708
2709
- foreach ( $key_names as $key_name ){
2710
- if ( defined( $key_name ) ){
2711
$key_value = constant( $key_name );
2712
2713
- if ( stripos( $key_value, 'unique phrase' ) !== false ){
2714
$response['bad'][ $key_name ] = $key_value;
2715
} else {
2716
$response['good'][ $key_name ] = $key_value;
@@ -2750,7 +2846,7 @@ class SucuriScanEvent extends SucuriScan {
2750
public static function schedule_task(){
2751
$task_name = 'sucuriscan_scheduled_scan';
2752
2753
- if ( ! wp_next_scheduled( $task_name ) ){
2754
wp_schedule_event( time() + 10, 'twicedaily', $task_name );
2755
}
2756
@@ -2773,15 +2869,15 @@ class SucuriScanEvent extends SucuriScan {
2773
if (
2774
SucuriScanOption::get_option( ':fs_scanner' ) == 'disabled'
2775
&& $force_scan === false
2776
- ){
2777
return false;
2778
}
2779
2780
// Check if the last runtime is too near the current time.
2781
- if ( $last_run && ! $force_scan ){
2782
$runtime_diff = $current_time - $runtime;
2783
2784
- if ( $last_run >= $runtime_diff ){
2785
return false;
2786
}
2787
}
@@ -2802,7 +2898,7 @@ class SucuriScanEvent extends SucuriScan {
2802
$reported_version = SucuriScanOption::get_option( $option_name );
2803
$wp_version = self::site_version();
2804
2805
- if ( $reported_version != $wp_version ){
2806
SucuriScanEvent::report_info_event( 'WordPress version detected ' . $wp_version );
2807
SucuriScanOption::update_option( $option_name, $wp_version );
2808
@@ -2827,17 +2923,17 @@ class SucuriScanEvent extends SucuriScan {
2827
self::verify_run( $minimum_runtime, $force_scan )
2828
&& class_exists( 'SucuriScanFileInfo' )
2829
&& SucuriScanAPI::get_plugin_key()
2830
- ){
2831
self::report_site_version();
2832
2833
$sucuri_fileinfo = new SucuriScanFileInfo();
2834
$sucuri_fileinfo->scan_interface = SucuriScanOption::get_option( ':scan_interface' );
2835
$signatures = $sucuri_fileinfo->get_directory_tree_md5( ABSPATH );
2836
2837
- if ( $signatures ){
2838
$hashes_sent = SucuriScanAPI::send_hashes( $signatures );
2839
2840
- if ( $hashes_sent ){
2841
SucuriScanOption::update_option( ':runtime', time() );
2842
return true;
2843
} else {
@@ -2870,8 +2966,8 @@ class SucuriScanEvent extends SucuriScan {
2870
$user instanceof WP_User
2871
&& isset($user->user_login)
2872
&& ! empty($user->user_login)
2873
- ){
2874
- if ( $user->user_login != $user->display_name ){
2875
$username = sprintf( "\x20%s (%s),", $user->display_name, $user->user_login );
2876
} else {
2877
$username = sprintf( "\x20%s,", $user->user_login );
@@ -2882,7 +2978,7 @@ class SucuriScanEvent extends SucuriScan {
2882
$severity = (int) $severity;
2883
2884
// Convert the severity number into a readable string.
2885
- switch ( $severity ){
2886
case 0: $severity_name = 'Debug'; break;
2887
case 1: $severity_name = 'Notice'; break;
2888
case 2: $severity_name = 'Info'; break;
@@ -2994,6 +3090,47 @@ class SucuriScanEvent extends SucuriScan {
2994
}
2995
}
2996
2997
/**
2998
* Send a notification to the administrator of the specified events, only if
2999
* the administrator accepted to receive alerts for this type of events.
@@ -3011,22 +3148,18 @@ class SucuriScanEvent extends SucuriScan {
3011
$notify = 'disabled';
3012
}
3013
3014
- if ( $notify == 'enabled' ){
3015
- if ( $event == 'post_publication' ){
3016
$event = 'post_update';
3017
- }
3018
-
3019
- elseif ( $event == 'failed_login' ){
3020
$content .= "<br>\n<br>\n<em>Explanation: Someone failed to login to your site. If you";
3021
$content .= ' are getting too many of these messages, it is likely your site is under a brute';
3022
$content .= ' force attack. You can disable the notifications for failed logins from here [1].';
3023
$content .= " More details at Password Guessing Brute Force Attacks [2].</em><br>\n<br>\n";
3024
$content .= '[1] ' . SucuriScanTemplate::get_url( 'settings' ) . " <br>\n";
3025
$content .= "[2] http://kb.sucuri.net/definitions/attacks/brute-force/password-guessing <br>\n";
3026
- }
3027
-
3028
- // Send a notification even if the limit of emails per hour was reached.
3029
- elseif ( $event == 'bruteforce_attack' ){
3030
$email_params['Force'] = true;
3031
}
3032
@@ -3046,7 +3179,7 @@ class SucuriScanEvent extends SucuriScan {
3046
* @return boolean TRUE if the IP address of the user is trusted, FALSE otherwise.
3047
*/
3048
private static function is_trusted_ip( $remote_addr = '' ){
3049
- $cache = new SucuriScanCache( 'trustip' );
3050
$trusted_ips = $cache->get_all();
3051
3052
if ( ! $remote_addr ) {
@@ -3069,19 +3202,17 @@ class SucuriScanEvent extends SucuriScan {
3069
$ip_parts = explode( '.', $ip_info->remote_addr );
3070
$ip_pattern = false;
3071
3072
- // Generate the regular expression for CIDR range 24.
3073
- if ( $ip_info->cidr_range == 24 ) {
3074
- $ip_pattern = sprintf( '/^%d\.%d\.%d\.[0-9]{1,3}#x2F;', $ip_parts[0], $ip_parts[1], $ip_parts[2] );
3075
- }
3076
-
3077
- // Generate the regular expression for CIDR range 16.
3078
- elseif ( $ip_info->cidr_range == 16 ) {
3079
- $ip_pattern = sprintf( '/^%d\.%d(\.[0-9]{1,3}){2}#x2F;', $ip_parts[0], $ip_parts[1] );
3080
- }
3081
-
3082
- // Generate the regular expression for CIDR range 8.
3083
- elseif ( $ip_info->cidr_range == 8 ) {
3084
- $ip_pattern = sprintf( '/^%d(\.[0-9]{1,3}){3}#x2F;', $ip_parts[0] );
3085
}
3086
3087
if ( $ip_pattern && preg_match( $ip_pattern, $remote_addr ) ) {
@@ -3102,10 +3233,10 @@ class SucuriScanEvent extends SucuriScan {
3102
public static function set_new_password( $user_id = 0 ){
3103
$user_id = intval( $user_id );
3104
3105
- if ( $user_id > 0 && function_exists( 'wp_generate_password' ) ){
3106
$user = get_userdata( $user_id );
3107
3108
- if ( $user instanceof WP_User ){
3109
$new_password = wp_generate_password( 15, true, false );
3110
3111
$message = 'The password for your user account <strong>"'. $user->display_name .'"</strong> '
@@ -3139,7 +3270,7 @@ class SucuriScanEvent extends SucuriScan {
3139
$new_wpconfig = '';
3140
$config_path = self::get_wpconfig_path();
3141
3142
- if ( $config_path ){
3143
$pattern = self::secret_key_pattern();
3144
$define_tpl = "define('%s',%s'%s');";
3145
$config_lines = SucuriScanFileInfo::file_lines( $config_path );
@@ -3148,11 +3279,11 @@ class SucuriScanEvent extends SucuriScan {
3148
$old_keys_string = '';
3149
$new_keys_string = '';
3150
3151
- foreach ( (array) $config_lines as $config_line ){
3152
- if ( preg_match( $pattern, $config_line, $match ) ){
3153
$key_name = $match[1];
3154
3155
- if ( array_key_exists( $key_name, $new_keys ) ){
3156
$white_spaces = $match[2];
3157
$old_keys[ $key_name ] = $match[3];
3158
$config_line = sprintf( $define_tpl, $key_name, $white_spaces, $new_keys[ $key_name ] );
@@ -3173,7 +3304,7 @@ class SucuriScanEvent extends SucuriScan {
3173
'new_wpconfig' => $new_wpconfig,
3174
);
3175
3176
- if ( $response['updated'] ){
3177
file_put_contents( $config_path, $new_wpconfig, LOCK_EX );
3178
}
3179
@@ -3418,7 +3549,9 @@ class SucuriScanHook extends SucuriScanEvent {
3418
* @return void
3419
*/
3420
public static function hook_retrieve_password( $title = '' ){
3421
- if ( empty($title) ) { $title = 'unknown'; }
3422
3423
self::report_error_event( 'Password retrieval attempt: ' . $title );
3424
}
@@ -3430,7 +3563,9 @@ class SucuriScanHook extends SucuriScanEvent {
3430
* @return void
3431
*/
3432
public static function hook_switch_theme( $title = '' ){
3433
- if ( empty($title) ) { $title = 'unknown'; }
3434
3435
$message = 'Theme activated: ' . $title;
3436
self::report_warning_event( $message );
@@ -3470,7 +3605,9 @@ class SucuriScanHook extends SucuriScanEvent {
3470
* @return void
3471
*/
3472
public static function hook_wp_login( $title = '' ){
3473
- if ( empty($title) ) { $title = 'Unknown'; }
3474
3475
$message = 'User authentication succeeded: ' . $title;
3476
self::report_notice_event( $message );
@@ -3485,7 +3622,9 @@ class SucuriScanHook extends SucuriScanEvent {
3485
* @return void
3486
*/
3487
public static function hook_wp_login_failed( $title = '' ){
3488
- if ( empty($title) ){ $title = 'Unknown'; }
3489
3490
$title = sanitize_user( $title, true );
3491
$password = SucuriScanRequest::post( 'pwd' );
@@ -3503,10 +3642,10 @@ class SucuriScanHook extends SucuriScanEvent {
3503
$logged = sucuriscan_log_failed_login( $title, $password );
3504
3505
// Check if the quantity of failed logins will be considered as a brute-force attack.
3506
- if ( $logged ){
3507
$failed_logins = sucuriscan_get_failed_logins();
3508
3509
- if ( $failed_logins ){
3510
$max_time = 3600;
3511
$maximum_failed_logins = SucuriScanOption::get_option( 'sucuriscan_maximum_failed_logins' );
3512
@@ -3520,7 +3659,7 @@ class SucuriScanHook extends SucuriScanEvent {
3520
if (
3521
$failed_logins['diff_time'] <= $max_time
3522
&& $failed_logins['count'] >= $maximum_failed_logins
3523
- ){
3524
sucuriscan_report_failed_logins( $failed_logins );
3525
}
3526
@@ -3533,7 +3672,7 @@ class SucuriScanHook extends SucuriScanEvent {
3533
* first entry of that file in case of future attempts during the next sixty
3534
* minutes.
3535
*/
3536
- elseif ( $failed_logins['diff_time'] > $max_time ){
3537
sucuriscan_reset_failed_logins();
3538
sucuriscan_log_failed_login( $title );
3539
}
@@ -3562,19 +3701,21 @@ class SucuriScanHook extends SucuriScanEvent {
3562
SucuriScanRequest::get_or_post( 'action', $plugin_activate_actions )
3563
|| SucuriScanRequest::get_or_post( 'action2', $plugin_activate_actions )
3564
)
3565
- ){
3566
$plugin_list = array();
3567
$items_affected = array();
3568
3569
// Get the action performed through action or action2 params.
3570
$action_d = SucuriScanRequest::get_or_post( 'action' );
3571
- if ( $action_d == '-1' ) { $action_d = SucuriScanRequest::get_or_post( 'action2' ); }
3572
$action_d .= 'd';
3573
3574
if (
3575
SucuriScanRequest::get( 'plugin', '.+' )
3576
&& strpos( $_SERVER['REQUEST_URI'], 'plugins.php' ) !== false
3577
- ){
3578
$plugin_list[] = SucuriScanRequest::get( 'plugin' );
3579
}
3580
@@ -3582,18 +3723,18 @@ class SucuriScanHook extends SucuriScanEvent {
3582
isset($_POST['checked'])
3583
&& is_array( $_POST['checked'] )
3584
&& ! empty($_POST['checked'])
3585
- ){
3586
$plugin_list = SucuriScanRequest::post( 'checked', '_array' );
3587
$action_d = str_replace( '-selected', '', $action_d );
3588
}
3589
3590
- foreach ( $plugin_list as $plugin ){
3591
$plugin_info = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
3592
3593
if (
3594
! empty($plugin_info['Name'])
3595
&& ! empty($plugin_info['Version'])
3596
- ){
3597
$items_affected[] = sprintf(
3598
'%s (v%s; %s)',
3599
self::escape( $plugin_info['Name'] ),
@@ -3625,14 +3766,14 @@ class SucuriScanHook extends SucuriScanEvent {
3625
SucuriScanRequest::get_or_post( 'action', $plugin_update_actions )
3626
|| SucuriScanRequest::get_or_post( 'action2', $plugin_update_actions )
3627
)
3628
- ){
3629
$plugin_list = array();
3630
$items_affected = array();
3631
3632
if (
3633
SucuriScanRequest::get( 'plugin', '.+' )
3634
&& strpos( $_SERVER['REQUEST_URI'], 'wp-admin/update.php' ) !== false
3635
- ){
3636
$plugin_list[] = SucuriScanRequest::get( 'plugin', '.+' );
3637
}
3638
@@ -3640,17 +3781,17 @@ class SucuriScanHook extends SucuriScanEvent {
3640
isset($_POST['checked'])
3641
&& is_array( $_POST['checked'] )
3642
&& ! empty($_POST['checked'])
3643
- ){
3644
$plugin_list = SucuriScanRequest::post( 'checked', '_array' );
3645
}
3646
3647
- foreach ( $plugin_list as $plugin ){
3648
$plugin_info = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
3649
3650
if (
3651
! empty($plugin_info['Name'])
3652
&& ! empty($plugin_info['Version'])
3653
- ){
3654
$items_affected[] = sprintf(
3655
'%s (v%s; %s)',
3656
self::escape( $plugin_info['Name'] ),
@@ -3678,13 +3819,15 @@ class SucuriScanHook extends SucuriScanEvent {
3678
elseif (
3679
current_user_can( 'install_plugins' )
3680
&& SucuriScanRequest::get( 'action', '(install|upload)-plugin' )
3681
- ){
3682
- if ( isset($_FILES['pluginzip']) ){
3683
$plugin = self::escape( $_FILES['pluginzip']['name'] );
3684
} else {
3685
$plugin = SucuriScanRequest::get( 'plugin', '.+' );
3686
3687
- if ( ! $plugin ){ $plugin = 'Unknown'; }
3688
}
3689
3690
$message = 'Plugin installed: ' . self::escape( $plugin );
@@ -3697,17 +3840,17 @@ class SucuriScanHook extends SucuriScanEvent {
3697
current_user_can( 'delete_plugins' )
3698
&& SucuriScanRequest::post( 'action', 'delete-selected' )
3699
&& SucuriScanRequest::post( 'verify-delete', '1' )
3700
- ){
3701
$plugin_list = SucuriScanRequest::post( 'checked', '_array' );
3702
$items_affected = array();
3703
3704
- foreach ( (array) $plugin_list as $plugin ){
3705
$plugin_info = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
3706
3707
if (
3708
! empty($plugin_info['Name'])
3709
&& ! empty($plugin_info['Version'])
3710
- ){
3711
$items_affected[] = sprintf(
3712
'%s (v%s; %s)',
3713
self::escape( $plugin_info['Name'] ),
@@ -3738,7 +3881,7 @@ class SucuriScanHook extends SucuriScanEvent {
3738
&& SucuriScanRequest::post( 'plugin', '.+' )
3739
&& SucuriScanRequest::post( 'file', '.+' )
3740
&& strpos( $_SERVER['REQUEST_URI'], 'plugin-editor.php' ) !== false
3741
- ){
3742
$filename = SucuriScanRequest::post( 'file' );
3743
$message = 'Plugin editor used in: ' . SucuriScan::escape( $filename );
3744
self::report_error_event( $message );
@@ -3752,7 +3895,7 @@ class SucuriScanHook extends SucuriScanEvent {
3752
&& SucuriScanRequest::post( 'theme', '.+' )
3753
&& SucuriScanRequest::post( 'file', '.+' )
3754
&& strpos( $_SERVER['REQUEST_URI'], 'theme-editor.php' ) !== false
3755
- ){
3756
$theme_name = SucuriScanRequest::post( 'theme' );
3757
$filename = SucuriScanRequest::post( 'file' );
3758
$message = 'Theme editor used in: ' . SucuriScan::escape( $theme_name ) . '/' . SucuriScan::escape( $filename );
@@ -3764,10 +3907,12 @@ class SucuriScanHook extends SucuriScanEvent {
3764
elseif (
3765
current_user_can( 'install_themes' )
3766
&& SucuriScanRequest::get( 'action', 'install-theme' )
3767
- ){
3768
$theme = SucuriScanRequest::get( 'theme', '.+' );
3769
3770
- if ( ! $theme ){ $theme = 'Unknown'; }
3771
3772
$message = 'Theme installed: ' . self::escape( $theme );
3773
SucuriScanEvent::report_warning_event( $message );
@@ -3779,10 +3924,12 @@ class SucuriScanHook extends SucuriScanEvent {
3779
current_user_can( 'delete_themes' )
3780
&& SucuriScanRequest::get_or_post( 'action', 'delete' )
3781
&& SucuriScanRequest::get_or_post( 'stylesheet', '.+' )
3782
- ){
3783
$theme = SucuriScanRequest::get( 'stylesheet', '.+' );
3784
3785
- if ( ! $theme ){ $theme = 'Unknown'; }
3786
3787
$message = 'Theme deleted: ' . self::escape( $theme );
3788