Sucuri Security – Auditing, Malware Scanner and Security Hardening

Version Description

Modified default setting for the core integrity alerts
Added more files to the core integrity ignore list
Fixed support for custom data storage directory
Fixed admin notices after changing alert settings
Fixed settings and audit logs for the firewall page
Fixed regression with clear cache in firewall page

Release Info

Developer	yorman
Plugin	Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version	1.8.1
Comparing to
See all releases

Code changes from version 1.8.0 to 1.8.1

Files changed (4) hide show

inc/tpl/corefiles-notification.html.tpl +14 -7
inc/tpl/firewall-settings.html.tpl +1 -1
readme.txt +9 -1
sucuri.php +55 -42

inc/tpl/corefiles-notification.html.tpl CHANGED Viewed

@@ -33,13 +33,20 @@
                     <tr>
                         <td colspan="5">
                             <p>
-            -
                                <strong>Note.</strong> This is not a malware scanner but an integrity checker
-            -
                                which is a completely different thing, if you want to check if your site is
-            -
                                generating malicious code then use the <a href="%%SUCURI.URL.Scanner%%">malware
-            -
                                scan</a> tool. If you see the text <em>"must be fixed manually"</em> in any of
-            -
                                these files that means that they do not have write permissions so you can not
-            -
                                fix them using this tool. Access the <a href="%%SUCURI.URL.Home%%">admin area
-            -
                                </a> of your website to fix these files.
                             </p>
                         </td>
                     </tr>


33	<tr>
34	<td colspan="5">
35	<p>
36	+ <b>Note:</b> This is not a malware scanner but an integrity checker, if
37	+ you want to check if your site is generating malicious code then use the
38	+ <a href="%%SUCURI.URL.Scanner%%">malware scan</a> tool. If you see the
39	+ text <em>"must be fixed manually"</em> in any of these files that means
40	+ that they do not have write permissions so you can not fix them using
41	+ this tool. Access the <a href="%%SUCURI.URL.Home%%">admin area</a> of
42	+ your website to fix these files.
43	+ </p>
44	+
45	+ <p>
46	+ <b>Note:</b> Disable the <em>"Receive email alerts for core integrity
47	+ checks"</em> option from the "Alerts" panel located in the plugin'
48	+ settings page to stop receiving these emails, but keep an eye on the
49	+ flagged files to keep your website clean.
50	</p>
51	</td>
52	</tr>

inc/tpl/firewall-settings.html.tpl CHANGED Viewed

	@@ -14,7 +14,7 @@
14	many other threats against your site.
15	</p>
16
17	- <div class="sucuriscan-inline-alert-info">
18	<p>
19	Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank">
20	CloudProxy API key</a> in the form below to start communicating with the firewall


14	many other threats against your site.
15	</p>
16
17	+ <div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
18	<p>
19	Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank">
20	CloudProxy API key</a> in the form below to start communicating with the firewall

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net
3	Donate Link: https://sucuri.net/
4	Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5	Requires at least:3.2
6	- Stable tag: 1.8.0
7	Tested up to: 4.5.3
8
9	The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
	@@ -354,6 +354,14 @@ service from the WordPress dashboard.
354
355	== Changelog ==
356








357	= 1.8.0 =
358	* Added error message when storage is not writable
359	* Fixed option getter to migrate plugin settings if possible


3	Donate Link: https://sucuri.net/
4	Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5	Requires at least:3.2
6	+ Stable tag: 1.8.1
7	Tested up to: 4.5.3
8
9	The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

354
355	== Changelog ==
356
357	+ = 1.8.1 =
358	+ * Modified default setting for the core integrity alerts
359	+ * Added more files to the core integrity ignore list
360	+ * Fixed support for custom data storage directory
361	+ * Fixed admin notices after changing alert settings
362	+ * Fixed settings and audit logs for the firewall page
363	+ * Fixed regression with clear cache in firewall page
364	+
365	= 1.8.0 =
366	* Added error message when storage is not writable
367	* Fixed option getter to migrate plugin settings if possible

sucuri.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4	Plugin URI: https://wordpress.sucuri.net/
5	Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6	Author: Sucuri, INC
7	- Version: 1.8.0
8	Author URI: https://sucuri.net
9	*/
10
	@@ -65,7 +65,7 @@ define('SUCURISCAN', 'sucuriscan');
65	/**
66	* Current version of the plugin's code.
67	*/
68	- define('SUCURISCAN_VERSION', '1.8.0');
69
70	/**
71	* The name of the Sucuri plugin main file.
	@@ -2946,7 +2946,7 @@ class SucuriScanOption extends SucuriScanRequest
2946	'sucuriscan_notify_plugin_installed' => 'disabled',
2947	'sucuriscan_notify_plugin_updated' => 'disabled',
2948	'sucuriscan_notify_post_publication' => 'enabled',
2949	- 'sucuriscan_notify_scan_checksums' => '~~enabled~~',
2950	'sucuriscan_notify_settings_updated' => 'disabled',
2951	'sucuriscan_notify_success_login' => 'enabled',
2952	'sucuriscan_notify_theme_activated' => 'disabled',
	@@ -2979,6 +2979,9 @@ class SucuriScanOption extends SucuriScanRequest
2979	'sucuriscan_xhr_monitor' => 'disabled',
2980	);
2981



2982	return $defaults;
2983	}
2984
	@@ -6194,7 +6197,7 @@ class SucuriScanAPI extends SucuriScanOption
6194	$response = self::apiCallCloudproxy('GET', $params);
6195
6196	if (self::handleResponse($response)) {
6197	- return $response['~~body~~']~~->output~~;
6198	}
6199
6200	return false;
	@@ -6217,7 +6220,7 @@ class SucuriScanAPI extends SucuriScanOption
6217	$response = self::apiCallCloudproxy('GET', $params);
6218
6219	if (self::handleResponse($response)) {
6220	- return $response~~['body']~~;
6221	}
6222
6223	return false;
	@@ -6258,7 +6261,7 @@ class SucuriScanAPI extends SucuriScanOption
6258	$response = self::apiCallCloudproxy('GET', $params);
6259
6260	if (self::handleResponse($response)) {
6261	- return $response['~~body_arr']['~~output'];
6262	}
6263
6264	return false;
	@@ -8753,8 +8756,13 @@ function sucuriscan_firewall_settings($api_key = '')
8753	$css_scrollable = count($option_value) > 10 ? 'sucuriscan-list-as-table-scrollable' : '';
8754	$html_list = '<ul class="sucuriscan-list-as-table ' . $css_scrollable . '">';
8755
8756	- ~~foreach~~ ($option_value ~~as $single_value~~) {
8757	- $~~html_list~~ .= ~~'<li>' . SucuriScan::escape(~~$single_value) ~~. '</li>';~~





8758	}
8759
8760	$html_list .= '</ul>';
	@@ -8901,35 +8909,37 @@ function sucuriscan_firewall_auditlogs_entries($entries = array())
8901	$counter = 0;
8902
8903	foreach ($entries as $entry) {
8904	- $~~data_set~~ = ~~array(~~);
8905	- $data_set~~['AccessLog.CssClass']~~ = (~~$counter % 2 == 0~~) ~~? '' : 'alternate'~~;
8906	-
8907	- ~~foreach ($attributes as $attr) {~~
8908	- // ~~Generate~~ ~~variable~~ ~~name~~ ~~for the template pseudo-tags.~~
8909	- ~~$keyname~~ = ~~str_replace('_',~~ ~~"\x20",~~ ~~$attr);~~
8910	- $keyname = ~~ucwords~~($~~keyname~~);
8911	- $keyname = ~~str_replace~~(~~"\x20", '',~~ $keyname);
8912	- $keyname = '~~AccessLog.~~' . $keyname;
8913	-
8914	- ~~// Assign and escape variable value before rendering.~~
8915	- if ~~(array_key_exists($attr,~~ ~~$entry))~~ {
8916	- $~~data_set[$keyname]~~ = $entry~~[$attr];~~
8917	- } ~~else~~ {
8918	- ~~$data_set[$keyname]~~ = ~~'';~~
8919	- }

8920
8921	- // Special cases to convert value to readable data.
8922	- if ($attr == 'resource_path' && $data_set[$keyname] == '/') {
8923	- $data_set[$keyname] = '/ (root of the website)';
8924	- } elseif ($attr == 'http_referer' && $data_set[$keyname] == '-') {
8925	- $data_set[$keyname] = '- (no referer)';
8926	- } elseif ($attr == 'request_country_name' && $data_set[$keyname] == '') {
8927	- $data_set[$keyname] = 'Anonymous';

8928	}
8929	- }
8930
8931	- $output .= SucuriScanTemplate::getSnippet('firewall-auditlogs', $data_set);
8932	- $counter++;

8933	}
8934	}
8935
	@@ -9027,13 +9037,13 @@ function sucuriscan_firewall_clearcache($nonce)
9027	$response = SucuriScanAPI::clearCloudproxyCache();
9028
9029	if ($response) {
9030	- if (isset($response->messages[0])) {
9031	// Clear W3 Total Cache if it is installed.
9032	if (function_exists('w3tc_flush_all')) {
9033	w3tc_flush_all();
9034	}
9035
9036	- SucuriScanInterface::info($response->messages[0]);
9037	} else {
9038	SucuriScanInterface::error('Could not clear the cache of your site, try later again.');
9039	}
	@@ -10884,19 +10894,19 @@ function sucuriscan_ignore_integrity_filepath($file_path = '')
10884	$ignore_files = array(
10885	'^sucuri-[0-9a-z\-]+\.php$',
10886	'^\S+-sucuri-db-dump-gzip-[0-9]{10}-[0-9a-z]{32}\.gz$',
10887	- '~~^favicon~~\.ico$',
10888	'^php\.ini$',
10889	- '^\.htaccess$',
10890	'^wp-includes\/\.htaccess$',
10891	'^wp-admin\/setup-config\.php$',
10892	'^wp-(config\|pass\|rss\|feed\|register\|atom\|commentsrss2\|rss2\|rdf)\.php$',
10893	'^wp-content\/(themes\|plugins)\/.+', // TODO: Add the popular themes/plugins integrity checks.
10894	'^sitemap\.xml($\|\.gz)$',
10895	- '^readme\.html$',
10896	'^(503\|404)\.php$',
10897	'^500\.(shtml\|php)$',
10898	'^40[0-9]\.shtml$',
10899	- '^([^\/]*)\.(pdf\|css\|txt)$',
10900	'^google[0-9a-z]{16}\.html$',
10901	'^pinterest-[0-9a-z]{5}\.html$',
10902	'(^\|\/)error_log$',
	@@ -14071,8 +14081,11 @@ function sucuriscan_settings_alert_events($nonce)
14071
14072	// Check that the option value was actually changed.
14073	if ($current_value !== $option_value) {
14074	- SucuriScanOption::update_option($alert_type, $option_value);
14075	- ~~$ucounter += 1;~~



14076	}
14077	}
14078	}


4	Plugin URI: https://wordpress.sucuri.net/
5	Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6	Author: Sucuri, INC
7	+ Version: 1.8.1
8	Author URI: https://sucuri.net
9	*/
10

65	/**
66	* Current version of the plugin's code.
67	*/
68	+ define('SUCURISCAN_VERSION', '1.8.1');
69
70	/**
71	* The name of the Sucuri plugin main file.

2946	'sucuriscan_notify_plugin_installed' => 'disabled',
2947	'sucuriscan_notify_plugin_updated' => 'disabled',
2948	'sucuriscan_notify_post_publication' => 'enabled',
2949	+ 'sucuriscan_notify_scan_checksums' => 'disabled',
2950	'sucuriscan_notify_settings_updated' => 'disabled',
2951	'sucuriscan_notify_success_login' => 'enabled',
2952	'sucuriscan_notify_theme_activated' => 'disabled',

2979	'sucuriscan_xhr_monitor' => 'disabled',
2980	);
2981
2982	+ $fpath = self::optionsFilePath();
2983	+ $defaults['sucuriscan_datastore_path'] = dirname($fpath);
2984	+
2985	return $defaults;
2986	}
2987

6197	$response = self::apiCallCloudproxy('GET', $params);
6198
6199	if (self::handleResponse($response)) {
6200	+ return $response['output'];
6201	}
6202
6203	return false;

6220	$response = self::apiCallCloudproxy('GET', $params);
6221
6222	if (self::handleResponse($response)) {
6223	+ return $response;
6224	}
6225
6226	return false;

6261	$response = self::apiCallCloudproxy('GET', $params);
6262
6263	if (self::handleResponse($response)) {
6264	+ return $response['output'];
6265	}
6266
6267	return false;

8756	$css_scrollable = count($option_value) > 10 ? 'sucuriscan-list-as-table-scrollable' : '';
8757	$html_list = '<ul class="sucuriscan-list-as-table ' . $css_scrollable . '">';
8758
8759	+ if (!empty($option_value)) {
8760	+ foreach ($option_value as $single_value) {
8761	+ $single_value = SucuriScan::escape($single_value);
8762	+ $html_list .= '<li>' . SucuriScan::escape($single_value) . '</li>';
8763	+ }
8764	+ } else {
8765	+ $html_list .= '<li>(no data available)</li>';
8766	}
8767
8768	$html_list .= '</ul>';

8909	$counter = 0;
8910
8911	foreach ($entries as $entry) {
8912	+ if (array_key_exists('is_usable', $entry) && $entry['is_usable']) {
8913	+ $data_set = array();
8914	+ $data_set['AccessLog.CssClass'] = ($counter % 2 == 0) ? '' : 'alternate';
8915	+
8916	+ foreach ($attributes as $attr) {
8917	+ // Generate variable name for the template pseudo-tags.
8918	+ $keyname = str_replace('_', "\x20", $attr);
8919	+ $keyname = ucwords($keyname);
8920	+ $keyname = str_replace("\x20", '', $keyname);
8921	+ $keyname = 'AccessLog.' . $keyname;
8922	+
8923	+ // Assign and escape variable value before rendering.
8924	+ if (array_key_exists($attr, $entry)) {
8925	+ $data_set[$keyname] = $entry[$attr];
8926	+ } else {
8927	+ $data_set[$keyname] = '';
8928	+ }
8929
8930	+ // Special cases to convert value to readable data.
8931	+ if ($attr == 'resource_path' && $data_set[$keyname] == '/') {
8932	+ $data_set[$keyname] = '/ (root of the website)';
8933	+ } elseif ($attr == 'http_referer' && $data_set[$keyname] == '-') {
8934	+ $data_set[$keyname] = '- (no referer)';
8935	+ } elseif ($attr == 'request_country_name' && $data_set[$keyname] == '') {
8936	+ $data_set[$keyname] = 'Anonymous';
8937	+ }
8938	}

8939
8940	+ $output .= SucuriScanTemplate::getSnippet('firewall-auditlogs', $data_set);
8941	+ $counter++;
8942	+ }
8943	}
8944	}
8945

9037	$response = SucuriScanAPI::clearCloudproxyCache();
9038
9039	if ($response) {
9040	+ if (isset($response['messages'][0])) {
9041	// Clear W3 Total Cache if it is installed.
9042	if (function_exists('w3tc_flush_all')) {
9043	w3tc_flush_all();
9044	}
9045
9046	+ SucuriScanInterface::info($response['messages'][0]);
9047	} else {
9048	SucuriScanInterface::error('Could not clear the cache of your site, try later again.');
9049	}

10894	$ignore_files = array(
10895	'^sucuri-[0-9a-z\-]+\.php$',
10896	'^\S+-sucuri-db-dump-gzip-[0-9]{10}-[0-9a-z]{32}\.gz$',
10897	+ '\.ico$',
10898	'^php\.ini$',
10899	+ '^\.(htaccess\|htpasswd\|ftpquota)$',
10900	'^wp-includes\/\.htaccess$',
10901	'^wp-admin\/setup-config\.php$',
10902	'^wp-(config\|pass\|rss\|feed\|register\|atom\|commentsrss2\|rss2\|rdf)\.php$',
10903	'^wp-content\/(themes\|plugins)\/.+', // TODO: Add the popular themes/plugins integrity checks.
10904	'^sitemap\.xml($\|\.gz)$',
10905	+ '^readme(\.[a-z0-9]{32})?\.html$',
10906	'^(503\|404)\.php$',
10907	'^500\.(shtml\|php)$',
10908	'^40[0-9]\.shtml$',
10909	+ '^([^\/]*)\.(pdf\|css\|txt\|jpg\|gif\|png\|jpeg)$',
10910	'^google[0-9a-z]{16}\.html$',
10911	'^pinterest-[0-9a-z]{5}\.html$',
10912	'(^\|\/)error_log$',

14081
14082	// Check that the option value was actually changed.
14083	if ($current_value !== $option_value) {
14084	+ $written = SucuriScanOption::update_option($alert_type, $option_value);
14085	+
14086	+ if ($written === true) {
14087	+ $ucounter += 1;
14088	+ }
14089	}
14090	}
14091	}

Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.1

Version Description

Release Info

Code changes from version 1.8.0 to 1.8.1