Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.14

Version Description

This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.

=

Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.14
Comparing to
See all releases

Code changes from version 1.8.13 to 1.8.14

Files changed (5) hide show
  1. readme.txt +5 -2
  2. src/globals.php +3 -0
  3. src/hook.lib.php +93 -0
  4. src/option.lib.php +1 -1
  5. sucuri.php +2 -2
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate Link: https://sucuri.net/
4
  Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, WordPress Security, Login Security, Security Auditing, File Integrity, htaccess, phishing, backdoors, SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Security, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
  Requires at least: 3.6
6
  Tested up to: 4.9.4
7
- Stable tag: 1.8.13
8
 
9
  The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
 
@@ -181,11 +181,14 @@ No, it is not required. The Website Firewall runs in the cloud without the need
181
 
182
  == Upgrade Notice ==
183
 
184
- = 1.8.13 =
185
  This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.
186
 
187
  == Changelog ==
188
 
 
 
 
189
  = 1.8.13 =
190
  * Add new version of the GPL v2 license file
191
  * Remove unused option to reduce number of failed logins
4
  Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, WordPress Security, Login Security, Security Auditing, File Integrity, htaccess, phishing, backdoors, SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Security, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
  Requires at least: 3.6
6
  Tested up to: 4.9.4
7
+ Stable tag: 1.8.14
8
 
9
  The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
 
181
 
182
  == Upgrade Notice ==
183
 
184
+ = 1.8.14 =
185
  This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.
186
 
187
  == Changelog ==
188
 
189
+ = 1.8.14 =
190
+ * Add filter to allow automatic configuration of the settings
191
+
192
  = 1.8.13 =
193
  * Add new version of the GPL v2 license file
194
  * Remove unused option to reduce number of failed logins
src/globals.php CHANGED
@@ -142,6 +142,7 @@ if (defined('SUCURISCAN')) {
142
  add_action('activated_plugin', 'SucuriScanHook::hookPluginActivate', 50, 2);
143
  add_action('add_attachment', 'SucuriScanHook::hookAttachmentAdd', 50, 5);
144
  add_action('add_link', 'SucuriScanHook::hookLinkAdd', 50, 5);
 
145
  add_action('before_delete_post', 'SucuriScanHook::hookPostBeforeDelete', 50, 5);
146
  add_action('create_category', 'SucuriScanHook::hookCategoryCreate', 50, 5);
147
  add_action('deactivated_plugin', 'SucuriScanHook::hookPluginDeactivate', 50, 2);
@@ -149,9 +150,11 @@ if (defined('SUCURISCAN')) {
149
  add_action('delete_user', 'SucuriScanHook::hookUserDelete', 50, 5);
150
  add_action('edit_link', 'SucuriScanHook::hookLinkEdit', 50, 5);
151
  add_action('login_form_resetpass', 'SucuriScanHook::hookLoginFormResetpass', 50, 5);
 
152
  add_action('publish_page', 'SucuriScanHook::hookPublishPage', 50, 5);
153
  add_action('publish_phone', 'SucuriScanHook::hookPublishPhone', 50, 5);
154
  add_action('publish_post', 'SucuriScanHook::hookPublishPost', 50, 5);
 
155
  add_action('retrieve_password', 'SucuriScanHook::hookRetrievePassword', 50, 5);
156
  add_action('switch_theme', 'SucuriScanHook::hookThemeSwitch', 50, 5);
157
  add_action('transition_post_status', 'SucuriScanHook::hookPostStatus', 50, 3);
142
  add_action('activated_plugin', 'SucuriScanHook::hookPluginActivate', 50, 2);
143
  add_action('add_attachment', 'SucuriScanHook::hookAttachmentAdd', 50, 5);
144
  add_action('add_link', 'SucuriScanHook::hookLinkAdd', 50, 5);
145
+ add_action('add_user_to_blog', 'SucuriScanHook::hookAddUserToBlog', 50, 4);
146
  add_action('before_delete_post', 'SucuriScanHook::hookPostBeforeDelete', 50, 5);
147
  add_action('create_category', 'SucuriScanHook::hookCategoryCreate', 50, 5);
148
  add_action('deactivated_plugin', 'SucuriScanHook::hookPluginDeactivate', 50, 2);
150
  add_action('delete_user', 'SucuriScanHook::hookUserDelete', 50, 5);
151
  add_action('edit_link', 'SucuriScanHook::hookLinkEdit', 50, 5);
152
  add_action('login_form_resetpass', 'SucuriScanHook::hookLoginFormResetpass', 50, 5);
153
+ add_action('profile_update','SucuriScanHook::hookProfileUpdate', 50, 5);
154
  add_action('publish_page', 'SucuriScanHook::hookPublishPage', 50, 5);
155
  add_action('publish_phone', 'SucuriScanHook::hookPublishPhone', 50, 5);
156
  add_action('publish_post', 'SucuriScanHook::hookPublishPost', 50, 5);
157
+ add_action('remove_user_from_blog', 'SucuriScanHook::hookRemoveUserFromBlog', 50, 2);
158
  add_action('retrieve_password', 'SucuriScanHook::hookRetrievePassword', 50, 5);
159
  add_action('switch_theme', 'SucuriScanHook::hookThemeSwitch', 50, 5);
160
  add_action('transition_post_status', 'SucuriScanHook::hookPostStatus', 50, 3);
src/hook.lib.php CHANGED
@@ -69,6 +69,59 @@ class SucuriScanHook extends SucuriScanEvent
69
  self::reportNoticeEvent($message);
70
  self::notifyEvent('post_publication', $message);
71
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
72
 
73
  /**
74
  * Send an alert notifying that a category was created.
@@ -938,6 +991,46 @@ class SucuriScanHook extends SucuriScanEvent
938
  self::reportWarningEvent('User account deleted; ID: ' . $id);
939
  }
940
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
941
  /**
942
  * Send an alert notifying that a new user account was created.
943
  *
69
  self::reportNoticeEvent($message);
70
  self::notifyEvent('post_publication', $message);
71
  }
72
+
73
+ /**
74
+ * Send and alert notifying that a user was added to a blog.
75
+ *
76
+ * @param int $user_id User ID.
77
+ * @param string $role User role.
78
+ * @param int $blog_id Blog ID.
79
+ */
80
+ public static function hookAddUserToBlog($user_id, $role, $blog_id)
81
+ {
82
+ $title = 'unknown';
83
+ $email = 'user@domain.com';
84
+ $data = get_userdata($user_id);
85
+
86
+ if ($data) {
87
+ $title = $data->user_login;
88
+ $email = $data->user_email;
89
+ }
90
+
91
+ $message = sprintf('User added to website; user_id: %s; role: %s; blog_id: %s; name: %s; email: %s',
92
+ $user_id,
93
+ $role,
94
+ $blog_id,
95
+ $title,
96
+ $email
97
+ );
98
+ self::reportWarningEvent($message);
99
+ }
100
+
101
+ /**
102
+ * Send and alert notifying that a user was removed from a blog.
103
+ *
104
+ * @param int $user_id User ID.
105
+ * @param int $blog_id Blog ID.
106
+ */
107
+ public static function hookRemoveUserFromBlog($user_id, $blog_id) {
108
+ $title = 'unknown';
109
+ $email = 'user@domain.com';
110
+ $data = get_userdata($user_id);
111
+
112
+ if ($data) {
113
+ $title = $data->user_login;
114
+ $email = $data->user_email;
115
+ }
116
+
117
+ $message = sprintf('User removed from website; user_id: %s; blog_id: %s; name: %s; email: %s',
118
+ $user_id,
119
+ $blog_id,
120
+ $title,
121
+ $email
122
+ );
123
+ self::reportWarningEvent($message);
124
+ }
125
 
126
  /**
127
  * Send an alert notifying that a category was created.
991
  self::reportWarningEvent('User account deleted; ID: ' . $id);
992
  }
993
 
994
+ /**
995
+ * Send an alert notifying that a user was edited.
996
+ * @param int $id The identifier of the edited user account
997
+ * @param object $old_user_data Object containing user's data prior to update.
998
+ */
999
+ public static function hookProfileUpdate($id = 0, $old_user_data)
1000
+ {
1001
+ $title = 'unknown';
1002
+ $email = 'user@domain.com';
1003
+ $roles = 'none';
1004
+ $data = get_userdata($id);
1005
+
1006
+ if ($data) {
1007
+ $title = $data->user_login;
1008
+ $email = $data->user_email;
1009
+ $roles = @implode(', ', $data->roles);
1010
+ }
1011
+
1012
+ $old_title = 'unknown';
1013
+ $old_email = 'user@domain.com';
1014
+ $old_roles = 'none';
1015
+
1016
+ if($old_user_data) {
1017
+ $old_title = $old_user_data->user_login;
1018
+ $old_email = $old_user_data->user_email;
1019
+ $old_roles = @implode(', ', $old_user_data->roles);
1020
+ }
1021
+
1022
+ $message = sprintf('User account edited; ID: %s; name: %s; old_name: %s; email: %s; old_email: %s; roles: %s; old_roles: %s',
1023
+ $id,
1024
+ $title,
1025
+ $old_title,
1026
+ $email,
1027
+ $old_email,
1028
+ $roles,
1029
+ $old_roles
1030
+ );
1031
+ self::reportWarningEvent($message);
1032
+ }
1033
+
1034
  /**
1035
  * Send an alert notifying that a new user account was created.
1036
  *
src/option.lib.php CHANGED
@@ -114,7 +114,7 @@ class SucuriScanOption extends SucuriScanRequest
114
  'sucuriscan_use_wpmail' => 'enabled',
115
  );
116
 
117
- return $defaults;
118
  }
119
 
120
  /**
114
  'sucuriscan_use_wpmail' => 'enabled',
115
  );
116
 
117
+ return (array) apply_filters('sucuriscan_option_defaults', $defaults);
118
  }
119
 
120
  /**
sucuri.php CHANGED
@@ -6,7 +6,7 @@
6
  * Plugin URI: https://wordpress.sucuri.net/
7
  * Author URI: https://sucuri.net/
8
  * Author: Sucuri Inc.
9
- * Version: 1.8.13
10
  *
11
  * PHP version 5
12
  *
@@ -83,7 +83,7 @@ define('SUCURISCAN', 'sucuriscan');
83
  /**
84
  * Current version of the plugin's code.
85
  */
86
- define('SUCURISCAN_VERSION', '1.8.13');
87
 
88
  /**
89
  * Defines the human readable name of the plugin.
6
  * Plugin URI: https://wordpress.sucuri.net/
7
  * Author URI: https://sucuri.net/
8
  * Author: Sucuri Inc.
9
+ * Version: 1.8.14
10
  *
11
  * PHP version 5
12
  *
83
  /**
84
  * Current version of the plugin's code.
85
  */
86
+ define('SUCURISCAN_VERSION', '1.8.14');
87
 
88
  /**
89
  * Defines the human readable name of the plugin.