Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.1

Version Description

  • Modified default setting for the core integrity alerts
  • Added more files to the core integrity ignore list
  • Fixed support for custom data storage directory
  • Fixed admin notices after changing alert settings
  • Fixed settings and audit logs for the firewall page
  • Fixed regression with clear cache in firewall page
Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.1
Comparing to
See all releases

Code changes from version 1.8.0 to 1.8.1

inc/tpl/corefiles-notification.html.tpl CHANGED
@@ -33,13 +33,20 @@
33
<tr>
34
<td colspan="5">
35
<p>
36
- <strong>Note.</strong> This is not a malware scanner but an integrity checker
37
- which is a completely different thing, if you want to check if your site is
38
- generating malicious code then use the <a href="%%SUCURI.URL.Scanner%%">malware
39
- scan</a> tool. If you see the text <em>"must be fixed manually"</em> in any of
40
- these files that means that they do not have write permissions so you can not
41
- fix them using this tool. Access the <a href="%%SUCURI.URL.Home%%">admin area
42
- </a> of your website to fix these files.
43
</p>
44
</td>
45
</tr>
33
<tr>
34
<td colspan="5">
35
<p>
36
+ <b>Note:</b> This is not a malware scanner but an integrity checker, if
37
+ you want to check if your site is generating malicious code then use the
38
+ <a href="%%SUCURI.URL.Scanner%%">malware scan</a> tool. If you see the
39
+ text <em>"must be fixed manually"</em> in any of these files that means
40
+ that they do not have write permissions so you can not fix them using
41
+ this tool. Access the <a href="%%SUCURI.URL.Home%%">admin area</a> of
42
+ your website to fix these files.
43
+ </p>
44
+
45
+ <p>
46
+ <b>Note:</b> Disable the <em>"Receive email alerts for core integrity
47
+ checks"</em> option from the "Alerts" panel located in the plugin'
48
+ settings page to stop receiving these emails, but keep an eye on the
49
+ flagged files to keep your website clean.
50
</p>
51
</td>
52
</tr>
inc/tpl/firewall-settings.html.tpl CHANGED
@@ -14,7 +14,7 @@
14
many other threats against your site.
15
</p>
16
17
- <div class="sucuriscan-inline-alert-info">
18
<p>
19
Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank">
20
CloudProxy API key</a> in the form below to start communicating with the firewall
14
many other threats against your site.
15
</p>
16
17
+ <div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
18
<p>
19
Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank">
20
CloudProxy API key</a> in the form below to start communicating with the firewall
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net
3
Donate Link: https://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
- Stable tag: 1.8.0
7
Tested up to: 4.5.3
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
@@ -354,6 +354,14 @@ service from the WordPress dashboard.
354
355
== Changelog ==
356
357
= 1.8.0 =
358
* Added error message when storage is not writable
359
* Fixed option getter to migrate plugin settings if possible
3
Donate Link: https://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
+ Stable tag: 1.8.1
7
Tested up to: 4.5.3
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
354
355
== Changelog ==
356
357
+ = 1.8.1 =
358
+ * Modified default setting for the core integrity alerts
359
+ * Added more files to the core integrity ignore list
360
+ * Fixed support for custom data storage directory
361
+ * Fixed admin notices after changing alert settings
362
+ * Fixed settings and audit logs for the firewall page
363
+ * Fixed regression with clear cache in firewall page
364
+
365
= 1.8.0 =
366
* Added error message when storage is not writable
367
* Fixed option getter to migrate plugin settings if possible
sucuri.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4
Plugin URI: https://wordpress.sucuri.net/
5
Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
- Version: 1.8.0
8
Author URI: https://sucuri.net
9
*/
10
@@ -65,7 +65,7 @@ define('SUCURISCAN', 'sucuriscan');
65
/**
66
* Current version of the plugin's code.
67
*/
68
- define('SUCURISCAN_VERSION', '1.8.0');
69
70
/**
71
* The name of the Sucuri plugin main file.
@@ -2946,7 +2946,7 @@ class SucuriScanOption extends SucuriScanRequest
2946
'sucuriscan_notify_plugin_installed' => 'disabled',
2947
'sucuriscan_notify_plugin_updated' => 'disabled',
2948
'sucuriscan_notify_post_publication' => 'enabled',
2949
- 'sucuriscan_notify_scan_checksums' => 'enabled',
2950
'sucuriscan_notify_settings_updated' => 'disabled',
2951
'sucuriscan_notify_success_login' => 'enabled',
2952
'sucuriscan_notify_theme_activated' => 'disabled',
@@ -2979,6 +2979,9 @@ class SucuriScanOption extends SucuriScanRequest
2979
'sucuriscan_xhr_monitor' => 'disabled',
2980
);
2981
2982
return $defaults;
2983
}
2984
@@ -6194,7 +6197,7 @@ class SucuriScanAPI extends SucuriScanOption
6194
$response = self::apiCallCloudproxy('GET', $params);
6195
6196
if (self::handleResponse($response)) {
6197
- return $response['body']->output;
6198
}
6199
6200
return false;
@@ -6217,7 +6220,7 @@ class SucuriScanAPI extends SucuriScanOption
6217
$response = self::apiCallCloudproxy('GET', $params);
6218
6219
if (self::handleResponse($response)) {
6220
- return $response['body'];
6221
}
6222
6223
return false;
@@ -6258,7 +6261,7 @@ class SucuriScanAPI extends SucuriScanOption
6258
$response = self::apiCallCloudproxy('GET', $params);
6259
6260
if (self::handleResponse($response)) {
6261
- return $response['body_arr']['output'];
6262
}
6263
6264
return false;
@@ -8753,8 +8756,13 @@ function sucuriscan_firewall_settings($api_key = '')
8753
$css_scrollable = count($option_value) > 10 ? 'sucuriscan-list-as-table-scrollable' : '';
8754
$html_list = '<ul class="sucuriscan-list-as-table ' . $css_scrollable . '">';
8755
8756
- foreach ($option_value as $single_value) {
8757
- $html_list .= '<li>' . SucuriScan::escape($single_value) . '</li>';
8758
}
8759
8760
$html_list .= '</ul>';
@@ -8901,35 +8909,37 @@ function sucuriscan_firewall_auditlogs_entries($entries = array())
8901
$counter = 0;
8902
8903
foreach ($entries as $entry) {
8904
- $data_set = array();
8905
- $data_set['AccessLog.CssClass'] = ($counter % 2 == 0) ? '' : 'alternate';
8906
-
8907
- foreach ($attributes as $attr) {
8908
- // Generate variable name for the template pseudo-tags.
8909
- $keyname = str_replace('_', "\x20", $attr);
8910
- $keyname = ucwords($keyname);
8911
- $keyname = str_replace("\x20", '', $keyname);
8912
- $keyname = 'AccessLog.' . $keyname;
8913
-
8914
- // Assign and escape variable value before rendering.
8915
- if (array_key_exists($attr, $entry)) {
8916
- $data_set[$keyname] = $entry[$attr];
8917
- } else {
8918
- $data_set[$keyname] = '';
8919
- }
8920
8921
- // Special cases to convert value to readable data.
8922
- if ($attr == 'resource_path' && $data_set[$keyname] == '/') {
8923
- $data_set[$keyname] = '/ (root of the website)';
8924
- } elseif ($attr == 'http_referer' && $data_set[$keyname] == '-') {
8925
- $data_set[$keyname] = '- (no referer)';
8926
- } elseif ($attr == 'request_country_name' && $data_set[$keyname] == '') {
8927
- $data_set[$keyname] = 'Anonymous';
8928
}
8929
- }
8930
8931
- $output .= SucuriScanTemplate::getSnippet('firewall-auditlogs', $data_set);
8932
- $counter++;
8933
}
8934
}
8935
@@ -9027,13 +9037,13 @@ function sucuriscan_firewall_clearcache($nonce)
9027
$response = SucuriScanAPI::clearCloudproxyCache();
9028
9029
if ($response) {
9030
- if (isset($response->messages[0])) {
9031
// Clear W3 Total Cache if it is installed.
9032
if (function_exists('w3tc_flush_all')) {
9033
w3tc_flush_all();
9034
}
9035
9036
- SucuriScanInterface::info($response->messages[0]);
9037
} else {
9038
SucuriScanInterface::error('Could not clear the cache of your site, try later again.');
9039
}
@@ -10884,19 +10894,19 @@ function sucuriscan_ignore_integrity_filepath($file_path = '')
10884
$ignore_files = array(
10885
'^sucuri-[0-9a-z\-]+\.php#x27;,
10886
'^\S+-sucuri-db-dump-gzip-[0-9]{10}-[0-9a-z]{32}\.gz#x27;,
10887
- '^favicon\.ico#x27;,
10888
'^php\.ini#x27;,
10889
- '^\.htaccess#x27;,
10890
'^wp-includes\/\.htaccess#x27;,
10891
'^wp-admin\/setup-config\.php#x27;,
10892
'^wp-(config|pass|rss|feed|register|atom|commentsrss2|rss2|rdf)\.php#x27;,
10893
'^wp-content\/(themes|plugins)\/.+', // TODO: Add the popular themes/plugins integrity checks.
10894
'^sitemap\.xml($|\.gz)#x27;,
10895
- '^readme\.html#x27;,
10896
'^(503|404)\.php#x27;,
10897
'^500\.(shtml|php)#x27;,
10898
'^40[0-9]\.shtml#x27;,
10899
- '^([^\/]*)\.(pdf|css|txt)#x27;,
10900
'^google[0-9a-z]{16}\.html#x27;,
10901
'^pinterest-[0-9a-z]{5}\.html#x27;,
10902
'(^|\/)error_log#x27;,
@@ -14071,8 +14081,11 @@ function sucuriscan_settings_alert_events($nonce)
14071
14072
// Check that the option value was actually changed.
14073
if ($current_value !== $option_value) {
14074
- SucuriScanOption::update_option($alert_type, $option_value);
14075
- $ucounter += 1;
14076
}
14077
}
14078
}
4
Plugin URI: https://wordpress.sucuri.net/
5
Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
+ Version: 1.8.1
8
Author URI: https://sucuri.net
9
*/
10
65
/**
66
* Current version of the plugin's code.
67
*/
68
+ define('SUCURISCAN_VERSION', '1.8.1');
69
70
/**
71
* The name of the Sucuri plugin main file.
2946
'sucuriscan_notify_plugin_installed' => 'disabled',
2947
'sucuriscan_notify_plugin_updated' => 'disabled',
2948
'sucuriscan_notify_post_publication' => 'enabled',
2949
+ 'sucuriscan_notify_scan_checksums' => 'disabled',
2950
'sucuriscan_notify_settings_updated' => 'disabled',
2951
'sucuriscan_notify_success_login' => 'enabled',
2952
'sucuriscan_notify_theme_activated' => 'disabled',
2979
'sucuriscan_xhr_monitor' => 'disabled',
2980
);
2981
2982
+ $fpath = self::optionsFilePath();
2983
+ $defaults['sucuriscan_datastore_path'] = dirname($fpath);
2984
+
2985
return $defaults;
2986
}
2987
6197
$response = self::apiCallCloudproxy('GET', $params);
6198
6199
if (self::handleResponse($response)) {
6200
+ return $response['output'];
6201
}
6202
6203
return false;
6220
$response = self::apiCallCloudproxy('GET', $params);
6221
6222
if (self::handleResponse($response)) {
6223
+ return $response;
6224
}
6225
6226
return false;
6261
$response = self::apiCallCloudproxy('GET', $params);
6262
6263
if (self::handleResponse($response)) {
6264
+ return $response['output'];
6265
}
6266
6267
return false;
8756
$css_scrollable = count($option_value) > 10 ? 'sucuriscan-list-as-table-scrollable' : '';
8757
$html_list = '<ul class="sucuriscan-list-as-table ' . $css_scrollable . '">';
8758
8759
+ if (!empty($option_value)) {
8760
+ foreach ($option_value as $single_value) {
8761
+ $single_value = SucuriScan::escape($single_value);
8762
+ $html_list .= '<li>' . SucuriScan::escape($single_value) . '</li>';
8763
+ }
8764
+ } else {
8765
+ $html_list .= '<li>(no data available)</li>';
8766
}
8767
8768
$html_list .= '</ul>';
8909
$counter = 0;
8910
8911
foreach ($entries as $entry) {
8912
+ if (array_key_exists('is_usable', $entry) && $entry['is_usable']) {
8913
+ $data_set = array();
8914
+ $data_set['AccessLog.CssClass'] = ($counter % 2 == 0) ? '' : 'alternate';
8915
+
8916
+ foreach ($attributes as $attr) {
8917
+ // Generate variable name for the template pseudo-tags.
8918
+ $keyname = str_replace('_', "\x20", $attr);
8919
+ $keyname = ucwords($keyname);
8920
+ $keyname = str_replace("\x20", '', $keyname);
8921
+ $keyname = 'AccessLog.' . $keyname;
8922
+
8923
+ // Assign and escape variable value before rendering.
8924
+ if (array_key_exists($attr, $entry)) {
8925
+ $data_set[$keyname] = $entry[$attr];
8926
+ } else {
8927
+ $data_set[$keyname] = '';
8928
+ }
8929
8930
+ // Special cases to convert value to readable data.
8931
+ if ($attr == 'resource_path' && $data_set[$keyname] == '/') {
8932
+ $data_set[$keyname] = '/ (root of the website)';
8933
+ } elseif ($attr == 'http_referer' && $data_set[$keyname] == '-') {
8934
+ $data_set[$keyname] = '- (no referer)';
8935
+ } elseif ($attr == 'request_country_name' && $data_set[$keyname] == '') {
8936
+ $data_set[$keyname] = 'Anonymous';
8937
+ }
8938
}
8939
8940
+ $output .= SucuriScanTemplate::getSnippet('firewall-auditlogs', $data_set);
8941
+ $counter++;
8942
+ }
8943
}
8944
}
8945
9037
$response = SucuriScanAPI::clearCloudproxyCache();
9038
9039
if ($response) {
9040
+ if (isset($response['messages'][0])) {
9041
// Clear W3 Total Cache if it is installed.
9042
if (function_exists('w3tc_flush_all')) {
9043
w3tc_flush_all();
9044
}
9045
9046
+ SucuriScanInterface::info($response['messages'][0]);
9047
} else {
9048
SucuriScanInterface::error('Could not clear the cache of your site, try later again.');
9049
}
10894
$ignore_files = array(
10895
'^sucuri-[0-9a-z\-]+\.php#x27;,
10896
'^\S+-sucuri-db-dump-gzip-[0-9]{10}-[0-9a-z]{32}\.gz#x27;,
10897
+ '\.ico#x27;,
10898
'^php\.ini#x27;,
10899
+ '^\.(htaccess|htpasswd|ftpquota)#x27;,
10900
'^wp-includes\/\.htaccess#x27;,
10901
'^wp-admin\/setup-config\.php#x27;,
10902
'^wp-(config|pass|rss|feed|register|atom|commentsrss2|rss2|rdf)\.php#x27;,
10903
'^wp-content\/(themes|plugins)\/.+', // TODO: Add the popular themes/plugins integrity checks.
10904
'^sitemap\.xml($|\.gz)#x27;,
10905
+ '^readme(\.[a-z0-9]{32})?\.html#x27;,
10906
'^(503|404)\.php#x27;,
10907
'^500\.(shtml|php)#x27;,
10908
'^40[0-9]\.shtml#x27;,
10909
+ '^([^\/]*)\.(pdf|css|txt|jpg|gif|png|jpeg)#x27;,
10910
'^google[0-9a-z]{16}\.html#x27;,
10911
'^pinterest-[0-9a-z]{5}\.html#x27;,
10912
'(^|\/)error_log#x27;,
14081
14082
// Check that the option value was actually changed.
14083
if ($current_value !== $option_value) {
14084
+ $written = SucuriScanOption::update_option($alert_type, $option_value);
14085
+
14086
+ if ($written === true) {
14087
+ $ucounter += 1;
14088
+ }
14089
}
14090
}
14091
}